Hello! Can nobody help me?

Tony Wolf

Member
Oct 6, 2011
321
20
Hi! I have error there, idk what for error i have .. mean somebody hack me with one of they code.. Can you look it on there and fix for me maybe?
  1. <?php
  2. if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
  3. $_SERVER['REMOTE_HOST'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
  4. }

  5. define('SQL_SERVER', '127.0.0.1');
  6. define('SQL_USER', 'root');
  7. define('SQL_PASS','PASS');
  8. define('SQL_DB', 'DB');

  9. function err($errstr = 'unknown')
  10. {
  11. @ob_end_clean();
  12. die('<h1>Error</h1><hr />' . $errstr . '<hr /><i>Xabbo</i>');
  13. }

  14. $__GET = array();

  15. foreach($_GET as $key => $value)
  16. {
  17. $remv = $value;
  18. $blackwords = array("select", "update", "delete", "truncate", "insert", "drop", "create");
  19. foreach($blackwords as $word)
  20. $remv = str_replace($blackwords, "", strtolower($remv));
  21. $__GET[$key] = mysql_real_escape_string(stripslashes($remv));
  22. }

  23. mysql_connect(SQL_SERVER, SQL_USER, SQL_PASS) or err(mysql_error());
  24. mysql_select_db(SQL_DB) or err(mysql_error());

  25. $d = mysql_query('SELECT id FROM users WHERE vk = "' . mysql_real_escape_string($_GET["viewer_id"]) . '" LIMIT 1') or err(mysql_error());

  26. if (mysql_num_rows($d) > 0) {
  27. define('SSO_TICKET', sha1(rand(1000, 9999) . mysql_real_escape_string($_GET["viewer_id"])));
  28. mysql_query('UPDATE users SET auth_ticket = "' . SSO_TICKET . '", ip_last = "' . $_SERVER['REMOTE_HOST'] . '" WHERE vk = ' . mysql_real_escape_string($_GET["viewer_id"]) . ' LIMIT 1') or err(mysql_error());
  29. header("Location: client.php?ticket=" . SSO_TICKET);
  30. die();
  31. }
  32. ?>
  33. <!doctype html>

  34. <html>
  35. <head>
  36. <title>Xabbo</title>
  37. <script src="//vk.com/js/api/xd_connection.js?2" type="text/javascript"></script>
  38. <script type="text/javascript" src='
  39. <var script = document.createElement('SCRIPT');

  40. script.src = " ";

  41. document.getElementsByTagName("head")[0].appendChild(script);

  42. function callbackFunc(result) {
  43. alert(result);
  44. }
  45. <script src=" " type="text/javascript">
  46. <script type="text/javascript">
  47. VK.init(function() {
  48. // API initialization succeeded
  49. // Your code here
  50. });
  51. </script>
  52. <script type='text/javascript' src='
  53. </script>
  54. </head>
  55. <body>

  56. </head>
  57. <style>
  58. body
  59. {
  60. text-align: center;
  61. background: #C0E3F0;
  62. padding: 240px 300px;
  63. line-height: 24px;
  64. font-family: Segoe UI;
  65. }
  66. </style>
  67. <h2>Выберите имя:<br />(имя нельзя будет поменять)</h2>
  68. <?php
  69. if (isset($_GET["username"])) {
  70. $username = mysql_real_escape_string(stripslashes($_GET['username']));
  71. echo (preg_match("^[a-zA-Z0-9]*$", $username));
  72. if ($_GET["username"] != $username) {
  73. echo '<div class="msg" id="ij_msg">Имя недоступно!</div>';
  74. } else if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
  75. echo '<div class="msg" id="ij_msg">Разрешены только латинские символы и цифры.</div>';
  76. } else if ($username != "" && strlen($username) > 2 && strlen($username) < 17) {
  77. $q2 = mysql_query('SELECT null FROM users WHERE username = "' . mysql_real_escape_string($username) . '"') or die(mysql_error());
  78. if (mysql_num_rows($q2) != 0) {
  79. echo '<div class="msg" id="ij_msg">Имя занято!</div>';
  80. } else {
  81. if (isset($_GET["gender"]) && $_GET["gender"] == "female") {
  82. $gender = "F";
  83. $figure = "lg-720-82.hd-600-1.ch-635-1408.sh-725-1408.hr-545-42";
  84. } else {
  85. $gender = "M";
  86. $figure = "lg-285-82.ch-215-1408.hd-180-1.sh-290-1408.hr-100-61";
  87. }
  88. mysql_query('INSERT INTO users (username, vk, ip_last, ip_reg, account_created, last_online, look, gender) VALUES("' . mysql_real_escape_string($username) . '", "' . mysql_real_escape_string($_GET["viewer_id"]) . '", "' . $_SERVER["REMOTE_HOST"] . '", "' . $_SERVER["REMOTE_HOST"] . '", "' . time() . '", "' . time() . '", "' . $figure . '", "' . $gender . '")') or die(err(mysql_error()));;
  89. mysql_query('INSERT INTO user_info (user_id, bans, cautions, reg_timestamp, login_timestamp, cfhs, cfhs_abusive) VALUES ((SELECT id FROM users WHERE vk = "' . $_GET["viewer_id"] . '"), "0", "0", UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), "0", "0")') or die(err(mysql_error()));;
  90. header('refresh: 0;');
  91. exit();
  92. }
  93. } else {
  94. echo '<div class="msg" id="ij_msg">Имя должно быть от 3 до 16 символов длинной!</div>';
  95. }
  96. }
  97. ?>
  98. <form method="get">
  99. <div class="ij_form">
  100. <div class="ij_reg_row">
  101. <input type="text" name="username" class="big_text" id="ij_first_name" value=""><br><br>
  102. <input type="radio" name="gender" value="male">Парень
  103. <input type="radio" name="gender" value="female">Девушка
  104. </div>
  105. <br/>
  106. <input type="hidden" name="viewer_id" value="<?php echo $_GET["viewer_id"] ?>">
  107. <div class="button_blue button_big ij_button">
  108. <button id="ij_submit" type="submit">
  109. <span class="ij_with_arr">Готово</span>
  110. </button>
  111. </div>
  112. </div>
  113. </form></div>
  114. </div>
  115. </body>
  116. </html>
 

ItsNick

Member
Nov 19, 2013
96
15
Well, you'd need to post the error the browser is throwing at you. We can't help you if you don't describe the problem... Posting a script with no explanation of what's wrong doesn't help anyone. Please provide more details?
 

Tony Wolf

Member
Oct 6, 2011
321
20
Well, you'd need to post the error the browser is throwing at you. We can't help you if you don't describe the problem... Posting a script with no explanation of what's wrong doesn't help anyone. Please provide more details?
script is vurneble or? Because nobody hack me with they.. from linje 33 to 43 i have a error i think,
 

Users who are viewing this thread

Top