API tools faq
paste
Advertisement
Antek013

CMS BY JELLICOOOOO !H!H!H!H!H!

Antek013
Jul 31st, 2015
316
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.02 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*---------------------------------------------------+
  3. | CMS CREATO INTERAMENTE DA JELICO.
  4. +----------------------------------------------------+
  5. | E' VIETATA LA VIOLAZIONE DI COPYRIGHT
  6. +---------------------------------------------------*/
  7.  
  8. ini_set("display_errors",false);
  9. define("IN_HOLOCMS", TRUE);
  10. session_start();
  11. ini_set('default_charset', 'iso-8859-1');
  12. header("Content-Type: text/html; charset=ISO-8859-1", true);
  13. // #########################################################################
  14. // COLLEGAMENTO CON IL DATABASE
  15. // #########################################################################
  16.  
  17. @require_once('configurazione.php');
  18. mysql_connect("$MySQLhostname", "$MySQLusername", "$MySQLpassword") or die("");
  19. mysql_select_db("$MySQLdb") or die("");
  20.  
  21. // #########################################################################
  22. // CONNESIONE MYSQL
  23. // #########################################################################
  24.  
  25. $cms_name = mysql_fetch_assoc($cms_name = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_name'"));
  26. $cms_url = mysql_fetch_assoc($cms_url = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_url'"));
  27.  
  28. $remote_ip = $_SERVER[REMOTE_ADDR];
  29. $sitename = "".$cms_name['value']."";
  30. $shortname = "".$cms_name['value']."";
  31.  
  32. if(@ini_get('date.timezone') == null && function_exists("date_default_timezone_get")){ @date_default_timezone_set("Europe/Berlin"); }
  33.  
  34. $H = date('H');
  35. $i = date('i');
  36. $s = date('s');
  37. $m = date('m');
  38. $d = date('d');
  39. $Y = date('Y');
  40. $j = date('j');
  41. $n = date('n');
  42. $today = $d;
  43. $month = $m;
  44. $year = $Y;
  45. $getmoney_date = date('d.m.Y',mktime($m,$d,$Y));
  46. $birthday_date = date('d.m', mktime($m,$d));
  47. $date_normal = date('d.m.Y',mktime($m,$d,$Y));
  48. $date_full = date('d.m.Y H:i:s',mktime($H,$i,$s,$m,$d,$Y));
  49. $path = "".$cms_url['value']."";
  50. $adminpath = "".$path."/manage/hotel/de/housekeeping";
  51. $clientpath = "http://pixel-italia.it";
  52. $cimagesurl = "http://pixel-italia.it/r63/c_images/";
  53. $badgesurl = "http://pixel-italia.it/r63/c_images/album1584/";
  54. $hash_secret = "";
  55.  
  56. $cms_settings = mysql_query("SELECT * FROM cms_settings LIMIT 1");
  57. $config = mysql_fetch_assoc($cms_settings);
  58.  
  59. $maintenance = mysql_num_rows($maintenance = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_maintenance' AND value = '1'"));
  60.  
  61. $server = mysql_fetch_assoc($server_status = mysql_query("SELECT * FROM server_status"));
  62. $online_count = $server['users_online'];
  63.  
  64. if(isset($_POST) || isset($_GET) || isset($_REQUEST) || isset($_COOKIE)){
  65. foreach($_POST as $key => $p)
  66. {
  67. $_POST[$key] = htmlentities($p);
  68. $_POST[$key] = mysql_real_escape_string($p);
  69. $_POST[$key] = html_entity_decode($p);
  70. }
  71.  
  72. //Filtro las entradas vía GET
  73. foreach($_GET as $key => $g)
  74. {
  75. $_GET[$key] = mysql_real_escape_string($g);
  76. }
  77. foreach($_GET as $key => $s)
  78. {
  79. $COOKIE[$key] = mysql_real_escape_string($s);
  80. }
  81. //Filtro las entradas vía REQUEST
  82. foreach($_REQUEST as $key => $k)
  83. {
  84. $_REQUEST[$key] = mysql_real_escape_string($k);
  85. }
  86. }
  87. if(isset($_GET)){
  88.  
  89. //Filtro las entradas vía GET
  90. foreach($_GET as $key => $f)
  91. {
  92. $_GET[$key] = strip_tags(htmlentities($f));
  93. }
  94. }
  95.  
  96. // #########################################################################
  97. // TABBELLA CONFIGURAZIONE SITO MYSQL
  98. // #########################################################################
  99.  
  100. function FetchSITESetting($strSetting){
  101.  
  102. $tmp = mysql_query("SELECT ".$strSetting." FROM cms_settings LIMIT 1") or die(mysql_error());
  103. $tmp = mysql_fetch_assoc($tmp);
  104. return $tmp[$strSetting];
  105.  
  106. }
  107.  
  108. // #########################################################################
  109. // CRIPTO PASSWORD
  110. // #########################################################################
  111.  
  112. function HoloHash($password){
  113. //$hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
  114. $string = sha1($password);
  115. return $string;
  116. }
  117.  
  118. function HoloHashMD5($password){
  119. //$hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
  120. $string = md5($password);
  121. return $string;
  122. }
  123.  
  124. // #########################################################################
  125. // DIVIETI (BANNARE)
  126. // #########################################################################
  127.  
  128. if(!session_is_registered(username) && $_COOKIE['remember'] == "remember"){
  129.  
  130. $cname = FilterText($_COOKIE['rusername']);
  131. $cpass_hash = $_COOKIE['rpassword'];
  132.  
  133. $csql = mysql_query("SELECT password,id FROM users WHERE username = '".$cname."' LIMIT 1") or die(mysql_error());
  134. $cnum = mysql_num_rows($csql);
  135.  
  136. if($cnum < 1){
  137. setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  138. setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  139. setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  140. } else {
  141.  
  142. $crow = mysql_fetch_assoc($csql);
  143. $correct_pass = $crow['password'];
  144.  
  145. if($cpass_hash == $correct_pass){
  146. $_SESSION['username'] = $cname;
  147. $_SESSION['password'] = $crow['password'];
  148. $sql3 = mysql_query("UPDATE users SET ip_last = '".$remote_ip."' WHERE username = '".$cname."'");
  149. header("location: me"); exit;
  150. } else {
  151.  
  152. setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  153. setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  154. setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  155. }
  156. }
  157. }
  158.  
  159. // #########################################################################
  160. // IS-EVEN FUNKTION
  161. // #########################################################################
  162.  
  163. function IsEven($intNumber)
  164. {
  165. if($intNumber % 2 == 0){
  166. return true;
  167. } else {
  168. return false;
  169. }
  170. }
  171.  
  172. // #########################################################################
  173. // SMILIES FOR GRUPPEN/FORUM
  174. // #########################################################################
  175.  
  176. function bbcode_format($str){
  177.  
  178. $str = str_replace(":)", " <img src='./web-gallery/smilies/smile.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  179. $str = str_replace(";)", " <img src='./web-gallery/smilies/wink.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  180. $str = str_replace(":P", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  181. $str = str_replace(";P", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  182. $str = str_replace(":p", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  183. $str = str_replace(";p", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  184. $str = str_replace("(L)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  185. $str = str_replace("(l)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  186. $str = str_replace(":o", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  187. $str = str_replace(":O", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  188.  
  189. $simple_search = array(
  190. '/\[b\](.*?)\[\/b\]/is',
  191. '/\[i\](.*?)\[\/i\]/is',
  192. '/\[u\](.*?)\[\/u\]/is',
  193. '/\[s\](.*?)\[\/s\]/is',
  194. '/\[quote\](.*?)\[\/quote\]/is',
  195. '/\[link\=(.*?)\](.*?)\[\/link\]/is',
  196. '/\[url\=(.*?)\](.*?)\[\/url\]/is',
  197. '/\[color\=(.*?)\](.*?)\[\/color\]/is',
  198. '/\[size=small\](.*?)\[\/size\]/is',
  199. '/\[size=large\](.*?)\[\/size\]/is',
  200. '/\[code\](.*?)\[\/code\]/is',
  201. '/\[habbo\=(.*?)\](.*?)\[\/habbo\]/is',
  202. '/\[room\=(.*?)\](.*?)\[\/room\]/is',
  203. '/\[group\=(.*?)\](.*?)\[\/group\]/is'
  204. );
  205.  
  206. $simple_replace = array(
  207. '<strong>$1</strong>',
  208. '<em>$1</em>',
  209. '<u>$1</u>',
  210. '<s>$1</s>',
  211. "<div class='bbcode-quote'>$1</div>",
  212. "<a href='$1'>$2</a>",
  213. "<a href='$1'>$2</a>",
  214. "<font color='$1'>$2</font>",
  215. "<font size='1'>$1</font>",
  216. "<font size='3'>$1</font>",
  217. '<pre>$1</pre>',
  218. "<a href='./user_profile.php?id=$1'>$2</a>",
  219. "<a onclick=\"roomForward(this, '$1', 'private'); return false;\" target=\"client\" href=\"./client.php?forwardId=2&roomId=$1\">$2</a>",
  220. "<a href='./group_profile.php?id=$1'>$2</a>"
  221. );
  222.  
  223. $str = preg_replace ($simple_search, $simple_replace, $str);
  224.  
  225. return $str;
  226. }
  227.  
  228. // #########################################################################
  229. // SSO TICKET BUTERFLY/PHOENIX
  230. // #########################################################################
  231.  
  232. function GenerateTicket(){
  233.  
  234. $data = "ST-";
  235.  
  236. for ($i=1; $i<=6; $i++){
  237. $data = $data . rand(0,9);
  238. }
  239.  
  240. $data = $data . "-";
  241.  
  242. for ($i=1; $i<=20; $i++){
  243. $data = $data . rand(0,9);
  244. }
  245.  
  246. $data = $data . "";
  247. $data = $data . rand(0,5);
  248.  
  249. return $data;
  250. }
  251.  
  252. // #########################################################################
  253.  
  254. if(session_is_registered('username')){
  255.  
  256. $rawname = $_SESSION['username'];
  257. $rawpass = $_SESSION['password'];
  258.  
  259. $usersql = mysql_query("SELECT * FROM users WHERE username = '".$rawname."' AND password = '".$rawpass."' LIMIT 1");
  260. $myrow = mysql_fetch_assoc($usersql);
  261.  
  262. $userinfo = mysql_query("SELECT * FROM user_stats WHERE id = '".$myrow['id']."'");
  263. $userinfo = mysql_fetch_assoc($userinfo);
  264.  
  265. $password_correct = mysql_num_rows($usersql);
  266.  
  267. $my_id = $myrow['id'];
  268. $user_rank = $myrow['rank'];
  269.  
  270. $ban = mysql_query("SELECT * FROM bans WHERE value = '".$myrow['username']."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1");
  271. $bancheck = mysql_num_rows($ban);
  272.  
  273. if($myrow['ip_reg'] == "0"){
  274. mysql_query("UPDATE users SET ip_reg = '".$remote_ip."' WHERE id = '".$myrow['id']."'");
  275.  
  276. }elseif($password_correct !== 1){
  277.  
  278. session_destroy();
  279. header("location: ".$path."1");
  280. exit;
  281.  
  282. }elseif($bancheck > 0){
  283.  
  284. $bandata = mysql_fetch_assoc($ban);
  285.  
  286. $timestamp = time();
  287. if($bandata['expire'] > $timestamp){
  288. $login_error = "Sei stato bandito! Il motivo del ban è il seguente: \"".$bandata['reason']."\" Scadenza ".date('d.m.Y - H:i:s', $bandata['expire'])."";
  289. include('logout.php');
  290. session_destroy(); exit;
  291.  
  292. } else{
  293. mysql_query("DELETE FROM bans WHERE value = '".$name."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1"); }
  294. }
  295.  
  296. $logged_in = true;
  297. $name = HoloText($myrow['username']);
  298.  
  299. } else {
  300.  
  301. $user_rank = 0;
  302. $name = "UTENTE";
  303. $my_id = "No-ID";
  304. $myticket = "UTENTE";
  305. $logged_in = false;
  306.  
  307. }
  308.  
  309. // #########################################################################
  310. // HC CHECK
  311. // #########################################################################
  312.  
  313. $hc_a = mysql_query("SELECT * FROM user_subscriptions WHERE user_id = '".$my_id."' and timestamp_expire > '".time()."'");
  314. $hc = mysql_num_rows($hc_a);
  315.  
  316. function getHCDays($my_id){
  317.  
  318. $sql = mysql_query("SELECT timestamp_activated,timestamp_expire FROM user_subscriptions WHERE user_id = '".$my_id."' LIMIT 1") or die(mysql_error());
  319.  
  320. if (mysql_num_rows($sql) == 0){
  321. return 0;
  322. }
  323.  
  324. $data = mysql_fetch_assoc($sql);
  325. $diff = $data['timestamp_expire'] - time();
  326.  
  327. if ($diff <= 0){
  328. return 0;
  329. }
  330.  
  331. return ceil($diff / 86400);
  332. }
  333.  
  334.  
  335. // #########################################################################
  336. // VIP CHECK
  337. // #########################################################################
  338.  
  339. $vip_a = mysql_query("SELECT * FROM vip WHERE id_user = '".$my_id."'");
  340. $vip = mysql_num_rows($vip_a);
  341.  
  342. function getVIPDays($my_id){
  343.  
  344. $sql = mysql_query("SELECT timestamp,timestampend FROM vip WHERE id_user = '".$my_id."' LIMIT 1") or die(mysql_error());
  345.  
  346. if (mysql_num_rows($sql) == 0){
  347. return 0;
  348. }
  349.  
  350. $data = mysql_fetch_assoc($sql);
  351. $diff = $data['timestampend'] - time();
  352.  
  353. if ($diff <= 0){
  354. return 0;
  355. }
  356.  
  357. return ceil($diff / 86400);
  358. }
  359.  
  360.  
  361. // #########################################################################
  362. // MANUTENZIONE
  363. // #########################################################################
  364.  
  365. if($user_rank > 4){
  366.  
  367. if(session_is_registered(hkusername) && session_is_registered(hkpassword)){
  368. $rank['iAdmin'] = "1";
  369. } else {
  370. $rank['iAdmin'] = "0";
  371. }
  372.  
  373. } else {
  374. $rank['iAdmin'] = "0";
  375. }
  376.  
  377. if($maintenance == '1' && !$is_maintenance && $rank['iAdmin'] < 1){
  378. header("Location: ".$path."/maintenance");
  379. exit;
  380. } elseif($rank['iAdmin'] == 1 && $config['variable'] == "cms_maintenance" && $config['value'] == '1'){
  381. $notify_maintenance = true;
  382. }
  383.  
  384. // #########################################################################
  385.  
  386. function IsUserBanned($name){
  387.  
  388. $check = mysql_query("SELECT * FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip'") or die(mysql_error());
  389. $is_banned = mysql_num_rows($check);
  390.  
  391. if($is_banned > 0){
  392. $bandata = mysql_fetch_assoc($check);
  393. $reason = $bandata['reason'];
  394. $expire = $bandata['expire'];
  395.  
  396. $stamp_now = time();
  397.  
  398. if($stamp_now < $bandata['expire']){
  399. return true;
  400. } else { // ban expired
  401. mysql_query("DELETE FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1") or die(mysql_error());
  402. return false;
  403. }
  404. } else {
  405. return false;
  406. }
  407. }
  408.  
  409. // #########################################################################
  410.  
  411. function mysql_evaluate($query, $default_value="undefined") {
  412. $result = mysql_query($query) or die(mysql_error());
  413.  
  414. if(mysql_num_rows($result) < 1){
  415. return $default_value;
  416. } else {
  417. return mysql_result($result, 0);
  418. }
  419. }
  420.  
  421.  
  422. // #########################################################################
  423.  
  424. function FilterText($str, $advanced=false) {
  425. if($advanced == true){ return mysql_real_escape_string($str); }
  426. $str = mysql_real_escape_string(htmlspecialchars($str));
  427. return $str;
  428. }
  429.  
  430. function HoloText($str, $advanced=false, $bbcode=false) {
  431. if($advanced == true){ return stripslashes($str); }
  432. $str = stripslashes(nl2br(htmlspecialchars($str)));
  433. if($bbcode == true){$str = bbcode_format($str); }
  434. return $str;
  435. }
  436.  
  437.  
  438. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!