<?php require '../init.php'; if (!Validate::ValideInput(array('id' => 'isNumeric', 'type' => 'isCleanHomeType'))) { exit; } $id = (int) safe($_GET['id'], 'SQL'); $type = safe($_GET['type'], 'SQL'); if ($type == "note") { $table = "habbophp_home_notes"; } elseif ($type == "image") { $table = "habbophp_home_images"; } elseif ($type == "widget") { $table = "habbophp_home_widget"; } else { exit; } if ($user->rank >= 6) { $db->query("DELETE FROM " . $table . " WHERE id=" . $id . ""); } else { $db->query("DELETE FROM " . $table . " WHERE id=" . $id . " AND userid=" . $user->id . ""); }
<?php #|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#| #| #| #| HABBOPHP - http://habbophp.com #| #| Copyright © 2012 Valentin & Robin. All rights reserved. #| #| #| #|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#| require '../init.php'; if (!Validate::ValideInput(array('class' => 'isClean'))) { exit; } $class = safe(safe($_GET['class'], 'HTML'), 'SQL'); $db->query("DELETE FROM habbophp_home_backgrounds WHERE uid=" . safe($user->id, 'SQL') . ""); $db->query("INSERT INTO habbophp_home_backgrounds VALUES ('','" . $user->id . "','" . strtolower($class) . "')");
$pstickers .= '<div style="cursor:pointer;margin:0px;font-size:11px;padding:1px;float:left;" id="' . $i . '">' . $i . '</div>'; } $tpl->assign('pagesstickers', $pstickers); $sql = "select * from habbophp_home_backgrounds_list"; $rsd = mysql_query($sql); $count = mysql_num_rows($rsd); $pages = ceil($count / 10); $pstickers = ""; for ($i = 1; $i <= $pages; $i++) { $pstickers .= '<div style="cursor:pointer;margin:0px;font-size:11px;padding:1px;float:left;" id="bg' . $i . '">' . $i . '</div>'; } $tpl->assign('pagesbg', $pstickers); if (isset($_GET['username']) and !Validate::ValideInput(array('username' => 'isUsername'))) { redirection($config->url_site . '/'); } if (isset($_GET['id']) and !Validate::ValideInput(array('id' => 'isNumeric'))) { redirection($config->url_site . '/'); } if (isset($_GET['username'])) { $reqV = mysql_query('SELECT id FROM users WHERE username="******"'); } $isBan = mysql_num_rows(mysql_query('SELECT id FROM bans WHERE value="' . safe($_GET['username'], 'SQL') . '"')); if ($isBan >= 1) { $tpl->display('header.tpl'); $tpl->display('home-ban.tpl'); $tpl->display('footer.tpl'); exit; } if (isset($_GET['id'])) { $reqV = mysql_query('SELECT id FROM users WHERE id="' . safe($_GET['id'], 'SQL') . '"'); }
<?php require '../init.php'; if (!isset($_POST['voucher']) or !Validate::ValideInput(array('voucher' => 'isClean'))) { exit; } if ($user->useVoucher($_POST['voucher'])) { echo '1'; } else { echo '2'; }
<?php require '../init.php'; if (!Validate::ValideInput(array('id' => 'isNumeric')) or !Validate::ValideInput(array('type' => 'isClean')) or !Validate::ValideInput(array('design' => 'isClean'))) { exit; } $id = (int) safe($_GET['id'], 'SQL'); //id du widget $type = safe($_GET['type'], 'SQL'); $design = safe($_GET['design'], 'SQL'); if ($design == "w_skin_speechbubbleskin" or $design == "w_skin_notepadskin" or $design == "w_skin_goldenskin" or $design == "w_skin_defaultskin" or $design == "w_skin_metalskin" or $design == "w_skin_noteitskin") { if ($user->rank >= 6) { $db->query("UPDATE habbophp_home_widget SET " . $type . "style='" . $design . "'"); } else { $db->query("UPDATE habbophp_home_widget SET " . $type . "style='" . $design . "' WHERE userid=" . $user->id . ""); } }
<?php require '../init.php'; if (!Validate::ValideInput(array('type' => 'isCleanHomeType', 'color' => 'isClean'))) { exit; } $value = safe($_GET['value'], 'SQL'); //link of image (for images only) $type = safe($_GET['type'], 'SQL'); //image or note $color = safe($_GET['color'], 'SQL'); //color if (!isset($value) or !isset($type)) { exit; } if ($type == "image") { mysql_query("INSERT INTO habbophp_home_images VALUES ('', '" . $user->id . "', '" . safe($value, 'SQL') . "',0,0,10)"); $q = mysql_query("SELECT * FROM habbophp_home_images ORDER BY id DESC LIMIT 1"); $row = mysql_fetch_array($q); $id = $row['id']; echo '<div rel="' . $id . '" wtype="image" class="movable sticker s_' . strtolower(safe($value, 'HTML')) . '" style="left: 20px; top: 30px; z-index: 18; " id="image-' . $id . '"> <img src="' . $config->url_site . '/images/icon_edit.gif" width="19" height="18" onclick="$(\'#edit-' . $row['id'] . '\').toggle();" class="edit-button" id="sticker-' . $row['id'] . '-edit"> <div style="display:none;background:#eee;border:1px solid #000;border-bottom:2px solid #000;padding:10px;margin-top:-20px;margin-left:80px;width:100px;-moz-border-radius:5px;-webkit-border-radius:5px;border-radius:5px;" id="edit-' . $row['id'] . '"> <a style="margin-left:95px;text-decoration:none;" href="javascript:void(0);" onclick="$(\'#edit-' . $row['id'] . '\').hide();">x</a> <center><input type="button" value="Supprimer" onclick="deletewidget(' . $row['id'] . ', \'image\');"/></center> </div></div> </div>'; } if ($type == "note") { if ($color == "n_skin_speechbubbleskin" or $color == "n_skin_notepadskin" or $color == "n_skin_goldenskin" or $color == "n_skin_defaultskin" or $color == "n_skin_hc_pillowskin" or $color == "n_skin_hc_machineskin" or $color == "n_skin_metalskin" or $color == "n_skin_noteitskin" or $color == "edit-menu-skins-select-nakedskin" or $color == "facebookW") { mysql_query("INSERT INTO habbophp_home_notes VALUES ('', '" . $user->id . "', '" . bbcode(safe($value, 'SQL')) . "','" . $color . "',0,0,10)");
<?php require 'init.php'; $tpl->assign('groups', 'community'); $tpl->display('header.tpl'); if (!isset($_GET['id'])) { $row = $db->query("SELECT * FROM habbophp_news ORDER BY id DESC LIMIT 1", true, false); if ($db->NumRowsC() == 1) { redirection('events.php?id=' . $row['id']); } } if (!Validate::ValideInput(array('id' => 'isNumeric'))) { redirection($config->url_site); } $id = isset($_GET['id']) ? $_GET['id'] : 0; $tpl->assign('news_id', $id); $tpl->assign('comments_type', $config->comments); $newsData = $db->query("SELECT * FROM habbophp_news WHERE id=" . $id . " LIMIT 1", true, false); if ($newsData != NULL) { $tpl->assign('title', $newsData['title']); $tpl->assign('content', $newsData['content']); $tpl->assign('news_existe', 'true'); $tpl->assign('displayComment', $newsData['comment']); } if ($newsData == NULL) { $row = $db->query("SELECT * FROM habbophp_news ORDER BY id DESC LIMIT 1", true, false); if ($db->NumRowsC() == 1) { redirection('events.php?id=' . $row['id']); } } $menuData = $db->query("SELECT * FROM habbophp_news ORDER BY id DESC LIMIT 50", true);
<?php define('AUTH', 'AUTH'); require '../init.php'; if (!isset($_GET['mail']) or empty($_GET['mail']) or !Validate::ValideInput(array('mail' => 'isEmail'))) { echo 'no'; exit; } $p = safe($_GET['mail'], 'SQL'); if (isset($p) && !empty($p) && $_SERVER['REQUEST_METHOD'] == "GET") { $db->query('SELECT id,username,mail FROM users WHERE mail="' . $p . '"'); if ($db->NumRowsC() == 1) { $data = $db->getQuery(); $new_password = hashMe(uniqid()) . hashMe(uniqid()); $expire = time() + 3600 * 24; $req = $db->query('SELECT id,uid FROM habbophp_password_forgotten WHERE uid="' . $data['id'] . '"', true); if ($db->NumRowsC() == 0) { $db->query('INSERT INTO habbophp_password_forgotten VALUES ("","' . $data['id'] . '","' . $new_password . '","' . $expire . '")'); } else { $db->query("UPDATE habbophp_password_forgotten SET keysecret='" . safe($new_password, 'SQL') . "' WHERE uid='" . safe($data['id'], 'SQL') . "'"); } $link = $config->url_site . '/mot_de_passe_oublier.php?key=' . $new_password; $body = file_get_contents('../modules/mail/password_forgotten.html'); $body = str_replace('{$url_site}', $config->url_site, $body); $body = str_replace('{$pseudo}', $data['username'], $body); $body = str_replace('{$link}', $link, $body); $mail = new PHPMailer(); // defaults to using php "mail()" if (!empty($config->smtp_username) && !empty($config->smtp_password)) { $mail->IsSMTP(); // telling the class to use SMTP
#| HABBOPHP - http://habbophp.com #| #| Copyright © 2012 Valentin & Robin. All rights reserved. #| #| #| #|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#| require '../init.php'; $x = (int) safe($_GET['x'], 'SQL'); //left $y = (int) safe($_GET['y'], 'SQL'); //top $z = (int) safe($_GET['z'], 'SQL'); //z-index $id = (int) safe($_GET['id'], 'SQL'); //id du widget $type = safe($_GET['type'], 'SQL'); $wid = safe($_GET['wid'], 'SQL'); if (!Validate::ValideInput(array('x' => 'isCleanPx', 'y' => 'isCleanPx', 'z' => 'isCleanPx', 'type' => 'isCleanHomeType', 'wid' => 'isClean'))) { exit; } if ($type == "image") { if ($user->rank >= 6) { $db->query("UPDATE habbophp_home_images SET x=" . $x . ", y=" . $y . ", z=" . $z . " WHERE id=" . $id . ""); } else { $db->query("UPDATE habbophp_home_images SET x=" . $x . ", y=" . $y . ", z=" . $z . " WHERE userid=" . $user->id . " AND id=" . $id . ""); } } if ($type == "note") { if ($user->rank >= 6) { $db->query("UPDATE habbophp_home_notes SET x=" . $x . ", y=" . $y . ", z=" . $z . " WHERE id=" . $id . ""); } else { $db->query("UPDATE habbophp_home_notes SET x=" . $x . ", y=" . $y . ", z=" . $z . " WHERE userid=" . $user->id . " AND id=" . $id . ""); }
<?php #|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#| #| #| #| HABBOPHP - http://habbophp.com #| #| Copyright © 2012 Valentin & Robin. All rights reserved. #| #| #| #|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#|#| define('CORE', 'CORE'); require 'includes/core.php'; if (!isset($_GET['key']) or !Validate::ValideInput(array('key' => 'isClean'))) { redirection($config->url_site . '/'); } $key = safe($_GET['key'], 'SQL'); $req = $db->query('SELECT pf.* , us.mail FROM habbophp_password_forgotten pf LEFT JOIN users us ON pf.uid = us.id WHERE pf.keysecret="' . $key . '"'); if ($db->NumRowsC() == 0) { redirection($config->url_site); } $data = $db->getQuery(true); if (time() > $data['expire']) { $db->query('DELETE FROM habbophp_password_forgotten WHERE id="' . $data['id'] . '"'); redirection($config->url_site . '/'); } if (isset($_POST['password'])) { $Error = new error(); $s = true; if (isset($_POST['password']) && empty($_POST['password'])) { $Error->set('password', $tpl->assign('error_password_empty', 'true')); $tpl->assign('error', 'true'); $s = false; } elseif (strlen($_POST['password']) <= 5) {
<?php require '../init.php'; if (!Validate::ValideInput(array('badge' => 'isCleanBadge'))) { exit; } $badge = isset($_POST['badge']) ? safe($_POST['badge'], 'SQL') : ''; $req = $db->query('SELECT badge_id FROM user_badges WHERE badge_id="' . safe($badge, 'SQL') . '" AND user_id="' . safe($user->id, 'SQL') . '"'); if ($db->NumRowsC() == 0) { $dataPlayer = $db->query('SELECT * FROM habbophp_shop_badges WHERE idbadge="' . safe($badge, 'SQL') . '"', true, false); if ($db->NumRowsC() > 0) { if ($dataPlayer['amount'] <= $user->jetons) { if ($db->query("INSERT INTO user_badges (user_id,badge_id,badge_slot) VALUES ('" . $user->id . "','" . $badge . "','0')")) { echo '1'; } if ($user->deleteJetons($dataPlayer['amount'])) { echo '1'; } } else { echo 'nomoney'; } } } else { echo 'existe'; }