<?php
    error_reporting(E_ALL ^ E_DEPRECATED);
    mysqli_report(MYSQLI_REPORT_OFF);
    include "../include/variables.php";
    include "../include/functions.php";
    include "../include/errors.php";
    include "../include/getip.php";
    $PHP_SELF=$_SERVER['PHP_SELF'];
    if (isset($_SERVER['HTTP_ACCEPT_ENCODING']) && substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
        if (ob_get_length()) ob_end_clean();
        ob_start("ob_gzhandler");
    }
    else ob_start();
    if(!empty($_GET['sid']) && gettype($_GET['sid']) == "string" && $_GET['sid']!= session_id()) {
    session_id($_GET['sid']);
    }
    if (!empty($_SERVER['HTTPS'])) {
        $session_options = array(
            "secure" => true,
            "SameSite" => "None"
        );
        session_set_cookie_params($session_options);
    }
    session_start();
    include "../include/iplog.php";

    function avg($a,$b) {
        return ($a+$b)/2;
    }

    list($usec, $sec) = explode(' ', microtime());
    mt_srand($usec*1000000);

    $generate_captcha = false;
    $agent=!empty($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:"";
    $whitelisted=false;
    $host_whitelist[]="\.fbsv\.net$"; //facebook
    if (isset($host_whitelist)) {
        foreach ($host_whitelist as $pattern) {
            if (preg_match("/".$pattern."/i",$host)) {
                $whitelisted = true;
                break;
            }
        }
    }
    $agent_whitelist[]="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b";
    if (isset($agent_whitelist) && in_array($agent, $agent_whitelist)) {
        $whitelisted=true;
    }
    $show_captcha = false;
    $logmsg="";
    if (empty($_COOKIE)) {
        $logmsg = "No cookies";
    } elseif (empty($_SESSION)) {
        $logmsg = "No session cookie";
    } elseif (!isset($_GET['cid']) || gettype($_GET['cid']) != "string"){
        if (!empty($_SESSION['image_value']))
            $old_captcha = $_SESSION['image_value'];
        if (!empty($_SESSION['image_time']) && $_SESSION['image_time'] < time())
            $generate_captcha = true;
        $show_captcha = true;
    } else {
        if (!isset($_SESSION['data']) || !is_array($_SESSION['data'])) {
            //$logmsg="No data entry in session";
        } elseif (!isset($_SESSION['data'][$_GET['cid']]) || !is_array($_SESSION['data'][$_GET['cid']])) {
            $logmsg="Unknown captcha id";
        } elseif (empty($_SESSION['data'][$_GET['cid']]["ip"])) {
            $logmsg="Captcha id w/o ip address";
        } elseif ($_SESSION['data'][$_GET['cid']]["ip"] != $ip) {
            $logmsg="Bad ip address (Captcha generated on ".$_SESSION['data'][$_GET['cid']]["ip"].")";
        } elseif ($_SESSION['data'][$_GET['cid']]["agent"] != $agent) {
            $logmsg="Bad user agent (Captcha generated on ".$_SESSION['data'][$_GET['cid']]["ip"]." with ".$_SESSION['data'][$_GET['cid']]["agent"]." User Agent)";
        } else {
            if (!empty($_SESSION['data'][$_GET['cid']]["captcha"]))
                $old_captcha = $_SESSION['data'][$_GET['cid']]["captcha"];
            if (!empty($_SESSION['data'][$_GET['cid']]["time"]) && $_SESSION['data'][$_GET['cid']]["time"] < time())
                $generate_captcha = true;
            $show_captcha = true;
        }
    }
    if (!isset($old_captcha))
        $generate_captcha = true;
    if ($generate_captcha) {
        $width=100;
        $height=30;
        $image=imagecreatetruecolor($width, $height);
        // Add Random noise
        for ($i = 0; $i < $width; $i++) {
            for ($j = 0; $j < $height; $j++) {
                $color = imagecolorallocate($image, mt_rand(0,128), mt_rand(0,128), mt_rand(0,128));
                imagesetpixel($image, $i, $j, $color);
            }
        }
        // Add Random lines
        for ($i = 0; $i < mt_rand(0,255); $i++) {
            $x1=mt_rand(0,$width);
            $x2=mt_rand(0,$width);
            $y1=mt_rand(0,$height);
            $y2=mt_rand(0,$height);
            $color = imagecolorallocatealpha($image, mt_rand(0,192), mt_rand(0,192), mt_rand(0,192), mt_rand(0,127));
            imageline($image, $x1, $y1, $x2, $y2, $color);
        }
    }
    if ($whitelisted) {
        if (!empty($logmsg)) $logmsg=$logmsg." (Whitelisted)";
        if (!$show_captcha) $show_captcha=true;
    }
    if ($show_captcha) {
        if ($generate_captcha || empty($old_captcha)) {
            $rand_str=random_string(mt_rand(3,6));
            $rand_str2=random_string(mt_rand(3,6));
        }
        if (!isset($_GET['cid']) || gettype($_GET['cid']) != "string"){
            if ($generate_captcha || empty($old_captcha)) {
                $_SESSION['image_value'] = md5($rand_str);
                $_SESSION['image_time'] = time();
            } else
                $_SESSION['image_value'] = $old_captcha;
        } else {
            if ($generate_captcha || empty($old_captcha)) {
                $_SESSION['data'][$_GET['cid']]["captcha"] = md5($rand_str);
                $_SESSION['data'][$_GET['cid']]["time"] = time();
            } else
                $_SESSION['data'][$_GET['cid']]["captcha"] = $old_captcha;
            $cid=$_GET['cid'];
        }
        if ($generate_captcha) {
            $red=mt_rand(0,192);
            $green=mt_rand(0,192);
            $blue=mt_rand(0,192);
            $color = ImageColorAllocate($image, $red, $green, $blue);
            //imagestring($image, 5, 12, 4, $rand_str, $color);
            $angle=mt_rand(-8,8);
            $size= mt_rand(14,15);
            $box = imageftbbox($size, $angle, '../fonts/pala.ttf', $rand_str2);
            $x_left=avg($box[0],$box[6]);
            $x_right=avg($box[2],$box[4]);
            $text_width = $x_right - $x_left;
            $y_top=avg($box[7],$box[5]);
            $y_bottom=avg($box[1],$box[3]);
            $text_height = $y_bottom - $y_top;
            $x=($width-$text_width)/2;
            $y=($height+$text_height)/2;
            imagettftext ($image, $size, $angle , $x, $y, $color , '../fonts/pala.ttf' , $rand_str2);

            $red=mt_rand(192,255);
            $green=mt_rand(192,255);
            $blue=mt_rand(192,255);
            $color = ImageColorAllocate($image, $red, $green, $blue);
            //imagestring($image, 5, 12, 4, $rand_str, $color);
            $angle=mt_rand(-8,8);
            $size= mt_rand(14,15);
            $box = imageftbbox($size, $angle, '../fonts/pala.ttf', $rand_str);
            $x_left=avg($box[0],$box[6]);
            $x_right=avg($box[2],$box[4]);
            $text_width = $x_right - $x_left;
            $y_top=avg($box[7],$box[5]);
            $y_bottom=avg($box[1],$box[3]);
            $text_height = $y_bottom - $y_top;
            $x=($width-$text_width)/2;
            $y=($height+$text_height)/2;
            imagettftext ($image, $size, $angle , $x, $y, $color , '../fonts/pala.ttf' , $rand_str);
        }
    } else {
        header ($_SERVER['SERVER_PROTOCOL']." 403 Forbidden");
        if ($logmsg) {
            $file=fopen("$prefix/logs/captcha.txt", "a");
            $msg= getinfo().(!empty($_SERVER['HTTP_USER_AGENT'])?("\nUser Agent: ".$_SERVER['HTTP_USER_AGENT']):"")."\n$logmsg".(!empty($dbg)?"\n$dbg":"")."\n\n";
            fwrite($file, $msg); fclose($file);
        }
    }

    if ($generate_captcha) {
        // Add Random noise with alpha
        for ($i = 0; $i < $width; $i++) {
            for ($j = 0; $j < $height; $j++) {
                $color = imagecolorallocatealpha($image, mt_rand(0,128), mt_rand(0,128), mt_rand(0,128), mt_rand(96,127));
                imagesetpixel($image, $i, $j, $color);
            }
        }
        if ($show_captcha) {
            // Add Random lines
            for ($i = 0; $i < mt_rand(0,255); $i++) {
                $x1=mt_rand(0,$width);
                $x2=mt_rand(0,$width);
                $y1=mt_rand(0,$height);
                $y2=mt_rand(0,$height);
                $color = imagecolorallocatealpha($image, mt_rand(0,128), mt_rand(0,255), mt_rand(0,255), mt_rand(63,127));
                imageline($image, $x1, $y1, $x2, $y2, $color);
            }
        }
    }
    ob_start();
    header('Content-type: image/jpeg');
    header("Content-Disposition: inline; filename=".(isset($cid)?$cid:"random").".jpg");
    //header ("Expires: ");
    //header ("Pragma: ");
    if($generate_captcha)
        imagejpeg($image);
    if (!isset($_GET['cid']) || gettype($_GET['cid']) != "string"){
        if ($generate_captcha || !isset($_SESSION['image']))
            $_SESSION['image'] = base64_encode(gzencode(ob_get_contents(),9));
        else {
            ob_clean();
            echo gzdecode(base64_decode($_SESSION['image']));
        }
    } else {
        if ($generate_captcha || !isset($_SESSION['data'][$_GET['cid']]["image"]))
            $_SESSION['data'][$_GET['cid']]["image"] = base64_encode(gzencode(ob_get_contents(),9));
        else {
            ob_clean();
            echo gzdecode(base64_decode($_SESSION['data'][$_GET['cid']]["image"]));
        }
    }
    header("Content-length: " . ob_get_length());
    ob_end_flush();
    if ($generate_captcha)
        imagedestroy($image);
?>

You can also check other includes below (some files are hidden as they are in exclusion list):
functions.php
errors.php
getip.php
iplog.php