API tools faq
paste
Guest User

Untitled

a guest
Dec 24th, 2016
81
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.11 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. header('Content-Type: text/html; charset=utf-8');
  3. define('INCLUDE_CHECK',true);
  4.  
  5. if(isset ($_POST['action'])) {
  6. include("connect.php");
  7. include_once("security.php");
  8. include_once("loger.php");
  9. include_once("uuid.php");
  10. $x = $_POST['action'];
  11. $x = str_replace(" ", "+", $x);
  12. $yd = Security::decrypt($x, $key2);
  13. if($yd==null) {
  14. echo 'errorlauncher';
  15. exit;
  16. }
  17. @list($action, $client, $login, $postPass, $launchermd5, $ctoken) = explode(':', $yd);
  18. } else {
  19. echo 'NOTHING TO DO';
  20. exit;
  21. }
  22.  
  23. try {
  24. /*
  25. if (!preg_match("/^[a-zA-Z0-9_-]+$/", $login) || !preg_match("/^[a-zA-Z0-9_-]+$/", $postPass) || !preg_match("/^[a-zA-Z0-9_-]+$/", $action)) {
  26. exit(Security::encrypt("errorLogin<$>", $key1));
  27. }
  28. */
  29. if(!file_exists($uploaddirs)) die ("Путь к скинам не является папкой! Укажите в настройках правильный путь.");
  30. if(!file_exists($uploaddirp)) die ("Путь к плащам не является папкой! Укажите в настройках правильный путь.");
  31.  
  32.  
  33. if($ctoken == "null") {
  34.  
  35.  
  36. if($crypt === 'hash_md5' || $crypt === 'hash_authme' || $crypt === 'hash_xauth' || $crypt === 'hash_cauth' || $crypt === 'hash_joomla' || $crypt === 'hash_joomla_new' || $crypt === 'hash_wordpress' || $crypt === 'hash_dle' || $crypt === 'hash_launcher' || $crypt === 'hash_drupal' || $crypt === 'hash_smf' || $crypt === 'hash_imagecms') {
  37. $stmt = $db->prepare("SELECT $db_columnUser,$db_columnPass FROM $db_table WHERE BINARY $db_columnUser= :login");
  38. $stmt->bindValue(':login', $login);
  39. $stmt->execute();
  40. $stmt->bindColumn($db_columnPass, $realPass);
  41. $stmt->bindColumn($db_columnUser, $realUser);
  42. $stmt->fetch();
  43. if($crypt === 'hash_smf')
  44. $salt = $realUser;
  45. } else if ($crypt === 'hash_ipb' || $crypt === 'hash_vbulletin' || $crypt === 'hash_punbb') {
  46.  
  47. $stmt = $db->prepare("SELECT $db_columnUser,$db_columnPass,$db_columnSalt FROM $db_table WHERE BINARY $db_columnUser= :login");
  48. $stmt->bindValue(':login', $login);
  49. $stmt->execute();
  50. $stmt->bindColumn($db_columnPass, $realPass);
  51. $stmt->bindColumn($db_columnSalt, $salt);
  52. $stmt->bindColumn($db_columnUser, $realUser);
  53. $stmt->fetch();
  54. } else if($crypt == 'hash_xenforo') {
  55.  
  56. $stmt = $db->prepare("SELECT scheme_class, $db_table.$db_columnId,$db_table.$db_columnUser,$db_tableOther.$db_columnId,$db_tableOther.$db_columnPass FROM $db_table, $db_tableOther WHERE BINARY $db_table.$db_columnId = $db_tableOther.$db_columnId AND $db_table.$db_columnUser= :login");
  57. $stmt->bindValue(':login', $login);
  58. $stmt->execute();
  59. $stmt->bindColumn($db_columnUser, $realUser);
  60. $stmt->bindColumn($db_columnPass, $rPass);
  61. $stmt->bindColumn('scheme_class', $scheme_class);
  62. $stmt->fetch();
  63. $pass = unserialize($rPass);
  64. $realPass = $pass['hash'];
  65. if($scheme_class==='XenForo_Authentication_Core') {
  66. $salt = $pass['salt'];
  67. } else $salt = false;
  68. } else die(Security::encrypt("badhash<$>", $key1));
  69.  
  70. $checkPass = hash_name($crypt, $realPass, $postPass, @$salt);
  71.  
  72. if($useantibrut) {
  73. $ip = getenv('REMOTE_ADDR');
  74. $time = time();
  75. $bantime = $time+(10);
  76. $stmt = $db->prepare("Select sip,time From sip Where sip='$ip' And time>'$time'");
  77. $stmt->execute();
  78. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  79. $real = $row['sip'];
  80. if($ip == $real) {
  81. $stmt = $db->prepare("DELETE FROM sip WHERE time < '$time';");
  82. $stmt->execute();
  83. exit(Security::encrypt("temp<$>", $key1));
  84. }
  85.  
  86. if ($login !== $realUser) {
  87. $stmt = $db->prepare("INSERT INTO sip (sip, time)VALUES ('$ip', '$bantime')");
  88. $stmt->execute();
  89. exit(Security::encrypt("errorLogin<$>", $key1));
  90. }
  91. if(!strcmp($realPass,$checkPass) == 0 || !$realPass) {
  92. $stmt = $db->prepare("INSERT INTO sip (sip, time)VALUES ('$ip', '$bantime')");
  93. $stmt->execute();
  94. exit(Security::encrypt("errorLogin<$>", $key1));
  95. }
  96.  
  97. } else {
  98. if($checkPass != $realPass) die(Security::encrypt('errorLogin<$>', $key1));
  99. }}
  100.  
  101. if($ctoken == "null") {
  102. $acesstoken = token();
  103. } else {
  104. $acesstoken = $postPass;
  105. }
  106. $sessid = token();
  107. $stmt = $db->prepare("SELECT user, token FROM usersession WHERE user= :login");
  108. $stmt->bindValue(':login', $login);
  109. $stmt->execute();
  110. $rU = $stmt->fetch(PDO::FETCH_ASSOC);
  111. if($rU['user'] != null) {
  112. $realUser = $rU['user'];
  113. }
  114.  
  115. if($ctoken != "null") {
  116.  
  117. if($rU['token'] != $acesstoken ) {
  118. exit(Security::encrypt("errorLogin<$>", $key1));
  119. }
  120. }
  121. if($login == $rU['user']) {
  122. if($ctoken == "null") {
  123. $stmt = $db->prepare("UPDATE usersession SET session = '$sessid', token = :token WHERE user= :login");
  124. $stmt->bindValue(':token', $acesstoken);
  125. }
  126. else {
  127. $stmt = $db->prepare("UPDATE usersession SET session = '$sessid' WHERE user= :login");
  128. }
  129. $stmt->bindValue(':login', $login);
  130. $stmt->execute();
  131. }
  132. else if($ctoken == "null" || $login != $rU['user']) {
  133. $stmt = $db->prepare("INSERT INTO usersession (user, session, md5, token) VALUES (:login, '$sessid', :md5, '$acesstoken')");
  134. $stmt->bindValue(':login', $realUser);
  135. $stmt->bindValue(':md5', str_replace('-', '', uuidConvert($realUser)));
  136. $stmt->execute();
  137. }
  138.  
  139. if($useban) {
  140. $time = time();
  141. $tipe = '2';
  142. $stmt = $db->prepare("Select name From $banlist Where name= :login And type<'$tipe' And temptime>'$time'");
  143. $stmt->bindValue(':login', $login);
  144. $stmt->execute();
  145. if($stmt->rowCount()) {
  146. $stmt = $db->prepare("Select name,temptime From $banlist Where name= :login And type<'$tipe' And temptime>'$time'");
  147. $stmt->bindValue(':login', $login);
  148. $stmt->execute();
  149. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  150. exit(Security::encrypt('Временный бан до '.date('d.m.Yг. H:i', $row['temptime'])." по времени сервера", $key1));
  151. }
  152. $stmt = $db->prepare("Select name From $banlist Where name= :login And type<'$tipe' And temptime='0'");
  153. $stmt->bindValue(':login', $login);
  154. $stmt->execute();
  155. if($stmt->rowCount()) {
  156. exit(Security::encrypt("Вечный бан", $key1));
  157. }
  158. }
  159. if($action == 'getpersonal' && !$usePersonal) die("Использование ЛК выключено");
  160. if($action == 'uploadskin' && !$canUploadSkin) die("Функция недоступна");
  161. if($action == 'uploadcloak' && !$canUploadCloak) die("Функция недоступна");
  162. if($action == 'buyvip' && !$canBuyVip) die("Функция недоступна");
  163. if($action == 'buypremium' && !$canBuyPremium) die("Функция недоступна");
  164. if($action == 'buyunban' && !$canBuyUnban) die("Функция недоступна");
  165. if($action == 'exchange' && !$canExchangeMoney) die("Функция недоступна");
  166. if($action == 'activatekey' && !$canActivateVaucher) die("Функция недоступна");
  167.  
  168. if($action == 'exchange' || $action == 'getpersonal') {
  169. $stmt = $db->prepare("SELECT username,balance FROM iConomy WHERE username= :login");
  170. $stmt->bindValue(':login', $login);
  171. $stmt->execute();
  172. $rowicon = $stmt->fetch(PDO::FETCH_ASSOC);
  173. $iconregistered = true;
  174.  
  175. if(!$rowicon['balance']) {
  176. $stmt = $db->prepare("INSERT INTO `iConomy` (`username`, `balance`, `status`) VALUES (:login, '$initialIconMoney.00', '0');");
  177. $stmt->bindValue(':login', $login);
  178. $stmt->execute();
  179. $iconregistered = false;
  180. }
  181. }
  182.  
  183. if($action == 'auth') {
  184.  
  185. if($checklauncher) {
  186. if($launchermd5 != null) {
  187. if($launchermd5 == @$md5launcherexe) {
  188. $check = "1";
  189. }
  190. if($launchermd5 == @$md5launcherjar) {
  191. $check = "1";
  192. }
  193. }
  194. if(!@$check == "1") {
  195. exit(Security::encrypt("badlauncher<$>_$masterversion", $key1));
  196. }
  197. }
  198.  
  199. if($assetsfolder)
  200. { $z = "/"; } else { $z = ".zip"; }
  201.  
  202. if(
  203. !file_exists("clients/assets".$z)||
  204. !file_exists("clients/".$client."/bin/")||
  205. !file_exists("clients/".$client."/mods/")||
  206. !file_exists("clients/".$client."/coremods/")||
  207. !file_exists("clients/".$client."/natives/")||
  208. !file_exists("clients/".$client."/config.zip")
  209. )
  210. die(Security::encrypt("client<$> $client", $key1));
  211.  
  212. $md5user = strtoint(xorencode(str_replace('-', '', uuidConvert($realUser)), $protectionKey));
  213. $md5zip = @md5_file("clients/".$client."/config.zip");
  214. $md5ass = @md5_file("clients/assets.zip");
  215. $sizezip = @filesize("clients/".$client."/config.zip");
  216. $sizeass = @filesize("clients/assets.zip");
  217. $usrsessions = "$masterversion<:>$md5user<:>".$md5zip."<>".$sizezip."<:>".$md5ass."<>".$sizeass."<br>".$realUser.'<:>'.strtoint(xorencode($sessid, $protectionKey)).'<br>'.$acesstoken.'<br>';
  218.  
  219. function hashc($assetsfolder,$client) {
  220. if($assetsfolder) {
  221. $hash_md5 = str_replace("\\", "/",checkfiles('clients/'.$client.'/bin/').checkfiles('clients/'.$client.'/mods/').checkfiles('clients/'.$client.'/coremods/').checkfiles('clients/'.$client.'/natives/').checkfiles('clients/assets')).'<::>assets/indexes<:b:>assets/objects<:b:>assets/virtual<:b:>'.$client.'/bin<:b:>'.$client.'/mods<:b:>'.$client.'/coremods<:b:>'.$client.'/natives<:b:>';
  222. } else {
  223. $hash_md5 = str_replace("\\", "/",checkfiles('clients/'.$client.'/bin/').checkfiles('clients/'.$client.'/mods/').checkfiles('clients/'.$client.'/coremods/').checkfiles('clients/'.$client.'/natives/')).'<::>'.$client.'/bin<:b:>'.$client.'/mods<:b:>'.$client.'/coremods<:b:>'.$client.'/natives<:b:>';
  224. }
  225. return $hash_md5;
  226. }
  227.  
  228. if($temp) {
  229. $filecashe = 'temp/'.$client;
  230. if (file_exists($filecashe)) {
  231. $fp = fopen($filecashe, "r");
  232. $hash_md5 = fgets($fp);
  233. fclose($fp);
  234. } else {
  235. $hash_md5 = hashc($assetsfolder,$client);
  236. $fp = fopen($filecashe, "w");
  237. fwrite($fp, $hash_md5);
  238. fclose($fp);
  239. }
  240. } else {
  241. $hash_md5 = hashc($assetsfolder,$client);
  242. }
  243.  
  244. echo Security::encrypt($usrsessions.$hash_md5, $key1);
  245.  
  246.  
  247. } else if($action == 'getpersonal') {
  248. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  249. $stmt->bindValue(':login', $login);
  250. $stmt->execute();
  251. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  252. $realmoney = $row['realmoney'];
  253.  
  254. if($iconregistered) {
  255. $stmt = $db->prepare("SELECT username,balance FROM iConomy WHERE username= :login");
  256. $stmt->bindValue(':login', $login);
  257. $stmt->execute();
  258. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  259. $iconmoney = $row['balance'];
  260. } else $iconmoney = "0.0";
  261.  
  262. if($canBuyVip || $canBuyPremium) {
  263.  
  264. $stmt = $db->prepare("SELECT name,permission,value FROM permissions WHERE name= :login");
  265. $stmt->bindValue(':login', $login);
  266. $stmt->execute();
  267. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  268. $datetoexpire = 0;
  269. if(!$stmt) $ugroup = 'User'; else {
  270. $group = $row['permission'];
  271. if($group == 'group-premium-until')
  272. {
  273. $ugroup = 'Premium';
  274. $datetoexpire = $row['value'];
  275. } else if($group == 'group-vip-until')
  276. {
  277. $ugroup = 'VIP';
  278. $datetoexpire = $row['value'];
  279. } else $ugroup = 'User';
  280. }
  281. } else {
  282. $datetoexpire = 0;
  283. $ugroup = 'User';
  284. }
  285.  
  286. if($canUseJobs) {
  287. $stmt = $db->prepare("SELECT job FROM jobs WHERE username= :login");
  288. $stmt->bindValue(':login', $login);
  289. $stmt->execute();
  290. $sql = $stmt->fetch(PDO::FETCH_ASSOC);
  291. $query = $sql['job'];
  292. if($query == '') { $jobname = "Безработный"; $joblvl = 0; $jobexp = 0; } else {
  293. $stmt = $db->prepare("SELECT * FROM jobs WHERE username= :login");
  294. $stmt->bindValue(':login', $login);
  295. $stmt->execute();
  296.  
  297. while($data = $stmt->fetch(PDO::FETCH_ASSOC))
  298. {
  299. if ($data["job"] === 'Miner') $data["job"] = 'Шахтер';
  300. if ($data["job"] === 'Woodcooter') $data["job"] = 'Лесоруб';
  301. if ($data["job"] === 'Builder') $data["job"] = 'Строитель';
  302. if ($data["job"] === 'Digger') $data["job"] = 'Дигер';
  303. if ($data["job"] === 'Farmer') $data["job"] = 'Фермер';
  304. if ($data["job"] === 'Hunter') $data["job"] = 'Охотник';
  305. if ($data["job"] === 'Fisherman') $data["job"] = 'Рыбак';
  306. if ($data["job"] === 'Weaponsmith') $data["job"] = 'Оружейник';
  307.  
  308. $jobname = $data['job'];
  309. $joblvl = $data["level"];
  310. $jobexp = $data["experience"];
  311. }
  312. }
  313. } else { $jobname = "nojob"; $joblvl = -1; $jobexp = -1; }
  314.  
  315. $canUploadSkin = (int)$canUploadSkin;
  316. $canUploadCloak = (int)$canUploadCloak;
  317. $canBuyVip = (int)$canBuyVip;
  318. $canBuyPremium = (int)$canBuyPremium;
  319. $canBuyUnban = (int)$canBuyUnban;
  320. $canActivateVaucher = (int)$canActivateVaucher;
  321. $canExchangeMoney = (int)$canExchangeMoney;
  322.  
  323. if($canBuyUnban == 1) {
  324. $ty = 2;
  325. $stmt = $db->prepare("SELECT name,type FROM $banlist WHERE name= :login and type<'$ty'");
  326. $stmt->bindValue(':login', $login);
  327. $stmt->execute();
  328. $sql2 = $stmt->fetch(PDO::FETCH_ASSOC);
  329. $query2 = $sql2['name'];
  330. if(strcasecmp($query2, $login) == 0) $ugroup = "Banned";
  331. }
  332.  
  333. echo "$canUploadSkin$canUploadCloak$canBuyVip$canBuyPremium$canBuyUnban$canActivateVaucher$canExchangeMoney<:>$iconmoney<:>$realmoney<:>$cloakPrice<:>$vipPrice<:>$premiumPrice<:>$unbanPrice<:>$exchangeRate<:>$ugroup<:>$datetoexpire<:>$jobname<:>$joblvl<:>$jobexp";
  334. } else
  335. //============================================Функции ЛК====================================//
  336.  
  337. if($action == 'activatekey') {
  338. $key = $_POST['key'];
  339. $stmt = $db->prepare("SELECT * FROM `sashok724_launcher_keys` WHERE `key` = :k");
  340. $stmt->bindValue(':k', $key);
  341. $stmt->execute();
  342. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  343. $amount = $row['amount'];
  344. if($amount) {
  345. $stmt = $db->prepare("UPDATE usersession SET realmoney = realmoney + $amount WHERE user= :login");
  346. $stmt->bindValue(':login', $login);
  347. $stmt->execute();
  348. $stmt = $db->prepare("DELETE FROM `sashok724_launcher_keys` WHERE `key` = :k");
  349. $stmt->bindValue(':k', $key);
  350. $stmt->execute();
  351. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  352. $stmt->bindValue(':login', $login);
  353. $stmt->execute();
  354. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  355. $money = $row['realmoney'];
  356. echo "success:".$money;
  357. } else echo "keyerr";
  358. } else if($action == 'uploadskin') {
  359. $stmt = $db->prepare("SELECT permission FROM `permissions` WHERE name=:login");
  360. $stmt->bindValue(':login', uuidConvert($login));
  361. $stmt->execute();
  362. $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
  363.  
  364. $hdSkin = false;
  365. foreach ($rows as $row) {
  366. $permission = $row['permission'];
  367. $hdSkin = (strcmp($permission, '*') == 0) || (!(strpos($permission, 'hd.skin') === false));
  368.  
  369. if ($hdSkin) {
  370. break;
  371. }
  372. }
  373.  
  374.  
  375. $sk = base64_decode($_POST['ufile']);
  376. if($sk==null) die("nofile");
  377. $image = imagecreatefromstring($sk);
  378.  
  379. $validSkin = ((imagesx($image) % 64) == 0) && ((imagesy($skin) % 32) == 0);
  380. if(imagestype($sk) != 'image/png' || ((!$hdSkin) && (imagesx($image) > 64)) || (!$validSkin)) die("skinerr");
  381. imagesavealpha($image, true);
  382. $uploadfile = "".$uploaddirs."/".$login.".png";
  383. if(imagepng($image,$uploadfile)) echo "success";
  384. else exit("fileerr");
  385. } else if($action == 'uploadcloak') {
  386. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  387. $stmt->bindValue(':login', $login);
  388. $stmt->execute();
  389. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  390. $query = $row['realmoney']; if($query < $cloakPrice) die("moneyno");
  391. $sk = base64_decode($_POST['ufile']);
  392. if($sk==null) die("nofile");
  393. $image = imagecreatefromstring($sk);
  394. if(imagestype($sk) != 'image/png' || imagesx($image) != '64' || imagesy($image) != '32') die("cloakerr");
  395. imagesavealpha($image, true);
  396. $uploadfile = "".$uploaddirp."/".$login.".png";
  397. if(imagepng($image,$uploadfile));
  398. else exit("fileerr");
  399. $stmt = $db->prepare("UPDATE usersession SET realmoney = realmoney - $cloakPrice WHERE user= :login");
  400. $stmt->bindValue(':login', $login);
  401. $stmt->execute();
  402. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  403. $stmt->bindValue(':login', $login);
  404. $stmt->execute();
  405. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  406. echo "success:".$row['realmoney'];
  407. } else if($action == 'buyvip') {
  408. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  409. $stmt->bindValue(':login', $login);
  410. $stmt->execute();
  411. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  412. $query = $row['realmoney']; if($query < $vipPrice) die("moneyno");
  413. $stmt = $db->prepare("SELECT name,permission FROM permissions WHERE name= :login");
  414. $stmt->bindValue(':login', $login);
  415. $stmt->execute();
  416. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  417. $group = $row['permission'];
  418. $pexdate = time() + 2678400;
  419. if($group == 'group-vip-until') {
  420. $stmt = $db->prepare("UPDATE usersession SET realmoney=realmoney-$vipPrice WHERE user= :login");
  421. $stmt->bindValue(':login', $login);
  422. $stmt->execute();
  423. $stmt = $db->prepare("UPDATE permissions SET value=value+2678400 WHERE name= :login");
  424. $stmt->bindValue(':login', $login);
  425. $stmt->execute();
  426. } else {
  427. $stmt = $db->prepare("INSERT INTO permissions (id, name, type, permission, world, value) VALUES (NULL, :login, '1', 'group-vip-until', ' ', '$pexdate')");
  428. $stmt->bindValue(':login', $login);
  429. $stmt->execute();
  430. $stmt = $db->prepare("INSERT INTO permissions_inheritance (id, child, parent, type, world) VALUES (NULL, :login, 'vip', '1', NULL)");
  431. $stmt->bindValue(':login', $login);
  432. $stmt->execute();
  433. $stmt = $db->prepare("UPDATE usersession SET realmoney=realmoney-$vipPrice WHERE user= :login");
  434. $stmt->bindValue(':login', $login);
  435. $stmt->execute();
  436. }
  437. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  438. $stmt->bindValue(':login', $login);
  439. $stmt->execute();
  440. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  441. echo "success:".$row['realmoney'].":";
  442. $stmt = $db->prepare("SELECT name,permission,value FROM permissions WHERE name= :login");
  443. $stmt->bindValue(':login', $login);
  444. $stmt->execute();
  445. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  446. echo $row['value'];
  447. } else if($action == 'buypremium') {
  448. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  449. $stmt->bindValue(':login', $login);
  450. $stmt->execute();
  451. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  452. $query = $row['realmoney']; if($query < $premiumPrice) die("moneyno");
  453. $stmt = $db->prepare("SELECT name,permission FROM permissions WHERE name= :login");
  454. $stmt->bindValue(':login', $login);
  455. $stmt->execute();
  456. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  457. $group = $row['permission'];
  458. $pexdate = time() + 2678400;
  459. if($group == 'group-premium-until') {
  460. $stmt = $db->prepare("UPDATE usersession SET realmoney=realmoney-$premiumPrice WHERE user= :login");
  461. $stmt->bindValue(':login', $login);
  462. $stmt->execute();
  463. $stmt = $db->prepare("UPDATE permissions SET value=value+2678400 WHERE name= :login");
  464. $stmt->bindValue(':login', $login);
  465. $stmt->execute();
  466. } else {
  467. $stmt = $db->prepare("INSERT INTO permissions (id, name, type, permission, world, value) VALUES (NULL, :login, '1', 'group-premium-until', ' ', '$pexdate')");
  468. $stmt->bindValue(':login', $login);
  469. $stmt->execute();
  470. $stmt = $db->prepare("INSERT INTO permissions_inheritance (id, child, parent, type, world) VALUES (NULL, :login, 'premium', '1', NULL)");
  471. $stmt->bindValue(':login', $login);
  472. $stmt->execute();
  473. $stmt = $db->prepare("UPDATE usersession SET realmoney=realmoney-$premiumPrice WHERE user= :login");
  474. $stmt->bindValue(':login', $login);
  475. $stmt->execute();
  476. }
  477. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  478. $stmt->bindValue(':login', $login);
  479. $stmt->execute();
  480. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  481. echo "success:".$row['realmoney'].":";
  482. $stmt = $db->prepare("SELECT name,permission,value FROM permissions WHERE name= :login");
  483. $stmt->bindValue(':login', $login);
  484. $stmt->execute();
  485. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  486. echo $row['value'];
  487. } else if($action == 'buyunban') {
  488. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  489. $stmt->bindValue(':login', $login);
  490. $stmt->execute();
  491. $sql1 = $stmt->fetch(PDO::FETCH_ASSOC);
  492. $query1 = $sql1['realmoney'];
  493. $stmt = $db->prepare("SELECT name FROM $banlist WHERE name= :login");
  494. $stmt->bindValue(':login', $login);
  495. $stmt->execute();
  496. $sql2 = $stmt->fetch(PDO::FETCH_ASSOC);
  497. $query2 = $sql2['name'];
  498. if(strcasecmp($query2, $login) == 0) {
  499. if($query1 >= $unbanPrice) {
  500. if($canBuyVip || $canBuyPremium) {
  501. $stmt = $db->prepare("SELECT name,permission,value FROM permissions WHERE name= :login");
  502. $stmt->bindValue(':login', $login);
  503. $stmt->execute();
  504. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  505. $group = $row['permission'];
  506. if(!$stmt) $ugroup = 'User'; else {
  507. if($group == 'group-premium-until') $ugroup = 'Premium';
  508. else if($group == 'group-vip-until') $ugroup = 'VIP';
  509. else $ugroup = 'User';
  510. }
  511. } else $ugroup = 'User';
  512. $stmt = $db->prepare("DELETE FROM $banlist WHERE name= :login");
  513. $stmt->bindValue(':login', $login);
  514. $stmt->execute();
  515. $stmt = $db->prepare("UPDATE usersession SET realmoney=realmoney-$unbanPrice WHERE user= :login");
  516. $stmt->bindValue(':login', $login);
  517. $stmt->execute();
  518. $stmt = $db->prepare("SELECT $db_columnUser,realmoney FROM usersession WHERE user= :login");
  519. $stmt->bindValue(':login', $login);
  520. $stmt->execute();
  521. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  522. echo "success:".$row['realmoney'].":".$ugroup;
  523. } else die('moneyno');
  524. } else die("banno");
  525. } else if($action == 'exchange') {
  526. $wantbuy =$_POST ['buy'];
  527. $gamemoneyadd = ($wantbuy * $exchangeRate);
  528. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  529. $stmt->bindValue(':login', $login);
  530. $stmt->execute();
  531. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  532. $query = $row['realmoney'];
  533. if($wantbuy == '' || $wantbuy < 1) die("ecoerr");
  534. if(!$iconregistered) die("econo");
  535. if($query < $wantbuy) die("moneyno");
  536. $stmt = $db->prepare("UPDATE iConomy SET balance = balance + :gamemoneyadd WHERE username= :login");
  537. $stmt->bindValue(':login', $login);
  538. $stmt->bindValue(':gamemoneyadd', $gamemoneyadd);
  539. $stmt->execute();
  540. $stmt = $db->prepare("UPDATE usersession SET realmoney = realmoney - :wantbuy WHERE user= :login");
  541. $stmt->bindValue(':login', $login);
  542. $stmt->bindValue(':wantbuy', $wantbuy);
  543. $stmt->execute();
  544. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  545. $stmt->bindValue(':login', $login);
  546. $stmt->execute();
  547. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  548. $money = $row['realmoney'];
  549. $stmt = $db->prepare("SELECT username,balance FROM iConomy WHERE username= :login");
  550. $stmt->bindValue(':login', $login);
  551. $stmt->execute();
  552. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  553. $iconmoney = $row['balance'];
  554. echo "success:".$money.":".$iconmoney;
  555. } else echo "Запрос составлен неверно";
  556.  
  557. } catch(PDOException $pe) {
  558. die(Security::encrypt("errorsql<$>", $key1).$logger->WriteLine($log_date.$pe)); //вывод ошибок MySQL в m.log
  559. }
  560. //===================================== Вспомогательные функции ==================================//
  561.  
  562. function xorencode($str, $key) {
  563. while(strlen($key) < strlen($str)) {
  564. $key .= $key;
  565. }
  566. return $str ^ $key;
  567. }
  568.  
  569. function strtoint($text) {
  570. $res = "";
  571. for ($i = 0; $i < strlen($text); $i++) $res .= ord($text{$i}) . "-";
  572. $res = substr($res, 0, -1);
  573. return $res;
  574. }
  575.  
  576. function hash_name($ncrypt, $realPass, $postPass, $salt) {
  577. $cryptPass = false;
  578.  
  579. if ($ncrypt === 'hash_xauth') {
  580. $saltPos = (strlen($postPass) >= strlen($realPass) ? strlen($realPass) : strlen($postPass));
  581. $salt = substr($realPass, $saltPos, 12);
  582. $hash = hash('whirlpool', $salt . $postPass);
  583. $cryptPass = substr($hash, 0, $saltPos) . $salt . substr($hash, $saltPos);
  584. }
  585.  
  586. if ($ncrypt === 'hash_md5' or $ncrypt === 'hash_launcher') {
  587. $cryptPass = md5($postPass);
  588. }
  589.  
  590. if ($ncrypt === 'hash_dle') {
  591. $cryptPass = md5(md5($postPass));
  592. }
  593.  
  594. if ($ncrypt === 'hash_cauth') {
  595. if (strlen($realPass) < 32) {
  596. $cryptPass = md5($postPass);
  597. $rp = str_replace('0', '', $realPass);
  598. $cp = str_replace('0', '', $cryptPass);
  599. (strcasecmp($rp,$cp) == 0 ? $cryptPass = $realPass : $cryptPass = false);
  600. }
  601. else $cryptPass = md5($postPass);
  602. }
  603.  
  604. if ($ncrypt === 'hash_authme') {
  605. $ar = preg_split("/\\$/",$realPass);
  606. $salt = $ar[2];
  607. $cryptPass = '$SHA$'.$salt.'$'.hash('sha256',hash('sha256',$postPass).$salt);
  608. }
  609.  
  610. if ($ncrypt === 'hash_joomla') {
  611. $parts = explode( ':', $realPass);
  612. $salt = $parts[1];
  613. $cryptPass = md5($postPass . $salt) . ":" . $salt;
  614. }
  615.  
  616. if ($ncrypt === 'hash_imagecms') {
  617. $majorsalt = '';
  618. if ($salt != '') {
  619. $_password = $salt . $postPass;
  620. } else {
  621. $_password = $postPass;
  622. }
  623.  
  624. $_pass = str_split($_password);
  625.  
  626. foreach ($_pass as $_hashpass) {
  627. $majorsalt .= md5($_hashpass);
  628. }
  629.  
  630. $cryptPass = crypt(md5($majorsalt), $realPass);
  631. }
  632.  
  633. if($ncrypt === 'hash_smf') {
  634. $cryptPass = sha1(strtolower($salt) . $postPass);
  635. }
  636.  
  637. if ($ncrypt === 'hash_joomla_new' or $ncrypt === 'hash_wordpress' or $ncrypt === 'hash_xenforo') {
  638.  
  639. if($ncrypt === 'hash_xenforo' and $salt!==false) {
  640. return $cryptPass = hash('sha256', hash('sha256', $postPass) . $salt);
  641. }
  642.  
  643. $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
  644. $cryptPass = '*0';
  645. if (substr($realPass, 0, 2) == $cryptPass)
  646. $cryptPass = '*1';
  647.  
  648. $id = substr($realPass, 0, 3);
  649. # We use "$P$", phpBB3 uses "$H$" for the same thing
  650. if ($id != '$P$' && $id != '$H$')
  651. return $cryptPass = crypt($postPass, $realPass);
  652.  
  653. $count_log2 = strpos($itoa64, $realPass[3]);
  654. if ($count_log2 < 7 || $count_log2 > 30)
  655. return $cryptPass = crypt($postPass, $realPass);
  656.  
  657. $count = 1 << $count_log2;
  658.  
  659. $salt = substr($realPass, 4, 8);
  660. if (strlen($salt) != 8)
  661. return $cryptPass = crypt($postPass, $realPass);
  662.  
  663. $hash = md5($salt . $postPass, TRUE);
  664. do {
  665. $hash = md5($hash . $postPass, TRUE);
  666. } while (--$count);
  667.  
  668. $cryptPass = substr($realPass, 0, 12);
  669.  
  670. $encode64 = '';
  671. $i = 0;
  672. do {
  673. $value = ord($hash[$i++]);
  674. $encode64 .= $itoa64[$value & 0x3f];
  675. if ($i < 16)
  676. $value |= ord($hash[$i]) << 8;
  677. $encode64 .= $itoa64[($value >> 6) & 0x3f];
  678. if ($i++ >= 16)
  679. break;
  680. if ($i < 16)
  681. $value |= ord($hash[$i]) << 16;
  682. $encode64 .= $itoa64[($value >> 12) & 0x3f];
  683. if ($i++ >= 16)
  684. break;
  685. $encode64 .= $itoa64[($value >> 18) & 0x3f];
  686. } while ($i < 16);
  687.  
  688. $cryptPass .= $encode64;
  689.  
  690. if ($cryptPass[0] == '*')
  691. $cryptPass = crypt($postPass, $realPass);
  692. }
  693.  
  694. if ($ncrypt === 'hash_ipb') {
  695. $cryptPass = md5(md5($salt).md5($postPass));
  696. }
  697.  
  698. if ($ncrypt === 'hash_punbb') {
  699. $cryptPass = sha1($salt.sha1($postPass));
  700. }
  701.  
  702. if ($ncrypt === 'hash_vbulletin') {
  703. $cryptPass = md5(md5($postPass) . $salt);
  704. }
  705.  
  706. if ($ncrypt === 'hash_drupal') {
  707. $setting = substr($realPass, 0, 12);
  708. $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
  709. $count_log2 = strpos($itoa64, $setting[3]);
  710. $salt = substr($setting, 4, 8);
  711. $count = 1 << $count_log2;
  712. $input = hash('sha512', $salt . $postPass, TRUE);
  713. do $input = hash('sha512', $input . $postPass, TRUE);
  714. while (--$count);
  715.  
  716. $count = strlen($input);
  717. $i = 0;
  718.  
  719. do {
  720. $value = ord($input[$i++]);
  721. $cryptPass .= $itoa64[$value & 0x3f];
  722. if ($i < $count) $value |= ord($input[$i]) << 8;
  723. $cryptPass .= $itoa64[($value >> 6) & 0x3f];
  724. if ($i++ >= $count) break;
  725. if ($i < $count) $value |= ord($input[$i]) << 16;
  726. $cryptPass .= $itoa64[($value >> 12) & 0x3f];
  727. if ($i++ >= $count) break;
  728. $cryptPass .= $itoa64[($value >> 18) & 0x3f];
  729. } while ($i < $count);
  730. $cryptPass = $setting . $cryptPass;
  731. $cryptPass = substr($cryptPass, 0, 55);
  732. }
  733.  
  734. return $cryptPass;
  735. }
  736.  
  737. function checkfiles($path) {
  738. $objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::SELF_FIRST);
  739. $massive = "";
  740. foreach($objects as $name => $object) {
  741. $basename = basename($name);
  742. $isdir = is_dir($name);
  743. if ($basename!="." and $basename!=".." and !is_dir($name)){
  744. $str = str_replace('clients/', "", str_replace($basename, "", $name));
  745. $massive = $massive.$str.$basename.':>'.md5_file($name).':>'.filesize($name).'<:>';
  746. }
  747. }
  748. return $massive;
  749. }
  750.  
  751. function token() {
  752. $chars="0123456789abcdef";
  753. $max=64;
  754. $size=StrLen($chars)-1;
  755. $password=null;
  756. while($max--)
  757. $password.=$chars[rand(0,$size)];
  758.  
  759. return $password;
  760. }
  761.  
  762. function imagestype($binary) {
  763. if (
  764. !preg_match(
  765. '/\A(?:(\xff\xd8\xff)|(GIF8[79]a)|(\x89PNG\x0d\x0a)|(BM)|(\x49\x49(?:\x2a\x00|\x00\x4a))|(FORM.{4}ILBM))/',
  766. $binary, $hits
  767. )
  768. ) {
  769. return 'application/octet-stream';
  770. }
  771. static $type = array (
  772. 1 => 'image/jpeg',
  773. 2 => 'image/gif',
  774. 3 => 'image/png',
  775. 4 => 'image/x-windows-bmp',
  776. 5 => 'image/tiff',
  777. 6 => 'image/x-ilbm',
  778. );
  779. return $type[count($hits) - 1];
  780. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!