Something went wrong. Contact support"; if(!empty($_GET['utm_allow_geo']) && preg_match('#^[a-zA-Z]{2}(-|$)#',$_GET['utm_allow_geo'])) $CLOAKING['ALLOW_GEO']=$_GET['utm_allow_geo']; if(empty($CLOAKING['PARANOID'])) $CLOAKING['PARANOID']=''; if(empty($CLOAKING['ALLOW_GEO'])) $CLOAKING['ALLOW_GEO']=''; if(empty($CLOAKING['BLOCK_GEO'])) $CLOAKING['BLOCK_GEO']=''; if(empty($CLOAKING['HTACCESS_FIX'])) $CLOAKING['HTACCESS_FIX']=''; if(empty($CLOAKING['DISABLE_CACHE'])) $CLOAKING['DISABLE_CACHE']=''; else { setcookie("euConsent", 'true'); setcookie("BC_GDPR", time()); header( "Cache-control: private, max-age=0, no-cache, no-store, must-revalidate, s-maxage=0" ); header( "Pragma: no-cache" ); header( "Expires: ".date('D, d M Y H:i:s',rand(1560500925,1571559523))." GMT"); } if(!empty($_REQUEST['cloaking']) && ($CLOAKING['STEALTH']=='off' || $CLOAKING['DEBUG_MODE'] == 'on' || (!empty($_REQUEST['key']) && $_REQUEST['key']==$CLOAKING['API_SECRET_KEY'])) ) { ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); if ($_REQUEST['cloaking'] == 'stat' || $_REQUEST['cloaking'] == 'stats') { if(empty($CLOAKING['API_SECRET_KEY'])||strlen($CLOAKING['API_SECRET_KEY'])<16) { echo 'Error: secret API key is missing !
Put the API key (you can find it in the email) to line #'.cloakedEditor("\$CLOAKING['API_SECRET_KEY']").' so that it looks like:
$CLOAKING[\'API_SECRET_KEY\'] = \'put your API key here\';
'.$errorContactMessage; die(); } setcookie("hideclick", 'ignore', time()+604800); if(!empty($_SERVER['HTTP_HOST'])) $host=$_SERVER['HTTP_HOST']; else if(!empty($_SERVER['Host'])) $host=$_SERVER['Host']; else if(!empty($_SERVER['host'])) $host=$_SERVER['host']; else if(!empty($_SERVER[':authority'])) $host=$_SERVER[':authority']; else $host=''; if(!empty($_SERVER['REQUEST_URI'])) $host.=$_SERVER['REQUEST_URI']; if(stristr($host,'?')) $host=substr(0,strpos($host,'?')); if(substr($host,0,4)=='www.') $host=substr($host,4); $domainStat=''; if(!empty($_REQUEST['domain'])) $domainStat.='&domain='.$_REQUEST['domain']; if(!empty($_REQUEST['date2'])) $domainStat.='&date2='.$_REQUEST['date2'];//timestamp else $domainStat.='&date2='.time(); if(!empty($_REQUEST['date1'])) $domainStat.='&date1='.$_REQUEST['date1'];//timestamp else $domainStat.='&date1='.(time()-604800); if (!function_exists('curl_init')) $statistic = file_get_contents('https://hideapi.xyz/newstat?api=' . $CLOAKING['API_SECRET_KEY'] . '&lang=ru&sign=9237146621611f1608833559&version='.$CLOAKING['VERSION'].'&js=false&cache='.$CLOAKING['DISABLE_CACHE'].'&geo=' . urlencode($CLOAKING['ALLOW_GEO']) . '&blockgeo=' . urlencode($CLOAKING['BLOCK_GEO']) . '¶noid=' . $CLOAKING['PARANOID'] . '&allowvpn=' . $CLOAKING['ALLOW_VPN'] . '&host=' . urlencode($host) . '&white=' . urlencode($CLOAKING['WHITE_PAGE']) . '&offer=' . urlencode($CLOAKING['OFFER_PAGE']).$domainStat, 'r', stream_context_create(array('http' => array('method' => 'GET', 'timeout' => 45), 'ssl'=>array('verify_peer'=>false,'verify_peer_name'=>false,) )) ); else $statistic = cloakedCurl('https://hideapi.xyz/newstat?api=' . $CLOAKING['API_SECRET_KEY'] . '&lang=ru&sign=9237146621611f1608833559&version='.$CLOAKING['VERSION'].'&js=false&cache='.$CLOAKING['DISABLE_CACHE'].'&geo=' . urlencode($CLOAKING['ALLOW_GEO']) . '&blockgeo=' . urlencode($CLOAKING['BLOCK_GEO']) . '¶noid=' . $CLOAKING['PARANOID'] . '&allowvpn=' . $CLOAKING['ALLOW_VPN'] . '&host=' . urlencode($host) . '&white=' . urlencode($CLOAKING['WHITE_PAGE']) . '&offer=' . urlencode($CLOAKING['OFFER_PAGE']).$domainStat); echo $statistic; if (empty($statistic)) echo "".$errorContactMessage; } else if ($_REQUEST['cloaking'] == 'white') cloakedWhitePage($CLOAKING['WHITE_PAGE'],$CLOAKING['WHITE_METHOD']); else if ($_REQUEST['cloaking'] == 'offer') cloakedOfferPage($CLOAKING['OFFER_PAGE'],$CLOAKING['OFFER_METHOD']); else if ($_REQUEST['cloaking'] == 'debug') {phpinfo();print_r(debug_backtrace ());$CLOAKING['API_SECRET_KEY']=1;print_r($CLOAKING);die();} else if ($_REQUEST['cloaking'] == 'test') { if (!function_exists('curl_init')) { echo "
CURL not found
\n"; $http_response_header = array(); echo "HTTP domain"; $statistic = file_get_contents('http://api.hideapi.xyz/status', 'r', stream_context_create(array('ssl' => array('verify_peer' => false, 'verify_peer_name' => false,), 'http' => array('method' => 'POST', 'timeout' => 5, 'header' => "Content-type: application/x-www-form-urlencoded\r\n" . "Content-Length: 4\r\n", 'content' => 'ping')))); print_r($http_response_header); echo "
\n"; print_r($statistic); echo "
\n"; $http_response_header = array(); echo "HTTPS domain\n"; $statistic = file_get_contents('https://hideapi.xyz/status', 'r', stream_context_create(array('ssl' => array('verify_peer' => false, 'verify_peer_name' => false,), 'http' => array('method' => 'POST', 'timeout' => 5, 'header' => "Content-type: application/x-www-form-urlencoded\r\n" . "Content-Length: 4\r\n", 'content' => 'ping')))); print_r($http_response_header); echo "
\n"; print_r($statistic); echo "
\n"; } else { $body = 'ping'; echo "
using CURL
\n"; $ch = curl_init(); echo "HTTP domain"; curl_setopt($ch, CURLOPT_URL,'http://api.hideapi.xyz/status'); if(!empty($body)) {curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, "$body");} if(!empty($returnHeaders)) curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $r = @curl_exec($ch); $info = curl_getinfo($ch); print_r($info); echo "
\n"; curl_close ($ch); echo "$r
\n"; $ch = curl_init(); echo "HTTPS domain"; curl_setopt($ch, CURLOPT_URL,'https://hideapi.xyz/status'); if(!empty($body)) {curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, "$body");} if(!empty($returnHeaders)) curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $r = @curl_exec($ch); $info = curl_getinfo($ch); print_r($info); echo "
\n"; curl_close ($ch); echo "$r
\n"; } } else if ($_REQUEST['cloaking'] == 'time') { header( "Cache-control: public, max-age=999999, s-maxage=999999" ); header( "Expires: Wed, 21 Oct 2025 07:28:00 GMT" ); echo str_replace(" ","",rand(1,10000).microtime().rand(1,100000)); } die(); } else if($CLOAKING['DEBUG_MODE'] == 'on'){ set_time_limit(5); ini_set('max_execution_time',5); ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); $error=0; setcookie("hideclick", 'ignore', time()+604800); // don't use $_SERVER["REDIRECT_URL"], as there is servers that use it without redirect if(!empty($_GET) || !empty($_POST) || ($_SERVER["SCRIPT_NAME"]!=$_SERVER["REQUEST_URI"] && $_SERVER["REQUEST_URI"]!=str_replace("index.php","",$_SERVER["SCRIPT_NAME"]))) { echo "Error with rewrite engine.".$errorContactMessage; die(); } echo 'Congratulations.
Literally in a moment you can increase your ROI.

First, make sure that everything is configured correctly:
'; if(is_file($CLOAKING['WHITE_PAGE'])) echo '✔ WHITE_PAGE - ok. Click here to check the WHITE_PAGE.
'; else if(strstr($CLOAKING['WHITE_PAGE'],'://')) echo '⚠ To reduce the likelihood of a ban, we recommend using local WHITE_PAGE (page located on your website)! If you still want to use the current settings, click here to check the WHITE_PAGE.
'; else {echo '❌ WHITE_PAGE - error! Change the value in line #'.cloakedEditor("\$CLOAKING['WHITE_PAGE']").' to the page that will be displayed to bots

';$error=1;} if(is_file($CLOAKING['OFFER_PAGE']) && ($CLOAKING['OFFER_PAGE']=='index.htm' || $CLOAKING['OFFER_PAGE']=='index.html' || $CLOAKING['OFFER_PAGE']=='index.php' )) {echo '⚠ To reduce the likelihood of a ban, rename OFFER_PAGE (for example, offer.php instead of '.$CLOAKING['OFFER_PAGE'].') and put new name in line #'.cloakedEditor("\$CLOAKING['OFFER_PAGE']").'
';} else if(is_file($CLOAKING['OFFER_PAGE']) || strstr($CLOAKING['OFFER_PAGE'],'://')) echo '✔ OFFER_PAGE - ok. Click to check the OFFER_PAGE.
'; else {echo '❌ OFFER_PAGE - error! Change the value in line #'.cloakedEditor("\$CLOAKING['OFFER_PAGE']").' to the page that will be displayed to targeted users

';$error=1;} $CLOAKINGdata='{}'; if(!function_exists('curl_init')) $CLOAKING['STATUS'] = @file_get_contents('http://api.hideapi.xyz/basic?ip=1.1.1.1&port=1111&key='.$CLOAKING['API_SECRET_KEY'].'&sign=9237146621611f1608833559&version='.$CLOAKING['VERSION'].'&curl=false&js=false&cache='.$CLOAKING['DISABLE_CACHE'].'&htaccess='.$CLOAKING['HTACCESS_FIX'] , 'r', stream_context_create(array('ssl'=>array('verify_peer'=>false,'verify_peer_name'=>false,), 'http' => array('method' => 'POST', 'timeout' => 5, 'header'=> "Content-type: application/x-www-form-urlencoded\r\n". "Content-Length: ".strlen($CLOAKINGdata). "\r\n", 'content' => $CLOAKINGdata)))); else $CLOAKING['STATUS'] = @cloakedCurl('http://api.hideapi.xyz/basic?ip=1.1.1.1&port=1111&key='.$CLOAKING['API_SECRET_KEY'].'&sign=9237146621611f1608833559&version='.$CLOAKING['VERSION'].'&curl=true&js=false&cache='.$CLOAKING['DISABLE_CACHE'].'&htaccess='.$CLOAKING['HTACCESS_FIX'], $CLOAKINGdata); if(!$CLOAKING['STATUS'] || stristr($CLOAKING['STATUS'],'error')){ echo '❌ PHP configuration error. Contact your hosting support and ask them to enable CURL in PHP.
'; $error=1; } if(stristr($CLOAKING['STATUS'],'payment')||stristr($CLOAKING['STATUS'],'expired')){ echo '❌ Your secret API key has expired or blocked due terms violation. Contact support to extend the service!
'; $error=1; } $CLOAKING['STATUS'] = json_decode($CLOAKING['STATUS'], true); if(empty($CLOAKING['STATUS']) || empty($CLOAKING['STATUS']['action'])){ echo '❌ Network error. Your hosting provider might be using some kind of firewall or resource limiter that will result in excessive traffic loss. It can\'t be fixed on our side. You need a different hosting. Contact us if you have any questions.

'; $error=1; } $CLOAKINGdata = array(); if (function_exists("getallheaders")) $CLOAKINGdata = getallheaders(); else foreach($_SERVER as $k=> $v){ if (substr($k, 0, 5) == 'HTTP_') $CLOAKINGdata[$k] = $v; } $CLOAKINGdata['path']=$_SERVER["REQUEST_URI"]; $CLOAKINGdata['REQUEST_METHOD']=$_SERVER['REQUEST_METHOD']; if( $_SERVER["SERVER_PORT"]==443 || !empty($_SERVER['HTTPS']) || !empty($_SERVER['SSL']) ) $CLOAKINGdata['HTTP_HTTPS']='1'; $CLOAKINGdata = json_encode($CLOAKINGdata); if(!function_exists('curl_init')) $CLOAKING['STATUS'] = @file_get_contents('http://api.hideapi.xyz/basic?ip='.$_SERVER["REMOTE_ADDR"].'&port='.$_SERVER["REMOTE_PORT"].'&banReason='.$CLOAKING['banReason'].'&key='.$CLOAKING['API_SECRET_KEY'].'&sign=9237146621611f1608833559&version='.$CLOAKING['VERSION'].$CLOAKING['WHITE_METHOD'].'.'.$CLOAKING['OFFER_METHOD'].'&js=false&cache='.$CLOAKING['DISABLE_CACHE'].'&geo='.preg_replace('#[^a-zA-Z,]+#',',',$CLOAKING['ALLOW_GEO']).'&blockgeo=' . urlencode($CLOAKING['BLOCK_GEO']) .'¶noid='.$CLOAKING['PARANOID'] . '&allowvpn=' . $CLOAKING['ALLOW_VPN'].'&white='.urlencode($CLOAKING['WHITE_PAGE']).'&offer='.urlencode($CLOAKING['OFFER_PAGE']) , 'r', stream_context_create(array('ssl'=>array('verify_peer'=>false,'verify_peer_name'=>false,), 'http' => array('method' => 'POST', 'timeout' => 5, 'header'=> "Content-type: application/x-www-form-urlencoded\r\n". "Content-Length: ".strlen($CLOAKINGdata). "\r\n", 'content' => $CLOAKINGdata)))); else $CLOAKING['STATUS'] = @cloakedCurl('http://api.hideapi.xyz/basic?ip='.$_SERVER["REMOTE_ADDR"].'&port='.$_SERVER["REMOTE_PORT"].'&banReason='.$CLOAKING['banReason'].'&key='.$CLOAKING['API_SECRET_KEY'].'&sign=9237146621611f1608833559&version='.$CLOAKING['VERSION'].$CLOAKING['WHITE_METHOD'].'.'.$CLOAKING['OFFER_METHOD'].'&js=false&cache='.$CLOAKING['DISABLE_CACHE'].'&geo='.preg_replace('#[^a-zA-Z,]+#',',',$CLOAKING['ALLOW_GEO']).'&blockgeo=' . urlencode($CLOAKING['BLOCK_GEO']) .'¶noid='.$CLOAKING['PARANOID'] . '&allowvpn=' . $CLOAKING['ALLOW_VPN'].'&white='.urlencode($CLOAKING['WHITE_PAGE']).'&offer='.urlencode($CLOAKING['OFFER_PAGE']), $CLOAKINGdata); $CLOAKING['STATUS'] = json_decode($CLOAKING['STATUS'], true); if(empty($CLOAKING['STATUS']) || empty($CLOAKING['STATUS']['action'])){ echo '❌ Bad network! Your hosting provider might be using some kind of firewall or resource limiter that will result in excessive traffic loss. It can\'t be fixed on our side. You need a different hosting. Contact us if you have any questions.

'; $error=1; } if($CLOAKING['STATUS']['action']!='allow') { // echo '⚠ We do not recommend using VPN, anonymizers, privacy plugins or antidetect browsers during the setup process

'; echo '⚠ You may not see the offer if you are using VPN/proxy/developer_extensions/privacy_plugins/antidetect_browsers or other security tools during the setup process. Use standart browser and local/WiFi/mobile coonection to check offer page

'; } // Needed to check if cache is using $testUrl= ( $_SERVER["SERVER_PORT"]==443 || (!empty($_SERVER['HTTP_CF_VISITOR']) && stristr($_SERVER['HTTP_CF_VISITOR'],'https')) || (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO']=='https') || !empty($_SERVER['HTTPS']) ) ? 'https://' : 'http://'; // There's some bugs with CDN if using $_SERVER['HTTP_HOST'], so use $_SERVER["SERVER_NAME"] instead! $queryBug=strpos($_SERVER["REQUEST_URI"],'?'); if(empty($_SERVER["SERVER_NAME"]) || $_SERVER["SERVER_NAME"] == '_' || $_SERVER["SERVER_NAME"] == 'localhost') $_SERVER["SERVER_NAME"] = $_SERVER["HTTP_HOST"]; if($queryBug>0) $testUrl.=$_SERVER["SERVER_NAME"].substr($_SERVER["REQUEST_URI"],0,$queryBug).'?cloaking=time'; else $testUrl.=$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"].'?cloaking=time'; $http_response_header=array(); $static1 = !function_exists('curl_init') ? file_get_contents($testUrl,'r', stream_context_create(array('http' => array('method' => 'GET', 'timeout' => 5), 'ssl'=>array('verify_peer'=>false,'verify_peer_name'=>false,))) ) : cloakedCurl($testUrl); $static2 = !function_exists('curl_init') ? file_get_contents($testUrl,'r', stream_context_create(array('http' => array('method' => 'GET', 'timeout' => 5), 'ssl'=>array('verify_peer'=>false,'verify_peer_name'=>false,))) ) : cloakedCurl($testUrl); $static3 = !function_exists('curl_init') ? implode("\n",$http_response_header) : cloakedCurl($testUrl,'',true); // Set-Cookie vs empty($CLOAKING['DISABLE_CACHE']) || !empty($CLOAKING['DISABLE_CACHE']) ??? // x-cache-enabled: True // x-proxy-cache: HIT if(preg_match('#Proxy|Microcachable#i',$static3) || (empty($CLOAKING['DISABLE_CACHE']) && preg_match('#Set-Cookie#i', $static3) && !strstr($static3, '__cfduid=')) ){ echo '❌ Bad server configuration. Contact us. We will help.

'; } else if($static1>0 && $static2>0 && $static1<=100000 && $static2<=100000 && $static1!=$static2) {} else if(empty($static1)||empty($static2)) { echo '❌ Bad server configuration. Contact us. We will try to help.

'; $error=1; } else if(empty($CLOAKING['DISABLE_CACHE'])) { echo '❌ Bad server configuration. Remove // at the beginning of a line #'.cloakedEditor("\$CLOAKING['DISABLE_CACHE']").' to activate "DISABLE_CACHE" mode.


'; $error=1; } if(preg_match('#x-cache-enabled.*True#i',$static3)) { echo '❌ Bad server. The current server caches the results, which will lead to large traffic losses and a high probability of being banned. It can\'t be fixed on our side. You need a different hosting. Contact us if you have any questions.

'; $error=1; } // else if(!empty($CLOAKING['DISABLE_CACHE'])) { // echo '❌ Bad server configuration. Ask hosting support to turn off caching (or move website to another hosting).

'; // $error=1; // } if(preg_match('#[^A-Za-z ,]+#',$CLOAKING['ALLOW_GEO'])) { echo '❌ Geo filter is not configured correctly. Only letters A-Z (2x country codes) and commas can be used at line #'.cloakedEditor("\$CLOAKING['ALLOW_GEO']").'.

'; $error=1; } if(preg_match('#[^A-Za-z ,]+#',$CLOAKING['BLOCK_GEO'])) { echo '❌ Blocked Geo filter is not configured correctly. Only letters A-Z (2x country codes) and commas can be used at line #'.cloakedEditor("\$CLOAKING['BLOCK_GEO']").'.

'; $error=1; } if($CLOAKING['DELAY_START']) { file_put_contents('dummyCounter.txt',''); if(!is_file('dummyCounter.txt')) { echo '❌ In order DELAY_START filter to work you need to create a file dummyCounter.txt in the directory '.getcwd().'. Make sure that the file is writable.
'; $error = 1; } else if(!is_writable('dummyCounter.txt')){ echo '❌ Make sure that the dummyCounter.txt file located in '.getcwd().' is writable.
'; $error = 1; } } if($error) { echo "
Correct the errors and reload the page.

Do you need some help? Write to us in telegram: @hideclick";die(); } if(empty($CLOAKING['ALLOW_GEO'])) echo '✔ Geo filtering is turned off. Put the two-letters country codes of allowed countries at the line #'.cloakedEditor("\$CLOAKING['ALLOW_GEO']").'.

'; else echo '✔ Geo filtering is turned on. All countries except '.$CLOAKING['ALLOW_GEO'].' will get white page. You can change two-letters country codes of allowed countries at the line #'.cloakedEditor("\$CLOAKING['ALLOW_GEO']").'

'; echo '✔ Click here to open the statistics page. Bookmark it for future reference.

'; if(!empty($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['SERVER_ADDR'])) { if($_SERVER['REMOTE_ADDR']==$_SERVER['SERVER_ADDR'] && empty($_SERVER['HTTP_CF_RAY']) && empty($_SERVER['HTTP_X_REAL_IP']) && empty($_SERVER['HTTP_X_FORWARDED_FOR'])){ echo '❌ looks like your server falsify the user\'s IP address. Probably you need a different hosting. Contact us if you have any questions.
'; } else if(preg_match('#^[a-fA-F0-9]+[:.]+[a-fA-F0-9]+[:.]+[a-fA-F0-9]+[:.]+#',$_SERVER['REMOTE_ADDR'],$cid)) { if(stristr('#'.$_SERVER['SERVER_ADDR'],'#'.$cid[0])) echo '❌ looks like your server falsify the user\'s IP address. You need a different hosting. Contact us if you have any questions.
'; } } if(empty($_SERVER['HTTP_CF_RAY']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_REAL_IP']) && !empty($_SERVER['REMOTE_ADDR']) && !empty($_SERVER['SERVER_ADDR']) && $_SERVER['HTTP_X_FORWARDED_FOR']==$_SERVER['HTTP_X_REAL_IP'] && $_SERVER['HTTP_X_REAL_IP']!=$_SERVER['REMOTE_ADDR'] && $_SERVER['REMOTE_ADDR']!=$_SERVER['SERVER_ADDR']) { echo '❌ It looks like your server falsify the user IP address. Contact us via telegram: @HideClick to make sure everything is working correctly.
'; } echo 'Excellent. Setup completed.
In the future, you can use this file for any number of domains. There is no need to repeat this process on this hosting.

'; echo 'Last step:
If everything works without errors, turn off the DEBUG_MODE by changing the value in line #'.cloakedEditor("\$CLOAKING['DEBUG_MODE']").' to off.

'; echo 'After that, the script will start working in production mode and instead of this page you will see offer page or white page (depends on settings).

'; echo 'Important!
WHITE_PAGE MUST COMPLETELY COMPLY WITH THE ADVERTISING NETWORK RULES!

Do you need more information on how to make the right white page? Contact us in telegram: @HideClick.'; die(); } else { } if(empty($CLOAKING['WHITE_PAGE']) || (!strstr($CLOAKING['WHITE_PAGE'],'://') && !is_file($CLOAKING['WHITE_PAGE']))){ echo "ERROR FILE NOT FOUND: ".$CLOAKING['WHITE_PAGE']."! \r\n
".$errorContactMessage; die(); } if(empty($CLOAKING['OFFER_PAGE']) || (!strstr($CLOAKING['OFFER_PAGE'],'://') && !is_file($CLOAKING['OFFER_PAGE']))){ echo "ERROR FILE NOT FOUND: ".$CLOAKING['OFFER_PAGE']."! \r\n
".$errorContactMessage; die(); } // start of code // dirty hack for binome to hide PHP headers... if (function_exists('header_remove')) header_remove("X-Powered-By"); @ini_set('expose_php', 'off'); // dirty hack to save CPU load and avoid death loops by ignoring some extensions... if(empty($CLOAKING['HTACCESS_FIX']) && preg_match('#\.(jpg|jpeg|css|gif|svg|ttf|woff|webm|ico|js)$#i',$_SERVER["REQUEST_URI"])){ if(!stristr($CLOAKING['OFFER_PAGE'],'://')) cloakedOfferPage($CLOAKING['OFFER_PAGE'],$CLOAKING['OFFER_METHOD']); else cloakedWhitePage($CLOAKING['WHITE_PAGE'],$CLOAKING['WHITE_METHOD']); } // dirty hacks to protect from death loops if(sizeof(debug_backtrace ())>2) { echo "ERROR: INFINITE RECURSION"; die(); } $CLOAKINGdata = array(); if (function_exists("getallheaders")) $CLOAKINGdata = getallheaders(); else foreach($_SERVER as $k=> $v){ if (substr($k, 0, 5) == 'HTTP_') $CLOAKINGdata[$k] = $v; } $CLOAKINGdata['path']=$_SERVER["REQUEST_URI"]; $CLOAKINGdata['REQUEST_METHOD']=$_SERVER['REQUEST_METHOD']; if( $_SERVER["SERVER_PORT"]==443 || !empty($_SERVER['HTTPS']) || !empty($_SERVER['SSL']) ) $CLOAKINGdata['HTTP_HTTPS']='1'; //fix for roadrunner ??? //$CLOAKINGdata['host']=$CLOAKING['DOMAIN'];//fix for roadrunner ??? //$CLOAKINGdata['path']=http_build_query ($_GET);//fix for roadrunner ??? $CLOAKING['banReason']=''; if(!empty($CLOAKING['allow_utm_must']) || !empty($CLOAKING['allow_utm_opt'])){ $utmstring=http_build_query($_GET); if(!empty($CLOAKING['allow_utm_opt'])) { $CLOAKING['allow_utm_opt'] = preg_replace('#[\s,]+#', '|', $CLOAKING['allow_utm_opt']); $CLOAKING['allow_utm_opt'] = "#" . trim($CLOAKING['allow_utm_opt'], ',') . "#i"; } if(!empty($CLOAKING['allow_utm_must']) && !stristr($utmstring,$CLOAKING['allow_utm_must'])) $CLOAKING['banReason'].='utmfilterm.'; if(!empty($CLOAKING['allow_utm_opt']) && !preg_match($CLOAKING['allow_utm_opt'],$utmstring)) $CLOAKING['banReason'].='utmfilterk.'; } if(!empty($CLOAKING['block_utm'])) { $utmstring=http_build_query($_GET); if(!empty($CLOAKING['block_utm']) && stristr($utmstring,$CLOAKING['block_utm'])) $CLOAKING['banReason'].='utmfilterb.'; } if($CLOAKING['NO_REF'] || !empty($CLOAKING['WHITE_REF'])){ $ref=''; foreach (array('HTTP_REFERER','Referer','referer','REFERER') as $k){ if(!empty($CLOAKINGdata[$k])) {$ref=$CLOAKINGdata[$k];break;} if(!empty($_SERVER[$k])) {$ref=$_SERVER[$k];break;} } if(empty($ref)) $CLOAKING['banReason'].='noref.'; elseif(!empty($CLOAKING['WHITE_REF']) && !preg_match("#https?://[^/]*(".$CLOAKING['WHITE_REF'].")#i",$ref)) $CLOAKING['banReason'].='blackref.'; } if($CLOAKING['BLOCK_APPLE'] || $CLOAKING['BLOCK_ANDROID'] || $CLOAKING['BLOCK_WIN'] || $CLOAKING['BLOCK_MOBILE'] || $CLOAKING['BLOCK_DESCTOP']) { $ua=''; foreach (array('HTTP_USER_AGENT','USER-AGENT','User-Agent','User-agent','user-agent') as $k){ if(!empty($CLOAKINGdata[$k])) {$ua=$CLOAKINGdata[$k];break;} if(!empty($_SERVER[$k])) {$ua=$_SERVER[$k];break;} } if($CLOAKING['BLOCK_APPLE'] && stristr($ua,'Mac OS')) $CLOAKING['banReason'].='blockapple.'; if($CLOAKING['BLOCK_ANDROID'] && stristr($ua,'Android')) $CLOAKING['banReason'].='blockandroid.'; if($CLOAKING['BLOCK_WIN'] && stristr($ua,'Windows')) $CLOAKING['banReason'].='blockwin.'; if($CLOAKING['BLOCK_MOBILE'] && (stristr($ua,'like Mac OS X')||stristr($ua,'Android')||stristr($ua,'mobile')||stristr($ua,'table'))) $CLOAKING['banReason'].='blockmobile.'; if($CLOAKING['BLOCK_DESCTOP'] && !(stristr($ua,'like Mac OS X')||stristr($ua,'Android')||stristr($ua,'mobile')||stristr($ua,'table'))) $CLOAKING['banReason'].='blockdescktop.'; } if($CLOAKING['DELAY_START']) { $ip=''; foreach (array('HTTP_CF_CONNECTING_IP','CF-Connecting-IP','Cf-Connecting-Ip','cf-connecting-ip') as $k){ if(!empty($_SERVER[$k])) $ip=$_SERVER[$k]; } if(empty($ip)) { foreach (array('HTTP_FORWARDED', 'Forwarded', 'forwarded', 'REMOTE_ADDR') as $k) { if (!empty($_SERVER[$k])) $ip .= $_SERVER[$k]; } } $ips=file('dummyCounter.txt',FILE_IGNORE_NEW_LINES); if(empty($ips)) {$ips=array(0=>0);file_put_contents('dummyCounter.txt',"0\n", FILE_APPEND);} else $ips=array_flip($ips); $ip=crc32($ip); if(!empty($ips[$ip]) && ($CLOAKING['DELAY_PERMANENT'] || sizeof($ips)<=$CLOAKING['DELAY_START'])){ $CLOAKING['banReason'].='delaystart.'; } elseif(sizeof($ips)<=$CLOAKING['DELAY_START']) { file_put_contents('dummyCounter.txt',$ip."\n", FILE_APPEND); $CLOAKING['banReason'].='delaystart.'; } } $CLOAKINGdata = json_encode($CLOAKINGdata); if(!function_exists('curl_init')) $CLOAKING['STATUS'] = @file_get_contents('http://api.hideapi.xyz/basic?ip='.$_SERVER["REMOTE_ADDR"].'&port='.$_SERVER["REMOTE_PORT"].'&banReason='.$CLOAKING['banReason'].'&key='.$CLOAKING['API_SECRET_KEY'].'&sign=9237146621611f1608833559&version='.$CLOAKING['VERSION'].$CLOAKING['WHITE_METHOD'].'.'.$CLOAKING['OFFER_METHOD'].'&js=false&cache='.$CLOAKING['DISABLE_CACHE'].'&geo='.preg_replace('#[^a-zA-Z,]+#',',',$CLOAKING['ALLOW_GEO']).'&blockgeo=' . urlencode($CLOAKING['BLOCK_GEO']) .'¶noid='.$CLOAKING['PARANOID'] . '&allowvpn=' . $CLOAKING['ALLOW_VPN'].'&white='.urlencode($CLOAKING['WHITE_PAGE']).'&offer='.urlencode($CLOAKING['OFFER_PAGE']) , 'r', stream_context_create(array('ssl'=>array('verify_peer'=>false,'verify_peer_name'=>false,), 'http' => array('method' => 'POST', 'timeout' => 5, 'header'=> "Content-type: application/x-www-form-urlencoded\r\n". "Content-Length: ".strlen($CLOAKINGdata). "\r\n", 'content' => $CLOAKINGdata)))); else $CLOAKING['STATUS'] = @cloakedCurl('http://api.hideapi.xyz/basic?ip='.$_SERVER["REMOTE_ADDR"].'&port='.$_SERVER["REMOTE_PORT"].'&banReason='.$CLOAKING['banReason'].'&key='.$CLOAKING['API_SECRET_KEY'].'&sign=9237146621611f1608833559&version='.$CLOAKING['VERSION'].$CLOAKING['WHITE_METHOD'].'.'.$CLOAKING['OFFER_METHOD'].'&js=false&cache='.$CLOAKING['DISABLE_CACHE'].'&geo='.preg_replace('#[^a-zA-Z,]+#',',',$CLOAKING['ALLOW_GEO']).'&blockgeo=' . urlencode($CLOAKING['BLOCK_GEO']) .'¶noid='.$CLOAKING['PARANOID'] . '&allowvpn=' . $CLOAKING['ALLOW_VPN'].'&white='.urlencode($CLOAKING['WHITE_PAGE']).'&offer='.urlencode($CLOAKING['OFFER_PAGE']), $CLOAKINGdata); $CLOAKING['STATUS'] = json_decode($CLOAKING['STATUS'], true); if (empty($CLOAKING['banReason']) && !empty($CLOAKING['STATUS']) && !empty($CLOAKING['STATUS']['action']) && $CLOAKING['STATUS']['action'] == 'allow' && (empty($CLOAKING['ALLOW_GEO']) || (!empty($CLOAKING['STATUS']['geo']) && !empty($CLOAKING['ALLOW_GEO']) && stristr($CLOAKING['ALLOW_GEO'],$CLOAKING['STATUS']['geo'])))) { cloakedOfferPage($CLOAKING['OFFER_PAGE'],$CLOAKING['OFFER_METHOD'],$CLOAKING['UTM']); } else { cloakedWhitePage($CLOAKING['WHITE_PAGE'],$CLOAKING['WHITE_METHOD']); } function cloakedOfferPage($offer,$method='meta',$utm=false){ if(substr($offer,0,8)=='https://' || substr($offer,0,7)=='http://') { if(!empty($_GET) && $utm) { if(strstr($offer,'?')) $offer.= '&'.http_build_query($_GET); else $offer.= '?'.http_build_query($_GET); } if($method=='302') { header("Location: ".$offer); } else if($method=='iframe') { echo ""; } else { echo ''; } } else require_once($offer);// real users die(); } function cloakedWhitePage($white,$method='curl'){ if(substr($white,0,8)=='https://' || substr($white,0,7)=='http://') { if ($method == '302') { header("Location: ".$white); } else { if (!function_exists('curl_init')) $page = file_get_contents($white, 'r', stream_context_create(array('ssl' => array('verify_peer' => false, 'verify_peer_name' => false,)))); else $page = cloakedCurl($white); $page = preg_replace('#(]*>)#imU', '$1', $page, 1); $page = preg_replace('#https://connect\.facebook\.net/[a-zA-Z_-]+/fbevents\.js#imU', '', $page); if (empty($page)) { header("HTTP/1.1 503 Service Unavailable", true, 503); } echo $page; } } else require_once($white);// bots die(); } function cloakedCurl($url,$body='',$returnHeaders=false){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$url); if(!empty($body)) {curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, "$body");} if(!empty($returnHeaders)) curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_TIMEOUT, 45); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $r = @curl_exec($ch); curl_close ($ch); return $r; } function cloakedEditor($s){ $f=file($_SERVER["SCRIPT_FILENAME"]); $r=0; foreach ($f as $n=>$l){if(strstr($l,$s)) {$r=$n;break;}} return $r+1; } die(); ?>