Advertisement
Guest User

Untitled

a guest
Feb 14th, 2016
89
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 31.91 KB | None | 0 0
  1. <?php
  2. /*===================================================+
  3. || # HoloCMS - Website and Content Management System
  4. |+===================================================+
  5. || # Copyright © 2008 Meth0d. All rights reserved.
  6. || # http://www.meth0d.org
  7. |+===================================================+
  8. || # HoloCMS is provided "as is" and comes without
  9. || # warrenty of any kind. HoloCMS is free software!
  10. |+===================================================*/
  11.  
  12. /** HOLOCMS MAINCORE
  13. * @author Meth0d
  14. * @desc Main HoloCMS Processor
  15. * @usage N/A
  16. */
  17.  
  18. define("IN_HOLOCMS", TRUE);
  19.  
  20. session_start();
  21. session_regenerate_id();
  22. // #########################################################################
  23. // Start the initalization process
  24.  
  25. @include('./config.php');
  26. @include('../config.php');
  27.  
  28. // Launch the installer if needed
  29. if(empty($sqlpassword) || empty($sqlusername) || empty($sqldb) || empty($sqlhostname)){
  30.  
  31. header("location:install.php");
  32. exit;
  33.  
  34. } else {
  35.  
  36. if(file_exists('install.php') || file_exists('upgrade.php') && $bypass_check != true){
  37.  
  38. echo "Attenzione , ci sono dei file di installazione del cms , rimuovili per continuare";
  39. exit;
  40. }elseif(file_exists('check.php')){
  41. header("location:check.php");
  42. } else {
  43.  
  44. include('includes/mysql.php');
  45.  
  46. }
  47.  
  48. }
  49.  
  50. // Validate the langauge
  51. $language_path = "./".$language."index.php";
  52. $language_path_2 = "../".$language."index.php";
  53.  
  54. if(file_exists($language_path) || file_exists($language_path_2)){
  55. $valid_language = true;
  56. } else {
  57. $language = "en";
  58. $valid_language = false;
  59. }
  60.  
  61. // #########################################################################
  62. // Define the variables HoloCMS wants to use later on
  63.  
  64. $remote_ip = $_SERVER[REMOTE_ADDR];
  65. $configsql = mysql_query("SELECT * FROM cms_system LIMIT 1") or die(mysql_error());
  66. $config = mysql_fetch_assoc($configsql);
  67. $enable_sso = $config['enable_sso'];
  68. $language = $config['language'];
  69. $sitename = $config['sitename'];
  70. $shortname = $config['shortname'];
  71. $ip = $config['ip'];
  72. $dcr = $config['dcr'];
  73. $port = FetchServerSetting('server_game_port');
  74. $fport = FetchServerSetting('server_mus_port');
  75. $texts = $config['texts'];
  76. $variables = $config['variables'];
  77. $reload_url = $config['reload_url'];
  78. $maintenance = $config['site_closed'];
  79. $H = date('H');
  80. $i = date('i');
  81. $s = date('s');
  82. $m = date('m');
  83. $d = date('d');
  84. $Y = date('Y');
  85. $j = date('j');
  86. $n = date('n');
  87. $today = $d;
  88. $month = $m;
  89. $year = $Y;
  90. $date_normal = date('d-m-Y',mktime($m,$d,$Y));
  91. $date_reversed = date('Y-m-d', mktime($m,$d,$y));
  92. $date_full = date('d-m-Y H:i:s',mktime($H,$i,$s,$m,$d,$Y));
  93. $date_time = date('H:i:s',mktime($H,$i,$s));
  94. $date_hc = "".$j."-".$n."-".$Y."";
  95. $regdate = $date_normal;
  96. $s1ql = mysql_query("SELECT * FROM server_status LIMIT 1");
  97. $r1ow = mysql_fetch_assoc($s1ql);
  98. $online_count = $r1ow['users_online'];
  99. $server_on_localhost = $config['localhost'];
  100. $habboversion = "63_1dc60c6d6ea6e089c6893ab4e0541ee0/116";
  101. $forumid = FilterText($_GET['id']);
  102. $analytics = HoloText($config['analytics'], true)."\n";
  103.  
  104. // #########################################################################
  105.  
  106. function edit_date($data , $full = false)
  107. {
  108. $xbits = explode(" ", $data);
  109. $xdate = explode("-", $xbits[0]);
  110. $mesi = array('01' => 'gen', '02' => 'feb', '03' => 'mar', '04' => 'apr', '05' => 'mag', '06' => 'giu', '07' => 'lug', '08' => 'ago', '09' => 'set', '10' => 'ott' , '11' => 'nov', '12' => 'dic');
  111. if($full != true) { $data = "".$xdate[0]."-".strtr($xdate[1], $mesi)."-".$xdate[2].""; }else{ $data = "".$xdate[0]."-".strtr($xdate[1], $mesi)."-".$xdate[2]." ".$xbits[1].""; }
  112. return $data;
  113. }
  114.  
  115. function FetchServerSetting($strSetting, $switch = false){
  116.  
  117. $tmp = mysql_query("SELECT sval FROM system_config WHERE skey = '".$strSetting."' LIMIT 1") or die(mysql_error());
  118. $tmp = mysql_fetch_assoc($tmp);
  119.  
  120. if($switch !== true){
  121. return $tmp['sval'];
  122. } elseif($switch == true && $tmp['sval'] == "1"){
  123. return "Enabled";
  124. } elseif($switch == true && $tmp['sval'] !== "1"){
  125. return "Disabled";
  126. }
  127.  
  128. }
  129.  
  130. // #########################################################################
  131.  
  132. function getContent($strKey){
  133.  
  134. $tmp = mysql_query("SELECT contentvalue FROM cms_content WHERE contentkey = '".FilterText($strKey)."' LIMIT 1") or die(mysql_error());
  135. $tmp = mysql_fetch_assoc($tmp);
  136. return $tmp['contentvalue'];
  137.  
  138. }
  139.  
  140. // #########################################################################
  141.  
  142.  
  143.  
  144. function getServer($value, $switch = false){
  145.  
  146. $sql = mysql_query("SELECT sval FROM system_config WHERE skey = '".$value."' LIMIT 1") or die(mysql_error());
  147. $row = mysql_fetch_assoc($sql);
  148.  
  149. if($switch !== true){
  150. return $row['sval'];
  151. } else if($switch && $row['sval'] == "1"){
  152. return "Attivato";
  153. } else if($switch && $row['sval'] !== "1"){
  154. return "Disattivato";
  155. }
  156.  
  157. }
  158.  
  159.  
  160.  
  161.  
  162. // #########################################################################
  163. // If a user is logged out and has a 'remember me' cookie, validate the information
  164. // in the cookie and log the user in if everything's valid.
  165. // Please do not mess with this. It is a fairly simple process, but if it doesn't work
  166. // properly it can cause a huge mess. Everything in this function is commented.
  167.  
  168. @include('./includes/inc.crypt.php');
  169. @include('../includes/inc.crypt.php');
  170. if(!session_is_registered(username) && $_COOKIE['remember'] == "remember"){
  171.  
  172. // Get variables stored in cookies; the username and sha1 hashed password
  173. $cname = FilterText($_COOKIE['rusername']);
  174. $cpass_hash = $_COOKIE['rpassword'];
  175.  
  176. // Now fetch the password that belongs to this user from the database
  177. $csql = mysql_query("SELECT password FROM users WHERE username = '".$cname."' LIMIT 1") or die(mysql_error());
  178. $cnum = mysql_num_rows($csql);
  179.  
  180. // If no results are returned (invalid username, destroy the cookie
  181. if($cnum < 1){
  182. setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  183. setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  184. setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  185. } else {
  186.  
  187. // We found a user, now get his password and hash it
  188. $crow = mysql_fetch_assoc($csql);
  189. $correct_pass = $crow['password'];
  190.  
  191. // Check if the hashed database password and hash in the cookie match
  192. // If no, destroy the cookie. If yes, log the user in.
  193. if($cpass_hash == $correct_pass){
  194. $_SESSION['username'] = $cname;
  195. $_SESSION['password'] = $crow['password'];
  196. mysql_query("UPDATE users SET lastvisit = '".$date_full."' WHERE username = '" . $cname . "'") or die(mysql_error());
  197. header("Location: security_check.php");
  198. exit;
  199. } else {
  200. setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  201. setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  202. setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  203. }
  204.  
  205. }
  206.  
  207. }
  208.  
  209. // #########################################################################
  210.  
  211. function IsEven($intNumber)
  212. {
  213. if($intNumber % 2 == 0){
  214. return true;
  215. } else {
  216. return false;
  217. }
  218. }
  219.  
  220. // #########################################################################
  221.  
  222. function bbcode_format($str){
  223.  
  224. // Parse smilies
  225. if(HoloText(getContent('enable-smilies'), true) == "1"){
  226. $str = str_replace(":)", " <img src='./web-gallery/smilies/smile.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  227. $str = str_replace(";)", " <img src='./web-gallery/smilies/wink.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  228. $str = str_replace(":P", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  229. $str = str_replace(";P", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  230. $str = str_replace(":p", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  231. $str = str_replace(";p", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  232. $str = str_replace("(L)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  233. $str = str_replace("(l)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  234. $str = str_replace(":o", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  235. $str = str_replace(":O", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  236. }
  237.  
  238. // Parse BB code
  239. $simple_search = array(
  240. '/\[b\](.*?)\[\/b\]/is',
  241. '/\[i\](.*?)\[\/i\]/is',
  242. '/\[u\](.*?)\[\/u\]/is',
  243. '/\[s\](.*?)\[\/s\]/is',
  244. '/\[quote\](.*?)\[\/quote\]/is',
  245. '/\[link\=(.*?)\](.*?)\[\/link\]/is',
  246. '/\[url\=(.*?)\](.*?)\[\/url\]/is',
  247. '/\[color\=(.*?)\](.*?)\[\/color\]/is',
  248. '/\[size=small\](.*?)\[\/size\]/is',
  249. '/\[size=large\](.*?)\[\/size\]/is',
  250. '/\[code\](.*?)\[\/code\]/is',
  251. '/\[habbo\=(.*?)\](.*?)\[\/habbo\]/is',
  252. '/\[room\=(.*?)\](.*?)\[\/room\]/is',
  253. '/\[group\=(.*?)\](.*?)\[\/group\]/is',
  254. '/\[img\](.*?)\[\/img\]/is',
  255. '/\[iframe\](.*?)\[\/iframe\]/is'
  256. );
  257.  
  258.  
  259. $simple_replace = array(
  260. '<strong>$1</strong>',
  261. '<em>$1</em>',
  262. '<u>$1</u>',
  263. '<s>$1</s>',
  264. "<div class='bbcode-quote'>$1</div>",
  265. "<a href='$1'>$2</a>",
  266. "<a href='$1'>$2</a>",
  267. "<font color='$1'>$2</font>",
  268. "<font size='1'>$1</font>",
  269. "<font size='3'>$1</font>",
  270. '<pre>$1</pre>',
  271. "<a href='./user_profile.php?id=$1'>$2</a>",
  272. "<a onclick=\"roomForward(this, '$1', 'private'); return false;\" target=\"client\" href=\"./client.php?stanza=$1\">$2</a>",
  273. "<a href='./group_profile.php?id=$1'>$2</a>",
  274. "<img src='$1'/>",
  275. "<iframe src='$1'></iframe>"
  276. );
  277.  
  278. $str = preg_replace ($simple_search, $simple_replace, $str);
  279.  
  280. return $str;
  281. }
  282.  
  283. // #########################################################################
  284.  
  285. function GenerateTicket(){
  286.  
  287. $data = "";
  288.  
  289. for ($i=1; $i<=6; $i++){
  290. $data = $data . rand(0,10);
  291. }
  292.  
  293. $data = $data . "";
  294.  
  295. for ($i=1; $i<=20; $i++){
  296. $data = $data . rand(0,10);
  297. }
  298.  
  299. $data = $data . "";
  300. $data = $data . rand(0,10);
  301.  
  302. return $data;
  303. }
  304.  
  305.  
  306. // #########################################################################
  307.  
  308. if(session_is_registered('username')){
  309.  
  310. $rawname = $_SESSION['username']; // Has slashes added and lacking proper capitals
  311. $rawpass = $_SESSION['password']; // HoloHash()'ed user password
  312.  
  313. $usersql = mysql_query("SELECT * FROM users WHERE username = '".$rawname."' AND password = '".$rawpass."' LIMIT 1");
  314. $myrow = mysql_fetch_assoc($usersql);
  315.  
  316. $password_correct = mysql_num_rows($usersql);
  317.  
  318. $my_id = $myrow['id'];
  319. //$my_name = $myrow['username'];
  320. $user_rank = $myrow['rank'];
  321.  
  322. $check = mysql_query("SELECT * FROM bans WHERE value = '".$rawname."' LIMIT 1") or die(mysql_error());
  323. $is_banned = mysql_num_rows($check);
  324.  
  325. if($password_correct !== 1){ // Login Anti
  326.  
  327. session_destroy();
  328. header("location:index.php?error=1");
  329. exit;
  330.  
  331. } elseif($is_banned > 0){
  332.  
  333. $bandata = mysql_fetch_assoc($check);
  334. $reason = $bandata['reason'];
  335. $expire = date('d-m-Y H:i:s',$bandata['expire']);
  336. if($reason == NULL) {
  337. $reason = "Nessuna motivazione";
  338. }
  339.  
  340. if($is_banned > 0){
  341.  
  342. $login_error = "Sei stato bannato! La ragione del tuo BAN &egrave; \"" . $reason . "\". Il tuo ban termina il " . $expire . ".";
  343. include('logout.php');
  344. session_destroy();
  345. exit;
  346.  
  347.  
  348.  
  349. }
  350. }
  351.  
  352. if($enable_sso == 1 && $password_correct == 1){
  353.  
  354. $myticket = $myrow['auth_ticket'];
  355.  
  356. // if(empty($myticket) || $myticket == "0" || strlen($myticket) < 39){
  357. // $myticket = GenerateTicket();
  358. // mysql_query("UPDATE users SET ticket_sso = '".$myticket."', ipaddress_last = '".$remote_ip."' WHERE id = '".$my_id."' LIMIT 1") or die(mysql_error());
  359. // }
  360.  
  361. } else {
  362. $myticket = "";
  363. }
  364.  
  365. $logged_in = true;
  366. $name = HoloText($myrow['username']);
  367.  
  368. } else {
  369.  
  370. $user_rank = 0;
  371. $name = "Guest";
  372. $my_id = "GUEST";
  373. //$myticket = "";
  374. $logged_in = false;
  375.  
  376. }
  377.  
  378. // #########################################################################
  379. // Gift check (noob/welcome stuff)
  380. /*
  381. $sql = mysql_query("SELECT noob,gift,sort,roomid,lastgift FROM users WHERE id='".$my_id."' LIMIT 1");
  382. $row = mysql_fetch_assoc($sql);
  383. if($row['gift'] < 3) {
  384. if($row['noob'] == 1) {
  385. if($row['lastgift'] < date("d-m-Y")) {
  386. mysql_query("INSERT INTO cms_noobgifts (userid,gift,read) VALUES ('".$my_id."','".$row['gift']."','0')");
  387. mysql_query("UPDATE users SET lastgift='".date("d-m-Y")."',gift=gift+'1' WHERE id='".$my_id."' LIMIT 1");
  388. }
  389. }
  390. }
  391. // #########################################################################
  392. */
  393.  
  394. if($enable_status_image == "1"){
  395. if($server_on_localhost != 0 || $ip == "127.0.0.1"){
  396. $fip = "127.0.0.1";
  397. } else {
  398. $fip = $ip;
  399. }
  400.  
  401. $fp = @fsockopen($fip, $fport, $errno, $errstr, 1);
  402.  
  403. if($fp){
  404. $online = "online";
  405. fclose($fp);
  406. } else {
  407. $online = "offline";
  408. }
  409. }else{
  410. $online = "online";
  411. }
  412.  
  413. // #########################################################################
  414.  
  415. if($user_rank > 5){
  416. if(session_is_registered(hkusername) && session_is_registered(hkpassword)){
  417. $rank['iAdmin'] = "1";
  418. } else {
  419. $rank['iAdmin'] = "0";
  420. }
  421. } else {
  422. $rank['iAdmin'] = "0";
  423. }
  424.  
  425. // #########################################################################
  426.  
  427. function GetUserBadge($strName){ // supports user IDs also
  428.  
  429. if(is_numeric($strName)){
  430. $check = mysql_query("SELECT id FROM users WHERE id = '".$strName."' AND badge_status = '1' LIMIT 1") or die(mysql_error());
  431. } else {
  432. $check = mysql_query("SELECT id FROM users WHERE username = '".FilterText($strName)."' AND badge_status = '1' LIMIT 1") or die(mysql_error());
  433. }
  434.  
  435. $exists = mysql_num_rows($check);
  436.  
  437. if($exists > 0){
  438. $usrrow = mysql_fetch_assoc($check);
  439. $check = mysql_query("SELECT * FROM user_badges WHERE user_id = '".$usrrow['id']."' AND badge_slot = '1' LIMIT 1") or die(mysql_error());
  440. $hasbadge = mysql_num_rows($check);
  441. if($hasbadge > 0){
  442. $badgerow = mysql_fetch_assoc($check);
  443. return $badgerow['badge_id'];
  444. } else {
  445. return false;
  446. }
  447. } else {
  448. return false;
  449. }
  450. }
  451.  
  452. // #########################################################################
  453.  
  454. function GetUserGroup($my_id){
  455. $check = mysql_query("SELECT groupid FROM user_stats WHERE id = '".$my_id."' LIMIT 1") or die(mysql_error());
  456. $has_fave = mysql_num_rows($check);
  457.  
  458. if($has_fave > 0){
  459.  
  460. $row = mysql_fetch_assoc($check);
  461. $groupid = $row['groupid'];
  462.  
  463. return $groupid;
  464.  
  465. } else {
  466.  
  467. return false;
  468.  
  469. }
  470. }
  471.  
  472. // #########################################################################
  473.  
  474. function GetUserGroupBadge($my_id){
  475. $check = mysql_query("SELECT groupid FROM user_stats WHERE id = '".$my_id."' LIMIT 1") or die(mysql_error());
  476. $has_badge = mysql_num_rows($check);
  477.  
  478. if($has_badge > 0){
  479.  
  480. $row = mysql_fetch_assoc($check);
  481. $groupid = $row['groupid'];
  482.  
  483. $check = mysql_query("SELECT badge FROM groups WHERE id = '".$groupid."' LIMIT 1") or die(mysql_error());
  484.  
  485. $row = mysql_fetch_assoc($check);
  486. $badge = $row['badge'];
  487.  
  488. return $badge;
  489.  
  490. } else {
  491.  
  492. return false;
  493.  
  494. }
  495. }
  496.  
  497. // #########################################################################
  498.  
  499. // Calculate the amount of HC Days left
  500. function HCDaysLeft($my_id){
  501.  
  502. // Query for the info we need to calculate
  503. $sql = mysql_query("SELECT timestamp_activated,timestamp_expire FROM user_subscriptions WHERE user_id = '".$my_id."' LIMIT 1") or die(mysql_error());
  504. $tmp = mysql_fetch_assoc($sql);
  505. $valid = mysql_num_rows($sql);
  506.  
  507. if($valid > 0){
  508.  
  509. // Collect the variables we need from the query result
  510. $months_left = $tmp['timestamp_expire'];
  511. $month_started = $tmp['timestamp_activated'];
  512.  
  513. // We take 31 days for every month left, assuming each month has 31 days
  514. $days_left = $months_left * 31;
  515.  
  516. // Split up the day/month/year so we can use it with mktime
  517. $tmp = explode("-", $month_started);
  518. $day = $tmp[0];
  519. $month = $tmp[1];
  520. $year = $tmp[2];
  521.  
  522. // First of all make the dates we want to compare, do some math
  523. $then = mktime(0, 0, 0, $month, $day, $year, 0);
  524. $now = time();
  525. $difference = $now - $then;
  526.  
  527. // If this month expired already
  528. if ($difference < 0){
  529. $difference = 0;
  530. }
  531.  
  532. // Now do some math
  533. $days_expired = floor($difference/60/60/24);
  534.  
  535. // $days_expired stands for the days we already wasted in this month
  536. // 31 days for each month added together, minus the days we've wasted in the current month, is the amount of days we have left, totally
  537. $days_left = $days_left - $days_expired;
  538.  
  539. return $days_left;
  540.  
  541. } else {
  542. return 0;
  543. }
  544. }
  545.  
  546. // #########################################################################
  547.  
  548. if($maintenance == "1" && !$is_maintenance && $rank['iAdmin'] < 1){
  549. header("Location: maintenance.php");
  550. exit;
  551. } elseif($rank['iAdmin'] == 1 && $maintenance == 1){
  552. $notify_maintenance = true;
  553. }
  554.  
  555. // #########################################################################
  556.  
  557. function AddUser($username = '', $real_name = '', $password = '', $mail = '', $figure = '', $motto = '', $home_room = '', $birth = '', $fb_id = 0)
  558. {
  559. mysql_query("INSERT INTO users (username, real_name, password, mail, credits, look, motto, account_created, last_online, ip_last, ip_reg, home_room, birth, facebook_id) VALUES ('".$username."', '".FilterText($real_name)."', '".$password."', '".$mail."', '50000', '".$figure."', '".$motto."', UNIX_TIMESTAMP(), UNIX_TIMESTAMP(), '".$_SERVER['REMOTE_ADDR']."', '".$_SERVER['REMOTE_ADDR']."', '".$home_room."','".$birth."','".$fb_id."')");
  560. $user_id = mysql_insert_id();
  561. mysql_query("INSERT INTO user_stats (id, RoomVisits, OnlineTime, Respect, RespectGiven, GiftsGiven, GiftsReceived, DailyRespectPoints, DailyPetRespectPoints) VALUES ('".$user_id."', 0, 0, 0, 0, 0, 0, 3, 3)");
  562. mysql_query("INSERT INTO user_info (user_id, bans, cautions, reg_timestamp, login_timestamp, cfhs, cfhs_abusive) VALUES ('".$user_id."', '0', '0', UNIX_TIMESTAMP(), '0', '0', '0')");
  563. }
  564.  
  565. // #########################################################################
  566.  
  567. function IsHCMember($my_id){
  568. if(HCDaysLeft($my_id) > 0 ){
  569. return true;
  570. } else {
  571. // Make sure that HC members are _not_ rank 2 and that they do not have their gay little badge
  572. $check = mysql_query("SELECT * FROM user_subscriptions WHERE user_id = '".$my_id."' LIMIT 1");
  573. $clubrecord = mysql_num_rows($check);
  574. if($clubrecord > 0){
  575. mysql_query("UPDATE users SET badge_status = '0', hc_before='1' WHERE id = '".$my_id."' LIMIT 1") or die(mysql_error());
  576. mysql_query("UPDATE users SET rank = '1' WHERE id = '".$my_id."' AND rank = '2' LIMIT 1") or die(mysql_error());
  577. mysql_query("DELETE FROM user_badges WHERE badge_slot = 'HC1' OR badge_id = 'HC2' AND user_id = '".$my_id."' LIMIT 1");
  578. mysql_query("DELETE FROM user_subscriptions WHERE user_id = '".$my_id."' LIMIT 1") or die(mysql_error());
  579. if(function_exists(SendMUSData) !== true){ include('includes/mus.php'); }
  580.  
  581. }
  582. return false;
  583. }
  584. }
  585.  
  586. // #########################################################################
  587.  
  588. function GiveHC($user_id, $months){
  589.  
  590. $sql = mysql_query("SELECT * FROM user_subscriptions WHERE user_id = '".$user_id."' LIMIT 1") or die(mysql_error());
  591. $valid = mysql_num_rows($sql);
  592.  
  593. if($valid > 0){
  594. mysql_query("UPDATE users SET rank = '1' WHERE rank = '1' AND id = '".$user_id."' LIMIT 1") or die(mysql_error());
  595. mysql_query("UPDATE user_subscriptions SET timestamp_expire = now() + ".$months." WHERE user_id = '".$user_id."' LIMIT 1") or die(mysql_error());
  596. $check = mysql_query("SELECT * FROM user_badges WHERE badge_id = 'HC6' AND user_id = '".$user_id."' LIMIT 1") or die(mysql_error());
  597. $found = mysql_num_rows($check);
  598. if($found !== 1){ // No badge. Poor thing.
  599. mysql_query("UPDATE users SET badge_status = '0' WHERE id = '".$user_id."' LIMIT 1") or die(mysql_error());
  600. mysql_query("UPDATE user_badges SET badge_slot = '0' WHERE user_id = '".$user_id."'") or die(mysql_error());
  601. mysql_query("INSERT INTO user_badges (user_id,badge_id,badge_slot) VALUES ('".$user_id."','HC1','1')") or die(mysql_error());
  602. }
  603. } else {
  604. $m = date('m');
  605. $d = date('d');
  606. $Y = date('Y');
  607. $date = date('d-m-Y', mktime($m,$d,$Y));
  608. mysql_query("INSERT INTO user_subscriptions (user_id,timestamp_activated,timestamp_expire) VALUES ('".$user_id."','".$date."','now() + ".$months."')") or die(mysql_error());
  609. GiveHC($user_id, $months);
  610. }
  611.  
  612. if(function_exists(SendMUSData) !== true){ include('includes/mus.php'); }
  613.  
  614. }
  615.  
  616. // #########################################################################
  617.  
  618. if(session_is_registered(username)){
  619. $blob = time();
  620.  
  621. mysql_query("UPDATE users SET ip_last = '".$remote_ip."' WHERE id = '".$my_id."' LIMIT 1") or die(mysql_error());
  622.  
  623.  
  624. //if($phail == true){
  625. //echo "<b>Please wait..</b><br />Please wait while we update your HoloDB compatability..<br />";
  626. //mysql_query("ALTER TABLE `users` ADD `online` TEXT NOT NULL ;") or die(mysql_error());
  627. //echo "Done! Please reload this page to proceed. You will not see this message again.";
  628. //exit;
  629. //}
  630. }
  631.  
  632. // #########################################################################
  633.  
  634. function IsUserOnline($intUID){
  635. $result = mysql_fetch_array(mysql_query("SELECT online FROM users WHERE id = '".$intUID."' LIMIT 1")) or die(mysql_error());
  636.  
  637. if($result['online'] == 1){
  638. return true;
  639. } else {
  640.  
  641. return false;
  642. }
  643. }
  644.  
  645. // #########################################################################
  646.  
  647. function IsUserBanned(){
  648.  
  649.  
  650.  
  651. }
  652.  
  653. // ######################################################################### MUS servono per Phoenix Emulator
  654.  
  655. function SendMUS($header, $data){
  656. $ip = "127.0.0.1";
  657. $port = 30001;
  658. $musData = $header . chr(1) . $data;
  659. $sock = @socket_create(AF_INET, SOCK_STREAM, getprotobyname('tcp'));
  660. @socket_connect($sock, $ip, $port);
  661. @socket_send($sock, $musData, strlen($musData), MSG_DONTROUTE);
  662. @socket_close($sock);
  663. }
  664.  
  665. // #########################################################################
  666.  
  667. function mysql_evaluate($query, $default_value="undefined") {
  668. $result = mysql_query($query) or die(mysql_error());
  669.  
  670. if(mysql_num_rows($result) < 1){
  671. return $default_value;
  672. } else {
  673. return mysql_result($result, 0);
  674. }
  675. }
  676.  
  677. // ######################################################################### Non serve
  678.  
  679. function CheckGruppi() {
  680. $gruppif = mysql_query("SELECT * FROM group_memberships WHERE is_current = '1'") or die(mysql_error());
  681. while($gruppir = mysql_fetch_assoc($gruppif)) {
  682. mysql_query("UPDATE user_stats SET groupid = '".$gruppir['groupid']."' WHERE id = '".$gruppir['userid']."'") or die(mysql_error());
  683. }
  684. }
  685.  
  686. // ######################################################################### Filter
  687.  
  688. function FilterText($str, $advanced=false) {
  689. if($advanced == true){ return mysql_real_escape_string($str); }
  690. $str = mysql_real_escape_string(htmlspecialchars($str));
  691. return $str;
  692. }
  693.  
  694. function HoloText($str, $advanced=false, $bbcode=false) {
  695. if($advanced == true){ return stripslashes($str); }
  696. $str = stripslashes(nl2br(htmlspecialchars($str)));
  697. if($bbcode == true){$str = bbcode_format($str); }
  698. return $str;
  699. }
  700.  
  701. function stringToURL($str,$lowercase=true,$spaces=false){
  702. $str = trim(preg_replace('/\s\s+/',' ',preg_replace("/[^A-Za-z0-9-]/", " ", $str)));
  703. if($lowercase == true){ $str = strtolower($str); }
  704. if($spaces == true){ $str = str_replace(" ", "-", $str); }else{ str_replace(" ", "", $str); }
  705. return $str;
  706. }
  707.  
  708.  
  709.  
  710. function textInJS($str, $clean = false){
  711. $str = str_replace("??","?",$str);
  712. $str = str_replace("??","?",$str);
  713. $str = str_replace("?‘","?",$str);
  714. $str = str_replace("?±","?",$str);
  715. $str = str_replace("??","?",$str);
  716. $str = str_replace("??","?",$str);
  717. $str = str_replace("?‰","?",$str);
  718. $str = str_replace("?©","?",$str);
  719. $str = str_replace("?“","?",$str);
  720. $str = str_replace("??","?",$str);
  721. $str = str_replace("??","?",$str);
  722. $str = str_replace("??","?",$str);
  723. $str = str_replace("??","?",$str);
  724. $str = str_replace("?","?",$str);
  725.  
  726. if($clean == true)
  727. {
  728. $str = str_replace("?","N",$str);
  729. $str = str_replace("?","n",$str);
  730. $str = str_replace("?","A",$str);
  731. $str = str_replace("?","a",$str);
  732. $str = str_replace("?","E",$str);
  733. $str = str_replace("?","e",$str);
  734. $str = str_replace("?","O",$str);
  735. $str = str_replace("?","o",$str);
  736. $str = str_replace("?","U",$str);
  737. $str = str_replace("?","u",$str);
  738. $str = str_replace("?","I",$str);
  739. $str = str_replace("?","i",$str);
  740. }
  741.  
  742. return $str;
  743. }
  744.  
  745.  
  746.  
  747. function FilterSpecialChars($strInput)
  748. {
  749. $strInput = str_replace(chr(1), ' ', $strInput);
  750. $strInput = str_replace(chr(2), ' ', $strInput);
  751. $strInput = str_replace(chr(3), ' ', $strInput);
  752. $strInput = str_replace(chr(9), ' ', $strInput);
  753. }
  754.  
  755. function SwitchWordFilter($str)
  756. {
  757.  
  758. $sql = mysql_query("SELECT word FROM system_wordfilter") or die(mysql_error());
  759.  
  760. while($row = mysql_fetch_assoc($sql)){
  761. $str = str_replace($row['word'],getServer("wordfilter_censor"),$str);
  762. }
  763.  
  764. return $str;
  765.  
  766. }
  767.  
  768.  
  769.  
  770.  
  771.  
  772. function EscapeString($string = '')
  773. {
  774. return mysql_real_escape_string(stripslashes(trim(htmlspecialchars($string))));
  775. }
  776.  
  777. ###################################### php stuff ######################################
  778. error_reporting(0); /* no errors please */
  779. session_start(); /* for user´s data */
  780.  
  781.  
  782.  
  783. /* NON TOCCARE */
  784. $config["hImaging"] = 'http://habbo.it/habbo-imaging/avatarimage'; /* Trololololololollollolooooooooooooooooooooool */
  785. /* Scegli avatar predefinito */
  786. $config["defaultAvatar"] = 'ch-3111-63-62.hd-3103-1.hr-3163-39.lg-285-77.sh-305-78'; /* Questo look è figo */
  787.  
  788. ###################################### Connessione al mysql ######################################
  789. /* NON TOCCARE */
  790. $con = mysql_connect($sqlhostname, $sqlusername, $sqlpassword) or die('Errore con la connessione al mysql, apri <b>config.php</b> e modifica con i tuoi dati.');
  791. $db = mysql_select_db($sqldb, $con) or die('Database non trovato, apri <b>config.php</b> e modifica con i tuoi dati.');
  792.  
  793.  
  794. // #########################################################################
  795.  
  796. /* Funzione per il caricamento dei look */
  797. function readAvatarSet($type, $gender, $publicDir = 'json/', $extFile = '.txt'){
  798. /* formating avatar set file */ $set_file = $publicDir.$type.'-'.strtolower($gender).'.txt';
  799. /* check if file exists */ if(file_exists($set_file) != false){ $x = fopen($set_file, "r");
  800. /* reading file and returning data as string */ $s = fread($x, filesize($set_file)); fclose($x); return $s; } else { return null; }
  801. }
  802.  
  803. // #########################################################################
  804.  
  805. /* Funzione per il check delle stringhe */
  806. function checkIfContains($substring, $string) {
  807. $pos = strpos($string, $substring);
  808. if($pos === false) { return false; } else { return true; }
  809. }
  810.  
  811. // #########################################################################
  812.  
  813. /* Non serve a nulla */
  814. function createSecurityHash($length, $numbers, $upper){
  815. if (1 > $length) $length = 8;
  816. $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  817. $numChars = 62; $string = '';
  818. if (!$numbers) { $numChars = 52; $chars = substr($chars, 10, $numChars); }
  819. if (!$upper) { $numChars -= 26; $chars = substr($chars, 0, $numChars); }
  820. for ($i = 0; $i < $length; $i++) { $string .= $chars[mt_rand(0, $numChars - 1)]; }
  821. return $string;
  822. }
  823. // #########################################################################
  824. function Securise($str)
  825. {
  826. $str = mysql_real_escape_string(htmlspecialchars(stripslashes(nl2br(trim($str)))));
  827. return $str;
  828. }
  829. // ######################################################################### Redirect for Facebook
  830. function Redirect($url){
  831. $redirect = header("location:".$url."");
  832. return $redirect;
  833. }
  834.  
  835. // ########################################################################## Facebook Connect
  836. define('APP_ID', '1437560843234526');
  837. define('APP_SECRET', '23a8279c50aaf86c14b2f73a787775dc');
  838. define('siteurl', 'http://hrob.me');
  839.  
  840. // selezione linguaggio
  841. if($myrow['lang'] == NULL || !$logged_in) {
  842. $a = unserialize(file_get_contents('http://www.geoplugin.net/php.gp?ip='.$_SERVER["HTTP_CF_CONNECTING_IP"]));
  843. $countrycode= $a['geoplugin_countryCode'];
  844. if ($countrycode=='IT')
  845. include ('linguaggio/it.php') ;
  846. else
  847. include('linguaggio/en.php') ;
  848. }
  849. else {
  850. $lang = $myrow['lang'];
  851. switch($lang) {
  852. case '1':
  853. include "linguaggio/it.php";
  854. break;
  855. case '2':
  856. include "linguaggio/en.php";
  857. break;
  858. default:
  859. include "linguaggio/it.php";
  860. }
  861. }
  862. // ######################################################################### Version
  863.  
  864.  
  865.  
  866. @include('./includes/version.php');
  867. @include('../includes/version.php');
  868.  
  869. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement