$_SESSION['ERROR'] = "Could not process request.<br>Please try again.";
header('Location: ' . $referrer);
//Redirect to previous page
exit;
}
/* Check if email is valid. This should always be true since it is
validated in our form on this page. */
$email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['ERROR'] = "Invalid email address.<br>Please try again.";
header('Location: ' . $referrer);
//Redirect to previous page
exit;
}
/* Validate reCAPTCHA via our `reCAPTCHA()` function. (see: inc/recaptcha.php) */
if (!reCAPTCHA($_POST['g-recaptcha-response'])) {
$_SESSION['ERROR'] = "Could not validate reCAPTCHA.<br>Please try again.";
header('Location: ' . $referrer);
//Redirect to previous page
exit;
}
/* Save our remaining POST input. (Sanitizing is not needed at this point because it will be sent as plaintext.) */
$name = $_POST['name'];
$subject = $_POST['subject'];
$message = $_POST['message'];
/* Email-related variables. */
$to = "*****@*****.**";
$from = "*****@*****.**";
$subject = "CSUClicker: {$subject}";
$message = "From: {$name} <{$email}>\r\n" . "Date: " . date('D, j M Y g:i:sa') . "\r\n" . "IP: " . $_SERVER['REMOTE_ADDR'] . "\r\n\r\n" . "Subject: {$subject}\r\n" . "Message: {$message}\r\n\r\n" . "!!DO NOT REPLY TO THIS EMAIL!!";
/* Send email to recipient via our `sendmail()` function. (see: inc/sendmail.php) */
$delk = substr(md5($_REQUEST['delk']), 2, 8);
$key = $_REQUEST['key'];
$HOST = gethostbyaddr($IP = getREMOTE_ADDR());
$idtag = false;
if (preg_match("/^( | |\t)*\$/", $MESSAGE)) {
error("本文がありません!", $FROM, $mail, $HOST, $MESSAGE);
}
if ($key == "" && preg_match("/^( | |\t)*\$/", $subject)) {
error("サブジェクトが存在しません!", $FROM, $mail, $HOST, $MESSAGE);
}
if (!isset($_REQUEST['url']) || isset($_REQUEST['url']) && $_REQUEST['url'] != "") {
error("投稿が禁止されています", $FROM, $mail, $HOST, $MESSAGE);
}
// reCAPTCHA
if (!$key) {
if (reCAPTCHA('スレッド作成', 'スレッド作成のは CAPTCHA 認証が必要です。') === false) {
exit;
}
}
// ホスト、禁止ホスト
$IsBanned = false;
$killip = file("killip.cgi");
$checkTwice = $IP != $HOST;
// 是否需檢查第二次
$killip = explode(',', $killip[0]);
foreach ($killip as $kill) {
$kill = rtrim($kill);
if ($kill) {
$slash = substr_count($kill, '/');
if ($slash == 2) {
// RegExp
function Login($user, $pass)
{
global $cookie, $domain, $referer, $pauth, $default_acc;
$post = array();
$post['LoginForm%5Busername%5D'] = urlencode($user);
$post['LoginForm%5Bpassword%5D'] = urlencode($pass);
$post['LoginForm%5BrememberMe%5D'] = 1;
if (empty($_POST['step']) || !in_array($_POST['step'], array('1', '2'))) {
$page = geturl($domain, 80, '/login.html', $referer, 0, $post, 0, $_GET['proxy'], $pauth);
is_page($page);
$cookie = GetCookiesArr($page);
if (stripos($page, 'The verification code is incorrect.') !== false) {
$data = array();
$data['cookie'] = urlencode(encrypt(CookiesToStr($cookie)));
$data['action'] = 'FORM';
if (!$default_acc) {
$data['A_encrypted'] = 'true';
$data['up_login'] = urlencode(encrypt($user));
// encrypt() will keep this safe.
$data['up_pass'] = urlencode(encrypt($pass));
// And this too.
}
if (preg_match('@https?://(?:[^/]+\\.)?(?:(?:google\\.com/recaptcha/api)|(?:recaptcha\\.net))/(?:(?:challenge)|(?:noscript))\\?k=([\\w\\.\\-]+)@i', $page, $cpid)) {
$data['step'] = '1';
reCAPTCHA($pid[1], $data, 'Login');
} elseif (preg_match('@\\W(auth/captcha\\.html\\?v=\\w+)@i', $page, $cpid)) {
$data['step'] = '2';
$imgReq = geturl($domain, 80, '/' . $cpid[1], $referer, $cookie, 0, 0, $_GET['proxy'], $pauth);
is_page($imgReq);
list($headers, $imgBody) = explode("\r\n\r\n", $imgReq, 2);
unset($imgReq);
if (substr($headers, 9, 3) != '200') {
html_error('Error downloading captcha img.');
}
$mimetype = preg_match('@image/[\\w+]+@', $headers, $mimetype) ? $mimetype[0] : 'image/png';
EnterCaptcha("data:{$mimetype};base64," . base64_encode($imgBody), $data, 20, 'Login');
} else {
html_error('Login CAPTCHA not found.');
}
exit;
}
is_present($page, 'Incorrect username or password', 'Login Failed: Email/Password incorrect.');
is_present($page, 'You logged in from different country IP', 'Login Failed: Your account was locked for security reasons, to unlock your account check your email.');
if (empty($cookie['c903aeaf0da94d1b365099298d28f38f'])) {
html_error('Login Cookie Not Found.');
}
if (empty($cookie['sessid'])) {
html_error('Session Cookie Not Found.');
}
$test = k2s_apireq('test');
if ($test['code'] != 403) {
k2s_checkErrors($test, 'Login error');
} else {
$page = geturl($domain, 80, '/', $referer . 'login.html', $cookie, 0, 0, $_GET['proxy'], $pauth);
is_page($page);
is_notpresent($page, '/auth/logout.html">Logout', 'Login Error.');
}
SaveCookies($user, $pass);
// Update cookies file
return true;
}
if ($_POST['step'] == '1') {
if (empty($_POST['recaptcha_response_field'])) {
html_error('You didn\'t enter the image verification code.');
}
$post['LoginForm%5BverifyCode%5D'] = '';
$post['recaptcha_challenge_field'] = urlencode($_POST['recaptcha_challenge_field']);
$post['recaptcha_response_field'] = urlencode($_POST['recaptcha_response_field']);
} else {
if (empty($_POST['captcha'])) {
html_error('You didn\'t enter the image verification code.');
}
$post['LoginForm%5BverifyCode%5D'] = urlencode($_POST['captcha']);
}
$_POST['step'] = false;
$cookie = StrToCookies(decrypt(urldecode($_POST['cookie'])));
$page = geturl($domain, 80, '/login.html', $referer, $cookie, $post, 0, $_GET['proxy'], $pauth);
is_page($page);
$cookie = GetCookiesArr($page, $cookie);
is_present($page, 'The verification code is incorrect.');
is_present($page, 'Incorrect username or password', 'Login Failed: Email/Password incorrect');
is_present($page, 'You logged in from different country IP', 'Login Failed: Your account was locked for security reasons, to unlock your account check your email');
if (empty($cookie['c903aeaf0da94d1b365099298d28f38f'])) {
html_error('Login Cookie Not Found');
}
if (empty($cookie['sessid'])) {
html_error('Session Cookie Not Found');
}
$test = k2s_apireq('test');
if ($test['code'] != 403) {
k2s_checkErrors($test, 'Login Error');
} else {
$page = geturl($domain, 80, '/', $referer . 'login.html', $cookie, 0, 0, $_GET['proxy'], $pauth);
is_page($page);
is_notpresent($page, '/auth/logout.html">Logout', 'Login Error');
}
SaveCookies($user, $pass);
// Update cookies file
return true;
}
</h2>
<input name="url" type="text" placeholder="paste your url here">
<input type="submit" value="shorten">
<br>
<div class="g-recaptcha" data-sitekey="<?php
echo SITEKEY;
?>
"></div>
</form>
</body>
</html>
<?php
} else {
if (reCAPTCHA()) {
$url_scheme = parse_url($_POST['url'], PHP_URL_SCHEME);
$filt = filter_var($_POST['url'], FILTER_VALIDATE_URL);
if ($filt !== false && ($url_scheme == "http" || $url_scheme == "https")) {
/**** HUMAN WITH GOOD URL ****/
// generate code
$pattern = "abcdefghijklmnopqrstuvwxyz0123456789";
while (true) {
$code = "";
for ($i = 0; $i < 6; $i++) {
$code .= $pattern[rand(0, 35)];
}
if (file_exists("./" . $code)) {
continue;
} else {
break;
