Código
<?php ################################################### // SQL Config ################################################### 'hostname' => 'localhost', // Host 'username' => 'root', // User 'password' => '', // Password 'database' => 'apk', // Database Name 'path' => '', // URL 'path_images' => 'http://localhost/styles/beta', // URL of Styles And Images 'path_hk' => 'http://localhost/housekeeping', 'badges_image' => 'http://habboo-a.akamaihd.net/c_images/album1584/', 'name' => 'xd', // Hotel Name 'Me_Ad' => 'xd', // Text me 'footer' => 'xd' ); ################################################### // SQL Connect ################################################### ################################################### require_once 'functions.php'; $function=new functions(); ################################################### // Usuarios Online ################################################### ################################################### // Definiciones ################################################### $today = $d; $month = $m; $year = $Y; ################################################### ################################################### if($html == true){ foreach($_POST as $key => $p){ } //Filtro las entradas vía GET foreach($_GET as $key => $g){ } foreach($_COOKIE as $key => $s){ } //Filtro las entradas vía REQUEST foreach($_REQUEST as $key => $k){ } //Filtro las entradas vía GET foreach($_GET as $key => $f){ } } }else{ foreach($_POST as $key => $p){ } //Filtro las entradas vía GET foreach($_GET as $key => $g){ } foreach($_COOKIE as $key => $s){ } //Filtro las entradas vía REQUEST foreach($_REQUEST as $key => $k){ } //Filtro las entradas vía GET foreach($_GET as $key => $f){ } } } if($function->checkLogin($_SESSION['username'], $_SESSION['password'])){ $u = $function->filter($_SESSION['username']); //$a = mysql_query("SELECT username, motto, password, look, id, last_online, online, rank, credits FROM users WHERE username = '{$u}' LIMIT 1"); if($function->CheckBanned($_SESSION['username'], $function->GetIP())){ $error = $_SESSION['BAN_LOGIN_ERROR']; $_SESSION['W_LOGIN_ERROR'] = $error; $bu = $_SESSION['username']; exit; } if($myrow['rank'] > '5'){ mysql_query("INSERT INTO private_logs (id,user,time,description,ip) VALUES (NULL,'{$myrow['username']}','{$date_full}','En el archivo: {$_SERVER['PHP_SELF']} con rango: {$myrow['rank']}','{$function->GetIP()}')"); } }else{ $myrow['username'] = "Guest"; } ################################################### ?>
Código
<?php // Funciones ################################################### class functions { public function HoloHash($password){ return $password; } public function filter($texto) { $texto = str_replace("INSERT","IN-SER-T",$texto); // Remplazamos palabras que podrian ser usadas para alterar la BD $texto = str_replace("inert","IN-SER-T",$texto); // Remplazamos palabras que podrian ser usadas para alterar la BD return $texto; } public function filternews($texto) { $texto = str_replace("INSERT","IN-SER-T",$texto); // Remplazamos palabras que podrian ser usadas para alterar la BD $texto = str_replace("inert","IN-SER-T",$texto); // Remplazamos palabras que podrian ser usadas para alterar la BD return $texto; } function GetIP() { if($_SERVER) { if($_SERVER["HTTP_X_FORWARDED_FOR"]) { $realip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } elseif ($_SERVER["HTTP_CLIENT_IP"]) { $realip = $_SERVER["HTTP_CLIENT_IP"]; } else { $realip = $_SERVER["REMOTE_ADDR"]; } } else { } else { } } return $realip; } public function GenerateTicket(){ $data = "ST-"; for ($i=1; $i<=6; $i++){ } $data = $data . "-"; for ($i=1; $i<=20; $i++){ } $data = $data . "-habbo-beta-fe"; return $data; } public function checkLogin($u, $p){ $u = $this->filter($u); $p = $this->filter($p); $check = mysql_query("SELECT * FROM users WHERE username = '{$u}' AND password = '{$p}' OR mail = '{$u}' AND password = '{$p}' LIMIT 1"); } public function userExist($u){ $u = $this->filter($u); } public function AddUser($u, $p, $m, $b){ $user = $this->filter($u); $pass = $this->filter($p); $mail = $this->filter($m); $birth = $this->filter($b); $credits = "900000"; $rank = "1"; $look = "hr-893-42.hd-180-1.ch-225-64.lg-280-64.sh-300-64.ha-1002-64.ea-1404-62.ca-1802"; $motto = "Hola, soy un usuario nuevo!"; mysql_query("INSERT INTO users(`id`, `username`, `password`, `mail`, `credits`, `rank`, `ip_reg`, `ip_last`, `look`, `account_created`, `gender`, `motto`, `birth`, `auth_ticket`) VALUES(NULL, '{$user}', '{$pass}', '{$mail}', '{$credits}', '{$rank}', '".$this->GetIP()."', '".$this->GetIP()."', '{$look}', '". time() ."', 'M', '{$motto}', '{$birth}', '" .$this->GenerateTicket()."')"); mysql_query("INSERT INTO `user_info` (user_id,reg_timestamp) VALUES ('".$userd['id']."','".time()."')"); //mysql_query("INSERT INTO `user_stats` (id) VALUES ('".$userd['id']."')"); $_SESSION['username'] = $user; $_SESSION['password'] = $pass; } function CheckBanned($u, $ip){ $today = $d; $month = $m; $year = $Y; $u = $this->filter($u); $ip = $this->filter($ip); $reason = $bandata['reason']; $expire = $bandata['expire']; if($stamp_now < $expire){ $login_error = "Has sido banedo por esta razón: \"".$reason."\". Tu baneo expira el: ".$datetoex."."; $_SESSION['BAN_LOGIN_ERROR'] = $login_error; return $login_error; } else { return false; } } } public function session($s){ if($s == "no" && $this->checkLogin($_SESSION['username'], $_SESSION['password'])){ }elseif($s == "yes" && $this->checkLogin($_SESSION['username'], $_SESSION['password']) == false){ } } public function hk_access(){ $user = $this->filter($_SESSION['username']); $pass = $this->filter($_SESSION['password']); $r = mysql_fetch_assoc(mysql_query("SELECT rank FROM users WHERE username = '{$user}' AND password = '{$pass}' LIMIT 1")); } public function GetLast($a){ $a = $this->filter($a); $date = $a; $difference = $date_now - $date; if($difference <= '59'){ $echo = 'Justo Ahora'; } elseif($difference <= '3599' && $difference >= '60'){ if($minutos[0] == 0) { $minutos = $minutos[1]; } if($minutos == 1) { $minutos_str = 'minuto'; } else { $minutos_str = 'minutos'; } $echo = 'Hace '.$minutos.' '.$minutos_str;//Minutos }elseif($difference <= '82799' && $difference >= '3600'){ if($horas == 1) { $horas_str = 'hora'; } else { $horas_str = 'horas'; } $echo = 'Hace '.$horas.' '.$horas_str;//Minutos }elseif($difference <= '518399' && $difference >= '82800'){ if($dias == 1) { $dias_str = 'día'; } else { $dias_str = 'días'; } $echo = 'Hace '.$dias.' '.$dias_str;//Minutos }elseif($difference <= '2678399' && $difference >= '518400'){ if($semana == 1) { $semana_str = 'semana'; } else { $semana_str = 'semanas'; } return $echo; }else{ return $a; } }else{ return 'Aún no te has conectado'; } } public function RankName($a){ return $a['name']; } public function UpdateProfile($a, $b, $u){ $a = $this->filter($a); $b = $this->filter($b); $u = $this->filter($u); mysql_query("UPDATE users SET profile_bg = '{$a}', profile_image = '{$b}' WHERE username = '{$u}'"); } public function Username_check($a){ $a = $this->filter($a); # USERNAME CHECK # elseif($this->userExist($a)){ $error = "Ese nombre ya esta en uso"; } return $error; } public function Emails_check($a, $b){ $a = $this->filter($a); // Email 1 $b = $this->filter($b); // Email 2 # EMAIL CHECK # if($email_check !== 1){ $error = "Insertaste un email inválido"; } elseif($this->userExist($a)){ $error = "Ese email ya esta en uso"; } elseif($a !== $b){ $error = "Tus emails no coinciden"; } return $error; } public function Password_Check($a, $b){ $a = $this->filter($a); // pass 1 $b = $this->filter($b); // pass 2 # PASSWORD CHECK # elseif($a !== $b){ $error = "Tus contraseñas no coinciden"; } return $error; } } ?>
Mod: Obligatorio el uso de etiquetas GeSHi. Temas sobre PHP van al subforo de PHP.