Файл: core/online.php
Строк: 208
<?php
require_once __DIR__ . '/../pumpitapi/pumpit-class.php';
if ( !empty($_GET['action']) && ($_GET['action'] == 'PaymentOk') && $pumpit->checkRequest($_SERVER['QUERY_STRING'], true) )
{
$query_string = $_SERVER['QUERY_STRING'];
parse_str($query_string, $query);
$id = iconv('windows-1251','utf-8',$_GET['app_uid']);
$su = intval($_GET['coin']);
if($su==1){
$kol = 10;
}
if($su==4){
$kol = 40;
}
if($su==20){
$kol = 200 + 35;
}
if($su==100){
$kol = 1000 + 250;
}
if($su==400){
$kol = 2000 + 1200;
}
if($su==1000){
$kol = 10000 + 3500;
}
/* if($kol>=200){
$pumpkin=floor($kol/200);
mysql_query("UPDATE `user` set `pumpkin`=`pumpkin`+'$pumpkin' where `id` = '".$user['id']."'");
} */
if($su >= 100) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$id."', `chest_id`='3', `time`='".time()."'");
mysql_query("UPDATE `user` set `topaz`=`topaz`+10,`rubyn`=`rubyn`+10,`almaz`=`almaz`+10,`sapfyr`=`sapfyr`+10,`izumrud`=`izumrud`+10 where `id` = '$id'");
}
/* if($su >= 400) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$id."', `chest_id`='4', `time`='".time()."'");
} */
$sumx = $kol*100;
$aprel = floor($kol*0.20);
$apr = floor($sumx*0.20);
mysql_query("UPDATE `user` set `gold`=`gold`+'$sumx'+'$apr' where `id` = '".$id."'");
//mysql_query("UPDATE `user` set `gold`=`gold`+'$sumx' where `id` = '$id'");
//, `snow`=`snow`+'".floor($kol/100)."'
$av = mysql_num_rows(mysql_query("SELECT * FROM `task` WHERE `usr`='$id' and `status`='2' and `task`='12'"));
if($av > 0){
mysql_query("UPDATE `task` SET `min` = `min`+'$kol' WHERE `usr`='$id' and `status`='2' and `task`='12'");
}
$time = time();
$timer = time() + 2592000;
//$text = "Поздравляем, Вы успешно приобрели <img src=/images/icon/gold.png>$kol золота!";
$text = "Поздравляем, Вы успешно приобрели $kol золота! </br> По акции Вам начислено дополнительно $aprel золота!";
$reqj = mysql_query("SELECT * FROM `user` WHERE `id` = '".$id."' LIMIT 1");
$user = mysql_fetch_array($reqj);
mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$time."', `kol`='$sumx', `kto`='+'");
//mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$tm."', `kol`='$apr', `kto`='+'");
mysql_query("INSERT INTO `mail` SET `id_user` = '2', `id_kont` = '$user[id]', `time` = '$time', `timer` = '$timer',`read` = '1', `msg` = '$text'");
$req = mysql_query("SELECT * FROM `users_konts` WHERE `id_user`='$user[id]' and `id_kont` = '2'");
$avto = mysql_num_rows($req);
if($avto==0){
mysql_query("INSERT INTO `users_konts` SET `id_user` = '$user[id]', `id_kont` = '2', `time` = '$time', `timer` = '$timer', `new_msg` = '1'");
} else {
mysql_query("UPDATE `users_konts` SET `time` = '$time', `timer` = '$timer', `new_msg` = '1' WHERE`id_user` = '$user[id]' and `id_kont` = '2'");
}
$ans = '<status>OK</status>';
echo $ans;
exit();
}
if ( !isset($_SESSION['p_sid']) || !empty($_GET['logout']) )
{
$_SESSION['pumpit_id'] = 0;
$_SESSION['p_sid'] = '';
$_SESSION['p_user_info'] = array();
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'auth') )
{
$url = $pumpit->doPumpitLogin($_SESSION['p_sid']);
header("Location: $url");
exit();
}
if ( !isset($_SESSION['x_host']) && isset($_SERVER['HTTP_X_HOST']) )
{
$_SESSION['x_host'] = $_SERVER['HTTP_X_HOST'];
}
if ( !isset($_SESSION['x_partner']) && isset($_SERVER['HTTP_X_PARTNER']) )
{
$_SESSION['x_partner'] = $_SERVER['HTTP_X_PARTNER'];
}
if ((isset($_SESSION['x_host']) && isset($_SERVER['HTTP_X_HOST'])) OR (isset($_SESSION['x_partner']) && isset($_SERVER['HTTP_X_PARTNER']))){
if ($_SESSION['pumpit_id'] == 0 or $_SESSION['p_sid'] == ''){
$url = $pumpit->doPumpitLogin($_SESSION['p_sid']);
header("Location: http://".$_SERVER['HTTP_X_PARTNER']."/play_app?app_id=96");
}
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'pay') )
{
$url = $pumpit->doIncAppAccount($_SESSION['p_sid'], $_GET['coin']);
header("Location: $url");
exit();
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'wallet') )
{
$url = $pumpit->doPumpitPayment($_SESSION['p_sid']);
header("Location: $url");
exit();
}
function online ($user = null){
$user = abs($user);
$data = mysql_fetch_object(mysql_query("SELECT `id`,`plem`,`online` FROM `user` WHERE `id`='".$user."'"));
?>
<img src="/images/icon/race/<?=($data->plem == 'ogn' ? 0 : 1);?>.png" style ="<?=($data->online < ($_SERVER['REQUEST_TIME']-3600) ? 'opacity:0.2;' : null);?>"/>
<?php
}
$bad_words = "UNION SELECT INSERT schemata FROM DELETE DROP BenchmARK CHAR GROUP ORDER TRUNCATE UPDATE <script> </script> javascript group_access document.cookie alert() eval() system() OUTFILE INTO";
$bad_list = explode(' ', $bad_words);
$line = $_POST?implode(" ", $_POST):$_SERVER['QUERY_STRING'];
foreach ($bad_list as $re) {
$Site = $_SERVER['SERVER_NAME'];
$Ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$Cuseragent = $_SERVER['HTTP_USER_AGENT'];
$Gde = $_SERVER['SCRIPT_NAME'];
$Querry = $_SERVER['QUERY_STRING'];
$re = preg_quote($re, '/');
if (preg_match("/".$re."/iu", $line)) {
$time = time();
$timer = date("j M Y в H:i", $time);
$source = '
Запрос: '.$Site.'/'.$Gde.'?'.$Querry.', IP хакера: '.$Ip.', Дополнительный IP: '.$_SERVER['REMOTE_ADDR'].', Софт: '.$Cuseragent.', Время: '.$timer.'';
$file = htmlspecialchars($_SERVER['DOCUMENT_ROOT']).'/data/logi21.txt';
$Saved_File = fopen($file, 'a+');
fwrite($Saved_File, $source);
fclose($Saved_File);
header('Refresh: 5; url=/');
die("Вы пытались взломать сайт. При дальнейших попытках взлома сайта, Ваш ip будет заблокирован и Ваши данные будут переданы администрации. Через 5 секунд вы будете переадресованы на главную страницу!");
}
}
function admin() {
global $user;
if($user['prava'] < 4) header('Location: /');
}
function moder() {
global $user;
if($user['prava'] < 2) header('Location: /');
}
function sozd() {
global $user;
if($user['prava'] < 5) header('Location: /');
}
function page($k_page=1){
$page = 1;
if(isset($_GET['page'])){
if($_GET['page']=='end') $page=intval($k_page);
elseif(is_numeric($_GET['page'])) $page=intval($_GET['page']);
}
if($page < 1) $page = 1;
if($page > $k_page) $page = $k_page;
return $page;
}
function k_page($k_post=0, $k_p_str=10){
if ($k_post!=0){
$v_pages = ceil($k_post/$k_p_str);
return $v_pages;
}
else return 1;
}
function str($link='?', $k_page=1, $page=1){
echo'</div>
<div class="bn-pn">';
if($page < 1) $page = 1;
echo"<hr>
<div class="foot">";
if($page!=1) echo "<span class='page'>
<a href="".$link."page=1" title='Первая страница'> <<</a>
</span> ";
if($page!=1) echo "<span class='page'>
<a href="".$link."page=1" title='Страница №1'>1</a>
</span>";
else echo " <span class='act'>1</span>";
for($ot=-4; $ot <= 4; $ot++){
if($page + $ot > 1 && $page + $ot < $k_page){
if($ot==-4 && $page+$ot > 2) echo "<span class='act'> ..</span>";
if($ot!=0)echo " <span class='page'><a href="".$link."page=".($page + $ot)."" title='Страница №".($page + $ot)."'>".($page + $ot)."</a></span>";else echo " <span class='act'><b>".($page + $ot)."</b></span>";
if($ot==4 && $page + $ot < $k_page-1) echo "<span class='act'> ..</span>";
}
}
if($page!=$k_page) echo " <span class='page'><a href="".$link."page=end" title='Страница №".$k_page."'>".$k_page."</a></span>";
elseif ($k_page > 1)echo " <span class='act'>".$k_page."</span> ";
if ($page!=$k_page) echo " <span class='page'><a href="".$link."page=end" title='Последняя страница'>>></a></span>";
echo '</div>
<hr>
<div class="clear"></div>
</div>';
}
function antimat($var){
$var = stripslashes($var);
$filter = array('шлюха','Шлюха','тварь','Тварь','ебля','Ебля','сцука','Сцука','бальник','Бальник','дарас','пида','Пида','гнида','Гнида','мудо','сран','суче','отху','Отху','залупa','Залупa','гонд','Гонд','пидо','Пидо','пизда','Пизда','хер','Хер','едри','падонак','уеб','уёб','Уеб','Уёб','блеадь','блять','Блять','сука','Cука','долбо','долбае','долбаё','пезда','аху','оху','хуя','хуй','Долбо','Долба','Пезда','Бля','Аху','Оху','Хуя','Хуй');
if($user['prava'] < 2){
$var = str_replace($filter, '***', $var);
} else {
$var = str_replace($filter, '<font color=red>***</font>', $var);
}
return $var;
}
function reg(){
global $user;
if(isset($user['id'])) header('Location: /');
}
function only_reg() {
global $user;
if(!isset($user['id'])) header('Location: /');
}
function ban() {
global $user;
$req = mysql_query("SELECT * from `ban` where `id_us` = '".$user['id']."' and `time`>'".$_SERVER['REQUEST_TIME']."'");
$ban = mysql_fetch_array($req);
if($ban['ban'] == 3){
header('Location: /moduls/ban');
}
}
function smiles($text){
$aa = mysql_query("SELECT `name`,`adres` FROM `smiles`");
while($ba = mysql_fetch_array($aa)){
$text=str_replace($ba['name'],'<img src="'.$ba['adres'].'" alt="'.$ba['name'].'" />', $text);}
$text = preg_replace('/[img]{1}(.+?)[/img]{1}/', '<img src="$1"/>', $text);
return nl2br($text);
}
function blok() {
global $user;
$req = mysql_query("SELECT * from `ban` where `id_us` = '".$user['id']."' and `time`>'".$_SERVER['REQUEST_TIME']."'");
$ban = mysql_fetch_array($req);
if($ban['ban'] == 2){
header('Location: /');
$_SESSION['err'] = "Вы находитесь в бане!";
exit;
}
}
function molchan() {
global $user;
$req = mysql_query("SELECT * from `ban` where `id_us` = '".$user['id']."' and `time`>'".$_SERVER['REQUEST_TIME']."'");
$ban = mysql_fetch_array($req);
if($ban['ban'] == 1){
header('Location: /');
$_SESSION['err'] = "Вы находитесь в бане!";
exit;
}
}
function check($msg) {
$msg = mysql_real_escape_string(htmlspecialchars(stripslashes(trim($msg))));
return $msg;
}
function num($msg) {
$msg = abs(intval($msg));
return $msg;
}
function rez_text($text, $maxwords = 10, $maxchar = 15){
$sep = ' ';
$sep2 = ' »';
$words = explode($sep,$text);
$char = iconv_strlen($text,'utf-8');
if (count($words) > $maxwords){
$text = join($sep, array_slice($words, 0, $maxwords));
}
if ( $char > $maxchar ){
$text = iconv_substr( $text, 0, $maxchar, 'utf-8' );
}
return $text.$sep2;
}
function vremja($time = NULL){
global $user;
if($time == NULL) $time = $_SERVER['REQUEST_TIME'];
$timep = date("j M Y в H:i", $time);
$ceicn = date("j n Y", $time);
$ceict = date("H:i", $time);
if($ceicn == date("j n Y")) $timep = date("H:i:s", $time);
$timep = str_replace("Jan", "янв", $timep);
$timep = str_replace("Feb", "фев", $timep);
$timep = str_replace("Mar", "мар", $timep);
$timep = str_replace("May", "мая", $timep);
$timep = str_replace("Apr", "апр", $timep);
$timep = str_replace("Jun", "июн", $timep);
$timep = str_replace("Jul", "июл", $timep);
$timep = str_replace("Aug", "авг", $timep);
$timep = str_replace("Sep", "сен", $timep);
$timep = str_replace("Oct", "окт", $timep);
$timep = str_replace("Nov", "ноя", $timep);
$timep = str_replace("Dec", "дек", $timep);
return $timep;
}