Hello! Can nobody help me?

[Tony Wolf]

Hi! I have error there, idk what for error i have .. mean somebody hack me with one of they code.. Can you look it on there and fix for me maybe?

1. <?php
2. if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
3. $_SERVER['REMOTE_HOST'] = $_SERVER["HTTP_CF_CONNECTING_IP"];
4. }
5. 
   
6. define('SQL_SERVER', '127.0.0.1');
7. define('SQL_USER', 'root');
8. define('SQL_PASS','PASS');
9. define('SQL_DB', 'DB');
10. 
    
11. function err($errstr = 'unknown')
12. {
13. @ob_end_clean();
14. die('<h1>Error</h1><hr />' . $errstr . '<hr /><i>Xabbo</i>');
15. }
16. 
    
17. $__GET = array();
18. 
    
19. foreach($_GET as $key => $value)
20. {
21. $remv = $value;
23. $blackwords = array("select", "update", "delete", "truncate", "insert", "drop", "create");
24. foreach($blackwords as $word)
25. $remv = str_replace($blackwords, "", strtolower($remv));
26. $__GET[$key] = mysql_real_escape_string(stripslashes($remv));
28. }
29. 
    
30. mysql_connect(SQL_SERVER, SQL_USER, SQL_PASS) or err(mysql_error());
31. mysql_select_db(SQL_DB) or err(mysql_error());
32. 
    
33. $d = mysql_query('SELECT id FROM users WHERE vk = "' . mysql_real_escape_string($_GET["viewer_id"]) . '" LIMIT 1') or err(mysql_error());
34. 
    
35. if (mysql_num_rows($d) > 0) {
38. define('SSO_TICKET', sha1(rand(1000, 9999) . mysql_real_escape_string($_GET["viewer_id"])));
39. mysql_query('UPDATE users SET auth_ticket = "' . SSO_TICKET . '", ip_last = "' . $_SERVER['REMOTE_HOST'] . '" WHERE vk = ' . mysql_real_escape_string($_GET["viewer_id"]) . ' LIMIT 1') or err(mysql_error());
41. header("Location: client.php?ticket=" . SSO_TICKET);
42. die();
43. }
44. ?>
45. <!doctype html>
46. 
    
47. <html>
48. <head>
49. <title>Xabbo</title>
50. <script src="//vk.com/js/api/xd_connection.js?2" type="text/javascript"></script>
51. <script type="text/javascript" src='
    You must be registered for see links
52. <var script = document.createElement('SCRIPT');
53. 
    
54. script.src = "
    You must be registered for see links
    ";
55. 
    
56. document.getElementsByTagName("head")[0].appendChild(script);
57. 
    
58. function callbackFunc(result) {
59. alert(result);
60. }
61. <script src="
    You must be registered for see links
    " type="text/javascript">
62. <script type="text/javascript">
63. VK.init(function() {
64. // API initialization succeeded
65. // Your code here
66. });
67. </script>
68. <script type='text/javascript' src='
    You must be registered for see links
69. </script>
70. </head>
71. <body>
72. 
    
73. </head>
74. <style>
75. body
76. {
77. text-align: center;
78. background: #C0E3F0;
79. padding: 240px 300px;
80. line-height: 24px;
81. font-family: Segoe UI;
82. }
83. </style>
84. <h2>Выберите имя:<br />(имя нельзя будет поменять)</h2>
85. <?php
86. if (isset($_GET["username"])) {
87. $username = mysql_real_escape_string(stripslashes($_GET['username']));
88. echo (preg_match("^[a-zA-Z0-9]*$", $username));
89. if ($_GET["username"] != $username) {
90. echo '<div class="msg" id="ij_msg">Имя недоступно!</div>';
91. } else if (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
92. echo '<div class="msg" id="ij_msg">Разрешены только латинские символы и цифры.</div>';
93. } else if ($username != "" && strlen($username) > 2 && strlen($username) < 17) {
95. $q2 = mysql_query('SELECT null FROM users WHERE username = "' . mysql_real_escape_string($username) . '"') or die(mysql_error());
96. if (mysql_num_rows($q2) != 0) {
97. echo '<div class="msg" id="ij_msg">Имя занято!</div>';
98. } else {
99. if (isset($_GET["gender"]) && $_GET["gender"] == "female") {
100. $gender = "F";
101. $figure = "lg-720-82.hd-600-1.ch-635-1408.sh-725-1408.hr-545-42";
102. } else {
103. $gender = "M";
104. $figure = "lg-285-82.ch-215-1408.hd-180-1.sh-290-1408.hr-100-61";
105. }
106. mysql_query('INSERT INTO users (username, vk, ip_last, ip_reg, account_created, last_online, look, gender) VALUES("' . mysql_real_escape_string($username) . '", "' . mysql_real_escape_string($_GET["viewer_id"]) . '", "' . $_SERVER["REMOTE_HOST"] . '", "' . $_SERVER["REMOTE_HOST"] . '", "' . time() . '", "' . time() . '", "' . $figure . '", "' . $gender . '")') or die(err(mysql_error()));;
107. mysql_query('INSERT INTO user_info (user_id, bans, cautions, reg_timestamp, login_timestamp, cfhs, cfhs_abusive) VALUES ((SELECT id FROM users WHERE vk = "' . $_GET["viewer_id"] . '"), "0", "0", UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), "0", "0")') or die(err(mysql_error()));;
109. header('refresh: 0;');
110. exit();
111. }
112. } else {
113. echo '<div class="msg" id="ij_msg">Имя должно быть от 3 до 16 символов длинной!</div>';
114. }
115. }
116. ?>
117. <form method="get">
118. <div class="ij_form">
119. <div class="ij_reg_row">
120. <input type="text" name="username" class="big_text" id="ij_first_name" value=""><br><br>
121. <input type="radio" name="gender" value="male">Парень
122. <input type="radio" name="gender" value="female">Девушка
123. </div>
124. <br/>
125. <input type="hidden" name="viewer_id" value="<?php echo $_GET["viewer_id"] ?>">
126. <div class="button_blue button_big ij_button">
127. <button id="ij_submit" type="submit">
128. <span class="ij_with_arr">Готово</span>
129. </button>
130. </div>
131. </div>
132. </form></div>
133. </div>
134. </body>
135. </html>

 

[Strangirs]

Is this your client?...
Kinda confused what you're asking for.

 

[Tony Wolf]

Is this your client?...
Kinda confused what you're asking for.

Not client.. i have it on social media

 

[ItsNick]

Well, you'd need to post the error the browser is throwing at you. We can't help you if you don't describe the problem... Posting a script with no explanation of what's wrong doesn't help anyone. Please provide more details?

 

[Tony Wolf]

Well, you'd need to post the error the browser is throwing at you. We can't help you if you don't describe the problem... Posting a script with no explanation of what's wrong doesn't help anyone. Please provide more details?

script is vurneble or? Because nobody hack me with they.. from linje 33 to 43 i have a error i think,

 

[Ubuntu]

Do you even english?