$owner = 'yesiamtheowner';
} else {
$owner = 'imnot';
}
} else {
$owner = 'yesiamtheowner';
}
$user_rank = mobbo::users_info('rank');
if ($user_rank > 3 && $logged_in or !$logged_in) {
$hkzone = true;
$p = Security::textFilter($_GET['p']);
$do = Security::textFilter($_GET['do']);
$page = Security::textFilter($_GET['page']);
$key = Security::textFilter($_GET['key']);
$search = Security::textFilter($_POST['search']);
if (mobbo::session_is_registered('acp')) {
$session = $_SESSION['acp'];
$admin_username = $_SESSION['hkusername'];
$admin_password = $_SESSION['hkpassword'];
$check = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $myrow['username'] . "' AND `rank` > 5 LIMIT 1");
$valid = Transaction::num_rows($check);
if ($valid > 0) {
$tmp = Transaction::fetch($check);
if ($p == "logout") {
session_destroy();
$notify_logout = true;
include 'login.php';
} elseif ($p == "home") {
$tab = 1;
require_once 'home.php';
} elseif ($p == "test") {
<?php
/* Security Proof */
$included_files = 2345;
$included_files = get_included_files();
if (!in_array($_SERVER['DOCUMENT_ROOT'] . '\\CORE.php', $included_files)) {
die;
}
if ($hkzone !== true) {
header("Location: index.php?throwBack=true");
exit;
}
if (!mobbo::session_is_registered(acp)) {
header("Location: p/login");
exit;
}
$pagename = "Home";
$pageid = "home";
@(include 'subheader.php');
@(include 'header.php');
?>
<style>
table { border: 1px solid white; }
</style>
<table cellpadding='0' cellspacing='8' width='100%' id='tablewrap'>
<tr>
<td width='100%' valign='top' id='rightblock'>
if (isset($_POST['username'])) {
$form_name = addslashes($_POST['username']);
$form_pass = mobbo::HoloHash($_POST['password']);
$form_pass2 = mobbo::HoloHashMD5($_POST['password']);
$form_code = $_POST['codeword'];
$check = Transaction::query("SELECT * FROM users WHERE username = '******' AND password = '******' AND rank > 3 or username = '******' AND password = '******' AND rank > 3 LIMIT 1");
$valid = Transaction::num_rows($check);
if (!empty($form_name) && !empty($form_pass)) {
if ($valid > 0) {
$row = Transaction::fetch($check);
$_SESSION['acp'] = true;
$_SESSION['hkusername'] = $row['username'];
$_SESSION['hkpassword'] = $form_pass2;
$_SESSION['hkcode'] = $form_code;
$my_id = $row['id'];
if (!mobbo::session_is_registered(username)) {
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $form_pass2;
$_SESSION['code'] = $form_code;
}
Transaction::query("UPDATE users SET ip_last = '" . $remote_ip . "' WHERE id = '" . $row['id'] . "' LIMIT 1");
Transaction::query("INSERT INTO stafflogs (action,message,note,userid,targetid,timestamp) VALUES ('Housekeeping','Login (IP: " . $remote_ip . ")','login.php','" . $my_id . "','0','" . $date_full . "')");
if ($_POST['headerclient'] == true) {
header("location: {$path}/client");
exit;
} else {
header("location: " . $adminpath . "/p/home");
exit;
}
} else {
$msg = "Nome de usuario, senha o Habbo ID incorrectos.";
$logged_in = false;
}
// check the maintenance
if (mobbo::mobbo_settings('maintenance') == 1) {
if (!isset($_GET['actions']) and $_GET['actions'] != '405') {
if (!isset($_SESSION['id']) or mobbo::users_info('rank') < 5) {
header("Location: /action/405");
}
}
}
// say to the system what its the filename
$pagina = $_SERVER['PHP_SELF'];
/*
*
* End of the Habbo Environment Parsering
*
*/
/*
*
* Index.php - main file.
*
*/
if (isset($_GET['settings'])) {
$vars = mobbo::array_explode_with_keys(htmlentities($_GET['settings']));
} else {
$vars = array('languages' => 1, 'settings' => 1);
}
$page = new Pages($vars);
echo $page->show();
die;
// End of File
echo $row['image'];
?>
"></td>
<td class='tablerow2' align='center'><?php
echo $row['name'];
?>
</td>
<td class='tablerow2' align='center'><?php
echo $row['dolares'];
?>
</td>
<td class='tablerow2' align='center'><a class="small button" onclick="buyItem ('<?php
echo $row['image'];
?>
');">Comprar</a></td>
<?php
if (mobbo::users_info('rank') >= 6) {
?>
<td class='tablerow2' align='center'><a href='../acp/index/p/marktplatzdo&do=edit&key=<?php
echo $row['id'];
?>
' class='small button'>Editar</a></td>
<td class='tablerow2' align='center'><a href='../acp/index/p/marktplatzdo&do=delete&key=<?php
echo $row['badge_id'];
?>
' class='small button alert'>Deletar</a></td><?php
}
?>
</tr>
<?php
}
function parseHomes()
{
$id = htmlentities($this->geton);
$ide = mobbo::users_info('username', $id);
$query = Transaction::query("SELECT * FROM users_homes WHERE username = '******' LIMIT 1");
$row = Transaction::fetch($query);
foreach ($row as $tag => $data) {
$query2 = Transaction::query("SELECT * FROM users_homes WHERE username = '******' LIMIT 1");
$string = '}[' . $tag . ']{';
if (strpos($this->output, $string)) {
$PluginCode = Transaction::fetch($query2);
$text = $PluginCode[$tag];
$this->output = str_replace('}[' . $tag . ']{', $text, $this->output);
}
}
}
public static function show($actions = array())
{
$action = htmlspecialchars($actions);
switch ($action) {
case "login":
if (isset($_POST['username'])) {
if (isset($_POST['password'])) {
$email = Security::textFilter($_POST['username']);
$password = md5(Security::textFilter($_POST['password']));
$find_user2 = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $email . "'");
$user_info2 = Transaction::fetch($find_user2);
$find_user = Transaction::query("SELECT * FROM `users` WHERE `mail` = '" . $email . "'");
$user_info = Transaction::fetch($find_user);
if ($user_info['password'] == $password or $user_info2['password'] == $password) {
$queryban = Transaction::query("SELECT * FROM `bans` WHERE `value` = '" . $user_info['username'] . "' OR `value` = '" . $user_info2['username'] . "' LIMIT 1");
if (Transaction::num_rows($queryban) > 0) {
$fetchban = Transaction::fetch($queryban);
header("location: ../index.php?ban=" . $fetchban['value'] . "&reason=" . $fetchban['reason'] . "&time=" . $fetchban['expire'] . "&true=1");
exit;
}
if (!empty($user_info)) {
$_SESSION['id'] = $user_info['id'];
$_SESSION['userid'] = $user_info['id'];
$rawhotel = md5($user_info['id'] + $user_info['username'] + $user_info['password'] + Security::getUserIP());
setcookie('rawsessionhotel', $rawhotel);
} elseif (!empty($user_info2)) {
$_SESSION['id'] = $user_info2['id'];
$_SESSION['userid'] = $user_info2['id'];
$rawhotel = md5($user_info2['id'] + $user_info2['username'] + $user_info2['password'] + Security::getUserIP());
setcookie('rawsessionhotel', $rawhotel);
}
header("location: me");
if ($_SESSION['login_try'] > 0) {
$_SESSION['login_try'] = 0;
}
exit;
} else {
$_SESSION['login_try'] = $_SESSION['login_try'] + 1;
header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1");
exit;
}
} else {
$_SESSION['login_try'] = $_SESSION['login_try'] + 1;
header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1");
exit;
}
} else {
$_SESSION['login_try'] = $_SESSION['login_try'] + 1;
header("location: ../index.php?erroro=" . $_POST['username'] . "&type=2");
exit;
}
break;
case "logout":
session_destroy();
setcookie('rawsessionhotel', '0');
header("location: ../index.php");
break;
case "404":
$ok = <<<PAGE
<html>
<title>404</title>
\t <meta charset="utf-8">
<link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css">
</head>
<body style="">
<section id="oops" style="width: 100%;">
<div class="row">
<div class="large-9 medium-9 small-12 columns small-centered">
<h5>404: Página não Encontrada</h5>
<h1 class="oversized">Esta página não existe...</h1>
<p class="lead bottom40">Você pode tentar recarregar a página indo na <a href="./">homepage.</a></p>
</div>
</div>
</section>
<a class="exit-off-canvas"></a>
</div>
</div>
</body></html>
PAGE;
echo $ok;
break;
case "405":
$maintenance_text = mobbo::mobbo_settings('maintenance_text');
$ok = <<<PAGE
<html>
\t\t\t\t\t <meta charset="utf-8">
<title>405</title>
<link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css">
</head>
<body style="">
<section id="oops" style="width: 100%;">
<div class="row">
<div class="large-9 medium-9 small-12 columns small-centered">
<h5>405: Estamos em Manutencao</h5>
<h1 class="oversized">Opa! Manutencao.</h1>
<p class="lead bottom40"><b>Motivo:</b> {$maintenance_text} <a href="/">Voltar a Home Page</a></p>
</div>
</div>
</section>
<a class="exit-off-canvas"></a>
</div>
</div>
</body></html>
PAGE;
echo $ok;
break;
case 'referidos':
echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
if (!isset($_SESSION['id'])) {
$ip = $_SERVER['REMOTE_ADDR'];
$usuario = htmlentities($_GET['referido']);
$query1 = Transaction::query("SELECT ip_referida FROM users_referidos WHERE ip_referida = '" . $ip . "' LIMIT 1");
if (Transaction::num_rows($query1) > 0) {
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
IP Ja Registrado, voce nao Pode se Registrar por Este Referido.
<a href="#" class="close">×</a>
</div>';
} else {
$_SESSION['referido'] = $ip;
$_SESSION['referiduser'] = $usuario;
header("Location: /registro");
}
}
break;
case 'erroro':
echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
$erroro = htmlentities(addslashes($_GET['erroro']));
if ($_GET['type'] == 1) {
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
' . $erroro . ', Suas Credenciais de Logins sao Invalidas, e essa senha Mesmo?
<a href="#" class="close">×</a>
</div>';
}
if ($_GET['type'] == 2) {
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
' . $erroro . ', Este usuario nao Existe, tem Certeza?
<a href="#" class="close">×</a>
</div>';
}
break;
case 'ban':
echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">';
$user = htmlentities(addslashes($_GET['ban']));
$reason = htmlentities(addslashes($_GET['reason']));
$reason = htmlentities(addslashes($_GET['expire']));
echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;">
' . $user . ', Você foi Banido, Pelo Seguinte Motivo: ' . $reason . ', Entre em Contato com os Admins!
<a href="#" class="close">×</a>
</div>';
break;
case 'registro':
if (isset($_POST['username']) && isset($_POST['mail']) && isset($_POST['pass'])) {
$usuario = Security::textFilter(htmlentities($_POST['username']));
$mail = Security::textFilter(htmlentities($_POST['mail']));
$pass = Security::textFilter(htmlentities(md5($_POST['pass'])));
$firstn = Security::textFilter(htmlentities($_POST['firstname']));
$lastn = Security::textFilter(htmlentities($_POST['lastname']));
$query = Transaction::query("SELECT `id` FROM `users` WHERE `mail` = '" . $mail . "'");
if (Transaction::num_rows($query) == 0) {
$query = Transaction::query("SELECT `id` FROM `users` WHERE `username` = '" . $usuario . "'");
if (Transaction::num_rows($query) == 0) {
if (strlen($_POST['pass']) > 5) {
if (preg_match('`[a-z]`', $_POST['pass'])) {
if (preg_match('`[0-9]`', $_POST['pass'])) {
if (count(explode(' ', $usuario)) > 1) {
echo 'Sem Espaço Em Branco Pls';
} else {
if (mb_strlen($usuario) <= 25) {
Transaction::query("INSERT INTO `users` (`username`, `password`, `mail`) VALUES ('" . $usuario . "', '" . $pass . "', '" . $mail . "');");
$get_id = Transaction::query("SELECT id FROM `users` WHERE `username` = '" . $usuario . "';");
$get_id_result = Transaction::fetch($get_id);
$_SESSION['id'] = $get_id_result['id'];
$_SESSION['userid'] = $get_id_result['id'];
$_SESSION['step'] = 0;
if (isset($_SESSION['referido'])) {
$ip = htmlentities($_SESSION['referido']);
$userne = htmlentities($_SESSION['referiduser']);
Transaction::query("INSERT INTO users_referidos (usuario, ip_referida) VALUES ('" . $userne . "', '" . $ip . "');");
$_SESSION['referido'] = NULL;
}
echo 'OKAY';
} else {
echo 'Menos Caracteres Pls';
}
}
} else {
echo 'Esta senha a muito curta e/ou invalida';
}
} else {
echo 'Esta senha a muito curta e/ou invalida';
}
} else {
echo 'Esta senha a muito curta e/ou invalida';
}
} else {
echo 'Esse Usuario ja Existe';
}
} else {
echo 'Este e-mail esta em uso';
}
} else {
echo 'Erro...';
}
break;
case 'editarhome':
if (isset($_POST['texto'])) {
$username = htmlentities($_POST['username']);
$texto = htmlentities(addslashes($_POST['texto']));
$fundo = htmlentities(addslashes($_POST['fundo']));
$cores = htmlentities($_POST['cor']);
$video = htmlentities($_POST['video']);
if (!empty($texto)) {
Transaction::query("UPDATE users_homes SET texto = '" . $texto . "' WHERE username = '******'");
}
if (!empty($video)) {
Transaction::query("UPDATE users_homes SET video = '" . $video . "' WHERE username = '******'");
}
if (!empty($cores)) {
Transaction::query("UPDATE users_homes SET cores = '" . $cores . "' WHERE username = '******'");
}
if (!empty($fundo)) {
Transaction::query("UPDATE users_homes SET fundo = '" . $fundo . "' WHERE username = '******'");
}
}
break;
case 'editarfundo':
$fundo = htmlentities($_POST['fundo']);
$words = array('http://', 'www.');
if (strpos($fundo, $words[0]) !== false or strpos($fundo, $words[1]) !== false) {
$fundo = 'url(' . $fundo . ')';
}
$username = htmlentities($_POST['username']);
$user = mobbo::users_info('username');
if ($username == $user) {
Transaction::query("UPDATE users SET fundom = '" . $fundo . "' WHERE username = '******'");
}
break;
case 'colocarmanutencao':
if (mobbo::users_info("rank") >= 6) {
if (mobbo::mobbo_settings("maintenance") == 0) {
Transaction::query("UPDATE mobbo_settings SET value = '1' WHERE variable = 'maintenance'");
} elseif (mobbo::mobbo_settings("maintenance") == 1) {
Transaction::query("UPDATE mobbo_settings SET value = '0' WHERE variable = 'maintenance'");
}
header("Location: /me");
} else {
header("Location: /me");
}
break;
case 'compraritem':
$fetch = 0;
$cat = 0;
$query = 0;
if (isset($_POST['cat'])) {
$cat = htmlentities(addslashes($_POST['cat']));
$query = Transaction::query("SELECT * FROM mobbo_marktplatzvip WHERE id = '" . $cat . "' LIMIT 1");
$fetch = Transaction::fetch($query);
$dolares = $fetch['dolares'];
if (mobbo::users_info('dolares') >= $dolares) {
$queryCheck = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . mobbo::users_info('id') . "' AND badge_id = '" . $cat . "' LIMIT 1");
if (Transaction::num_rows($queryCheck) < 1) {
Transaction::query("UPDATE users SET dolares = dolares-'" . $fetch['dolares'] . "' WHERE id = '" . mobbo::users_info('id') . "' LIMIT 1");
Transaction::query("INSERT INTO user_badges (user_id, badge_id) VALUES ('" . mobbo::users_info('id') . "','" . $cat . "')");
$dolares = mobbo::users_info('dolares');
echo "Item Comprado com Sucesso, Seu Balanço de Dolares agora é de {$dolares}";
} else {
echo "Você já Possui este Emblema";
}
} else {
echo "Você Não Possui Dolares Suficientes";
}
} else {
echo "Você é um Hacker ?";
}
break;
case 'wallupdate':
if (isset($_POST['update'])) {
//insert into wall table
$message = Security::textFilter($_POST['update']);
if ($message != "") {
$image = '';
$time = time();
$video = '';
$userid = mobbo::users_info('id');
$query = Transaction::query("INSERT INTO `posts` (`desc`, `image_url`, `vid_url`,`date`,`userid`) VALUES ('{$message}', '{$image}', '{$video}','{$time}', '{$userid}')");
$ins_id = mysql_insert_id();
echo 'sucess';
}
}
break;
default:
die('This Action Does Not Exists');
break;
}
}
<?php
/*
Hooks System 0.1a - mobbo 6.0
:: NAME :: Message from Home
:: VERSION :: 1.0
:: AUTHOR :: bi0s
*/
if (mobbo::mobbo_settings('maintenance') == 1) {
?>
<div data-alert class="alert-box alert">
[{(33)}]
<a href="#" class="close">×</a>
</div>
<?php
}
?>
<div data-alert class="alert-box success">
Olá, [{(34)}]
<?php
date_default_timezone_set("Brazil/East");
$meses = array(1 => "Janeiro", 2 => "Fevereiro", 3 => "Março", 4 => "Abril", 5 => "Maio", 6 => "Junho", 7 => "Julho", 8 => "Agosto", 9 => "Setembro", 10 => "Outubro", 11 => "Novembro", 12 => "Dezembro");
$diasdasemana = array(1 => "Segunda-Feira", 2 => "Terça-Feira", 3 => "Quarta-Feira", 4 => "Quinta-Feira", 5 => "Sexta-Feira", 6 => "Sábado", 0 => "Domingo");
$hoje = getdate();
$dia = $hoje["mday"];
$mes = $hoje["mon"];
$nomemes = $meses[$mes];
$ano = $hoje["year"];
$diadasemana = $hoje["wday"];
$nomediadasemana = $diasdasemana[$diadasemana];
echo " {$nomediadasemana}, {$dia} de {$nomemes} e são: ";
<?php
/*
Hooks System 0.1a - mobbo 6.0
:: NAME :: Reffers of a User
:: VERSION :: 1.0
:: AUTHOR :: bi0s
*/
$query = Transaction::query("SELECT * FROM users_referidos WHERE usuario = '" . mobbo::users_info('username') . "'");
$rows = Transaction::num_rows($query);
if ($rows == NULL or $rows == 0) {
$rows = "Nenhum";
}
?>
<h5 align="center">você tem <span style="font-size:x-large;"><?php
echo $rows;
?>
</span> Referido(s)</h5>
<?php
if ($rows > 0) {
?>
<a href="#" class="button tiny success radius alert" data-dropdown="drop2">Trocar Referidos por Doláres</a>
<div id="drop2" class="f-dropdown content medium" data-dropdown-content>
<h4>Compras</h4>
<p>Atenção se você tiver 5 Referidos, Ganha 1 Dolar, se Você tiver 10 Referidos Ganha 2 Dolares, Assim Vai Adiante até 40 Referidos Que Ganha 8 Dolares, Se Você tiver 40 Referidos Automaticamente Ganha 8 Dolares, não Há como Escolher a Opção de Trocar 5 Referidos, Se você tiver mais de 40 Referidos basta Apenas Trocar Mais Uma Vez, E Assim Por Diante.</p>
<p>Grato, A Direção.</p>
<a class="button tiny success radius" href="/loja?buy=dolares">Trocar Os Seus Referidos por Doláre(s)</a>
</div>
<?php
}
<?php
/*
Hooks System 0.1a - mobbo 6.0
:: NAME :: Admin Reffers
:: VERSION :: 1.0
:: AUTHOR :: bi0s
*/
if (mobbo::users_info('rank') >= 6) {
?>
<div class="large-6 columns">
<div class="panel">
<h4>Admin</h4>
<h5>Admin, se você quiser checar a quantidade de referidos de alguem coloque o nome dele a seguir</h5>
<form method="post">
<input type="text" name="usernameCheck" maxlenght="100" placeholder="Digite o Nome Aqui"/><input type="submit" value="Checar" class="button tiny success radius small"/>
</form>
</div>
<div class="panel"><br>
<h4>Seus Doláres</h4><br>
<h5 align="center">você tem <span style="font-size:x-large;"><?php
echo mobbo::users_info('dolares');
?>
</span> Doláres</h5>
</div>
</div>
<?php
}
<?php
if ($hkzone !== true) {
header("Location: index.php?throwBack=true");
exit;
}
if (empty($pagename)) {
$pnme = "Painel de Controle";
} else {
$pnme = "Painel de Controle - " . $pagename . " ";
}
$search = Security::textFilter($_POST['search']);
$searchheader = Security::textFilter($_POST['searchheader']);
$username = mobbo::users_info('username');
if (isset($_POST['searchname'])) {
if ($check = Transaction::num_rows($sql = Transaction::query("SELECT * FROM users WHERE username = '******'searchname']) . "' LIMIT 1")) > 0) {
$rowid = Transaction::fetch($sql);
header("location: " . $adminpath . "/p/users_edit&key=" . $rowid['id'] . "");
} else {
echo "<script>alert(\"Der Username " . $_POST['searchname'] . " konnte nicht gefunden werden!\")</script>";
}
}
?>
<html class=" js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths" lang="en" data-useragent="Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36" style=""><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<head>
<base href="<?php
echo $adminpath;
?>
">
<meta http-equiv="content-t ype" content="text/html; charset=iso-8859-1" />
