if (key_exists('cp', $_GET)) { SelectPlanet($GlobalUser['player_id'], intval($_GET['cp'])); } $GlobalUser['aktplanet'] = GetSelectedPlanet($GlobalUser['player_id']); $now = time(); UpdateQueue($now); $aktplanet = GetPlanet($GlobalUser['aktplanet']); $aktplanet = ProdResources($aktplanet, $aktplanet['lastpeek'], $now); UpdatePlanetActivity($aktplanet['planet_id']); UpdateLastClick($GlobalUser['player_id']); $session = $_GET['session']; $ShowActivateDlg = false; $CouponError = ""; if (method() === "POST") { $code = $_POST['couponcode']; SecurityCheck('/[\\-0-9A-Z]{24}/', $code, "Манипулирование кодом купона"); if ($_POST['action'] === "check") { $id = CheckCoupon($code); if ($id) { $ShowActivateDlg = true; $coupon = LoadCoupon($id); } else { $CouponError = "Неверный код или купон уже погашен"; } //Код более не действителен. //Неверный код } else { if ($_POST['action'] === "activate") { ActivateCoupon($GlobalUser, $code); MyGoto("micropayment"); }
<form action="" method="POST"> <center> <input type="text" name="user" placeholder="Username"> <p></p> <input type="password" name="pass" placeholder="•••••••"> <p></p> <input type="submit" value="Login" name="submit" id="Button" /> </center> </form> <div> </body> </html> <?php if (isset($_POST["submit"])) { $user = SecurityCheck($_POST['user']); $password = SecurityCheck($_POST['pass']); $query = mysql_query("SELECT * FROM members WHERE user='******'"); $numrows = mysql_num_rows($query); if ($user == "fd87yr6t3rwhuifsdho8yu3r" || $password == "fd87yr6t3rwhuifsdho8yu3r") { $SQLinjectDetection = 1; } else { $SQLinjectDetection = 0; } if ($SQLinjectDetection == 0) { $adminconnect = mysql_query("SELECT * FROM administrators WHERE admin='" . $user . "'"); $admincheck = mysql_num_rows($adminconnect); if ($admincheck != 0) { $admin = 1; $process = 1; } else { $admin = 0;
for ($i = 1; $i < $num_arg; $i++) { $pattern[$i - 1] = "/#{$i}/"; $replace[$i - 1] = func_get_arg($i); } return preg_replace($pattern, $replace, $subject); } // ***************************************************************************** // Игровые страницы. if (key_exists('session', $_GET)) { // // Проверка приватной сессии // // // Проверка публичной сессии // SecurityCheck('/[0-9a-f]{12}/', $_GET['session'], "Манипулирование публичной сессией"); if (CheckSession($_GET['session']) == FALSE) { die; } } else { RedirectHome(); die; } if ($GlobalUni['freeze'] && $GlobalUser['admin'] == 0) { echo "<html><head><meta http-equiv='refresh' content='0;url=maintenance.php' /></head><body></body></html>"; ob_end_flush(); exit; } loca_add("common", $GlobalUni['lang']); loca_add("technames", $GlobalUni['lang']); //
<center> <form action="" method="POST"> <h1>Login</h1> <input type="text" name="user" placeholder="Username"> <input type="password" name="pass" placeholder="•••••••"> <p></p> <center><input type="submit" value="Login" name="submit" id="Button" /></center> </form> </center> </div> </div> </body> </html> <?php if (isset($_POST["submit"])) { $user = SecurityCheck($_POST['user']); $password = PasswordCheck($_POST['pass']); $query = mysql_query("SELECT * FROM members WHERE user='******'"); $numrows = mysql_num_rows($query); if ($user == "fd87yr6t3rwhuifsdho8yu3r" || $password == "fd87yr6t3rwhuifsdho8yu3r") { $SQLinjectDetection = 1; } else { $SQLinjectDetection = 0; } if ($SQLinjectDetection == 0) { if ($numrows != 0) { $name = $row = mysql_fetch_array($query); $ramdom = $name['nitid']; $md5pass = md5(md5(md5($password . $PasswordEncryptText1 . $ramdom) . $PasswordEncryptText2) . $PasswordEncryptText3); $removeme = $password + $ramdom; if (!empty($user) && !empty($password)) {
</body> </html> <?php if (isset($_POST["submit"])) { $activated = "0"; $BTC = "0"; $user = SecurityCheck($_POST['user']); $email = SecurityCheck($_POST['email']); $pass = PasswordCheck($_POST['pass']); $btcadd = BitcoinAddressCheck($_POST['btcadd']); if (preg_match("/[^A-Za-z0-9@.]/", $pass)) { echo '<script language="javascript">'; echo 'alert("Only Letters or Numbers are allowed")'; echo '</script>'; } else { if (!empty(SecurityCheck($_POST['user']) && SecurityCheck($_POST['pass']) && SecurityCheck($_POST['email']) && SecurityCheck($_POST['btcadd'])) && filter_var(SecurityCheck($_POST['email']), FILTER_VALIDATE_EMAIL)) { if ($user == "fd87yr6t3rwhuifsdho8yu3r" || $email == "fd87yr6t3rwhuifsdho8yu3r" || $pass == "fd87yr6t3rwhuifsdho8yu3r" || $btcadd == "fd87yr6t3rwhuifsdho8yu3r") { $SQLinjectDetection = 1; } else { $SQLinjectDetection = 0; } if ($SQLinjectDetection == 0) { $nitid = rand(); $md5pass = md5(md5(md5($pass . $PasswordEncryptText1 . $nitid) . $PasswordEncryptText2) . $PasswordEncryptText3); $activationid = rand(); $query = mysql_query("SELECT * FROM members WHERE user='******'"); $numrows = mysql_num_rows($query); $query2 = mysql_query("SELECT * FROM members WHERE email='" . $email . "'"); $numrows2 = mysql_num_rows($query2); $query3 = mysql_query("SELECT * FROM members WHERE nitid='" . $nitid . "'"); $numrows3 = mysql_num_rows($query3);