Rev 13 | Blame | Last modification | View Log | RSS feed
<?php
if ($_SERVER["SERVER_NAME"] == "www.findcheapmusic.com") {
header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
header("X-Content-Type-Options: nosniff");
header("X-XSS-Protection: 1; mode=block");
header("Access-Control-Allow-Origin: *");
header("Referrer-Policy: no-referrer");
header("X-Frame-Options: SAMEORIGIN");
header("Set-Cookie: ^(.*)$ $1;HttpOnly;Secure");
header("Content-Security-Policy: default-src 'none'; img-src 'self'; script-src 'unsafe-inline'; style-src 'unsafe-inline';frame-ancestors 'self'");
}
if (isset($_GET["target"])) {
$location = base64_decode($_GET["target"]);
saveRedirect();
printHeader();
printMessage($location);
printFooter();
saveRedirect();
session_commit();
echo '<script type="text/javascript">setTimeout( function() { location.href="' . $location . '"; }, 250);</script>';
exit;
} else {
header("Location: https://www.findcheapmusic.com/index.php");
exit;
}
function printHeader() {
echo '<!DOCTYPE html>';
echo '<html lang="en">';
echo '<head>';
echo ' <title>FindCheapMusic Transfer Page</title>';
echo ' <meta charset="UTF-8">';
echo ' <meta name="viewport" content="width=device-width, initial-scale=1.0">';
echo ' <style>';
echo ' html, body { margin: 0; padding: 0; width: 100%; height: 100%; display: table; }';
echo ' #content { display: table-cell; text-align: center; vertical-align: middle; }';
echo ' </style>';
echo '</head>';
echo '<body>';
echo ' <div id="content">';
}
function printMessage($location) {
echo '<h1>FindCheapMusic Transfer Page</h1>';
echo '<p>You are now leaving FindCheapMusic.com. <a href="' . $location . '">Press here</a> if the page doesn\'t load.';
}
function printFooter() {
echo ' </div>';
echo '</body>';
echo '</html>';
echo '';
}
function saveRedirect() {
include_once('php/sessions_db.php');
include_once('php/cryptor.php');
$configFile = parse_ini_file("../MyFiles/config/cheapmusic.ini",true);
$crypt = Cryptor::getInstance($configFile['cryptor']);
$tmpSessionTab = (isset($_POST["sessionTab"]) && $_POST["sessionTab"] > 0 ? $_POST["sessionTab"] : null);
$handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);
unset($configFile);
ini_set("session.cookie_httponly", 1);
ini_set("session.cookie_secure", 1);
session_set_save_handler($handler, true);
@session_start();
$_sess_db = $handler->getDBSessionId();
$access = mysqli_real_escape_string($_sess_db, time());
$url = mysqli_real_escape_string($_sess_db, base64_decode($_GET["target"]));
$sql = "INSERT
INTO transfers
(sessId, access, url)
VALUES ('" . session_id() . "', '$access', '$url')";
return mysqli_query($_sess_db, $sql);
}
?>