</form>
</div>
</div>
</body>
</html>
<?php
define("IMPASS_CHECK", true);
include "jcr_connect.php";
include "jcr_settings.php";
$action = $_GET['action'];
$get_admin_login = sql_param($_POST['admin_login']);
$get_admin_pass = sql_param($_POST['admin_pass']);
$loc_login = sql_param($_POST['loc_login']);
$unloc_login = sql_param($_POST['unloc_login']);
$up_status_login = $db->real_escape_string($_POST['up_status_login']);
$down_status_login = $db->real_escape_string($_POST['down_status_login']);
if ($action != null && strCmp($admin_login, $get_admin_login) != 0 && strCmp($admin_pass, $get_admin_pass) != 0) {
die("Неверный логин или пароль администратора");
}
if ($action == "block_HWID") {
if ($loc_login == null && $unloc_login == null) {
die("Поля 'Логин для блокировки' и 'Логин для разблокировки' не могут быть пустыми одновременно");
}
if ($loc_login != null) {
$query = $db->query("SELECT {$db_colHWID} FROM {$db_table} WHERE {$db_colUser}='{$loc_login}'") or die($db->error);
if ($query->num_rows == 1) {
$row = $query->fetch_assoc();
$bdHWID = $row[$db_colHWID];
if ($bdHWID != null) {
<?php
define('IMPASS_CHECK', true);
include "../jcr_connect.php";
$user = sql_param($_GET['username']);
$serverid = sql_param($_GET['serverId']);
$result = $db->query("SELECT {$db_colUser} FROM {$db_table} WHERE {$db_colUser}='{$user}' AND {$db_colServer}='{$serverid}'") or die("Error");
$row = $result->fetch_assoc();
$realUser = $row[$db_colUser];
if ($user != $realUser) {
die(json_error("Bad login"));
}
if ($result->num_rows == 1) {
$time = time();
$id = md5($sessionKey . $user);
$base64 = '{"timestamp": ' . $time . '", "profileId": "' . $id . '", "profileName": "' . $realUser . '", "isPublic": true, "textures": {"SKIN": {"url": "' . get_skins_url($realUser) . '"}}}';
echo '{"id": "' . $id . '", "name": "' . $realUser . '", "properties": [{"name": "textures", "value": "' . base64_encode($base64) . '", "signature": ""}]}';
} else {
die(json_error("Bad login"));
}
function json_error($text)
{
return json_encode(array('error' => $text, 'errorMessage' => $text));
}
// Возвращает URL адрес к скину игрока
function get_skins_url($username)
{
global $lowerSkinsCase, $skins_url, $cloaks_url;
$login = $lowerSkinsCase ? strtolower($username) : $username;
if ($skins_url != null) {
$url = $skins_url . "/" . $login . ".png";
include "../jcr_settings.php";
include "jcr_security.php";
@($action = sql_param($_POST["action"]));
@($getLogin = sql_param($_POST["login"]));
@($getPass = sql_param($_POST["password"]));
@($appHash = sql_param($_POST["hash"]));
@($appForm = sql_param($_POST["format"]));
@($client = sql_param($_POST["client"]));
@($cl_vers = sql_param($_POST["version"]));
@($forge = sql_param($_POST["forge"]));
@($liteloader = sql_param($_POST["liteloader"]));
@($hwid = sql_param($_POST["mac"]));
@($secCode = sql_param($_POST["code"]));
@($files = sql_param($_POST["files"]));
@($message = sql_param($_POST["message"]));
@($authSes = sql_param($_POST["session"]));
if (!($secCode == sha1($protectKey))) {
die("BadCode");
}
if (!preg_match("/^[a-zA-Z0-9_]+\$/", $getLogin) || !preg_match("/^[a-zA-Z0-9_]+\$/", $getPass)) {
die("BadData");
}
$hwid = $hwid;
$getLogin = $getLogin;
$injLogin = $getLogin;
if ($crypt == 'hash_md5' || $crypt == 'hash_authme' || $crypt == 'hash_xauth' || $crypt == 'hash_cauth' || $crypt == 'hash_joomla' || $crypt == 'hash_wordpress' || $crypt == 'hash_dle' || $crypt == 'hash_drupal' || $crypt == 'hash_webmcr') {
$query = $db->query("SELECT {$db_colUser}, {$db_colPass}, {$db_colUserStat} FROM {$db_table} WHERE {$db_colUser}='{$getLogin}'") or die($db->error);
$row = $query->fetch_assoc();
$getLogin = $row[$db_colUser];
$realPass = $row[$db_colPass];
$userStat = $row[$db_colUserStat];
