Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- define("IN_HOLOCMS", TRUE);
- @session_start();
- // #########################################################################
- // CONEXÃO COM O BANCO DE DADOS
- // #########################################################################
- @require_once('server-data.php_data_classes-config.php.php');
- mysql_connect("$MySQLhostname", "$MySQLusername", "$MySQLpassword") or die("Erro em conexão com o MySQL");
- mysql_select_db("$MySQLdb") or die("Banco de dados inexistente");
- error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_WARNING);
- error_reporting(0);
- // #########################################################################
- // CONFIGURAÇÕES
- // #########################################################################
- $cms_name = mysql_fetch_assoc($cms_name = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_name'"));
- $cms_url = $hotel_url;
- foreach($_GET As $name=>$value) {
- $_GET[$name]=mysql_real_escape_string($value);
- }
- foreach($_POST as $name => $value) {
- $_POST[$name] = mysql_real_escape_string($value);
- }
- $remote_ip = $_SERVER['REMOTE_ADDR'];
- $sitename = "".$cms_name['value']."";
- $shortname = "".$cms_name['value']."";
- if(@ini_get('date.timezone') == null && function_exists("date_default_timezone_get")){ @date_default_timezone_set("Europe/Madrid"); }
- $H = date('H');
- $i = date('i');
- $s = date('s');
- $m = date('m');
- $d = date('d');
- $Y = date('Y');
- $j = date('j');
- $n = date('n');
- $today = $d;
- $month = $m;
- $year = $Y;
- $getmoney_date = date('d/m/Y',mktime($m,$d,$Y));
- $birthday_date = date('d/m', mktime($m,$d));
- $date_normal = date('d/m/Y',mktime($m,$d,$Y));
- $date_full = date('d/m/Y H:i:s',mktime($H,$i,$s,$m,$d,$Y));
- $path = $hotel_url;
- $adminpath = mysql_real_escape_string("".$path."/theallseeingeye/hotel/br/housekeeping"); //*Painel de Controle*//
- $clientpath = $hotel_url;
- $cimagesurl = $cimages_url;
- $badgesurl = "/swf/c_images/album1584/";
- $hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
- @require_once('server-data.php_data_classes-config.php.php'); //*Arquivo de configuração*//
- $maintenance = mysql_num_rows($maintenance = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_maintenance' AND value = '1'"));
- $server = mysql_fetch_assoc($server_status = mysql_query("SELECT * FROM server_status"));
- $online_count = $server['users_online'];
- if(isset($_POST) || isset($_GET) || isset($_REQUEST) || isset($_COOKIE)){
- foreach($_POST as $key => $p)
- {
- $_POST[$key] = htmlentities($p);
- $_POST[$key] = mysql_real_escape_string($p);
- $_POST[$key] = html_entity_decode($p);
- }
- foreach($_GET as $key => $g)
- {
- $_GET[$key] = mysql_real_escape_string($g);
- }
- foreach($_COOKIE as $key => $s)
- {
- $COOKIE[$key] = mysql_real_escape_string($s);
- }
- foreach($_REQUEST as $key => $k)
- {
- $_REQUEST[$key] = mysql_real_escape_string($k);
- }
- }
- if(isset($_GET)){
- foreach($_GET as $key => $f)
- {
- $_GET[$key] = strip_tags(mysql_real_escape_string(htmlentities($f)));
- }
- }
- // #########################################################################
- // FUNÇÕES ADICIONAIS NOVAS
- // #########################################################################
- function IsOnline($id){
- if($server == '1') {
- $num = mysql_num_rows(mysql_query("SELECT * FROM user_online WHERE userid = '".$id."'"));
- if($num > 0){
- return true;
- } else {
- return false;
- }
- }else {
- $data = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id = '".$id."' LIMIT 1"));
- if($data['online'] == '1') {
- return true;
- }
- else {
- return false;
- }
- }
- }
- // #########################################################################
- // ENCRIPTAÇÃO DE SENHA
- // #########################################################################
- function HoloHash($password){
- $hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
- $string = sha1($password.($hash_secret));
- return $string;
- }
- function HoloHashMD5($password){
- $hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
- $string = md5($password.($hash_secret));
- return $string;
- }
- function tirartags($palavra){
- $palavra = str_replace('innerHTML', '', $palavra);
- $palavra = str_replace('alert(', '', $palavra);
- $palavra = str_replace('documentElement', '', $palavra);
- return $palavra;
- }
- // #########################################################################
- // USUÁRIOS BANIDOS
- // #########################################################################
- if(empty($_SESSION['username']) && @$_COOKIE['remember'] == 'remember'){
- $cname = FilterText($_COOKIE['rusername']);
- $cpass_hash = $_COOKIE['rpassword'];
- $csql = mysql_query("SELECT password,id FROM users WHERE username = '".$cname."' LIMIT 1") or die(mysql_error());
- $cnum = mysql_num_rows($csql);
- if($cnum < 1){
- setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- } else {
- $crow = mysql_fetch_assoc($csql);
- $correct_pass = $crow['password'];
- if($cpass_hash == $correct_pass){
- $_SESSION['username'] = $cname;
- $_SESSION['password'] = $crow['password'];
- $sql3 = mysql_query("UPDATE users SET ip_last = '".$remote_ip."' WHERE username = '".$cname."'");
- header("location: me"); exit;
- } else {
- setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- }
- }
- }
- // #########################################################################
- // IS-EVEN FUNKTION
- // #########################################################################
- function IsEven($intNumber)
- {
- if($intNumber % 2 == 0){
- return true;
- } else {
- return false;
- }
- }
- // #########################################################################
- // SMILES EM BBCODE
- // #########################################################################
- function SearchMotto($mision){
- $mision = str_replace("¡", "¡", $mision);
- }
- function bbcode_format($str){
- $str = str_replace(":)", " <img src='./web-gallery/smilies/smile.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
- $str = str_replace(";)", " <img src='./web-gallery/smilies/wink.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
- $str = str_replace(":P", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
- $str = str_replace(";P", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
- $str = str_replace(":p", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
- $str = str_replace(";p", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
- $str = str_replace("(L)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
- $str = str_replace("(l)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
- $str = str_replace(":o", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
- $str = str_replace(":O", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
- $str = str_replace("\n", chr(10), $str);
- $simple_search = array(
- '/\[b\](.*?)\[\/b\]/is',
- '/\[i\](.*?)\[\/i\]/is',
- '/\[u\](.*?)\[\/u\]/is',
- '/\[s\](.*?)\[\/s\]/is',
- '/\[quote\](.*?)\[\/quote\]/is',
- '/\[link\=(.*?)\](.*?)\[\/link\]/is',
- '/\[url\=(.*?)\](.*?)\[\/url\]/is',
- '/\[color\=(.*?)\](.*?)\[\/color\]/is',
- '/\[size=small\](.*?)\[\/size\]/is',
- '/\[size=large\](.*?)\[\/size\]/is',
- '/\[code\](.*?)\[\/code\]/is',
- '/\[Habbo\=(.*?)\](.*?)\[\/Habbo\]/is',
- '/\[room\=(.*?)\](.*?)\[\/room\]/is',
- '/\[group\=(.*?)\](.*?)\[\/group\]/is'
- );
- $simple_replace = array(
- '<strong>$1</strong>',
- '<em>$1</em>',
- '<u>$1</u>',
- '<s>$1</s>',
- "<div class='bbcode-quote'>$1</div>",
- "<a href='$1'>$2</a>",
- "<a href='$1'>$2</a>",
- "<font color='$1'>$2</font>",
- "<font size='1'>$1</font>",
- "<font size='3'>$1</font>",
- '<pre>$1</pre>',
- "<a href='./user_profile.php?id=$1'>$2</a>",
- "<a onclick=\"roomForward(this, '$1', 'private'); return false;\" target=\"client\" href=\"./client.php?forwardId=2&roomId=$1\">$2</a>",
- "<a href='./group_profile.php?id=$1'>$2</a>"
- );
- $str = preg_replace ($simple_search, $simple_replace, $str);
- return $str;
- }
- // #########################################################################
- // SSO TICKET PARA BUTERFLYEMULADOR / BUTTERSTORM
- // #########################################################################
- function GenerateTicket(){
- $data = "ST-";
- for ($i=1; $i<=6; $i++){
- $data = $data . rand(0,9);
- }
- $data = $data . "-";
- for ($i=1; $i<=20; $i++){
- $data = $data . rand(0,9);
- }
- $data = $data . "";
- $data = $data . rand(0,5);
- return $data;
- }
- // #########################################################################
- if(!empty($_SESSION['username'])){
- $rawname = $_SESSION['username'];
- $rawpass = $_SESSION['password'];
- $usersql = mysql_query("SELECT * FROM users WHERE username = '".$rawname."' AND password = '".$rawpass."' LIMIT 1");
- $myrow = mysql_fetch_assoc($usersql);
- $password_correct = mysql_num_rows($usersql);
- $my_id = $myrow['id'];
- $user_rank = $myrow['rank'];
- $user_time = $myrow['time'];
- $ban = mysql_query("SELECT * FROM bans WHERE value = '".$myrow['username']."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1");
- $bancheck = mysql_num_rows($ban);
- if($myrow['ip_reg'] == "0"){
- mysql_query("UPDATE users SET ip_reg = '".$remote_ip."' WHERE id = '".$myrow['id']."'");
- }elseif($password_correct !== 1){
- session_destroy();
- header("location: ".$path."1");
- exit;
- }elseif($bancheck > 0){
- $bandata = mysql_fetch_assoc($ban);
- $timestamp = time();
- if($bandata['expire'] > $timestamp){
- $login_error = "Du bist gebannt! Der Grund für deinen Bann lautet \"".$bandata['reason']."\" und dauert bis ".date('d.m.Y - H:i:s', $bandata['expire'])."";
- include('logout.php');
- session_destroy(); exit;
- } else{
- mysql_query("DELETE FROM bans WHERE value = '".$name."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1"); }
- }
- $logged_in = true;
- $name = HoloText($myrow['username']);
- } else {
- $user_rank = 0;
- $name = "No-Name";
- $my_id = "No-ID";
- $myticket = "ST-No-Name-Habbore-fe";
- $logged_in = false;
- }
- // #########################################################################
- // HC CHECK
- // #########################################################################
- $hc_a = mysql_query("SELECT * FROM user_subscriptions WHERE user_id = '".$my_id."' and timestamp_expire > '".time()."'");
- $hc = mysql_num_rows($hc_a);
- function getHCDays($my_id){
- $sql = mysql_query("SELECT timestamp_activated,timestamp_expire FROM user_subscriptions WHERE user_id = '".$my_id."' LIMIT 1") or die(mysql_error());
- if (mysql_num_rows($sql) == 0){
- return 0;
- }
- $data = mysql_fetch_assoc($sql);
- $diff = $data['timestamp_expire'] - time();
- if ($diff <= 0){
- return 0;
- }
- return ceil($diff / 86400);
- }
- // #########################################################################
- // MANUTENÇÃO
- // #########################################################################
- if($user_rank > 8){
- if(session_is_registered(hkusername) && session_is_registered(hkpassword)){
- $rank['iAdmin'] = "1";
- } else {
- $rank['iAdmin'] = "0";
- }
- } else {
- $rank['iAdmin'] = "0";
- }
- if($maintenance == '1' && !$is_maintenance && $rank['iAdmin'] < 1){
- header("Location: ".$path."/maintenance");
- exit;
- } elseif($rank['iAdmin'] == 1 && $config['variable'] == "cms_maintenance" && $config['value'] == '1'){
- $notify_maintenance = true;
- }
- // #########################################################################
- function GetUserBadge($strName){ // supports user IDs also/ supports user IDs also/ supports user IDs also
- if(is_numeric($strName)){
- $check = mysql_query("SELECT id FROM users WHERE id = '".$strName."' AND badge_status = '1' LIMIT 1") or die(mysql_error());
- } else {
- $check = mysql_query("SELECT id FROM users WHERE username = '".FilterText($strName)."' AND badge_status = '1' LIMIT 1") or die(mysql_error());
- }
- $exists = mysql_num_rows($check);
- if($exists > 0){
- $usrrow = mysql_fetch_assoc($check);
- $check = mysql_query("SELECT * FROM user_badges WHERE user_id = '".$usrrow['id']."' AND badge_slot = '1' LIMIT 1") or die(mysql_error());
- $hasbadge = mysql_num_rows($check);
- if($hasbadge > 0){
- $badgerow = mysql_fetch_assoc($check);
- return $badgerow['badge_id'];
- } else {
- return false;
- }
- } else {
- return false;
- }
- }
- function GetUserGroup($my_id){
- $check = mysql_query("SELECT id_group FROM group_members WHERE id_user = '".$my_id."' AND is_current = '1' LIMIT 1") or die(mysql_error());
- $has_fave = mysql_num_rows($check);
- if($has_fave > 0){
- $row = mysql_fetch_assoc($check);
- $groupid = $row['id_group'];
- return $groupid;
- } else {
- return false;
- }
- }
- function GetUserGroupBadge($my_id){
- $check = mysql_query("SELECT id_group FROM group_members WHERE id_user = '".$my_id."' AND is_current = '1' LIMIT 1") or die(mysql_error());
- $has_badge = mysql_num_rows($check);
- if($has_badge > 0){
- $row = mysql_fetch_assoc($check);
- $groupid = $row['id_group'];
- $check = mysql_query("SELECT badge FROM group_details WHERE id = '".$groupid."' LIMIT 1") or die(mysql_error());
- $row = mysql_fetch_assoc($check);
- $badge = $row['badge'];
- return $badge;
- } else {
- return false;
- }
- }
- function IsUserBanned($name){
- $check = mysql_query("SELECT * FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip'") or die(mysql_error());
- $is_banned = mysql_num_rows($check);
- if($is_banned > 0){
- $bandata = mysql_fetch_assoc($check);
- $reason = $bandata['reason'];
- $expire = $bandata['expire'];
- $stamp_now = time();
- if($stamp_now < $bandata['expire']){
- return true;
- } else { // ban expired
- mysql_query("DELETE FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1") or die(mysql_error());
- return false;
- }
- } else {
- return false;
- }
- }
- // #########################################################################
- function mysql_evaluate($query, $default_value="undefined") {
- $result = mysql_query($query) or die(mysql_error());
- if(mysql_num_rows($result) < 1){
- return $default_value;
- } else {
- return mysql_result($result, 0);
- }
- }
- // #########################################################################
- function FilterText($str, $advanced=false) {
- if($advanced == true){ return mysql_real_escape_string($str); }
- $str = mysql_real_escape_string(htmlspecialchars($str));
- return $str;
- }
- function HoloText($str, $advanced=false, $bbcode=false) {
- if($advanced == true){ return stripslashes($str); }
- $str = nl2br(htmlspecialchars($str));
- if($bbcode == true){$str = bbcode_format($str); }
- return $str;
- }
- // #########################################################################
- // BLOQUEI DE PAISES ADSENSE
- // #########################################################################
- $_SERVER['REMOTE_ADDR'] = @$_SERVER["HTTP_CF_CONNECTING_IP"] ? @$_SERVER["HTTP_CF_CONNECTING_IP"] : $_SERVER["REMOTE_ADDR"];
- $paises = array("BR", "PT");
- $ips = array("208.115.227.212");
- if(!in_array($_SERVER["HTTP_CF_IPCOUNTRY"],$paises))
- {
- if(stristr($_SERVER['HTTP_USER_AGENT'], 'Googlebot')){ $cancel_disable = "true"; }
- if(strstr(strtolower($_SERVER['HTTP_USER_AGENT']), "google")){ $cancel_disable = "true"; }
- if(stristr($_SERVER['HTTP_USER_AGENT'], 'AdsBot-Google')){ $cancel_disable = "true"; }
- if(stristr($_SERVER['HTTP_USER_AGENT'], 'Mediapartners-Google')){ $cancel_disable = "true"; }
- if(stristr($_SERVER['HTTP_USER_AGENT'], 'Swiftbot')){ $cancel_disable = "true"; }
- if(in_array($_SERVER['REMOTE_ADDR'],$ips)){ $cancel_disable = "true"; }
- if(in_array($_SERVER['REMOTE_ADDR'] == '74.86.158.106')){ $cancel_disable = "true"; }
- if(in_array($_SERVER['REMOTE_ADDR'] == '74.86.158.107')){ $cancel_disable = "true"; }
- if(in_array($_SERVER['REMOTE_ADDR'] == '74.86.158.108')){ $cancel_disable = "true"; }
- if(in_array($_SERVER['REMOTE_ADDR'] == '46.137.190.132')){ $cancel_disable = "true"; }
- if(in_array($_SERVER['REMOTE_ADDR'] == '122.248.234.23')){ $cancel_disable = "true"; }
- if($cancel_disable != "true")
- {
- header("Status: 404 Not Found");
- header('HTTP/1.0 404 Not Found');
- echo "<h1>404 Not Found</h1>";
- echo "The page that you have requested could not be found.";
- exit();
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement