Tester

<?php
define("IN_HOLOCMS", TRUE);session_start();
// #########################################################################// MySQL CONNECTOR// #########################################################################
@require_once('server-data.php_data_classes-config.php.php');mysql_connect("Localhost", "root", "nitsud") or die(""); mysql_select_db("Hezzo") or die("");
$heuristic = true;if($heuristic == true){ foreach($_REQUEST as $var => $val){ if(strpos($val,"'")!==false) { gtfo($var); } if(strpos($val,"\"")!==false) { gtfo($var); } if(strpos($val,"=")!==false) { gtfo($var); } if(strpos($val,"chr(")!==false) { gtfo($var); } }}
function gtfo($var){ if($var == "debug" || $var == "longstory" || $var == "error_desc" || $var == "html" || $var == "system" || $var == "konst_text" || $var == "sprach_text" || $var == "konst_type" || $var == "sprach_type" || $var == "words"){ }else{ die("Leider nicht moeglich @ " . htmlspecialchars($var)); }
}
// #########################################################################// Kurz Befehle// #########################################################################
$cms_name = mysql_fetch_assoc($cms_name = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_name'"));$cms_url = mysql_fetch_assoc($cms_url = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_url'"));
$remote_ip = $_SERVER['REMOTE_ADDR'];$sitename = "".$cms_name['value']."";$shortname = "".$cms_name['value']."";
if(@ini_get('date.timezone') == null && function_exists("date_default_timezone_get")){ @date_default_timezone_set("Europe/Berlin"); }
$H = date('H');$i = date('i');$s = date('s');$m = date('m');$d = date('d');$Y = date('Y');$j = date('j');$n = date('n');$today = $d;$month = $m;$year = $Y;$getmoney_date = date('d.m.Y',mktime($m,$d,$Y));$birthday_date = date('d.m', mktime($m,$d));$date_normal = date('d.m.Y',mktime($m,$d,$Y));$date_full = date('d.m.Y H:i:s',mktime($H,$i,$s,$m,$d,$Y));$path = "".$cms_url['value']."";$adminpath = "".$path."/range/hotel/de/housekeeping";$port = "30000";$ip = "habfire.hopto.org";$clientpath = "http://habfire.hopto.org";$cimagesurl = "http://habfire.hopto.org/c_images/";$badgesurl = "/album1584/";$hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
$cms_settings = mysql_query("SELECT * FROM cms_settings LIMIT 1");$config = mysql_fetch_assoc($cms_settings);
$maintenance = mysql_num_rows($maintenance = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_maintenance' AND value = '1'"));
$server = mysql_fetch_assoc($server_status = mysql_query("SELECT * FROM server_status"));$online_count = $server['users_online'];
// #########################################################################// MySQL TABLE SITE_CONFIG// #########################################################################
function FetchSITESetting($strSetting){
$tmp = mysql_query("SELECT ".$strSetting." FROM cms_settings LIMIT 1") or die(mysql_error()); $tmp = mysql_fetch_assoc($tmp); return $tmp[$strSetting];
}
// #########################################################################// CMS LOGIN FUNKTION// #########################################################################
function HoloHash($password){ $hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/"; $string = sha1($password.($hash_secret)); return $string;}
function HoloHashMD5($password){ $hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/"; $string = md5($password.($hash_secret)); return $string;}
// #########################################################################// "EINGELOGGT BLEIBEN" FUNKTION/* #########################################################################
if(!session_is_registered('username') && $_COOKIE['remember'] == "remember"){
$cname = FilterText($_COOKIE['rusername']); $cpass_hash = FilterText($_COOKIE['rpassword']);
$csql = mysql_query("SELECT password,id FROM users WHERE username = '".$cname."' LIMIT 1") or die(mysql_error()); $cnum = mysql_num_rows($csql);
if($cnum < 1){ setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); } else {
$crow = mysql_fetch_assoc($csql); $correct_pass = $crow['password'];
if($cpass_hash == $correct_pass){ $_SESSION['username'] = $cname; $_SESSION['password'] = $crow['password']; $sql3 = mysql_query("UPDATE users SET ip_last = '".$remote_ip."' WHERE username = '".$cname."'"); header("location: me"); exit; } else {
setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); } }}
*/ #########################################################################// IS-EVEN FUNKTION// #########################################################################
function IsEven($intNumber){ if($intNumber % 2 == 0){ return true; } else { return false; }}
// #########################################################################// SMILIES FOR GRUPPEN/FORUM// #########################################################################
function bbcode_format($str){
$str = str_replace(":)", " <img src='./web-gallery/smilies/smile.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(";)", " <img src='./web-gallery/smilies/wink.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(":P", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(";P", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(":p", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(";p", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace("(L)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace("(l)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(":o", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(":O", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
$simple_search = array( '/\[b\](.*?)\[\/b\]/is', '/\[i\](.*?)\[\/i\]/is', '/\[u\](.*?)\[\/u\]/is', '/\[s\](.*?)\[\/s\]/is', '/\[quote\](.*?)\[\/quote\]/is', '/\[link\=(.*?)\](.*?)\[\/link\]/is', '/\[url\=(.*?)\](.*?)\[\/url\]/is', '/\[color\=(.*?)\](.*?)\[\/color\]/is', '/\[size=small\](.*?)\[\/size\]/is', '/\[size=large\](.*?)\[\/size\]/is', '/\[code\](.*?)\[\/code\]/is', '/\[habbo\=(.*?)\](.*?)\[\/habbo\]/is', '/\[room\=(.*?)\](.*?)\[\/room\]/is', '/\[group\=(.*?)\](.*?)\[\/group\]/is' );
$simple_replace = array( '$1', '$1', '$1', '<s>$1</s>', "<div class='bbcode-quote'>$1</div>", "<a href='$1'>$2</a>", "<a href='$1'>$2</a>", "$2", "$1", "$1", '<pre>$1</pre>', "<a href='./user_profile.php?id=$1'>$2</a>", "<a onclick=\"roomForward(this, '$1', 'private'); return false;\" target=\"client\" href=\"./client.php?forwardId=2&roomId=$1\">$2</a>", "<a href='./groups/$1'>$2</a>" );
$str = preg_replace ($simple_search, $simple_replace, $str);
return $str;}
// #########################################################################// FÜR LOGIN_TICKET// #########################################################################
function GenerateTicket(){
$data = "ST-";
for ($i=1; $i<=6; $i++){ $data = $data . rand(0,9); }
$data = $data . "-";
for ($i=1; $i<=20; $i++){ $data = $data . rand(0,9); }
$data = $data . "-hero-fire-de"; $data = $data . rand(0,5);
return $data;}
// #########################################################################
if(session_is_registered('username')){
$rawname = FilterText($_SESSION['username']); $rawpass = FilterText($_SESSION['password']);
$usersql = mysql_query("SELECT * FROM users WHERE username = '".$rawname."' AND password = '".$rawpass."' LIMIT 1"); $myrow = mysql_fetch_assoc($usersql);
$userinfo = mysql_query("SELECT * FROM user_stats WHERE id = '".$myrow['id']."'"); $userinfo = mysql_fetch_assoc($userinfo);
$password_correct = mysql_num_rows($usersql);
$my_id = $myrow['id']; $user_rank = $myrow['rank'];
$ban = mysql_query("SELECT * FROM bans WHERE value = '".$myrow['username']."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1"); $bancheck = mysql_num_rows($ban);
if($myrow['ip_reg'] == "0"){ mysql_query("UPDATE users SET ip_reg = '".$remote_ip."' WHERE id = '".$myrow['id']."'");
}elseif($password_correct !== 1){
session_destroy(); header("location: ".$path."1"); exit;
}elseif($bancheck > 0){
$bandata = mysql_fetch_assoc .Filtertext($ban);
$timestamp = time(); if($bandata['expire'] > $timestamp){ $login_error = "Du bist gebannt! Der Grund für deinen Bann lautet \"".$bandata['reason']."\" und dauert bis ".date('d.m.Y - H:i:s', $bandata['expire']).""; include('logout.php'); session_destroy(); exit;
} else{ mysql_query("DELETE FROM bans WHERE value = '".$name."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1"); } }
$logged_in = true; $name = HoloText($myrow['username']);
} else {
$user_rank = 0; $name = "No-Name"; $my_id = "No-ID"; $myticket = "ST-No-Name-hero-fire"; $logged_in = false;
}
// #########################################################################// HC CHECK// #########################################################################
$hc_a = mysql_query("SELECT * FROM user_subscriptions WHERE user_id = '".$my_id."' and timestamp_expire > '".time()."'"); $hc = mysql_num_rows($hc_a);
function getHCDays($my_id){
$sql = mysql_query("SELECT timestamp_activated,timestamp_expire FROM user_subscriptions WHERE user_id = '".$my_id."' LIMIT 1") or die(mysql_error()); if (mysql_num_rows($sql) == 0){ return 0; } $data = mysql_fetch_assoc($sql); $diff = $data['timestamp_expire'] - time(); if ($diff <= 0){ return 0; } return ceil($diff / 86400); }
// #########################################################################// VIP CHECK// #########################################################################
$vip_a = mysql_query("SELECT * FROM vip WHERE id_user = '".$my_id."'"); $vip = mysql_num_rows($vip_a);
function getVIPDays($my_id){
$sql = mysql_query("SELECT timestamp,timestampend FROM vip WHERE id_user = '".$my_id."' LIMIT 1") or die(mysql_error()); if (mysql_num_rows($sql) == 0){ return 0; } $data = mysql_fetch_assoc($sql); $diff = $data['timestampend'] - time(); if ($diff <= 0){ return 0; } return ceil($diff / 86400); }
// #########################################################################// HK/IS_MAINTENANCE CHECK// #########################################################################
if($user_rank > 4){
if(session_is_registered('hkusername') && session_is_registered('hkpassword')){ $rank['iAdmin'] = "1"; } else { $rank['iAdmin'] = "0"; }
} else { $rank['iAdmin'] = "0";}
if($maintenance == '1' && !$is_maintenance && $rank['iAdmin'] < 1){ header("Location: ".$path."/maintenance"); exit;} elseif($rank['iAdmin'] == 1 && $config['variable'] == "cms_maintenance" && $config['value'] == '1'){ $notify_maintenance = true;}
// #########################################################################
function IsUserBanned($name){
$check = mysql_query("SELECT * FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip'") or die(mysql_error()); $is_banned = mysql_num_rows($check);
if($is_banned > 0){ $bandata = mysql_fetch_assoc($check); $reason = $bandata['reason']; $expire = $bandata['expire'];
$stamp_now = time();
if($stamp_now < $bandata['expire']){ return true; } else { // ban expired mysql_query("DELETE FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1") or die(mysql_error()); return false; } } else { return false; }}
// #########################################################################
function mysql_evaluate($query, $default_value="undefined") { $result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result) < 1){ return $default_value; } else { return mysql_result($result, 0); }}
// #########################################################################
function FilterText($str, $advanced=false) { if($advanced == true){ return mysql_real_escape_string($str); } $str = mysql_real_escape_string(htmlspecialchars($str)); return $str;}
function HoloText($str, $advanced=false, $bbcode=false) { if($advanced == true){ return stripslashes($str); } $str = stripslashes(nl2br(htmlspecialchars($str))); if($bbcode == true){$str = bbcode_format($str); } return $str;}
// Forum System by GATGAT % Wave CMS
function getContent($strKey){
$tmp = mysql_query("SELECT contentvalue FROM cms_content WHERE contentkey = '".FilterText($strKey)."' LIMIT 1") or die(mysql_error()); $tmp = mysql_fetch_assoc($tmp); return $tmp['contentvalue'];
}
function IsUserOnline($intUID){$result = mysql_query("SELECT online FROM users WHERE id = '".$intUID."' LIMIT 1") or die(mysql_error());$timeout = 600; // 10 minutes ?
if(mysql_num_rows($result) < 1){ return false; } else { $result = mysql_fetch_array($result); $result = $result[0]; $result = $result + $timeout; if($result >= time()){ return true; } else { return false; } }}// Gruppenfunction GetUserGroup($my_id){$check = mysql_query("SELECT id_group FROM group_members WHERE id_user = '".$my_id."' AND is_current = '1' LIMIT 1") or die(mysql_error());$has_fave = mysql_num_rows($check);
if($has_fave > 0){
$row = mysql_fetch_assoc($check); $groupid = $row['id_group'];
return $groupid;
} else {
return false;
}}// noch mehr
function GetUserBadge($strName){ // supports user IDs also
if(is_numeric($strName)){ $check = mysql_query("SELECT id FROM users WHERE id = '".$strName."' AND badge_status = '1' LIMIT 1") or die(mysql_error()); } else { $check = mysql_query("SELECT id FROM users WHERE username = '".FilterText($strName)."' AND badge_status = '1' LIMIT 1") or die(mysql_error()); }
$exists = mysql_num_rows($check);
if($exists > 0){ $usrrow = mysql_fetch_assoc($check); $check = mysql_query("SELECT * FROM user_badges WHERE user_id = '".$usrrow['id']."' AND badge_slot = '1' LIMIT 1") or die(mysql_error()); $hasbadge = mysql_num_rows($check); if($hasbadge > 0){ $badgerow = mysql_fetch_assoc($check); return $badgerow['badge_id']; } else { return false; } } else { return false; }}
// #########################################################################
function GetUserGroupBadge($my_id){$check = mysql_query("SELECT id_group FROM group_members WHERE id_user = '".$my_id."' AND is_current = '1' LIMIT 1") or die(mysql_error());$has_badge = mysql_num_rows($check);
if($has_badge > 0){
$row = mysql_fetch_assoc($check); $groupid = $row['id_group'];
$check = mysql_query("SELECT badge FROM group_details WHERE id = '".$groupid."' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_assoc($check); $badge = $row['badge'];
return $badge;
} else {
return false;
}}
?>