<?php if (!defined('AURACMS_FUNC')) { Header("Location: index.php"); exit; } function transcal(){ } function kotakjudul($title, $content) { global $theme; if (isset ($_SESSION['LevelAkses'])){ $thefile = addslashes(file_get_contents("themes/administrator/boxmenu.html")); }else{ $thefile = addslashes(file_get_contents("themes/".$theme."/boxmenu.html")); } $thefile = "\$r_file=\"".$thefile."\";"; eval($thefile); echo $r_file; } function modul($posisi){ global $koneksi_db,$STYLE_INCLUDE,$SCRIPT_INCLUDE; $total = 0; $numb = 0; if (isset($_GET['pilih'])) { $pilih = mysql_real_escape_string(strip_tags($_GET['pilih'])); $numb = mysql_num_rows(mysql_query("SELECT `id` FROM `actions` WHERE `modul_hrd` = '$pilih'")); $modulku = mysql_query("SELECT * FROM `actions` LEFT JOIN `modul_hrd` ON (`modul_hrd`.`id` = `actions`.`modul_id`) WHERE `actions`.`modul_hrd` = '$pilih' AND `actions`.`posisi` = '$posisi' ORDER BY `actions`.`order`"); $total = mysql_num_rows($modulku); while($viewmoduls = mysql_fetch_assoc($modulku)) {
} $rtn = substr($rtn, 0, strlen($rtn) - 3); $rtn .= "</td></tr></table>"; return $rtn; } } } } //stoping xss,union and clike injection if (!function_exists('stripos')) { function stripos_clone($haystack, $needle, $offset = 0) { $return = strpos(strtoupper($haystack), strtoupper($needle), $offset); if ($return === false) { return false; } else { return true; } } } else { // But when this is PHP5, we use the original function function stripos_clone($haystack, $needle, $offset = 0) { $return = stripos($haystack, $needle, $offset = 0); if ($return === false) { return false; } else { return true; } } }
function reply($pid, $pollID, $mode, $order, $thold) { include_once "header.php"; global $userinfo, $user, $cookie, $datetime, $bgcolor1, $bgcolor2, $bgcolor3, $AllowableHTML, $anonymous, $prefix, $anonpost, $module_name, $db, $nuke_editor; cookiedecode($user); getusrinfo($user); if (!isset($mode) or empty($mode)) { if (isset($userinfo['umode'])) { $mode = $userinfo['umode']; } else { $mode = "thread"; } } if (!isset($order) or empty($order)) { if (isset($userinfo['uorder'])) { $order = $userinfo['uorder']; } else { $order = 0; } } if (!isset($thold) or empty($thold)) { if (isset($userinfo['thold'])) { $thold = $userinfo['thold']; } else { $thold = 0; } } $pid = intval($pid); $pollID = intval($pollID); $order = htmlentities($order); $thold = htmlentities($thold); $mode = htmlentities($mode); if ($anonpost == 0 and !is_user($user)) { OpenTable(); echo "<center><font class=title><b>" . _SURVEYCOM . "</b></font></center>"; CloseTable(); echo "<br>"; OpenTable(); echo "<center>" . _NOANONCOMMENTS . "<br><br>" . _GOBACK . "</center>"; CloseTable(); } else { if ($pid != 0) { list($date, $name, $email, $subject, $comment, $score) = $db->sql_query("select date, name, email, subject, comment, score from " . $prefix . "_pollcomments where tid='{$pid}'")->fetch_row(); $name = filter($name, "nohtml"); $email = filter($email, "nohtml"); $subject = filter($subject, "nohtml"); $comment = filter($comment); $score = intval($score); } else { list($subject) = $db->sql_query("select pollTitle FROM " . $prefix . "_poll_desc where pollID='{$pollID}'")->fetch_row(); $subject = filter($subject, "nohtml"); } if (empty($comment)) { $comment = $temp_comment; } $titlebar = "<b>{$subject}</b>"; if (empty($name)) { $name = $anonymous; } if (empty($subject)) { $subject = "[" . _NOSUBJECT . "]"; } formatTimestamp($date); OpenTable(); echo "<center><font class=\"title\"><b>" . _SURVEYCOM . "</b></font></center>"; CloseTable(); echo "<br>"; OpenTable(); echo "<center><font class=\"content\"><b>{$subject}</b></center><br>"; if (empty($comment)) { echo "<center><i>" . _DIRECTCOM . "</i></font></center><br>"; } else { echo "<br>{$comment}</font>"; } CloseTable(); if (!isset($pid) || !isset($pollID)) { echo "Something is not right. This message is just to keep things from messing up down the road"; exit; } if ($pid == 0) { list($subject) = $db->sql_query("select pollTitle from " . $prefix . "_poll_desc where pollID='{$pollID}'")->fetch_row(); } else { list($subject) = $db->sql_query("select subject from " . $prefix . "_pollcomments where tid='{$pid}'")->fetch_row(); } $subject = filter($subject, "nohtml"); echo "<br>"; OpenTable(); echo "<form action=\"modules.php?name={$module_name}&file=comments\" method=\"post\">"; echo "<font class=\"content\"><b>" . _YOURNAME . ":</b></font> "; if (is_user($user)) { cookiedecode($user); echo "<font class=\"content\"><a href=\"modules.php?name=Your_Account\">{$cookie['1']}</a> [ <a href=\"modules.php?name=Your_Account&op=logout\">" . _LOGOUT . "</a> ]</font>"; } else { echo "<font class=\"content\">{$anonymous}</font>"; $xanonpost = 1; } echo "<br><br><font class=\"content\"><B>" . _SUBJECT . ":</B></FONT><BR>"; if (!stripos_clone($subject, "Re:")) { $subject = "Re: " . substr($subject, 0, 81) . ""; } echo "<INPUT TYPE=\"text\" NAME=\"subject\" SIZE=50 maxlength=85 value=\"{$subject}\"><BR>"; echo "<br><br><font class=\"content\"><B>" . _UCOMMENT . ":</B></FONT><BR>" . "<TEXTAREA wrap=virtual cols=70 rows=15 name=comment></TEXTAREA><br>"; if ($nuke_editor == 0) { echo "<font class=\"content\">" . _ALLOWEDHTML . "<br>"; while (list($key, ) = each($AllowableHTML)) { echo " <" . $key . ">"; } echo "</font><br><br>"; } else { echo "" . _HTMLNOTALLOWED . "</font><br><br>"; } if (is_user($user) and $anonpost == 1) { echo "<INPUT type=checkbox name=xanonpost> " . _POSTANON . "<br>"; } echo "<INPUT type=\"hidden\" name=\"pid\" value=\"{$pid}\">" . "<INPUT type=\"hidden\" name=\"pollID\" value=\"{$pollID}\">" . "<INPUT type=\"hidden\" name=\"mode\" value=\"{$mode}\">" . "<INPUT type=\"hidden\" name=\"order\" value=\"{$order}\">" . "<INPUT type=\"hidden\" name=\"thold\" value=\"{$thold}\">" . "<br><INPUT type=submit name=op value=\"" . _PREVIEW . "\"> " . "<INPUT type=submit name=op value=\"" . _OK . "\"></FORM>"; CloseTable(); } include_once "footer.php"; }
$result2 = $db->sql_query("DELETE FROM " . $prefix . "_referer"); } } if (!isset($mop)) { $mop = "modload"; } if (!isset($mod_file)) { $mod_file = "index"; } $name = trim($name); if (isset($file)) { $file = trim($file); } $mod_file = trim($mod_file); $mop = trim($mop); if (stripos_clone($name, "..") || isset($file) && stripos_clone($file, "..") || stripos_clone($mod_file, "..") || stripos_clone($mop, "..")) { die("You are so cool..."); } else { $ThemeSel = get_theme(); if (file_exists("themes/{$ThemeSel}/module.php")) { include "themes/{$ThemeSel}/module.php"; if (is_active("{$default_module}") and file_exists("modules/{$default_module}/" . $mod_file . ".php")) { $name = $default_module; } } if (file_exists("themes/{$ThemeSel}/modules/{$name}/" . $mod_file . ".php")) { $modpath = "themes/{$ThemeSel}/"; } $modpath .= "modules/{$name}/" . $mod_file . ".php"; if (file_exists($modpath)) { include $modpath;
<? include "config.php"; if(!function_exists('stripos')) {//stripos fonk varmý yok mu diye bakýyoruz function stripos_clone($haystack, $needle, $offset=0) { return strpos(strtoupper($haystack), strtoupper($needle), $offset);//yoksa strips_clone u tanýmladýk } } else { function stripos_clone($haystack, $needle, $offset=0) { return stripos($haystack, $needle, $offset=0); } } if(isset($_SERVER['QUERY_STRING'])) {//isset ile bir sorgu gelmiþ mi dedik geldiyse iþimize devam ediyoruz $queryString = strtolower($_SERVER['QUERY_STRING']);//sürekli uzun yazýyý yazmamak için az kýsalttýk if (stripos_clone($queryString,'%select%20') OR stripos_clone($queryString,'%20union%20') OR stripos_clone($queryString,'union/*') OR stripos_clone($queryString,'c2nyaxb0') OR stripos_clone($queryString,'+union+') OR stripos_clone($queryString,'http://') OR stripos_clone($queryString,'https://') OR (stripos_clone($queryString,'cmd=') AND !stripos_clone($queryString,'&cmd')) OR (stripos_clone($queryString,'exec') AND !stripos_clone($queryString,'execu')) OR stripos_clone($queryString,'union') OR stripos_clone($queryString,'concat') OR stripos_clone($queryString,'ftp://')) { $ip = $_SERVER['REMOTE_ADDR']; $sayfa = $queryString; $time = time(); $sql = "INSERT INTO ban VALUES (NULL,'$ip','$sayfa', '$time')"; $query = mysql_query($sql); die(' <title>UYARI!</title> <style type="text/css"> <!-- body,td,th { color: #FFFFFF; } body { background-color: #000000; background-image: url('.$site.'/images/kurukafa.jpg); background-repeat: no-repeat;
/************************************************************************/ /* PHP-NUKE: Web Portal System */ /* =========================== */ /* */ /* Copyright (c) 2007 by Francisco Burzi */ /* http://phpnuke.org */ /* */ /* This program is free software. You can redistribute it and/or modify */ /* it under the terms of the GNU General Public License as published by */ /* the Free Software Foundation; either version 2 of the License. */ /************************************************************************/ if (!defined('MODULE_FILE')) { die("You can't access this file directly..."); } require_once "mainfile.php"; if (stripos_clone($_SERVER['QUERY_STRING'], '%25')) { header("Location: index.php"); } $module_name = basename(dirname(__FILE__)); get_lang($module_name); $pagetitle = "- " . _RECOMMEND . ""; if (!is_user($user)) { Header("Location: modules.php?name={$module_name}&file=article&sid={$sid}"); fdie(); } function FriendSend($sid) { global $user, $cookie, $prefix, $db, $user_prefix, $module_name; $sid = intval($sid); if (!isset($sid)) { fdie();
function reply($pid, $sid, $mode, $order, $thold) { //include("config.php"); // globalized - Quake include "header.php"; global $prefix, $module_name, $user, $cookie, $datetime, $bgcolor1, $bgcolor2, $bgcolor3, $db, $anonpost, $anonymous, $admin; cookiedecode($user); getusrinfo($user); $sid = intval($sid); $pid = intval($pid); if ($anonpost == 0 and !is_user($user)) { OpenTable(); echo "<center><font class=title><b>" . _COMMENTREPLY . "</b></font></center>"; CloseTable(); echo "<br>"; OpenTable(); echo "<center>" . _NOANONCOMMENTS . "<br><br>" . _GOBACK . "</center>"; CloseTable(); } else { if ($pid != 0) { $row = $db->sql_fetchrow($db->sql_query("SELECT date, name, email, subject, comment, score FROM " . $prefix . "_comments WHERE tid='{$pid}'")); $date = $row['date']; $name = filter($row['name'], "nohtml"); $email = filter($row['email'], "nohtml"); $subject = filter($row['subject'], "nohtml"); $comment = filter($row['comment']); $score = intval($row['score']); } else { $row2 = $db->sql_fetchrow($db->sql_query("SELECT time, title, hometext, bodytext, informant, notes FROM " . $prefix . "_stories WHERE sid='{$sid}'")); $date = $row2['time']; $subject = filter($row2['title'], "nohtml"); $temp_comment = filter($row2['hometext']); $comment2 = filter($row2['bodytext']); $name = filter($row2['informant'], "nohtml"); $notes = filter($row2['notes']); } if (empty($comment)) { $comment = $temp_comment . "<br><br>{$comment2}"; } OpenTable(); echo "<center><font class=title><b>" . _COMMENTREPLY . "</b></font></center>"; CloseTable(); echo "<br>"; OpenTable(); if (empty($name)) { $name = $anonymous; } if (empty($subject)) { $subject = "[" . _NOSUBJECT . "]"; } formatTimestamp($date); echo "<b>{$subject}</b> <font class=\"content\">"; if (!empty($temp_comment)) { echo "(" . _SCORE . " {$score})"; } if (!empty($email)) { echo "<br>" . _BY . " <a href=\"mailto:{$email}\">{$name}</a> <font class=\"content\"><b>({$email})</b></font> " . _ON . " {$datetime}"; } else { echo "<br>" . _BY . " {$name} " . _ON . " {$datetime}"; } echo "<br><br>{$comment}<br><br>"; if ($pid == 0) { if (!empty($notes)) { echo "<b>" . _NOTE . "</b> <i>{$notes}</i><br><br>"; } else { echo ""; } } if (!isset($pid) || !isset($sid)) { echo "Something is not right. This message is just to keep things from messing up down the road"; fdie(); } if ($pid == 0) { $row3 = $db->sql_fetchrow($db->sql_query("SELECT title FROM " . $prefix . "_stories WHERE sid='{$sid}'")); $subject = filter($row3['title'], "nohtml"); } else { $row4 = $db->sql_fetchrow($db->sql_query("SELECT subject FROM " . $prefix . "_comments WHERE tid='{$pid}'")); $subject = filter($row4['subject'], "nohtml"); } CloseTable(); echo "<br>"; OpenTable(); echo "<form action=\"modules.php?name={$module_name}&file=comments\" method=\"post\">"; echo "<font class=option><b>" . _YOURNAME . ":</b></font> "; if (is_user($user)) { cookiedecode($user); echo "<a href=\"modules.php?name=Your_Account\">{$cookie['1']}</a> <font class=\"content\">[ <a href=\"modules.php?name=Your_Account&op=logout\">" . _LOGOUT . "</a> ]</font><br><br>"; } else { echo "<font class=\"content\">{$anonymous}"; echo " [ <a href=\"modules.php?name=Your_Account\">" . _NEWUSER . "</a> ]<br><br>"; } echo "<font class=\"option\"><b>" . _SUBJECT . ":</b></font><br>"; if (!stripos_clone($subject, "Re:")) { $subject = "Re: " . substr($subject, 0, 81) . ""; } echo "<input type=\"text\" name=\"subject\" size=\"50\" maxlength=\"85\" value=\"{$subject}\"><br><br>"; echo "<font class=\"option\"><b>" . _UCOMMENT . ":</b></font><br>" . "<textarea wrap=\"virtual\" cols=\"70\" rows=\"15\" name=\"comment\"></textarea><br>"; if ($nuke_editor == 0) { echo "<font class=\"content\">" . _ALLOWEDHTML . "<br>"; while (list($key, ) = each($AllowableHTML)) { echo " <" . $key . ">"; } echo "</font><br><br>"; } else { echo "" . _HTMLNOTALLOWED . "</font><br><br>"; } if (is_user($user) and $anonpost == 1) { echo "<input type=\"checkbox\" name=\"xanonpost\"> " . _POSTANON . "<br>"; } if (!isset($mode) or empty($mode)) { if (isset($userinfo['umode'])) { $mode = $userinfo['umode']; } else { $mode = "thread"; } } if (!isset($order) or empty($order)) { if (isset($userinfo['uorder'])) { $order = $userinfo['uorder']; } else { $order = 0; } } if (!isset($thold) or empty($thold)) { if (isset($userinfo['thold'])) { $thold = $userinfo['thold']; } else { $thold = 0; } } echo "<input type=\"hidden\" name=\"pid\" value=\"{$pid}\">\n" . "<input type=\"hidden\" name=\"sid\" value=\"{$sid}\">\n" . "<input type=\"hidden\" name=\"mode\" value=\"{$mode}\">\n" . "<input type=\"hidden\" name=\"order\" value=\"{$order}\">\n" . "<input type=\"hidden\" name=\"thold\" value=\"{$thold}\">\n" . "<input type=\"submit\" name=\"op\" value=\"" . _PREVIEW . "\">\n" . "<input type=\"submit\" name=\"op\" value=\"" . _OK . "\"> " . _GOBACK . "\n" . "</font></form>\n"; CloseTable(); } include "footer.php"; }
$nukeuser = addslashes($nukeuser); } else { $nukeuser = ""; } $result = $db->sql_query("SELECT active, view FROM " . $prefix . "_modules WHERE title='" . addslashes($name) . "'"); list($mod_active, $view) = $result->fetch_row(); $mod_active = intval($mod_active); $view = intval($view); if ($mod_active == 1 or $mod_active == 0 and is_admin($admin)) { if (!isset($mop) or $mop != $_REQUEST['mop']) { $mop = "modload"; } if (!isset($file) or $file != $_REQUEST['file']) { $file = "index"; } if (stripos_clone($file, "..") or stripos_clone($mop, "..")) { die("You are so cool..."); } $ThemeSel = get_theme(); if (file_exists("themes/{$ThemeSel}/modules/{$name}/" . $file . ".php")) { $modpath = "themes/{$ThemeSel}/"; } else { $modpath = ""; } if ($view == 0) { $modpath .= "modules/{$name}/" . $file . ".php"; if (file_exists($modpath)) { include $modpath; } else { include "header.php"; OpenTable();
if (isset($_POST['fop'])) { $fop = $_POST['fop']; } if (isset($_COOKIE['admin'])) { $admin = $_COOKIE['admin']; } if (isset($aid)) { if (!empty($aid) and (!isset($admin) or empty($admin)) and $op != 'login') { unset($aid); unset($admin); die("Access Denied"); } } require_once "mainfile.php"; $checkurl = $_SERVER['REQUEST_URI']; if (stripos_clone($checkurl, 'AddAuthor') or stripos_clone($checkurl, 'VXBkYXRlQXV0aG9y') or stripos_clone($checkurl, 'QWRkQXV0aG9y') or stripos_clone($checkurl, 'UpdateAuthor') or stripos_clone($checkurl, "?admin") or stripos_clone($checkurl, "&admin")) { die("Illegal Operation"); } get_lang("admin"); function create_first($name, $url, $email, $pwd, $user_new) { global $prefix, $db, $user_prefix, $Default_Theme; $first = $db->sql_numrows($db->sql_query("SELECT * FROM " . $prefix . "_authors")); if ($first == 0) { $pwd = htmlentities($pwd); $pwd = md5($pwd); $the_adm = "God"; $email = validate_mail($email); $db->sql_query("INSERT INTO " . $prefix . "_authors VALUES ('" . addslashes($name) . "', '{$the_adm}', '" . addslashes($url) . "', '" . addslashes($email) . "', '{$pwd}', '0', '1', '')"); if ($user_new == 1) { $user_regdate = date("M d, Y");