<?php
function safe($ding)
{
if(get_magic_quotes_gpc() == "0")
$var = trim(addslashes($ding));
if(version_compare(phpversion(),"4.3.0") == "-1")
return mysqli_escape_string(htmlspecialchars($ding));
else
return mysqli_real_escape_string(htmlspecialchars($ding));
}
//XSS mogelijkheden via de URL vermijden
$locatie = $_SERVER['REQUEST_URI'];
$array = Array();
$array[] = "mysqli";
$array[] = "query";
$array[] = ")";
$array[] = ";";
$array[] = "}";
$array[] = "INSERT";
$array[] = "%40";
$array[] = "DROPTABLE";
$array[] = "TRUNCATE";
//Beveiliging met een Foreach stukje
foreach($array As $foutbezig)
{
if(stristr($foutbezig,$locatie))
{
echo "Onbekende fout is opgetreden.";
exit();
}
}
$url = substr($_SERVER['REQUEST_URI'], 1);
if(stristr("%", $url) or stristr(";", $url) or stristr("'", $url) or stristr("<", $url) or stristr(">", $url) or stristr(")", $url) or
stristr("query", $url) or stristr("mysqli", $url) or stristr('"', $url) or stristr('config', $url) or stristr('ingelogd', $url) or
stristr("query", $url))
{
echo "Onbekende fout.";
}
/*
$locatie = $_SERVER['REQUEST_URI'];
$array = Array();
$array[] = "mysqli";
$array[] = "query";
$array[] = ")";
$array[] = ";";
$array[] = "}";
$array[] = "INSERT";
$array[] = "DELETE";
$array[] = "UPDATE";
$array[] = "%40";
$array[] = "DROPTABLE";
$array[] = "TRUNCATE";
foreach($array As $foutbezig){
if(preg_match($foutbezig,$locatie)){
echo '<body><center><link href="style.css" rel="stylesheet" type="text/css"><table width="60%"><tr><td class="subTitle">Bewerking afgebroken</td></tr><tr><td class="mainTxt"><br /><b>Er is een fout opgetreden.</b><br /><br />Je hebt een ongeldige url proberen te openen.<br>Dit kan per ongeluk komen, of je probeert het systeem expres te vernielen.<br><br><center>Klik <a href="http://www.downup-terror.nl/">hier</a> om terug naar Downup-terror te gaan.</center></td></tr></table>';
$fp = fopen("admin/buglog.txt", "a");
$time = date("d-m-Y H:i:s");
$stringData = "Bewerking afgebroken,".$_SESSION['login'].",".$time.",".$_SERVER['REQUEST_URI'].",".$_SERVER['REMOTE_ADDR'].",".@gethostbyaddr($_SERVER['REMOTE_ADDR']).""."<br />\n";
fwrite($fp, $stringData);
fclose($fp);
exit();
}
}
*/
$con=mysqli_connect("localhost","root","","street");
// Check connection
if (mysqli_connect_errno())
{
echo "<html>
<head>
<title>Downup-terror - Database problemen</title>
<link href='style.css' rel='stylesheet' type='text/css'>
</head>
<body>
<center><table width='500' align='center'>
<tr><td class='subTitle'><b>Database problemen</b></td></tr>
<tr><td class='mainTxt'><br><img src='images/icons/information.png' width='16' height='16' border='0'> <b>Database problemen</b><br>
<br>Er is een fout opgetreden tijdens het verbinding maken met de database.<br>
We proberen de fout zo snel mogelijk op te lossen.<br><br>
Onze excuses voor het ongemak.<br><br>
Met vriendelijke groet<br>
Downup-terror Crew</td></tr>
</table></center>
</body>
</html>" . mysqli_connect_error();
}
mysqli_select_db($con,"street");
mysqli_close($con);
if(isset($_SESSION['login'])){
if($_SESSION['login'] != $_SESSION['testlogi']){ $fp = fopen("admin/buglog.txt", "a"); $time = date("d-m-Y H:i:s"); $stringData = "Inloggen op ander account,".$_SESSION['login'].",".$time.",".$_SERVER['REQUEST_URI'].",".$_SERVER['REMOTE_ADDR'].",".@gethostbyaddr($_SERVER['REMOTE_ADDR']).""."<br />\n"; fwrite($fp, $stringData); fclose($fp); echo'Foutmelding: Je bent van '.$_SESSION['testlogi'].' op '.$_SESSION['login'].' ingelogd!<br>Meld deze fout onmiddelijk. Toegang geweigerd.'; exit; }
if($_SESSION['ips'] != $_SERVER['REMOTE_ADDR']){ $fp = fopen("admin/buglog.txt", "a"); $time = date("d-m-Y H:i:s"); $stringData = "IP verwisseld,".$_SESSION['login'].",".$time.",".$_SERVER['REQUEST_URI'].",".$_SERVER['REMOTE_ADDR'].",".@gethostbyaddr($_SERVER['REMOTE_ADDR']).""."<br />\n"; fwrite($fp, $stringData); fclose($fp); session_unset($_SESSION['pass']); session_destroy($_SESSION['login']); echo'Foutmelding: Je bent van IP verwisseld!<br>Dit wordt als een hackpoging gezien.<br>Meld deze fout onmiddelijk. Toegang geweigerd.'; exit; }
$dbres = mysqli_query("SELECT *,UNIX_TIMESTAMP(`pc`) AS `pc`,UNIX_TIMESTAMP(`kc`) AS `kc`,UNIX_TIMESTAMP(`crime`) AS `crime`,UNIX_TIMESTAMP(`ac`) AS `ac`,UNIX_TIMESTAMP(`ar`) AS `ar`,UNIX_TIMESTAMP(`gmtijd`) AS `gmtijd` FROM `users` WHERE `login`='{$_SESSION['login']}'");
$data = mysqli_fetch_object($dbres);
$blata = mysqli_num_rows($dbres);
include("_rangen.php");
include("_tijden.php");
include("_rangmsg.php");
if($blata == 0 || $data->level == -1){ session_destroy(); die("Tot ziens"); }
if($_SERVER['SCRIPT_NAME'] != '/status.php' && $_SERVER['SCRIPT_NAME'] != '/status_img.php'){
$spti = (time() - $data->speeltijd2);
if($spti > 0 && $spti < 46){ mysqli_query("UPDATE `users` SET `speeltijd`=`speeltijd`+'{$spti}' WHERE `login`='{$data->login}'"); }
mysqli_query("UPDATE `users` SET `speeltijd2`=".time()." WHERE `login`='{$data->login}'");
mysqli_query("UPDATE `users` SET `online`=NOW() WHERE `login`='{$data->login}'");
}
}
$datum = date("d-m-y", time());
$week = date("W", time());
$test ="SELECT * FROM `statistieken` WHERE `week`='$week' && `datum`='$datum'";
if(!$test){ mysqli_query("INSERT INTO `statistieken` (`week`,`datum`) VALUES('$week','$datum')"); mysqli_query("UPDATE `users` SET `online2`='0'") or die(mysqli_error()); }
if(check_login()) {
if($data->online2 == 0){
mysqli_query("UPDATE `statistieken` SET `online`=`online`+1 WHERE `week`='$week' && `datum`='$datum'") or die(mysqli_error());
mysqli_query("UPDATE `users` SET `online2`=1 WHERE login = '".$_SESSION['login']."'") or die('mysqli_error()');
}
}
$dbre = mysqli_query("SELECT *, UNIX_TIMESTAMP(`time`) AS `getime` FROM `jail` WHERE `login`='{$data->login}'");
$jisin = mysqli_num_rows($dbre);
$jail = mysqli_fetch_object($dbre);
if($jisin == 1){
$tim = ($jail->getime - time());
if($tim == 1){ $time = gmdate('s', $tim); $word = seconde; $boete = $jail->boete; }
elseif($tim < 61){ $time = gmdate('s', $tim); $word = seconden; $boete = $jail->boete; }
else { $time = gmdate('i:s', $tim); $word = minuten; $boete = $jail->boete; }
}
mysqli_query("DELETE FROM `jail` WHERE UNIX_TIMESTAMP(`time`)-UNIX_TIMESTAMP(NOW()) < 0");
if($data->xp < 10){ $jailtime = (TIME() + 20); }
elseif($data->xp < 20){ $jailtime = (TIME() + 30); }
elseif($data->xp < 50){ $jailtime = (TIME() + 60); }
elseif($data->xp < 150){ $jailtime = (TIME() + 90); }
elseif($data->xp < 500){ $jailtime = (TIME() + 120); }
elseif($data->xp < 1000){ $jailtime = (TIME() + 180); }
elseif($data->xp < 2000){ $jailtime = (TIME() + 190); }
elseif($data->xp < 3000){ $jailtime = (TIME() + 230); }
elseif($data->xp < 4500){ $jailtime = (TIME() + 270); }
elseif($data->xp < 6000){ $jailtime = (TIME() + 320); }
elseif($data->xp < 8000){ $jailtime = (TIME() + 370); }
elseif($data->xp < 11000){ $jailtime = (TIME() + 420); }
elseif($data->xp < 15000){ $jailtime = (TIME() + 480); }
elseif($data->xp < 20000){ $jailtime = (TIME() + 540); }
elseif($data->xp >= 20000){ $jailtime = (TIME() + 600); }
$dete = mysqli_query("SELECT * FROM `[detective]` WHERE UNIX_TIMESTAMP(`time`)-UNIX_TIMESTAMP(NOW()) < 0");
while($det = mysqli_fetch_object($dete)){
$sus = mysqli_fetch_object(mysqli_query("SELECT * FROM `users` WHERE `login`='{$det->van}'"));
$vic = mysqli_fetch_object(mysqli_query("SELECT * FROM `users` WHERE `login`='{$det->naar}'"));
if($det->stad == $vic->stad){ mysqli_query("INSERT INTO `messages`(`time`,`from`,`to`,`subject`,`message`) values(NOW(),'Notificatie','{$sus->login}','Gevonden','Je detective heeft {$vic->login} gevonden in {$det->stad}.')"); mysqli_query("DELETE FROM `detective` WHERE `naar`='{$vic->login}' AND `stad`='{$det->stad}'"); }
mysqli_query("DELETE FROM `detectives` WHERE UNIX_TIMESTAMP(`time`)-UNIX_TIMESTAMP(NOW()) < 0");
}
$ip = $_SERVER['REMOTE_ADDR'];
$iban = mysqli_fetch_object(mysqli_query("SELECT * FROM `bans` WHERE `IP`='$ip'"));
if($iban){ echo '<head><title>Downup-terror - Verbannen</title><link rel="stylesheet" type="text/css" href="style.css">
</head><body><center><table align="center" width="600"><tr><td class="subTitle"><b>Geen toegang</b></td></tr>
<tr><td class="mainTxt"><br><font color="red"><b>Geen toegang: je bent verbannen!</b></font><br><br>Reden van de ban: '.$iban->reden.'<br><br>
Ben je het oneens met je ban? Stuur een e-mail naar webmaster@downup-terror<br><br>
Met vriendelijke groet,<br>Downup-terror Crew<br></td></tr></table></body></html>';
unset($_SESSION['login']); exit; }
function check_login() {
$logicheck = mysqli_num_rows(mysqli_query("SELECT * FROM `users` WHERE `login`='{$_SESSION['login']}'"));
if($logicheck == 0) {
unset($_SESSION['login']);
return FALSE;
}else { return TRUE; }
}
$minuut = date("i", time());
$hour = date("G", time());
$day = date("z", time());
$dbres = mysqli_query("SELECT * FROM `cron` WHERE `name`='beurs'");
while($beurs = mysqli_fetch_object($dbres)){
if($beurs->time != $minuut && $beurs->test1 != 1){ mysqli_query("UPDATE `cron` SET `test1`='1' WHERE `name`='beurs'"); include("_cron-minuut.php"); }
mysqli_query("UPDATE `cron` SET `test1`='0' WHERE `name`='beurs'");
}
$dbres = mysqli_query("SELECT * FROM `cron` WHERE `name`='uur'");
while($uur = mysqli_fetch_object($dbres)){
if($uur->time != $hour && $uur->test1 != 1){ mysqli_query("UPDATE `cron` SET `test1`='1' WHERE `name`='uur'"); include("_cron-uur.php"); }
mysqli_query("UPDATE `cron` SET `test1`='0' WHERE `name`='uur'");
}
$dbres = mysqli_query("SELECT * FROM `cron` WHERE `name`='dag'");
while($dag = mysqli_fetch_object($dbres)){
if($dag->time != $day && $dag->test1 != 1){ mysqli_query("UPDATE `cron` SET `test1`='1' WHERE `name`='dag'"); include("_cron-dag.php"); }
mysqli_query("UPDATE `cron` SET `test1`='0' WHERE `name`='dag'");
}
?>
Toon Meer