<!DOCTYPE HTML>  
<html>
<head>
</head>
<body>  

<?php

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	
	$email = $_POST['email'];
	$password = $_POST['password'];

	if (!$email || !$password) {
		echo 'Email and/or password can\' be empty';
	}
	
	if ($email && $password) {
		addBooks($email, $password);
	}
}
?>

<h2>This will add 31 book codes to your account. Details are not stored.</h2>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">  
	Email: <input type="text" name="email" value="<?php echo $email;?>">
	<br><br>
	Password: <input type="password" name="password" value="<?php echo $password;?>">
	<br><br>
	<input type="submit" name="submit" value="Submit">  
</form>

</body>
</html>



<?php

function addBooks($user, $pass) {
		
		$codes = array('ABUCAST','ANNACAST','BALOOCAST','BUZZCAST','DORYCAST','FINDDORY4243','Finddory7373','FLOUNDERCAST','FROZEN305919','GASTONCAST','GOODDINO9228','INSIDEOUT596','KIDCUISINEFROZEN','KIDCUISINESTARWARS','MACQUACKCAST','MATERCAST','MAUICAST','MERIDACAST','NEMOCAST','NICKCAST','OLAFCAST','PIXAR1256473','Planes144748','PRINCESS4343','Princess6069','Princess8958','REXCAST','SULLYCAST','Toystory7054','Whisker90843','Zootopia6514');

		$curl = curl_init();
		curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
		curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
		curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
		curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0');
		curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'POST');
		curl_setopt($curl, CURLOPT_POSTFIELDS, null);
		curl_setopt($curl, CURLOPT_HEADER, true);
		curl_setopt($curl, CURLOPT_URL, 'https://registerdisney.go.com/jgc/v5/client/DCP-DISNEYSTORYCENTRAL.WEB-PROD/api-key?langPref=en-US');
		$ret = curl_exec($curl);
		

		if (preg_match('/api-key: +(.*)/im', $ret, $regs)) {
			$api_key = $regs[1];
		}
		
		curl_setopt($curl, CURLOPT_URL, 'https://ha.registerdisney.go.com/jgc/v5/client/DCP-DISNEYSTORYCENTRAL.WEB-PROD/guest/login?langPref=en-US');
		curl_setopt($curl, CURLOPT_HTTPHEADER, array("Authorization: APIKEY {$api_key}", 'Content-type: application/json'));
		curl_setopt($curl, CURLOPT_HEADER, false);
		curl_setopt($curl, CURLOPT_POSTFIELDS, '{"loginValue":"'.$user.'","password":"'.$pass.'"}');
		$ret = curl_exec($curl);
		$ret_arr = json_decode($ret, true);
		
		$firstname = $ret_arr['data']['profile']['firstName'];
		$lastname = $ret_arr['data']['profile']['lastName'];
		$swid = $ret_arr['data']['profile']['swid'];
		$swid = str_replace(array('{', '}'), '', $swid);
		$email = $ret_arr['data']['profile']['email'];
		
		curl_setopt($curl, CURLOPT_URL, 'https://disneystorycentral.com/rest/user/synchronize');
		curl_setopt($curl, CURLOPT_POSTFIELDS, '{"firstname":"'.$firstname.'","lastname":"'.$lastname.'","swid":"'.$swid.'","email":"'.$email.'"}');
		$ret = curl_exec($curl);
		$ret_arr = json_decode($ret, true);
		
		$userId = $ret_arr['didUser']['userId'];
		
		curl_setopt($curl, CURLOPT_URL, 'https://disneystorycentral.com/rest/users/'.$userId.'/profiles/');
		curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'GET');
		curl_setopt($curl, CURLOPT_POSTFIELDS, null);
		$ret = curl_exec($curl);
		$ret_arr = json_decode($ret, true);
	
		$profileId = $ret_arr[0]['profileId'];
		
		foreach ($codes as $codeValue) {
		
			curl_setopt($curl, CURLOPT_URL, 'https://disneystorycentral.com/rest/coderedemption/redeem/?locale=en_US&cachebuster='.rand(0,100000000));
			curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'POST');
			curl_setopt($curl, CURLOPT_POSTFIELDS, '{"codeValue":"'.$codeValue.'","itemBundleId":null,"itemIds":[],"userId":"'.$userId.'","profileId":"'.$profileId.'"}');
			$ret = curl_exec($curl);
		
		}
}
?>