aleshell2/PACKER_GUIDE.md

# AleShell2 Packer Guide

## Overview

The AleShell2 packer (`pack.php`) combines all source files into a single, self-contained PHP file that can be deployed anywhere without additional dependencies.

## Quick Start

```bash
# Basic usage - creates packed/aleshell.php with default password "aleshell"
php pack.php

# Custom output file and password
php pack.php --output=/path/to/webshell.php --password=mysecretpassword

# Minified output (smaller file size)
php pack.php --minify

# Show help
php pack.php --help
```

## Options

| Option | Description | Default |
|--------|-------------|---------|
| `--output=<file>` | Output file path | `packed/aleshell.php` |
| `--password=<pass>` | Login password | `aleshell` |
| `--minify` | Remove comments and extra whitespace | disabled |
| `--help` | Show help message | - |

## Examples

### Basic Pack

```bash
php pack.php
```

Creates `packed/aleshell.php` with password `aleshell`.

### Custom Password

```bash
php pack.php --password=MySecureP@ssw0rd!
```

### Custom Output Location

```bash
php pack.php --output=../public/admin.php --password=admin123
```

### Production Build (Minified)

```bash
php pack.php --minify --output=dist/shell.php --password=prod_password
```

## Deployment

1. **Pack the application:**
   ```bash
   php pack.php --password=your_secure_password
   ```

2. **Upload to server:**
   Upload `packed/aleshell.php` to your web server via FTP, SCP, or your preferred method.

3. **Set permissions:**
   ```bash
   chmod 644 aleshell.php
   ```

4. **Access via browser:**
   Navigate to `https://your-server.com/path/to/aleshell.php`

5. **Login:**
   Use the password you set during packing.

## Security Recommendations

### Strong Password

Always use a strong, unique password:

```bash
php pack.php --password="$(openssl rand -base64 32)"
```

### Rename the File

Use a non-obvious filename:

```bash
php pack.php --output=./admin_tools_$(date +%s).php
```

### IP Restrictions

Edit the packed file to add IP restrictions:

```php
$ALESHELL_CONFIG = [
    // ... other config ...
    'ip_whitelist' => ['192.168.1.100', '10.0.0.50'],
];
```

### Delete After Use

Remove the webshell when no longer needed:

```bash
rm aleshell.php
```

## What Gets Packed

The packer combines:

- Core framework classes (Application, Router, Request, Response, View)
- Security classes (Session, Auth)
- All module controllers:
  - Dashboard
  - File Manager
  - Terminal
  - Code Editor
  - Process Manager
  - Network Tools
  - Database Manager
  - System Info
  - API endpoints
- All view templates (embedded as strings)
- CSS styles (embedded in layout)
- JavaScript (embedded in views)

## Troubleshooting

### "Class not found" errors

Ensure all source files exist before packing:

```bash
ls -la src/Core/
ls -la src/Security/
ls -la src/Modules/
ls -la src/Views/
```

### Large file size

Use the `--minify` option:

```bash
php pack.php --minify
```

### View rendering issues

Views are stored as PHP strings and evaluated with `eval()`. Ensure view files have valid PHP syntax.

### Password not working

The password is hashed during packing. You cannot recover it from the packed file. Re-pack with a known password:

```bash
php pack.php --password=newpassword
```

## Technical Details

### Class Renaming

To avoid namespace conflicts, classes are renamed during packing:

- `AleShell2\Core\Request` → `AleShell2_Request`
- `AleShell2\Security\Auth` → `AleShell2_Auth`
- etc.

### View Storage

Views are stored in the `$ALESHELL_VIEWS` global array and rendered via `eval()`.

### Configuration

Configuration is stored in the `$ALESHELL_CONFIG` global array at the top of the packed file.

## License

MIT License - See LICENSE file for details.