API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 6th, 2017
36
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.30 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. define("IN_HOLOCMS", TRUE);
  4. session_start();
  5.  
  6. // #########################################################################
  7. // MySQL CONNECTOR
  8. // #########################################################################
  9.  
  10. @require_once('server-data.php_data_classes-config.php.php');
  11. mysql_connect("$MySQLhostname", "$MySQLusername", "$MySQLpassword") or die("");
  12. mysql_select_db("$MySQLdb") or die("");
  13.  
  14. // #########################################################################
  15. // Kurz Befehle
  16. // #########################################################################
  17.  
  18. $cms_name = mysql_fetch_assoc($cms_name = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_name'"));
  19. $cms_url = mysql_fetch_assoc($cms_url = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_url'"));
  20.  
  21. $remote_ip = $_SERVER[REMOTE_ADDR];
  22. $sitename = "".$cms_name['value']."";
  23. $shortname = "".$cms_name['value']."";
  24.  
  25. if(@ini_get('date.timezone') == null && function_exists("date_default_timezone_get")){ @date_default_timezone_set("Europe/Berlin"); }
  26.  
  27. $H = date('H');
  28. $i = date('i');
  29. $s = date('s');
  30. $m = date('m');
  31. $d = date('d');
  32. $Y = date('Y');
  33. $j = date('j');
  34. $n = date('n');
  35. $today = $d;
  36. $month = $m;
  37. $year = $Y;
  38. $getmoney_date = date('d.m.Y',mktime($m,$d,$Y));
  39. $birthday_date = date('d.m', mktime($m,$d));
  40. $date_normal = date('d.m.Y',mktime($m,$d,$Y));
  41. $date_full = date('d.m.Y H:i:s',mktime($H,$i,$s,$m,$d,$Y));
  42. $path = "".$cms_url['value']."";
  43. $adminpath = "".$path."/manage/hotel/de/housekeeping";
  44. $clientpath = "http://173.201.27.155:8080/";
  45. $cimagesurl = "/SWF/c_images";
  46. $badgesurl = "/album1584/";
  47. $hash_secret = "";
  48.  
  49. $cms_settings = mysql_query("SELECT * FROM cms_settings LIMIT 1");
  50. $config = mysql_fetch_assoc($cms_settings);
  51.  
  52. $maintenance = mysql_num_rows($maintenance = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_maintenance' AND value = '1'"));
  53.  
  54. $server = mysql_fetch_assoc($server_status = mysql_query("SELECT * FROM server_status"));
  55. $online_count = $server['users_online'];
  56.  
  57. if(isset($_POST) || isset($_GET) || isset($_REQUEST) || isset($_COOKIE)){
  58. foreach($_POST as $key => $p)
  59. {
  60. $_POST[$key] = htmlentities($p);
  61. $_POST[$key] = mysql_real_escape_string($p);
  62. $_POST[$key] = html_entity_decode($p);
  63. }
  64.  
  65. //Filtro las entradas vía GET
  66. foreach($_GET as $key => $g)
  67. {
  68. $_GET[$key] = mysql_real_escape_string($g);
  69. }
  70. foreach($_GET as $key => $s)
  71. {
  72. $COOKIE[$key] = mysql_real_escape_string($s);
  73. }
  74. //Filtro las entradas vía REQUEST
  75. foreach($_REQUEST as $key => $k)
  76. {
  77. $_REQUEST[$key] = mysql_real_escape_string($k);
  78. }
  79. }
  80. if(isset($_GET)){
  81.  
  82. //Filtro las entradas vía GET
  83. foreach($_GET as $key => $f)
  84. {
  85. $_GET[$key] = strip_tags(htmlentities($f));
  86. }
  87. }
  88.  
  89. // #########################################################################
  90. // MySQL TABLE SITE_CONFIG
  91. // #########################################################################
  92.  
  93. function FetchSITESetting($strSetting){
  94.  
  95. $tmp = mysql_query("SELECT ".$strSetting." FROM cms_settings LIMIT 1") or die(mysql_error());
  96. $tmp = mysql_fetch_assoc($tmp);
  97. return $tmp[$strSetting];
  98.  
  99. }
  100.  
  101. // #########################################################################
  102. // CMS LOGIN FUNKTION
  103. // #########################################################################
  104.  
  105. function HoloHash($password){
  106. //$hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
  107. $string = sha1($password);
  108. return $string;
  109. }
  110.  
  111. function HoloHashMD5($password){
  112. //$hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
  113. $string = md5($password);
  114. return $string;
  115. }
  116.  
  117. // #########################################################################
  118. // "EINGELOGGT BLEIBEN" FUNKTION
  119. // #########################################################################
  120.  
  121. if(!session_is_registered(username) && $_COOKIE['remember'] == "remember"){
  122.  
  123. $cname = FilterText($_COOKIE['rusername']);
  124. $cpass_hash = $_COOKIE['rpassword'];
  125.  
  126. $csql = mysql_query("SELECT password,id FROM users WHERE username = '".$cname."' LIMIT 1") or die(mysql_error());
  127. $cnum = mysql_num_rows($csql);
  128.  
  129. if($cnum < 1){
  130. setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  131. setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  132. setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  133. } else {
  134.  
  135. $crow = mysql_fetch_assoc($csql);
  136. $correct_pass = $crow['password'];
  137.  
  138. if($cpass_hash == $correct_pass){
  139. $_SESSION['username'] = $cname;
  140. $_SESSION['password'] = $crow['password'];
  141. $sql3 = mysql_query("UPDATE users SET ip_last = '".$remote_ip."' WHERE username = '".$cname."'");
  142. header("location: me"); exit;
  143. } else {
  144.  
  145. setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  146. setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  147. setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/");
  148. }
  149. }
  150. }
  151.  
  152. // #########################################################################
  153. // IS-EVEN FUNKTION
  154. // #########################################################################
  155.  
  156. function IsEven($intNumber)
  157. {
  158. if($intNumber % 2 == 0){
  159. return true;
  160. } else {
  161. return false;
  162. }
  163. }
  164.  
  165. // #########################################################################
  166. // SMILIES FOR GRUPPEN/FORUM
  167. // #########################################################################
  168.  
  169. function bbcode_format($str){
  170.  
  171. $str = str_replace(":)", " <img src='./web-gallery/smilies/smile.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  172. $str = str_replace(";)", " <img src='./web-gallery/smilies/wink.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  173. $str = str_replace(":P", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  174. $str = str_replace(";P", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  175. $str = str_replace(":p", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  176. $str = str_replace(";p", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  177. $str = str_replace("(L)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  178. $str = str_replace("(l)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  179. $str = str_replace(":o", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  180. $str = str_replace(":O", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
  181.  
  182. $simple_search = array(
  183. '/\[b\](.*?)\[\/b\]/is',
  184. '/\[i\](.*?)\[\/i\]/is',
  185. '/\[u\](.*?)\[\/u\]/is',
  186. '/\[s\](.*?)\[\/s\]/is',
  187. '/\[quote\](.*?)\[\/quote\]/is',
  188. '/\[link\=(.*?)\](.*?)\[\/link\]/is',
  189. '/\[url\=(.*?)\](.*?)\[\/url\]/is',
  190. '/\[color\=(.*?)\](.*?)\[\/color\]/is',
  191. '/\[size=small\](.*?)\[\/size\]/is',
  192. '/\[size=large\](.*?)\[\/size\]/is',
  193. '/\[code\](.*?)\[\/code\]/is',
  194. '/\[habbo\=(.*?)\](.*?)\[\/habbo\]/is',
  195. '/\[room\=(.*?)\](.*?)\[\/room\]/is',
  196. '/\[group\=(.*?)\](.*?)\[\/group\]/is'
  197. );
  198.  
  199. $simple_replace = array(
  200. '<strong>$1</strong>',
  201. '<em>$1</em>',
  202. '<u>$1</u>',
  203. '<s>$1</s>',
  204. "<div class='bbcode-quote'>$1</div>",
  205. "<a href='$1'>$2</a>",
  206. "<a href='$1'>$2</a>",
  207. "<font color='$1'>$2</font>",
  208. "<font size='1'>$1</font>",
  209. "<font size='3'>$1</font>",
  210. '<pre>$1</pre>',
  211. "<a href='./user_profile.php?id=$1'>$2</a>",
  212. "<a onclick=\"roomForward(this, '$1', 'private'); return false;\" target=\"client\" href=\"./client.php?forwardId=2&roomId=$1\">$2</a>",
  213. "<a href='./group_profile.php?id=$1'>$2</a>"
  214. );
  215.  
  216. $str = preg_replace ($simple_search, $simple_replace, $str);
  217.  
  218. return $str;
  219. }
  220.  
  221. // #########################################################################
  222. // FÜR LOGIN_TICKET
  223. // #########################################################################
  224.  
  225. function GenerateTicket(){
  226.  
  227. $data = "ST-";
  228.  
  229. for ($i=1; $i<=6; $i++){
  230. $data = $data . rand(0,9);
  231. }
  232.  
  233. $data = $data . "-";
  234.  
  235. for ($i=1; $i<=20; $i++){
  236. $data = $data . rand(0,9);
  237. }
  238.  
  239. $data = $data . "-lavvo-beta-fe";
  240. $data = $data . rand(0,5);
  241.  
  242. return $data;
  243. }
  244.  
  245. // #########################################################################
  246.  
  247. if(session_is_registered('username')){
  248.  
  249. $rawname = $_SESSION['username'];
  250. $rawpass = $_SESSION['password'];
  251.  
  252. $usersql = mysql_query("SELECT * FROM users WHERE username = '".$rawname."' AND password = '".$rawpass."' LIMIT 1");
  253. $myrow = mysql_fetch_assoc($usersql);
  254.  
  255. $userinfo = mysql_query("SELECT * FROM user_stats WHERE id = '".$myrow['id']."'");
  256. $userinfo = mysql_fetch_assoc($userinfo);
  257.  
  258. $password_correct = mysql_num_rows($usersql);
  259.  
  260. $my_id = $myrow['id'];
  261. $user_rank = $myrow['rank'];
  262.  
  263. $ban = mysql_query("SELECT * FROM bans WHERE value = '".$myrow['username']."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1");
  264. $bancheck = mysql_num_rows($ban);
  265.  
  266. if($myrow['ip_reg'] == "0"){
  267. mysql_query("UPDATE users SET ip_reg = '".$remote_ip."' WHERE id = '".$myrow['id']."'");
  268.  
  269. }elseif($password_correct !== 1){
  270.  
  271. session_destroy();
  272. header("location: ".$path."1");
  273. exit;
  274.  
  275. }elseif($bancheck > 0){
  276.  
  277. $bandata = mysql_fetch_assoc($ban);
  278.  
  279. $timestamp = time();
  280. if($bandata['expire'] > $timestamp){
  281. $login_error = "Du bist gebannt! Der Grund für deinen Bann lautet \"".$bandata['reason']."\" und dauert bis ".date('d.m.Y - H:i:s', $bandata['expire'])."";
  282. include('logout.php');
  283. session_destroy(); exit;
  284.  
  285. } else{
  286. mysql_query("DELETE FROM bans WHERE value = '".$name."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1"); }
  287. }
  288.  
  289. $logged_in = true;
  290. $name = HoloText($myrow['username']);
  291.  
  292. } else {
  293.  
  294. $user_rank = 0;
  295. $name = "No-Name";
  296. $my_id = "No-ID";
  297. $myticket = "ST-No-Name-habbore-fe";
  298. $logged_in = false;
  299.  
  300. }
  301.  
  302. // #########################################################################
  303. // HC CHECK
  304. // #########################################################################
  305.  
  306. $hc_a = mysql_query("SELECT * FROM user_subscriptions WHERE user_id = '".$my_id."' and timestamp_expire > '".time()."'");
  307. $hc = mysql_num_rows($hc_a);
  308.  
  309. function getHCDays($my_id){
  310.  
  311. $sql = mysql_query("SELECT timestamp_activated,timestamp_expire FROM user_subscriptions WHERE user_id = '".$my_id."' LIMIT 1") or die(mysql_error());
  312.  
  313. if (mysql_num_rows($sql) == 0){
  314. return 0;
  315. }
  316.  
  317. $data = mysql_fetch_assoc($sql);
  318. $diff = $data['timestamp_expire'] - time();
  319.  
  320. if ($diff <= 0){
  321. return 0;
  322. }
  323.  
  324. return ceil($diff / 86400);
  325. }
  326.  
  327.  
  328. // #########################################################################
  329. // VIP CHECK
  330. // #########################################################################
  331.  
  332. $vip_a = mysql_query("SELECT * FROM vip WHERE id_user = '".$my_id."'");
  333. $vip = mysql_num_rows($vip_a);
  334.  
  335. function getVIPDays($my_id){
  336.  
  337. $sql = mysql_query("SELECT timestamp,timestampend FROM vip WHERE id_user = '".$my_id."' LIMIT 1") or die(mysql_error());
  338.  
  339. if (mysql_num_rows($sql) == 0){
  340. return 0;
  341. }
  342.  
  343. $data = mysql_fetch_assoc($sql);
  344. $diff = $data['timestampend'] - time();
  345.  
  346. if ($diff <= 0){
  347. return 0;
  348. }
  349.  
  350. return ceil($diff / 86400);
  351. }
  352.  
  353.  
  354. // #########################################################################
  355. // GOLD CHECK
  356. // #########################################################################
  357.  
  358. $gold_a = mysql_query("SELECT * FROM gold WHERE id_user = '".$my_id."'");
  359. $gold = mysql_num_rows($gold_a);
  360.  
  361. function getGOLDDays($my_id){
  362.  
  363. $sql = mysql_query("SELECT timestamp,timestampend FROM gold WHERE id_user = '".$my_id."' LIMIT 1") or die(mysql_error());
  364.  
  365. if (mysql_num_rows($sql) == 0){
  366. return 0;
  367. }
  368.  
  369. $data = mysql_fetch_assoc($sql);
  370. $diff = $data['timestampend'] - time();
  371.  
  372. if ($diff <= 0){
  373. return 0;
  374. }
  375.  
  376. return ceil($diff / 86400);
  377. }
  378.  
  379.  
  380.  
  381. // #########################################################################
  382. // HK/IS_MAINTENANCE CHECK
  383. // #########################################################################
  384.  
  385. if($user_rank > 4){
  386.  
  387. if(session_is_registered(hkusername) && session_is_registered(hkpassword)){
  388. $rank['iAdmin'] = "1";
  389. } else {
  390. $rank['iAdmin'] = "0";
  391. }
  392.  
  393. } else {
  394. $rank['iAdmin'] = "0";
  395. }
  396.  
  397. if($maintenance == '1' && !$is_maintenance && $rank['iAdmin'] < 1){
  398. header("Location: ".$path."/maintenance");
  399. exit;
  400. } elseif($rank['iAdmin'] == 1 && $config['variable'] == "cms_maintenance" && $config['value'] == '1'){
  401. $notify_maintenance = true;
  402. }
  403.  
  404. // #########################################################################
  405.  
  406. function IsUserBanned($name){
  407.  
  408. $check = mysql_query("SELECT * FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip'") or die(mysql_error());
  409. $is_banned = mysql_num_rows($check);
  410.  
  411. if($is_banned > 0){
  412. $bandata = mysql_fetch_assoc($check);
  413. $reason = $bandata['reason'];
  414. $expire = $bandata['expire'];
  415.  
  416. $stamp_now = time();
  417.  
  418. if($stamp_now < $bandata['expire']){
  419. return true;
  420. } else { // ban expired
  421. mysql_query("DELETE FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1") or die(mysql_error());
  422. return false;
  423. }
  424. } else {
  425. return false;
  426. }
  427. }
  428.  
  429. // #########################################################################
  430.  
  431. function mysql_evaluate($query, $default_value="undefined") {
  432. $result = mysql_query($query) or die(mysql_error());
  433.  
  434. if(mysql_num_rows($result) < 1){
  435. return $default_value;
  436. } else {
  437. return mysql_result($result, 0);
  438. }
  439. }
  440.  
  441. // #########################################################################
  442.  
  443. function FilterText($str, $advanced=false) {
  444. if($advanced == true){ return mysql_real_escape_string($str); }
  445. $str = mysql_real_escape_string(htmlspecialchars($str));
  446. return $str;
  447. }
  448.  
  449. function HoloText($str, $advanced=false, $bbcode=false) {
  450. if($advanced == true){ return stripslashes($str); }
  451. $str = stripslashes(nl2br(htmlspecialchars($str)));
  452. if($bbcode == true){$str = bbcode_format($str); }
  453. return $str;
  454. }
  455.  
  456.  
  457. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!