<?php$value = $_COOKIE['_identity'];if ($value === null || strpos($value, '4

1. <?php
2. $value = $_COOKIE['_identity'];
3. if ($value === null || strpos($value, '43534t635t63543') === false) {
4. header('Location: http://os-v.org/site/login');
5. die();
6. }
7. ?>
8. <html>
9. <head>
10. <meta charset="utf-8" />
11.  
12. <title>Chat logs</title>
13. <link href="https://os-v.org/logs/chat/css/bootstrap.min.css" rel="stylesheet">
14. <link href="https://os-v.org/logs/chat/css/bootstrap-datetimepicker.min.css" rel="stylesheet">
15. <link href="https://os-v.org/logs/chat/css/main.css" rel="stylesheet" type="text/css"/>
16.  
17. <script type="text/javascript" src="http://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
18. <script type="text/javascript" src="https://os-v.org/logs/chat/js/bootstrap.min.js"></script>
19. <script type="text/javascript" src="https://os-v.org/logs/chat/js/bootstrap-datetimepicker.js"></script>
20. <script type="text/javascript" src="https://os-v.org/logs/chat/js/advancedsearch.js"></script>
21. </head>
22.  
23. <body>
24. <div class="loglinks">
25. <a href="https://os-v.org/logs/chat/index.php">Chat</a> |
26. <a href="https://os-v.org/logs/kills/index.php">PvP Kills</a> |
27. <a href="https://os-v.org/logs/pvm/index.php">PvM Kills</a> |
28. <a href="https://os-v.org/logs/logins/index.php">Logins</a> |
29. <a href="https://os-v.org/logs/punishments/index.php">Punishments</a> |
30. <a href="https://os-v.org/logs/stakes/index.php">Stakes</a> |
31. <a href="https://os-v.org/logs/trades/index.php">Trades</a> |
32. <a href="https://os-v.org/logs/errors/index.php">Errors</a>
33. </div>
34. <div class="container">
35. <div class="table">
36. <h2>Chat logs</h2>
37.  
38. <form method="get" action="index.php" autocomplete="on" class="center">
39. <input class="search" type="text" id="search" name="search" placeholder="Search..." size="20" required>
40. <input class="button" id="reset" onclick="location.href='index.php'" type="button" value="Reset">
41. </form>
42.  
43. <br>
44.  
45. <fieldset><legend>Advanced Search <input value="Show" class="button noselect" id="togglesearch" unselectable="on" onmousedown='return false;' onselectstart='return false;'></legend>
46. <form id="advancedsearch" action="" hidden>
47. <div class="searchleft">
48. <div class="searchelement"><p>Between</p></div>
49. <div class="searchelement"><p>And</p></div>
50. <div class="searchelement"><p>Type</p></div>
51. <div class="searchelement"><p>IP</p></div>
52. <div class="searchelement"><p>Message Contains</p></div>
53. <div class="searchelement">
54. <div class="controls input-append date form_datetime" data-date-format="yyyy-mm-dd hh:ii:ss" data-link-field="startdate">
55. <input size="16" type="text" value="" readonly>
56. <span class="add-on"><i class="icon-remove"></i></span>
57. <span class="add-on"><i class="icon-th"></i></span>
58. </div>
59. <input type="hidden" id="startdate" name="startdate" value="" />
60. </div>
61. <div class="searchelement">
62. <div class="controls input-append date form_datetime" data-date-format="yyyy-mm-dd hh:ii:ss" data-link-field="enddate">
63. <input size="16" type="text" value="" readonly>
64. <span class="add-on"><i class="icon-remove"></i></span>
65. <span class="add-on"><i class="icon-th"></i></span>
66. </div>
67. <input type="hidden" id="enddate" name="enddate" value="" />
68. </div>
69. <div class="checkline" class="searchelement">
70. <label><input type="checkbox" id="chat" name="type" value="chat" checked>Chat</label>
71. <label><input type="checkbox" id="command" name="type" value="command" checked>Command</label>
72. <label><input type="checkbox" id="private" name="type" value="private" checked>Private Message</label>
73. </div>
74. <div class="searchelement">
75. <input type="text" id="ip" size="24" value="">
76. </div>
77. <div class="searchelement">
78. <input type="text" id="messages" size="24" value="" placeholder="Separate words by comma">
79. </div>
80. </div>
81.  
82. <div class="searchright">
83. <div class="searchelement">
84. <p>Players</p>
85. <input class="button noselect" id="addplayer" unselectable="on" onmousedown='return false;' onselectstart='return false;' value="Add">
86. <input class="button noselect" id="delplayer" unselectable="on" onmousedown='return false;' onselectstart='return false;' value="Delete">
87. <br>
88. <input type="text" id="newplayer" size="20" value="">
89. </div>
90. <div class="searchelement">
91. <select class="playersearch" id="playerlist" size="11" multiple></select>
92. </div>
93. </div>
94. <div class="clear center buttonpanel">
95. <input class="button" id="searchbutton" type="button" value="Search">
96. <input class="button" onclick="location.href='index.php'" type="button" value="Reset">
97. </div>
98. </form>
99. </fieldset>
100.  
101. <script type="text/javascript">
102. $('.form_datetime').datetimepicker({
103. weekStart: 1,
104. todayBtn: 1,
105. autoclose: 1,
106. todayHighlight: 1,
107. startView: 2,
108. forceParse: 0
109. });
110. </script>
111.  
112. <select class="dropdown" id="offset" onchange="location = this.options[this.selectedIndex].value;">
113.  
114. <?php
115. $host = "70.42.74.5";
116. $user = "donation_user";
117. $pass = "9pf#1BCQwYW<<@V090nu6~27b5)XFq";
118. $db = "punish";
119. $pagelimit = 20;
120. $maxPages = 100;
121.  
122. $con = mysql_connect($host, $user, $pass);
123.  
124. if (!$con)
125. {
126. die('Could not connect: ' . mysql_error());
127. }
128.  
129. mysql_select_db($db, $con);
130.  
131. if (htmlspecialchars($_GET["search"])) {
132. $search = mysql_real_escape_string(htmlspecialchars($_GET["search"]));
133. $query = "SELECT * FROM chat WHERE ID LIKE '%" . $search . "%' OR DATE LIKE '%" . $search . "%' OR TYPE LIKE '%" . $search . "%'
134. OR PLAYER LIKE '%" . $search . "%' OR IP LIKE '%" . $search . "%' OR MESSAGE LIKE '%" . $search . "%' OR RECIPIENT LIKE '%" . $search . "%'" ;
135. } else {
136. $query = "SELECT * FROM chat";
137. if (htmlspecialchars($_GET["startdate"]) || htmlspecialchars($_GET["enddate"]) || htmlspecialchars($_GET["chat"]) || htmlspecialchars($_GET["command"]) || htmlspecialchars($_GET["private"]) || htmlspecialchars($_GET["message"]) || htmlspecialchars($_GET["ip"]) || htmlspecialchars($_GET["player"])) {
138. $query = $query . " WHERE";
139. $flag = false;
140. if (htmlspecialchars($_GET["startdate"])) {
141. if ($flag) {
142. $query = $query . " AND DATE > '" . mysql_real_escape_string(htmlspecialchars($_GET["startdate"])) . "'";
143. } else {
144. $query = $query . " DATE > '" . mysql_real_escape_string(htmlspecialchars($_GET["startdate"])) . "'";
145. $flag = true;
146. }
147. } if (htmlspecialchars($_GET["enddate"])) {
148. if ($flag) {
149. $query = $query . " AND DATE < '" . mysql_real_escape_string(htmlspecialchars($_GET["enddate"])) . "'";
150. } else {
151. $query = $query . " DATE < '" . mysql_real_escape_string(htmlspecialchars($_GET["enddate"])) . "'";
152. $flag = true;
153. }
154. } if ((htmlspecialchars($_GET["chat"]) || htmlspecialchars($_GET["command"]) || htmlspecialchars($_GET["private"]))
155. && !(htmlspecialchars($_GET["chat"]) && htmlspecialchars($_GET["command"]) && htmlspecialchars($_GET["private"]))) {
156. if ($flag) {
157. $query = $query . " AND (";
158. } else {
159. $query = $query . " (";
160. $flag = true;
161. }
162. $typeFlag = false;
163. if (htmlspecialchars($_GET["chat"])) {
164. if ($typeFlag) {
165. $query = $query . " OR TYPE = 'Chat'";
166. } else {
167. $query = $query . "TYPE = 'Chat'";
168. $typeFlag = true;
169. }
170. } if (htmlspecialchars($_GET["command"])) {
171. if ($typeFlag) {
172. $query = $query . " OR TYPE = 'Command'";
173. } else {
174. $query = $query . "TYPE = 'Command'";
175. $typeFlag = true;
176. }
177. } if (htmlspecialchars($_GET["private"])) {
178. if ($typeFlag) {
179. $query = $query . " OR TYPE = 'Private Message'";
180. } else {
181. $query = $query . "TYPE = 'Private Message'";
182. $typeFlag = true;
183. }
184. }
185. $query = $query . ")";
186. } if (htmlspecialchars($_GET["ip"])) {
187. if ($flag) {
188. $query = $query . " AND IP LIKE '%" . mysql_real_escape_string(htmlspecialchars($_GET["ip"])) . "%'";
189. } else {
190. $query = $query . " IP LIKE '%" . mysql_real_escape_string(htmlspecialchars($_GET["ip"])) . "%'";
191. $flag = true;
192. }
193. } if (isset($_GET["message"]) AND count($_GET["message"] > 0)) {
194. if ($flag) {
195. $query = $query . " AND (";
196. } else {
197. $query = $query . " (";
198. $flag = true;
199. }
200. $messageFlag = false;
201. foreach ($_GET["message"] AS $element) {
202. if ($messageFlag) {
203. $query = $query . " OR MESSAGE LIKE '%" . $element . "%'";
204. } else {
205. $query = $query . "MESSAGE LIKE '%" . $element . "%'";
206. $messageFlag = true;
207. }
208. }
209. $query = $query . ")";
210. } if (isset($_GET["player"]) AND count($_GET["player"] > 0)) {
211. if ($flag) {
212. $query = $query . " AND (";
213. } else {
214. $query = $query . " (";
215. $flag = true;
216. }
217. $playerFlag = false;
218. foreach ($_GET["player"] AS $element) {
219. if ($playerFlag) {
220. $query = $query . " OR PLAYER = '" . $element . "' OR RECIPIENT = '" . $element . "'";
221. } else {
222. $query = $query . "PLAYER = '" . $element . "' OR RECIPIENT = '" . $element . "'";
223. $playerFlag = true;
224. }
225. }
226. $query = $query . ")";
227. }
228. }
229. }
230.  
231. $results = mysql_num_rows(mysql_query($query . " LIMIT " . ($pagelimit * $maxPages)));
232. $pages = floor($results / $pagelimit);
233.  
234. $offset = htmlspecialchars($_GET["offset"]);
235. $url = preg_replace("{&?offset\\=[0-9]*}", "", http_build_query($_GET));
236. if ($url) {
237. for ($i = 1; $i <= $pages; $i++) {
238. if ($offset && $offset == $i) {
239. echo "<option value='index.php?$url&offset=$i' selected>$i</option>";
240. } else {
241. echo "<option value='index.php?$url&offset=$i'>$i</option>";
242. }
243. }
244. } else {
245. for ($i = 1; $i <= $pages; $i++) {
246. if ($offset && $offset == $i) {
247. echo "<option value='index.php?offset=$i' selected>$i</option>";
248. } else {
249. echo "<option value='index.php?offset=$i'>$i</option>";
250. }
251. }
252. }
253. ?>
254. </select>
255. <table id="hor-minimalist-b">
256. <tr>
257. <th>Date</th>
258. <th>Type</th>
259. <th>Player</th>
260. <th>IP</th>
261. <th>Message</th>
262. <th>Recipient</th>
263. </tr>
264.  
265. <?php
266.  
267. $query = $query . ' ORDER BY id desc LIMIT ' . $pagelimit;
268.  
269. if (htmlspecialchars($_GET["offset"]) && is_numeric(htmlspecialchars($_GET["offset"]))) {
270. $query = $query . ' OFFSET ' . $pagelimit * (floor(htmlspecialchars($_GET["offset"])) - 1);
271. }
272.  
273. $punishments = mysql_query($query);
274.  
275. while($row = mysql_fetch_array($punishments, MYSQL_ASSOC)) {
276. $date = htmlspecialchars($row['DATE'],ENT_QUOTES);
277. $type = htmlspecialchars($row['TYPE'],ENT_QUOTES);
278. $player = htmlspecialchars($row['PLAYER'],ENT_QUOTES);
279. $ip = htmlspecialchars($row['IP'],ENT_QUOTES);
280. $message = htmlspecialchars($row['MESSAGE'],ENT_QUOTES);
281. $recipient = htmlspecialchars($row['RECIPIENT'],ENT_QUOTES);
282.  
283. echo "<tr>";
284. echo "<td>$date</td>";
285. echo "<td>$type</td>";
286. echo "<td>$player</td>";
287. echo "<td>$ip</td>";
288. echo "<td>$message</td>";
289. echo "<td>$recipient</td>";
290. echo "</tr>";
291. }
292. ?>
293.  
294. </table>
295. <br><br>
296. <div class="footer">
297. <?php
298. $time = mysql_fetch_array(mysql_query('SELECT NOW()'));
299. echo '<p>Current time: ' . htmlspecialchars($time['NOW()'],ENT_QUOTES) . '</p>';
300. //echo "$query";
301. mysql_close($con);
302. ?>
303. </div>
304. </div>
305. </div>
306.  
307. </body>
308. </html>