// Alart #defcon?
if ($loguser['lastip'] != $_SERVER['REMOTE_ADDR']) {
$ip1 = explode(".", $loguser['lastip']);
$ip2 = explode(".", $_SERVER['REMOTE_ADDR']);
for ($diff = 0; $diff < 3; ++$diff) {
if ($ip1[$diff] != $ip2[$diff]) {
break;
}
}
if ($diff == 0) {
$color = xk(4);
} else {
$color = xk(8);
}
$diff = "/" . ($diff + 1) * 8;
xk_ircsend("102|" . xk(7) . "User {$loguser['name']} (id {$loguserid}) changed from IP " . xk(8) . $loguser['lastip'] . xk(7) . " to " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . " ({$color}{$diff}" . xk(7) . ")");
}
$sql->query("UPDATE users SET lastactivity=" . ctime() . ",lastip='{$userip}',lasturl='" . addslashes($url) . "',lastforum=0,`influence`='{$influencelv}' WHERE id={$loguserid}");
}
} else {
$sql->query("INSERT INTO guests (ip,date,useragent,lasturl) VALUES ('{$userip}'," . ctime() . ",'" . addslashes($_SERVER['HTTP_USER_AGENT']) . "','" . addslashes($url) . "')");
}
$header = makeheader($header1, $headlinks, $header2);
$footer = "\t</textarea></form></embed></noembed></noscript></noembed></embed></table></table>\n<br>" . ($loguser['id'] && strpos($PHP_SELF, "index.php") === false ? adbox() . "<br>" : "") . "\n<center>\n\n<!--\n<img src='adnonsense.php?m=d' title='generous donations to the first national bank of bad jokes and other dumb crap people post' style='margin-left: 44px;'><br>\n<img src='adnonsense.php' title='hotpod fund' style='margin: 0 22px;'><br>\n<img src='adnonsense.php?m=v' title='VPS slushie fund' style='margin-right: 44px;'>\n-->\n<br>\n\t{$smallfont}\n\t<br><br><a href={$siteurl}>{$sitename}</a>\n\t<br>" . filter_string($affiliatelinks) . "\n\t<br>\n\t<table cellpadding=0 border=0 cellspacing=2><tr>\n\t\t<td>\n\t\t\t<img src=images/poweredbyacmlm.gif>\n\t\t</td>\n\t\t<td>\n\t\t\t{$smallfont}\n\t\t\tAcmlmboard - <a href='https://github.com/Xkeeper0/jul'>" . (file_exists('version.txt') ? file_get_contents("version.txt") : shell_exec("git log --format='commit %h [%ad]' --date='short' -n 1")) . "</a>\n\t\t\t<br>©2000-" . date("Y") . " Acmlm, Xkeeper, Inuyasha, et al. \n\t\t\t</font>\n\t\t</td>\n\t</tr></table>\n\t" . ($x_hacks['mmdeath'] >= 0 ? "<div style='position: absolute; top: -100px; left: -100px;'>Hidden preloader for doom numbers:\n\t\t<img src='numgfx/death/0.png'> <img src='numgfx/death/1.png'> <img src='numgfx/death/2.png'> <img src='numgfx/death/3.png'> <img src='numgfx/death/4.png'> <img src='numgfx/death/5.png'> <img src='numgfx/death/6.png'> <img src='numgfx/death/7.png'> <img src='numgfx/death/8.png'> <img src='numgfx/death/9.png'>" : "") . "\n<!-- Piwik -->\n<script type=\"text/javascript\">\nvar pkBaseURL = ((\"https:\" == document.location.protocol) ? \"https://stats.tcrf.net/\" : \"http://stats.tcrf.net/\");\ndocument.write(unescape(\"%3Cscript src='\" + pkBaseURL + \"piwik.js' type='text/javascript'%3E%3C/script%3E\"));\n</script><script type=\"text/javascript\">\ntry {\nvar piwikTracker = Piwik.getTracker(pkBaseURL + \"piwik.php\", 4);\npiwikTracker.trackPageView();\npiwikTracker.enableLinkTracking();\n} catch( err ) {}\n</script><noscript><p><img src=\"http://stats.tcrf.net/piwik.php?idsite=4\" style=\"border:0\" alt=\"\" /></p></noscript>\n<!-- End Piwik Tag -->\n<!--<script type=\"text/javascript\" src=\"http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.6.min.js\"></script>\n<script type=\"text/javascript\" src=\"js/useful.js\"></script> -->\n\n</body></html>\n ";
if ($ipbanned) {
if ($loguser['title'] == "Banned; account hijacked. Contact admin via PM to change it.") {
$reason = "Your account was hijacked; please contact Xkeeper to reset your password and unban your account.";
} elseif ($loguser['title']) {
$reason = "Ban reason: " . $loguser['title'] . "<br>If you think have been banned in error, please contact Xkeeper.";
} else {
$reason = $sql->resultq("SELECT `reason` FROM ipbans WHERE {$checkips}", 0, 0);
if ($_POST['action'] == 'saveprofile') {
if ($eddateformat == $defaultdateformat) {
$eddateformat = '';
}
if ($eddateshort == $defaultdateshort) {
$eddateshort = '';
}
sbr(0, $signature);
sbr(0, $bio);
sbr(0, $postheader);
$minipic = htmlspecialchars($minipic);
$avatar = htmlspecialchars($avatar);
$birthday = @mktime(0, 0, 0, $bmonth, $bday, $byear);
if (!$bmonth && !$bday && !$byear) {
$birthday = 0;
}
//$sql->query("INSERT logs SET useraction ='Edit User ".$user[nick]."(".$user[id]."'");
if ($password) {
$passedit = "`password` = '" . getpwhash($password, $userid) . "', ";
}
if ($sex == -378) {
$sex = $sexn;
}
if ($userid == 1 && $loguserid != 1) {
xk_ircsend("1|" . xk(7) . "Someone (*cough{$loguserid}cough*) is trying to be funny...");
}
$sql->query("UPDATE `users` SET\r\n\t\t`posts` = '{$numposts}',\r\n\t\t`regdate` = '{$regtime}',\r\n\t\t`name` = '{$username}',\r\n\t\t{$passedit}\r\n\t\t`picture` = '{$picture}',\r\n\t\t`signature` = '{$signature}',\r\n\t\t`bio` = '{$bio}',\r\n\t\t`powerlevel` = '{$powerlevel}',\r\n\t\t`title` = '{$usertitle}',\r\n\t\t`email` = '{$email}',\r\n\t\t`icq` = '{$icq}',\r\n\t\t`aim` = '{$aim}',\r\n\t\t`aka` = '{$aka}',\r\n\t\t`sex` = '{$sex}',\r\n\t\t`homepageurl` = '{$homepage}',\r\n\t\t`timezone` = '{$timezone}',\r\n\t\t`dateformat`\t\t= '{$eddateformat}',\r\n\t\t`dateshort`\t\t\t= '{$eddateshort}',\r\n\t\t`postsperpage` = '{$postsperpage}',\r\n\t\t`realname` = '{$realname}',\r\n\t\t`location` = '{$location}',\r\n\t\t`postbg` = '{$postbg}',\r\n\t\t`postheader` = '{$postheader}',\r\n\t\t`useranks` = '{$useranks}',\r\n\t\t`birthday` = '{$birthday}',\r\n\t\t`minipic` = '{$minipic}',\r\n\t\t`homepagename` = '{$pagename}',\r\n\t\t`scheme` = '{$sscheme}',\r\n\t\t`threadsperpage` = '{$threadsperpage}',\r\n\t\t`viewsig` = '{$viewsig}',\r\n\t\t`layout` = '{$tlayout}'," . "`moodurl` = '{$moodurl}',\r\n\t\t`profile_locked` = '{$profile_locked}',\r\n\t\t`editing_locked` = '{$editing_locked}',\r\n\t\t`titleoption` = '{$titleoption}'\r\n\tWHERE `id` = '{$userid}'") or print mysql_error();
print "\r\n\t{$tblstart}\r\n\t {$tccell1}>Thank you, {$loguser['name']}, for editing this user.<br>\r\n\t " . redirect("profile.php?id={$userid}", "view {$username}'s profile", 0) . "\r\n\t{$tblend}";
}
print $footer;
printtimedif($startingtime);
die("F**k off, forever.");
}
if (empty($_COOKIE)) {
// Some lame botnet that keeps refreshing this page every second or so.
xk_ircsend("102|". date("Y-m-d h:i:s") ." - ".xk(7)."IP address ". xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) ." is being slightly less weird, but still weird. ". xk(5) ."(UA: ". $_SERVER['HTTP_USER_AGENT'] .")");
header("Location: http://". $_SERVER['REMOTE_ADDR'] ."/");
die("Don't be weird.");
}
*/
$time = filter_int($_GET['time']) ? $_GET['time'] : 300;
// FOR THE LOVE OF GOD XKEEPER JUST GIVE ME ~NUKE ACCESS
$banorama = $_SERVER['REMOTE_ADDR'] == $x_hacks['adminip'] || $loguser['id'] == 1 || $loguser['id'] == 5 || $loguser['id'] == 2100;
if ($banorama && filter_string($_GET['banip']) && filter_string($_GET['valid']) == md5($_GET['banip'] . "aglkdgslhkadgshlkgds")) {
$sql->query("INSERT INTO `ipbans` SET `ip` = '" . $_GET['banip'] . "', `reason`='online.php ban', `date` = '" . ctime() . "', `banner` = '{$loguserid}'") or print mysql_error();
// if ($_GET['uid']) mysql_query("UPDATE `users` SET `powerlevel` = -1, `title` = 'Banned; account hijacked. Contact admin via PM to change it.' WHERE `id` = '". $_GET['uid'] ."'") or print mysql_error();
xk_ircsend("1|" . xk(8) . $loguser['name'] . xk(7) . " added IP ban for " . xk(8) . $_GET['banip'] . xk(7) . ".");
return header("Location: online.php?m=1");
}
$sort = filter_bool($_GET['sort']);
$lnk = '<a href=online.php' . ($sort ? "?sort=1&" : '?') . 'time';
print "\n\t\t{$header}{$smallfont}\n\t\tShow online users during the last:\n\t\t{$lnk}=60>minute</a> |\n\t\t{$lnk}=300>5 minutes</a> |\n\t\t{$lnk}=900>15 minutes</a> |\n\t\t{$lnk}=3600>hour</a> |\n\t\t{$lnk}=86400>day</a>\n\t";
if ($isadmin) {
print '<br>Admin cruft: <a href=online.php' . ($sort ? '?sort=1&' : '?') . "time={$time}>Sort by " . ($sort == 'IP' ? 'date' : 'IP') . "</a>";
}
// Logged in users
$posters = $sql->query("SELECT id,posts,name,sex,powerlevel,aka,lastactivity,lastip,lastposttime,lasturl,birthday FROM users WHERE lastactivity>" . (ctime() - $time) . ' ORDER BY ' . ($sort == 'IP' && $isadmin ? 'lastip' : 'lastactivity DESC'));
print "<br>\n\t{$fonttag} Online users during the last " . timeunits2($time) . ":\n\t{$tblstart}\n\t\t{$tccellh} width=20> </td>\n\t\t{$tccellh} width=200>Username</td>\n\t\t{$tccellh} width=120> Last activity</td>\n\t\t{$tccellh} width=180> Last post</td>\n\t\t{$tccellh} width=*>URL</td>\n\t";
if ($isadmin) {
print "{$tccellh} width=120>IP address</td>";
}
print "{$tccellh} width=60> Posts</tr>";
function ircerrors($type, $msg, $file, $line, $context)
{
global $loguser;
// They want us to shut up? (@ error control operator) Shut the f**k up then!
if (!error_reporting()) {
return true;
}
switch ($type) {
case E_USER_ERROR:
$typetext = xk(4) . "- Error";
break;
case E_USER_WARNING:
$typetext = xk(7) . "- Warning";
break;
case E_USER_NOTICE:
$typetext = xk(8) . "- Notice";
break;
default:
return false;
}
// Get the ACTUAL location of error for mysql queries
if ($type == E_USER_ERROR && substr($file, -9) === "mysql.php") {
$backtrace = debug_backtrace();
for ($i = 1; isset($backtrace[$i]); ++$i) {
if (substr($backtrace[$i]['file'], -9) !== "mysql.php") {
$file = $backtrace[$i]['file'];
$line = $backtrace[$i]['line'];
break;
}
}
} elseif ($type == E_USER_NOTICE && substr($msg, 0, 10) === "Deprecated") {
$backtrace = debug_backtrace();
$file = $backtrace[2]['file'];
$line = $backtrace[2]['line'];
}
$errorlocation = str_replace($_SERVER['DOCUMENT_ROOT'], "", $file) . " #{$line}";
xk_ircsend("102|" . ($loguser['id'] ? xk(11) . $loguser['name'] . ' (' . xk(10) . $_SERVER['REMOTE_ADDR'] . xk(11) . ')' : xk(10) . $_SERVER['REMOTE_ADDR']) . " {$typetext}: " . xk() . "({$errorlocation}) {$msg}");
return true;
}
if ($_POST['knockout']) {
echo "SLAM JAM:\n";
$sql->query("DELETE FROM threads WHERE user = '******' LIMIT 50");
echo "Deleted threads.\n";
$sql->query("DELETE FROM posts_text WHERE pid IN (SELECT id FROM posts WHERE user = '******') LIMIT 50");
$sql->query("DELETE FROM posts WHERE user = '******' LIMIT 50");
echo "Deleted posts.\n";
$sql->query("DELETE FROM users WHERE id = '{$target_id}' LIMIT 1");
$sql->query("DELETE FROM users_rpg WHERE uid = '{$target_id}' LIMIT 1");
echo "Deleted user data.\n";
$new_maxid = intval($sql->resultq("SELECT id FROM users ORDER BY id DESC LIMIT 1"));
$sql->query("ALTER TABLE users AUTO_INCREMENT = {$new_maxid}");
echo "Max ID set to {$new_maxid}.\n";
@$sql->query("INSERT INTO `ipbans` SET `ip` = '" . $uinfo['lastip'] . "', `date` = '" . ctime() . "', `reason` = 'Thanks for playing!'");
echo "Delivered IP ban to {$uinfo['lastip']}.\n";
xk_ircsend("1|" . xk(8) . $uinfo['name'] . xk(7) . " (IP " . xk(8) . $uinfo['lastip'] . xk(7) . ") is the latest victim of the new EZ BAN button(tm).");
echo "\n</div>" . redirect("admin-slammer.php", 'the slammer (for another go)', 2);
die;
} else {
$threads = $sql->getarraybykey("SELECT id, forum, title FROM threads WHERE user = '******'", 'id');
$posts = $sql->getarraybykey("SELECT id, thread FROM posts WHERE user = '******'", 'id');
$ct_threads = count($threads);
$ct_posts = count($posts);
echo "Up on the chopping block today is \"{$uinfo['name']}\".\n\n";
echo "Their last known IP address is \"{$uinfo['lastip']}\".\n\n";
echo "They have made {$ct_threads} thread(s):\n";
foreach ($threads as $th) {
echo "{$th['id']}: {$th['title']} (in forum {$th['forum']})\n";
}
echo "\nThey have made {$ct_posts} post(s):\n";
foreach ($posts as $po) {
}
/* do curl here */
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://" . $_SERVER['REMOTE_ADDR']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3);
// <---- HERE
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
// <---- HERE
$file_contents = curl_exec($ch);
curl_close($ch);
if (stristr($file_contents, "proxy") || stristr($file_contents, "forbidden") || stristr($file_contents, "it works") || stristr($file_contents, "anonymous") || stristr($file_contents, "filter") || stristr($file_contents, "panel")) {
$adjectives = array("shitlord", "shitheel", "shitbag", "douche", "douchebag", "douchenozzle", "f*****t", "F****R", "script-kiddie", "dumbfuck extraordinare");
shuffle($adjectives);
$sql->query("INSERT INTO `ipbans` SET `ip` = '" . $_SERVER['REMOTE_ADDR'] . "', `date` = '" . ctime() . "', `reason` = 'Reregistering f*****t'");
@xk_ircsend("1|" . xk(7) . "Auto-IP banned proxy-abusing {$adjectives['0']} with IP " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . " on registration. (Tried to register with username {$name})");
die("{$tccell1}>Thank you, {$name}, for registering your account.<br>" . redirect('index.php', 'the board', 0) . $footer);
}
$users = $sql->query('SELECT name FROM users');
$username = substr(trim($name), 0, 25);
$username2 = str_replace(' ', '', $username);
$username2 = str_replace(' ', '', $username2);
$username2 = preg_replace("' 'si", ' ', $username2);
$username2 = preg_replace("' 'si", '', $username2);
$username2 = stripslashes($username2);
print $tblstart;
$userid = -1;
while ($user = $sql->fetch($users)) {
$user[name] = str_replace(' ', '', $user['name']);
$user[name] = str_replace(' ', '', $user['name']);
if (strcasecmp($user[name], $username2) == 0) {
}
// can't be posting too fast now
$limithit = $user[lastposttime] < ctime() - 30;
// can they post in this forum?
$authorized = $user[powerlevel] >= $forum[minpowerthread];
// does the forum exist?
$forumexists = $forum[title];
// ---
// lol i'm eminem
if (strpos($message, '[Verse ') !== FALSE) {
$authorized = false;
@$sql->query("INSERT INTO `ipbans` SET `ip` = '" . $_SERVER['REMOTE_ADDR'] . "', `date` = '" . ctime() . "', `reason` = 'Listen to some good music for a change.'");
if ($_COOKIE['loguserid'] > 0) {
@$sql->query("UPDATE `users` SET `powerlevel` = '-2' WHERE `id` = {$_COOKIE['loguserid']}");
}
xk_ircsend("1|" . xk(7) . "Auto-banned another Eminem wannabe with IP " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . ".");
}
// ---
if ($userid != -1 && $subject && $message && $forumexists && $authorized && $limithit) {
$msg = $message;
// squot(0,$msg);
$sign = $user['signature'];
$head = $user['postheader'];
// improved post backgrounds
if ($user['postbg']) {
$head = "<table width=100% height=100% border=0 cellpadding=0 cellspacing=0><td valign=top background=\"{$user['postbg']}\">{$head}";
$sign = "{$sign}</td></table>";
}
$numposts = $user[posts] + 1;
$numdays = (ctime() - $user[regdate]) / 86400;
$tags = array();
$sql->query("INSERT INTO `ipbans` SET `ip` = '" . $_SERVER['REMOTE_ADDR'] . "', `date` = '" . ctime() . "', `reason` = 'Send e-mail for password recovery'");
@xk_ircsend("102|" . xk(7) . "Auto-IP banned " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . " for this.");
@xk_ircsend("1|" . xk(7) . "Auto-IP banned " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . " for repeated failed logins.");
}
$msg = "Couldn't login. Either you didn't enter an existing username, or you haven't entered the right password for the username.";
}
}
}
$txt .= "{$tccell1}>{$msg}<br>" . redirect('index.php', 'the board', 0);
} elseif ($_POST['action'] == 'logout') {
setcookie('loguserid', '', time() - 3600, "/", $_SERVER['SERVER_NAME'], false, true);
setcookie('logverify', '', time() - 3600, "/", $_SERVER['SERVER_NAME'], false, true);
// May as well unset this as well
setcookie('logpassword', '', time() - 3600, "/", $_SERVER['SERVER_NAME'], false, true);
$txt .= "{$tccell1}> You are now logged out.<br>" . redirect('index.php', 'the board', 0);
} elseif (!$_POST['action']) {
$ipaddr = explode('.', $_SERVER['REMOTE_ADDR']);
for ($i = 4; $i > 0; --$i) {
$verifyoptext[$i] = "(" . implode('.', $ipaddr) . ")";
$ipaddr[$i - 1] = 'xxx';
}
$txt .= "<body onload=window.document.REPLIER.username.focus()>\n\t\t<FORM ACTION=login.php NAME=REPLIER METHOD=POST><tr>\n\t\t{$tccellh} width=150> </td>{$tccellh} width=40%> </td>{$tccellh} width=150> </td>{$tccellh} width=40%> </td></tr><tr>\n\t\t{$tccell1}><b>User name:</b></td> {$tccell2l}>{$inpt}=username MAXLENGTH=25 style='width:280px;'></td>\n\t\t{$tccell1} rowspan=2><b>IP Verification:</b></td> {$tccell2l} rowspan=2>\n\t\t\t<select name=verify>\n\t\t\t\t<option selected value=0>Don't use</option>\n\t\t\t\t<option value=1> /8 {$verifyoptext['1']}</option>\n\t\t\t\t<option value=2>/16 {$verifyoptext['2']}</option>\n\t\t\t\t<option value=3>/24 {$verifyoptext['3']}</option>\n\t\t\t\t<option value=4>/32 {$verifyoptext['4']}</option>\n\t\t\t</select><br><small>You can require your IP address to match your current IP, to an extent, to remain logged in.</small>\n\t\t</tr><tr>\n\t\t{$tccell1}><b>Password:</b></td> {$tccell2l}>{$inpp}=userpass MAXLENGTH=64 style='width:180px;'></td>\n\t\t</tr><tr>\n\t\t{$tccell1}> </td>{$tccell2l} colspan=3>\n\t\t{$inph}=action VALUE=login>\n\t\t{$inps}=submit VALUE=Login></td></tr>\n\t\t</FORM>";
} else {
// Just what do you think you're doing
$sql->query("INSERT INTO `ipbans` SET `ip` = '" . $_SERVER['REMOTE_ADDR'] . "', `date` = '" . ctime() . "', `reason` = 'Generic internet exploit searcher'");
if (!mysql_error()) {
xk_ircsend("1|" . xk(7) . "Auto-banned asshole trying to be clever with the login form (action: " . xk(8) . $_POST['action'] . xk(7) . ") with IP " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . ".");
}
}
print $txt . $tblend . $footer;
printtimedif($startingtime);
