// Alart #defcon? if ($loguser['lastip'] != $_SERVER['REMOTE_ADDR']) { $ip1 = explode(".", $loguser['lastip']); $ip2 = explode(".", $_SERVER['REMOTE_ADDR']); for ($diff = 0; $diff < 3; ++$diff) { if ($ip1[$diff] != $ip2[$diff]) { break; } } if ($diff == 0) { $color = xk(4); } else { $color = xk(8); } $diff = "/" . ($diff + 1) * 8; xk_ircsend("102|" . xk(7) . "User {$loguser['name']} (id {$loguserid}) changed from IP " . xk(8) . $loguser['lastip'] . xk(7) . " to " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . " ({$color}{$diff}" . xk(7) . ")"); } $sql->query("UPDATE users SET lastactivity=" . ctime() . ",lastip='{$userip}',lasturl='" . addslashes($url) . "',lastforum=0,`influence`='{$influencelv}' WHERE id={$loguserid}"); } } else { $sql->query("INSERT INTO guests (ip,date,useragent,lasturl) VALUES ('{$userip}'," . ctime() . ",'" . addslashes($_SERVER['HTTP_USER_AGENT']) . "','" . addslashes($url) . "')"); } $header = makeheader($header1, $headlinks, $header2); $footer = "\t</textarea></form></embed></noembed></noscript></noembed></embed></table></table>\n<br>" . ($loguser['id'] && strpos($PHP_SELF, "index.php") === false ? adbox() . "<br>" : "") . "\n<center>\n\n<!--\n<img src='adnonsense.php?m=d' title='generous donations to the first national bank of bad jokes and other dumb crap people post' style='margin-left: 44px;'><br>\n<img src='adnonsense.php' title='hotpod fund' style='margin: 0 22px;'><br>\n<img src='adnonsense.php?m=v' title='VPS slushie fund' style='margin-right: 44px;'>\n-->\n<br>\n\t{$smallfont}\n\t<br><br><a href={$siteurl}>{$sitename}</a>\n\t<br>" . filter_string($affiliatelinks) . "\n\t<br>\n\t<table cellpadding=0 border=0 cellspacing=2><tr>\n\t\t<td>\n\t\t\t<img src=images/poweredbyacmlm.gif>\n\t\t</td>\n\t\t<td>\n\t\t\t{$smallfont}\n\t\t\tAcmlmboard - <a href='https://github.com/Xkeeper0/jul'>" . (file_exists('version.txt') ? file_get_contents("version.txt") : shell_exec("git log --format='commit %h [%ad]' --date='short' -n 1")) . "</a>\n\t\t\t<br>©2000-" . date("Y") . " Acmlm, Xkeeper, Inuyasha, et al. \n\t\t\t</font>\n\t\t</td>\n\t</tr></table>\n\t" . ($x_hacks['mmdeath'] >= 0 ? "<div style='position: absolute; top: -100px; left: -100px;'>Hidden preloader for doom numbers:\n\t\t<img src='numgfx/death/0.png'> <img src='numgfx/death/1.png'> <img src='numgfx/death/2.png'> <img src='numgfx/death/3.png'> <img src='numgfx/death/4.png'> <img src='numgfx/death/5.png'> <img src='numgfx/death/6.png'> <img src='numgfx/death/7.png'> <img src='numgfx/death/8.png'> <img src='numgfx/death/9.png'>" : "") . "\n<!-- Piwik -->\n<script type=\"text/javascript\">\nvar pkBaseURL = ((\"https:\" == document.location.protocol) ? \"https://stats.tcrf.net/\" : \"http://stats.tcrf.net/\");\ndocument.write(unescape(\"%3Cscript src='\" + pkBaseURL + \"piwik.js' type='text/javascript'%3E%3C/script%3E\"));\n</script><script type=\"text/javascript\">\ntry {\nvar piwikTracker = Piwik.getTracker(pkBaseURL + \"piwik.php\", 4);\npiwikTracker.trackPageView();\npiwikTracker.enableLinkTracking();\n} catch( err ) {}\n</script><noscript><p><img src=\"http://stats.tcrf.net/piwik.php?idsite=4\" style=\"border:0\" alt=\"\" /></p></noscript>\n<!-- End Piwik Tag -->\n<!--<script type=\"text/javascript\" src=\"http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.6.min.js\"></script>\n<script type=\"text/javascript\" src=\"js/useful.js\"></script> -->\n\n</body></html>\n "; if ($ipbanned) { if ($loguser['title'] == "Banned; account hijacked. Contact admin via PM to change it.") { $reason = "Your account was hijacked; please contact Xkeeper to reset your password and unban your account."; } elseif ($loguser['title']) { $reason = "Ban reason: " . $loguser['title'] . "<br>If you think have been banned in error, please contact Xkeeper."; } else { $reason = $sql->resultq("SELECT `reason` FROM ipbans WHERE {$checkips}", 0, 0);
if ($_POST['action'] == 'saveprofile') { if ($eddateformat == $defaultdateformat) { $eddateformat = ''; } if ($eddateshort == $defaultdateshort) { $eddateshort = ''; } sbr(0, $signature); sbr(0, $bio); sbr(0, $postheader); $minipic = htmlspecialchars($minipic); $avatar = htmlspecialchars($avatar); $birthday = @mktime(0, 0, 0, $bmonth, $bday, $byear); if (!$bmonth && !$bday && !$byear) { $birthday = 0; } //$sql->query("INSERT logs SET useraction ='Edit User ".$user[nick]."(".$user[id]."'"); if ($password) { $passedit = "`password` = '" . getpwhash($password, $userid) . "', "; } if ($sex == -378) { $sex = $sexn; } if ($userid == 1 && $loguserid != 1) { xk_ircsend("1|" . xk(7) . "Someone (*cough{$loguserid}cough*) is trying to be funny..."); } $sql->query("UPDATE `users` SET\r\n\t\t`posts` = '{$numposts}',\r\n\t\t`regdate` = '{$regtime}',\r\n\t\t`name` = '{$username}',\r\n\t\t{$passedit}\r\n\t\t`picture` = '{$picture}',\r\n\t\t`signature` = '{$signature}',\r\n\t\t`bio` = '{$bio}',\r\n\t\t`powerlevel` = '{$powerlevel}',\r\n\t\t`title` = '{$usertitle}',\r\n\t\t`email` = '{$email}',\r\n\t\t`icq` = '{$icq}',\r\n\t\t`aim` = '{$aim}',\r\n\t\t`aka` = '{$aka}',\r\n\t\t`sex` = '{$sex}',\r\n\t\t`homepageurl` = '{$homepage}',\r\n\t\t`timezone` = '{$timezone}',\r\n\t\t`dateformat`\t\t= '{$eddateformat}',\r\n\t\t`dateshort`\t\t\t= '{$eddateshort}',\r\n\t\t`postsperpage` = '{$postsperpage}',\r\n\t\t`realname` = '{$realname}',\r\n\t\t`location` = '{$location}',\r\n\t\t`postbg` = '{$postbg}',\r\n\t\t`postheader` = '{$postheader}',\r\n\t\t`useranks` = '{$useranks}',\r\n\t\t`birthday` = '{$birthday}',\r\n\t\t`minipic` = '{$minipic}',\r\n\t\t`homepagename` = '{$pagename}',\r\n\t\t`scheme` = '{$sscheme}',\r\n\t\t`threadsperpage` = '{$threadsperpage}',\r\n\t\t`viewsig` = '{$viewsig}',\r\n\t\t`layout` = '{$tlayout}'," . "`moodurl` = '{$moodurl}',\r\n\t\t`profile_locked` = '{$profile_locked}',\r\n\t\t`editing_locked` = '{$editing_locked}',\r\n\t\t`titleoption` = '{$titleoption}'\r\n\tWHERE `id` = '{$userid}'") or print mysql_error(); print "\r\n\t{$tblstart}\r\n\t {$tccell1}>Thank you, {$loguser['name']}, for editing this user.<br>\r\n\t " . redirect("profile.php?id={$userid}", "view {$username}'s profile", 0) . "\r\n\t{$tblend}"; } print $footer; printtimedif($startingtime);
die("F**k off, forever."); } if (empty($_COOKIE)) { // Some lame botnet that keeps refreshing this page every second or so. xk_ircsend("102|". date("Y-m-d h:i:s") ." - ".xk(7)."IP address ". xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) ." is being slightly less weird, but still weird. ". xk(5) ."(UA: ". $_SERVER['HTTP_USER_AGENT'] .")"); header("Location: http://". $_SERVER['REMOTE_ADDR'] ."/"); die("Don't be weird."); } */ $time = filter_int($_GET['time']) ? $_GET['time'] : 300; // FOR THE LOVE OF GOD XKEEPER JUST GIVE ME ~NUKE ACCESS $banorama = $_SERVER['REMOTE_ADDR'] == $x_hacks['adminip'] || $loguser['id'] == 1 || $loguser['id'] == 5 || $loguser['id'] == 2100; if ($banorama && filter_string($_GET['banip']) && filter_string($_GET['valid']) == md5($_GET['banip'] . "aglkdgslhkadgshlkgds")) { $sql->query("INSERT INTO `ipbans` SET `ip` = '" . $_GET['banip'] . "', `reason`='online.php ban', `date` = '" . ctime() . "', `banner` = '{$loguserid}'") or print mysql_error(); // if ($_GET['uid']) mysql_query("UPDATE `users` SET `powerlevel` = -1, `title` = 'Banned; account hijacked. Contact admin via PM to change it.' WHERE `id` = '". $_GET['uid'] ."'") or print mysql_error(); xk_ircsend("1|" . xk(8) . $loguser['name'] . xk(7) . " added IP ban for " . xk(8) . $_GET['banip'] . xk(7) . "."); return header("Location: online.php?m=1"); } $sort = filter_bool($_GET['sort']); $lnk = '<a href=online.php' . ($sort ? "?sort=1&" : '?') . 'time'; print "\n\t\t{$header}{$smallfont}\n\t\tShow online users during the last:\n\t\t{$lnk}=60>minute</a> |\n\t\t{$lnk}=300>5 minutes</a> |\n\t\t{$lnk}=900>15 minutes</a> |\n\t\t{$lnk}=3600>hour</a> |\n\t\t{$lnk}=86400>day</a>\n\t"; if ($isadmin) { print '<br>Admin cruft: <a href=online.php' . ($sort ? '?sort=1&' : '?') . "time={$time}>Sort by " . ($sort == 'IP' ? 'date' : 'IP') . "</a>"; } // Logged in users $posters = $sql->query("SELECT id,posts,name,sex,powerlevel,aka,lastactivity,lastip,lastposttime,lasturl,birthday FROM users WHERE lastactivity>" . (ctime() - $time) . ' ORDER BY ' . ($sort == 'IP' && $isadmin ? 'lastip' : 'lastactivity DESC')); print "<br>\n\t{$fonttag} Online users during the last " . timeunits2($time) . ":\n\t{$tblstart}\n\t\t{$tccellh} width=20> </td>\n\t\t{$tccellh} width=200>Username</td>\n\t\t{$tccellh} width=120> Last activity</td>\n\t\t{$tccellh} width=180> Last post</td>\n\t\t{$tccellh} width=*>URL</td>\n\t"; if ($isadmin) { print "{$tccellh} width=120>IP address</td>"; } print "{$tccellh} width=60> Posts</tr>";
function ircerrors($type, $msg, $file, $line, $context) { global $loguser; // They want us to shut up? (@ error control operator) Shut the f**k up then! if (!error_reporting()) { return true; } switch ($type) { case E_USER_ERROR: $typetext = xk(4) . "- Error"; break; case E_USER_WARNING: $typetext = xk(7) . "- Warning"; break; case E_USER_NOTICE: $typetext = xk(8) . "- Notice"; break; default: return false; } // Get the ACTUAL location of error for mysql queries if ($type == E_USER_ERROR && substr($file, -9) === "mysql.php") { $backtrace = debug_backtrace(); for ($i = 1; isset($backtrace[$i]); ++$i) { if (substr($backtrace[$i]['file'], -9) !== "mysql.php") { $file = $backtrace[$i]['file']; $line = $backtrace[$i]['line']; break; } } } elseif ($type == E_USER_NOTICE && substr($msg, 0, 10) === "Deprecated") { $backtrace = debug_backtrace(); $file = $backtrace[2]['file']; $line = $backtrace[2]['line']; } $errorlocation = str_replace($_SERVER['DOCUMENT_ROOT'], "", $file) . " #{$line}"; xk_ircsend("102|" . ($loguser['id'] ? xk(11) . $loguser['name'] . ' (' . xk(10) . $_SERVER['REMOTE_ADDR'] . xk(11) . ')' : xk(10) . $_SERVER['REMOTE_ADDR']) . " {$typetext}: " . xk() . "({$errorlocation}) {$msg}"); return true; }
if ($_POST['knockout']) { echo "SLAM JAM:\n"; $sql->query("DELETE FROM threads WHERE user = '******' LIMIT 50"); echo "Deleted threads.\n"; $sql->query("DELETE FROM posts_text WHERE pid IN (SELECT id FROM posts WHERE user = '******') LIMIT 50"); $sql->query("DELETE FROM posts WHERE user = '******' LIMIT 50"); echo "Deleted posts.\n"; $sql->query("DELETE FROM users WHERE id = '{$target_id}' LIMIT 1"); $sql->query("DELETE FROM users_rpg WHERE uid = '{$target_id}' LIMIT 1"); echo "Deleted user data.\n"; $new_maxid = intval($sql->resultq("SELECT id FROM users ORDER BY id DESC LIMIT 1")); $sql->query("ALTER TABLE users AUTO_INCREMENT = {$new_maxid}"); echo "Max ID set to {$new_maxid}.\n"; @$sql->query("INSERT INTO `ipbans` SET `ip` = '" . $uinfo['lastip'] . "', `date` = '" . ctime() . "', `reason` = 'Thanks for playing!'"); echo "Delivered IP ban to {$uinfo['lastip']}.\n"; xk_ircsend("1|" . xk(8) . $uinfo['name'] . xk(7) . " (IP " . xk(8) . $uinfo['lastip'] . xk(7) . ") is the latest victim of the new EZ BAN button(tm)."); echo "\n</div>" . redirect("admin-slammer.php", 'the slammer (for another go)', 2); die; } else { $threads = $sql->getarraybykey("SELECT id, forum, title FROM threads WHERE user = '******'", 'id'); $posts = $sql->getarraybykey("SELECT id, thread FROM posts WHERE user = '******'", 'id'); $ct_threads = count($threads); $ct_posts = count($posts); echo "Up on the chopping block today is \"{$uinfo['name']}\".\n\n"; echo "Their last known IP address is \"{$uinfo['lastip']}\".\n\n"; echo "They have made {$ct_threads} thread(s):\n"; foreach ($threads as $th) { echo "{$th['id']}: {$th['title']} (in forum {$th['forum']})\n"; } echo "\nThey have made {$ct_posts} post(s):\n"; foreach ($posts as $po) {
} /* do curl here */ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://" . $_SERVER['REMOTE_ADDR']); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 3); // <---- HERE curl_setopt($ch, CURLOPT_TIMEOUT, 5); // <---- HERE $file_contents = curl_exec($ch); curl_close($ch); if (stristr($file_contents, "proxy") || stristr($file_contents, "forbidden") || stristr($file_contents, "it works") || stristr($file_contents, "anonymous") || stristr($file_contents, "filter") || stristr($file_contents, "panel")) { $adjectives = array("shitlord", "shitheel", "shitbag", "douche", "douchebag", "douchenozzle", "f*****t", "F****R", "script-kiddie", "dumbfuck extraordinare"); shuffle($adjectives); $sql->query("INSERT INTO `ipbans` SET `ip` = '" . $_SERVER['REMOTE_ADDR'] . "', `date` = '" . ctime() . "', `reason` = 'Reregistering f*****t'"); @xk_ircsend("1|" . xk(7) . "Auto-IP banned proxy-abusing {$adjectives['0']} with IP " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . " on registration. (Tried to register with username {$name})"); die("{$tccell1}>Thank you, {$name}, for registering your account.<br>" . redirect('index.php', 'the board', 0) . $footer); } $users = $sql->query('SELECT name FROM users'); $username = substr(trim($name), 0, 25); $username2 = str_replace(' ', '', $username); $username2 = str_replace(' ', '', $username2); $username2 = preg_replace("' 'si", ' ', $username2); $username2 = preg_replace("' 'si", '', $username2); $username2 = stripslashes($username2); print $tblstart; $userid = -1; while ($user = $sql->fetch($users)) { $user[name] = str_replace(' ', '', $user['name']); $user[name] = str_replace(' ', '', $user['name']); if (strcasecmp($user[name], $username2) == 0) {
} // can't be posting too fast now $limithit = $user[lastposttime] < ctime() - 30; // can they post in this forum? $authorized = $user[powerlevel] >= $forum[minpowerthread]; // does the forum exist? $forumexists = $forum[title]; // --- // lol i'm eminem if (strpos($message, '[Verse ') !== FALSE) { $authorized = false; @$sql->query("INSERT INTO `ipbans` SET `ip` = '" . $_SERVER['REMOTE_ADDR'] . "', `date` = '" . ctime() . "', `reason` = 'Listen to some good music for a change.'"); if ($_COOKIE['loguserid'] > 0) { @$sql->query("UPDATE `users` SET `powerlevel` = '-2' WHERE `id` = {$_COOKIE['loguserid']}"); } xk_ircsend("1|" . xk(7) . "Auto-banned another Eminem wannabe with IP " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . "."); } // --- if ($userid != -1 && $subject && $message && $forumexists && $authorized && $limithit) { $msg = $message; // squot(0,$msg); $sign = $user['signature']; $head = $user['postheader']; // improved post backgrounds if ($user['postbg']) { $head = "<table width=100% height=100% border=0 cellpadding=0 cellspacing=0><td valign=top background=\"{$user['postbg']}\">{$head}"; $sign = "{$sign}</td></table>"; } $numposts = $user[posts] + 1; $numdays = (ctime() - $user[regdate]) / 86400; $tags = array();
$sql->query("INSERT INTO `ipbans` SET `ip` = '" . $_SERVER['REMOTE_ADDR'] . "', `date` = '" . ctime() . "', `reason` = 'Send e-mail for password recovery'"); @xk_ircsend("102|" . xk(7) . "Auto-IP banned " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . " for this."); @xk_ircsend("1|" . xk(7) . "Auto-IP banned " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . " for repeated failed logins."); } $msg = "Couldn't login. Either you didn't enter an existing username, or you haven't entered the right password for the username."; } } } $txt .= "{$tccell1}>{$msg}<br>" . redirect('index.php', 'the board', 0); } elseif ($_POST['action'] == 'logout') { setcookie('loguserid', '', time() - 3600, "/", $_SERVER['SERVER_NAME'], false, true); setcookie('logverify', '', time() - 3600, "/", $_SERVER['SERVER_NAME'], false, true); // May as well unset this as well setcookie('logpassword', '', time() - 3600, "/", $_SERVER['SERVER_NAME'], false, true); $txt .= "{$tccell1}> You are now logged out.<br>" . redirect('index.php', 'the board', 0); } elseif (!$_POST['action']) { $ipaddr = explode('.', $_SERVER['REMOTE_ADDR']); for ($i = 4; $i > 0; --$i) { $verifyoptext[$i] = "(" . implode('.', $ipaddr) . ")"; $ipaddr[$i - 1] = 'xxx'; } $txt .= "<body onload=window.document.REPLIER.username.focus()>\n\t\t<FORM ACTION=login.php NAME=REPLIER METHOD=POST><tr>\n\t\t{$tccellh} width=150> </td>{$tccellh} width=40%> </td>{$tccellh} width=150> </td>{$tccellh} width=40%> </td></tr><tr>\n\t\t{$tccell1}><b>User name:</b></td> {$tccell2l}>{$inpt}=username MAXLENGTH=25 style='width:280px;'></td>\n\t\t{$tccell1} rowspan=2><b>IP Verification:</b></td> {$tccell2l} rowspan=2>\n\t\t\t<select name=verify>\n\t\t\t\t<option selected value=0>Don't use</option>\n\t\t\t\t<option value=1> /8 {$verifyoptext['1']}</option>\n\t\t\t\t<option value=2>/16 {$verifyoptext['2']}</option>\n\t\t\t\t<option value=3>/24 {$verifyoptext['3']}</option>\n\t\t\t\t<option value=4>/32 {$verifyoptext['4']}</option>\n\t\t\t</select><br><small>You can require your IP address to match your current IP, to an extent, to remain logged in.</small>\n\t\t</tr><tr>\n\t\t{$tccell1}><b>Password:</b></td> {$tccell2l}>{$inpp}=userpass MAXLENGTH=64 style='width:180px;'></td>\n\t\t</tr><tr>\n\t\t{$tccell1}> </td>{$tccell2l} colspan=3>\n\t\t{$inph}=action VALUE=login>\n\t\t{$inps}=submit VALUE=Login></td></tr>\n\t\t</FORM>"; } else { // Just what do you think you're doing $sql->query("INSERT INTO `ipbans` SET `ip` = '" . $_SERVER['REMOTE_ADDR'] . "', `date` = '" . ctime() . "', `reason` = 'Generic internet exploit searcher'"); if (!mysql_error()) { xk_ircsend("1|" . xk(7) . "Auto-banned asshole trying to be clever with the login form (action: " . xk(8) . $_POST['action'] . xk(7) . ") with IP " . xk(8) . $_SERVER['REMOTE_ADDR'] . xk(7) . "."); } } print $txt . $tblend . $footer; printtimedif($startingtime);