API tools faq
paste
Guest User

Untitled

a guest
May 9th, 2016
27
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.45 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //My login Script
  3. // mysql connection variables
  4. require_once('./class.rc4crypt.php');
  5. $host = '127.0.0.1';
  6. $dbuser = 'root';
  7. $dbpass = '';
  8. $dbname = 'stickemu';
  9. $table = 'players';
  10. //
  11. // connect to db
  12. $db = @mysql_connect($host,$dbuser,$dbpass) or die("result=error");
  13. $db = mysql_select_db($dbname);
  14. if(!$db)
  15. {
  16. print "result=error";
  17. exit;
  18. }
  19.  
  20. // declare variables
  21. if(isset($_POST['username'])){
  22. $username=sanitize($_POST['username']);
  23. }
  24. if(isset($_POST['userpass'])){
  25. $password=sanitize(md5($_POST['userpass']));
  26. }
  27. if(isset($_POST['action'])){
  28. $action=sanitize($_POST['action']);
  29. }
  30. if(isset($_POST['usercol'])){
  31. $usercol=sanitize($_POST['usercol']);
  32. }
  33. if(isset($_POST['stats'])){
  34. $stats=$_POST['stats'];
  35. }
  36.  
  37. if($action=="authenticate")
  38. {
  39. //
  40. // check table
  41. $query = mysql_query("SELECT * FROM $table WHERE USERname = '$username' AND USERpass = '$password'");
  42. $num = mysql_num_rows($query);
  43. if($num>0)
  44. {
  45. while ($row = mysql_fetch_array($query, MYSQL_BOTH)) {
  46. if($row["ban"] == 1)
  47. {
  48. echo "result=banned";
  49. exit;
  50. }
  51. printf("result=success&usercol=%s", colstring($row["red"]).colstring($row["green"]).colstring($row["blue"]));
  52. }
  53. } else {
  54. print "result=error";
  55. }
  56. }
  57.  
  58. if($action=="player_stats")
  59. {
  60. $query = mysql_query("SELECT * FROM users WHERE USERname = '$username'");
  61. while ($row = mysql_fetch_array($query, MYSQL_BOTH)) {
  62. printf ("rounds=%s&wins=%s&losses=%s&kills=%s&deaths=%s&user_level=%s&result=success", $row["rounds"], $row["wins"], $row["losses"], $row["kills"], $row["deaths"], $row["user_level"]);
  63. }
  64. }
  65.  
  66. if($action=="create")
  67. {
  68. if($usercol == "000000000")
  69. $usercol = "000000001";
  70.  
  71. $querystring = sprintf("INSERT INTO `users` (name, password) VALUES('%s','%s')", $username, $password);
  72. $result = mysql_query($querystring);
  73.  
  74.  
  75. if (!$result) {
  76. $message = 'result=error';
  77. die($message);
  78. }
  79. echo "result=success";
  80. }
  81.  
  82. if($action=="start_round")
  83. {
  84. echo "result=success";
  85. }
  86.  
  87. if($action=="round_stats")
  88. {
  89. //$ = rc4Encrypt(hex2bin($stats), "8fJ3Ki8Fy6rX1l0J");
  90. $stats_decrypted = rc4crypt::decrypt("8fJ3Ki8Fy6rX1l0J", hex2bin($stats)); // Assuming the key is binary (what you typed)
  91. $kills = get_string_between($stats_decrypted, "KILLS=", "&DE");
  92. $deaths = sanitize(get_string_between($stats_decrypted, "DEATHS=", "&ROUNDSP"));
  93.  
  94. if($kills > 50)
  95. $kills = 0;
  96.  
  97. if($deaths < 0)
  98. $deaths = 0;
  99.  
  100. $kills = sanitize($kills);
  101. $deaths = sanitize($deaths);
  102.  
  103. $roundsplayed = sanitize(get_string_between($stats_decrypted, "PLAYED=", "&WIN"));
  104. $winner = get_string_between($stats_decrypted, "WINNER=", "X");
  105.  
  106. if($winner == "1")
  107. {
  108. $wins = "1";
  109. $losses = "0";
  110. } else if ($winner == "0")
  111. {
  112. $wins = "0";
  113. $losses = "1";
  114. }
  115.  
  116. $querystring = sprintf("UPDATE USERS set `kills` = `kills` + '%s', `deaths` = `deaths` + '%s', `rounds` = `rounds` + '%s', `wins` = `wins` + '%s', `losses` = `losses` + '%s' WHERE `USERname` = '%s' AND `USERpass` = '%s'", $kills, $deaths, $roundsplayed, $wins, $losses, $username, $password);
  117.  
  118. $result = mysql_query($querystring);
  119. if (!$result) {
  120. $message = 'result=error';
  121. die($message);
  122. }
  123. echo "result=success";
  124. }
  125.  
  126.  
  127. //------------------------------------------------------------------------------
  128. //Functions
  129. function colstring($col)
  130. {
  131. return str_pad($col, 3, "0", STR_PAD_LEFT);
  132. }
  133.  
  134. function cleanInput($input) {
  135.  
  136. $search = array(
  137. '@<script[^>]*?>.*?</script>@si', // Strip out javascript
  138. '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
  139. '@<style[^>]*?>.*?</style>@siU', // Strip style tags properly
  140. '@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments
  141. );
  142.  
  143. $output = preg_replace($search, '', $input);
  144. return $output;
  145. }
  146.  
  147. function sanitize($input) {
  148. if (is_array($input)) {
  149. foreach($input as $var=>$val) {
  150. $output[$var] = sanitize($val);
  151. }
  152. }
  153. else {
  154. if (get_magic_quotes_gpc()) {
  155. $input = stripslashes($input);
  156. }
  157. $input = cleanInput($input);
  158. $output = mysql_real_escape_string($input);
  159. }
  160. return $output;
  161. }
  162.  
  163.  
  164.  
  165.  
  166. function get_string_between($string, $start, $end){
  167. $string = " ".$string;
  168. $ini = strpos($string,$start);
  169. if ($ini == 0) return "";
  170. $ini += strlen($start);
  171. $len = strpos($string,$end,$ini) - $ini;
  172. return substr($string,$ini,$len);
  173. }
  174.  
  175.  
  176. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!