<title>ProSap Hotel - Client</title><?php// Checken of er geen hacker actief

1. <title>ProSap Hotel - Client</title>
2. <?php
3. // Checken of er geen hacker actief is
4.  
5. //include('./keiz/vpncheck.php');
6.  
7.  
8. //$ip = $_SERVER['REMOTE_ADDR'] = isset($_SERVER["HTTP_CF_CONNECTING_IP"]) ? $_SERVER["HTTP_CF_CONNECTING_IP"] : $_SERVER["REMOTE_ADDR"];
9. //$isProxy = file_get_contents("http://www.shroomery.org/ythan/proxycheck.php?ip=" . $ip) != "N";
10.  
11. //if($isProxy)
12. //{
13. //header('Location: ./antivpn');
14. //exit;
15. //}
16.  
17.  
18. mysql_query("UPDATE users SET visitorip = '".$_SERVER["HTTP_CF_CONNECTING_IP"]."' WHERE id = '".$_SESSION['user']['id']."' LIMIT 1");
19. $query = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id = '".$_SESSION['user']['id']."' AND clientpass = '1' "));
20. $query1 = mysql_query("SELECT * FROM users WHERE id = '".$query['id']."' LIMIT 1");
21. while($row = mysql_fetch_assoc($query1)) {
22. $iplast = $row["visitorip"];
23. $ipregi = $row["meubel"];
24. }
25. if ($iplast == $ipregi)
26. {
27.  
28. if ($user->rank > 1)
29. {
30. $ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
31. $tQuery = DB::Query("SELECT * FROM `users` WHERE meubel = '".$ip."'");
32. $lol = DB::Fetch($tQuery);
33.  
34.  
35. $toengang = $lol['ip'];
36.  
37.  
38. if (!$toengang == $ip)
39. {
40. die('geen toegang');
41.  
42. }
43.  
44.  
45. }
46.  
47. // Klaar met checken
48. ?>
49. <?php
50. include'filter.php';
51. $query = mysql_query('SELECT * FROM users WHERE activity_points > 1000 ORDER BY activity_points');
52. while($fetch = mysql_fetch_assoc($query))
53. {
54. mysql_query("UPDATE users SET activity_points = '1000' WHERE username = '".$fetch['username']."'");
55. }
56. $habboSWF = "prosapje920.swf";
57. // hoi vul hier in hoe je de habbo.swf hebt genoemd xxxx keiz
58.  
59. // Backup onderhoud page \/
60. //if(!isset($_GET['hoi'])) { echo "Over een uurtje weer online ( 15:30 )"; exit; }
61.  
62.  
63. if(!isset($_SESSION['user']['id']))
64. {
65. header('Location: /index');
66. }
67. mysql_query("INSERT INTO `user_subscriptions` (`user_id`, `subscription_id`, `timestamp_activated`, `timestamp_expire`) VALUES ('".$_SESSION['user']['id']."', 'club_habbo', 1345225264, 1645225264)");
68. mysql_query("UPDATE users SET home_room = '0' WHERE id = '".$_SESSION['user']['id']."'");
69. mysql_query("UPDATE users SET visitorip = '".$_SERVER["HTTP_CF_CONNECTING_IP"]."' WHERE id = '".$_SESSION['user']['id']."' LIMIT 1");
70. $userid = mysql_real_escape_string($_SESSION['user']['id']);
71. $user = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id`='".$userid."' LIMIT 1")) or die(mysql_error());
72.  
73.  
74. if(isset($_SERVER["HTTP_CF_CONNECTING_IP"])) {
75. if (!filter_var($_SERVER["HTTP_CF_CONNECTING_IP"], FILTER_VALIDATE_IP)) {
76. header("location: http://prosap-hotel.nl/nohack");
77. die('Hacker alert! L33T');
78. }
79. }
80.  
81. function isBanned()
82. {
83. if(mysql_num_rows(mysql_query("SELECT * FROM bans WHERE value = '".$user['username']."' OR value = '".$_SERVER["HTTP_CF_CONNECTING_IP"]."' AND expire >= '".time()."' LIMIT 1")) > 0)
84. {
85. return true;
86. }
87. return false;
88. }
89.  
90. if(isBanned())
91. {
92. header("location: http://prosap-hotel.nl/banned");
93. }
94.  
95. function isMachineBanned()
96. {
97. if(mysql_num_rows(mysql_query("SELECT * FROM bans_m WHERE value = '".$_SESSION['user']['username']."' LIMIT 1")) > 0)
98. {
99. return true;
100. }
101. return false;
102. }
103.  
104. if(isMachineBanned())
105. {
106. header("location: mban");
107. }
108. function isIPMachineBanned()
109. {
110. if(mysql_num_rows(mysql_query("SELECT * FROM bans_m WHERE value = '".$_SERVER['REMOTE_ADDR']."' LIMIT 1")) > 0)
111. {
112. return true;
113. }
114. return false;
115. }
116.  
117. if(isIPMachineBanned())
118. {
119. header("location: mban");
120. }
121.  
122. if($user['rank'] >= 3)
123.  
124. {
125.  
126. $allowedsha = sha1($_SESSION['user']['username'] . $user['mail']);
127. if($allowedsha != $user['allowed-rank'])
128. {
129. mysql_query("UPDATE users SET rank = 1 WHERE username = '".$_SESSION['user']['username']."'");
130. mysql_query("INSERT INTO bans (id,bantype,value,reason,expire,added_by,added_date,appeal_state) VALUES (NULL,'user','".$_SESSION['user']['username']."','Hacken','1755421624','System','" . date('d/m/Y H:i') . "','1')");
131. header('Location: http://prosap-hotel.nl/nohack');
132. }
133. }
134.  
135. function MUS($command, $data = '')
136. {
137. $MUSdata = $command . chr(1) . $data;
138. $socket = @socket_create(AF_INET, SOCK_STREAM, getprotobyname('tcp'));
139. @socket_connect($socket, "51.255.80.215", "3001");
140. @socket_send($socket, $MUSdata, strlen($MUSdata), MSG_DONTROUTE);
141. @socket_close($socket);
142. }
143.  
144. $query = mysql_query('SELECT * FROM users WHERE rank <= 4 AND crystals >= 15000 ORDER BY crystals DESC LIMIT 1');
145. while($fetch = mysql_fetch_assoc($query))
146. {
147. mysql_query("UPDATE users SET crystals = '0' WHERE username = '".$fetch['username']."'");
148. mysql_query("INSERT INTO bans (id,bantype,value,reason,expire,added_by,added_date,appeal_state) VALUES (NULL,'user','".$fetch['username']."','Packetloggen','1755421624','System Packetlogging','" . date('d/m/Y H:i') . "','1')");
149. MUS("reloadbans");
150. MUS('disconnect', ''.$fetch['username'].'');
151. }
152.  
153.  
154.  
155.  
156. //
157. //Is die IPV4 wel valid // Stop Header injection
158. //
159.  
160. if(isset($_SERVER["HTTP_CF_CONNECTING_IP"]))
161. {
162. if (!filter_var($_SERVER["HTTP_CF_CONNECTING_IP"], FILTER_VALIDATE_IP))
163. {
164. header("location: http://prosap-hotel.nl/nohack");
165. die('Hacker alert!');
166. }
167. }
168. ?>
169.  
170. <head>
171. <script type="text/javascript">var habboName="{username}";var habboReqPath="{url}";var habboStaticFilePath="http://images-eussl.habbo.com/habboweb/{web_build}/web-gallery";var habboImagerUrl="http://images-eussl.habbo.com/habbo-imaging/";var habboPartner="";var habboDefaultClientPopupUrl="{url}/client";if(typeof HabboClient!="undefined"){HabboClient.windowName="ClientWndw"}</script>
172. </script>
173. <link rel="alternate" type="application/rss+xml" title="ProSapHotel - Client" href="http://www.habbo.nl/articles/rss.xml" />
174.  
175. <script src="app/tpl/skins/{skin}/client/libs2.js" type="text/javascript"></script>
176. <script src="app/tpl/skins/{skin}/client/visual.js" type="text/javascript"></script>
177. <script src="app/tpl/skins/{skin}/client/libs.js" type="text/javascript"></script>
178. <script src="app/tpl/skins/{skin}/client/common.js" type="text/javascript"></script>
179. <script src="http://serv01.prosap-hotel.nl/client/websockets/js/keiz.js" type="text/javascript"></script>
180. <script src="http://serv01.prosap-hotel.nl/client/websockets/js/inc.php?k=<?php echo $_SESSION['user']['id']; ?>֎{sso}&username={username}" type="text/javascript"></script>
181.  
182.  
183. <link rel="stylesheet" href="app/tpl/skins/{skin}/client/web-gallery/static/styles/common.css" type="text/css" />
184. <link rel="stylesheet" href="http://serv01.prosap-hotel.nl/client/websockets/css/style.css?{sso}" type="text/css" />
185. <link rel="stylesheet" href="app/tpl/skins/{skin}/client/web-gallery/static/styles/habboflashclient.css" type="text/css" />
186. <noscript>
187. <meta http-equiv="refresh" content="0;url=/client/nojs" />
188. </noscript>
189. <link rel="stylesheet" href="app/tpl/skins/{skin}/client/client.css" type="text/css" />
190. <script src="app/tpl/skins/{skin}/client/habboflashclient.js?kz" type="text/javascript"></script>
191. <body oncontextmenu="return false" onselectstart="return false;" ondragstart="return false;" oncopy="return false" oncut="return false" id="client" class="flashclient">
192.  
193.  
194. <script type="text/javascript">FlashExternalInterface.loginLogEnabled=false;FlashExternalInterface.logLoginStep("web.view.start");if(top==self){FlashHabboClient.cacheCheck()}var flashvars={
195. "client.allow.cross.domain": "1",
196. "client.notify.cross.domain": "1",
197. "connection.info.host": "eu.attackprotect.eu",
198. "connection.info.port": "1000",
199. "site.url": "{url}",
200. "url.prefix": "{url}",
201. "client.reload.url": "http://prosap-hotel.nl/client",
202. "client.fatal.error.url": "http://prosap-hotel.nl/client",
203. "client.connection.failed.url": "http://prosap-hotel.nl/client",
204. "hotelview.banner.url": "http://serv01.prosap-hotel.nl/SWF/gordon/R63B12/banner.png",
205. "external.variables.txt": "http://serv01.prosap-hotel.nl/SWF/gamedata/external_variables/vars001.txt?<?php echo time();?>",
206. "external.texts.txt": "http://serv01.prosap-hotel.nl/SWF/gamedata/external_texts/texts3.txt?=1",
207. "productdata.load.url": "http://serv01.prosap-hotel.nl/SWF/gamedata/productdata/2.html",
208. "furnidata.load.url": "http://serv01.prosap-hotel.nl/SWF/gamedata/furnidata/10005.html?=167",
209. "use.sso.ticket": "1",
210. "sso.ticket": "{sso}",
211. "processlog.enabled": "0",
212. account_id: "1",
213. "client.starting": "Please wait! {hotelName} is starting up",
214. "flash.client.url": "http://serv01.prosap-hotel.nl/SWF/gordon/R63B12/",
215. "user.hash": "31385693ae558a03d28fc720be6b41cb1ccfec02",
216. "has.identity": "0",
217. "flash.client.origin": "popup",
218. token: "{sso}",
219. "logout.disconnect.url": "http://prosap-hotel.nl/client",
220. "logout.url": "http://prosap-hotel.nl/logout"
221. };
222. var params = {
223. base: "http://serv01.prosap-hotel.nl/SWF/gordon/R63B12/",
224. allowScriptAccess: "always",
225. menu: "false",
226. wmode: "opaque"
227. };
228. if (!(HabbletLoader.needsFlashKbWorkaround())) {
229. params.wmode = "opaque"
230. }
231. var clientUrl = "http://serv01.prosap-hotel.nl/SWF/gordon/R63B12/<?php echo $habboSWF; ?>";
232. swfobject.embedSWF(clientUrl, "flash-container", "100%", "100%", "10.0.0", "http://images-eussl.habbo.com/habboweb/{web_build}/web-gallery/flash/expressInstall.swf", flashvars, params);
233. window.onbeforeunload = unloading;
234.  
235. function unloading() {
236. var a;
237. if (navigator.appName.indexOf("Microsoft") != -1) {
238. a = window["flash-container"]
239. } else {
240. a = document["flash-container"]
241. }
242. try {
243. a.unloading()
244. } catch (b) {}
245. } </script><style media="screen" type="text/css
246. ">#flash-container{visibility:hidden}html{height:100%}body{height:100%}#flash-container{margin:0;width:100%;height:100%}</style>
247.  
248. <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/jquery.min.js" type="text/javascript"></script>
249. <script src="https://code.jquery.com/ui/1.12.0-rc.2/jquery-ui.js" type="text/javascript"></script>
250. <script>jQuery(document).ready(function(){setTimeout(function(){jQuery("div.ads").fadeOut(10000,function(){jQuery("div.ads").remove()})},10000)});</script>
251. <script type="text/javascript">/*<![CDATA[*/function toggleFullScreen(){if((document.fullScreenElement&&document.fullScreenElement!==null)||(!document.mozFullScreen&&!document.webkitIsFullScreen)){if(document.documentElement.requestFullScreen){document.documentElement.requestFullScreen()}else{if(document.documentElement.mozRequestFullScreen){document.documentElement.mozRequestFullScreen()}else{if(document.documentElement.webkitRequestFullScreen){document.documentElement.webkitRequestFullScreen(Element.ALLOW_KEYBOARD_INPUT)}}}}else{if(document.cancelFullScreen){document.cancelFullScreen()}else{if(document.mozCancelFullScreen){document.mozCancelFullScreen()}else{if(document.webkitCancelFullScreen){document.webkitCancelFullScreen()}}}}}/*]]>*/</script>
252. <style>#client_div{width:100%}#top_bar{height:26px;width:100%;background-image:url(http://serv01.prosap-hotel.nl/SWF/website/images/navbgblue.png)}#top_bar>#tekst{color:#FFF;text-shadow:0 -1px rgba(0,0,0,1);cursor:pointer;padding:6px;font-family:verdana;font-size:12px}#top_bar>#tekst>b{padding:7px;margin-left:10px}#top_bar>#tekst>b:hover{background-color:#000}#top_bar>#tekst>b>a{text-decoration:none;color:#fff}</style>
253. <script type="text/javascript">function newPopup(a){popupWindow=window.open(a,"popUpWindow","height=700,width=1000,left=10,top=10,resizable=yes,scrollbars=yes,toolbar=yes,menubar=no,location=no,directories=no,status=yes")}</script>
254.  
255. </head>
256.  
257. <div id="outside_client" style="height:100%;border:none;margin:0px;">
258. <div id="client_div" style="height:100%;border:none;margin:0px;">
259.  
260. <div class="ads" style="background-image:url('http://prosap-hotel.nl/addspot_728x90.gif');position:relative;padding-top:21px;margin-left:13%;height:115px;width:740px;background-repeat:none;z-index:398000;position:absolute;left:12%;overflow:hidden">
261. <br>
262. <center>
263. <script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
264.  
265. <ins class="adsbygoogle"
266. style="display:inline-block;width:728px;height:90px"
267. data-ad-client="ca-pub-4130564855266670"
268. data-ad-slot="7588111343"></ins>
269. <script>
270. (adsbygoogle = window.adsbygoogle || []).push({});
271. </script>
272. </center>
273. </div>
274.  
275. <div id="flash-container"></div>
276. </div>
277. </div>
278.  
279. <script src="http://www.featureblend.com/flash_detect_1-0-4/flash_detect.js" type="text/javascript"></script>
280.  
281. <script type="text/javascript">if(!FlashDetect.installed){var newLocation="clientnoflash";window.location=newLocation};</script>
282. </div>
283. <?php
284. }
285. else
286. {
287. header('Refresh: 0; url=hack');
288. }
289. ?>