<?phpinclude "config.php";class NOOB{ private $method; private

1. <?php
2.  
3. include "config.php";
4.  
5. class NOOB{
6. private $method;
7. private $args;
8. private $conn;
9. public $file;
10. public function __construct($method,$args,$file) {
11. $this->method = $method;
12. $this->args = $args;
13. $this->file = $file;
14. $this->conn();
15. }
16.  
17. function show() {
18. list($username) = func_get_args();
19. $sql = sprintf("SELECT * FROM users WHERE username='%s'", $username);
20. $obj = $this->query($sql);
21. if ( $obj != false ) {
22. $this->ret( sprintf("%s - %s", $obj->username, $obj->role) );
23. } else {
24. $this->ret("Baby Dont hurt me, Dont hurt me, No more...");
25. }
26.  
27. }
28.  
29. function login() {
30. global $FLAG,$fl;
31.  
32. list($username,$password,$data,$file) = func_get_args();
33. $username = strtolower(trim(mysql_escape_string($username)));
34. $password = strtolower(trim(mysql_escape_string($password)));
35. if(!preg_match('/(file|filter|or|and|data|&&|base64|read)/',$username) && !preg_match('/(file|filter|or|and|data|&&|base64|read)/',$password)){
36. $sql = sprintf("SELECT * FROM users WHERE username='%s' AND password='%s'", $username, $password);
37. if ( $username == 'admin' || stripos($sql, 'admin') != false ) {
38. $this->ret("Assim não, pensa um pouco mais");
39. }
40. $obj = $this->query($sql);
41. if ( $obj != false && $obj->role == 'admin' ) {
42. session_start();
43. $_SESSION['username'] = $username;
44. $_SESSION['password'] = $password;
45. $_SESSION['data'] = $data;
46. session_encode();
47. $this->file = str_replace("../","",$this->file);
48. if(!preg_match('/(file|filter|or|and|data|&&|base64|read|access|error)/i',$this->file) && isset($data)){
49. include($this->file); //inc.php
50.  
51. }else{
52. $this->ret("blocked!");
53. }
54. } else {
55. $this->ret("Saia daqui!");
56. }
57. }else{
58. $this->ret("blocked!");
59. }
60. }
61.  
62. function source() {
63. highlight_file(__FILE__);
64. }
65.  
66. function conn() {
67. global $db_host, $db_name, $db_user, $db_pass, $passwd,$db;
68.  
69. if (!$this->conn)
70. $this->conn = mysql_connect($db_host, $db_user, $db_pass);
71. mysql_select_db($db_name, $this->conn);
72. if(isset($db)){
73. $sql = "INSERT INTO users VALUES ('admin', '$passwd', 'admin'), ('hackaflag', 'h3ll0fr13nd', 'user')";
74. $this->query($sql,$back=false);
75. }
76. mysql_query("SET names utf8");
77. mysql_query("SET sql_mode = 'strict_all_tables'");
78. }
79.  
80. function query($sql, $back=true) {
81. $result = @mysql_query($sql);
82. if ($back) {
83. return @mysql_fetch_object($result);
84. }
85. }
86.  
87. function ret($msg) {
88. $this->close();
89.  
90. header("Content-Type: application/json");
91. die( json_encode( array("msg"=> $msg) ) );
92. }
93.  
94. function close() {
95. mysql_close($this->conn);
96. }
97.  
98. function __destruct() {
99. $this->conn();
100.  
101. if (in_array($this->method, array("show", "login", "source"))) {
102. @call_user_func_array(array($this, $this->method), $this->args);
103. } else {
104. $this->ret("Oq vc ta fazendo?");
105. }
106.  
107. $this->close();
108. }
109.  
110. function __wakeup() {
111. foreach($this->args as $k => $v) {
112. $this->args[$k] = strtolower(trim(mysql_escape_string($v)));
113. }
114. }
115. }
116.  
117. if(isset($_GET["data"])) {
118. @unserialize($_GET["data"]);
119. } else {
120. new NOOB("source", array());
121. }