Security::textFilter, spaghettiphp PHP 코드 예제들

예제 #1

0

파일 보기

파일: users_edit.php 프로젝트: habb0/mobbo

                    $look = $userdata['look'];
                    $vip = $userdata['vip'];
                    $rank = $userdata['rank'];
                } else {
                    $working = $_POST['working'];
                    $secretcode = $_POST['secretcode'];
                    $vip_points = $_POST['vip_points'];
                    $online = $_POST['online'];
                    $look = $_POST['look'];
                    if ($_POST['vip'] == "true") {
                        $vip = "1";
                    } else {
                        $vip = "0";
                    }
                }
                Transaction::query("UPDATE users SET real_name = '" . Security::textFilter($_POST['real_name']) . "', motto = '" . Security::textFilter($_POST['motto']) . "', look = '" . Security::textFilter($look) . "', gender = '" . Security::textFilter($_POST['gender']) . "', mail = '" . Security::textFilter($_POST['mail']) . "', credits = '" . Security::textFilter($_POST['credits']) . "', activity_points = '" . Security::textFilter($_POST['activity_points']) . "', birth = '" . Security::textFilter($_POST['birth']) . "', ip_last = '" . Security::textFilter($_POST['ip_last']) . "', ip_reg = '" . Security::textFilter($_POST['ip_reg']) . "', working = '" . $working . "', secretcode = '" . $secretcode . "', vip_points = '" . $vip_points . "', online = '" . $online . "', vip = '" . $vip . "' WHERE id = '" . $userdata['id'] . "'");
                $msg = "<div class='rounded rounded-green'><center>" . $userdata['username'] . " (ID: " . $userdata['id'] . ") Alteraes salvas! <img src=\"./w/images/check.gif\"></center></div>";
                $query = Transaction::query("SELECT * FROM users WHERE id = '" . $key . "' LIMIT 1");
                $userdata = Transaction::fetch($query);
            } else {
                $msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar este usurio! <img src=\"./w/images/del.gif\"></center></div>";
            }
        } else {
            $msg = "<div class='rounded rounded-red'><center>Cheque todos os campos! <img src=\"./w/images/del.gif\"></center></div>";
        }
    }
    $check_bann = Transaction::query("SELECT * FROM bans WHERE value = '" . $userdata['username'] . "' AND bantype = 'user'");
    @(include 'subheader.php');
    if (isset($msg)) {
        ?>
<p><strong><?php

예제 #2

0

파일 보기

파일: vouchers.php 프로젝트: habb0/mobbo

    die;
}
if ($user_rank > 5) {
    if ($hkzone !== true) {
        header("Location: index.php?throwBack=true");
        exit;
    }
    if (!mobbo::session_is_registered(acp)) {
        header("Location: index.php?p=login");
        exit;
    }
    $pagename = "Cdigo de Moedas";
    $pageid = "vouchers";
    if (isset($_POST['submit'])) {
        if (!empty($_POST['voucher']) && !empty($_POST['credits'])) {
            Transaction::query("INSERT INTO credit_vouchers (code,value) VALUES ('" . Security::textFilter($_POST['voucher']) . "','" . Security::textFilter($_POST['credits']) . "')");
            $msg = "<div class='rounded rounded-green'><center>Cdigo criado corretamente! <img src=\"./w/images/check.gif\"></center></div>";
        } else {
            $msg = "<div class='rounded rounded-red'><center>Preencha todos os campos!. <img src=\"./w/images/del.gif\"></center></div>";
        }
    }
    function randomVoucher($code)
    {
        $characters = "1234567890abdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
        $key = $characters[rand(0, 71)];
        for ($i = 1; $i < $code; $i++) {
            $key .= $characters[rand(0, 71)];
        }
        return $key;
    }
    $get_vouchers = Transaction::query("SELECT * FROM credit_vouchers");

예제 #3

0

파일 보기

파일: Actions.class.php 프로젝트: habb0/mobbo

    public static function show($actions = array())
    {
        $action = htmlspecialchars($actions);
        switch ($action) {
            case "login":
                if (isset($_POST['username'])) {
                    if (isset($_POST['password'])) {
                        $email = Security::textFilter($_POST['username']);
                        $password = md5(Security::textFilter($_POST['password']));
                        $find_user2 = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $email . "'");
                        $user_info2 = Transaction::fetch($find_user2);
                        $find_user = Transaction::query("SELECT * FROM `users` WHERE `mail` = '" . $email . "'");
                        $user_info = Transaction::fetch($find_user);
                        if ($user_info['password'] == $password or $user_info2['password'] == $password) {
                            $queryban = Transaction::query("SELECT * FROM `bans` WHERE `value` = '" . $user_info['username'] . "' OR `value` =  '" . $user_info2['username'] . "' LIMIT 1");
                            if (Transaction::num_rows($queryban) > 0) {
                                $fetchban = Transaction::fetch($queryban);
                                header("location: ../index.php?ban=" . $fetchban['value'] . "&reason=" . $fetchban['reason'] . "&time=" . $fetchban['expire'] . "&true=1");
                                exit;
                            }
                            if (!empty($user_info)) {
                                $_SESSION['id'] = $user_info['id'];
                                $_SESSION['userid'] = $user_info['id'];
                                $rawhotel = md5($user_info['id'] + $user_info['username'] + $user_info['password'] + Security::getUserIP());
                                setcookie('rawsessionhotel', $rawhotel);
                            } elseif (!empty($user_info2)) {
                                $_SESSION['id'] = $user_info2['id'];
                                $_SESSION['userid'] = $user_info2['id'];
                                $rawhotel = md5($user_info2['id'] + $user_info2['username'] + $user_info2['password'] + Security::getUserIP());
                                setcookie('rawsessionhotel', $rawhotel);
                            }
                            header("location: me");
                            if ($_SESSION['login_try'] > 0) {
                                $_SESSION['login_try'] = 0;
                            }
                            exit;
                        } else {
                            $_SESSION['login_try'] = $_SESSION['login_try'] + 1;
                            header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1");
                            exit;
                        }
                    } else {
                        $_SESSION['login_try'] = $_SESSION['login_try'] + 1;
                        header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1");
                        exit;
                    }
                } else {
                    $_SESSION['login_try'] = $_SESSION['login_try'] + 1;
                    header("location: ../index.php?erroro=" . $_POST['username'] . "&type=2");
                    exit;
                }
                break;
            case "logout":
                session_destroy();
                setcookie('rawsessionhotel', '0');
                header("location: ../index.php");
                break;
            case "404":
                $ok = <<<PAGE
                    <html>
    <title>404</title>
\t   <meta charset="utf-8">
    <link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css">
</head>
  <body style="">
<section id="oops" style="width: 100%;">
<div class="row">
  <div class="large-9 medium-9 small-12 columns small-centered">
    <h5>404: Página não Encontrada</h5>
    <h1 class="oversized">Esta página não existe...</h1>
    <p class="lead bottom40">Você pode tentar recarregar a página indo na <a href="./">homepage.</a></p>   
  </div>
</div>
</section>
        <a class="exit-off-canvas"></a>
      </div>      
    </div>
</body></html> 
PAGE;
                echo $ok;
                break;
            case "405":
                $maintenance_text = mobbo::mobbo_settings('maintenance_text');
                $ok = <<<PAGE
                    <html>
\t\t\t\t\t   <meta charset="utf-8">
    <title>405</title>
    <link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css">
</head>
  <body style="">
<section id="oops" style="width: 100%;">
<div class="row">
  <div class="large-9 medium-9 small-12 columns small-centered">
    <h5>405: Estamos em Manutencao</h5>
    <h1 class="oversized">Opa! Manutencao.</h1>
    <p class="lead bottom40"><b>Motivo:</b> {$maintenance_text}   <a href="/">Voltar a Home Page</a></p>   
  </div>
</div>
</section>
        <a class="exit-off-canvas"></a>
      </div>      
    </div>
</body></html> 
PAGE;
                echo $ok;
                break;
            case 'referidos':
                echo '      <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
                if (!isset($_SESSION['id'])) {
                    $ip = $_SERVER['REMOTE_ADDR'];
                    $usuario = htmlentities($_GET['referido']);
                    $query1 = Transaction::query("SELECT ip_referida FROM users_referidos WHERE ip_referida = '" . $ip . "' LIMIT 1");
                    if (Transaction::num_rows($query1) > 0) {
                        echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
                IP Ja Registrado, voce nao Pode se Registrar por Este Referido.
                <a href="#" class="close">&times;</a>
            </div>';
                    } else {
                        $_SESSION['referido'] = $ip;
                        $_SESSION['referiduser'] = $usuario;
                        header("Location: /registro");
                    }
                }
                break;
            case 'erroro':
                echo '      <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
                $erroro = htmlentities(addslashes($_GET['erroro']));
                if ($_GET['type'] == 1) {
                    echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
                ' . $erroro . ', Suas Credenciais de Logins sao Invalidas, e essa senha Mesmo?
                <a href="#" class="close">&times;</a>
            </div>';
                }
                if ($_GET['type'] == 2) {
                    echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
                ' . $erroro . ', Este usuario nao Existe, tem Certeza?
                <a href="#" class="close">&times;</a>
            </div>';
                }
                break;
            case 'ban':
                echo '      <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
                $user = htmlentities(addslashes($_GET['ban']));
                $reason = htmlentities(addslashes($_GET['reason']));
                $reason = htmlentities(addslashes($_GET['expire']));
                echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
                ' . $user . ', Você foi Banido, Pelo Seguinte Motivo: ' . $reason . ', Entre em Contato com os Admins!
                <a href="#" class="close">&times;</a>
            </div>';
                break;
            case 'registro':
                if (isset($_POST['username']) && isset($_POST['mail']) && isset($_POST['pass'])) {
                    $usuario = Security::textFilter(htmlentities($_POST['username']));
                    $mail = Security::textFilter(htmlentities($_POST['mail']));
                    $pass = Security::textFilter(htmlentities(md5($_POST['pass'])));
                    $firstn = Security::textFilter(htmlentities($_POST['firstname']));
                    $lastn = Security::textFilter(htmlentities($_POST['lastname']));
                    $query = Transaction::query("SELECT `id` FROM `users` WHERE `mail` = '" . $mail . "'");
                    if (Transaction::num_rows($query) == 0) {
                        $query = Transaction::query("SELECT `id` FROM `users` WHERE `username` = '" . $usuario . "'");
                        if (Transaction::num_rows($query) == 0) {
                            if (strlen($_POST['pass']) > 5) {
                                if (preg_match('`[a-z]`', $_POST['pass'])) {
                                    if (preg_match('`[0-9]`', $_POST['pass'])) {
                                        if (count(explode(' ', $usuario)) > 1) {
                                            echo 'Sem Espaço Em Branco Pls';
                                        } else {
                                            if (mb_strlen($usuario) <= 25) {
                                                Transaction::query("INSERT INTO `users` (`username`, `password`, `mail`) VALUES ('" . $usuario . "', '" . $pass . "', '" . $mail . "');");
                                                $get_id = Transaction::query("SELECT id FROM `users` WHERE `username` = '" . $usuario . "';");
                                                $get_id_result = Transaction::fetch($get_id);
                                                $_SESSION['id'] = $get_id_result['id'];
                                                $_SESSION['userid'] = $get_id_result['id'];
                                                $_SESSION['step'] = 0;
                                                if (isset($_SESSION['referido'])) {
                                                    $ip = htmlentities($_SESSION['referido']);
                                                    $userne = htmlentities($_SESSION['referiduser']);
                                                    Transaction::query("INSERT INTO users_referidos (usuario, ip_referida) VALUES ('" . $userne . "', '" . $ip . "');");
                                                    $_SESSION['referido'] = NULL;
                                                }
                                                echo 'OKAY';
                                            } else {
                                                echo 'Menos Caracteres Pls';
                                            }
                                        }
                                    } else {
                                        echo 'Esta senha a muito curta e/ou invalida';
                                    }
                                } else {
                                    echo 'Esta senha a muito curta e/ou invalida';
                                }
                            } else {
                                echo 'Esta senha a muito curta e/ou invalida';
                            }
                        } else {
                            echo 'Esse Usuario ja Existe';
                        }
                    } else {
                        echo 'Este e-mail esta em uso';
                    }
                } else {
                    echo 'Erro...';
                }
                break;
            case 'editarhome':
                if (isset($_POST['texto'])) {
                    $username = htmlentities($_POST['username']);
                    $texto = htmlentities(addslashes($_POST['texto']));
                    $fundo = htmlentities(addslashes($_POST['fundo']));
                    $cores = htmlentities($_POST['cor']);
                    $video = htmlentities($_POST['video']);
                    if (!empty($texto)) {
                        Transaction::query("UPDATE users_homes SET texto = '" . $texto . "' WHERE username = '******'");
                    }
                    if (!empty($video)) {
                        Transaction::query("UPDATE users_homes SET video = '" . $video . "' WHERE username = '******'");
                    }
                    if (!empty($cores)) {
                        Transaction::query("UPDATE users_homes SET cores = '" . $cores . "' WHERE username = '******'");
                    }
                    if (!empty($fundo)) {
                        Transaction::query("UPDATE users_homes SET fundo = '" . $fundo . "' WHERE username = '******'");
                    }
                }
                break;
            case 'editarfundo':
                $fundo = htmlentities($_POST['fundo']);
                $words = array('http://', 'www.');
                if (strpos($fundo, $words[0]) !== false or strpos($fundo, $words[1]) !== false) {
                    $fundo = 'url(' . $fundo . ')';
                }
                $username = htmlentities($_POST['username']);
                $user = mobbo::users_info('username');
                if ($username == $user) {
                    Transaction::query("UPDATE users SET fundom = '" . $fundo . "' WHERE username = '******'");
                }
                break;
            case 'colocarmanutencao':
                if (mobbo::users_info("rank") >= 6) {
                    if (mobbo::mobbo_settings("maintenance") == 0) {
                        Transaction::query("UPDATE mobbo_settings SET value = '1' WHERE variable = 'maintenance'");
                    } elseif (mobbo::mobbo_settings("maintenance") == 1) {
                        Transaction::query("UPDATE mobbo_settings SET value = '0' WHERE variable = 'maintenance'");
                    }
                    header("Location: /me");
                } else {
                    header("Location: /me");
                }
                break;
            case 'compraritem':
                $fetch = 0;
                $cat = 0;
                $query = 0;
                if (isset($_POST['cat'])) {
                    $cat = htmlentities(addslashes($_POST['cat']));
                    $query = Transaction::query("SELECT * FROM mobbo_marktplatzvip WHERE id = '" . $cat . "' LIMIT 1");
                    $fetch = Transaction::fetch($query);
                    $dolares = $fetch['dolares'];
                    if (mobbo::users_info('dolares') >= $dolares) {
                        $queryCheck = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . mobbo::users_info('id') . "' AND badge_id = '" . $cat . "' LIMIT 1");
                        if (Transaction::num_rows($queryCheck) < 1) {
                            Transaction::query("UPDATE users SET dolares = dolares-'" . $fetch['dolares'] . "' WHERE id = '" . mobbo::users_info('id') . "' LIMIT 1");
                            Transaction::query("INSERT INTO user_badges (user_id, badge_id) VALUES ('" . mobbo::users_info('id') . "','" . $cat . "')");
                            $dolares = mobbo::users_info('dolares');
                            echo "Item Comprado com Sucesso, Seu Balanço de Dolares agora é de {$dolares}";
                        } else {
                            echo "Você já Possui este Emblema";
                        }
                    } else {
                        echo "Você Não Possui Dolares Suficientes";
                    }
                } else {
                    echo "Você é um Hacker ?";
                }
                break;
            case 'wallupdate':
                if (isset($_POST['update'])) {
                    //insert into wall table
                    $message = Security::textFilter($_POST['update']);
                    if ($message != "") {
                        $image = '';
                        $time = time();
                        $video = '';
                        $userid = mobbo::users_info('id');
                        $query = Transaction::query("INSERT INTO `posts` (`desc`, `image_url`, `vid_url`,`date`,`userid`) VALUES ('{$message}', '{$image}', '{$video}','{$time}', '{$userid}')");
                        $ins_id = mysql_insert_id();
                        echo 'sucess';
                    }
                }
                break;
            default:
                die('This Action Does Not Exists');
                break;
        }
    }

예제 #4

0

파일 보기

파일: cloner.php 프로젝트: habb0/mobbo

    $pageid = "cloner";
    if (isset($_POST['query']) && $_POST['type']) {
        if ($_POST['query']) {
            if ($_POST['type'] == "name") {
                $get_users_a = Transaction::query("SELECT * FROM users WHERE username = '******'query']) . "' ORDER BY username");
                $check_a = Transaction::num_rows($get_users_a);
                if ($check_a > 0) {
                    $userdata_a = Transaction::fetch($get_users_a);
                    $get_users = Transaction::query("SELECT * FROM users WHERE ip_last = '" . $userdata_a['ip_last'] . "' or ip_reg = '" . $userdata_a['ip_reg'] . "' ORDER BY username");
                    $check = Transaction::num_rows($get_users);
                    $msg = "<div class='rounded rounded-green'><center><b>Foram encontrados os seguintes usurios com esse mesmo IP:</b> <img src=\"./w/images/check.gif\"></center></div>";
                } else {
                    $msg = "<div class='rounded rounded-red'><center><b>No foi possvel encontrar este usurio</b> <img src=\"./w/images/del.gif\"></center></div>";
                }
            } else {
                $get_users = Transaction::query("SELECT * FROM users WHERE ip_last = '" . Security::textFilter($_POST['query']) . "' ORDER BY username");
                $check = Transaction::num_rows($get_users);
                if ($check > 0) {
                    $msg = "<div class='rounded rounded-green'><center><b>Foram encontrados os seguintes usurios com esse IP:</b> <img src=\"./w/images/check.gif\"></center></div>";
                } else {
                    $msg = "<div class='rounded rounded-red'><center><b>IP no encontrado!</b> <img src=\"./w/images/del.gif\"></center></div>";
                }
            }
        } else {
            $msg = "<div class='rounded rounded-red'><center><b>Coloque o IP ou Nome do usurio!</b> <img src=\"./w/images/del.gif\"></center></div>";
        }
    }
    @(include 'subheader.php');
    if (isset($msg)) {
        ?>
<p><strong><?php

예제 #5

0

파일 보기

파일: banlogs.php 프로젝트: habb0/mobbo

if (!in_array($_SERVER['DOCUMENT_ROOT'] . '\\CORE.php', $included_files)) {
    die;
}
if ($user_rank > 5) {
    if ($hkzone !== true) {
        header("Location: index.php?throwBack=true");
        exit;
    }
    if (!mobbo::session_is_registered(acp)) {
        header("Location: index.php?p=login");
        exit;
    }
    $pagename = "Lista de usurios banidos";
    $pageid = "banlogs";
    $page = Security::textFilter($_GET['page']);
    $do = Security::textFilter($_GET['do']);
    $posts = Transaction::evaluate("SELECT COUNT(*) FROM bans");
    $pages = ceil(($posts + 0) / 50);
    if ($page > $pages || $page < 1) {
        $page = 1;
    }
    @(include 'subheader.php');
    ?>
    <div class='tableborder'>
        <div class='tableheaderalt'><center>Nmero de pessoas banidas:  <?php 
    echo Transaction::evaluate("SELECT COUNT(*) FROM bans");
    ?>
 | <?php 
    echo Transaction::evaluate("SELECT COUNT(*) FROM bans WHERE bantype = 'user'");
    ?>
 Usurios banidos por ID | <?php

예제 #6

0

파일 보기

파일: badgetool.php 프로젝트: habb0/mobbo

        if (Transaction::num_rows($check_name) > 0) {
            $userdata = Transaction::fetch($check_name);
            $check_badge = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . $userdata['id'] . "' AND badge_id = '" . Security::textFilter($_POST['badge']) . "' LIMIT 1");
            if ($_POST['action'] == "give") {
                if (Transaction::num_rows($check_badge) < 1) {
                    Transaction::query("INSERT INTO user_badges (user_id,badge_id,badge_slot) VALUES ('" . $userdata['id'] . "','" . Security::textFilter($_POST['badge']) . "','0')");
                    $msg = "<div class='rounded rounded-green'><center>Voc acabou de dar  <b>" . Security::textFilter($_POST['name']) . "</b> o emblema " . Security::textFilter($_POST['badge']) . " com sucesso. <img src=\"./w/images/check.gif\"></center></div>";
                } else {
                    $msg = "<div class='rounded rounded-red'><center>" . $_POST['name'] . " J tm o Emblema " . $_POST['badge'] . ". <img src=\"./w/images/del.gif\"></center></div>";
                }
            } else {
                if (Transaction::num_rows($check_badge) > 0) {
                    Transaction::query("DELETE FROM user_badges WHERE user_id = '" . $userdata['id'] . "' AND badge_id = '" . Security::textFilter($_POST['badge']) . "'");
                    $msg = "<div class='rounded rounded-green'><center>Voc removeu o Emblema " . Security::textFilter($_POST['badge']) . " . <img src=\"./w/images/check.gif\"></center></div>";
                } else {
                    $msg = "<div class='rounded rounded-red'><center>" . Security::textFilter($_POST['name']) . " no tem o emblema " . Security::textFilter($_POST['badge']) . " <img src=\"./w/images/del.gif\"></center></div>";
                }
            }
        } else {
            $msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar o usurio! <img src=\"./w/images/del.gif\"></center></div>";
        }
    }
    @(include 'subheader.php');
    if (isset($msg)) {
        ?>
<p><strong><?php 
        echo $msg;
        ?>
</p></strong><?php 
    }
    ?>

예제 #7

0

파일 보기

파일: alert.php 프로젝트: habb0/mobbo

    if ($hkzone !== true) {
        header("Location: index/?throwBack=true");
        exit;
    }
    if (!mobbo::session_is_registered(acp)) {
        header("Location: p/login");
        exit;
    }
    $pagename = "Alertas";
    $pageid = "alert";
    if (isset($_POST['alert'])) {
        $check = Transaction::query("SELECT * FROM users WHERE username = '******'name']) . "' LIMIT 1");
        if (Transaction::num_rows($check) > 0) {
            $userdata = Transaction::fetch($check);
            Transaction::query("INSERT INTO mobbo_alerts (userid,alert) VALUES ('" . $userdata['id'] . "','" . Security::textFilter($_POST['alert']) . "')");
            $msg = "<div class='rounded rounded-green'><center>Alerta enviada a  " . Security::textFilter($_POST['name']) . " (ID: " . $userdata['id'] . ") <img src=\"./w/images/check.gif\"></center></div>";
        } else {
            $msg = "<div class='rounded rounded-red'><center>Oops! este usurio no foi encontrado. <img src=\"./w/images/del.gif\"></center></div>";
        }
    }
    @(include 'subheader.php');
    if (isset($msg)) {
        ?>
<p><strong><?php 
        echo $msg;
        ?>
</strong></p><?php 
    }
    ?>

    <form action='<?php

예제 #8

0

파일 보기

파일: helper.php 프로젝트: habb0/mobbo

                            <td class='tablesubheader' width='5%'>Por</td>
                            <td class='tablesubheader' width='5%'>Informao</td>
                            <td class='tablesubheader' width='5%'>Equipe</td>
                            <td class='tablesubheader' width='20%'>Mensagem</td>
                            <td class='tablesubheader' width='10%'>Sala</td>
                            <td class='tablesubheader' width='11%'>Data</td>
                            <td class='tablesubheader' width='1%'>Total</td>
                        </tr>

                        <?php 
    $query_min = $page * 50 - 50;
    if ($query_min < 0) {
        $query_min = 0;
    }
    if ($do == "cautions" && $_GET['name']) {
        $get_id = Transaction::query("SELECT id FROM users WHERE username = '******'name']) . "'");
        if (Transaction::num_rows($get_id) > 0) {
            $get = Transaction::fetch($get_id);
            $get_tickets = Transaction::query("SELECT * FROM moderation_tickets WHERE reported_id = '" . $get['id'] . "' ORDER BY id DESC LIMIT " . $query_min . ", 50");
        }
    } else {
        $get_tickets = Transaction::query("SELECT * FROM moderation_tickets ORDER BY id DESC LIMIT " . $query_min . ", 50");
    }
    while ($row = Transaction::fetch($get_tickets)) {
        $get_sender_id = Transaction::fetch($get_reporter_id = Transaction::query("SELECT username FROM users WHERE id = '" . $row['sender_id'] . "'"));
        $get_reported_id = Transaction::fetch($get_reported_id = Transaction::query("SELECT username FROM users WHERE id = '" . $row['reported_id'] . "'"));
        $get_moderator_id = Transaction::fetch($get_reporter_id = Transaction::query("SELECT username FROM users WHERE id = '" . $row['moderator_id'] . "'"));
        $sender_id = $get_sender_id['username'];
        if ($row['reported_id'] == "0") {
            $reported_id = "-/-";
        } else {

예제 #9

0

파일 보기

파일: unbantool.php 프로젝트: habb0/mobbo

    }
    $pagename = "Desbanir";
    $pageid = "unban";
    if (isset($_POST['query'])) {
        if ($_POST['type'] == 'ip') {
            $check_ip = Transaction::query("SELECT * FROM bans WHERE value = '" . Security::textFilter($_POST['query']) . "' AND bantype = 'ip'");
            if (Transaction::num_rows($check_ip) > 0) {
                Transaction::query("DELETE FROM bans WHERE value = '" . Security::textFilter($_POST['query']) . "' AND bantype = 'ip'");
                $msg = "<div class='rounded rounded-green'><center> (" . Transaction::num_rows($check_ip) . ") Desbaneado correctamente. <img src=\"./w/images/check.gif\"></center></div>";
            } else {
                $msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar o banimento <img src=\"./w/images/del.gif\"></center></div>";
            }
        } else {
            $check_user = Transaction::query("SELECT * FROM bans WHERE value = '" . Security::textFilter($_POST['query']) . "' AND bantype = 'user'");
            if (Transaction::num_rows($check_user) > 0) {
                Transaction::query("DELETE FROM bans WHERE value = '" . Security::textFilter($_POST['query']) . "' AND bantype = 'user'");
                $msg = "<div class='rounded rounded-green'><center>Usurio desbanido corretamente! <img src=\"./w/images/check.gif\"></center></div>";
            } else {
                $msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar o banimento <img src=\"./w/images/del.gif\"></center></div>";
            }
        }
    }
    @(include 'subheader.php');
    if (isset($msg)) {
        ?>
<p><strong><?php 
        echo $msg;
        ?>
</strong></p><?php 
    }
    ?>

예제 #10

0

파일 보기

파일: bantool.php 프로젝트: habb0/mobbo

        $get_cc = Transaction::query("SELECT * FROM users WHERE username = '******'value'] . "'");
        $userdata = Transaction::fetch($get_cc);
        if (Transaction::num_rows($check_exists) > 0) {
            Transaction::query("UPDATE bans SET expire = expire + '" . Security::textFilter($_POST['length']) . "' WHERE value = '" . Security::textFilter($_POST['value']) . "' AND bantype = '" . Security::textFilter($_POST['type']) . "'");
            $msg = "<div class='rounded rounded-green'><center>El ban (" . Security::textFilter($_POST['type']) . " - " . Security::textFilter($_POST['value']) . ") ha sido actualizado. <img src=\"./w/images/check.gif\"></center></div>";
        } else {
            if (Transaction::num_rows($get_cc) > 0 && $_POST['type'] == "user") {
                Transaction::query("INSERT INTO bans (bantype,value,reason,expire,added_by,added_date) VALUES ('" . Security::textFilter($_POST['type']) . "','" . Security::textFilter($_POST['value']) . "','" . Security::textFilter($_POST['reason']) . "','" . time() . "' + '" . Security::textFilter($_POST['length']) . "','" . $name . "','" . time() . "')");
                Transaction::query("UPDATE users SET auth_ticket = '' WHERE username = '******'value']) . "' LIMIT 1");
                $msg = "<div class='rounded rounded-green'><center>" . $_POST['value'] . " foi banido <img src=\"./w/images/check.gif\"></center></div>";
            } elseif (Transaction::num_rows($get_cc) < 1 && $_POST['type'] == "user") {
                $msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar o usurio <img src=\"./w/images/del.gif\"></center></div>";
            } elseif ($_POST['type'] == "ip") {
                Transaction::query("INSERT INTO bans (bantype,value,reason,expire,added_by,added_date) VALUES ('" . Security::textFilter($_POST['type']) . "','" . Security::textFilter($_POST['value']) . "','" . Security::textFilter($_POST['reason']) . "','" . time() . "' + '" . Security::textFilter($_POST['length']) . "','" . $name . "','" . time() . "')");
                Transaction::query("UPDATE users SET auth_ticket = '' WHERE username = '******'value']) . "' LIMIT 1");
                $msg = "<div class='rounded rounded-green'><center>O IP " . Security::textFilter($_POST['value']) . " foi banido! <img src=\"./w/images/check.gif\"></center></div>";
            }
        }
    }
    @(include 'subheader.php');
    if (isset($msg)) {
        ?>
<p><strong><?php 
        echo $msg;
        ?>
</strong></p><?php 
    }
    ?>

    <form action='<?php 
    echo $adminpath;

예제 #11

0

파일 보기

파일: campaigns.php 프로젝트: habb0/mobbo

            $msg = "<div class='rounded rounded-red'><center>>Erro: no se pde eliminar a notcia <img src=\"./w/images/del.gif\"></center></div>";
        }
    } elseif ($do == "save" && is_numeric($key) && isset($_POST['image_url'])) {
        $check = Transaction::query("SELECT id FROM mobbo_hotcampaigns WHERE id = '" . $key . "' LIMIT 1");
        if (Transaction::num_rows($check) > 0) {
            $campaigndata = Transaction::fetch($check);
            Transaction::query("UPDATE mobbo_hotcampaigns SET image_url = '" . Security::textFilter($_POST['image_url']) . "', caption = '" . Security::textFilter($_POST['caption']) . "', botao = '" . Security::textFilter($_POST['botao']) . "', descr = '" . Security::textFilter($_POST['descr']) . "', url = '" . Security::textFilter($_POST['url']) . "' WHERE id = '" . $key . "' LIMIT 1");
            $msg = "<div class='rounded rounded-green'><center>Campanha publicada! <img src=\"./w/images/check.gif\"></center></div>";
            $editor_mode = false;
        } else {
            $msg = "<div class='rounded rounded-red'><center>Esta campanha no existe <img src=\"./w/images/check.gif\"></center></div>";
        }
    } elseif ($do == "add") {
        $editor_mode = true;
        if ($_POST['submit']) {
            Transaction::query("INSERT INTO mobbo_hotcampaigns (image_url,caption,descr,url,botao) VALUES ('" . Security::textFilter($_POST['image_url']) . "','" . Security::textFilter($_POST['caption']) . "','" . Security::textFilter($_POST['descr']) . "','" . Security::textFilter($_POST['url']) . "','" . Security::textFilter($_POST['botao']) . "')");
            $msg = "<div class='rounded rounded-green'><center>Campanha publicada corretamente</center></div>";
            $editor_mode = false;
        }
    }
    @(include 'subheader.php');
    if (isset($msg)) {
        ?>
<p><strong><?php 
        echo $msg;
        ?>
</strong></p><?php 
    }
    ?>

    <?php

예제 #12

0

파일 보기

파일: ranktool.php 프로젝트: habb0/mobbo

    <form action='<?php 
    echo $adminpath;
    ?>
/p/ranktool' method='post' name='theAdminForm' id='theAdminForm'>
        <input type="hidden" value="<?php 
    echo md5(session_id());
    ?>
" name="csrf">
        <div class='tableborder'>
            <div class='tableheaderalt'><center>Editar Cargos</center></div>

            <table width='100%' cellspacing='0' cellpadding='5' align='center' border='0'>
                <tr>
                    <td class='tablerow1'  width='40%'  valign='middle'><strong>Nome do usurio</strong><div class='graytext'>Nome do usurio que deseja dar cargo</div></td>
                    <td class='tablerow2'  width='60%'  valign='middle'><input type='text' name='name' value="<?php 
    echo Security::textFilter($_POST['name']);
    ?>
" size='30' class='textinput'></td>
                </tr>

                <tr>
                    <td class='tablerow1'  width='40%'  valign='middle'><strong>Cargo</strong><div class='graytext'>Cargo a dar ao usurio</div></td>
                    <td class='tablerow2'  width='60%'  valign='middle'><select name='rank'  class='dropdown' size='1'><?php 
    while ($rank = Transaction::fetch($get_rank)) {
        ?>
                                <option value='<?php 
        echo $rank['id'];
        ?>
'><?php 
        echo $rank['name'];
        ?>

예제 #13

0

파일 보기

파일: chatlogs.php 프로젝트: habb0/mobbo

            echo $users['username'];
            ?>
</td>
                                    <td class='tablerow2'><?php 
            echo $rooms['caption'];
            ?>
 (ID: <?php 
            echo $rowlogs['room_id'];
            ?>
)</td>
                                    <td class='tablerow2''><?php 
            echo date('d.m.Y - H:i:s', $rowlogs['timestamp']);
            ?>
 Uhr</td>
                                    <td class='tablerow2'><?php 
            echo Security::textFilter($rowlogs['message']);
            ?>
</td>
                                </tr>

                                <?php 
        }
    }
    ?>

                    </table>
                </div>
        </div>

        <!-- / RIGHT CONTENT BLOCK -->
    </td>

예제 #14

0

파일 보기

파일: index.php 프로젝트: habb0/mobbo

    if ($myrow['id'] == $fetch['id']) {
        $owner = 'yesiamtheowner';
    } else {
        $owner = 'imnot';
    }
} else {
    $owner = 'yesiamtheowner';
}
$user_rank = mobbo::users_info('rank');
if ($user_rank > 3 && $logged_in or !$logged_in) {
    $hkzone = true;
    $p = Security::textFilter($_GET['p']);
    $do = Security::textFilter($_GET['do']);
    $page = Security::textFilter($_GET['page']);
    $key = Security::textFilter($_GET['key']);
    $search = Security::textFilter($_POST['search']);
    if (mobbo::session_is_registered('acp')) {
        $session = $_SESSION['acp'];
        $admin_username = $_SESSION['hkusername'];
        $admin_password = $_SESSION['hkpassword'];
        $check = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $myrow['username'] . "' AND `rank` > 5 LIMIT 1");
        $valid = Transaction::num_rows($check);
        if ($valid > 0) {
            $tmp = Transaction::fetch($check);
            if ($p == "logout") {
                session_destroy();
                $notify_logout = true;
                include 'login.php';
            } elseif ($p == "home") {
                $tab = 1;
                require_once 'home.php';

예제 #15

0

파일 보기

파일: recommended.php 프로젝트: habb0/mobbo

        if (Transaction::num_rows($check) > 0) {
            if ($_POST['comments'] == true) {
                $checked = '1';
            } else {
                $checked = '0';
            }
            Transaction::query("UPDATE mobbo_recommended SET type = '" . Security::textFilter($_POST['type']) . "', id_rec = '" . Security::textFilter($_POST['id_rec']) . "' WHERE id = '" . $key . "' LIMIT 1");
            $msg = "<div class='rounded rounded-green'><center>As preferncias foram salvos<img src=\"./w/images/check.gif\"></center></div>";
            $editor_mode = false;
        } else {
            $msg = "<div class='rounded rounded-red'><center>Isto no existe<img src=\"./w/images/check.gif\"></center></div>";
        }
    } elseif ($do == "add") {
        $editor_mode = true;
        if ($_POST['submit']) {
            Transaction::query("INSERT INTO mobbo_recommended (id_rec,type) VALUES ('" . Security::textFilter($_POST['id_rec']) . "','" . Security::textFilter($_POST['type']) . "')");
            $msg = "<div class='rounded rounded-green'><center>A atualizao foi feita</center></div>";
            $editor_mode = false;
        }
    }
    @(include 'subheader.php');
    if (isset($msg)) {
        ?>
<p><strong><?php 
        echo $msg;
        ?>
</strong></p><?php 
    }
    ?>

    <?php

예제 #16

0

파일 보기

파일: news.php 프로젝트: habb0/mobbo

    die;
}
if ($user_rank > 5) {
    if ($hkzone !== true) {
        header("Location: index.php?throwBack=true");
        exit;
    }
    if (!mobbo::session_is_registered(acp)) {
        header("Location: index.php?p=login");
        exit;
    }
    $pagename = "Notcias";
    $pageid = "news";
    $key = htmlentities($_GET['key']);
    $do = htmlentities($_GET['do']);
    $page = Security::textFilter($_GET['page']);
    $posts = Transaction::evaluate("SELECT COUNT(*) FROM mobbo_news");
    $pages = ceil(($posts + 0) / 50);
    if ($page > $pages || $page < 1) {
        $page = 1;
    }
    if ($_POST['site']) {
        header("location: " . $adminpath . "/p/news&page=" . $_POST['page'] . "");
    }
    if ($_POST['site2']) {
        header("location: " . $adminpath . "/p/news&page=" . $_POST['page2'] . "");
    }
    if ($do == "delete" && is_numeric($key)) {
        $check = Transaction::query("SELECT id FROM mobbo_news WHERE id = '" . $key . "' LIMIT 1");
        if (Transaction::num_rows($check) > 0) {
            Transaction::query("DELETE FROM mobbo_news WHERE id = '" . $key . "' LIMIT 1");

예제 #17

0

파일 보기

파일: subheader.php 프로젝트: habb0/mobbo

<?php

if ($hkzone !== true) {
    header("Location: index.php?throwBack=true");
    exit;
}
if (empty($pagename)) {
    $pnme = "Painel de Controle";
} else {
    $pnme = "Painel de Controle - " . $pagename . " ";
}
$search = Security::textFilter($_POST['search']);
$searchheader = Security::textFilter($_POST['searchheader']);
$username = mobbo::users_info('username');
if (isset($_POST['searchname'])) {
    if ($check = Transaction::num_rows($sql = Transaction::query("SELECT * FROM users WHERE username = '******'searchname']) . "' LIMIT 1")) > 0) {
        $rowid = Transaction::fetch($sql);
        header("location: " . $adminpath . "/p/users_edit&key=" . $rowid['id'] . "");
    } else {
        echo "<script>alert(\"Der Username " . $_POST['searchname'] . " konnte nicht gefunden werden!\")</script>";
    }
}
?>
<html class=" js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths" lang="en" data-useragent="Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36" style=""><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <head>

        <base href="<?php 
echo $adminpath;
?>
">        
        <meta http-equiv="content-t ype" content="text/html; charset=iso-8859-1" />

PHP Security::textFilter 예제들