Hallo
ich hab das problem gefunden woran es liegt.
aber weiß nicht wie man das behebt
das mit dem news
Hilfe
Bild:
es lag an server-data.php_data_classes-core.php.php hab von einer anderen genommen dann gings möchte meine behalten.
kann mir das einer beheben?
danke
data_classes_core:
PHP
<?phperror_reporting(0);
define("IN_HOLOCMS", TRUE);session_start();define("PATH", $path);
$heuristic = true;if($heuristic == true){ foreach($_REQUEST as $var => $val){ if(strpos($val,"'")!==false) { gtfo($var); } if(strpos($val,""")!==false) { gtfo($var); } if(strpos($val,"=")!==false) { gtfo($var); } if(strpos($val,"chr(")!==false) { gtfo($var); } }}
function gtfo($var){if($var == "debug" || $var == "longstory" || $var == "error_desc" || $var == "html" || $var == "konst_text" || $var == "system" || $var == "konst_type" || $var == "shortstory" || $var == "geschichte" || $var == "words" || $var == "sprach_text" || $var == "sprach_type" || $var == "comment"){ }else{ die("Leider nicht moeglich @ " . htmlspecialchars($var)); }
}
/**********************************************************************////////////////////////////// MYSQL SCRIPT /////////////////////////////*/**********************************************************************/
@require_once('server-data.php_data_classes-config.php.php');mysql_connect("$MySQLhostname", "$MySQLusername", "$MySQLpassword") or die(mysql_error());mysql_select_db("$MySQLdb") or die(mysql_error());
$cms_url = "http://Yebbo.re";$defaultpath = "Yebbo.re";$clientip="Yebbo.re";$clientip_encoded=base64_encode($clientip);$remote_ip = $_SERVER['REMOTE_ADDR'];$remote_ip_encoded = base64_encode($_SERVER['REMOTE_ADDR']);$siteurl= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];$cimagesurl = "http://".$defaultpath."/c_images";$badgesurl = "/album1584/";$config["hImaging"] = 'http://habbo.de/habbo-imaging/avatarimage';$config["defaultAvatar"] = 'ch-3111-63-62.hd-3103-1.hr-3163-39.lg-285-77.sh-305-78';$sitename = "Yebbo";$shortname = "Yebbo";$facebook="Yebbo";$botpath = $cms_url."/hhnewloader/bots";$adminpath = "".$path."/manage/hotel/de/housekeeping";$path = "".$cms_url."";$newadminpath = "".$path."/hk";$botpreis_treuepunkte= "1000";$botpreis_taler= "2000";
/**********************************************************************////////////////////////////// MUS SCRIPT /////////////////////////////*/**********************************************************************/
define('SEP', DIRECTORY_SEPARATOR);$dir = str_replace('register'.SEP, '', dirname(__FILE__).SEP);define('DIR', $dir);define('INCLUDES', DIR.''.SEP);
$core = new Core();class Core { public function MUS($command, $data = ''){ $MUSdata = $command . chr(1) . $data; $socket = @socket_create(AF_INET, SOCK_STREAM, getprotobyname('tcp')); @socket_connect($socket, '85.114.142.182', '30001'); @socket_send($socket, $MUSdata, strlen($MUSdata), MSG_DONTROUTE); }}
function FetchSITESetting($strSetting){
$tmp = mysql_query("SELECT ".$strSetting." FROM cms_settings LIMIT 1") or die(mysql_error()); $tmp = mysql_fetch_assoc($tmp); return $tmp[$strSetting];
}
// #########################################################################// SMILIES FOR GRUPPEN/FORUM// #########################################################################
function bbcode_format($str){
$str = str_replace(":)", " <img src='./web-gallery/smilies/smile.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(";)", " <img src='./web-gallery/smilies/wink.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(":P", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(";P", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(":p", " <img src='./web-gallery/smilies/tongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(";p", " <img src='./web-gallery/smilies/winktongue.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace("(L)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace("(l)", " <img src='./web-gallery/smilies/heart.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(":o", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str); $str = str_replace(":O", " <img src='./web-gallery/smilies/shocked.gif' alt='Smiley' title='Smiley' border='0'> ", $str);
$simple_search = array( '/\[b\](.*?)\[\/b\]/is', '/\[i\](.*?)\[\/i\]/is', '/\[u\](.*?)\[\/u\]/is', '/\[s\](.*?)\[\/s\]/is', '/\[quote\](.*?)\[\/quote\]/is', '/\[link\=(.*?)\](.*?)\[\/link\]/is', '/\[url\=(.*?)\](.*?)\[\/url\]/is', '/\[color\=(.*?)\](.*?)\[\/color\]/is', '/\[size=small\](.*?)\[\/size\]/is', '/\[size=large\](.*?)\[\/size\]/is', '/\[code\](.*?)\[\/code\]/is', '/\[habbo\=(.*?)\](.*?)\[\/habbo\]/is', '/\[room\=(.*?)\](.*?)\[\/room\]/is', '/\[group\=(.*?)\](.*?)\[\/group\]/is' );
$simple_replace = array( '<strong>$1</strong>', '<em>$1</em>', '<u>$1</u>', '<s>$1</s>', "<div class='bbcode-quote'>$1</div>", "<a href='$1'>$2</a>", "<a href='$1'>$2</a>", "<font color='$1'>$2</font>", "<font size='1'>$1</font>", "<font size='3'>$1</font>", '<pre>$1</pre>', "<a href='./user_profile.php?id=$1'>$2</a>", "<a onclick="roomForward(this, '$1', 'private'); return false;" target="client" href="./client.php?forwardId=2&roomId=$1">$2</a>", "<a href='./groups/$1'>$2</a>" );
$str = preg_replace ($simple_search, $simple_replace, $str);
return $str;}
/**********************************************************************////////////////////////////// Config SCRIPT /////////////////////////////*/**********************************************************************/
if(@ini_get('date.timezone') == null && function_exists("date_default_timezone_get")){ @date_default_timezone_set("Europe/Berlin"); }
$H = date('H');$i = date('i');$s = date('s');$m = date('m');$d = date('d');$Y = date('Y');$j = date('j');$n = date('n');$today = $d;$month = $m;$year = $Y;$getmoney_date = date('d.m.Y',mktime($m,$d,$Y));$birthday_date = date('d.m', mktime($m,$d));$date_normal = date('d.m.Y',mktime($m,$d,$Y));$date_full = date('d.m.Y H:i:s',mktime($H,$i,$s,$m,$d,$Y));
$hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/";
$cms_settings = mysql_query("SELECT * FROM cms_settings LIMIT 1");$config = mysql_fetch_assoc($cms_settings);$maintenance = mysql_num_rows($maintenance = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_maintenance' AND value = '1'"));$server = mysql_fetch_assoc($server_status = mysql_query("SELECT * FROM server_status"));$online_count = $server['users_online'];
$countusr = 1000;
if($online_count >= $countusr) { echo '<center><img src="../web-gallery/v2/images/ihaggo.png"</center> ';echo "<center><h3>Die Seite ist zurzeit überlastet bitte warte bis Resourcen frei sind <br>Zurzeit sind: $online_count Users Online! </h3></center>"; echo "<h3><center>Du kannst wieder rein wenn User das Hotel verlassen hat, bitte besuche uns doch später wieder!<h3></center>"; exit;}
/**********************************************************************////////////////////////////// BAN SCRIPT /////////////////////////////*/**********************************************************************/
$banx= mysql_query("SELECT * FROM bans where value='".$remote_ip."' and bantype='ip' Limit 1");$bancheckx = mysql_fetch_object($banx);
if(mysql_num_rows($banx) > 0){if($_SERVER["REQUEST_URI"] != "/banned"){header("location: $path/banned");exit;}}
/**********************************************************************////////////////////////////// Funktionen /////////////////////////////*/**********************************************************************/
function geturl(){$pageURL = $_SERVER['HTTPS'] == 'on' ? 'https://' : 'http://';$pageURL .= $_SERVER['SERVER_PORT'] != '80' ? $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"] : $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];return urlencode($pageURL).'×tamp='.time();}
function directsecurity($str){if(($_SERVER["REQUEST_URI"] == $str) OR (preg_match("/\?/", $_SERVER['REQUEST_URI']))){header("location: $path/error"); exit;}}
/**********************************************************************////////////////////////////// Login SCRIPT /////////////////////////////*/**********************************************************************/
function HoloHash($password){ $hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/"; $string = sha1($password.($hash_secret)); return $string;}
function HoloHashMD5($password){ $hash_secret = "xCg532%@%gdvf^5DGaa6&*rFTfg^FD4\$OIFThrR_gh(ugf*/"; $string = md5($password.($hash_secret)); return $string;}
/**********************************************************************////////////////////// Eingeloggt bleiben SCRIPT ///////////////////////*/**********************************************************************/
if(!session_is_registered('username') && $_COOKIE['remember'] == "remember"){
$cname = FilterText($_COOKIE['rusername']); $cpass_hash = $_COOKIE['rpassword'];
$csql = mysql_query("SELECT password,id FROM users WHERE username = '".$cname."' LIMIT 1") or die(mysql_error()); $cnum = mysql_num_rows($csql);
if($cnum < 1){ setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); } else {
$crow = mysql_fetch_assoc($csql); $correct_pass = $crow['password'];
if($cpass_hash == $correct_pass){ $_SESSION['username'] = $cname; $_SESSION['password'] = $crow['password']; $sql3 = mysql_query("UPDATE users SET ip_last = '".$remote_ip."' WHERE username = '".$cname."'"); header("location: me"); exit; } else {
setcookie("remember", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); setcookie("rusername", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); setcookie("rpassword", "", time()-60*60*24*100, "/"); setcookie("cookpass", "", time()-60*60*24*100, "/"); } }}
/**********************************************************************////////////////////////////// Is Even SCRIPT /////////////////////////////*/**********************************************************************/
function IsEven($intNumber){ if($intNumber % 2 == 0){ return true; } else { return false; }}
/**********************************************************************////////////////////////// Login Ticket SCRIPT //////////////////////////*/**********************************************************************/
function GenerateTicket(){
$data = "Yebbo-";
for ($i=1; $i<=6; $i++){ $data = $data . rand(0,9); }
$data = $data . "-";
for ($i=1; $i<=20; $i++){ $data = $data . rand(0,9); }
$data = $data . "-Crookie-CMS-v3"; $data = $data . rand(0,5);
return $data;}
// #########################################################################
if(session_is_registered('username')){
$rawname = $_SESSION['username']; $rawpass = $_SESSION['password'];
$usersql = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($rawname)."' AND password = '".mysql_real_escape_string($rawpass)."' LIMIT 1"); $myrow = mysql_fetch_assoc($usersql); $sql = mysql_query("SELECT * FROM users WHERE username = '".mysql_real_escape_string($rawname)."' AND password = '".mysql_real_escape_string($rawpass)."' LIMIT 1"); $user = mysql_fetch_object($sql);
/**********************************************************************/////////////////// LANGUAGE SCRIPT BY CROOKIE //////////////////////////*/**********************************************************************/
if($user->language == "de"){function lang($str){$query = mysql_query("SELECT * FROM cms_languages WHERE name='".$str."' and language = 'de'");$lang=mysql_fetch_object($query);if(mysql_num_rows($query) < 1){return "-";}else{return htmlspecialchars_decode($lang->value);}}}elseif($user->language == "en"){function lang($str){$query = mysql_query("SELECT * FROM cms_languages WHERE name='".$str."' and language = 'en'");$lang=mysql_fetch_object($query);if(mysql_num_rows($query) < 1){return "-";}else{return $lang->value;}}}
$userpath=FilterText($_SESSION['userpath']);
$my_id = $myrow['id'];$myvip = $myrow['vip_points'];
$furnisql = mysql_query("SELECT * FROM `catalog_items` WHERE `page_id` = '91'"); $furow = mysql_num_rows($furnisql);
$add_furni = $furow['item_ids'];
if(empty($user->last_online)){mysql_query("UPDATE users SET last_online = '".time()."' WHERE username = '".$user->username."'") or die(mysql_error());}
if($user->rank >= 4){$_SESSION['etchat_username']=$user->username;$_SESSION['etchat_gender']=$user->gender;}
$userinfo = mysql_query("SELECT * FROM user_stats WHERE id = '".$myrow['id']."'"); $userinfo = mysql_fetch_assoc($userinfo);
$password_correct = mysql_num_rows($usersql); $my_name = $user->username; $my_id = $myrow['id']; $user_rank = $myrow['rank'];
$ban = mysql_query("SELECT * FROM bans WHERE value = '".$user->username."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1"); $bancheck = mysql_num_rows($ban);
if($myrow['ip_reg'] == "0"){ mysql_query("UPDATE users SET ip_last = '".$remote_ip."' WHERE id = '".$user->id."'");
}elseif($password_correct !== 1){
session_destroy(); header("location: ".$path."1"); exit;
}elseif($bancheck > 0){
$bandata = mysql_fetch_assoc($ban);
$timestamp = time(); if($bandata['expire'] > $timestamp){ $login_error = "Du bist gebannt! Der Grund für deinen Bann lautet "".$bandata['reason']."" und dauert bis ".date('d.m.Y - H:i:s', $bandata['expire']).""; include('logout.php'); session_destroy(); exit;
} else{ mysql_query("DELETE FROM bans WHERE value = '".$name."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1"); } }
$logged_in = true; $name = HoloText($user->username);
} else {
$user_rank = 0; $name = "No-Name"; $my_id = "No-ID"; $myticket = "ST-No-Name-Yebbo-fe"; $logged_in = false;
}
/**********************************************************************/////////////////////////////// LTD SCRIPT /////////////////////////////*/**********************************************************************/
//Beispiel:16-03-2013-19-36-00
$sql = mysql_query("SELECT * FROM cms_rare where added='0' order by id ASC Limit 1");$row = mysql_fetch_object($sql);##############################$time=time();
##############################
$check = mysql_query("SELECT * FROM cms_rare where id='".$row->id."' and added='0'");if(mysql_num_rows($check) > 0){if($time >= $row->end_time){mysql_query("Insert into limited_rares (furni_id, furni_name, furni_img, furni_desc, buy_limit, available, cost, last_edit) VALUES ('".$row->furni_id."', '".$row->name."', '".$row->img."', '".$row->desc."', '".$row->buy_limit."', '".$row->buy_limit."', '".$row->cost."','".time()."') ");mysql_query("UPDATE cms_rare SET added = '1' WHERE id = '".$row->id."'") or die(mysql_error());}}
/**********************************************************************//////////////////////// CREDITS PROMO SCRIPT //////////////////////////*/**********************************************************************/
function timeago($tag,$monat,$jahr, $stunde,$minute) { return(mktime( $stunde, $minute, 0, $monat, $tag, $jahr) );}
//$timestamp = timeago(01,05,2013, 23,52);//echo date('d.m.Y H:i:s', $timestamp);
$check = mysql_query("SELECT * FROM credits_promo where finish='0'");if(mysql_num_rows($check) > 0){$row=mysql_fetch_object($check);$now=time();
if($now >= $row->end_time){mysql_query("UPDATE credits_promo SET finish = '1' WHERE id = '".$row->id."'") or die(mysql_error());}else{$credits_furni="true";$credits_furni_id=$row->id;}}
/**********************************************************************//////////////////// SERVER OFFLINE SCRIPT /////////////////////////////*/**********************************************************************/
$get_flashclient = mysql_query("SELECT * FROM cms_settings WHERE variable = 'cms_flashclient' AND value = '1'");if(mysql_num_rows($get_flashclient) < 1 && $server['status'] !== "0"){$offlinemodus="false";}else{$offlinemodus="true";}
/**********************************************************************////////////////////////// HC Check SCRIPT /////////////////////////////*/**********************************************************************/
$hc_a = mysql_query("SELECT * FROM user_subscriptions WHERE user_id = '".$my_id."' and timestamp_expire > '".time()."'"); $hc = mysql_num_rows($hc_a);
function getHCDays($my_id){
$sql = mysql_query("SELECT timestamp_activated,timestamp_expire FROM user_subscriptions WHERE user_id = '".$my_id."' LIMIT 1") or die(mysql_error()); if (mysql_num_rows($sql) == 0){ return 0; } $data = mysql_fetch_assoc($sql); $diff = $data['timestamp_expire'] - time(); if ($diff <= 0){ return 0; } return ceil($diff / 86400); }
/**********************************************************************////////////////////////// VIP Check SCRIPT /////////////////////////////*/**********************************************************************/
$vip_a = mysql_query("SELECT * FROM vip WHERE id_user = '".$my_id."'"); $vip = mysql_num_rows($vip_a);
function getVIPDays($my_id){
$sql = mysql_query("SELECT timestamp,timestampend FROM vip WHERE id_user = '".$my_id."' LIMIT 1") or die(mysql_error()); if (mysql_num_rows($sql) == 0){ return 0; } $data = mysql_fetch_assoc($sql); $diff = $data['timestampend'] - time(); if ($diff <= 0){ return 0; } return ceil($diff / 86400); }
/**********************************************************************/////////////////////// Maintenance SCRIPT /////////////////////////////*/**********************************************************************/
if($user_rank > 4){
if(session_is_registered('hkusername') && session_is_registered('hkpassword')){ $rank['iAdmin'] = "1"; } else { $rank['iAdmin'] = "0"; }
} else { $rank['iAdmin'] = "0";}
if($maintenance == '1' && !$is_maintenance && $rank['iAdmin'] < 1){ header("Location: ".$path."/maintenance"); exit;} elseif($rank['iAdmin'] == 1 && $config['variable'] == "cms_maintenance" && $config['value'] == '1'){ $notify_maintenance = true;}
// #########################################################################
function IsUserBanned($name){
$check = mysql_query("SELECT * FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip'") or die(mysql_error()); $is_banned = mysql_num_rows($check);
if($is_banned > 0){ $bandata = mysql_fetch_assoc($check); $reason = $bandata['reason']; $expire = $bandata['expire'];
$stamp_now = time();
if($stamp_now < $bandata['expire']){ return true; } else { // ban expired mysql_query("DELETE FROM bans WHERE value = '".$my_id."' AND bantype = 'user' or value = '".$remote_ip."' AND bantype = 'ip' LIMIT 1") or die(mysql_error()); return false; } } else { return false; }}
// #########################################################################
function mysql_evaluate($query, $default_value="undefined") { $result = mysql_query($query) or die(mysql_error());
if(mysql_num_rows($result) < 1){ return $default_value; } else { return mysql_result($result, 0); }}
function IsUserOnline($intUID){$result = mysql_query("SELECT online FROM users WHERE id = '".$intUID."' LIMIT 1") or die(mysql_error());$timeout = 600; // 10 minutes ?
if(mysql_num_rows($result) < 1){ return false; } else { $result = mysql_fetch_array($result); $result = $result[0]; $result = $result + $timeout; if($result >= time()){ return true; } else { return false; } }}function getContent($strKey){
$tmp = mysql_query("SELECT contentvalue FROM cms_content WHERE contentkey = '".FilterText($strKey)."' LIMIT 1") or die(mysql_error()); $tmp = mysql_fetch_assoc($tmp); return $tmp['contentvalue'];
}
/**********************************************************************/////////////////////// Sicherheits SCRIPT /////////////////////////////*/**********************************************************************/
if(session_is_registered(username)){
$checka = mysql_query("SELECT * FROM cms_security WHERE userid = '".$user->id."'");$check = mysql_num_rows($checka);if($check > 0){if($user->ip_last != $remote_ip){
$securityReal = "True";$msgsecurity = '<div class="clear" style="height:6px;position:relative;display:block;overflow:hidden;"></div> <div xmlns="http://www.w3.org/1999/html" style="width:759px;" class="rounded-container"><div class="rounded rounded-red"> <p>Account ist sicherheitsgesperrt </p> <p><a href="'.$path.'/identity/safetycheck"><u>Zum Freischalten hier klicken</u></a></p>
</div></div>
';
}}
}/**********************************************************************/////////////////////// Gast Funktionen SCRIPT /////////////////////////*/**********************************************************************/if(session_is_registered(username)){$que=mysql_query("Select * from users WHERE id = '".$user->id."'");$check = mysql_fetch_object($que);if($check->gast == '1'){$gast_login = "True";}}
function GetUserGroup($my_id){$check = mysql_query("SELECT id FROM groups WHERE id_user = '".$my_id."' AND is_current = '1' LIMIT 1") or die(mysql_error());$has_fave = mysql_num_rows($check);
if($has_fave > 0){
$row = mysql_fetch_assoc($check); $groupid = $row['id'];
return $groupid;
} else {
return false;
}}// noch mehr
function GetUserBadge($strName){ // supports user IDs also
if(is_numeric($strName)){ $check = mysql_query("SELECT id FROM users WHERE id = '".$strName."' AND badge_status = '1' LIMIT 1") or die(mysql_error()); } else { $check = mysql_query("SELECT id FROM users WHERE username = '".FilterText($strName)."' AND badge_status = '1' LIMIT 1") or die(mysql_error()); }
$exists = mysql_num_rows($check);
if($exists > 0){ $usrrow = mysql_fetch_assoc($check); $check = mysql_query("SELECT * FROM user_badges WHERE user_id = '".$usrrow['id']."' AND badge_slot = '1' LIMIT 1") or die(mysql_error()); $hasbadge = mysql_num_rows($check); if($hasbadge > 0){ $badgerow = mysql_fetch_assoc($check); return $badgerow['badge_id']; } else { return false; } } else { return false; }}
// #########################################################################
function GetUserGroupBadge($my_id){$check = mysql_query("SELECT id FROM groups WHERE id_user = '".$my_id."' AND is_current = '1' LIMIT 1") or die(mysql_error());$has_badge = mysql_num_rows($check);
if($has_badge > 0){
$row = mysql_fetch_assoc($check); $groupid = $row['id'];
$check = mysql_query("SELECT badge FROM groups WHERE id = '".$groupid."' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_assoc($check); $badge = $row['badge'];
return $badge;
} else {
return false;
}}
// #########################################################################
function GetUserClientGroupBadge($my_id){$check = mysql_query("SELECT groupid FROM group_memberships WHERE userid = '".$my_id."' LIMIT 1") or die(mysql_error());$has_badge = mysql_num_rows($check);
if($has_badge > 0){
$row = mysql_fetch_assoc($check); $groupid = $row['id_group'];
$check = mysql_query("SELECT badge FROM groups WHERE id = '".$groupid."' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_assoc($check); $badge = $row['badge'];
return $badge;
} else {
return false;
}}
$_SERVER['REMOTE_ADDR'] = isset($_SERVER["HTTP_CF_CONNECTING_IP"]) ? $_SERVER["HTTP_CF_CONNECTING_IP"] : $_SERVER["REMOTE_ADDR"];
/**********************************************************************////////////////////////////// Filter SCRIPT /////////////////////////////*/**********************************************************************/
function FilterText($str, $advanced=false) { if($advanced == true){ return mysql_real_escape_string(addslashes($str)); } $str = mysql_real_escape_string(addslashes(htmlspecialchars($str))); return $str;}
function News_Text($str) { if(get_magic_quotes_gpc()){ $str = stripslashes($str); } $str = preg_replace(array('/\x{0001}/u','/\x{0002}/u','/\x{0003}/u','/\x{0005}/u','/\x{0009}/u'),' ',$str); $str = mysql_real_escape_string($str); return $str;}
function Filter_Text($str, $advanced=false) { if($advanced == true){ return mysql_real_escape_string($str); } $str = mysql_real_escape_string($str); return $str;}
function STR($str) { $str = mysql_real_escape_string($str); return $str;}
function HoloText($str, $advanced=false, $bbcode=false) { if($advanced == true){ return stripslashes($str); } $str = stripslashes(nl2br(htmlspecialchars($str))); return $str;}
function sec2min($sec){return floor($sec/60)." Minute und ".($sec%60)." Sekunden";}
function escape($textzumfiltern){ return htmlspecialchars(mysql_real_escape_string($textzumfiltern));}
foreach($_POST as $key => $val) $_POST[$key] = mysql_real_escape_string($val);
foreach($_GET as $key => $val) $_GET[$key] = mysql_real_escape_string($val);
function XSS_Filter($val) { $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); $search = 'abcdefghijklmnopqrstuvwxyz'; $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; $search .= '1234567890!@#$%^&*()'; $search .= '~`";:?+/={}[]-_|\'\\'; for ($i = 0; $i < strlen($search); $i++) { $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; } $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); $ra = array_merge($ra1, $ra2); $found = true; while ($found == true) { $val_before = $val; for ($i = 0; $i < sizeof($ra); $i++) { $pattern = '/'; for ($j = 0; $j < strlen($ra[$i]); $j++) { if ($j > 0) { $pattern .= '('; $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?'; $pattern .= '|(�{0,8}([9][10][13]);?)?'; $pattern .= ')?'; } $pattern .= $ra[$i][$j]; } $pattern .= '/i'; $replacement = substr($ra[$i], 0, 2).substr($ra[$i], 2); $val = preg_replace($pattern, $replacement, $val); if ($val_before == $val) { $found = false; } } } return mysql_real_escape_string(addslashes(htmlspecialchars($val))); }
###########################
function readAvatarSet($type, $gender, $publicDir = 'json/', $extFile = '.txt'){ $set_file = $publicDir.$type.'-'.strtolower($gender).'.txt'; if(file_exists($set_file) != false){ $x = fopen($set_file, "r"); $s = fread($x, filesize($set_file)); fclose($x); return $s; } else { return null; } }
/* function to check if a substring contains in a string */ function checkIfContains($substring, $string) { $pos = strpos($string, $substring); if($pos === false) { return false; } else { return true; } } /* function to create a hash for user´s session, this will be the ID of the users */ function createSecurityHash($length, $numbers, $upper){ if (1 > $length) $length = 8; $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $numChars = 62; $string = ''; if (!$numbers) { $numChars = 52; $chars = substr($chars, 10, $numChars); } if (!$upper) { $numChars -= 26; $chars = substr($chars, 0, $numChars); } for ($i = 0; $i < $length; $i++) { $string .= $chars[mt_rand(0, $numChars - 1)]; } return $string; } #####################################################
function umlaute_umsetzen($str){ $search = array('/\ü/is','/\ö/is','/\ä/is','/\ß/is','/\Ä/is','/\Ü/is','/\Ö/is'); $replace = array("ü","ö","ä","ß","Ä","Ü","Ö"); $str = preg_replace ($search, $replace, $str); return htmlentities($str);}
function badwords($text){ $badwort=file("../crookie_Yebbo_cms_v3/blacklist.php"); foreach ($badwort as $wort) { $text = str_ireplace(trim($wort),str_repeat('*', strlen($wort)), $text); } return $text;}
#####################################################
if($user->mail != $user->linked_email){mysql_query("UPDATE users SET linked_email = '".$user->mail."' where id = '".$user->id."'");}
//if($logged_in){//echo '//<script type="text/javascript">//document.YebboLoggedIn = true;//var YebboName = "'.$user->username.'";//var YebboId = "'.$user->id.'";//var YebboReqPath = "'.$siteurl.'";//</script>//'."\n";//}else{//echo '//<script type="text/javascript">//document.YebboLoggedIn = false;//var YebboName = null;//var YebboId = "'.$remote_ip_encoded.'";//var YebboReqPath = "'.$siteurl.'";//</script>//'."\n";//}
function newfurni_bycrookie($zeile,$id_get,$name,$folder) {$furnidata = file_get_contents("http://Yebbo.eu/gamedata/habbo_furnidata.php");
$pos = 0;$i = 1;while ($pos = strpos($furnidata, '["', $pos +1)){ $pos1 = strpos($furnidata, '"]', $pos); $rule = substr($furnidata, $pos, ($pos1 -$pos)); $rule = explode('",', $rule); $id = current(explode('*', str_replace('"', '', $rule[1]))); $furni_id[]=$id;}##################################rsort($furni_id);
$itemid=$furni_id[$zeile];while ($pos = strpos($furnidata, '"'.$itemid.'"', $pos +1)){ $pos1 = strpos($furnidata, '"]', $pos); $rule = substr($furnidata, $pos, ($pos1 -$pos)); $rule = explode('",', $rule); $id = current(explode('*', str_replace('"', '', $rule[0]))); $public_name = current(explode('*', str_replace('"', '', $rule[1])));$pub_folder = current(explode('*', str_replace('"', '', $rule[2])));
if($id_get == "true"){echo $id;}elseif($name == "true"){echo $public_name;}elseif($folder == "true"){echo $pub_folder;}}}
// #########################################################################// FILTER// #########################################################################
if($_POST) {foreach($_POST as $key => $value) {if(is_array($value)) {foreach($value as $key2 => $value2) {$_POST[$key][$key2] = htmlspecialchars(mysql_real_escape_string($value2));}} else {$_POST[$key] = htmlspecialchars(mysql_real_escape_string($value));}}}
if($_GET) {foreach($_GET as $key => $value) {$_GET[$key] = htmlspecialchars(mysql_real_escape_string($value));}}
if($_COOKIE) {foreach($_COOKIE as $key => $value) {$_COOKIE[$key] = htmlspecialchars(mysql_real_escape_string($value));}}
?>