* @date 2019 * @name index.php */ # defining start time define('IR_START', microtime(true)); # defining the base path define('BASE_PATH',dirname(__FILE__)); # defining the maximum execution time to 1 hour ini_set('max_execution_time', '3600'); # defining the socket timeout to 1 min ini_set('default_socket_timeout', '60'); # defining the maximum memory limit ini_set('memory_limit', '-1'); # disabling remote file include ini_set("allow_url_fopen", '1'); ini_set("allow_url_include", '0'); # defining the default time zone date_default_timezone_set("UTC"); # getting the peak of memory, in bytes, that's been allocated to our PHP script. define('START_MEMORY', memory_get_peak_usage(true)); define('START_TIME',microtime(true)); # defining separators define('DS',DIRECTORY_SEPARATOR); define('RDS','/'); # Resolve the tracking-helper directory at runtime. # # Default : /var/www/scripts (where the Java installer drops # help.php / stats.php / gc.php on every fresh PMTA # tracking host). # Hardened (recommended) : the actual path is moved to a random directory by # install/migrate_tracking_path.sh and recorded in # /etc/jm_tracking_path.conf (mode 0640 root:www-data # so the web user can read it but other accounts cannot). # # This indirection means: # - Fresh installs work without any post-install file edits. # - When the path is rotated, no PHP file ever needs to be touched - only the # conf file is updated and the very next request picks up the new path. function jmTrackingHelperDir() { static $cached = null; if ($cached !== null) { return $cached; } $conf = '/etc/jm_tracking_path.conf'; if (is_readable($conf)) { $lines = @file($conf, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); if (is_array($lines)) { foreach ($lines as $line) { if (preg_match('~^\s*JM_TRACKING_PATH\s*=\s*"?([^"\r\n]+)"?\s*$~', $line, $m)) { $p = rtrim($m[1], "/ \t"); if ($p !== '' && is_dir($p) && is_readable($p . '/help.php')) { return $cached = $p; } break; } } } } return $cached = '/var/www/scripts'; } require_once jmTrackingHelperDir() . '/help.php'; # parse url to get parameters $url = (filter_input(INPUT_SERVER, 'HTTP_X_REWRITE_URL') != null) ? ltrim(filter_input(INPUT_SERVER, 'HTTP_X_REWRITE_URL'),'/') : ltrim(filter_input(INPUT_SERVER, 'REQUEST_URI'),'/'); # check if is an image checkForImage($url,decrypt('AetMV/1c6zaPariG1L69xczPcdWF8vC8U0ykE2RYiuiZn4Q7tCVA70w0Eqdx2P5s5/Ky0vC+RLM7pfoaY7fatA==')); # check for short link ?> 0 || $data['offer-id'] > 0) { $api = decrypt('5URs653GGHCaF1Ay2OFlT5yvlRDeXn+K7rurCfYHDjMDGxDNbvihNP00UZcXzuBh0Ec+wN+16dkxK2DxypOsbw=='); $data['ip'] = getIp(); $data['agent'] = (filter_input(INPUT_SERVER,'HTTP_USER_AGENT') != null) ? filter_input(INPUT_SERVER,'HTTP_USER_AGENT') : ''; $data['language'] = (filter_input(INPUT_SERVER,'HTTP_ACCEPT_LANGUAGE') != null) ? strtoupper(substr(filter_input(INPUT_SERVER,'HTTP_ACCEPT_LANGUAGE'), 0, 2)) : ''; if($data['act'] == 'oop') { $message = ""; if(count($_POST)) { $email = (filter_input(INPUT_POST,'email') != null) ? filter_input(INPUT_POST,'email') : ''; # send tracking information to bluemail if(!filter_var($email,FILTER_VALIDATE_EMAIL)) { $message = "Please check your email !"; } else { # check if email is the same $result = json_decode(sendPostRequest($api,["controller" =>"Tracking","action" =>"checkEmail", "parameters" => [ "email" => md5($email), "list-id" => $data['list-id'], "client-id" => $data['client-id'] ] ]),true); if(count($result) == 0 || (key_exists('status', $result) && $result['status'] != 200)) { $message = "Your Email is not registered !"; } if(strtolower(trim($result['message'])) == 'email is correct !') { # execute tracking job (safe async dispatch via env vars - see help.php) jmSpawnTrackingJob(jmTrackingHelperDir() . '/help.php', $api, $data, '0'); $message = "Sorry to see you leaving :("; } else { $message = "Your Email is not registered !"; } } } include_once BASE_PATH . DS . 'optout.php'; } else { # generating link and redirecting $link = ''; $actionId = 0; if(in_array($data['act'],['cl','un'])) { # get offer link $type = $data['act'] == 'cl' ? 'preview' : 'unsub'; $result = json_decode(sendPostRequest($api,[ 'controller' => 'Tracking', 'action' => 'getLink', 'parameters' => [ 'type' => $type, 'process-id' => $data['process-id'], 'process-type' => $data['process-type'], 'user-id' => $data['user-id'], 'vmta-id' => $data['vmta-id'], 'list-id' => $data['list-id'], 'client-id' => $data['client-id'], 'offer-id' => $data['offer-id'], 'ip' => $data['ip'] ] ]),true); if($result === FALSE || count($result) == 0) { die('

405 : Bad request !

'); } if($result['status'] != 200) { die('

' . $result['status'] . ' : ' . $result['message'] . '

'); } if(key_exists('data', $result) && key_exists('link',$result['data']) && trim($result['data']['link']) != '') { $link = trim($result['data']['link']); $actionId = intval($result['data']['action_id']); } else { echo '

Incorrect redirection !

'; } } # send tracking information to master app if(in_array($data['act'],['op','cl','un']) && $data['process-id'] > 0) { # execute tracking job (safe async dispatch via env vars - see help.php) jmSpawnTrackingJob(jmTrackingHelperDir() . '/help.php', $api, $data, (string)$actionId); } # redirecting in case of a click or unsub if($link != '') { header('Location: ' . $link); exit(); } else { echo '

Operation completed !

'; } } } else { echo '

No drop found !

'; } } else { echo '

No parameters found !

'; }