asfa

1. <?php
2.  
3. /*
4.  * Faucet in a BOX
5.  * https://faucetinabox.com/
6.  *
7.  * Copyright (c) 2014-2016 LiveHome Sp. z o. o.
8.  *
9.  * This file is part of Faucet in a BOX.
10.  *
11.  * Faucet in a BOX is free software: you can redistribute it and/or modify
12.  * it under the terms of the GNU General Public License as published by
13.  * the Free Software Foundation, either version 3 of the License, or
14.  * (at your option) any later version.
15.  *
16.  * Faucet in a BOX is distributed in the hope that it will be useful,
17.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19.  * GNU General Public License for more details.
20.  *
21.  * You should have received a copy of the GNU General Public License
22.  * along with Faucet in a BOX.  If not, see <http://www.gnu.org/licenses/>.
23.  */
24.  
25. require_once("script/common.php");
26. require_once("script/admin_templates.php");
27. require_once("libs/coolphpcaptcha.php");
28.  
29. function regenerate_csrf_token() {
30.     global $session_prefix;
31.     $_SESSION["$session_prefix-csrftoken"] = base64_encode(openssl_random_pseudo_bytes(20));
32. }
33.  
34. function get_csrf_token() {
35.     global $session_prefix;
36.     return "<input type=\"hidden\" name=\"csrftoken\" value=\"". $_SESSION["$session_prefix-csrftoken"]. "\">";
37. }
38.  
39. function checkOneclickUpdatePossible($response) {
40.     global $version;
41.  
42.     $oneclick_update_possible = false;
43.     if (!empty($response['changelog'][$version]['hashes'])) {
44.         $hashes = $response['changelog'][$version]['hashes'];
45.         $oneclick_update_possible = class_exists("ZipArchive");
46.         foreach ($hashes as $file => $hash)  {
47.             if (strpos($file, 'templates/') === 0)
48.                 continue;
49.             $oneclick_update_possible &=
50.                 is_writable($file) &&
51.                 sha1_file($file) === $hash;
52.         }
53.     }
54.     return $oneclick_update_possible;
55. }
56.  
57. function setNewPass() {
58.     global $sql;
59.     $alphabet = str_split('qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890');
60.     $password = '';
61.     for($i = 0; $i < 15; $i++)
62.         $password .= $alphabet[array_rand($alphabet)];
63.     $hash = crypt($password);
64.     $sql->query("REPLACE INTO Faucetinabox_Settings VALUES ('password', '$hash')");
65.     return $password;
66. }
67.  
68. $template_updates = array(
69.     array(
70.         "test" => "/address_input_name/",
71.         "message" => "Name of the address field has to be updated. Please follow <a href='https://bitcointalk.org/index.php?topic=1094930.msg12231246#msg12231246'>these instructions</a>"
72.     ),
73.     array(
74.         "test" => "/libs\/mmc\.js/",
75.         "message" => "Add <code>".htmlspecialchars('<script type="text/javascript" src="libs/mmc.js"></script>')."</code> after jQuery in <code>&lt;head&gt;</code> section."
76.     ),
77.     array(
78.         "test" => "/honeypot/",
79.         "message" => "Add <code><pre>".htmlspecialchars('<input type="text" name="address" class="form-control" style="position: absolute; position: fixed; left: -99999px; top: -99999px; opacity: 0; width: 1px; height: 1px">')."<br>".htmlspecialchars('<input type="checkbox" name="honeypot" style="position: absolute; position: fixed; left: -99999px; top: -99999px; opacity: 0; width: 1px; height: 1px">')."</pre></code> near the input with name <code>".htmlspecialchars('<?php echo $data["address_input_name"]; ?>')."</code>."
80.     ),
81.     array(
82.         "test" => "/claim\-button/",
83.         "message" => "Add <code>claim-button</code> class to claim button. Without it button timer and adblock detection won't work"
84.     )
85. );
86.  
87.  
88. if (session_id()) {
89.     if (empty($_SESSION["$session_prefix-csrftoken"])) {
90.         regenerate_csrf_token();
91.     }
92.     if ($_SERVER["REQUEST_METHOD"] == "POST") {
93.         if (empty($_POST["csrftoken"]) || $_SESSION["$session_prefix-csrftoken"] != $_POST["csrftoken"]) {
94.             trigger_error("CSRF failed!");
95.             $_POST = [];
96.             $_REQUEST = [];
97.             $_SERVER["REQUEST_METHOD"] = "GET";
98.         }
99.     }
100. }
101.  
102.  
103. if (!$pass) {
104.     // first run
105.     $sql->query($default_data_query);
106.     $password = setNewPass();
107.     $page = str_replace('<:: content ::>', $pass_template, $master_template);
108.     $page = str_replace('<:: password ::>', $password, $page);
109.     die($page);
110. }
111.  
112. if ($disable_admin_panel) {
113.     trigger_error("Admin panel disabled in config!");
114.     header("Location: index.php");
115.     die("Please wait...");
116. }
117.  
118. if (array_key_exists('p', $_GET) && $_GET['p'] == 'logout')
119.     $_SESSION = [];
120.  
121. if (array_key_exists('p', $_GET) && $_GET['p'] == 'password-reset') {
122.     $error = "";
123.     if (array_key_exists('dbPass', $_POST)) {
124.         $user_captcha = array_key_exists("captcha", $_POST) ? $_POST["captcha"] : "";
125.         $captcha = new FiabCoolCaptcha();
126.         $captcha->session_var = "$session_prefix-cool-php-captcha";
127.         if ($captcha->isValid($user_captcha)) {
128.             if ($_POST['dbpass'] == $dbpass) {
129.                 $password = setNewPass();
130.                 $page = str_replace('<:: content ::>', $pass_template, $master_template);
131.                 $page = str_replace('<:: password ::>', $password, $page);
132.                 die($page);
133.             } else {
134.                 $error = $dbpass_error_template;
135.             }
136.         } else {
137.             $error = $captcha_error_template;
138.         }
139.     }
140.     $page = str_replace('<:: content ::>', $error.$pass_reset_template, $master_template);
141.     $page = str_replace("<:: csrftoken ::>", get_csrf_token(), $page);
142.     die($page);
143. }
144.  
145. $invalid_key = false;
146. if (array_key_exists('password', $_POST)) {
147.     $user_captcha = array_key_exists("captcha", $_POST) ? $_POST["captcha"] : "";
148.     $captcha = new FiabCoolCaptcha();
149.     $captcha->session_var = "$session_prefix-cool-php-captcha";
150.     if ($captcha->isValid($user_captcha)) {
151.         if ($pass[0] == crypt($_POST['password'], $pass[0])) {
152.             $_SESSION["$session_prefix-logged_in"] = true;
153.             header("Location: ?session_check=0");
154.             die();
155.         } else {
156.             $admin_login_template = $login_error_template.$admin_login_template;
157.         }
158.     } else {
159.         $admin_login_template = $captcha_error_template.$admin_login_template;
160.     }
161. }
162. if (array_key_exists("session_check", $_GET)) {
163.     if (array_key_exists("$session_prefix-logged_in", $_SESSION)) {
164.         header("Location: ?");
165.         die();
166.     } else {
167.         //show alert on login screen
168.         $admin_login_template = $session_error_template.$admin_login_template;
169.     }
170. }
171.  
172. if (array_key_exists("$session_prefix-logged_in", $_SESSION)) { // logged in to admin page
173.  
174.     //ajax
175.     if (array_key_exists("action", $_POST)) {
176.  
177.         header("Content-type: application/json");
178.  
179.         $response = ["status" => 404];
180.  
181.         switch ($_POST["action"]) {
182.             case "check_referrals":
183.  
184.                 $referral = array_key_exists("referral", $_POST) ? trim($_POST["referral"]) : "";
185.  
186.                 $response["status"] = 200;
187.                 $response["addresses"] = [];
188.  
189.                 if (strlen($referral) > 0) {
190.  
191.                     $q = $sql->prepare("SELECT `a`.`address`, `r`.`address` FROM `Faucetinabox_Refs` `r` LEFT JOIN `Faucetinabox_Addresses` `a` ON `r`.`id` = `a`.`ref_id` WHERE `r`.`address` LIKE ? ORDER BY `a`.`last_used` DESC");
192.                     $q->execute(["%".$referral."%"]);
193.                     while ($row = $q->fetch()) {
194.                         $response["addresses"][] = [
195.                             "address" => $row[0],
196.                             "referral" => $row[1],
197.                         ];
198.                     }
199.  
200.                 }
201.  
202.             break;
203.         }
204.  
205.         die(json_encode($response));
206.  
207.     }
208.  
209.     if (array_key_exists('task', $_POST) && $_POST['task'] == 'oneclick-update') {
210.         function recurse_copy($copy_as_new,$src,$dst) {
211.             $dir = opendir($src);
212.             @mkdir($dst);
213.             while (false !== ( $file = readdir($dir)) ) {
214.                 if (( $file != '.' ) && ( $file != '..' )) {
215.                     if ( is_dir($src . '/' . $file) ) {
216.                         recurse_copy($copy_as_new, $src . '/' . $file,$dst . '/' . $file);
217.                     }
218.                     else {
219.                         $dstfile = $dst.'/'.$file;
220.                         if (in_array(realpath($dstfile), $copy_as_new))
221.                             $dstfile .= ".new";
222.                         if (!copy($src . '/' . $file,$dstfile)) {
223.                             return false;
224.                         }
225.                     }
226.                 }
227.             }
228.             closedir($dir);
229.             return true;
230.         }
231.         function rrmdir($dir) {
232.           if (is_dir($dir)) {
233.             $objects = scandir($dir);
234.             foreach ($objects as $object) {
235.               if ($object != "." && $object != "..") {
236.                 if (filetype($dir."/".$object) == "dir") rrmdir($dir."/".$object); else unlink($dir."/".$object);
237.               }
238.             }
239.             reset($objects);
240.             rmdir($dir);
241.           }
242.         }
243.  
244.         ini_set('display_errors', true);
245.         error_reporting(-1);
246.         $fb = new Service("faucetbox", null, null, $connection_options);
247.         $response = $fb->fiabVersionCheck();
248.         if (empty($response['version']) || $response['version'] == $version || !checkOneclickUpdatePossible($response)) {
249.             header("Location: ?update_status=fail");
250.             die();
251.         }
252.  
253.         $url = $response["url"];
254.         if ($url[0] == '/') $url = "https:$url";
255.         $url .= "?update=auto";
256.  
257.         if (!file_put_contents('update.zip', fopen($url, 'rb'))) {
258.             header("Location: ?update_status=fail");
259.             die();
260.         }
261.  
262.         $zip = new ZipArchive();
263.         if (!$zip->open('update.zip')) {
264.             unlink('update.zip');
265.             header("Location: ?update_status=fail");
266.             die();
267.         }
268.  
269.         if (!$zip->extractTo('./')) {
270.             unlink('update.zip');
271.             header("Location: ?update_status=fail");
272.             die();
273.         }
274.  
275.         $dir = trim($zip->getNameIndex(0), '/');
276.         $zip->close();
277.         unlink('update.zip');
278.         unlink("$dir/config.php");
279.  
280.         $modified_files = [];
281.         foreach ($response['changelog'][$version]['hashes'] as $file => $hash) {
282.             if (strpos($file, 'templates/') === 0 &&
283.                sha1_file($file) !== $hash
284.             ) {
285.                 $modified_files[] = realpath($file);
286.             }
287.         }
288.         if (!recurse_copy($modified_files, $dir, '.')) {
289.             header("Location: ?update_status=fail");
290.             die();
291.         }
292.         rrmdir($dir);
293.         header("Location: ?update_status=success&new_files=".count($modified_files));
294.         die();
295.     }
296.  
297.     if (
298.         array_key_exists("update_status", $_GET) &&
299.         in_array($_GET["update_status"], ["success", "fail"])
300.     ) {
301.         if ($_GET["update_status"] == "success") {
302.             $oneclick_update_alert = $oneclick_update_success_template;
303.         } else {
304.             $oneclick_update_alert = $oneclick_update_fail_template;
305.         }
306.     } else {
307.         $oneclick_update_alert = "";
308.     }
309.  
310.     if (array_key_exists("encoded_data", $_POST)) {
311.         $data = base64_decode($_POST["encoded_data"]);
312.         if ($data) {
313.             parse_str($data, $tmp);
314.             $_POST = array_merge($_POST, $tmp);
315.         }
316.     }
317.  
318.     if (array_key_exists('get_options', $_POST)) {
319.         if (file_exists("templates/{$_POST["get_options"]}/setup.php")) {
320.             require_once("templates/{$_POST["get_options"]}/setup.php");
321.             die(getTemplateOptions($sql, $_POST['get_options']));
322.         } else {
323.             die('<p>No template defined options available.</p>');
324.         }
325.     } else if (
326.         array_key_exists("reset", $_POST) &&
327.         array_key_exists("factory_reset_confirm", $_POST) &&
328.         $_POST["factory_reset_confirm"] == "on"
329.     ) {
330.         $sql->exec("DELETE FROM Faucetinabox_Settings WHERE name NOT LIKE '%key%' AND name != 'password'");
331.         $sql->exec($default_data_query);
332.     }
333.     $q = $sql->prepare("SELECT value FROM Faucetinabox_Settings WHERE name = ?");
334.     $q->execute(array('apikey'));
335.     $apikey = $q->fetch();
336.     $apikey = $apikey[0];
337.     $q->execute(array('currency'));
338.     $currency = $q->fetch();
339.     $currency = $currency[0];
340.     $q->execute(array('service'));
341.     $service = $q->fetch();
342.     $service = $service[0];
343.    
344.     $fb = new Service($service, $apikey, $currency, $connection_options);
345.     $connection_error = '';
346.     $curl_warning = '';
347.     $missing_configs_info = '';
348.     if (!empty($missing_configs)) {
349.         $list = '';
350.         foreach ($missing_configs as $missing_config) {
351.             $list .= str_replace(array("<:: config_name ::>", "<:: config_default ::>", "<:: config_description ::>"), array($missing_config['name'], $missing_config['default'], $missing_config['desc']), $missing_config_template);
352.         }
353.         $missing_configs_info = str_replace("<:: missing_configs ::>", $list, $missing_configs_template);
354.     }
355.     if ($fb->curl_warning) {
356.         $curl_warning = $curl_warning_template;
357.     }
358.     $currencies = array('BTC', 'LTC', 'DOGE', 'PPC', 'XPM', 'DASH');
359.     $send_coins_message = '';
360.     if (array_key_exists('send_coins', $_POST)) {
361.  
362.         $amount = array_key_exists('send_coins_amount', $_POST) ? intval($_POST['send_coins_amount']) : 0;
363.         $address = array_key_exists('send_coins_address', $_POST) ? trim($_POST['send_coins_address']) : '';
364.  
365.         $fb = new Service($service, $apikey, $currency, $connection_options);
366.         $ret = $fb->send($address, $amount, getIP());
367.  
368.         if ($ret['success']) {
369.             $send_coins_message = str_replace(array('{{amount}}','{{address}}'), array($amount,$address), $send_coins_success_template);
370.         } else {
371.             $send_coins_message = str_replace(array('{{amount}}','{{address}}','{{error}}'), array($amount,$address,$ret['message']), $send_coins_error_template);
372.         }
373.  
374.     }
375.     $changes_saved = "";
376.     if (array_key_exists('save_settings', $_POST)) {
377.         $service = $_POST['service'];
378.         $currency = $_POST['currency'];
379.         $fb = new Service($service, $_POST['apikey'], $currency, $connection_options);
380.         $ret = $fb->getBalance();
381.         if ($fb->communication_error) {
382.             $connection_error = $connection_error_template;
383.         }
384.  
385.         //411 - invalid api key (FaucetSystem.com)
386.         if ($ret['status'] == 403 || $ret['status'] == 411) {
387.             $invalid_key = true;
388.         } elseif ($ret['status'] == 405) {
389.             $sql->query("UPDATE Faucetinabox_Settings SET `value` = 0 WHERE name = 'balance'");
390.         } elseif (array_key_exists('balance', $ret)) {
391.             $q = $sql->prepare("UPDATE Faucetinabox_Settings SET `value` = ? WHERE name = 'balance'");
392.             if ($currency != 'DOGE')
393.                 $q->execute(array($ret['balance']));
394.             else
395.                 $q->execute(array($ret['balance_bitcoin']));
396.         }
397.  
398.         $q = $sql->prepare("INSERT IGNORE INTO Faucetinabox_Settings (`name`, `value`) VALUES (?, ?)");
399.         $template = $_POST["template"];
400.         preg_match_all('/\$data\[([\'"])(custom_(?:(?!\1).)*)\1\]/', file_get_contents("templates/$template/index.php"), $matches);
401.         foreach ($matches[2] as $box)
402.             $q->execute(array("{$box}_$template", ''));
403.  
404.  
405.         $sql->beginTransaction();
406.         $q = $sql->prepare("UPDATE Faucetinabox_Settings SET value = ? WHERE name = ?");
407.         $ipq = $sql->prepare("INSERT INTO Faucetinabox_Pages (url_name, name, html) VALUES (?, ?, ?)");
408.         $sql->exec("DELETE FROM Faucetinabox_Pages");
409.         foreach ($_POST as $k => $v) {
410.             if ($k == 'apikey' && $invalid_key)
411.                 continue;
412.             if ($k == 'pages') {
413.                 foreach ($_POST['pages'] as $p) {
414.                     $url_name = strtolower(preg_replace("/[^A-Za-z0-9_\-]/", '', $p["name"]));
415.                     $i = 0;
416.                     $success = false;
417.                     while (!$success) {
418.                         try {
419.                             if ($i)
420.                                 $ipq->execute(array($url_name.'-'.$i, $p['name'], $p['html']));
421.                             else
422.                                 $ipq->execute(array($url_name, $p['name'], $p['html']));
423.                             $success = true;
424.                         } catch(PDOException $e) {
425.                             $i++;
426.                         }
427.                     }
428.                 }
429.                 continue;
430.             }
431.             $q->execute(array($v, $k));
432.         }
433.         foreach (["block_adblock", "iframe_sameorigin_only", "nastyhosts_enabled", "reverse_proxy"] as $key) {
434.             if (!array_key_exists($key, $_POST)) $q->execute(array("", $key));
435.         }
436.         $sql->commit();
437.  
438.         $changes_saved = $changes_saved_template;
439.     }
440.     $captcha_enabled = false;
441.     $faucet_disabled = false;
442.     $page = str_replace('<:: content ::>', $admin_template, $master_template);
443.     $query = $sql->query("SELECT name, value FROM Faucetinabox_Settings");
444.     while ($row = $query->fetch()) {
445.         if ($row[0] == 'template') {
446.             if (file_exists("templates/{$row[1]}/index.php")) {
447.                 $current_template = $row[1];
448.             } else {
449.                 $templates = glob("templates/*");
450.                 if ($templates)
451.                     $current_template = substr($templates[0], strlen('templates/'));
452.                 else
453.                     die(str_replace("<:: content ::>", "<div class='alert alert-danger' role='alert'>No templates found! Please reinstall your faucet.</div>", $master_template));
454.             }
455.         } else {
456.             if (in_array($row[0], ["block_adblock", "iframe_sameorigin_only", "nastyhosts_enabled", "reverse_proxy"])) {
457.                 $row[1] = $row[1] == "on" ? "checked" : "";
458.             }
459.             if (in_array($row[0], ["apikey", "rewards"]) && empty($row[1])) {
460.                 $faucet_disabled = true;
461.             }
462.             if (strpos($row[0], "recaptcha_") !== false || strpos($row[0], "solvemedia_") !== false || strpos($row[0], "funcaptcha_") !== false) {
463.                 if (!empty($row[1])) {
464.                     $captcha_enabled = true;
465.                 }
466.             }
467.             $page = str_replace("<:: {$row[0]} ::>", $row[1], $page);
468.         }
469.     }
470.    
471.     $faucet_disabled_message = $faucet_disabled_template;
472.     if (!$faucet_disabled && $captcha_enabled) {
473.         $faucet_disabled_message = "";
474.     }
475.     $page = str_replace("<:: faucet_disabled ::>", $faucet_disabled_message, $page);
476.  
477.  
478.     $templates = '';
479.     foreach (glob("templates/*") as $template) {
480.         $template = basename($template);
481.         if ($template == $current_template) {
482.             $templates .= "<option selected>$template</option>";
483.         } else {
484.             $templates .= "<option>$template</option>";
485.         }
486.     }
487.     $page = str_replace('<:: templates ::>', $templates, $page);
488.     $page = str_replace('<:: current_template ::>', $current_template, $page);
489.  
490.  
491.     if (file_exists("templates/{$current_template}/setup.php")) {
492.         require_once("templates/{$current_template}/setup.php");
493.         $page = str_replace('<:: template_options ::>', getTemplateOptions($sql, $current_template), $page);
494.     } else {
495.         $page = str_replace('<:: template_options ::>', '<p>No template defined options available.</p>', $page);
496.     }
497.  
498.     $template_string = file_get_contents("templates/{$current_template}/index.php");
499.     $template_updates_info = '';
500.     foreach ($template_updates as $update) {
501.         if (!preg_match($update["test"], $template_string)) {
502.             $template_updates_info .= str_replace("<:: message ::>", $update["message"], $template_update_template);
503.         }
504.     }
505.     if (!empty($template_updates_info)) {
506.         $template_updates_info = str_replace("<:: template_updates ::>", $template_updates_info, $template_updates_template);
507.     }
508.  
509.     $q = $sql->query("SELECT name, html FROM Faucetinabox_Pages ORDER BY id");
510.     $pages = '';
511.     $pages_nav = '';
512.     $i = 1;
513.     while ($userpage = $q->fetch()) {
514.         $html = htmlspecialchars($userpage['html']);
515.         $name = htmlspecialchars($userpage['name']);
516.         $pages .= str_replace(array('<:: i ::>', '<:: page_name ::>', '<:: html ::>'),
517.                               array($i, $name, $html), $page_form_template);
518.         $pages_nav .= str_replace('<:: i ::>', $i, $page_nav_template);
519.         ++$i;
520.     }
521.     $page = str_replace('<:: pages ::>', $pages, $page);
522.     $page = str_replace('<:: pages_nav ::>', $pages_nav, $page);
523.     $currencies_select = "";
524.     foreach ($currencies as $c) {
525.         if ($currency == $c)
526.             $currencies_select .= "<option value='$c' selected>$c</option>";
527.         else
528.             $currencies_select .= "<option value='$c'>$c</option>";
529.     }
530.     $page = str_replace('<:: currency ::>', $currency, $page);
531.     $page = str_replace('<:: currencies ::>', $currencies_select, $page);
532.  
533.  
534.     if ($invalid_key)
535.         $page = str_replace('<:: invalid_key ::>', $invalid_key_error_template, $page);
536.     else
537.         $page = str_replace('<:: invalid_key ::>', '', $page);
538.  
539.     $services = "";
540.     foreach($fb->getServices() as $s => $name) {
541.         if($s == $service) {
542.             $services .= "<option value='$s' selected>$name</option>";
543.         } else {
544.             $services .= "<option value='$s'>$name</option>";
545.         }
546.     }
547.     $page = str_replace('<:: services ::>', $services, $page);
548.  
549.     $page = str_replace('<:: page_form_template ::>',
550.                         json_encode($page_form_template),
551.                         $page);
552.     $page = str_replace('<:: page_nav_template ::>',
553.                         json_encode($page_nav_template),
554.                         $page);
555.  
556.     $new_files = [];
557.     foreach (new RecursiveIteratorIterator (new RecursiveDirectoryIterator ('templates')) as $file) {
558.         $file = $file->getPathname();
559.         if (substr($file, -4) == ".new") {
560.             $new_files[] = $file;
561.         }
562.     }
563.  
564.     if ($new_files) {
565.         $new_files = implode("\n", array_map(function($v) { return "<li>$v</li>"; }, $new_files));
566.         $new_files = str_replace("<:: new_files ::>", $new_files, $new_files_template);
567.     } else {
568.         $new_files = "";
569.     }
570.     $page = str_replace("<:: new_files ::>", $new_files, $page);
571.  
572.     $q = $sql->query("SELECT value != CURDATE() FROM Faucetinabox_Settings WHERE name = 'update_last_check' ");
573.     $recheck_version = $q->fetch();
574.     if ($recheck_version && $recheck_version[0]) {
575.         $response = $fb->fiabVersionCheck();
576.         $oneclick_update_possible = checkOneclickUpdatePossible($response);
577.         if (!$connection_error && $response['version'] && $version < intval($response["version"])) {
578.             $page = str_replace('<:: version_check ::>', $new_version_template, $page);
579.             $changelog = '';
580.             foreach ($response['changelog'] as $v => $changes) {
581.                 $changelog_entries = array_map(function($entry) {
582.                     return "<li>$entry</li>";
583.                 }, $changes['changelog']);
584.                 $changelog_entries = implode("", $changelog_entries);
585.                 if (intval($v) > $version) {
586.                     $changelog .= "<p>Changes in r$v (${changes['released']}): <ul>${changelog_entries}</ul></p>";
587.                 }
588.             }
589.             $page = str_replace(array('<:: url ::>', '<:: version ::>', '<:: changelog ::>'), array($response['url'], $response['version'], $changelog), $page);
590.             if ($oneclick_update_possible) {
591.                 $page = str_replace('<:: oneclick_update_button ::>', $oneclick_update_button_template, $page);
592.             } else {
593.                 $page = str_replace('<:: oneclick_update_button ::>', '', $page);
594.             }
595.         } else {
596.             $page = str_replace('<:: version_check ::>', '', $page);
597.             $sql->query("UPDATE Faucetinabox_Settings SET value = CURDATE() WHERE name = 'update_last_check' ");
598.         }
599.     } else {
600.         $page = str_replace('<:: version_check ::>', '', $page);
601.     }
602.    
603.     $page = str_replace('<:: detected_reverse_proxy_name ::>', detectRevProxyProvider(), $page);
604.    
605.    
606.     $page = str_replace('<:: connection_error ::>', $connection_error, $page);
607.     $page = str_replace('<:: curl_warning ::>', $curl_warning, $page);
608.     $page = str_replace('<:: send_coins_message ::>', $send_coins_message, $page);
609.     $page = str_replace('<:: missing_configs ::>', $missing_configs_info, $page);
610.     $page = str_replace('<:: template_updates ::>', $template_updates_info, $page);
611.     $page = str_replace('<:: changes_saved ::>', $changes_saved, $page);
612.     $page = str_replace('<:: oneclick_update_alert ::>', $oneclick_update_alert, $page);
613.     $page = str_replace("<:: csrftoken ::>", get_csrf_token(), $page);
614.     $page = str_replace("<:: supported_services ::>", json_encode(Service::$services), $page);
615.     $page = str_replace("<:: fiab_version ::>", "r".$version, $page);
616.     die($page);
617. } else {
618.     // requested admin page without session
619.     $page = str_replace('<:: content ::>', $admin_login_template, $master_template);
620.     $page = str_replace("<:: csrftoken ::>", get_csrf_token(), $page);
621.     die($page);
622. }