API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 14th, 2017
93
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.26 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include('./anti_inject.php');
  3. $getuser = $_POST['user'];
  4.  
  5.  
  6. $dbname="blanked out";
  7. $dbuser="blanked out";
  8. $dbpass="blanked out";
  9. $msconnect=odbc_connect("$dbname","$dbuser","$dbpass");
  10. $dbname2="KN_online";
  11. $dbuser2="knight";
  12. $dbpass2="knight";
  13. $msconnect2=odbc_connect("$dbname2","$dbuser2","$dbpass2");
  14.  
  15.  
  16. $getclan=odbc_exec($msconnect2,"SELECT strcharid from currentuser where straccountid = '$getuser'");
  17.  
  18. while(odbc_fetch_row($getclan)) {
  19.  
  20. $char=odbc_result($getclan, 1);
  21.  
  22. }
  23.  
  24. $_SESSION['sesuser'] = $_SESSION['loggeduser'];
  25. include('./settings.php');
  26. include('./langs/' . $language . '.php');
  27.  
  28. if ($_GET['act'] == "logout") {
  29. unset($_SESSION['sesuser']);
  30. unset($_SESSION['sespw']);
  31. unset($_SESSION['sesadmin']);
  32. session_destroy();
  33.  
  34.  
  35.  
  36. echo "<script> self.location='index.php'; </script>";
  37. exit;
  38. }
  39.  
  40.  
  41.  
  42.  
  43. session_start();
  44.  
  45.  
  46. if (!isset($_SESSION['sesuser'])) {
  47.  
  48. print('
  49. <form action="" method=post>
  50. Name: <input type=text name=user value = "'.$getuser.'"><br>Password: <input type=password name=passw><br>
  51. <input type=submit value=Ok>
  52. </form>');
  53.  
  54. if (isset($_POST[passw])){
  55.  
  56. $msconnect2=odbc_connect("$dbname2","$dbuser2","$dbpass2");
  57. $postpass=test($_POST[passw]);
  58. $msquery="SELECT COUNT(strACcountID) FROM tb_user WHERE strACcountID = '$getuser' AND strPasswd = '$postpass'";
  59. $msresults=odbc_exec($msconnect2,$msquery) or die("error");
  60. odbc_fetch_row($msresults);
  61. if (odbc_result($msresults,1) > 0) {
  62. session_start();
  63. $_SESSION['sesuser']=$getuser;
  64. $_SESSION['sespw']=$postpass;
  65. $account = $_SESSION['sesuser'];
  66. }}
  67. }else{
  68. include('./pusconf.php');
  69.  
  70.  
  71. function alma($t){
  72. include('./pusconf.php');
  73.  
  74.  
  75. if(($_GET[site]=='2') and ($t<=$weaponscount[$_GET[page]-1])){ //ha weponsbutton és van jelenlegi index item
  76.  
  77.  
  78. print('
  79. <table border=0 cellspacing=0 cellpadding=0 width=100% height=100% background=pus/buttons/item.gif>
  80. <tr height=5><td width=18><td><td>
  81. <tr><td> <td rowspan=3 width=72 height=72><img src='.$weaponsicon[$_GET[page]-1][$t-1].' width=72 height=72>
  82.  
  83. <td valign=bottom> Price:'.$weaponsprice[$_GET[page]-1][$t-1].'
  84. <tr><td><td> Quantity:'.$weaponsquantity[$_GET[page]-1][$t-1].'
  85. <tr><td><td> <a href=# onclick="confirmation'.$t.'()"><img src=pus/buttons/buy.jpg border=0></a>
  86.  
  87. <script type="text/javascript">
  88. <!--
  89. function confirmation'.$t.'() {
  90. var answer = confirm("Are you sure u want buy this item? '.$char.' '.$weapons[$_GET[page]-1][$t-1].'")
  91. if (answer){
  92. window.location = "pus.php?site='.$_GET[site].'&page='.$_GET[page].'&buy='.$t.'";}}
  93. </script>
  94.  
  95.  
  96. <tr><td><td valign=top><a
  97. href=pus.php?site='.$_GET[site].'&page='.$_GET[page].'&info='.$t.'><img src=pus/buttons/info.jpg border=0></a><td>
  98. </table>');
  99.  
  100.  
  101. }
  102. elseif(($_GET[site]=='3') and ($t<=$armorscount[$_GET[page]-1])){
  103.  
  104.  
  105. print('
  106. <table border=0 cellspacing=0 cellpadding=0 width=100% height=100% background=pus/buttons/item.gif>
  107. <tr height=5><td width=18><td><td>
  108. <tr><td> <td rowspan=3 width=72 height=72><img src='.$armorsicon[$_GET[page]-1][$t-1].' width=72 height=72>
  109. <td valign=bottom> Price:'.$armorsprice[$_GET[page]-1][$t-1].'
  110. <tr><td><td> Quantity:'.$armorsquantity[$_GET[page]-1][$t-1].'
  111. <tr><td><td> <a href=# onclick="confirmation'.$t.'()"><img src=pus/buttons//buy.jpg border=0></a>
  112.  
  113. <script type="text/javascript">
  114. <!--
  115. function confirmation'.$t.'() {
  116. var answer = confirm("Are you sure u want buy this item? '.$armors[$_GET[page]-1][$t-1].'")
  117. if (answer){
  118. window.location = "pus.php?site='.$_GET[site].'&page='.$_GET[page].'&buy='.$t.'";}}
  119. </script>
  120.  
  121. <tr><td><td valign=top><a
  122. href=pus.php?site='.$_GET[site].'&page='.$_GET[page].'&info='.$t.'><img src=pus/buttons/info.jpg border=0></a><td>
  123. </table>');
  124.  
  125. }elseif(($_GET[site]=='4') and ($t<=$scrollscount[$_GET[page]-1])){
  126.  
  127. print('
  128. <table border=0 cellspacing=0 cellpadding=0 width=100% height=100% background=pus/buttons/item.gif>
  129. <tr height=5><td width=18><td><td>
  130. <tr><td> <td rowspan=3 width=72 height=72><img src='.$scrollsicon[$_GET[page]-1][$t-1].' width=72 height=72>
  131. <td valign=bottom> Price:'.$scrollsprice[$_GET[page]-1][$t-1].'
  132. <tr><td><td> Quantity:'.$scrollsquantity[$_GET[page]-1][$t-1].'
  133. <tr><td><td> <a href=# onclick="confirmation'.$t.'()"><img src=pus/buttons/buy.jpg border=0></a>
  134.  
  135. <script type="text/javascript">
  136. <!--
  137. function confirmation'.$t.'() {
  138. var answer = confirm("Are you sure u want buy this item? '.$scrolls[$_GET[page]-1][$t-1].'")
  139. if (answer){
  140. window.location = "pus.php?site='.$_GET[site].'&page='.$_GET[page].'&buy='.$t.'";}}
  141. </script>
  142.  
  143.  
  144. <tr><td><td valign=top><a
  145. href=pus.php?site='.$_GET[site].'&page='.$_GET[page].'&info='.$t.'><img src=pus/buttons/info.jpg border=0></a><td>
  146. </table>');
  147.  
  148. }elseif(($_GET[site]=='5') and ($t<=$otherscount[$_GET[page]-1])){
  149.  
  150. print('
  151. <table border=0 cellspacing=0 cellpadding=0 width=100% height=100% background=pus/buttons/item.gif>
  152. <tr height=5><td width=18><td><td>
  153. <tr><td> <td rowspan=3 width=72 height=72><img src='.$othersicon[$_GET[page]-1][$t-1].' width=72 height=72>
  154. <td valign=bottom> Price:'.$othersprice[$_GET[page]-1][$t-1].'
  155. <tr><td><td> Quantity:'.$othersquantity[$_GET[page]-1][$t-1].'
  156. <tr><td><td> <a href=# onclick="confirmation'.$t.'()"><img src=pus/buttons//buy.jpg border=0></a>
  157.  
  158. <script type="text/javascript">
  159. <!--
  160. function confirmation'.$t.'() {
  161. var answer = confirm("Are you sure u want buy this item? '.$others[$_GET[page]-1][$t-1].'")
  162. if (answer){
  163. window.location = "pus.php?site='.$_GET[site].'&page='.$_GET[page].'&buy='.$t.'";}}
  164. </script>
  165.  
  166.  
  167. <tr><td><td valign=top><a
  168. href=pus.php?site='.$_GET[site].'&page='.$_GET[page].'&info='.$t.'><img src=pus/buttons/info.jpg border=0></a><td>
  169. </table>');
  170.  
  171. }
  172.  
  173. }//func vége
  174.  
  175.  
  176.  
  177.  
  178. if (isset($_GET[buy])){
  179. $msconnect2=odbc_connect("$dbname2","$dbuser2","$dbpass2");
  180. $getclan=odbc_exec($msconnect2,"SELECT strcharid from currentuser where straccountid = '".$_SESSION['sesuser']."'");
  181.  
  182. while(odbc_fetch_row($getclan)) {
  183.  
  184. $char=odbc_result($getclan, 1);
  185. }
  186.  
  187.  
  188.  
  189. $msconnect=odbc_connect("$dbname","$dbuser","$dbpass");//és session
  190.  
  191. $msteste11="select kc from tb_user where strAccountID = '".$_SESSION['sesuser']."'";
  192.  
  193. $result2=odbc_exec($msconnect2,$msteste11) or die("error");
  194. while (odbc_fetch_row($result2))
  195. {
  196. $points2 = odbc_result($result2, 1);
  197.  
  198. }
  199.  
  200. $msconnect=odbc_connect("$dbname","$dbuser","$dbpass");//és session
  201.  
  202.  
  203. $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
  204. {
  205. if($_GET[site]=='2'){
  206.  
  207. if($points2>=$weaponsprice[$_GET[page]-1][$_GET[buy]-1]){
  208. $msconnect2=odbc_connect("$dbname2","$dbuser2","$dbpass2");
  209. $getclan=odbc_exec($msconnect2,"SELECT strcharid from currentuser where straccountid = '".$_SESSION['sesuser']."'");
  210.  
  211. while(odbc_fetch_row($getclan)) {
  212.  
  213. $char=odbc_result($getclan, 1);
  214. }
  215.  
  216. $rrrtt=$points2-$weaponsprice[$_GET[page]-1][$_GET[buy]-1];
  217. $cucc="update tb_user set kc='".$rrrtt."' where strAccountID = '".$_SESSION['sesuser']."'";
  218. $cucc2="insert into WEB_ITEMMALL(straccountid,strcharid, serverno, itemid, itemcount, buytime) values ('".$_SESSION['sesuser']."','".$char."','15001', '".$weaponsid[$_GET[page]-1][$_GET[buy]-1]."', '1',Getdate()) ";
  219. $cucc3="insert into purchases (straccountid, dwid,stritemname, beginkc, endkc, itemprice,ip) values ('".$_SESSION['sesuser']."','".$weaponsid[$_GET[page]-1][$_GET[buy]-1]."','".$weapons[$_GET[page]-1][$_GET[buy]-1]."', '$points2', '$rrrtt', '".$weaponsprice[$_GET[page]-1][$_GET[buy]-1]."','$ip') ";
  220. }
  221. }
  222.  
  223. elseif($_GET[site]=='3'){
  224. if($points2>=$armorsprice[$_GET[page]-1][$_GET[buy]-1]){
  225. $rrrtt=$points2-$armorsprice[$_GET[page]-1][$_GET[buy]-1];
  226. $cucc="update tb_user set kc='".$rrrtt."' where strAccountID = '".$_SESSION['sesuser']."'";
  227. $cucc2="insert into WEB_ITEMMALL(straccountid,strcharid, serverno, itemid, itemcount, buytime) values ('".$_SESSION['sesuser']."','".$char."','15001', '".$armorsid[$_GET[page]-1][$_GET[buy]-1]."', '1',Getdate()) ";
  228. $cucc3="insert into purchases (straccountid, dwid,stritemname, beginkc, endkc, itemprice,ip) values ('".$_SESSION['sesuser']."','".$armorssid[$_GET[page]-1][$_GET[buy]-1]."','".$armors[$_GET[page]-1][$_GET[buy]-1]."', '$points2', '$rrrtt', '".$armorsprice[$_GET[page]-1][$_GET[buy]-1]."','$ip') ";
  229. }
  230. }
  231.  
  232.  
  233. elseif($_GET[site]=='4'){
  234. if ($points2>=$scrollsprice[$_GET[page]-1][$_GET[buy]-1]){
  235. $rrrtt=$points2-$scrollsprice[$_GET[page]-1][$_GET[buy]-1];
  236. $cucc="update tb_user set kc='".$rrrtt."' where strAccountID = '".$_SESSION['sesuser']."'";
  237. $cucc2="insert into WEB_ITEMMALL(straccountid,strcharid, serverno, itemid, itemcount, buytime) values ('".$_SESSION['sesuser']."','".$char."','15001', '".$scrollsid[$_GET[page]-1][$_GET[buy]-1]."', '1',Getdate()) ";
  238. $cucc3="insert into purchases (straccountid, dwid,stritemname, beginkc, endkc, itemprice, ip) values ('".$_SESSION['sesuser']."','".$scrollsid[$_GET[page]-1][$_GET[buy]-1]."','".$scrolls[$_GET[page]-1][$_GET[buy]-1]."','$points2', '$rrrtt', '".$scrollsprice[$_GET[page]-1][$_GET[buy]-1]."', '$ip') ";
  239. }
  240. }
  241.  
  242.  
  243. elseif($_GET[site]=='5'){
  244. if ($points2>=$othersprice[$_GET[page]-1][$_GET[buy]-1]){
  245. $rrrtt=$points2-$othersprice[$_GET[page]-1][$_GET[buy]-1];
  246. $cucc="update tb_user set kc='".$rrrtt."' where strAccountID = '".$_SESSION['sesuser']."'";
  247. $cucc2="insert into WEB_ITEMMALL(straccountid,strcharid, serverno, itemid, itemcount, buytime) values ('".$_SESSION['sesuser']."','".$char."','15001', '".$othersid[$_GET[page]-1][$_GET[buy]-1]."', '1',Getdate()) ";
  248. $cucc3="insert into purchases (straccountid, dwid,stritemname, beginkc, endkc, itemprice,ip) values ('".$_SESSION['sesuser']."','".$othersid[$_GET[page]-1][$_GET[buy]-1]."','".$others[$_GET[page]-1][$_GET[buy]-1]."', '$points2', '$rrrtt', '".$othersprice[$_GET[page]-1][$_GET[buy]-1]."','$ip') ";
  249. }
  250. }
  251. }
  252. odbc_exec($msconnect2,$cucc) or die(odbc_error());
  253. odbc_exec($msconnect,$cucc2) or die(odbc_error());
  254. odbc_exec($msconnect,$cucc3) or die(odbc_error());
  255.  
  256.  
  257. $time=date('Y-m-d | g:i a');
  258. $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
  259.  
  260.  
  261. $filename = "puslog.html";
  262. $fp = fopen($filename, "a") or die("Couldn’t open $filename");
  263.  
  264. fwrite($fp,'['.$time.']['.$_SESSION['sesuser'].']['.$ip.']['.$_GET[page].']['.$_GET[buy].']<br>');
  265. fclose($fp);
  266.  
  267.  
  268.  
  269.  
  270.  
  271. }
  272.  
  273. echo"
  274. <script>
  275. function closethis(){
  276. }
  277. </script>
  278. <body background=pus/buttons//bg.jpg leftmargin=0 topmargin=0>
  279. <table border=0 height=100% width=100% cellspacing=0 cellpadding=0>
  280. <tr height=40><td width=48> <td width=625> <td align=right><a href=# onclick=closethis()><img src=pus/buttons//close.jpg border=0></a>
  281. <tr height=40><td width=48> <td width=625> <td align=right><a href=pus.php?site=1><img src=pus/buttons//21.jpg border=0 name=pic1 onmouseover=\"pic1.src='pus/buttons//21.jpg'\" onmouseout=\"pic1.src='pus/buttons//11.jpg'\"></a>
  282. <tr height=73><td width=48> <td width=625> <td align=right>
  283. <tr height=30><td colspan=2>
  284. <a href=pus.php?site=1><img src=pus/buttons//1.jpg border=0></a><a href=pus.php?site=2&page=1><img src=pus/buttons//2.jpg border=0></a><a href=pus.php?site=3&page=1><img src=pus/buttons//3.jpg border=0></a><a href=pus.php?site=4&page=1><img src=pus/buttons//4.jpg border=0></a><a href=pus.php?site=5&page=1><img src=pus/buttons//5.jpg border=0 ></a>
  285. <td>
  286. <tr height=30><td width=48> <td width=625> <td align=right>
  287. <tr height=485><td> <td>";
  288.  
  289.  
  290. /*##############################################*/
  291. if (($_GET[site]=='2') or ($_GET[site]=='3') or ($_GET[site]=='4') or ($_GET[site]=='5')){
  292.  
  293. print('<table border=0 height=100% width=100% cellspacing=0 cellpadding=0>
  294. <tr height=144>
  295. <td width=205>'); alma(1);
  296. print('
  297. <td width=5>
  298. <td width=205>'); alma(2);
  299. print('
  300. <td width=5>
  301. <td width=205>'); alma(3);
  302. print('
  303.  
  304. <tr height=3><td colspan=5>
  305.  
  306. <tr height=144>
  307. <td width=205>'); alma(4);
  308. print('
  309. <td>
  310. <td width=205>'); alma(5);
  311. print('
  312. <td>
  313. <td width=205>'); alma(6);
  314. print('
  315.  
  316. <tr height=3><td colspan=5>
  317.  
  318. <tr height=144>
  319. <td width=205>'); alma(7);
  320. print('
  321. <td>
  322. <td width=205>'); alma(8);
  323. print('
  324. <td>
  325. <td width=205>'); alma(9);
  326. print('
  327.  
  328. <tr><td>
  329. <td><td>
  330. <td>
  331. <td>
  332. </table>');}elseif($_GET[site]=='1'){
  333. print('<table border=0 height=100% width=100% cellspacing=0 cellpadding=0><tr height=299><td width=631 background=pus/buttons//tbbg.gif>
  334. <center>
  335. Logged in as '.$_SESSION['sesuser'].'<br>
  336. <div align="center"><a href="pus.php?act=logout">Logout</a></div><BR>
  337. </form>
  338.  
  339. <td> <tr><td> <td> </table>');
  340. }
  341. /*##############################################*/
  342. print('
  343.  
  344.  
  345. <td>
  346.  
  347.  
  348.  
  349.  
  350. <table border=0 cellspacing=0 cellpadding=0 width=100% height=100%>
  351. <tr height=72><td width=70><td align=center>');
  352.  
  353. /*elseif kezdöoldal proc tbbg*/
  354.  
  355. if (isset($_GET[info])){
  356.  
  357. if($_GET[site]=='2'){
  358.  
  359. print('<img src='.$weaponsicon[$_GET[page]-1][$_GET[info]-1].' width=72 height=72><td width=55>
  360. <tr><td><td valign=top>');
  361. }elseif($_GET[site]=='3'){
  362. print('<img src='.$armorsicon[$_GET[page]-1][$_GET[info]-1].' width=72 height=72><td width=55>
  363. <tr><td><td valign=top>');
  364. }elseif($_GET[site]=='4'){
  365. print('<img src='.$scrollsicon[$_GET[page]-1][$_GET[info]-1].' width=72 height=72><td width=55>
  366. <tr><td><td valign=top>');
  367. }elseif($_GET[site]=='5'){
  368. print('<img src='.$othersicon[$_GET[page]-1][$_GET[info]-1].' width=72 height=72><td width=55>
  369. <tr><td><td valign=top>');
  370.  
  371. }}
  372.  
  373. else{print(' <td width=55>
  374. <tr><td><td valign=top> <td>');}
  375.  
  376.  
  377.  
  378. if (isset($_GET[info])){
  379.  
  380. if($_GET[site]=='2'){
  381. print('<font color=yellow>'.$weapons[$_GET[page]-1][$_GET[info]-1].'<BR>'.$weaponsinfo[$_GET[page]-1][$_GET[info]-1].'<td>');
  382. }elseif($_GET[site]=='3'){
  383.  
  384. print('<font color=yellow>'.$armors[$_GET[page]-1][$_GET[info]-1].'<BR>'.$armorsinfo[$_GET[page]-1][$_GET[info]-1].'<td>');
  385. }elseif($_GET[site]=='4'){
  386.  
  387. print('<font color=yellow>'.$scrolls[$_GET[page]-1][$_GET[info]-1].'<BR>'.$scrollsinfo[$_GET[page]-1][$_GET[info]-1].'<td>');
  388. }elseif($_GET[site]=='5'){
  389. print('<font color=yellow>'.$others[$_GET[page]-1][$_GET[info]-1].'<BR>'.$othersinfo[$_GET[page]-1][$_GET[info]-1].'<td>');}
  390.  
  391. }
  392.  
  393.  
  394.  
  395. $msteste1="select kc from tb_user where strAccountID = '".$_SESSION['sesuser']."'";
  396. $result=odbc_exec($msconnect2,$msteste1) or die("error");
  397. while (odbc_fetch_row($result))
  398. {
  399. $points = odbc_result($result, 1);
  400.  
  401. }
  402.  
  403. print('<tr height=32><td><td align=right><font color=yellow>'.$points);
  404. print('
  405.  
  406. </font><td>
  407. </table>
  408. <tr><td width=48> <td width=625 align=center valign=top>
  409. ');
  410.  
  411. if($_GET[site]=='2'){
  412.  
  413. for($i=1;$i<$weaponspagecount+1;$i++){
  414. print('<a href=pus.php?site='.$_GET[site].'&page='.$i.'>'.$i.'</a> ');}
  415. }elseif($_GET[site]=='3'){
  416. for($i=1;$i<$armorspagecount+1;$i++){
  417. print('<a href=pus.php?site='.$_GET[site].'&page='.$i.'>'.$i.'</a> ');}
  418. }elseif($_GET[site]=='4'){
  419. for($i=1;$i<$scrollspagecount+1;$i++){
  420. print('<a href=pus.php?site='.$_GET[site].'&page='.$i.'>'.$i.'</a> ');}
  421. }elseif($_GET[site]=='5'){
  422. for($i=1;$i<$otherspagecount+1;$i++){
  423. print('<a href=pus.php?site='.$_GET[site].'&page='.$i.'>'.$i.'</a> ');}
  424. }
  425.  
  426.  
  427. print('
  428. <td align=center valign=top><font color=yellow> &nbsp</font>
  429.  
  430. </table>');
  431.  
  432. }
  433.  
  434.  
  435.  
  436.  
  437. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!