API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 3rd, 2017
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.12 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. @date_default_timezone_set("America/Sao_Paulo");
  3. session_start();
  4.  
  5. require_once('config_starblue.php');
  6. mysql_connect("$MySQLhostname", "$MySQLusername", "$MySQLpassword") or require('/error');
  7. mysql_select_db("$MySQLdb") or require('/error');
  8. define("STARBLUE_CMS", true);
  9.  
  10. foreach($_GET as $name=>$value) {
  11. $_GET[$name] = mysql_real_escape_string($value);
  12. }
  13.  
  14. foreach($_POST as $name => $value) {
  15. $_POST[$name] = mysql_real_escape_string($value);
  16. }
  17.  
  18. function getIP(){
  19. if($_SERVER){
  20. if($_SERVER["HTTP_X_FORWARDED_FOR"]){
  21. $realip = $_SERVER["HTTP_X_FORWARDED_FOR"];
  22. }elseif ($_SERVER["HTTP_CLIENT_IP"]){
  23. $realip = $_SERVER["HTTP_CLIENT_IP"];
  24. }else{
  25. $realip = $_SERVER["REMOTE_ADDR"];
  26. }
  27. }else{
  28. if(getenv("HTTP_X_FORWARDED_FOR")){
  29. $realip = getenv("HTTP_X_FORWARDED_FOR");
  30. }elseif(getenv("HTTP_CLIENT_IP")){
  31. $realip = getenv("HTTP_CLIENT_IP");
  32. }else{
  33. $realip = getenv("REMOTE_ADDR");
  34. }
  35. }
  36. return $realip;
  37. }
  38.  
  39. $remote_ip = getIP();
  40. $adminpath = mysql_real_escape_string($path."/housekeeping");
  41.  
  42. $server = mysql_fetch_assoc($server_status = mysql_query("SELECT * FROM server_status"));
  43. $online_count = $server['users_online'];
  44.  
  45. if (isset($_POST) || isset($_GET) || isset($_REQUEST) || isset($_COOKIE)) {
  46. foreach($_POST as $key => $p) {
  47. $_POST[$key] = htmlentities($p);
  48. $_POST[$key] = mysql_real_escape_string($p);
  49. $_POST[$key] = html_entity_decode($p);
  50. }
  51.  
  52. foreach($_GET as $key => $g) {
  53. $_GET[$key] = mysql_real_escape_string($g);
  54. }
  55.  
  56. foreach($_COOKIE as $key => $s) {
  57. $COOKIE[$key] = mysql_real_escape_string($s);
  58. }
  59. foreach($_REQUEST as $key => $k) {
  60. $_REQUEST[$key] = mysql_real_escape_string($k);
  61. }
  62. }
  63.  
  64. if (isset($_GET)) {
  65. foreach($_GET as $key => $f) {
  66. $_GET[$key] = strip_tags(mysql_real_escape_string(htmlentities($f)));
  67. }
  68. }
  69.  
  70. if (session_is_registered(username)) {
  71.  
  72. $rawname = $_SESSION['username'];
  73. $rawpass = $_SESSION['password'];
  74.  
  75. $usersql = mysql_query("SELECT * FROM users WHERE username = '".$rawname."' AND password = '".$rawpass."' LIMIT 1");
  76. $myrow = mysql_fetch_assoc($usersql);
  77.  
  78. $password_correct = mysql_num_rows($usersql);
  79.  
  80. $my_id = $myrow['id'];
  81. $user_rank = $myrow['rank'];
  82. $user_time = $myrow['time'];
  83. $ban = mysql_query("SELECT * FROM bans WHERE value = '".$myrow['username']."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1");
  84. $bancheck = mysql_num_rows($ban);
  85.  
  86. if ($myrow['ip_reg'] == "0") {
  87. mysql_query("UPDATE users SET ip_reg = '".$remote_ip."' WHERE id = '".$myrow['id']."'");
  88. } elseif ($password_correct !== 1) {
  89. header("location: ".$path."/logout");
  90. } elseif ($bancheck > 0) {
  91.  
  92. $bandata = mysql_fetch_assoc($ban);
  93.  
  94. $timestamp = time();
  95. if($bandata['expire'] > $timestamp) {
  96. $login_error = "Você foi banido! Pelo motivo: \"".$bandata['reason']."\" até ".date('d.m.Y - H:i:s', $bandata['expire']).".";
  97. header("location: ".$path."/logout");
  98. } else {
  99. mysql_query("DELETE FROM bans WHERE value = '".$name."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1"); }
  100. }
  101.  
  102. $logged_in = true;
  103. $name = HoloText($myrow['username']);
  104.  
  105. $dateReceivedGift = date("d-m-Y", $myrow["receivedGiftDate"]);
  106. $dateAgo = date("d-m-Y", time());
  107. if ($dateAgo != $dateReceivedGift) {
  108. mysql_query("UPDATE users SET receivedGiftDay = '0' WHERE id = '$my_id' LIMIT 1");
  109. }
  110. } else {
  111. $user_rank = 0;
  112. $name = "No-Name";
  113. $my_id = "No-ID";
  114. $myticket = "No-Ticket";
  115. $logged_in = false;
  116. }
  117.  
  118. $maintenance = mysql_num_rows($maintenance = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_maintenance' AND value = '1'")) == "1";
  119. if ($maintenance && $myrow["rank"] < 8 && !$page_maintenance) {
  120. if (session_is_registered(username) && !$myrow["rank"] > 8) {
  121. session_destroy();
  122. }
  123. header("Location: ".$path."/maintenance");
  124. exit;
  125. }
  126.  
  127. if ($page_maintenance && !$maintenance) {
  128. header("location: /index");
  129. }
  130.  
  131. function HoloHash($password){
  132. $hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
  133. $string = sha1($password.($hash_secret));
  134. return $string;
  135. }
  136.  
  137. function HoloHashMD5($password){
  138. $hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
  139. $string = md5($password.($hash_secret));
  140. return $string;
  141. }
  142.  
  143. function getPass($pass) {
  144. return base64_encode(hash("sha256", hash("sha256", $pass) . implode(array_map("chr", array(-9, 26, -90, -34, -113, 23, 118, -88, 3, -99, 50, -72, -95, 86, -78, -87, 62, -35, 67, -99, -59, -35, -50, 86, -45, -73, -92, 5, 74, 13, 8, -80))), true));
  145. }
  146.  
  147. function calculateTime($time) {
  148. $message = NULL;
  149. $timecalc = time()-$time;
  150. $tc['minutos'] = @$timecalc/60;
  151. $tc['horas'] = @$timecalc/3600;
  152. $tc['dias'] = @$timecalc/86400;
  153. $tc['meses'] = @$timecalc/2629743.83;
  154. $tc['anos'] = @$timecalc/31556926;
  155. $plu['minutos'] = (intval($tc['minutos'])==1) ? NULL : 's';
  156. $plu['horas'] = (intval($tc['horas'])==1) ? NULL : 's';
  157. $plu['dias'] = (intval($tc['dias'])==1) ? NULL : 's';
  158. $plu['meses'] = (intval($tc['meses'])==1) ? NULL : 'es';
  159. $plu['anos'] = (intval($tc['anos'])==1) ? NULL : 's';
  160. $message = ($timecalc<60) ? 'menos de um minuto' : $message;
  161. $message = ($timecalc>60 AND $timecalc<3600) ? intval($tc['minutos']).' minuto'.$plu['minutos']." atr&aacute;s" : $message;
  162. $message = ($timecalc>3600 AND $timecalc<86400) ? intval($tc['horas']).' hora'.$plu['horas']." atr&aacute;s" : $message;
  163. $message = ($timecalc>86000 AND $timecalc<'2629743,83') ? intval($tc['dias']).' dia'.$plu['dias']." atr&aacute;s" : $message;
  164. $message = ($timecalc>'2629743,83' AND $timecalc<31556926) ? intval($tc['meses']).' mes'.$plu['meses']." atr&aacute;s" : $message;
  165. $message = ($timecalc>31556926 AND $timecalc<315569260) ? intval($tc['anos']).' ano'.$plu['anos']." atr&aacute;s" : $message;
  166. $message = ($timecalc>3155692600) ? 'mais de 10 anos' : $message;
  167. return ($time==0) ? 'Nunca' : ' '.$message;
  168. }
  169.  
  170. function FilterAccents($str, $decode) {
  171. if ($decode) {
  172. $str = utf8_decode($str);
  173. }
  174. $str = str_replace("Á", "&Aacute;",($str));
  175. $str = str_replace("á", "&aacute;",($str));
  176. $str = str_replace("Â", "&Acirc;",($str));
  177. $str = str_replace("â", "&acirc;",($str));
  178. $str = str_replace("À", "&Agrave;",($str));
  179. $str = str_replace("à", "&agrave;",($str));
  180. $str = str_replace("Å", "&Aring;",($str));
  181. $str = str_replace("å", "&aring;",($str));
  182. $str = str_replace("Ã", "&Atilde;",($str));
  183. $str = str_replace("ã", "&atilde;",($str));
  184. $str = str_replace("Ä", "&Auml;",($str));
  185. $str = str_replace("ä", "&auml;",($str));
  186. $str = str_replace("Æ", "&AElig;",($str));
  187. $str = str_replace("æ", "&aelig;",($str));
  188. $str = str_replace("É", "&Eacute;",($str));
  189. $str = str_replace("é", "&eacute;",($str));
  190. $str = str_replace("Ê", "&Ecirc;",($str));
  191. $str = str_replace("ê", "&ecirc;",($str));
  192. $str = str_replace("È", "&Egrave;",($str));
  193. $str = str_replace("è", "&egrave;",($str));
  194. $str = str_replace("Ë", "&Euml;",($str));
  195. $str = str_replace("ë", "&euml;",($str));
  196. $str = str_replace("Í", "&Iacute;",($str));
  197. $str = str_replace("í", "&iacute;",($str));
  198. $str = str_replace("Î", "&Icirc;",($str));
  199. $str = str_replace("î", "&icirc;",($str));
  200. $str = str_replace("Ì", "&Igrave;",($str));
  201. $str = str_replace("ì", "&igrave;",($str));
  202. $str = str_replace("Ï", "&Iuml;",($str));
  203. $str = str_replace("ï", "&iuml;",($str));
  204. $str = str_replace("Ó", "&Oacute;",($str));
  205. $str = str_replace("ó", "&oacute;",($str));
  206. $str = str_replace("Ô", "&Ocirc;",($str));
  207. $str = str_replace("ô", "&ocirc;",($str));
  208. $str = str_replace("Ò", "&Ograve;",($str));
  209. $str = str_replace("ò", "&ograve;",($str));
  210. $str = str_replace("Õ", "&Otilde;",($str));
  211. $str = str_replace("Ö", "&Ouml;",($str));
  212. $str = str_replace("ö", "&ouml;",($str));
  213. $str = str_replace("Ú", "&Uacute;",($str));
  214. $str = str_replace("ú", "&uacute;",($str));
  215. $str = str_replace("Û", "&Ucirc;",($str));
  216. $str = str_replace("û", "&ucirc;",($str));
  217. $str = str_replace("Ù", "&Ugrave;",($str));
  218. $str = str_replace("ù", "&ugrave;",($str));
  219. $str = str_replace("Ü", "&Uuml;",($str));
  220. $str = str_replace("ü", "&uuml;",($str));
  221. $str = str_replace("ç", "&ccedil;",($str));
  222. return $str;
  223. }
  224.  
  225. if(empty($_SESSION['username']) && @$_COOKIE['remember'] == 'remember'){
  226.  
  227. $cname = FilterText($_COOKIE['rusername']);
  228. $cpass_hash = $_COOKIE['rpassword'];
  229.  
  230. $csql = mysql_query("SELECT password, id FROM users WHERE username = '".$cname."' LIMIT 1") or die(mysql_error());
  231. $cnum = mysql_num_rows($csql);
  232.  
  233. if ($cnum < 1) {
  234. setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  235. setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  236. setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  237. } else {
  238. $crow = mysql_fetch_assoc($csql);
  239. $correct_pass = $crow['password'];
  240.  
  241. if($cpass_hash == $correct_pass){
  242. $_SESSION['username'] = $cname;
  243. $_SESSION['password'] = $crow['password'];
  244. $sql3 = mysql_query("UPDATE users SET ip_last = '".$remote_ip."' WHERE username = '".$cname."'");
  245. header("location: me"); exit;
  246. } else {
  247. setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  248. setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  249. setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  250. }
  251. }
  252. }
  253.  
  254. function GenerateTicket(){
  255. $data = "HB-".rand(9,999).'-'.substr(sha1(time()).'-'.rand(9,9999999).'-'.rand(9,9999999).'-'.rand(9,9999999),0,33);
  256. return $data;
  257. }
  258.  
  259. function GetUserBadge($strName){
  260.  
  261. if(is_numeric($strName)){
  262. $check = mysql_query("SELECT id FROM users WHERE id = '".$strName."' AND badge_status = '1' LIMIT 1") or die(mysql_error());
  263. } else {
  264. $check = mysql_query("SELECT id FROM users WHERE username = '".FilterText($strName)."' AND badge_status = '1' LIMIT 1") or die(mysql_error());
  265. }
  266.  
  267. $exists = mysql_num_rows($check);
  268.  
  269. if($exists > 0){
  270. $usrrow = mysql_fetch_assoc($check);
  271. $check = mysql_query("SELECT * FROM user_badges WHERE user_id = '".$usrrow['id']."' AND badge_slot = '1' LIMIT 1") or die(mysql_error());
  272. $hasbadge = mysql_num_rows($check);
  273. if($hasbadge > 0){
  274. $badgerow = mysql_fetch_assoc($check);
  275. return $badgerow['badge_id'];
  276. } else {
  277. return false;
  278. }
  279. } else {
  280. return false;
  281. }
  282. }
  283.  
  284. function GetUserGroup($my_id){
  285. $check = mysql_query("SELECT id_group FROM group_members WHERE id_user = '".$my_id."' AND is_current = '1' LIMIT 1") or die(mysql_error());
  286. $has_fave = mysql_num_rows($check);
  287.  
  288. if($has_fave > 0){
  289.  
  290. $row = mysql_fetch_assoc($check);
  291. $groupid = $row['id_group'];
  292.  
  293. return $groupid;
  294.  
  295. } else {
  296.  
  297. return false;
  298.  
  299. }
  300. }
  301.  
  302. function GetUserGroupBadge($my_id){
  303. $check = mysql_query("SELECT id_group FROM group_members WHERE id_user = '".$my_id."' AND is_current = '1' LIMIT 1") or die(mysql_error());
  304. $has_badge = mysql_num_rows($check);
  305.  
  306. if($has_badge > 0){
  307.  
  308. $row = mysql_fetch_assoc($check);
  309. $groupid = $row['id_group'];
  310.  
  311. $check = mysql_query("SELECT badge FROM group_details WHERE id = '".$groupid."' LIMIT 1") or die(mysql_error());
  312.  
  313. $row = mysql_fetch_assoc($check);
  314. $badge = $row['badge'];
  315.  
  316. return $badge;
  317.  
  318. } else {
  319.  
  320. return false;
  321.  
  322. }
  323. }
  324.  
  325. function IsUserBanned($name){
  326.  
  327. $check = mysql_query("SELECT * FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip'") or die(mysql_error());
  328. $is_banned = mysql_num_rows($check);
  329.  
  330. if($is_banned > 0){
  331. $bandata = mysql_fetch_assoc($check);
  332. $reason = $bandata['reason'];
  333. $expire = $bandata['expire'];
  334.  
  335. $stamp_now = time();
  336.  
  337. if($stamp_now < $bandata['expire']){
  338. return true;
  339. } else { //* Banimento expirado *//
  340. mysql_query("DELETE FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1") or die(mysql_error());
  341. return false;
  342. }
  343. } else {
  344. return false;
  345. }
  346. }
  347.  
  348. function mysql_evaluate($query, $default_value="undefined") {
  349. $result = mysql_query($query) or die(mysql_error());
  350.  
  351. if(mysql_num_rows($result) < 1){
  352. return $default_value;
  353. } else {
  354. return mysql_result($result, 0);
  355. }
  356. }
  357.  
  358. function FilterText($str, $advanced=false) {
  359. if($advanced == true){ return mysql_real_escape_string($str); }
  360. $str = mysql_real_escape_string(htmlspecialchars($str));
  361. return $str;
  362. }
  363.  
  364. function HoloText($str, $advanced=false, $bbcode=false) {
  365. if($advanced == true){ return stripslashes($str); }
  366. $str = nl2br(htmlspecialchars($str));
  367. return $str;
  368. }
  369.  
  370. function getArticleCategory($id) {
  371. if ($id == 1) { return "Campanhas"; }
  372. else if ($id == 2) { return "Atividades"; }
  373. else if ($id == 3) { return "Promo&ccedil;&otilde;es"; }
  374. else if ($id == 4) { return "Comunicados"; }
  375. else if ($id == 5) { return "Atualiza&ccedil;&otilde;es"; }
  376. else if ($id == 6) { return "Arquitetos em A&ccedil;&atilde;o"; }
  377. else if ($id == 7) { return "Embaixadores"; }
  378. }
  379.  
  380. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!