API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 24th, 2016
157
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.00 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. header('Content-Type: text/html; charset=utf-8');
  3. define('INCLUDE_CHECK', true);
  4.  
  5. if (isset($_POST['action'])) {
  6. include('connect.php');
  7. include_once('security.php');
  8. include_once('loger.php');
  9. include_once('uuid.php');
  10.  
  11. $x = $_POST['action'];
  12. $x = str_replace(' ', '+', $x);
  13. $yd = Security::decrypt($x, $key2);
  14.  
  15. if ($yd == null) {
  16. echo 'errorlauncher';
  17. exit;
  18. }
  19.  
  20. @list($action, $client, $login, $postPass, $launchermd5, $ctoken) = explode(':', $yd);
  21. } else {
  22. echo 'NOTHING TO DO';
  23. exit;
  24. }
  25.  
  26. try {
  27. /*
  28. if (!preg_match('/^[a-zA-Z0-9_-]+$/', $login) || !preg_match('/^[a-zA-Z0-9_-]+$/', $postPass) || !preg_match('/^[a-zA-Z0-9_-]+$/', $action)) {
  29. exit(Security::encrypt('errorLogin<$>', $key1));
  30. }
  31. */
  32. if (!file_exists($uploaddirs)) die ('Путь к скинам не является папкой! Укажите в настройках правильный путь.');
  33. if (!file_exists($uploaddirp)) die ('Путь к плащам не является папкой! Укажите в настройках правильный путь.');
  34.  
  35. $ctokenIsNull = $ctoken == 'null';
  36.  
  37. if ($ctokenIsNull) {
  38. if ($crypt === 'hash_dle') {
  39. $stmt = $db->prepare("SELECT $db_columnUser,$db_columnPass FROM $db_table WHERE BINARY $db_columnUser= :login");
  40. $stmt->bindValue(':login', $login);
  41. $stmt->execute();
  42. $stmt->bindColumn($db_columnPass, $realPass);
  43. $stmt->bindColumn($db_columnUser, $realUser);
  44. $stmt->fetch();
  45. // if ($crypt === 'hash_smf') $salt = $realUser;
  46. } else die(Security::encrypt('badhash<$>', $key1));
  47.  
  48. $checkPass = hash_name($crypt, $realPass, $postPass, @$salt);
  49.  
  50. if ($checkPass != $realPass) die(Security::encrypt('errorLogin<$>', $key1));
  51. }
  52.  
  53. $accesstoken = $ctokenIsNull ? token() : $postPass;
  54.  
  55. $sessid = token();
  56. $stmt = $db->prepare("SELECT user, token FROM usersession WHERE user=:login");
  57. $stmt->bindValue(':login', $login);
  58. $stmt->execute();
  59. $rU = $stmt->fetch(PDO::FETCH_ASSOC);
  60.  
  61. if ($rU['user'] != null) {
  62. $realUser = $rU['user'];
  63. }
  64.  
  65. if (!$ctokenIsNull) {
  66. if ($rU['token'] != $acesstoken ) {
  67. exit(Security::encrypt('errorLogin<$>', $key1));
  68. }
  69. }
  70.  
  71. $loginIsRUser = $login == $rU['user'];
  72. if ($loginIsRUser) {
  73. if ($ctokenIsNull) {
  74. $stmt = $db->prepare("UPDATE usersession SET session = '$sessid', token = :token WHERE user= :login");
  75. $stmt->bindValue(':token', $acesstoken);
  76. } else {
  77. $stmt = $db->prepare("UPDATE usersession SET session = '$sessid' WHERE user= :login");
  78. }
  79. $stmt->bindValue(':login', $login);
  80. $stmt->execute();
  81. } else if ($ctokenIsNull || !$loginIsRUser) {
  82. $stmt = $db->prepare("INSERT INTO usersession (user, session, md5, token) VALUES (:login, '$sessid', :md5, '$acesstoken')");
  83. $stmt->bindValue(':login', $realUser);
  84. $stmt->bindValue(':md5', str_replace('-', '', uuidConvert($realUser)));
  85. $stmt->execute();
  86. }
  87.  
  88. if ($action == 'getpersonal' && !$usePersonal) die('Использование ЛК выключено');
  89. if ($action == 'uploadskin' && !$canUploadSkin) die('Функция недоступна');
  90.  
  91. /*
  92. if ($action == 'exchange' || $action == 'getpersonal') {
  93. $stmt = $db->prepare("SELECT username,balance FROM iConomy WHERE username= :login");
  94. $stmt->bindValue(':login', $login);
  95. $stmt->execute();
  96. $rowicon = $stmt->fetch(PDO::FETCH_ASSOC);
  97. $iconregistered = true;
  98.  
  99. if (!$rowicon['balance']) {
  100. $stmt = $db->prepare("INSERT INTO `iConomy` (`username`, `balance`, `status`) VALUES (:login, '$initialIconMoney.00', '0');");
  101. $stmt->bindValue(':login', $login);
  102. $stmt->execute();
  103. $iconregistered = false;
  104. }
  105. }
  106. */
  107. $iconregistered = false;
  108.  
  109. if ($action == 'auth') {
  110.  
  111. if ($checklauncher) {
  112. if ($launchermd5 != null) {
  113. if (($launchermd5 == @$md5launcherexe) || ($launchermd5 == @$md5launcherjar)) {
  114. $check = '1';
  115. }
  116. }
  117.  
  118. if (!@$check == '1') exit(Security::encrypt("badlauncher<$>_$masterversion", $key1));
  119. }
  120.  
  121. $z = $assetsfolder ? '/' : '.zip';
  122.  
  123. $clientPath = 'clients/'.$client;
  124. $assetsPath = 'clients/assets';
  125. $configPath = $clientPath.'/config.zip';
  126.  
  127. $binPath = $clientPath.'/bin/';
  128. $modsPath = $clientPath.'/mods/';
  129. $coremodsPath = $clientPath.'/coremods/';
  130. $nativesPath = $clientPath.'/natives/';
  131.  
  132. if (
  133. !file_exists($assetsPath.$z)||
  134. !file_exists($binPath) ||
  135. !file_exists($modsPath) ||
  136. !file_exists($coremodsPath) ||
  137. !file_exists($nativesPath) ||
  138. !file_exists($configPath)
  139. ) die(Security::encrypt("client<$> $client", $key1));
  140.  
  141. $md5user = strtoint(xorencode(str_replace('-', '', uuidConvert($realUser)), $protectionKey));
  142. $md5zip = @md5_file($configPath);
  143. $md5ass = @md5_file($assetsPath);
  144. $sizezip = @filesize($configPath);
  145. $sizeass = @filesize($assetsPath);
  146. $usrsessions = "$masterversion<:>$md5user<:>".$md5zip."<>".$sizezip."<:>".$md5ass."<>".$sizeass."<br>".$realUser.'<:>'.strtoint(xorencode($sessid, $protectionKey)).'<br>'.$acesstoken.'<br>';
  147.  
  148. function hashc($assetsfolder,$client) {
  149. $baseCheckData = checkfiles($binPath).checkfiles($modsPath).checkfiles($coremodsPath).checkfiles($nativesPath);
  150. if ($assetsfolder) {
  151. $hash_md5 = str_replace('\\', '/', $baseCheckData.checkfiles($assetsPath)).'<::>assets/indexes<:b:>assets/objects<:b:>assets/virtual<:b:>'.$client.'/bin<:b:>'.$client.'/mods<:b:>'.$client.'/coremods<:b:>'.$client.'/natives<:b:>';
  152. } else {
  153. $hash_md5 = str_replace('\\', '/', $baseCheckData).'<::>'.$client.'/bin<:b:>'.$client.'/mods<:b:>'.$client.'/coremods<:b:>'.$client.'/natives<:b:>';
  154. }
  155. return $hash_md5;
  156. }
  157.  
  158. if ($temp) {
  159. $filecashe = 'temp/'.$client;
  160.  
  161. if (file_exists($filecashe)) {
  162. $fp = fopen($filecashe, "r");
  163. $hash_md5 = fgets($fp);
  164. fclose($fp);
  165. } else {
  166. $hash_md5 = hashc($assetsfolder,$client);
  167. $fp = fopen($filecashe, "w");
  168. fwrite($fp, $hash_md5);
  169. fclose($fp);
  170. }
  171. } else {
  172. $hash_md5 = hashc($assetsfolder,$client);
  173. }
  174.  
  175. echo Security::encrypt($usrsessions.$hash_md5, $key1);
  176.  
  177. } else if ($action == 'getpersonal') { // Вход в ЛК
  178. /*
  179. $stmt = $db->prepare("SELECT user,realmoney FROM usersession WHERE user= :login");
  180. $stmt->bindValue(':login', $login);
  181. $stmt->execute();
  182. $row = $stmt->fetch(PDO::FETCH_ASSOC);
  183. $realmoney = $row['realmoney'];
  184. */
  185. $realmoney = '0.0';
  186. $iconmoney = '0.0';
  187.  
  188. // Покупка VIP и Premium (отключена):
  189. $datetoexpire = 0;
  190. $ugroup = 'User';
  191.  
  192. // Работы (отключены):
  193. $jobname = "nojob";
  194. $joblvl = -1;
  195. $jobexp = -1;
  196.  
  197. $canUploadSkin = (int)$canUploadSkin;
  198. $canUploadCloak = (int)$canUploadCloak;
  199. $canBuyVip = (int)$canBuyVip;
  200. $canBuyPremium = (int)$canBuyPremium;
  201. $canBuyUnban = (int)$canBuyUnban;
  202. $canActivateVaucher = (int)$canActivateVaucher;
  203. $canExchangeMoney = (int)$canExchangeMoney;
  204.  
  205. echo "$canUploadSkin$canUploadCloak$canBuyVip$canBuyPremium$canBuyUnban$canActivateVaucher$canExchangeMoney<:>$iconmoney<:>$realmoney<:>$cloakPrice<:>$vipPrice<:>$premiumPrice<:>$unbanPrice<:>$exchangeRate<:>$ugroup<:>$datetoexpire<:>$jobname<:>$joblvl<:>$jobexp";
  206.  
  207. } else if ($action == 'uploadskin') { // Установка скина
  208.  
  209. $stmt = $db->prepare("SELECT permission FROM `permissions` WHERE name=:login");
  210. $stmt->bindValue(':login', uuidConvert($login));
  211. $stmt->execute();
  212. $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
  213.  
  214. $hdSkin = false;
  215. foreach ($rows as $row) {
  216. $permission = $row['permission'];
  217. $hdSkin = (strcmp($permission, '*') == 0) || (!(strpos($permission, 'hd.skin') === false));
  218.  
  219. if ($hdSkin) break;
  220. }
  221.  
  222. $sk = base64_decode($_POST['ufile']);
  223. if ($sk == null) die("nofile");
  224. $image = imagecreatefromstring($sk);
  225.  
  226. $validSkin = ((imagesx($image) % 64) == 0) && ((imagesy($skin) % 32) == 0);
  227. if (imagestype($sk) != 'image/png' || ((!$hdSkin) && (imagesx($image) > 64)) || (!$validSkin)) die("skinerr");
  228. imagesavealpha($image, true);
  229. $uploadfile = "".$uploaddirs."/".$login.".png";
  230.  
  231. if (imagepng($image, $uploadfile)) {
  232. echo 'success';
  233. } else {
  234. exit('fileerr');
  235. }
  236.  
  237. } else {
  238. echo 'Запрос составлен неверно';
  239. }
  240.  
  241. } catch(PDOException $pe) {
  242. die(Security::encrypt('errorsql<$>', $key1).$logger->WriteLine($log_date.$pe)); //вывод ошибок MySQL в m.log
  243. }
  244.  
  245. //HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
  246.  
  247. function xorencode($str, $key) {
  248. $lenstr = strlen($str);
  249. while (strlen($key) < $lenstr) {
  250. $key .= $key;
  251. }
  252. return $str ^ $key;
  253. }
  254.  
  255. function strtoint($text) {
  256. $res = '';
  257. $len = strlen($text);
  258. for ($i = 0; $i < $len; $i++) $res .= ord($text{$i}) . '-';
  259. $res = substr($res, 0, -1);
  260. return $res;
  261. }
  262.  
  263. function hash_name($ncrypt, $realPass, $postPass, $salt) {
  264. $cryptPass = false;
  265. if ($ncrypt === 'hash_dle') {
  266. $cryptPass = md5(md5($postPass));
  267. }
  268.  
  269. return $cryptPass;
  270. }
  271.  
  272. function checkfiles($path) {
  273. $objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::SELF_FIRST);
  274. $massive = '';
  275.  
  276. foreach ($objects as $name => $object) {
  277. $basename = basename($name);
  278. $isdir = is_dir($name);
  279.  
  280. if ($basename != '.' and $basename != '..' and !is_dir($name)) {
  281. $str = str_replace('clients/', '', str_replace($basename, '', $name));
  282. $massive = $massive.$str.$basename.':>'.md5_file($name).':>'.filesize($name).'<:>';
  283. }
  284. }
  285.  
  286. return $massive;
  287. }
  288.  
  289. function token() {
  290. $chars = '0123456789abcdef';
  291. $max = 64;
  292. $size = StrLen($chars)-1;
  293. $password = null;
  294.  
  295. while ($max--) $password .= $chars[rand(0,$size)];
  296.  
  297. return $password;
  298. }
  299.  
  300. function imagestype($binary) {
  301. if (
  302. !preg_match(
  303. '/\A(?:(\xff\xd8\xff)|(GIF8[79]a)|(\x89PNG\x0d\x0a)|(BM)|(\x49\x49(?:\x2a\x00|\x00\x4a))|(FORM.{4}ILBM))/',
  304. $binary, $hits
  305. )
  306. ) {
  307. return 'application/octet-stream';
  308. }
  309.  
  310. static $type = array (
  311. 1 => 'image/jpeg',
  312. 2 => 'image/gif',
  313. 3 => 'image/png',
  314. 4 => 'image/x-windows-bmp',
  315. 5 => 'image/tiff',
  316. 6 => 'image/x-ilbm',
  317. );
  318.  
  319. return $type[count($hits) - 1];
  320. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!