} else { $user_rank = 0; $name = "Guest"; $my_id = 0; $myticket = "0"; $logged_in = false; } } else { $user_rank = 0; $name = "Guest"; $my_id = 0; $myticket = "0"; $logged_in = false; } // check the maintenance if (mobbo::mobbo_settings('maintenance') == 1) { if (!isset($_GET['actions']) and $_GET['actions'] != '405') { if (!isset($_SESSION['id']) or mobbo::users_info('rank') < 5) { header("Location: /action/405"); } } } // say to the system what its the filename $pagina = $_SERVER['PHP_SELF']; /* * * End of the Habbo Environment Parsering * */ /* *
ini_set("display_errors", false); ini_set('default_charset', 'iso-8859-1'); header("Content-Type: text/html; charset=ISO-8859-1", true); error_reporting(1); } // start the translation system Translation::setLanguage($language); Security::ddosprotect(); // the hotel settings rows $remote_ip = $_SERVER['REMOTE_ADDR']; $maintenance = mobbo::mobbo_settings('maintenance') != 0 ? mobbo::mobbo_settings('maintenace') : 0; // check the settings rows for the housekeeping // Transaction::query ( "UPDATE mobbo_settings SET value = 'mobbo-c9-sant0ro.c9.io' WHERE variable = 'hotel_url'" ) ; $config = Transaction::fetch($mobbo_settings); $sitename = mobbo::mobbo_settings('hotel_name'); $path = mobbo::mobbo_settings('hotel_url'); $onlines = $online_count; $shortname = $mobbo_name; $adminpath = $path . "/acp/"; $pagefile = $_SERVER['PHP_SELF']; $key = htmlentities($_GET['key']); // check the date and start the dating rows if (@ini_get('date.timezone') == null && function_exists("date_default_timezone_get")) { @date_default_timezone_set("Europe/Madrid"); } $H = date('H'); $i = date('i'); $s = date('s'); $m = date('m'); $d = date('d'); $Y = date('Y');
public static function show($actions = array()) { $action = htmlspecialchars($actions); switch ($action) { case "login": if (isset($_POST['username'])) { if (isset($_POST['password'])) { $email = Security::textFilter($_POST['username']); $password = md5(Security::textFilter($_POST['password'])); $find_user2 = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $email . "'"); $user_info2 = Transaction::fetch($find_user2); $find_user = Transaction::query("SELECT * FROM `users` WHERE `mail` = '" . $email . "'"); $user_info = Transaction::fetch($find_user); if ($user_info['password'] == $password or $user_info2['password'] == $password) { $queryban = Transaction::query("SELECT * FROM `bans` WHERE `value` = '" . $user_info['username'] . "' OR `value` = '" . $user_info2['username'] . "' LIMIT 1"); if (Transaction::num_rows($queryban) > 0) { $fetchban = Transaction::fetch($queryban); header("location: ../index.php?ban=" . $fetchban['value'] . "&reason=" . $fetchban['reason'] . "&time=" . $fetchban['expire'] . "&true=1"); exit; } if (!empty($user_info)) { $_SESSION['id'] = $user_info['id']; $_SESSION['userid'] = $user_info['id']; $rawhotel = md5($user_info['id'] + $user_info['username'] + $user_info['password'] + Security::getUserIP()); setcookie('rawsessionhotel', $rawhotel); } elseif (!empty($user_info2)) { $_SESSION['id'] = $user_info2['id']; $_SESSION['userid'] = $user_info2['id']; $rawhotel = md5($user_info2['id'] + $user_info2['username'] + $user_info2['password'] + Security::getUserIP()); setcookie('rawsessionhotel', $rawhotel); } header("location: me"); if ($_SESSION['login_try'] > 0) { $_SESSION['login_try'] = 0; } exit; } else { $_SESSION['login_try'] = $_SESSION['login_try'] + 1; header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1"); exit; } } else { $_SESSION['login_try'] = $_SESSION['login_try'] + 1; header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1"); exit; } } else { $_SESSION['login_try'] = $_SESSION['login_try'] + 1; header("location: ../index.php?erroro=" . $_POST['username'] . "&type=2"); exit; } break; case "logout": session_destroy(); setcookie('rawsessionhotel', '0'); header("location: ../index.php"); break; case "404": $ok = <<<PAGE <html> <title>404</title> \t <meta charset="utf-8"> <link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css"> </head> <body style=""> <section id="oops" style="width: 100%;"> <div class="row"> <div class="large-9 medium-9 small-12 columns small-centered"> <h5>404: Página não Encontrada</h5> <h1 class="oversized">Esta página não existe...</h1> <p class="lead bottom40">Você pode tentar recarregar a página indo na <a href="./">homepage.</a></p> </div> </div> </section> <a class="exit-off-canvas"></a> </div> </div> </body></html> PAGE; echo $ok; break; case "405": $maintenance_text = mobbo::mobbo_settings('maintenance_text'); $ok = <<<PAGE <html> \t\t\t\t\t <meta charset="utf-8"> <title>405</title> <link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css"> </head> <body style=""> <section id="oops" style="width: 100%;"> <div class="row"> <div class="large-9 medium-9 small-12 columns small-centered"> <h5>405: Estamos em Manutencao</h5> <h1 class="oversized">Opa! Manutencao.</h1> <p class="lead bottom40"><b>Motivo:</b> {$maintenance_text} <a href="/">Voltar a Home Page</a></p> </div> </div> </section> <a class="exit-off-canvas"></a> </div> </div> </body></html> PAGE; echo $ok; break; case 'referidos': echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">'; if (!isset($_SESSION['id'])) { $ip = $_SERVER['REMOTE_ADDR']; $usuario = htmlentities($_GET['referido']); $query1 = Transaction::query("SELECT ip_referida FROM users_referidos WHERE ip_referida = '" . $ip . "' LIMIT 1"); if (Transaction::num_rows($query1) > 0) { echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;"> IP Ja Registrado, voce nao Pode se Registrar por Este Referido. <a href="#" class="close">×</a> </div>'; } else { $_SESSION['referido'] = $ip; $_SESSION['referiduser'] = $usuario; header("Location: /registro"); } } break; case 'erroro': echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">'; $erroro = htmlentities(addslashes($_GET['erroro'])); if ($_GET['type'] == 1) { echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;"> ' . $erroro . ', Suas Credenciais de Logins sao Invalidas, e essa senha Mesmo? <a href="#" class="close">×</a> </div>'; } if ($_GET['type'] == 2) { echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;"> ' . $erroro . ', Este usuario nao Existe, tem Certeza? <a href="#" class="close">×</a> </div>'; } break; case 'ban': echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">'; $user = htmlentities(addslashes($_GET['ban'])); $reason = htmlentities(addslashes($_GET['reason'])); $reason = htmlentities(addslashes($_GET['expire'])); echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;"> ' . $user . ', Você foi Banido, Pelo Seguinte Motivo: ' . $reason . ', Entre em Contato com os Admins! <a href="#" class="close">×</a> </div>'; break; case 'registro': if (isset($_POST['username']) && isset($_POST['mail']) && isset($_POST['pass'])) { $usuario = Security::textFilter(htmlentities($_POST['username'])); $mail = Security::textFilter(htmlentities($_POST['mail'])); $pass = Security::textFilter(htmlentities(md5($_POST['pass']))); $firstn = Security::textFilter(htmlentities($_POST['firstname'])); $lastn = Security::textFilter(htmlentities($_POST['lastname'])); $query = Transaction::query("SELECT `id` FROM `users` WHERE `mail` = '" . $mail . "'"); if (Transaction::num_rows($query) == 0) { $query = Transaction::query("SELECT `id` FROM `users` WHERE `username` = '" . $usuario . "'"); if (Transaction::num_rows($query) == 0) { if (strlen($_POST['pass']) > 5) { if (preg_match('`[a-z]`', $_POST['pass'])) { if (preg_match('`[0-9]`', $_POST['pass'])) { if (count(explode(' ', $usuario)) > 1) { echo 'Sem Espaço Em Branco Pls'; } else { if (mb_strlen($usuario) <= 25) { Transaction::query("INSERT INTO `users` (`username`, `password`, `mail`) VALUES ('" . $usuario . "', '" . $pass . "', '" . $mail . "');"); $get_id = Transaction::query("SELECT id FROM `users` WHERE `username` = '" . $usuario . "';"); $get_id_result = Transaction::fetch($get_id); $_SESSION['id'] = $get_id_result['id']; $_SESSION['userid'] = $get_id_result['id']; $_SESSION['step'] = 0; if (isset($_SESSION['referido'])) { $ip = htmlentities($_SESSION['referido']); $userne = htmlentities($_SESSION['referiduser']); Transaction::query("INSERT INTO users_referidos (usuario, ip_referida) VALUES ('" . $userne . "', '" . $ip . "');"); $_SESSION['referido'] = NULL; } echo 'OKAY'; } else { echo 'Menos Caracteres Pls'; } } } else { echo 'Esta senha a muito curta e/ou invalida'; } } else { echo 'Esta senha a muito curta e/ou invalida'; } } else { echo 'Esta senha a muito curta e/ou invalida'; } } else { echo 'Esse Usuario ja Existe'; } } else { echo 'Este e-mail esta em uso'; } } else { echo 'Erro...'; } break; case 'editarhome': if (isset($_POST['texto'])) { $username = htmlentities($_POST['username']); $texto = htmlentities(addslashes($_POST['texto'])); $fundo = htmlentities(addslashes($_POST['fundo'])); $cores = htmlentities($_POST['cor']); $video = htmlentities($_POST['video']); if (!empty($texto)) { Transaction::query("UPDATE users_homes SET texto = '" . $texto . "' WHERE username = '******'"); } if (!empty($video)) { Transaction::query("UPDATE users_homes SET video = '" . $video . "' WHERE username = '******'"); } if (!empty($cores)) { Transaction::query("UPDATE users_homes SET cores = '" . $cores . "' WHERE username = '******'"); } if (!empty($fundo)) { Transaction::query("UPDATE users_homes SET fundo = '" . $fundo . "' WHERE username = '******'"); } } break; case 'editarfundo': $fundo = htmlentities($_POST['fundo']); $words = array('http://', 'www.'); if (strpos($fundo, $words[0]) !== false or strpos($fundo, $words[1]) !== false) { $fundo = 'url(' . $fundo . ')'; } $username = htmlentities($_POST['username']); $user = mobbo::users_info('username'); if ($username == $user) { Transaction::query("UPDATE users SET fundom = '" . $fundo . "' WHERE username = '******'"); } break; case 'colocarmanutencao': if (mobbo::users_info("rank") >= 6) { if (mobbo::mobbo_settings("maintenance") == 0) { Transaction::query("UPDATE mobbo_settings SET value = '1' WHERE variable = 'maintenance'"); } elseif (mobbo::mobbo_settings("maintenance") == 1) { Transaction::query("UPDATE mobbo_settings SET value = '0' WHERE variable = 'maintenance'"); } header("Location: /me"); } else { header("Location: /me"); } break; case 'compraritem': $fetch = 0; $cat = 0; $query = 0; if (isset($_POST['cat'])) { $cat = htmlentities(addslashes($_POST['cat'])); $query = Transaction::query("SELECT * FROM mobbo_marktplatzvip WHERE id = '" . $cat . "' LIMIT 1"); $fetch = Transaction::fetch($query); $dolares = $fetch['dolares']; if (mobbo::users_info('dolares') >= $dolares) { $queryCheck = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . mobbo::users_info('id') . "' AND badge_id = '" . $cat . "' LIMIT 1"); if (Transaction::num_rows($queryCheck) < 1) { Transaction::query("UPDATE users SET dolares = dolares-'" . $fetch['dolares'] . "' WHERE id = '" . mobbo::users_info('id') . "' LIMIT 1"); Transaction::query("INSERT INTO user_badges (user_id, badge_id) VALUES ('" . mobbo::users_info('id') . "','" . $cat . "')"); $dolares = mobbo::users_info('dolares'); echo "Item Comprado com Sucesso, Seu Balanço de Dolares agora é de {$dolares}"; } else { echo "Você já Possui este Emblema"; } } else { echo "Você Não Possui Dolares Suficientes"; } } else { echo "Você é um Hacker ?"; } break; case 'wallupdate': if (isset($_POST['update'])) { //insert into wall table $message = Security::textFilter($_POST['update']); if ($message != "") { $image = ''; $time = time(); $video = ''; $userid = mobbo::users_info('id'); $query = Transaction::query("INSERT INTO `posts` (`desc`, `image_url`, `vid_url`,`date`,`userid`) VALUES ('{$message}', '{$image}', '{$video}','{$time}', '{$userid}')"); $ins_id = mysql_insert_id(); echo 'sucess'; } } break; default: die('This Action Does Not Exists'); break; } }