<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='20%'>Nome do Template</td>
<td class='tablesubheader' width='12%' align='left'>Versão</td>
<td class='tablesubheader' width='12%' align='left'>Autor</td>
<td class='tablesubheader' width='10%' align='left'>Ativado?</td>
<td class='tablesubheader' width='1%' align='center'>Ativar</td>
<td class='tablesubheader' width='1%' align='center'>Deletar</td>
</tr>
<?php
$query_min = $page * 50 - 50;
if ($query_min < 0) {
// Page 1
$query_min = 0;
}
$get_articles = Transaction::query("SELECT * FROM mobbo_templates ORDER BY id DESC LIMIT 100");
while ($row = Transaction::fetch($get_articles)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow2'><strong><?php
echo Security::textFilterHK($row['name']);
?>
</strong><div class='desctext'><?php
echo $row['longstory'];
?>
</div></td>
$rawname = htmlentities($_SESSION['id']);
$usersql = Transaction::query("SELECT * FROM users WHERE id = '" . $rawname . "' LIMIT 1");
$myrow = Transaction::fetch($usersql);
$ban = Transaction::query("SELECT * FROM bans WHERE value = '" . $myrow['username'] . "' AND bantype = 'user' or value = '" . $remote_ip . "' AND bantype = 'ip' LIMIT 1");
$bancheck = Transaction::num_rows($ban);
if ($myrow['ip_reg'] == "0") {
Transaction::query("UPDATE users SET ip_reg = '" . $remote_ip . "' WHERE id = '" . $myrow['id'] . "'");
} elseif ($bancheck > 0) {
$bandata = Transaction::fetch($ban);
$timestamp = time();
if ($bandata['expire'] > $timestamp) {
session_destroy();
header("Location: index.php");
exit;
} else {
Transaction::query("DELETE FROM bans WHERE value = '" . $name . "' AND bantype = 'user' or value = '" . $remote_ip . "' AND bantype = 'ip' LIMIT 1");
}
}
$rawhotel = 0;
$rawhotel = md5($myrow['id'] + $myrow['username'] + $myrow['password'] + Security::getUserIP());
if (isset($_COOKIE['rawsessionhotel'])) {
if ($_COOKIE['rawsessionhotel'] == $rawhotel) {
$logged_in = true;
$name = mobbo::HoloText($myrow['username']) != 0 ? mobbo::HoloText($myrow['username']) : "Guest";
$id = mobbo::HoloText($myrow['id']) != 0 ? mobbo::HoloText($myrow['id']) : 0;
@($fb_id = mobbo::HoloText($myrow['fb_id']) != 0 ? mobbo::HoloText($myrow['fb_id']) : 0);
$my_id = mobbo::HoloText($myrow['id']) != 0 ? mobbo::HoloText($myrow['id']) : 0;
$motto = mobbo::HoloText($myrow['motto']) != 0 ? mobbo::HoloText($myrow['moyyo']) : "Nothing";
$mail = mobbo::HoloText($myrow['mail']) != 0 ? mobbo::HoloText($myrow['mail']) : "*****@*****.**";
$rank = mobbo::HoloText($myrow['rank']) != 0 ? mobbo::HoloText($myrow['rank']) : 0;
$credits = mobbo::HoloText($myrow['credits']) != 0 ? mobbo::HoloText($myrow['credits']) : 0;
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='20%'>Ttulo</td>
<td class='tablesubheader' width='12%' align='left'>Data</td>
<td class='tablesubheader' width='10%' align='left'>Autor</td>
<td class='tablesubheader' width='1%' align='center'>Editar</td>
<td class='tablesubheader' width='1%' align='center'>Remover</td>
</tr>
<?php
$query_min = $page * 50 - 50;
if ($query_min < 0) {
// Page 1
$query_min = 0;
}
$get_articles = Transaction::query("SELECT * FROM mobbo_news ORDER BY id DESC LIMIT " . $query_min . ", 50");
while ($row = Transaction::fetch($get_articles)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow2'><strong><?php
echo Security::textFilterHK($row['title']);
?>
</strong><div class='desctext'><?php
echo $row['longstory'];
?>
</div></td>
<div class='tableborder'>
<div class='tableheaderalt'><center>Usurios VIP atualmente</center></div>
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='20%' align='left'>Nome de usurio</td>
<td class='tablesubheader' width='15%' align='left'>E-mail</td>
<td class='tablesubheader' width='15%' align='left'>IP</td>
<td class='tablesubheader' width='5%' align='left'>Editar</td>
</tr>
<?php
$get_vip = Transaction::query("SELECT * FROM users WHERE rank = '2' ORDER BY lastonline");
while ($vip = Transaction::fetch($get_vip)) {
$get_user = Transaction::query("SELECT * FROM users WHERE id = '" . $vip['id'] . "'");
while ($row = Transaction::fetch($get_user)) {
if ($row['online'] >= 1) {
$online = "online";
} else {
$online = "offline";
}
?>
<tr>
<td class='tablerow1' align='left'><?php
echo $row['username'];
?>
(ID: <?php
echo $row['id'];
?>
private function getdefault()
{
$query = Transaction::query("SELECT * FROM mobbo_templates WHERE active = '1' LIMIT 1;");
$row = Transaction::fetch($query);
$this->path = $row['path'];
}
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='10%' align='center'>Cdigo do emblema</td>
<td class='tablesubheader' width='10%' align='center'>Nome</td>
<td class='tablesubheader' width='10%' align='center'>Preo</td>
<td class='tablesubheader' width='10%' align='center'>Editar</td>
<td class='tablesubheader' width='12%' align='center'>Borrar</td>
</tr>
<?php
$query_min = $page * 50 - 50;
if ($query_min < 0) {
// Page 1
$query_min = 0;
}
$get_marktplatz = Transaction::query("SELECT * FROM mobbo_shop ORDER BY id DESC LIMIT " . $query_min . ", 50");
while ($row = Transaction::fetch($get_marktplatz)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow2' align='center'><img src="http://127.0.0.1/c_images/album1584/<?php
echo $row['image'];
?>
.gif" alt="<?php
echo $row['image'];
?>
"></td>
<div class='tableborder'>
<div class='tableheaderalt'><center>Emblemas (<?php
echo Transaction::evaluate("SELECT COUNT(*) FROM user_badges WHERE user_id = '" . $key . "'");
?>
) </div>
<table width='100%' cellspacing='0' cellpadding='5' align='center' border='0'>
<tr>
<td class='tablesubheader' width='1%' align='center'>Cdigo</td>
<td class='tablesubheader' width='14%' align='center'>Emblema</td>
</tr>
<?php
$sql = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . $key . "' ORDER BY badge_id");
while ($row = Transaction::fetch($sql)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['badge_id'];
?>
</td>
<td class='tablerow2'><img src="<?php
echo $cimagesurl . $badgesurl . $row['badge_id'];
?>
.gif"></div></td>
</tr>
<?php
$get_users = Transaction::query("SELECT * FROM stafflogs ORDER BY id DESC");
while ($row = Transaction::fetch($get_users)) {
?>
<script language="JavaScript" type="text/javascript">
function openWin () {
var newWin = window.open ('', '', 'height=330, width=560');
newWin.document.close ();
}
</script>
<?php
$userdata = Transaction::query("SELECT * FROM users WHERE id = '" . $row['userid'] . "' LIMIT 1");
$userdata = Transaction::fetch($userdata);
if (!empty($row['targetid'])) {
$targetdata = Transaction::query("SELECT * FROM users WHERE id = '" . $row['targetid'] . "' LIMIT 1");
$targetdata = Transaction::fetch($targetdata);
} else {
$targetdata['username'] = "******";
}
if (!empty($row['note'])) {
$note = $row['note'];
} else {
$note = "<i>None given</i>";
}
?>
<tr>
<td class='tablerow1' align='left'><?php
echo $row['action'];
?>
$pageid = "badgetool";
if (isset($_POST['badge']) && $_POST['name']) {
$check_name = Transaction::query("SELECT * FROM users WHERE username = '******'name']) . "'");
if (Transaction::num_rows($check_name) > 0) {
$userdata = Transaction::fetch($check_name);
$check_badge = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . $userdata['id'] . "' AND badge_id = '" . Security::textFilter($_POST['badge']) . "' LIMIT 1");
if ($_POST['action'] == "give") {
if (Transaction::num_rows($check_badge) < 1) {
Transaction::query("INSERT INTO user_badges (user_id,badge_id,badge_slot) VALUES ('" . $userdata['id'] . "','" . Security::textFilter($_POST['badge']) . "','0')");
$msg = "<div class='rounded rounded-green'><center>Voc acabou de dar <b>" . Security::textFilter($_POST['name']) . "</b> o emblema " . Security::textFilter($_POST['badge']) . " com sucesso. <img src=\"./w/images/check.gif\"></center></div>";
} else {
$msg = "<div class='rounded rounded-red'><center>" . $_POST['name'] . " J tm o Emblema " . $_POST['badge'] . ". <img src=\"./w/images/del.gif\"></center></div>";
}
} else {
if (Transaction::num_rows($check_badge) > 0) {
Transaction::query("DELETE FROM user_badges WHERE user_id = '" . $userdata['id'] . "' AND badge_id = '" . Security::textFilter($_POST['badge']) . "'");
$msg = "<div class='rounded rounded-green'><center>Voc removeu o Emblema " . Security::textFilter($_POST['badge']) . " . <img src=\"./w/images/check.gif\"></center></div>";
} else {
$msg = "<div class='rounded rounded-red'><center>" . Security::textFilter($_POST['name']) . " no tem o emblema " . Security::textFilter($_POST['badge']) . " <img src=\"./w/images/del.gif\"></center></div>";
}
}
} else {
$msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar o usurio! <img src=\"./w/images/del.gif\"></center></div>";
}
}
@(include 'subheader.php');
if (isset($msg)) {
?>
<p><strong><?php
echo $msg;
?>
<?php
/*
Hooks System 0.1a - mobbo 6.0
:: NAME :: Reffers of a User
:: VERSION :: 1.0
:: AUTHOR :: bi0s
*/
$query = Transaction::query("SELECT * FROM users_referidos WHERE usuario = '" . mobbo::users_info('username') . "'");
$rows = Transaction::num_rows($query);
if ($rows == NULL or $rows == 0) {
$rows = "Nenhum";
}
?>
<h5 align="center">você tem <span style="font-size:x-large;"><?php
echo $rows;
?>
</span> Referido(s)</h5>
<?php
if ($rows > 0) {
?>
<a href="#" class="button tiny success radius alert" data-dropdown="drop2">Trocar Referidos por Doláres</a>
<div id="drop2" class="f-dropdown content medium" data-dropdown-content>
<h4>Compras</h4>
<p>Atenção se você tiver 5 Referidos, Ganha 1 Dolar, se Você tiver 10 Referidos Ganha 2 Dolares, Assim Vai Adiante até 40 Referidos Que Ganha 8 Dolares, Se Você tiver 40 Referidos Automaticamente Ganha 8 Dolares, não Há como Escolher a Opção de Trocar 5 Referidos, Se você tiver mais de 40 Referidos basta Apenas Trocar Mais Uma Vez, E Assim Por Diante.</p>
<p>Grato, A Direção.</p>
<a class="button tiny success radius" href="/loja?buy=dolares">Trocar Os Seus Referidos por Doláre(s)</a>
</div>
<?php
}
<td class='tablesubheader' width='10%' align='left'>IP</td>
<td class='tablesubheader' width='10%' align='left'>Desde</td>
<td class='tablesubheader' width='10%' align='left'>Acaba</td>
<td class='tablesubheader' width='1%' align='left'>IP Banido</td>
</tr>
<?php
$query_min = $page * 50 - 50;
if ($query_min < 0) {
// Page 1
$query_min = 0;
}
$get_bans = Transaction::query("SELECT * FROM bans WHERE expire + 3600 > '" . time() . "' ORDER BY expire LIMIT " . $query_min . ", 50");
while ($row = Transaction::fetch($get_bans)) {
if ($row['bantype'] == 'user') {
$userdata = Transaction::query("SELECT * FROM users WHERE username = '******'value'] . "'");
$users = Transaction::fetch($userdata);
$ip_last = $users['ip_last'];
} else {
$ip_last = '-/-';
}
$minuten = $row['expire'] - time();
if (time() >= $row['expire']) {
$stat = "Expira em";
$color = "green";
} elseif (time() + 3600 >= $row['expire']) {
if (date('i', $minuten) > 0) {
$stat = "(H " . date('i', $minuten) . " minutos)";
$color = "orange";
} else {
$stat = "(H " . date('s', $minuten) . " segundos)";
<div class='tableborder'>
<div class='tableheaderalt'> <center>Pessoas online (<?php
echo $onlineUsers;
?>
)</center> </div>
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='15%'>Nome de usurio</td>
<td class='tablesubheader' width='18%' align='left'>E-mail</td>
<td class='tablesubheader' width='10%' align='left'>Data de registro</td>
<td class='tablesubheader' width='10%' align='left'>Última vez conectado</td>
<td class='tablesubheader' width='1%' align='left'>Editar</td>
</tr>
<?php
$get_users = Transaction::query("SELECT * FROM users WHERE online > '0' ORDER BY username LIMIT " . $onlineUsers);
while ($row = Transaction::fetch($get_users)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow2'><strong><?php
echo $row['username'];
?>
</strong><div class='desctext'><?php
echo $row['ip_last'];
?>
[<a href='http://who.is/whois-ip/ip-address/<?php
// Verifica se a extenso permitida
if (!in_array(strtolower(strrchr($nome, ".")), $extensoes)) {
$erro = 'Extensão inválida';
}
// Se no houver erro
if (!$erro) {
// Gerando um nome aleatrio para a imagem
$nomeAleatorio = md5(uniqid(time())) . strrchr($nome, ".");
// Movendo arquivo para servidor
if (!move_uploaded_file($temp, $caminho . $nomeAleatorio)) {
$erro = 'Não foi possível anexar o arquivo';
}
$path_info = pathinfo("uploads/{$nomeAleatorio}");
if ($path_info['extension'] == 'xml') {
$xml = simplexml_load_file("uploads/{$nomeAleatorio}");
Transaction::query("INSERT INTO mobbo_plugins (id, plugin_name, plugin_version, plugin_author, mobbo_code) VALUES\n(NULL, '" . $xml->name . "', '" . $xml->version . "', '" . $xml->author . "', '" . $xml->code . "')");
$install = $xml->mysql_query;
eval($install);
echo "Plugin " . $xml->plugin_name . " installed.";
logs::mobbo_log("pluginsdb");
} else {
echo 'Error.';
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<?php
/*
Hooks System 0.1a - mobbo 6.0
:: NAME :: Badges of Home
:: VERSION :: 1.0
:: AUTHOR :: bi0s
*/
$query = Transaction::query("SELECT * FROM users WHERE username = '******' LIMIT 1");
$fetch = Transaction::fetch($query);
$id = $fetch['id'];
$query1 = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . $id . "' ORDER BY id DESC LIMIT 5");
while ($row = Transaction::fetch($query1)) {
if (preg_match('/ACH/', $row['badge_id'])) {
echo '<a class="th"><img data-tooltip class="has-tip" title="' . $row['badge_id'] . '" src="http://images.habbo.com/c_images/album1584/' . $row['badge_id'] . '.gif"></a>   ';
} else {
echo '<a class="th"><img data-tooltip class="has-tip" title="' . $row['badge_id'] . '" src="http://images.habbo.com/c_images/album1584/' . $row['badge_id'] . '.gif"></a>   ';
}
}
if ($_POST['headerclient'] == true) {
header("location: {$path}/client");
exit;
} else {
header("location: " . $adminpath . "/p/home");
exit;
}
} else {
$msg = "Nome de usuario, senha o Habbo ID incorrectos.";
header("location: " . $adminpath . "/p/login");
}
} else {
$msg = "Voc deve preencher todos os campos!";
}
} elseif ($notify_logout == true) {
Transaction::query("INSERT INTO stafflogs (action,message,note,userid,targetid,timestamp) VALUES ('Housekeeping','Logout','notify_logout','" . $my_id . "','0','" . $date_full . "')");
$msg = "<font color='green'>Voc foi desconectado corretamente.</font>";
} else {
$msg = "Faa o login";
}
include 'subheader.php';
?>
<style type="text/css">
body {
background-color: #fff
}
#fudeugeral {
display:none;
visibility:hidden;
<div class='tableborder'>
<div class='tableheaderalt'>Alertas Activas</div>
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='20%' align='left'><?php
echo $shortname;
?>
Nombre</td>
<td class='tablesubheader' width='50%' align='left'>Alerta</td>
</tr>
<?php
$get_em = Transaction::query("SELECT * FROM mobbo_alerts ORDER BY id DESC");
while ($row = Transaction::fetch($get_em)) {
$check = Transaction::query("SELECT * FROM users WHERE id = '" . $row['userid'] . "' LIMIT 1");
$user = Transaction::fetch($check);
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow1' align='left'><?php
echo $user['username'];
?>
(ID: <?php
echo $row['id'];
?>
)</td>
$fetch2 = Transaction::fetch($query2);
if ($usr_info['name'] == $fetch2['username']) {
header("Location: /");
} elseif ($usr_info['last_name'] == $fetch2['username']) {
header("Location /");
} elseif ($usr_info['mail2'] == $fetch2['mail']) {
header("Location /");
} else {
Transaction::query("INSERT INTO users (username,password,motto,mail,rank,fb_id) VALUES ('" . $usr_name2 . "', 'f09927c417e569baaeaa561f501d3e77', 'Registrei por facebook', '" . $usr_name . "', '2', '" . $usr_info . "');");
$q = "SELECT * FROM users WHERE fb_id='" . $user_info['id'] . "'";
$result = @Transaction::query($q);
$row = Transaction::fetch($result);
}
}
$q = "SELECT fb_id FROM users WHERE fb_id='" . $user_info['id'] . "'";
$result = @Transaction::query($q);
$row = Transaction::fetch($result);
$user_ida = $row['fb_id'];
$_SESSION['fb_id'] = $user_ida;
$user_id = $facebook->getUser();
if ($user_ida) {
try {
$ret_obj = $facebook->api('/me/feed', 'POST', array('link' => $msg, 'message' => $url));
} catch (FacebookApiException $e) {
$login_url = $facebook->getLoginUrl(array('scope' => 'publish_stream'));
echo 'Please <a href="' . $login_url . '">login.</a>';
error_log($e->getType());
error_log($e->getMessage());
}
} else {
echo 'Voce nao esta Logado Corretamente no Facebook Acesse Primeiramente www.facebook.com Apos Isso Tente Logar Novamente';
public static function show($actions = array())
{
$action = htmlspecialchars($actions);
switch ($action) {
case "login":
if (isset($_POST['username'])) {
if (isset($_POST['password'])) {
$email = Security::textFilter($_POST['username']);
$password = md5(Security::textFilter($_POST['password']));
$find_user2 = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $email . "'");
$user_info2 = Transaction::fetch($find_user2);
$find_user = Transaction::query("SELECT * FROM `users` WHERE `mail` = '" . $email . "'");
$user_info = Transaction::fetch($find_user);
if ($user_info['password'] == $password or $user_info2['password'] == $password) {
$queryban = Transaction::query("SELECT * FROM `bans` WHERE `value` = '" . $user_info['username'] . "' OR `value` = '" . $user_info2['username'] . "' LIMIT 1");
if (Transaction::num_rows($queryban) > 0) {
$fetchban = Transaction::fetch($queryban);
header("location: ../index.php?ban=" . $fetchban['value'] . "&reason=" . $fetchban['reason'] . "&time=" . $fetchban['expire'] . "&true=1");
exit;
}
if (!empty($user_info)) {
$_SESSION['id'] = $user_info['id'];
$_SESSION['userid'] = $user_info['id'];
$rawhotel = md5($user_info['id'] + $user_info['username'] + $user_info['password'] + Security::getUserIP());
setcookie('rawsessionhotel', $rawhotel);
} elseif (!empty($user_info2)) {
$_SESSION['id'] = $user_info2['id'];
$_SESSION['userid'] = $user_info2['id'];
$rawhotel = md5($user_info2['id'] + $user_info2['username'] + $user_info2['password'] + Security::getUserIP());
setcookie('rawsessionhotel', $rawhotel);
}
header("location: me");
if ($_SESSION['login_try'] > 0) {
$_SESSION['login_try'] = 0;
}
exit;
} else {
$_SESSION['login_try'] = $_SESSION['login_try'] + 1;
header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1");
exit;
}
} else {
$_SESSION['login_try'] = $_SESSION['login_try'] + 1;
header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1");
exit;
}
} else {
$_SESSION['login_try'] = $_SESSION['login_try'] + 1;
header("location: ../index.php?erroro=" . $_POST['username'] . "&type=2");
exit;
}
break;
case "logout":
session_destroy();
setcookie('rawsessionhotel', '0');
header("location: ../index.php");
break;
case "404":
$ok = <<<PAGE
<html>
<title>404</title>
\t <meta charset="utf-8">
<link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css">
</head>
<body style="">
<section id="oops" style="width: 100%;">
<div class="row">
<div class="large-9 medium-9 small-12 columns small-centered">
<h5>404: Página não Encontrada</h5>
<h1 class="oversized">Esta página não existe...</h1>
<p class="lead bottom40">Você pode tentar recarregar a página indo na <a href="./">homepage.</a></p>
</div>
</div>
</section>
<a class="exit-off-canvas"></a>
</div>
</div>
</body></html>
PAGE;
echo $ok;
break;
case "405":
$maintenance_text = mobbo::mobbo_settings('maintenance_text');
$ok = <<<PAGE
<html>
\t\t\t\t\t <meta charset="utf-8">
<title>405</title>
<link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css">
</head>
<body style="">
<section id="oops" style="width: 100%;">
<div class="row">
<div class="large-9 medium-9 small-12 columns small-centered">
<h5>405: Estamos em Manutencao</h5>
<h1 class="oversized">Opa! Manutencao.</h1>
<p class="lead bottom40"><b>Motivo:</b> {$maintenance_text} <a href="/">Voltar a Home Page</a></p>
</div>
</div>
</section>
<a class="exit-off-canvas"></a>
</div>
</div>
</body></html>
PAGE;
echo $ok;
break;
case 'referidos':
echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
if (!isset($_SESSION['id'])) {
$ip = $_SERVER['REMOTE_ADDR'];
$usuario = htmlentities($_GET['referido']);
$query1 = Transaction::query("SELECT ip_referida FROM users_referidos WHERE ip_referida = '" . $ip . "' LIMIT 1");
if (Transaction::num_rows($query1) > 0) {
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
IP Ja Registrado, voce nao Pode se Registrar por Este Referido.
<a href="#" class="close">×</a>
</div>';
} else {
$_SESSION['referido'] = $ip;
$_SESSION['referiduser'] = $usuario;
header("Location: /registro");
}
}
break;
case 'erroro':
echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
$erroro = htmlentities(addslashes($_GET['erroro']));
if ($_GET['type'] == 1) {
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
' . $erroro . ', Suas Credenciais de Logins sao Invalidas, e essa senha Mesmo?
<a href="#" class="close">×</a>
</div>';
}
if ($_GET['type'] == 2) {
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
' . $erroro . ', Este usuario nao Existe, tem Certeza?
<a href="#" class="close">×</a>
</div>';
}
break;
case 'ban':
echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
$user = htmlentities(addslashes($_GET['ban']));
$reason = htmlentities(addslashes($_GET['reason']));
$reason = htmlentities(addslashes($_GET['expire']));
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
' . $user . ', Você foi Banido, Pelo Seguinte Motivo: ' . $reason . ', Entre em Contato com os Admins!
<a href="#" class="close">×</a>
</div>';
break;
case 'registro':
if (isset($_POST['username']) && isset($_POST['mail']) && isset($_POST['pass'])) {
$usuario = Security::textFilter(htmlentities($_POST['username']));
$mail = Security::textFilter(htmlentities($_POST['mail']));
$pass = Security::textFilter(htmlentities(md5($_POST['pass'])));
$firstn = Security::textFilter(htmlentities($_POST['firstname']));
$lastn = Security::textFilter(htmlentities($_POST['lastname']));
$query = Transaction::query("SELECT `id` FROM `users` WHERE `mail` = '" . $mail . "'");
if (Transaction::num_rows($query) == 0) {
$query = Transaction::query("SELECT `id` FROM `users` WHERE `username` = '" . $usuario . "'");
if (Transaction::num_rows($query) == 0) {
if (strlen($_POST['pass']) > 5) {
if (preg_match('`[a-z]`', $_POST['pass'])) {
if (preg_match('`[0-9]`', $_POST['pass'])) {
if (count(explode(' ', $usuario)) > 1) {
echo 'Sem Espaço Em Branco Pls';
} else {
if (mb_strlen($usuario) <= 25) {
Transaction::query("INSERT INTO `users` (`username`, `password`, `mail`) VALUES ('" . $usuario . "', '" . $pass . "', '" . $mail . "');");
$get_id = Transaction::query("SELECT id FROM `users` WHERE `username` = '" . $usuario . "';");
$get_id_result = Transaction::fetch($get_id);
$_SESSION['id'] = $get_id_result['id'];
$_SESSION['userid'] = $get_id_result['id'];
$_SESSION['step'] = 0;
if (isset($_SESSION['referido'])) {
$ip = htmlentities($_SESSION['referido']);
$userne = htmlentities($_SESSION['referiduser']);
Transaction::query("INSERT INTO users_referidos (usuario, ip_referida) VALUES ('" . $userne . "', '" . $ip . "');");
$_SESSION['referido'] = NULL;
}
echo 'OKAY';
} else {
echo 'Menos Caracteres Pls';
}
}
} else {
echo 'Esta senha a muito curta e/ou invalida';
}
} else {
echo 'Esta senha a muito curta e/ou invalida';
}
} else {
echo 'Esta senha a muito curta e/ou invalida';
}
} else {
echo 'Esse Usuario ja Existe';
}
} else {
echo 'Este e-mail esta em uso';
}
} else {
echo 'Erro...';
}
break;
case 'editarhome':
if (isset($_POST['texto'])) {
$username = htmlentities($_POST['username']);
$texto = htmlentities(addslashes($_POST['texto']));
$fundo = htmlentities(addslashes($_POST['fundo']));
$cores = htmlentities($_POST['cor']);
$video = htmlentities($_POST['video']);
if (!empty($texto)) {
Transaction::query("UPDATE users_homes SET texto = '" . $texto . "' WHERE username = '******'");
}
if (!empty($video)) {
Transaction::query("UPDATE users_homes SET video = '" . $video . "' WHERE username = '******'");
}
if (!empty($cores)) {
Transaction::query("UPDATE users_homes SET cores = '" . $cores . "' WHERE username = '******'");
}
if (!empty($fundo)) {
Transaction::query("UPDATE users_homes SET fundo = '" . $fundo . "' WHERE username = '******'");
}
}
break;
case 'editarfundo':
$fundo = htmlentities($_POST['fundo']);
$words = array('http://', 'www.');
if (strpos($fundo, $words[0]) !== false or strpos($fundo, $words[1]) !== false) {
$fundo = 'url(' . $fundo . ')';
}
$username = htmlentities($_POST['username']);
$user = mobbo::users_info('username');
if ($username == $user) {
Transaction::query("UPDATE users SET fundom = '" . $fundo . "' WHERE username = '******'");
}
break;
case 'colocarmanutencao':
if (mobbo::users_info("rank") >= 6) {
if (mobbo::mobbo_settings("maintenance") == 0) {
Transaction::query("UPDATE mobbo_settings SET value = '1' WHERE variable = 'maintenance'");
} elseif (mobbo::mobbo_settings("maintenance") == 1) {
Transaction::query("UPDATE mobbo_settings SET value = '0' WHERE variable = 'maintenance'");
}
header("Location: /me");
} else {
header("Location: /me");
}
break;
case 'compraritem':
$fetch = 0;
$cat = 0;
$query = 0;
if (isset($_POST['cat'])) {
$cat = htmlentities(addslashes($_POST['cat']));
$query = Transaction::query("SELECT * FROM mobbo_marktplatzvip WHERE id = '" . $cat . "' LIMIT 1");
$fetch = Transaction::fetch($query);
$dolares = $fetch['dolares'];
if (mobbo::users_info('dolares') >= $dolares) {
$queryCheck = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . mobbo::users_info('id') . "' AND badge_id = '" . $cat . "' LIMIT 1");
if (Transaction::num_rows($queryCheck) < 1) {
Transaction::query("UPDATE users SET dolares = dolares-'" . $fetch['dolares'] . "' WHERE id = '" . mobbo::users_info('id') . "' LIMIT 1");
Transaction::query("INSERT INTO user_badges (user_id, badge_id) VALUES ('" . mobbo::users_info('id') . "','" . $cat . "')");
$dolares = mobbo::users_info('dolares');
echo "Item Comprado com Sucesso, Seu Balanço de Dolares agora é de {$dolares}";
} else {
echo "Você já Possui este Emblema";
}
} else {
echo "Você Não Possui Dolares Suficientes";
}
} else {
echo "Você é um Hacker ?";
}
break;
case 'wallupdate':
if (isset($_POST['update'])) {
//insert into wall table
$message = Security::textFilter($_POST['update']);
if ($message != "") {
$image = '';
$time = time();
$video = '';
$userid = mobbo::users_info('id');
$query = Transaction::query("INSERT INTO `posts` (`desc`, `image_url`, `vid_url`,`date`,`userid`) VALUES ('{$message}', '{$image}', '{$video}','{$time}', '{$userid}')");
$ins_id = mysql_insert_id();
echo 'sucess';
}
}
break;
default:
die('This Action Does Not Exists');
break;
}
}
<a href="#" style="float:right" data-reveal-id="new_' . $row["id"] . '" class="radius button">Leia Mais…</a>
<br><br><br>
</div>
</li>
';
$c++;
}
?>
</ul>
<?php
$query_display = Transaction::query("SELECT * FROM mobbo_news");
$row_news = Transaction::num_rows($query_display);
if ($row_news == 0) {
echo ' ';
}
$query = Transaction::query("SELECT * FROM mobbo_news ORDER BY published DESC LIMIT 4");
$c = 0;
while ($row = Transaction::fetch($query)) {
$display = 'block';
if ($c > 0) {
$display = 'none';
}
$imageme = $row['image'];
if (strpos($imageme, "#") !== false) {
$backgrounde = 'background:' . $imageme . ' !important;';
} else {
$backgrounde = 'background:url(' . $imageme . ') !important;';
}
echo '
<div id="new_' . $row["id"] . '" class="reveal-modal xlarge" data-reveal>
<div class="interior-header green" id="lolca" style="margin-top: -30px;height: 110px !important;background:#eee;background-position-y: -4px !important;">
function parsePlugins()
{
$types = array();
$result = Transaction::query("SELECT * FROM mobbo_plugins");
while ($row = Transaction::fetch($result)) {
$name = $row['plugin_name'];
$code = $row['mobbo_code'];
$types[$name] = $code;
}
if (count($types) > 0) {
foreach ($types as $tag => $data) {
$query2 = Transaction::query("SELECT * FROM mobbo_plugins WHERE plugin_name = '{$tag}' LIMIT 1");
$string = '{{' . $tag . '}}';
if (strpos($this->output, $string)) {
$PluginCode = Transaction::fetch($query2);
$text = $PluginCode['mobbo_code'];
$text = eval('?>' . $text . '<?php ');
$this->output = str_replace('{{' . $tag . '}}', $text, $this->output);
}
}
} else {
$this->output = $this->output;
}
}
Transaction::query("INSERT INTO stafflogs (action,message,note,userid,targetid,timestamp) VALUES ('Housekeeping','Alterou as configuraes do Hotel','settings.php','" . $my_id . "','0','" . $date_full . "')");
Transaction::query("UPDATE mobbo_settings SET valuer = '" . $_POST['url'] . "' WHERE variabler = 'hotel_url'");
Transaction::query("UPDATE mobbo_settings SET valuer = '" . $_POST['mobbo_name'] . "' WHERE variabler = 'hotel_name'");
Transaction::query("UPDATE mobbo_settings SET valuer = '" . $_POST['maintenance'] . "' WHERE variabler = 'maintenance'");
Transaction::query("UPDATE mobbo_settings SET valuer = '" . $_POST['mobbo_maintenancet'] . "' WHERE variabler = 'maintenance_text'");
Transaction::query("UPDATE mobbo_settings SET valuer = '" . $_POST['mobbo_ticket'] . "' WHERE variabler = 'mobbo_ticket'");
$msg = "<div class='rounded rounded-green'><center>Alteraes salvas com sucesso <img src=\"./w/images/check.gif\"></center></div>";
} else {
$msg = "<div class='rounded rounded-red'><center>No foi possvel salvar as alteraes <img src=\"./w/images/del.gif\"></center></div>";
}
}
$mobbo_url = Transaction::fetch($mobbo_url = Transaction::query("SELECT * FROM mobbo_settings WHERE variabler = 'hotel_url'"));
$mobbo_name = Transaction::fetch($mobbo_name = Transaction::query("SELECT * FROM mobbo_settings WHERE variabler = 'hotel_name'"));
$mobbo_maintenance = Transaction::fetch($mobbo_maintenance = Transaction::query("SELECT * FROM mobbo_settings WHERE variabler = 'maintenance'"));
$mobbo_maintenancet = Transaction::fetch($mobbo_maintenancet = Transaction::query("SELECT * FROM mobbo_settings WHERE variabler = 'maintenance_text'"));
$mobbo_ticket = Transaction::fetch($mobbo_ticket = Transaction::query("SELECT * FROM mobbo_settings WHERE variabler = 'hotel_ticket'"));
$pageid = "settings";
@(include 'subheader.php');
if (isset($msg)) {
?>
<p><strong><?php
echo $msg;
?>
</strong></p><?php
}
?>
<form action='<?php
echo $adminpath;
?>
/p/settings&do=save' method='post' name='theAdminForm' id='theAdminForm'>
<?php
if (!file_exists('trava.php')) {
@(include '../CORE.php');
Transaction::open(array('user' => $host_user, 'pass' => $host_pass, 'name' => $host_db, 'type' => $host_type, 'port' => $host_port, 'host' => $host));
$conn = Transaction::get();
$file = file_get_contents('install.sql');
Transaction::query($file);
if (isset($_SESSION['hotel_name'])) {
$hotelname = $_SESSION['hotel_name'];
$hosting = $_SESSION['host_url'];
Transaction::query("UPDATE mobbo_settings SET value = '" . $hotelname . "' WHERE variable = 'hotel_name'");
Transaction::query("UPDATE mobbo_settings SET value = '" . $hosting . "' WHERE variable = 'hotel_url'");
}
$mensagem = "Setup Travado";
$log = fopen("trava.php", "a+");
fwrite($log, $mensagem);
$a = 1;
if ($a == 1) {
echo '<META HTTP-EQUIV="Refresh" CONTENT="10; URL=../index.php">';
}
?>
<html class=" js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths" lang="en" data-useragent="Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36" style=""><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<title> mobbo - Welcome </title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" href="../favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="./gallery/css/foundation.css" />
<link rel="stylesheet" href="./gallery/css/cms.css" />
<link type="text/css" rel="stylesheet" href="./gallery/css/marketing.css">
</head>
Transaction::query("UPDATE `users` SET `auth_ticket` = '" . Security::GenerateTicket() . "', `ip_last` = '" . $myrealip . "' WHERE id = '" . $id . "'") or die(mysql_error());
} else {
Transaction::query("UPDATE `users` SET `auth_ticket` = '" . Security::GenerateTicket() . "', `ip_last` = '" . $myrealip . "' WHERE id = '" . $id . "'") or die(mysql_error());
$ticketsql = Transaction::query("SELECT auth_ticket FROM users WHERE id = '" . $id . "'") or die(mysql_error());
$ticketrow = Transaction::fetch($ticketsql);
}
} else {
$SQL = Transaction::query("SELECT auth_ticket FROM users WHERE fb_id = '" . $fb_id . "'");
echo mysql_error();
$N = Transaction::num_rows($SQL);
if ($N == 0) {
Transaction::query("UPDATE `users` SET `auth_ticket` = '" . Security::GenerateTicket() . "', `ip_last` = '" . $myrealip . "' WHERE fb_id = '" . $fb_id . "'") or die(mysql_error());
} else {
Transaction::query("UPDATE `users` SET `auth_ticket` = '" . Security::GenerateTicket() . "', `ip_last` = '" . $myrealip . "' WHERE fb_id = '" . $fb_id . "'") or die(mysql_error());
}
$ticketsql = Transaction::query("SELECT auth_ticket FROM users WHERE fb_id = '" . $fb_id . "'") or die(mysql_error());
$ticketrow = Transaction::fetch($ticketsql);
}
logs::mobbo_log("client");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
<title><?php
echo $sitename;
?>
</title>
<script type="text/javascript">
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='10%'>Nome</td>
<td class='tablesubheader' width='15%' align='left'>E-Mail</td>
<td class='tablesubheader' width='10%' align='left'>IP(Registro)</td>
<td class='tablesubheader' width='10%' align='left'>IP(Última vez)</td>
<td class='tablesubheader' width='20%' align='left'>Última vez no Hotel</td>
<td class='tablesubheader' width='20%' align='left'>Data de registro</td>
<td class='tablesubheader' width='10%' align='left'>Estado</td>
<td class='tablesubheader' width='10%' align='left'>Banido</td>
<td class='tablesubheader' width='10%' align='left'>Editar</td>
</tr>
<?php
while ($row = Transaction::fetch($get_users)) {
$get_banns = Transaction::query("SELECT * FROM bans WHERE value = '" . $row['id'] . "' AND bantype = 'user' OR value = '" . $row['ip_last'] . "' AND bantype = 'ip'");
if ($row['online'] > 0) {
$status = "Online";
} else {
$status = "Offline";
}
if (Transaction::num_rows($get_banns) > 0) {
$color = "Verde";
$text = "Sim";
} else {
$color = "Vermelho";
$text = "No";
}
?>
<tr>
Transaction::query("INSERT INTO credit_vouchers (code,value) VALUES ('" . Security::textFilter($_POST['voucher']) . "','" . Security::textFilter($_POST['credits']) . "')");
$msg = "<div class='rounded rounded-green'><center>Cdigo criado corretamente! <img src=\"./w/images/check.gif\"></center></div>";
} else {
$msg = "<div class='rounded rounded-red'><center>Preencha todos os campos!. <img src=\"./w/images/del.gif\"></center></div>";
}
}
function randomVoucher($code)
{
$characters = "1234567890abdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$key = $characters[rand(0, 71)];
for ($i = 1; $i < $code; $i++) {
$key .= $characters[rand(0, 71)];
}
return $key;
}
$get_vouchers = Transaction::query("SELECT * FROM credit_vouchers");
@(include 'subheader.php');
if (isset($msg)) {
?>
<p><strong><?php
echo $msg;
?>
</p></strong><?php
}
?>
<form action='<?php
echo $adminpath;
?>
/p/vouchers&do=create' method='post' name='theAdminForm' id='theAdminForm'>
<?php
/*
Hooks System 0.1a - mobbo 6.0
:: NAME :: Users With More Duckets
:: VERSION :: 1.0
:: AUTHOR :: bi0s
*/
$query1 = Transaction::query("SELECT * FROM users ORDER BY activity_points DESC LIMIT 4");
while ($row = Transaction::fetch($query1)) {
$query2 = Transaction::query("SELECT * FROM users WHERE id = '" . $row['id'] . "' ORDER BY username ASC LIMIT 4");
while ($row2 = Transaction::fetch($query2)) {
echo '<a class="th" style="border-radius: 50px;margin-right:6px;height: 92px;width: 90px;overflow: hidden;"><img style="margin-left:9px" data-tooltip class="has-tip" title="' . $row2['username'] . ', com ' . $row2['activity_points'] . ' duckets" src="http://habbo.de/habbo-imaging/avatarimage?figure=' . $row2['look'] . '" data-reveal-id="homeswall" onclick=\'loadHomes("' . $row2['username'] . '")\'></a>   ';
}
}
} else {
$owner = 'yesiamtheowner';
}
$user_rank = mobbo::users_info('rank');
if ($user_rank > 3 && $logged_in or !$logged_in) {
$hkzone = true;
$p = Security::textFilter($_GET['p']);
$do = Security::textFilter($_GET['do']);
$page = Security::textFilter($_GET['page']);
$key = Security::textFilter($_GET['key']);
$search = Security::textFilter($_POST['search']);
if (mobbo::session_is_registered('acp')) {
$session = $_SESSION['acp'];
$admin_username = $_SESSION['hkusername'];
$admin_password = $_SESSION['hkpassword'];
$check = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $myrow['username'] . "' AND `rank` > 5 LIMIT 1");
$valid = Transaction::num_rows($check);
if ($valid > 0) {
$tmp = Transaction::fetch($check);
if ($p == "logout") {
session_destroy();
$notify_logout = true;
include 'login.php';
} elseif ($p == "home") {
$tab = 1;
require_once 'home.php';
} elseif ($p == "test") {
$tab = 1;
require_once 'test.php';
} elseif ($p == "banners") {
$tab = 3;
public static function Delete($template)
{
$path = TEMPLATES . $template . '/';
if (Files::del_dir($path)) {
Transaction::query("DELETE FROM mobbo_templates WHERE path = '" . $template . "'");
return 1;
} else {
return 0;
}
}
public static function query($query)
{
$ip = $_SERVER['REMOTE_ADDR'];
Transaction::log("A Seguinte Query Fo Feita: {$query} ;", "sql");
return Transaction::query($query);
}
/manage/hotel/de/housekeeping/p/banners&do=save' method='post' name='theAdminForm' id='theAdminForm'>
<div class='tableborder'>
<div class='tableheaderalt'><center>Banners - Información general</center></div>
<table cellpadding='4' cellspacing='0' width='100%'>
<tr>
<td class='tablesubheader' width='1%' align='center'>ID</td>
<td class='tablesubheader' width='10%' align='center'>Texto</td>
<td class='tablesubheader' width='10%' align='center'>Imagen</td>
<td class='tablesubheader' width='10%' align='center'>URL</td>
<td class='tablesubheader' width='10%' align='center'>HTML</td>
<td class='tablesubheader' width='1%' align='center'>Editar</td>
<td class='tablesubheader' width='1%' align='center'>Borrar</td>
</tr>
<?php
$get_banners = Transaction::query("SELECT * FROM mobbo_banners ORDER BY id");
while ($row = Transaction::fetch($get_banners)) {
?>
<tr>
<td class='tablerow1' align='center'><?php
echo $row['id'];
?>
</td>
<td class='tablerow2' align='center'><?php
echo $row['text'];
?>
</td>
<td class='tablerow2' align='center'><?php
echo $row['banner'];
?>
