API tools faq
paste
Advertisement
Guest User

Ioncube9 decode - decube.xyz

a guest
Jun 9th, 2017
358
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.69 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*decoded decube.xyz*/
  3. session_start();
  4. error_reporting(30719);
  5. header("Content-type: text/html; charset=windows-1251");
  6.  
  7. if (!DEFINED("ROOT_DIR")) {
  8. DEFINE("ROOT_DIR", $_SERVER["DOCUMENT_ROOT"]);
  9. }
  10.  
  11. sleep(0);
  12. $json_result = array();
  13. $json_result["result"] = "";
  14. $json_result["message"] = "";
  15.  
  16. $ajax_json = (isset($_SERVER["HTTP_ACCEPT"]) && (strpos($_SERVER["HTTP_ACCEPT"], "application/json") !== false) ? "json" : "nojson");
  17.  
  18. if (isset($_SERVER["HTTP_X_REQUESTED_WITH"]) && ($_SERVER["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest")) {
  19. function json_encode_cp1251($json_arr)
  20. {
  21. $json_arr = json_encode($json_arr);
  22. $arr_replace_cyr = array("\u0410", "\u0430", "\u0411", "\u0431", "\u0412", "\u0432", "\u0413", "\u0433", "\u0414", "\u0434", "\u0415", "\u0435", "\u0401", "\u0451", "\u0416", "\u0436", "\u0417", "\u0437", "\u0418", "\u0438", "\u0419", "\u0439", "\u041a", "\u043a", "\u041b", "\u043b", "\u041c", "\u043c", "\u041d", "\u043d", "\u041e", "\u043e", "\u041f", "\u043f", "\u0420", "\u0440", "\u0421", "\u0441", "\u0422", "\u0442", "\u0423", "\u0443", "\u0424", "\u0444", "\u0425", "\u0445", "\u0426", "\u0446", "\u0427", "\u0447", "\u0428", "\u0448", "\u0429", "\u0449", "\u042a", "\u044a", "\u042d", "\u044b", "\u042c", "\u044c", "\u042d", "\u044d", "\u042e", "\u044e", "\u042f", "\u044f");
  23. $arr_replace_utf = array("А", "а", "Б", "б", "В", "в", "Г", "г", "Д", "д", "Е", "е", "Ё", "ё", "Ж", "ж", "З", "з", "И", "и", "Й", "й", "К", "к", "Л", "л", "М", "м", "Н", "н", "О", "о", "П", "п", "Р", "р", "С", "с", "Т", "т", "У", "у", "Ф", "ф", "Х", "х", "Ц", "ц", "Ч", "ч", "Ш", "ш", "Щ", "щ", "Ъ", "ъ", "Ы", "ы", "Ь", "ь", "Э", "э", "Ю", "ю", "Я", "я");
  24. $json_arr = str_replace($arr_replace_cyr, $arr_replace_utf, $json_arr);
  25. return $json_arr;
  26. }
  27. function myErrorHandler($errno, $errstr, $errfile, $errline, $js_result)
  28. {
  29. $ajax_json = (isset($_SERVER["HTTP_ACCEPT"]) && (strpos($_SERVER["HTTP_ACCEPT"], "application/json") !== false) ? "json" : "nojson");
  30. $message_text = false;
  31. $errfile = str_replace($_SERVER["DOCUMENT_ROOT"], "", $errfile);
  32.  
  33. switch ($errno) {
  34. case 1:
  35. $message_text = "Fatal error[$errno]: $errstr in line $errline in $errfile";
  36. break;
  37.  
  38. case 2:
  39. $message_text = "Warning[$errno]: $errstr in line $errline in $errfile";
  40. break;
  41.  
  42. case 8:
  43. $message_text = "Notice[$errno]: $errstr in line $errline in $errfile";
  44. break;
  45.  
  46. $message_text = "[$errno] $errstr in line $errline in $errfile";
  47. break;
  48. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  49. }
  50. }
  51. require (ROOT_DIR . "/config.php");
  52. require_once (ROOT_DIR . "/funciones.php");
  53. require_once (ROOT_DIR . "/recaptcha/config_recaptcha.php");
  54. require_once (ROOT_DIR . "/recaptcha/lib/autoload.php");
  55. $laip = getRealIP();
  56. $set_error_handler = set_error_handler("myErrorHandler", 30719);
  57. if (!isset($siteKey) | !isset($secret) | (isset($siteKey) && isset($secret) && (($siteKey == false) | ($secret == false)))) {
  58. $message_text = "ERROR: Нет ключей!";
  59. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  60. exit($js_result);
  61. return 1;
  62. }
  63.  
  64. if (isset($_SESSION["userLog"]) && isset($_SESSION["userPas"])) {
  65. $message_text = "Вы уже авторизовались!";
  66. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  67. exit($js_result);
  68. return 1;
  69. }
  70.  
  71. $recaptcha = new ReCaptcha\ReCaptcha($secret);
  72. $response = $recaptcha->verify(strip_tags(htmlspecialchars(trim($_POST["recaptcha"]))), $laip);
  73.  
  74. if ($response->isSuccess()) {
  75. $username = (isset($_POST["log_user"]) && preg_match("|^[a-zA-Z0-9\-_-]{3,20}$|", trim($_POST["log_user"])) ? htmlentities(stripslashes(trim($_POST["log_user"]))) : false);
  76.  
  77. $password = (isset($_POST["pas_user"]) && preg_match("|^[a-zA-Z0-9\-_-]{6,20}$|", trim($_POST["pas_user"])) ? htmlentities(stripslashes(trim($_POST["pas_user"]))) : false);
  78.  
  79. $enter_pas_oper = (isset($_POST["pas_oper"]) && preg_match("|^[0-9a-zA-Z]{7,9}$|", trim($_POST["pas_oper"])) ? htmlentities(stripslashes(trim($_POST["pas_oper"]))) : false);
  80.  
  81. if ($username == false) {
  82. $message_text = "Логин должен быть от 3 до 20 символов, и содержать только латинские символы";
  83. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  84. exit($js_result);
  85. return 1;
  86. }
  87.  
  88. if ($password == false) {
  89. $message_text = "Пароль должен быть от 3 до 20 символов, и содержать только латинские символы";
  90. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  91. exit($js_result);
  92. return 1;
  93. }
  94.  
  95. ($sql = mysql_query("SELECT * FROM `tb_users` WHERE `username`='" . mysql_real_escape_string($username) . "' AND `password`='" . mysql_real_escape_string($password) . "'")) || exit($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", mysql_error()))) : mysql_error());
  96.  
  97. if (0 < mysql_num_rows($sql)) {
  98. $row = mysql_fetch_assoc($sql);
  99.  
  100. if (strtolower($username) != strtolower($row["username"])) {
  101. $message_text = "Логин введен не верно!";
  102. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  103. exit($js_result);
  104. return 1;
  105. }
  106.  
  107. if (strtolower($password) != strtolower($row["password"])) {
  108. $message_text = "Пароль введен не верно!";
  109. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  110. exit($js_result);
  111. return 1;
  112. }
  113.  
  114. if ($row["block_wmid"] == 1) {
  115. $message_text = "Необходимо авторизоваться через WebMomey Login";
  116. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  117. exit($js_result);
  118. return 1;
  119. }
  120.  
  121. if (($row["block_agent"] == 1) && ($row["lastiplog"] != $laip) && ($enter_pas_oper == false)) {
  122. $message_text = "У Вас изменился IP-адрес, необходимо ввести пароль для операций!";
  123. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "NeedPO", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  124. exit($js_result);
  125. return 1;
  126. }
  127.  
  128. if (($row["block_agent"] == 1) && (strtolower($row["agent"]) != strtolower($_SERVER["HTTP_USER_AGENT"])) && ($enter_pas_oper == false)) {
  129. $message_text = "У Вас изменился браузер, необходимо ввести пароль для операций!";
  130. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "NeedPO", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  131. exit($js_result);
  132. return 1;
  133. }
  134.  
  135. if (($row["block_agent"] == 1) && (($row["lastiplog"] != $laip) | (strtolower($row["agent"]) != strtolower($_SERVER["HTTP_USER_AGENT"]))) && ($enter_pas_oper == false)) {
  136. $message_text = "Необходимо ввести пароль для операций!";
  137. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "NeedPO", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  138. exit($js_result);
  139. return 1;
  140. }
  141.  
  142. if (($row["block_agent"] == 1) && (($row["lastiplog"] != $laip) | (strtolower($row["agent"]) != strtolower($_SERVER["HTTP_USER_AGENT"]))) && (strtolower($row["pass_oper"]) != strtolower($enter_pas_oper))) {
  143. $message_text = "Пароль для операций введен не верно!";
  144. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "NeedPO", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  145. exit($js_result);
  146. return 1;
  147. }
  148.  
  149. $_SESSION["partnerid"] = $row["id"];
  150. $_SESSION["userLog"] = $row["username"];
  151. $_SESSION["userPas"] = md5($row["password"]);
  152. $_SESSION["WMID"] = $row["wmid"];
  153. $_SESSION["IP"] = $laip;
  154.  
  155. if ($row["user_status"] == 1) {
  156. $_SESSION["userLog_a"] = $row["username"];
  157. $_SESSION["userPas_a"] = md5($row["password"]);
  158. }
  159.  
  160. SETCOOKIE("_user", $row["username"], time() + 7776000, "/");
  161. SETCOOKIE("_pid", md5($row["id"]), time() + 7776000, "/");
  162. $sql_r1 = mysql_query("SELECT `id` FROM `tb_users` WHERE `referer`='$username'");
  163. $referals1 = mysql_num_rows($sql_r1);
  164. $sql_r2 = mysql_query("SELECT `id` FROM `tb_users` WHERE `referer2`='$username'");
  165. $referals2 = mysql_num_rows($sql_r2);
  166. $sql_r3 = mysql_query("SELECT `id` FROM `tb_users` WHERE `referer3`='$username'");
  167. $referals3 = mysql_num_rows($sql_r3);
  168.  
  169. if (($row["lastlogdate2"] != 0) && ($row["lastlogdate2"] < (time() - (7 * 24 * 60 * 60)))) {
  170. $reit_add = mysql_result(mysql_query("SELECT `price` FROM `tb_config` WHERE `item`='reit_noactive' AND `howmany`='1'"), 0, 0);
  171. }
  172. else {
  173. $reit_add = 0;
  174. }
  175.  
  176. if (isset($row["wmid"]) && preg_match("|^[\d]{12}$|", trim($row["wmid"]))) {
  177. include_once (ROOT_DIR . "/auto_pay_req/wmxml.inc.php");
  178. $_RES_WM_11 = _WMXML11($row["wmid"]);
  179. $_ATTESTAT = (isset($_RES_WM_11["att"]) ? $_RES_WM_11["att"] : $row["attestat"]);
  180. }
  181. else {
  182. $_ATTESTAT = $row["attestat"];
  183. }
  184.  
  185. include (ROOT_DIR . "/geoip/geoipcity.inc");
  186. include (ROOT_DIR . "/geoip/geoipregionvars.php");
  187. $gi = geoip_open(ROOT_DIR . "/geoip/GeoLiteCity.dat", GEOIP_STANDARD);
  188. $record = @geoip_record_by_addr($gi, $laip);
  189. @geoip_close($gi);
  190.  
  191. $country_code = (isset($record->country_code) && ($record->country_code != false) ? $record->country_code : $row["country_cod"]);
  192. mysql_query("UPDATE `tb_users` SET \r\n\t\t\t\t\t\t\t\t`attestat`='$_ATTESTAT', \r\n\t\t\t\t\t\t\t\t`reiting`=`reiting`+'$reit_add', `country_cod`='$country_code', \r\n\t\t\t\t\t\t\t\t`referals`='$referals1', `referals2`='$referals2', `referals3`='$referals3', \r\n\t\t\t\t\t\t\t\t`lastlogdate`='" . DATE("d.m.Y") . "', `lastlogdate2`='" . time() . "', \r\n\t\t\t\t\t\t\t\t`lastiplog`='$laip', `kol_log`=`kol_log`+1, `agent`='" . $_SERVER["HTTP_USER_AGENT"] . "' \r\n\t\t\t\t\t\t\tWHERE `username`='$username'") || exit($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", mysql_error()))) : mysql_error());
  193. $_USER_T_ID = strtolower(md5($row["id"]));
  194.  
  195. $_COOKIE_ID = (isset($_COOKIE["_pid"]) && preg_match("|^[0-9a-fA-F]{32}$|", htmlspecialchars(trim($_COOKIE["_pid"]))) ? htmlspecialchars(strtolower(trim($_COOKIE["_pid"]))) : false);
  196.  
  197. if ($_COOKIE_ID != false) {
  198. ($sql_ban = mysql_query("SELECT `username` FROM `tb_users` WHERE md5(`id`)='$_COOKIE_ID'")) || exit($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", mysql_error()))) : mysql_error());
  199.  
  200. if (0 < mysql_num_rows($sql_ban)) {
  201. $_COOKIE_NAME = mysql_result($sql_ban, 0, 0);
  202.  
  203. if ($_USER_T_ID != $_COOKIE_ID) {
  204. ($sql_ch1 = mysql_query("SELECT `id` FROM `tb_ban_users` WHERE `name`='$_COOKIE_NAME'")) || exit($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", mysql_error()))) : mysql_error());
  205.  
  206. if (mysql_num_rows($sql_ch1) == 0) {
  207. mysql_query("INSERT INTO `tb_ban_users` (`name`,`why`,`ip`,`date`,`time`) \r\n\t\t\t\t\t\t\t\t\t\t\tVALUES ('$_COOKIE_NAME','Мультиаккаунт ($_COOKIE_NAME, $username)','$ip','" . DATE("d.m.Y H:i") . "', '" . time() . "')") || exit($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", mysql_error()))) : mysql_error());
  208. mysql_query("UPDATE `tb_users` SET `ban_date`='" . time() . "' WHERE `username`='$_COOKIE_NAME' AND `ban_date`='0'") || exit($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", mysql_error()))) : mysql_error());
  209. }
  210.  
  211. ($sql_ch2 = mysql_query("SELECT `id` FROM `tb_ban_users` WHERE `name`='$username'")) || exit($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", mysql_error()))) : mysql_error());
  212.  
  213. if (mysql_num_rows($sql_ch2) == 0) {
  214. mysql_query("INSERT INTO `tb_ban_users` (`name`,`why`,`ip`,`date`,`time`) \r\n\t\t\t\t\t\t\t\t\t\t\tVALUES ('$username','Мультиаккаунт ($_COOKIE_NAME, $username)','$ip','" . DATE("d.m.Y H:i") . "', '" . time() . "')") || exit($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", mysql_error()))) : mysql_error());
  215. mysql_query("UPDATE `tb_users` SET `ban_date`='" . time() . "' WHERE `username`='$username' AND `ban_date`='0'") || exit($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", mysql_error()))) : mysql_error());
  216. }
  217. }
  218. }
  219. }
  220.  
  221. $message_text = "Авторизация прошла успешно!";
  222. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "OK", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  223. exit($js_result);
  224. return 1;
  225. }
  226.  
  227. $message_text = "Логин или пароль введен не верно!";
  228. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  229. exit($js_result);
  230. return 1;
  231. }
  232.  
  233. $_ERR_CODE = false;
  234.  
  235. foreach ($response->getErrorCodes() as $code) {
  236. $_ERR_CODE .= $code;
  237. }
  238.  
  239. $message_text = (isset($_ERR_CODE) && (htmlspecialchars(trim($_ERR_CODE)) != false) ? "Необходимо подтвердить, что Вы не робот!" : "Обновите страницу!");
  240. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  241. exit($js_result);
  242. return 1;
  243. }
  244.  
  245. $message_text = "ERROR: Не корректный запрос!";
  246. $js_result = ($ajax_json == "json" ? json_encode_cp1251(array("result" => "ERROR", "message" => iconv("CP1251", "UTF-8", $message_text))) : $message_text);
  247. exit($js_result);
  248.  
  249. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!