API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 9th, 2018
124
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.71 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. require_once('./data_classes/server-data.php_data_classes-core.php.php');
  4. require_once('./data_classes/server-data.php_data_classes-session.php.php');
  5.  
  6. if($$user_sql)
  7. {
  8.  
  9. echo "Angriff abgeblockt";
  10.  
  11. }
  12.  
  13.  
  14.  
  15. if(isset($_GET['web-home-tag']) || isset($_GET['web-home-name']) || isset($_POST['web-home-name'])){
  16. if(isset($_GET['web-home-tag'])){
  17. $searchname = FilterText($_GET['web-home-tag']);
  18. } else if(isset($_GET['web-home-name'])){
  19. $searchname = FilterText($_GET['web-home-name']);
  20. } else if(isset($_POST['web-home-name'])){
  21. $searchname = FilterText($_POST['web-home-sname']);
  22. } else {
  23. $error = true;
  24. }
  25.  
  26. $user_sql = mysql_query("SELECT * FROM users WHERE username = '".$searchname."' LIMIT 1") or die(mysql_error());
  27. $user_exists = mysql_num_rows($user_sql);
  28.  
  29. if($user_exists == "1"){
  30. $error = false;
  31. $user_row = mysql_fetch_assoc($user_sql);
  32.  
  33. $pagename = "$shortname Home: ".$user_row['username']."";
  34.  
  35. } else { $error = true; }
  36.  
  37. } else if(isset($_GET['tagid']) || isset($_GET['id']) || isset($_POST['id'])){
  38. if(isset($_GET['tagid'])){
  39. $searchid = FilterText($_GET['tagid']);
  40. } else if(isset($_GET['id'])){
  41. $searchid = FilterText($_GET['id']);
  42. } else if(isset($_POST['id'])){
  43. $searchid = FilterText($_POST['id']);
  44. } else {
  45. $error = true;
  46. }
  47.  
  48. $user_sql = mysql_query("SELECT * FROM users WHERE id = '".$searchid."' LIMIT 1") or die(mysql_error());
  49. $user_exists = mysql_num_rows($user_sql);
  50.  
  51. if($user_exists == "1"){
  52. $error = false;
  53. $user_row = mysql_fetch_assoc($user_sql);
  54. $pagename = "Home - ".$user_row['username']."";
  55. } else {
  56. $error = true;
  57. }
  58.  
  59. } else { $error = true; }
  60.  
  61. if(isset($_GET['do']) && FilterText($_GET['do']) == "edit" && $logged_in){
  62. if($user_row['username'] == $name){
  63. $edit_mode = true;
  64. }else{
  65. header("location:home?do=bounce&name=".$user_row['username'].""); exit;
  66. $edit_mode = false;
  67. }
  68.  
  69. } else { $edit_mode = false; }
  70.  
  71. if(!$error && !IsUserBanned($user_row['username'])){
  72. $body_id = "viewmode";
  73. if($edit_mode){
  74. $body_id = "editmode";
  75. }
  76.  
  77. } else { $body_id = "home"; }
  78.  
  79. if($searchname == $rawname && $logged_in){
  80. $pageid = "myprofile";
  81. } else {
  82. $pageid = "profile";
  83. }
  84.  
  85. $bg_fetch = mysql_query("SELECT data FROM homes_stickers WHERE type = '4' AND userid = '".$user_row['id']."' AND groupid = '-1' LIMIT 1");
  86. $bg_exists = mysql_num_rows($bg_fetch);
  87.  
  88. if($bg_exists < 1){ // if there's no background override for this user set it to the standard
  89. $bg = "b_bg_pattern_abstract2";
  90. } else {
  91. $bg = mysql_fetch_array($bg_fetch);
  92. $bg = "b_" . $bg[0];
  93. }
  94.  
  95. if($searchname !== $name){
  96. mysql_query("INSERT INTO logs_visitedhomes (id_user,id_target,timestamp) VALUES ('".$my_id."','".$user_row['id']."','".time()."')");
  97. }
  98.  
  99. $defaultskin_check = mysql_query("SELECT * FROM homes_stickers WHERE userid = '".$user_row['id']."' AND type = '2' AND subtype = '1'");
  100. if(mysql_num_rows($defaultskin_check) < 1){
  101. mysql_query("INSERT INTO homes_stickers (userid,type,data,subtype,x,y,z,skin) VALUES ('".$user_row['id']."','2','0','1','w','25','5','defaultskin')") or die(mysql_error());
  102. }
  103.  
  104. mysql_fetch_assoc($get_friends = mysql_query("SELECT * FROM messenger_friendships WHERE user_two_id = '".$my_id."' and user_one_id = '".$user_row['id']."' or user_one_id = '".$my_id."' and user_two_id = '".$user_row['id']."'"));
  105. $friend = mysql_fetch_assoc($get_friends);
  106.  
  107. if(!$error){
  108. if($user_row['visibility'] == "NOBODY" && $user_row['username'] == $name or $user_row['visibility'] == "FRIENDS" && $friend['user_two_id'] == $my_id or $user_row['visibility'] == "FRIENDS" && $friend['user_one_id'] == $my_id or $user_row['visibility'] == "EVERYONE" or $myrow['rank'] > 6){;
  109. }
  110. ?>
  111. <!DOCTYPE html>
  112. <html>
  113. <body>
  114. <?php include 'inc/head.php' ?>
  115. <?php
  116.  
  117. $idd = mysql_real_escape_string($_GET['idd']);
  118. $get = mysql_query("SELECT * FROM users WHERE username = '".$searchname."' LIMIT 1") or die(mysql_error());
  119. if(mysql_num_rows($get) == 1)
  120. {
  121. $usr = mysql_fetch_object($get);
  122. }else
  123. {
  124. $exits = '0';
  125. }
  126. ?>
  127. <title><?php echo $sitename; ?> : <?php echo mysql_real_escape_string($usr->username); ?></title>
  128. <div class="container" >
  129. <div class="row">
  130. <?php if($exits == '0')
  131. {
  132. echo ' <div class="col-xs-12">
  133. <div class="alert alert-danger" role="alert">Oh, Gott! Dieser Account existiert nicht!</div>
  134. </div>';
  135. }else{
  136. ?>
  137. <div class="row">
  138. <div class="col-xs-4">
  139. <div class="panel panel-default">
  140. <div class="panel-heading"><h5>Dies ist das Profil von <?php echo mysql_real_escape_string($usr->username); ?>!</h5></div>
  141.  
  142. <div class="panel-body">
  143. <img title="<?php echo mysql_real_escape_string($usr->username); ?>" src="http://www.habbo.nl/habbo-imaging/avatarimage?hb=img&figure=<?php echo mysql_real_escape_string($usr->look); ?>&direction=3&head_direction=3&size=m">
  144. <div style="margin-top:-98px;margin-left:80px;">
  145.  
  146. <b>Motto:</b> <?php echo mysql_real_escape_string($usr->motto); ?><br />
  147. <b>Taler:</b> <?php echo number_format($usr->credits, 0, ',', '.'); ?><br />
  148. <b>Diamanten:</b> <?php echo number_format($usr->vip_points, 0, ',', '.'); ?><br />
  149. <b>Pixels:</b> <?php echo number_format($usr->activity_points, 0, ',', '.'); ?><br />
  150. <b>Erstellt am:</b> <?php echo date("d-m-Y",mysql_real_escape_string($usr->account_created)); ?><br />
  151. <b>Zuletzt online:</b> <?php echo date("d-m-Y",mysql_real_escape_string($usr->last_online)); ?><br />
  152.  
  153. </div>
  154. </div>
  155. </div>
  156. </div>
  157.  
  158. <div class="col-xs-8">
  159. <div class="panel panel-default">
  160. <div class="panel-heading"><h5>Räume, Freunde, Badges von <?php echo mysql_real_escape_string($usr->username); ?></h5></div>
  161. <script>
  162. $('#myTabs a').click(function (e) {
  163. e.preventDefault()
  164. $(this).tab('show')
  165. $('#myTabs a[href="#credits"]').tab('show') // Select tab by name
  166.  
  167. })
  168. </script>
  169.  
  170. <div class="panel-body">
  171.  
  172. <ul class="nav nav-tabs" role="tablist">
  173. <li role="presentation" class="active"><a href="#rooms" aria-controls="rooms" role="tab" data-toggle="tab">Räume</a></li>
  174. <li role="presentation"><a href="#friends" aria-controls="friends" role="tab" data-toggle="tab">Freunde</a></li>
  175. <li role="presentation"><a href="#badges" aria-controls="badges" role="tab" data-toggle="tab">Badges</a></li>
  176.  
  177. </ul>
  178.  
  179. <!-- Tab panes -->
  180. <div class="tab-content">
  181. <div role="tabpanel" class="tab-pane fade in active" id="rooms">
  182. <table class="table table-striped">
  183.  
  184. <tbody>
  185. <?php
  186. $rooms = mysql_query("SELECT * FROM rooms WHERE owner = '".mysql_real_escape_string($usr->username)."' ORDER BY users_now");
  187. while($room = mysql_fetch_assoc($rooms)){
  188. ?>
  189. <tr>
  190. <td><i class="fa fa-comment"></i> <?php echo $room['caption'] ?></td>
  191. <td><i class="fa fa-users"></i> <?php echo $room['users_now']; ?></td>
  192. </tr>
  193. <?php } ?>
  194. </tbody>
  195. </table>
  196. </div>
  197. <div role="tabpanel" class="tab-pane fade" id="friends">
  198. <table class="table table-striped">
  199. <tbody>
  200. <?php
  201. $query = mysql_query("SELECT * FROM messenger_friendships WHERE user_one_id = '".mysql_real_escape_string($usr->id)."'");
  202. $i = 0;
  203. while($friends = mysql_fetch_array($query))
  204. {
  205. $getfriend = mysql_query("SELECT * FROM users WHERE id ='".$friends['user_two_id']."' ");
  206.  
  207. $i++;
  208.  
  209. $friend = mysql_fetch_array($getfriend);
  210. $onlinef .= '
  211. <a href="/home/'.$friend['username'].'"><img src="http://www.habbo.nl/habbo-imaging/avatarimage?hb=img&figure='.$friend['look'].'&direction=3&head_direction=3&size=m" title="'.$friend['username'].'"></a>
  212. ';
  213.  
  214. }
  215.  
  216. echo $onlinef;
  217. ?>
  218. </tbody>
  219. </table>
  220. </div>
  221. <div role="tabpanel" class="tab-pane fade" id="groups">
  222. <table class="table table-striped">
  223. <tbody>
  224. <br />
  225. <div class="alert alert-danger" role="alert">Sorry, dit komt pas als je groepen kan kopen !</div>
  226. </tbody>
  227. </table>
  228. </div>
  229. <div role="tabpanel" class="tab-pane fade" id="badges">
  230. <table class="table table-striped">
  231. <tbody>
  232. <?php
  233. $get = mysql_query("SELECT * FROM user_badges WHERE user_id = '".mysql_real_escape_string($usr->id)."' LIMIT 50");
  234. while($badges = mysql_fetch_array($get))
  235. {
  236. $badgess .= '<img title="'.$badges['badge_id'].'" src="/c_images/album1584/'.$badges['badge_id'].'.gif" >';
  237. }
  238. echo $badgess;
  239. ?>
  240. </tbody>
  241. </table>
  242. </div>
  243. </div>
  244. </div>
  245. </div>
  246. </div>
  247. <?php } } ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!