Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- @date_default_timezone_set("America/Sao_Paulo");
- session_start();
- require_once('config_starblue.php');
- mysql_connect("$MySQLhostname", "$MySQLusername", "$MySQLpassword") or require('/error');
- mysql_select_db("$MySQLdb") or require('/error');
- define("STARBLUE_CMS", true);
- foreach($_GET as $name=>$value) {
- $_GET[$name] = mysql_real_escape_string($value);
- }
- foreach($_POST as $name => $value) {
- $_POST[$name] = mysql_real_escape_string($value);
- }
- function getIP(){
- if($_SERVER){
- if($_SERVER["HTTP_X_FORWARDED_FOR"]){
- $realip = $_SERVER["HTTP_X_FORWARDED_FOR"];
- }elseif ($_SERVER["HTTP_CLIENT_IP"]){
- $realip = $_SERVER["HTTP_CLIENT_IP"];
- }else{
- $realip = $_SERVER["REMOTE_ADDR"];
- }
- }else{
- if(getenv("HTTP_X_FORWARDED_FOR")){
- $realip = getenv("HTTP_X_FORWARDED_FOR");
- }elseif(getenv("HTTP_CLIENT_IP")){
- $realip = getenv("HTTP_CLIENT_IP");
- }else{
- $realip = getenv("REMOTE_ADDR");
- }
- }
- return $realip;
- }
- $remote_ip = getIP();
- $adminpath = mysql_real_escape_string($path."/housekeeping");
- $server = mysql_fetch_assoc($server_status = mysql_query("SELECT * FROM server_status"));
- $online_count = $server['users_online'];
- if (isset($_POST) || isset($_GET) || isset($_REQUEST) || isset($_COOKIE)) {
- foreach($_POST as $key => $p) {
- $_POST[$key] = htmlentities($p);
- $_POST[$key] = mysql_real_escape_string($p);
- $_POST[$key] = html_entity_decode($p);
- }
- foreach($_GET as $key => $g) {
- $_GET[$key] = mysql_real_escape_string($g);
- }
- foreach($_COOKIE as $key => $s) {
- $COOKIE[$key] = mysql_real_escape_string($s);
- }
- foreach($_REQUEST as $key => $k) {
- $_REQUEST[$key] = mysql_real_escape_string($k);
- }
- }
- if (isset($_GET)) {
- foreach($_GET as $key => $f) {
- $_GET[$key] = strip_tags(mysql_real_escape_string(htmlentities($f)));
- }
- }
- if (session_is_registered(username)) {
- $rawname = $_SESSION['username'];
- $rawpass = $_SESSION['password'];
- $usersql = mysql_query("SELECT * FROM users WHERE username = '".$rawname."' AND password = '".$rawpass."' LIMIT 1");
- $myrow = mysql_fetch_assoc($usersql);
- $password_correct = mysql_num_rows($usersql);
- $my_id = $myrow['id'];
- $user_rank = $myrow['rank'];
- $user_time = $myrow['time'];
- $ban = mysql_query("SELECT * FROM bans WHERE value = '".$myrow['username']."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1");
- $bancheck = mysql_num_rows($ban);
- if ($myrow['ip_reg'] == "0") {
- mysql_query("UPDATE users SET ip_reg = '".$remote_ip."' WHERE id = '".$myrow['id']."'");
- } elseif ($password_correct !== 1) {
- header("location: ".$path."/logout");
- } elseif ($bancheck > 0) {
- $bandata = mysql_fetch_assoc($ban);
- $timestamp = time();
- if($bandata['expire'] > $timestamp) {
- $login_error = "Você foi banido! Pelo motivo: \"".$bandata['reason']."\" até ".date('d.m.Y - H:i:s', $bandata['expire']).".";
- header("location: ".$path."/logout");
- } else {
- mysql_query("DELETE FROM bans WHERE value = '".$name."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1"); }
- }
- $logged_in = true;
- $name = HoloText($myrow['username']);
- $dateReceivedGift = date("d-m-Y", $myrow["receivedGiftDate"]);
- $dateAgo = date("d-m-Y", time());
- if ($dateAgo != $dateReceivedGift) {
- mysql_query("UPDATE users SET receivedGiftDay = '0' WHERE id = '$my_id' LIMIT 1");
- }
- } else {
- $user_rank = 0;
- $name = "No-Name";
- $my_id = "No-ID";
- $myticket = "No-Ticket";
- $logged_in = false;
- }
- $maintenance = mysql_num_rows($maintenance = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_maintenance' AND value = '1'")) == "1";
- if ($maintenance && $myrow["rank"] < 8 && !$page_maintenance) {
- if (session_is_registered(username) && !$myrow["rank"] > 8) {
- session_destroy();
- }
- header("Location: ".$path."/maintenance");
- exit;
- }
- if ($page_maintenance && !$maintenance) {
- header("location: /index");
- }
- function HoloHash($password){
- $hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
- $string = sha1($password.($hash_secret));
- return $string;
- }
- function HoloHashMD5($password){
- $hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
- $string = md5($password.($hash_secret));
- return $string;
- }
- function getPass($pass) {
- return base64_encode(hash("sha256", hash("sha256", $pass) . implode(array_map("chr", array(-9, 26, -90, -34, -113, 23, 118, -88, 3, -99, 50, -72, -95, 86, -78, -87, 62, -35, 67, -99, -59, -35, -50, 86, -45, -73, -92, 5, 74, 13, 8, -80))), true));
- }
- function calculateTime($time) {
- $message = NULL;
- $timecalc = time()-$time;
- $tc['minutos'] = @$timecalc/60;
- $tc['horas'] = @$timecalc/3600;
- $tc['dias'] = @$timecalc/86400;
- $tc['meses'] = @$timecalc/2629743.83;
- $tc['anos'] = @$timecalc/31556926;
- $plu['minutos'] = (intval($tc['minutos'])==1) ? NULL : 's';
- $plu['horas'] = (intval($tc['horas'])==1) ? NULL : 's';
- $plu['dias'] = (intval($tc['dias'])==1) ? NULL : 's';
- $plu['meses'] = (intval($tc['meses'])==1) ? NULL : 'es';
- $plu['anos'] = (intval($tc['anos'])==1) ? NULL : 's';
- $message = ($timecalc<60) ? 'menos de um minuto' : $message;
- $message = ($timecalc>60 AND $timecalc<3600) ? intval($tc['minutos']).' minuto'.$plu['minutos']." atrás" : $message;
- $message = ($timecalc>3600 AND $timecalc<86400) ? intval($tc['horas']).' hora'.$plu['horas']." atrás" : $message;
- $message = ($timecalc>86000 AND $timecalc<'2629743,83') ? intval($tc['dias']).' dia'.$plu['dias']." atrás" : $message;
- $message = ($timecalc>'2629743,83' AND $timecalc<31556926) ? intval($tc['meses']).' mes'.$plu['meses']." atrás" : $message;
- $message = ($timecalc>31556926 AND $timecalc<315569260) ? intval($tc['anos']).' ano'.$plu['anos']." atrás" : $message;
- $message = ($timecalc>3155692600) ? 'mais de 10 anos' : $message;
- return ($time==0) ? 'Nunca' : ' '.$message;
- }
- function FilterAccents($str, $decode) {
- if ($decode) {
- $str = utf8_decode($str);
- }
- $str = str_replace("Á", "Á",($str));
- $str = str_replace("á", "á",($str));
- $str = str_replace("Â", "Â",($str));
- $str = str_replace("â", "â",($str));
- $str = str_replace("À", "À",($str));
- $str = str_replace("à", "à",($str));
- $str = str_replace("Å", "Å",($str));
- $str = str_replace("å", "å",($str));
- $str = str_replace("Ã", "Ã",($str));
- $str = str_replace("ã", "ã",($str));
- $str = str_replace("Ä", "Ä",($str));
- $str = str_replace("ä", "ä",($str));
- $str = str_replace("Æ", "Æ",($str));
- $str = str_replace("æ", "æ",($str));
- $str = str_replace("É", "É",($str));
- $str = str_replace("é", "é",($str));
- $str = str_replace("Ê", "Ê",($str));
- $str = str_replace("ê", "ê",($str));
- $str = str_replace("È", "È",($str));
- $str = str_replace("è", "è",($str));
- $str = str_replace("Ë", "Ë",($str));
- $str = str_replace("ë", "ë",($str));
- $str = str_replace("Í", "Í",($str));
- $str = str_replace("í", "í",($str));
- $str = str_replace("Î", "Î",($str));
- $str = str_replace("î", "î",($str));
- $str = str_replace("Ì", "Ì",($str));
- $str = str_replace("ì", "ì",($str));
- $str = str_replace("Ï", "Ï",($str));
- $str = str_replace("ï", "ï",($str));
- $str = str_replace("Ó", "Ó",($str));
- $str = str_replace("ó", "ó",($str));
- $str = str_replace("Ô", "Ô",($str));
- $str = str_replace("ô", "ô",($str));
- $str = str_replace("Ò", "Ò",($str));
- $str = str_replace("ò", "ò",($str));
- $str = str_replace("Õ", "Õ",($str));
- $str = str_replace("Ö", "Ö",($str));
- $str = str_replace("ö", "ö",($str));
- $str = str_replace("Ú", "Ú",($str));
- $str = str_replace("ú", "ú",($str));
- $str = str_replace("Û", "Û",($str));
- $str = str_replace("û", "û",($str));
- $str = str_replace("Ù", "Ù",($str));
- $str = str_replace("ù", "ù",($str));
- $str = str_replace("Ü", "Ü",($str));
- $str = str_replace("ü", "ü",($str));
- $str = str_replace("ç", "ç",($str));
- return $str;
- }
- if(empty($_SESSION['username']) && @$_COOKIE['remember'] == 'remember'){
- $cname = FilterText($_COOKIE['rusername']);
- $cpass_hash = $_COOKIE['rpassword'];
- $csql = mysql_query("SELECT password, id FROM users WHERE username = '".$cname."' LIMIT 1") or die(mysql_error());
- $cnum = mysql_num_rows($csql);
- if ($cnum < 1) {
- setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- } else {
- $crow = mysql_fetch_assoc($csql);
- $correct_pass = $crow['password'];
- if($cpass_hash == $correct_pass){
- $_SESSION['username'] = $cname;
- $_SESSION['password'] = $crow['password'];
- $sql3 = mysql_query("UPDATE users SET ip_last = '".$remote_ip."' WHERE username = '".$cname."'");
- header("location: me"); exit;
- } else {
- setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
- }
- }
- }
- function GenerateTicket(){
- $data = "HB-".rand(9,999).'-'.substr(sha1(time()).'-'.rand(9,9999999).'-'.rand(9,9999999).'-'.rand(9,9999999),0,33);
- return $data;
- }
- function GetUserBadge($strName){
- if(is_numeric($strName)){
- $check = mysql_query("SELECT id FROM users WHERE id = '".$strName."' AND badge_status = '1' LIMIT 1") or die(mysql_error());
- } else {
- $check = mysql_query("SELECT id FROM users WHERE username = '".FilterText($strName)."' AND badge_status = '1' LIMIT 1") or die(mysql_error());
- }
- $exists = mysql_num_rows($check);
- if($exists > 0){
- $usrrow = mysql_fetch_assoc($check);
- $check = mysql_query("SELECT * FROM user_badges WHERE user_id = '".$usrrow['id']."' AND badge_slot = '1' LIMIT 1") or die(mysql_error());
- $hasbadge = mysql_num_rows($check);
- if($hasbadge > 0){
- $badgerow = mysql_fetch_assoc($check);
- return $badgerow['badge_id'];
- } else {
- return false;
- }
- } else {
- return false;
- }
- }
- function GetUserGroup($my_id){
- $check = mysql_query("SELECT id_group FROM group_members WHERE id_user = '".$my_id."' AND is_current = '1' LIMIT 1") or die(mysql_error());
- $has_fave = mysql_num_rows($check);
- if($has_fave > 0){
- $row = mysql_fetch_assoc($check);
- $groupid = $row['id_group'];
- return $groupid;
- } else {
- return false;
- }
- }
- function GetUserGroupBadge($my_id){
- $check = mysql_query("SELECT id_group FROM group_members WHERE id_user = '".$my_id."' AND is_current = '1' LIMIT 1") or die(mysql_error());
- $has_badge = mysql_num_rows($check);
- if($has_badge > 0){
- $row = mysql_fetch_assoc($check);
- $groupid = $row['id_group'];
- $check = mysql_query("SELECT badge FROM group_details WHERE id = '".$groupid."' LIMIT 1") or die(mysql_error());
- $row = mysql_fetch_assoc($check);
- $badge = $row['badge'];
- return $badge;
- } else {
- return false;
- }
- }
- function IsUserBanned($name){
- $check = mysql_query("SELECT * FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip'") or die(mysql_error());
- $is_banned = mysql_num_rows($check);
- if($is_banned > 0){
- $bandata = mysql_fetch_assoc($check);
- $reason = $bandata['reason'];
- $expire = $bandata['expire'];
- $stamp_now = time();
- if($stamp_now < $bandata['expire']){
- return true;
- } else { //* Banimento expirado *//
- mysql_query("DELETE FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1") or die(mysql_error());
- return false;
- }
- } else {
- return false;
- }
- }
- function mysql_evaluate($query, $default_value="undefined") {
- $result = mysql_query($query) or die(mysql_error());
- if(mysql_num_rows($result) < 1){
- return $default_value;
- } else {
- return mysql_result($result, 0);
- }
- }
- function FilterText($str, $advanced=false) {
- if($advanced == true){ return mysql_real_escape_string($str); }
- $str = mysql_real_escape_string(htmlspecialchars($str));
- return $str;
- }
- function HoloText($str, $advanced=false, $bbcode=false) {
- if($advanced == true){ return stripslashes($str); }
- $str = nl2br(htmlspecialchars($str));
- return $str;
- }
- function getArticleCategory($id) {
- if ($id == 1) { return "Campanhas"; }
- else if ($id == 2) { return "Atividades"; }
- else if ($id == 3) { return "Promoções"; }
- else if ($id == 4) { return "Comunicados"; }
- else if ($id == 5) { return "Atualizações"; }
- else if ($id == 6) { return "Arquitetos em Ação"; }
- else if ($id == 7) { return "Embaixadores"; }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement