<?php
$hit_time = time();

$remote = NULL;
$output_file = NULL;

$remote = $_SERVER['REMOTE_ADDR'] . (isset($_SERVER['UNIQUE_ID'])? $_SERVER['UNIQUE_ID']: $_SERVER['REQUEST_TIME']);

$output_file = sys_get_temp_dir().'/'.$remote.'.wp-login.scans';

if (file_exists($output_file)) {
    // Find another name for the last file full of
    // stuff from this particular IP address.
    $cnt = 0;
    $new_file_name = $output_file . '.' . $cnt;
    while (file_exists($new_file_name)) {
        ++$cnt;
        $new_file_name = $output_file . '.' . $cnt;
    }
    // XXX - there's probably opportunity for a race here.
    // Hopefully the scanners work sequentially, rather than
    // in parallel.
    rename($output_file, $new_file_name);
}
// This is more for humans who read the file than for automatic
// logging of host OS.
if (file_exists("/var/log/p0f.log")) {
    $p0f_guess = shell_exec("tail -5 /var/log/p0f.log");
    if (!file_put_contents($output_file, $p0f_guess, FILE_APPEND)) {
        error_log("Failed to append p0f guess to " . $output_file . "\n");
    }
}

file_put_contents($output_file, "\n_SERVER\n", FILE_APPEND);
file_put_contents($output_file, print_r($_SERVER, TRUE), FILE_APPEND);
file_put_contents($output_file, "\n_REQUEST\n", FILE_APPEND);
file_put_contents($output_file, print_r($_REQUEST, TRUE), FILE_APPEND);
file_put_contents($output_file, "\n_COOKIE\n ", FILE_APPEND);
file_put_contents($output_file, print_r($_COOKIE, TRUE), FILE_APPEND);

if (isset($_FILES)) {
    file_put_contents($output_file, "\n_FILES\n ", FILE_APPEND);
    foreach ($_FILES as $fnm => $ary) {
        file_put_contents($output_file, "\nUPLOADED FILE $fnm\n ", FILE_APPEND);
        file_put_contents($output_file, print_r($ary, TRUE), FILE_APPEND);
        file_put_contents($output_file, "\nEND UPLOADED FILE $fnm\n ", FILE_APPEND);

        if ($ary['error'] > 0)
            file_put_contents($output_file, "Problem with $fnm: ".$ary['error']."\n", FILE_APPEND);
        else
            rename($ary["tmp_name"], '/tmp/'.$remote.'file');
    }
    file_put_contents($output_file, "\nEND _FILES\n ", FILE_APPEND);
}

# Figure out "where" wp-login.php is in the URL name space.
$my_uri = $_SERVER['REQUEST_URI'];
file_put_contents($output_file, "my_uri = ".$my_uri."\n", FILE_APPEND);
$blog_path = dirname($my_uri);
file_put_contents($output_file, "blog_path = ".$blog_path."\n", FILE_APPEND);

if ($blog_path == '/') $blog_path = '';
$my_blog = 'http://'.$_SERVER['HTTP_HOST'].$blog_path;
file_put_contents($output_file, "my_blog = ".$my_blog."\n", FILE_APPEND);

if (isset($_REQUEST["log"]) && isset($_REQUEST["pwd"])) {
    file_put_contents($output_file, "Trying to redirect\n", FILE_APPEND);

    $log = $_REQUEST['log'];
    $pwd = $_REQUEST['pwd'];

    if (isset($_REQUEST['redirect_to'])) {
        $wp_admin = $_REQUEST['redirect_to'];
    } else {
        $wp_admin = $my_blog.'/wp-admin/';
    }
    file_put_contents($output_file, "wp_admin = ".$wp_admin."\n", FILE_APPEND);

    # Set reasonably life-like cookies
    # bool setcookie ( string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )

    $gibberish = 'd'.$_SERVER['REQUEST_TIME'].'fuck';

    #Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/blog/
    setcookie("wordpress_test_cookie", "WP Cookie check", 0, $blog_path);

    #Set-Cookie: wordpress_d23cdc2cc5dd18709e8feb86452d865b=flawmaster%7C1367772732%7Cb3db15ed23e99ec0c828a3f37c93717d; expires=Sun, 05-May-2013 16:52:12 GMT; path=/blog/wp-content/plugins; httponly
    $cookie_name1 = "wordpress_".$gibberish;
    $cookie_value1 = $log.$gibberish;
    file_put_contents($output_file, "set cookie ".$cookie_name1.'='.$cookie_value1."\n", FILE_APPEND);
    setcookie($cookie_name1, $cookie_value1, 0, $blog_path."/wp-content/plugins", NULL, false, true);
    setcookie($cookie_name1, $cookie_value1, 0, $blog_path."/wp-admin", NULL, false, true);

    #Set-Cookie: wordpress_logged_in_d23cdc2cc5dd18709e8feb86452d865b=flawmaster%7C1367772732%7Cb0efc8f116e443168ef77d2154648582; expires=Sun, 05-May-2013 16:52:12 GMT; path=/blog/; httponly
    $cookie_name2 = "wordpress_logged_in_".$gibberish;
    setcookie($cookie_name2, $cookie_value1, 0, $blog_path.'/', NULL, false, true);
    file_put_contents($output_file, "set cookie ".$cookie_name2.'='.$cookie_value1."\n", FILE_APPEND);

    header("Content-Length: 0");

    # Redirect.
    header("Location: ".$wp_admin, true, 302);

    exit;
} else {
    #Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/blog/
    setcookie("wordpress_test_cookie", "WP Cookie check", 0, $blog_path);
}
if (isset($_REQUEST['action'])) {
    file_put_contents($output_file, "action set.\n", FILE_APPEND);
    $action = $_REQUEST['action'];
    if ($action == 'register') {
        file_put_contents($output_file, "action set to register.\n", FILE_APPEND);
        if (isset($_REQUEST['user_login']) && isset($_REQUEST['user_email'])) {
            file_put_contents($output_file, "action set to register, user_login, user_email set, redirecting.\n", FILE_APPEND);
            header('Location: '.$my_blog.'/wp-login.php?checkemail=registered', TRUE, 302);
        } else {
            file_put_contents($output_file, "action set to register, user_login, user_email NOT set.\n", FILE_APPEND);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
    <title>Totally Baked &rsaquo; Registration Form</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel='stylesheet' id='login-css'  href='<?php echo $my_blog; ?>/wp-admin/css/login.css?ver=20091010' type='text/css' media='all' />
<link rel='stylesheet' id='colors-fresh-css'  href='<?php echo $my_blog; ?>/wp-admin/css/colors-fresh.css?ver=20091217' type='text/css' media='all' />
<meta name='robots' content='noindex,nofollow' />
</head>
<body class="login">

<div id="login"><h1><a href="http://wordpress.org/" title="Powered by WordPress">Totally Baked</a></h1>
<p class="message register">Register For This Site</p>

<form name="registerform" id="registerform" action="<?php echo $my_blog; ?>/wp-login.php?action=register" method="post">
    <p>
        <label>Username<br />
        <input type="text" name="user_login" id="user_login" class="input" value="" size="20" tabindex="10" /></label>
    </p>
    <p>
        <label>E-mail<br />
        <input type="text" name="user_email" id="user_email" class="input" value="" size="25" tabindex="20" /></label>
    </p>
    <p id="reg_passmail">A password will be e-mailed to you.</p>
    <br class="clear" />
    <p class="submit"><input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Register" tabindex="100" /></p>
</form>

<p id="nav">
<a href="<?php echo $my_blog; ?>/wp-login.php">Log in</a> |
<a href="<?php echo $my_blog; ?>/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password?</a>
</p>

</div>

<p id="backtoblog"><a href="<?php echo $my_blog; ?>/" title="Are you lost?">&larr; Back to Totally Baked</a></p>

<script type="text/javascript">
try{document.getElementById('user_login').focus();}catch(e){}
</script>
</body>
</html>
<?php
        }
        exit;
    }
} else if (isset($_REQUEST['checkemail'])) {
    file_put_contents($output_file, "checkemail set.\n", FILE_APPEND);
       if ($_REQUEST['checkemail'] == 'registered') {
        file_put_contents($output_file, "checkemail set to registered.\n", FILE_APPEND);
    
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
    <title>Totally Baked &rsaquo; Log In</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel='stylesheet' id='login-css'  href='<?php echo $my_blog; ?>/wp-admin/css/login.css?ver=20091010' type='text/css' media='all' />
<link rel='stylesheet' id='colors-fresh-css'  href='<?php echo $my_blog; ?>/wp-admin/css/colors-fresh.css?ver=20091217' type='text/css' media='all' />
<meta name='robots' content='noindex,nofollow' />
</head>
<body class="login">

<div id="login"><h1><a href="http://wordpress.org/" title="Powered by WordPress">Totally Baked</a></h1>
<p class="message">    Registration complete. Please check your e-mail.<br />
</p>

<form name="loginform" id="loginform" action="<?php echo $my_blog; ?>/wp-login.php" method="post">
    <p>
        <label>Username<br />
        <input type="text" name="log" id="user_login" class="input" value="" size="20" tabindex="10" /></label>
    </p>
    <p>
        <label>Password<br />
        <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label>
    </p>
    <p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /> Remember Me</label></p>
    <p class="submit">
        <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Log In" tabindex="100" />
        <input type="hidden" name="redirect_to" value="<?php echo $my_blog; ?>/wp-admin/" />
        <input type="hidden" name="testcookie" value="1" />
    </p>
</form>

<p id="nav">
<a href="<?php echo $my_blog; ?>/wp-login.php?action=register">Register</a> |
<a href="<?php echo $my_blog; ?>/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password?</a>
</p>

<p id="backtoblog"><a href="<?php echo $my_blog; ?>/" title="Are you lost?">&larr; Back to Totally Baked</a></p>
</div>

<script type="text/javascript">
setTimeout( function(){ try{
d = document.getElementById('user_pass');
d.value = '';
d.focus();
} catch(e){}
}, 200);
</script>
</body>
</html>
<?php
        exit;
    }
    file_put_contents($output_file, "checkemail set, but not to registered.\n", FILE_APPEND);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
    <title>Totally Baked &rsaquo; Log In</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel='stylesheet' id='login-css'  href='<?php echo $my_blog; ?>/wp-admin/css/login.css?ver=20091010' type='text/css' media='all' />
<link rel='stylesheet' id='colors-fresh-css'  href='<?php echo $my_blog; ?>/wp-admin/css/colors-fresh.css?ver=20091217' type='text/css' media='all' />
<meta name='robots' content='noindex,nofollow' />
</head>
<body class="login">

<div id="login"><h1><a href="http://wordpress.org/" title="Powered by WordPress">Totally Baked</a></h1>

<form name="loginform" id="loginform" action="<?php echo $my_blog; ?>/wp-login.php" method="post">
    <p>
        <label>Username<br />
        <input type="text" name="log" id="user_login" class="input" value="" size="20" tabindex="10" /></label>
    </p>
    <p>
        <label>Password<br />
        <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label>
    </p>
    <p class="forgetmenot"><label><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /> Remember Me</label></p>
    <p class="submit">
        <input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Log In" tabindex="100" />
        <input type="hidden" name="redirect_to" value="<?php echo $my_blog; ?>/wp-admin/" />
        <input type="hidden" name="testcookie" value="1" />
    </p>
</form>

<p id="nav">
<a href="<?php echo $my_blog; ?>/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password?</a>
</p>

<p id="backtoblog"><a href="<?php echo $my_blog; ?>/" title="Are you lost?">&larr; Back to Totally Baked</a></p>
</div>

<script type="text/javascript">
try{document.getElementById('user_login').focus();}catch(e){}
</script>
</body>
</html>