public static function mobbo_settings($var)
{
$var2 = Security::injection($var);
$sql = Transaction::query("SELECT valuer FROM `mobbo_settings` WHERE `variabler` LIKE '{$var2}'");
$return = Transaction::fetch($sql);
return $return['valuer'];
}
</form></table></div><br />
<div class='tableborder'>
<div class='tableheaderalt'><center>Equipe staff</center></div>
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='20%'>Nome</td>
<td class='tablesubheader' width='30%'>Email</td>
<td class='tablesubheader' width='20%'>IP</td>
<td class='tablesubheader' width='20%'>Cargo</td>
<td class='tablesubheader' width='1%' align='center'>Editar</td>
</tr>
<?php
while ($row = Transaction::fetch($get_users)) {
$rank = Transaction::query("SELECT * FROM ranks WHERE id = '" . $row['rank'] . "' ");
$rank = Transaction::fetch($rank);
?>
<tr>
<td class='tablerow1' align='left'><?php
echo $row['username'];
?>
(ID: <?php
echo $row['id'];
?>
)</td>
<td class='tablerow1' align='left'><?php
echo $row['mail'];
?>
</td>
<td class='tablerow1' align='left'><?php
echo $row['ip_last'];
<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='20%'>Ttulo</td>
<td class='tablesubheader' width='12%' align='left'>Data</td>
<td class='tablesubheader' width='10%' align='left'>Autor</td>
<td class='tablesubheader' width='1%' align='center'>Editar</td>
<td class='tablesubheader' width='1%' align='center'>Remover</td>
</tr>
<?php
$query_min = $page * 50 - 50;
if ($query_min < 0) {
// Page 1
$query_min = 0;
}
$get_articles = Transaction::query("SELECT * FROM mobbo_news ORDER BY id DESC LIMIT " . $query_min . ", 50");
while ($row = Transaction::fetch($get_articles)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow2'><strong><?php
echo Security::textFilterHK($row['title']);
?>
</strong><div class='desctext'><?php
echo $row['longstory'];
?>
</div></td>
<td class='tablerow2' align='left'><?php
$m = date('m');
$d = date('d');
$Y = date('Y');
$j = date('j');
$n = date('n');
// start the user system
if (isset($_SESSION['id'])) {
$rawname = htmlentities($_SESSION['id']);
$usersql = Transaction::query("SELECT * FROM users WHERE id = '" . $rawname . "' LIMIT 1");
$myrow = Transaction::fetch($usersql);
$ban = Transaction::query("SELECT * FROM bans WHERE value = '" . $myrow['username'] . "' AND bantype = 'user' or value = '" . $remote_ip . "' AND bantype = 'ip' LIMIT 1");
$bancheck = Transaction::num_rows($ban);
if ($myrow['ip_reg'] == "0") {
Transaction::query("UPDATE users SET ip_reg = '" . $remote_ip . "' WHERE id = '" . $myrow['id'] . "'");
} elseif ($bancheck > 0) {
$bandata = Transaction::fetch($ban);
$timestamp = time();
if ($bandata['expire'] > $timestamp) {
session_destroy();
header("Location: index.php");
exit;
} else {
Transaction::query("DELETE FROM bans WHERE value = '" . $name . "' AND bantype = 'user' or value = '" . $remote_ip . "' AND bantype = 'ip' LIMIT 1");
}
}
$rawhotel = 0;
$rawhotel = md5($myrow['id'] + $myrow['username'] + $myrow['password'] + Security::getUserIP());
if (isset($_COOKIE['rawsessionhotel'])) {
if ($_COOKIE['rawsessionhotel'] == $rawhotel) {
$logged_in = true;
$name = mobbo::HoloText($myrow['username']) != 0 ? mobbo::HoloText($myrow['username']) : "Guest";
private function getdefault()
{
$query = Transaction::query("SELECT * FROM mobbo_templates WHERE active = '1' LIMIT 1;");
$row = Transaction::fetch($query);
$this->path = $row['path'];
}
<div class='tableborder'>
<div class='tableheaderalt'><center>Usurios VIP atualmente</center></div>
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='20%' align='left'>Nome de usurio</td>
<td class='tablesubheader' width='15%' align='left'>E-mail</td>
<td class='tablesubheader' width='15%' align='left'>IP</td>
<td class='tablesubheader' width='5%' align='left'>Editar</td>
</tr>
<?php
$get_vip = Transaction::query("SELECT * FROM users WHERE rank = '2' ORDER BY lastonline");
while ($vip = Transaction::fetch($get_vip)) {
$get_user = Transaction::query("SELECT * FROM users WHERE id = '" . $vip['id'] . "'");
while ($row = Transaction::fetch($get_user)) {
if ($row['online'] >= 1) {
$online = "online";
} else {
$online = "offline";
}
?>
<tr>
<td class='tablerow1' align='left'><?php
echo $row['username'];
?>
(ID: <?php
echo $row['id'];
?>
)</td>
<div class='tableborder'>
<div class='tableheaderalt'><center>Emblemas (<?php
echo Transaction::evaluate("SELECT COUNT(*) FROM user_badges WHERE user_id = '" . $key . "'");
?>
) </div>
<table width='100%' cellspacing='0' cellpadding='5' align='center' border='0'>
<tr>
<td class='tablesubheader' width='1%' align='center'>Cdigo</td>
<td class='tablesubheader' width='14%' align='center'>Emblema</td>
</tr>
<?php
$sql = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . $key . "' ORDER BY badge_id");
while ($row = Transaction::fetch($sql)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['badge_id'];
?>
</td>
<td class='tablerow2'><img src="<?php
echo $cimagesurl . $badgesurl . $row['badge_id'];
?>
.gif"></div></td>
</tr>
<?php
}
<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='10%' align='center'>Cdigo do emblema</td>
<td class='tablesubheader' width='10%' align='center'>Nome</td>
<td class='tablesubheader' width='10%' align='center'>Preo</td>
<td class='tablesubheader' width='10%' align='center'>Editar</td>
<td class='tablesubheader' width='12%' align='center'>Borrar</td>
</tr>
<?php
$query_min = $page * 50 - 50;
if ($query_min < 0) {
// Page 1
$query_min = 0;
}
$get_marktplatz = Transaction::query("SELECT * FROM mobbo_shop ORDER BY id DESC LIMIT " . $query_min . ", 50");
while ($row = Transaction::fetch($get_marktplatz)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow2' align='center'><img src="http://127.0.0.1/c_images/album1584/<?php
echo $row['image'];
?>
.gif" alt="<?php
echo $row['image'];
?>
"></td>
<td class='tablerow2' align='center'><?php
while ($row = Transaction::fetch($get_users)) {
?>
<script language="JavaScript" type="text/javascript">
function openWin () {
var newWin = window.open ('', '', 'height=330, width=560');
newWin.document.close ();
}
</script>
<?php
$userdata = Transaction::query("SELECT * FROM users WHERE id = '" . $row['userid'] . "' LIMIT 1");
$userdata = Transaction::fetch($userdata);
if (!empty($row['targetid'])) {
$targetdata = Transaction::query("SELECT * FROM users WHERE id = '" . $row['targetid'] . "' LIMIT 1");
$targetdata = Transaction::fetch($targetdata);
} else {
$targetdata['username'] = "******";
}
if (!empty($row['note'])) {
$note = $row['note'];
} else {
$note = "<i>None given</i>";
}
?>
<tr>
<td class='tablerow1' align='left'><?php
echo $row['action'];
?>
</td>
<td class='tablesubheader' width='10%' align='left'>Desde</td>
<td class='tablesubheader' width='10%' align='left'>Acaba</td>
<td class='tablesubheader' width='1%' align='left'>IP Banido</td>
</tr>
<?php
$query_min = $page * 50 - 50;
if ($query_min < 0) {
// Page 1
$query_min = 0;
}
$get_bans = Transaction::query("SELECT * FROM bans WHERE expire + 3600 > '" . time() . "' ORDER BY expire LIMIT " . $query_min . ", 50");
while ($row = Transaction::fetch($get_bans)) {
if ($row['bantype'] == 'user') {
$userdata = Transaction::query("SELECT * FROM users WHERE username = '******'value'] . "'");
$users = Transaction::fetch($userdata);
$ip_last = $users['ip_last'];
} else {
$ip_last = '-/-';
}
$minuten = $row['expire'] - time();
if (time() >= $row['expire']) {
$stat = "Expira em";
$color = "green";
} elseif (time() + 3600 >= $row['expire']) {
if (date('i', $minuten) > 0) {
$stat = "(H " . date('i', $minuten) . " minutos)";
$color = "orange";
} else {
$stat = "(H " . date('s', $minuten) . " segundos)";
$color = "orange";
<div class='tableborder'>
<div class='tableheaderalt'><center>Banners - Información general</center></div>
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='10%' align='center'>Texto</td>
<td class='tablesubheader' width='10%' align='center'>Imagen</td>
<td class='tablesubheader' width='10%' align='center'>URL</td>
<td class='tablesubheader' width='10%' align='center'>HTML</td>
<td class='tablesubheader' width='1%' align='center'>Editar</td>
<td class='tablesubheader' width='1%' align='center'>Borrar</td>
</tr>
<?php
$get_banners = Transaction::query("SELECT * FROM mobbo_banners ORDER BY id");
while ($row = Transaction::fetch($get_banners)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow2' align='center'><?php
echo $row['text'];
?>
</td>
<td class='tablerow2' align='center'><?php
echo $row['banner'];
?>
</td>
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='20%'>Tipo</td>
<td class='tablesubheader' width='20%' align='left'>ID da ao</td>
<td class='tablesubheader' width='20%' align='center'>Editar</td>
<td class='tablesubheader' width='1%' align='center'>Remover</td>
</tr>
<?php
$query_min = $page * 50 - 50;
if ($query_min < 0) {
// Page 1
$query_min = 0;
}
$get_recommended = Transaction::query("SELECT * FROM mobbo_recommended ORDER BY id DESC LIMIT " . $query_min . ", 50");
while ($row = Transaction::fetch($get_recommended)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow2'><?php
if ($row['type'] == "room") {
echo 'Sala';
} else {
echo 'Grupo';
}
?>
</td>
}
if ($user_rank > 4) {
if ($hkzone !== true) {
header("Location: index/?throwBack=true");
exit;
}
if (!mobbo::session_is_registered(acp)) {
header("Location: p/login");
exit;
}
$pagename = "Alertas";
$pageid = "alert";
if (isset($_POST['alert'])) {
$check = Transaction::query("SELECT * FROM users WHERE username = '******'name']) . "' LIMIT 1");
if (Transaction::num_rows($check) > 0) {
$userdata = Transaction::fetch($check);
Transaction::query("INSERT INTO mobbo_alerts (userid,alert) VALUES ('" . $userdata['id'] . "','" . Security::textFilter($_POST['alert']) . "')");
$msg = "<div class='rounded rounded-green'><center>Alerta enviada a " . Security::textFilter($_POST['name']) . " (ID: " . $userdata['id'] . ") <img src=\"./w/images/check.gif\"></center></div>";
} else {
$msg = "<div class='rounded rounded-red'><center>Oops! este usurio no foi encontrado. <img src=\"./w/images/del.gif\"></center></div>";
}
}
@(include 'subheader.php');
if (isset($msg)) {
?>
<p><strong><?php
echo $msg;
?>
</strong></p><?php
}
?>
}
if ($user_rank > 5) {
if ($hkzone !== true) {
header("Location: index.php?throwBack=true");
exit;
}
if (!mobbo::session_is_registered(acp)) {
header("Location: index.php?p=login");
exit;
}
$pagename = "Banimentos";
$pageid = "ban";
if (isset($_POST['value']) && $_POST['length'] && $_POST['reason']) {
$check_exists = Transaction::query("SELECT * FROM bans WHERE value = '" . Security::textFilter($_POST['value']) . "' AND bantype = '" . Security::textFilter($_POST['type']) . "'");
$get_cc = Transaction::query("SELECT * FROM users WHERE username = '******'value'] . "'");
$userdata = Transaction::fetch($get_cc);
if (Transaction::num_rows($check_exists) > 0) {
Transaction::query("UPDATE bans SET expire = expire + '" . Security::textFilter($_POST['length']) . "' WHERE value = '" . Security::textFilter($_POST['value']) . "' AND bantype = '" . Security::textFilter($_POST['type']) . "'");
$msg = "<div class='rounded rounded-green'><center>El ban (" . Security::textFilter($_POST['type']) . " - " . Security::textFilter($_POST['value']) . ") ha sido actualizado. <img src=\"./w/images/check.gif\"></center></div>";
} else {
if (Transaction::num_rows($get_cc) > 0 && $_POST['type'] == "user") {
Transaction::query("INSERT INTO bans (bantype,value,reason,expire,added_by,added_date) VALUES ('" . Security::textFilter($_POST['type']) . "','" . Security::textFilter($_POST['value']) . "','" . Security::textFilter($_POST['reason']) . "','" . time() . "' + '" . Security::textFilter($_POST['length']) . "','" . $name . "','" . time() . "')");
Transaction::query("UPDATE users SET auth_ticket = '' WHERE username = '******'value']) . "' LIMIT 1");
$msg = "<div class='rounded rounded-green'><center>" . $_POST['value'] . " foi banido <img src=\"./w/images/check.gif\"></center></div>";
} elseif (Transaction::num_rows($get_cc) < 1 && $_POST['type'] == "user") {
$msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar o usurio <img src=\"./w/images/del.gif\"></center></div>";
} elseif ($_POST['type'] == "ip") {
Transaction::query("INSERT INTO bans (bantype,value,reason,expire,added_by,added_date) VALUES ('" . Security::textFilter($_POST['type']) . "','" . Security::textFilter($_POST['value']) . "','" . Security::textFilter($_POST['reason']) . "','" . time() . "' + '" . Security::textFilter($_POST['length']) . "','" . $name . "','" . time() . "')");
Transaction::query("UPDATE users SET auth_ticket = '' WHERE username = '******'value']) . "' LIMIT 1");
$msg = "<div class='rounded rounded-green'><center>O IP " . Security::textFilter($_POST['value']) . " foi banido! <img src=\"./w/images/check.gif\"></center></div>";
}
<td class='tablesubheader' width='20%' align='left'>Descrio</td>
<td class='tablesubheader' width='10%' align='left'>Imagem (50% do tamanho original)</td>
<td class='tablesubheader' width='10%' align='left'>URL</td>
<td class='tablesubheader' width='7%' align='left'>Boto</td>
<td class='tablesubheader' width='1%' align='center'>Editar</td>
<td class='tablesubheader' width='1%' align='center'>Excluir</td>
</tr>
<?php
$query_min = $page * 50 - 50;
if ($query_min < 0) {
// Page 1
$query_min = 0;
}
$get_hotcampaigns = Transaction::query("SELECT * FROM mobbo_hotcampaigns ORDER BY id DESC LIMIT " . $query_min . ", 50");
while ($row = Transaction::fetch($get_hotcampaigns)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow2'><?php
echo $row['caption'];
?>
</td>
<td class='tablerow2' align='left'><?php
echo $row['descr'];
?>
</td>
if (mobbo::session_is_registered(acp)) {
header("Location: index.php?loginThrowBack=true");
exit;
}
$pagename = "Login";
$pageid = "login";
if (isset($_POST['username'])) {
$form_name = addslashes($_POST['username']);
$form_pass = mobbo::HoloHash($_POST['password']);
$form_pass2 = mobbo::HoloHashMD5($_POST['password']);
$form_code = $_POST['codeword'];
$check = Transaction::query("SELECT * FROM users WHERE username = '******' AND password = '******' AND rank > 3 or username = '******' AND password = '******' AND rank > 3 LIMIT 1");
$valid = Transaction::num_rows($check);
if (!empty($form_name) && !empty($form_pass)) {
if ($valid > 0) {
$row = Transaction::fetch($check);
$_SESSION['acp'] = true;
$_SESSION['hkusername'] = $row['username'];
$_SESSION['hkpassword'] = $form_pass2;
$_SESSION['hkcode'] = $form_code;
$my_id = $row['id'];
if (!mobbo::session_is_registered(username)) {
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $form_pass2;
$_SESSION['code'] = $form_code;
}
Transaction::query("UPDATE users SET ip_last = '" . $remote_ip . "' WHERE id = '" . $row['id'] . "' LIMIT 1");
Transaction::query("INSERT INTO stafflogs (action,message,note,userid,targetid,timestamp) VALUES ('Housekeeping','Login (IP: " . $remote_ip . ")','login.php','" . $my_id . "','0','" . $date_full . "')");
if ($_POST['headerclient'] == true) {
header("location: {$path}/client");
exit;
if ($usr_info['name'] == $fetch2['username']) {
header("Location: /");
} elseif ($usr_info['last_name'] == $fetch2['username']) {
header("Location /");
} elseif ($usr_info['mail2'] == $fetch2['mail']) {
header("Location /");
} else {
Transaction::query("INSERT INTO users (username,password,motto,mail,rank,fb_id) VALUES ('" . $usr_name2 . "', 'f09927c417e569baaeaa561f501d3e77', 'Registrei por facebook', '" . $usr_name . "', '2', '" . $usr_info . "');");
$q = "SELECT * FROM users WHERE fb_id='" . $user_info['id'] . "'";
$result = @Transaction::query($q);
$row = Transaction::fetch($result);
}
}
$q = "SELECT fb_id FROM users WHERE fb_id='" . $user_info['id'] . "'";
$result = @Transaction::query($q);
$row = Transaction::fetch($result);
$user_ida = $row['fb_id'];
$_SESSION['fb_id'] = $user_ida;
$user_id = $facebook->getUser();
if ($user_ida) {
try {
$ret_obj = $facebook->api('/me/feed', 'POST', array('link' => $msg, 'message' => $url));
} catch (FacebookApiException $e) {
$login_url = $facebook->getLoginUrl(array('scope' => 'publish_stream'));
echo 'Please <a href="' . $login_url . '">login.</a>';
error_log($e->getType());
error_log($e->getMessage());
}
} else {
echo 'Voce nao esta Logado Corretamente no Facebook Acesse Primeiramente www.facebook.com Apos Isso Tente Logar Novamente';
exit;
<?php
/* Security Proof */
$included_files = 2345;
$included_files = get_included_files();
if (!in_array($_SERVER['DOCUMENT_ROOT'] . '\\CORE.php', $included_files)) {
die;
}
if ($user_rank > 6) {
$pagename = "Editar Emblemas";
$pageid = "badgetool";
if (isset($_POST['badge']) && $_POST['name']) {
$check_name = Transaction::query("SELECT * FROM users WHERE username = '******'name']) . "'");
if (Transaction::num_rows($check_name) > 0) {
$userdata = Transaction::fetch($check_name);
$check_badge = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . $userdata['id'] . "' AND badge_id = '" . Security::textFilter($_POST['badge']) . "' LIMIT 1");
if ($_POST['action'] == "give") {
if (Transaction::num_rows($check_badge) < 1) {
Transaction::query("INSERT INTO user_badges (user_id,badge_id,badge_slot) VALUES ('" . $userdata['id'] . "','" . Security::textFilter($_POST['badge']) . "','0')");
$msg = "<div class='rounded rounded-green'><center>Voc acabou de dar <b>" . Security::textFilter($_POST['name']) . "</b> o emblema " . Security::textFilter($_POST['badge']) . " com sucesso. <img src=\"./w/images/check.gif\"></center></div>";
} else {
$msg = "<div class='rounded rounded-red'><center>" . $_POST['name'] . " J tm o Emblema " . $_POST['badge'] . ". <img src=\"./w/images/del.gif\"></center></div>";
}
} else {
if (Transaction::num_rows($check_badge) > 0) {
Transaction::query("DELETE FROM user_badges WHERE user_id = '" . $userdata['id'] . "' AND badge_id = '" . Security::textFilter($_POST['badge']) . "'");
$msg = "<div class='rounded rounded-green'><center>Voc removeu o Emblema " . Security::textFilter($_POST['badge']) . " . <img src=\"./w/images/check.gif\"></center></div>";
} else {
$msg = "<div class='rounded rounded-red'><center>" . Security::textFilter($_POST['name']) . " no tem o emblema " . Security::textFilter($_POST['badge']) . " <img src=\"./w/images/del.gif\"></center></div>";
}
}
</div>
</li>
';
$c++;
}
?>
</ul>
<?php
$query_display = Transaction::query("SELECT * FROM mobbo_news");
$row_news = Transaction::num_rows($query_display);
if ($row_news == 0) {
echo ' ';
}
$query = Transaction::query("SELECT * FROM mobbo_news ORDER BY published DESC LIMIT 4");
$c = 0;
while ($row = Transaction::fetch($query)) {
$display = 'block';
if ($c > 0) {
$display = 'none';
}
$imageme = $row['image'];
if (strpos($imageme, "#") !== false) {
$backgrounde = 'background:' . $imageme . ' !important;';
} else {
$backgrounde = 'background:url(' . $imageme . ') !important;';
}
echo '
<div id="new_' . $row["id"] . '" class="reveal-modal xlarge" data-reveal>
<div class="interior-header green" id="lolca" style="margin-top: -30px;height: 110px !important;background:#eee;background-position-y: -4px !important;">
<div class="row">
<div class="large-12 columns">
<div class='tableheaderalt'>Alertas Activas</div>
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='20%' align='left'><?php
echo $shortname;
?>
Nombre</td>
<td class='tablesubheader' width='50%' align='left'>Alerta</td>
</tr>
<?php
$get_em = Transaction::query("SELECT * FROM mobbo_alerts ORDER BY id DESC");
while ($row = Transaction::fetch($get_em)) {
$check = Transaction::query("SELECT * FROM users WHERE id = '" . $row['userid'] . "' LIMIT 1");
$user = Transaction::fetch($check);
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow1' align='left'><?php
echo $user['username'];
?>
(ID: <?php
echo $row['id'];
?>
)</td>
<td class='tablerow1' align='left'><?php
Transaction::query("INSERT INTO stafflogs (action,message,note,userid,targetid,timestamp) VALUES ('Housekeeping','Alterou as configuraes do Hotel','settings.php','" . $my_id . "','0','" . $date_full . "')");
Transaction::query("UPDATE mobbo_settings SET valuer = '" . $_POST['url'] . "' WHERE variabler = 'hotel_url'");
Transaction::query("UPDATE mobbo_settings SET valuer = '" . $_POST['mobbo_name'] . "' WHERE variabler = 'hotel_name'");
Transaction::query("UPDATE mobbo_settings SET valuer = '" . $_POST['maintenance'] . "' WHERE variabler = 'maintenance'");
Transaction::query("UPDATE mobbo_settings SET valuer = '" . $_POST['mobbo_maintenancet'] . "' WHERE variabler = 'maintenance_text'");
Transaction::query("UPDATE mobbo_settings SET valuer = '" . $_POST['mobbo_ticket'] . "' WHERE variabler = 'mobbo_ticket'");
$msg = "<div class='rounded rounded-green'><center>Alteraes salvas com sucesso <img src=\"./w/images/check.gif\"></center></div>";
} else {
$msg = "<div class='rounded rounded-red'><center>No foi possvel salvar as alteraes <img src=\"./w/images/del.gif\"></center></div>";
}
}
$mobbo_url = Transaction::fetch($mobbo_url = Transaction::query("SELECT * FROM mobbo_settings WHERE variabler = 'hotel_url'"));
$mobbo_name = Transaction::fetch($mobbo_name = Transaction::query("SELECT * FROM mobbo_settings WHERE variabler = 'hotel_name'"));
$mobbo_maintenance = Transaction::fetch($mobbo_maintenance = Transaction::query("SELECT * FROM mobbo_settings WHERE variabler = 'maintenance'"));
$mobbo_maintenancet = Transaction::fetch($mobbo_maintenancet = Transaction::query("SELECT * FROM mobbo_settings WHERE variabler = 'maintenance_text'"));
$mobbo_ticket = Transaction::fetch($mobbo_ticket = Transaction::query("SELECT * FROM mobbo_settings WHERE variabler = 'hotel_ticket'"));
$pageid = "settings";
@(include 'subheader.php');
if (isset($msg)) {
?>
<p><strong><?php
echo $msg;
?>
</strong></p><?php
}
?>
<form action='<?php
echo $adminpath;
?>
/p/settings&do=save' method='post' name='theAdminForm' id='theAdminForm'>
/**
* Get unresolved transactions for reporting.
*
* @param int $interval Minimum hours since last report was sent.
*
* @return array transactions or false on error.
* @access public
*/
public function getUnresolvedTransactions($interval)
{
$t = new Transaction();
$t->whereAdd('complete = ' . self::STATUS_REGISTRATION_EXPIRED . ' OR complete = ' . self::STATUS_FINES_UPDATED);
$t->whereAdd('paid > 0');
$t->whereAdd("reported = 0 OR NOW() > DATE_ADD(reported, INTERVAL {$interval} HOUR)");
$t->orderBy('user_id');
$t->find();
$items = array();
while ($t->fetch()) {
$items[] = $t;
}
return $items;
}
} else {
Transaction::query("UPDATE `users` SET `auth_ticket` = '" . Security::GenerateTicket() . "', `ip_last` = '" . $myrealip . "' WHERE id = '" . $id . "'") or die(mysql_error());
$ticketsql = Transaction::query("SELECT auth_ticket FROM users WHERE id = '" . $id . "'") or die(mysql_error());
$ticketrow = Transaction::fetch($ticketsql);
}
} else {
$SQL = Transaction::query("SELECT auth_ticket FROM users WHERE fb_id = '" . $fb_id . "'");
echo mysql_error();
$N = Transaction::num_rows($SQL);
if ($N == 0) {
Transaction::query("UPDATE `users` SET `auth_ticket` = '" . Security::GenerateTicket() . "', `ip_last` = '" . $myrealip . "' WHERE fb_id = '" . $fb_id . "'") or die(mysql_error());
} else {
Transaction::query("UPDATE `users` SET `auth_ticket` = '" . Security::GenerateTicket() . "', `ip_last` = '" . $myrealip . "' WHERE fb_id = '" . $fb_id . "'") or die(mysql_error());
}
$ticketsql = Transaction::query("SELECT auth_ticket FROM users WHERE fb_id = '" . $fb_id . "'") or die(mysql_error());
$ticketrow = Transaction::fetch($ticketsql);
}
logs::mobbo_log("client");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
<title><?php
echo $sitename;
?>
</title>
<script type="text/javascript">
var andSoItBegins = (new Date ()).getTime ();
public static function show($actions = array())
{
$action = htmlspecialchars($actions);
switch ($action) {
case "login":
if (isset($_POST['username'])) {
if (isset($_POST['password'])) {
$email = Security::textFilter($_POST['username']);
$password = md5(Security::textFilter($_POST['password']));
$find_user2 = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $email . "'");
$user_info2 = Transaction::fetch($find_user2);
$find_user = Transaction::query("SELECT * FROM `users` WHERE `mail` = '" . $email . "'");
$user_info = Transaction::fetch($find_user);
if ($user_info['password'] == $password or $user_info2['password'] == $password) {
$queryban = Transaction::query("SELECT * FROM `bans` WHERE `value` = '" . $user_info['username'] . "' OR `value` = '" . $user_info2['username'] . "' LIMIT 1");
if (Transaction::num_rows($queryban) > 0) {
$fetchban = Transaction::fetch($queryban);
header("location: ../index.php?ban=" . $fetchban['value'] . "&reason=" . $fetchban['reason'] . "&time=" . $fetchban['expire'] . "&true=1");
exit;
}
if (!empty($user_info)) {
$_SESSION['id'] = $user_info['id'];
$_SESSION['userid'] = $user_info['id'];
$rawhotel = md5($user_info['id'] + $user_info['username'] + $user_info['password'] + Security::getUserIP());
setcookie('rawsessionhotel', $rawhotel);
} elseif (!empty($user_info2)) {
$_SESSION['id'] = $user_info2['id'];
$_SESSION['userid'] = $user_info2['id'];
$rawhotel = md5($user_info2['id'] + $user_info2['username'] + $user_info2['password'] + Security::getUserIP());
setcookie('rawsessionhotel', $rawhotel);
}
header("location: me");
if ($_SESSION['login_try'] > 0) {
$_SESSION['login_try'] = 0;
}
exit;
} else {
$_SESSION['login_try'] = $_SESSION['login_try'] + 1;
header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1");
exit;
}
} else {
$_SESSION['login_try'] = $_SESSION['login_try'] + 1;
header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1");
exit;
}
} else {
$_SESSION['login_try'] = $_SESSION['login_try'] + 1;
header("location: ../index.php?erroro=" . $_POST['username'] . "&type=2");
exit;
}
break;
case "logout":
session_destroy();
setcookie('rawsessionhotel', '0');
header("location: ../index.php");
break;
case "404":
$ok = <<<PAGE
<html>
<title>404</title>
\t <meta charset="utf-8">
<link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css">
</head>
<body style="">
<section id="oops" style="width: 100%;">
<div class="row">
<div class="large-9 medium-9 small-12 columns small-centered">
<h5>404: Página não Encontrada</h5>
<h1 class="oversized">Esta página não existe...</h1>
<p class="lead bottom40">Você pode tentar recarregar a página indo na <a href="./">homepage.</a></p>
</div>
</div>
</section>
<a class="exit-off-canvas"></a>
</div>
</div>
</body></html>
PAGE;
echo $ok;
break;
case "405":
$maintenance_text = mobbo::mobbo_settings('maintenance_text');
$ok = <<<PAGE
<html>
\t\t\t\t\t <meta charset="utf-8">
<title>405</title>
<link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css">
</head>
<body style="">
<section id="oops" style="width: 100%;">
<div class="row">
<div class="large-9 medium-9 small-12 columns small-centered">
<h5>405: Estamos em Manutencao</h5>
<h1 class="oversized">Opa! Manutencao.</h1>
<p class="lead bottom40"><b>Motivo:</b> {$maintenance_text} <a href="/">Voltar a Home Page</a></p>
</div>
</div>
</section>
<a class="exit-off-canvas"></a>
</div>
</div>
</body></html>
PAGE;
echo $ok;
break;
case 'referidos':
echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
if (!isset($_SESSION['id'])) {
$ip = $_SERVER['REMOTE_ADDR'];
$usuario = htmlentities($_GET['referido']);
$query1 = Transaction::query("SELECT ip_referida FROM users_referidos WHERE ip_referida = '" . $ip . "' LIMIT 1");
if (Transaction::num_rows($query1) > 0) {
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
IP Ja Registrado, voce nao Pode se Registrar por Este Referido.
<a href="#" class="close">×</a>
</div>';
} else {
$_SESSION['referido'] = $ip;
$_SESSION['referiduser'] = $usuario;
header("Location: /registro");
}
}
break;
case 'erroro':
echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
$erroro = htmlentities(addslashes($_GET['erroro']));
if ($_GET['type'] == 1) {
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
' . $erroro . ', Suas Credenciais de Logins sao Invalidas, e essa senha Mesmo?
<a href="#" class="close">×</a>
</div>';
}
if ($_GET['type'] == 2) {
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
' . $erroro . ', Este usuario nao Existe, tem Certeza?
<a href="#" class="close">×</a>
</div>';
}
break;
case 'ban':
echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
$user = htmlentities(addslashes($_GET['ban']));
$reason = htmlentities(addslashes($_GET['reason']));
$reason = htmlentities(addslashes($_GET['expire']));
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
' . $user . ', Você foi Banido, Pelo Seguinte Motivo: ' . $reason . ', Entre em Contato com os Admins!
<a href="#" class="close">×</a>
</div>';
break;
case 'registro':
if (isset($_POST['username']) && isset($_POST['mail']) && isset($_POST['pass'])) {
$usuario = Security::textFilter(htmlentities($_POST['username']));
$mail = Security::textFilter(htmlentities($_POST['mail']));
$pass = Security::textFilter(htmlentities(md5($_POST['pass'])));
$firstn = Security::textFilter(htmlentities($_POST['firstname']));
$lastn = Security::textFilter(htmlentities($_POST['lastname']));
$query = Transaction::query("SELECT `id` FROM `users` WHERE `mail` = '" . $mail . "'");
if (Transaction::num_rows($query) == 0) {
$query = Transaction::query("SELECT `id` FROM `users` WHERE `username` = '" . $usuario . "'");
if (Transaction::num_rows($query) == 0) {
if (strlen($_POST['pass']) > 5) {
if (preg_match('`[a-z]`', $_POST['pass'])) {
if (preg_match('`[0-9]`', $_POST['pass'])) {
if (count(explode(' ', $usuario)) > 1) {
echo 'Sem Espaço Em Branco Pls';
} else {
if (mb_strlen($usuario) <= 25) {
Transaction::query("INSERT INTO `users` (`username`, `password`, `mail`) VALUES ('" . $usuario . "', '" . $pass . "', '" . $mail . "');");
$get_id = Transaction::query("SELECT id FROM `users` WHERE `username` = '" . $usuario . "';");
$get_id_result = Transaction::fetch($get_id);
$_SESSION['id'] = $get_id_result['id'];
$_SESSION['userid'] = $get_id_result['id'];
$_SESSION['step'] = 0;
if (isset($_SESSION['referido'])) {
$ip = htmlentities($_SESSION['referido']);
$userne = htmlentities($_SESSION['referiduser']);
Transaction::query("INSERT INTO users_referidos (usuario, ip_referida) VALUES ('" . $userne . "', '" . $ip . "');");
$_SESSION['referido'] = NULL;
}
echo 'OKAY';
} else {
echo 'Menos Caracteres Pls';
}
}
} else {
echo 'Esta senha a muito curta e/ou invalida';
}
} else {
echo 'Esta senha a muito curta e/ou invalida';
}
} else {
echo 'Esta senha a muito curta e/ou invalida';
}
} else {
echo 'Esse Usuario ja Existe';
}
} else {
echo 'Este e-mail esta em uso';
}
} else {
echo 'Erro...';
}
break;
case 'editarhome':
if (isset($_POST['texto'])) {
$username = htmlentities($_POST['username']);
$texto = htmlentities(addslashes($_POST['texto']));
$fundo = htmlentities(addslashes($_POST['fundo']));
$cores = htmlentities($_POST['cor']);
$video = htmlentities($_POST['video']);
if (!empty($texto)) {
Transaction::query("UPDATE users_homes SET texto = '" . $texto . "' WHERE username = '******'");
}
if (!empty($video)) {
Transaction::query("UPDATE users_homes SET video = '" . $video . "' WHERE username = '******'");
}
if (!empty($cores)) {
Transaction::query("UPDATE users_homes SET cores = '" . $cores . "' WHERE username = '******'");
}
if (!empty($fundo)) {
Transaction::query("UPDATE users_homes SET fundo = '" . $fundo . "' WHERE username = '******'");
}
}
break;
case 'editarfundo':
$fundo = htmlentities($_POST['fundo']);
$words = array('http://', 'www.');
if (strpos($fundo, $words[0]) !== false or strpos($fundo, $words[1]) !== false) {
$fundo = 'url(' . $fundo . ')';
}
$username = htmlentities($_POST['username']);
$user = mobbo::users_info('username');
if ($username == $user) {
Transaction::query("UPDATE users SET fundom = '" . $fundo . "' WHERE username = '******'");
}
break;
case 'colocarmanutencao':
if (mobbo::users_info("rank") >= 6) {
if (mobbo::mobbo_settings("maintenance") == 0) {
Transaction::query("UPDATE mobbo_settings SET value = '1' WHERE variable = 'maintenance'");
} elseif (mobbo::mobbo_settings("maintenance") == 1) {
Transaction::query("UPDATE mobbo_settings SET value = '0' WHERE variable = 'maintenance'");
}
header("Location: /me");
} else {
header("Location: /me");
}
break;
case 'compraritem':
$fetch = 0;
$cat = 0;
$query = 0;
if (isset($_POST['cat'])) {
$cat = htmlentities(addslashes($_POST['cat']));
$query = Transaction::query("SELECT * FROM mobbo_marktplatzvip WHERE id = '" . $cat . "' LIMIT 1");
$fetch = Transaction::fetch($query);
$dolares = $fetch['dolares'];
if (mobbo::users_info('dolares') >= $dolares) {
$queryCheck = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . mobbo::users_info('id') . "' AND badge_id = '" . $cat . "' LIMIT 1");
if (Transaction::num_rows($queryCheck) < 1) {
Transaction::query("UPDATE users SET dolares = dolares-'" . $fetch['dolares'] . "' WHERE id = '" . mobbo::users_info('id') . "' LIMIT 1");
Transaction::query("INSERT INTO user_badges (user_id, badge_id) VALUES ('" . mobbo::users_info('id') . "','" . $cat . "')");
$dolares = mobbo::users_info('dolares');
echo "Item Comprado com Sucesso, Seu Balanço de Dolares agora é de {$dolares}";
} else {
echo "Você já Possui este Emblema";
}
} else {
echo "Você Não Possui Dolares Suficientes";
}
} else {
echo "Você é um Hacker ?";
}
break;
case 'wallupdate':
if (isset($_POST['update'])) {
//insert into wall table
$message = Security::textFilter($_POST['update']);
if ($message != "") {
$image = '';
$time = time();
$video = '';
$userid = mobbo::users_info('id');
$query = Transaction::query("INSERT INTO `posts` (`desc`, `image_url`, `vid_url`,`date`,`userid`) VALUES ('{$message}', '{$image}', '{$video}','{$time}', '{$userid}')");
$ins_id = mysql_insert_id();
echo 'sucess';
}
}
break;
default:
die('This Action Does Not Exists');
break;
}
}
<?php
?>
<div class='tableborder'>
<div class='tableheaderalt'><center>Cdigos atuais</center></div>
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='60%' align='center'>Cdigo</td>
<td class='tablesubheader' width='40%' align='center'>Moedas</td>
</tr>
<?php
while ($row = Transaction::fetch($get_vouchers)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['code'];
?>
</td>
<td class='tablerow2' align='center'><?php
echo $row['value'];
?>
</td>
</tr>
<?php
}
?>
function parsePlugins()
{
$types = array();
$result = Transaction::query("SELECT * FROM mobbo_plugins");
while ($row = Transaction::fetch($result)) {
$name = $row['plugin_name'];
$code = $row['mobbo_code'];
$types[$name] = $code;
}
if (count($types) > 0) {
foreach ($types as $tag => $data) {
$query2 = Transaction::query("SELECT * FROM mobbo_plugins WHERE plugin_name = '{$tag}' LIMIT 1");
$string = '{{' . $tag . '}}';
if (strpos($this->output, $string)) {
$PluginCode = Transaction::fetch($query2);
$text = $PluginCode['mobbo_code'];
$text = eval('?>' . $text . '<?php ');
$this->output = str_replace('{{' . $tag . '}}', $text, $this->output);
}
}
} else {
$this->output = $this->output;
}
}
$user_rank = mobbo::users_info('rank');
if ($user_rank > 3 && $logged_in or !$logged_in) {
$hkzone = true;
$p = Security::textFilter($_GET['p']);
$do = Security::textFilter($_GET['do']);
$page = Security::textFilter($_GET['page']);
$key = Security::textFilter($_GET['key']);
$search = Security::textFilter($_POST['search']);
if (mobbo::session_is_registered('acp')) {
$session = $_SESSION['acp'];
$admin_username = $_SESSION['hkusername'];
$admin_password = $_SESSION['hkpassword'];
$check = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $myrow['username'] . "' AND `rank` > 5 LIMIT 1");
$valid = Transaction::num_rows($check);
if ($valid > 0) {
$tmp = Transaction::fetch($check);
if ($p == "logout") {
session_destroy();
$notify_logout = true;
include 'login.php';
} elseif ($p == "home") {
$tab = 1;
require_once 'home.php';
} elseif ($p == "test") {
$tab = 1;
require_once 'test.php';
} elseif ($p == "banners") {
$tab = 3;
require_once 'banners.php';
} elseif ($p == "campaigns") {
$tab = 3;
<?php
/*
Hooks System 0.1a - mobbo 6.0
:: NAME :: Users With More Duckets
:: VERSION :: 1.0
:: AUTHOR :: bi0s
*/
$query1 = Transaction::query("SELECT * FROM users ORDER BY activity_points DESC LIMIT 4");
while ($row = Transaction::fetch($query1)) {
$query2 = Transaction::query("SELECT * FROM users WHERE id = '" . $row['id'] . "' ORDER BY username ASC LIMIT 4");
while ($row2 = Transaction::fetch($query2)) {
echo '<a class="th" style="border-radius: 50px;margin-right:6px;height: 92px;width: 90px;overflow: hidden;"><img style="margin-left:9px" data-tooltip class="has-tip" title="' . $row2['username'] . ', com ' . $row2['activity_points'] . ' duckets" src="http://habbo.de/habbo-imaging/avatarimage?figure=' . $row2['look'] . '" data-reveal-id="homeswall" onclick=\'loadHomes("' . $row2['username'] . '")\'></a>   ';
}
}
public static function Active($template)
{
$path = TEMPLATES;
$gall = GALLERY;
$q = Transaction::query("SELECT * FROM mobbo_templates WHERE active = 1");
if (Transaction::num_rows($q) > 0) {
$q = Transaction::query("SELECT * FROM mobbo_templates WHERE active = 1");
$o = Transaction::fetch($q);
$p = $o['path'];
if ($p != $template) {
Files::del_dir(TEMPLATES . "{$p}/web-gallery");
Files::copy_directory(WEBGALLERY, TEMPLATES . "{$p}/web-gallery/");
Files::del_dir(WEBGALLERY);
Files::copy_directory(TEMPLATES . $template . '/web-gallery/', WEBGALLERY);
Transaction::query("UPDATE mobbo_templates SET active = 0;");
Transaction::query("UPDATE mobbo_templates SET active = 1 WHERE path = '" . $template . "'");
return 1;
} else {
Files::copy_directory(TEMPLATES . $template . '/web-gallery', WEBGALLERY);
Transaction::query("UPDATE mobbo_templates SET active = 0;");
Transaction::query("UPDATE mobbo_templates SET active = 1 WHERE path = '" . $template . "'");
return 1;
}
} else {
Files::copy_directory(TEMPLATES . $template . '/web-gallery', WEBGALLERY);
Transaction::query("UPDATE mobbo_templates SET active = '0';");
Transaction::query("UPDATE mobbo_templates SET active = 1 WHERE path = '" . $template . "'");
return 1;
}
}
?>
</center></div>
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='1%' align='center'>Usuario</td>
<td class='tablesubheader' width='20%' align='center'>Quarto</td>
<td class='tablesubheader' width='21%' align='center'>Data</td>
<td class='tablesubheader' width='59%' align='center'>Conversa</td>
</tr>
<?php
$logs = Transaction::query("SELECT * FROM chatlogs WHERE room_id = '" . $_POST['query'] . "' ORDER BY timestamp DESC LIMIT " . $limit . "");
while ($rowlogs = Transaction::fetch($logs)) {
$get_user = Transaction::query("SELECT * FROM users WHERE id = '" . $rowlogs['user_id'] . "'");
$users = Transaction::fetch($get_user);
$get_room = Transaction::query("SELECT * FROM rooms WHERE id = '" . $rowlogs['room_id'] . "'");
$rooms = Transaction::fetch($get_room);
?>
<tr>
<td class='tablerow1'><?php
echo $users['username'];
?>
</td>
<td class='tablerow2'><?php
echo $rooms['caption'];
?>
(ID: <?php
echo $rowlogs['room_id'];
?>
)</td>
<td class='tablerow2''><?php
