From 3ae517757c61daa5e1a6700925af095b1ee4c5b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= <sijanecantonluka@gmail.com>
Date: Fri, 3 Jan 2020 00:35:44 +0100
Subject: have fun

---
 README.md         |  16 ++++
 fetcheveryone.php |  18 +++++
 jsontohtml.php    |   8 ++
 main.php          | 231 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 273 insertions(+)
 create mode 100755 fetcheveryone.php
 create mode 100755 jsontohtml.php
 create mode 100644 main.php

diff --git a/README.md b/README.md
index 3f22bbf..be3b956 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,17 @@
 # itisclient
+
+to get everyone in iTIS directory as a json file:
+
+```
+./fetcheveryone.php
+```
+
+and let it run for a couple of minutes (?)
+
+registration not added yet, no captcha=>should be simple, but a SMTP listener client will have to be implemented
+
+# exploits!!!
+
+yes, exploits indeed. Every. Single. Aspx. Site. Exploits. I mean what do they think (ASP.NET devs in general)?
+
+/exploits coming soon!/
diff --git a/fetcheveryone.php b/fetcheveryone.php
new file mode 100755
index 0000000..7222729
--- /dev/null
+++ b/fetcheveryone.php
@@ -0,0 +1,18 @@
+#!/usr/bin/env php
+<?php
+require_once "main.php";
+$i = new itisClient();
+$i->setusername("subidubi");
+$i->setpassword("T2J7QCZWCF");
+$slovenija = array();
+foreach($i->fetchregije() as $regija) {
+        $slovenija[$regija] = array();
+        foreach($i->fetchkontakti(0, $regija) as $kontakt) {
+                $slovenija[$regija][] = $i->fetchoseba($kontakt);
+        }
+}
+file_put_contents(date("d.m.Y-H.i.s").".json", json_encode($slovenija));
+
+
+
+
diff --git a/jsontohtml.php b/jsontohtml.php
new file mode 100755
index 0000000..6412c75
--- /dev/null
+++ b/jsontohtml.php
@@ -0,0 +1,8 @@
+#!/usr/bin/env php
+<?php
+class jsonHtml {
+public function jsonToDebug($jsonText = ''){    $arr = json_decode($jsonText, true);    $html = "";    if ($arr && is_array($arr)) {        $html .= self::_arrayToHtmlTableRecursive($arr);    }    return $html;}
+public function _arrayToHtmlTableRecursive($arr) {    $str = "<style>table,td,tr,th{border:1px solid black;}</style><table><tbody>";    foreach ($arr as $key => $val) {        $str .= "<tr>";        $str .= "<td>$key</td>";        $str .= "<td>";        if (is_array($val)) {            if (!empty($val)) {                $str .= self::_arrayToHtmlTableRecursive($val);            }        } else {            $str .= "<strong>$val</strong>";        }        $str .= "</td></tr>";    }    $str .= "</tbody></table>";    return $str;}
+}
+file_put_contents($argv[2], jsonHtml::jsonToDebug(file_get_contents($argv[1])));
+?>
diff --git a/main.php b/main.php
new file mode 100644
index 0000000..37fcbfa
--- /dev/null
+++ b/main.php
@@ -0,0 +1,231 @@
+<?php
+function strip_tags_content($text, $tags = '', $invert = FALSE) {
+  preg_match_all('/<(.+?)[\s]*\/?[\s]*>/si', trim($tags), $tags);
+  $tags = array_unique($tags[1]);
+  if(is_array($tags) AND count($tags) > 0) {
+    if($invert == FALSE) {
+      return preg_replace('@<(?!(?:'. implode('|', $tags) .')\b)(\w+)\b.*?>.*?</\1>@si', '', $text);
+    }
+    else {
+      return preg_replace('@<('. implode('|', $tags) .')\b.*?>.*?</\1>@si', '', $text);
+    }
+  }
+  elseif($invert == FALSE) {
+    return preg_replace('@<(\w+)\b.*?>.*?</\1>@si', '', $text);
+  }
+  return $text;
+} 
+function DOMinnerHTML(DOMNode $element) { 
+    $innerHTML = ""; 
+    $children  = $element->childNodes;
+    foreach ($children as $child) { 
+        $innerHTML .= $element->ownerDocument->saveHTML($child);
+    }
+    return $innerHTML; 
+}
+function endsWith($haystack, $needle) {
+    $length = strlen($needle);
+    if ($length == 0) {
+        return true;
+    }
+    return (substr($haystack, -$length) === $needle);
+}
+function startsWith ($string, $startString) { 
+    $len = strlen($startString); 
+    return (substr($string, 0, $len) === $startString); 
+}
+function get_string_between($string, $start, $end){
+    $string = ' ' . $string;
+    $ini = strpos($string, $start);
+    if ($ini == 0) return '';
+    $ini += strlen($start);
+    $len = strpos($string, $end, $ini) - $ini;
+    return substr($string, $ini, $len);
+}
+/*
+Errors:
+ -1 username or password not specified (aj blin dis a mast sou dej hev jor informejšon)
+ -2 you are not logged in (aj blin trms of srvis bi neseseri)
+ -3 bad username and/or password (diplomatski odgovor ;-)
+ -4 not written yet (suka bljet)
+ -5 session exists in another system (sucky)
+ -6 
+*/
+	class itisClient {
+		private $username;
+		private $password;
+		public $version = array(0, 0, 1);
+		private $programname = "itisclient";
+		private $programdomain = 'itisclient.sijanec.tk';
+		private $cookiedir; // set at runtime, ker je get_curerent_user, v login()
+		private $mainpage = "https://www.itis.si/";
+		private $mainpageaction = "https://www.itis.si/?rw=1";
+		private $iskanjestran = "https://www.itis.si/iskanje/stran-";
+		public function setusername($value) { 
+			$this->username = $value;
+ 		}
+		public function setpassword($value) { 
+			$this->password = $value;
+ 		}
+   		private function get($property) {
+			return $this->$property;
+		}
+		public function getversion() {
+			return $this->version;
+		}
+		private function login() {
+			if (empty($this->username) || empty($this->password)) {
+				return -1;
+			}
+			$this->cookiedir = '/tmp/'.posix_getuid().'/'.$this->programdomain.'/cookiedir/';
+			if (!is_dir($this->cookiedir.$this->username)) {
+				if (!mkdir($this->cookiedir.$this->username, 0700, true)) { // x permišn mora bit', da lahko dela poddirektorije, hence true, hence 0700; group in others pa je 0, da ne morejo brati piškotkov!!! zeloo pomembno!
+					return -5;
+				}
+			}
+			$ch = curl_init();
+			// curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_0);
+			curl_setopt($ch, CURLOPT_COOKIESESSION, true );
+			curl_setopt($ch, CURLOPT_COOKIEJAR, $this->cookiedir.$this->username."/cookie.txt" ); // cookiejar
+			curl_setopt($ch, CURLOPT_COOKIEFILE, $this->cookiedir.$this->username."/cookie.txt" ); // coolie file // this scuks
+			// curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
+			// curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+			// curl_setopt($ch, CURLOPT_HEADER, 1); // return headers?
+			curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
+			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // return transfer?
+			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); // follow 3xx redirects?
+			curl_setopt($ch, CURLOPT_MAXREDIRS, 10); // max 3xx redirectas?
+			curl_setopt($ch, CURLOPT_USERAGENT, $this->programdomain."/".implode(".", $this->version));
+			curl_setopt($ch, CURLOPT_AUTOREFERER, 1); // auto send refereres?
+			curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); // timeout for tcp connection
+			curl_setopt($ch, CURLOPT_TIMEOUT, 10); // timeout for http response
+			curl_setopt($ch, CURLOPT_URL, $this->mainpage);
+			curl_setopt($ch, CURLOPT_POST, 0);
+			$login_page = curl_exec($ch);
+			$xmlDoc = new DOMDocument();
+			$xmlDoc->loadHTML( $login_page );
+			$formNode = $xmlDoc->getElementsByTagName( "form" )[0]; // only one form
+			$searchNode = $formNode->getElementsByTagName("input");
+			foreach( $searchNode as $sn ) {
+				if($sn->getAttribute('name') != 'ctl00$navigationLogin$tbUsername' && $sn->getAttribute('name') != 'ctl00$navigationLogin$tbPassword' &&
+					$sn->getAttribute("type") != "submit")
+				$postvars .= urlencode($sn->getAttribute('name'))."=".urlencode($sn->getAttribute('value'))."&";
+			}
+			curl_setopt($ch, CURLOPT_URL, $this->mainpageaction);
+			curl_setopt($ch, CURLOPT_POST, 1);
+			$postbody = $postvars.urlencode('ctl00$navigationLogin$tbUsername')."=".urlencode($this->username)."&".
+				urlencode('ctl00$navigationLogin$tbPassword')."=".urlencode($this->password)."&".urlencode('ctl00$navigationLogin$btnLogin')."=".
+					urlencode("PRIJAVA");
+			curl_setopt($ch, CURLOPT_POSTFIELDS, $postbody);
+			$login_output = curl_exec($ch);
+			$xmlDoc = new DOMDocument();
+			$xmlDoc->loadHTML( $login_output );
+			$searchNode = $xmlDoc->getElementsByTagName( "div" );
+			foreach( $searchNode as $sn ) {
+				if($sn->getAttribute('id') == 'navigationLogin_divNapaka') {
+					if (DOMinnerHTML($sn) == 'Napačno uporabniško ime in/ali geslo.') {
+						return -3;
+					} else if(DOMinnerHTML($sn) ==
+						'To uporabniško ime je v že v uporabi na drugem računalniku. Odjavite se iz drugega računalnika ali počakajte, da vam poteče seja.') {
+						return -5; // holy shit u fukkin kill.d her, TSMedia!
+					}
+				}
+			}
+			return $ch;
+		}
+		public function fetchregije() {
+			$ch = $this->login();
+			if(!curl_getinfo($ch)) {
+				if(!empty($ch)){return $ch;}else{return -2;}
+			}
+			curl_setopt($ch, CURLOPT_URL, $this->mainpage);
+			curl_setopt($ch, CURLOPT_POST, 0);
+			$request_output = curl_exec($ch);
+			$xmlDoc = new DOMDocument();
+			$xmlDoc->loadHTML( $request_output );
+			$searchNode = $xmlDoc->getElementById( "search_ddlRegion" )->getElementsByTagName("option");
+			$regije=array();
+			foreach( $searchNode as $sn ) {
+				if(!empty($sn->getAttribute("value"))) $regije[] = $sn->getAttribute("value");
+			}
+			return $regije;
+		}
+		public function fetchkontakti($kajsplohiscemo = 0, $regija = "GORENJSKA") { // kajsplohiscemo-bool=[0-osebe]/1-podjetja regija-string=[GORENJSKA]/...
+			$ch = $this->login();
+			if(!curl_getinfo($ch)) {
+				if(!empty($ch)){return $ch;}else{return -2;}
+			}
+			if($kajsplohiscemo) {
+				$barva = "yellow"; // wtf, Adacta
+				return -4;
+			} else {$barva = "white";}
+			curl_setopt($ch, CURLOPT_POST, 0);
+			curl_setopt($ch, CURLOPT_URL, $this->mainpage);
+			$request_init_output = curl_exec($ch);
+			$xmlDoc = new DOMDocument($request_init_output);
+			$xmlDoc->loadHTML( $request_init_output );
+			$searchNode = $xmlDoc->getElementsByTagName("form")[0]->getElementsByTagName( "input" );
+			foreach( $searchNode as $sn ) {
+				if($sn->getAttribute("name") != 'ctl00$search$hfSearchMode' && $sn->getAttribute("name") != 'ctl00$search$ddlRegion') {
+					$postvars .= urlencode($sn->getAttribute('name'))."=".urlencode($sn->getAttribute('value')).'&';
+				}
+			}
+			curl_setopt($ch, CURLOPT_POST, 1);
+			// curl_setopt($ch, CURLOPT_HEADER, array('array("Content-Type: multipart/form-data")'));
+			curl_setopt($ch, CURLOPT_URL, $this->mainpageaction);
+			$postbody=$postvars.urlencode('ctl00$search$hfSearchMode').'='.urlencode($barva).'&'.urlencode('ctl00$search$ddlRegion').'='.
+				urlencode($regija).'&__EVENTTARGET=&__EVENTARGUMENT=&ctl00%24search%24hfSearchFormMode=2&ctl00%24search%24ddlAreaCode=&ctl00%24search%24ddlWorkingHoursDay=&ctl00%24search%24ddlWorkingHoursFrom=&ctl00%24search%24ddlWorkingHoursTo=&ctl00%24search%24ddlAdditionalOptions=&hiddenInputToUpdateATBuffer_CommonToolkitScripts=1'; // (-;
+			if($kajsplohiscemo){ $postbody .= '&'.urlencode('ctl00$search$btnSearchAlt').'='.urlencode('NAJDI');}		// THIS FINNALY WORKS BUT ONLY FOR
+				else {$postbody .= '&'.urlencode('ctl00$search$btnSearch').'='.urlencode('IŠČI');}						// LOGGED IN USERS! DON'T TOUCH
+			curl_setopt($ch, CURLOPT_POSTFIELDS, $postbody);															// THE ANCIENT CODE!
+			$request_output = curl_exec($ch);									// https://www.reddit.com/r/ProgrammerHumor/comments/9xat04/the_ancient_code/
+			curl_setopt($ch, CURLOPT_POST, 0);
+			curl_setopt($ch, CURLOPT_URL, $this->iskanjestran."064176345"); // just a big intager
+			$request_after_output = curl_exec($ch);
+			$xmlDoc = new DOMDocument($request_after_output);
+			$xmlDoc->loadHTML($request_after_output); 
+			$zadnjastran = explode("-", $xmlDoc->getElementById("CPH_bodyMain_SearchResultsStatic1_ResultsPagerStatic1_aLastPage")->getAttribute("href"))[1];
+			$kontakti = array();
+			for($i = 1; $i <= $zadnjastran; $i++) {
+				curl_setopt($ch, CURLOPT_POST, 0);
+				curl_setopt($ch, CURLOPT_URL, $this->iskanjestran.$i); // just a bing intager
+				$request_loop_output = curl_exec($ch);
+				$xmlDoc = new DOMDocument($request_loop_output);
+				$xmlDoc->loadHTML($request_loop_output);
+				$searchNode = $xmlDoc->getElementById('CPH_bodyMain_SearchResultsStatic1_UpdatePanelSearchResults')->getElementsByTagName("a");
+				foreach($searchNode as $sn) {
+					if(startsWith($sn->getAttribute("href"), "/oseba/")) $kontakti[] = filter_var("https://www.itis.si".$sn->getAttribute("href"), FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_HIGH); // just don't change your domain
+				}
+			}
+			return $kontakti;
+		}
+		public function fetchoseba($personlink) { // personlink, začenjši z https://www.itis.si/oseba/
+			$ch = $this->login();
+			if(!curl_getinfo($ch)) {
+				if(!empty($ch)){return $ch;}else{return -2;}
+			}
+			curl_setopt($ch, CURLOPT_URL, $personlink);
+			curl_setopt($ch, CURLOPT_POST, 0);
+			$request_output = curl_exec($ch);
+			file_put_contents("/tmp/69.txt", $request_output);
+			$xmlDoc = new DOMDocument($request_output);
+			$xmlDoc->loadHTML($request_output);
+			$oseba = array();
+			$oseba['name'] = DOMinnerHTML($xmlDoc->getElementsByTagName("h1")[0]);
+			foreach ($xmlDoc->getElementsByTagName('a') as $ej) {
+				if (endsWith($ej->getAttribute("id"), "hlMapAddress")) {
+					$addresstext = $ej;
+				}
+			}				
+			$oseba['address'] = explode('<br>', str_replace("\n", null, str_replace("\r", null, str_replace("  ", null, DOMinnerHTML($addresstext)))));
+			$oseba['nr'] = array();
+			foreach($xmlDoc->getElementsByTagName("div") as $sn) {
+				if($sn->getAttribute("class") == "nr") $oseba['nr'][] = str_replace(" ", null, strip_tags_content(DOMinnerHTML($sn)));
+			}
+			$oseba['nr'] = array_unique($oseba['nr']);
+			$oseba['gps'] = get_string_between($ej->getAttribute("href"), 'javascript:openMap(',
+				",'".$oseba['name']);
+				return $oseba;
+		}
+	}
+?>
-- 
cgit v1.2.3