Файл: public_html/core/hik.php
Строк: 113
<?php
list($ms,$s)=explode(chr(32),microtime());
$g = $s + $ms;
$set['site'] = htmlspecialchars($_SERVER['HTTP_HOST']);
define("H", $_SERVER["DOCUMENT_ROOT"].'/');
ob_start();
$db = mysql_connect('localhost','weeissyf_1','weeissyf_1') or die("</div><div class='line'></div><div class='temn'><center><div class='player title'><font size='3'>Игра недоступна</font> </div><div class='mini-line'></div>
</div><div class='line'></div><div class='foot grey'><center>Ведутся технические работы по улучшению игры. <br/>Зайдите позже или обновите страницу через несколько минут.</center>
</div><div class='line'></div><div class='but-list'><center><a href="?r=$rand"><img src='/images/icon/reload.png' alt='*'/>Обновить</a></div></font></center>
<div class='px'></div><div class='menu'><div class='center'>
<div style='text-shadow: 0 1px 0 #000;font-size: 12px;
color:#757575; text-align: center;padding: 5px;'><div class='empty'></div>");
mysql_select_db('weeissyf_1', $db);
mysql_query('set names utf8', $db);
require_once H.'core/online.php';
$time = $_SERVER['REQUEST_TIME'];
mysql_query("DELETE FROM `duellog` WHERE `timer`<= '".intval($time)."'"));
mysql_query("DELETE FROM `battle` WHERE `time`<= ''".intval($time)."'"));
@session_start();
if(mysql_result(mysql_query("SELECT count(id) from `ipban` where `ip` = '".check($_SERVER['REMOTE_ADDR'])."'"),0) >= 1){exit;}
if(isset($_COOKIE['nick']) && isset($_COOKIE['pass'])) {
$usernick = check($_COOKIE['nick']);
$userpass = check($_COOKIE['pass']);
$user = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `nick` ='".$usernick."' && `pass` = '".$userpass."' LIMIT 1"));
}
$act = isset($_GET['act']) ? htmlspecialchars($_GET['act']) : '';
$q = $time-$user['last_update'];
if($q <= 60){
$q_add = $q;
} else {
$q_add = 0;
}
$param = $user['sila'] + $user['zashit'] + ($user['max_health']/'10');
mysql_query("UPDATE `user` SET `online` = '".$time."', `ip` = '".htmlspecialchars(mysql_real_escape_string($_SERVER['REMOTE_ADDR']))."', `online_total` = `online_total` + '".$q_add."', `param` = '".$param."' where `id` = ".$user['id']." LIMIT 1");
if($user['health'] < 0)mysql_query("UPDATE `user` SET `health` = '0' WHERE `id` = '".$user['id']."' LIMIT 1");
if($user['health'] > $user['max_health'])mysql_query("UPDATE `user` SET `health` = '".$user['max_health']."' WHERE `id` = '".$user['id']."' LIMIT 1");
$regen = $time-$user['online'];
if($user['health'] > 0 and $regen > 1){$kxp=$user['max_health']/150;
mysql_query("UPDATE `user` set `health` = '".($user['health'] < $user['max_health'] ? ($user['health']+$kxp) : ($user['health']+0) )."' where (`id` = '".$user['id']."') LIMIT 1");}
$req = mysql_query("SELECT * FROM `hiking` where (`lider`='".$user['id']."' || `usr1`='".$user['id']."' || `usr2`='".$user['id']."' || `usr3`='".$user['id']."')");
$hik = mysql_fetch_array($req);
$req = mysql_query("SELECT * FROM `battle` WHERE `s`='".$hik['id']."' and `nextud`<='".$time."' and `status`='' LIMIT 10");
while($mobik = mysql_fetch_array($req)){
if($mobik['hp']>0 and $user['battle']==1){
$summastag = $user['max_health']+$user['sila']+$user['zashit'];
$cp=$user['zashit']/$summastag;
$ym=1-$cp;
$um=rand($mobik['sila']-$mobik['sila']/8,$mobik['sila']);
$mudar=$um*$ym;
$muron=round($mudar,0);
$vrud=rand(1,3);
if($vrud==1){$vrud='укусил';}
if($vrud==2){$vrud='поцарапал';}
if($vrud==3){$vrud='ударил';}
$vrutd=rand(1,4);
if($vrutd==1){$vrutd='убил';}
if($vrutd==2){$vrutd='испепелил';}
if($vrutd==3){$vrutd='уничтожил';}
if($vrutd==4){$vrutd='растерзал';}
if($user['health']<$muron){
mysql_query("INSERT INTO `duellog` SET `usr`='".$user['nick']."',`text`='<font color=F26C13>".$mobik['name']."</font> ".$vrud."',`opon`='', `uron`='".$muron."', `timer`='".$time."'+'300',`kogo`='".$user['id']."', `umen`='".$um."'");
mysql_query("INSERT INTO `duellog` SET `usr`='".$user['nick']."',`text`='<font color=F26C13>".$mobik['name']."</font> ".$vrutd."', `timer`='".$time."'+'300', `dead`='1', `kogo`='".$user['id']."', `umen`='".$um."'");
mysql_query("UPDATE `user` SET `health` = '0', `loss`=`loss`+'1' WHERE `id`='".$user['id']."'");
header ("Location: ?");
}
if($user['health']>$muron){
$nextudar=rand(3,12);
$nextud=$time+$nextudar;
mysql_query("INSERT INTO `duellog` SET `usr`='".$user['nick']."',text='<font color=F26C13>".$mobik['name']."</font> ".$vrud."', opon='', `kogo`='".$user['id']."', `uron`='".$muron."', `timer`='".$time."'+'300', `umen`='".$um."'");
mysql_query("UPDATE `user` SET `health` = '".$user['health']."'-'".$muron."' WHERE `id`='".$user['id']."'");
mysql_query("UPDATE `battle` SET `nextud` = '".$nextud."' WHERE `nextud`<='".$time."' and `status`='' and `name`='".$mobik['name']."'");
}
}
}
foreach($_GET as $ad){
if(is_numeric($ad)){
$ad = abs(intval($ad));}
if(preg_match('/include|asc|--|select|union|update|from|where|glob|include|require|script|shell|BENCHMARK|CONCAT|INSERTb/i', $ad)){
$time = time();
$timer = date("j M Y в H:i", $time);
$source = '
Запрос: '.htmlspecialchars($_SERVER['REQUEST_URI']).', IP хакера: '.$_SERVER['REMOTE_ADDR'].', Дополнительный IP: '.$_SERVER['HTTP_X_FORWARDED_FOR'].', Софт: '.$_SERVER['HTTP_USER_AGENT'].', Время: '.$timer.'';
$file = htmlspecialchars($_SERVER['DOCUMENT_ROOT']).'/data/logi21.txt';
fwrite($Saved_File, $source);
fclose($Saved_File);
header("Refresh: 2;url=/index.php".SID);
exit('хуюшки не канает. При дальнейших попытках взлома сайта, Ваш ip будет заблокирован и Ваши данные будут переданы администрации!');
}
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}
foreach($_POST as $ad){
if(is_numeric($ad)){
$ad = abs(intval($ad));
}else{
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}}
foreach($_SESSION as $ad){
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}
foreach($_COOKIE as $ad){
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}
$id = isset($_GET['id'])?abs(intval($_GET['id'])):NULL;
?>