Файл: surf.php
Строк: 123
<?php
яю<?
include '�i�n�c�/�c�o�n�f�i�g�.�p�h�p�';
include '�i�n�c�/�f�u�n�c�.�p�h�p�';
include '�i�n�c�/�c�o�n�n�.�p�h�p�';
include '�i�n�c�/�h�e�a�d�e�r�.�p�h�p�';
include '�i�n�c�/�e�n�t�.�p�h�p�';
include '�i�n�c�/�z�a�p�r�o�s�.�p�h�p�';
include '�i�n�c�/�b�a�n�.�p�h�p�';
If (
$_USER['�l�o�g�i�n�']!=='�A�d�m�i�n�'
)
{
if(empty($_SESSION['�i�s�_�a�u�t�h�'])){
header('�l�o�c�a�t�i�o�n�:� �p�a�n�e�l�.�p�h�p�?�m�o�d�e�=�e�n�t�e�r�');
exit;
}
}
If (!isset($_GET['�m�o�d�e�']) || !ereg("�^�[�a�-�z�0�-�9�_�-�]�{�1�,�1�5�}�$�",$_GET['�m�o�d�e�'])) $mode=false; else $mode=$_GET['�m�o�d�e�'];
switch ($mode){
case '�g�o�i�n�g�':
mysql_query("�u�p�d�a�t�e� �`�".prefix."�u�s�e�r�s�`� �s�e�t� �`�m�e�s�t�o�`�=�'���5�@�5�E�>�4�8�B� �?�>� �A�A�K�;�:�5�'�,� �`�o�n�l�i�n�e�`�=�'�".time()."�'� �w�h�e�r�e� �`�i�d�`� �=� �'�".$_USER['�i�d�']."�'�;�");
If (!isset($_GET['�t�o�'])){
echo '���>�;�L�7�>�2�0�B�5�;�L� �=�5� �2�K�1�@�0�=�';
break;
}
$result=mysql_query("�S�E�L�E�C�T� �*� �F�R�O�M� �`�".prefix."�u�r�l�`� �W�H�E�R�E� �`�i�d�`�=�'�".intval($_GET['�i�d�'])."�'�");
If (!$result){
echo '���H�8�1�:�0� �7�0�?�@�>�A�0� �:� �1�4� �(�1�)�';
break;
}
If (mysql_num_rows($result)<1){
echo '�"�0�:�>�9� �?�;�>�I�0�4�:�8� �=�5�B� �2� �A�8�A�B�5�<�5�!�';
break;
}
mysql_data_seek($result,0);
$u=mysql_fetch_array($result);
#�#�#�#�#�
$ggg=mysql_fetch_array(mysql_query("�s�e�l�e�c�t� �*� �f�r�o�m� �`�".prefix."�u�s�e�r�s�`� �w�h�e�r�e� �`�i�d�`�=�'�".$u['�i�d�_�u�s�e�r�']."�'�;�"));
$credit=1;
if($u['�c�a�p�c�h�a�']==1){
$credit=2;
if($_SESSION['�c�o�d�e�']){
if($_SESSION['�c�o�d�e�']!=intval($_POST['�c�o�d�e�']))
{
unset($_SESSION['�c�o�d�e�']);
echo '���>�4� �2�2�5�4�Q�=� �=�5� �2�5�@�=�>�!�';
include '�i�n�c�/�f�o�o�t�.�p�h�p�';
break;
}
unset($_SESSION['�c�o�d�e�']);
}else{
echo '�<�f�o�r�m� �m�e�t�h�o�d�=�"�p�o�s�t�"� �a�c�t�i�o�n�=�"�s�u�r�f�.�p�h�p�?�m�o�d�e�=�g�o�i�n�g�&�t�o�=�'.intval($_GET['�t�o�']).'�&�i�d�=�'.intval($_GET['�i�d�']).'�"�>�';
$_SESSION['�c�o�d�e�']=$code=rand(0000,9999);
echo '�[�'.$code.'�]�';
echo '���>�4�:�<�i�n�p�u�t� �t�y�p�e�=�"�t�e�x�t�"� �s�i�z�e�=�"�4�"� �n�a�m�e�=�"�c�o�d�e�"� �v�a�l�u�e�=�"�"�>�<�i�n�p�u�t� �t�y�p�e�=�"�s�u�b�m�i�t�"� �n�a�m�e�=�"�s�u�b�m�i�t�"� �v�a�l�u�e�=�"�O�K�"�>�<�/�f�o�r�m�>�';
include '�i�n�c�/�f�o�o�t�.�p�h�p�';
break;
}
}
If (($ggg['�c�f�r�o�m�']-$ggg['�c�t�o�'])<=0){
echo '�#� �?�>�;�L�7�>�2�0�B�5�;�O� �:�>�=�G�8�;�8�A�L� �:�@�5�4�8�B�K� �2� �0�:�B�8�2�5�.�.�.�';
break;
}
#�#�#�#�#�
$res=mysql_query("�S�E�L�E�C�T� �*� �F�R�O�M� �`�".prefix."�u�s�e�r�s�`� �W�H�E�R�E� �`�i�d�`�=�'�".intval($_GET['�t�o�'])."�'�");
If (!$res){
echo '���H�8�1�:�0� �7�0�?�@�>�A�0� �:� �1�4� �(�2�)�';
break;
}
If (mysql_num_rows($res)==0){
echo '�"�0�:�>�3�>� �?�>�;�L�7�>�2�0�B�5�;�O� �=�5�B� �2� �A�8�A�B�5�<�5�!�.�.�.�';
break;
}
mysql_data_seek($res,0);
$u1=mysql_fetch_array($res);
$result=mysql_query("�S�E�L�E�C�T� �*� �F�R�O�M� �`�".prefix."�c�l�i�c�k�s�`� �W�H�E�R�E� �`�w�h�o�`�=�'�".$_USER['�i�d�']."�'� �&�&� �`�t�o�`�=�'�".intval($_GET['�i�d�'])."�'�");
If (!$result){
echo '���H�8�1�:�0� �7�0�?�@�>�A�0� �:� �1�4� �(�3�)�';
break;
}
If (mysql_num_rows($result)!=0){
echo '���H�8�1�:�0�!� ���>�2�B�>�@�=�K�9� �:�;�8�:�!�';
break;
}
$ppss = mysql_query("�S�E�L�E�C�T� �l�.�i�d� �F�R�O�M� �`�".prefix."�u�r�l�`� �a�s� �`�l�`� �W�H�E�R�E� �l�.�i�d�=�'�".intval($_GET['�i�d�'])."�'� �a�n�d� �".$ttype."�");
If (mysql_num_rows($ppss)==0){
echo '���0�?�@�5�B� �D�8�;�L�B�@�0�.�.�.�';
break;
}
If ((time() - $_SESSION['�p�r�o�c�l�i�c�k�'])>$sett['�p�r�o�c�l�i�c�k�'])
{
$result=mysql_query("�U�P�D�A�T�E� �`�".prefix."�u�s�e�r�s�`� �S�E�T� �`�c�t�o�`�=�'�".($u1['�c�t�o�']+$credit)."�'�,�`�e�t�s�`�=�'�".time()."�'� �W�H�E�R�E� �`�i�d�`�=�'�".$u1['�i�d�']."�'�");
If (!$result){
echo '���H�8�1�:�0� �7�0�?�@�>�A�0� �:� �1�4� �(�4�)�';
break;
}
$result=mysql_query("�U�P�D�A�T�E� �`�".prefix."�u�r�l�`� �S�E�T� �`�p�e�r�e�h�o�d�`�=�'�".($u['�p�e�r�e�h�o�d�']+1)."�'� � �W�H�E�R�E� �`�i�d�`�=�'�".intval($_GET['�i�d�'])."�'�");
If (!$result){
echo '���H�8�1�:�0� �7�0�?�@�>�A�0� �:� �1�4� �(�5�)�';
break;
}
$result=mysql_query("�U�P�D�A�T�E� �`�".prefix."�u�s�e�r�s�`� �S�E�T� �`�c�f�r�o�m�`�=�'�".($_USER['�c�f�r�o�m�']+$credit)."�'� �W�H�E�R�E� �`�i�d�`�=�'�".$_USER['�i�d�']."�'�");
If (!$result){
echo '���H�8�1�:�0� �7�0�?�@�>�A�0� �:� �1�4� �(�6�)�';
break;
}
$result=mysql_query("�I�N�S�E�R�T� �i�n�t�o� �`�".prefix."�c�l�i�c�k�s�`�
�
�(�`�w�h�o�`�,�`�t�o�`�,�`�t�s�`�,�`�i�d�_�u�s�e�r�`�)� �v�a�l�u�e�s� �(�'�".$_USER['�i�d�']."�'�,�'�".intval($_GET['�i�d�'])."�'�,�'�".time()."�'�,�'�".$u1['�i�d�']."�'�)�
�
�");
If (!$result){
echo '���H�8�1�:�0� �7�0�?�@�>�A�0� �:� �1�4� �(�7�)�';
break;
}
$q = mysql_query("�s�e�l�e�c�t� �*� �f�r�o�m� �`�".prefix."�s�t�a�t�s�`� �w�h�e�r�e� �`�w�h�o�`�=�'�".$_USER['�l�o�g�i�n�']."�'� �&�&�`�t�s�`�=�C�U�R�D�A�T�E�(�)�;�");
$h=mysql_num_rows($q);
if($h==0)
{
mysql_query("�I�N�S�E�R�T� �i�n�t�o� �`�".prefix."�s�t�a�t�s�`� �v�a�l�u�e�s� �(�'�".$_USER['�l�o�g�i�n�']."�'�,�1�,�C�U�R�D�A�T�E�(�)�)�");
}
else
{
mysql_query("�U�P�D�A�T�E� �`�".prefix."�s�t�a�t�s�`� �S�E�T� �`�c�n�`�=�`�c�n�`�+�1�,� �`�t�s�`�=�C�U�R�D�A�T�E�(�)� �W�H�E�R�E� �`�t�s�`�=� �C�U�R�D�A�T�E�(�)� �&�&� �`�w�h�o�`�=�'�".$_USER['�l�o�g�i�n�']."�'�") or die('�e�r�r�1�');
}
If (!$result){
echo '���H�8�1�:�0� �7�0�?�@�>�A�0� �:� �1�4� �(�8�)�';
break;
}
$ua=htmlspecialchars(stripslashes(getenv('�H�T�T�P�_�U�S�E�R�_�A�G�E�N�T�')));
$ip=$_SERVER['�R�E�M�O�T�E�_�A�D�D�R�'];
mysql_query("�I�N�S�E�R�T� �i�n�t�o� �`�".prefix."�c�l�i�c�k�`�
�
�(�`�w�h�o�`�,�`�t�o�`�,�`�t�i�m�e�`�,�`�i�p�`�,�`�u�a�`�)� �v�a�l�u�e�s� �(�'�".$_USER['�l�o�g�i�n�']."�'�,�'�".$u[login]."�'�,�'�".time()."�'�,�'�".$ip."�'�,�'�".$ua."�'�)�
�
�");
$rr=mysql_fetch_array(mysql_query("�S�E�L�E�C�T� �*� �F�R�O�M� �`�n�a�s�t�r�o�y�k�i�`� �w�h�e�r�e� �`�i�d�`�=�'�1�'�;�"));
If ($rr['�o�p�l�a�t�a�']==1){
mysql_query("�U�P�D�A�T�E� �`�c�c�l�u�b�_�b�i�r�z�h�a�`� �S�E�T� �`�m�o�n�e�y�`�=�`�m�o�n�e�y�`�+�".$rr[cena]."� �W�H�E�R�E� �`�i�d�_�u�s�e�r�`�=�'�".$_USER['�i�d�']."�'�") or die('�e�r�r�1�');
}
mysql_query("�U�P�D�A�T�E� �`�".prefix."�u�s�e�r�s�`� �s�e�t� �`�b�a�n�k�`�=�`�b�a�n�k�`�+�'�".$sett['�r�e�f�_�p�r�']."�'� �w�h�e�r�e� �l�o�g�i�n�=�'�".$_USER['�p�i�d�']."�'�;�");
$_SESSION['�p�r�o�c�l�i�c�k�']=time();
define("�n�o�n�e�_�e�c�h�o�1�2�3�",true);
header("�L�o�c�a�t�i�o�n�:� �h�t�t�p�:�/�/�".$u[url]);
}
else
{
$ua=htmlspecialchars(stripslashes(getenv('�H�T�T�P�_�U�S�E�R�_�A�G�E�N�T�')));
$ip=$_SERVER['�R�E�M�O�T�E�_�A�D�D�R�'];
mysql_query("�I�N�S�E�R�T� �i�n�t�o� �`�".prefix."�c�l�i�c�k�`�
�
�(�`�w�h�o�`�,�`�t�o�`�,�`�t�i�m�e�`�,�`�i�p�`�,�`�u�a�`�,�`�a�a�a�`�)� �v�a�l�u�e�s� �(�'�".$_USER['�l�o�g�i�n�']."�'�,�'�".$u[login]."�'�,�'�".time()."�'�,�'�".$ip."�'�,�'�".$ua."�'�,�'�1�'�)�
�
�");
echo "�<�b�>�C�;�8�H�:�o�<� �G�a�c�B�K�e� �:�;�8�:�8�!� ���e�p�e�x�o�4�8�B�L� �?�o� �c�c�K�;�:�a�<� �=�y�6�=�o� �4�o� �:�o�=�F�a�!�<�/�b�>�<�b�r�/�>�";
}
break;
#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�
case false:
default:
mysql_query("�u�p�d�a�t�e� �`�".prefix."�u�s�e�r�s�`� �s�e�t� �`�m�e�s�t�o�`�=�'�!�<�>�B�@�8�B� �A�?�8�A�>�:� �:�;�8�:�-�A�A�K�;�>�:�'�,� �`�o�n�l�i�n�e�`�=�'�".time()."�'� �w�h�e�r�e� �`�i�d�`� �=� �'�".$_USER['�i�d�']."�'�;�");
#�m�y�s�q�l�_�q�u�e�r�y�(�"�O�P�T�I�M�I�Z�E� �T�A�B�L�E� �`�"�.�p�r�e�f�i�x�.�"�u�r�l�`�"�)�;�
#�m�y�s�q�l�_�q�u�e�r�y�(�"�O�P�T�I�M�I�Z�E� �T�A�B�L�E� �`�"�.�p�r�e�f�i�x�.�"�u�s�e�r�s�`�"�)�;�
echo '�<�d�i�v� �c�l�a�s�s�=�"�m�e�n�u�1�"�>�<�d�i�v� �c�l�a�s�s�=�"�m�e�n�u�3�"�>���0�;�0�=�A� �[�'.($_USER['�c�f�r�o�m�']-$_USER['�c�t�o�']).'�]�<�/�d�i�v�>�<�/�d�i�v�>�';
$q = mysql_query("�s�e�l�e�c�t� �*� �f�r�o�m� �`�".prefix."�u�r�l�`� �w�h�e�r�e� � �`�i�d�_�u�s�e�r�`�=�'�".$_USER['�i�d�']."�'� �;�");
$col=mysql_num_rows($q);
if($col==0){echo '���5�;�L�7�O� �:�;�8�:�0�B�L� �:�>�3�4�0� �=�5�B� �?�;�>�I�0�4�>�:�';
break;}
$q1 = mysql_query("�s�e�l�e�c�t� �*� �f�r�o�m� �`�".prefix."�u�r�l�`� �w�h�e�r�e� � �`�i�d�_�u�s�e�r�`�=�'�".$_USER['�i�d�']."�'� �&�&� �(�`�a�c�t�i�v�`�=�'�0�'� �O�R� �`�a�c�t�i�v�`�=�'�1�'�)� �&�&� �`�m�o�d�e�r�`�=�'�0�'� �;�");
$col1=mysql_num_rows($q1);
if($col1==0){echo '���5�;�L�7�O� �:�;�8�:�0�B�L� �:�>�3�4�0� �=�5�B� �0�:�B�8�2�=�K�E� �?�;�>�I�0�4�>�:�';
break;}
if($_USER['�n�u�m�l�i�n�k�']>100){$numlink=50;}else{$numlink=$_USER['�n�u�m�l�i�n�k�'];}
$res2=mysql_query("�S�E�L�E�C�T� �*� �F�R�O�M� �`�".prefix."�u�s�e�r�s�`� �a�s� �`�u�`�,� �`�".prefix."�u�r�l�`� �a�s� �`�l�`� �W�H�E�R�E� �u�.�c�f�r�o�m� �>� �u�.�c�t�o� �a�n�d� �l�.�i�d�_�u�s�e�r� �=� �u�.�i�d� �a�n�d� �$�t�t�y�p�e� �a�n�d� �(�l�.�a�c�t�i�v� �=� �0� �o�r� �l�.�a�c�t�i�v� �=� �1�)� �a�n�d� �l�.�m�o�d�e�r� �=� �0� �a�n�d� �l�.�i�d�_�u�s�e�r� �<�>� �'�$�_�U�S�E�R�[�i�d�]�'� � �a�n�d� �l�.�i�d� �n�o�t� �i�n� � �(�S�E�L�E�C�T� �`�t�o�`� �F�R�O�M� �`�".prefix."�c�l�i�c�k�s�`� �W�H�E�R�E� �`�w�h�o�`�=�'�$�_�U�S�E�R�[�i�d�]�'� �)� �O�R�D�E�R� � �b�y� �l�.�m�e�s�t�o� �d�e�s�c� �L�I�M�I�T� �0�,�".$numlink."�;�");
If (!$res2){
echo '���H�8�1�:�0� �7�0�?�@�>�A�0� �:� �1�4�.�.�.�'.mysql_error ().'�';
break;
}
$i_link = 0;
while($ress=mysql_fetch_array($res2))
{
$i_link++;
If ($_USER['�m�o�d�e�r�'] OR $_USER['�a�d�m�i�n�']) {
$id="�<�f�o�n�t� �c�o�l�o�r�=�'�r�e�d�'�>�i�d� �$�r�e�s�s�[�i�d�]�<�/�f�o�n�t�>�";
}
else $id="�";
echo '�<�d�i�v� �c�l�a�s�s�=�"�m�e�n�u�1�"�>�<�d�i�v� �c�l�a�s�s�=�"�m�e�n�u�3�"�>�»� �<�a�/�>�<�a� �h�r�e�f�=�"�s�u�r�f�.�p�h�p�?�m�o�d�e�=�g�o�i�n�g�&�t�o�=�'.$ress['�i�d�_�u�s�e�r�'].'�&�i�d�=�'.$ress['�i�d�'].'�"�>�'.$ress['�n�a�z�v�'].'�<�/�a�>� �[�'.$ress['�m�e�s�t�o�'].'�]� �'.$id.'�
�
�
�
�
�
�<�b�r�/�>�<�/�d�i�v�>�<�/�d�i�v�>�';
}
If ($i_link==0)
echo '���5�B� �4�>�A�B�C�?�=�K�E� �A�A�K�;�>�:�';
echo '�<�d�i�v� �c�l�a�s�s�=�"�m�e�n�u�1�"�>�<�d�i�v� �c�l�a�s�s�=�"�m�e�n�u�3�"�>���>�:�0�7�0�=�>� �<�b�>�'.$i_link.'�<�/�b�>� �A�A�K�;�:�0�(�>�:�)� �|� �<�a� �h�r�e�f�=�"�s�u�r�f�.�p�h�p�?�'.rand(0,999).'�"�>�>�1�=�>�2�8�B�L�<�/�a�>�<�/�d�i�v�>�<�/�d�i�v�>�';
break;
}
include '�i�n�c�/�f�o�o�t�.�p�h�p�';
?>
?>