Файл: bloodlands.pw/include/a1s2d3f4.php
Строк: 114
<?php
define('cms', 1);
require_once 'db.php';
$command = !empty($_GET['command']) ? filter($_GET['command']) : '';
$v1 = !empty($_GET['v1']) ? abs(intval($_GET['v1'])) : '';
$sum = !empty($_GET['sum']) ? abs(intval($_GET['sum'])) : '';
$md5 = !empty($_GET['md5']) ? filter($_GET['md5']) : '';
$id = !empty($_GET['id']) ? abs(intval($_GET['id'])) : '';
function filter($text){
$text = trim($text); // удаляем пробелы по бокам
$text = stripslashes($text); // удаляем слэши
$text = htmlspecialchars($text); // переводим HTML в текст
$text = preg_replace("/ +/", " ", $text); // множественные пробелы заменяем на одинарные
$text = preg_replace("/(rn){3,}/", "rnrn", $text); // убираем лишние переводы строк (больше 1 строки)
$test = nl2br ($text); // заменяем переводы строк на тег
$text = preg_replace("/^"([^"]+[^=><])"/u", "$1«$2»", $text); // ставим людские кавычки
$text = preg_replace("/(«){2,}/","«",$text); // убираем лишние левые кавычки (больше 1 кавычки)
$text = preg_replace("/(»){2,}/","»",$text); // убираем лишние правые кавычки (больше 1 кавычки)
$text = preg_replace("/(rn){1,}/u", "<br/>", $text); // ставим абзацы
return $text; //возвращаем переменную
}
if($command == 'check'){
$m = ''.$command.$v1.'zagfZ2zYKFctld4r';
$pmd5 = md5($m);
$us = mysql_result(mysql_query("SELECT count(*) FROM `users` WHERE `id` = '".$v1."' LIMIT 1"),0);
if($us == 1){
if($md5 == $pmd5) echo'<?xml version="1.0" encoding="UTF-8"?><response><result>0</result></response>'; else echo'<?xml version="1.0" encoding="UTF-8"?><response><result>3</result><comment>Wrong user identifier or order number</comment></response>';
} else echo'<?xml version="1.0" encoding="UTF-8"?><response><result>7</result><comment>Wrong user identifier or order number</comment></response>';
}
if($command == 'pay'){
$m = ''.$command.$v1.$id.'zagfZ2zYKFctld4r';
$pmd5 = md5($m);
mysql_query("INSERT INTO `pokupka` SET `user` = '".$v1."', `time` = '".time()."', `summa` = '".$sum."'");
$tran = mysql_insert_id();
$us = mysql_result(mysql_query("SELECT count(*) FROM `users` WHERE `id` = '".$v1."' LIMIT 1"),0);
if($us == 0){
mysql_query("UPDATE `pokupka` SET `end` = '2' WHERE `id` = '".$tran."'");
echo'<?xml version="1.0" encoding="UTF-8"?><response><id_shop>'.$tran.'</id_shop><result>2</result><comment>Temporary database error</comment></response>';
} else {
if($md5 == $pmd5 && $sum > 0){
$use = mysql_fetch_array(mysql_query("SELECT `ref` FROM `users` WHERE `id` = '".$v1."' LIMIT 1"));
if($use['ref'] > 0){
$gold = round($sum*0.1);
mysql_query("UPDATE `users` SET `money_2` = (`money_2` + ".$gold.") WHERE `id` = '".$use['ref']."'");
}
$money = mysql_query("UPDATE `users` SET `money_2` = (`money_2` + ".$sum.") WHERE `id` = '".$v1."'");
if($money) $pokupka = mysql_query("UPDATE `pokupka` SET `end` = '1' WHERE `id` = '".$tran."'");
$text = 'Вам успешно начислено <b>'.$sum.'</b> голден через систему онлайн пополнения счета!';
if($pokupka) mysql_query("INSERT INTO `mail_sys` SET `user` = '".$v1."', `time` = '".time()."', `text` = '".mysql_real_escape_string($text)."'");
echo'<?xml version="1.0" encoding="UTF-8"?><response><id_shop>'.$tran.'</id_shop><result>0</result></response>';
} else {
mysql_query("UPDATE `pokupka` SET `end` = '3' WHERE `id` = '".$tran."'");
echo'<?xml version="1.0" encoding="UTF-8"?><response><id_shop>'.$tran.'</id_shop><result>3</result><comment>Temporary database error</comment></response>';
}}}
if($command == 'cancel'){
$m = ''.$command.$id.'zagfZ2zYKFctld4r';
$pmd5 = md5($m);
if($id == 0) echo'<?xml version="1.0" encoding="UTF-8"?><response><result>2</result><comment>Payment with given ID does not exist</comment></response>'; else {
if($md5 == $pmd5) echo'<?xml version="1.0" encoding="UTF-8"?><response><result>0</result></response>'; else
echo'<?xml version="1.0" encoding="UTF-8"?><response><result>3</result><comment>Payment with given ID does not exist</comment></response>';
}}
?>