$look = $userdata['look']; $vip = $userdata['vip']; $rank = $userdata['rank']; } else { $working = $_POST['working']; $secretcode = $_POST['secretcode']; $vip_points = $_POST['vip_points']; $online = $_POST['online']; $look = $_POST['look']; if ($_POST['vip'] == "true") { $vip = "1"; } else { $vip = "0"; } } Transaction::query("UPDATE users SET real_name = '" . Security::textFilter($_POST['real_name']) . "', motto = '" . Security::textFilter($_POST['motto']) . "', look = '" . Security::textFilter($look) . "', gender = '" . Security::textFilter($_POST['gender']) . "', mail = '" . Security::textFilter($_POST['mail']) . "', credits = '" . Security::textFilter($_POST['credits']) . "', activity_points = '" . Security::textFilter($_POST['activity_points']) . "', birth = '" . Security::textFilter($_POST['birth']) . "', ip_last = '" . Security::textFilter($_POST['ip_last']) . "', ip_reg = '" . Security::textFilter($_POST['ip_reg']) . "', working = '" . $working . "', secretcode = '" . $secretcode . "', vip_points = '" . $vip_points . "', online = '" . $online . "', vip = '" . $vip . "' WHERE id = '" . $userdata['id'] . "'"); $msg = "<div class='rounded rounded-green'><center>" . $userdata['username'] . " (ID: " . $userdata['id'] . ") Alteraes salvas! <img src=\"./w/images/check.gif\"></center></div>"; $query = Transaction::query("SELECT * FROM users WHERE id = '" . $key . "' LIMIT 1"); $userdata = Transaction::fetch($query); } else { $msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar este usurio! <img src=\"./w/images/del.gif\"></center></div>"; } } else { $msg = "<div class='rounded rounded-red'><center>Cheque todos os campos! <img src=\"./w/images/del.gif\"></center></div>"; } } $check_bann = Transaction::query("SELECT * FROM bans WHERE value = '" . $userdata['username'] . "' AND bantype = 'user'"); @(include 'subheader.php'); if (isset($msg)) { ?> <p><strong><?php
die; } if ($user_rank > 5) { if ($hkzone !== true) { header("Location: index.php?throwBack=true"); exit; } if (!mobbo::session_is_registered(acp)) { header("Location: index.php?p=login"); exit; } $pagename = "Cdigo de Moedas"; $pageid = "vouchers"; if (isset($_POST['submit'])) { if (!empty($_POST['voucher']) && !empty($_POST['credits'])) { Transaction::query("INSERT INTO credit_vouchers (code,value) VALUES ('" . Security::textFilter($_POST['voucher']) . "','" . Security::textFilter($_POST['credits']) . "')"); $msg = "<div class='rounded rounded-green'><center>Cdigo criado corretamente! <img src=\"./w/images/check.gif\"></center></div>"; } else { $msg = "<div class='rounded rounded-red'><center>Preencha todos os campos!. <img src=\"./w/images/del.gif\"></center></div>"; } } function randomVoucher($code) { $characters = "1234567890abdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $key = $characters[rand(0, 71)]; for ($i = 1; $i < $code; $i++) { $key .= $characters[rand(0, 71)]; } return $key; } $get_vouchers = Transaction::query("SELECT * FROM credit_vouchers");
public static function show($actions = array()) { $action = htmlspecialchars($actions); switch ($action) { case "login": if (isset($_POST['username'])) { if (isset($_POST['password'])) { $email = Security::textFilter($_POST['username']); $password = md5(Security::textFilter($_POST['password'])); $find_user2 = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $email . "'"); $user_info2 = Transaction::fetch($find_user2); $find_user = Transaction::query("SELECT * FROM `users` WHERE `mail` = '" . $email . "'"); $user_info = Transaction::fetch($find_user); if ($user_info['password'] == $password or $user_info2['password'] == $password) { $queryban = Transaction::query("SELECT * FROM `bans` WHERE `value` = '" . $user_info['username'] . "' OR `value` = '" . $user_info2['username'] . "' LIMIT 1"); if (Transaction::num_rows($queryban) > 0) { $fetchban = Transaction::fetch($queryban); header("location: ../index.php?ban=" . $fetchban['value'] . "&reason=" . $fetchban['reason'] . "&time=" . $fetchban['expire'] . "&true=1"); exit; } if (!empty($user_info)) { $_SESSION['id'] = $user_info['id']; $_SESSION['userid'] = $user_info['id']; $rawhotel = md5($user_info['id'] + $user_info['username'] + $user_info['password'] + Security::getUserIP()); setcookie('rawsessionhotel', $rawhotel); } elseif (!empty($user_info2)) { $_SESSION['id'] = $user_info2['id']; $_SESSION['userid'] = $user_info2['id']; $rawhotel = md5($user_info2['id'] + $user_info2['username'] + $user_info2['password'] + Security::getUserIP()); setcookie('rawsessionhotel', $rawhotel); } header("location: me"); if ($_SESSION['login_try'] > 0) { $_SESSION['login_try'] = 0; } exit; } else { $_SESSION['login_try'] = $_SESSION['login_try'] + 1; header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1"); exit; } } else { $_SESSION['login_try'] = $_SESSION['login_try'] + 1; header("location: ../index.php?erroro=" . $_POST['username'] . "&type=1"); exit; } } else { $_SESSION['login_try'] = $_SESSION['login_try'] + 1; header("location: ../index.php?erroro=" . $_POST['username'] . "&type=2"); exit; } break; case "logout": session_destroy(); setcookie('rawsessionhotel', '0'); header("location: ../index.php"); break; case "404": $ok = <<<PAGE <html> <title>404</title> \t <meta charset="utf-8"> <link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css"> </head> <body style=""> <section id="oops" style="width: 100%;"> <div class="row"> <div class="large-9 medium-9 small-12 columns small-centered"> <h5>404: Página não Encontrada</h5> <h1 class="oversized">Esta página não existe...</h1> <p class="lead bottom40">Você pode tentar recarregar a página indo na <a href="./">homepage.</a></p> </div> </div> </section> <a class="exit-off-canvas"></a> </div> </div> </body></html> PAGE; echo $ok; break; case "405": $maintenance_text = mobbo::mobbo_settings('maintenance_text'); $ok = <<<PAGE <html> \t\t\t\t\t <meta charset="utf-8"> <title>405</title> <link type="text/css" rel="stylesheet" href="../web-gallery/css/marketing.css"> </head> <body style=""> <section id="oops" style="width: 100%;"> <div class="row"> <div class="large-9 medium-9 small-12 columns small-centered"> <h5>405: Estamos em Manutencao</h5> <h1 class="oversized">Opa! Manutencao.</h1> <p class="lead bottom40"><b>Motivo:</b> {$maintenance_text} <a href="/">Voltar a Home Page</a></p> </div> </div> </section> <a class="exit-off-canvas"></a> </div> </div> </body></html> PAGE; echo $ok; break; case 'referidos': echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">'; if (!isset($_SESSION['id'])) { $ip = $_SERVER['REMOTE_ADDR']; $usuario = htmlentities($_GET['referido']); $query1 = Transaction::query("SELECT ip_referida FROM users_referidos WHERE ip_referida = '" . $ip . "' LIMIT 1"); if (Transaction::num_rows($query1) > 0) { echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;"> IP Ja Registrado, voce nao Pode se Registrar por Este Referido. <a href="#" class="close">×</a> </div>'; } else { $_SESSION['referido'] = $ip; $_SESSION['referiduser'] = $usuario; header("Location: /registro"); } } break; case 'erroro': echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">'; $erroro = htmlentities(addslashes($_GET['erroro'])); if ($_GET['type'] == 1) { echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;"> ' . $erroro . ', Suas Credenciais de Logins sao Invalidas, e essa senha Mesmo? <a href="#" class="close">×</a> </div>'; } if ($_GET['type'] == 2) { echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;"> ' . $erroro . ', Este usuario nao Existe, tem Certeza? <a href="#" class="close">×</a> </div>'; } break; case 'ban': echo ' <link type="text/css" rel="stylesheet" href="./web-gallery/css/marketing.css">'; $user = htmlentities(addslashes($_GET['ban'])); $reason = htmlentities(addslashes($_GET['reason'])); $reason = htmlentities(addslashes($_GET['expire'])); echo '<div data-alert class="alert-box alert" style="position:fixed;width:100%;height:45px;z-index:9;"> ' . $user . ', Você foi Banido, Pelo Seguinte Motivo: ' . $reason . ', Entre em Contato com os Admins! <a href="#" class="close">×</a> </div>'; break; case 'registro': if (isset($_POST['username']) && isset($_POST['mail']) && isset($_POST['pass'])) { $usuario = Security::textFilter(htmlentities($_POST['username'])); $mail = Security::textFilter(htmlentities($_POST['mail'])); $pass = Security::textFilter(htmlentities(md5($_POST['pass']))); $firstn = Security::textFilter(htmlentities($_POST['firstname'])); $lastn = Security::textFilter(htmlentities($_POST['lastname'])); $query = Transaction::query("SELECT `id` FROM `users` WHERE `mail` = '" . $mail . "'"); if (Transaction::num_rows($query) == 0) { $query = Transaction::query("SELECT `id` FROM `users` WHERE `username` = '" . $usuario . "'"); if (Transaction::num_rows($query) == 0) { if (strlen($_POST['pass']) > 5) { if (preg_match('`[a-z]`', $_POST['pass'])) { if (preg_match('`[0-9]`', $_POST['pass'])) { if (count(explode(' ', $usuario)) > 1) { echo 'Sem Espaço Em Branco Pls'; } else { if (mb_strlen($usuario) <= 25) { Transaction::query("INSERT INTO `users` (`username`, `password`, `mail`) VALUES ('" . $usuario . "', '" . $pass . "', '" . $mail . "');"); $get_id = Transaction::query("SELECT id FROM `users` WHERE `username` = '" . $usuario . "';"); $get_id_result = Transaction::fetch($get_id); $_SESSION['id'] = $get_id_result['id']; $_SESSION['userid'] = $get_id_result['id']; $_SESSION['step'] = 0; if (isset($_SESSION['referido'])) { $ip = htmlentities($_SESSION['referido']); $userne = htmlentities($_SESSION['referiduser']); Transaction::query("INSERT INTO users_referidos (usuario, ip_referida) VALUES ('" . $userne . "', '" . $ip . "');"); $_SESSION['referido'] = NULL; } echo 'OKAY'; } else { echo 'Menos Caracteres Pls'; } } } else { echo 'Esta senha a muito curta e/ou invalida'; } } else { echo 'Esta senha a muito curta e/ou invalida'; } } else { echo 'Esta senha a muito curta e/ou invalida'; } } else { echo 'Esse Usuario ja Existe'; } } else { echo 'Este e-mail esta em uso'; } } else { echo 'Erro...'; } break; case 'editarhome': if (isset($_POST['texto'])) { $username = htmlentities($_POST['username']); $texto = htmlentities(addslashes($_POST['texto'])); $fundo = htmlentities(addslashes($_POST['fundo'])); $cores = htmlentities($_POST['cor']); $video = htmlentities($_POST['video']); if (!empty($texto)) { Transaction::query("UPDATE users_homes SET texto = '" . $texto . "' WHERE username = '******'"); } if (!empty($video)) { Transaction::query("UPDATE users_homes SET video = '" . $video . "' WHERE username = '******'"); } if (!empty($cores)) { Transaction::query("UPDATE users_homes SET cores = '" . $cores . "' WHERE username = '******'"); } if (!empty($fundo)) { Transaction::query("UPDATE users_homes SET fundo = '" . $fundo . "' WHERE username = '******'"); } } break; case 'editarfundo': $fundo = htmlentities($_POST['fundo']); $words = array('http://', 'www.'); if (strpos($fundo, $words[0]) !== false or strpos($fundo, $words[1]) !== false) { $fundo = 'url(' . $fundo . ')'; } $username = htmlentities($_POST['username']); $user = mobbo::users_info('username'); if ($username == $user) { Transaction::query("UPDATE users SET fundom = '" . $fundo . "' WHERE username = '******'"); } break; case 'colocarmanutencao': if (mobbo::users_info("rank") >= 6) { if (mobbo::mobbo_settings("maintenance") == 0) { Transaction::query("UPDATE mobbo_settings SET value = '1' WHERE variable = 'maintenance'"); } elseif (mobbo::mobbo_settings("maintenance") == 1) { Transaction::query("UPDATE mobbo_settings SET value = '0' WHERE variable = 'maintenance'"); } header("Location: /me"); } else { header("Location: /me"); } break; case 'compraritem': $fetch = 0; $cat = 0; $query = 0; if (isset($_POST['cat'])) { $cat = htmlentities(addslashes($_POST['cat'])); $query = Transaction::query("SELECT * FROM mobbo_marktplatzvip WHERE id = '" . $cat . "' LIMIT 1"); $fetch = Transaction::fetch($query); $dolares = $fetch['dolares']; if (mobbo::users_info('dolares') >= $dolares) { $queryCheck = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . mobbo::users_info('id') . "' AND badge_id = '" . $cat . "' LIMIT 1"); if (Transaction::num_rows($queryCheck) < 1) { Transaction::query("UPDATE users SET dolares = dolares-'" . $fetch['dolares'] . "' WHERE id = '" . mobbo::users_info('id') . "' LIMIT 1"); Transaction::query("INSERT INTO user_badges (user_id, badge_id) VALUES ('" . mobbo::users_info('id') . "','" . $cat . "')"); $dolares = mobbo::users_info('dolares'); echo "Item Comprado com Sucesso, Seu Balanço de Dolares agora é de {$dolares}"; } else { echo "Você já Possui este Emblema"; } } else { echo "Você Não Possui Dolares Suficientes"; } } else { echo "Você é um Hacker ?"; } break; case 'wallupdate': if (isset($_POST['update'])) { //insert into wall table $message = Security::textFilter($_POST['update']); if ($message != "") { $image = ''; $time = time(); $video = ''; $userid = mobbo::users_info('id'); $query = Transaction::query("INSERT INTO `posts` (`desc`, `image_url`, `vid_url`,`date`,`userid`) VALUES ('{$message}', '{$image}', '{$video}','{$time}', '{$userid}')"); $ins_id = mysql_insert_id(); echo 'sucess'; } } break; default: die('This Action Does Not Exists'); break; } }
$pageid = "cloner"; if (isset($_POST['query']) && $_POST['type']) { if ($_POST['query']) { if ($_POST['type'] == "name") { $get_users_a = Transaction::query("SELECT * FROM users WHERE username = '******'query']) . "' ORDER BY username"); $check_a = Transaction::num_rows($get_users_a); if ($check_a > 0) { $userdata_a = Transaction::fetch($get_users_a); $get_users = Transaction::query("SELECT * FROM users WHERE ip_last = '" . $userdata_a['ip_last'] . "' or ip_reg = '" . $userdata_a['ip_reg'] . "' ORDER BY username"); $check = Transaction::num_rows($get_users); $msg = "<div class='rounded rounded-green'><center><b>Foram encontrados os seguintes usurios com esse mesmo IP:</b> <img src=\"./w/images/check.gif\"></center></div>"; } else { $msg = "<div class='rounded rounded-red'><center><b>No foi possvel encontrar este usurio</b> <img src=\"./w/images/del.gif\"></center></div>"; } } else { $get_users = Transaction::query("SELECT * FROM users WHERE ip_last = '" . Security::textFilter($_POST['query']) . "' ORDER BY username"); $check = Transaction::num_rows($get_users); if ($check > 0) { $msg = "<div class='rounded rounded-green'><center><b>Foram encontrados os seguintes usurios com esse IP:</b> <img src=\"./w/images/check.gif\"></center></div>"; } else { $msg = "<div class='rounded rounded-red'><center><b>IP no encontrado!</b> <img src=\"./w/images/del.gif\"></center></div>"; } } } else { $msg = "<div class='rounded rounded-red'><center><b>Coloque o IP ou Nome do usurio!</b> <img src=\"./w/images/del.gif\"></center></div>"; } } @(include 'subheader.php'); if (isset($msg)) { ?> <p><strong><?php
if (!in_array($_SERVER['DOCUMENT_ROOT'] . '\\CORE.php', $included_files)) { die; } if ($user_rank > 5) { if ($hkzone !== true) { header("Location: index.php?throwBack=true"); exit; } if (!mobbo::session_is_registered(acp)) { header("Location: index.php?p=login"); exit; } $pagename = "Lista de usurios banidos"; $pageid = "banlogs"; $page = Security::textFilter($_GET['page']); $do = Security::textFilter($_GET['do']); $posts = Transaction::evaluate("SELECT COUNT(*) FROM bans"); $pages = ceil(($posts + 0) / 50); if ($page > $pages || $page < 1) { $page = 1; } @(include 'subheader.php'); ?> <div class='tableborder'> <div class='tableheaderalt'><center>Nmero de pessoas banidas: <?php echo Transaction::evaluate("SELECT COUNT(*) FROM bans"); ?> | <?php echo Transaction::evaluate("SELECT COUNT(*) FROM bans WHERE bantype = 'user'"); ?> Usurios banidos por ID | <?php
if (Transaction::num_rows($check_name) > 0) { $userdata = Transaction::fetch($check_name); $check_badge = Transaction::query("SELECT * FROM user_badges WHERE user_id = '" . $userdata['id'] . "' AND badge_id = '" . Security::textFilter($_POST['badge']) . "' LIMIT 1"); if ($_POST['action'] == "give") { if (Transaction::num_rows($check_badge) < 1) { Transaction::query("INSERT INTO user_badges (user_id,badge_id,badge_slot) VALUES ('" . $userdata['id'] . "','" . Security::textFilter($_POST['badge']) . "','0')"); $msg = "<div class='rounded rounded-green'><center>Voc acabou de dar <b>" . Security::textFilter($_POST['name']) . "</b> o emblema " . Security::textFilter($_POST['badge']) . " com sucesso. <img src=\"./w/images/check.gif\"></center></div>"; } else { $msg = "<div class='rounded rounded-red'><center>" . $_POST['name'] . " J tm o Emblema " . $_POST['badge'] . ". <img src=\"./w/images/del.gif\"></center></div>"; } } else { if (Transaction::num_rows($check_badge) > 0) { Transaction::query("DELETE FROM user_badges WHERE user_id = '" . $userdata['id'] . "' AND badge_id = '" . Security::textFilter($_POST['badge']) . "'"); $msg = "<div class='rounded rounded-green'><center>Voc removeu o Emblema " . Security::textFilter($_POST['badge']) . " . <img src=\"./w/images/check.gif\"></center></div>"; } else { $msg = "<div class='rounded rounded-red'><center>" . Security::textFilter($_POST['name']) . " no tem o emblema " . Security::textFilter($_POST['badge']) . " <img src=\"./w/images/del.gif\"></center></div>"; } } } else { $msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar o usurio! <img src=\"./w/images/del.gif\"></center></div>"; } } @(include 'subheader.php'); if (isset($msg)) { ?> <p><strong><?php echo $msg; ?> </p></strong><?php } ?>
if ($hkzone !== true) { header("Location: index/?throwBack=true"); exit; } if (!mobbo::session_is_registered(acp)) { header("Location: p/login"); exit; } $pagename = "Alertas"; $pageid = "alert"; if (isset($_POST['alert'])) { $check = Transaction::query("SELECT * FROM users WHERE username = '******'name']) . "' LIMIT 1"); if (Transaction::num_rows($check) > 0) { $userdata = Transaction::fetch($check); Transaction::query("INSERT INTO mobbo_alerts (userid,alert) VALUES ('" . $userdata['id'] . "','" . Security::textFilter($_POST['alert']) . "')"); $msg = "<div class='rounded rounded-green'><center>Alerta enviada a " . Security::textFilter($_POST['name']) . " (ID: " . $userdata['id'] . ") <img src=\"./w/images/check.gif\"></center></div>"; } else { $msg = "<div class='rounded rounded-red'><center>Oops! este usurio no foi encontrado. <img src=\"./w/images/del.gif\"></center></div>"; } } @(include 'subheader.php'); if (isset($msg)) { ?> <p><strong><?php echo $msg; ?> </strong></p><?php } ?> <form action='<?php
<td class='tablesubheader' width='5%'>Por</td> <td class='tablesubheader' width='5%'>Informao</td> <td class='tablesubheader' width='5%'>Equipe</td> <td class='tablesubheader' width='20%'>Mensagem</td> <td class='tablesubheader' width='10%'>Sala</td> <td class='tablesubheader' width='11%'>Data</td> <td class='tablesubheader' width='1%'>Total</td> </tr> <?php $query_min = $page * 50 - 50; if ($query_min < 0) { $query_min = 0; } if ($do == "cautions" && $_GET['name']) { $get_id = Transaction::query("SELECT id FROM users WHERE username = '******'name']) . "'"); if (Transaction::num_rows($get_id) > 0) { $get = Transaction::fetch($get_id); $get_tickets = Transaction::query("SELECT * FROM moderation_tickets WHERE reported_id = '" . $get['id'] . "' ORDER BY id DESC LIMIT " . $query_min . ", 50"); } } else { $get_tickets = Transaction::query("SELECT * FROM moderation_tickets ORDER BY id DESC LIMIT " . $query_min . ", 50"); } while ($row = Transaction::fetch($get_tickets)) { $get_sender_id = Transaction::fetch($get_reporter_id = Transaction::query("SELECT username FROM users WHERE id = '" . $row['sender_id'] . "'")); $get_reported_id = Transaction::fetch($get_reported_id = Transaction::query("SELECT username FROM users WHERE id = '" . $row['reported_id'] . "'")); $get_moderator_id = Transaction::fetch($get_reporter_id = Transaction::query("SELECT username FROM users WHERE id = '" . $row['moderator_id'] . "'")); $sender_id = $get_sender_id['username']; if ($row['reported_id'] == "0") { $reported_id = "-/-"; } else {
} $pagename = "Desbanir"; $pageid = "unban"; if (isset($_POST['query'])) { if ($_POST['type'] == 'ip') { $check_ip = Transaction::query("SELECT * FROM bans WHERE value = '" . Security::textFilter($_POST['query']) . "' AND bantype = 'ip'"); if (Transaction::num_rows($check_ip) > 0) { Transaction::query("DELETE FROM bans WHERE value = '" . Security::textFilter($_POST['query']) . "' AND bantype = 'ip'"); $msg = "<div class='rounded rounded-green'><center> (" . Transaction::num_rows($check_ip) . ") Desbaneado correctamente. <img src=\"./w/images/check.gif\"></center></div>"; } else { $msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar o banimento <img src=\"./w/images/del.gif\"></center></div>"; } } else { $check_user = Transaction::query("SELECT * FROM bans WHERE value = '" . Security::textFilter($_POST['query']) . "' AND bantype = 'user'"); if (Transaction::num_rows($check_user) > 0) { Transaction::query("DELETE FROM bans WHERE value = '" . Security::textFilter($_POST['query']) . "' AND bantype = 'user'"); $msg = "<div class='rounded rounded-green'><center>Usurio desbanido corretamente! <img src=\"./w/images/check.gif\"></center></div>"; } else { $msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar o banimento <img src=\"./w/images/del.gif\"></center></div>"; } } } @(include 'subheader.php'); if (isset($msg)) { ?> <p><strong><?php echo $msg; ?> </strong></p><?php } ?>
$get_cc = Transaction::query("SELECT * FROM users WHERE username = '******'value'] . "'"); $userdata = Transaction::fetch($get_cc); if (Transaction::num_rows($check_exists) > 0) { Transaction::query("UPDATE bans SET expire = expire + '" . Security::textFilter($_POST['length']) . "' WHERE value = '" . Security::textFilter($_POST['value']) . "' AND bantype = '" . Security::textFilter($_POST['type']) . "'"); $msg = "<div class='rounded rounded-green'><center>El ban (" . Security::textFilter($_POST['type']) . " - " . Security::textFilter($_POST['value']) . ") ha sido actualizado. <img src=\"./w/images/check.gif\"></center></div>"; } else { if (Transaction::num_rows($get_cc) > 0 && $_POST['type'] == "user") { Transaction::query("INSERT INTO bans (bantype,value,reason,expire,added_by,added_date) VALUES ('" . Security::textFilter($_POST['type']) . "','" . Security::textFilter($_POST['value']) . "','" . Security::textFilter($_POST['reason']) . "','" . time() . "' + '" . Security::textFilter($_POST['length']) . "','" . $name . "','" . time() . "')"); Transaction::query("UPDATE users SET auth_ticket = '' WHERE username = '******'value']) . "' LIMIT 1"); $msg = "<div class='rounded rounded-green'><center>" . $_POST['value'] . " foi banido <img src=\"./w/images/check.gif\"></center></div>"; } elseif (Transaction::num_rows($get_cc) < 1 && $_POST['type'] == "user") { $msg = "<div class='rounded rounded-red'><center>No foi possvel encontrar o usurio <img src=\"./w/images/del.gif\"></center></div>"; } elseif ($_POST['type'] == "ip") { Transaction::query("INSERT INTO bans (bantype,value,reason,expire,added_by,added_date) VALUES ('" . Security::textFilter($_POST['type']) . "','" . Security::textFilter($_POST['value']) . "','" . Security::textFilter($_POST['reason']) . "','" . time() . "' + '" . Security::textFilter($_POST['length']) . "','" . $name . "','" . time() . "')"); Transaction::query("UPDATE users SET auth_ticket = '' WHERE username = '******'value']) . "' LIMIT 1"); $msg = "<div class='rounded rounded-green'><center>O IP " . Security::textFilter($_POST['value']) . " foi banido! <img src=\"./w/images/check.gif\"></center></div>"; } } } @(include 'subheader.php'); if (isset($msg)) { ?> <p><strong><?php echo $msg; ?> </strong></p><?php } ?> <form action='<?php echo $adminpath;
$msg = "<div class='rounded rounded-red'><center>>Erro: no se pde eliminar a notcia <img src=\"./w/images/del.gif\"></center></div>"; } } elseif ($do == "save" && is_numeric($key) && isset($_POST['image_url'])) { $check = Transaction::query("SELECT id FROM mobbo_hotcampaigns WHERE id = '" . $key . "' LIMIT 1"); if (Transaction::num_rows($check) > 0) { $campaigndata = Transaction::fetch($check); Transaction::query("UPDATE mobbo_hotcampaigns SET image_url = '" . Security::textFilter($_POST['image_url']) . "', caption = '" . Security::textFilter($_POST['caption']) . "', botao = '" . Security::textFilter($_POST['botao']) . "', descr = '" . Security::textFilter($_POST['descr']) . "', url = '" . Security::textFilter($_POST['url']) . "' WHERE id = '" . $key . "' LIMIT 1"); $msg = "<div class='rounded rounded-green'><center>Campanha publicada! <img src=\"./w/images/check.gif\"></center></div>"; $editor_mode = false; } else { $msg = "<div class='rounded rounded-red'><center>Esta campanha no existe <img src=\"./w/images/check.gif\"></center></div>"; } } elseif ($do == "add") { $editor_mode = true; if ($_POST['submit']) { Transaction::query("INSERT INTO mobbo_hotcampaigns (image_url,caption,descr,url,botao) VALUES ('" . Security::textFilter($_POST['image_url']) . "','" . Security::textFilter($_POST['caption']) . "','" . Security::textFilter($_POST['descr']) . "','" . Security::textFilter($_POST['url']) . "','" . Security::textFilter($_POST['botao']) . "')"); $msg = "<div class='rounded rounded-green'><center>Campanha publicada corretamente</center></div>"; $editor_mode = false; } } @(include 'subheader.php'); if (isset($msg)) { ?> <p><strong><?php echo $msg; ?> </strong></p><?php } ?> <?php
<form action='<?php echo $adminpath; ?> /p/ranktool' method='post' name='theAdminForm' id='theAdminForm'> <input type="hidden" value="<?php echo md5(session_id()); ?> " name="csrf"> <div class='tableborder'> <div class='tableheaderalt'><center>Editar Cargos</center></div> <table width='100%' cellspacing='0' cellpadding='5' align='center' border='0'> <tr> <td class='tablerow1' width='40%' valign='middle'><strong>Nome do usurio</strong><div class='graytext'>Nome do usurio que deseja dar cargo</div></td> <td class='tablerow2' width='60%' valign='middle'><input type='text' name='name' value="<?php echo Security::textFilter($_POST['name']); ?> " size='30' class='textinput'></td> </tr> <tr> <td class='tablerow1' width='40%' valign='middle'><strong>Cargo</strong><div class='graytext'>Cargo a dar ao usurio</div></td> <td class='tablerow2' width='60%' valign='middle'><select name='rank' class='dropdown' size='1'><?php while ($rank = Transaction::fetch($get_rank)) { ?> <option value='<?php echo $rank['id']; ?> '><?php echo $rank['name']; ?>
echo $users['username']; ?> </td> <td class='tablerow2'><?php echo $rooms['caption']; ?> (ID: <?php echo $rowlogs['room_id']; ?> )</td> <td class='tablerow2''><?php echo date('d.m.Y - H:i:s', $rowlogs['timestamp']); ?> Uhr</td> <td class='tablerow2'><?php echo Security::textFilter($rowlogs['message']); ?> </td> </tr> <?php } } ?> </table> </div> </div> <!-- / RIGHT CONTENT BLOCK --> </td>
if ($myrow['id'] == $fetch['id']) { $owner = 'yesiamtheowner'; } else { $owner = 'imnot'; } } else { $owner = 'yesiamtheowner'; } $user_rank = mobbo::users_info('rank'); if ($user_rank > 3 && $logged_in or !$logged_in) { $hkzone = true; $p = Security::textFilter($_GET['p']); $do = Security::textFilter($_GET['do']); $page = Security::textFilter($_GET['page']); $key = Security::textFilter($_GET['key']); $search = Security::textFilter($_POST['search']); if (mobbo::session_is_registered('acp')) { $session = $_SESSION['acp']; $admin_username = $_SESSION['hkusername']; $admin_password = $_SESSION['hkpassword']; $check = Transaction::query("SELECT * FROM `users` WHERE `username` = '" . $myrow['username'] . "' AND `rank` > 5 LIMIT 1"); $valid = Transaction::num_rows($check); if ($valid > 0) { $tmp = Transaction::fetch($check); if ($p == "logout") { session_destroy(); $notify_logout = true; include 'login.php'; } elseif ($p == "home") { $tab = 1; require_once 'home.php';
if (Transaction::num_rows($check) > 0) { if ($_POST['comments'] == true) { $checked = '1'; } else { $checked = '0'; } Transaction::query("UPDATE mobbo_recommended SET type = '" . Security::textFilter($_POST['type']) . "', id_rec = '" . Security::textFilter($_POST['id_rec']) . "' WHERE id = '" . $key . "' LIMIT 1"); $msg = "<div class='rounded rounded-green'><center>As preferncias foram salvos<img src=\"./w/images/check.gif\"></center></div>"; $editor_mode = false; } else { $msg = "<div class='rounded rounded-red'><center>Isto no existe<img src=\"./w/images/check.gif\"></center></div>"; } } elseif ($do == "add") { $editor_mode = true; if ($_POST['submit']) { Transaction::query("INSERT INTO mobbo_recommended (id_rec,type) VALUES ('" . Security::textFilter($_POST['id_rec']) . "','" . Security::textFilter($_POST['type']) . "')"); $msg = "<div class='rounded rounded-green'><center>A atualizao foi feita</center></div>"; $editor_mode = false; } } @(include 'subheader.php'); if (isset($msg)) { ?> <p><strong><?php echo $msg; ?> </strong></p><?php } ?> <?php
die; } if ($user_rank > 5) { if ($hkzone !== true) { header("Location: index.php?throwBack=true"); exit; } if (!mobbo::session_is_registered(acp)) { header("Location: index.php?p=login"); exit; } $pagename = "Notcias"; $pageid = "news"; $key = htmlentities($_GET['key']); $do = htmlentities($_GET['do']); $page = Security::textFilter($_GET['page']); $posts = Transaction::evaluate("SELECT COUNT(*) FROM mobbo_news"); $pages = ceil(($posts + 0) / 50); if ($page > $pages || $page < 1) { $page = 1; } if ($_POST['site']) { header("location: " . $adminpath . "/p/news&page=" . $_POST['page'] . ""); } if ($_POST['site2']) { header("location: " . $adminpath . "/p/news&page=" . $_POST['page2'] . ""); } if ($do == "delete" && is_numeric($key)) { $check = Transaction::query("SELECT id FROM mobbo_news WHERE id = '" . $key . "' LIMIT 1"); if (Transaction::num_rows($check) > 0) { Transaction::query("DELETE FROM mobbo_news WHERE id = '" . $key . "' LIMIT 1");
<?php if ($hkzone !== true) { header("Location: index.php?throwBack=true"); exit; } if (empty($pagename)) { $pnme = "Painel de Controle"; } else { $pnme = "Painel de Controle - " . $pagename . " "; } $search = Security::textFilter($_POST['search']); $searchheader = Security::textFilter($_POST['searchheader']); $username = mobbo::users_info('username'); if (isset($_POST['searchname'])) { if ($check = Transaction::num_rows($sql = Transaction::query("SELECT * FROM users WHERE username = '******'searchname']) . "' LIMIT 1")) > 0) { $rowid = Transaction::fetch($sql); header("location: " . $adminpath . "/p/users_edit&key=" . $rowid['id'] . ""); } else { echo "<script>alert(\"Der Username " . $_POST['searchname'] . " konnte nicht gefunden werden!\")</script>"; } } ?> <html class=" js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths js flexbox flexboxlegacy canvas canvastext webgl no-touch geolocation postmessage websqldatabase indexeddb hashchange history draganddrop websockets rgba hsla multiplebgs backgroundsize borderimage borderradius boxshadow textshadow opacity cssanimations csscolumns cssgradients cssreflections csstransforms no-csstransforms3d csstransitions fontface generatedcontent video audio localstorage sessionstorage webworkers applicationcache svg inlinesvg smil svgclippaths" lang="en" data-useragent="Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36" style=""><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <head> <base href="<?php echo $adminpath; ?> "> <meta http-equiv="content-t ype" content="text/html; charset=iso-8859-1" />