dragon city

1. <?php  
2. if(session_id()=="") session_start();  
3.  
4. function getLevelByXp($xp){  
5.     $listlevel=array(0,40,60,100,200,350,550,800,1113,1504,1993,2604,3368,4323,5517,7010,8876,11209,13659,16232,18934,21771,24750,27878,31162,34610,38230,42031,46022,50213,54614,59235,64087,69182,74532,80150,86049,92243,98747,105576,112746,120275,128180,136480,145195,154346,163955,174044,184637,195760,207439,219702,232578,246098,260294,275200,290851,307285,324541,342660,361685,381661,402636,424660,447785,472066,497561,524331,552440,581954,612944,645484,679651,715526,756782,804226,858787,921532,993689,1076670,1172098,1281840,1408043,1553176,1720079,1912017,2132746,2386584,2678498,3014199,3400255,3844219,4354778,4941921,5617135,6393631,7286601,8313517,9494470,2016089205);  
6.     $j=count($listlevel);  
7.     for($i=0;$i<$j;$i++){  
8.         if($listlevel[$i] > $xp) break;  
9.     }  
10.     return $i;  
11. }  
12.  
13. function userkey($fbid) {  
14.          
15.         $ch = curl_init ();  
16.         curl_setopt ( $ch, CURLOPT_URL, "http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_user_session.php?secret=zoltan3287&id=" . $fbid);  
17.         curl_setopt ( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36" );  
18.         curl_setopt ( $ch, CURLOPT_SSL_VERIFYPEER, false );  
19.         curl_setopt ( $ch, CURLOPT_HEADER, false );  
20.         //curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:8888");  
21.         curl_setopt ( $ch, CURLOPT_NOBODY, false );  
22.         curl_setopt($ch, CURLOPT_ENCODING , "gzip");  
23.         curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, true );  
24.         curl_setopt ( $ch, CURLOPT_CONNECTTIMEOUT, 5 );  
25.         curl_setopt ( $ch, CURLOPT_TIMEOUT, 10 );  
26.         $userkey = curl_exec ( $ch );  
27.         $ch = curl_init ();  
28.         curl_setopt ( $ch, CURLOPT_URL, 'http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_game_config.php?USERID=' . $fbid . '&user_key=' . $userkey."&language=tr" );  
29.         curl_setopt ( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36" );  
30.         curl_setopt ( $ch, CURLOPT_SSL_VERIFYPEER, false );  
31.         curl_setopt ( $ch, CURLOPT_HEADER, false );  
32.         curl_setopt($ch, CURLOPT_ENCODING , "gzip");  
33.         curl_setopt ( $ch, CURLOPT_NOBODY, false );  
34.         //curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:8888");  
35.         curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, true );  
36.         curl_setopt ( $ch, CURLOPT_CONNECTTIMEOUT, 5 );  
37.         curl_setopt ( $ch, CURLOPT_TIMEOUT, 10 );  
38.         $result = curl_exec ( $ch );  
39.         curl_setopt ( $ch, CURLOPT_URL, 'http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_player_info.php?USERID=' . $fbid . '&user_key=' . $userkey."&language=tr"  
40.         );  
41.         curl_setopt ( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36" );  
42.         curl_setopt ( $ch, CURLOPT_SSL_VERIFYPEER, false );  
43.         curl_setopt ( $ch, CURLOPT_HEADER, false );  
44.         curl_setopt ( $ch, CURLOPT_NOBODY, false );  
45.         curl_setopt ( $ch, CURLOPT_ENCODING , "gzip");  
46.         //curl_setopt ( $ch, CURLOPT_PROXY, "127.0.0.1:8888");  
47.         curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, true );  
48.         curl_setopt ( $ch, CURLOPT_CONNECTTIMEOUT, 5 );  
49.         curl_setopt ( $ch, CURLOPT_TIMEOUT, 10 );  
50.         $result = curl_exec ( $ch );  
51.         return $userkey;  
52.     }  
53.  
54. if(isset($_POST['flashVersion']) and !empty($_POST['flashVersion'])) $_SESSION['swversi']=$_POST['flashVersion'];  
55. $versi="0.5.23a";  
56. if(isset($_SESSION['swversi'])) $versi=$_SESSION['swversi'];  
57. $str = '<html><head><title>Dragon City</title></head><body>  
58. <form method="post">  
59. ID FB:<br/>  
60. <input name="fbid" /><br/>  
61. Flash Version:<br/>  
62. <input name="flashVersion" value="'.$versi.'"/><br/>  
63. <select name="mode">  
64.    <option value="1">100k xp + 100k gold</option>  
65.    <option value="2">100k xp + 100k food</option>  
66. </select><br/>  
67.  
68. <input type="submit" value="Submit" />  
69. </form>';  
70.  
71. if(isset($_POST['fbid']) and isset($_POST['mode'])){  
72.     if(empty($_POST['fbid'])) die('Please enter your FB ID');  
73.     $fbid=$_POST['fbid'];  
74.     $user=userkey($fbid);  
75.     $result=komut("http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_player_info.php?USERID=$fbid&user_key=$user&language=en");  
76.     $payload = explode(';',$result);  
77.     $data = json_decode($payload[1],true);  
78.      
79.     $str .= "------------------------------<br/>";  
80.     $str .= "name: ".$data['playerInfo']['name']."<br/>";  
81.     $str .= "cash: ".number_format($data['playerInfo']['cash'],0,',','.')."<br/>";  
82.     $str .= "gold: ".number_format($data['playerInfo']['gold'],0,',','.')."<br/>";  
83.     $str .= "food: ".number_format($data['playerInfo']['food'],0,',','.')."<br/>";  
84.     $str .= "xp: ".number_format($data['playerInfo']['xp'],0,',','.')."<br/>";  
85.     $str .= "------------------------------<br/>";  
86.      
87.     $hcx='';  
88.      
89.      
90.     for($i=1;$i<100;$i++)  
91. {  
92. //$hcx.='{"args":[89,25],"number":'.$i.',"cmd":"collect","time":1372771201},';  
93. $hcx.='{"args":[18],"number":'.$i.',"cmd":"collect","time":1372771201},';  
94. //$hcx.='{"args":[134],"number":'.$i.',"cmd":"collect","time":1372771201},';  
95. }  
96. $hcx=substr($hcx,0,-1);  
97. $hc='{"commands":['.$hcx.']}';  
98. $hc=json_decode($hc,1);  
99. $num=1;  
100. for($i=0;$i<count($hc['commands']);$i++)  
101. {  
102. $hc['commands'][$i]['time']=time();  
103. }  
104. $hc=substr(substr(str_replace(" ","",json_encode($hc)),0,-1),1);  
105.  
106. function arasi($a,$b,$data)  
107. {  
108. $x = explode($a,$data);  
109. $z = explode($b,$x[1]);  
110. $oh = $z[0];  
111. if($x && $z) { return $oh; } else { return false; }  
112. }  
113. function komut2($komut,$num)  
114. {  
115. $data=komutyolla($komut,$num);  
116.  
117. if(stristr($data,'bad command number: expected'))  
118. {  
119. $yeninum=arasi('bad command number: expected ',',',$data);  
120. $data=komutyolla($komut,$yeninum);  
121. return substr($data,65);  
122. }  
123. else  
124. {  
125. return substr($data,65);  
126. }  
127. }  
128.  
129. function komutyolla($komut,$num)  
130. {  
131. global $fbid,$user;  
132. $ch = curl_init();  
133. curl_setopt($ch, CURLOPT_URL,"http://dynamicdc.socialpointgames.com/dragoncity/web/srv/packet.php?USERID=$fbid&user_key=$user&language=tr");  
134. curl_setopt($ch, CURLOPT_POST, 1);  
135. curl_setopt($ch, CURLOPT_POSTFIELDS,http_build_query(array("id"=>"$fbid","data"=>hashla($komut,$num))));  
136. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
137. //curl_setopt($ch, CURLOPT_HTTPHEADER, array("REMOTE_ADDR: ".fakeip(),"X-Client-IP: ".fakeip(),"Client-IP: ".fakeip(),"HTTP_X_FORWARDED_FOR: ".fakeip(),"X-Forwarded-For: ".fakeip()));  
138. curl_setopt($ch, CURLOPT_ENCODING , "gzip");  
139. //curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:8888");  
140. $data = curl_exec ($ch);  
141. curl_close ($ch);  
142. return $data;  
143. }  
144.  
145. function hashla($komut,$n)  
146. {  
147. $ar=array("first_number"=>$n,"publishActions"=>0,"tries"=>1,"flashVersion"=>"0.5.19","ts"=>time());  
148. $x='RGhXbiy4xEeDnSNX1oBG';  
149. $sonkod=str_replace(" ","",str_replace('}',','.$komut.'}',json_encode($ar)));  
150. return hash_hmac('sha256', $sonkod, $x).';'.$sonkod;  
151. }  
152. if(isset($_POST["fbid"]))  
153. {  
154. $fbid=$_POST['fbid'];  
155. $user=userkey($fbid);  
156. /*  
157. {"commands":[{"args":[1040],"number":1,"cmd":"get_rewarded_dragon","time":1372844166}]}  
158.  
159. {"commands":[{"cmd":"assist_receive","number":1,"args":[1],"time":1372539611}]}  
160. */  
161. if($_POST["mode"]==1)  
162. {  
163.  
164. unset($hc,$hcx);$hcx='';  
165. for($i=1;$i<10001;$i++)  
166. {  
167. /* 3gems (work 1 times)  
168. $hcx.='{"args":[147,"[0,1]"],"number":'.$i.',"cmd":"set_goals","time":1372771201},';  
169. $hcx.='{"args":[147],"number":'.$i.',"cmd":"complete_goal","time":1372771201},';  
170. $hcx.='{"args":[134],"number":'.$i.',"cmd":"complete_goal","time":1372771201},';  
171. $hcx.='{"args":[148,"[0,1]"],"number":'.$i.',"cmd":"set_goals","time":1372771201},';  
172. $hcx.='{"args":[148],"number":'.$i.',"cmd":"complete_goal","time":1372771201},';  
173. $hcx.='{"args":[134,"[0,1]"],"number":'.$i.',"cmd":"set_goals","time":1372771201},';  
174. $hcx.='{"args":[147,"[0,1]"],"number":1,"cmd":"set_goals","time":1372771201},';  
175. $hcx.='{"args":[145,"[1,1]"],"number":1,"cmd":"set_goals","time":1372771201},';  
176. $hcx.='{"args":[145],"number":1,"cmd":"set_goals","time":1372771201},';  
177.  
178. */  
179. $hcx.='{"args":[1],"number":'.$i.',"cmd":"assist_receive","time":1372771201},';  
180. }  
181. $hcx=substr($hcx,0,-1);  
182. $hc='{"commands":['.$hcx.']}';  
183. $hc=json_decode($hc,1);  
184. $num=1;  
185. for($i=0;$i<count($hc['commands']);$i++)  
186. {  
187. $hc['commands'][$i]['time']=time();  
188. }  
189. }  
190. else if ($_POST["mode"]==2)  
191. {  
192. unset($hc,$hcx);$hcx='';  
193. for($i=1;$i<10001;$i++)  
194. {  
195. $hcx.='{"args":[18],"number":'.$i.',"cmd":"assist_receive","time":1372771201},';  
196. // xp:$hcx.='{"args":[3666,1],"number":'.$i.',"cmd":"finish_building","time":1372771201},';  
197. }  
198. $hcx=substr($hcx,0,-1);  
199. $hc='{"commands":['.$hcx.']}';  
200. $hc=json_decode($hc,1);  
201. $num=1;  
202. for($i=0;$i<count($hc['commands']);$i++)  
203. {  
204. $hc['commands'][$i]['time']=time();  
205. }  
206. }  
207. else if ($_POST["mode"]==3)  
208. {  
209. unset($hc,$hcx);$hcx='';  
210. for($i=1;$i<201;$i++)  
211. {  
212. $hcx.='{"args":[8241,0],"number":'.$i.',"cmd":"finish_building","time":1372771201},';  
213. }  
214. $hcx=substr($hcx,0,-1);  
215. $hc='{"commands":['.$hcx.']}';  
216. $hc=json_decode($hc,1);  
217. $num=1;  
218. for($i=0;$i<count($hc['commands']);$i++)  
219. {  
220. $hc['commands'][$i]['time']=time();  
221. }  
222. }  
223. $hc=substr(substr(str_replace(" ","",json_encode($hc)),0,-1),1);  
224. $sucb=json_decode(komut2($hc,$num),1);  
225. }  
226. else  
227. {  
228. }  
229.  
230.     $result=komut("http://dynamicdc.socialpointgames.com/dragoncity/web/srv/get_player_info.php?USERID=$fbid&user_key=$user&language=en");  
231.     $payload = explode(';',$result);  
232.     $data = json_decode($payload[1],true);  
233.      
234.     $str .= "name: ".$data['playerInfo']['name']."<br/>";  
235.     $str .= "cash: ".number_format($data['playerInfo']['cash'],0,',','.')."<br/>";  
236.     $str .= "gold: ".number_format($data['playerInfo']['gold'],0,',','.')."<br/>";  
237.     $str .= "food: ".number_format($data['playerInfo']['food'],0,',','.')."<br/>";  
238.     $str .= "xp: ".number_format($data['playerInfo']['xp'],0,',','.')."<br/>";  
239.     $str .= "------------------------------<br/>";  
240.     die("$str</body></html>");  
241. }else die("$str</body></html>");  
242.  
243. function fakeip()  
244. {  
245. return long2ip( mt_rand(0, 65537) * mt_rand(0, 65535) );    
246. }  
247.  
248. function komut($url,$args=false)  
249. {  
250. global $fbid,$user;  
251. $ch = curl_init();  
252. curl_setopt($ch, CURLOPT_URL,$url);  
253. curl_setopt($ch, CURLOPT_HTTPHEADER, array("REMOTE_ADDR: ".fakeip(),"X-Client-IP: ".fakeip(),"Client-IP: ".fakeip(),"HTTP_X_FORWARDED_FOR: ".fakeip(),"X-Forwarded-For: ".fakeip()));  
254. if($args)  
255. {  
256. curl_setopt($ch, CURLOPT_POST, 1);  
257. curl_setopt($ch, CURLOPT_POSTFIELDS,$args);  
258. }  
259. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
260. //curl_setopt($ch, CURLOPT_PROXY, "127.0.0.1:8888");  
261. $result = curl_exec ($ch);  
262. curl_close ($ch);  
263. return $result;  
264. }  
265. ?>