Zeratul
Создатель
- Регистрация
- 17 Мар 2006
- Сообщения
- 1.321
- Реакции
- 5.595
- Автор темы
- #1
Привет всему народу.
В общем я готовлю абсалютн опубличный релиз биллинга.
Который завётса.. вы сами знаете как
В общем пишите своё мнение о нём.. пока релиз только готовиться.. точных дат называть небуду, но скажу что он ТОЧНО БУДЕТ.
Если кто то из адванты здесь может есть то специальный комментарий:
"Бекапы нужно отдавать сразу, когда по человечески просят." ---0
А вообще адванта САМЫЙ поганый хостинг который я когда лиюбо видел..
А админ @lexey ваще просто урод. :tcl:
Просто размещайте свои сайты в нормальных компаниях и у вас небудет опыта работы с уродами.
Если кто то ещё не верит в дезенд то вот подтверждение:
Ваши скрипты и права НЕ защищены.![:-]](/styles/default/nulled/smilies/1.gif "Ухмылка :-]")
Так же по причине открывания кода скрипта советую всем понятливым либо вообще убрать bpanel с сервера, либо стереть файлы с логинами на WMH.
Потому что имея открытый код даже только этого файла файла можно очень повеселиться с вашими серверами
Этот файл(webmoney.php) можно назвать подарком для хакеров
В общем какое ваше мнение?
PS: Я не против хостеров, но если у вас есть мозги то - бипанель теперь НЕ защищена.
В общем я готовлю абсалютн опубличный релиз биллинга.
Который завётса.. вы сами знаете как
В общем пишите своё мнение о нём.. пока релиз только готовиться.. точных дат называть небуду, но скажу что он ТОЧНО БУДЕТ.
Если кто то из адванты здесь может есть то специальный комментарий:
"Бекапы нужно отдавать сразу, когда по человечески просят." ---0
А вообще адванта САМЫЙ поганый хостинг который я когда лиюбо видел..
А админ @lexey ваще просто урод. :tcl:
Просто размещайте свои сайты в нормальных компаниях и у вас небудет опыта работы с уродами.
Если кто то ещё не верит в дезенд то вот подтверждение:
PHP:
<?
$license_gen_version = '1.1';
$license_gen_hash = 'Xed8ZxRvSmhpPI2wlTn2';
$license_gen_word = md5 (microtime () - 1);
$license_conf_check_license = 'Yes';
$license_conf_use_hash = 'Yes';
$data = var_export (debug_backtrace (), true);
if ((str_replace ('
', '', $data) !== 'array ()' OR is_null ($_SERVER['HTTP_ACCEPT'])))
{
print 'System error #2.<br>Contact our support dept., please.';
exit ();
}
unset ($data);
$sapi_type = php_sapi_name ();
if (($sapi_type !== 'cgi' AND $sapi_type !== 'cgi-fcgi'))
{
$headers = @apache_request_headers ();
foreach ($headers as $header => $value)
{
if ($header == 'Host')
{
$sapi_host = $value;
continue;
}
}
}
if ((!is_null ($sapi_host) AND $sapi_host !== getenv ('HTTP_HOST')))
{
print 'System error #2.<br>Contact our support dept., please.';
exit ();
}
unset ($sapi_type);
unset ($sapi_host);
$maketime = microtime ();
$license_hash = md5 (getenv ('HTTP_HOST') . $maketime . 'MeE7ta2ED64sAcjY');
@require 'license.php';
if ($license_hash !== md5 (getenv ('HTTP_HOST') . $maketime . 'MeE7ta2ED64sAcjY'))
{
print 'System error #2.<br>Contact our support dept., please.';
exit ();
}
if (is_null ($license_domen))
{
print 'System error #2.<br>Contact our support dept., please.';
exit ();
}
if ((getenv ('HTTP_HOST') !== $license_domen AND getenv ('HTTP_HOST') !== 'www.' . $license_domen))
{
print 'System error #2.<br>Contact our support dept., please.';
exit ();
}
if (@ini_get (auto_prepend_file) !== '')
{
print 'System error #2.<br>Contact our support dept., please.';
exit ();
}
$down_ = '_';
if (md5 ($license_domen . $down_ . $license_type . $down_ . 'ZpxaV5KwkARg') !== $license_serial)
{
print 'System error #2.<br>Contact our support dept., please.';
exit ();
}
unset ($down_);
$down_ = '_';
$my_script_variable_1UzGaTe_S = md5 ('' . $license_domen . $down_ . ('' . $license_type) . $down_ . 'Mhi0rajLU5cVjcB');
$my_script_value_1UzGaTe_S = md5 ('' . $license_domen . $down_ . ('' . $license_type) . $down_ . 'HJqGeYbsORhpxIs');
$my_script_variable_1UzGaTe_S = '' . 'script_' . $my_script_variable_1UzGaTe_S;
$$my_script_variable_1UzGaTe_S = '' . $my_script_value_1UzGaTe_S;
unset ($down_);
require 'config.php';
$down_ = '_';
$my_script_security_1UzGaTe = md5 ('' . $license_domen . $down_ . ('' . $license_type) . $down_ . 'T2uJYmQsKCzAPsPw');
$my_script_security_v_1UzGaTe = md5 ('' . $license_domen . $down_ . ('' . $license_type) . $down_ . 'GLKuf19w8eJI5WfG');
$my_script_security_1UzGaTe = '' . 'script_' . $my_script_security_1UzGaTe;
if ($$my_script_security_1UzGaTe !== $my_script_security_v_1UzGaTe)
{
print 'System error #5.<br>Incorrect Data Into Config File...';
exit ();
}
unset ($$my_script_security_1UzGaTe);
unset ($my_script_security_v_1UzGaTe);
unset ($$my_script_variable_1UzGaTe_S);
unset ($my_script_variable_1UzGaTe_S);
unset ($down_);
$date = date ('d-m-Y H:i:s');
if ((eregi ('[^a-z]', $mod) OR is_null ($mod)))
{
$mod = '';
}
if ((eregi ('[^a-z]', $go) OR is_null ($go)))
{
$go = '';
}
if (!is_numeric ($month))
{
$month = '0';
}
if (!is_numeric ($term))
{
$term = '0';
}
if (!is_numeric ($domenid))
{
$domenid = '0';
}
if (!is_numeric ($tarifid))
{
$tarifid = '0';
}
if (!is_numeric ($itemid))
{
$itemid = '0';
}
if (!is_numeric ($cardid))
{
$cardid = '0';
}
if (!is_numeric ($cardcost))
{
$cardcost = '0.00';
}
$cardcost = number_format ($cardcost, 2, '.', '');
$userlogin = htmlspecialchars ($userlogin, ENT_QUOTES, 'cp1251');
$userlogin = stripslashes ($userlogin);
$cardlogin = htmlspecialchars ($cardlogin, ENT_QUOTES, 'cp1251');
$cardlogin = stripslashes ($cardlogin);
$keeper = htmlspecialchars ($keeper, ENT_QUOTES, 'cp1251');
$keeper = stripslashes ($keeper);
if (!is_numeric ($LMI_PAYMENT_AMOUNT))
{
$LMI_PAYMENT_AMOUNT = '';
}
$LMI_SECRET_KEY = htmlspecialchars ($LMI_SECRET_KEY, ENT_QUOTES, 'cp1251');
$LMI_SECRET_KEY = stripslashes ($LMI_SECRET_KEY);
$LMI_HASH = htmlspecialchars ($LMI_HASH, ENT_QUOTES, 'cp1251');
$LMI_HASH = stripslashes ($LMI_HASH);
if (!is_numeric ($LMI_PAYMENT_NO))
{
$LMI_PAYMENT_NO = '0';
}
if (!is_numeric ($LMI_PAYER_WM))
{
$LMI_PAYER_WM = '0';
}
$LMI_PAYEE_PURSE = htmlspecialchars ($LMI_PAYEE_PURSE, ENT_QUOTES, 'cp1251');
$LMI_PAYEE_PURSE = stripslashes ($LMI_PAYEE_PURSE);
$what = '';
if (!($connect = mysql_connect ($host, $user, $pass)))
{
exit ('Can\'t connect to db MySQL!');
;
}
if (!(mysql_select_db ($dbname, $connect)))
{
exit ('<br>Table MySQL doesn\'t exist!');
;
}
$user = 'root';
$pass = 'wUAD9R0b';
$template_name = $template_wm;
include 'admin/lang/russian.php';
$result_config_counter = '0';
$result_config = mysql_query ('' . 'select * from ' . $tableconf . ' order by ID');
while ($config_entry = mysql_fetch_array ($result_config))
{
$result_config_counter = $result_config_counter + 1;
$config_e[$result_config_counter] = '' . $config_entry['1'];
}
$fsearch = '';
$pmodinfo = $_SERVER['REQUEST_URI'];
$pinfo = $_SERVER['REQUEST_URI'];
if ((((((((((((stristr ($_SERVER['QUERY_STRING'], '"') OR stristr ($_SERVER['QUERY_STRING'], '\\\'')) OR stristr ($_SERVER['QUERY_STRING'], '\\')) OR stristr ($_SERVER['QUERY_STRING'], '*')) OR stristr ($_SERVER['QUERY_STRING'], '#')) OR stristr ($_SERVER['QUERY_STRING'], '|')) OR stristr ($_SERVER['QUERY_STRING'], '-')) OR stristr ($_SERVER['QUERY_STRING'], '+')) OR stristr ($_SERVER['QUERY_STRING'], '%')) OR stristr ($_SERVER['QUERY_STRING'], '/')) OR stristr ($_SERVER['QUERY_STRING'], '^')) OR stristr ($_SERVER['QUERY_STRING'], '<')))
{
$fsearch = 'block';
$pinfo = $_SERVER['REDIRECT_URL'];
}
$page = getenv ('HTTP_REFERER');
$ip = getenv ('REMOTE_ADDR');
$realip = getenv ('HTTP_X_FORWARDED_FOR');
$brows = getenv ('HTTP_USER_AGENT');
$winds = getenv ('windir');
$alang = getenv ('HTTP_ACCEPT_LANGUAGE');
if ($fsearch == 'block')
{
if ($config_e[151] !== '')
{
include 'admin/mail/security.php';
mail ('' . $config_e['151'], '' . $hack_mail_subject, '' . $hack_mail, '' . 'Return-Path: <' . $mymail . '>
' . ('' . 'From: ' . $myname . ' <' . $mymail . '>
') . ('' . 'Reply-To: ' . $myname . ' <' . $mymail . '>
') . 'X-Priority: 3
' . ('' . 'X-Mailer: BPanel from ' . $SERVER_NAME . '
') . ('' . 'X-Originating-IP: [' . $SERVER_ADDR . ']
') . ('' . 'Content-type: text/plain; charset=' . $config_e['20'] . '
') . 'Content-Transfer-Encoding: 8bit
' . 'Date: ' . date ('r'));
}
require '' . 'admin/template/' . $template_reg_h;
print '' . '<center><img src="img/smile.gif"> <img src="img/smile.gif"> <img src="img/smile.gif"><br>' . $lang_hack_logged . '</center>';
require '' . 'admin/template/' . $template_reg_f;
mysql_close ($connect);
exit ();
}
if (($config_e[83] == 'Yes' AND $config_e[84] !== ''))
{
$ip = getenv ('REMOTE_ADDR');
$realip = getenv ('HTTP_X_FORWARDED_FOR');
$checker_ip = '';
$exp_ip = explode ('
', $config_e[84]);
for ($i = 0; $i < count ($exp_ip); ++$i)
{
if ((ereg ('' . '^' . $exp_ip[$i], $ip) OR ereg ('' . '^' . $exp_ip[$i], $realip)))
{
require '' . 'admin/template/' . $template_reg_h;
$config_e[85] = nl2br ($config_e[85]);
print '' . $config_e['85'];
require '' . 'admin/template/' . $template_reg_f;
mysql_close ($connect);
exit ();
continue;
}
}
}
if ($license_type == 'UnLimited-L')
{
print 'BPanel License Type: LITE.<br>In your version of license this service is unavailable...';
mysql_close ($connect);
exit ();
}
if ($_SERVER['QUERY_STRING'] == 'fail')
{
require '' . 'admin/template/' . $template_reg_h;
print '' . $lang_p_e_fail . '<br><br>' . $lang_p_enter . ':
<a href="http://' . $myserver . '/' . $mysitedir . '?mod=main">http://' . $myserver . '/' . $mysitedir . '</a>';
require '' . 'admin/template/' . $template_reg_f;
mysql_close ($connect);
exit ();
}
if ($_SERVER['QUERY_STRING'] == 'ok')
{
$text_to_view = '';
if ($go == 'activate')
{
$text_to_view = $lang_p_act1;
}
if ($go == 'account')
{
$text_to_view = $lang_p_act2;
}
if ($go == 'domenreg')
{
$text_to_view = $lang_p_act3;
}
if ($go == 'domen')
{
$text_to_view = $lang_p_act4;
}
if ($go == 'addon')
{
$text_to_view = $lang_p_act5;
}
if ($go == 'card')
{
$text_to_view = $lang_p_act6;
}
if ($go == 'tarif')
{
$text_to_view = $lang_p_act7;
}
require '' . 'admin/template/' . $template_reg_h;
print '' . $lang_p_thx . $text_to_view . '<br><br>' . $lang_p_enter . ': <a href="http://' . $myserver . '/' . $mysitedir . '?mod=main">http://' . $myserver . '/' . $mysitedir . '</a>';
require '' . 'admin/template/' . $template_reg_f;
mysql_close ($connect);
exit ();
}
if ($LMI_PAYMENT_NO == '0')
{
print '' . $lang_p_e_data;
mysql_close ($connect);
exit ();
}
$resultuser = mysql_query ('' . 'select * from ' . $tableuser . ' where ID=\'' . $LMI_PAYMENT_NO . '\' and userlogin=\'' . $userlogin . '\'');
$iduser = mysql_fetch_row ($resultuser);
if ($userlogin !== $iduser[1])
{
require '' . 'admin/template/' . $template_reg_h;
print '' . $lang_p_e_data;
require '' . 'admin/template/' . $template_reg_f;
mysql_close ($connect);
exit ();
}
$paytype = $go;
$servicelogin = $userlogin;
$serviceid = $LMI_PAYMENT_NO;
$payment_calculate_pass = 'EqJFToyD3xwIpYum';
require 'admin/modules/payment_calculate.php';
$payment_calculate_pass = '';
$resultpayby = mysql_query ('' . 'select * from ' . $tablepayby . ' where name=\'' . $config_e['42'] . '\' order by ID');
$row_pay = mysql_fetch_array ($resultpayby);
$extracost = $cost * $row_pay[4] / 100;
$extracost = number_format ($extracost, 2, '.', '');
$cost = $cost * (1 + $row_pay[4] / 100);
$rucost = $cost * $config_e[231];
$cost = number_format ($cost, 2, '.', '');
$rucost = number_format ($rucost, 2, '.', '');
if ($payment_calculate_check !== '2nah4dGVBl2LwCQC')
{
print 'System error :(';
mysql_close ($connect);
exit ();
}
$payment_calculate_check = '';
if ($payment_calculate_ans == 'ERROR')
{
print '' . $lang_p_e_data;
mysql_close ($connect);
exit ();
}
if ($go == 'activate')
{
$what = '' . $lang_ic2_act1 . ' ' . $LMI_PAYMENT_NO . ' x ' . $iduser['8'];
$by_data_comment = '' . 'From: ' . $LMI_PAYER_WM . '
Cost: ' . $LMI_PAYMENT_AMOUNT . '
For: ' . $LMI_PAYEE_PURSE;
}
if ($go == 'account')
{
$term = $month;
$what = '' . $lang_ic2_act2 . ' ' . $LMI_PAYMENT_NO . ' x ' . $month;
$by_data_comment = '' . 'From: ' . $LMI_PAYER_WM . '
Cost: ' . $LMI_PAYMENT_AMOUNT . '
For: ' . $LMI_PAYEE_PURSE;
}
if ($go == 'domenreg')
{
$what = '' . $lang_m_domreg . ' ' . $iddomen['2'] . ' x ' . $iddomen['9'];
$by_data_comment = '' . 'From: ' . $LMI_PAYER_WM . '
Cost: ' . $LMI_PAYMENT_AMOUNT . '
For: ' . $LMI_PAYEE_PURSE . '
DomenId: ' . $domenid;
}
if ($go == 'domen')
{
$what = '' . $lang_ic2_p_pr_d . ' ' . $iddomen['2'] . ' x ' . $term;
$by_data_comment = '' . 'From: ' . $LMI_PAYER_WM . '
Cost: ' . $LMI_PAYMENT_AMOUNT . '
For: ' . $LMI_PAYEE_PURSE . '
DomenId: ' . $domenid;
}
if ($go == 'tarif')
{
$what = '' . $lang_ic2_p_t1 . ' ' . $LMI_PAYMENT_NO;
$by_data_comment = '' . 'From: ' . $LMI_PAYER_WM . '
Cost: ' . $LMI_PAYMENT_AMOUNT . '
For: ' . $LMI_PAYEE_PURSE . '
Old Tarif: ' . $iduser['7'];
}
if ($go == 'addon')
{
$what = '' . $lang_p_addon . ' ' . $itemid;
$by_data_comment = '' . 'From: ' . $LMI_PAYER_WM . '
Cost: ' . $LMI_PAYMENT_AMOUNT . '
For: ' . $LMI_PAYEE_PURSE . '
AddonId: ' . $itemid;
}
if ($go == 'card')
{
$what = '' . $lang_p_card . ' ' . $cardid;
$by_data_comment = '' . 'From: ' . $LMI_PAYER_WM . '
Cost: ' . $LMI_PAYMENT_AMOUNT . '
For: ' . $LMI_PAYEE_PURSE . '
CardId: ' . $cardid;
}
$wmecost = $cost * $config_e[49];
$wmecost = number_format ($wmecost, 2, '.', '');
$wmucost = $cost * $config_e[50];
$wmucost = number_format ($wmucost, 2, '.', '');
if ($keeper == 'WMZ')
{
$viewcost = '' . $cost . ' ' . $keeper;
$formcost = $cost;
$wmkeeper = $config_e[44];
}
if ($keeper == 'WMR')
{
$viewcost = '' . $rucost . ' ' . $keeper;
$formcost = $rucost;
$wmkeeper = $config_e[45];
}
if ($keeper == 'WME')
{
$viewcost = '' . $wmecost . ' ' . $keeper;
$formcost = $wmecost;
$wmkeeper = $config_e[46];
}
if ($keeper == 'WMU')
{
$viewcost = '' . $wmucost . ' ' . $keeper;
$formcost = $wmucost;
$wmkeeper = $config_e[47];
}
if ($cost <= 0)
{
require '' . 'admin/template/' . $template_reg_h;
print '' . $lang_p_error;
require '' . 'admin/template/' . $template_reg_f;
mysql_close ($connect);
exit ();
}
if (($LMI_HASH !== '' AND $go !== ''))
{
$purse = '' . $LMI_PAYEE_PURSE . $LMI_PAYMENT_AMOUNT . $LMI_PAYMENT_NO . $LMI_MODE . $LMI_SYS_INVS_NO . $LMI_SYS_TRANS_NO . $LMI_SYS_TRANS_DATE . $LMI_SECRET_KEY . $LMI_PAYER_PURSE . $LMI_PAYER_WM;
$purse = md5 ($purse);
$purse = strtoupper ($purse);
if ((($purse !== $LMI_HASH OR $formcost !== $LMI_PAYMENT_AMOUNT) OR $wmkeeper !== $LMI_PAYEE_PURSE))
{
$status = $lang_p_failed1;
}
else
{
$status = $lang_p_withno;
$message_to_letter = $lang_p_withno;
}
$ip = getenv ('REMOTE_ADDR');
$refer = getenv ('HTTP_REFERER');
$browser = getenv ('HTTP_USER_AGENT');
$wm_server_ip_1 = '212.158.173.9';
$wm_server_ip_2 = '212.118.48.8';
$wm_server_ip_3 = '212.118.48.9';
$wm_server_ip_4 = '212.118.48.158';
$wm_server_ip_5 = '82.198.171.158';
$wm_server_browser = 'Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)';
if ((((($ip !== $wm_server_ip_1 AND $ip !== $wm_server_ip_2) AND $ip !== $wm_server_ip_3) AND $ip !== $wm_server_ip_4) AND $ip !== $wm_server_ip_5))
{
$ip = '' . $lang_p_iperr . ': ' . $ip;
}
if ($browser !== $wm_server_browser)
{
$browser = '' . $lang_p_iperr . ': ' . $browser;
}
if ((($status == $lang_p_failed1 OR stristr ($ip, $lang_p_iperr)) OR stristr ($wm_server_browser, $lang_p_iperr)))
{
$message_to_letter = '' . $lang_p_failed2 . ':
' . $ip . ' VS ' . $wm_server_ip_1 . ' or ' . $wm_server_ip_2 . ' or ' . $wm_server_ip_3 . ' or ' . $wm_server_ip_4 . ' or ' . $wm_server_ip_5 . '
' . $browser . ' VS "' . $wm_server_browser . '"
' . $LMI_HASH . ' VS ' . $purse . '
' . $LMI_PAYMENT_AMOUNT . ' VS ' . $formcost;
}
include 'admin/mail/wm_merchant.php';
mail ('' . $myname_billing . ' <' . $mymail_billing . '>', '' . $wm_merchant_subject, '' . $wm_merchant_mail, '' . 'Return-Path: <' . $mymail . '>
' . ('' . 'From: ' . $myname . ' <' . $mymail . '>
') . ('' . 'Reply-To: ' . $myname . ' <' . $mymail . '>
') . 'X-Priority: 3
' . ('' . 'X-Mailer: BPanel from ' . $SERVER_NAME . '
') . ('' . 'X-Originating-IP: [' . $SERVER_ADDR . ']
') . ('' . 'Content-type: text/plain; charset=' . $config_e['20'] . '
') . 'Content-Transfer-Encoding: 8bit
' . 'Date: ' . date ('r'));
if (($config_e[43] == 'No' AND $status == $lang_p_failed1))
{
mysql_close ($connect);
exit ();
}
$payment_calculate_pass = 'EqJFToyD3xwIpYum';
$by_comment = $config_e[48];
$by_merchant = 'WM_Merchant';
$modul = 'client';
print 'Thank You, WebMoney ;)';
if ($go == 'activate')
{
require 'admin/modules/automatic_activate.php';
}
if ($go == 'account')
{
require 'admin/modules/automatic_account.php';
}
if ($go == 'domenreg')
{
require 'admin/modules/automatic_domenreg.php';
}
if ($go == 'domen')
{
require 'admin/modules/automatic_domen.php';
}
if ($go == 'tarif')
{
require 'admin/modules/automatic_tarif.php';
}
if ($go == 'addon')
{
require 'admin/modules/automatic_addon.php';
}
if ($go == 'card')
{
require 'admin/modules/automatic_card.php';
}
mysql_close ($connect);
exit ();
}
if ($mod == 'pay')
{
require 'admin/template/panel_head.inc';
if ($keeper == '')
{
if ($go == 'activate')
{
if (2000 < $gdate_)
{
print '' . $lang_p_already1;
require 'admin/template/panel_foot.inc';
mysql_close ($connect);
exit ();
}
if ($cost <= 0)
{
print '' . $lang_p_e_data;
require 'admin/template/panel_foot.inc';
mysql_close ($connect);
exit ();
}
}
if ($go == 'account')
{
if ($gdate_ < 2000)
{
print '' . $pay_no_activate;
require 'admin/template/panel_foot.inc';
mysql_close ($connect);
exit ();
}
if (($cost <= 0 OR !is_numeric ($month)))
{
print '' . $lang_p_e_data;
require 'admin/template/panel_foot.inc';
mysql_close ($connect);
exit ();
}
}
print '' . '<p align="center"><form name="webmoney" method="POST" action="webmoney.php">
<input type="hidden" name="LMI_PAYMENT_NO" value="' . $iduser['0'] . '">
<input type="hidden" name="userlogin" value="' . $userlogin . '">
<input type="hidden" name="go" value="' . $go . '">
<input type="hidden" name="mod" value="' . $mod . '">';
if ($month !== '0')
{
print '' . '<input type="hidden" name="month" value="' . $month . '">
';
}
if ($domenid !== '0')
{
print '' . '<input type="hidden" name="domenid" value="' . $domenid . '">
';
}
if ($term !== '0')
{
print '' . '<input type="hidden" name="term" value="' . $term . '">
';
}
if ($tarifid !== '0')
{
print '' . '<input type="hidden" name="tarifid" value="' . $tarifid . '">
';
}
if ($itemid !== '0')
{
print '' . '<input type="hidden" name="itemid" value="' . $itemid . '">
';
}
if ($cardid !== '0')
{
print '' . '<input type="hidden" name="cardid" value="' . $cardid . '">
';
}
if ($cardcost != '0.00')
{
print '' . '<input type="hidden" name="cardcost" value="' . $cardcost . '">
';
}
if ($cardlogin !== '')
{
print '' . '<input type="hidden" name="cardlogin" value="' . $cardlogin . '">
';
}
print '' . $lang_p_keeper . ':<br><select size="1" name="keeper">';
$resultwebmoney = mysql_query ('' . 'select * from ' . $tableconf . ' where ID>\'43\' and ID<\'48\' order by ID');
while ($rowebmoney = mysql_fetch_array ($resultwebmoney))
{
if ($rowebmoney[1] !== '')
{
if (stristr ($rowebmoney[1], 'Z'))
{
$value = 'WMZ';
$webmoneys = $cost;
}
if (stristr ($rowebmoney[1], 'R'))
{
$value = 'WMR';
$webmoneys = $rucost;
}
if (stristr ($rowebmoney[1], 'E'))
{
$value = 'WME';
$webmoneys = $wmecost;
}
if (stristr ($rowebmoney[1], 'U'))
{
$value = 'WMU';
$webmoneys = $wmucost;
}
print '' . '<option value="' . $value . '">' . $rowebmoney['1'] . ' (' . $webmoneys . ' ' . $value . ')</option>';
continue;
}
}
print '' . '</select> <input type="submit" value="' . $lang_r_f_pay . '" name="B1"></form>';
$go = '';
}
$paysitedir = $mysitedir . 'webmoney.php';
if ($go == 'activate')
{
if (2000 < $gdate_)
{
print '' . $lang_p_already1;
require 'admin/template/panel_foot.inc';
mysql_close ($connect);
exit ();
}
if ($cost <= 0)
{
print '' . $lang_p_e_data;
require 'admin/template/panel_foot.inc';
mysql_close ($connect);
exit ();
}
if (($iduser[21] !== 'HOSTING' AND $iduser[21] !== 'RESELLING'))
{
$lang_p_after1 = $lang_p_after8;
}
print '' . '<blockquote>
' . $lang_p_after1 . '<br></p>
<hr color="#000000" size="1">
<p align="center">
' . $lang_ic2_act1 . ' ' . $iduser['0'] . ' (' . $iduser['13'] . ')<br>' . $lang_ic1_cost1 . ': ' . $viewcost . '
<form method="POST" action="https://merchant.webmoney.ru/lmi/payment.asp">
<input type="hidden" name="LMI_PAYMENT_AMOUNT" value="' . $formcost . '">
<input type="hidden" name="LMI_PAYMENT_DESC" value="' . $what . '">
<input type="hidden" name="LMI_PAYMENT_NO" value="' . $iduser['0'] . '">
<input type="hidden" name="LMI_PAYEE_PURSE" value="' . $wmkeeper . '">
<input type="hidden" name="go" value="' . $go . '">
<input type="hidden" name="userlogin" value="' . $iduser['1'] . '">
<input type="hidden" name="keeper" value="' . $keeper . '">
<input type="hidden" name="LMI_RESULT_URL" value="http://' . $myserver . '/' . $paysitedir . '">
<input type="hidden" name="LMI_SUCCESS_URL" value="http://' . $myserver . '/' . $paysitedir . '?ok">
<input type="hidden" name="LMI_SUCCESS_METHOD" value="1">
<input type="hidden" name="LMI_FAIL_URL" value="http://' . $myserver . '/' . $paysitedir . '?fail">
<input type="hidden" name="LMI_FAIL_METHOD" value="1">
<input type="submit" value="' . $lang_r_f_pay . '" name="B1">
</form>
</blockquote>';
}
if ($go == 'account')
{
if ($gdate_ < 2000)
{
print '' . $pay_no_activate;
require 'admin/template/panel_foot.inc';
mysql_close ($connect);
exit ();
}
if ((($cost <= 0 OR is_null ($month)) OR !is_numeric ($month)))
{
print '' . $lang_p_e_data;
require 'admin/template/panel_foot.inc';
mysql_close ($connect);
exit ();
}
print '' . '<blockquote>
' . $lang_p_after4 . '<br></p>
<hr color="#000000" size="1">
<p align="center">
' . $lang_ic2_act2 . ' ' . $iduser['0'] . ' (' . $iduser['13'] . ')<br>' . $lang_term . ': ' . $month . '<br>' . $lang_ic1_cost1 . ': ' . $viewcost . '
<form method="POST" action="https://merchant.webmoney.ru/lmi/payment.asp">
<input type="hidden" name="LMI_PAYMENT_AMOUNT" value="' . $formcost . '">
<input type="hidden" name="LMI_PAYMENT_DESC" value="' . $what . '">
<input type="hidden" name="LMI_PAYMENT_NO" value="' . $iduser['0'] . '">
<input type="hidden" name="LMI_PAYEE_PURSE" value="' . $wmkeeper . '">
<input type="hidden" name="go" value="' . $go . '">
<input type="hidden" name="userlogin" value="' . $iduser['1'] . '">
<input type="hidden" name="month" value="' . $month . '">
<input type="hidden" name="keeper" value="' . $keeper . '">
<input type="hidden" name="LMI_RESULT_URL" value="http://' . $myserver . '/' . $paysitedir . '">
<input type="hidden" name="LMI_SUCCESS_URL" value="http://' . $myserver . '/' . $paysitedir . '?ok">
<input type="hidden" name="LMI_SUCCESS_METHOD" value="1">
<input type="hidden" name="LMI_FAIL_URL" value="http://' . $myserver . '/' . $paysitedir . '?fail">
<input type="hidden" name="LMI_FAIL_METHOD" value="1">
<input type="submit" value="' . $lang_r_f_pay . '" name="B1">
</form>
</blockquote>';
}
if ($go == 'domenreg')
{
if (2000 < $iddomen[9])
{
print '' . $lang_p_already2;
require 'admin/template/panel_foot.inc';
mysql_close ($connect);
exit ();
}
print '' . '<blockquote>
' . $lang_p_after2 . '<br></p>
<hr color="#000000" size="1">
<p align="center">
' . $lang_m_domreg . ' ' . $iddomen['2'] . ' (' . $lang_ri_id . ' ' . $iddomen['0'] . ')<br>' . $lang_p2_term2 . ': ' . $iddomen['9'] . '<br>' . $lang_ic1_cost1 . ': ' . $viewcost . '
<form method="POST" action="https://merchant.webmoney.ru/lmi/payment.asp">
<input type="hidden" name="LMI_PAYMENT_AMOUNT" value="' . $formcost . '">
<input type="hidden" name="LMI_PAYMENT_DESC" value="' . $what . '">
<input type="hidden" name="LMI_PAYMENT_NO" value="' . $iduser['0'] . '">
<input type="hidden" name="LMI_PAYEE_PURSE" value="' . $wmkeeper . '">
<input type="hidden" name="go" value="' . $go . '">
<input type="hidden" name="userlogin" value="' . $iduser['1'] . '">
<input type="hidden" name="domenid" value="' . $domenid . '">
<input type="hidden" name="keeper" value="' . $keeper . '">
<input type="hidden" name="LMI_RESULT_URL" value="http://' . $myserver . '/' . $paysitedir . '">
<input type="hidden" name="LMI_SUCCESS_URL" value="http://' . $myserver . '/' . $paysitedir . '?ok">
<input type="hidden" name="LMI_SUCCESS_METHOD" value="1">
<input type="hidden" name="LMI_FAIL_URL" value="http://' . $myserver . '/' . $paysitedir . '?fail">
<input type="hidden" name="LMI_FAIL_METHOD" value="1">
<input type="submit" value="' . $lang_r_f_pay . '" name="B1">
</form>
</blockquote>';
}
if ($go == 'domen')
{
if ($iddomen[9] < 2000)
{
print '' . $lang_ic2_notact2;
require 'admin/template/panel_foot.inc';
mysql_close ($connect);
exit ();
}
print '' . '<blockquote>
' . $lang_p_after3 . '<br></p>
<hr color="#000000" size="1">
<p align="center">
' . $lang_ic2_p_pr_d . ' ' . $iddomen['2'] . ' (' . $lang_ri_id . ' ' . $iddomen['0'] . ')<br>' . $lang_ic2_years . ': ' . $term . '<br>' . $lang_ic1_cost1 . ': ' . $viewcost . '
<form method="POST" action="https://merchant.webmoney.ru/lmi/payment.asp">
<input type="hidden" name="LMI_PAYMENT_AMOUNT" value="' . $formcost . '">
<input type="hidden" name="LMI_PAYMENT_DESC" value="' . $what . '">
<input type="hidden" name="LMI_PAYMENT_NO" value="' . $iduser['0'] . '">
<input type="hidden" name="LMI_PAYEE_PURSE" value="' . $wmkeeper . '">
<input type="hidden" name="go" value="' . $go . '">
<input type="hidden" name="userlogin" value="' . $iduser['1'] . '">
<input type="hidden" name="domenid" value="' . $domenid . '">
<input type="hidden" name="term" value="' . $term . '">
<input type="hidden" name="keeper" value="' . $keeper . '">
<input type="hidden" name="LMI_RESULT_URL" value="http://' . $myserver . '/' . $paysitedir . '">
<input type="hidden" name="LMI_SUCCESS_URL" value="http://' . $myserver . '/' . $paysitedir . '?ok">
<input type="hidden" name="LMI_SUCCESS_METHOD" value="1">
<input type="hidden" name="LMI_FAIL_URL" value="http://' . $myserver . '/' . $paysitedir . '?fail">
<input type="hidden" name="LMI_FAIL_METHOD" value="1">
<input type="submit" value="' . $lang_r_f_pay . '" name="B1">
</form>
</blockquote>';
}
if ($go == 'tarif')
{
print '' . '<blockquote>
' . $lang_p_after5 . '<br></p>
<hr color="#000000" size="1">
<p align="center">
' . $lang_ic2_p_t1 . ' ' . $iduser['0'] . ' (' . $iduser['13'] . ')<br>' . $lang_p_tarif . ': ' . $rowt['1'] . '<br>' . $lang_ic1_cost1 . ': ' . $viewcost . '
<form method="POST" action="https://merchant.webmoney.ru/lmi/payment.asp">
<input type="hidden" name="LMI_PAYMENT_AMOUNT" value="' . $formcost . '">
<input type="hidden" name="LMI_PAYMENT_DESC" value="' . $what . '">
<input type="hidden" name="LMI_PAYMENT_NO" value="' . $iduser['0'] . '">
<input type="hidden" name="LMI_PAYEE_PURSE" value="' . $wmkeeper . '">
<input type="hidden" name="go" value="' . $go . '">
<input type="hidden" name="userlogin" value="' . $iduser['1'] . '">
<input type="hidden" name="tarifid" value="' . $tarifid . '">
<input type="hidden" name="keeper" value="' . $keeper . '">
<input type="hidden" name="LMI_RESULT_URL" value="http://' . $myserver . '/' . $paysitedir . '">
<input type="hidden" name="LMI_SUCCESS_URL" value="http://' . $myserver . '/' . $paysitedir . '?ok">
<input type="hidden" name="LMI_SUCCESS_METHOD" value="1">
<input type="hidden" name="LMI_FAIL_URL" value="http://' . $myserver . '/' . $paysitedir . '?fail">
<input type="hidden" name="LMI_FAIL_METHOD" value="1">
<input type="submit" value="' . $lang_r_f_pay . '" name="B1">
</form>
</blockquote>';
}
if ($go == 'addon')
{
print '' . '<blockquote>
' . $lang_p_after7 . '<br></p>
<hr color="#000000" size="1">
<p align="center">
' . $lang_p_addon . ' ' . $itemid . ' (' . $idservice['2'] . ')<br>' . $lang_ic1_cost1 . ': ' . $viewcost . '
<form method="POST" action="https://merchant.webmoney.ru/lmi/payment.asp">
<input type="hidden" name="LMI_PAYMENT_AMOUNT" value="' . $formcost . '">
<input type="hidden" name="LMI_PAYMENT_DESC" value="' . $what . '">
<input type="hidden" name="LMI_PAYMENT_NO" value="' . $iduser['0'] . '">
<input type="hidden" name="LMI_PAYEE_PURSE" value="' . $wmkeeper . '">
<input type="hidden" name="go" value="' . $go . '">
<input type="hidden" name="userlogin" value="' . $iduser['1'] . '">
<input type="hidden" name="itemid" value="' . $itemid . '">
<input type="hidden" name="keeper" value="' . $keeper . '">
<input type="hidden" name="LMI_RESULT_URL" value="http://' . $myserver . '/' . $paysitedir . '">
<input type="hidden" name="LMI_SUCCESS_URL" value="http://' . $myserver . '/' . $paysitedir . '?ok">
<input type="hidden" name="LMI_SUCCESS_METHOD" value="1">
<input type="hidden" name="LMI_FAIL_URL" value="http://' . $myserver . '/' . $paysitedir . '?fail">
<input type="hidden" name="LMI_FAIL_METHOD" value="1">
<input type="submit" value="' . $lang_r_f_pay . '" name="B1">
</form>
</blockquote>';
}
if ($go == 'card')
{
$resultcards = mysql_query ('' . 'select * from ' . $tablecards . ' where ID=\'' . $cardid . '\' and userlogin=\'' . $cardlogin . '\'');
$numcards = mysql_num_rows ($resultcards);
if ($numcards == '0')
{
print '' . $lang_p_e_data;
require 'admin/template/panel_foot.inc';
mysql_close ($connect);
exit ();
}
print '' . '<blockquote>
' . $lang_p_after6 . '<br></p>
<hr color="#000000" size="1">
<p align="center">
' . $lang_p_card . ' ' . $cardid . ' (' . $userlogin . ')<br>' . $lang_y_amount . ': ' . $viewcost . '
<form method="POST" action="https://merchant.webmoney.ru/lmi/payment.asp">
<input type="hidden" name="LMI_PAYMENT_AMOUNT" value="' . $formcost . '">
<input type="hidden" name="LMI_PAYMENT_DESC" value="' . $what . '">
<input type="hidden" name="LMI_PAYMENT_NO" value="' . $iduser['0'] . '">
<input type="hidden" name="LMI_PAYEE_PURSE" value="' . $wmkeeper . '">
<input type="hidden" name="go" value="' . $go . '">
<input type="hidden" name="userlogin" value="' . $iduser['1'] . '">
<input type="hidden" name="cardid" value="' . $cardid . '">
<input type="hidden" name="cardcost" value="' . $cardcost . '">
<input type="hidden" name="keeper" value="' . $keeper . '">
<input type="hidden" name="LMI_RESULT_URL" value="http://' . $myserver . '/' . $paysitedir . '">
<input type="hidden" name="LMI_SUCCESS_URL" value="http://' . $myserver . '/' . $paysitedir . '?ok">
<input type="hidden" name="LMI_SUCCESS_METHOD" value="1">
<input type="hidden" name="LMI_FAIL_URL" value="http://' . $myserver . '/' . $paysitedir . '?fail">
<input type="hidden" name="LMI_FAIL_METHOD" value="1">
<input type="submit" value="' . $lang_r_f_pay . '" name="B1">
</form>
</blockquote>';
}
require 'admin/template/panel_foot.inc';
}
?>Ваши скрипты и права НЕ защищены.
Так же по причине открывания кода скрипта советую всем понятливым либо вообще убрать bpanel с сервера, либо стереть файлы с логинами на WMH.
Потому что имея открытый код даже только этого файла файла можно очень повеселиться с вашими серверами
Этот файл(webmoney.php) можно назвать подарком для хакеров
В общем какое ваше мнение?
PS: Я не против хостеров, но если у вас есть мозги то - бипанель теперь НЕ защищена.
