Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

dragon city

By: a guest on Jul 19th, 2013  |  syntax: PHP  |  size: 10.94 KB  |  views: 1,145  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?php  
  2. if(session_id()=="") session_start();  
  3.  
  4. function getLevelByXp($xp){  
  5.     $listlevel=array(0,40,60,100,200,350,550,800,1113,1504,1993,2604,3368,4323,5517,7010,8876,11209,13659,16232,18934,21771,24750,27878,31162,34610,38230,42031,46022,50213,54614,59235,64087,69182,74532,80150,86049,92243,98747,105576,112746,120275,128180,136480,145195,154346,163955,174044,184637,195760,207439,219702,232578,246098,260294,275200,290851,307285,324541,342660,361685,381661,402636,424660,447785,472066,497561,524331,552440,581954,612944,645484,679651,715526,756782,804226,858787,921532,993689,1076670,1172098,1281840,1408043,1553176,1720079,1912017,2132746,2386584,2678498,3014199,3400255,3844219,4354778,4941921,5617135,6393631,7286601,8313517,9494470,2016089205);  
  6.     $j=count($listlevel);  
  7.     for($i=0;$i<$j;$i++){  
  8.         if($listlevel[$i] > $xp) break;  
  9.     }  
  10.     return $i;  
  11. }  
  12.  
  13. function userkey($fbid) {  
  14.          
  15.         $ch = curl_init ();  
  16.         curl_setopt ( $ch, CURLOPT_URL, "http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_user_session.php?secret=zoltan3287&id=" . $fbid);  
  17.         curl_setopt ( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36" );  
  18.         curl_setopt ( $ch, CURLOPT_SSL_VERIFYPEER, false );  
  19.         curl_setopt ( $ch, CURLOPT_HEADER, false );  
  20.         //curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:8888");  
  21.         curl_setopt ( $ch, CURLOPT_NOBODY, false );  
  22.         curl_setopt($ch, CURLOPT_ENCODING , "gzip");  
  23.         curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, true );  
  24.         curl_setopt ( $ch, CURLOPT_CONNECTTIMEOUT, 5 );  
  25.         curl_setopt ( $ch, CURLOPT_TIMEOUT, 10 );  
  26.         $userkey = curl_exec ( $ch );  
  27.         $ch = curl_init ();  
  28.         curl_setopt ( $ch, CURLOPT_URL, 'http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_game_config.php?USERID=' . $fbid . '&user_key=' . $userkey."&language=tr" );  
  29.         curl_setopt ( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36" );  
  30.         curl_setopt ( $ch, CURLOPT_SSL_VERIFYPEER, false );  
  31.         curl_setopt ( $ch, CURLOPT_HEADER, false );  
  32.         curl_setopt($ch, CURLOPT_ENCODING , "gzip");  
  33.         curl_setopt ( $ch, CURLOPT_NOBODY, false );  
  34.         //curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:8888");  
  35.         curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, true );  
  36.         curl_setopt ( $ch, CURLOPT_CONNECTTIMEOUT, 5 );  
  37.         curl_setopt ( $ch, CURLOPT_TIMEOUT, 10 );  
  38.         $result = curl_exec ( $ch );  
  39.         curl_setopt ( $ch, CURLOPT_URL, 'http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_player_info.php?USERID=' . $fbid . '&user_key=' . $userkey."&language=tr"  
  40.         );  
  41.         curl_setopt ( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36" );  
  42.         curl_setopt ( $ch, CURLOPT_SSL_VERIFYPEER, false );  
  43.         curl_setopt ( $ch, CURLOPT_HEADER, false );  
  44.         curl_setopt ( $ch, CURLOPT_NOBODY, false );  
  45.         curl_setopt ( $ch, CURLOPT_ENCODING , "gzip");  
  46.         //curl_setopt ( $ch, CURLOPT_PROXY, "127.0.0.1:8888");  
  47.         curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, true );  
  48.         curl_setopt ( $ch, CURLOPT_CONNECTTIMEOUT, 5 );  
  49.         curl_setopt ( $ch, CURLOPT_TIMEOUT, 10 );  
  50.         $result = curl_exec ( $ch );  
  51.         return $userkey;  
  52.     }  
  53.  
  54. if(isset($_POST['flashVersion']) and !empty($_POST['flashVersion'])) $_SESSION['swversi']=$_POST['flashVersion'];  
  55. $versi="0.5.23a";  
  56. if(isset($_SESSION['swversi'])) $versi=$_SESSION['swversi'];  
  57. $str = '<html><head><title>Dragon City</title></head><body>  
  58. <form method="post">  
  59. ID FB:<br/>  
  60. <input name="fbid" /><br/>  
  61. Flash Version:<br/>  
  62. <input name="flashVersion" value="'.$versi.'"/><br/>  
  63. <select name="mode">  
  64.    <option value="1">100k xp + 100k gold</option>  
  65.    <option value="2">100k xp + 100k food</option>  
  66. </select><br/>  
  67.  
  68. <input type="submit" value="Submit" />  
  69. </form>';  
  70.  
  71. if(isset($_POST['fbid']) and isset($_POST['mode'])){  
  72.     if(empty($_POST['fbid'])) die('Please enter your FB ID');  
  73.     $fbid=$_POST['fbid'];  
  74.     $user=userkey($fbid);  
  75.     $result=komut("http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_player_info.php?USERID=$fbid&user_key=$user&language=en");  
  76.     $payload = explode(';',$result);  
  77.     $data = json_decode($payload[1],true);  
  78.      
  79.     $str .= "------------------------------<br/>";  
  80.     $str .= "name: ".$data['playerInfo']['name']."<br/>";  
  81.     $str .= "cash: ".number_format($data['playerInfo']['cash'],0,',','.')."<br/>";  
  82.     $str .= "gold: ".number_format($data['playerInfo']['gold'],0,',','.')."<br/>";  
  83.     $str .= "food: ".number_format($data['playerInfo']['food'],0,',','.')."<br/>";  
  84.     $str .= "xp: ".number_format($data['playerInfo']['xp'],0,',','.')."<br/>";  
  85.     $str .= "------------------------------<br/>";  
  86.      
  87.     $hcx='';  
  88.      
  89.      
  90.     for($i=1;$i<100;$i++)  
  91. {  
  92. //$hcx.='{"args":[89,25],"number":'.$i.',"cmd":"collect","time":1372771201},';  
  93. $hcx.='{"args":[18],"number":'.$i.',"cmd":"collect","time":1372771201},';  
  94. //$hcx.='{"args":[134],"number":'.$i.',"cmd":"collect","time":1372771201},';  
  95. }  
  96. $hcx=substr($hcx,0,-1);  
  97. $hc='{"commands":['.$hcx.']}';  
  98. $hc=json_decode($hc,1);  
  99. $num=1;  
  100. for($i=0;$i<count($hc['commands']);$i++)  
  101. {  
  102. $hc['commands'][$i]['time']=time();  
  103. }  
  104. $hc=substr(substr(str_replace(" ","",json_encode($hc)),0,-1),1);  
  105.  
  106. function arasi($a,$b,$data)  
  107. {  
  108. $x = explode($a,$data);  
  109. $z = explode($b,$x[1]);  
  110. $oh = $z[0];  
  111. if($x && $z) { return $oh; } else { return false; }  
  112. }  
  113. function komut2($komut,$num)  
  114. {  
  115. $data=komutyolla($komut,$num);  
  116.  
  117. if(stristr($data,'bad command number: expected'))  
  118. {  
  119. $yeninum=arasi('bad command number: expected ',',',$data);  
  120. $data=komutyolla($komut,$yeninum);  
  121. return substr($data,65);  
  122. }  
  123. else  
  124. {  
  125. return substr($data,65);  
  126. }  
  127. }  
  128.  
  129. function komutyolla($komut,$num)  
  130. {  
  131. global $fbid,$user;  
  132. $ch = curl_init();  
  133. curl_setopt($ch, CURLOPT_URL,"http://dynamicdc.socialpointgames.com/dragoncity/web/srv/packet.php?USERID=$fbid&user_key=$user&language=tr");  
  134. curl_setopt($ch, CURLOPT_POST, 1);  
  135. curl_setopt($ch, CURLOPT_POSTFIELDS,http_build_query(array("id"=>"$fbid","data"=>hashla($komut,$num))));  
  136. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
  137. //curl_setopt($ch, CURLOPT_HTTPHEADER, array("REMOTE_ADDR: ".fakeip(),"X-Client-IP: ".fakeip(),"Client-IP: ".fakeip(),"HTTP_X_FORWARDED_FOR: ".fakeip(),"X-Forwarded-For: ".fakeip()));  
  138. curl_setopt($ch, CURLOPT_ENCODING , "gzip");  
  139. //curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:8888");  
  140. $data = curl_exec ($ch);  
  141. curl_close ($ch);  
  142. return $data;  
  143. }  
  144.  
  145. function hashla($komut,$n)  
  146. {  
  147. $ar=array("first_number"=>$n,"publishActions"=>0,"tries"=>1,"flashVersion"=>"0.5.19","ts"=>time());  
  148. $x='RGhXbiy4xEeDnSNX1oBG';  
  149. $sonkod=str_replace(" ","",str_replace('}',','.$komut.'}',json_encode($ar)));  
  150. return hash_hmac('sha256', $sonkod, $x).';'.$sonkod;  
  151. }  
  152. if(isset($_POST["fbid"]))  
  153. {  
  154. $fbid=$_POST['fbid'];  
  155. $user=userkey($fbid);  
  156. /*  
  157. {"commands":[{"args":[1040],"number":1,"cmd":"get_rewarded_dragon","time":1372844166}]}  
  158.  
  159. {"commands":[{"cmd":"assist_receive","number":1,"args":[1],"time":1372539611}]}  
  160. */  
  161. if($_POST["mode"]==1)  
  162. {  
  163.  
  164. unset($hc,$hcx);$hcx='';  
  165. for($i=1;$i<10001;$i++)  
  166. {  
  167. /* 3gems (work 1 times)  
  168. $hcx.='{"args":[147,"[0,1]"],"number":'.$i.',"cmd":"set_goals","time":1372771201},';  
  169. $hcx.='{"args":[147],"number":'.$i.',"cmd":"complete_goal","time":1372771201},';  
  170. $hcx.='{"args":[134],"number":'.$i.',"cmd":"complete_goal","time":1372771201},';  
  171. $hcx.='{"args":[148,"[0,1]"],"number":'.$i.',"cmd":"set_goals","time":1372771201},';  
  172. $hcx.='{"args":[148],"number":'.$i.',"cmd":"complete_goal","time":1372771201},';  
  173. $hcx.='{"args":[134,"[0,1]"],"number":'.$i.',"cmd":"set_goals","time":1372771201},';  
  174. $hcx.='{"args":[147,"[0,1]"],"number":1,"cmd":"set_goals","time":1372771201},';  
  175. $hcx.='{"args":[145,"[1,1]"],"number":1,"cmd":"set_goals","time":1372771201},';  
  176. $hcx.='{"args":[145],"number":1,"cmd":"set_goals","time":1372771201},';  
  177.  
  178. */  
  179. $hcx.='{"args":[1],"number":'.$i.',"cmd":"assist_receive","time":1372771201},';  
  180. }  
  181. $hcx=substr($hcx,0,-1);  
  182. $hc='{"commands":['.$hcx.']}';  
  183. $hc=json_decode($hc,1);  
  184. $num=1;  
  185. for($i=0;$i<count($hc['commands']);$i++)  
  186. {  
  187. $hc['commands'][$i]['time']=time();  
  188. }  
  189. }  
  190. else if ($_POST["mode"]==2)  
  191. {  
  192. unset($hc,$hcx);$hcx='';  
  193. for($i=1;$i<10001;$i++)  
  194. {  
  195. $hcx.='{"args":[18],"number":'.$i.',"cmd":"assist_receive","time":1372771201},';  
  196. // xp:$hcx.='{"args":[3666,1],"number":'.$i.',"cmd":"finish_building","time":1372771201},';  
  197. }  
  198. $hcx=substr($hcx,0,-1);  
  199. $hc='{"commands":['.$hcx.']}';  
  200. $hc=json_decode($hc,1);  
  201. $num=1;  
  202. for($i=0;$i<count($hc['commands']);$i++)  
  203. {  
  204. $hc['commands'][$i]['time']=time();  
  205. }  
  206. }  
  207. else if ($_POST["mode"]==3)  
  208. {  
  209. unset($hc,$hcx);$hcx='';  
  210. for($i=1;$i<201;$i++)  
  211. {  
  212. $hcx.='{"args":[8241,0],"number":'.$i.',"cmd":"finish_building","time":1372771201},';  
  213. }  
  214. $hcx=substr($hcx,0,-1);  
  215. $hc='{"commands":['.$hcx.']}';  
  216. $hc=json_decode($hc,1);  
  217. $num=1;  
  218. for($i=0;$i<count($hc['commands']);$i++)  
  219. {  
  220. $hc['commands'][$i]['time']=time();  
  221. }  
  222. }  
  223. $hc=substr(substr(str_replace(" ","",json_encode($hc)),0,-1),1);  
  224. $sucb=json_decode(komut2($hc,$num),1);  
  225. }  
  226. else  
  227. {  
  228. }  
  229.  
  230.     $result=komut("http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_player_info.php?USERID=$fbid&user_key=$user&language=en");  
  231.     $payload = explode(';',$result);  
  232.     $data = json_decode($payload[1],true);  
  233.      
  234.     $str .= "name: ".$data['playerInfo']['name']."<br/>";  
  235.     $str .= "cash: ".number_format($data['playerInfo']['cash'],0,',','.')."<br/>";  
  236.     $str .= "gold: ".number_format($data['playerInfo']['gold'],0,',','.')."<br/>";  
  237.     $str .= "food: ".number_format($data['playerInfo']['food'],0,',','.')."<br/>";  
  238.     $str .= "xp: ".number_format($data['playerInfo']['xp'],0,',','.')."<br/>";  
  239.     $str .= "------------------------------<br/>";  
  240.     die("$str</body></html>");  
  241. }else die("$str</body></html>");  
  242.  
  243. function fakeip()  
  244. {  
  245. return long2ip( mt_rand(0, 65537) * mt_rand(0, 65535) );    
  246. }  
  247.  
  248. function komut($url,$args=false)  
  249. {  
  250. global $fbid,$user;  
  251. $ch = curl_init();  
  252. curl_setopt($ch, CURLOPT_URL,$url);  
  253. curl_setopt($ch, CURLOPT_HTTPHEADER, array("REMOTE_ADDR: ".fakeip(),"X-Client-IP: ".fakeip(),"Client-IP: ".fakeip(),"HTTP_X_FORWARDED_FOR: ".fakeip(),"X-Forwarded-For: ".fakeip()));  
  254. if($args)  
  255. {  
  256. curl_setopt($ch, CURLOPT_POST, 1);  
  257. curl_setopt($ch, CURLOPT_POSTFIELDS,$args);  
  258. }  
  259. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
  260. //curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:8888");  
  261. $result = curl_exec ($ch);  
  262. curl_close ($ch);  
  263. return $result;  
  264. }  
  265. ?>