The main error i am getting here
variable = createVoucherCurl
it will return 403 forbidden
Please help i am stuck here last 1 week.
Thanks advance for provide solutions.
{
error: {
code: 403,
message: "Forbidden"
}
}
Below is my code
<?php
header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP 1.1.
header("Pragma: no-cache"); // HTTP 1.0.
header("Expires: 0"); // Proxies.
ob_start();
const AUTH_TOKEN = "TESTWRINGTOKEN"; // Replace with a long, complex static token and put in general settings variable
if (isset($_GET['token']) && $_GET['token'] === AUTH_TOKEN) {
function getWifiCode($n, $quota, $minutes, $note, $up, $down) {
$urlBase = "https://184.67.111.138";
$loginEndpoint = "/api/auth/login";
$createVoucherEndpoint = "/proxy/network/api/s/default/cmd/hotspot";
$queryVoucherEndpoint = "/proxy/network/api/s/default/stat/voucher";
// Dynamically generate a cookie file name based on session ID
$cookieFile = 'cookie_' . session_id() . '.txt';
// Login and retrieve the CSRF token
$loginCurl = curl_init($urlBase . $loginEndpoint);
curl_setopt($loginCurl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($loginCurl, CURLOPT_POST, true);
curl_setopt($loginCurl, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($loginCurl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($loginCurl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($loginCurl, CURLOPT_POSTFIELDS, json_encode([
'username' => 'pangeapod',
'password' => 'BAjD:)ai4rM83bE'
]));
curl_setopt($loginCurl, CURLOPT_HEADER, true);
curl_setopt($loginCurl, CURLOPT_COOKIEJAR, $cookieFile); // Use the session-based cookie file
$loginResponse = curl_exec($loginCurl);
$loginError = curl_error($loginCurl);
if ($loginError) {
echo "cURL Error for Login: " . $loginError;
} else {
// echo "Login Response: " . htmlspecialchars($loginResponse); // Use htmlspecialchars for safe rendering of the response in the browser
}
preg_match('/x-csrf-token: (.*?)(rn)/', $loginResponse, $matches);
$csrfToken = isset($matches[1]) ? $matches[1] : null;
curl_close($loginCurl);
// Prepare headers
$headers = [
'Content-Type: application/json',
'X-CSRF-Token: ' . $csrfToken
];
// Prepare post data
$data = [
"cmd" => "create-voucher",
"n" => (int) $_POST['n'], // casting to integer
"expire" => (int) $_POST['minutes'], // casting to integer
"note" => $_POST['note'],
"up" => (int) $_POST['up'], // casting to integer
"down" => (int) $_POST['down'], // casting to integer
"quota" => (int) $_POST['quota'] // casting to integer
];
$postData = json_encode($data);
$url = $urlBase . $createVoucherEndpoint;
// Log details
//echo "Sending request to: " . $url . "<br>";
//echo "Headers: <pre>" . print_r($headers, true) . "</pre><br>";
//echo "Body: " . htmlspecialchars($postData) . "<br>";
// Create Voucher
$createVoucherCurl = curl_init($urlBase . $createVoucherEndpoint);
curl_setopt($createVoucherCurl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($createVoucherCurl, CURLOPT_POST, true);
curl_setopt($createVoucherCurl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($createVoucherCurl, CURLOPT_COOKIEFILE, $cookieFile); // Use the session-based cookie file
curl_setopt($createVoucherCurl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($createVoucherCurl, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($createVoucherCurl, CURLOPT_POSTFIELDS, $postData);
$createResponse = curl_exec($createVoucherCurl);
$createError = curl_error($createVoucherCurl);
if ($createError) {
// echo "cURL Error for Voucher Creation: " . $createError;
} else {
// echo "Voucher Creation Response: " . htmlspecialchars($createResponse);
}
$createdData = json_decode($createResponse, true);
$creationTime = $createdData['data'][0]['create_time'] ?? null;
// Query the code
$queryVoucherCurl = curl_init($urlBase . $queryVoucherEndpoint);
curl_setopt($queryVoucherCurl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($queryVoucherCurl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($queryVoucherCurl, CURLOPT_COOKIEFILE, $cookieFile); // Use the session-based cookie file
curl_setopt($queryVoucherCurl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($queryVoucherCurl, CURLOPT_SSL_VERIFYPEER, 0);
$queryResponse = curl_exec($queryVoucherCurl);
$queryError = curl_error($queryVoucherCurl);
if ($queryError) {
// echo "cURL Error for Query Voucher: " . $queryError;
} else {
// echo "Query Response: " . htmlspecialchars($queryResponse);
}
curl_close($queryVoucherCurl);
// Clean up the cookie file after use
unlink($cookieFile);
$data = json_decode($queryResponse, true);
if (is_array($data) && isset($data['data'])) {
foreach ($data['data'] as $voucher) {
if ($voucher['create_time'] == $creationTime) {
return $voucher['code'];
}
}
}
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
session_start();
$code = getWifiCode(
$_POST['n'],
$_POST['quota'],
$_POST['minutes'],
$_POST['note'],
$_POST['up'],
$_POST['down']
);
session_write_close(); // Close the session after the function call
if (isset($_POST['json']) && $_POST['json'] == 'true') {
header('Content-Type: application/json');
echo json_encode(['voucher_code' => $code]);
} else {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>WiFi Voucher</title>
<style>
body { font-family: Arial, sans-serif; background-color: #f5f5f5; padding: 20px; text-align: center; }
.voucher-code {
font-size: 36px;
padding: 20px;
border: 3px dashed #007BFF;
display: inline-block;
margin-top: 20px;
color: #007BFF;
}
</style>
</head>
<body>
<div class="voucher-code"><?php echo $code; ?></div>
</body>
</html>
<?php
} // end for checking if it should return json.
} else {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>WiFi Access</title>
<style>
body {
font-family: Arial, sans-serif;
background-color: #f5f5f5;
padding: 20px;
text-align: center;
}
select, input[type="text"] {
padding: 10px;
width: 100%;
max-width: 300px;
border-radius: 8px;
border: 1px solid #ccc;
margin-bottom: 15px;
}
.section {
border: dashed 2px #ccc;
margin-bottom: 20px;
padding: 10px;
}
.section-header {
cursor: pointer;
display: flex;
align-items: center;
justify-content: center;
position: relative;
}
.section-header span {
position: absolute;
right: 10px;
}
.section-content {
display: none; /* default state is collapsed */
}
.btn {
margin: 20px;
padding: 15px;
border: none;
border-radius: 8px;
font-size: 16px;
cursor: pointer;
width: 80%;
max-width: 300px;
}
.guest { background-color: #4CAF50; color: white; }
.paid { background-color: #007BFF; color: white; }
h2 {
color: #333;
margin-bottom: 25px;
}
</style>
</head>
<body>
<div class="section">
<div class="section-header" onclick="toggleSection(this)">
<h2>Guest WiFi</h2>
<span>▼</span>
</div>
<div class="section-content">
<form action="?token=<?= AUTH_TOKEN ?>" method="POST">
<select name="minutes">
<?php
for($i=1; $i<=7; $i++){
echo '<option value="'. $i * 1440 .'">'. $i .' day'. ($i > 1 ? 's' : '') .'</option>';
}
?>
</select>
<br>
<select name="down">
<option value="10000">Default Download Speed - 10 MPS</option>
<option value="30000">Fast Download Speed - 30 MPS</option>
</select>
<br>
<input type="text" name="note" minlength="5" placeholder="Note (Min 5 chars)" required>
<br>
<input type="hidden" name="n" value="1">
<input type="hidden" name="quota" value="0">
<input type="hidden" name="up" value="10000">
<button type="submit" class="btn guest">Get Code</button>
</form>
</div>
</div>
<div class="section">
<div class="section-header" onclick="toggleSection(this)">
<h2>Paid WiFi</h2>
<span>▼</span>
</div>
<div class="section-content">
<form action="?token=<?= AUTH_TOKEN ?>" method="POST">
<select name="minutes">
<?php
for($i=1; $i<=7; $i++){
echo '<option value="'. $i * 1440 .'">'. $i .' day'. ($i > 1 ? 's' : '') .'</option>';
}
?>
</select>
<br>
<select name="down">
<option value="50000">Default Fast - 50 MPS</option>
<option value="80000">Super Fast - 80 MPS</option>
</select>
<br>
<input type="text" name="note" minlength="5" placeholder="Note (Min 5 chars)" required>
<br>
<input type="hidden" name="n" value="1">
<input type="hidden" name="quota" value="0">
<input type="hidden" name="up" value="50000">
<button type="submit" class="btn paid">Get Code</button>
</form>
</div>
</div>
<div class="section">
<div class="section-header" onclick="toggleSection(this)">
<h2>Staff WiFi</h2>
<span>▼</span>
</div>
<div class="section-content">
<form action="?token=<?= AUTH_TOKEN ?>" method="POST">
<input type="text" name="note" minlength="8" placeholder="Name (Min 8 chars)" required>
<input type="hidden" name="n" value="1">
<input type="hidden" name="quota" value="0">
<input type="hidden" name="up" value="50000">
<input type="hidden" name="down" value="70000">
<input type="hidden" name="minutes" value="<?= 525600 ?>"> <!-- 1 year in minutes -->
<button type="submit" class="btn guest">Get Code</button>
</form>
</div>
</div>
<div class="section">
<div class="section-header" onclick="toggleSection(this)">
<h2>Device WiFi</h2>
<span>▼</span>
</div>
<div class="section-content">
<form action="?token=<?= AUTH_TOKEN ?>" method="POST">
<input type="text" name="note" minlength="1" placeholder="Device Name" required>
<input type="hidden" name="n" value="1">
<input type="hidden" name="quota" value="0">
<input type="hidden" name="up" value="50000">
<input type="hidden" name="down" value="80000">
<input type="hidden" name="minutes" value="<?= 5256000 ?>"> <!-- 10 years in minutes -->
<button type="submit" class="btn paid">Get Code</button>
</form>
</div>
</div>
<script>
function toggleSection(element) {
const content = element.nextElementSibling;
if(content.style.display === "none" || content.style.display === "") {
content.style.display = "block";
element.querySelector("span").innerHTML = "▲";
} else {
content.style.display = "none";
element.querySelector("span").innerHTML = "▼";
}
}
</script>
</body>
</html>
<?php
}
} else {
echo "Unauthorized.";
}
ob_end_flush();
?>