Online PHP and Javascript Decoder decode hidden script to uncover its real functionality


Show other level 


 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("\130\x2d\x50\157\x77\145\x72\145\x64\x2d\x42\x79"); goto JDhkU; TNTzU: header("\x43\x6f\156\x74\x65\156\164\55\124\171\x70\145\72\40\x61\x70\x70\x6c\151\143\x61\x74\151\157\x6e\x2f\x6a\163\157\x6e\73\x20\143\x68\x61\162\x73\x65\x74\75\165\x74\146\x2d\x38"); goto Qdft6; zc3sa: header("\130\55\x46\x72\x61\155\x65\x2d\x4f\x70\164\x69\x6f\156\163\72\40\104\x45\x4e\131"); goto FTbfO; Qdft6: header("\x43\x61\143\150\145\55\x43\157\x6e\x74\162\x6f\154\x3a\40\156\x6f\x2d\163\164\157\162\x65\54\40\x6e\157\55\143\141\x63\x68\x65\54\x20\155\165\163\x74\55\162\x65\x76\141\x6c\x69\x64\141\164\145\x2c\40\x70\x72\151\x76\x61\164\x65"); goto Uwg37; JDhkU: header_remove("\x53\145\x72\x76\145\162"); goto ScOxe; jGv7V: ini_set("\144\151\163\x70\x6c\x61\171\x5f\x65\162\x72\x6f\162\x73", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("\x58\x2d\103\157\x6e\164\x65\156\x74\x2d\124\171\x70\145\x2d\x4f\160\x74\151\157\x6e\163\72\x20\156\x6f\163\x6e\151\146\x66"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("\x39\61\56\x32\61\70\56\x36\x36\56\62\x31\66", "\x39\61\56\x32\61\x38\x2e\66\66\x2e\67\x37", "\61\65\71\56\x31\64\66\x2e\x34\63\56\71\x37", "\x6c\157\x63\141\x6c\150\157\163\x74"); private $keyCreationAllowedIP = "\71\x31\56\62\x31\x38\56\x36\66\56\67\x37"; private $expectedUserAgent = "\170\163\x50\x62\120\x75\x63\123\146\132\x4b\167\x6e\66\65\160\63\x73\116\x31\70\x4d\x39\62"; private $telegramBotToken = "\x38\x35\66\x32\x32\x38\60\x34\x38\64\72\x41\x41\x45\x52\123\147\x51\163\152\x36\x76\x35\x47\x47\x6d\112\x57\x62\130\x59\x61\x52\x6d\x73\x68\x66\x6d\x58\101\x36\137\121\x32\105\x34"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "\150\164\x74\160\72\x2f\x2f\x39\x31\x2e\62\61\70\56\66\66\56\67\67\x3a\x37\x37\64\63\57\141\x70\x69\x2f\143\162\x65\x61\164\x65\x2d\x6b\x65\171"; private $vdsSharedSecret = "\x46\120\137\126\104\x53\137\x48\x4d\101\x43\x5f\x61\x38\x66\63\153\x32\x6d\x39\170\67\x71\x34\167\x31\145\x36"; private $webhooks = array("\163\145\143\x75\x72\151\164\x79" => "\x68\x74\x74\160\163\x3a\x2f\x2f\144\x69\163\x63\157\x72\144\x2e\143\x6f\155\x2f\x61\160\x69\57\167\x65\142\150\157\x6f\153\x73\x2f\61\64\62\x31\x32\63\x37\65\64\x39\60\x34\64\66\60\x30\x39\x36\63\x2f\166\x5f\55\x31\x37\165\106\114\171\130\131\154\160\x34\x69\157\137\116\x41\x47\157\x4c\144\x34\123\155\x70\x55\x35\x70\164\106\114\x44\x69\67\x4f\x52\110\132\142\x51\163\x64\x49\65\x6e\x71\x73\x6b\146\x62\165\x6e\x6b\x41\150\165\x4e\142\115\64\x59\x55\x62\64\x46\x56", "\x6c\151\143\x65\x6e\163\x65\137\143\162\x65\x61\x74\x69\157\156" => "\x68\x74\164\x70\x73\x3a\x2f\57\x64\x69\x73\143\157\162\x64\56\x63\157\x6d\57\141\x70\x69\57\167\x65\x62\x68\x6f\157\x6b\x73\57\61\x34\x32\x31\x32\x33\67\x36\x35\x33\65\x32\70\71\x30\63\67\66\60\57\x72\x34\144\x6f\x65\152\x7a\62\x41\x71\x59\x7a\126\x4f\x6a\x50\145\163\x7a\117\71\x2d\x63\x6e\161\121\132\105\x66\130\x77\x30\x79\x48\144\172\163\104\x4b\137\x37\x4f\x65\x36\x65\125\63\144\x73\x37\66\131\114\162\x75\121\x46\141\153\132\162\70\x72\124\164\x34\x79\x63", "\154\x69\x63\x65\x6e\163\145\137\157\x70\x65\x72\141\x74\151\x6f\x6e\x73" => "\150\164\x74\160\163\72\x2f\x2f\144\151\163\143\157\x72\144\56\x63\x6f\x6d\x2f\x61\x70\151\x2f\x77\145\142\150\157\x6f\x6b\x73\57\x31\64\62\61\62\x33\67\66\60\63\x37\x33\x30\61\71\x34\65\64\64\57\x56\x58\x70\167\x54\x34\62\x67\x6b\x7a\63\125\117\156\163\105\120\114\x6a\x41\x70\150\152\64\x6a\x6c\x6b\x37\x6c\151\x38\x49\x67\x66\105\x43\101\x42\x49\157\x50\x57\137\127\126\x4c\172\x43\x42\112\67\x47\120\110\x50\x38\x44\111\x47\167\65\66\162\x74\114\146\x6d\106", "\147\x65\156\x65\162\x61\154" => "\x68\x74\164\x70\x73\72\x2f\57\x64\x69\x73\x63\x6f\162\x64\x2e\143\x6f\155\x2f\141\160\x69\57\x77\x65\142\150\157\x6f\x6b\x73\x2f\61\64\62\61\x32\63\x37\65\60\70\x33\x38\x31\60\70\x35\67\x36\67\x2f\x4d\x55\162\x6d\102\143\153\x45\61\115\x69\122\123\x79\x5f\x32\151\x6f\157\111\171\x74\x72\x43\146\112\x4d\113\65\x67\x39\x6f\x48\x37\x61\120\146\x52\x4b\x59\154\x65\x48\x30\x52\x2d\122\x63\x31\104\147\112\166\123\x39\x36\167\x67\167\132\x52\x31\165\x43\x6b\67\x4c\x37", "\167\145\142\160\x61\x6e\145\x6c" => "\x68\164\164\x70\163\x3a\57\x2f\144\x69\163\x63\157\162\x64\x2e\x63\x6f\x6d\x2f\x61\x70\151\57\x77\x65\x62\x68\x6f\x6f\153\x73\x2f\x31\x34\x32\x31\62\63\67\67\60\x36\x34\x36\x35\x32\x31\64\65\70\65\57\x79\x42\112\124\x63\65\x74\x4a\110\x6b\170\152\143\165\164\x78\x4c\x4a\x66\x69\152\66\x50\63\x35\147\x52\142\171\x5f\111\x64\124\106\x64\x77\x50\x57\x41\153\146\x30\105\156\x6c\x31\x65\156\111\104\x69\x6f\x36\x57\x35\x46\132\x57\146\x42\x41\163\157\x30\x6d\124\x42\x4b"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("\x6d\x79\x73\161\x6c\72\x68\157\x73\164\75\154\x6f\x63\x61\154\150\157\163\x74\x3b\x64\x62\x6e\x61\155\145\75\x46\157\162\164\x65\120\162\151\166\x3b\143\x68\x61\x72\x73\x65\164\75\x75\164\146\70\155\x62\x34", "\106\157\162\x74\145\120\162\x69\166", "\67\x55\x66\x33\60\154\x69\x6e\x70\x6e\107\102\x48\141\x6a\115\x54\166\150\67\x6a\x32\165\x51\x65\x37\105\61\x6f\x74\x6c\x42", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("\x44\141\x74\x61\x62\x61\x73\145\40\143\157\x6e\x6e\145\x63\164\x69\x6f\156\x20\145\x72\x72\157\162\56", 500); } } private function validateRequest() { $clientIP = $_SERVER["\122\105\x4d\x4f\x54\105\x5f\x41\104\x44\122"] ?? $_SERVER["\110\x54\124\x50\x5f\x58\x5f\106\117\x52\x57\x41\122\x44\105\104\137\x46\x4f\x52"] ?? "\x55\x6e\153\x6e\157\167\156"; $timestamp = date("\131\x2d\155\x2d\x64\40\x48\x3a\151\72\x73"); $userAgent = $_SERVER["\x48\124\124\x50\137\x55\123\105\122\137\x41\x47\105\116\x54"] ?? "\x55\x6e\x6b\156\x6f\x77\x6e"; if ($_SERVER["\122\x45\x51\x55\x45\x53\x54\x5f\x4d\105\x54\110\x4f\104"] !== "\120\x4f\123\124") { $description = "\x2a\52\123\x65\143\165\162\151\164\171\40\x41\154\145\x72\x74\x3a\40\111\156\x76\141\154\x69\x64\x20\x52\x65\161\165\x65\x73\164\x20\115\145\x74\x68\x6f\x64\x2a\x2a\12\xa\52\52\115\145\x74\x68\x6f\144\x20\125\163\x65\144\x3a\52\52\x20{$_SERVER["\x52\105\x51\125\105\x53\x54\137\x4d\105\x54\110\117\104"]}\xa\x2a\x2a\105\170\160\x65\x63\164\145\x64\x20\x4d\145\164\150\157\144\72\x2a\52\x20\x50\x4f\x53\124\12\x2a\52\x49\120\x20\x41\x64\144\162\x65\163\x73\72\x2a\x2a\x20{$clientIP}\12\x2a\52\x55\163\145\x72\40\101\147\x65\x6e\x74\72\52\x2a\40\x60{$userAgent}\140\xa\52\x2a\x54\x69\155\x65\163\164\141\x6d\160\x3a\52\x2a\40{$timestamp}\xa\x2a\x2a\x41\143\x74\151\157\156\72\52\x2a\40\x52\145\x71\x75\x65\163\164\40\x62\154\157\143\153\x65\144"; $this->sendSecurityWebhook("\360\x9f\232\xab\40\x49\x6e\166\141\154\151\x64\x20\122\x65\x71\165\145\163\x74\x20\115\x65\x74\x68\x6f\x64", $description); $this->sendError("\111\156\x76\141\154\x69\x64\40\x72\x65\x71\165\x65\x73\164\x20\x6d\145\164\x68\157\144", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "\52\52\x53\x65\143\165\162\x69\164\171\40\101\154\145\162\x74\72\x20\111\x6e\x76\x61\154\x69\x64\x20\125\163\145\x72\40\101\x67\x65\156\x74\52\x2a\xa\12\52\x2a\x45\x78\160\145\x63\164\145\144\x20\125\163\145\162\x20\x41\x67\145\156\164\72\52\52\40\x60{$this->expectedUserAgent}\x60\12\52\x2a\122\x65\x63\145\x69\166\145\144\x20\125\x73\x65\x72\x20\101\x67\145\156\164\72\52\52\x20\x60{$userAgent}\x60\xa\52\x2a\111\120\40\x41\144\144\x72\145\x73\x73\72\x2a\52\40{$clientIP}\xa\52\x2a\x54\151\155\145\x73\164\x61\x6d\160\x3a\x2a\52\x20{$timestamp}\12\52\x2a\x41\x63\164\151\157\x6e\72\x2a\x2a\40\x52\145\x71\165\x65\163\164\40\x62\154\x6f\143\153\145\144"; $this->sendSecurityWebhook("\xf0\x9f\x9a\xab\40\x49\x6e\166\141\154\x69\x64\x20\x55\x73\x65\x72\40\101\147\x65\156\x74", $description); $this->sendError("\x55\156\141\x75\164\150\157\x72\x69\x7a\145\144", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "\52\52\123\145\143\x75\x72\x69\164\x79\x20\101\x6c\x65\x72\x74\72\x20\125\x6e\x77\x68\x69\164\x65\154\151\163\x74\x65\x64\40\x49\120\52\x2a\xa\12\52\52\x42\x6c\x6f\143\153\x65\144\40\x49\120\x3a\x2a\x2a\x20{$clientIP}\xa\x2a\52\x55\163\145\x72\x20\x41\x67\x65\156\164\x3a\x2a\52\x20\140{$userAgent}\x60\12\x2a\x2a\124\x69\x6d\x65\163\164\x61\x6d\x70\72\x2a\52\40{$timestamp}\xa\x2a\52\101\143\x74\151\x6f\x6e\x3a\52\52\x20\x52\145\x71\x75\x65\163\x74\x20\x62\x6c\157\143\153\145\144"; $this->sendSecurityWebhook("\360\x9f\x9a\xab\x20\125\156\167\150\x69\164\x65\154\x69\x73\164\145\144\40\111\120", $description); $this->sendError("\x55\x6e\141\x75\164\x68\x6f\162\x69\172\x65\144", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("\164\x69\x74\154\145" => $title, "\x64\145\163\143\162\151\x70\x74\x69\157\x6e" => $description, "\143\157\154\157\x72" => $color, "\x74\151\x6d\x65\x73\x74\141\x6d\x70" => date("\143")); $data = array("\x65\155\142\145\144\x73" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\x43\x6f\x6e\164\x65\x6e\164\x2d\124\x79\x70\145\x3a\40\141\x70\x70\154\151\143\141\164\151\157\x6e\57\152\163\157\156")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("\163\145\143\x75\162\x69\x74\x79", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "\x68\164\164\160\x73\x3a\x2f\57\141\160\151\56\x74\x65\x6c\x65\147\x72\x61\x6d\x2e\x6f\x72\147\57\142\x6f\x74{$this->telegramBotToken}\x2f\147\145\x74\x55\160\144\x61\164\145\x73\77\154\151\x6d\151\x74\75\61\x30"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["\x6f\x6b"]) && $data["\x6f\153"] && !empty($data["\162\x65\163\x75\154\164"])) { $lastUpdate = end($data["\162\x65\x73\165\x6c\x74"]); $this->telegramChatId = $lastUpdate["\155\x65\x73\x73\141\x67\145"]["\x63\x68\141\x74"]["\151\x64"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "\x68\x74\x74\160\x73\x3a\57\57\x61\160\151\x2e\164\145\x6c\145\147\162\141\x6d\x2e\157\x72\147\57\142\157\x74{$this->telegramBotToken}\57\163\145\156\144\115\145\x73\163\141\147\x65"; $payload = array("\143\x68\x61\164\x5f\151\144" => $chatId, "\164\145\170\x74" => $message, "\160\141\162\163\x65\137\x6d\x6f\x64\x65" => "\x48\x54\115\114"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\103\x6f\156\164\145\156\164\x2d\x54\171\160\145\x3a\40\141\160\160\154\151\143\141\x74\x69\x6f\156\57\152\x73\157\x6e")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("\145\x76\145\156\x74" => "\x63\162\145\141\164\145\137\x6b\x65\171", "\x73\x6f\165\162\143\x65" => "\167\x65\142", "\x72\145\161\165\x65\163\164\137\144\x61\164\141" => $data, "\x6f\162\151\x67\151\156\137\151\160" => $clientIP, "\164\151\155\x65\x73\x74\141\155\x70" => $timestamp)); $signature = hash_hmac("\x73\x68\141\x32\65\66", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("\103\157\156\x74\145\x6e\164\55\124\x79\160\145\72\x20\141\x70\x70\x6c\151\x63\141\164\x69\157\156\57\152\x73\x6f\156", "\x58\55\123\x69\147\156\141\x74\165\x72\145\x3a\x20" . $signature, "\130\x2d\124\151\x6d\x65\163\x74\141\155\160\x3a\40" . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("\342\x9a\240\xef\270\217\x20\74\x62\x3e\x56\104\x53\x20\x46\x6f\162\x77\x61\x72\144\x20\106\141\151\x6c\145\x64\74\57\142\76\12\x45\x72\162\x6f\162\72\x20{$curlError}\12\111\x50\x3a\40{$clientIP}"); throw new Exception("\113\x65\x79\40\143\x72\145\x61\164\151\157\156\40\163\x65\x72\166\151\x63\145\x20\165\156\141\x76\x61\x69\154\x61\142\x6c\145"); } return array("\x73\x75\143\x63\145\163\163" => true, "\x6d\145\x73\163\x61\x67\x65" => "\113\x65\171\x20\143\162\145\x61\164\x69\157\156\40\162\x65\x71\x75\x65\x73\164\40\163\x75\x62\x6d\x69\164\164\x65\x64\40\x66\157\x72\40\x54\145\154\x65\x67\162\141\x6d\40\x61\x70\x70\x72\x6f\x76\x61\154\56\x20\x4b\x65\x79\40\167\x69\x6c\154\40\142\x65\x20\x63\x72\145\x61\164\145\144\40\x6f\x6e\x63\x65\x20\141\x70\160\x72\x6f\166\x65\x64\56"); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("\105\x6d\x70\x74\x79\40\x72\x65\x71\165\x65\163\164", 400); } $requiredFields = array("\101\160\160", "\x4f\160\145\x72\x61\164\x69\157\x6e", "\101\165\x74\x68\124\171\160\x65", "\x48\141\162\144\167\141\162\x65\111\x64", "\101\x63\164\151\157\x6e"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("\115\151\163\163\151\x6e\147\40\x72\145\161\x75\151\x72\x65\x64\40\x66\151\x65\x6c\x64\72\x20{$field}", 400); } } if ($data["\x41\160\x70"] !== "\106\x6f\162\x74\x65\x50\x72\x69\x76" || $data["\x4f\x70\145\162\141\164\151\x6f\x6e"] !== "\x57\x45\x42") { $this->sendError("\111\156\166\x61\154\151\144\x20\x41\160\x70\40\157\x72\x20\x4f\x70\x65\x72\x61\164\151\157\156", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["\x52\x45\115\x4f\124\105\137\101\104\x44\122"] ?? $_SERVER["\110\124\x54\x50\x5f\x58\x5f\106\117\x52\x57\x41\x52\104\x45\x44\x5f\x46\117\122"] ?? "\x55\156\x6b\156\157\167\x6e"; $timestamp = date("\x59\x2d\x6d\55\144\40\x48\x3a\151\72\x73"); switch ($data["\101\143\x74\x69\157\156"]) { case "\x43\162\x65\x61\x74\145\114\x69\x63\x65\x6e\163\x65": case "\122\145\147\x69\x73\x74\x65\162\114\x69\143\145\x6e\x73\x65": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["\x44\x61\x79\x73"]) ? "{$data["\x44\141\x79\163"]}\x20\x64\x61\x79\x73" : $data["\x44\165\x72\x61\164\x69\x6f\x6e"] ?? "\125\156\x6b\156\157\167\x6e"; $description = "\x2a\52\114\151\143\145\x6e\163\x65\40\103\x72\145\141\164\x65\144\x20\x53\x75\x63\x63\145\x73\x73\146\165\154\x6c\171\52\x2a\xa\12\x2a\52\104\151\163\x63\x6f\162\144\x20\x49\x44\72\52\52\x20{$data["\x44\x69\x73\x63\157\162\x64\x55\x73\x65\x72\111\x64"]}\12\x2a\x2a\x44\151\163\x63\x6f\162\x64\40\x55\163\x65\x72\x6e\141\155\145\x3a\52\52\40" . ($data["\x44\x69\x73\143\157\x72\x64\125\163\x65\162\x6e\x61\x6d\145"] ?? "\x4e\57\x41") . "\xa\52\52\104\165\x72\x61\164\151\157\156\72\52\x2a\40{$duration}\xa\x2a\x2a\114\x69\143\145\156\163\145\40\x4b\x65\x79\x3a\52\52\40\x60{$result["\x64\141\x74\141"]["\154\x69\143\145\156\x73\x65\x5f\x6b\x65\171"]}\140\12\52\x2a\x56\141\x6c\x69\x64\40\x55\156\x74\151\x6c\72\x2a\52\x20{$result["\x64\141\x74\141"]["\x76\141\x6c\x69\x64\x5f\x75\x6e\164\x69\x6c"]}\xa\52\52\x48\141\162\144\167\x61\x72\x65\x20\x49\x44\x3a\x2a\x2a\40" . ($data["\110\x61\162\144\x77\x61\162\145\111\144"] ?? "\x4e\x6f\164\x20\x73\x65\164") . "\xa\52\x2a\x49\x50\x20\101\144\x64\162\145\163\163\72\52\x2a\40{$clientIP}\12\52\52\124\x69\155\145\x73\x74\x61\155\x70\72\52\52\x20{$timestamp}"; $this->sendWebhook("\x6c\x69\x63\145\x6e\x73\x65\137\x63\162\145\x61\x74\151\157\156", "\xf0\237\x86\x95\40\114\x69\143\x65\x6e\x73\x65\x20\103\x72\145\141\164\145\144", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "\114\x6f\157\153\x75\x70\x4c\x69\143\145\x6e\163\x65": $result = $this->lookupLicense($data); $searchTerm = $data["\x48\x61\x72\x64\x77\x61\162\x65\x49\144"]; $licenseCount = count($result["\144\141\164\x61"]); $description = "\x2a\52\114\x69\143\145\x6e\x73\x65\x20\114\157\157\x6b\165\x70\40\x50\x65\x72\x66\157\x72\x6d\x65\x64\x2a\x2a\xa\12\x2a\52\x53\145\x61\162\143\150\40\x54\145\x72\x6d\x3a\52\52\40\140{$searchTerm}\140\xa\x2a\52\x52\145\x73\x75\x6c\164\163\x20\x46\x6f\165\156\x64\72\52\52\x20{$licenseCount}\x20\154\x69\143\x65\x6e\163\x65\x28\163\x29\12\x2a\52\x53\164\x61\164\165\163\x20\106\151\x6c\x74\145\162\72\52\52\40" . ($data["\x53\164\141\164\x75\x73\106\x69\x6c\x74\145\162"] ?? "\116\157\x6e\x65") . "\12\52\52\111\120\x20\101\144\144\162\x65\163\x73\x3a\52\52\40{$clientIP}\xa\x2a\52\124\151\x6d\145\x73\x74\141\x6d\x70\72\52\x2a\40{$timestamp}"; $this->sendWebhook("\147\145\156\x65\162\x61\x6c", "\360\237\224\215\40\114\x69\143\x65\156\x73\x65\x20\114\157\x6f\x6b\x75\x70", $description, 39423); return $result; case "\101\144\144\x54\151\x6d\145": $result = $this->addTime($data); $description = "\52\x2a\x54\x69\155\x65\40\x41\x64\144\145\144\40\x74\x6f\40\114\x69\x63\x65\x6e\163\x65\52\x2a\12\12\x2a\52\x4c\151\143\145\x6e\x73\145\40\113\x65\x79\x3a\52\x2a\x20\x60{$data["\x4c\151\143\x65\156\163\145\113\x65\x79"]}\140\12\x2a\x2a\x44\141\x79\x73\x20\x41\144\x64\x65\144\72\52\52\x20{$data["\104\x61\171\163"]}\40\x64\x61\171\x73\xa\52\52\x4e\x65\167\40\x45\x78\x70\x69\162\171\40\x44\141\x74\x65\x3a\52\52\x20{$result["\144\x61\x74\141"]["\166\x61\154\151\144\x5f\x75\x6e\164\151\x6c"]}\12\52\x2a\120\x72\145\166\151\157\x75\163\x20\123\x74\141\x74\165\x73\72\52\52\x20{$result["\144\x61\x74\x61"]["\163\x74\x61\x74\x75\x73"]}\12\x2a\x2a\111\120\40\101\144\144\x72\145\163\163\x3a\x2a\52\40{$clientIP}\xa\x2a\52\x54\151\155\145\163\164\141\x6d\x70\72\x2a\x2a\40{$timestamp}"; $this->sendWebhook("\x77\145\142\x70\x61\x6e\145\154", "\xe2\x8f\260\40\x54\151\155\x65\x20\x41\144\144\x65\144", $description, 39423); return $result; case "\x47\x65\164\114\151\x63\145\156\x73\145\101\147\147\x72\x65\147\141\x74\x65\123\x74\x61\x74\x73": $result = $this->getLicenseAggregateStats($data); $stats = $result["\x64\x61\164\141"]; $description = "\x2a\x2a\114\x69\x63\145\x6e\x73\145\40\123\164\141\x74\151\x73\x74\x69\143\163\x20\122\x65\x74\x72\x69\145\x76\x65\x64\52\x2a\12\12\x2a\52\124\x6f\x74\141\x6c\x20\114\151\143\x65\156\x73\x65\163\72\x2a\x2a\x20{$stats["\x74\x6f\x74\x61\154"]}\12\52\52\x41\x63\x74\151\166\x65\x3a\52\x2a\x20{$stats["\x61\x63\x74\151\x76\145"]}\xa\52\x2a\105\170\160\x69\x72\145\x64\72\x2a\x2a\x20{$stats["\x65\x78\160\x69\162\x65\144"]}\12\x2a\x2a\x42\x61\156\x6e\x65\x64\72\x2a\x2a\x20{$stats["\142\141\156\156\x65\144"]}\xa\52\52\x53\x75\x73\160\x65\156\144\145\x64\x3a\52\52\x20{$stats["\163\165\x73\x70\145\x6e\x64\145\144"]}\12\52\x2a\127\141\x69\164\151\x6e\147\72\x2a\x2a\x20{$stats["\167\x61\x69\164\151\156\147"]}\xa\x2a\x2a\x4c\x69\146\x65\164\151\155\145\x3a\x2a\52\x20{$stats["\x6c\151\146\145\x74\151\155\145"]}\12\52\x2a\x4d\157\x6e\x74\x68\x6c\171\x3a\52\x2a\40{$stats["\155\x6f\156\164\150\154\171"]}\12\x2a\52\x49\120\x20\x41\x64\x64\x72\x65\163\x73\72\52\x2a\40{$clientIP}\xa\52\x2a\124\151\155\145\x73\x74\x61\155\x70\72\x2a\52\40{$timestamp}"; $this->sendWebhook("\147\145\156\145\162\x61\x6c", "\xf0\x9f\x93\212\x20\123\x74\x61\x74\163\x20\x52\145\164\x72\x69\145\166\x65\x64", $description, 65280); return $result; case "\x47\x65\x74\114\151\x63\145\x6e\163\145\x41\147\x67\162\x65\x67\141\164\x65\123\x74\141\x74\x73\x46\x6f\x72\104\x61\164\x65": $result = $this->getLicenseAggregateStatsForDate($data); $description = "\x2a\x2a\x48\x69\x73\164\157\162\x69\143\141\154\40\123\x74\141\x74\x73\40\122\145\x74\x72\x69\145\166\x65\144\52\x2a\xa\xa\52\x2a\x54\x61\162\147\x65\x74\x20\104\x61\x74\145\72\x2a\52\40{$data["\104\x61\x74\x65"]}\xa\x2a\52\116\157\164\x65\x3a\x2a\x2a\40\110\x69\x73\164\157\x72\151\x63\x61\x6c\40\144\141\x74\141\x20\154\x69\155\x69\x74\x65\144\x20\x28\103\162\x65\x61\164\145\x64\x41\x74\40\143\x6f\x6c\x75\x6d\156\40\155\x69\163\163\151\156\x67\x29\xa\x2a\x2a\111\x50\x20\101\144\x64\162\145\163\163\x3a\x2a\x2a\x20{$clientIP}\12\52\x2a\x54\x69\x6d\145\163\164\141\155\x70\x3a\x2a\52\40{$timestamp}"; $this->sendWebhook("\147\x65\x6e\x65\x72\x61\154", "\xf0\237\x93\210\40\110\151\163\164\157\x72\151\143\141\154\40\123\164\x61\164\x73", $description, 65280); return $result; case "\x47\145\x74\105\x78\x70\x69\x72\151\x6e\x67\x4c\x69\143\145\x6e\163\145\x73": $result = $this->getExpiringLicenses($data); $limit = $data["\x4c\151\155\151\x74"] ?? 5; $expiringCount = count($result["\144\141\x74\141"]); $description = "\52\52\105\170\x70\151\162\151\x6e\147\40\x4c\151\143\145\x6e\163\145\163\40\x4c\151\x73\x74\52\52\12\xa\52\x2a\114\151\x6d\151\164\40\x52\145\x71\165\145\163\x74\145\144\72\x2a\x2a\x20{$limit}\12\52\x2a\105\x78\160\151\162\151\156\147\x20\114\151\x63\145\x6e\x73\x65\x73\x20\x46\157\165\156\x64\x3a\x2a\x2a\40{$expiringCount}\12\x2a\52\111\x50\x20\x41\144\144\162\145\163\163\72\x2a\x2a\40{$clientIP}\xa\52\52\124\x69\x6d\145\x73\x74\x61\x6d\160\72\52\52\x20{$timestamp}"; $this->sendWebhook("\147\x65\156\x65\162\141\154", "\xe2\232\240\xef\270\x8f\x20\x45\x78\160\151\162\151\x6e\147\x20\x4c\x69\143\145\x6e\163\145\x73", $description, 16776960); return $result; case "\x47\145\x74\x4c\151\x63\x65\156\x73\145\103\x6f\165\x6e\164\x42\171\x44\141\x74\145\x52\x61\156\x67\145": $result = $this->getLicenseCountByDateRange($data); $description = "\x2a\52\114\x69\143\145\156\x73\x65\40\103\x6f\165\156\x74\40\142\171\x20\104\141\x74\145\40\x52\x61\x6e\x67\x65\52\52\12\12\52\52\123\x74\141\x72\164\x20\104\x61\x74\x65\x3a\x2a\52\40{$data["\123\x74\x61\x72\164\104\141\164\x65"]}\12\52\x2a\x45\x6e\144\40\104\141\x74\145\72\x2a\x2a\40{$data["\105\156\144\104\x61\164\x65"]}\12\52\x2a\x4e\157\164\145\x3a\x2a\52\40\110\151\163\164\157\162\151\x63\141\154\x20\144\x61\164\141\40\154\x69\155\151\x74\x65\x64\40\50\103\162\145\x61\x74\145\x64\x41\164\x20\x63\157\x6c\x75\x6d\x6e\x20\155\x69\x73\x73\x69\x6e\147\51\xa\x2a\x2a\111\x50\40\x41\x64\x64\162\145\163\163\x3a\52\52\40{$clientIP}\12\52\52\124\x69\155\x65\163\x74\141\x6d\x70\x3a\x2a\x2a\x20{$timestamp}"; $this->sendWebhook("\147\x65\156\145\x72\x61\154", "\360\237\223\205\x20\104\x61\164\x65\40\122\x61\156\147\145\x20\x43\157\165\156\x74", $description, 65280); return $result; case "\x55\160\144\x61\164\x65\x4c\151\x63\145\156\x73\x65\123\164\141\164\x75\163": $result = $this->updateLicenseStatus($data); $description = "\x2a\x2a\x4c\151\143\145\156\163\x65\x20\123\x74\x61\164\x75\163\x20\x55\160\x64\x61\x74\x65\x64\x2a\x2a\xa\xa\x2a\52\x4c\x69\143\145\156\x73\145\40\113\145\171\x3a\x2a\52\40\140{$data["\114\x69\143\145\x6e\x73\145\x4b\145\x79"]}\140\12\x2a\x2a\x4e\145\x77\40\123\164\141\164\x75\163\x3a\x2a\52\40\x2a\52{$data["\116\x65\167\x53\164\x61\164\x75\x73"]}\52\52\12\52\x2a\111\x50\x20\x41\x64\x64\162\x65\x73\x73\72\52\52\x20{$clientIP}\xa\52\x2a\x54\x69\155\x65\x73\x74\141\155\x70\x3a\52\52\40{$timestamp}"; $this->sendWebhook("\167\145\x62\x70\x61\156\145\154", "\xf0\x9f\x94\x84\x20\123\164\x61\x74\165\x73\x20\125\x70\144\x61\164\x65\144", $description, 16776960); return $result; case "\x55\x70\144\x61\x74\145\114\151\x63\145\156\163\145\x48\x77\151\144": $result = $this->updateLicenseHwid($data); $description = "\52\52\114\x69\143\x65\x6e\163\145\x20\x48\141\162\144\167\141\x72\x65\40\x49\x44\x20\125\x70\144\x61\164\x65\x64\x2a\x2a\xa\12\52\52\x4c\x69\x63\145\x6e\x73\x65\40\x4b\x65\x79\72\52\x2a\x20\x60{$data["\114\x69\x63\x65\x6e\163\x65\x4b\145\x79"]}\140\12\x2a\x2a\116\x65\167\x20\110\141\x72\144\167\141\162\x65\40\111\104\72\x2a\52\40\x60{$data["\x4e\145\167\x48\141\x72\144\167\x61\162\145\111\x64"]}\140\12\x2a\x2a\111\x50\x20\x41\144\144\x72\145\x73\163\72\x2a\52\x20{$clientIP}\12\x2a\52\124\x69\x6d\x65\163\x74\141\x6d\x70\x3a\x2a\x2a\x20{$timestamp}"; $this->sendWebhook("\167\x65\142\x70\141\x6e\145\154", "\360\x9f\222\xbb\x20\x48\127\111\104\40\x55\160\144\141\164\145\144", $description, 39423); return $result; case "\x44\145\154\145\x74\145\114\151\143\145\156\x73\145": $result = $this->deleteLicense($data); $description = "\x2a\x2a\114\x69\x63\x65\156\163\x65\40\x44\x65\154\145\x74\145\x64\52\52\xa\xa\x2a\52\x4c\x69\x63\145\x6e\163\145\x20\x4b\145\x79\72\52\52\x20\140{$data["\114\151\x63\x65\156\x73\145\113\145\x79"]}\x60\xa\52\x2a\x41\143\164\151\x6f\156\72\52\52\x20\120\x65\162\x6d\x61\x6e\145\x6e\164\x20\x64\x65\154\x65\164\151\x6f\156\12\x2a\x2a\x49\120\40\101\144\x64\162\145\163\x73\x3a\x2a\52\40{$clientIP}\12\52\52\124\x69\x6d\x65\163\x74\141\x6d\160\x3a\x2a\x2a\x20{$timestamp}"; $this->sendWebhook("\167\145\142\x70\141\x6e\145\x6c", "\360\237\x97\221\357\270\217\x20\114\x69\x63\145\156\163\x65\40\x44\x65\x6c\145\164\x65\144", $description, 16737792); return $result; case "\125\x70\x64\x61\164\x65\x4c\x69\143\x65\156\x73\x65\x41\x75\164\150\157\x72\x69\172\141\x74\151\x6f\x6e": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["\111\x73\101\165\164\x68\157\x72\x69\172\145\144"] ? "\x41\x75\x74\150\x6f\x72\151\x7a\145\144" : "\125\x6e\x61\x75\x74\150\157\x72\x69\x7a\x65\144"; $description = "\x2a\52\114\x69\x63\x65\x6e\163\x65\40\101\165\164\150\157\x72\x69\172\x61\x74\x69\x6f\156\40\x55\160\144\141\x74\x65\144\x2a\x2a\12\12\x2a\52\x4c\151\143\145\156\x73\x65\40\x4b\145\171\x3a\52\52\40\140{$data["\x4c\x69\143\x65\156\x73\145\113\x65\171"]}\x60\xa\x2a\x2a\x41\165\x74\x68\x6f\x72\151\x7a\141\x74\x69\157\x6e\40\123\164\x61\164\x75\163\x3a\x2a\52\40\52\52{$authStatus}\52\x2a\12\52\52\111\x50\40\x41\144\x64\x72\x65\163\163\x3a\x2a\x2a\40{$clientIP}\12\52\x2a\124\x69\x6d\x65\163\x74\x61\155\x70\x3a\x2a\52\x20{$timestamp}"; $this->sendWebhook("\x77\x65\x62\160\141\x6e\x65\154", "\360\237\x94\220\x20\101\165\x74\150\x6f\x72\151\172\141\x74\151\x6f\x6e\x20\125\x70\144\141\164\145\144", $description, 65280); return $result; case "\125\x70\144\141\x74\x65\126\141\154\x69\144\x55\x6e\164\151\x6c": $result = $this->updateValidUntil($data); $description = "\52\x2a\x4c\151\143\145\x6e\163\x65\40\126\141\154\151\x64\125\x6e\x74\151\x6c\x20\x55\x70\x64\141\164\145\144\52\52\xa\12\x2a\52\114\x69\x63\145\156\163\x65\40\x4b\x65\x79\x3a\x2a\x2a\40\140{$data["\114\x69\143\145\x6e\x73\x65\113\145\171"]}\140\xa\52\52\x4e\x65\x77\40\126\x61\x6c\151\x64\40\125\x6e\164\x69\x6c\x3a\x2a\x2a\x20{$data["\116\145\167\126\141\154\151\x64\x55\156\x74\151\154"]}\xa\52\52\111\120\x20\x41\144\144\162\145\x73\163\x3a\52\x2a\40{$clientIP}\xa\52\x2a\124\151\x6d\145\x73\164\x61\155\x70\72\x2a\52\40{$timestamp}"; $this->sendWebhook("\167\145\142\x70\141\156\x65\154", "\360\237\x93\x85\x20\x56\x61\x6c\x69\144\125\156\164\151\154\x20\x55\x70\x64\141\164\145\144", $description, 65280); return $result; case "\x55\x70\144\x61\x74\145\x44\151\163\x63\157\x72\x64\x55\x73\145\162\156\x61\x6d\x65": $result = $this->updateDiscordUsername($data); $description = "\52\x2a\114\151\143\145\156\x73\x65\x20\x44\151\x73\143\x6f\x72\x64\x20\x55\163\x65\x72\156\141\155\x65\40\125\160\x64\x61\164\145\x64\x2a\52\12\xa\52\x2a\x4c\x69\x63\x65\156\163\x65\40\x4b\x65\171\x3a\52\x2a\x20\140{$data["\x4c\151\143\x65\x6e\x73\x65\x4b\x65\x79"]}\x60\xa\x2a\x2a\x4e\x65\x77\40\x44\151\x73\143\157\162\x64\40\x55\163\x65\162\x6e\141\x6d\145\x3a\x2a\x2a\40{$data["\116\145\x77\x44\x69\163\x63\157\162\144\x55\163\x65\162\156\141\155\x65"]}\12\x2a\52\x49\120\x20\101\144\144\162\x65\x73\x73\72\x2a\52\40{$clientIP}\12\52\x2a\124\x69\155\x65\163\x74\x61\155\160\x3a\52\x2a\40{$timestamp}"; $this->sendWebhook("\167\145\142\x70\141\x6e\x65\x6c", "\360\237\221\244\x20\x44\x69\x73\x63\157\162\144\40\125\163\145\x72\156\141\155\x65\x20\x55\x70\x64\x61\164\x65\x64", $description, 65280); return $result; case "\x55\160\x64\141\164\x65\x44\151\163\143\x6f\x72\144\x55\163\145\162\x49\x64": $result = $this->updateDiscordUserId($data); $description = "\52\x2a\114\151\143\145\156\x73\x65\x20\x44\x69\x73\x63\x6f\x72\x64\40\x55\x73\145\x72\40\x49\x44\x20\x55\x70\x64\141\164\x65\144\52\x2a\12\xa\x2a\52\114\x69\143\145\x6e\x73\145\40\x4b\x65\x79\72\52\52\x20\x60{$data["\114\x69\143\145\156\x73\x65\113\145\171"]}\140\xa\x2a\52\x4e\145\x77\40\x44\x69\163\x63\157\x72\144\x20\125\163\145\162\x20\x49\x44\72\52\52\x20{$data["\116\145\x77\104\x69\163\x63\x6f\162\144\x55\x73\145\x72\x49\144"]}\12\x2a\52\111\x50\x20\101\144\x64\x72\x65\163\163\x3a\x2a\x2a\40{$clientIP}\12\x2a\52\124\151\x6d\x65\163\164\141\155\160\72\x2a\52\40{$timestamp}"; $this->sendWebhook("\x77\x65\x62\x70\141\156\x65\154", "\xf0\x9f\x94\x84\x20\104\x69\x73\x63\157\162\x64\40\x55\x73\x65\162\x49\144\40\125\160\144\x61\x74\145\144", $description, 65280); return $result; case "\125\x70\144\141\164\145\x4c\x69\143\145\156\163\145\113\x65\x79": $result = $this->updateLicenseKey($data); $description = "\x2a\52\114\151\143\145\x6e\x73\x65\40\x4b\145\171\x20\x55\160\x64\x61\x74\145\x64\x2a\52\xa\xa\x2a\52\117\x6c\144\40\x4c\151\143\145\156\163\x65\40\x4b\x65\171\72\x2a\52\40\140{$data["\x4f\x6c\x64\x4c\151\x63\x65\156\x73\145\x4b\x65\171"]}\x60\xa\x2a\x2a\x4e\x65\167\x20\x4c\151\x63\x65\156\x73\x65\x20\113\145\x79\72\52\x2a\40\140{$data["\116\145\x77\x4c\x69\143\x65\156\x73\145\113\x65\171"]}\x60\xa\x2a\x2a\x49\120\40\101\144\144\x72\x65\163\163\x3a\x2a\52\x20{$clientIP}\xa\52\x2a\x54\151\155\x65\x73\x74\141\x6d\x70\72\x2a\x2a\x20{$timestamp}"; $this->sendWebhook("\167\145\142\x70\141\x6e\x65\x6c", "\xf0\237\224\221\x20\x4c\x69\143\145\x6e\163\145\40\113\145\171\40\x55\x70\x64\141\x74\145\144", $description, 65280); return $result; default: throw new Exception("\x49\x6e\166\141\x6c\151\x64\40\101\143\164\x69\x6f\156\x3a\x20" . htmlspecialchars($data["\101\143\x74\151\157\156"])); } } private function createLicense($data) { if (!isset($data["\x44\151\163\143\x6f\162\x64\125\163\x65\162\111\144"])) { throw new Exception("\115\x69\x73\163\151\x6e\147\40\x72\x65\x71\165\151\x72\145\x64\40\146\151\145\154\144\x3a\x20\x44\151\x73\143\x6f\x72\x64\125\x73\145\162\x49\x64"); } if (!isset($data["\x44\165\x72\x61\164\151\157\156"]) && !isset($data["\x44\x61\x79\x73"])) { throw new Exception("\115\151\163\163\151\156\147\x20\162\145\161\x75\151\162\x65\x64\x20\x66\151\145\154\x64\72\x20\x44\x75\162\x61\164\x69\157\x6e\x20\x6f\x72\40\104\x61\171\163"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["\x44\x61\171\x73"])) { $days = (int) $data["\104\x61\x79\x73"]; if ($days <= 0) { throw new Exception("\x49\156\x76\x61\x6c\x69\x64\x20\156\165\x6d\x62\145\162\x20\157\x66\x20\x44\141\x79\x73"); } $validUntil->modify("\53{$days}\40\144\141\x79\x73"); } else { switch ($data["\104\165\x72\x61\x74\151\x6f\x6e"]) { case "\61\x5f\x6d\157\156\164\x68": $validUntil->modify("\x2b\x31\x20\155\x6f\x6e\x74\x68"); break; case "\63\x5f\x6d\157\156\x74\150\x73": $validUntil->modify("\x2b\x33\x20\155\157\x6e\164\x68\163"); break; case "\154\151\146\145\x74\151\x6d\x65": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("\x49\x6e\x76\x61\x6c\x69\x64\40\104\165\x72\141\164\151\x6f\x6e\40\x73\x74\162\151\x6e\147"); } } $hardwareId = $data["\110\x61\162\x64\x77\141\162\145\111\144"] ?? ''; $stmt = $this->pdo->prepare("\xa\40\x20\40\x20\40\40\40\x20\x20\x20\x20\40\111\x4e\x53\x45\122\124\x20\x49\116\124\117\x20\114\x69\143\145\x6e\143\145\163\x20\50\114\151\143\145\156\x63\x65\113\x65\171\x2c\x20\x56\x61\x6c\x69\x64\x55\x6e\164\151\154\54\x20\x48\141\162\x64\x77\x61\x72\145\x49\x64\x2c\x20\111\163\101\x75\164\150\x6f\162\151\172\145\x64\x2c\40\125\x73\x65\162\156\141\x6d\145\x2c\40\125\x73\x65\162\x49\x64\54\x20\x44\x69\163\x63\x6f\162\144\125\x73\145\x72\156\x61\155\x65\x2c\x20\x44\151\x73\x63\x6f\162\x64\x55\163\145\162\x49\144\x2c\40\x50\x68\157\156\x65\x4e\x75\155\x62\x65\x72\x2c\40\123\x74\x61\x74\x75\163\51\40\12\40\40\40\x20\x20\x20\x20\40\40\x20\x20\40\126\x41\x4c\125\105\x53\40\50\x3f\54\40\77\54\x20\77\54\40\77\x2c\40\77\54\x20\x3f\54\40\x3f\x2c\40\x3f\54\40\x3f\54\40\77\51\xa\x20\x20\40\x20\x20\x20\x20\x20"); $stmt->execute(array($licenseKey, $validUntil->format("\x59\55\155\x2d\x64"), $hardwareId, "\x46\141\154\163\x65", "\116\125\114\x4c", "\x30", $data["\x44\151\x73\x63\x6f\x72\144\x55\x73\x65\162\x6e\x61\x6d\x65"] ?? '', $data["\104\x69\163\143\157\162\144\125\163\x65\x72\x49\144"], "\60", "\x41\143\x74\x69\166\x65")); return array("\163\165\143\x63\x65\163\x73" => true, "\155\145\x73\x73\141\x67\145" => "\x4c\151\143\x65\x6e\x73\145\40\x63\x72\x65\141\x74\x65\x64\x20\163\x75\143\143\145\x73\163\146\165\154\x6c\x79", "\144\x61\x74\141" => array("\154\151\x63\x65\156\x73\145\x5f\153\145\171" => $licenseKey, "\166\x61\x6c\x69\x64\x5f\x75\156\164\151\x6c" => $validUntil->format("\x59\55\155\55\144"), "\163\x74\141\x74\x75\x73" => "\101\x63\164\151\166\x65")); } private function lookupLicense($data) { $hardwareIdParam = $data["\x48\x61\162\x64\167\x61\162\x65\111\x64"]; $clientSearchTerm = $data["\x53\x65\141\x72\143\x68\124\145\162\155"] ?? null; $clientStatusFilter = $data["\123\164\x61\x74\x75\163\106\x69\154\x74\x65\x72"] ?? null; $sql = "\x53\x45\x4c\105\103\x54\x20\x2a\40\x46\x52\117\x4d\x20\114\x69\143\x65\x6e\143\145\x73"; $conditions = array(); $params = array(); if ($hardwareIdParam === "\x46\x45\124\103\x48\137\101\x4c\x4c\x5f\x4c\111\x43\105\116\123\x45\x53") { if ($clientSearchTerm) { $conditions[] = "\x28\114\x69\143\145\x6e\x63\145\113\x65\171\40\114\x49\113\105\40\x3a\x73\145\x61\162\143\x68\x54\145\x72\x6d\40\x4f\122\x20\x44\x69\163\x63\x6f\x72\144\x55\x73\x65\x72\111\x64\x20\114\111\x4b\105\x20\x3a\x73\145\141\162\143\150\x54\x65\162\x6d\x20\x4f\122\x20\110\141\x72\144\167\141\x72\x65\x49\x64\x20\114\x49\113\105\x20\x3a\163\145\x61\162\143\x68\124\x65\162\155\40\x4f\122\40\x44\x69\163\x63\157\162\144\125\163\x65\x72\156\141\155\x65\40\x4c\x49\x4b\105\x20\x3a\x73\145\x61\x72\143\x68\124\x65\162\x6d\51"; $params["\x3a\163\x65\141\x72\143\150\124\x65\x72\x6d"] = "\x25" . $clientSearchTerm . "\x25"; } if ($clientStatusFilter) { $conditions[] = "\x53\164\141\x74\x75\x73\x20\x3d\40\72\x73\164\141\x74\165\163\106\151\x6c\164\x65\x72\126\141\x6c"; $params["\72\163\164\x61\x74\x75\163\106\x69\154\x74\x65\x72\x56\x61\154"] = $clientStatusFilter; } } else { $conditions[] = "\50\x48\141\162\x64\167\x61\162\x65\111\x64\40\75\40\x3a\x69\x64\137\x68\x77\x20\117\x52\40\x44\151\163\143\x6f\x72\144\125\x73\x65\162\111\x64\x20\75\40\72\151\x64\x5f\x64\x69\x73\143\157\x72\x64\40\117\122\x20\x4c\x69\x63\x65\156\x63\145\x4b\145\171\40\75\x20\72\x69\144\x5f\x6b\145\171\x29"; $params["\x3a\x69\144\x5f\150\167"] = $hardwareIdParam; $params["\72\x69\x64\137\x64\151\163\143\157\x72\x64"] = $hardwareIdParam; $params["\x3a\x69\144\137\153\145\171"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "\x53\164\141\164\165\163\x20\75\40\72\163\164\141\x74\165\x73\x46\x69\154\164\x65\x72\x56\141\154"; $params["\72\x73\x74\141\164\165\163\x46\x69\x6c\164\145\162\x56\x61\x6c"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= "\x20\127\x48\x45\x52\105\40" . implode("\x20\101\116\104\40", $conditions); } $sql .= "\40\117\122\x44\105\122\40\x42\131\x20\126\141\154\x69\x64\x55\156\x74\151\154\x20\104\105\x53\103"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "\x46\105\x54\x43\110\x5f\x41\x4c\x4c\x5f\x4c\111\103\x45\116\123\x45\123" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("\x4e\x6f\40\x6c\151\x63\x65\x6e\163\145\163\x20\x66\157\x75\156\144\40\x66\x6f\x72\x20\x74\x68\145\x20\160\x72\x6f\x76\x69\144\x65\144\40\151\144\145\156\x74\151\x66\x69\145\162\72\40" . htmlspecialchars($hardwareIdParam)); } return array("\x73\165\x63\143\x65\x73\163" => true, "\x6d\x65\x73\163\x61\x67\145" => "\x4c\151\x63\145\156\163\x65\x20\154\x6f\x6f\153\x75\160\40\163\165\143\143\145\x73\x73\146\x75\x6c", "\144\x61\x74\141" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["\x4c\151\x63\145\x6e\x73\145\113\145\x79"]) || !isset($data["\x44\141\x79\163"])) { throw new Exception("\x4d\x69\x73\x73\x69\x6e\x67\40\162\x65\161\x75\151\x72\x65\144\x20\x66\x69\x65\154\x64\x73\72\40\114\x69\143\x65\156\x73\x65\x4b\x65\171\54\40\x44\141\x79\163"); } $stmt = $this->pdo->prepare("\123\x45\x4c\105\103\124\x20\x2a\x20\106\x52\x4f\x4d\x20\114\151\143\145\156\x63\x65\x73\40\x57\x48\105\x52\105\x20\114\x69\x63\x65\156\x63\145\113\x65\x79\x20\75\x20\77"); $stmt->execute(array($data["\114\x69\143\x65\156\x73\145\113\x65\171"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("\x4c\x69\x63\145\x6e\x73\145\x20\156\157\x74\40\x66\157\165\x6e\144"); } $currentExpiry = new DateTime($license["\126\x61\154\x69\x64\125\156\164\x69\154"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("\53{$data["\x44\x61\171\163"]}\40\144\x61\x79\x73"); $stmtUpdate = $this->pdo->prepare("\125\x50\x44\x41\124\x45\x20\x4c\x69\143\x65\156\143\x65\163\40\123\x45\x54\40\126\x61\154\151\144\x55\x6e\x74\x69\154\x20\75\40\77\x20\x57\110\x45\x52\x45\x20\x4c\151\143\x65\156\x63\145\x4b\x65\171\x20\75\x20\77"); $stmtUpdate->execute(array($newExpiry->format("\x59\x2d\x6d\x2d\144"), $data["\x4c\x69\143\145\x6e\x73\x65\113\x65\171"])); return array("\163\x75\143\x63\145\163\163" => true, "\155\x65\x73\x73\x61\147\x65" => "\124\x69\155\x65\x20\141\144\144\x65\144\40\163\165\143\x63\145\x73\x73\146\165\x6c\154\171", "\144\x61\x74\141" => array("\x6c\151\143\145\156\163\145\137\153\x65\x79" => $data["\x4c\x69\143\145\156\163\145\x4b\145\171"], "\166\x61\154\151\144\137\x75\x6e\x74\x69\154" => $newExpiry->format("\x59\55\x6d\x2d\x64"), "\163\x74\x61\164\165\x73" => $license["\x53\164\x61\164\165\x73"])); } private function generateLicenseKey() { $chars = "\x41\102\103\104\105\x46\x47\110\112\x4b\x4c\115\116\x50\x51\x52\x53\x54\125\x56\127\x58\131\132\61\x32\63\64\65\66\67\x38\x39"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("\55", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("\123\105\x4c\105\x43\124\x20\103\x4f\125\x4e\x54\x28\52\x29\40\x61\x73\40\143\x6f\x75\x6e\x74\x20\106\122\117\115\x20\114\151\143\x65\x6e\x63\x65\163"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("\x61\x63\164\x69\166\145" => 0, "\x65\170\x70\151\x72\x65\x64" => 0, "\142\141\x6e\x6e\x65\x64" => 0, "\163\x75\x73\160\145\x6e\144\x65\x64" => 0, "\167\x61\151\164\x69\156\147" => 0); $stmtStatus = $this->pdo->query("\123\x45\114\105\x43\124\40\123\x74\x61\x74\165\163\x2c\x20\x43\x4f\x55\116\124\50\52\x29\40\x61\163\x20\x63\157\x75\x6e\x74\x20\106\x52\117\x4d\x20\x4c\x69\x63\145\x6e\x63\x65\163\40\x47\122\117\x55\120\x20\x42\x59\x20\x53\164\141\x74\x75\x73"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["\x53\164\141\164\x75\x73"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["\143\x6f\165\156\164"]; } } $stmtLifetime = $this->pdo->prepare("\x53\105\114\105\x43\x54\40\103\x4f\x55\x4e\124\50\x2a\x29\40\141\163\x20\x63\x6f\x75\x6e\x74\x20\x46\x52\x4f\115\x20\x4c\151\143\145\x6e\x63\x65\163\x20\127\x48\105\122\x45\x20\126\141\x6c\x69\144\x55\156\x74\151\154\40\x3d\40\x3f"); $stmtLifetime->execute(array("\62\60\71\x39\x2d\x31\x32\x2d\63\61")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("\163\165\143\x63\145\x73\x73" => true, "\x64\141\x74\x61" => array("\x74\157\164\x61\154" => $total, "\x61\x63\x74\151\166\145" => $statusCounts["\141\x63\164\x69\x76\145"], "\145\170\x70\x69\x72\145\144" => $statusCounts["\145\x78\x70\x69\x72\x65\x64"], "\x62\141\156\x6e\x65\x64" => $statusCounts["\x62\x61\156\x6e\x65\144"], "\x73\x75\x73\x70\x65\156\x64\145\x64" => $statusCounts["\163\165\163\x70\x65\x6e\144\x65\x64"], "\x77\x61\151\164\x69\x6e\147" => $statusCounts["\167\x61\151\164\151\156\x67"], "\154\151\146\145\164\151\155\x65" => $lifetime, "\155\x6f\156\164\150\154\x79" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["\104\x61\x74\145"]) || empty($data["\104\141\164\x65"])) { throw new Exception("\x4d\x69\x73\x73\151\156\147\x20\x44\141\164\145\x20\146\157\x72\40\107\x65\x74\114\151\x63\x65\x6e\163\145\x41\x67\147\162\x65\147\141\x74\145\x53\x74\x61\164\163\106\157\162\104\x61\x74\145"); } return array("\x73\165\x63\143\145\163\x73" => true, "\155\145\163\x73\x61\x67\x65" => "\122\x65\x74\x75\x72\156\x69\x6e\x67\x20\x63\165\x72\162\x65\x6e\x74\x20\141\147\147\x72\145\x67\x61\164\x65\x20\x73\164\141\164\x73\x3b\40\103\x72\x65\x61\x74\145\x64\x41\x74\40\143\157\x6c\x75\x6d\x6e\x20\156\145\x65\x64\x65\144\40\x66\157\x72\40\x68\151\163\x74\x6f\x72\151\143\141\x6c\x20\x61\143\143\x75\162\x61\143\171\40\157\156\x20" . htmlspecialchars($data["\104\x61\164\x65"]), "\x64\141\x74\x61" => array("\x74\157\x74\x61\154" => 0, "\141\143\164\x69\x76\x65" => 0, "\145\x78\160\151\x72\x65\x64" => 0, "\x62\141\x6e\x6e\x65\144" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["\x4c\151\x6d\x69\164"]) && !empty($data["\114\151\155\x69\164"]) ? (int) $data["\114\x69\x6d\x69\164"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa\x20\x20\40\x20\40\x20\40\40\x20\40\x20\40\x53\x45\x4c\105\x43\x54\40\x4c\151\143\x65\x6e\143\145\113\x65\171\x2c\x20\x56\141\x6c\151\x64\x55\x6e\x74\x69\154\54\x20\x44\151\163\143\157\162\144\x55\163\x65\162\x49\144\x2c\x20\125\163\145\x72\156\x61\x6d\x65\40\x61\x73\40\x43\x72\145\x61\164\x6f\162\x55\x73\145\162\x6e\141\155\x65\54\x20\110\141\x72\x64\167\x61\162\x65\x49\144\40\12\40\x20\40\x20\40\40\x20\40\x20\40\40\40\x46\122\117\x4d\40\x4c\151\143\145\x6e\143\x65\163\40\127\x48\105\x52\x45\40\123\x74\141\164\x75\163\x20\75\40\x22\101\143\x74\151\x76\x65\x22\x20\x41\x4e\x44\40\126\x61\154\151\144\125\156\164\x69\x6c\40\76\40\103\125\x52\104\101\124\x45\x28\51\x20\x4f\x52\104\x45\x52\x20\x42\x59\x20\126\141\x6c\x69\x64\125\x6e\x74\x69\154\x20\101\x53\103\x20\114\111\115\111\x54\x20\72\x6c\151\155\151\x74\12\x20\x20\x20\x20\x20\x20\x20\x20"); $stmt->bindParam("\x3a\154\x69\155\x69\x74", $limit, PDO::PARAM_INT); $stmt->execute(); return array("\x73\x75\x63\143\x65\x73\163" => true, "\144\x61\164\x61" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["\123\x74\x61\x72\x74\104\141\x74\x65"]) || empty($data["\x53\164\x61\x72\x74\x44\x61\x74\x65"]) || !isset($data["\x45\x6e\x64\104\x61\x74\x65"]) || empty($data["\105\156\x64\x44\x61\164\x65"])) { throw new Exception("\x4d\151\163\163\x69\156\x67\x20\x53\x74\x61\x72\164\x44\141\x74\x65\x20\x6f\x72\40\x45\156\144\104\x61\164\x65\40\x66\x6f\x72\x20\107\145\x74\114\x69\143\x65\x6e\163\x65\103\x6f\x75\x6e\164\102\171\x44\x61\x74\x65\x52\141\156\x67\145"); } return array("\x73\165\x63\143\x65\x73\163" => true, "\155\145\x73\163\x61\147\x65" => "\104\x61\164\145\x20\x72\x61\156\147\145\40\143\x6f\x75\156\164\x73\x20\x66\157\162\x20\x63\162\145\x61\164\145\x64\57\x61\x63\164\x69\x76\141\164\x65\144\40\141\x72\x65\40\156\157\x74\40\141\166\x61\151\x6c\x61\142\x6c\x65\x20\141\x73\x20\x43\162\145\x61\x74\145\x64\x41\164\40\x63\x6f\x6c\165\155\x6e\x20\x69\x73\x20\155\x69\163\x73\x69\156\147\56", "\x64\x61\164\141" => array("\143\162\145\x61\x74\x65\x64" => 0, "\x61\x63\164\x69\166\x61\164\x65\x64" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["\114\x69\143\x65\x6e\163\145\113\x65\171"]) || !isset($data["\116\x65\x77\123\164\141\164\x75\163"])) { throw new Exception("\115\x69\x73\163\151\156\x67\40\114\x69\143\145\156\163\x65\x4b\145\171\40\x6f\x72\40\116\x65\x77\x53\164\141\164\165\x73"); } $validStatuses = array("\x41\x63\164\x69\x76\x65", "\123\x75\x73\160\x65\156\x64\x65\x64", "\105\170\160\151\x72\145\x64", "\x42\x61\x6e\156\145\144"); if (!in_array($data["\116\145\167\123\164\x61\x74\165\163"], $validStatuses)) { throw new Exception("\111\x6e\166\141\154\x69\x64\x20\x4e\x65\x77\x53\164\x61\x74\165\163\x20\x76\141\x6c\165\145"); } $stmt = $this->pdo->prepare("\x55\x50\x44\101\124\105\40\x4c\x69\x63\145\156\x63\x65\x73\40\x53\x45\124\40\123\x74\141\x74\x75\163\x20\75\40\77\x20\x57\110\x45\122\x45\x20\114\151\143\x65\x6e\143\x65\113\x65\x79\40\x3d\40\x3f"); $stmt->execute(array($data["\x4e\x65\167\123\x74\141\x74\x75\163"], $data["\x4c\151\143\145\156\163\145\113\x65\x79"])); if ($stmt->rowCount() > 0) { return array("\163\165\143\x63\145\x73\163" => true, "\155\145\163\163\x61\147\145" => "\x4c\151\x63\x65\x6e\x73\x65\40\x73\164\141\x74\165\x73\40\165\160\144\x61\164\x65\144\56"); } throw new Exception("\114\x69\x63\145\x6e\163\145\40\x6e\157\x74\40\146\157\165\x6e\144\40\157\x72\x20\x73\164\141\164\165\x73\x20\x6e\157\x74\x20\143\150\x61\x6e\x67\145\144\56"); } private function updateLicenseHwid($data) { if (!isset($data["\114\151\x63\145\x6e\163\145\x4b\x65\171"]) || !isset($data["\116\x65\x77\x48\x61\162\144\x77\x61\x72\145\x49\x64"])) { throw new Exception("\115\x69\x73\x73\151\x6e\x67\40\114\x69\x63\x65\x6e\x73\145\113\x65\x79\40\157\x72\40\116\145\x77\x48\141\x72\144\167\141\162\x65\111\x64"); } $stmt = $this->pdo->prepare("\x55\120\104\101\x54\x45\40\x4c\x69\x63\x65\156\143\145\x73\40\123\105\x54\40\110\x61\162\144\x77\x61\162\145\x49\x64\x20\75\x20\77\54\40\x53\x74\141\x74\x75\x73\40\75\x20\x3f\40\x57\110\x45\x52\105\x20\x4c\x69\x63\x65\x6e\143\x65\113\145\171\40\x3d\40\77"); $stmt->execute(array($data["\x4e\x65\x77\x48\x61\162\x64\x77\x61\162\x65\111\144"], "\101\x63\x74\151\x76\x65", $data["\x4c\x69\x63\145\156\163\x65\x4b\x65\x79"])); if ($stmt->rowCount() > 0) { return array("\163\165\143\143\x65\163\163" => true, "\155\145\163\x73\x61\x67\x65" => "\x4c\151\143\145\156\163\x65\x20\110\127\x49\104\x20\x75\160\144\x61\164\145\x64\56"); } throw new Exception("\114\151\x63\145\156\x73\x65\x20\156\157\x74\x20\x66\x6f\165\x6e\x64\x20\157\x72\40\x48\127\111\x44\40\156\157\x74\40\x63\x68\x61\x6e\147\145\x64\56"); } private function deleteLicense($data) { if (!isset($data["\x4c\x69\x63\x65\x6e\x73\145\113\x65\171"])) { throw new Exception("\115\x69\x73\x73\x69\156\147\x20\114\151\143\145\156\163\x65\113\145\171"); } $stmt = $this->pdo->prepare("\104\x45\114\x45\124\x45\x20\106\122\x4f\x4d\x20\114\x69\x63\145\156\x63\145\163\40\127\x48\x45\122\x45\40\x4c\x69\x63\x65\x6e\x63\x65\113\145\x79\40\x3d\x20\x3f"); $stmt->execute(array($data["\114\151\x63\x65\156\x73\145\x4b\x65\171"])); if ($stmt->rowCount() > 0) { return array("\x73\165\143\x63\145\x73\x73" => true, "\x6d\145\163\163\141\147\145" => "\114\x69\143\x65\x6e\x73\145\x20\144\145\154\145\164\x65\x64\56"); } throw new Exception("\114\x69\143\145\x6e\x73\x65\x20\x6e\157\x74\40\146\157\x75\x6e\x64\x20\157\162\x20\x61\154\x72\x65\141\x64\x79\x20\144\x65\154\145\x74\145\x64\56"); } private function updateLicenseAuthorization($data) { if (!isset($data["\114\x69\143\145\156\163\x65\x4b\x65\x79"]) || !isset($data["\111\163\x41\165\x74\150\157\162\x69\172\x65\144"])) { throw new Exception("\115\151\x73\163\151\156\x67\40\162\145\x71\165\x69\162\x65\144\x20\x66\151\145\154\x64\x73\72\40\114\151\143\x65\156\163\x65\x4b\145\171\x2c\x20\111\163\101\165\x74\x68\x6f\x72\x69\172\145\144"); } $isAuthorized = $data["\x49\x73\x41\165\164\x68\x6f\x72\151\172\x65\x64"] === true || strtolower((string) $data["\111\163\101\165\x74\150\157\x72\151\x7a\x65\144"]) === "\x74\x72\165\x65" || $data["\x49\x73\x41\165\164\150\157\162\x69\x7a\x65\144"] === "\61" || $data["\111\x73\101\165\164\150\157\162\151\x7a\x65\144"] === 1 ? "\x54\x72\165\x65" : "\x46\141\x6c\x73\145"; $stmt = $this->pdo->prepare("\125\x50\104\x41\x54\x45\40\114\x69\x63\145\x6e\x63\145\163\40\123\x45\x54\40\111\163\101\x75\164\x68\x6f\162\x69\x7a\x65\x64\40\x3d\x20\77\40\x57\110\x45\x52\105\x20\x4c\x69\143\145\156\x63\x65\113\x65\x79\40\75\40\77"); $stmt->execute(array($isAuthorized, $data["\x4c\151\x63\x65\156\x73\x65\113\145\x79"])); if ($stmt->rowCount() > 0) { return array("\x73\165\x63\x63\x65\163\x73" => true, "\155\145\163\x73\141\x67\145" => "\x4c\151\143\x65\x6e\x73\x65\40\141\x75\164\150\x6f\x72\151\x7a\x61\x74\151\x6f\x6e\x20\163\164\141\164\x75\x73\x20\165\160\144\141\164\x65\x64\40\x73\x75\143\x63\x65\x73\163\146\x75\x6c\x6c\171\56", "\144\141\x74\141" => array("\x6c\151\143\145\x6e\x73\145\x5f\x6b\145\x79" => $data["\114\151\x63\x65\156\x73\x65\113\x65\x79"], "\x69\163\x5f\141\x75\x74\x68\x6f\x72\x69\172\x65\144" => $isAuthorized)); } throw new Exception("\x4c\151\x63\145\156\x73\x65\x20\x6e\157\164\x20\146\157\x75\156\x64\40\x6f\162\40\x61\165\164\150\x6f\162\151\x7a\x61\164\151\x6f\x6e\40\163\164\141\x74\x75\x73\x20\x6e\157\164\40\x63\x68\141\156\147\x65\x64\x2e"); } private function updateValidUntil($data) { if (!isset($data["\114\x69\x63\145\x6e\163\145\x4b\x65\x79"]) || !isset($data["\116\x65\167\126\x61\154\151\x64\x55\156\x74\151\154"])) { throw new Exception("\x4d\151\x73\x73\151\156\147\40\x4c\151\x63\145\156\x73\x65\113\x65\x79\40\157\162\x20\116\145\167\x56\141\154\x69\144\x55\156\164\x69\154"); } try { $newValidUntil = new DateTime($data["\x4e\x65\x77\x56\141\154\x69\x64\x55\x6e\x74\x69\154"]); $formattedDate = $newValidUntil->format("\x59\55\x6d\x2d\x64"); } catch (Exception $e) { throw new Exception("\111\x6e\166\x61\x6c\x69\144\x20\x64\x61\164\x65\40\146\157\x72\155\141\164\x20\146\x6f\x72\40\116\145\167\126\141\x6c\151\x64\125\156\x74\151\154"); } $stmt = $this->pdo->prepare("\125\120\x44\x41\124\105\x20\x4c\x69\x63\145\x6e\x63\x65\x73\x20\123\x45\x54\x20\x56\141\x6c\x69\144\x55\x6e\x74\x69\154\x20\75\40\x3f\x20\x57\x48\105\122\x45\40\114\151\143\145\156\143\145\113\145\171\40\75\x20\77"); $stmt->execute(array($formattedDate, $data["\x4c\151\x63\x65\156\163\x65\x4b\x65\x79"])); if ($stmt->rowCount() > 0) { return array("\163\x75\143\143\x65\163\x73" => true, "\x6d\x65\x73\163\141\x67\x65" => "\x4c\151\x63\x65\x6e\163\145\40\126\141\x6c\x69\144\x55\156\164\x69\154\x20\165\160\144\x61\164\x65\x64\40\x73\165\143\143\145\163\163\x66\165\x6c\154\171\x2e", "\144\141\x74\x61" => array("\154\x69\143\145\156\163\145\137\153\145\171" => $data["\114\x69\x63\145\156\x73\145\113\145\x79"], "\x76\x61\154\151\144\x5f\x75\156\x74\151\x6c" => $formattedDate)); } throw new Exception("\114\151\143\145\156\x73\x65\40\x6e\x6f\164\40\146\157\165\x6e\x64\40\157\162\x20\x56\141\154\x69\x64\125\156\x74\x69\x6c\x20\x6e\157\x74\40\143\x68\x61\156\147\x65\144\56"); } private function updateDiscordUsername($data) { if (!isset($data["\114\x69\143\x65\156\163\145\x4b\x65\x79"]) || !isset($data["\116\145\x77\x44\151\x73\x63\157\162\x64\x55\163\145\162\x6e\x61\155\145"])) { throw new Exception("\115\x69\x73\x73\x69\156\147\40\x4c\x69\143\x65\x6e\x73\x65\x4b\x65\x79\40\157\162\40\x4e\x65\167\104\x69\163\x63\157\x72\x64\125\163\x65\x72\x6e\141\155\x65"); } $newDiscordUsername = trim($data["\116\145\167\x44\151\163\x63\x6f\x72\144\x55\163\145\162\x6e\141\155\x65"]); if (empty($newDiscordUsername)) { throw new Exception("\x44\151\163\143\x6f\x72\144\40\x75\163\145\162\156\141\155\145\x20\x63\141\x6e\x6e\157\164\x20\142\145\x20\x65\155\x70\x74\x79"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("\x44\151\x73\x63\x6f\162\144\40\x75\163\145\x72\x6e\141\x6d\x65\x20\155\165\x73\164\40\142\x65\x20\x62\x65\x74\167\x65\145\156\x20\63\55\63\62\x20\x63\150\x61\x72\x61\x63\164\145\162\163"); } $stmt = $this->pdo->prepare("\x55\120\104\101\x54\105\40\114\151\x63\145\156\x63\145\163\x20\x53\x45\x54\x20\x44\x69\x73\x63\x6f\162\144\125\x73\145\162\x6e\x61\x6d\145\40\75\40\77\x20\127\x48\x45\122\105\40\x4c\x69\x63\x65\156\x63\x65\113\x65\x79\x20\75\40\x3f"); $stmt->execute(array($newDiscordUsername, $data["\x4c\x69\x63\145\x6e\163\145\113\145\171"])); if ($stmt->rowCount() > 0) { return array("\163\x75\143\143\x65\x73\x73" => true, "\x6d\145\x73\x73\x61\x67\145" => "\x4c\x69\x63\x65\156\x73\145\x20\104\x69\x73\143\x6f\x72\144\x20\125\x73\x65\162\156\141\x6d\x65\x20\165\160\144\141\x74\x65\x64\40\x73\x75\143\143\145\x73\x73\146\165\154\154\171\x2e", "\x64\x61\x74\x61" => array("\x6c\151\143\145\156\163\x65\137\153\x65\171" => $data["\114\151\x63\145\156\163\145\113\145\x79"], "\144\151\x73\x63\x6f\x72\x64\x5f\165\163\145\x72\156\141\155\145" => $newDiscordUsername)); } throw new Exception("\x4c\x69\143\145\x6e\x73\x65\x20\156\x6f\x74\40\x66\157\165\156\x64\40\157\162\x20\x44\151\163\143\x6f\x72\x64\40\x55\163\x65\162\x6e\x61\155\145\40\156\157\164\x20\143\150\x61\156\x67\x65\x64\56"); } private function updateDiscordUserId($data) { if (!isset($data["\x4c\x69\143\145\156\x73\145\113\145\x79"]) || !isset($data["\116\145\x77\104\151\163\x63\x6f\162\x64\125\x73\x65\162\111\144"])) { throw new Exception("\x4d\x69\x73\163\x69\156\147\x20\114\151\x63\x65\x6e\x73\145\113\x65\171\40\x6f\x72\x20\116\145\167\104\x69\163\x63\157\162\x64\125\x73\x65\x72\111\144"); } $newDiscordUserId = trim($data["\116\x65\167\x44\x69\163\x63\x6f\162\x64\x55\x73\x65\162\111\144"]); if (empty($newDiscordUserId)) { throw new Exception("\104\x69\x73\x63\157\162\144\40\125\x73\145\162\40\x49\x44\40\143\x61\156\x6e\x6f\x74\40\x62\145\x20\145\155\160\x74\x79"); } $stmt = $this->pdo->prepare("\125\x50\x44\x41\124\105\40\114\151\x63\145\156\143\145\163\40\123\105\x54\40\x44\151\163\x63\x6f\162\144\x55\x73\145\x72\111\144\x20\x3d\x20\x3f\40\127\110\x45\122\x45\x20\114\x69\x63\145\156\143\145\x4b\145\171\x20\75\40\77"); $stmt->execute(array($newDiscordUserId, $data["\x4c\x69\x63\145\156\x73\x65\113\145\x79"])); if ($stmt->rowCount() > 0) { return array("\x73\x75\x63\x63\145\163\163" => true, "\155\x65\163\x73\x61\147\145" => "\104\151\x73\x63\x6f\162\144\40\x55\x73\145\162\40\111\104\x20\x75\160\144\141\x74\145\144\40\163\x75\143\143\x65\x73\x73\x66\165\x6c\154\x79\56", "\x64\141\164\x61" => array("\x6c\151\x63\145\x6e\163\x65\x5f\x6b\145\x79" => $data["\114\x69\x63\145\x6e\163\x65\113\145\x79"], "\x64\x69\163\143\157\x72\x64\137\x75\163\x65\162\137\151\144" => $newDiscordUserId)); } throw new Exception("\x4c\151\x63\x65\156\163\x65\x20\156\157\164\x20\x66\x6f\165\x6e\144\40\x6f\162\x20\x44\151\163\143\x6f\162\144\40\125\x73\x65\162\x20\x49\104\40\156\x6f\164\40\x63\x68\x61\x6e\147\x65\144\56"); } private function updateLicenseKey($data) { if (!isset($data["\117\154\x64\x4c\151\x63\x65\156\x73\145\113\x65\x79"]) || !isset($data["\116\145\x77\114\151\x63\x65\156\x73\x65\113\x65\171"])) { throw new Exception("\115\151\x73\x73\x69\156\147\40\117\x6c\x64\114\x69\x63\145\x6e\x73\x65\x4b\145\x79\40\x6f\x72\x20\116\145\x77\x4c\151\143\145\x6e\x73\x65\113\145\171"); } $oldLicenseKey = trim($data["\x4f\x6c\x64\x4c\x69\143\x65\156\x73\x65\x4b\x65\171"]); $newLicenseKey = trim($data["\x4e\145\167\x4c\x69\x63\x65\x6e\163\x65\113\145\171"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("\x4c\151\x63\145\156\163\x65\40\x6b\x65\x79\x73\40\x63\141\x6e\156\157\x74\x20\142\145\x20\145\x6d\160\164\171"); } if (!preg_match("\x2f\136\x5b\101\55\132\60\55\x39\135\x7b\65\x7d\55\133\x41\55\x5a\60\x2d\71\135\x7b\65\x7d\x2d\133\101\55\132\x30\x2d\71\135\173\x35\175\55\133\x41\x2d\132\60\x2d\71\135\x7b\x35\x7d\55\x5b\101\x2d\132\60\x2d\71\x5d\x7b\x35\175\44\x2f", $newLicenseKey)) { throw new Exception("\116\145\x77\x20\x6c\151\143\145\156\x73\x65\x20\153\145\171\x20\155\x75\163\x74\x20\x62\x65\x20\151\156\40\146\157\162\155\141\164\40\x58\130\130\x58\x58\55\130\x58\x58\130\130\x2d\130\130\130\130\130\x2d\130\x58\130\x58\130\55\x58\x58\130\130\130\40\167\151\164\x68\x20\165\x70\x70\145\x72\x63\x61\x73\145\x20\x6c\145\x74\164\145\x72\163\40\141\x6e\x64\x20\156\x75\155\142\x65\x72\163\x20\x6f\156\154\171"); } $checkStmt = $this->pdo->prepare("\x53\105\x4c\x45\x43\x54\x20\x43\x4f\125\116\124\x28\52\x29\x20\106\122\x4f\115\40\x4c\x69\143\145\156\143\x65\x73\x20\127\110\x45\122\x45\x20\114\x69\143\x65\156\143\145\113\x65\171\40\x3d\40\77"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("\x4f\x6c\144\x20\x6c\151\x63\x65\x6e\x73\x65\x20\x6b\145\x79\x20\x6e\157\164\40\146\157\x75\156\144"); } $uniqueStmt = $this->pdo->prepare("\123\x45\x4c\x45\103\x54\x20\x43\x4f\x55\x4e\x54\50\52\51\40\x46\x52\117\x4d\40\x4c\151\x63\x65\x6e\x63\x65\x73\40\127\x48\105\122\x45\x20\x4c\151\143\x65\x6e\143\x65\113\x65\171\x20\x3d\40\x3f"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("\x4e\x65\x77\x20\154\x69\x63\x65\x6e\x73\145\x20\153\x65\171\x20\141\x6c\162\145\x61\144\171\40\145\170\x69\x73\164\163"); } $stmt = $this->pdo->prepare("\x55\120\x44\x41\124\x45\40\x4c\151\143\x65\156\143\145\x73\x20\x53\x45\124\40\x4c\151\143\x65\x6e\143\145\113\x65\x79\x20\x3d\x20\x3f\x20\127\110\x45\x52\x45\x20\114\151\x63\x65\156\x63\145\x4b\x65\x79\x20\75\40\x3f"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("\163\165\143\x63\x65\163\163" => true, "\x6d\145\163\x73\141\147\145" => "\x4c\x69\143\145\156\x73\145\40\113\x65\171\40\165\x70\x64\141\164\x65\144\40\163\165\143\x63\x65\x73\x73\x66\165\x6c\154\171\x2e", "\x64\x61\164\x61" => array("\x6f\x6c\144\137\154\151\143\x65\156\163\x65\137\153\145\171" => $oldLicenseKey, "\156\145\167\137\154\151\x63\145\156\x73\145\137\153\145\x79" => $newLicenseKey)); } throw new Exception("\x4c\x69\143\145\x6e\x73\x65\x20\153\x65\x79\x20\x75\x70\x64\141\164\145\x20\146\x61\151\154\145\x64\56"); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "\101\156\x20\x75\156\145\x78\x70\x65\143\x74\145\144\x20\x65\162\162\157\162\x20\157\143\143\165\x72\162\145\144\56"; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("\163\x75\143\x63\145\163\x73" => false, "\x65\x72\x72\157\x72" => $errorMessage, "\x63\157\x64\x65" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["\x52\105\121\125\105\x53\x54\137\115\105\x54\x48\x4f\104"] === "\x4f\120\x54\111\117\x4e\123") { http_response_code(200); die; } goto hnml7; Uwg37: header("\x50\x72\x61\x67\155\141\x3a\40\x6e\x6f\x2d\x63\141\143\150\145"); goto quP6Y; quP6Y: header("\105\x78\x70\151\162\145\x73\x3a\x20\60"); goto JBqBJ; FTbfO: header("\x58\55\x58\123\x53\55\x50\x72\157\164\145\143\x74\151\x6f\x6e\72\40\61\x3b\40\x6d\x6f\x64\145\75\142\x6c\157\x63\x6b"); goto GH15r; GH15r: header("\x53\x74\162\x69\143\x74\55\124\x72\141\x6e\x73\160\157\x72\164\55\x53\x65\x63\x75\162\151\x74\x79\x3a\40\155\141\x78\x2d\141\x67\x65\75\x33\61\x35\63\66\60\x30\x30\x3b\x20\x69\156\143\154\165\144\145\x53\x75\142\x44\157\x6d\141\151\156\163"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntil Updated**\xa
**License Key:** `{$data["LicenseKey"]}`\xa**New Valid Until:** {$data["NewValidUntil"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;icense Key:** `{$data["LicenseKey"]}`\xa**New Valid Until:** {$data["NewValidUntil"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;ey:** `{$data["LicenseKey"]}`\xa**New Valid Until:** {$data["NewValidUntil"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;$data["LicenseKey"]}`\xa**New Valid Until:** {$data["NewValidUntil"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;icenseKey"]}`\xa**New Valid Until:** {$data["NewValidUntil"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;y"]}`\xa**New Valid Until:** {$data["NewValidUntil"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;**New Valid Until:** {$data["NewValidUntil"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;lid Until:** {$data["NewValidUntil"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;l:** {$data["NewValidUntil"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;ata["NewValidUntil"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;ValidUntil"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;il"]}\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;ress:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;{$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;IP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;p:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;imestamp}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;}"; $this->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;s->sendWebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;ebhook("webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;webpanel", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;", "πŸ“… ValidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;lidUntil Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data; Updated", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;", $description, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;ription, 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data; 65280); return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data; return $result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;$result; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data; case "UpdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;pdateDiscordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;cordUsername": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;name": $result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;result = $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data; $this->updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;updateDiscordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;scordUsername($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;rname($data); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;ata); $description = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;escription = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;on = "**License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;License Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;Discord Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;Username Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data; Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;License Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;Key:** `{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;{$data["LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;LicenseKey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;ey"]}`\xa**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;a**New Discord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;iscord Username:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;sername:** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;** {$data["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;a["NewDiscordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;scordUsername"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;rname"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;dress:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data; {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;tIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;imestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;mestamp}"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;"; $this->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;->sendWebhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;bhook("webpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;ebpanel", "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;, "πŸ‘€ Discord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;cord Username Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;rname Updated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;dated", $description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;$description, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;tion, 65280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;280); return $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;turn $result; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;sult; case "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;se "UpdateDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;teDiscordUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;dUserId": $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;: $result = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;t = $this->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;s->updateDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;eDiscordUserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;UserId($data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;data); $description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;description = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;ion = "**License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;*License Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data; Discord User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data; User ID Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data; Updated**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;**
\xa**License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;License Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R: 



 goto yEIcI; yEIcI: error_reporting(E_ALL); goto jGv7V; VXD7J: header_remove("X-Powered-By"); goto JDhkU; TNTzU: header("Content-Type: application/json; charset=utf-8"); goto Qdft6; zc3sa: header("X-Frame-Options: DENY"); goto FTbfO; Qdft6: header("Cache-Control: no-store, no-cache, must-revalidate, private"); goto Uwg37; JDhkU: header_remove("Server"); goto ScOxe; jGv7V: ini_set("display_errors", 1); goto TNTzU; hnml7: $api = new SecureAPI(); goto OEb29; OEb29: $api->handleRequest(); goto IXB_R; JBqBJ: header("X-Content-Type-Options: nosniff"); goto zc3sa; ScOxe: class SecureAPI { private $pdo; private $whitelistedIPs = array("91r18v6.6", "91r18.66.", "159q46.43.", "localhost"); private $keyCreationAllowedIP = ".8v6."; private $expectedUserAgent = "xsPbPucSfZKwn65p3sN18M92"; private $telegramBotToken = "852884:AAERSgQsj6v5GGmJWbXYaRmshfmXA6_Q2E4"; private $telegramChatId = 6003368462; private $vdsCreateUrl = "http://91.218.66.77:7743/api/create-key"; private $vdsSharedSecret = "FP_VDS_HMAC_a8f3k2m9x7q4w1e6"; private $webhooks = array("security" => "https://discord.com/api/webhooks/14254946963/v_i7uFLyXYlp4io_NAGoLd4SmpU5ptFLDi7ORHZbQsdI5nqskfbunkAhuNbM4YUb4FV", "license_creation" => "https://discord.com/api/webhooks/21235383760/r4doejz2AqYzVOjPeszO9-cnqQZEfXw0yHdzsDK_7Oe6eU3ds76YLruQFakZr8rTt4yc", "license_operations" => "https://discord.com/api/webhooksy421760301544/VXpwT42gkz3UOnsEPLjAphj4jlk7li8IgfECABIoPW_WVLzCBJ7GPHP8DIGw56rtLfmF", "general" => "https://discord.com/api/webhooks/14250810ΕΎ7/MUrmBckE1MiRSy_2iooIytrCfJMK5g9oH7aPfRKYleH0R-Rc1DgJvS96wgwZR1uCk7L7", "webpanel" => "https://discord.com/api/webhooks/14212377465214585/yBJTc5tJHkxjcutxLJfij6PgRby_IdTFdwPWAkf0Enl1enIDio6W5FZWfBAso0mTBK"); public function __construct() { $this->initDatabase(); $this->validateRequest(); } private function initDatabase() { try { $this->pdo = new PDO("mysql:host=localhost;dbname=FortePriv;charset=utf8mb4", "FortePriv", "7Uf30linpnGBHajMTvh7j2uQe7E1otlB", array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_TIMEOUT => 10)); } catch (PDOException $e) { $this->sendError("Database connection error.", 500); } } private function validateRequest() { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); $userAgent = $_SERVER["HTTP_USER_AGENT"] ?? "Unknown"; if ($_SERVER["REQUEST_METHOD"] !== "POST") { $description = "**Security Alert: Invalid Request Method**
\xa**Method Used:** {$_SERVER["REQUEST_METHOD"]}\xa**Expected Method:** POST
**IP Address:** {$clientIP}
**User Agent:** `{$userAgent}`\xa**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid Request Method", $description); $this->sendError("Invalid request method", 405); } if ($userAgent !== $this->expectedUserAgent) { $description = "**Security Alert: Invalid User Agent**\xa
**Expected User Agent:** `{$this->expectedUserAgent}`
**Received User Agent:** `{$userAgent}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}
**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Invalid User Agent", $description); $this->sendError("Unauthorized", 403); } if (!in_array($clientIP, $this->whitelistedIPs)) { $description = "**Security Alert: Unwhitelisted IP**\xa
**Blocked IP:** {$clientIP}\xa**User Agent:** `{$userAgent}`
**Timestamp:** {$timestamp}\xa**Action:** Request blocked"; $this->sendSecurityWebhook("🚫 Unwhitelisted IP", $description); $this->sendError("Unauthorized", 403); } } private function sendWebhook($webhookType, $title, $description, $color = 65280) { if (!isset($this->webhooks[$webhookType])) { return; } $embed = array("title" => $title, "description" => $description, "color" => $color, "timestamp" => date("c")); $data = array("embeds" => array($embed)); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->webhooks[$webhookType]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_exec($ch); curl_close($ch); } private function sendSecurityWebhook($title, $description) { $this->sendWebhook("security", $title, $description, 16711680); } private function resolveTelegramChatId() { if ($this->telegramChatId !== null) { return $this->telegramChatId; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/getUpdates?limit="; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); if ($result) { $data = json_decode($result, true); if (isset($data["ok"]) && $data["ok"] && !empty($data["result"])) { $lastUpdate = end($data["result"]); $this->telegramChatId = $lastUpdate["message"]["chat"]["id"] ?? null; } } return $this->telegramChatId; } private function sendTelegramNotification($message) { $chatId = $this->resolveTelegramChatId(); if (!$chatId) { return false; } $url = "https://api.telegram.org/bot{$this->telegramBotToken}/sendMessage"; $payload = array("chat_id" => $chatId, "text" => $message, "parse_mode" => "HTML"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload)); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); $result = curl_exec($ch); curl_close($ch); return $result !== false; } private function forwardToVds($data, $clientIP) { $timestamp = time(); $payload = json_encode(array("event" => "create_key", "source" => "web", "request_data" => $data, "origin_ip" => $clientIP, "timestamp" => $timestamp)); $signature = hash_hmac("sha256", $payload, $this->vdsSharedSecret); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $this->vdsCreateUrl); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $payload); curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "X-Signature: " . $signature, "X-Timestamp: " . $timestamp)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $result = curl_exec($ch); $curlError = curl_error($ch); curl_close($ch); if ($result === false) { $this->sendTelegramNotification("⚠️ <b>VDS Forward Failed</b>
Error: {$curlError}
IP: {$clientIP}"); throw new Exception("Key creation service unavailable"); } return array("success" => true, "message" => "Key creation request submitted for Telegram approval. Key will be created once approved."); } public function handleRequest() { $data = $_POST; if (empty($data)) { $this->sendError("Empty request", 400); } $requiredFields = array("App", "Operation", "AuthType", "HardwareId", "Action"); foreach ($requiredFields as $field) { if (!isset($data[$field]) || empty($data[$field])) { $this->sendError("Missing required field: {$field}", 400); } } if ($data["App"] !== "FortePriv" || $data["Operation"] !== "WEB") { $this->sendError("Invalid App or Operation", 400); } try { $response = $this->processAction($data); echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); } catch (Exception $e) { $this->sendError($e->getMessage(), 400); } } private function processAction($data) { $clientIP = $_SERVER["REMOTE_ADDR"] ?? $_SERVER["HTTP_X_FORWARDED_FOR"] ?? "Unknown"; $timestamp = date("Y-m-d H:i:s"); switch ($data["Action"]) { case "CreateLicense": case "RegisterLicense": if ($clientIP === $this->keyCreationAllowedIP) { $result = $this->createLicense($data); $duration = isset($data["Days"]) ? "{$data["Days"]} days" : $data["Duration"] ?? "Unknown"; $description = "**License Created Successfully**\xa
**Discord ID:** {$data["DiscordUserId"]}
**Discord Username:** " . ($data["DiscordUsername"] ?? "N/A") . "\xa**Duration:** {$duration}\xa**License Key:** `{$result["data"]["license_key"]}`
**Valid Until:** {$result["data"]["valid_until"]}\xa**Hardware ID:** " . ($data["HardwareId"] ?? "Not set") . "\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("license_creation", "πŸ†• License Created", $description, 65280); return $result; } $result = $this->forwardToVds($data, $clientIP); return $result; case "LookupLicense": $result = $this->lookupLicense($data); $searchTerm = $data["HardwareId"]; $licenseCount = count($result["data"]); $description = "**License Lookup Performed**\xa
**Search Term:** `{$searchTerm}`\xa**Results Found:** {$licenseCount} license(s)
**Status Filter:** " . ($data["StatusFilter"] ?? "None") . "
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ” License Lookup", $description, 39423); return $result; case "AddTime": $result = $this->addTime($data); $description = "**Time Added to License**

**License Key:** `{$data["LicenseKey"]}`
**Days Added:** {$data["Days"]} days\xa**New Expiry Date:** {$result["data"]["valid_until"]}
**Previous Status:** {$result["data"]["status"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "⏰ Time Added", $description, 39423); return $result; case "GetLicenseAggregateStats": $result = $this->getLicenseAggregateStats($data); $stats = $result["data"]; $description = "**License Statistics Retrieved**

**Total Licenses:** {$stats["total"]}
**Active:** {$stats["active"]}\xa**Expired:** {$stats["expired"]}
**Banned:** {$stats["banned"]}\xa**Suspended:** {$stats["suspended"]}
**Waiting:** {$stats["waiting"]}\xa**Lifetime:** {$stats["lifetime"]}
**Monthly:** {$stats["monthly"]}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“Š Stats Retrieved", $description, 65280); return $result; case "GetLicenseAggregateStatsForDate": $result = $this->getLicenseAggregateStatsForDate($data); $description = "**Historical Stats Retrieved**\xa\xa**Target Date:** {$data["Date"]}\xa**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“ˆ Historical Stats", $description, 65280); return $result; case "GetExpiringLicenses": $result = $this->getExpiringLicenses($data); $limit = $data["Limit"] ?? 5; $expiringCount = count($result["data"]); $description = "**Expiring Licenses List**
\xa**Limit Requested:** {$limit}
**Expiring Licenses Found:** {$expiringCount}
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "⚠️ Expiring Licenses", $description, 16776960); return $result; case "GetLicenseCountByDateRange": $result = $this->getLicenseCountByDateRange($data); $description = "**License Count by Date Range**

**Start Date:** {$data["StartDate"]}
**End Date:** {$data["EndDate"]}
**Note:** Historical data limited (CreatedAt column missing)\xa**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("general", "πŸ“… Date Range Count", $description, 65280); return $result; case "UpdateLicenseStatus": $result = $this->updateLicenseStatus($data); $description = "**License Status Updated**\xa\xa**License Key:** `{$data["LicenseKey"]}`
**New Status:** **{$data["NewStatus"]}**
**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Status Updated", $description, 16776960); return $result; case "UpdateLicenseHwid": $result = $this->updateLicenseHwid($data); $description = "**License Hardware ID Updated**\xa
**License Key:** `{$data["LicenseKey"]}`
**New Hardware ID:** `{$data["NewHardwareId"]}`
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ’» HWID Updated", $description, 39423); return $result; case "DeleteLicense": $result = $this->deleteLicense($data); $description = "**License Deleted**\xa\xa**License Key:** `{$data["LicenseKey"]}`\xa**Action:** Permanent deletion
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ—‘οΈ License Deleted", $description, 16737792); return $result; case "UpdateLicenseAuthorization": $result = $this->updateLicenseAuthorization($data); $authStatus = $data["IsAuthorized"] ? "Authorized" : "Unauthorized"; $description = "**License Authorization Updated**

**License Key:** `{$data["LicenseKey"]}`\xa**Authorization Status:** **{$authStatus}**
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ” Authorization Updated", $description, 65280); return $result; case "UpdateValidUntil": $result = $this->updateValidUntil($data); $description = "**License ValidUntecho $data;Key:** `{$data["LicenseKey"]}`\xa**New Discord User ID:** {$data["NewDiscordUserId"]}
**IP Address:** {$clientIP}
**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”„ Discord UserId Updated", $description, 65280); return $result; case "UpdateLicenseKey": $result = $this->updateLicenseKey($data); $description = "**License Key Updated**\xa\xa**Old License Key:** `{$data["OldLicenseKey"]}`\xa**New License Key:** `{$data["NewLicenseKey"]}`\xa**IP Address:** {$clientIP}\xa**Timestamp:** {$timestamp}"; $this->sendWebhook("webpanel", "πŸ”‘ License Key Updated", $description, 65280); return $result; default: throw new Exception("Invalid Action: " . htmlspecialchars($data["Action"])); } } private function createLicense($data) { if (!isset($data["DiscordUserId"])) { throw new Exception("Missing required field: DiscordUserId"); } if (!isset($data["Duration"]) && !isset($data["Days"])) { throw new Exception("Missing required field: Duration or Days"); } $licenseKey = $this->generateLicenseKey(); $validUntil = new DateTime(); if (isset($data["Days"])) { $days = (int) $data["Days"]; if ($days <= 0) { throw new Exception("Invalid number of Days"); } $validUntil->modify("+{$days} days"); } else { switch ($data["Duration"]) { case "1_month": $validUntil->modify("+1 month"); break; case "3_months": $validUntil->modify("+3 months"); break; case "lifetime": $validUntil->setDate(2030, 12, 31); break; default: throw new Exception("Invalid Duration string"); } } $hardwareId = $data["HardwareId"] ?? ''; $stmt = $this->pdo->prepare("\xa            INSERT INTO Licences (LicenceKey, ValidUntil, HardwareId, IsAuthorized, Username, UserId, DiscordUsername, DiscordUserId, PhoneNumber, Status) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)\xa        "); $stmt->execute(array($licenseKey, $validUntil->format("Y-m-d"), $hardwareId, "False", "NULL", "0", $data["DiscordUsername"] ?? '', $data["DiscordUserId"], "0", "Active")); return array("success" => true, "message" => "License created successfully", "data" => array("license_key" => $licenseKey, "valid_until" => $validUntil->format("Y-m-d"), "status" => "Active")); } private function lookupLicense($data) { $hardwareIdParam = $data["HardwareId"]; $clientSearchTerm = $data["SearchTerm"] ?? null; $clientStatusFilter = $data["StatusFilter"] ?? null; $sql = "SELECT * FROM Licences"; $conditions = array(); $params = array(); if ($hardwareIdParam === "FETCH_ALL_LICENSES") { if ($clientSearchTerm) { $conditions[] = "(LicenceKey LIKE :searchTerm OR DiscordUserId LIKE :searchTerm OR HardwareId LIKE :searchTerm OR DiscordUsername LIKE :searchTerm)"; $params[":searchTerm"] = "%" . $clientSearchTerm . "%"; } if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } else { $conditions[] = "(HardwareId = :id_hw OR DiscordUserId = :id_discord OR LicenceKey = :id_key)"; $params[":id_hw"] = $hardwareIdParam; $params[":id_discord"] = $hardwareIdParam; $params[":id_key"] = $hardwareIdParam; if ($clientStatusFilter) { $conditions[] = "Status = :statusFilterVal"; $params[":statusFilterVal"] = $clientStatusFilter; } } if (!empty($conditions)) { $sql .= " WHERE " . implode(" AND ", $conditions); } $sql .= " ORDER BY ValidUntil DESC"; $stmt = $this->pdo->prepare($sql); $stmt->execute($params); $licenses = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($licenses) && $hardwareIdParam !== "FETCH_ALL_LICENSES" && !$clientSearchTerm && !$clientStatusFilter) { throw new Exception("No licenses found for the provided identifier: " . htmlspecialchars($hardwareIdParam)); } return array("success" => true, "message" => "License lookup successful", "data" => $licenses ?: array()); } private function addTime($data) { if (!isset($data["LicenseKey"]) || !isset($data["Days"])) { throw new Exception("Missing required fields: LicenseKey, Days"); } $stmt = $this->pdo->prepare("SELECT * FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); $license = $stmt->fetch(PDO::FETCH_ASSOC); if (!$license) { throw new Exception("License not found"); } $currentExpiry = new DateTime($license["ValidUntil"]); $newExpiry = clone $currentExpiry; $newExpiry->modify("+{$data["Days"]} days"); $stmtUpdate = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmtUpdate->execute(array($newExpiry->format("Y-m-d"), $data["LicenseKey"])); return array("success" => true, "message" => "Time added successfully", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $newExpiry->format("Y-m-d"), "status" => $license["Status"])); } private function generateLicenseKey() { $chars = "ABCDEFGHJKLMNPQRSTUVWXYZ3456789"; $segments = array(); for ($i = 0; $i < 5; $i++) { $segment = ''; for ($j = 0; $j < 5; $j++) { $segment .= $chars[random_int(0, strlen($chars) - 1)]; } $segments[] = $segment; } return implode("-", $segments); } private function getLicenseAggregateStats($data) { $stmtTotal = $this->pdo->query("SELECT COUNT(*) as count FROM Licences"); $total = (int) $stmtTotal->fetchColumn(); $statusCounts = array("active" => 0, "expired" => 0, "banned" => 0, "suspended" => 0, "waiting" => 0); $stmtStatus = $this->pdo->query("SELECT Status, COUNT(*) as count FROM Licences GROUP BY Status"); while ($row = $stmtStatus->fetch(PDO::FETCH_ASSOC)) { $statusKey = strtolower($row["Status"]); if (array_key_exists($statusKey, $statusCounts)) { $statusCounts[$statusKey] = (int) $row["count"]; } } $stmtLifetime = $this->pdo->prepare("SELECT COUNT(*) as count FROM Licences WHERE ValidUntil = ?"); $stmtLifetime->execute(array("2099-12-31")); $lifetime = (int) $stmtLifetime->fetchColumn(); return array("success" => true, "data" => array("total" => $total, "active" => $statusCounts["active"], "expired" => $statusCounts["expired"], "banned" => $statusCounts["banned"], "suspended" => $statusCounts["suspended"], "waiting" => $statusCounts["waiting"], "lifetime" => $lifetime, "monthly" => $total - $lifetime)); } private function getLicenseAggregateStatsForDate($data) { if (!isset($data["Date"]) || empty($data["Date"])) { throw new Exception("Missing Date for GetLicenseAggregateStatsForDate"); } return array("success" => true, "message" => "Returning current aggregate stats; CreatedAt column needed for historical accuracy on " . htmlspecialchars($data["Date"]), "data" => array("total" => 0, "active" => 0, "expired" => 0, "banned" => 0)); } private function getExpiringLicenses($data) { $limit = isset($data["Limit"]) && !empty($data["Limit"]) ? (int) $data["Limit"] : 5; if ($limit <= 0 || $limit > 50) { $limit = 5; } $stmt = $this->pdo->prepare("\xa            SELECT LicenceKey, ValidUntil, DiscordUserId, Username as CreatorUsername, HardwareId 
            FROM Licences WHERE Status = "Active" AND ValidUntil > CURDATE() ORDER BY ValidUntil ASC LIMIT :limit
        "); $stmt->bindParam(":limit", $limit, PDO::PARAM_INT); $stmt->execute(); return array("success" => true, "data" => $stmt->fetchAll(PDO::FETCH_ASSOC) ?: array()); } private function getLicenseCountByDateRange($data) { if (!isset($data["StartDate"]) || empty($data["StartDate"]) || !isset($data["EndDate"]) || empty($data["EndDate"])) { throw new Exception("Missing StartDate or EndDate for GetLicenseCountByDateRange"); } return array("success" => true, "message" => "Date range counts for created/activated are not available as CreatedAt column is missing.", "data" => array("created" => 0, "activated" => 0)); } private function updateLicenseStatus($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewStatus"])) { throw new Exception("Missing LicenseKey or NewStatus"); } $validStatuses = array("Active", "Suspended", "Expired", "Banned"); if (!in_array($data["NewStatus"], $validStatuses)) { throw new Exception("Invalid NewStatus value"); } $stmt = $this->pdo->prepare("UPDATE Licences SET Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewStatus"], $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License status updated."); } throw new Exception("License not found or status not changed."); } private function updateLicenseHwid($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewHardwareId"])) { throw new Exception("Missing LicenseKey or NewHardwareId"); } $stmt = $this->pdo->prepare("UPDATE Licences SET HardwareId = ?, Status = ? WHERE LicenceKey = ?"); $stmt->execute(array($data["NewHardwareId"], "Active", $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License HWID updated."); } throw new Exception("License not found or HWID not changed."); } private function deleteLicense($data) { if (!isset($data["LicenseKey"])) { throw new Exception("Missing LicenseKey"); } $stmt = $this->pdo->prepare("DELETE FROM Licences WHERE LicenceKey = ?"); $stmt->execute(array($data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License deleted."); } throw new Exception("License not found or already deleted."); } private function updateLicenseAuthorization($data) { if (!isset($data["LicenseKey"]) || !isset($data["IsAuthorized"])) { throw new Exception("Missing required fields: LicenseKey, IsAuthorized"); } $isAuthorized = $data["IsAuthorized"] === true || strtolower((string) $data["IsAuthorized"]) === "true" || $data["IsAuthorized"] === "1" || $data["IsAuthorized"] === 1 ? "True" : "False"; $stmt = $this->pdo->prepare("UPDATE Licences SET IsAuthorized = ? WHERE LicenceKey = ?"); $stmt->execute(array($isAuthorized, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License authorization status updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "is_authorized" => $isAuthorized)); } throw new Exception("License not found or authorization status not changed."); } private function updateValidUntil($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewValidUntil"])) { throw new Exception("Missing LicenseKey or NewValidUntil"); } try { $newValidUntil = new DateTime($data["NewValidUntil"]); $formattedDate = $newValidUntil->format("Y-m-d"); } catch (Exception $e) { throw new Exception("Invalid date format for NewValidUntil"); } $stmt = $this->pdo->prepare("UPDATE Licences SET ValidUntil = ? WHERE LicenceKey = ?"); $stmt->execute(array($formattedDate, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License ValidUntil updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "valid_until" => $formattedDate)); } throw new Exception("License not found or ValidUntil not changed."); } private function updateDiscordUsername($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUsername"])) { throw new Exception("Missing LicenseKey or NewDiscordUsername"); } $newDiscordUsername = trim($data["NewDiscordUsername"]); if (empty($newDiscordUsername)) { throw new Exception("Discord username cannot be empty"); } if (strlen($newDiscordUsername) < 3 || strlen($newDiscordUsername) > 32) { throw new Exception("Discord username must be between 3-32 characters"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUsername = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUsername, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Discord Username updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_username" => $newDiscordUsername)); } throw new Exception("License not found or Discord Username not changed."); } private function updateDiscordUserId($data) { if (!isset($data["LicenseKey"]) || !isset($data["NewDiscordUserId"])) { throw new Exception("Missing LicenseKey or NewDiscordUserId"); } $newDiscordUserId = trim($data["NewDiscordUserId"]); if (empty($newDiscordUserId)) { throw new Exception("Discord User ID cannot be empty"); } $stmt = $this->pdo->prepare("UPDATE Licences SET DiscordUserId = ? WHERE LicenceKey = ?"); $stmt->execute(array($newDiscordUserId, $data["LicenseKey"])); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "Discord User ID updated successfully.", "data" => array("license_key" => $data["LicenseKey"], "discord_user_id" => $newDiscordUserId)); } throw new Exception("License not found or Discord User ID not changed."); } private function updateLicenseKey($data) { if (!isset($data["OldLicenseKey"]) || !isset($data["NewLicenseKey"])) { throw new Exception("Missing OldLicenseKey or NewLicenseKey"); } $oldLicenseKey = trim($data["OldLicenseKey"]); $newLicenseKey = trim($data["NewLicenseKey"]); if (empty($oldLicenseKey) || empty($newLicenseKey)) { throw new Exception("License keys cannot be empty"); } if (!preg_match("/^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$/", $newLicenseKey)) { throw new Exception("New license key must be in format XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with uppercase letters and numbers only"); } $checkStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $checkStmt->execute(array($oldLicenseKey)); if ($checkStmt->fetchColumn() == 0) { throw new Exception("Old license key not found"); } $uniqueStmt = $this->pdo->prepare("SELECT COUNT(*) FROM Licences WHERE LicenceKey = ?"); $uniqueStmt->execute(array($newLicenseKey)); if ($uniqueStmt->fetchColumn() > 0) { throw new Exception("New license key already exists"); } $stmt = $this->pdo->prepare("UPDATE Licences SET LicenceKey = ? WHERE LicenceKey = ?"); $stmt->execute(array($newLicenseKey, $oldLicenseKey)); if ($stmt->rowCount() > 0) { return array("success" => true, "message" => "License Key updated successfully.", "data" => array("old_license_key" => $oldLicenseKey, "new_license_key" => $newLicenseKey)); } throw new Exception("License key update failed."); } private function sendError($message, $code = 400) { http_response_code($code); $errorMessage = is_string($message) ? $message : "An unexpected error occurred."; if ($message instanceof Exception || $message instanceof PDOException) { $errorMessage = $message->getMessage(); } echo json_encode(array("success" => false, "error" => $errorMessage, "code" => $code), JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); die; } } goto rkJPE; rkJPE: if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); die; } goto hnml7; Uwg37: header("Pragma: no-cache"); goto quP6Y; quP6Y: header("Expires: 0"); goto JBqBJ; FTbfO: header("X-XSS-Protection: 1; mode=block"); goto GH15r; GH15r: header("Strict-Transport-Security: max-age360; includeSubDomains"); goto VXD7J; IXB_R:


© 2023 Quttera Ltd. All rights reserved.