Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(0);
- $array = array("'", "union", "select", "<script>", "alert", "order", "../", "/etc/passwd", "c99", "/etc/shadow", "substr");
- foreach ($_REQUEST as $req) {
- foreach ($array as $arr) {
- if (preg_match("/".$arr."/i", $req) == true) {
- die("Haha kid,SQL Injection Protected :) und jetzt verpiss dich");
- }
- }
- }
- include('./inc/config.php');
- include('./inc/functions.php');
- $wartung = mysql_fetch_array(mysql_query("SELECT status FROM wartung"));
- if ($wartung['status'] == "0") {
- if(empty($_SESSION[$session_prefix."user"]))
- {
- $sprache = $_SERVER["HTTP_ACCEPT_LANGUAGE"];
- if ( eregi('de', $sprache) ) {
- $language = 'DE';
- include('./lang/DE.lng');
- } else {
- $language = 'EN';
- include('./lang/EN.lng'); }
- }
- else
- {
- $lang = mysql_query('SELECT * FROM users WHERE username="'.$_SESSION[$session_prefix."user"].'"');
- $lang_mfa = mysql_fetch_array($lang);
- if($lang_mfa["lng"] == 0)
- {
- $language = 'DE';
- include('./lang/DE.lng');
- }
- elseif($lang_mfa["lng"] == 1)
- {
- $language = 'EN';
- include('./lang/EN.lng');
- }
- else
- {
- $language = 'DE';
- include('./lang/DE.lng');
- }}
- $id = addslashes($_REQUEST["id"]);
- $user = addslashes($_REQUEST["username"]);
- $pass = addslashes($_REQUEST["password"]);
- $language = strtolower($language);
- if(empty($id)) $id =1;
- $file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"');
- if(mysql_num_rows($file)>0)
- $file = mysql_fetch_array($file);
- else
- $file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"'));
- if(!empty($user) AND !empty($pass))
- {$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"');
- $bann = mysql_fetch_array($query);
- if ($bann["access"] == "33")
- { $error = 'Du wurdest von '.$title.' verwiesen.<br>Begründung:<br><br><b>'.$bann["reason"].'</b><br><br>Für weitere Fragen, wende dich bitte an einen Administrator.'; } else {
- if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';}
- else {$error = 'Username oder Passwort ist falsch.';} } }
- include('./mystyle/'.$mystyle.'/head.tpl');
- include('./mystyle/'.$mystyle.'/slider.php');
- include('./mystyle/'.$mystyle.'/title_gh.php');
- include('./mystyle/'.$mystyle.'/navi.php');
- include('./mystyle/'.$mystyle.'/middle.tpl');
- if(file_exists('./pages/'.$file["file"]))
- {echo '<br>';
- include('./pages/'.$file["file"]);}
- if(!empty($error)) echo '<font color="red">'.$error.'</font>';
- include('./mystyle/'.$mystyle.'/foot.tpl');
- }
- else
- {
- // Wartungsmodus aufrufen...
- require_once("./inc/wartung.php");
- }
- ?>
Add Comment
Please, Sign In to add comment