Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- header('Content-Type: text/html; charset=utf-8');
- define('INCLUDE_CHECK', true);
- if (isset($_POST['action'])) {
- include('connect.php');
- include_once('security.php');
- include_once('loger.php');
- include_once('uuid.php');
- $x = $_POST['action'];
- $x = str_replace(' ', '+', $x);
- $yd = Security::decrypt($x, $key2);
- if ($yd == null) {
- echo 'errorlauncher';
- exit;
- }
- @list($action, $client, $login, $postPass, $launchermd5, $ctoken) = explode(':', $yd);
- } else {
- echo 'NOTHING TO DO';
- exit;
- }
- try {
- /*
- if (!preg_match('/^[a-zA-Z0-9_-]+$/', $login) || !preg_match('/^[a-zA-Z0-9_-]+$/', $postPass) || !preg_match('/^[a-zA-Z0-9_-]+$/', $action)) {
- exit(Security::encrypt('errorLogin<$>', $key1));
- }
- */
- if (!file_exists($uploaddirs)) die ('Путь к скинам не является папкой! Укажите в настройках правильный путь.');
- if (!file_exists($uploaddirp)) die ('Путь к плащам не является папкой! Укажите в настройках правильный путь.');
- $ctokenIsNull = $ctoken == 'null';
- if ($ctokenIsNull) {
- if ($crypt === 'hash_dle') {
- $stmt = $db->prepare("SELECT $db_columnUser,$db_columnPass FROM $db_table WHERE BINARY $db_columnUser= :login");
- $stmt->bindValue(':login', $login);
- $stmt->execute();
- $stmt->bindColumn($db_columnPass, $realPass);
- $stmt->bindColumn($db_columnUser, $realUser);
- $stmt->fetch();
- // if ($crypt === 'hash_smf') $salt = $realUser;
- } else die(Security::encrypt('badhash<$>', $key1));
- $checkPass = hash_name($crypt, $realPass, $postPass, @$salt);
- if ($checkPass != $realPass) die(Security::encrypt('errorLogin<$>', $key1));
- }
- $accesstoken = $ctokenIsNull ? token() : $postPass;
- $sessid = token();
- $stmt = $db->prepare("SELECT user, token FROM usersession WHERE user=:login");
- $stmt->bindValue(':login', $login);
- $stmt->execute();
- $rU = $stmt->fetch(PDO::FETCH_ASSOC);
- if ($rU['user'] != null) {
- $realUser = $rU['user'];
- }
- if (!$ctokenIsNull) {
- if ($rU['token'] != $acesstoken ) {
- exit(Security::encrypt('errorLogin<$>', $key1));
- }
- }
- $loginIsRUser = $login == $rU['user'];
- if ($loginIsRUser) {
- if ($ctokenIsNull) {
- $stmt = $db->prepare("UPDATE usersession SET session = '$sessid', token = :token WHERE user= :login");
- $stmt->bindValue(':token', $acesstoken);
- } else {
- $stmt = $db->prepare("UPDATE usersession SET session = '$sessid' WHERE user= :login");
- }
- $stmt->bindValue(':login', $login);
- $stmt->execute();
- } else if ($ctokenIsNull || !$loginIsRUser) {
- $stmt = $db->prepare("INSERT INTO usersession (user, session, md5, token) VALUES (:login, '$sessid', :md5, '$acesstoken')");
- $stmt->bindValue(':login', $realUser);
- $stmt->bindValue(':md5', str_replace('-', '', uuidConvert($realUser)));
- $stmt->execute();
- }
- if ($action == 'getpersonal' && !$usePersonal) die('Использование ЛК выключено');
- if ($action == 'uploadskin' && !$canUploadSkin) die('Функция недоступна');
- /*
- if ($action == 'exchange' || $action == 'getpersonal') {
- $stmt = $db->prepare("SELECT username,balance FROM iConomy WHERE username= :login");
- $stmt->bindValue(':login', $login);
- $stmt->execute();
- $rowicon = $stmt->fetch(PDO::FETCH_ASSOC);
- $iconregistered = true;
- if (!$rowicon['balance']) {
- $stmt = $db->prepare("INSERT INTO `iConomy` (`username`, `balance`, `status`) VALUES (:login, '$initialIconMoney.00', '0');");
- $stmt->bindValue(':login', $login);
- $stmt->execute();
- $iconregistered = false;
- }
- }
- */
- $iconregistered = false;
- if ($action == 'auth') {
- if ($checklauncher) {
- if ($launchermd5 != null) {
- if (($launchermd5 == @$md5launcherexe) || ($launchermd5 == @$md5launcherjar)) {
- $check = '1';
- }
- }
- if (!@$check == '1') exit(Security::encrypt("badlauncher<$>_$masterversion", $key1));
- }
- $z = $assetsfolder ? '/' : '.zip';
- $clientPath = 'clients/'.$client;
- $assetsPath = 'clients/assets';
- $configPath = $clientPath.'/config.zip';
- $binPath = $clientPath.'/bin/';
- $modsPath = $clientPath.'/mods/';
- $coremodsPath = $clientPath.'/coremods/';
- $nativesPath = $clientPath.'/natives/';
- if (
- !file_exists($assetsPath.$z)||
- !file_exists($binPath) ||
- !file_exists($modsPath) ||
- !file_exists($coremodsPath) ||
- !file_exists($nativesPath) ||
- !file_exists($configPath)
- ) die(Security::encrypt("client<$> $client", $key1));
- $md5user = strtoint(xorencode(str_replace('-', '', uuidConvert($realUser)), $protectionKey));
- $md5zip = @md5_file($configPath);
- $md5ass = @md5_file($assetsPath);
- $sizezip = @filesize($configPath);
- $sizeass = @filesize($assetsPath);
- $usrsessions = "$masterversion<:>$md5user<:>".$md5zip."<>".$sizezip."<:>".$md5ass."<>".$sizeass."<br>".$realUser.'<:>'.strtoint(xorencode($sessid, $protectionKey)).'<br>'.$acesstoken.'<br>';
- function hashc($assetsfolder,$client) {
- $baseCheckData = checkfiles($binPath).checkfiles($modsPath).checkfiles($coremodsPath).checkfiles($nativesPath);
- if ($assetsfolder) {
- $hash_md5 = str_replace('\\', '/', $baseCheckData.checkfiles($assetsPath)).'<::>assets/indexes<:b:>assets/objects<:b:>assets/virtual<:b:>'.$client.'/bin<:b:>'.$client.'/mods<:b:>'.$client.'/coremods<:b:>'.$client.'/natives<:b:>';
- } else {
- $hash_md5 = str_replace('\\', '/', $baseCheckData).'<::>'.$client.'/bin<:b:>'.$client.'/mods<:b:>'.$client.'/coremods<:b:>'.$client.'/natives<:b:>';
- }
- return $hash_md5;
- }
- if ($temp) {
- $filecashe = 'temp/'.$client;
- if (file_exists($filecashe)) {
- $fp = fopen($filecashe, "r");
- $hash_md5 = fgets($fp);
- fclose($fp);
- } else {
- $hash_md5 = hashc($assetsfolder,$client);
- $fp = fopen($filecashe, "w");
- fwrite($fp, $hash_md5);
- fclose($fp);
- }
- } else {
- $hash_md5 = hashc($assetsfolder,$client);
- }
- echo Security::encrypt($usrsessions.$hash_md5, $key1);
- } else if ($action == 'getpersonal') { // Вход в ЛК
- /*
- $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
- $stmt->bindValue(':login', $login);
- $stmt->execute();
- $row = $stmt->fetch(PDO::FETCH_ASSOC);
- $realmoney = $row['realmoney'];
- */
- $realmoney = '0.0';
- $iconmoney = '0.0';
- // Покупка VIP и Premium (отключена):
- $datetoexpire = 0;
- $ugroup = 'User';
- // Работы (отключены):
- $jobname = "nojob";
- $joblvl = -1;
- $jobexp = -1;
- $canUploadSkin = (int)$canUploadSkin;
- $canUploadCloak = (int)$canUploadCloak;
- $canBuyVip = (int)$canBuyVip;
- $canBuyPremium = (int)$canBuyPremium;
- $canBuyUnban = (int)$canBuyUnban;
- $canActivateVaucher = (int)$canActivateVaucher;
- $canExchangeMoney = (int)$canExchangeMoney;
- echo "$canUploadSkin$canUploadCloak$canBuyVip$canBuyPremium$canBuyUnban$canActivateVaucher$canExchangeMoney<:>$iconmoney<:>$realmoney<:>$cloakPrice<:>$vipPrice<:>$premiumPrice<:>$unbanPrice<:>$exchangeRate<:>$ugroup<:>$datetoexpire<:>$jobname<:>$joblvl<:>$jobexp";
- } else if ($action == 'uploadskin') { // Установка скина
- $stmt = $db->prepare("SELECT permission FROM `permissions` WHERE name=:login");
- $stmt->bindValue(':login', uuidConvert($login));
- $stmt->execute();
- $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
- $hdSkin = false;
- foreach ($rows as $row) {
- $permission = $row['permission'];
- $hdSkin = (strcmp($permission, '*') == 0) || (!(strpos($permission, 'hd.skin') === false));
- if ($hdSkin) break;
- }
- $sk = base64_decode($_POST['ufile']);
- if ($sk == null) die("nofile");
- $image = imagecreatefromstring($sk);
- $validSkin = ((imagesx($image) % 64) == 0) && ((imagesy($skin) % 32) == 0);
- if (imagestype($sk) != 'image/png' || ((!$hdSkin) && (imagesx($image) > 64)) || (!$validSkin)) die("skinerr");
- imagesavealpha($image, true);
- $uploadfile = "".$uploaddirs."/".$login.".png";
- if (imagepng($image, $uploadfile)) {
- echo 'success';
- } else {
- exit('fileerr');
- }
- } else {
- echo 'Запрос составлен неверно';
- }
- } catch(PDOException $pe) {
- die(Security::encrypt('errorsql<$>', $key1).$logger->WriteLine($log_date.$pe)); //вывод ошибок MySQL в m.log
- }
- //HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
- function xorencode($str, $key) {
- $lenstr = strlen($str);
- while (strlen($key) < $lenstr) {
- $key .= $key;
- }
- return $str ^ $key;
- }
- function strtoint($text) {
- $res = '';
- $len = strlen($text);
- for ($i = 0; $i < $len; $i++) $res .= ord($text{$i}) . '-';
- $res = substr($res, 0, -1);
- return $res;
- }
- function hash_name($ncrypt, $realPass, $postPass, $salt) {
- $cryptPass = false;
- if ($ncrypt === 'hash_dle') {
- $cryptPass = md5(md5($postPass));
- }
- return $cryptPass;
- }
- function checkfiles($path) {
- $objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::SELF_FIRST);
- $massive = '';
- foreach ($objects as $name => $object) {
- $basename = basename($name);
- $isdir = is_dir($name);
- if ($basename != '.' and $basename != '..' and !is_dir($name)) {
- $str = str_replace('clients/', '', str_replace($basename, '', $name));
- $massive = $massive.$str.$basename.':>'.md5_file($name).':>'.filesize($name).'<:>';
- }
- }
- return $massive;
- }
- function token() {
- $chars = '0123456789abcdef';
- $max = 64;
- $size = StrLen($chars)-1;
- $password = null;
- while ($max--) $password .= $chars[rand(0,$size)];
- return $password;
- }
- function imagestype($binary) {
- if (
- !preg_match(
- '/\A(?:(\xff\xd8\xff)|(GIF8[79]a)|(\x89PNG\x0d\x0a)|(BM)|(\x49\x49(?:\x2a\x00|\x00\x4a))|(FORM.{4}ILBM))/',
- $binary, $hits
- )
- ) {
- return 'application/octet-stream';
- }
- static $type = array (
- 1 => 'image/jpeg',
- 2 => 'image/gif',
- 3 => 'image/png',
- 4 => 'image/x-windows-bmp',
- 5 => 'image/tiff',
- 6 => 'image/x-ilbm',
- );
- return $type[count($hits) - 1];
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement