API tools faq
paste
Guest User

Index.php file

a guest
Jun 4th, 2018
75
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.92 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // Facebook Multi Page/Group Poster v3
  3. // Created by Novartis (Safwan)
  4.  
  5. ob_start();
  6. error_reporting( 0 );
  7.  
  8. if ( file_exists( 'config.php' ) )
  9. require_once( 'config.php' );
  10. else
  11. require_once( 'functions.php' );
  12. require_once( 'includes/RestrictCSRF.php' );
  13.  
  14. //DB existence check, Creates DB files if not present
  15. if ( !file_exists( 'params.php' ) )
  16. require( 'includes/createdbs.php' );
  17. else
  18. require_once( 'params.php' );
  19. if ( !file_exists( $dbName . '-settings.db' ) || !file_exists( $dbName . '-logs.db' ) || !file_exists( $dbName . '-crons.db' ) || !file_exists( $dbName . '-users.db' ) || !file_exists( $dbName . '-presets.db' ) )
  20. require( 'includes/createdbs.php' );
  21.  
  22. readSettings();
  23.  
  24. if ( ( isset( $_GET[ 'lang' ] ) || isset( $_COOKIE[ 'FBMPGPLang' ] ) ) && file_exists( 'lang/' . ( isset( $_GET[ 'lang' ] ) ? $_GET[ 'lang' ] : $_COOKIE[ 'FBMPGPLang' ] ) . '-lang.php' ) )
  25. require_once( 'lang/' . ( isset( $_GET[ 'lang' ] ) ? $_GET[ 'lang' ] : $_COOKIE[ 'FBMPGPLang' ] ) . '-lang.php' );
  26. else
  27. require_once( 'lang/' . $adminOptions[ 'lang' ] . '-lang.php' );
  28.  
  29. $plugins = glob( "plugins/" . "*.php" );
  30. foreach( $plugins as $plugin ) {
  31. $pluginName = substr( $plugin, 8, -4 );
  32. if ( $adminOptions[ 'plug_' . $pluginName ] )
  33. require_once( $plugin );
  34. }
  35.  
  36. if ( $adminOptions[ 'scriptTitle' ] != "" )
  37. $lang['Script Title'] = $adminOptions[ 'scriptTitle' ];
  38. if ( $adminOptions[ 'scriptHeading' ] != "" )
  39. $lang['Heading'] = $adminOptions[ 'scriptHeading' ];
  40.  
  41. if ( isset( $_GET[ 'lang' ] ) && file_exists( 'lang/' . $_GET[ 'lang' ] . '-lang.php' ) ) {
  42. setcookie( "FBMPGPLang", $_GET[ 'lang' ], time() + 86400 * 365 );
  43. $_COOKIE[ 'FBMPGPLang' ] = $_GET[ 'lang' ];
  44. }
  45. if ( isset( $_COOKIE[ 'FBMPGPLang' ] ) && !file_exists( 'lang/' . $_COOKIE[ 'FBMPGPLang' ] . '-lang.php' ) ) {
  46. setcookie( "FBMPGPLang", '', time() - 50000 );
  47. unset( $_COOKIE[ 'FBMPGPLang' ] );
  48. }
  49.  
  50. //Is this a logout request?
  51. if ( isset( $_GET[ 'logout' ] ) ) {
  52. setcookie( "FBMPGPLogin", '', time() - 50000 );
  53. setcookie( "FBMPGPUserID", '', time() - 50000 );
  54. header( "Location: ./" );
  55. exit;
  56. }
  57.  
  58. //Is this a logged in user show help/documentation request?
  59. if ( isset( $_GET[ 'showhelp' ] ) ) {
  60. showHelp();
  61. }
  62.  
  63. //At this point we check all Input for XSS/SQLInjection attack, terminate execution if found!
  64. xssSqlClean();
  65.  
  66. //Is this an Image Proxy Request?
  67. if ( isset( $_GET[ 'proxyurl' ] ) ) {
  68. require_once( 'includes/proxy.php' );
  69. }
  70.  
  71. // initialize Facebook class using your own Facebook App credentials
  72. require_once( "src/facebook.php" );
  73. $fb = new Facebook( $config );
  74.  
  75. // Now we must check if the user is authorized. User might be logging in, authorizing the script or it may be a FB redirect request during the authorization process.
  76.  
  77. // So, first we check if we are on FB redirect during the authorization process.
  78. if ( isset( $_GET[ 'code' ] ) ) {
  79. require_once( 'includes/fbauth.php' );
  80. } elseif ( isset( $_POST[ 'un' ] ) && isset( $_POST[ 'pw' ] ) ) {
  81. // User is logging in...
  82. $user = strtolower( $_POST[ 'un' ] );
  83. $hashed_pass = md5( $_POST[ 'pw' ] );
  84. checkLogin( $user, $hashed_pass );
  85. if ( isset( $_POST[ 'rem' ] ) ) { // If user ticked 'Remember Me' while logging in
  86. $t = time() + 86400 * 365;
  87. } else {
  88. $t = 0;
  89. }
  90. setcookie( 'FBMPGPLogin', $cookie, $t );
  91. if ( $loggedIn )
  92. setcookie( 'FBMPGPUserID', $userId, $t );
  93. } elseif ( isset( $_POST[ 'suun' ] ) ) {
  94. require_once( 'includes/signup.php' );
  95. } elseif( isset($_GET['verify']) && ($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash']) AND isset($_GET['username']) && !empty($_GET['username']) ){
  96. $email = $_GET['email']; // Set email variable
  97. $hashString = explode("-",$_GET['hash']);
  98. $hash = $hashString[0];
  99. $hashed_pass = $hashString[1];
  100. $username = $_GET['username'];
  101. checkLogin( $username, $hashed_pass, 0 );
  102. } elseif ( isset( $_COOKIE[ 'FBMPGPLogin' ] ) ) {
  103. // Authorization Check
  104. $cookie = base64_decode( $_COOKIE[ 'FBMPGPLogin' ] );
  105. if ( isset( $_COOKIE[ 'FBMPGPUserID' ] ) )
  106. $uid = $_COOKIE[ 'FBMPGPUserID' ];
  107. else
  108. $uid = 0;
  109. $cookie = base64_decode( $_COOKIE[ 'FBMPGPLogin' ] );
  110. list( $user, $hashed_pass ) = explode( ':', $cookie );
  111. checkLogin( $user, $hashed_pass, $uid );
  112. } else {
  113. // No authorization found. Show login box
  114. showLogin();
  115. }
  116.  
  117. // Now the user must be logged in already for the below code to be executed
  118.  
  119. // Access Token Checking
  120. if ($adminOptions['emailVerify'] && $userOptions['emailSent'] && !$userOption['emailVerified']) {
  121. showHTML( $lang['Email Not Verified'], $lang['Welcome'] . " $userName" );
  122. } elseif ( $userToken != "" ) {
  123. require_once( 'includes/fbtoken.php' );
  124. } elseif ( !isset( $_POST[ 'token' ] ) ) {
  125. $message = '<div>' . $lang['Not Authorized'] . '.<br />
  126. ' . $lang['Click Authorize'] . '.<br /><br /><center>
  127. <form method=get id=Authorize action="https://www.facebook.com/' . $GLOBALS[ '__FBAPI__' ] . '/dialog/oauth">
  128. <input type=hidden name=client_id value="' . $config[ 'appId' ] . '">
  129. <input type=hidden name=redirect_uri value="http://' . $_SERVER[ 'HTTP_HOST' ] . $_SERVER[ 'SCRIPT_NAME' ] . '">
  130. <input type=hidden name=scope value="public_profile,user_photos,user_likes,user_managed_groups,manage_pages,publish_pages,publish_actions">
  131. <input type=hidden name=state value="' . $userName . '|safInit">
  132. <input type=submit value="' . $lang['Authorize'] . '">&nbsp;<input type=button onclick="showToken()" value="' . $lang['Enter'] . ' ' . $lang['Access Token'] . '">&nbsp;<sup><a href="" onclick="showTokenHelp();return false;">[?]</a></sup>
  133. </form></center>
  134. </div><br />
  135. <div style="font-size: x-small"><b>' . $lang['Permissions Required'] . ':</b><br />
  136. <b><em>' . $lang['Your Profile'] . ' - </em></b> ' . $lang['Profile Description'] . '.<br />
  137. <b><em>' . $lang['Your Photos'] . ' - </em></b> ' . $lang['Photos Description'] . '.<br />
  138. <b><em>' . $lang['Your Pages'] . ' - </em></b> ' . $lang['Pages Description'] . '.<br />
  139. <b><em>' . $lang['Publish Actions'] . ' - </em></b> ' . $lang['Publish Description'] . '.<br />
  140. <b><em>' . $lang['Groups List'] . ' - </em></b> ' . $lang['Groups Description'] . '.<br />
  141. </div>
  142. <div id=token class="lightbox ui-widget-content"><center>
  143. <form name=Account class="confirm" id=Account method=post action="?ucp">
  144. <h3 class="lightbox ui-widget-header">' . $lang["Access Token"] . '</h3>
  145. <br />
  146. <textarea name=token id=userTokenValue class="textbox" rows=5>' . ( $hardDemo && ( $userName == "Multi" ) ? "*****" : $userToken ) . '</textarea><input type=hidden name="users">
  147. </table>
  148. <input id=updateToken type=submit default value="' . $lang["Update"] . '" disabled> <input type=button value="' . $lang["OKay"] . '" onclick=\"$("#token").trigger("close");\">
  149. </form><br />
  150. </center>
  151. </div>
  152. <div id=tokenhelp class="lightbox ui-widget-content">
  153. <div id="fb-root"></div><script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/sdk.js#xfbml=1&version=v2.3"; fjs.parentNode.insertBefore(js, fjs);}(document, "script", "facebook-jssdk"));</script><div class="fb-video" data-allowfullscreen="1" data-href="/SarirSoftwares/videos/vb.658561290933922/767674873355896/?type=3"><div class="fb-xfbml-parse-ignore"><blockquote cite="https://www.facebook.com/SarirSoftwares/videos/767674873355896/"><a href="https://www.facebook.com/SarirSoftwares/videos/767674873355896/">Two Methods of Getting Access Tokens</a><p>Tutorial on getting application access tokens.Method One : Graph API Explorer TokenMethod Two: HTC Sense App TokenGraph API token is short lived, and expires after a few hours, or a day at most. HTC token has long expiry times.Graph API Explorer Tool URL:https://developers.facebook.com/tools/explorer/The URL to get HTC Sense Token, as indicated in the video is;https://www.facebook.com/dialog/oauth/?app_id=41158896424&amp;next=http%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html&amp;response_type=token&amp;client_id=41158896424&amp;state=y&amp;scope=public_profile,user_photos,user_likes,user_managed_groups,user_groups,manage_pages,publish_pages,publish_actions</p>Posted by <a href="https://www.facebook.com/SarirSoftwares/">Sarir Softwares</a> on Wednesday, 18 November 2015</blockquote></div></div>
  154. </div>';
  155. $message .= "<script>
  156. function showToken() {
  157. $('#token').lightbox_me({
  158. centered: true,
  159. onLoad: function() {
  160. $('#Account').find('textarea:first').focus()
  161. }
  162. });
  163. }
  164. function showTokenHelp() {
  165. $('#tokenhelp').lightbox_me({
  166. centered: true,
  167. });
  168. }
  169. $(document).ready(function() {
  170. $('#userTokenValue').on('change keydown paste', function(){
  171. $('#updateToken').enable();
  172. });
  173. });
  174. $('#Authorize').easyconfirm({
  175. eventType: 'submit',
  176. locale: { title: '" . $lang['Important Note'] . "', text: '" . $lang['User Auth Note'] . "', button: ['" . $lang['Cancel'] . "','" . $lang['Proceed'] . "']}
  177. });
  178. </script>";
  179. showHTML( $message, $lang['Welcome'] . " $userName" );
  180. }
  181.  
  182. // Is this a Page/Groups Refresh Data Request?
  183. if ( isset( $_GET[ 'rg' ] ) || isset( $_POST[ 'upGroups' ] ) ) {
  184. require_once( 'includes/fbrg.php' );
  185. }
  186.  
  187. // Is this a Post Preset Save submission?
  188. if ( isset($_POST[ 'pageid' ] ) ) {
  189. if ( isset( $_POST[ 'savename' ] ) ) {
  190. if ( ( $_POST[ 'pageid' ] == 0 ) && ( $_POST[ 'savename' ] !== '' ) ) {
  191. require_once( 'includes/savepost.php' );
  192. }
  193. }
  194. }
  195.  
  196. // Is this a logged in user show help/documentation request?
  197. if ( isset( $_GET[ 'usershowhelp' ] ) ) {
  198. showHelp();
  199. } elseif ( isset( $_GET[ 'ucp' ] ) ) {
  200. //User Control Panel request?
  201. require_once( 'includes/usercp.php' );
  202. } elseif ( isset( $_GET[ 'crons' ] ) ) {
  203. require_once( 'includes/showcrons.php' );
  204. }
  205.  
  206. if ( $userOptions[ 'userDisabled' ] )
  207. showHTML( $userOptions[ 'disableReason' ] . "<br />" . $lang['Manual approval'], $lang['Welcome'] . " $userName" );
  208.  
  209. // Now we have all the data as user is logged into us
  210. $pages = explode( "\n", urldecode( $pageData ) );
  211. $groups = explode( "\n", urldecode( $groupData ) );
  212. $isGroupPost = false;
  213.  
  214. if ( isset( $_POST[ 'pageid' ] ) ) {
  215. // Is this a Post Preset Save submission?
  216. if (isset($_POST['savename'])) {
  217. if (($_POST['pageid'] == 0) && ($_POST['savename'] !== '') ) {
  218. savePost();
  219. }
  220. }
  221. // This is a post submission. Time to actually post this submission to selected account.
  222. require_once( 'includes/post.php' );
  223. } else {
  224. // No pageid means not a post request, just show the fields and forms to fill-up
  225. require_once( 'includes/mainform.php' );
  226. require_once( 'includes/class.JavaScriptPacker.php' );
  227. $message = sanitizeOutput( $message );
  228. $packer = new JavaScriptPacker( $script, 10, true, false );
  229. $script = $packer->pack(); // We encrypt the javascript output to make copying difficult on public sites
  230. $message .= $script . '</script> ';
  231. showHTML( $message, "<img src='http://graph.facebook.com/" . $GLOBALS[ '__FBAPI__' ] . "/$userId/picture?redirect=1&height=64&type=normal&width=64' width=64 height=65 style='vertical-align:middle;'>&nbsp;" . $lang['Welcome'] . " $fullname" );
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!