<?php $licence = substr(base64_decode($_POST["licence"]), 0, -8); $hwid

1. <?php
2. $licence = substr(base64_decode($_POST["licence"]), 0, -8);
3. $hwid = substr(base64_decode($_POST["hwid"]), 0, -8);
4.  
5. $db_user = "u155468569_admin";
6. $db_name = "u155468569_kappa";
7. $db_host = "mysql.hostinger.co.uk";
8. $db_pass = "11233240";
9.  
10. if (isset($licence) == false) {
11. echo("bad");
12. return;
13. }
14. if (isBadInput($licence) or isBadInput($hwid)) {
15. echo("bad");
16. return;
17. }
18.  
19. if (checkAuth()) {
20. echo("ok");
21. } else {
22. echo("bad");
23. }
24. return;
25.  
26. function checkAuth() {
27. if (checkLic()) {
28. if (needNewHWID()) {
29. setHwid();
30. return true;
31. }
32. if (checkHwid()) {
33. return true;
34. }
35. }
36. return false;
37. }
38.  
39. function checkLic() {
40. // Create connection
41. $conn = new mysqli($db_name, $db_user, $db_pass, $db_name);
42.  
43. // Check connection
44. if ($conn->connect_error) {
45. die("Connection failed: " . $conn->connect_error);
46. }
47.  
48. if ($verify = $conn->prepare("SELECT * FROM users WHERE licence=?")) {
49. $verify->bind_param('s', $licence);
50. $verify->execute();
51.  
52. $result = $verify->get_result();
53.  
54. if ($result->num_rows > 0) {
55. while ($row = $result->fetch_assoc()) {
56. if ($row["licence"] == $licence) {
57. return true;
58. }
59. }
60. }
61. }
62.  
63. $conn->close();
64. return false;
65. }
66. function checkHwid() {
67. // Create connection
68. $conn = new mysqli($db_name, $db_user, $db_pass, $db_name);
69.  
70. // Check connection
71. if ($conn->connect_error) {
72. die("Connection failed: " . $conn->connect_error);
73. }
74.  
75. if ($verify = $conn->prepare("SELECT hwid FROM users WHERE hwid=?")) {
76.  
77. $verify->bind_param('s', $hwid);
78. $verify->execute();
79.  
80. $result = $verify->get_result();
81.  
82. if ($result->num_rows > 0) {
83. while ($row = $result->fetch_assoc()) {
84. if ($row["hwid"] == $hwid) {
85. return true;
86. }
87. }
88. }
89. }
90. $conn->close();
91. return false;
92. }
93. function setHWID() {
94. // Create connection
95. $conn = new mysqli($db_name, $db_user, $db_pass, $db_name);
96.  
97. // Check connection
98. if ($conn->connect_error) {
99. die("Connection failed: " . $conn->connect_error);
100. }
101. if ($verify = $conn->prepare("UPDATE users SET hwid = ? WHERE licence=?")) {
102. if (isset($verify) == false) {
103. $conn->close();
104. return false;
105. }
106.  
107. $verify->bind_param('ss', $hwid, $licence);
108. $verify->execute();
109. }
110.  
111. $conn->close();
112. }
113.  
114. function needNewHWID() {
115. // Create connection
116. $conn = new mysqli($db_name, $db_user, $db_pass, $db_name);
117.  
118. // Check connection
119. if ($conn->connect_error) {
120. die("Connection failed: " . $conn->connect_error);
121. }
122.  
123. if ($verify = $conn->prepare("SELECT hwid FROM users WHERE licence=?")) {
124. $verify->bind_param('s', $licence);
125. $verify->execute();
126.  
127. $result = $verify->get_result();
128.  
129. if ($result->num_rows > 0) {
130. while ($row = $result->fetch_assoc()) {
131. if ($row["hwid"] == "notset") {
132. return true;
133. }
134. }
135. }
136. }
137.  
138. $conn->close();
139. return false;
140. }
141.  
142. function isBadInput() {
143. if (strlen($input) > 30) {
144. return true;
145. }
146. if (strpos(strtolower($input), 'where') !== false or
147. strpos(strtolower($input), 'insert into') !== false or
148. strpos(strtolower($input), 'from') !== false or
149. strpos(strtolower($input), 'update') !== false or
150. strpos(strtolower($input), 'set') !== false) {
151. return true;
152. }
153. }
154. ?>