<?php
/**
 * @framework       iResponse Framework 
 * @version         1.0
 * @author          Amine Idrissi <contact@iresponse.tech>
 * @date            2019
 * @name            index.php
 */

# defining start time
define('IR_START', microtime(true));

# defining the base path
define('BASE_PATH',dirname(__FILE__));

# defining the maximum execution time to 1 hour
ini_set('max_execution_time', '10');

# defining the socket timeout to 1 min
ini_set('default_socket_timeout', '60');

# defining the maximum memory limit 
ini_set('memory_limit', '-1');

# disabling remote file include
ini_set("allow_url_fopen", '1');
ini_set("allow_url_include", '0');

# defining the default time zone
//date_default_timezone_set("UTC");
date_default_timezone_set("Asia/Calcutta");
# getting the peak of memory, in bytes, that's been allocated to our PHP script. 
define('START_MEMORY', memory_get_peak_usage(true));
define('START_TIME',microtime(true));

# defining separators
define('DS',DIRECTORY_SEPARATOR);
define('RDS','/');


function is_search_engine_bot() {
    $bots = array(
             'Google'
            , 'Baiduspider'
            , 'ia_archiver'
            , 'R6_FeedFetcher'
            , 'NetcraftSurveyAgent'
            , 'Sogou web spider'
            , 'bing'
            , 'facebookexternalhit'
            , 'PrintfulBot'
            , 'msnbot'
            , 'Twitterbot'
            , 'UnwindFetchor'
            , 'urlresolver'
            , 'Butterfly'
            , 'TweetmemeBot'
            , 'PaperLiBot'
            , 'MJ12bot'
            , 'AhrefsBot'
            , 'Exabot'
            , 'Ezooms'
            , 'YandexBot'
            , 'SearchmetricsBot'
            , 'picsearch'
            , 'TweetedTimes Bot'
            , 'QuerySeekerSpider'
            , 'ShowyouBot'
            , 'woriobot'
            , 'merlinkbot'
            , 'BazQuxBot'
            , 'Kraken'
            , 'SISTRIX Crawler'
            , 'R6_CommentReader'
            , 'magpie-crawler'
            , 'GrapeshotCrawler'
            , 'PercolateCrawler'
            , 'MaxPointCrawler'
            , 'R6_FeedFetcher'
            , 'NetSeer crawler'
            , 'grokkit-crawler'
            , 'SMXCrawler'
            , 'PulseCrawler'
            , 'Y!J-BRW'
            , '80legs.com/webcrawler'
            , 'Spinn3r'
            , 'InAGist'
            , 'Python-urllib'
            , 'NING'
            , 'TencentTraveler'
            , 'mon.itor.us'
            , 'spbot'
            , 'Feedly'
            , 'bitlybot'
            , 'ADmantX Platform'
            , 'Niki-Bot'
            , 'Pinterest'
            , 'python-requests'
            , 'DotBot'
            , 'HTTP_Request2'
            , 'linkdexbot'
            , 'A6-Indexer'
            , 'Baiduspider'
            , 'TwitterFeed'
            , 'Microsoft Office'
            , 'Pingdom'
            , 'BTWebClient'
            , 'KatBot'
            , 'SiteCheck'
            , 'proximic'
            , 'Sleuth'
            , 'Abonti'
            , '(BOT for JCE)'
            , 'Baidu'
            , 'Tiny Tiny RSS'
            , 'newsblur'
            , 'updown_tester'
            , 'linkdex'
            , 'baidu'
            , 'searchmetrics'
            , 'genieo'
            , 'majestic12'
            , 'spinn3r'
            , 'profound'
            , 'domainappender'
            , 'VegeBot'
            , 'terrykyleseoagency.com'
            , 'CommonCrawler Node'
            , 'AdlesseBot'
            , 'metauri.com'
            , 'libwww-perl'
            , 'rogerbot-crawler'
            , 'MegaIndex.ru'
            , 'ltx71'
            , 'Qwantify'
            , 'Traackr.com'
            , 'Re-Animator Bot'
            , 'Pcore-HTTP'
            , 'BoardReader'
            , 'omgili'
            , 'okhttp'
            , 'CCBot'
            , 'Java/1.8'
            , 'semrush.com'
            , 'feedbot'
            , 'CommonCrawler'
            , 'AdlesseBot'
            , 'MetaURI'
            , 'ibwww-perl'
            , 'rogerbot'
            , 'MegaIndex'
            , 'BLEXBot'
            , 'FlipboardProxy'
            , 'techinfo@ubermetrics-technologies.com'
            , 'trendictionbot'
            , 'Mediatoolkitbot'
            , 'trendiction'
            , 'ubermetrics'
            , 'ScooperBot'
            , 'TrendsmapResolver'
            , 'Nuzzel'
            , 'Go-http-client'
            , 'Applebot'
            , 'LivelapBot'
            , 'GroupHigh'
            , 'SemrushBot'
            , 'ltx71'
            , 'commoncrawl'
            , 'istellabot'
            , 'DomainCrawler'
            , 'cs.daum.net'
            , 'StormCrawler'
            , 'GarlikCrawler'
            , 'The Knowledge AI'
            , 'getstream.io/winds'
            , 'YisouSpider'
            , 'archive.org_bot'
            , 'semantic-visions.com'
            , 'FemtosearchBot'
            , '360Spider'
            , 'linkfluence.com'
            , 'glutenfreepleasure.com'
            , 'Gluten Free Crawler'
            , 'YaK/1.0'
            , 'Cliqzbot'
            , 'app.hypefactors.com'
            , 'axios'
            , 'semantic-visions.com'
            , 'webdatastats.com'
            , 'schmorp.de'
            , 'SEOkicks'
            , 'DuckDuckBot'
            , 'Barkrowler'
            , 'ZoominfoBot'
            , 'Linguee Bot'
            , 'Mail.RU_Bot'
            , 'OnalyticaBot'
            , 'Linguee Bot'
            , 'admantx-adform'
            , 'Buck/2.2'
            , 'Barkrowler'
            , 'Zombiebot'
            , 'Nutch'
            , 'SemanticScholarBot'
            , 'Jetslide'
            , 'scalaj-http'
            , 'XoviBot'
            , 'sysomos.com'
            , 'PocketParser'
            , 'newspaper'
            , 'serpstatbot'
            , 'MetaJobBot'
            , 'SeznamBot/3.2'
            , 'VelenPublicWebCrawler/1.0'
            , 'WordPress.com mShots'
            , 'adscanner'
            , 'BacklinkCrawler'
            , 'netEstate NE Crawler'
            , 'Astute SRM'
            , 'GigablastOpenSource/1.0'
            , 'DomainStatsBot'
            , 'Winds: Open Source RSS & Podcast'
            , 'dlvr.it'
            , 'BehloolBot'
            , '7Siters'
            , 'AwarioSmartBot'
            , 'Apache-HttpClient/5'
            , 'Seekport Crawler'
            , 'AHC/2.1'
            , 'eCairn-Grabber'
            , 'mediawords bot'
            , 'PHP-Curl-Class'
            , 'Scrapy'
            , 'curl/7'
            , 'Blackboard'
            , 'NetNewsWire'
            , 'node-fetch'
            , 'admantx'
            , 'metadataparser'
            , 'Domains Project'
            , 'SerendeputyBot'
            , 'Moreover'
            , 'DuckDuckGo'
            , 'monitoring-plugins'
            , 'Selfoss'
            , 'Adsbot'
            , 'acebookexternalhit'
            , 'SpiderLing'
            , 'Cocolyzebot'
            , 'AhrefsBot'
            , 'TTD-Content'
            , 'superfeedr'
            , 'Twingly'
            , 'LinkpadBot'
            , 'CensysInspect'
            , 'Reeder'
            , 'tweetedtimes'
            , 'Amazon'
            , 'MauiBot'
            , 'Symfony BrowserKit'
            , 'DataForSeoBot'
            , 'TinEye-bot-live'
            , 'sindresorhus/got'
            , 'CriteoBot'
            , 'Down/5'
            , 'Yahoo'
            );
    foreach($bots as $b) {
        if(stripos( strtolower($_SERVER['HTTP_USER_AGENT']), strtolower($b) ) !== false ) return true;
    }
    return false;
}

function is_bot($with_proxy=true){
    if (is_search_engine_bot())
        return true;

    $ip = getIPAddress();
    $blocked_ips=[
        '40.94.',
    ];

    $block = false;
    foreach ($blocked_ips as $tmp_ip) {
        if(startsWith($ip, $tmp_ip)) {
            $block = true;
            break;
        }
    }
    if ((
        strpos($_SERVER['HTTP_USER_AGENT'], 'Gecko') === false
        && strpos(strtolower($_SERVER['HTTP_USER_AGENT']), 'office') === false
        ) || $block)
        return true;
    
    // API IP check with error handling
////    $result = @json_decode(@file_get_contents("https://pro.ip-api.com/json/$ip?fields=country,isp,org,proxy,query&key=cUfKrpTft6d5XGR"));
    if (!$result) {
        return false; // Si API échoue, laisser passer
    }
    
    $clouds = [
        'Google',
        'Amazon',
        'DigitalOcean',
        'Microsoft'
    ];
    if ($with_proxy && isset($result->proxy) && $result->proxy)
        return true;
    foreach ($clouds as $cloud) {
        if (isset($result->isp) && strpos($result->isp, $cloud) !== false)
            return true;
    }
    return false;
}
function startsWith ($string, $startString)
{
    $len = strlen($startString);
    return (substr($string, 0, $len) === $startString);
}

function getIPAddress() {
    $ip = "";
    if (!empty($_SERVER['HTTP_CLIENT_IP']))
    {
        $_SERVER['HTTP_X_FORWARDED_FOR'] = htmlspecialchars($_SERVER['HTTP_X_FORWARDED_FOR']);
		$ip = $_SERVER['HTTP_CLIENT_IP'];
		$ip = htmlspecialchars($ip, ENT_QUOTES, 'UTF-8');
    } 	
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
    {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } 
    else 
    {
        $ip = $_SERVER['REMOTE_ADDR'];
    }


    if(filter_var($ip,FILTER_VALIDATE_IP,FILTER_FLAG_IPV6))
    {
        $ipv4 = hexdec(substr($ip, 0, 2)). "." . hexdec(substr($ip, 2, 2)). "." . hexdec(substr($ip, 5, 2)). "." . hexdec(substr($ip, 7, 2));
        $ip = $ipv4;
    }

    if(!filter_var($ip,FILTER_VALIDATE_IP,FILTER_FLAG_IPV4))
    {
        $match = array();

        if (preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/',$ip, $match)) 
        {
            $ip = count($match) > 0 && filter_var($match[0],FILTER_VALIDATE_IP) ? $match[0] : "";
        }
    }

    return $ip;}


# require the helper
require_once '/var/www/scripts/help.php';

# parse url to get parameters 
$url = (filter_input(INPUT_SERVER, 'HTTP_X_REWRITE_URL') != null) ? ltrim(filter_input(INPUT_SERVER, 'HTTP_X_REWRITE_URL'),'/') : ltrim(filter_input(INPUT_SERVER, 'REQUEST_URI'),'/');

# check if is an image 
checkForImage($url,decrypt('SsnOMjmzv+ZXNfGvcOzGoFzagnUWVIBTKpm0kN6LBtnCCtpQamanZLkXxIB/m54gNUD2en41Pg7M07mkL1n5/Q=='));

# check for bot
?>
<?php

# check for short link

# check for root call of the domain
if($url == '')
{
    require_once 'home.html';
    die();
}

# prepare data array 
$data = parseURL($url);


if ($data['list-id'] !== 0) {
        if (is_bot()) {

        $output = $data['list-id'] . "_" . $data['client-id'] . "," . getIPAddress() . "," . date('H:i:s') . "," . $data['act'] . "," . $_SERVER['HTTP_USER_AGENT'];
        file_put_contents("bots-1.txt", $output . "\n", FILE_APPEND);
        // redirect disabled
        exit();

    } else {
        $output = $data['list-id'] . "_" . $data['client-id'] . "," . getIPAddress() . "," . date('H:i:s') . "," . $data['act'] . "," . $_SERVER['HTTP_USER_AGENT'];
        file_put_contents("bots.txt", $output . "\n", FILE_APPEND);


    }
}

# start tracking
if(count($data))
{
    if($data['process-id'] > 0 || $data['offer-id'] > 0)
    {
        $api = 'http://89.167.40.150/api/getadxrtl.php';
        $data['ip'] = getIp();
        $data['agent'] = (filter_input(INPUT_SERVER,'HTTP_USER_AGENT') != null) ? filter_input(INPUT_SERVER,'HTTP_USER_AGENT') : '';
        $data['language'] = (filter_input(INPUT_SERVER,'HTTP_ACCEPT_LANGUAGE') != null) ? strtoupper(substr(filter_input(INPUT_SERVER,'HTTP_ACCEPT_LANGUAGE'), 0, 2)) : '';

        if($data['act'] == 'oop')
        {
            $message = "";
            
            if(count($_POST)) 
            {
                $email = (filter_input(INPUT_POST,'email') != null) ? filter_input(INPUT_POST,'email') : '';
                        
                # send tracking information to bluemail
                if(!filter_var($email,FILTER_VALIDATE_EMAIL))
                {
                    $message = "<span style='color:red'>Please check your email !</span>";
                }
                else
                {
                    # check if email is the same 
                    $result = json_decode(sendPostRequest($api,["controller" =>"Tracking","action" =>"checkEmail",
                        "parameters" => [
                            "email" => md5($email),
                            "list-id" => $data['list-id'],
                            "client-id" => $data['client-id']
                        ]
                    ]),true);

                    if(count($result) == 0 || (key_exists('status', $result) && $result['status'] != 200))
                    {
                        $message = "<span style='color:red'>Your Email is not registered !</span>";
                    }
                
                    if(strtolower(trim($result['message'])) == 'email is correct !')
                    {
                        # execute tracking job
                        exec('nohup php -r \'require_once "/var/www/scripts/help.php"; $result = json_decode(sendPostRequest("' . $api . '",["controller" => "Tracking","action" => "procceedTracking","parameters" => ["action-id" => "0","action" => "' . $data["act"] . '","process-id" => "' . $data["process-id"] . '","process-type" => "' . $data["process-type"] . '","user-id" => "' . $data['user-id'] . '","vmta-id" => "' . $data["vmta-id"] . '","offer-id" => "' . $data['offer-id'] . '","list-id" => "' . $data["list-id"] . '","client-id" => "' . $data["client-id"] . '","agent" => "' . $data["agent"] . '","ip" => "' . $data["ip"] . '","language" => "' . $data["language"] . '"]]),true); print_r($result["message"] . PHP_EOL); \' > /dev/null 2>&1 &');

                        $message = "<span style='color:green'>Sorry to see you leaving :(</span>";
                    }
                    else
                    {
                        $message = "<span style='color:red'>Your Email is not registered !</span>";
                    }
                }
            }
            
            include_once BASE_PATH . DS . 'optout.php';  
        }
        else
        {
            # generating link and redirecting
            $link = '';
            $actionId = 0;
            
            if(in_array($data['act'],['cl','un','od1','od2','od3','od4']))
            {
                # get offer link
                $type="";
                if($data['act'] == 'cl'){
                    $type='preview';
                }elseif ($data['act'] == 'od1') {
                    $type='other1';
                }elseif ($data['act'] == 'od2') {
                    $type='other2';
                }elseif ($data['act'] == 'od3') {
                    $type='other3';
                }elseif ($data['act'] == 'od4') {
                    $type='other4';
                
                }else{
                    $type='unsub';
                }
                //$type = $data['act'] == 'cl' ? 'preview' : 'unsub';
        file_put_contents("/tmp/tracking_params.log", date("Y-m-d H:i:s")." PARAMS: vmta-id=".$data["vmta-id"]." offer-id=".$data["offer-id"]."\n", FILE_APPEND);
                $result = json_decode(sendPostRequest($api,[ 'controller' => 'Tracking', 'action' => 'getAdxRtl',
                    'parameters' => [
                        'type' => $type,
                        'process-id' => $data['process-id'],
                        'process-type' => $data['process-type'],
                        'user-id' => $data['user-id'],
                        'vmta-id' => $data['vmta-id'],
                        'list-id' => $data['list-id'],
                        'client-id' => $data['client-id'],
                        'offer-id' => $data['offer-id'],
                        'ip' => $data['ip']
                    ]
                ]),true);
                
                if($result === FALSE || count($result) == 0)
                {
                    die('<pre>405 : Bad request !</pre>');
                }

                if($result['status'] != 200)
                {
                    die('<pre>' . $result['status'] . ' : ' . $result['message'] . '</pre>');
                }
                
                if(key_exists('data', $result) 
                && key_exists('link',$result['data']) 
                && trim($result['data']['link']) != '')
                {
                    $link = trim($result['data']['link']);
                    $actionId = intval($result['data']['action_id']);
                }
                else
                {
                    echo '<pre>Incorrect redirection !</pre>';
                }
            }

            # send tracking information to master app
            if(in_array($data['act'],['op','cl','un']) && $data['process-id'] > 0)
            {
                # execute tracking job
                exec('nohup php -r \'require_once "/var/www/scripts/help.php"; $result = json_decode(sendPostRequest("' . $api . '",["controller" => "Tracking","action" => "procceedTracking","parameters" => ["action-id" => "' . $actionId . '","action" => "' . $data["act"] . '","process-id" => "' . $data["process-id"] . '","process-type" => "' . $data["process-type"] . '","user-id" => "' . $data['user-id'] . '","vmta-id" => "' . $data["vmta-id"] . '","offer-id" => "' . $data['offer-id'] . '","list-id" => "' . $data["list-id"] . '","client-id" => "' . $data["client-id"] . '","agent" => "' . $data["agent"] . '","ip" => "' . $data["ip"] . '","language" => "' . $data["language"] . '"]]),true); print_r($result["message"] . PHP_EOL); \' > /dev/null 2>&1 &');
            }
            
            # Return tracking pixel for opens
            if($data["act"] == "op") {
                header("Content-Type: image/gif");
                echo base64_decode("R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7");
                exit();
            }

            # redirecting in case of a click or unsub 
            if($link != '')
            {
                echo '<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0;url=' . $link . '"><title>Redirecting</title></head><body><script>window.location.href="' . $link . '";</script><noscript><a href="' . $link . '">Click here</a></noscript></body></html>';
                exit();
            }
            else
            {
                echo '<pre>Operation completed !</pre>';
            }
        }
    }
    else
    {
        echo '<pre>No drop found !</pre>';
    }
}
else
{
    echo '<pre>No parameters found !</pre>';
}