HEX
Server: Apache
System: Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: camjab_ssh (1000)
PHP: 5.3.29
Disabled: NONE
$ pwd: /home/httpd/html/porn.tw/public_html/billers/
Upload Files
File: /home/httpd/html/porn.tw/public_html/billers/postback_nats.php
<?
include('../admin/db.php');
if(!$NatsPostbackEnabled) { 
	exit("Please enable Segpay postback in script configuration"); 
}
$log = mysqli_real_escape_string($dblink,print_r($_REQUEST,true));
dbQuery("INSERT INTO biller_log SET `date` = NOW(), biller = 'NATS', ip = '".$_SERVER['REMOTE_ADDR']."', data = '$log'");

$_REQUEST = mysqli_real_escape_array($_REQUEST); 
switch(@$_REQUEST['action']) {

	case 'ADD':
		$result = mysqli_query($dblink,"SELECT * FROM users WHERE username = '$_REQUEST[username]'");
		if(mysqli_num_rows($result) < 1) {
			if(mysqli_query($dblink,"INSERT INTO users (username, password, email, premium) VALUES ('$_REQUEST[username]',md5('$_REQUEST[password]'),'$_REQUEST[email]',1)")) {
				exit('OK|Success');
			}
			else {
				exit('ERROR|'.mysqli_error($dblink));
			}
		}
		else {
			if(mysqli_query($dblink,"UPDATE users SET premium = 1 WHERE username = '$_REQUEST[username]'")) {
				exit('OK|Success');
			}
			else {
				exit('ERROR|'.mysqli_error($dblink));
			}
		}
	break;

	case 'MANUALADD':
		$result = mysqli_query($dblink,"SELECT * FROM users WHERE username = '$_REQUEST[username]'");
		if(mysqli_num_rows($result) < 1) {
			if(mysqli_query($dblink,"INSERT INTO users (username, password, email, premium) VALUES ('$_REQUEST[username]',md5('$_REQUEST[password]'),'$_REQUEST[email]',1)")) {
				exit('OK|Success');
			}
			else {
				exit('ERROR|'.mysqli_error($dblink));
			}
		}
		else {
			if(mysqli_query($dblink,"UPDATE users SET premium = 1 WHERE username = '$_REQUEST[username]'")) {
				exit('OK|Success');
			}
			else {
				exit('ERROR|'.mysqli_error($dblink));
			}
		}
	break;

	case 'CHANGE':
		if(mysqli_query($dblink,"UPDATE users SET password = md5('$_REQUEST[password]'), salt='' WHERE username = '$_REQUEST[username]'")) {
			exit('OK|Success');
		}
		else {
			exit('ERROR|'.mysqli_error($dblink));
		}
	break;
	
	case 'TRIALTOFULL':
		if(mysqli_query($dblink,"UPDATE users SET password = md5('$_REQUEST[password]'), salt='' WHERE username = '$_REQUEST[username]'")) {
			exit('OK|Success');
		}
		else {
			exit('ERROR|'.mysqli_error($dblink));
		}
	break;

	case 'DELETE':
		if(mysqli_query($dblink,"DELETE FROM users WHERE username = '$_REQUEST[username]'")) {
			exit('OK|Success');
		}
		else {
			exit('ERROR|'.mysqli_error($dblink));
		}
	break;

	
	case 'EXPIRE':
		exit('OK|Success');
	break;
	
	
	case 'CHECK':
		$result = mysqli_query($dblink,"SELECT record_num FROM users WHERE username = '$_REQUEST[username]'");
		if(mysqli_num_rows($result) > 0) {
			exit('OK');
		}
		else {
			exit('NOTOK');
		}
	break;

	case 'ACTIVATE':
		if(mysqli_query($dblink,"INSERT INTO users (username, password, email, premium) VALUES ('$_REQUEST[username]',md5('$_REQUEST[password]'),'$_REQUEST[email]',1)")) {
			exit('OK|Success');
		}
		else {
			exit('ERROR|'.mysqli_error($dblink));
		}
	break;
}
?>
@ Telegram