function maxcoder()
{
global $CURUSER;
$lmaxclass = 7;
$filename = ROOT_PATH . "settings/STAFFNAMES";
$filename2 = ROOT_PATH . "settings/STAFFIDS";
if ($CURUSER['class'] >= $lmaxclass) {
$fp = fopen($filename, 'r');
while (!feof($fp)) {
$staffnames = fgets($fp);
$results = explode(' ', $staffnames);
}
$added = sqlesc(get_date_time());
if (!in_array($CURUSER['username'], $results, true)) {
// /////== true for strict comparison - super class detection .. not in array = disable the fuckers and ban the ip
sql_query("UPDATE users set enabled='no' WHERE id={$CURUSER['id']}");
$ban_ip = sqlesc(trim(ip2long($_SERVER['REMOTE_ADDR'])));
$comment = sqlesc('Super User Hack Attempt');
$added = sqlesc(get_date_time());
sql_query("INSERT INTO bans (added, addedby, first, last, comment) VALUES ({$added}, '0', {$ban_ip}, {$ban_ip}, {$comment})") or sqlerr(__FILE__, __LINE__);
$subject = sqlesc("Alert Super User Has been Detected");
$body = sqlesc("User " . $CURUSER["username"] . " has attempted to hack the tracker using a super class - the account has been disabled");
auto_post($subject, $body);
$msg = "Hack Attempt Detected - now go to ip bans in staff tools and cache the ban : Username: "******"username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip();
sql_query("INSERT INTO messages (poster, sender, receiver, added, subject, msg) VALUES(0, 2, '1', '" . get_date_time() . "', " . $subject . " , " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
write_log('accdisabled', $msg);
write_log('autoban', $msg);
fclose($fp);
stderr("Access Denied!", "Ha Ha you retard - Did you honestly think you could pull that one off !");
}
fclose($fp);
}
define('UC_STAFF', 4);
///////== Minumum Staff Level (4=UC_MODERATOR)
if ($CURUSER['class'] >= UC_STAFF) {
$fp2 = fopen($filename2, 'r');
while (!feof($fp2)) {
$staffids = fgets($fp2);
$results2 = explode(' ', $staffids);
}
if (!in_array($CURUSER['id'], $results2, true)) {
// ////== true for strict comparison if there not in the array disable the fuckers and ban the ip :)
sql_query("UPDATE users set enabled='no' WHERE id={$CURUSER['id']}");
$ban_ip = sqlesc(trim(ip2long($_SERVER['REMOTE_ADDR'])));
$comment = sqlesc('Unauthorized Staff Account Hack');
$added = sqlesc(get_date_time());
sql_query("INSERT INTO bans (added, addedby, first, last, comment) VALUES ({$added}, '0', {$ban_ip}, {$ban_ip}, {$comment})") or sqlerr(__FILE__, __LINE__);
$subject = sqlesc("Staff Account Hack Detected");
$body = sqlesc("User " . $CURUSER["username"] . " has attempted to hack the tracker using an unauthorized account- the account has been disabled");
auto_post($subject, $body);
$msg = "Fake Account Detected now go to ip bans in staff tools and cache the ban : Username: "******"username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip();
sql_query("INSERT INTO messages (poster, sender, receiver, added, subject, msg) VALUES(0, 2, '1', '" . get_date_time() . "', " . $subject . " , " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
write_log('accdisabled', $msg);
write_log('autoban', $msg);
fclose($fp2);
stderr("Access Denied!", "Sorry but your not an authorized staff member - nice try your banned !");
}
fclose($fp2);
}
return true;
}
$v_ip = $_SERVER['REMOTE_ADDR'];
$v_date = date("l d F H:i:s");
$fp = fopen("ips.txt", "a");
fputs($fp, "IP: {$v_ip} - DATE: {$v_date}\n\n");
?>
<table class=main width=750 border=0 align=center cellspacing=0 cellpadding=0><tr><td class=embedded>
<table width=100% border=1 cellspacing=0 cellpadding=10><tr><td class=text>
<center><h2>Access Denied</h2></center>
<p align=center>
You cannot access here - Your account has been disabled and<br />
your ip will be automatically logged<br />
your current ip is <?php
echo $_SERVER['REMOTE_ADDR'];
?>
<br />
Have an nice day :)</p><br />
</td></tr></table>
<?php
//////////////If there a regged member then do the damage otherwise just log it///////////
sql_query("UPDATE users set enabled='no' WHERE id={$CURUSER['id']}");
$ban_ip = sqlesc(trim(ip2long($_SERVER['REMOTE_ADDR'])));
$comment = sqlesc('System Directory Alert');
$added = sqlesc(get_date_time());
sql_query("INSERT INTO bans (added, addedby, first, last, comment) VALUES ({$added}, '0', {$ban_ip}, {$ban_ip}, {$comment})") or sqlerr(__FILE__, __LINE__);
$subject = sqlesc("System Directory Alert");
$body = sqlesc("User " . $CURUSER["username"] . " has attempted to view system directorys - the account has been disabled");
auto_post($subject, $body);
$msg = "System Directory Alert - now go to ip bans in staff tools and cache the ban or check it out : Username: "******"username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip();
sql_query("INSERT INTO messages (poster, sender, receiver, added, subject, msg) VALUES(0, 0, '1', '" . get_date_time() . "', " . $subject . " , " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
write_log($msg);
fclose($fp);
function hacker_dork($hacked_what)
{
global $BASEURL;
$ip = getip();
$ban_ip = sqlesc(trim($_SERVER['REMOTE_ADDR']));
$ban_ip2 = sqlesc(trim(ip2long($_SERVER['REMOTE_ADDR'])));
$comment = sqlesc('Unauthorized Staff tool entry detected');
$added = sqlesc(get_date_time());
sql_query("INSERT INTO bans (added, addedby, first, last, comment) VALUES ({$added}, '0', {$ban_ip2}, {$ban_ip2}, {$comment})") or sqlerr(__FILE__, __LINE__);
$res = sql_query("SELECT id, username, modcomment FROM users WHERE ip = {$ban_ip} AND class < " . UC_CODER);
if (mysql_num_rows($res) > 0) {
$arr = mysql_fetch_assoc($res);
$subject = sqlesc($arr['username'] . " Attempted to access {$hacked_what}");
$body = sqlesc("user: [url={$BASEURL}/userdetails.php?id=" . $arr['id'] . "]" . $arr['username'] . "[/url] \n with IP: {$ban_ip}\n attempted to access {$hacked_what}\n Remember to cache or remove the ip ban !\n ");
$modcomment = gmdate("Y-m-d") . " Banned for trying to hack {$hacked_what}...\n" . $arr['modcomment'];
$reasond = sqlesc("Staff Tool hack Attempt");
sql_query("UPDATE users set enabled='no', disable_reason={$reasond}, modcomment = " . sqlesc($modcomment) . " where id=" . $arr['id']);
} else {
$subject = sqlesc("Attempt to access {$hacked_what}");
$body = sqlesc("User with IP: {$ban_ip} \n Attempted to access {$hacked_what}.\n ");
}
auto_post($subject, $body);
stderr("Error", "It takes 46 muscles to frown but only 4 to flip 'em the bird. Nice try... Bubuy !");
die;
}
