Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<? include_once "../../../inc/start2.php"; include_once "../../../inc/protect.php"; if ..
Decoded Output download
<?
include_once "../../../inc/start2.php";
include_once "../../../inc/protect.php";
if (empty($_POST['phpaction'])) {
log_error(" actions.php");
exit(json_encode(array('status' => '2')));
}
if ($_SESSION['token'] != clean($_POST['token'],null)) {
log_error(" ");
exit(json_encode(array('status' => '2')));
}
if(empty($_SESSION['id']) && $_SESSION['admin'] != "yes") {
exit(json_encode(array( 'status' => '2', 'data' => ' ' )));
}
if (isset($_POST['get_services'])) {
$id = checkJs($_POST['id'],"int");
if (empty($id)) {
exit ();
}
$i = 0;
$data = '';
$STH = $pdo->query("SELECT `id`, `name`, `sale` FROM `wcs_bk_services` WHERE `server` = '$id' ORDER BY `trim`"); $STH->setFetchMode(PDO::FETCH_OBJ);
while($row = $STH->fetch()) {
if($row->sale != 2) {
if ($i == 0){
$data .= '<script>wcs_bk_get_tarifs('.$row->id.');</script>';
$i++;
}
$data .= '<option value="'.$row->id.'">'.$row->name.'</option>';
}
}
$data = array( 'status' => '1', 'data' => $data );
exit(json_encode($data));
}
if (isset($_POST['get_tarifs'])) {
$id = checkJs($_POST['id'],"int");
if (empty($id)) {
exit ();
}
$STH = $pdo->query("SELECT `text` FROM `wcs_bk_services` WHERE `id` = '$id' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$row = $STH->fetch();
$text = $row->text;
$STH = $pdo->query("SELECT `discount` FROM `config_prices` LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$disc = $STH->fetch();
$discount = $disc->discount;
$data = '';
$STH = $pdo->query("SELECT `id`, `pirce`, `time` FROM `wcs_bk_services_times` WHERE `service` = '$id' ORDER BY `pirce`"); $STH->setFetchMode(PDO::FETCH_OBJ);
while($row = $STH->fetch()) {
if ($row->time == 0){
$time = '';
} else {
$time = $row->time.' ';
}
if ($discount > $user->proc) {
$proc = $discount;
} else {
$proc = $user->proc;
}
$pirce = round($row->pirce-$row->pirce*$proc/100);
if ($pirce != $row->pirce) {
$data .= '<option value="'.$row->id.'">'.$time.' - '.$pirce.' '.$messages['RUB'].' ( )</option>';
} else {
$data .= '<option value="'.$row->id.'">'.$time.' - '.$pirce.' '.$messages['RUB'].'</option>';
}
}
exit(json_encode(array( 'status' => '1', 'data' => $data, 'text' => $text )));
}
if (isset($_POST['wcs_csgo'])) {
$server = checkJs($_POST['server'],"int");
$service = checkJs($_POST['service'],"int");
$tarif = checkJs($_POST['tarif'],"int");
if (empty($server) || empty($service) || empty($tarif)) {
exit(json_encode(array('status' => '2', 'info' => '')));
}
$STH = $pdo->prepare("SELECT `id`, `ip`, `port`, `name`, `wcs_bk_host`, `wcs_bk_user`, `wcs_bk_pass`, `wcs_bk_db`, `wcs_bk_code` FROM `servers` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $server ));
$server = $STH->fetch();
if(empty($server->id) || empty($server->wcs_bk_host)){
exit(json_encode(array('status' => '2', 'info' => '')));
}
if(!$pdo2 = db_connect($server->wcs_bk_host, $server->wcs_bk_db, $server->wcs_bk_user, $server->wcs_bk_pass)) {
exit(json_encode(array('status' => '2', ' !')));
}
set_names($pdo2, $server->wcs_bk_code);
$STH = $pdo->prepare("SELECT `id`, `shilings`, `proc` FROM `users` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $_SESSION['id'] ));
$row = $STH->fetch();
if(empty($row->id)){
exit(json_encode(array('status' => '2', 'info' => '')));
}
$proc = $row->proc;
$shilings = $row->shilings;
$STH = $pdo->prepare("SELECT `wcs_bk_services_times`.`pirce`, `wcs_bk_services`.`name`, `wcs_bk_services_times`.`time` FROM `wcs_bk_services` LEFT JOIN `wcs_bk_services_times` ON `wcs_bk_services`.`id` = `wcs_bk_services_times`.`service` WHERE `wcs_bk_services`.`server`=:server AND `wcs_bk_services`.`id`=:service AND `wcs_bk_services_times`.`id`=:tarif LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':server' => $server->id, ':service' => $service, ':tarif' => $tarif ));
$row = $STH->fetch();
if(empty($row->pirce)){
exit(json_encode(array('status' => '2', 'info' => '')));
}
$price = $row->pirce;
$time = $row->time;
$name = $row->name;
$STH = $pdo->query("SELECT `discount` FROM `config_prices` LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$disc = $STH->fetch();
$discount = $disc->discount;
if($discount > $proc) {
$proc = $discount;
} else {
$proc = $proc;
}
$price = round($price-$price*$proc/100);
if($shilings < $price){
exit (json_encode(array('status' => '2', 'info' => ' !')));
}
$shilings = $shilings - $price;
$key = crate_pass(20, 2);
$STH = $pdo2->prepare("SELECT `key_name` FROM `table_keys` WHERE `key_name`=:key LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':key' => $key ));
$row = $STH->fetch();
if(isset($row->key_name)) {
$key = crate_pass(21, 2);
}
$STH = $pdo2->prepare("SELECT `sid` FROM `keys_servers` WHERE `address`=:address LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':address' => $server->ip.":".$server->port ));
$row = $STH->fetch();
if(empty($row->sid)) {
exit (json_encode(array('status' => '2', 'info' => '')));
} else {
$sid = $row->sid;
}
$STH = $pdo2->prepare("INSERT INTO `table_keys` (`key_name`,`type`,`expires`,`uses`,`sid`,`param1`,`param2`,`active`) values (:key_name, :type, :expires, :uses, :sid, :param1, :param2, :active)");
$STH->execute(array( ':key_name' => $key, ':type' => 'wcs_p_race', ':expires' => '0', ':uses' => '1', ':sid' => $sid, ':param1' => $name, ':param2' => $time*24*60*60, ':active' => '1' ));
$date = date("Y-m-d H:i:s");
$STH = $pdo->prepare("INSERT INTO shilings_actions (date,shilings,author,type) values (:date, :shilings, :author, :type)");
$STH->execute(array( 'date' => $date,'shilings' => $price,'author' => $_SESSION['id'],'type' => '2' ));
$STH = $pdo->prepare("UPDATE `users` SET `shilings`=:shilings WHERE `id`=:id LIMIT 1");
$STH->execute(array( ':shilings' => $shilings, ':id' => $_SESSION['id'] ));
$mess = " <b>".$name."</b> <b>".$server->name."</b><br>";
$mess .= " : <b>key ".$key."</b>";
$STH = $pdo->prepare("INSERT INTO notifications (message,date,user_id,type) values (:message, :date, :user_id, :type)");
$STH->execute(array( 'message' => $mess, 'date' => $date, 'user_id' => $_SESSION['id'], 'type' => '2' ));
$mess2 = " ".$name." ".$server->name." : <a href='../profile?id=".$_SESSION['id']."'>".$_SESSION['login']."</a>
";
$mess2 .= " : <b>".$key."</b>
";
$STH = $pdo->prepare("INSERT INTO notifications (message,date,user_id,type) values (:message, :date, :user_id, :type)");
$STH->execute(array( 'message' => $mess2, 'date' => $date, 'user_id' => '1', 'type' => '2' ));
if (file_exists($_SERVER['DOCUMENT_ROOT']."/logs/wcs_csgo.txt")) { $i="a"; } else { $i="w"; }
$file = fopen ($_SERVER['DOCUMENT_ROOT']."/logs/wcs_csgo.txt", $i);
fwrite($file, "[".$date." | : ".$_SESSION['login']." - ".$_SESSION['id']."] : [ ".$name." ".$server->name." ".$price.", : ".$key."]
");
fclose($file);
exit(json_encode(array('status' => '3', 'info' => $mess, 'shilings' => $shilings)));
}
if(empty($_SESSION['admin']) || $_SESSION['admin'] != "yes") {
exit(json_encode(array( 'status' => '2', 'data' => ' ' )));
}
if (isset($_POST['load_servers'])){
$i=0;
$STH = $pdo->query("SELECT `name`,`ip`,`port`,`id`,`wcs_bk_host`,`wcs_bk_code`,`wcs_bk_user`,`wcs_bk_pass`,`wcs_bk_db` FROM `servers` WHERE `type` = '4' ORDER BY `trim`"); $STH->setFetchMode(PDO::FETCH_OBJ);
while($row = $STH->fetch()) {
?>
<div class="col-md-6">
<form id="serv_<? echo $row->id ?>" class="block">
<div class="block_head">
<? echo $row->name ?> (<? echo $row->ip ?>:<? echo $row->port ?>)
</div>
<div class="form-group">
<label>
<h4>
db
</h4>
</label>
<input value="<? echo $row->wcs_bk_host ?>" type="text" class="form-control" name="wcs_bk_host" maxlength="64" autocomplete="off">
</div>
<div class="form-group">
<label>
<h4>
db
</h4>
</label>
<input value="<? echo $row->wcs_bk_user ?>" type="text" class="form-control" name="wcs_bk_user" maxlength="32" autocomplete="off">
</div>
<div class="form-group">
<label>
<h4>
db
</h4>
</label>
<input value="<? echo $row->wcs_bk_pass ?>" type="password" class="form-control" name="wcs_bk_pass" maxlength="32" autocomplete="off">
</div>
<div class="form-group">
<label>
<h4>
db
</h4>
</label>
<input value="<? echo $row->wcs_bk_db ?>" type="text" class="form-control" name="wcs_bk_db" maxlength="32" autocomplete="off">
</div>
<div class="form-group">
<label>
<h4>
</h4>
</label><br>
<select class="form-control" name="wcs_bk_code">
<option value="0" <? if ($row->wcs_bk_code == '0'){ ?> selected <? } ?>></option>
<option value="1" <? if ($row->wcs_bk_code == '1'){ ?> selected <? } ?>>utf-8</option>
<option value="2" <? if ($row->wcs_bk_code == '2'){ ?> selected <? } ?>>latin1</option>
</select>
</div>
<div class="mt-10">
<div id="edit_serv_result<? echo $row->id ?>" class="mt-10"></div>
<button onclick="wcs_bk_edit_server('<? echo $row->id ?>', 0);" type="button" class="btn2"></button>
<button type="button" class="btn2 btn-cancel" onclick="wcs_bk_edit_server('<? echo $row->id ?>', 1);"></button>
</div>
</form>
</div>
<?
if($i % 2 == 1) {
echo "<div class='clearfix'></div>";
}
$i++;
}
if ($i == 0){
exit (' ');
}
}
if (isset($_POST['edit_server'])){
foreach($_POST as $key => $value) {
switch ($key) {
case 'id':
$$key = check($value, "int");
break;
case 'wcs_bk_code':
$$key = check($value, "int");
break;
default:
$$key = check($value, null);
break;
}
}
if(empty($wcs_bk_code)) {
$wcs_bk_code = 0;
}
if (empty($id)) {
exit (json_encode(array('status' => '2')));
}
if ($_POST['clean'] == '1'){
$wcs_bk_host = '';
$wcs_bk_user = '';
$wcs_bk_pass = '';
$wcs_bk_db = '';
$wcs_bk_code = '0';
} else {
if (empty($wcs_bk_host) or empty($wcs_bk_user) or empty($wcs_bk_pass) or empty($wcs_bk_db)) {
exit('<p class="text-danger"> : db , db , db </p><script>setTimeout(show_error, 500);</script>');
} else {
if(!$pdo2 = db_connect($wcs_bk_host, $wcs_bk_db, $wcs_bk_user, $wcs_bk_pass)) {
exit('<p class="text-danger"> !</p><script>setTimeout(show_error, 500);</script>');
}
if(!check_table('table_keys', $pdo2)) {
exit('<p class="text-danger"> table_keys .</p><script>setTimeout(show_error, 500);</script>');
}
if(!check_table('keys_servers', $pdo2)) {
exit('<p class="text-danger"> keys_servers .</p><script>setTimeout(show_error, 500);</script>');
}
}
$STH = $pdo2->query("SHOW COLUMNS FROM table_keys");
$STH->execute();
$row = $STH->fetchAll();
$if['active'] = 0;
for ($i=0; $i < count($row); $i++) {
if ($row[$i]['Field'] == 'active') {
$if['active']++;
}
}
if ($if['active']==0) {
$pdo2->exec("ALTER TABLE `table_keys` ADD `active` INT(1) NOT NULL DEFAULT '0' AFTER `sid`;");
}
$STH = $pdo->prepare("SELECT `ip`, `port` FROM `servers` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $id ));
$row = $STH->fetch();
if(empty($row->ip)) {
exit (json_encode(array('status' => '2')));
} else {
$address = $row->ip.":".$row->port;
}
$STH = $pdo2->prepare("SELECT `sid` FROM `keys_servers` WHERE `address`=:address LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':address' => $address ));
$row = $STH->fetch();
if(empty($row->sid)) {
$STH = $pdo2->prepare("INSERT INTO `keys_servers` (`address`) values (:address)");
$STH->execute(array( ':address' => $address ));
}
}
$STH = $pdo->prepare("UPDATE servers SET wcs_bk_host=:wcs_bk_host,wcs_bk_user=:wcs_bk_user,wcs_bk_pass=:wcs_bk_pass,wcs_bk_db=:wcs_bk_db,wcs_bk_code=:wcs_bk_code WHERE id='$id' LIMIT 1");
if ($STH->execute(array( 'wcs_bk_host' => $wcs_bk_host, 'wcs_bk_user' => $wcs_bk_user, 'wcs_bk_pass' => $wcs_bk_pass, 'wcs_bk_db' => $wcs_bk_db, 'wcs_bk_code' => $wcs_bk_code )) == '1') {
exit('<p class="text-success"> </p><script>setTimeout(show_ok, 500);</script>');
}
}
if (isset($_POST['load_services'])) {
$id = checkJs($_POST['id'],"int");
if (empty($id)) {
exit ();
}
$type = checkJs($_POST['type'],"int");
if (empty($type)) {
exit ();
}
if($type == 1) {
$STH = $pdo->prepare("SELECT `id`, `name` FROM `wcs_bk_services` WHERE `server`=:id ORDER BY `trim`"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $id ));
while($row = $STH->fetch()) {
echo '<option value="'.$row->id.'">'.$row->name.'</option>';
}
} else {
$STH = $pdo->prepare("SELECT `id`,`name`,`type` FROM `servers` WHERE `id`=:id AND `type` = '4' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $id ));
$server = $STH->fetch();
?>
<div class="block">
<?
$STH = $pdo->prepare("SELECT `id`, `name`, `text`, `sale`, `trim` FROM `wcs_bk_services` WHERE `server`=:id ORDER BY `trim`");
$STH->execute(array( ':id' => $server->id ));
$services = $STH->fetchAll();
$count = count($services);
if($count != 0){
for ($i=0; $i < $count; $i++) {
$id = $services[$i]['id'];
?>
<div class="row mb-10" id="service<? echo $id ?>">
<form class="col-md-6" id="form_service<? echo $id ?>">
<div class="block_head"> #<? echo $i+1; ?></div>
<select class="form-control mt-10" id="sale<? echo $id ?>" name="sale">
<option value="1" <? if($services[$i]['sale'] == '1') { echo 'selected'; } ?>>: </option>
<option value="2" <? if($services[$i]['sale'] == '2') { echo 'selected'; } ?>>: </option>
</select>
<input value="<? echo $services[$i]['name'] ?>" class="form-control mt-10" type="text" maxlength="255" id="name<? echo $id ?>" name="name" placeholder=" " autocomplete="off">
<br>
<textarea id="text<? echo $id ?>" class="form-control maxMinW100" rows="5"><? echo $services[$i]['text'] ?></textarea>
<script>
tinymce.init({
selector: '#text<? echo $id ?>',
language: 'ru',
plugins: [
'advlist autolink lists link image charmap preview hr anchor pagebreak',
'searchreplace',
'insertdatetime media nonbreaking contextmenu directionality',
'paste textpattern codesample spoiler'
],
toolbar1: "undo redo removeformat | bold italic underline strikethrough | alignleft aligncenter alignright alignjustify | bullist numlist | blockquote | link image media codesample | hr | subscript superscript | charmap ",
image_advtab: true,
menubar: false,
toolbar_items_size: 'small'
});
</script>
<button class="btn btn-default mt-10" onclick="wcs_bk_edit_service(<? echo $id ?>);" type="button"></button>
<button class="btn btn-default mt-10" onclick="wcs_bk_dell_service(<? echo $id ?>);" type="button"></button>
<button class="btn btn-default mt-10" onclick="wcs_bk_up_service(<? echo $id ?>);" type="button"></button>
<button class="btn btn-default mt-10" onclick="wcs_bk_down_service(<? echo $id ?>);" type="button"></button>
</form>
<div class="col-md-6">
<div class="block_head"> #<? echo $i+1; ?></div>
<div class="tarifs">
<table class="table table-bordered table-condensed mb-0">
<thead>
<tr>
<td>#</td>
<td></td>
<td></td>
<td></td>
</tr>
</thead>
<tbody>
<?
$STH = $pdo->prepare("SELECT `id`, `time`, `pirce` FROM `wcs_bk_services_times` WHERE `service` = :id");
$STH->execute(array( ':id' => $id ));
$STH->execute();
$tarifs = $STH->fetchAll();
$count2 = count($tarifs);
for ($j=0; $j < $count2; $j++) {
if ($tarifs[$j]['time'] == 0){
$tarifs[$j]['time'] = '';
}
?>
<tr id="tarif<? echo $tarifs[$j]['id'] ?>">
<td width="1%"><? echo $j+1; ?></td>
<td><input value="<? echo $tarifs[$j]['time'] ?>" class="form-control" type="text" maxlength="6" id="time<? echo $tarifs[$j]['id'] ?>" placeholder="" autocomplete="off"></td>
<td><input value="<? echo $tarifs[$j]['pirce'] ?>" class="form-control" type="text" maxlength="6" id="pirce<? echo $tarifs[$j]['id'] ?>" placeholder="" autocomplete="off"></td>
<td width="30%">
<div class="btn-group" role="group">
<button onclick="wcs_bk_edit_tarif (<? echo $tarifs[$j]['id'] ?>);" class="btn btn-default" type="button"><span class="glyphicon glyphicon-pencil"></span></button>
<button onclick="wcs_bk_dell_tarif (<? echo $tarifs[$j]['id'] ?>);" class="btn btn-default" type="button"><span class="glyphicon glyphicon-trash"></span></button>
</div>
</td>
</tr>
<?
}
?>
</tbody>
</table>
</div>
</div>
</div>
<?
}
} else {
?>
<p class="mt-10 mb-0"> </p>
<?
}
?>
</div>
<?
}
exit();
}
if (isset($_POST['add_service'])) {
foreach($_POST as $key => $value) {
switch ($key) {
case 'server':
$$key = check($value, "int");
break;
case 'sale':
$$key = check($value, "int");
break;
case 'text':
require_once '../../../inc/classes/HTMLPurifier/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Trusted', true);
$config->set('Filter.YouTube', true);
$purifier = new HTMLPurifier($config);
$text = $purifier->purify($_POST['text']);
$text = find_img_mp3($text, rand(1, 250) ,1);
break;
default:
$$key = check($value, null);
break;
}
}
if (empty($server)) {
exit (json_encode(array('status' => '2', 'input' => 'server', 'reply' => '!')));
}
if (empty($name)) {
exit (json_encode(array('status' => '2', 'input' => 'name', 'reply' => '!')));
}
if (mb_strlen($name, 'UTF-8') > 255) {
exit (json_encode(array('status' => '2', 'input' => 'name', 'reply' => ' 255 !')));
}
if (mb_strlen($text, 'UTF-8') > 5000) {
exit (json_encode(array('status' => '2', 'input' => 'text', 'reply' => ' .')));
}
if ($sale != 1 and $sale != 2) {
exit (json_encode(array('status' => '2', 'input' => 'sale', 'reply' => ' !')));
}
$STH = $pdo->prepare("SELECT `id`,`wcs_bk_host`,`wcs_bk_user`,`wcs_bk_pass`,`wcs_bk_db`,`wcs_bk_code`,`type` FROM `servers` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $server ));
$server = $STH->fetch();
if($server->type != 4) {
exit (json_encode(array('status' => '2', 'input' => 'server', 'reply' => ' !')));
}
$STH = $pdo->prepare("SELECT `trim` FROM `wcs_bk_services` WHERE `server`=:server ORDER BY `trim` DESC LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':server' => $server->id ));
$tmp = $STH->fetch();
if (isset($tmp->trim)) {
$trim = $tmp->trim+1;
} else {
$trim = 1;
}
$STH = $pdo->prepare("INSERT INTO `wcs_bk_services` (name,server,text,trim,sale) values (:name, :server, :text, :trim, :sale)");
if ($STH->execute(array( 'name' => $name, 'server' => $server->id, 'text' => $text, 'trim' => $trim, 'sale' => $sale )) == '1') {
exit(json_encode(array('status' => '1')));
}
}
if (isset($_POST['edit_service'])) {
foreach($_POST as $key => $value) {
switch ($key) {
case 'id':
$$key = check($value, "int");
break;
case 'server':
$$key = check($value, "int");
break;
case 'sale':
$$key = check($value, "int");
break;
case 'text':
require_once '../../../inc/classes/HTMLPurifier/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Trusted', true);
$config->set('Filter.YouTube', true);
$purifier = new HTMLPurifier($config);
$text = $purifier->purify($_POST['text']);
$text = find_img_mp3($text, rand(1, 250) ,1);
break;
default:
$$key = check($value, null);
break;
}
}
if (empty($id)) {
exit(json_encode(array('status' => '2')));
}
if (empty($name)) {
exit (json_encode(array('status' => '2', 'input' => 'name', 'reply' => '!')));
}
if (mb_strlen($name, 'UTF-8') > 255) {
exit (json_encode(array('status' => '2', 'input' => 'name', 'reply' => ' 255 !')));
}
if (mb_strlen($text, 'UTF-8') > 5000) {
exit (json_encode(array('status' => '2', 'input' => 'text', 'reply' => ' .')));
}
if ($sale != 1 and $sale != 2) {
exit (json_encode(array('status' => '2', 'input' => 'sale', 'reply' => ' !')));
}
$STH = $pdo->prepare("SELECT `server` FROM `wcs_bk_services` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $id ));
$row = $STH->fetch();
if(empty($row->server)) {
exit (json_encode(array('status' => '2', 'input' => 'name', 'reply' => ' id ')));
}
$STH = $pdo->prepare("SELECT `id`,`wcs_bk_host`,`wcs_bk_user`,`wcs_bk_pass`,`wcs_bk_db`,`wcs_bk_code`,`type` FROM `servers` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $server ));
$server = $STH->fetch();
if($server->type != 4) {
exit (json_encode(array('status' => '2', 'input' => 'server', 'reply' => ' !')));
}
$STH = $pdo->prepare("UPDATE wcs_bk_services SET name=:name,text=:text,sale=:sale WHERE id='$id' LIMIT 1");
if ($STH->execute(array( 'name' => $name, 'text' => $text, 'sale' => $sale )) == '1') {
exit(json_encode(array('status' => '1')));
}
}
if (isset($_POST['up_service'])) {
$number = check($_POST['id'],"int");
$STH = $pdo->query("SELECT server FROM wcs_bk_services WHERE id='$number' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$row = $STH->fetch();
$server = $row->server;
if (empty($number) or empty($server)) {
exit(json_encode(array('status' => '2')));
}
$STH = $pdo->query("SELECT id,trim FROM wcs_bk_services WHERE id='$number' and server='$server' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$tmp = $STH->fetch();
if (empty($tmp->id)) {
exit(json_encode(array('status' => '2')));
}
if ($tmp->trim == 1) {
exit(json_encode(array('status' => '2')));
}
$poz = $tmp->trim;
$poz2 = $tmp->trim-1;
$STH = $pdo->prepare("UPDATE wcs_bk_services SET trim=:trim WHERE trim='$poz2' and server='$server' LIMIT 1");
if ($STH->execute(array('trim' => $poz)) == '1') {
$STH = $pdo->prepare("UPDATE wcs_bk_services SET trim=:poz2 WHERE id='$number' and server='$server' LIMIT 1");
if ($STH->execute(array('poz2' => $poz2)) == '1') {
exit(json_encode(array('status' => '1')));
} else {
exit(json_encode(array('status' => '2')));
}
} else {
exit(json_encode(array('status' => '2')));
}
}
if (isset($_POST['down_service'])) {
$number = check($_POST['id'],"int");
$STH = $pdo->query("SELECT server FROM wcs_bk_services WHERE id='$number' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$row = $STH->fetch();
$server = $row->server;
if (empty($number) or empty($server)) {
exit(json_encode(array('status' => '2')));
}
$STH = $pdo->query("SELECT id,trim from wcs_bk_services WHERE id='$number' and server='$server' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$tmp = $STH->fetch();
if (empty($tmp->id)) {
exit(json_encode(array('status' => '2')));
}
$poz = $tmp->trim;
$poz2 = $tmp->trim+1;
$STH = $pdo->query("SELECT trim from wcs_bk_services WHERE server='$server' ORDER BY trim DESC LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$tmp = $STH->fetch();
$max = $tmp->trim;
if ($poz == $max) {
exit(json_encode(array('status' => '2')));
}
$STH = $pdo->prepare("UPDATE wcs_bk_services SET trim=:trim WHERE trim='$poz2' and server='$server' LIMIT 1");
if ($STH->execute(array('trim' => $poz)) == '1') {
$STH = $pdo->prepare("UPDATE wcs_bk_services SET trim=:trim WHERE id='$number' and server='$server' LIMIT 1");
if ($STH->execute(array('trim' => $poz2)) == '1') {
exit(json_encode(array('status' => '1')));
} else {
exit(json_encode(array('status' => '2')));
}
} else {
exit(json_encode(array('status' => '2')));
}
}
if (isset($_POST['dell_service'])) {
$main_id = checkJs($_POST['id'],"int");
if (empty($main_id)) {
exit (json_encode(array('status' => '2')));
}
$STH = $pdo->query("SELECT server FROM wcs_bk_services WHERE id='$main_id' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$row = $STH->fetch();
$server = $row->server;
$STH = $pdo->query("SELECT trim from wcs_bk_services WHERE id='$main_id' and server='$server' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$tmp = $STH->fetch();
$STH = $pdo->query("SELECT id,trim from wcs_bk_services WHERE trim>'$tmp->trim' and server='$server'");
$STH->execute();
$row = $STH->fetchAll();
$count = count($row);
if ($count == 0){
$pdo->exec("DELETE FROM wcs_bk_services_times WHERE service='$main_id'");
$pdo->exec("DELETE FROM wcs_bk_services WHERE id='$main_id' LIMIT 1");
exit(json_encode(array('status' => '1')));
}
for($i=0; $i<$count; $i++){
$id = $row[$i]['id'];
$STH = $pdo->prepare("UPDATE wcs_bk_services SET trim=:trim WHERE id='$id' and server='$server' LIMIT 1");
$trim = $row[$i][trim] - 1;
if ($STH->execute(array('trim' => $trim)) != '1') {
exit(json_encode(array('status' => '2')));
}
}
$pdo->exec("DELETE FROM wcs_bk_services_times WHERE service='$main_id'");
$pdo->exec("DELETE FROM wcs_bk_services WHERE id='$main_id' LIMIT 1");
exit(json_encode(array('status' => '1')));
}
if (isset($_POST['add_tarif'])) {
$service = check($_POST['service'],"int");
$type = 0;
if (($_POST['time'] == 0) or (strnatcasecmp($_POST['time'],'') == 0)){
$time = 0;
} else {
if (strpos($_POST['time'], '-') == false) {
$time = check($_POST['time'], "int");
} else {
$time = explode("-", $_POST['time']);
$time[0] = check($time[0], "int");
$time[1] = check($time[1], "int");
$type = 1;
}
}
$pirce = check($_POST['pirce'], "int");
if (empty($service)) {
$result = array('status' => '2', 'input' => 'services', 'reply' => '!');
exit (json_encode($result));
}
if (empty($pirce)) {
$result = array('status' => '2', 'input' => 'pirce', 'reply' => '!');
exit (json_encode($result));
}
if (mb_strlen($pirce, 'UTF-8') > 6) {
$result = array('status' => '2', 'input' => 'pirce', 'reply' => ' 6 !');
exit (json_encode($result));
}
$STH = $pdo->query("SELECT id FROM wcs_bk_services WHERE id='$service' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$row = $STH->fetch();
if (empty($row->id)){
exit(json_encode(array('status' => '2')));
}
if ($type == 0) {
if (empty($time) and $time!= 0) {
$result = array('status' => '2', 'input' => 'time', 'reply' => '!');
exit (json_encode($result));
}
if (mb_strlen($time, 'UTF-8') > 6) {
$result = array('status' => '2', 'input' => 'time', 'reply' => ' 6 !');
exit (json_encode($result));
}
$data = array( 'service' => $service, 'pirce' => $pirce, 'time' => $time );
$STH = $pdo->prepare("INSERT INTO wcs_bk_services_times (service,pirce,time) values (:service, :pirce, :time)");
if ($STH->execute($data) == '1') {
exit(json_encode(array('status' => '1')));
}
} elseif ($type == 1) {
if ((empty($time[0]) and $time[0]!= 0) or (empty($time[1]) and $time[1]!= 0) or ($time[0] == $time[1]) or ($time[0] > $time[1])) {
$result = array('status' => '2', 'input' => 'time', 'reply' => ' !');
exit (json_encode($result));
}
if (mb_strlen($time[0], 'UTF-8') > 3 or mb_strlen($time[1], 'UTF-8') > 3) {
$result = array('status' => '2', 'input' => 'time', 'reply' => ' 3 !');
exit (json_encode($result));
}
for ($i=$time[0]; $i <= $time[1]; $i++) {
$pirce2 = $pirce*$i;
$data = array( 'service' => $service, 'pirce' => $pirce2, 'time' => $i );
$STH = $pdo->prepare("INSERT INTO wcs_bk_services_times (service,pirce,time) values (:service, :pirce, :time)");
$STH->execute($data);
}
exit(json_encode(array('status' => '1')));
}
}
if (isset($_POST['edit_tarif'])) {
$id = check($_POST['id'],"int");
if (($_POST['time'] == 0) or (strnatcasecmp($_POST['time'],'') == 0)){
$time = 0;
} else {
$time = check($_POST['time'],"int");
}
$pirce = check($_POST['pirce'],"int");
if (empty($id)) {
exit(json_encode(array('status' => '2')));
}
if (empty($time) and $time!= 0) {
$result = array('status' => '2', 'input' => 'time', 'reply' => '!');
exit (json_encode($result));
}
if (empty($pirce)) {
$result = array('status' => '2', 'input' => 'pirce', 'reply' => '!');
exit (json_encode($result));
}
if (mb_strlen($time, 'UTF-8') > 6) {
$result = array('status' => '2', 'input' => 'time', 'reply' => ' 6 !');
exit (json_encode($result));
}
if (mb_strlen($pirce, 'UTF-8') > 6) {
$result = array('status' => '2', 'input' => 'pirce', 'reply' => ' 6 !');
exit (json_encode($result));
}
$data = array( 'time' => $time, 'pirce' => $pirce );
$STH = $pdo->prepare("UPDATE wcs_bk_services_times SET time=:time,pirce=:pirce WHERE id='$id' LIMIT 1");
if ($STH->execute($data) == '1') {
exit(json_encode(array('status' => '1')));
}
}
if (isset($_POST['dell_tarif'])) {
$id = checkJs($_POST['id'],"int");
if (empty($id)) {
exit (json_encode(array('status' => '2')));
}
$pdo->exec("DELETE FROM wcs_bk_services_times WHERE id='$id'");
exit(json_encode(array('status' => '1')));
}
?>Did this file decode correctly?
Original Code
<?
include_once "../../../inc/start2.php";
include_once "../../../inc/protect.php";
if (empty($_POST['phpaction'])) {
log_error(" actions.php");
exit(json_encode(array('status' => '2')));
}
if ($_SESSION['token'] != clean($_POST['token'],null)) {
log_error(" ");
exit(json_encode(array('status' => '2')));
}
if(empty($_SESSION['id']) && $_SESSION['admin'] != "yes") {
exit(json_encode(array( 'status' => '2', 'data' => ' ' )));
}
if (isset($_POST['get_services'])) {
$id = checkJs($_POST['id'],"int");
if (empty($id)) {
exit ();
}
$i = 0;
$data = '';
$STH = $pdo->query("SELECT `id`, `name`, `sale` FROM `wcs_bk_services` WHERE `server` = '$id' ORDER BY `trim`"); $STH->setFetchMode(PDO::FETCH_OBJ);
while($row = $STH->fetch()) {
if($row->sale != 2) {
if ($i == 0){
$data .= '<script>wcs_bk_get_tarifs('.$row->id.');</script>';
$i++;
}
$data .= '<option value="'.$row->id.'">'.$row->name.'</option>';
}
}
$data = array( 'status' => '1', 'data' => $data );
exit(json_encode($data));
}
if (isset($_POST['get_tarifs'])) {
$id = checkJs($_POST['id'],"int");
if (empty($id)) {
exit ();
}
$STH = $pdo->query("SELECT `text` FROM `wcs_bk_services` WHERE `id` = '$id' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$row = $STH->fetch();
$text = $row->text;
$STH = $pdo->query("SELECT `discount` FROM `config_prices` LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$disc = $STH->fetch();
$discount = $disc->discount;
$data = '';
$STH = $pdo->query("SELECT `id`, `pirce`, `time` FROM `wcs_bk_services_times` WHERE `service` = '$id' ORDER BY `pirce`"); $STH->setFetchMode(PDO::FETCH_OBJ);
while($row = $STH->fetch()) {
if ($row->time == 0){
$time = '';
} else {
$time = $row->time.' ';
}
if ($discount > $user->proc) {
$proc = $discount;
} else {
$proc = $user->proc;
}
$pirce = round($row->pirce-$row->pirce*$proc/100);
if ($pirce != $row->pirce) {
$data .= '<option value="'.$row->id.'">'.$time.' - '.$pirce.' '.$messages['RUB'].' ( )</option>';
} else {
$data .= '<option value="'.$row->id.'">'.$time.' - '.$pirce.' '.$messages['RUB'].'</option>';
}
}
exit(json_encode(array( 'status' => '1', 'data' => $data, 'text' => $text )));
}
if (isset($_POST['wcs_csgo'])) {
$server = checkJs($_POST['server'],"int");
$service = checkJs($_POST['service'],"int");
$tarif = checkJs($_POST['tarif'],"int");
if (empty($server) || empty($service) || empty($tarif)) {
exit(json_encode(array('status' => '2', 'info' => '')));
}
$STH = $pdo->prepare("SELECT `id`, `ip`, `port`, `name`, `wcs_bk_host`, `wcs_bk_user`, `wcs_bk_pass`, `wcs_bk_db`, `wcs_bk_code` FROM `servers` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $server ));
$server = $STH->fetch();
if(empty($server->id) || empty($server->wcs_bk_host)){
exit(json_encode(array('status' => '2', 'info' => '')));
}
if(!$pdo2 = db_connect($server->wcs_bk_host, $server->wcs_bk_db, $server->wcs_bk_user, $server->wcs_bk_pass)) {
exit(json_encode(array('status' => '2', ' !')));
}
set_names($pdo2, $server->wcs_bk_code);
$STH = $pdo->prepare("SELECT `id`, `shilings`, `proc` FROM `users` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $_SESSION['id'] ));
$row = $STH->fetch();
if(empty($row->id)){
exit(json_encode(array('status' => '2', 'info' => '')));
}
$proc = $row->proc;
$shilings = $row->shilings;
$STH = $pdo->prepare("SELECT `wcs_bk_services_times`.`pirce`, `wcs_bk_services`.`name`, `wcs_bk_services_times`.`time` FROM `wcs_bk_services` LEFT JOIN `wcs_bk_services_times` ON `wcs_bk_services`.`id` = `wcs_bk_services_times`.`service` WHERE `wcs_bk_services`.`server`=:server AND `wcs_bk_services`.`id`=:service AND `wcs_bk_services_times`.`id`=:tarif LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':server' => $server->id, ':service' => $service, ':tarif' => $tarif ));
$row = $STH->fetch();
if(empty($row->pirce)){
exit(json_encode(array('status' => '2', 'info' => '')));
}
$price = $row->pirce;
$time = $row->time;
$name = $row->name;
$STH = $pdo->query("SELECT `discount` FROM `config_prices` LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$disc = $STH->fetch();
$discount = $disc->discount;
if($discount > $proc) {
$proc = $discount;
} else {
$proc = $proc;
}
$price = round($price-$price*$proc/100);
if($shilings < $price){
exit (json_encode(array('status' => '2', 'info' => ' !')));
}
$shilings = $shilings - $price;
$key = crate_pass(20, 2);
$STH = $pdo2->prepare("SELECT `key_name` FROM `table_keys` WHERE `key_name`=:key LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':key' => $key ));
$row = $STH->fetch();
if(isset($row->key_name)) {
$key = crate_pass(21, 2);
}
$STH = $pdo2->prepare("SELECT `sid` FROM `keys_servers` WHERE `address`=:address LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':address' => $server->ip.":".$server->port ));
$row = $STH->fetch();
if(empty($row->sid)) {
exit (json_encode(array('status' => '2', 'info' => '')));
} else {
$sid = $row->sid;
}
$STH = $pdo2->prepare("INSERT INTO `table_keys` (`key_name`,`type`,`expires`,`uses`,`sid`,`param1`,`param2`,`active`) values (:key_name, :type, :expires, :uses, :sid, :param1, :param2, :active)");
$STH->execute(array( ':key_name' => $key, ':type' => 'wcs_p_race', ':expires' => '0', ':uses' => '1', ':sid' => $sid, ':param1' => $name, ':param2' => $time*24*60*60, ':active' => '1' ));
$date = date("Y-m-d H:i:s");
$STH = $pdo->prepare("INSERT INTO shilings_actions (date,shilings,author,type) values (:date, :shilings, :author, :type)");
$STH->execute(array( 'date' => $date,'shilings' => $price,'author' => $_SESSION['id'],'type' => '2' ));
$STH = $pdo->prepare("UPDATE `users` SET `shilings`=:shilings WHERE `id`=:id LIMIT 1");
$STH->execute(array( ':shilings' => $shilings, ':id' => $_SESSION['id'] ));
$mess = " <b>".$name."</b> <b>".$server->name."</b><br>";
$mess .= " : <b>key ".$key."</b>";
$STH = $pdo->prepare("INSERT INTO notifications (message,date,user_id,type) values (:message, :date, :user_id, :type)");
$STH->execute(array( 'message' => $mess, 'date' => $date, 'user_id' => $_SESSION['id'], 'type' => '2' ));
$mess2 = " ".$name." ".$server->name." : <a href='../profile?id=".$_SESSION['id']."'>".$_SESSION['login']."</a>\r\n";
$mess2 .= " : <b>".$key."</b> \r\n";
$STH = $pdo->prepare("INSERT INTO notifications (message,date,user_id,type) values (:message, :date, :user_id, :type)");
$STH->execute(array( 'message' => $mess2, 'date' => $date, 'user_id' => '1', 'type' => '2' ));
if (file_exists($_SERVER['DOCUMENT_ROOT']."/logs/wcs_csgo.txt")) { $i="a"; } else { $i="w"; }
$file = fopen ($_SERVER['DOCUMENT_ROOT']."/logs/wcs_csgo.txt", $i);
fwrite($file, "[".$date." | : ".$_SESSION['login']." - ".$_SESSION['id']."] : [ ".$name." ".$server->name." ".$price.", : ".$key."] \r\n");
fclose($file);
exit(json_encode(array('status' => '3', 'info' => $mess, 'shilings' => $shilings)));
}
if(empty($_SESSION['admin']) || $_SESSION['admin'] != "yes") {
exit(json_encode(array( 'status' => '2', 'data' => ' ' )));
}
if (isset($_POST['load_servers'])){
$i=0;
$STH = $pdo->query("SELECT `name`,`ip`,`port`,`id`,`wcs_bk_host`,`wcs_bk_code`,`wcs_bk_user`,`wcs_bk_pass`,`wcs_bk_db` FROM `servers` WHERE `type` = '4' ORDER BY `trim`"); $STH->setFetchMode(PDO::FETCH_OBJ);
while($row = $STH->fetch()) {
?>
<div class="col-md-6">
<form id="serv_<? echo $row->id ?>" class="block">
<div class="block_head">
<? echo $row->name ?> (<? echo $row->ip ?>:<? echo $row->port ?>)
</div>
<div class="form-group">
<label>
<h4>
db
</h4>
</label>
<input value="<? echo $row->wcs_bk_host ?>" type="text" class="form-control" name="wcs_bk_host" maxlength="64" autocomplete="off">
</div>
<div class="form-group">
<label>
<h4>
db
</h4>
</label>
<input value="<? echo $row->wcs_bk_user ?>" type="text" class="form-control" name="wcs_bk_user" maxlength="32" autocomplete="off">
</div>
<div class="form-group">
<label>
<h4>
db
</h4>
</label>
<input value="<? echo $row->wcs_bk_pass ?>" type="password" class="form-control" name="wcs_bk_pass" maxlength="32" autocomplete="off">
</div>
<div class="form-group">
<label>
<h4>
db
</h4>
</label>
<input value="<? echo $row->wcs_bk_db ?>" type="text" class="form-control" name="wcs_bk_db" maxlength="32" autocomplete="off">
</div>
<div class="form-group">
<label>
<h4>
</h4>
</label><br>
<select class="form-control" name="wcs_bk_code">
<option value="0" <? if ($row->wcs_bk_code == '0'){ ?> selected <? } ?>></option>
<option value="1" <? if ($row->wcs_bk_code == '1'){ ?> selected <? } ?>>utf-8</option>
<option value="2" <? if ($row->wcs_bk_code == '2'){ ?> selected <? } ?>>latin1</option>
</select>
</div>
<div class="mt-10">
<div id="edit_serv_result<? echo $row->id ?>" class="mt-10"></div>
<button onclick="wcs_bk_edit_server('<? echo $row->id ?>', 0);" type="button" class="btn2"></button>
<button type="button" class="btn2 btn-cancel" onclick="wcs_bk_edit_server('<? echo $row->id ?>', 1);"></button>
</div>
</form>
</div>
<?
if($i % 2 == 1) {
echo "<div class='clearfix'></div>";
}
$i++;
}
if ($i == 0){
exit (' ');
}
}
if (isset($_POST['edit_server'])){
foreach($_POST as $key => $value) {
switch ($key) {
case 'id':
$$key = check($value, "int");
break;
case 'wcs_bk_code':
$$key = check($value, "int");
break;
default:
$$key = check($value, null);
break;
}
}
if(empty($wcs_bk_code)) {
$wcs_bk_code = 0;
}
if (empty($id)) {
exit (json_encode(array('status' => '2')));
}
if ($_POST['clean'] == '1'){
$wcs_bk_host = '';
$wcs_bk_user = '';
$wcs_bk_pass = '';
$wcs_bk_db = '';
$wcs_bk_code = '0';
} else {
if (empty($wcs_bk_host) or empty($wcs_bk_user) or empty($wcs_bk_pass) or empty($wcs_bk_db)) {
exit('<p class="text-danger"> : db , db , db </p><script>setTimeout(show_error, 500);</script>');
} else {
if(!$pdo2 = db_connect($wcs_bk_host, $wcs_bk_db, $wcs_bk_user, $wcs_bk_pass)) {
exit('<p class="text-danger"> !</p><script>setTimeout(show_error, 500);</script>');
}
if(!check_table('table_keys', $pdo2)) {
exit('<p class="text-danger"> table_keys .</p><script>setTimeout(show_error, 500);</script>');
}
if(!check_table('keys_servers', $pdo2)) {
exit('<p class="text-danger"> keys_servers .</p><script>setTimeout(show_error, 500);</script>');
}
}
$STH = $pdo2->query("SHOW COLUMNS FROM table_keys");
$STH->execute();
$row = $STH->fetchAll();
$if['active'] = 0;
for ($i=0; $i < count($row); $i++) {
if ($row[$i]['Field'] == 'active') {
$if['active']++;
}
}
if ($if['active']==0) {
$pdo2->exec("ALTER TABLE `table_keys` ADD `active` INT(1) NOT NULL DEFAULT '0' AFTER `sid`;");
}
$STH = $pdo->prepare("SELECT `ip`, `port` FROM `servers` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $id ));
$row = $STH->fetch();
if(empty($row->ip)) {
exit (json_encode(array('status' => '2')));
} else {
$address = $row->ip.":".$row->port;
}
$STH = $pdo2->prepare("SELECT `sid` FROM `keys_servers` WHERE `address`=:address LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':address' => $address ));
$row = $STH->fetch();
if(empty($row->sid)) {
$STH = $pdo2->prepare("INSERT INTO `keys_servers` (`address`) values (:address)");
$STH->execute(array( ':address' => $address ));
}
}
$STH = $pdo->prepare("UPDATE servers SET wcs_bk_host=:wcs_bk_host,wcs_bk_user=:wcs_bk_user,wcs_bk_pass=:wcs_bk_pass,wcs_bk_db=:wcs_bk_db,wcs_bk_code=:wcs_bk_code WHERE id='$id' LIMIT 1");
if ($STH->execute(array( 'wcs_bk_host' => $wcs_bk_host, 'wcs_bk_user' => $wcs_bk_user, 'wcs_bk_pass' => $wcs_bk_pass, 'wcs_bk_db' => $wcs_bk_db, 'wcs_bk_code' => $wcs_bk_code )) == '1') {
exit('<p class="text-success"> </p><script>setTimeout(show_ok, 500);</script>');
}
}
if (isset($_POST['load_services'])) {
$id = checkJs($_POST['id'],"int");
if (empty($id)) {
exit ();
}
$type = checkJs($_POST['type'],"int");
if (empty($type)) {
exit ();
}
if($type == 1) {
$STH = $pdo->prepare("SELECT `id`, `name` FROM `wcs_bk_services` WHERE `server`=:id ORDER BY `trim`"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $id ));
while($row = $STH->fetch()) {
echo '<option value="'.$row->id.'">'.$row->name.'</option>';
}
} else {
$STH = $pdo->prepare("SELECT `id`,`name`,`type` FROM `servers` WHERE `id`=:id AND `type` = '4' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $id ));
$server = $STH->fetch();
?>
<div class="block">
<?
$STH = $pdo->prepare("SELECT `id`, `name`, `text`, `sale`, `trim` FROM `wcs_bk_services` WHERE `server`=:id ORDER BY `trim`");
$STH->execute(array( ':id' => $server->id ));
$services = $STH->fetchAll();
$count = count($services);
if($count != 0){
for ($i=0; $i < $count; $i++) {
$id = $services[$i]['id'];
?>
<div class="row mb-10" id="service<? echo $id ?>">
<form class="col-md-6" id="form_service<? echo $id ?>">
<div class="block_head"> #<? echo $i+1; ?></div>
<select class="form-control mt-10" id="sale<? echo $id ?>" name="sale">
<option value="1" <? if($services[$i]['sale'] == '1') { echo 'selected'; } ?>>: </option>
<option value="2" <? if($services[$i]['sale'] == '2') { echo 'selected'; } ?>>: </option>
</select>
<input value="<? echo $services[$i]['name'] ?>" class="form-control mt-10" type="text" maxlength="255" id="name<? echo $id ?>" name="name" placeholder=" " autocomplete="off">
<br>
<textarea id="text<? echo $id ?>" class="form-control maxMinW100" rows="5"><? echo $services[$i]['text'] ?></textarea>
<script>
tinymce.init({
selector: '#text<? echo $id ?>',
language: 'ru',
plugins: [
'advlist autolink lists link image charmap preview hr anchor pagebreak',
'searchreplace',
'insertdatetime media nonbreaking contextmenu directionality',
'paste textpattern codesample spoiler'
],
toolbar1: "undo redo removeformat | bold italic underline strikethrough | alignleft aligncenter alignright alignjustify | bullist numlist | blockquote | link image media codesample | hr | subscript superscript | charmap ",
image_advtab: true,
menubar: false,
toolbar_items_size: 'small'
});
</script>
<button class="btn btn-default mt-10" onclick="wcs_bk_edit_service(<? echo $id ?>);" type="button"></button>
<button class="btn btn-default mt-10" onclick="wcs_bk_dell_service(<? echo $id ?>);" type="button"></button>
<button class="btn btn-default mt-10" onclick="wcs_bk_up_service(<? echo $id ?>);" type="button"></button>
<button class="btn btn-default mt-10" onclick="wcs_bk_down_service(<? echo $id ?>);" type="button"></button>
</form>
<div class="col-md-6">
<div class="block_head"> #<? echo $i+1; ?></div>
<div class="tarifs">
<table class="table table-bordered table-condensed mb-0">
<thead>
<tr>
<td>#</td>
<td></td>
<td></td>
<td></td>
</tr>
</thead>
<tbody>
<?
$STH = $pdo->prepare("SELECT `id`, `time`, `pirce` FROM `wcs_bk_services_times` WHERE `service` = :id");
$STH->execute(array( ':id' => $id ));
$STH->execute();
$tarifs = $STH->fetchAll();
$count2 = count($tarifs);
for ($j=0; $j < $count2; $j++) {
if ($tarifs[$j]['time'] == 0){
$tarifs[$j]['time'] = '';
}
?>
<tr id="tarif<? echo $tarifs[$j]['id'] ?>">
<td width="1%"><? echo $j+1; ?></td>
<td><input value="<? echo $tarifs[$j]['time'] ?>" class="form-control" type="text" maxlength="6" id="time<? echo $tarifs[$j]['id'] ?>" placeholder="" autocomplete="off"></td>
<td><input value="<? echo $tarifs[$j]['pirce'] ?>" class="form-control" type="text" maxlength="6" id="pirce<? echo $tarifs[$j]['id'] ?>" placeholder="" autocomplete="off"></td>
<td width="30%">
<div class="btn-group" role="group">
<button onclick="wcs_bk_edit_tarif (<? echo $tarifs[$j]['id'] ?>);" class="btn btn-default" type="button"><span class="glyphicon glyphicon-pencil"></span></button>
<button onclick="wcs_bk_dell_tarif (<? echo $tarifs[$j]['id'] ?>);" class="btn btn-default" type="button"><span class="glyphicon glyphicon-trash"></span></button>
</div>
</td>
</tr>
<?
}
?>
</tbody>
</table>
</div>
</div>
</div>
<?
}
} else {
?>
<p class="mt-10 mb-0"> </p>
<?
}
?>
</div>
<?
}
exit();
}
if (isset($_POST['add_service'])) {
foreach($_POST as $key => $value) {
switch ($key) {
case 'server':
$$key = check($value, "int");
break;
case 'sale':
$$key = check($value, "int");
break;
case 'text':
require_once '../../../inc/classes/HTMLPurifier/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Trusted', true);
$config->set('Filter.YouTube', true);
$purifier = new HTMLPurifier($config);
$text = $purifier->purify($_POST['text']);
$text = find_img_mp3($text, rand(1, 250) ,1);
break;
default:
$$key = check($value, null);
break;
}
}
if (empty($server)) {
exit (json_encode(array('status' => '2', 'input' => 'server', 'reply' => '!')));
}
if (empty($name)) {
exit (json_encode(array('status' => '2', 'input' => 'name', 'reply' => '!')));
}
if (mb_strlen($name, 'UTF-8') > 255) {
exit (json_encode(array('status' => '2', 'input' => 'name', 'reply' => ' 255 !')));
}
if (mb_strlen($text, 'UTF-8') > 5000) {
exit (json_encode(array('status' => '2', 'input' => 'text', 'reply' => ' .')));
}
if ($sale != 1 and $sale != 2) {
exit (json_encode(array('status' => '2', 'input' => 'sale', 'reply' => ' !')));
}
$STH = $pdo->prepare("SELECT `id`,`wcs_bk_host`,`wcs_bk_user`,`wcs_bk_pass`,`wcs_bk_db`,`wcs_bk_code`,`type` FROM `servers` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $server ));
$server = $STH->fetch();
if($server->type != 4) {
exit (json_encode(array('status' => '2', 'input' => 'server', 'reply' => ' !')));
}
$STH = $pdo->prepare("SELECT `trim` FROM `wcs_bk_services` WHERE `server`=:server ORDER BY `trim` DESC LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':server' => $server->id ));
$tmp = $STH->fetch();
if (isset($tmp->trim)) {
$trim = $tmp->trim+1;
} else {
$trim = 1;
}
$STH = $pdo->prepare("INSERT INTO `wcs_bk_services` (name,server,text,trim,sale) values (:name, :server, :text, :trim, :sale)");
if ($STH->execute(array( 'name' => $name, 'server' => $server->id, 'text' => $text, 'trim' => $trim, 'sale' => $sale )) == '1') {
exit(json_encode(array('status' => '1')));
}
}
if (isset($_POST['edit_service'])) {
foreach($_POST as $key => $value) {
switch ($key) {
case 'id':
$$key = check($value, "int");
break;
case 'server':
$$key = check($value, "int");
break;
case 'sale':
$$key = check($value, "int");
break;
case 'text':
require_once '../../../inc/classes/HTMLPurifier/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Trusted', true);
$config->set('Filter.YouTube', true);
$purifier = new HTMLPurifier($config);
$text = $purifier->purify($_POST['text']);
$text = find_img_mp3($text, rand(1, 250) ,1);
break;
default:
$$key = check($value, null);
break;
}
}
if (empty($id)) {
exit(json_encode(array('status' => '2')));
}
if (empty($name)) {
exit (json_encode(array('status' => '2', 'input' => 'name', 'reply' => '!')));
}
if (mb_strlen($name, 'UTF-8') > 255) {
exit (json_encode(array('status' => '2', 'input' => 'name', 'reply' => ' 255 !')));
}
if (mb_strlen($text, 'UTF-8') > 5000) {
exit (json_encode(array('status' => '2', 'input' => 'text', 'reply' => ' .')));
}
if ($sale != 1 and $sale != 2) {
exit (json_encode(array('status' => '2', 'input' => 'sale', 'reply' => ' !')));
}
$STH = $pdo->prepare("SELECT `server` FROM `wcs_bk_services` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $id ));
$row = $STH->fetch();
if(empty($row->server)) {
exit (json_encode(array('status' => '2', 'input' => 'name', 'reply' => ' id ')));
}
$STH = $pdo->prepare("SELECT `id`,`wcs_bk_host`,`wcs_bk_user`,`wcs_bk_pass`,`wcs_bk_db`,`wcs_bk_code`,`type` FROM `servers` WHERE `id`=:id LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$STH->execute(array( ':id' => $server ));
$server = $STH->fetch();
if($server->type != 4) {
exit (json_encode(array('status' => '2', 'input' => 'server', 'reply' => ' !')));
}
$STH = $pdo->prepare("UPDATE wcs_bk_services SET name=:name,text=:text,sale=:sale WHERE id='$id' LIMIT 1");
if ($STH->execute(array( 'name' => $name, 'text' => $text, 'sale' => $sale )) == '1') {
exit(json_encode(array('status' => '1')));
}
}
if (isset($_POST['up_service'])) {
$number = check($_POST['id'],"int");
$STH = $pdo->query("SELECT server FROM wcs_bk_services WHERE id='$number' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$row = $STH->fetch();
$server = $row->server;
if (empty($number) or empty($server)) {
exit(json_encode(array('status' => '2')));
}
$STH = $pdo->query("SELECT id,trim FROM wcs_bk_services WHERE id='$number' and server='$server' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$tmp = $STH->fetch();
if (empty($tmp->id)) {
exit(json_encode(array('status' => '2')));
}
if ($tmp->trim == 1) {
exit(json_encode(array('status' => '2')));
}
$poz = $tmp->trim;
$poz2 = $tmp->trim-1;
$STH = $pdo->prepare("UPDATE wcs_bk_services SET trim=:trim WHERE trim='$poz2' and server='$server' LIMIT 1");
if ($STH->execute(array('trim' => $poz)) == '1') {
$STH = $pdo->prepare("UPDATE wcs_bk_services SET trim=:poz2 WHERE id='$number' and server='$server' LIMIT 1");
if ($STH->execute(array('poz2' => $poz2)) == '1') {
exit(json_encode(array('status' => '1')));
} else {
exit(json_encode(array('status' => '2')));
}
} else {
exit(json_encode(array('status' => '2')));
}
}
if (isset($_POST['down_service'])) {
$number = check($_POST['id'],"int");
$STH = $pdo->query("SELECT server FROM wcs_bk_services WHERE id='$number' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$row = $STH->fetch();
$server = $row->server;
if (empty($number) or empty($server)) {
exit(json_encode(array('status' => '2')));
}
$STH = $pdo->query("SELECT id,trim from wcs_bk_services WHERE id='$number' and server='$server' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$tmp = $STH->fetch();
if (empty($tmp->id)) {
exit(json_encode(array('status' => '2')));
}
$poz = $tmp->trim;
$poz2 = $tmp->trim+1;
$STH = $pdo->query("SELECT trim from wcs_bk_services WHERE server='$server' ORDER BY trim DESC LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$tmp = $STH->fetch();
$max = $tmp->trim;
if ($poz == $max) {
exit(json_encode(array('status' => '2')));
}
$STH = $pdo->prepare("UPDATE wcs_bk_services SET trim=:trim WHERE trim='$poz2' and server='$server' LIMIT 1");
if ($STH->execute(array('trim' => $poz)) == '1') {
$STH = $pdo->prepare("UPDATE wcs_bk_services SET trim=:trim WHERE id='$number' and server='$server' LIMIT 1");
if ($STH->execute(array('trim' => $poz2)) == '1') {
exit(json_encode(array('status' => '1')));
} else {
exit(json_encode(array('status' => '2')));
}
} else {
exit(json_encode(array('status' => '2')));
}
}
if (isset($_POST['dell_service'])) {
$main_id = checkJs($_POST['id'],"int");
if (empty($main_id)) {
exit (json_encode(array('status' => '2')));
}
$STH = $pdo->query("SELECT server FROM wcs_bk_services WHERE id='$main_id' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$row = $STH->fetch();
$server = $row->server;
$STH = $pdo->query("SELECT trim from wcs_bk_services WHERE id='$main_id' and server='$server' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$tmp = $STH->fetch();
$STH = $pdo->query("SELECT id,trim from wcs_bk_services WHERE trim>'$tmp->trim' and server='$server'");
$STH->execute();
$row = $STH->fetchAll();
$count = count($row);
if ($count == 0){
$pdo->exec("DELETE FROM wcs_bk_services_times WHERE service='$main_id'");
$pdo->exec("DELETE FROM wcs_bk_services WHERE id='$main_id' LIMIT 1");
exit(json_encode(array('status' => '1')));
}
for($i=0; $i<$count; $i++){
$id = $row[$i]['id'];
$STH = $pdo->prepare("UPDATE wcs_bk_services SET trim=:trim WHERE id='$id' and server='$server' LIMIT 1");
$trim = $row[$i][trim] - 1;
if ($STH->execute(array('trim' => $trim)) != '1') {
exit(json_encode(array('status' => '2')));
}
}
$pdo->exec("DELETE FROM wcs_bk_services_times WHERE service='$main_id'");
$pdo->exec("DELETE FROM wcs_bk_services WHERE id='$main_id' LIMIT 1");
exit(json_encode(array('status' => '1')));
}
if (isset($_POST['add_tarif'])) {
$service = check($_POST['service'],"int");
$type = 0;
if (($_POST['time'] == 0) or (strnatcasecmp($_POST['time'],'') == 0)){
$time = 0;
} else {
if (strpos($_POST['time'], '-') == false) {
$time = check($_POST['time'], "int");
} else {
$time = explode("-", $_POST['time']);
$time[0] = check($time[0], "int");
$time[1] = check($time[1], "int");
$type = 1;
}
}
$pirce = check($_POST['pirce'], "int");
if (empty($service)) {
$result = array('status' => '2', 'input' => 'services', 'reply' => '!');
exit (json_encode($result));
}
if (empty($pirce)) {
$result = array('status' => '2', 'input' => 'pirce', 'reply' => '!');
exit (json_encode($result));
}
if (mb_strlen($pirce, 'UTF-8') > 6) {
$result = array('status' => '2', 'input' => 'pirce', 'reply' => ' 6 !');
exit (json_encode($result));
}
$STH = $pdo->query("SELECT id FROM wcs_bk_services WHERE id='$service' LIMIT 1"); $STH->setFetchMode(PDO::FETCH_OBJ);
$row = $STH->fetch();
if (empty($row->id)){
exit(json_encode(array('status' => '2')));
}
if ($type == 0) {
if (empty($time) and $time!= 0) {
$result = array('status' => '2', 'input' => 'time', 'reply' => '!');
exit (json_encode($result));
}
if (mb_strlen($time, 'UTF-8') > 6) {
$result = array('status' => '2', 'input' => 'time', 'reply' => ' 6 !');
exit (json_encode($result));
}
$data = array( 'service' => $service, 'pirce' => $pirce, 'time' => $time );
$STH = $pdo->prepare("INSERT INTO wcs_bk_services_times (service,pirce,time) values (:service, :pirce, :time)");
if ($STH->execute($data) == '1') {
exit(json_encode(array('status' => '1')));
}
} elseif ($type == 1) {
if ((empty($time[0]) and $time[0]!= 0) or (empty($time[1]) and $time[1]!= 0) or ($time[0] == $time[1]) or ($time[0] > $time[1])) {
$result = array('status' => '2', 'input' => 'time', 'reply' => ' !');
exit (json_encode($result));
}
if (mb_strlen($time[0], 'UTF-8') > 3 or mb_strlen($time[1], 'UTF-8') > 3) {
$result = array('status' => '2', 'input' => 'time', 'reply' => ' 3 !');
exit (json_encode($result));
}
for ($i=$time[0]; $i <= $time[1]; $i++) {
$pirce2 = $pirce*$i;
$data = array( 'service' => $service, 'pirce' => $pirce2, 'time' => $i );
$STH = $pdo->prepare("INSERT INTO wcs_bk_services_times (service,pirce,time) values (:service, :pirce, :time)");
$STH->execute($data);
}
exit(json_encode(array('status' => '1')));
}
}
if (isset($_POST['edit_tarif'])) {
$id = check($_POST['id'],"int");
if (($_POST['time'] == 0) or (strnatcasecmp($_POST['time'],'') == 0)){
$time = 0;
} else {
$time = check($_POST['time'],"int");
}
$pirce = check($_POST['pirce'],"int");
if (empty($id)) {
exit(json_encode(array('status' => '2')));
}
if (empty($time) and $time!= 0) {
$result = array('status' => '2', 'input' => 'time', 'reply' => '!');
exit (json_encode($result));
}
if (empty($pirce)) {
$result = array('status' => '2', 'input' => 'pirce', 'reply' => '!');
exit (json_encode($result));
}
if (mb_strlen($time, 'UTF-8') > 6) {
$result = array('status' => '2', 'input' => 'time', 'reply' => ' 6 !');
exit (json_encode($result));
}
if (mb_strlen($pirce, 'UTF-8') > 6) {
$result = array('status' => '2', 'input' => 'pirce', 'reply' => ' 6 !');
exit (json_encode($result));
}
$data = array( 'time' => $time, 'pirce' => $pirce );
$STH = $pdo->prepare("UPDATE wcs_bk_services_times SET time=:time,pirce=:pirce WHERE id='$id' LIMIT 1");
if ($STH->execute($data) == '1') {
exit(json_encode(array('status' => '1')));
}
}
if (isset($_POST['dell_tarif'])) {
$id = checkJs($_POST['id'],"int");
if (empty($id)) {
exit (json_encode(array('status' => '2')));
}
$pdo->exec("DELETE FROM wcs_bk_services_times WHERE id='$id'");
exit(json_encode(array('status' => '1')));
}
?>Function Calls
| None |
Stats
| MD5 | 0fb5e1adc1e4fd7a485a91ece19eab36 |
| Eval Count | 0 |
| Decode Time | 208 ms |