Обучение/Помощь новичкам | че за ошибка?
)(aOS 
require_once __DIR__ . '/online.php'; вот тут какая то ошибка не пойму какая синтексическая какй то
________
посл. ред. 28.09.2018 в 16:37; всего 1 раз(а); by KRAKEN
Морпех ________
посл. ред. 28.09.2018 в 16:37; всего 1 раз(а); by KRAKEN
Где тут то? И текст ошибки где, или это игра такая когда угадать надо?
Сибирский , это игра,че годать написал же строку
KRAKEN , у меня машина металлик, почему двигатель не заводится? Вот примерно такого плана и твой вопрос
Сибирский , так он показал ошибку в этой строке так я и написал и скопировал ее
KRAKEN , интерпретатор тебе выдал текст ошибки, в данном случае важен этот текст а не только строка на какую он указал.
мб покажешь че внутри online.php? мы ведь обычные люди
RustamSadikov 
Внимание вопрос:
Что с моей рукой?
nefakt , <?php
require_once __DIR__ . '/../pumpitapi/pumpit-class.php';
if ( !empty($_GET['action']) && ($_GET['action'] == 'PaymentOk') && $pumpit->checkRequest($_SERVER['QUERY_STRING'], true) )
{
$query_string = $_SERVER['QUERY_STRING'];
parse_str($query_string, $query);
$id = iconv('windows-1251','utf-8',$_GET['app_uid']);
$su = intval($_GET['coin']);
if($su==1){
$kol = 10;
}
if($su==4){
$kol = 40;
}
if($su==20){
$kol = 200 + 35;
}
if($su==100){
$kol = 1000 + 250;
}
if($su==400){
$kol = 2000 + 1200;
}
if($su==1000){
$kol = 10000 + 3500;
}
if($kol>=200){
$pumpkin=floor($kol/200);
mysql_query("UPDATE `user` set `pumpkin`=`pumpkin`+'$pumpkin' where `id` = '".$user['id']."'");
}
if($su >= 100) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$id."', `chest_id`='3', `time`='".time()."'");
mysql_query("UPDATE `user` set `topaz`=`topaz`+10,`rubyn`=`rubyn`+10,`almaz`=`almaz`+10,`sapfyr`=`sapfyr`+10,`izumrud`=`izumrud`+10 where `id` = '$id'");
}
if($su >= 400) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$id."', `chest_id`='4', `time`='".time()."'");
}
$sumx = $kol*100;
$aprel = floor($kol*0.20);
$apr = floor($sumx*0.20);
mysql_query("UPDATE `user` set `gold`=`gold`+'$sumx'+'$apr' where `id` = '".$id."'");
mysql_query("UPDATE `user` set `gold`=`gold`+'$sumx' where `id` = '$id'");
// `snow`=`snow`+'".floor($kol/100)."'
$av = mysql_num_rows(mysql_query("SELECT * FROM `task` WHERE `usr`='$id' and `status`='2' and `task`='12'"));
if($av > 0){
mysql_query("UPDATE `task` SET `min` = `min`+'$kol' WHERE `usr`='$id' and `status`='2' and `task`='12'");
}
$time = time();
$timer = time() + 2592000;
//$text = "Поздравляем, Вы успешно приобрели <img src=/images/icon/gold.png>$kol золота!";
$text = "Поздравляем, Вы успешно приобрели $kol золота! </br> По акции Вам начислено дополнительно $aprel золота!";
$reqj = mysql_query("SELECT * FROM `user` WHERE `id` = '".$id."' LIMIT 1");
$user = mysql_fetch_array($reqj);
mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$time."', `kol`='$sumx', `kto`='+'");
//mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$tm."', `kol`='$apr', `kto`='+'");
mysql_query("INSERT INTO `mail` SET `id_user` = '2', `id_kont` = '$user[id]', `time` = '$time', `timer` = '$timer',`read` = '1', `msg` = '$text'");
$req = mysql_query("SELECT * FROM `users_konts` WHERE `id_user`='$user[id]' and `id_kont` = '2'");
$avto = mysql_num_rows($req);
if($avto==0){
mysql_query("INSERT INTO `users_konts` SET `id_user` = '$user[id]', `id_kont` = '2', `time` = '$time', `timer` = '$timer', `new_msg` = '1'");
} else {
mysql_query("UPDATE `users_konts` SET `time` = '$time', `timer` = '$timer', `new_msg` = '1' WHERE`id_user` = '$user[id]' and `id_kont` = '2'");
}
$ans = '<status>OK</status>';
echo $ans;
exit();
}
if ( !isset($_SESSION['p_sid']) || !empty($_GET['logout']) )
{
$_SESSION['pumpit_id'] = 0;
$_SESSION['p_sid'] = '';
$_SESSION['p_user_info'] = array();
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'auth') )
{
$url = $pumpit->doPumpitLogin($_SESSION['p_sid']);
header("Location: $url");
exit();
}
if ( !isset($_SESSION['x_host']) && isset($_SERVER['HTTP_X_HOST']) )
{
$_SESSION['x_host'] = $_SERVER['HTTP_X_HOST'];
}
if ( !isset($_SESSION['x_partner']) && isset($_SERVER['HTTP_X_PARTNER']) )
{
$_SESSION['x_partner'] = $_SERVER['HTTP_X_PARTNER'];
}
if ((isset($_SESSION['x_host']) && isset($_SERVER['HTTP_X_HOST'])) OR (isset($_SESSION['x_partner']) && isset($_SERVER['HTTP_X_PARTNER']))){
if ($_SESSION['pumpit_id'] == 0 or $_SESSION['p_sid'] == ''){
$url = $pumpit->doPumpitLogin($_SESSION['p_sid']);
header("Location: http://".$_SERVER['HTTP_X_PARTNER']."/play_app?app_id=96");
}
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'pay') )
{
$url = $pumpit->doIncAppAccount($_SESSION['p_sid'], $_GET['coin']);
header("Location: $url");
exit();
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'wallet') )
{
$url = $pumpit->doPumpitPayment($_SESSION['p_sid']);
header("Location: $url");
exit();
}
function online ($user = null){
$user = abs($user);
$data = mysql_fetch_object(mysql_query("SELECT `id`,`plem`,`online` FROM `user` WHERE `id`='".$user."'"));
?>
<img src="/images/icon/race/<?=($data->plem == 'ogn' ? 0 : 1);?>.png" style ="<?=($data->online < ($_SERVER['REQUEST_TIME']-3600) ? 'opacity:0.2;' : null);?>"/>
<?php
}
$bad_words = "UNION SELECT INSERT schemata FROM DELETE DROP BenchmARK CHAR GROUP ORDER TRUNCATE UPDATE <script> </script> javascript group_access document.cookie alert() eval() system() OUTFILE INTO";
$bad_list = explode(' ', $bad_words);
$line = $_POST?implode(" ", $_POST):$_SERVER['QUERY_STRING'];
foreach ($bad_list as $re) {
$Site = $_SERVER['SERVER_NAME'];
$Ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$Cuseragent = $_SERVER['HTTP_USER_AGENT'];
$Gde = $_SERVER['SCRIPT_NAME'];
$Querry = $_SERVER['QUERY_STRING'];
$re = preg_quote($re, '/');
if (preg_match("/".$re."/iu", $line)) {
$time = time();
$timer = date("j M Y в H:i", $time);
$source = '
Запрос: '.$Site.'/'.$Gde.'?'.$Querry
require_once __DIR__ . '/../pumpitapi/pumpit-class.php';
if ( !empty($_GET['action']) && ($_GET['action'] == 'PaymentOk') && $pumpit->checkRequest($_SERVER['QUERY_STRING'], true) )
{
$query_string = $_SERVER['QUERY_STRING'];
parse_str($query_string, $query);
$id = iconv('windows-1251','utf-8',$_GET['app_uid']);
$su = intval($_GET['coin']);
if($su==1){
$kol = 10;
}
if($su==4){
$kol = 40;
}
if($su==20){
$kol = 200 + 35;
}
if($su==100){
$kol = 1000 + 250;
}
if($su==400){
$kol = 2000 + 1200;
}
if($su==1000){
$kol = 10000 + 3500;
}
if($kol>=200){
$pumpkin=floor($kol/200);
mysql_query("UPDATE `user` set `pumpkin`=`pumpkin`+'$pumpkin' where `id` = '".$user['id']."'");
}
if($su >= 100) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$id."', `chest_id`='3', `time`='".time()."'");
mysql_query("UPDATE `user` set `topaz`=`topaz`+10,`rubyn`=`rubyn`+10,`almaz`=`almaz`+10,`sapfyr`=`sapfyr`+10,`izumrud`=`izumrud`+10 where `id` = '$id'");
}
if($su >= 400) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$id."', `chest_id`='4', `time`='".time()."'");
}
$sumx = $kol*100;
$aprel = floor($kol*0.20);
$apr = floor($sumx*0.20);
mysql_query("UPDATE `user` set `gold`=`gold`+'$sumx'+'$apr' where `id` = '".$id."'");
mysql_query("UPDATE `user` set `gold`=`gold`+'$sumx' where `id` = '$id'");
// `snow`=`snow`+'".floor($kol/100)."'
$av = mysql_num_rows(mysql_query("SELECT * FROM `task` WHERE `usr`='$id' and `status`='2' and `task`='12'"));
if($av > 0){
mysql_query("UPDATE `task` SET `min` = `min`+'$kol' WHERE `usr`='$id' and `status`='2' and `task`='12'");
}
$time = time();
$timer = time() + 2592000;
//$text = "Поздравляем, Вы успешно приобрели <img src=/images/icon/gold.png>$kol золота!";
$text = "Поздравляем, Вы успешно приобрели $kol золота! </br> По акции Вам начислено дополнительно $aprel золота!";
$reqj = mysql_query("SELECT * FROM `user` WHERE `id` = '".$id."' LIMIT 1");
$user = mysql_fetch_array($reqj);
mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$time."', `kol`='$sumx', `kto`='+'");
//mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$tm."', `kol`='$apr', `kto`='+'");
mysql_query("INSERT INTO `mail` SET `id_user` = '2', `id_kont` = '$user[id]', `time` = '$time', `timer` = '$timer',`read` = '1', `msg` = '$text'");
$req = mysql_query("SELECT * FROM `users_konts` WHERE `id_user`='$user[id]' and `id_kont` = '2'");
$avto = mysql_num_rows($req);
if($avto==0){
mysql_query("INSERT INTO `users_konts` SET `id_user` = '$user[id]', `id_kont` = '2', `time` = '$time', `timer` = '$timer', `new_msg` = '1'");
} else {
mysql_query("UPDATE `users_konts` SET `time` = '$time', `timer` = '$timer', `new_msg` = '1' WHERE`id_user` = '$user[id]' and `id_kont` = '2'");
}
$ans = '<status>OK</status>';
echo $ans;
exit();
}
if ( !isset($_SESSION['p_sid']) || !empty($_GET['logout']) )
{
$_SESSION['pumpit_id'] = 0;
$_SESSION['p_sid'] = '';
$_SESSION['p_user_info'] = array();
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'auth') )
{
$url = $pumpit->doPumpitLogin($_SESSION['p_sid']);
header("Location: $url");
exit();
}
if ( !isset($_SESSION['x_host']) && isset($_SERVER['HTTP_X_HOST']) )
{
$_SESSION['x_host'] = $_SERVER['HTTP_X_HOST'];
}
if ( !isset($_SESSION['x_partner']) && isset($_SERVER['HTTP_X_PARTNER']) )
{
$_SESSION['x_partner'] = $_SERVER['HTTP_X_PARTNER'];
}
if ((isset($_SESSION['x_host']) && isset($_SERVER['HTTP_X_HOST'])) OR (isset($_SESSION['x_partner']) && isset($_SERVER['HTTP_X_PARTNER']))){
if ($_SESSION['pumpit_id'] == 0 or $_SESSION['p_sid'] == ''){
$url = $pumpit->doPumpitLogin($_SESSION['p_sid']);
header("Location: http://".$_SERVER['HTTP_X_PARTNER']."/play_app?app_id=96");
}
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'pay') )
{
$url = $pumpit->doIncAppAccount($_SESSION['p_sid'], $_GET['coin']);
header("Location: $url");
exit();
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'wallet') )
{
$url = $pumpit->doPumpitPayment($_SESSION['p_sid']);
header("Location: $url");
exit();
}
function online ($user = null){
$user = abs($user);
$data = mysql_fetch_object(mysql_query("SELECT `id`,`plem`,`online` FROM `user` WHERE `id`='".$user."'"));
?>
<img src="/images/icon/race/<?=($data->plem == 'ogn' ? 0 : 1);?>.png" style ="<?=($data->online < ($_SERVER['REQUEST_TIME']-3600) ? 'opacity:0.2;' : null);?>"/>
<?php
}
$bad_words = "UNION SELECT INSERT schemata FROM DELETE DROP BenchmARK CHAR GROUP ORDER TRUNCATE UPDATE <script> </script> javascript group_access document.cookie alert() eval() system() OUTFILE INTO";
$bad_list = explode(' ', $bad_words);
$line = $_POST?implode(" ", $_POST):$_SERVER['QUERY_STRING'];
foreach ($bad_list as $re) {
$Site = $_SERVER['SERVER_NAME'];
$Ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$Cuseragent = $_SERVER['HTTP_USER_AGENT'];
$Gde = $_SERVER['SCRIPT_NAME'];
$Querry = $_SERVER['QUERY_STRING'];
$re = preg_quote($re, '/');
if (preg_match("/".$re."/iu", $line)) {
$time = time();
$timer = date("j M Y в H:i", $time);
$source = '
Запрос: '.$Site.'/'.$Gde.'?'.$Querry
TheYaMus , <?php
require_once __DIR__ . '/../pumpitapi/pumpit-class.php';
if ( !empty($_GET['action']) && ($_GET['action'] == 'PaymentOk') && $pumpit->checkRequest($_SERVER['QUERY_STRING'], true) )
{
$query_string = $_SERVER['QUERY_STRING'];
parse_str($query_string, $query);
$id = iconv('windows-1251','utf-8',$_GET['app_uid']);
$su = intval($_GET['coin']);
if($su==1){
$kol = 10;
}
if($su==4){
$kol = 40;
}
if($su==20){
$kol = 200 + 35;
}
if($su==100){
$kol = 1000 + 250;
}
if($su==400){
$kol = 2000 + 1200;
}
if($su==1000){
$kol = 10000 + 3500;
}
if($kol>=200){
$pumpkin=floor($kol/200);
mysql_query("UPDATE `user` set `pumpkin`=`pumpkin`+'$pumpkin' where `id` = '".$user['id']."'");
}
if($su >= 100) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$id."', `chest_id`='3', `time`='".time()."'");
mysql_query("UPDATE `user` set `topaz`=`topaz`+10,`rubyn`=`rubyn`+10,`almaz`=`almaz`+10,`sapfyr`=`sapfyr`+10,`izumrud`=`izumrud`+10 where `id` = '$id'");
}
if($su >= 400) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$id."', `chest_id`='4', `time`='".time()."'");
}
$sumx = $kol*100;
$aprel = floor($kol*0.20);
$apr = floor($sumx*0.20);
mysql_query("UPDATE `user` set `gold`=`gold`+'$sumx'+'$apr' where `id` = '".$id."'");
mysql_query("UPDATE `user` set `gold`=`gold`+'$sumx' where `id` = '$id'");
// `snow`=`snow`+'".floor($kol/100)."'
$av = mysql_num_rows(mysql_query("SELECT * FROM `task` WHERE `usr`='$id' and `status`='2' and `task`='12'"));
if($av > 0){
mysql_query("UPDATE `task` SET `min` = `min`+'$kol' WHERE `usr`='$id' and `status`='2' and `task`='12'");
}
$time = time();
$timer = time() + 2592000;
//$text = "Поздравляем, Вы успешно приобрели <img src=/images/icon/gold.png>$kol золота!";
$text = "Поздравляем, Вы успешно приобрели $kol золота! </br> По акции Вам начислено дополнительно $aprel золота!";
$reqj = mysql_query("SELECT * FROM `user` WHERE `id` = '".$id."' LIMIT 1");
$user = mysql_fetch_array($reqj);
mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$time."', `kol`='$sumx', `kto`='+'");
//mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$tm."', `kol`='$apr', `kto`='+'");
mysql_query("INSERT INTO `mail` SET `id_user` = '2', `id_kont` = '$user[id]', `time` = '$time', `timer` = '$timer',`read` = '1', `msg` = '$text'");
$req = mysql_query("SELECT * FROM `users_konts` WHERE `id_user`='$user[id]' and `id_kont` = '2'");
$avto = mysql_num_rows($req);
if($avto==0){
mysql_query("INSERT INTO `users_konts` SET `id_user` = '$user[id]', `id_kont` = '2', `time` = '$time', `timer` = '$timer', `new_msg` = '1'");
} else {
mysql_query("UPDATE `users_konts` SET `time` = '$time', `timer` = '$timer', `new_msg` = '1' WHERE`id_user` = '$user[id]' and `id_kont` = '2'");
}
$ans = '<status>OK</status>';
echo $ans;
exit();
}
if ( !isset($_SESSION['p_sid']) || !empty($_GET['logout']) )
{
$_SESSION['pumpit_id'] = 0;
$_SESSION['p_sid'] = '';
$_SESSION['p_user_info'] = array();
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'auth') )
{
$url = $pumpit->doPumpitLogin($_SESSION['p_sid']);
header("Location: $url");
exit();
}
if ( !isset($_SESSION['x_host']) && isset($_SERVER['HTTP_X_HOST']) )
{
$_SESSION['x_host'] = $_SERVER['HTTP_X_HOST'];
}
if ( !isset($_SESSION['x_partner']) && isset($_SERVER['HTTP_X_PARTNER']) )
{
$_SESSION['x_partner'] = $_SERVER['HTTP_X_PARTNER'];
}
if ((isset($_SESSION['x_host']) && isset($_SERVER['HTTP_X_HOST'])) OR (isset($_SESSION['x_partner']) && isset($_SERVER['HTTP_X_PARTNER']))){
if ($_SESSION['pumpit_id'] == 0 or $_SESSION['p_sid'] == ''){
$url = $pumpit->doPumpitLogin($_SESSION['p_sid']);
header("Location: http://".$_SERVER['HTTP_X_PARTNER']."/play_app?app_id=96");
}
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'pay') )
{
$url = $pumpit->doIncAppAccount($_SESSION['p_sid'], $_GET['coin']);
header("Location: $url");
exit();
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'wallet') )
{
$url = $pumpit->doPumpitPayment($_SESSION['p_sid']);
header("Location: $url");
exit();
}
function online ($user = null){
$user = abs($user);
$data = mysql_fetch_object(mysql_query("SELECT `id`,`plem`,`online` FROM `user` WHERE `id`='".$user."'"));
?>
<img src="/images/icon/race/<?=($data->plem == 'ogn' ? 0 : 1);?>.png" style ="<?=($data->online < ($_SERVER['REQUEST_TIME']-3600) ? 'opacity:0.2;' : null);?>"/>
<?php
}
$bad_words = "UNION SELECT INSERT schemata FROM DELETE DROP BenchmARK CHAR GROUP ORDER TRUNCATE UPDATE <script> </script> javascript group_access document.cookie alert() eval() system() OUTFILE INTO";
$bad_list = explode(' ', $bad_words);
$line = $_POST?implode(" ", $_POST):$_SERVER['QUERY_STRING'];
foreach ($bad_list as $re) {
$Site = $_SERVER['SERVER_NAME'];
$Ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$Cuseragent = $_SERVER['HTTP_USER_AGENT'];
$Gde = $_SERVER['SCRIPT_NAME'];
$Querry = $_SERVER['QUERY_STRING'];
$re = preg_quote($re, '/');
if (preg_match("/".$re."/iu", $line)) {
$time = time();
$timer = date("j M Y в H:i", $time);
$source = '
Запрос: '.$Site.'/'.$Gde.'?'.$Quer
require_once __DIR__ . '/../pumpitapi/pumpit-class.php';
if ( !empty($_GET['action']) && ($_GET['action'] == 'PaymentOk') && $pumpit->checkRequest($_SERVER['QUERY_STRING'], true) )
{
$query_string = $_SERVER['QUERY_STRING'];
parse_str($query_string, $query);
$id = iconv('windows-1251','utf-8',$_GET['app_uid']);
$su = intval($_GET['coin']);
if($su==1){
$kol = 10;
}
if($su==4){
$kol = 40;
}
if($su==20){
$kol = 200 + 35;
}
if($su==100){
$kol = 1000 + 250;
}
if($su==400){
$kol = 2000 + 1200;
}
if($su==1000){
$kol = 10000 + 3500;
}
if($kol>=200){
$pumpkin=floor($kol/200);
mysql_query("UPDATE `user` set `pumpkin`=`pumpkin`+'$pumpkin' where `id` = '".$user['id']."'");
}
if($su >= 100) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$id."', `chest_id`='3', `time`='".time()."'");
mysql_query("UPDATE `user` set `topaz`=`topaz`+10,`rubyn`=`rubyn`+10,`almaz`=`almaz`+10,`sapfyr`=`sapfyr`+10,`izumrud`=`izumrud`+10 where `id` = '$id'");
}
if($su >= 400) {
mysql_query("INSERT INTO `chests_user` set `user_id`='".$id."', `chest_id`='4', `time`='".time()."'");
}
$sumx = $kol*100;
$aprel = floor($kol*0.20);
$apr = floor($sumx*0.20);
mysql_query("UPDATE `user` set `gold`=`gold`+'$sumx'+'$apr' where `id` = '".$id."'");
mysql_query("UPDATE `user` set `gold`=`gold`+'$sumx' where `id` = '$id'");
// `snow`=`snow`+'".floor($kol/100)."'
$av = mysql_num_rows(mysql_query("SELECT * FROM `task` WHERE `usr`='$id' and `status`='2' and `task`='12'"));
if($av > 0){
mysql_query("UPDATE `task` SET `min` = `min`+'$kol' WHERE `usr`='$id' and `status`='2' and `task`='12'");
}
$time = time();
$timer = time() + 2592000;
//$text = "Поздравляем, Вы успешно приобрели <img src=/images/icon/gold.png>$kol золота!";
$text = "Поздравляем, Вы успешно приобрели $kol золота! </br> По акции Вам начислено дополнительно $aprel золота!";
$reqj = mysql_query("SELECT * FROM `user` WHERE `id` = '".$id."' LIMIT 1");
$user = mysql_fetch_array($reqj);
mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$time."', `kol`='$sumx', `kto`='+'");
//mysql_query("INSERT INTO `logi` set `user_id` = '".$user['id']."', `text` = 'Куплено золото', `time` = '".$tm."', `kol`='$apr', `kto`='+'");
mysql_query("INSERT INTO `mail` SET `id_user` = '2', `id_kont` = '$user[id]', `time` = '$time', `timer` = '$timer',`read` = '1', `msg` = '$text'");
$req = mysql_query("SELECT * FROM `users_konts` WHERE `id_user`='$user[id]' and `id_kont` = '2'");
$avto = mysql_num_rows($req);
if($avto==0){
mysql_query("INSERT INTO `users_konts` SET `id_user` = '$user[id]', `id_kont` = '2', `time` = '$time', `timer` = '$timer', `new_msg` = '1'");
} else {
mysql_query("UPDATE `users_konts` SET `time` = '$time', `timer` = '$timer', `new_msg` = '1' WHERE`id_user` = '$user[id]' and `id_kont` = '2'");
}
$ans = '<status>OK</status>';
echo $ans;
exit();
}
if ( !isset($_SESSION['p_sid']) || !empty($_GET['logout']) )
{
$_SESSION['pumpit_id'] = 0;
$_SESSION['p_sid'] = '';
$_SESSION['p_user_info'] = array();
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'auth') )
{
$url = $pumpit->doPumpitLogin($_SESSION['p_sid']);
header("Location: $url");
exit();
}
if ( !isset($_SESSION['x_host']) && isset($_SERVER['HTTP_X_HOST']) )
{
$_SESSION['x_host'] = $_SERVER['HTTP_X_HOST'];
}
if ( !isset($_SESSION['x_partner']) && isset($_SERVER['HTTP_X_PARTNER']) )
{
$_SESSION['x_partner'] = $_SERVER['HTTP_X_PARTNER'];
}
if ((isset($_SESSION['x_host']) && isset($_SERVER['HTTP_X_HOST'])) OR (isset($_SESSION['x_partner']) && isset($_SERVER['HTTP_X_PARTNER']))){
if ($_SESSION['pumpit_id'] == 0 or $_SESSION['p_sid'] == ''){
$url = $pumpit->doPumpitLogin($_SESSION['p_sid']);
header("Location: http://".$_SERVER['HTTP_X_PARTNER']."/play_app?app_id=96");
}
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'pay') )
{
$url = $pumpit->doIncAppAccount($_SESSION['p_sid'], $_GET['coin']);
header("Location: $url");
exit();
}
if ( !empty($_GET['action']) && ($_GET['action'] == 'wallet') )
{
$url = $pumpit->doPumpitPayment($_SESSION['p_sid']);
header("Location: $url");
exit();
}
function online ($user = null){
$user = abs($user);
$data = mysql_fetch_object(mysql_query("SELECT `id`,`plem`,`online` FROM `user` WHERE `id`='".$user."'"));
?>
<img src="/images/icon/race/<?=($data->plem == 'ogn' ? 0 : 1);?>.png" style ="<?=($data->online < ($_SERVER['REQUEST_TIME']-3600) ? 'opacity:0.2;' : null);?>"/>
<?php
}
$bad_words = "UNION SELECT INSERT schemata FROM DELETE DROP BenchmARK CHAR GROUP ORDER TRUNCATE UPDATE <script> </script> javascript group_access document.cookie alert() eval() system() OUTFILE INTO";
$bad_list = explode(' ', $bad_words);
$line = $_POST?implode(" ", $_POST):$_SERVER['QUERY_STRING'];
foreach ($bad_list as $re) {
$Site = $_SERVER['SERVER_NAME'];
$Ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$Cuseragent = $_SERVER['HTTP_USER_AGENT'];
$Gde = $_SERVER['SCRIPT_NAME'];
$Querry = $_SERVER['QUERY_STRING'];
$re = preg_quote($re, '/');
if (preg_match("/".$re."/iu", $line)) {
$time = time();
$timer = date("j M Y в H:i", $time);
$source = '
Запрос: '.$Site.'/'.$Gde.'?'.$Quer