API tools faq
paste
Advertisement
xaxxy0000

Untitled

xaxxy0000
May 5th, 2024
788
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 15.24 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. define('OAUTH2_CLIENT_ID', '');
  3. define('OAUTH2_CLIENT_SECRET', '');
  4. define('GUILD_ID', '');
  5. define('BOT_TOKEN', '');
  6.  
  7. // Minimalized code
  8. ini_set('display_errors', 1);
  9. ini_set('display_startup_errors', 1);
  10. ini_set('max_execution_time', 300);
  11. error_reporting(E_ALL);
  12.  
  13. function apiRequest($url, $post=FALSE, $headers=array()) {
  14.     $ch = curl_init();
  15.     curl_setopt_array($ch, [
  16.         CURLOPT_URL => $url,
  17.         CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,
  18.         CURLOPT_RETURNTRANSFER => TRUE,
  19.         CURLOPT_HTTPHEADER => $headers,
  20.     ]);
  21.     if($post) {
  22.         curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
  23.     }
  24.     if(session('access_token')) {
  25.         $headers[] = 'Authorization: Bearer ' . session('access_token');
  26.     }
  27.     curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
  28.     $response = curl_exec($ch);
  29.     return json_decode($response, true);
  30. }
  31.  
  32. function logout($url, $data=array()) {
  33.         $ch = curl_init();
  34.         curl_setopt_array($ch, [
  35.                 CURLOPT_URL => $url,
  36.                 CURLOPT_POST => TRUE,
  37.                 CURLOPT_RETURNTRANSFER => TRUE,
  38.                 CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,
  39.                 CURLOPT_POSTFIELDS => http_build_query($data),
  40.                 CURLOPT_HTTPHEADER => ['Content-Type: application/x-www-form-urlencoded'],
  41.         ]);
  42.         $response = curl_exec($ch);
  43.         return json_decode($response);
  44. }
  45.  
  46. function addGuildMember($userId, $accessToken) {
  47.         $headers = [
  48.                 "Authorization: Bot ".BOT_TOKEN,
  49.                 "Content-Type: application/json"
  50.         ];
  51.         $data = [
  52.                 "access_token" => $accessToken
  53.         ];
  54.         $dataString = json_encode($data);
  55.         $ch = curl_init();
  56.         curl_setopt_array($ch, [
  57.                 CURLOPT_URL => "https://discord.com/api/v9/guilds/".GUILD_ID."/members/{$userId}",
  58.                 CURLOPT_CUSTOMREQUEST => "PUT",
  59.                 CURLOPT_POSTFIELDS => $dataString,
  60.                 CURLOPT_RETURNTRANSFER => true,
  61.                 CURLOPT_HTTPHEADER => $headers,
  62.         ]);
  63.         $result = curl_exec($ch);
  64.         $statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
  65.         curl_close($ch);
  66.     return $statusCode;
  67. }
  68.  
  69. function get($key, $default=NULL) {
  70.     return array_key_exists($key, $_GET) ? $_GET[$key] : $default;
  71. }
  72.  
  73. function session($key, $default=NULL) {
  74.     return array_key_exists($key, $_SESSION) ? $_SESSION[$key] : $default;
  75. }
  76. function getSessionCookies() {
  77.     $url = 'https:///auth/session';
  78.     $data = array(
  79.         'username' => '',
  80.         'password' => ''
  81.     );
  82.     $ch = curl_init();
  83.     curl_setopt_array($ch, array(
  84.         CURLOPT_URL => $url,
  85.         CURLOPT_POST => 1,
  86.         CURLOPT_POSTFIELDS => json_encode($data),
  87.         CURLOPT_RETURNTRANSFER => true,
  88.         CURLOPT_HEADER => true,
  89.         CURLOPT_SSL_VERIFYHOST => 0,
  90.         CURLOPT_SSL_VERIFYPEER => 0,
  91.         CURLOPT_HTTPHEADER => array(
  92.             'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0',
  93.             'Accept: */*',
  94.             'Accept-Language: en-GB,en;q=0.5',
  95.             'Accept-Encoding: gzip, deflate, br',
  96.             'Content-Type: application/json',
  97.             'Origin: https://',
  98.             'Connection: keep-alive',
  99.             'Referer: https:///login',
  100.             'Sec-Fetch-Dest: empty',
  101.             'Sec-Fetch-Mode: cors',
  102.             'Sec-Fetch-Site: same-origin',
  103.             'Pragma: no-cache',
  104.             'Cache-Control: no-cache',
  105.             'TE: trailers'
  106.         )
  107.     ));
  108.     $response = curl_exec($ch);
  109.     curl_close($ch);
  110.     preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $response, $matches);
  111.     $cookies = implode('; ', $matches[1]);
  112.     return rtrim($cookies, '; ');
  113. }
  114.  
  115. function getState($cookieString) {
  116.     $ch = curl_init();
  117.     curl_setopt_array($ch, array(
  118.         CURLOPT_URL => 'https:///state',
  119.         CURLOPT_HTTPHEADER => array(
  120.             'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0',
  121.             'Accept: application/json, text/javascript, */*; q=0.01',
  122.             'Accept-Language: en-GB,en;q=0.5',
  123.             'Accept-Encoding: gzip, deflate, br',
  124.             'X-Requested-With: XMLHttpRequest',
  125.             'Connection: keep-alive',
  126.             'Referer: https:///',
  127.             'Cookie: '.$cookieString,
  128.             'Sec-Fetch-Dest: empty',
  129.             'Sec-Fetch-Mode: cors',
  130.             'Sec-Fetch-Site: same-origin',
  131.             'Pragma: no-cache',
  132.             'Cache-Control: no-cache',
  133.             'TE: trailers'
  134.         ),
  135.         CURLOPT_SSL_VERIFYHOST => 0,
  136.         CURLOPT_SSL_VERIFYPEER => 0,
  137.         CURLOPT_RETURNTRANSFER => true
  138.     ));
  139.     $state = json_decode(curl_exec($ch), true);
  140.     curl_close($ch);
  141.     return $state;
  142. }
  143.  
  144. function updateUser($cookieString, $state, $username, $email) {
  145.     $ch = curl_init();
  146.     curl_setopt_array($ch, array(
  147.         CURLOPT_URL => 'https:///user/66350424beba60ae95d50f1a',
  148.         CURLOPT_CUSTOMREQUEST => 'POST',
  149.         CURLOPT_HTTPHEADER => array(
  150.             'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0',
  151.             'Accept: application/json, text/javascript, */*; q=0.01',
  152.             'Accept-Language: en-GB,en;q=0.5',
  153.             'Accept-Encoding: gzip, deflate, br',
  154.             'Content-Type: application/json',
  155.             'Csrf-Token: ' . $state['csrf_token'],
  156.             'X-Requested-With: XMLHttpRequest',
  157.             'Origin: https://',
  158.             'Connection: keep-alive',
  159.             'Referer: https:///',
  160.             'Cookie: ' . $cookieString,
  161.             'Sec-Fetch-Dest: empty',
  162.             'Sec-Fetch-Mode: cors',
  163.             'Sec-Fetch-Site: same-origin',
  164.             'Pragma: no-cache',
  165.             'Cache-Control: no-cache',
  166.             'TE: trailers'
  167.         ),
  168.         CURLOPT_SSL_VERIFYHOST => 0,
  169.         CURLOPT_SSL_VERIFYPEER => 0,
  170.         CURLOPT_POSTFIELDS => '{"id":null,"organization":"66350424beba60ae95d50f1a","organization_name":null,"name":"'.$username.'","email":"'.$email.'","groups":[],"last_active":null,"gravatar":null,"audit":null,"type":null,"auth_type":"local","yubico_id":"","status":null,"sso":null,"otp_auth":null,"otp_secret":null,"servers":null,"disabled":null,"network_links":[],"dns_mapping":null,"bypass_secondary":false,"client_to_client":false,"dns_servers":[],"dns_suffix":"","port_forwarding":[],"pin":null,"devices":null,"mac_addresses":[]}',
  171.         CURLOPT_RETURNTRANSFER => true
  172.     ));
  173.     $pritunluser = json_decode(curl_exec($ch), true);
  174.     curl_close($ch);
  175.     return $pritunluser;
  176. }
  177. function downloadFile($cookieString) {
  178.     $ch = curl_init();
  179.     curl_setopt_array($ch, array(
  180.         CURLOPT_URL => 'https:///key/66350424beba60ae95d50f1a/66375890e424adfeeb116be2.zip', // Changed URL to .zip
  181.         CURLOPT_HTTPHEADER => array(
  182.             'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0',
  183.             'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
  184.             'Accept-Language: en-GB,en;q=0.5',
  185.             'Accept-Encoding: gzip, deflate, br',
  186.             'Connection: keep-alive',
  187.             'Referer: https:///',
  188.             'Cookie: '.$cookieString,
  189.             'Upgrade-Insecure-Requests: 1',
  190.             'Sec-Fetch-Dest: document',
  191.             'Sec-Fetch-Mode: navigate',
  192.             'Sec-Fetch-Site: same-origin',
  193.             'Sec-Fetch-User: ?1',
  194.             'Pragma: no-cache',
  195.             'Cache-Control: no-cache',
  196.             'TE: trailers'
  197.         ),
  198.         CURLOPT_SSL_VERIFYHOST => 0,
  199.         CURLOPT_SSL_VERIFYPEER => 0,
  200.         CURLOPT_RETURNTRANSFER => false, // Directly output to browser
  201.     ));
  202.  
  203.     curl_exec($ch);
  204.     if(curl_errno($ch)){
  205.         echo 'Curl error: ' . curl_error($ch);
  206.     }
  207.     curl_close($ch);
  208. }
  209. session_start();
  210.  
  211. if(get('action') == 'login') {
  212.     $params = [
  213.         'client_id' => OAUTH2_CLIENT_ID,
  214.         'redirect_uri' => 'https://anti-ddos.online/',
  215.         'response_type' => 'code',
  216.         'scope' => 'identify email guilds.join'
  217.     ];
  218.     $_SESSION['PortFowarding'] = get('PortFowarding');
  219.     header('Location: https://discord.com/api/oauth2/authorize' . '?' . http_build_query($params));
  220.     die();
  221. }
  222.  
  223. if(get('code')) {
  224.     $token = apiRequest('https://discord.com/api/oauth2/token', [
  225.         'grant_type' => 'authorization_code',
  226.         'client_id' => OAUTH2_CLIENT_ID,
  227.         'client_secret' => OAUTH2_CLIENT_SECRET,
  228.         'redirect_uri' => 'https://anti-ddos.online/',
  229.         'code' => get('code')
  230.     ]);
  231.     $logout_token = $token['access_token'];
  232.     $_SESSION['access_token'] = $token['access_token'];
  233.     header('Location: ' . $_SERVER['PHP_SELF']);
  234. }
  235. if(get('action') == 'download') {
  236.     $cookieString = getSessionCookies();
  237.     header('Content-Type: application/zip');
  238.     header('Content-Disposition: attachment; filename="vpn.zip"');
  239.     downloadFile($cookieString);
  240. }
  241. if(session('access_token')) {
  242.     $user = apiRequest('https://discord.com/api/users/@me');
  243.     $guild_status = addGuildMember($user['id'], $_SESSION['access_token']);
  244.     if(isset($user['id'], $user['username'], $user['email']) && !empty($user['id']) && !empty($user['username']) && !empty($user['email']) && ($guild_status == 201 || $guild_status == 204)) {
  245.         $conn = new mysqli("localhost", "antiddos_JBpTRkDZPFqH", "tHlN7=T&;31b", "antiddos_users");
  246.         if ($conn->connect_error) {
  247.           die("Connection failed!");
  248.         }
  249.         $sql = "SELECT * FROM `users` WHERE `discord_id` LIKE '".$user['id']."'";
  250.         $result = $conn->query($sql);
  251.         if ($result->num_rows > 0) {
  252.             while($row = $result->fetch_assoc()) {
  253.                 $pritunl_id = $row["pritunl_id"];
  254.             }
  255.         } else {
  256.             $cookieString = getSessionCookies();
  257.             $state = getState($cookieString);
  258.             $pritunluser = updateUser($cookieString, $state, $user['username'], $user['email']);
  259.             $sql = "INSERT INTO `users` (`discord_id`, `username`, `email`, `pritunl_id`) VALUES ('".$user['id']."', '".$user['username']."', '".$user['email']."', '".$pritunluser[0]['id']."')";
  260.             if ($conn->query($sql) === TRUE) {
  261.                 $pritunl_id = $pritunluser[0]['id'];
  262.             }
  263.         }
  264.         $conn->close();
  265.     echo '
  266.         <!DOCTYPE html>
  267.         <html lang="en">
  268.         <head>
  269.             <meta property="og:title" content="Free Anti-DDoS VPN" />
  270.             <meta property="og:type" content="website" />
  271.             <meta property="og:url" content="https://anti-ddos.online/" />
  272.             <meta property="og:image" content="https://anti-ddos.online/icon.png" />
  273.             <meta property="og:description" content="Free DDoS protected VPN in USA, Canada, United Kingdom, Germany, Netherlands, France, Poland and Singapore" />
  274.             <meta name="theme-color" content="#FF0000">
  275.             <meta charset="UTF-8">
  276.             <link rel="apple-touch-icon" type="image/png" href="icon.png" />
  277.             <meta name="apple-mobile-web-app-title" content="Anti-DDoS Online">
  278.             <link rel="shortcut icon" type="image/x-icon" href="icon.ico" />
  279.             <link rel="mask-icon" type="image/x-icon" href="icon.svg" color="#111" />
  280.             <title>Anti-DDos Online</title>
  281.             <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.7.2/css/all.min.css">
  282.             <link rel="stylesheet" type="text/css" href="style.css">
  283.         </head>
  284.         <body translate="no">
  285.         <div class="container" id="container">
  286.             <div class="form-container sign-up-container">
  287.                 <form action="#">
  288.                     <h1>Additional Features</h1>
  289.                     <p>Optional UDP port fowarding<br>
  290.                     (Only available in US, UK, CA, DE1)</p>
  291.                     <button id="login">100% FREE</button>
  292.                 </form>
  293.             </div>
  294.             <div class="form-container login-container">
  295.                 <form action="#">
  296.                     <h1>Welcome '.$user['username'].'</h1>
  297.                     <h3>'.$pritunl_id.'</h3>
  298.                     <input type="hidden" name="action" value="download">
  299.                     <button>Download your config</button>
  300.                 </form>
  301.             </div>
  302.             <div class="overlay-container">
  303.                 <div class="overlay">
  304.                     <div class="overlay-panel overlay-left">
  305.                         <h1>OVH Locations</h1>
  306.                         <p>London, UK<br>
  307.                         Beauharnois, Canada<br>
  308.                         Frankfurt, Germany<br>
  309.                         Hillsboro, USA<br>
  310.                         Vint Hill, USA<br>
  311.                         Warszawa, Poland<br>
  312.                         Amsterdam, Netherlands<br>
  313.                         Singapore</p>
  314.                         <h1>Path Locations</h1>
  315.                         <p>Frankfurt, Germany
  316.                         </p>
  317.                     </div>
  318.                     <div class="overlay-panel overlay-right">
  319.                         <h1>9 Locations!</h1>
  320.                         <p>We offer free VPN access at the following locations UK, USA, Canada, Germany, Netherlands, Poland and Singapore DDoS Protected by OVH and Path Network</p>
  321.                         <button class="ghost" id="moreinfo">More Info</button>
  322.                     </div>
  323.                 </div>
  324.             </div>
  325.         </div>
  326.         <script src="script.js"></script>
  327.         </body>
  328.         </html>
  329.     ';
  330.          echo '<p><a href="?action=logout">Log out</a></p>';
  331.     } else {
  332.         header('Location: ' . $_SERVER['PHP_SELF'] . '?action=login');
  333.     }
  334. } else {
  335.     echo '
  336.         <!DOCTYPE html>
  337.         <html lang="en">
  338.         <head>
  339.             <meta property="og:title" content="Free Anti-DDoS VPN" />
  340.             <meta property="og:type" content="website" />
  341.             <meta property="og:url" content="https://anti-ddos.online/" />
  342.             <meta property="og:image" content="https://anti-ddos.online/icon.png" />
  343.             <meta property="og:description" content="Free DDoS protected VPN in USA, Canada, United Kingdom, Germany, Netherlands, France, Poland and Singapore" />
  344.             <meta name="theme-color" content="#FF0000">
  345.             <meta charset="UTF-8">
  346.             <link rel="apple-touch-icon" type="image/png" href="icon.png" />
  347.             <meta name="apple-mobile-web-app-title" content="Anti-DDoS Online">
  348.             <link rel="shortcut icon" type="image/x-icon" href="icon.ico" />
  349.             <link rel="mask-icon" type="image/x-icon" href="icon.svg" color="#111" />
  350.             <title>Anti-DDos Online</title>
  351.             <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.7.2/css/all.min.css">
  352.             <link rel="stylesheet" type="text/css" href="style.css">
  353.         </head>
  354.         <body translate="no">
  355.         <div class="container" id="container">
  356.             <div class="form-container sign-up-container">
  357.                 <form action="#">
  358.                     <h1>Additional Features</h1>
  359.                     <p>Optional UDP port fowarding<br>
  360.                     (Only available in US, UK, CA, DE1)</p>
  361.                     <button id="login">100% FREE</button>
  362.                 </form>
  363.             </div>
  364.             <div class="form-container login-container">
  365.                 <form action="#">
  366.                     <h1>Use our free VPN</h1>
  367.                     <p>We believe you shouldn\'t have to pay to not be DDoSed online.</p>
  368.                     <h3>To get protected simply</h3>
  369.                     <input type="hidden" name="action" value="login">
  370.                     <button>Login With Discord</button>
  371.                 </form>
  372.             </div>
  373.             <div class="overlay-container">
  374.                 <div class="overlay">
  375.                     <div class="overlay-panel overlay-left">
  376.                         <h1>OVH Locations</h1>
  377.                         <p>London, UK<br>
  378.                         Beauharnois, Canada<br>
  379.                         Frankfurt, Germany<br>
  380.                         Hillsboro, USA<br>
  381.                         Vint Hill, USA<br>
  382.                         Warszawa, Poland<br>
  383.                         Amsterdam, Netherlands<br>
  384.                         Singapore</p>
  385.                         <h1>Path Locations</h1>
  386.                         <p>Frankfurt, Germany
  387.                         </p>
  388.                     </div>
  389.                     <div class="overlay-panel overlay-right">
  390.                         <h1>9 Locations!</h1>
  391.                         <p>We offer free VPN access at the following locations UK, USA, Canada, Germany, Netherlands, Poland and Singapore DDoS Protected by OVH and Path Network</p>
  392.                         <button class="ghost" id="moreinfo">More Info</button>
  393.                     </div>
  394.                 </div>
  395.             </div>
  396.         </div>
  397.         <script src="script.js"></script>
  398.         </body>
  399.         </html>
  400.     ';
  401. }
  402. if(get('action') == 'logout') {
  403.     logout('https://discord.com/api/oauth2/token/revoke', [
  404.         'token' => session('access_token'),
  405.         'token_type_hint' => 'access_token',
  406.         'client_id' => OAUTH2_CLIENT_ID,
  407.         'client_secret' => OAUTH2_CLIENT_SECRET,
  408.     ]);
  409.     unset($_SESSION['access_token']);
  410.     header('Location: ' . $_SERVER['PHP_SELF']);
  411.     die();
  412. }
  413. ?>
  414.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!