<?
//
/*================================================= ===========*\
|| ################################################## ######## ||
|| # ------------------------------------------------------ # ||
|| # Mu website Heroes Mu # ||
|| # ------------------------------------------------------ # ||
|| # # ||
|| # # ||
|| # # ||
|| # ------------------------------------------------------ # ||
|| # # ||
|| # # ||
|| # # ||
|| # # ||
|| # # ||
|| # ------------------------------------------------------ # ||
|| # # ||
|| # # ||
|| # # ||
|| # ------------------------------------------------------ # ||
|| ################################################## ######## ||
\*================================================ ============*/
//
//Conexion SQL
$muweb['localhost'] = ''IP DEDICADO'';
$muweb['dbhost'] = ''IP DEDICADO'';
$muweb['database'] = ''MuOnline'';
$muweb['dbuser'] = ''sa'';
$muweb['dbpassword'] = ''SENHA'';
/*================================================= ===========*\
|| # # ||
|| # Descargas y links para el sitio # ||
|| # Downloads and links to the site # ||
|| # # ||
\*================================================ ============*/
//
//Link de foro
$muweb['forum_link'] = "";
//
//Link de Imagenes
$muweb['images_link'] = "Template";
//
//
//
$muweb['link'] = "download";
$muweb['link2'] = "download";
$muweb['link3'] = "download";
$muweb['link4'] = "download";
/*================================================= ===========*\
|| # # ||
|| # Noticias - News # ||
|| # # ||
\*================================================ ============*/
//Titulo de Noticia
$muweb['TitleNoticia1'] ="";
$muweb['TitleNoticia2'] ="";
$muweb['TitleNoticia3'] ="";
$muweb['TitleNoticia4'] ="";
$muweb['TitleNoticia5'] ="";
//
//Links de Noticia
$muweb['LinkNoticia1'] ="";
$muweb['LinkNoticia2'] ="";
$muweb['LinkNoticia3'] ="";
$muweb['LinkNoticia4'] ="";
$muweb['LinkNoticia5'] ="";
/*================================================= ===========*\
|| # # ||
|| # Configuraciones del Sitio - Site Config # ||
|| # # ||
\*================================================ ============*/
//Reset VIP
$muweb['resetlevelvip'] = "380";
$muweb['resetpointsvip'] = "400";
$muweb['resetmoneyvip'] = "10000000";
//Reset Normal
$muweb['resetlevel'] = "400";
$muweb['resetpoints'] = "350";
$muweb['resetmoney'] = "20000000";
//Opciones de Servidor
$muweb['pkmoney'] = "0";
$muweb['resetslimit'] = "2000000";
$muweb['resetmode'] = "reset";
$muweb['levelupmode'] = "extra";
$muweb['clean_inventory'] = "no";
$muweb['clean_skills'] = "no";
$muweb['warp_zen'] = "5000000";
$muweb['webtitle'] = "";
$muweb['servername'] = "";
$muweb['serverwebsite'] = "";
$muweb['email'] = "";
$muweb['md5'] = "0";
$muweb['gm'] = "no";
//Links de Descarga
$muweb['Nombre'] = "";
$muweb['Nombre2'] = "";
$muweb['Nombre3'] = "";
$muweb['Nombre4'] = "";
//Servidores
$servername = "Super Free";
$servername2 = "Super (Non-PVP)";
$servername3 = "Super Vip";
$servername4 = "Super Vip (Non-PVP)";
//Puertos Gameserver
$muweb['port1'] = "55901";
$muweb['port2'] = "55901";
$muweb['port3'] = "55907";
$muweb['port4'] = "55910";
//Admin
$gm="32";
$adm="32";
//END
error_reporting(E_ALL ^E_NOTICE ^E_WARNING);
include("sys_/plugins/adodb/adodb.inc.php");
//Block Web If Cant Connect to SQL ^^
$db = &ADONewConnection('mssql');
$connect_mssql = $db->Connect($muweb['dbhost'],$muweb['dbuser'],$muweb['dbpassword'],$muweb['database']);
if (!$connect_mssql) die("<center>Não foi possível conectar ao banco de dados</center>");
$alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$muweb['verify_code'] = substr(str_shuffle($alphanum), 0, 7);
$muweb['item_id'] = substr(str_shuffle($alphanum), 0, 32);
$muweb['item_id2'] = substr(str_shuffle($alphanum), 0, 12);
$winner_cs = "Select OWNER_GUILD,MONEY,TAX_RATE_CHAOS,TAX_RATE_STORE,TA X_HUNT_ZONE From MuCastle_DATA";
$execute_results = $db->Execute($winner_cs);
$config_cs = $execute_results->fetchRow();
$muweb['winner_cs_reults'] = "$config_cs[0]";
$muweb['winner_money_reults'] = "$config_cs[1]";
$muweb['winner_chaos_reults'] = "$config_cs[2]";
$muweb['winner_store_reults'] = "$config_cs[3]";
$muweb['winner_hunt_reults'] = "$config_cs[4]";
$winner_cs_master = "Select G_Mark, G_Master From Guild Where G_Name='$config_cs[0]'";
$execute_results = $db->Execute($winner_cs_master);
$config_cs_master = $execute_results->fetchRow();
$logo_winner_cs = urlencode(bin2hex($config_cs_master[0]));
$muweb['winner_cs_master'] = "$config_cs_master[1]";
$reg_cs_results = "Select REG_SIEGE_GUILD,REG_MARKS From MuCastle_REG_SIEGE";
$execute_results = $db->Execute($reg_cs_results);
$config_reg_results = $execute_results->fetchRow();
$muweb['reg_cs'] = "$config_reg_results[0]";
$users_connected = $db->Execute("SELECT count(*) FROM MEMB_STAT WHERE ConnectStat='1'");
$muweb['users_reults'] = $users_connected->fetchrow();
$users_connected1 = $db->Execute("SELECT count(*) FROM MEMB_STAT WHERE ConnectStat='1' and servername='$servername'");
$muweb['users_reults1'] = $users_connected1->fetchrow();
if($muweb['users_reults1'][0] == '0'){$muweb['users_reults1'][0] = '<font color=red>Offline</font>'; }
$users_connected2 = $db->Execute("SELECT count(*) FROM MEMB_STAT WHERE ConnectStat='1' and servername='$servername2'");
$muweb['users_reults2'] = $users_connected2->fetchrow();
if($muweb['users_reults2'][0] == '0'){$muweb['users_reults2'][0] = '<font color=red>Offline</font>'; }
$users_connected3 = $db->Execute("SELECT count(*) FROM MEMB_STAT WHERE ConnectStat='1' and servername='$servername3'");
$muweb['users_reults3'] = $users_connected3->fetchrow();
if($muweb['users_reults3'][0] == '0'){$muweb['users_reults3'][0] = '<font color=red>Offline</font>'; }
$users_connectedvip = $db->Execute("SELECT count(*) FROM MEMB_STAT WHERE ConnectStat='1' and servername='$servername4'");
$muweb['users_reultsvip'] = $users_connectedvip->fetchrow();
if($muweb['users_reultsvip'][0] == '0'){$muweb['users_reultsvip'][0] = '<font color=red>Offline</font>'; }
$total_accounts = $db->Execute("SELECT count(*) FROM MEMB_INFO");
$muweb['accounts_reults'] = $total_accounts->fetchrow();
$total_characters = $db->Execute("SELECT count(*) FROM Character");
$muweb['character_reults'] = $total_characters->fetchrow();
$total_guilds = $db->Execute("SELECT count(*) FROM Guild");
$muweb['guilds_reults'] = $total_guilds->fetchrow();
if($muweb['md5']=='1'){$md5_encrypt = "<option value='1'>Yes</option><option value='0'>No</option>";}
elseif($muweb['md5']=='0'){$md5_encrypt = "<option value='0'>No</option><option value='1'>Yes</option>";}
if($muweb['resetmode']=='keep'){$reset_mode="<option value='keep'>Normal (Keep Stats)</option><option value='reset'>Reset (Reset Stats)</option>";}
elseif($muweb['resetmode']=='reset'){$reset_mode="<option value='reset'>Reset (Reset Stats)</option><option value='keep'>Normal (Keep Stats)</option>";}
if($muweb['levelupmode']=='normal'){$levelup_mode="<option value='normal'>Normal</option><option value='extra'>Bonus Points (* Resets)</option>";}
elseif($muweb['levelupmode']=='extra'){$levelup_mode="<option value='extra'>Bonus Points (* Resets)</option><option value='normal'>Normal</option>";}
if($muweb['clean_inventory']=='yes'){$clean_inv="<option value='yes'>Yes</option><option value='no'>No</option>";}
elseif($muweb['clean_inventory']=='no'){$clean_inv="<option value='no'>No</option><option value='yes'>Yes</option>";}
if($muweb['clean_skills']=='yes'){$clean_skills="<option value='yes'>Yes</option><option value='no'>No</option>";}
elseif($muweb['clean_skills']=='no'){$clean_skills="<option value='no'>No</option><option value='yes'>Yes</option>";}
if($muweb['gm']=='yes'){$gm_show="<option value='yes'>Yes</option><option value='no'>No</option>";}
elseif($muweb['gm']=='no'){$gm_show="<option value='no'>No</option><option value='yes'>Yes</option>";}
$ok_start = "<table style='width: 100%' cellspacing='0' cellpadding='0'>
<tr>
<td> </td>
</tr>
</table>
<table width='500' border='0' align='center' cellpadding='0' cellspacing='0'>
<tr>
<td width='500' height='106' background='template/season4/images/exito.jpg'><div align='center' class='style13'>
";
$ok_end = "</div></td></tr></table>";
$warning_start = "<table style='width: 100%' cellspacing='0' cellpadding='0'>
<tr>
<td> </td>
</tr>
</table>
<table width='500' border='0' align='center' cellpadding='0' cellspacing='0'>
<tr>
<td width='500' height='106' background='template/season4/images/error.jpg'><div align='center' class='style13'>
";
$warning_end = "</div></td></tr></table>";
//Anti Injection Script
$xa = getenv('REMOTE_ADDR');
$badwords = array("#", "|", ";", "*", '"', "+", "''", "ALTER", "alter", "+28", "--", "%", "..", "%20", "'", "\"", "<", "\\", "|", "/", "=", "insert", "INSERT", "Quote", "QUOTE", "quote", "select", "SELECT", "WHERE", "where", "Where", "sele", "union", "UNION", "table", "TABLE", "update", "UPDATE", "delete", "distinct", "having", "truncate", "ftp", "FTP", "execute", "EXECUTE", "set", "res3t", "drop", "DROP", "TRUNCATE", "SET", "$", "replace", "handler", "like", "procedure", "limit", "order by", "group by", "asc", "Update", "UPdate", "UPDate", "UPDAte", "UPDATe", "updatE", "updaTE", "updATE", "upDATE", "uPDATE", "UpDaTe", "UpDAte", "UpDATE", "UPdATE", "UPDaTE", "UPDAtE", "UPdaTE", "UpDAtE", "UPDaTe", "UPdaTE", "FROM", "FrOm", "FRom", "FROm", "fROM", "frOM", "froM", "FRoM", "from", "fROM", "From", "FrOM", "dbo", "MEMB_INFO", "WAREHOUSE", "warehouse", "ctlcode", "CTLCODE", "clevel", "CLEVEL", "Class", "MEMB_INFO", "dRop","drOp","droP","DrOp","dRoP","DroP","DRoP"," DrOP","DROp","Drop", "-1", "-2", "-3","-4", "-5", "-6", "-7", "-8", "-9");
foreach($_GET as $value)
foreach($badwords as $word)
if(substr_count($value, $word) > 0)
die("<script>alert('Não use símbolos ou palavras proibidas')</script><meta http-equiv=refresh content=0;URL=../>");
$xa = getenv('REMOTE_ADDR');
$badwords = array("#", "|", ";", "*", '"', "+", "''", "+28", "--", "%", "..", "%20", "'", "\"", "<", "\\", "|", "/", "=", "insert", "INSERT", "Quote", "QUOTE", "quote", "WHERE", "where", "Where", "table", "TABLE", "update", "UPDATE", "delete", "DELETE", "distinct", "having", "truncate", "execute", "EXECUTE", "drop", "DROP", "TRUNCATE", "$", "replace", "handler", "procedure", "order by", "group by", "Update", "UPdate", "UPDate", "UPDAte", "UPDATe", "updatE", "updaTE", "updATE", "upDATE", "uPDATE", "UpDaTe", "UpDAte", "UpDATE", "UPdATE", "UPDaTE", "UPDAtE", "UPdaTE", "UpDAtE", "UPDaTe", "UPdaTE", "FROM", "FrOm", "FRom", "FROm", "fROM", "frOM", "froM", "FRoM", "from", "fROM", "From", "FrOM", "Character", "CHARACTER", "character", "memb_info", "warehouse", "WAREHOUSE", "ctlcode", "CTLCODE", "clevel", "Class", "CLEVEL", "MEMB_INFO", "dRop","drOp","droP","DrOp","dRoP","DroP","DRoP"," DrOP","DROp","Drop");
foreach($_POST as $value)
foreach($badwords as $word)
if(substr_count($value, $word) > 0)
die("<script>alert('Não use símbolos ou palavras proibidas')</script><meta http-equiv=refresh content=0;URL=../>");
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("l dS of F Y h:i:s A");
$script = $_SERVER[PATH_TRANSLATED];
$fp = fopen ("D:\Log_Antihack\Injection_log.txt", "a+");
$sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
$sql_inject_2 = array("", "","","""); #To wont replace
$GET_KEY = array_keys($_GET); #array keys from $_GET
$POST_KEY = array_keys($_POST); #array keys from $_POST
$COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
/*begin clear $_GET */
for($i=0;$i<count($GET_KEY);$i++)
{
$real_get[$i] = $_GET[$GET_KEY[$i]];
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
if($real_get[$i] != $_GET[$GET_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: GET\r\n");
fwrite ($fp, "Value: $real_get[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_GET */
/*begin clear $_POST */
for($i=0;$i<count($POST_KEY);$i++)
{
$real_post[$i] = $_POST[$POST_KEY[$i]];
$_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
if($real_post[$i] != $_POST[$POST_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: POST\r\n");
fwrite ($fp, "Value: $real_post[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_POST */
/*begin clear $_COOKIE */
for($i=0;$i<count($COOKIE_KEY);$i++)
{
$real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
$_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: COOKIE\r\n");
fwrite ($fp, "Value: $real_cookie[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_COOKIE */
fclose ($fp);
?>