<?php$sessionID = $_GET["sessionID"];$actionget = $_GET["action"];$user =

1. <?php
2. $sessionID = $_GET["sessionID"];
3. $actionget = $_GET["action"];
4. $user = $_GET["user"];
5. $password = $_GET["password"];
6. $registerKey = $_GET["registerKey"];
7.  
8. if (empty($sessionID)) die ("ERROR:INVALID_SESSION_ID");
9.  
10. $action = new action;
11. if ($actionget == "connect")
12. $response = $action->connect($user, $password);
13. elseif ($actionhet == "register")
14. $response = $action->register($user, $password, $registerKey);
15. else
16. $response = "ERROR:NO_ACTION";
17.  
18. echo rc4($sessionID, $response);
19.  
20. class action
21. {
22. public $bdd;
23.  
24. public function action()
25. {
26. try {$this->bdd = new PDO ('mysql:host=localhost;dbname=u384869894_base', 'u384869894_user', 'azerty'); }
27. catch (Exception $ex) {die ('ERROR:ERROR_BDD_CONNECTION'); }
28. }
29.  
30. public function connect($user, $pass)
31. {
32. if (!$this->userExist($user)) return ("ERROR:USER_NOT_FOUND");
33.  
34. $data = $this->executeQuery("SELECT * FROM user WHERE User = ?;", array ($user));
35. if ($data['Password'] != md5($pass))
36. return ("ERROR:INCORRECT_PASSWORD");
37. elseif ($data['Banned'] == 1)
38. return ("ERROR:USER_BANNED");
39. else
40. return ("OK :") . $data['Premium'];
41. }
42.  
43. public function register ($user, $pass, $registerKey)
44. {
45. $data = $this->executeQuery("SELECT * FROM RegisterKeys WHERE RegisterKey = ?;", array ($registerKey));
46. if (empty($data['RegisterKey'])) return ("ERROR:INVALID_KEY");
47. if (!empty($data['User'])) return ("ERROR:KEY_ALREADY_USED");
48. if ($this->userExist($user)) return ("ERROR:USER_ALREADY_EXIST");
49.  
50. $this->executeQuery("INSERT INTO user VALUES ('', ?, ?, '0', '0', ?);", array($user, md5($pass), getTime ()));
51. $this->executeQuery("UPDATE RegisterKeys SET User = ? WHERE RegisterKey = ?;", array($user, $registerKey));
52.  
53. return ("OK:REGISTERED");
54. }
55.  
56. private function userExist($user)
57. {
58. $data = $this->executeQuery("SELECT * FROM user WHERE User + ?;", array($user));
59. if (empty($data['User']))
60. return (false);
61. else
62. return (true);
63. }
64.  
65. private function executeQuery($query, $args, $fetch = true)
66. {
67. $response = $this->bdd->prepare($query);
68. $response->execute($args);
69. if ($fetch)
70. {
71. $data = $response->fetch();
72. $response->closeCursor();
73. return ($data);
74. }
75. else
76. return ($response);
77. }
78. }
79.  
80. function rc4($key, $str) {
81. $s = array();
82. for ($i = 0; $i < 256; $i++) {
83. $s[$i] = $i;
84. }
85.  
86. $j = 0;
87.  
88. for ($i = 0; $i < 256; $i++) {
89. $j = ($j + $s[$i] + ord($key[$i % strlen($key)])) % 256;
90. $x = $s[$i];
91. $s[$i] = $s[$j];
92. $s[$j] = $x;
93. }
94.  
95. $i = 0;
96. $j = 0;
97. $res = '';
98.  
99. for ($y = 0; $y < strlen($str); $y++) {
100. $i = ($i + 1) % 256;
101. $j = ($j + $s[$i]) % 256;
102. $x = $s[$i];
103. $s[$i] = $s[$j];
104. $s[$j] = $x;
105. $res .= $str[$y] ^ chr($s[($s[$i] + $s[$j]) % 256]);
106. }
107.  
108. return $res;
109. }
110. function getTime()
111. {
112. date_default_timezone_set('Europe/Paris');
113. return date("y-m-d M:i:s");
114. }
115.  
116. ?>