<?php
mysqli_report(MYSQLI_REPORT_OFF);
$home=getenv('HOME');
$files=glob("$home/*/wp-config.php") ?: [];
foreach($files as $wc){
  $site=basename(dirname($wc));
  $c=@file_get_contents($wc);
  if($c===false){echo "  [$site] wp-config illisible\n";continue;}
  $g=function($k)use($c){return preg_match("/define\(\s*['\"]".$k."['\"]\s*,\s*['\"]([^'\"]*)/",$c,$m)?$m[1]:'';};
  $p=preg_match('/\$table_prefix\s*=\s*[\'"]([^\'"]+)[\'"]/',$c,$m)?$m[1]:'wp_';
  $hp=explode(':',$g('DB_HOST'));
  $db=@mysqli_connect($hp[0],$g('DB_USER'),$g('DB_PASSWORD'),$g('DB_NAME'),isset($hp[1])?(int)$hp[1]:3306);
  if(!$db){echo "  [$site] DB KO\n";continue;}
  $out="  [$site]";
  $r=mysqli_query($db,"SELECT user_login FROM {$p}users WHERE user_login IN ('uredik','xshikata')");
  $mal=[];while($r&&($x=mysqli_fetch_row($r)))$mal[]=$x[0];
  if($mal){$out.=" MALWARE-ADMIN[".implode(',',$mal)."]!!";}
  $r=mysqli_query($db,"SELECT u.user_login,u.user_email FROM {$p}users u JOIN {$p}usermeta m ON m.user_id=u.ID WHERE m.meta_key='{$p}capabilities' AND m.meta_value LIKE '%administrator%'");
  $adm=[];$susp=[];
  while($r&&($x=mysqli_fetch_row($r))){
    $login=$x[0];$em=$x[1];
    $keep = (stripos($em,'@mareputationenligne.fr')!==false) || preg_match('/mrel/i',$login) || (stripos($em,'@hulsia.com')!==false) || preg_match('/aina/i',$login);
    $tag=$login.($em==''?'(EMAIL-VIDE)':'');
    $adm[]=$tag;
    if(!$keep)$susp[]=$tag;
  }
  $out.=" admins=".count($adm)."[".implode(',',$adm)."]";
  if($susp)$out.=" A-VERIFIER:[".implode(',',$susp)."]";
  $r=mysqli_query($db,"SELECT option_value FROM {$p}options WHERE option_name='active_plugins'");
  if($r&&($row=mysqli_fetch_row($r))){
    $a=@unserialize($row[0]);$n=is_array($a)?count($a):0;$out.=" plugins=$n";
    if($n===0)$out.=" PLUGINS-VIDE!!";
    if(strpos($row[0],'cache1.php')!==false)$out.=" CACHE1-ACTIF!!";
    if(strpos($row[0],'wp-file-manager/')!==false)$out.=" FM-ACTIF!!";
  }
  echo $out."\n";
  mysqli_close($db);
}
echo "  --- sites scannes: ".count($files)." ---\n";
