API tools faq
paste
Guest User

Untitled

a guest
Apr 22nd, 2018
127
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.67 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. error_reporting(0);
  4. $array = array("'", "union", "select", "<script>", "alert", "order", "../", "/etc/passwd", "c99", "/etc/shadow", "substr");
  5.  
  6. foreach ($_REQUEST as $req) {
  7. foreach ($array as $arr) {
  8. if (preg_match("/".$arr."/i", $req) == true) {
  9. die("Haha kid,SQL Injection Protected :) und jetzt verpiss dich");
  10. }
  11. }
  12. }
  13.  
  14. include('./inc/config.php');
  15. include('./inc/functions.php');
  16.  
  17. $wartung = mysql_fetch_array(mysql_query("SELECT status FROM wartung"));
  18. if ($wartung['status'] == "0") {
  19.  
  20. if(empty($_SESSION[$session_prefix."user"]))
  21. {
  22. $sprache = $_SERVER["HTTP_ACCEPT_LANGUAGE"];
  23. if ( eregi('de', $sprache) ) {
  24. $language = 'DE';
  25. include('./lang/DE.lng');
  26. } else {
  27. $language = 'EN';
  28. include('./lang/EN.lng'); }
  29. }
  30. else
  31. {
  32.  
  33. $lang = mysql_query('SELECT * FROM users WHERE username="'.$_SESSION[$session_prefix."user"].'"');
  34. $lang_mfa = mysql_fetch_array($lang);
  35.  
  36. if($lang_mfa["lng"] == 0)
  37. {
  38. $language = 'DE';
  39. include('./lang/DE.lng');
  40. }
  41.  
  42. elseif($lang_mfa["lng"] == 1)
  43. {
  44. $language = 'EN';
  45. include('./lang/EN.lng');
  46. }
  47.  
  48. else
  49. {
  50. $language = 'DE';
  51. include('./lang/DE.lng');
  52. }}
  53.  
  54. $id = addslashes($_REQUEST["id"]);
  55. $user = addslashes($_REQUEST["username"]);
  56. $pass = addslashes($_REQUEST["password"]);
  57. $language = strtolower($language);
  58. if(empty($id)) $id =1;
  59. $file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"');
  60. if(mysql_num_rows($file)>0)
  61. $file = mysql_fetch_array($file);
  62. else
  63. $file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"'));
  64.  
  65. if(!empty($user) AND !empty($pass))
  66. {$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"');
  67. $bann = mysql_fetch_array($query);
  68. if ($bann["access"] == "33")
  69. { $error = 'Du wurdest von '.$title.' verwiesen.<br>Begr&uuml;ndung:<br><br><b>'.$bann["reason"].'</b><br><br>F&uuml;r weitere Fragen, wende dich bitte an einen Administrator.'; } else {
  70. if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';}
  71. else {$error = 'Username oder Passwort ist falsch.';} } }
  72.  
  73. include('./mystyle/'.$mystyle.'/head.tpl');
  74. include('./mystyle/'.$mystyle.'/slider.php');
  75. include('./mystyle/'.$mystyle.'/title_gh.php');
  76. include('./mystyle/'.$mystyle.'/navi.php');
  77. include('./mystyle/'.$mystyle.'/middle.tpl');
  78.  
  79. if(file_exists('./pages/'.$file["file"]))
  80. {echo '<br>';
  81. include('./pages/'.$file["file"]);}
  82. if(!empty($error)) echo '<font color="red">'.$error.'</font>';
  83.  
  84. include('./mystyle/'.$mystyle.'/foot.tpl');
  85.  
  86. }
  87. else
  88. {
  89.  
  90. // Wartungsmodus aufrufen...
  91. require_once("./inc/wartung.php");
  92.  
  93. }
  94. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!