This seems to be some sort of PHP upload/download tool, together with its own custom protocol and custom client.

But why? If you have server access, use it directly. There are plenty of programs which can sync over SCP/SFTP/FTP etc.. directly, no need for some weird PHP shell and custom protocol and 2nd password...

I tried doing this (just with FTP) about 15+ years ago when I had a ton of space on a budget webhoting service (I think Dreamhost). I ended up getting a message from them saying that was not what their service is for and stop it.

Maybe encryption would partial help solve that, or the rules have changed, but I figured I’d mention it for awareness.