Файл: core/system.php
Строк: 148
<?php
$debug_info = [];
$start_time = microtime(true);
list($ms, $s) = explode(chr(32), microtime());
$g = $s + $ms;
$set['site'] = htmlspecialchars($_SERVER['HTTP_HOST']);
define("H", $_SERVER["DOCUMENT_ROOT"].'/');
ob_start("ob_gzhandler");
require_once __DIR__ . '/ElfiModule.php';
//$db = new Memcache();
//$db->connect('localhost', 11211, 30);
//$db->add( 'client82', 1000, MEMCACHE_COMPRESSED, 15 );
//$db->set( '****', 2000, MEMCACHE_COMPRESSED, 15 );
$dbh = new PDO("mysql:host=localhost;dbname=db15111387;charset=UTF8", 'db15111387','zxcvnm');
$db = mysql_connect('localhost', 'db15111387','zxcvnm') or die("</div><div>class='line'></div><div class='temn'><center><div class='player title'><font size='3'>Игра недоступна</font> </div><div class='mini-line'></div>
</div><div class='line'></div><div class='foot grey'><center>Ведутся технические работы по улучшению игры. <br/>Зайдите позже или обновите страницу через несколько минут.</center>
</div><div class='line'></div><div class='but-list'><center><a href="?"><img src='/images/icon/reload.png' alt='*'/>Обновить</a></div></font></center>
<div class='px'></div><div class='menu'><div class='center'>
<div style='text-shadow: 0 1px 0 #000;font-size: 12px;
color:#757575; text-align: center;padding: 5px;'><div class='empty'></div>");
mysql_select_db('db15111387', $db);
mysql_query('set names utf8', $db);
//$mysqli = new mysqli("localhost", "db15111387", "zxcvnm", "db15111387");
//$link = mysqli_connect("localhost", "db15111387", "zxcvnm", "db15111387");
require_once __DIR__ . '/online.php';
$time = $_SERVER['REQUEST_TIME'];
@session_name('SESS');
@session_start();
$sess=mysql_escape_string(session_id());
if (!preg_match('#[A-z0-9]{32}#i',$sess))$sess=md5(rand(09009,999999));
if(mysql_result(mysql_query("SELECT count(id) from `ipban` where `ip` = '".check($_SERVER['REMOTE_ADDR'])."'"),0) > 0){
exit;
}
if(isset($_COOKIE['nick']) && isset($_COOKIE['pass'])) {
$usernick = check($_COOKIE['nick']);
$userpass = check($_COOKIE['pass']);
$user = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `nick` ='".$usernick."' and `pass` = '".$userpass."'"));
}
$act = isset($_GET['act']) ? htmlspecialchars($_GET['act']) : '';
$q = time() - $user['online'];
if($q < 60){
$q_add = $q;
} else {
$q_add = 0;
}
$param = $user['sila'] + $user['zashit'] + ($user['max_health']/'10');
if($param != $user['param']){
$param = $param;
} else {
$param = $user['param'];
}
mysql_query("UPDATE `user` SET `online` = '".time()."', `online_total` = `online_total` + '".$q_add."',`param` = '".$param."' where `id` = ".$user['id']."");
if ($user['ip'] != $_SERVER['REMOTE_ADDR']){
mysql_query("UPDATE `user` SET `ip` = '".htmlspecialchars(mysql_real_escape_string($_SERVER['REMOTE_ADDR']))."' where (`id` = ".$user['id']." AND `id`!='56486')");
}
if($user['health'] < 0) mysql_query("UPDATE `user` SET `health` = '0' WHERE `id` = '".$user['id']."'");
if($user['health'] > $user['max_health']){
mysql_query("UPDATE `user` SET `health` = '".$user['max_health']."' WHERE `id` = '".$user['id']."'");
}
$regen = $time - $user['online'];
if($user['health'] > 0 and $regen > 1 and $user['health'] < $user['max_health']){
$kxp = $user['max_health']/150;
mysql_query("UPDATE `user` set `health` = '".($user['health'] < $user['max_health'] ? ($user['health']+$kxp) : ($user['health']+0) )."' where `id` = '".$user['id']."'");
}
if($user['battle'] > 0)
{
$req = mysql_query("SELECT `hp`,`sila`,`name` FROM `battle` WHERE `usr`='".$user['nick']."' and `nextud`<='".$time."' and `status`=''");
while($mobik = mysql_fetch_array($req)){
if($mobik['hp'] > 0 and $user['battle']==1){
$summastag = $user['max_health']+$user['sila']+$user['zashit'];
$cp = $user['zashit']/$summastag;
$ym = 1-$cp;
$um = rand($mobik['sila']-$mobik['sila']/8,$mobik['sila']);
$mudar = $um*$ym;
$muron = round($mudar,0);
$vrud = rand(1,3);
if($vrud==1){
$vrud='поразил';
}
if($vrud==2){
$vrud='поцарапал';
}
if($vrud==3){
$vrud='ударил';
}
$vrutd = rand(1,4);
if($vrutd==1){
$vrutd='убил';}
if($vrutd==2){
$vrutd='испепелил';
}
if($vrutd==3){
$vrutd='уничтожил';
}
if($vrutd==4){
$vrutd='растерзал';
}
if($user['health'] < $muron){
mysql_query("INSERT INTO `duellog` SET `usr`='".$user['nick']."',`text`='<font color=F26C13>".$mobik['name']."</font> ".$vrud."',`opon`='0', `uron`='".$muron."', `timer`='".$time."'+'300',`kogo`='".$user['id']."', `umen`='".$um."'");
mysql_query("INSERT INTO `duellog` SET `usr`='".$user['nick']."',`text`='<font color=F26C13>".$mobik['name']."</font> ".$vrutd."', `timer`='".$time."'+'300', `dead`='1', `kogo`='".$user['id']."', `umen`='".$um."'");
mysql_query("UPDATE `user` SET `health` = '0', `loss`=`loss`+'1' WHERE `id`='".$user['id']."'");
mysql_query("UPDATE `battle` SET `status` = 'no' WHERE `usr`='".$user['nick']."' ");
header ("Location: ?");
}
if($user['health'] > $muron){
$nextudar = rand(3,12);
$nextud = $time + $nextudar;
mysql_query("INSERT INTO `duellog` SET `usr`='".$user['nick']."',text='<font color=F26C13>".$mobik['name']."</font> ".$vrud."', opon='0', `kogo`='".$user['id']."', `uron`='".$muron."', `timer`='".$time."'+'300', `umen`='".$um."'");
mysql_query("UPDATE `user` SET `health` = '".$user['health']."'-'".$muron."' WHERE `id`='".$user['id']."'");
mysql_query("UPDATE `battle` SET `nextud` = '".$nextud."' WHERE `usr`='".$user['nick']."' and `nextud`<='".$time."' and `status`='' and `name`='".$mobik['name']."'");
}
}
}
}
foreach($_GET as $ad){
if(is_numeric($ad)){
$ad = abs(intval($ad));}
if(preg_match('/include|asc|--|select|union|update|from|where|eval|glob|include|require|script|shell|BENCHMARK|CONCAT|INSERTb/i', $ad)){
$time = time();
$timer = date("j M Y в H:i", $time);
$source = '
Запрос: '.htmlspecialchars($_SERVER['REQUEST_URI']).', IP хакера: '.$_SERVER['REMOTE_ADDR'].', Дополнительный IP: '.$_SERVER['HTTP_X_FORWARDED_FOR'].', Софт: '.$_SERVER['HTTP_USER_AGENT'].', Время: '.$timer.'';
$file = htmlspecialchars($_SERVER['DOCUMENT_ROOT']).'/data/logi21.txt';
$Saved_File = fopen($file, 'a+');
fwrite($Saved_File, $source);
fclose($Saved_File);
header("Refresh: 2;url=/index.php".SID);
exit('Вы пытались взломать сайт. При дальнейших попытках взлома сайта, Ваш ip будет заблокирован и Ваши данные будут переданы администрации!');
}
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}
foreach($_POST as $ad){
if(is_numeric($ad)){
$ad = abs(intval($ad));
}else{
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}}
foreach($_SESSION as $ad){
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}
foreach($_COOKIE as $ad){
$ad = htmlspecialchars(mysql_real_escape_string($ad));
}
$id = isset($_GET['id'])?abs(intval($_GET['id'])):NULL;
//банк
$borrowing = mysql_fetch_array(mysql_query('SELECT * FROM `borrowing` WHERE `user` = '.$user['id'].' LIMIT 1'));
if($borrowing && $borrowing['times'] < time()) {
mysql_query('UPDATE `users` SET `gold` = '.($user['gold'] - $borrowing['cost']).' WHERE `id` = '.$user['id'].'');
mysql_query('DELETE FROM `borrowing` WHERE `user` = '.$user['id'].'');
}
?>