· 7 years ago · Nov 23, 2018, 02:50 AM
1<?php
2
3if(isset($_POST['Enviar']) )
4{
5 $formok=true;
6 $variable=true;
7 $IP_Player = $_SERVER['REMOTE_ADDR'];
8 $name = htmlspecialchars($_POST['usuario']);
9 $personaje = htmlspecialchars($_POST['personaje']);
10 $reward = htmlspecialchars($_POST['reward']);
11
12
13 $captcha=$_POST['g-recaptcha-response'];
14 $secretKey = $RecaptchaSecretKey;
15 $ip = $_SERVER['REMOTE_ADDR'];
16
17 $secretKey = urlencode($secretKey);
18 $captcha = urlencode($captcha);
19
20 $curl_handle=curl_init();
21 curl_setopt($curl_handle,CURLOPT_URL,"https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$captcha&remoteip=$ip");
22 curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
23 curl_setopt($curl_handle, CURLOPT_SSL_VERIFYPEER, false);
24 curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, true);
25 $response = curl_exec($curl_handle);
26 curl_close($curl_handle);
27
28
29 $responseKeys = json_decode($response,true);
30 if(intval($responseKeys["success"]) !== 1)
31 {
32 $formok = false;
33 $variable = false;
34 echo '<center><ul id="errors" class="visible"><li>Validacion Humana no Valida</li></ul></center>';
35 }
36
37 if($variable)
38 {
39 if(antiinjection($name))
40 {
41 $formok = false;
42 $variable = false;
43 echo '<center><ul id="errors" class="visible"><li>La Cuenta contiene caracteres invalidos</li></ul></center>';
44 }
45 if(antiinjection($personajel))
46 {
47 $formok = false;
48 $variable = false;
49 echo '<center><ul id="errors" class="visible"><li>El Personaje contiene caracteres invalidos</li></ul></center>';
50 }
51 if(strlen($name) < 4 || strlen($name) > 16 )
52 {
53 $formok = false;
54 $variable = false;
55 echo '<center><ul id="errors" class="visible"><li>El nombre de Usuario debe contener minimo 4 caracteres y maximo 16 caracteres</li></ul></center>';
56 }
57 if(strlen($name) < 1 || strlen($name) > 16 )
58 {
59 $formok = false;
60 $variable = false;
61 echo '<center><ul id="errors" class="visible"><li>El nombre del Personaje debe contener minimo 1 caracteres y maximo 16 caracteres</li></ul></center>';
62 }
63 if($reward<1 && $reward>4)
64 {
65 $formok = false;
66 $variable = false;
67 echo '<center><ul id="errors" class="visible"><li>Debes seleccionar tu Reward</li></ul></center>';
68 }
69 }
70
71 if ($formok)
72 {
73 $con = mssql_connect($SqlServerIP, $SqlServerUser, $SqlServerPass) or die("Error en la conexión a MsSql");
74 mssql_select_db($SqlServerDB, $con);
75
76 $datetime_variable = new DateTime();
77 $horavotosdiff = @date("d/m/Y H:i:s", $datetime_variable);
78 $nuevafecha = strtotime ('-1 hour' , strtotime ($horavotosdiff ) ) ;
79
80 $sql = "(SELECT fecha FROM VoteReward WHERE ip = '$IP_Player' AND fecha > DATEADD(hh, -12, getDate()))";
81 $resultado = mssql_query($sql,$con);
82 if(mssql_num_rows($resultado)>0)
83 {
84 $row=mssql_fetch_array($resultado);
85 $fecha_ultima = $row['fecha'];
86
87 $variable = false;
88 echo '<center><ul id="errors" class="visible"><li>Ya se ha entregado el reward anteriormente, puedes votar solo una vez cada 12 horas.<br><br>Tu ultimo voto fue '.$fecha_ultima.' <br> Proximo voto a partir de '.$nuevafecha_ultima.'</li></ul></center>';
89 }
90
91 mssql_close($con);
92 }
93
94
95 if ($variable)
96 {
97 $con = mssql_connect($SqlServerIP, $SqlServerUser, $SqlServerPass) or die("Error en la conexión a MsSql");
98 mssql_select_db($SqlServerDB, $con);
99
100 $sql = "(SELECT account_name, char_id FROM user_data WHERE account_name = '$name' AND char_name = '$personaje')";
101 $resultado = mssql_query($sql,$con);
102 if(mssql_num_rows($resultado)>0)
103 {
104 $row=mssql_fetch_array($resultado);
105 $char_id = $row['char_id'];
106 }
107 else
108 {
109 $variable = false;
110 echo '<center><ul id="errors" class="visible"><li>Cuenta o Personaje erroneo.</li></ul></center>';
111 }
112
113 mssql_close($con);
114 }
115
116
117 if ($variable)
118 {
119 $curl_handle=curl_init();
120 curl_setopt($curl_handle,CURLOPT_URL,"http://api.hopzone.net/lineage2/vote?token=$HopZoneToken&ip_address=$IP_Player");
121 curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
122 $data = curl_exec($curl_handle);
123 curl_close($curl_handle);
124
125
126 list($apiver, $voted, $hopzoneServerTime, $status_code) = split(",", $data, 5);
127 $voto = split(":", $voted);
128
129 if ($voto[1] == "true")
130 {
131
132 $con = mssql_connect($SqlServerIP, $SqlServerUser, $SqlServerPass) or die("Error en la conexión a MsSql");
133 mssql_select_db($SqlServerDB, $con);
134 $sql = "INSERT INTO VoteReward (fecha,ip,cuenta,personaje,reward) VALUES (GETDATE(), '$IP_Player', '$name', '$personaje', '$reward')";
135 mssql_query($sql);
136 mssql_close($con);
137
138 kick_char($char_id);
139
140 switch ($reward)
141 {
142 case 1: //ID //CANTIDAD
143 AdditemPacket1($char_id, "57", "15000000"); #Adenas
144 break;
145 case 2:
146 AdditemPacket1($char_id, "5575", "5000000"); #Ancient Adena
147 break;
148 case 3: //ID //CANTIDAD
149 AdditemPacket1($char_id, "5570", "1"); #Reward Coin
150 break;
151 }
152 echo '<p id="success" class="visible">¡Tu Reward fue entragado con Exito!<br>Puedes votar nuevamente dentro de 12 Horas.</p>';
153 }
154 else
155 {
156 $variable = false;
157 echo '<center><ul id="errors" class="visible"><li>Primero debes votar en HopZone para recibir el Reward</li></ul></center>';
158 }
159 }
160}
161
162
163
164
165 function antiinjection($str)
166 {
167 $allowedchars = "abcdefghijklmnopqrstuvwxyz1234567890?!.@_-*";
168 $str=strtolower($str);
169 if (strspn($str, $allowedchars) != strlen($str))
170 {
171 $str = NULL;
172 return true;
173 }
174 return false;
175 }
176
177
178 function AdditemPacket1($char_id,$item,$cantidad)
179 {
180 global $cached_errors;
181 global $cached_ip,$cached_port;
182
183 $cachedsocket=@fsockopen('127.0.0.1','2012',$errno,$errstr,1) or die($notconnected);
184 $buf=pack("cVVVVVVVVV",55,$char_id,0,$item,$cantidad,0,0,0,0,1).tounicode("admin");
185 fwrite($cachedsocket,pack("s",(strlen($buf)+2)).$buf);
186 $len=unpack("v",fread($cachedsocket,2));
187 $rid=unpack("c",fread($cachedsocket,1));
188 for($i=0;$i<(($len[1]-4)/4);$i++){
189 $read=unpack("i",fread($cachedsocket,4));
190 $rs.=$read[1];
191 }
192 fclose($cachedsocket);
193 return;
194 }
195
196
197 function kick_char($char_id)
198 {
199 global $cached_errors;
200 global $cached_ip,$cached_port;
201 $buf=pack("cV",5,$char_id).tounicode("admin");
202 $cachedsocket=fsockopen('127.0.0.1','2012',$errno,$errstr,1) or die("no conecto");
203 fwrite($cachedsocket,pack("s",(strlen($buf)+2)).$buf);
204 $len=unpack("v",fread($cachedsocket,2));
205 $rid=unpack("c",fread($cachedsocket,1));
206 for($i=0;$i<(($len[1]-4)/4);$i++){
207 $read=unpack("i",fread($cachedsocket,4));
208 $rs.=$read[1];
209 }
210 fclose($cachedsocket);
211 sleep(1);
212 return;
213 }
214
215
216
217 function tounicode($string)
218 {
219 $rs="";
220 for($i=0;$i<strlen($string);$i++) $rs.=$string[$i].chr(0);
221 return($rs.chr(0).chr(0));
222 }
223
224
225
226
227?>
228
229USE [lin2world]
230GO
231/****** Object: Table [dbo].[VoteReward] Script Date: 02/10/2017 14:53:57 ******/
232SET ANSI_NULLS ON
233GO
234SET QUOTED_IDENTIFIER ON
235GO
236SET ANSI_PADDING ON
237GO
238CREATE TABLE [dbo].[VoteReward](
239 [fecha] [datetime] NULL,
240 [ip] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
241 [cuenta] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
242 [personaje] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
243 [reward] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
244 [id] [int] IDENTITY(1,1) NOT NULL,
245 CONSTRAINT [PK_VoteReward] PRIMARY KEY CLUSTERED
246(
247 [id] ASC
248)WITH (IGNORE_DUP_KEY = OFF) ON [PRIMARY]
249) ON [PRIMARY]
250
251GO
252SET ANSI_PADDING OFF