Code: Select all
<?php
session_start();
header('Content-type: text/javascript');
require('config.php');
require('funciones.php');
// SOME USEFUL FUNCTIONS
// ---------------------
function destroy() {
$_SESSION['captcha']=null;
exit();
}
function error_message($msg) {
global $fail_code;
echo <<<EOT
document.getElementById('timer').setAttribute('class','hidden');
document.getElementById('alert').setAttribute('class','');
document.getElementById('alert').innerHTML="$msg"+'<p><a href="javascript:closealert()">Close</a></p>';
EOT;
destroy();
}
// CHECKING
// --------
// checking if user is logged in
if(!isset($_COOKIE["usNick"]) || !isset($_COOKIE["usPass"])) {
error_message('Not logged in or session cookie expired.\nPlease log-in again.');
}
// checking captcha
if(!isset($_GET['code']) || $_GET['code']!=$_SESSION['captcha']) {
$user = uc($_COOKIE["usNick"]);
$ip=getRealIP();
$date = date("F j, Y");
$time = date("g:i a");
mysql_query("INSERT INTO cheaters(user,ip, date, time) VALUES ('$user','$ip', '$date','$time')") or die(mysql_error());
error_message('Wrong security code!<br><br>This is a bot detection and your account will be deleted if this persists. Please contact support for further information.');
}
// checking username and password
$user = uc($_COOKIE["usNick"]);
$pass = uc($_COOKIE["usPass"]);
$user_query = mysql_query("SELECT * FROM users WHERE username='$user' AND password='$pass'") or die(mysql_error());
if(mysql_num_rows($user_query)==0) {
error_message('Bad username/password.\nPlease log-in again.');
}
// checking if the ad is still alive
$ad_id = limpiar($_GET["ad"]);
$ad_query = mysql_query("SELECT id FROM ads WHERE id='$ad_id' AND tipo='ads' AND CONVERT(members,UNSIGNED) < CONVERT(plan,UNSIGNED)") or die(mysql_error());
if (mysql_num_rows($ad_query)==0) {
error_message('Too late! Ad expired!');
}
// UPDATE AD AND VISIT INFO
// ------------------------
$visit_query = mysql_query("SELECT * FROM ads WHERE user = '$user' AND ident= '$ad_id' AND tipo='visit'") or die(mysql_error());
$actual_time= date(time());
// checking and registering visits
$ip=getRealIP();
if(mysql_num_rows($visit_query)>0) {
$visit_row = mysql_fetch_array($visit_query);
$lastvisit_time=$visit_row['visitime'];
if($actual_time < date($lastvisit_time + (24 * 60 * 60))) {
error_message('You have to wait 24h before visiting the same sponsor again.');
}
mysql_query("UPDATE ads SET visitime='$actual_time', ip='$ip' WHERE user='$user' AND ident='$ad_id' AND tipo='visit'") or die(mysql_error());
} else {
mysql_query("INSERT INTO ads(user,ip,ident,tipo,visitime) VALUES ('$user','$ip','$ad_id','visit','$actual_time')") or die(mysql_error());
}
// updating ad status
mysql_query("UPDATE ads SET members = CONVERT(members,UNSIGNED) + 1 WHERE id='$ad_id'") or die(mysql_error());
// UPDATE USER INFO
// ----------------
$user_row = mysql_fetch_array($user_query);
// loading click configuration
foreach(array('click','referalclick','premiumclick','premiumreferalc') as $item) {
$query = mysql_query("SELECT price FROM config WHERE item='$item' AND howmany='1'") or die(mysql_error());
$row = mysql_fetch_row($query);
${$item} = $row[0];
}
// updating money and visits for the user
mysql_query("UPDATE users SET money = money + IF(account='premium',$premiumclick,$click), visits = CONVERT(visits,UNSIGNED) + 1 WHERE username='$user'") or die(mysql_error());
// updating money and visits for the referer, if any
$referer=$user_row['referer'];
if ($referer!=''){
mysql_query("UPDATE users SET money = money + IF(account='premium',$premiumreferalc,$referalclick), referalvisits = CONVERT(referalvisits,UNSIGNED) + 1 WHERE username='$referer'") or die(mysql_error());
}
// HOORAY! SUCCESS!
echo <<<EOT
document.getElementById('timer').setAttribute('class','success');
document.getElementById('timer').innerHTML='Success!';
EOT;
destroy();
?>