Файл: core/core/head.php
Строк: 312
<?php
$_detected = false;
if ( isset ( $_GET ) ) {
foreach ( $_GET as $key => $value ) { if (preg_match("/''|/", $_GET[ $key ])) $hacked = TRUE;}
if ( $_detected == true ) {
print 'Dazje ne pitaisya wzlomat nas';
exit;
}
}
foreach ($_POST as $key => $value) { if (preg_match("/''|/", $value)) $hacked = TRUE; }
if ( $_detected == true ) {
print 'Dazje ne pitaisya wzlomat nas';
exit;
}
////от иньекций
if(preg_match("#'#",implode(" ",$_GET))||preg_match("#'#",implode(" ",$_POST))&&!$sqlinj)
{
die("<sсript language = javasсript>alert('Тебя спалили!');history.go(-1);</sсript>");
exit();
}
echo '<?xml version="1.0" encoding="utf-8"?>';
echo '<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd">';
echo '<meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0;">';
echo '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru">';
echo '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru"><head><title>'.$header.'</title><link rel="stylesheet" href="http://'.$set['site'].'/style/theme/style.css" type="text/css"/><link rel="icon" href="/favicon.ico" type="image/x-icon"/></head><body>
<!-- Rating@Mail.ru counter -->
<script type="text/javascript">
var _tmr = _tmr || [];
_tmr.push({id: "2588068", type: "pageView", start: (new Date()).getTime()});
(function (d, w) {
var ts = d.createElement("script"); ts.type = "text/javascript"; ts.async = true;
ts.src = (d.location.protocol == "https:" ? "https:" : "http:") + "//top-fwz1.mail.ru/js/code.js";
var f = function () {var s = d.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ts, s);};
if (w.opera == "[object Opera]") { d.addEventListener("DOMContentLoaded", f, false); } else { f(); }
})(document, window);
</script><noscript><div style="position:absolute;left:-10000px;">
<img src="//top-fwz1.mail.ru/counter?id=2588068;js=na" style="border:0;" height="1" width="1" alt="Рейтинг@Mail.ru" />
</div></noscript>
<!-- //Rating@Mail.ru counter -->
<div>';
$q_gift = mysql_query("SELECT * FROM `user_podarok` WHERE `user_id` = '$user[id]'");
require(H.'sys/classes/AntiHack.class.php'); $lq = new AntiHack;
require_once H. 'sys/classes/AntiHack.class.php';
if($user['ban'] == 1) header('Location: /moduls/ban.php');
if ($clan_memb) {
$query = mysql_query('SELECT * FROM `clans` WHERE `id` = '' . $clan_memb['clan'] . ''');
if (mysql_num_rows($query) != 0) {
$clan = mysql_fetch_array($query);
}
}
$gift = mysql_fetch_array($q_gift);
$time = $gift['last_auth'] + 84600;
$now = time();
if(isset($user['id']))
{
$level = file(H."data/exp.txt");
$vek = $user['vek_id'];
$exp = trim($level[$user['level']*1]);
$nstat = ($user['level']*2);
$exp_gold = ($user['level']*10+10);
$ushp = ($user['health']*2);
$usmhp = ($user['max_health']*2);
$k_new = mysql_result(mysql_query("SELECT COUNT(*) FROM `users_konts` WHERE `id_user` = '".$user['id']."' AND `new_msg`"),0);
echo " <center> <div class='player'><b><img src='/images/icon/32.png' alt='zd'/><font size=3 color=#F8BE2B> ..::-Рыцари-::..<img src='/images/icon/32.png' alt='zd'/></font></b><br><i> <b><font size=1 color=#A97E11> <img src='/images/icon/32.png' alt='zd'/> Вчера и сегодня и во все времена!</i></font></b><img src='/images/icon/32.png' alt='zd'/></div></center>";
echo "
<div class='player'><div class='head left' onclick='location.href="/index.php"'>
<img src='/images/icon/health.png' alt='zd'/> <b><font color=#32CD32>$ushp</font></b> <font color=#8B8386>/</font> <font size=1 color=grey>$usmhp </font></span>
<span class='float-right medium'><img src='/images/icon/mana.png' alt='vn'/> <b><font color=#8470FF>$user[mana]</font></b> <font color=#8B8386>/</font><font size=1 color=grey> $user[max_mana]</font></span></div></div>";
if($k_new > 0)echo " <center> <div class='player'><a href='/user/new_mess.php'><img src='/images/icon/mail.png'><b><i> Вам Сообщение!!!</i></b></a></div></center>";
echo "</div>
<div class='exp_bar'>
<div class='progress' style='width:".round(100/($exp/($user['exp']+1)))."%'></div>
</div>";
}else{
////echo"<center><img src='/style/theme/img/logo.png'></center><div class='line'></div>";
}
if (isset($_SESSION['message'])){
echo "<div class='ok center'><img src='/images/icon/ok.png'> $_SESSION[message]</div>";
$_SESSION['message']=NULL;
}
if (isset($_SESSION['err'])){
echo "<div class='error center'><img src='/images/icon/error.png'> $_SESSION[err]</div>";
$_SESSION['err']=NULL;
}
if (isset($_SESSION['chest'])){
echo "<div class='ok center'> $_SESSION[chest]</div>";
$_SESSION['chest']=NULL;
}
if (isset($_SESSION['chesterr'])){
echo "<div class='error center'> $_SESSION[chesterr]</div>";
$_SESSION['chesterr']=NULL;
}
if ($_SERVER['PHP_SELF']!='/index.php') {
echo "<div class='player title'>$header</div><div class='mini-line'></div>";
}
if(isset($user['id']))
{
if (isset($_SESSION['light'])){
echo "<div class='block_light center'>$_SESSION[light]</div>";
$_SESSION['light']=NULL;
}
if($user['exp'] >= $exp)
{
mysql_query("update `user` set `level` = '".($user['level']+1)."',`exp`='0',`gold`='".($user['gold']+$exp_gold)."',`health`='".($user['max_health'])."',`mana`='".($user['max_mana'])."',`sila`='".($user['sila']+$nstat)."',`max_health`='".($user['max_health']+$nstat)."',`lovk`='".($user['lovk']+$nstat)."',`zashit`='".($user['zashit']+$nstat)."' where (`id` = '".$user['id']."') LIMIT 1");
header('Location: /index.php');
$_SESSION['light'] = "<span class='quality-4'>Вы получили новый уровень!</span><div class='separ'></div><span class='blue'>Награда:</span> <img src='/images/icon/gold.png' alt=''/> $exp_gold золота<br> + $nstat ко всем параметрам!";
exit();
}
}
?>
<?
ob_start();
list($msec,$sec)
= explode(chr(32), microtime());
$gtime = $sec+$msec;
$_time = 4;
if($user['last_update'] < (time() - $_time)){
mysql_query('UPDATE `user` SET `last_update` = "'.time().'" WHERE `id` = "'.$user['id'].'"');
}
if((time() - $user['last_update']) > $_time) {
mysql_query('UPDATE `user` SET `last_update` = "'.time().'" WHERE `id` = "'.$user['id'].'"');
if($user['health'] < $user['max_health']) {
$_hp = (((time() - $user['last_update']) / $_time) - 1 );
if($_hp > $user['max_health']) {
$_hp = $user['max_health'] - $user['health'];
}
mysql_query('UPDATE `user` SET `health` = "'.($user['health'] +$_hp ).'" WHERE `id` = "'.$user['id'].'"');
}
if($user['mana'] < $user['max_mana']) {
$_mp = (((time() - $user['last_update']) / $_time) - 1 );
if($_mp > $user['max_mana']) {
$_mp = $user['max_mana'] - $user['mana'];
}
mysql_query('UPDATE `user` SET `mana` = "'.($user['mana'] +$_mp ).'" WHERE `id` = "'.$user['id'].'"');
}
}
if($user['health'] > $user['max_health']) {
mysql_query('UPDATE `user` SET `health` = "'.($user['max_health']).'" WHERE `id` = "'.$user['id'].'"');
}
if($user['health'] < 0) {
mysql_query('UPDATE `user` SET `health` = "0" WHERE `id` = "'.$user['id'].'"');
}
if($user['mana'] > $user['max_mana']) {
mysql_query('UPDATE `user` SET `mana` = "'.$user['max_mana'].'" WHERE `id` = "'.$user['id'].'"');
}
if($user['health'] < 0) {
mysql_query('UPDATE `user` SET `health` = "0" WHERE `id` = "'.$user['id'].'"');
}
function clan_exp($i) {
switch($i) {
case 1:
$clan_exp = 30;
break;
case 2:
$clan_exp = 58;
break;
case 3:
$clan_exp = 111;
break;
case 4:
$clan_exp = 210;
break;
case 5:
$clan_exp = 394;
break;
case 6:
$clan_exp = 732;
break;
case 7:
$clan_exp = 1346;
break;
case 8:
$clan_exp = 2449;
break;
case 9:
$clan_exp = 4408;
break;
case 10:
$clan_exp = 7846;
break;
case 11:
$clan_exp = 13808;
break;
case 12:
$clan_exp = 24025;
break;
case 13:
$clan_exp = 41323;
break;
case 14:
$clan_exp = 70249;
break;
case 15:
$clan_exp = 118018;
break;
case 16:
$clan_exp = 195909;
break;
case 17:
$clan_exp = 321290;
break;
case 18:
$clan_exp = 520489;
break;
case 19:
$clan_exp = 832782;
break;
case 20:
$clan_exp = 1315795;
break;
case 21:
$clan_exp = 2052640;
break;
case 22:
$clan_exp = 3161065;
break;
case 23:
$clan_exp = 4804818;
break;
case 24:
$clan_exp = 7207227;
break;
case 25:
$clan_exp = 10666695;
break;
case 26:
$clan_exp = 15573374;
break;
case 27:
$clan_exp = 22425658;
break;
case 28:
$clan_exp = 31844434;
break;
case 29:
$clan_exp = 44582207;
break;
case 30:
$clan_exp = 61500000;
break;
case 31:
$clan_exp = 83700000;
break;
case 32:
$clan_exp = 112100000;
break;
case 33:
$clan_exp = 148000000;
break;
case 34:
$clan_exp = 192400000;
break;
case 35:
$clan_exp = 246300000;
break;
case 36:
$clan_exp = 310300000;
break;
}
return $clan_exp;
}
if($clan && $clan['level'] < 36 && $clan['exp'] >= clan_exp($clan['level'])) {
mysql_query('UPDATE `clans` SET `level` = `level` + 1,
`exp` = "0" WHERE `id` = "'.$clan['id'].'"');
}
if($clan) {
$clan_msg = mysql_fetch_array(mysql_query('SELECT * FROM `clan_msg` WHERE `clan` = "'.$clan['id'].'" AND `time` >= "'.$clan_memb['time'].'" ORDER BY `time` DESC LIMIT 1'));
if($clan_msg && mysql_result(mysql_query('SELECT COUNT(*) FROM `clan_msg_read` WHERE `msg` = "'.$clan_msg['id'].'" AND `user` = "'.$user['id'].'"'),0) == 0 ) {
$clan_msg_user = mysql_fetch_array(mysql_query('SELECT * FROM `user` WHERE `id` = "'.$clan_msg['user'].'"'));
if($_GET['clan_msg_read'] == true) {
mysql_query('INSERT INTO `clan_msg_read` (`msg`,
`user`) VALUES ("'.$clan_msg['id'].'",
"'.$user['id'].'")');
header('location: '.$_SERVER['PHP_SELF'].'?');
}
?>
<center><div class='player'>
<b>Обьявление Ордена!</b><br/>
<?=smiles($clan_msg['text'])?>
<br/>
Отправитель: <img src='/images/icon/user.png' alt='*'/> <?=$clan_msg_user['nick']?><br/>
<a href='?clan_msg_read=true'><font color='#909090'>Скрыть</font></a>
</div></center>
<?
}
}
else
{
if(mysql_result(mysql_query('SELECT COUNT(*) FROM `clan_invite` WHERE `user` = "'.$user['id'].'"'),0) > 0) {
$_invite = mysql_fetch_array(mysql_query('SELECT * FROM `clan_invite` WHERE `user` = "'.$user['id'].'"'));
$clan_invite = mysql_fetch_array(mysql_query('SELECT * FROM `clans` WHERE `id` = "'.$_invite['clan'].'"'));
if($_GET['invite'] == $clan_invite['id']) {
mysql_query('INSERT INTO `clan_memb` (`clan`,
`user`,
`time`,
`last_update`) VALUES ("'.$clan_invite['id'].'",
"'.$user['id'].'",
"'.time().'",
"'.(time() + ((60 * 60) * 24)).'")');
mysql_query('DELETE FROM `clan_invite` WHERE `user` = "'.$user['id'].'"');
header('location: /orden/');
exit;
}
if($_GET['cancel_invite'] == true){
mysql_query('DELETE FROM `clan_invite` WHERE `clan` = "'.$clan_invite['id'].'" AND `user` = "'.$user['id'].'"');
header('location: '.$_SERVER['PHP_SELF'].'?');
exit;
}
?>
<center><div class='player'>
<b>Вас приглашают в орден</b><br/><br/>
<table cellpadding='0' cellspacing='0' align='center'>
<tr>
<td><img src='/images/icon/clan/gerb/<?=$clan_invite['gerb']?>.png' alt='*'/></td><td valign='top' style='padding-left: 5px; text-align: left;'>
<img src='/images/icon/clan.png' alt='*'/> <a href='/orden/<?=$clan_invite['id']?>/'><?=$clan_invite['name']?></a><br/>
В ордене: <b><?=mysql_result(mysql_query('SELECT COUNT(*) FROM `clan_memb` WHERE `clan` = "'.$clan_invite['id'].'"'),0)?></b> игроков<br/>
Бонус: <font color='#90c090'>+<?=$clan_invite['built_1']*5?></font> к сумме
</td>
</tr></table>
<a class='btn' href='?invite=<?=$clan_invite['id']?>' span class='end'><span class='label'><img src='/images/icon/ok.gif'/> Вступить в орден</span></span></a>
<a class='btn' href='?cancel_invite=true' span class='end'><span class='label'><img src='/images/icon/del.png'/> Отказаться</span></span></a></center>
</div></div>
<?
}
}
echo " </div>";
echo " <div class='player'>";
?>