Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if (!isset($_GET['userId']) || !isset($_GET['roleId'])) {
- exit('Error: No user and/or role specified.');
- }
- // I wonder what this could be.
- $groupId = 1076;
- // This is used later when GETing and POSTing to authenticate who we are to roblox
- $roblosec = '[redacted for obvious reason]';
- $csrf = '';
- function get($url) {
- global $roblosec;
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_COOKIE, '.ROBLOSECURITY=' . $roblosec);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($ch, CURLOPT_HEADER, 1);
- $result = curl_exec($ch);
- if (curl_errno($ch)) {
- exit('cURL error: ' . curl_error($ch));
- }
- curl_close($ch);
- return $result;
- }
- function post($url, $data) {
- global $roblosec, $csrf, $groupId;
- if (is_array($data)) {
- $temp_data = '';
- foreach($data as $k => $v) {
- $temp_data .= $k . '=' . $v . '&';
- }
- $data = substr($temp_data, 0, -1);
- }
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLINFO_HEADER_OUT, true);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_COOKIE, '.ROBLOSECURITY=' . $roblosec);
- curl_setopt($ch, CURLOPT_HEADER, 1);
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
- curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36');
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept-Encoding: gzip, deflate', 'Content-Length: 0', 'Origin: http://www.roblox.com', 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8', 'X-CSRF-TOKEN: ' . $csrf, 'X-Requested-With: XMLHttpRequest'));
- $result = curl_exec($ch);
- if (curl_errno($ch)) {
- exit('cURL error: ' . curl_error($ch));
- }
- curl_close($ch);
- return $result;
- }
- // Grap the csrf token
- preg_match('/Roblox\.XsrfToken\.setToken\(\'([^\']+)\'\);/sm', get('http://www.roblox.com/My/GroupAdmin.aspx?gid=' . $groupId), $m);
- $csrf = $m[1];
- // And now we actually change the user's rank
- echo nl2br(htmlentities(post('http://www.roblox.com/groups/api/change-member-rank?groupId=' . $groupId . '&newRoleSetId=' . $_GET['roleId'] . '&targetUserId=' . $_GET['userId'], '')));
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement