| 2 |
- |
1 |
<?php
|
|
|
2 |
if ($_SERVER["SERVER_NAME"] == "www.findcheapmusic.com") {
|
|
|
3 |
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
|
|
|
4 |
header("X-Content-Type-Options: nosniff");
|
|
|
5 |
header("X-XSS-Protection: 1; mode=block");
|
|
|
6 |
header("Access-Control-Allow-Origin: *");
|
|
|
7 |
header("Referrer-Policy: no-referrer");
|
|
|
8 |
header("X-Frame-Options: SAMEORIGIN");
|
|
|
9 |
header("Set-Cookie: ^(.*)$ $1;HttpOnly;Secure");
|
|
|
10 |
header("Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'unsafe-inline'; style-src 'unsafe-inline';frame-ancestors 'self'");
|
|
|
11 |
}
|
|
|
12 |
|
|
|
13 |
if (isset($_GET["target"])) {
|
|
|
14 |
|
|
|
15 |
$location = base64_decode($_GET["target"]);
|
|
|
16 |
|
| 9 |
- |
17 |
saveRedirect();
|
| 2 |
- |
18 |
printHeader();
|
|
|
19 |
printMessage($location);
|
|
|
20 |
printFooter();
|
| 9 |
- |
21 |
saveRedirect();
|
| 14 |
- |
22 |
session_commit();
|
| 2 |
- |
23 |
|
|
|
24 |
echo '<script type="text/javascript">setTimeout( function() { location.href="' . $location . '"; }, 250);</script>';
|
|
|
25 |
|
|
|
26 |
exit;
|
|
|
27 |
|
|
|
28 |
} else {
|
|
|
29 |
|
|
|
30 |
header("Location: https://www.findcheapmusic.com/index.php");
|
|
|
31 |
|
|
|
32 |
exit;
|
|
|
33 |
|
|
|
34 |
}
|
|
|
35 |
|
|
|
36 |
function printHeader() {
|
|
|
37 |
echo '<!DOCTYPE html>';
|
|
|
38 |
echo '<html lang="en">';
|
|
|
39 |
echo '<head>';
|
| 9 |
- |
40 |
echo ' <title>FindCheapMusic Transfer Page</title>';
|
| 2 |
- |
41 |
echo ' <meta charset="UTF-8">';
|
|
|
42 |
echo ' <meta name="viewport" content="width=device-width, initial-scale=1.0">';
|
|
|
43 |
echo ' <style>';
|
|
|
44 |
echo ' html, body { margin: 0; padding: 0; width: 100%; height: 100%; display: table; }';
|
|
|
45 |
echo ' #content { display: table-cell; text-align: center; vertical-align: middle; }';
|
|
|
46 |
echo ' </style>';
|
|
|
47 |
echo '</head>';
|
|
|
48 |
echo '<body>';
|
|
|
49 |
echo ' <div id="content">';
|
|
|
50 |
}
|
|
|
51 |
|
|
|
52 |
function printMessage($location) {
|
| 9 |
- |
53 |
echo '<h1>FindCheapMusic Transfer Page</h1>';
|
|
|
54 |
echo '<p>You are now leaving FindCheapMusic.com. <a href="' . $location . '">Press here</a> if the page doesn\'t load.';
|
| 2 |
- |
55 |
}
|
|
|
56 |
|
|
|
57 |
function printFooter() {
|
|
|
58 |
echo ' </div>';
|
|
|
59 |
echo '</body>';
|
|
|
60 |
echo '</html>';
|
|
|
61 |
echo '';
|
|
|
62 |
}
|
| 9 |
- |
63 |
|
|
|
64 |
function saveRedirect() {
|
|
|
65 |
include_once('php/sessions_db.php');
|
|
|
66 |
include_once('php/cryptor.php');
|
|
|
67 |
|
|
|
68 |
$configFile = parse_ini_file("../MyFiles/config/cheapmusic.ini",true);
|
|
|
69 |
$crypt = Cryptor::getInstance($configFile['cryptor']);
|
|
|
70 |
$tmpSessionTab = (isset($_POST["sessionTab"]) && $_POST["sessionTab"] > 0 ? $_POST["sessionTab"] : null);
|
|
|
71 |
$handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);
|
|
|
72 |
unset($configFile);
|
|
|
73 |
|
|
|
74 |
ini_set("session.cookie_httponly", 1);
|
|
|
75 |
ini_set("session.cookie_secure", 1);
|
|
|
76 |
session_set_save_handler($handler, true);
|
| 11 |
- |
77 |
@session_start();
|
| 9 |
- |
78 |
|
|
|
79 |
$_sess_db = $handler->getDBSessionId();
|
|
|
80 |
|
|
|
81 |
$access = mysqli_real_escape_string($_sess_db, time());
|
|
|
82 |
$url = mysqli_real_escape_string($_sess_db, base64_decode($_GET["target"]));
|
|
|
83 |
|
|
|
84 |
$sql = "INSERT
|
|
|
85 |
INTO transfers
|
|
|
86 |
(sessId, access, url)
|
|
|
87 |
VALUES ('" . session_id() . "', '$access', '$url')";
|
|
|
88 |
|
|
|
89 |
return mysqli_query($_sess_db, $sql);
|
|
|
90 |
}
|
| 2 |
- |
91 |
?>
|