updateUsingCron("gen_nagios='yes'"); } } if (isset($_REQUEST["action"]) && ($_REQUEST["action"] == "shutdown_vps" || $_REQUEST["action"] == "destroy_vps" || $_REQUEST["action"] == "start_vps")) { if (checkVPSAdmin($adm_login, $adm_pass, $vps_node, $vps_name) == true) { remoteVPSAction($vps_node, $vps_name, $_REQUEST["action"]); } else { $submit_err = _("Access not granted line ") . __LINE__ . _(" file ") . __FILE__; } } if (isset($_REQUEST["action"]) && $_REQUEST["action"] == "set_ip_reverse_dns") { if (checkVPSAdmin($adm_login, $adm_pass, $vps_node, $vps_name) == true) { if (!isIP($_REQUEST["ip_addr"])) { $submit_err = _("This is not a correct IP line ") . __LINE__ . _(" file ") . __FILE__; } else { if (!isHostnameOrIP($_REQUEST["rdns"])) { $submit_err = _("This is not a correct hostname or IP line ") . __LINE__ . _(" file ") . __FILE__; } else { $q = "SELECT * FROM {$pro_mysql_vps_ip_table} WHERE ip_addr='" . $_REQUEST["ip_addr"] . "' AND vps_xen_name='{$vps_name}' AND vps_server_hostname='{$vps_node}';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $submit_err = _("Access not granted line ") . __LINE__ . _(" file ") . __FILE__; } else { $q = "UPDATE {$pro_mysql_vps_ip_table} SET rdns_addr='" . $_REQUEST["rdns"] . "',rdns_regen='yes' WHERE ip_addr='" . $_REQUEST["ip_addr"] . "';"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $q = "SELECT {$pro_mysql_ip_pool_table}.zone_type\n\t\t\t\t\tFROM {$pro_mysql_vps_ip_table},{$pro_mysql_ip_pool_table}\n\t\t\t\t\tWHERE {$pro_mysql_vps_ip_table}.ip_addr='" . $_REQUEST["ip_addr"] . "'\n\t\t\t\t\tAND {$pro_mysql_ip_pool_table}.id={$pro_mysql_vps_ip_table}.ip_pool_id;"; $r = mysql_query($q) or die("Cannot query {$q} line " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $submit_err = _("Could not find the corresponding IP pool");
function register_user($adding_service = "no") { global $pro_mysql_admin_table; global $pro_mysql_new_admin_table; global $pro_mysql_product_table; global $pro_mysql_vps_server_table; global $conf_webmaster_email_addr; global $conf_selling_conditions_url; global $conf_message_subject_header; global $secpayconf_currency_letters; global $gettext_lang; get_secpay_conf(); // Check if all fields are blank, in wich case don't display error if ((!isset($_REQUEST["reqadm_login"]) || $_REQUEST["reqadm_login"] == "") && (!isset($_REQUEST["reqadm_pass"]) || $_REQUEST["reqadm_pass"] == "") && (!isset($_REQUEST["reqadm_pass2"]) || $_REQUEST["reqadm_pass2"] == "") && (!isset($_REQUEST["domain_name"]) || $_REQUEST["domain_name"] == "") && (!isset($_REQUEST["domain_tld"]) || $_REQUEST["domain_tld"] == "") && (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") && (!isset($_REQUEST["email"]) || $_REQUEST["email"] == "") && (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") && (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") && (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") && (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") && (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "")) { $ret["err"] = 1; $ret["mesg"] = _("Not registering"); return $ret; } if (isset($_REQUEST["product_id"])) { $esc_product_id = addslashes($_REQUEST["product_id"]); } if (!isRandomNum($esc_product_id)) { $ret["err"] = 2; $ret["mesg"] = _("Product ID not valid!"); return $ret; } $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 2; $ret["mesg"] = _("Product not found in database"); } else { $db_product = mysql_fetch_array($r); } // Do field format checking and escaping for all fields if (!preg_match("/^([a-zA-Z0-9]+)([._a-zA-Z0-9-]+)\$/", $_REQUEST["reqadm_login"])) { $ret["err"] = 2; $ret["mesg"] = _("User login format incorrect. Please use letters and numbers only and from 4 to 16 chars."); return $ret; } if ($_REQUEST["reqadm_login"] == "root" || $_REQUEST["reqadm_login"] == "debian-sys-maint") { $ret["err"] = 2; $ret["mesg"] = _("Username invalid: please choose something else other than root or debian-sys-maint"); return $ret; } if (!isDTCPassword($_REQUEST["reqadm_pass"])) { $ret["err"] = 2; $ret["mesg"] = _("Password format incorrect. Please use letters and numbers only and from 4 to 16 chars."); return $ret; } if ($_REQUEST["reqadm_pass"] != $_REQUEST["reqadm_pass2"]) { $ret["err"] = 2; $ret["mesg"] = _("Passwords 1 and 2 do not match!"); return $ret; } if ($_REQUEST["domain_name"] == "" || !isTLD($_REQUEST["domain_tld"])) { $domain_tld = ""; } else { $domain_tld = $_REQUEST["domain_tld"]; } // If shared or ssl hosting, we MUST do type checkings if ($db_product["heb_type"] == "shared" || $db_product["heb_type"] == "ssl" || $db_product["heb_type"] == "dedicated") { if (!isHostnameOrIP($_REQUEST["domain_name"] . $_REQUEST["domain_tld"])) { $ret["err"] = 2; $ret["mesg"] = _("Domain name seems to be incorrect."); return $ret; } // If not a shared, a dedicated or ssl account, it's a VPS: // we don't care if it's umpty, but we take care of mysql insertion anyway // so if there is a domain name, then we check it's consistency, but we don't // do much more if there's nothing... } else { if ($_REQUEST["domain_name"] . $domain_tld != "" && !isHostnameOrIP($_REQUEST["domain_name"] . $domain_tld)) { $ret["err"] = 2; $ret["mesg"] = _("Domain name seems to be incorrect."); return $ret; } } if ($db_product["heb_type"] == "vps") { if ($_REQUEST["vps_server_hostname"] == "-1") { $ret["err"] = 2; $ret["mesg"] = _("VPS location not selected!"); return $ret; } $q = "SELECT * FROM {$pro_mysql_vps_server_table} WHERE hostname='" . addslashes($_REQUEST["vps_server_hostname"]) . "';"; $r = mysql_query($q) or die("Cannot query {$q} " . __LINE__ . " file " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $ret["err"] = 2; $ret["mesg"] = _("Could not find the VPS server in database"); return $ret; } } if (!isValidEmail($_REQUEST["email"])) { $ret["err"] = 2; $ret["mesg"] = _("Email address seems to be incorrect format."); return $ret; } if (!isset($_REQUEST["familyname"]) || $_REQUEST["familyname"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field family name missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_familyname = addslashes($_REQUEST["familyname"]); } else { $esc_familyname = $_REQUEST["familyname"]; } } if (!isset($_REQUEST["firstname"]) || $_REQUEST["firstname"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field first name missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_firstname = addslashes($_REQUEST["firstname"]); } else { $esc_firstname = $_REQUEST["firstname"]; } } if (!isset($_REQUEST["phone"]) || $_REQUEST["phone"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field phone missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_phone = addslashes($_REQUEST["phone"]); } else { $esc_phone = $_REQUEST["phone"]; } } if (!get_magic_quotes_gpc()) { $esc_fax = addslashes($_REQUEST["fax"]); } else { $esc_fax = $_REQUEST["fax"]; } if (!get_magic_quotes_gpc()) { $esc_compname = addslashes($_REQUEST["compname"]); } else { $esc_compname = $_REQUEST["compname"]; } if (!get_magic_quotes_gpc()) { $esc_vat_num = addslashes($_REQUEST["vat_num"]); } else { $esc_vat_num = $_REQUEST["vat_num"]; } if (!isset($_REQUEST["address1"]) || $_REQUEST["address1"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field address (line 1) missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_address1 = addslashes($_REQUEST["address1"]); } else { $esc_address1 = $_REQUEST["address1"]; } } if (!get_magic_quotes_gpc()) { $esc_address2 = addslashes($_REQUEST["address2"]); } else { $esc_address2 = $_REQUEST["address2"]; } if (!get_magic_quotes_gpc()) { $esc_address3 = addslashes($_REQUEST["address3"]); } else { $esc_address3 = $_REQUEST["address3"]; } if (!isset($_REQUEST["zipcode"]) || $_REQUEST["zipcode"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field zipcode missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_zipcode = addslashes($_REQUEST["zipcode"]); } else { $esc_zipcode = $_REQUEST["zipcode"]; } } if (!isset($_REQUEST["city"]) || $_REQUEST["city"] == "") { $ret["err"] = 2; $ret["mesg"] = _("Required field city missing."); return $ret; } else { if (!get_magic_quotes_gpc()) { $esc_city = addslashes($_REQUEST["city"]); } else { $esc_city = $_REQUEST["city"]; } } if (!get_magic_quotes_gpc()) { $esc_state = addslashes($_REQUEST["state"]); } else { $esc_state = $_REQUEST["state"]; } if (!get_magic_quotes_gpc()) { $esc_custom_notes = addslashes($_REQUEST["custom_notes"]); } else { $esc_custom_notes = $_REQUEST["custom_notes"]; } if (!preg_match("/^([A-Z])([A-Z])\$/", $_REQUEST["country"])) { $ret["err"] = 2; $ret["mesg"] = _("Country code seems incorrect."); return $ret; } if ($_REQUEST["iscomp"] == "yes") { $esc_comp = "yes"; } else { if ($_REQUEST["iscomp"] == "no") { $esc_comp = "no"; } else { $ret["err"] = 2; $ret["mesg"] = _("Is company radio button is wrong!"); return $ret; } } if ($conf_selling_conditions_url != "none" && (!isset($_REQUEST["condition"]) || $_REQUEST["condition"] != "yes")) { $ret["err"] = 2; $ret["mesg"] = _("Selling conditions not accepted!"); return $ret; } $q = "SELECT adm_login FROM {$pro_mysql_admin_table} WHERE adm_login='******';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $n = mysql_num_rows($r); if ($n > 0) { $ret["err"] = 3; $ret["mesg"] = _("Username already taken! Try again."); return $ret; } $q = "SELECT reqadm_login FROM {$pro_mysql_new_admin_table} WHERE reqadm_login='******';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $n = mysql_num_rows($r); if ($n > 0) { $ret["err"] = 3; $ret["mesg"] = _("Username already taken! Try again."); return $ret; } $vps_add1 = ""; $vps_add2 = ""; $vps_mail_add1 = ""; if ($db_product["heb_type"] == "vps") { if (!get_magic_quotes_gpc()) { $esc_vps_os = addslashes($_REQUEST["vps_os"]); } else { $esc_vps_os = $_REQUEST["vps_os"]; } $vps_add1 = ",vps_location,vps_os"; $vps_add2 = ",'" . $_REQUEST["vps_server_hostname"] . "','{$esc_vps_os}'"; $vps_mail_add1 = "VPS hostname: " . $_REQUEST["vps_server_hostname"]; } // MaxMind: Rudd-O get_secpay_conf(); global $secpayconf_maxmind_license_key; global $secpayconf_use_maxmind; global $secpayconf_maxmind_threshold; $maxmind_score = 0; if ($secpayconf_use_maxmind == "yes") { // This has been done in dtc/shared/dtc_lib.php // but could be removed from there... As you like! require_once "../shared/maxmind/HTTPBase.php"; require_once "../shared/maxmind/CreditCardFraudDetection.php"; $hash = array(); $hash["i"] = $_SERVER["REMOTE_ADDR"]; $hash["city"] = $_REQUEST["city"]; $hash["postal"] = $_REQUEST["zipcode"]; $hash["country"] = $_REQUEST["country"]; $maildomain = split("@", $_REQUEST["email"], 2); $hash["domain"] = $maildomain[1]; $hash["custPhone"] = $_REQUEST["phone"]; $hash["license_key"] = $secpayconf_maxmind_license_key; if (isset($_SERVER["X_HTTP_FORWARDED_FOR"])) { $hash["forwardedIP"] = $_SERVER["X_HTTP_FORWARDED_FOR"]; } $hash["emailMD5"] = md5($_REQUEST["email"]); $hash["usernameMD5"] = md5($_REQUEST["reqadm_login"]); $hash["passwordMD5"] = md5($_REQUEST["reqadm_pass"]); // trigger_error("MaxMind input: ".serialize($hash),E_USER_NOTICE); $ccfs = new CreditCardFraudDetection(); $ccfs->isSecure = 1; $ccfs->input($hash); $ccfs->query(); $maxmind_output = $ccfs->output(); // trigger_error("MaxMind output: ".serialize($maxmind_output),E_USER_NOTICE); $maxmind_score = $maxmind_output["riskScore"]; } else { $maxmind_output = ""; } // end MaxMind $q = "INSERT INTO {$pro_mysql_new_admin_table}\n(reqadm_login,\nreqadm_pass,\ndomain_name,\nfamily_name,\nfirst_name,\ncomp_name,\nvat_num,\niscomp,\nemail,\nphone,\nfax,\naddr1,\naddr2,\naddr3,\nzipcode,\ncity,\nstate,\ncountry,\nproduct_id,\ncustom_notes,\nshopper_ip,\ndate,\ntime,\nlast_used_lang,\nmaxmind_output{$vps_add1}\n)\nVALUES('" . $_REQUEST["reqadm_login"] . "',\n'" . $_REQUEST["reqadm_pass"] . "',\n'" . $_REQUEST["domain_name"] . $domain_tld . "',\n'{$esc_familyname}',\n'{$esc_firstname}',\n'{$esc_compname}',\n'{$esc_vat_num}',\n'{$esc_comp}',\n'" . $_REQUEST["email"] . "',\n'{$esc_phone}',\n'{$esc_fax}',\n'{$esc_address1}',\n'{$esc_address2}',\n'{$esc_address3}',\n'{$esc_zipcode}',\n'{$esc_city}',\n'{$esc_state}',\n'" . $_REQUEST["country"] . "',\n'{$esc_product_id}',\n'{$esc_custom_notes}',\n'" . $_SERVER["REMOTE_ADDR"] . "',\n'" . date("Y-m-d") . "',\n'" . date("H:i:s") . "',\n'" . $gettext_lang . "',\n'" . mysql_real_escape_string(serialize($maxmind_output)) . "'{$vps_add2})"; $r = mysql_query($q) or die("Cannot query \"{$q}\" !!! Line: " . __LINE__ . " File: " . __FILE__ . " MySQL said: " . mysql_error()); $id = mysql_insert_id(); $ret["err"] = 0; $ret["mesg"] = "Query ok!"; $ret["id"] = $id; $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='{$esc_product_id}';"; $r = mysql_query($q) or die("Cannot querry {$q} line " . __LINE__ . " file " . __FILE__ . " sql said " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { echo "<font color=\"red\">" . _("Cannot find product id!") . "</font>"; $the_prod = $esc_product_id . " (0 {$secpayconf_currency_letters})"; } else { $a = mysql_fetch_array($r); $the_prod = $a["name"] . " (" . $a["price_dollar"] . " {$secpayconf_currency_letters})"; } $mail_content = "\nSomebody tried to register an account. Here is the details of the new user:\n\nlogin: "******"reqadm_login"] . "\npass: "******"reqadm_pass"] . "\ndomain: " . $_REQUEST["domain_name"] . $domain_tld . "\nCompany name: " . $_REQUEST["compname"] . "\nFirst name: " . $_REQUEST["firstname"] . "\nFamily name: " . $_REQUEST["familyname"] . "\nEmail: " . $_REQUEST["email"] . "\nPhone: {$esc_phone}\nFax: {$esc_fax}\nAddr: " . $_REQUEST["address1"] . " " . $_REQUEST["address2"] . " " . $_REQUEST["address3"] . "\nZipcode: {$esc_zipcode}\nCity: " . $_REQUEST["city"] . "\nState: " . $_REQUEST["state"] . "\nCountry: " . $_REQUEST["country"] . "\nShopper ip: " . $_SERVER["REMOTE_ADDR"] . "\nProduct id: {$the_prod}\nCustomer note: " . $_REQUEST["custom_notes"] . "\n{$vps_mail_add1}\n"; if ($maxmind_score > 0) { $mail_content .= "Maxmind Score: {$maxmind_score}\n"; $mail_content .= "Maxmind Output: {$maxmind_output}\n"; } $headers = "From: DTC Robot <{$conf_webmaster_email_addr}>"; mail($conf_webmaster_email_addr, "{$conf_message_subject_header} Somebody tried to register an account", $mail_content, $headers); return $ret; }
<?php $panel_type = "none"; require_once "../shared/autoSQLconfig.php"; require_once "{$dtcshared_path}/dtc_lib.php"; if (!isHostnameOrIP($_REQUEST["vps_server_hostname"])) { die("VPS node name has wrong format: dying."); } if (isset($_REQUEST["vps_name"])) { if (!checkSubdomainFormat($_REQUEST["vps_name"])) { die("VPS name has wrong format: dying."); } } if ($_SERVER["SCRIPT_NAME"] != "/dtc/vm-io-all.php") { require_once "authme.php"; } else { checkLoginPass($adm_login, $adm_pass); $q = "SELECT * FROM {$pro_mysql_vps_table} WHERE owner='{$adm_login}' AND vps_server_hostname='" . $_REQUEST["vps_server_hostname"] . "' AND vps_xen_name='" . $_REQUEST["vps_name"] . "'"; $r = mysql_query($q) or die; $n = mysql_num_rows($r); if ($n != 1) { die(_("Access not granted line ") . __LINE__ . _(" file ") . __FILE__); } } // Date in the past header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // always modified header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // HTTP/1.1 header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false);
if (isset($_REQUEST["new_mx_3"]) && isHostnameOrIP(strtolower($_REQUEST["new_mx_3"]))) { $new_mx_3 = strtolower($_REQUEST["new_mx_3"]); } else { $new_mx_3 = ""; } if (isset($_REQUEST["new_mx_4"]) && isHostnameOrIP(strtolower($_REQUEST["new_mx_4"]))) { $new_mx_4 = strtolower($_REQUEST["new_mx_4"]); } else { $new_mx_4 = ""; } if (isset($_REQUEST["new_mx_5"]) && isHostnameOrIP(strtolower($_REQUEST["new_mx_5"]))) { $new_mx_5 = strtolower($_REQUEST["new_mx_5"]); } else { $new_mx_5 = ""; } if (isset($_REQUEST["new_mx_6"]) && isHostnameOrIP(strtolower($_REQUEST["new_mx_6"]))) { $new_mx_6 = strtolower($_REQUEST["new_mx_6"]); } else { $new_mx_6 = ""; } // Trims the eventual last . of the string for MX, as this is a common mistake if (substr($new_mx_1, strlen($new_mx_1) - 1) == ".") { $new_mx_1 = substr($new_mx_1, 0, strlen($new_mx_1) - 1); } if (substr($new_mx_2, strlen($new_mx_2) - 1) == ".") { $new_mx_2 = substr($new_mx_2, 0, strlen($new_mx_2) - 1); } if (substr($new_mx_3, strlen($new_mx_3) - 1) == ".") { $new_mx_3 = substr($new_mx_3, 0, strlen($new_mx_3) - 1); } if (substr($new_mx_4, strlen($new_mx_4) - 1) == ".") {
$q = "INSERT INTO {$pro_mysql_whitelist_table} (id,pop_user,mbox_host,mail_from_user,mail_from_domain,mail_to) VALUES('','{$user}','{$host}',\n\t\t\t'" . $_REQUEST["mail_from_user"] . "','" . $_REQUEST["mail_from_domain"] . "','" . $_REQUEST["mail_to"] . "');"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); } else { echo "<font color=\"red\">This is not a valid rule!</font>"; } break; // ruleid=1&action=delete_whitelist_rule // ruleid=1&action=delete_whitelist_rule case "delete_whitelist_rule": $q = "DELETE FROM {$pro_mysql_whitelist_table} WHERE id='" . $_REQUEST["ruleid"] . "' AND pop_user='******' AND mbox_host='{$host}'"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); break; // action=edit_whitelist_rule&ruleid=1&mail_from_user=toto&mail_from_domain=toto.com&mail_to= // action=edit_whitelist_rule&ruleid=1&mail_from_user=toto&mail_from_domain=toto.com&mail_to= case "edit_whitelist_rule": if (isValidEmail($_REQUEST["mail_from_user"] . '@' . $_REQUEST["mail_from_domain"]) && $_REQUEST["mail_to"] == "" || isHostnameOrIP($_REQUEST["mail_from_domain"]) && $_REQUEST["mail_from_user"] == "" && $_REQUEST["mail_to"] == "" || isHostnameOrIP($_REQUEST["mail_to"]) && $_REQUEST["mail_from_user"] == "" && $_REQUEST["mail_from_domain"] == "") { $q = "UPDATE {$pro_mysql_whitelist_table}\n\t\t\tSET mail_from_user='******',\n\t\t\tmail_from_domain='" . $_REQUEST["mail_from_domain"] . "',mail_to='" . $_REQUEST["mail_to"] . "'\n\t\t\tWHERE id='" . $_REQUEST["ruleid"] . "' AND pop_user='******' AND mbox_host='{$host}';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); } else { echo "<font color=\"red\">This is not a valid rule!</font>"; } break; case "edit_bounce_msg": //&action=edit_bounce_msg&bounce_msg=Hello%2C%0D%0AYou+have+tried+to+write+an+email+to+me%2C+and+because+of+the+big+amount%0D%0Aof+spam+I+recieved%2C+I+use+an+antispam+software+that+require+a+message%0D%0Aconfirmation.+This+is+very+easy%2C+and+you+will+have+to+do+it+only+once.%0D%0AJust+click+on+the+following+link%2C+copy+the+number+you+see+on+the%0D%0Ascreen+and+I+will+recieve+the+message+you+sent+me.+If+you+do+not%0D%0Aclick%2C+then+your+message+will+be+considered+as+advertising+and+I+will%0D%0ANOT+recieve+it.%0D%0A%0D%0A***URL***%0D%0A%0D%0AThank+you+for+your+understanding.%0D%0A if (strstr($_REQUEST["bounce_msg"], "***URL***")) { $q = "UPDATE {$pro_mysql_pop_table} SET bounce_msg='" . addslashes($_REQUEST["bounce_msg"]) . "' WHERE id='{$user}' AND mbox_host='{$host}' AND passwd='" . $_REQUEST["adm_email_pass"] . "';"; $r = mysql_query($q) or die("Cannot execute query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); } else { echo "Bounce message MUST contain ***URL***"; } break;
<?php if (function_exists("date_default_timezone_set") and function_exists("date_default_timezone_get")) { @date_default_timezone_set(@date_default_timezone_get()); } // vps_stats_network.php?adm_login=$adm_login&adm_pass=$adm_pass&vps_node=$vps_node&vps_name=$vps_node $panel_type = "none"; require_once "../shared/autoSQLconfig.php"; require_once "{$dtcshared_path}/dtc_lib.php"; if ($_SERVER["REQUEST_URI"] != "/dtc/vps_stats_hdd.php" && $_SERVER["SCRIPT_NAME"] != "/dtc/vps_stats_hdd.php") { require_once "authme.php"; } if (!isHostnameOrIP($_REQUEST["vps_node"])) { die("VPS node name has wrong format: dying."); } if (!checkSubdomainFormat($_REQUEST["vps_name"])) { die("VPS name has wrong format: dying."); } session_name("wallid"); header("Content-type: image/png"); // Date in the past header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // always modified header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // HTTP/1.1 header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); // HTTP/1.0 header("Pragma: no-cache"); $width = 120; $height = 48;
case "enets-failed": // The transaction have failed (currently only eNETS) $form .= "<h3><font color=\"red\">" . _("PAYMENT FAILED") . "<!-- PAYMENT FAILED --></font></h3>" . _("The payment gateway have reported that your payment has failed. Contact us, we also accept checks and wire transfers."); break; // The customer wants to add: a shared account if he doesn't have one, a new dedicated or vps // The customer wants to add: a shared account if he doesn't have one, a new dedicated or vps case "add_new_service": if (!isRandomNum($_REQUEST["product_id"])) { $form = _("The product ID is not a valid integer number."); break; } if (!isFtpLogin($_REQUEST["adm_login"])) { $form = _("The requested login is not a valid login."); break; } if (!isHostnameOrIP($_REQUEST["vps_location"])) { $form = _("Location is not a valid hostname."); break; } if (!isset($_REQUEST["vps_os"]) || $_REQUEST["vps_os"] != "debian" && $_REQUEST["vps_os"] != "centos" && $_REQUEST["vps_os"] != "gentoo" && $_REQUEST["vps_os"] != "netbsd") { $form = _("VPS operating system not recognized"); break; } // Product $q = "SELECT * FROM {$pro_mysql_product_table} WHERE id='" . $_REQUEST["product_id"] . "';"; $r = mysql_query($q) or die("Cannot query \"{$q}\" ! line: " . __LINE__ . " file: " . __FILE__ . " sql said: " . mysql_error()); $n = mysql_num_rows($r); if ($n != 1) { $form = _("Cannot reselect product: registration failed!"); break; }