$Row = $db->fetch_assoc($db->execute("SELECT `streamer` FROM `streams` WHERE `creator` = '" . $player['id'] . "'")); if (!empty($Row['streamer'])) { $db->close(); MessageSend(1, 'Возможно создать только 1 стрим!'); } $db->execute("INSERT INTO `streams` (`streamer`,`title`,`about`,`creator`) VALUES ('{$streamStreamer}','{$streamTitle}','{$streamAbout}','" . $player['id'] . "')"); $db->close(); MessageSend(3, 'Вы успешно добавили свой стрим!', '/streams/'); } ob_start(); include SITE_ROOT . 'style/streams/stream_add.html'; $content_main = ob_get_clean(); } elseif (isset($_GET['view'])) { $db = new DB(); $db->connect("STREAMS_VIEW"); $streamer = (int) TextSave($_GET['view']); $Row = $db->fetch_assoc($db->execute("SELECT * FROM `streams` WHERE `creator` = '{$streamer}'")); $db->close(); if (empty($Row['streamer'])) { MessageSend(1, 'Стрим не найден!', '/streams/'); } if ($Row['creator'] != $player['id'] && $Row['status'] == 1) { if ($player['group'] < 16) { MessageSend(1, 'Стрим на модерации!', '/streams/'); } } ob_start(); include SITE_ROOT . 'style/streams/stream_view.html'; $content_main = ob_get_clean(); } else { $db = new DB();
static function Send($title, $message_text, $reciver, $is_system = 2) { if (!is_numeric($reciver)) { return; } $title = TextSave($title); $message_text = TextSave($message_text, 2); $db = new DB(); $db->connect("PM"); $Row = $db->fetch_assoc($db->execute("SELECT `login` FROM `users` WHERE `id` = '{$reciver}'")); if (empty($Row['login'])) { return; } if ($is_system == 2) { global $player; //AuthReset(); $sender = $player['id']; } else { $sender = 0; } $db->execute("INSERT INTO `pm` (`title`,`message`,`reciver`,`sender`,`time`) VALUES ('{$title}','{$message_text}','{$reciver}'," . $sender . "," . time() . ")"); $db->close(); }
function AuthReset() { global $player; if (isset($_SESSION['USER_RESET']) && isset($_SESSION['USER_RESET_ID'])) { $pass = TextSave($_SESSION['USER_RESET']); $db = new DB(); $db->connect(); $Row = $db->fetch_assoc($db->execute("SELECT * FROM `users` WHERE `passw` = '{$pass}' AND `id` = " . $_COOKIE['USER_RESET_ID'])); if (empty($Row['login'])) { unset($_SESSION['USER_RESET']); setcookie('USER_RESET', '', 0, '/'); exit(header("Location: /")); } elseif ($Row['group'] == 2) { unset($_SESSION['USER_RESET']); setcookie('USER_RESET', '', 0, '/'); MessageSend(1, "Ваш аккаунт заблокирован!", '/'); } $db->execute("UPDATE `users` SET `last_online` = '" . time() . "',`ip` = '" . GetIP() . "' WHERE `login` = '" . $Row['login'] . "'"); $_SESSION['USER_LOGGED'] = true; $MRow = $db->fetch_assoc($db->execute("SELECT * FROM `money` WHERE `username` = '" . $Row['login'] . "'")); $player['id'] = $Row['id']; $player['login'] = $Row['login']; $player['email'] = $Row['email']; $player['group'] = $Row['group']; $player['realmoney'] = (int) $MRow['realmoney']; $player['balance'] = (double) $MRow['balance']; $player['reg_date'] = $Row['reg_date']; $player['last_online'] = $Row['last_online']; setcookie('USER_RESET', $pass, time() + '604800', '/'); setcookie('USER_RESET_ID', $_COOKIE['USER_RESET_ID'], time() + '604800', '/'); if ($player['group'] >= 7 && $Row['ip'] != GetIP() && $Row['ip2'] != GetIP()) { $db->close(); exit("<p style='color:red'>Вход с неизвестного IP!</p> Обратитесь к администрации!"); } $db->close(); } elseif (isset($_COOKIE['USER_RESET']) && isset($_COOKIE['USER_RESET_ID'])) { $pass = TextSave($_COOKIE['USER_RESET']); $db = new DB(); $db->connect(); $Row = $db->fetch_assoc($db->execute("SELECT * FROM `users` WHERE `passw` = '{$pass}' AND `id` = " . $_COOKIE['USER_RESET_ID'])); if (empty($Row['login'])) { setcookie('USER_RESET', '', 0, '/'); exit(header("Location: /")); } elseif ($Row['group'] == 2) { unset($_SESSION['USER_RESET']); setcookie('USER_RESET', '', 0, '/'); MessageSend(1, "Ваш аккаунт заблокирован!", '/'); } $db->execute("UPDATE `users` SET `last_online` = '" . time() . "',`ip` = '" . GetIP() . "' WHERE `login` = '" . $Row['login'] . "'"); $_SESSION['USER_LOGGED'] = true; $MRow = $db->fetch_assoc($db->execute("SELECT * FROM `money` WHERE `username` = '" . $Row['login'] . "'")); $player['id'] = $Row['id']; $player['login'] = $Row['login']; $player['email'] = $Row['email']; $player['group'] = $Row['group']; $player['realmoney'] = (int) $MRow['realmoney']; $player['balance'] = (double) $MRow['balance']; $player['reg_date'] = $Row['reg_date']; $player['last_online'] = $Row['last_online']; setcookie('USER_RESET', $pass, time() + '604800', '/'); setcookie('USER_RESET_ID', $_COOKIE['USER_RESET_ID'], time() + '604800', '/'); if ($player['group'] >= 7 && $Row['ip'] != GetIP() && $Row['ip2'] != GetIP()) { $db->close(); exit("<p style='color:red'>Вход с неизвестного IP!</p> Обратитесь к администрации!"); } $db->close(); } else { $_SESSION['USER_LOGGED'] = false; } }
if (empty($Row['id']) or $Row['reciver'] != $player['id']) { $db->close(); exit(header("Location: /pm/")); } $db->execute("UPDATE `pm` SET `readed` = '2' WHERE `id` = '{$id}'"); $db->close(); ob_start(); include SITE_ROOT . 'style/pm/see.html'; $content_main = ob_get_clean(); } else { $pm_on_page = 10; $db = new DB(); $db->connect(); $pm_count = $db->fetch_array($db->execute("SELECT COUNT(id) FROM `pm`")); $total = ceil($pm_count[0] / $pm_on_page); if (empty($_GET['p'])) { $_GET['p'] = '1'; } $p = $_GET['p']; $p = TextSave($p); if (!ctype_digit($p) or $p > $total) { $p = "1"; } // формируем запрос $first = $p * $pm_on_page - $pm_on_page; $result = $db->execute("SELECT * FROM `pm` WHERE `reciver` = '" . $player['id'] . "' ORDER BY `id` DESC LIMIT {$first}, {$pm_on_page}"); $db->close(); ob_start(); include SITE_ROOT . 'style/pm/list.html'; $content_main = ob_get_clean(); }
<?php require $_SERVER['DOCUMENT_ROOT'] . '/system.php'; if (isset($_GET['login']) && isset($_GET['passwd'])) { $login = TextSave($_GET['login']); $passw = TextSave($_GET['passwd']); if (empty($login) or empty($passw)) { exit; } $db = new DB(); $db->connect("LauncherAuth"); $Row = $db->fetch_assoc($db->execute("SELECT `passw` FROM `users` WHERE `login` = '{$login}'")); if (empty($Row['passw'])) { exit("Пользователь не найден!"); } if (ToPass($passw) != $Row['passw']) { exit("Неверный пароль!"); } exit("OK:" . $login); } else { exit; }
<?php Access(0); SiteRefer(); if (isset($_POST['login']) && isset($_POST['password']) && isset($_POST['email'])) { if (!$_REQUEST['rules-accept']) { MessageSend(1, 'Вы не приняли правила сервера!', '/register/'); } $login = TextSave($_POST['login']); $pass = TextSave($_POST['password']); $email = TextSave($_POST['email']); /* Проверки */ if (strlen($login) > 16) { MessageSend(1, 'Логин должен содержать не более 16 символов.', '/register/'); } if (strlen($pass) > 30) { MessageSend(1, 'Пароль должен содержать не более 30 символов.', '/register/'); } if (strlen($email) > 50) { MessageSend(1, 'E-Mail должен содержать не более 50 символов.', '/register/'); } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { MessageSend(1, 'Невалидный E-Mail!', '/register/'); } if (strlen($login) < 3) { MessageSend(1, 'Логин должен содержать не менее 3 символов.', '/register/'); } if (strlen($pass) < 5) { MessageSend(1, 'Пароль должен содержать не менее 5 символов.', '/register/'); } if (empty($email)) {
<?php require $_SERVER['DOCUMENT_ROOT'] . '/system.php'; if ($_POST['LMI_PREREQUEST'] == 1) { if ($_POST['LMI_PAYEE_PURSE'] == 'R317832667477') { echo 'YES'; } } else { $key = $_POST['LMI_PAYEE_PURSE'] . $_POST['LMI_PAYMENT_AMOUNT'] . $_POST['LMI_PAYMENT_NO'] . $_POST['LMI_MODE'] . $_POST['LMI_SYS_INVS_NO'] . $_POST['LMI_SYS_TRANS_NO'] . $_POST['LMI_SYS_TRANS_DATE'] . 'd61v5CU80M7toDxZP38M2JXv5V3YD8' . $_POST['LMI_PAYER_PURSE'] . $_POST['LMI_PAYER_WM']; if (strtoupper(hash('sha256', $key)) != $_POST['LMI_HASH']) { exit('DDD'); } /////// $ID = TextSave($_POST['SUID']); AuthReset(); $db = new DB(); $db->connect("WebMoneyPayment"); if ($_SESSION['USER_LOGGED'] == false) { $Row = $db->fetch_assoc($db->execute("SELECT `id` FROM `users` WHERE `id` = '{$ID}'")); if (!empty($Row['id'])) { $amount = $_POST['LMI_PAYMENT_AMOUNT']; $db->execute("INSERT INTO `money_log` (`user_id`,`amount`,`payer`,`date`) VALUES ('{$ID}',{$amount},'WebMoney','" . time() . "')"); $db->execute("UPDATE `money` SET `realmoney` = `realmoney` + " . $_POST['LMI_PAYMENT_AMOUNT'] . " WHERE `id` = '{$ID}'"); } } else { if ($player['id'] != $ID) { $ID = $player['id']; } } $db->close(); }
break; default: $SITE_CLOSED_REASON = 'причина не указана.'; break; } if ($_SESSION['USER_LOGGED'] == true && $player['group'] >= 16) { $notify_for_user .= '<div class="notify_for_user">Сайт закрыт для обычных пользователей, проссматривать его могут только администраторы!</div>'; } else { exit(include SITE_ROOT . 'style/site_closed.html'); } } if (isset($_GET['type']) && $_GET['type'] == 'login') { if (isset($_POST['login']) && isset($_POST['password'])) { if (!isset($_SESSION['USER_LOGGED']) || $_SESSION['USER_LOGGED'] != true) { $login = TextSave($_POST['login']); $pass = TextSave($_POST['password']); if (strlen($login) > 16) { MessageSend(1, 'Логин должен содержать не более 16 символов.'); } if (strlen($pass) > 30) { MessageSend(1, 'Пароль должен содержать не более 30 символов.'); } if (strlen($login) < 3) { MessageSend(1, 'Логин должен содержать не менее 3 символов.'); } if (strlen($pass) < 5) { MessageSend(1, 'Пароль должен содержать не менее 5 символов.'); } if (!preg_match("/^[a-zA-Z0-9_-]+\$/", $login)) { MessageSend(1, 'Логин может содержать только английские буквы/цифры, и некоторые символы!'); }
MessageSend(1, 'Не валидный код! [2]', '/reset-pass/'); $db->close(); } $time = (int) time() - (int) $Row['reset-pass']; if (86400 < (int) $time) { MessageSend(1, 'Срок жизни ссылки истёк, либо вы не запрашивали восстановление пароля.', '/reset-pass/'); } $_SESSION['RESET_PASSWORD'] = '******'; $_SESSION['RESET_USER'] = $code[0]; $db->close(); ob_start(); include SITE_ROOT . 'style/reset-password_input_new.html'; $content_main = ob_get_clean(); } elseif (isset($_POST['submit-new-pass']) && isset($_POST['newpass'])) { if (isset($_SESSION['RESET_PASSWORD']) && $_SESSION['RESET_PASSWORD'] == 'YES') { $password = TextSave($_POST['newpass']); if (empty($password) or !preg_match("/^[a-zA-Z0-9_-]+\$/", $password) or strlen($password) > 30 or strlen($password) < 5) { ob_start(); include SITE_ROOT . 'style/reset-password.html'; $content_main = ob_get_clean(); } else { $db = new DB(); $db->connect(); $password = ToPass($password); $Row = $db->fetch_assoc($db->execute("SELECT `reset-pass` FROM `users` WHERE `id` = '" . $_SESSION['RESET_USER'] . "'")); $db->execute("UPDATE `users` SET `passw` = '{$password}',`reset-pass` = 'NULL' WHERE `id` = '" . $_SESSION['RESET_USER'] . "'"); unset($_SESSION['RESET_PASSWORD']); unset($_SESSION['RESET_USER']); MessageSend(3, 'Пароль успешно изменён!', '/'); } } else {