$owner = 'yesiamtheowner'; } else { $owner = 'imnot'; } } else { $owner = 'yesiamtheowner'; } $user_rank = mobbo::users_info('rank'); if ($user_rank > 3 && $logged_in or !$logged_in) { $hkzone = true; $p = Security::textFilter($_GET['p']); $do = Security::textFilter($_GET['do']); $page = Security::textFilter($_GET['page']); $key = Security::textFilter($_GET['key']); $search = Security::textFilter($_POST['search']); if (mobbo::session_is_registered('acp')) { $session = $_SESSION['acp']; $admin_username = $_SESSION['hkusername']; $admin_password = $_SESSION['hkpassword']; $check = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $myrow['username'] . "' AND `rank` > 5 LIMIT 1"); $valid = Transaction::num_rows($check); if ($valid > 0) { $tmp = Transaction::fetch($check); if ($p == "logout") { session_destroy(); $notify_logout = true; include 'login.php'; } elseif ($p == "home") { $tab = 1; require_once 'home.php'; } elseif ($p == "test") {
<?php /* Security Proof */ $included_files = 2345; $included_files = get_included_files(); if (!in_array($_SERVER['DOCUMENT_ROOT'] . '\\CORE.php', $included_files)) { die; } if ($hkzone !== true) { header("Location: index.php?throwBack=true"); exit; } if (!mobbo::session_is_registered(acp)) { header("Location: p/login"); exit; } $pagename = "Home"; $pageid = "home"; @(include 'subheader.php'); @(include 'header.php'); ?> <style> table { border: 1px solid white; } </style> <table cellpadding='0' cellspacing='8' width='100%' id='tablewrap'> <tr> <td width='100%' valign='top' id='rightblock'>
if (isset($_POST['username'])) { $form_name = addslashes($_POST['username']); $form_pass = mobbo::HoloHash($_POST['password']); $form_pass2 = mobbo::HoloHashMD5($_POST['password']); $form_code = $_POST['codeword']; $check = Transaction::query("SELECT * FROM users WHERE username = '******' AND password = '******' AND rank > 3 or username = '******' AND password = '******' AND rank > 3 LIMIT 1"); $valid = Transaction::num_rows($check); if (!empty($form_name) && !empty($form_pass)) { if ($valid > 0) { $row = Transaction::fetch($check); $_SESSION['acp'] = true; $_SESSION['hkusername'] = $row['username']; $_SESSION['hkpassword'] = $form_pass2; $_SESSION['hkcode'] = $form_code; $my_id = $row['id']; if (!mobbo::session_is_registered(username)) { $_SESSION['username'] = $row['username']; $_SESSION['password'] = $form_pass2; $_SESSION['code'] = $form_code; } Transaction::query("UPDATE users SET ip_last = '" . $remote_ip . "' WHERE id = '" . $row['id'] . "' LIMIT 1"); Transaction::query("INSERT INTO stafflogs (action,message,note,userid,targetid,timestamp) VALUES ('Housekeeping','Login (IP: " . $remote_ip . ")','login.php','" . $my_id . "','0','" . $date_full . "')"); if ($_POST['headerclient'] == true) { header("location: {$path}/client"); exit; } else { header("location: " . $adminpath . "/p/home"); exit; } } else { $msg = "Nome de usuario, senha o Habbo ID incorrectos.";