"); require_once('inc/config.php'); if(empty($mysql_user) && empty($mysql_pass)) die("Site is down for maintenance, please check back again later... thanks
"); $maxloginattempts = 6; // change this whatever u want. if u dont know what is this, leave it default //require_once('cleanup.php'); require_once('global.php'); function unesc($x) { if (get_magic_quotes_gpc()) return stripslashes($x); return $x; } function validfilename($name) { return preg_match('/^[^\0-\x1f:\\\\\/?*\xff#<>|]+$/si', $name); } function validemail($email) { return preg_match('/^[\w.-]+@([\w.-]+\.)+[a-z]{2,6}$/is', $email); } function sqlesc($x) { return "'".mysql_real_escape_string($x)."'"; } function sqlwildcardesc($x) { return str_replace(array("%","_"), array("\\%","\\_"), mysql_real_escape_string($x)); } function xss_clean(&$var) { static $preg_find = array('#javascript#i', '#script#i'), $preg_replace = array('java script', 'sc ript'); $var = preg_replace($preg_find, $preg_replace, htmlspecialchars_uni($var)); return $var; } function htmlspecialchars_uni($text, $entities = true) { return str_replace( // replace special html characters array('<', '>', '"'), array('<', '>', '"'), preg_replace( // translates all non-unicode entities '/&(?!' . ($entities ? '#[0-9]+' : '(#[0-9]+|[a-z]+)') . ';)/si', '&', $text ) ); } function urlparse($m) { $t = $m[0]; if (preg_match(',^\w+://,', $t)) return "$t"; return "$t"; } function parsedescr($d, $html) { if (!$html) { $d = htmlspecialchars($d); $d = str_replace("\n", "\n
", $d); } return $d; } function genbark($x,$y) { stdhead($y); print("

" . htmlspecialchars($y) . "

\n"); print("

" . htmlspecialchars($x) . "

\n"); stdfoot(); exit(); } function mksecret($len = 20) { $ret = ""; for ($i = 0; $i < $len; $i++) $ret .= chr(mt_rand(0, 255)); return $ret; } function httperr($code = 404) { header("HTTP/1.0 404 Not found"); print("

Not Found

\n"); print("

Sorry pal :(

\n"); exit(); } function gmtime() { return strtotime(get_date_time()); } function userlogin() { global $SITE_ONLINE, $iplog1; unset($GLOBALS["CURUSER"]); if (empty($_COOKIE["c_secure_pass"]) || empty($_COOKIE["c_secure_uid"]) || empty($_COOKIE["c_secure_login"])) return; $b_id = $_COOKIE["c_secure_uid"]; $id = 0 + $b_id; print($id); die; if (!$id || !is_valid_id($id) || strlen($_COOKIE["c_secure_pass"]) != 32) return; $res = mysql_query("SELECT * FROM users WHERE id = ".mysql_real_escape_string($id)." LIMIT 1"); $row = mysql_fetch_array($res); if (!$row) return; $sec = hash_pad($row["secret"]); if ($_COOKIE["c_secure_pass"] !== md5($HTTP_SERVER_VARS["REMOTE_ADDR"].$row["passhash"]."webadmin".$HTTP_SERVER_VARS["REMOTE_ADDR"])) print("".$_COOKIE["c_secure_pass"]."
".md5($HTTP_SERVER_VARS["REMOTE_ADDR"].$row["passhash"]."webadmin".$HTTP_SERVER_VARS["REMOTE_ADDR"]).""); die; return; if ($_COOKIE["c_secure_login"] == base64("yeah")) if ($_SESSION["s_secure_pass"] !== md5($HTTP_SERVER_VARS["REMOTE_ADDR"].$row["passhash"]."webadmin".$HTTP_SERVER_VARS["REMOTE_ADDR"])) return; $GLOBALS["CURUSER"] = $row; } function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff, $securelogin=false) { if ($expires != 0x7fffffff) $expires = time()+900; setcookie("c_secure_uid", $id, $expires, "/"); setcookie("c_secure_pass", $passhash, $expires, "/"); if ($securelogin) setcookie("c_secure_login", base64("yeah"), $expires, "/"); else setcookie("c_secure_login", base64("nope"), $expires, "/"); } function sessioncookie ($id, $passhash, $expires=false) { if ($expires) $GLOBALS[$sessioncacheexpire] = true; $_SESSION['s_secure_uid'] = base64($id); $_SESSION['s_secure_pass'] = $passhash; return $sessioncacheexpire; } function logoutsession () { session_unset(); session_destroy(); } function logoutcookie() { setcookie("c_secure_uid", "", 0x7fffffff, "/"); setcookie("c_secure_pass", "", 0x7fffffff, "/"); setcookie("c_secure_login", "", 0x7fffffff, "/"); } function base64 ($string, $encode=true) { if ($encode) return base64_encode($string); else return base64_decode($string); } function loggedinorreturn($mainpage = false) { global $CURUSER,$BASEURL; if (!$CURUSER) { if ($mainpage) header("Location: ./?modulo=login"); else { $to = $_SERVER["REQUEST_URI"]; $to = basename($to); header("Location: ./?modulo=login"); } exit(); } } function pager($rpp, $count, $href, $opts = array()) { $pages = ceil($count / $rpp); if (!$opts["lastpagedefault"]) $pagedefault = 0; else { $pagedefault = floor(($count - 1) / $rpp); if ($pagedefault < 0) $pagedefault = 0; } if (isset($_GET["page"])) { $page = 0 + $_GET["page"]; if ($page < 0) $page = $pagedefault; } else $page = $pagedefault; $pager = ""; $mp = $pages - 1; $as = "<< Prev"; if ($page >= 1) { $pager .= ""; $pager .= $as; $pager .= ""; } else $pager .= $as; $pager .= "      "; $as = "Next >>"; if ($page < $mp && $mp >= 0) { $pager .= ""; $pager .= $as; $pager .= ""; } else $pager .= $as; if ($count) { $pagerarr = array(); $dotted = 0; $dotspace = 3; $dotend = $pages - $dotspace; $curdotend = $page - $dotspace; $curdotstart = $page + $dotspace; for ($i = 0; $i < $pages; $i++) { if (($i >= $dotspace && $i <= $curdotend) || ($i >= $curdotstart && $i < $dotend)) { if (!$dotted) $pagerarr[] = "..."; $dotted = 1; continue; } $dotted = 0; $start = $i * $rpp + 1; $end = $start + $rpp - 1; if ($end > $count) $end = $count; $text = "$start - $end"; if ($i != $page) $pagerarr[] = "$text"; else $pagerarr[] = "$text"; } $pagerstr = join(" | ", $pagerarr); $pagertop = "

$pager
$pagerstr

\n"; $pagerbottom = "

$pagerstr
$pager

\n"; } else { $pagertop = "

$pager

\n"; $pagerbottom = $pagertop; } $start = $page * $rpp; return array($pagertop, $pagerbottom, "LIMIT $start,$rpp"); } function hash_pad($hash) { return str_pad($hash, 20); } function hash_where($name, $hash) { $shhash = preg_replace('/ *$/s', "", $hash); return "($name = " . sqlesc($hash) . " OR $name = " . sqlesc($shhash) . ")"; } // Old dbconn() function, now isn't called, but is done automatically when it's incd if (!@mysql_connect($mysql_host, $mysql_user, $mysql_pass)) { switch (mysql_errno()) { case 1040: case 2002: if ($_SERVER[REQUEST_METHOD] == "GET") die("

The server load is very high at the moment. Retrying, please wait...

"); else die("Too many users. Please press the Refresh button in your browser to retry."); default: die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error()); } } mysql_select_db($mysql_db) or die('dbconn: mysql_select_db: ' + mysql_error()); userlogin(); // Empty dbconn for compatibility function dbconn() { } ?>Hacking attempt!