AiPu8iY2

· 5 years ago · Dec 17, 2019, 09:16 PM
1<?php
2/**
3 * Template Name: Access Page
4 * Access Page
5 */
6
7$cookieDomain="toolsurf.com";
8$postURL="https://www.toolsurf.com";
9$api_params = array(
10'slm_action' => 'slm_check',
11'secret_key' => '5cd744b6bfe702.90811903',
12'license_key' => $_POST["access_code"],
13);
14$errorMessages = json_decode(file_get_contents(__DIR__."/AuthErrorMessages.json",FILE_USE_INCLUDE_PATH),true);
15$salt="r@jKumar";
16$allowedIP=0;
17$ipBlocking=false;
18function clearCookies($cookieDomain){
19    setcookie("seotools_data","",0,"/",$cookieDomain);
20    setcookie("seotools_login","",0,"/",$cookieDomain);
21    setcookie("seotools_user","",0,"/",$cookieDomain);
22}
23function getUserIP($trusted = array()) {
24        $wan_ip = $_SERVER['REMOTE_ADDR'];
25        foreach($trusted as &$t) {
26            if ( filter_var($t, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE|FILTER_FLAG_NO_RES_RANGE|FILTER_FLAG_IPV4|FILTER_FLAG_IPV6) === false ) {
27                $t = null;
28            }
29            }
30            unset($t);
31        $trusted = array_filter($trusted);
32        if (filter_var($_SERVER['SERVER_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE|FILTER_FLAG_NO_RES_RANGE|FILTER_FLAG_IPV4|FILTER_FLAG_IPV6) !== false) {
33            $trusted[] = $_SERVER['SERVER_ADDR'];
34        }
35        $ip_fields = array(
36            'HTTP_CLIENT_IP',
37            'HTTP_X_FORWARDED_FOR',
38            'HTTP_X_FORWARDED',
39            'HTTP_FORWARDED_FOR',
40            'HTTP_FORWARDED',
41            'HTTP_X_CLUSTER_CLIENT_IP',
42            'HTTP_CF_CONNECTING_IP',
43        );
44        foreach ( $ip_fields as $key ) {
45            if ( array_key_exists( $key, $_SERVER ) === true ) {
46                $proxy_list = explode( ',', $_SERVER[$key]);
47                $proxy_list = array_reverse($proxy_list);
48                $last = null;
49                $lan = false;
50                if(filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4|FILTER_FLAG_IPV6) !== false) {
51                    if ( filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE|FILTER_FLAG_IPV4|FILTER_FLAG_IPV6) === false ) {
52                        $last = $_SERVER['REMOTE_ADDR'];
53                        $lan = true;
54                    }
55                }
56                foreach ( $proxy_list as $k => &$ip ) {
57                
58                    $ip = trim( $ip );
59                    if(is_null($last) || filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4|FILTER_FLAG_IPV6) === false) {
60                        break;
61                    }
62                    
63                    if ($lan && filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE|FILTER_FLAG_IPV4|FILTER_FLAG_IPV6) === false ) {
64                        $last = $ip;
65                        continue;
66                    }
67                    
68                    (in_array($last, $trusted) || $lan) &&  $wan_ip = $ip;
69                    !in_array($ip, $trusted) && $lan = false;
70                    
71                    if (in_array($ip, $trusted)) {
72                        $last = $ip;
73                    }
74                    else {
75                        $last = null;
76                    }
77                }
78            }
79        }
80
81        return $wan_ip;
82}
83global $wpdb;
84$currentTools=$wpdb->get_results( "SELECT value FROM ".$wpdb->prefix."ak_am_settings_tb WHERE name='tools'");
85$currentTools=json_decode($currentTools[0]->value,true);
86if($_SERVER["REQUEST_METHOD"]=="POST"){
87    function hashify($input, $ky) {
88        $key   = html_entity_decode($ky);
89        $iv = "@@@@&&&&####$$$$";
90        $data = openssl_encrypt ( $input , "AES-128-CBC" , $key, 0, $iv );
91        return $data;
92    }
93    function dehashify($crypt, $ky) {
94        $key   = html_entity_decode($ky);
95        $iv = "@@@@&&&&####$$$$";
96        $data = openssl_decrypt ( $crypt , "AES-128-CBC" , $key, 0, $iv );
97        return $data;
98    }
99    if(!empty($_POST["access_code"])){
100        $ch = curl_init ($postURL);
101        curl_setopt ($ch, CURLOPT_POST, true);
102        curl_setopt ($ch, CURLOPT_POSTFIELDS, $api_params);
103        curl_setopt ($ch, CURLOPT_RETURNTRANSFER, true);
104        curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, false);
105        curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, false);
106        $headers = array("Cache-Control: no-cache"); 
107        curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
108        curl_setopt ($ch, CURLOPT_FRESH_CONNECT, TRUE);
109        $res = json_decode(curl_exec($ch));
110        if($res==null)
111            $logError = "Server Error Occured.. Try Again in sometime..";
112        else{
113            $blocked=false;
114            if($res->result=="success"){
115                if($res->status=="active"){
116                    $check=$wpdb->get_results( "SELECT data FROM ".$wpdb->prefix . "ak_am_access_data WHERE user='{$_POST["access_code"]}'");
117                    $blockCode=false;
118                    if(sizeof($check)==1){
119                        $dt=json_decode($check[0]->data,true);
120                        $user["code"]=$_POST["access_code"];
121...................................................................................
122............................................
123....................