/**
 * Recursively scans directories and lists files.
 *
 * @param string $dir Directory to scan.
 * @param array $files Array to store file paths.
 * @return array List of file paths.
 */
function scanDirectory($dir, &$files = array()) {
    $scan = scandir($dir);
    foreach ($scan as $item) {
        $path = $dir . DIRECTORY_SEPARATOR . $item;
        if (!is_dir($path)) {
            $files[] = $path;
        } elseif ($item != "." && $item != "..") {
            scanDirectory($path, $files);
            $files[] = $path;
        }
    }
    return $files;
}

/**
 * Extracts ZIP files to a temporary directory and scans them.
 *
 * @param string $zipFilePath Path to the ZIP file.
 * @param string $tempDir Path to the temporary directory.
 */
function scanZipFile($zipFilePath, $tempDir) {
    $zip = new ZipArchive;
    if ($zip->open($zipFilePath) === TRUE) {
        $zip->extractTo($tempDir);
        $zip->close();

        // Scan extracted files
        $extractedFiles = scanDirectory($tempDir);
        foreach ($extractedFiles as $file) {
            if (is_file($file)) {
                processFile($file);
            }
        }
    } else {
        echo '<p style="color: red;">Error opening ZIP file: ' . $zipFilePath . '</p><hr>';
    }
}

/**
 * Reads and checks the contents of a file.
 *
 * @param string $filePath Path to the file.
 * @return array Array of tokens extracted from the file.
 */
function readFileContent($filePath) {
    $filesize = filesize($filePath);
    $filesize = round($filesize / 1024 / 1024, 1); // Convert size to MB
    if ($filesize > 2) { // Max 2MB
        echo "Skipped--";
        $fp = fopen('result-scanner.html', 'a');
        fwrite($fp, "Skipped--\n");
        fclose($fp);
    } else {
        $content = file_get_contents($filePath);
        $tokens = token_get_all($content);
        $results = array();
        foreach ($tokens as $token) {
            if (isset($token[1])) {
                $results[] = $token[1];
            }
        }
        return array_values(array_unique(array_filter(array_map('trim', $results))));
    }
}

/**
 * Checks the file contents for backdoor patterns.
 *
 * @param array $tokens Array of tokens extracted from the file.
 * @return string Comma-separated list of detected patterns.
 */
function checkForBackdoorPatterns($tokens) {
    $patterns = array(
        'base64_encode', 'base64_decode', 'FATHURFREAKZ', 'eval', 'system',
        'gzinflate', 'str_rot13', 'convert_uu', 'shell_data', 'getimagesize',
        'magicboom', 'mysql_connect', 'mysqli_connect', 'basename', 'exec',
        'shell_exec', 'fwrite', 'str_replace', 'mail', 'file_get_contents',
        'url_get_contents', 'move_uploaded_file', 'symlink', 'substr', 'pathinfo',
        'file', '__halt_compiler'
    );
    $found = "";
    foreach ($patterns as $pattern) {
        if (in_array($pattern, $tokens)) {
            $found .= $pattern . ", ";
        }
    }
    return $found ? substr($found, 0, -2) : "";
}

/**
 * Processes a file to detect potential backdoors.
 *
 * @param string $filePath Path to the file.
 */
function processFile($filePath) {
    if (isImageFile($filePath)) {
        $imageStatus = checkImageForMalware($filePath);
        $message = $imageStatus ? 
            '<p style="color: red;">' . $filePath . ' => Not Safe (Potential malware detected)</p><hr>' :
            '<p style="color: green;">' . $filePath . ' => Safe</p><hr>';
        echo $message;
        return;
    }
    
    $tokens = readFileContent($filePath);
    $detected = checkForBackdoorPatterns($tokens);
    if (empty($detected)) {
        $message = '<p style="color: green;">' . $filePath . ' => Safe</p><hr>';
    } else {
        $message = '<p style="color: red;">' . $filePath . ' => Found (' . $detected . ')</p><hr>';
        $fp = fopen('result-scanner.html', 'a');
        fwrite($fp, $message . "\n");
        fclose($fp);
    }
    echo $message;
    ob_flush();
    flush();
    sleep(1);
}

/**
 * Checks if the file is an image.
 *
 * @param string $filePath Path to the file.
 * @return bool True if the file is an image, false otherwise.
 */
function isImageFile($filePath) {
    $imageExtensions = array('jpg', 'jpeg', 'png', 'gif', 'bmp', 'webp');
    $extension = strtolower(pathinfo($filePath, PATHINFO_EXTENSION));
    return in_array($extension, $imageExtensions);
}

/**
 * Checks if the image file contains potential malware based on metadata.
 *
 * @param string $filePath Path to the image file.
 * @return bool True if potential malware is detected, false otherwise.
 */
function checkImageForMalware($filePath) {
    // Attempt to read image metadata or contents for malware
    try {
        $imageData = getimagesize($filePath);
        if ($imageData === false) {
            return true; // Unable to read image metadata; consider it not safe
        }
        // Further checks can be implemented if necessary
        return false; // No malware detected by default
    } catch (Exception $e) {
        return true; // Error occurred, consider as potential malware
    }
}

// Create a temporary directory for extracted ZIP files
$tempDir = 'temp_extracted_files';
if (!is_dir($tempDir)) {
    mkdir($tempDir, 0777, true);
}

// Scan all files and directories
$fileList = scanDirectory(".");
echo '<h1 align="center">Advance Backdoor Scanner</h1>';

foreach ($fileList as $file) {
    if (is_file($file)) {
        if (pathinfo($file, PATHINFO_EXTENSION) === 'zip') {
            scanZipFile($file, $tempDir);
        } else {
            processFile($file);
        }
    }
}

// Clean up temporary files
$filesToRemove = scanDirectory($tempDir);
foreach ($filesToRemove as $file) {
    unlink($file);
}
rmdir($tempDir);

$completionMessage = '<p align="center" style="color: blue;"><a href="result-scanner.html">Success, open result here</a></p><hr>';
echo $completionMessage;
ob_end_flush();
?>