Ребят SOS

Всем привет ребятки выручите пожалуйста поставил панель но вот все подключил к бд все такое но ошибка 500 500 INTERNAL ERROR вот логи [04-Jul-2016 14:13:18 Europe/Paris] PHP Notice: Undefined index: lang in C:inetpubwwwrootpanel_applanguage-index.php on line 3
[04-Jul-2016 14:13:18 Europe/Paris] PHP Notice: Undefined index: lang in C:inetpubwwwrootpanel_applanguage-index.php on line 16
[04-Jul-2016 14:13:18 Europe/Paris] PHP Notice: Undefined index: lang in C:inetpubwwwrootpanel_applanguage-index.php on line 18
[04-Jul-2016 14:13:18 Europe/Paris] PHP Fatal error: Can't use method return value in write context in C:inetpubwwwrootpanel_appphpzpanel.class.php on line 271

сейчас скину файлик в котором пишит ошибку помогите пожалуйста
Добавлено 04.07.16 в 15:19:34:
Вот файлик
Добавлено 04.07.16 в 15:20:14:
<?php

class zpanel {

/*
* Get configs info by value
*/

public function getConfigByValue($value, $column, $connection) {

$selectConfig = "SELECT * FROM WEB_Config WHERE config_name = '$value'";
$selectConfigParam = array();
$selectConfigQuery = sqlsrv_query($connection, $selectConfig, $selectConfigParam);

while ($resConfig = sqlsrv_fetch_array($selectConfigQuery, SQLSRV_FETCH_ASSOC)) {
$var = $resConfig[$column];
return $var;
}
}

/*
* Get all config
*/
public function getConfig($column, $connection) {

$selectConfig = "SELECT * FROM WEB_Config";
$selectConfigParam = array();
$selectConfigQuery = sqlsrv_query($connection, $selectConfig, $selectConfigParam);

while ($resConfig = sqlsrv_fetch_array($selectConfigQuery, SQLSRV_FETCH_ASSOC)) {
$var = $resConfig[$column];
return $var;
}
}

/*
* Get the client ip
* ignore all warnings here
*/

public function get_client_ip() {
$ipaddress = '';
if ($_SERVER['HTTP_CLIENT_IP'])
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if ($_SERVER['HTTP_X_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if ($_SERVER['HTTP_X_FORWARDED'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if ($_SERVER['HTTP_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if ($_SERVER['HTTP_FORWARDED'])
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if ($_SERVER['REMOTE_ADDR'])
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}

/*
* Generate log function
*/
public function generateWebLog($conn, $logID, $CustomerID, $action, $msg, $idJoueur = null){
$date = date('d-m-Y H:i:s');
$insertWebLog = "INSERT INTO WEB_Log (LogID, CustomerID, action, msg, date, JoueurID) VALUES ('$logID', '$CustomerID', '$action', '$msg', '$date', '$idJoueur')";
$insertWebLogParam = array();
$insertWebLogQuery = sqlsrv_query($conn, $insertWebLog, $insertWebLogParam);
$insertWebLogAffectedRows = sqlsrv_rows_affected($insertWebLogQuery);

return $insertWebLogAffectedRows;
}

/*
* Development page
*/
public function developmentPage($status = null){
if($status){
echo '<div class="alert alert-info">'. W_DEVELOPMENT_PAGE .'</div>';
}
}


/* FUNCTION BY NELEKT */
public function getIDFromEmail($connection, $email){
$getIDFromEmail = "SELECT CustomerID FROM Accounts WHERE email = '$email'";
$getIDFromEmailParam = array();
$getIDFromEmailQuery = sqlsrv_query($connection, $getIDFromEmail, $getIDFromEmailParam);
while( $row = sqlsrv_fetch_array( $getIDFromEmailQuery, SQLSRV_FETCH_ASSOC) ) {
return $row['CustomerID'];
}
}

public function queryAllWebLog($connection, $action){
$getAllWebLog = "SELECT * FROM WEB_Log WHERE action = '$action' ORDER BY date DESC";
$getAllWebLogParam = array();
$getAllWebLogQuery = sqlsrv_query($connection, $getAllWebLog, $getAllWebLogParam);
return $getAllWebLogQuery;

}

public function getUserDataFromID($column, $AccountID, $connection) {
$sessionUser = $_SESSION['userLogin'];

$getUserDataFromID = "SELECT * FROM Accounts WHERE customerID = '$AccountID'";
$getUserDataFromIDParam = array();
$getUserDataFromIDQuery = sqlsrv_query($connection, $getUserDataFromID, $getUserDataFromIDParam);

while ($resUserAcc = sqlsrv_fetch_array($getUserDataFromIDQuery, SQLSRV_FETCH_ASSOC)) {
$var = $resUserAcc[$column];
return $var;
}
}

public function getNbPlayersOnline($connection){
$getNbPlayersOnline = "SELECT COUNT(*) AS total_online From UsersChars as uc JOIN UsersData as ud ON uc.CustomerID = ud.CustomerID WHERE DATEDIFF(SECOND, uc.LastUpdateDate, GETDATE()) <= 70";
$getNbPlayersOnlineParam = array();
$getNbPlayersOnlineQuery = sqlsrv_query($connection, $getNbPlayersOnline, $getNbPlayersOnlineParam);

$numberonline = sqlsrv_fetch_array($getNbPlayersOnlineQuery, SQLSRV_FETCH_ASSOC);
return $numberonline;
}

public function getPlayersOnline($connection){
$getNbPlayersOnline = "SELECT DISTINCT uc.LastUpdateDate, uc.Gamertag, uc.CustomerID, ud.CustomerID, ud.IsDeveloper, ud.AccountType From UsersChars as uc JOIN UsersData as ud ON uc.CustomerID = ud.CustomerID WHERE DATEDIFF(SECOND, uc.LastUpdateDate, GETDATE()) <= 70";
$getNbPlayersOnlineParam = array();
$getNbPlayersOnlineQuery = sqlsrv_query($connection, $getNbPlayersOnline, $getNbPlayersOnlineParam);

return $getNbPlayersOnlineQuery;
}

public function shop_product_check($connection, $itemid, $itemname, $itemdesc, $itemquantity, $itemprice){
$getAllProducts = "SELECT * FROM WEB_Products";
$getAllProductsParam = array();
$getAllProductsQuery = sqlsrv_query($connection, $getAllProducts, $getAllProductsParam);

while ($resAllProducts = sqlsrv_fetch_array($getAllProductsQuery, SQLSRV_FETCH_ASSOC)) {
if($resAllProducts['id'] == $itemid && $resAllProducts['name'] == $itemname && $resAllProducts['description'] == $itemdesc && $resAllProducts['quantity'] == $itemquantity && $resAllProducts['price'] == $itemprice){
return true;
}
}
}

public function shop_execute($conn, $itemid, $itemname, $itemdesc, $itemquantity, $email, $itemprice, $token){
$AccountID = $this->getIDFromEmail($conn, $email);

switch($itemid){
case "0001":
//ACHAT DU LEGENDAIRE
//update account type
$updateAccountype = "UPDATE UsersData SET AccountType = 0 WHERE CustomerID = '$AccountID'";
$updateAccountypeQuery = sqlsrv_query($conn, $updateAccountype, array());
$updateAccountypeRows = sqlsrv_rows_affected($updateAccountypeQuery);

// update gc
$updateGamePoints = "UPDATE UsersData SET GamePoints = GamePoints + 1500 WHERE CustomerID = '$AccountID'";
$updateGamePointsQuery = sqlsrv_query($conn, $updateGamePoints, array());
$updateGamePointsRows = sqlsrv_rows_affected($updateGamePointsQuery);

if($updateGamePointsRows && $updateAccountypeRows){
$execution_ok = true;
}
if($execution_ok){
$this->generateWebLog($conn, '9', $AccountID, 'shop order executed', 'Order '.$token.' correctly executed', $AccountID);
$dateNow = date('Y-m-d H:i:s');
$insertPurchases = "INSERT INTO WEB_MyPurchases (CustomerID, Pack, Cost, Token, Date) VALUES ('$AccountID', '$itemid', '$itemprice', '$token', '$dateNow')";
$insertPurchasesParam = array();
$insertPurchasesQuery = sqlsrv_query($conn, $insertPurchases, $insertPurchasesParam);
if(!$insertPurchasesQuery){
return die( print_r( sqlsrv_errors(), true));
}
}
}
return true;
}

public function shop_getProductInfo($conn, $column, $search, $value){
$getProductInfo = "SELECT * FROM WEB_Products WHERE $search = $value ";
$getProductInfoParam = array();
$getProductInfoQuery = sqlsrv_query($conn, $getProductInfo, $getProductInfoParam);
if(!$getProductInfoQuery){
return die( print_r( sqlsrv_errors(), true));
}
$resProductInfo = sqlsrv_fetch_array($getProductInfoQuery, SQLSRV_FETCH_ASSOC);
if(!$getProductInfoQuery){
return die( print_r( sqlsrv_errors(), true));
}
return $resProductInfo[$column];
}

public function steam_insertdata($connection, $email, $_steamid){
$AccountID = $this->getIDFromEmail($connection, $email);
$steamauth['apikey'] = "D23A68CA90B8A1368C4BFE27BCFF1819";

if($this->steam_checkexist($connection, $email) < 1){
$url_summaries = file_get_contents("http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=".$steamauth['apikey']."&steamids=".$_steamid);
$playersummaries = json_decode($url_summaries, true);
$steamid = $playersummaries['response']['players'][0]['steamid'];
$communityvisibilitystate = $playersummaries['response']['players'][0]['communityvisibilitystate'];
$personaname = $playersummaries['response']['players'][0]['personaname'];
$lastlogoff = $playersummaries['response']['players'][0]['lastlogoff'];
$profileurl = $playersummaries['response']['players'][0]['profileurl'];
$timecreated = $playersummaries['response']['players'][0]['timecreated'];
$avatarfull = $playersummaries['response']['players'][0]['avatarfull'];
$profilestate = $playersummaries['response']['players'][0]['profilestate'];

$url_games = file_get_contents("http://api.steampowered.com/IPlayerService/GetOwnedGames/v0001/?key=".$steamauth['apikey']."&steamid=".$_steamid."&format=json";
$playergame = json_decode($url_games, true);
$game_count = $playergame['response']['game_count'];

$url_friends = file_get_contents("http://api.steampowered.com/ISteamUser/GetFriendList/v0001/?key=".$steamauth['apikey']."&steamid=".$_steamid."&relationship=friend";
$playerfriends = json_decode($url_friends, true);
$nb_friends = $playerfriends['friendslist']['friends'];

$url_ban = file_get_contents("http://api.steampowered.com/ISteamUser/GetPlayerBans/v1/?key=".$steamauth['apikey']."&steamids=".$_steamid);
$playerban= json_decode($url_ban, true);
$VACBanned = (($playerban['players'][0]['VACBanned'] == true) ? 1 : 0);
$NumberOfVACBans = $playerban['players'][0]['NumberOfVACBans'];
$DaysSinceLastBan = $playerban['players'][0]['DaysSinceLastBan'];

$insertSteamData = "INSERT INTO WEB_SteamData VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 0)";
$insertSteamDataParam = array($AccountID, $steamid, $communityvisibilitystate, $personaname, count($nb_friends), $VACBanned, $NumberOfVACBans, $DaysSinceLastBan, $game_count, $game_count, $profileurl, $timecreated, $avatarfull, $profilestate);
$insertSteamDataQuery = sqlsrv_query($connection, $insertSteamData, $insertSteamDataParam);


if(!$insertSteamDataQuery){
die( print_r( sqlsrv_errors(), true));
}else{
return true;
}
}else{
return false;
}
}

public function steam_checkexist($connection, $email){
$AccountID = $this->getIDFromEmail($connection, $email);

$SteamCheckData = "SELECT * FROM WEB_SteamData WHERE CustomerID = '$AccountID' ";
$SteamCheckDataParam = array();
$SteamCheckDataOptions = array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
$SteamCheckDataQuery = sqlsrv_query($connection, $SteamCheckData, $SteamCheckDataParam, $SteamCheckDataOptions);

$resSteamCheck = sqlsrv_fetch_array($SteamCheckDataQuery, SQLSRV_FETCH_ASSOC);
$row = sqlsrv_num_rows($SteamCheckDataQuery);

if(!$SteamCheckDataQuery){
die( print_r( sqlsrv_errors(), true));
}
return $row;
}

public function steam_getData($connection, $email, $column = null){
$AccountID = $this->getIDFromEmail($connection, $email);

$SteamGetData = "SELECT * FROM WEB_SteamData WHERE CustomerID = '$AccountID' ";
$SteamGetDataParam = array();
$SteamGetDataQuery = sqlsrv_query($connection, $SteamGetData, $SteamGetDataParam);

$resSteamGetData = sqlsrv_fetch_array($SteamGetDataQuery, SQLSRV_FETCH_ASSOC);

return ((!empty($column)) ? $resSteamGetData[$column] : $resSteamGetData);

}

public function check_condition($connection, $type, $email){
switch ($type){
case 'vacban':
$cond = (($this->steam_getData($connection, $email, 'vacban') == 0) ? 'success' : 'danger');
break;
case 'personaname':
$cond = ((!empty($this->steam_getData($connection, $email, 'personaname'))) ? 'success' : 'danger');
break;
case 'nb_games':
$min_games = 3;
$cond = (($this->steam_getData($connection, $email, 'nb_games') >= $min_games) ? 'success' : 'danger');
break;
case 'timecreated':
$time = time();
$min_month = 5259600; // 2 month in second
$new_date = $time - $min_month;
$cond = (($this->steam_getData($connection, $email, 'timecreated') <= $new_date) ? 'success' : 'danger');
break;
case 'nb_friends';
$min_friends = 3;
$cond = (($this->steam_getData($connection, $email, 'nb_friends') >= $min_friends) ? 'success' : 'danger');
break;
}
$icon = ' <i class="glyphicons glyphicons-'.$cond.'_2 text-success"></i>';
$label = ' <span class="label label-'.$cond.'">'.(($cond == 'success') ? 'PASSED' : 'FAILED').'</span>';
return $label;
}

public function validate_account($connection, $email){
$AccountID = $this->getIDFromEmail($connection, $email);
$min_games = 3;

$time = time();
$min_month = 5259600; // 2 month in second
$new_date = $time - $min_month;

$min_friends = 3;

$vacban = $this->steam_getData($connection, $email, 'vacban');
$pseudo = $this->steam_getData($connection, $email, 'personaname');
$nb_games = $this->steam_getData($connection, $email, 'nb_games');
$timecreated = $this->steam_getData($connection, $email, 'timecreated');
$nb_friends = $this->steam_getData($connection, $email, 'nb_friends');


if($vacban == 0 && !empty($pseudo) && $nb_games >= $min_games && $timecreated <= $new_date && $nb_friends >= $min_friends){
// VERIFICATION OK
$updateAccounStatus = "UPDATE UsersData SET AccountStatus = 100 WHERE CustomerID = '$AccountID'";
$updateAccounStatusQuery = sqlsrv_query($connection, $updateAccounStatus, array());
$updateAccountypeRows = sqlsrv_rows_affected($updateAccounStatusQuery);

$updateAccounStatus2 = "UPDATE Accounts SET AccountStatus = 100 WHERE CustomerID = '$AccountID'";
$updateAccounStatusQuery2 = sqlsrv_query($connection, $updateAccounStatus2, array());
$updateAccountypeRows2 = sqlsrv_rows_affected($updateAccounStatusQuery2);

$updateSteamData = "UPDATE WEB_SteamData SET is_verified = 1 WHERE CustomerID = '$AccountID'";
$updateSteamDataQuery = sqlsrv_query($connection, $updateSteamData, array());
$updateSteamDataRows = sqlsrv_rows_affected($updateSteamDataQuery);

if(!$updateAccounStatusQuery || !$updateAccounStatusQuery2 || $updateSteamDataQuery){
die( print_r( sqlsrv_errors(), true));
}

return true;
}else{
return false;
}
}

public function check_validate($connection, $email){
$AccountID = $this->getIDFromEmail($connection, $email);
$min_games = 3;

$time = time();
$min_month = 5259600; // 2 month in second
$new_date = $time - $min_month;

$min_friends = 3;

$vacban = $this->steam_getData($connection, $email, 'vacban');
$pseudo = $this->steam_getData($connection, $email, 'personaname');
$nb_games = $this->steam_getData($connection, $email, 'nb_games');
$timecreated = $this->steam_getData($connection, $email, 'timecreated');
$nb_friends = $this->steam_getData($connection, $email, 'nb_friends');


if($vacban == 0 && !empty($pseudo) && $nb_games >= $min_games && $timecreated <= $new_date && $nb_friends >= $min_friends){;
return true;
}else{
return false;
}
}

}

Добавлено 04.07.16 в 15:21:40:
Вот строка как бы 271 на которую ругается $cond = ((!empty($this->steam_getData($connection, $email, 'personaname'))) ? 'success' : 'danger');

Изм. 2 раз. / Посл. изм.

KEKS 0.77

(4 июл 2016, 15:40)

Ты не тот файл скинул. Нужен index.php из папки applanguage

Денис Павлик, смысле? может его переименовать в index.php?

Изм. 1 раз. / Посл. изм.

KEKS 0.77

(4 июл 2016, 15:25)

KEKS,
Notice: Undefined index: lang in C:inetpubwwwrootpanel_applanguage-index.php on line 3

index.php скинь.

Денис Павлик, <?php
// general variables
$getLANG = $_GET['lang'];

// lang get
// only english and portuguese yet
if ($getLANG == 'en') {
setcookie("lang", "en", time() + 86400);
header('Location: index.php');
} elseif ($getLANG == 'pt-br') {
setcookie("lang", "pt-br", time() + 86400);
header('Location: index.php');
}

// cookie lang
if ($_COOKIE['lang'] == 'en'):
require_once('_app/lang/en.php');
elseif ($_COOKIE['lang'] == 'pt-br'):
require_once('_app/lang/pt-br.php');
else:
// if not exists cookie or value is different of 'en' or 'pt-br' the language is english by default
require_once('_app/lang/en.php');
endif;
?>
Добавлено 04.07.16 в 15:37:29:
вот панель http://rgho.st/private/8sKCYjLZh/be7cccf3f8a6f2d57d5497b9f7143266
Добавлено 04.07.16 в 15:51:38:
Вот индекс который в корне <?php

<?php

// attr = atribute
// attr lang is to identify the variable in the language file
// attr lang é para identificar a variavel no arquivo de linguagem
ob_start();
session_start();
require('_app/dbinfo.inc.php');
require('_app/general_config.inc.php');
require('_app/language-index.php'); // language index and home is separated to get more performance in the application
// sql inject protection
require('_app/php/sql_inject.php');
$sqlInjection = new sql_inject('./sql_inject.log', true, 'index.php?error=noaccess');
require('_app/php/sql_check.php');

// zpanel class - DONT REMOVE THIS!
require('_app/php/zpanel.class.php');
$zpanel = new zpanel();

$badwords = array("+","--)","DEL ","--","'","del ","delete ","DELETE ","INSERT","insert","UPDATE","update","=","DROP","drop ","SELE ","sele ","$","WAREHOUSE","warehouse","DEXTERITY","Dexterity","WHERE ","where ",";","\"","*","UNION ","union ","MEMB ","memb ","SET ","set ","RES3T","res3t","WAREH","wareh","%","=","ADD ","add ","/",",",":","\\";
foreach($_POST as $value)
foreach($badwords as $word)
if(substr_count($value, $word) > 0)
die(header("Location: index.php?error=noaccess");

// general variables
$getERROR = $_GET['error'];
$getACTION = $_GET['action'];

// error messages
if ($getERROR == 'restrict') {
$returnError = E_RESTRICT;
} elseif ($getERROR == 'noaccess'){
$returnError = E_NOACCESS;
}

if (isset($_SESSION['userLogin'])) {
header('Location: home.php?msg=already');
}

if ($getACTION == 'logout') {
$returnSuccess = S_LOGOUT_SUCCESS;
}

Низе html пошел

Заливай на dumpz.org
И кидай линк, тогда и поговорим

Кидорас, http://dumpz.org/2288964/

$badwords = array("+","--)","DEL ","--","'","del ","delete ","DELETE ","INSERT","insert","UPDATE","update","=","DROP","drop ","SELE ","sele ","$","WAREHOUSE","warehouse","DEXTERITY","Dexterity","WHERE ","where ",";",""","*","UNION ","union ","MEMB ","memb ","SET ","set ","RES3T","res3t","WAREH","wareh","%","=","ADD ","add ","/",",",":",""smile;
foreach($_POST as $value)
foreach($badwords as $word)
if(substr_count($value, $word) > 0)
die(header("Location: index.php?error=noaccess"smile);



//
Это такая защита от от sql inj..

bibilink, http://dumpz.org/2288995/ вот защита

<?
if (!empty($_GET['lang']) {
$getLANG = $_GET['lang'];
}
?>