RE:
file: index.php - main directory
Code:
<?php
/* #########################
** DECODED BY: JJ [ZKK-IT]
** DATE: 11-28-2013
*/ #########################
session_id();
if (isset($_POST['die_time'])) {
$NSK['die_time'] = time() + 60 * 60 * 24 * 30;
} else {
$NSK['die_time'] = 0;
}
define('ess_path', realpath(dirname(__FILE__)));
if (@file_exists('./ess_info.php')) {
require('./ess_info.php');
} else {
exit('<center><font color=red>File ess_info.php is missing.</font><br>Please contact ESS support departament.</center>');
}
ini_set('session.cookie_domain', $admited_url);
session_name('esspro');
session_start();
ini_set('session.cache_limiter', 'private');
$NSK['ip'] = $ip = getenv('REMOTE_ADDR');
$NSK['time'] = $_SERVER['REQUEST_TIME'];
$NSK['path'] = '.';
$NSK['pg_lng'] = $NSK['t_page'] = $NSK['next'] = $NSK['multiple_pages_menu'] = $NSK['newsletter_box'] = $NSK['info_speed_admin'] = $NSK['home_page'] = $NSK['error_comp'] = $NSK['editor'] = $NSK['developer'] = $NSK['member'] = $NSK['error_mach_password'] = $NSK['conf_password'] = $NSK['password'] = $NSK['referer'] = $NSK['error_capcha'] = $NSK['message'] = $NSK['c_poz'] = $NSK['first'] = $NSK['previos'] = $NSK['last'] = $NSK['similarity'] = $NSK['comp_det'] = $NSK['pop_new_up_imgs'] = $NSK['page_keys'] = $NSK['update_time'] = $NSK['prog_row'] = $NSK['down_buy_image'] = $NSK['sponsored_progs'] = $NSK['go_pages'] = $NSK['sys_versions_option'] = $NSK['order_by'] = $NSK['imputs'] = $NSK['diff_css'] = $NSK['page_kw'] = $NSK['page_des'] = $NSK['error_mesaj'] = $NSK['mesaj'] = $NSK['error_subiect'] = $NSK['subiect'] = $NSK['error_email'] = $NSK['email'] = $NSK['error_nume'] = $NSK['readonly'] = $NSK['nume'] = $NSK['language_flags'] = $NSK['footer_links'] = $NSK['last_ref_box'] = $NSK['top_news_box'] = $NSK['last_search_box'] = $NSK['prog_tools'] = $NSK['last_news'] = $NSK['last_users_box'] = $NSK['continut'] = $NSK['categori'] = $NSK['panel'] = $NSK['page_address'] = $NSK['logo_url'] = $NSK['meta_refresh'] = $NSK['other_lng'] = $NSK['newtext'] = $NSK['top_prog'] = $NSK['last_users'] = $NSK['users_last'] = $NSK['diverse'] = $NSK['popular_skin'] = $NSK['mwp_try_row'] = $NSK['esential_skin'] = $NSK['esential_row'] = $NSK['last_update_skin'] = $NSK['update_row'] = $NSK['last_added_skin'] = $NSK['latestp_row'] = $NSK['recommended_skin'] = $NSK['recommended_row'] = $NSK['day_box'] = $NSK['day_box_bis'] = $NSK['rolesoft'] = $NSK['navi'] = $NSK['newurls'] = $NSK['newtitles'] = $NSK['newpics'] = $NSK['top'] = $NSK['others'] = $NSK['featured_row'] = $NSK['top_last_prog'] = $NSK['p_type'] = $NSK['user_img_aver'] = $NSK['img_aver'] = $NSK['order_link'] = $NSK['down_link_1'] = $NSK['sponsored'] = $NSK['recom_by'] = $NSK['screenshot_1'] = $NSK['user_votes'] = $NSK['average_rating'] = $NSK['gapikey'] = $row = $NSK['search_cats'] = $NSK['cat_row'] = $NSK['systems_menu'] = $NSK['os_sel_box'] = $NSK['160x600'] = $NSK['from_cats'] = $NSK['capcha_poz'] = $NSK['cache_fct'] = $NSK['az_titles'] = $NSK['selected_cat'] = $NSK['p_name'] = $NSK['rev_editor_user'] = $NSK['username'] = $NSK['id'] = $NSK['numar'] = $NSK['comp_name'] = $NSK['os'] = $NSK['cat_str'] = $NSK['subcat_str'] = $NSK['editor'] = $NSK['news_cat'] = $NSK['name_str'] = $NSK['editor'] = $NSK['news_cat'] = $NSK['az_p_name'] = $NSK['cat_os_str'] = $NSK['news_subcat'] = null;
$FORM = array_merge($_GET, $_POST);
if (!isset($FORM['a'])) {
$FORM['a'] = null;
}
if (!isset($FORM['lng'])) {
$FORM['lng'] = null;
}
if (!isset($FORM['os'])) {
$FORM['os'] = null;
}
if (!isset($FORM['cat'])) {
$FORM['cat'] = null;
}
if (!isset($FORM['subcat'])) {
$FORM['subcat'] = null;
}
if (!isset($FORM['pag'])) {
$FORM['pag'] = null;
}
if (isset($_SESSION[$ip])) {
if ($NSK['time'] - 2 < $_SESSION[$ip]) {
sleep(2);
}
$_SESSION[$ip] = $NSK['time'];
} else {
$_SESSION[$ip] = $NSK['time'];
}
if (isset($_GET['delete_script'])) {
exit('not this time');
}
if (!$admited_url) {
@mail('support@eso***cript.com', 'ess_info file replace', 'On ' . $_SERVER['HTTP_HOST'] . ' the user try to replace the ess_info file', '' . 'From: ' . $buyer . ' <' . $FORM['site_email'] . '>');
exit('You are not suppose to try this ;).');
}
require('./sources/misc/classes.php');
$TIMER = new timer();
if (file_exists('./sources/sql/sql.php')) {
require('./sources/sql/sql.php');
} else {
header('Location: install/');
}
require('./sources/sql/mysql.php');
if ($CONF['sql_username']) {
$NSK = array_merge($NSK, $CONF);
}
$DB = new sql();
$db = $DB->connect($NSK['sql_host'], $NSK['sql_username'], $NSK['sql_password'], $NSK['sql_database']);
if (!$db) {
exit(mysql_error());
}
if (!mysql_fetch_assoc(@mysql_query('SHOW TABLES LIKE \'ess_banned_ips\''))) {
exit('Database empty, please <a href="./install/">reinstall</a>');
}
$settings = $DB->fetch('SELECT * FROM ess_settings', __FILE__, 42);
$NSK = array_merge($NSK, $settings);
foreach (array('ci', 'a', 'c', 's', 'i') as $sett) {
if ($NSK[$sett . '_FWH']) {
$setval = explode('|', $NSK[$sett . '_FWH']);
$NSK[$sett . '_folder'] = $setval[0];
$NSK[$sett . '_width'] = $setval[1];
$NSK[$sett . '_height'] = $setval[2];
continue;
}
}
if ($NSK['nr_elements']) {
$n = 6;
$elval = explode('|', $NSK['nr_elements']);
foreach (array('feat', 'recomm', 'last_add', 'esen', 'popular', 'updates', 'news', 'tit', 'last_tit', 'news_main', 'revs', 'ops', 'last_u', 'down', 'last_p', 'words', 'referers', 'related', 'ncomm', 'npopular', 'nlast_added') as $val) {
$NSK['nr_' . $val] = $elval[$n];
++$n;
}
}
if ($NSK['type_elements']) {
$n = 6;
$elval = explode('|', $NSK['type_elements']);
foreach (array('feat', 'recom', 'last_add', 'updates', 'esen', 'popular', 'down', 'last_p', 'today_p', 'related') as $typ) {
$NSK[$typ . '_type'] = $elval[$n];
++$n;
}
}
$NSK['domain'] = $admited_url;
if ((($NSK['ess_vers'] != '6' and& $NSK['ess_vers'] != '6.1') and& $NSK['ess_vers'] != '6.2')) {
header('Location: install/');
}
date_default_timezone_set('UTC');
$NSK['gmttime'] = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('y'));
define('index', true);
if (isset($FORM['ess_owner'])) {
exit($owner_det);
}
if (($FORM['a'] == 'admin' || $FORM['ajax'] == 'ajuser')) {
require('' . './language/admin/' . $NSK['admin_lng'] . '.php');
} else {
if (((isset($FORM['lng']) and& $FORM['lng']) and& file_exists('' . './language/main/' . $FORM['lng'] . '.php'))) {
$NSK['pg_lng'] = $DB->escape($FORM['lng'], 1);
$NSK['other_lng'] = '' . '/' . $NSK['pg_lng'];
$NSK['other_lng_2'] = '' . 'lng=' . $NSK['pg_lng'] . 'and';
require('' . './language/main/' . $NSK['pg_lng'] . '.php');
} else {
require('' . './language/main/' . $NSK['site_language'] . '.php');
$NSK['lang_flag'] = $NSK['site_language'];
}
}
$base = new base();
$base->rewrite_links();
$base->get_user_id();
if (($NSK['type'] and& $_SESSION[$admited_url] != gmdate('d', time()))) {
if (is_callable('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://www.eso***cript.com/ess.php?validate=' . $admited_url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $NSK['list_url']);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
$contents = curl_exec($ch);
curl_close($ch);
} else {
exit('Your server must have curl_init enabled!');
}
$md5 = md5($admited_url . gmdate('d', time()) . 'madalina');
if ($contents) {
if (!preg_match('' . '/' . $md5 . '/', $contents)) {
exit('You cant be loged on site because domain <b>' . $admited_url . '</b> don\'t have a valid license!');
} else {
$_SESSION[$admited_url] = gmdate('d', time());
}
} else {
exit('License for your domain cant be verified!');
}
}
$base->cek_uri($_SERVER['REQUEST_URI']);
if (((($NSK['site_close'] and& $NSK['type'] != 'admin') and& $NSK['type'] != 'editor') and& $FORM['a'] != 'user')) {
exit('<center><br><br><br><br><img src="' . $NSK['list_url'] . '/skins/admin/images/maintenance.png"><br><br><br>Sorry but this site is temporarily closed for maintenance!<br>Please come back s<a href="' . $NSK['list_url'] . '/index.php?a=user">oo</a>n.<br><br><br><br><br><br><br></center>');
}
$aj = array('ajgen' => 1, 'ajuser' => 1);
$action = array('admin' => 1, 'home' => 1, 'cron' => 1, 'cron_2' => 1, 'user' => 1, 'pad' => 1, 'prog' => 1, 'news' => 1, 'search' => 1);
if ((isset($FORM['ajax']) and& isset($aj[$FORM['ajax']]))) {
require('' . './sources/' . $FORM['ajax'] . '.php');
$base = new ajuser();
$base->$FORM['x']();
} else {
if ((isset($FORM['a']) and& isset($action[$FORM['a']]))) {
require('' . './sources/' . $FORM['a'] . '.php');
$page = new $FORM['a']();
} else {
require('./sources/home.php');
$base = new home();
$base->general();
$base->advert();
if (isset($FORM['pag'])) {
$base->$FORM['pag']();
} else {
if (isset($FORM['subcat'])) {
$base->get_subcat();
} else {
if (isset($FORM['cat'])) {
$base->get_cat();
} else {
if (isset($FORM['miror'])) {
$base->miror();
} else {
$base->get_home();
}
}
}
}
}
}
$DB->close();
if (!isset($FORM['x'])) {
if ($FORM['a'] == 'admin') {
if (isset($FORM['c'])) {
$skin = new main_skin('../admin/popup');
} else {
$skin = new main_skin('../admin/a_index');
}
} else {
if (isset($FORM['c'])) {
$skin = new main_skin('ind_general');
} else {
$skin = new main_skin('index');
}
}
echo $skin->make();
}
?>
file: ess_info.php - main directory
Code:
<?php
/* #########################
** DECODED BY: JJ [ZKK-IT]
** DATE: 11-28-2013
*/ #########################
error_reporting(6135);
if ((!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) != 'on')) {
error_reporting(0);
}
ini_set('memory_limit', '60M');
if ((is_callable('ob_gzhandler') and& !ini_get('zlib.output_compression'))) {
ob_start('ob_gzhandler');
} else {
ob_start();
}
$installed_url = parse_url('http://' . $_SERVER['HTTP_HOST']);
$url_exploded = explode('.', str_replace('www.', '', $installed_url['host']));
$count_points = count($url_exploded) - 1;
if (2 < $count_points) {
if (4 < strlen_utf8($url_exploded[2])) {
$url_instaled = $url_exploded[2] . '.' . $url_exploded[3];
}
else {
if (4 < strlen_utf8($url_exploded[1])) {
$url_instaled = $url_exploded[1] . '.' . $url_exploded[2] . '.' . $url_exploded[3];
} else {
$url_instaled = $url_exploded[0] . '.' . $url_exploded[1] . '.' . $url_exploded[2] . '.' . $url_exploded[3];
}
}
}
else {
if (1 < $count_points) {
if (4 < strlen_utf8($url_exploded[1])) {
$url_instaled = $url_exploded[1] . '.' . $url_exploded[2];
} else {
$url_instaled = $url_exploded[0] . '.' . $url_exploded[1] . '.' . $url_exploded[2];
}
} else {
if (0 < $count_points) {
$url_instaled = $url_exploded[0] . '.' . $url_exploded[1];
} else {
$url_instaled = $_SERVER['HTTP_HOST'];
}
}
}
$no_need_to_chek_lic = '1';
$admited_url = 'localhost';
$transaction_id = '';
$username = '';
$buyer = '';
$buyer_email = '';
$lic_type = 653;
$today_date = date('d-m-Y', time());
if (isset($_GET['ess_owner'])) {
if (is_callable('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://www.eso***cript.com/pro_domains.php');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_REFERER, $admited_url);
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
$contents = curl_exec($ch);
curl_close($ch);
} else {
$contents = @file_get_contents('http://www.eso***cript.com/pro_domains.php');
}
if ($contents) {
if (@preg_match('' . '/\b' . $admited_url . '\b/i', $contents)) {
$continut .= '<font color=green>';
} else {
$continut .= '<font color=red>';
}
} else {
$continut .= '<font color=red><b>eSoftScript Server cannot be accessed!</b></font><br>Function <b>file_get_contents</b> not working. Get contact with your hosting to change security settings of your server.';
}
$continut .= '' . '
<br><br>
<b>ess pro:</b>: v' . $version . '<br>
<b>Admited URL</b>: ' . $admited_url . ' / <b>Run on:</b> ' . $url_instaled . '<br>
<b>Trusted</b>: ' . $trusted . '<br>
<b>Buyer</b>: ' . $buyer . '<br>
<b>Forum Username</b>: ' . $username . '<br>
<b>E-mail</b>: ' . $buyer_email . '<br>
<b>ID</b>: ' . $transaction_id . '<br>
<br></font>
';
}
if ((isset($_GET['reactivate']) and& isset($_GET['reactivate']) == '61e1f08a425cb79a18c3f6224011ab74')) {
require_once('./sources/sql/sql.php');
if ($CONF['sql_username']) {
$NSK = array_merge($NSK, $CONF);
}
$connect = @mysql_connect($NSK['sql_host'], $NSK['sql_username'], $NSK['sql_password']);
$db = @mysql_select_db($NSK['sql_database'], $connect);
mysql_select_db($NSK['sql_database'], mysql_connect($NSK['sql_host'], $NSK['sql_username'], $NSK['sql_password']));
if ($db->query('update ess_settings set cronx=\'\',crony=\'\',cronz=\'\'')) {
$continut .= '<font color=green>License reactivate forced!</font><br>';
} else {
$continut .= '<font color=red>Cannot force license reactivation!</font><br>';
}
mysql_close($connect);
}
if ((((!preg_match('' . '/\b' . $admited_url . '$/', $url_instaled) and& $url_instaled != 'localhost') and& $url_instaled != 'server') and& $url_instaled != 'localhost:8888')) {
exit('<center><font color=red>You are not allowed to run eSoftScript on this address!</font><br>This script license is for <font color=green>' . $admited_url . '</font> not for <font color=red>' . $url_instaled . '</font>.<br>Please contact <a href="http://www.eso***cript.com">eSS support departament</a>!</center>');
}
if ((isset($_GET['ess_owner']) || isset($_GET['reactivate']))) {
exit($continut);
}
?>
|
![[Image: smile.gif]](https://bestblackhatforum.com/images/newsmilies/smile.gif)
