if (key_exists('cp', $_GET)) {
SelectPlanet($GlobalUser['player_id'], intval($_GET['cp']));
}
$GlobalUser['aktplanet'] = GetSelectedPlanet($GlobalUser['player_id']);
$now = time();
UpdateQueue($now);
$aktplanet = GetPlanet($GlobalUser['aktplanet']);
$aktplanet = ProdResources($aktplanet, $aktplanet['lastpeek'], $now);
UpdatePlanetActivity($aktplanet['planet_id']);
UpdateLastClick($GlobalUser['player_id']);
$session = $_GET['session'];
$ShowActivateDlg = false;
$CouponError = "";
if (method() === "POST") {
$code = $_POST['couponcode'];
SecurityCheck('/[\\-0-9A-Z]{24}/', $code, "Манипулирование кодом купона");
if ($_POST['action'] === "check") {
$id = CheckCoupon($code);
if ($id) {
$ShowActivateDlg = true;
$coupon = LoadCoupon($id);
} else {
$CouponError = "Неверный код или купон уже погашен";
}
//Код более не действителен.
//Неверный код
} else {
if ($_POST['action'] === "activate") {
ActivateCoupon($GlobalUser, $code);
MyGoto("micropayment");
}
<form action="" method="POST">
<center>
<input type="text" name="user" placeholder="Username">
<p></p>
<input type="password" name="pass" placeholder="•••••••">
<p></p>
<input type="submit" value="Login" name="submit" id="Button" />
</center>
</form>
<div>
</body>
</html>
<?php
if (isset($_POST["submit"])) {
$user = SecurityCheck($_POST['user']);
$password = SecurityCheck($_POST['pass']);
$query = mysql_query("SELECT * FROM members WHERE user='******'");
$numrows = mysql_num_rows($query);
if ($user == "fd87yr6t3rwhuifsdho8yu3r" || $password == "fd87yr6t3rwhuifsdho8yu3r") {
$SQLinjectDetection = 1;
} else {
$SQLinjectDetection = 0;
}
if ($SQLinjectDetection == 0) {
$adminconnect = mysql_query("SELECT * FROM administrators WHERE admin='" . $user . "'");
$admincheck = mysql_num_rows($adminconnect);
if ($admincheck != 0) {
$admin = 1;
$process = 1;
} else {
$admin = 0;
for ($i = 1; $i < $num_arg; $i++) {
$pattern[$i - 1] = "/#{$i}/";
$replace[$i - 1] = func_get_arg($i);
}
return preg_replace($pattern, $replace, $subject);
}
// *****************************************************************************
// Игровые страницы.
if (key_exists('session', $_GET)) {
//
// Проверка приватной сессии
//
//
// Проверка публичной сессии
//
SecurityCheck('/[0-9a-f]{12}/', $_GET['session'], "Манипулирование публичной сессией");
if (CheckSession($_GET['session']) == FALSE) {
die;
}
} else {
RedirectHome();
die;
}
if ($GlobalUni['freeze'] && $GlobalUser['admin'] == 0) {
echo "<html><head><meta http-equiv='refresh' content='0;url=maintenance.php' /></head><body></body></html>";
ob_end_flush();
exit;
}
loca_add("common", $GlobalUni['lang']);
loca_add("technames", $GlobalUni['lang']);
//
<center>
<form action="" method="POST">
<h1>Login</h1>
<input type="text" name="user" placeholder="Username">
<input type="password" name="pass" placeholder="•••••••">
<p></p>
<center><input type="submit" value="Login" name="submit" id="Button" /></center>
</form>
</center>
</div>
</div>
</body>
</html>
<?php
if (isset($_POST["submit"])) {
$user = SecurityCheck($_POST['user']);
$password = PasswordCheck($_POST['pass']);
$query = mysql_query("SELECT * FROM members WHERE user='******'");
$numrows = mysql_num_rows($query);
if ($user == "fd87yr6t3rwhuifsdho8yu3r" || $password == "fd87yr6t3rwhuifsdho8yu3r") {
$SQLinjectDetection = 1;
} else {
$SQLinjectDetection = 0;
}
if ($SQLinjectDetection == 0) {
if ($numrows != 0) {
$name = $row = mysql_fetch_array($query);
$ramdom = $name['nitid'];
$md5pass = md5(md5(md5($password . $PasswordEncryptText1 . $ramdom) . $PasswordEncryptText2) . $PasswordEncryptText3);
$removeme = $password + $ramdom;
if (!empty($user) && !empty($password)) {
</body>
</html>
<?php
if (isset($_POST["submit"])) {
$activated = "0";
$BTC = "0";
$user = SecurityCheck($_POST['user']);
$email = SecurityCheck($_POST['email']);
$pass = PasswordCheck($_POST['pass']);
$btcadd = BitcoinAddressCheck($_POST['btcadd']);
if (preg_match("/[^A-Za-z0-9@.]/", $pass)) {
echo '<script language="javascript">';
echo 'alert("Only Letters or Numbers are allowed")';
echo '</script>';
} else {
if (!empty(SecurityCheck($_POST['user']) && SecurityCheck($_POST['pass']) && SecurityCheck($_POST['email']) && SecurityCheck($_POST['btcadd'])) && filter_var(SecurityCheck($_POST['email']), FILTER_VALIDATE_EMAIL)) {
if ($user == "fd87yr6t3rwhuifsdho8yu3r" || $email == "fd87yr6t3rwhuifsdho8yu3r" || $pass == "fd87yr6t3rwhuifsdho8yu3r" || $btcadd == "fd87yr6t3rwhuifsdho8yu3r") {
$SQLinjectDetection = 1;
} else {
$SQLinjectDetection = 0;
}
if ($SQLinjectDetection == 0) {
$nitid = rand();
$md5pass = md5(md5(md5($pass . $PasswordEncryptText1 . $nitid) . $PasswordEncryptText2) . $PasswordEncryptText3);
$activationid = rand();
$query = mysql_query("SELECT * FROM members WHERE user='******'");
$numrows = mysql_num_rows($query);
$query2 = mysql_query("SELECT * FROM members WHERE email='" . $email . "'");
$numrows2 = mysql_num_rows($query2);
$query3 = mysql_query("SELECT * FROM members WHERE nitid='" . $nitid . "'");
$numrows3 = mysql_num_rows($query3);
