Файл: X-MAN/upload/transfer.php
Строк: 50
<?
include ("config/bd.php");
function code($url,$code)
{
$key = "hGqb381".$code;
$hash = md5($url.$key);
$hash = substr($hash, 0, 5);
return $hash;
}
function err($str)
{
echo("<html>
<head>
<title>Error $str</title>
<style>
BODY {background-color:#323232; color:#efefef; margin-top:50px;}
H1 {margin:auto;}
</style>
</head>
<body>
<div align='center'>
<h1>Ошибка: $str</h1>
</div>
</body>
</html>");
}
$id = (int)$_GET['id'];
if (empty($id)) {err("#103028<br>Пустой ID"); exit();}
$hash = (string)$_GET['hash'];
if (empty($hash)) {err("#103030<br>Пустой хэш"); exit();}
$query = " Select * FROM url";
$result = mysql_query($query);
$result = mysql_query("SELECT active,count,scan,bann,url,review,allcount FROM url WHERE id='$id'",$db);
$myrow = mysql_fetch_array($result);
$url = $myrow['url'];
$user_scan = $myrow['scan'];
$user_count = $myrow['count'];
$hash2 = code($url,'');
$hash3 = code($url,'count');
$hash4 = code($url,'show'.$user_scan);
if ($hash != $hash2) {err("#103041<br>Некорректный хэш"); exit('');}
if ($user_scan == $user_count)
{
mysql_query("UPDATE url SET active='1' WHERE id='$id'",$db);
mysql_query("UPDATE url SET pos='0' WHERE id='$id'",$db);
exit("<META HTTP-EQUIV='REFRESH' CONTENT='0; URL=index.php?good=1'>");
}
?>
<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<title>Обмен визитами</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<script src="js/ajax.js" language="javascript"></script>
</head>
<frameset rows="50,*">
<frame marginwidth="0" marginheight="0" name="frminfo" scrolling="no" noresize src="count.php?id=<?echo $id."&hash=".$hash3; ?>">
<div id="furl">
<frame name="frmurl" id="frmurl" src="show.php?id=<? echo $id."&hash=".$hash4; ?>">
</div>
</frameset><noframes></noframes>
</html>