<?php /** * t.php - Proxy tracking (KOPIUJ NA KA{D DOMEN) * LOKALIZACJA: /home/strony/domains/DOMENA/public_html/assets/t.php */ // ========================================================================= // CONFIG - URL CENTRALNEGO TRACKERA // ========================================================================= $CENTRAL_TRACKER = 'https://track.trademarkt.net/t.php'; // ========================================================================= // ROUTING // ========================================================================= if ($_SERVER['REQUEST_METHOD'] === 'POST') { proxyToTracker($CENTRAL_TRACKER); exit; } if (isset($_GET['px'])) { returnPixel($CENTRAL_TRACKER); exit; } returnJavaScript(); exit; // ========================================================================= // PROXY DO TRACKERA (z timeoutami!) // ========================================================================= function proxyToTracker(string $trackerUrl): void { $input = file_get_contents('php://input'); $clientIp = $_SERVER['HTTP_CF_CONNECTING_IP'] ?? $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? ''; $clientIp = trim(explode(',', $clientIp)[0]); $ch = curl_init($trackerUrl); curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_POSTFIELDS => $input, CURLOPT_HTTPHEADER => [ 'Content-Type: application/json', 'X-Forwarded-For: ' . $clientIp, 'X-Real-IP: ' . $clientIp, 'X-Forwarded-Host: ' . ($_SERVER['HTTP_HOST'] ?? ''), 'User-Agent: ' . ($_SERVER['HTTP_USER_AGENT'] ?? ''), ], CURLOPT_RETURNTRANSFER => true, CURLOPT_CONNECTTIMEOUT => 2, CURLOPT_TIMEOUT => 3, CURLOPT_TIMEOUT_MS => 3000, CURLOPT_DNS_CACHE_TIMEOUT => 600, CURLOPT_FAILONERROR => false, CURLOPT_NOSIGNAL => 1, ]); $response = curl_exec($ch); $curlError = curl_errno($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); header('Content-Type: application/json'); header('Access-Control-Allow-Origin: *'); if ($curlError || $httpCode >= 500 || $httpCode === 0) { http_response_code(200); echo '{"ok":true,"cached":true}'; return; } http_response_code($httpCode ?: 200); echo $response ?: '{"ok":true}'; } // ========================================================================= // PIXEL (noscript backup) // ========================================================================= function returnPixel(string $trackerUrl): void { header('Content-Type: image/gif'); header('Cache-Control: no-cache, no-store, must-revalidate'); echo base64_decode('R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'); if (function_exists('fastcgi_finish_request')) { fastcgi_finish_request(); } else { flush(); if (ob_get_level()) ob_end_flush(); } $fp = generateServerFingerprint(); $data = json_encode([ 'vid' => 'srv_' . bin2hex(random_bytes(8)), 'fp' => $fp, 'fps' => 'server', 'd' => $_SERVER['HTTP_HOST'] ?? '', 'u' => ($_SERVER['REQUEST_SCHEME'] ?? 'https') . '://' . ($_SERVER['HTTP_HOST'] ?? '') . ($_SERVER['REQUEST_URI'] ?? ''), 'r' => $_SERVER['HTTP_REFERER'] ?? '', 'adv' => $_GET['adv'] ?? $_GET['utm_source'] ?? '', ]); $ch = curl_init($trackerUrl); curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_POSTFIELDS => $data, CURLOPT_HTTPHEADER => [ 'Content-Type: application/json', 'X-Forwarded-For: ' . ($_SERVER['REMOTE_ADDR'] ?? ''), ], CURLOPT_RETURNTRANSFER => true, CURLOPT_CONNECTTIMEOUT => 1, CURLOPT_TIMEOUT_MS => 2000, CURLOPT_NOSIGNAL => 1, CURLOPT_FAILONERROR => false, ]); curl_exec($ch); curl_close($ch); } function generateServerFingerprint(): string { $components = [ $_SERVER['HTTP_USER_AGENT'] ?? '', $_SERVER['HTTP_ACCEPT_LANGUAGE'] ?? '', $_SERVER['HTTP_ACCEPT_ENCODING'] ?? '', $_SERVER['HTTP_ACCEPT'] ?? '', $_SERVER['HTTP_SEC_CH_UA'] ?? '', $_SERVER['HTTP_SEC_CH_UA_PLATFORM'] ?? '', ]; return 'srv_' . substr(hash('sha256', implode('|', $components)), 0, 20); } // ========================================================================= // JAVASCRIPT TRACKER // ========================================================================= function returnJavaScript(): void { header('Content-Type: application/javascript; charset=utf-8'); header('Cache-Control: public, max-age=3600'); $endpoint = '/includes/assets.php'; echo <<<JS (function(){ var T='$endpoint',C='_vid',D=730; function uuid(){return'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g,function(c){var r=Math.random()*16|0;return(c==='x'?r:(r&0x3|0x8)).toString(16)})} function sC(n,v,d){var e=new Date(Date.now()+d*864e5).toUTCString();document.cookie=n+'='+encodeURIComponent(v)+';expires='+e+';path=/;SameSite=Lax'+(location.protocol==='https:'?';Secure':'')} function gC(n){var m=document.cookie.match(new RegExp('(^| )'+n+'=([^;]+)'));return m?decodeURIComponent(m[2]):null} function sL(n,v){try{localStorage.setItem(n,v)}catch(e){}} function gL(n){try{return localStorage.getItem(n)}catch(e){return null}} function gV(){ var v=gC(C)||gL(C); if(!v)v=uuid(); sC(C,v,D);sL(C,v); return v; } function gF(){ var c=[]; c.push(screen.width+'x'+screen.height); c.push(screen.colorDepth); c.push(window.devicePixelRatio||1); c.push(Intl.DateTimeFormat().resolvedOptions().timeZone||new Date().getTimezoneOffset()); c.push(navigator.language); c.push(navigator.platform); c.push(navigator.hardwareConcurrency||0); c.push(navigator.deviceMemory||0); c.push(navigator.userAgent); c.push('ontouchstart'in window?1:0); c.push(navigator.maxTouchPoints||0); try{ var cv=document.createElement('canvas'); var gl=cv.getContext('webgl')||cv.getContext('experimental-webgl'); if(gl){var d=gl.getExtension('WEBGL_debug_renderer_info');if(d){c.push(gl.getParameter(d.UNMASKED_VENDOR_WEBGL));c.push(gl.getParameter(d.UNMASKED_RENDERER_WEBGL))}} }catch(e){} try{ var cv=document.createElement('canvas');cv.width=200;cv.height=50; var ctx=cv.getContext('2d'); ctx.textBaseline='top';ctx.font='14px Arial'; ctx.fillStyle='#f60';ctx.fillRect(0,0,100,50); ctx.fillStyle='#069';ctx.fillText('Cwm fjord veg balks',2,15); ctx.fillStyle='rgba(102,204,0,0.7)';ctx.fillText('Cwm fjord veg balks',4,17); c.push(cv.toDataURL().slice(-50)); }catch(e){} try{var a=new(window.AudioContext||window.webkitAudioContext)();c.push(a.sampleRate);a.close()}catch(e){} var s=c.join('|||'),h1=0xdeadbeef,h2=0x41c6ce57; for(var i=0;i<s.length;i++){var ch=s.charCodeAt(i);h1=Math.imul(h1^ch,2654435761);h2=Math.imul(h2^ch,1597334677)} h1=Math.imul(h1^(h1>>>16),2246822507)^Math.imul(h2^(h2>>>13),3266489909); h2=Math.imul(h2^(h2>>>16),2246822507)^Math.imul(h1^(h1>>>13),3266489909); return(4294967296*(2097151&h2)+(h1>>>0)).toString(36); } function isApple(){ return /iPhone|iPad|iPod|Macintosh/.test(navigator.userAgent) && navigator.maxTouchPoints>0; } function track(){ var p=new URLSearchParams(location.search); var data={ vid:gV(), fp:gF(), fps:'js', apple:isApple()?1:0, d:location.hostname, u:location.href, r:document.referrer||'', adv:p.get('adv')||'', key:p.get('key')||'', gclid:p.get('gclid')||'', gad_campaignid:p.get('gad_campaignid')||'', gad_source:p.get('gad_source')||'', gbraid:p.get('gbraid')||'', utm_source:p.get('utm_source')||'', utm_medium:p.get('utm_medium')||'', utm_campaign:p.get('utm_campaign')||'', utm_term:p.get('utm_term')||'', utm_content:p.get('utm_content')||'', sw:screen.width, sh:screen.height, tz:Intl.DateTimeFormat().resolvedOptions().timeZone||'', lang:navigator.language||'', t:Date.now() }; if(navigator.sendBeacon){ navigator.sendBeacon(T,JSON.stringify(data)); }else{ var img=new Image(); img.src=T+'?d='+encodeURIComponent(JSON.stringify(data)); } } if(document.readyState==='loading'){document.addEventListener('DOMContentLoaded',track)}else{track()} window.Tracker={getVid:gV,getFP:gF,track:track}; })(); JS; }