Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/alumni/ drwxrwxrwx | |
| Viewing file: Select action/file-type: <?php
/********************************************************************************
- MemHT Portal -
Copyright (C) 2007-2008 by Miltenovik Manojlo
http://www.memht.com
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your opinion) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, see <http://www.gnu.org/licenses/> (GPLv2)
or write to the Free Software Foundation, Inc., 51 Franklin Street,
Fifth Floor, Boston, MA02110-1301, USA.
********************************************************************************/
//===========================================
//Do not show errors
//===========================================
error_reporting(E_ALL);
//===========================================
//Database: Connect
//===========================================
require_once("inc/inc_config.php");
require_once("inc/inc_database.php");
$dblink = new database();
$dblink->connect();
//===========================================
//Timezone setting
//===========================================
$timezonerow = $dblink->get_row("SELECT timezone FROM memht_config");
$siteConfig['timezone'] = intval($timezonerow['timezone']);
$tzNOW = "DATE_ADD(NOW(),INTERVAL ".$siteConfig['timezone']." HOUR)";
require_once("inc/inc_login.php");
//Check if the visitor is logged as user
function isUser($userid,$force=0) {
global $dblink,$privs;
if (memRunHooks('IsUser',array($userid,$force,&$privs))) {
if (isset($_COOKIE['login_user'])) {
$cookiecontent = $_COOKIE['login_user'];
$cookieitem = explode("#",$cookiecontent);
if ($privs['user']) {
$pcookieitem = explode("#",$privs['user']);
if ($cookieitem[0]==$pcookieitem[0] AND $cookieitem[1]==$pcookieitem[1] AND $cookieitem[2]==$pcookieitem[2]) {
return true;
} else {
$privs['user'] = false;
return false; //Error? Hack?
}
} else if ($force==1) {
//Database Account Control
if ($dblink->get_num("SELECT id FROM memht_utenti WHERE id=$userid AND pass='".inCode($cookieitem[2])."' LIMIT 1")>0) {
$privs['user'] = $cookiecontent;
return true; //Account Correct
} else {
$privs['user'] = false;
return false; //Error? Hack?
}
} else {
return false;
}
} else {
return false; //Not Logged
}
return false;
}
}
//Data input function (from user)
function inCode($string) {
if (get_magic_quotes_gpc()) { $string = stripslashes($string); }
$string = str_replace('<br type="_moz" />','',$string); //FCKeditor 2.5.1 bug fix
if ($string=="<br />") { $string = ""; } //FCKeditor 2.5.1 bug fix
$string = htmlentities($string,ENT_QUOTES);
return mysql_real_escape_string($string);
}
//Data output function (from database)
function outCode($string,$html=1) {
global $langdata;
$string = ($html==1) ? unhtmlentities($string) : stripslashes($string) ;
$string = str_replace('\"','"',$string);
$string = str_replace("\'","'",$string);
return str_replace("&","&",$string);
}
function unhtmlentities($string,$html=1) {
$trans_tbl1 = get_html_translation_table(HTML_ENTITIES);
foreach ($trans_tbl1 as $ascii => $htmlentitie) {
$trans_tbl2[$ascii] = '&#'.ord($ascii).';';
}
$trans_tbl1 = array_flip($trans_tbl1);
$trans_tbl2 = array_flip($trans_tbl2);
$tagstostrtip = array('iframe','script','style');
$string = strtr(strtr($string,$trans_tbl1),$trans_tbl2);
if ($html==1) { $string = strip_selected_tags($string,$tagstostrtip); }
return $string;
}
function strip_selected_tags($text, $tags = array()) {
$args = func_get_args();
$text = array_shift($args);
$tags = func_num_args() > 2 ? array_diff($args,array($text)) : (array)$tags;
foreach ($tags as $tag){
if(preg_match_all('/<'.$tag.'[^>]*>([^<]*)<\/'.$tag.'>/iu',$text,$found) ){
$text = str_replace($found[0],$found[1],$text);
}
}
return @$text;
}
//===========================================
//Includes
//===========================================
require_once("inc/inc_readConfig.php");
//Use cronjobs
if ($siteConfig['usecronjobs']==1) {
//===========================================
//Maintenance
//===========================================
class Maintenance {
//Override timings, forcing the execution
var $forcedexec = false;
//Call all class functions
function All() {
global $dblink,$siteConfig,$tzNOW;
if ($dblink->get_num("SELECT last FROM memht_maintenance")==0) { $dblink->query("INSERT INTO memht_maintenance (last) VALUES ('2000-01-01 00:00:00')"); }
if ($this->forcedexec OR $dblink->get_num("SELECT last FROM memht_maintenance WHERE (last + INTERVAL ".$siteConfig['maintenance']." MINUTE) < $tzNOW")>0) {
$dblink->query("UPDATE memht_maintenance SET last=$tzNOW");
if (memRunHooks('Maintenance',array($this->forcedexec))) {
$this->CleanBanned();
$this->MessageBoxFlood();
$this->OldWaitingUsers();
$this->OldPrivateMessages();
$this->OldLoginAttempts();
$this->GroupMembers();
$this->ResetMediumLoadTime();
$this->DeleteOldLiveData();
$this->DeleteOldAdminData();
$this->DeleteRssCache();
$this->RssAggregator();
$this->CleanStatistics();
memRunHooks('MaintenanceEnd',array($this->forcedexec));
}
}
}
//Clean the database from extinguished temporary ban's
function CleanBanned() {
global $dblink,$tzNOW;
$dblink->query("DELETE FROM memht_banned WHERE date < $tzNOW AND permanent=0");
}
//Clean messagemox flood data
function MessageBoxFlood() {
global $dblink,$siteConfig,$tzNOW;
$dblink->query("DELETE FROM memht_messagebox_flood WHERE (time + INTERVAL ".$siteConfig['maintenance_mesboxflood']." MINUTE) < $tzNOW");
}
//Clean old pending user registrations
function OldWaitingUsers() {
global $dblink,$siteConfig,$tzNOW;
$dblink->query("DELETE FROM memht_utenti_attesa WHERE activated=0 AND (data + INTERVAL ".$siteConfig['maintenance_waitusers']." HOUR) < $tzNOW");
$dblink->query("DELETE FROM memht_utenti_attesa WHERE activated=1 AND (data + INTERVAL 3 MONTH) < $tzNOW");
}
//Clean old private messages
function OldPrivateMessages() {
global $dblink,$siteConfig,$tzNOW;
$dblink->query("DELETE FROM memht_pvtmsg WHERE (date + INTERVAL ".$siteConfig['maintenance_oldpm']." DAY) < $tzNOW");
}
//Clean old login attempts
function OldLoginAttempts() {
global $dblink,$siteConfig,$tzNOW;
$dblink->query("DELETE FROM memht_login_flood WHERE (time + INTERVAL ".$siteConfig['maintenance_failedlogin']." MINUTE) < $tzNOW");
}
//Clean expired group members
function GroupMembers() {
global $dblink,$siteConfig,$tzNOW;
$dblink->query("UPDATE memht_groups_members SET standby=1 WHERE permanent=0 AND standby=0 AND expire < $tzNOW");
$dblink->query("DELETE FROM memht_groups_members WHERE permanent=0 AND standby=1 AND (expire + INTERVAL ".$siteConfig['maintenance_standbygroup']." DAY) < $tzNOW");
}
function DeleteOldLiveData() {
global $dblink,$siteConfig,$tzNOW;
$dblink->query("DELETE FROM memht_statistics_livedata WHERE (date + INTERVAL 12 HOUR) < $tzNOW");
}
function DeleteOldAdminData() {
global $dblink,$siteConfig,$tzNOW;
$dblink->query("DELETE FROM memht_statistics_administration WHERE (date + INTERVAL 7 DAY) < $tzNOW");
}
//Reset medium load time
function ResetMediumLoadTime() {
global $dblink,$siteConfig,$tzNOW;
$dblink->query("DELETE FROM memht_statistics_loadtime WHERE (started + INTERVAL ".$siteConfig['maintenance_loadtime']." HOUR) < $tzNOW");
}
//Delete RSS chache
function DeleteRssCache() {
global $dblink;
if (@count(@glob("inc/magpie/cache/*", GLOB_BRACE))>20) {
$limit = 0;
$over = 0;
$handle = @opendir('inc/magpie/cache/');
while (false !== ($file = @readdir($handle))) {
if ($limit>20 OR $over>20) { break; }
if ($file != "." AND $file != "..") {
@unlink("inc/magpie/cache/$file");
$limit++;
}
$over++;
}
@closedir($handle);
}
}
//Rss Aggregator
function RssAggregator() {
global $dblink,$tzNOW;
if ($dblink->get_num("SELECT id FROM memht_aggregator WHERE enabled=1")>0) {
if ($dblink->get_num("SELECT maintenance_aggregator FROM memht_maintenance WHERE (maintenance_aggregator + INTERVAL 1 HOUR) < $tzNOW")>0) {
$dblink->query("UPDATE memht_maintenance SET maintenance_aggregator=$tzNOW");
$result = $dblink->get_list("SELECT * FROM memht_aggregator");
foreach ($result as $row) {
$whr = intval($row['whr']);
$argument = intval($row['argument']);
$author = outCode($row['author']);
$rssurl = outCode($row['rssurl']);
$numfeeds = intval($row['numfeeds']);
if (!defined('MAGPIE_CACHE_DIR')) { define('MAGPIE_CACHE_DIR','inc/magpie/cache'); }
require_once("inc/magpie/rss_fetch.inc");
if ($rss = @fetch_rss($rssurl)) {
$channel = inCode($rss->channel['title']);
$items = array_reverse($rss->items);
$lim = 0;
foreach ($items as $item) {
if ($lim>=$numfeeds) { break; }
$link = inCode(@$item['link']);
$title = inCode(@$item['title']);
$description = inCode(@$item['description']);
$encoded = inCode(@$item['content']['encoded']);
if (strlen($link)>4 AND strlen($title)>4 AND strlen($description)>10) {
$more = "Source: <a href=\"$link\" target=\"_blank\" title=\"$channel\"><i>$channel</i></a>";
if ($author=="") { $author = $channel; }
//1 = Articles, 2 = Guide, 3 = News
switch ($whr) {
case 1:
if ($encoded!="") {
$desc = $description;
$description = $encoded;
} else {
$desc = "";
}
$rssquery = "INSERT INTO memht_articoli (id,argomento,nome,descrizione,testo,autore,data,enabled) VALUES ";
$rssquery .= "(null,'$argument','$title','$desc','$description<br><br>$more','$author',$tzNOW,'1')";
$checkquery = "SELECT id FROM memht_articoli WHERE nome='$title'";
break;
case 2:
if ($encoded!="") {
$desc = $description;
$description = $encoded;
} else {
$desc = "";
}
$rssquery = "INSERT INTO memht_guide (id,argomento,nome,descrizione,testo,autore,data,enabled) VALUES ";
$rssquery .= "(null,'$argument','$title','$desc','$description<br><br>$more','$author',$tzNOW,'1')";
$checkquery = "SELECT id FROM memht_guide WHERE nome='$title'";
break;
case 3:
if ($encoded=="") {
$rssquery = "INSERT INTO memht_news (id,argomento,nome,testo_home,testo,autore,data,enabled) VALUES ";
$rssquery .= "(null,'$argument','$title','$description','$more','$author',$tzNOW,'1')";
} else {
$encoded .= "<br><br>$more";
$rssquery = "INSERT INTO memht_news (id,argomento,nome,testo_home,testo,autore,data,enabled) VALUES ";
$rssquery .= "(null,'$argument','$title','$description','$encoded','$author',$tzNOW,'1')";
}
$checkquery = "SELECT id FROM memht_news WHERE nome='$title'";
break;
}
if ($dblink->get_num($checkquery)==0) { $dblink->query($rssquery); $lim++; }
}
}
}
}
}
}
}
//Clean statistics data
//Added in 3.8.0
function CleanStatistics() {
global $dblink,$tzNOW;
//memht_statistics_browsers
$row = $dblink->get_row("SELECT ROUND(MAX(hits)*0.005) AS min FROM memht_statistics_browsers WHERE (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_browsers WHERE hits < ".intval($row['min'])." AND (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_browsers WHERE hits < 5 AND (day + INTERVAL 1 WEEK) < $tzNOW");
//memht_statistics_domains
$row = $dblink->get_row("SELECT ROUND(MAX(hits)*0.005) AS min FROM memht_statistics_domains WHERE (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_domains WHERE hits < ".intval($row['min'])." AND (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_domains WHERE hits < 5 AND (day + INTERVAL 1 WEEK) < $tzNOW");
//memht_statistics_os
$row = $dblink->get_row("SELECT ROUND(MAX(hits)*0.005) AS min FROM memht_statistics_os WHERE (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_os WHERE hits < ".intval($row['min'])." AND (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_os WHERE hits < 5 AND (day + INTERVAL 1 WEEK) < $tzNOW");
//memht_statistics_pages
$row = $dblink->get_row("SELECT ROUND(MAX(hits)*0.005) AS min FROM memht_statistics_pages WHERE (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_pages WHERE hits < ".intval($row['min'])." AND (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_pages WHERE hits < 5 AND (day + INTERVAL 1 WEEK) < $tzNOW");
//memht_statistics_screenres
$row = $dblink->get_row("SELECT ROUND(MAX(hits)*0.005) AS min FROM memht_statistics_screenres WHERE (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_screenres WHERE hits < ".intval($row['min'])." AND (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_screenres WHERE hits < 5 AND (day + INTERVAL 1 WEEK) < $tzNOW");
//memht_statistics_searchengines
$row = $dblink->get_row("SELECT ROUND(MAX(hits)*0.005) AS min FROM memht_statistics_searchengines WHERE (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_searchengines WHERE hits < ".intval($row['min'])." AND (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_searchengines WHERE hits < 5 AND (day + INTERVAL 1 WEEK) < $tzNOW");
//memht_statistics_searchkeywords
$row = $dblink->get_row("SELECT ROUND(MAX(hits)*0.005) AS min FROM memht_statistics_searchkeywords WHERE (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_searchkeywords WHERE hits < ".intval($row['min'])." AND (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_searchkeywords WHERE hits < 5 AND (day + INTERVAL 1 WEEK) < $tzNOW");
//memht_statistics_users
$row = $dblink->get_row("SELECT ROUND(MAX(hits)*0.005) AS min FROM memht_statistics_users WHERE (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_users WHERE hits < ".intval($row['min'])." AND (day + INTERVAL 1 MONTH) < $tzNOW");
$dblink->query("DELETE FROM memht_statistics_users WHERE hits < 5 AND (day + INTERVAL 1 WEEK) < $tzNOW");
//memht_statistics_spiders
$dblink->query("DELETE FROM memht_statistics_spiders WHERE (lastvisit + INTERVAL 1 WEEK) < $tzNOW");
}
}
//Rewritten in 4.0.5
function sendNewsletter() {
global $dblink,$siteConfig,$tzNOW;
if (memRunHooks('SendNewsletter')) {
if ($srow = $dblink->get_row("SELECT * FROM memht_newsletter_status")) {
//Unfinished newsletter session
$crow = $dblink->get_row("SELECT * FROM memht_newsletter_config");
$aut_mailpause = intval($crow['aut_mailpause']);
if ($dblink->get_num("SELECT date FROM memht_newsletter_status WHERE (date + INTERVAL $aut_mailpause MINUTE) < $tzNOW")>0) {
//Check busy status
$proceed = true;
if ($dblink->get_num("SELECT busy FROM memht_newsletter_busy WHERE busy=0")==0) {
//Busy
$proceed = false;
if ($dblink->get_num("SELECT busy FROM memht_newsletter_busy WHERE busy=1 AND (date + INTERVAL 5 MINUTE) < $tzNOW")>0) {
//Stuck > Reset
$dblink->query("TRUNCATE memht_newsletter_busy");
$dblink->query("INSERT INTO memht_newsletter_busy (busy,date) VALUES (0,$tzNOW)");
$dblink->query("UPDATE memht_newsletter_status SET date=$tzNOW");
}
}
if ($proceed) {
//Set busy
$dblink->query("UPDATE memht_newsletter_busy SET busy=1,date=$tzNOW");
//Config
$sender_mail = outCode($crow['email_mittente']);
$mailorsmtp = intval($crow['mailorsmtp']);
$smtp = outCode($crow['smtp']);
$useauth = intval($crow['useauth']);
$smtpuser = outCode($crow['smtpuser']);
$smtppass = outCode($crow['smtppass']);
$aut_mailpersession = intval($crow['aut_mailpersession']);
//Status
$title = outCode($srow['title']);
$content = outCode($srow['content']);
$emails = intval($srow['emails']);
require_once("inc/class/class.phpmailer.php");
$mail = new PHPMailer();
$mail->From = $sender_mail;
$mail->FromName = $siteConfig['site_name'];
$mail->Subject = $title;
if ($mailorsmtp==1) {
//Smtp
$mail->Host = $smtp;
$mail->Mailer = "smtp";
if ($useauth) {
$mail->SMTPAuth = true;
$mail->Username = $smtpuser;
$mail->Password = $smtppass;
}
} else {
//Mail
$mail->Mailer = "mail";
}
$mail->IsHTML(true);
$mail->Body = $content;
if ($result = $dblink->get_list("SELECT id,email FROM memht_newsletter WHERE sent=0 ORDER BY id LIMIT $aut_mailpersession")) {
$count = 0;
foreach ($result as $row) {
$id = intval($row['id']);
$email = outCode($row['email']);
$dblink->query("UPDATE memht_newsletter SET sent=1,date=$tzNOW WHERE id=$id");
$mail->AddAddress($email);
$mail->Send();
$mail->ClearAddresses();
$count++;
}
//Update status
$dblink->query("UPDATE memht_newsletter_status SET date=$tzNOW,emails=emails+$count");
} else {
//No more emails
$dblink->query("TRUNCATE memht_newsletter_status");
$dblink->query("INSERT INTO memht_newsletter_sent (title,content,date,numemails) VALUES ('".inCode($title)."','".inCode($content)."',$tzNOW,$emails)");
}
//Finished
$dblink->query("UPDATE memht_newsletter_busy SET busy=0,date=$tzNOW");
}
}
}
memRunHooks('SendNewsletterEnd');
}
}
//===========================================
//Maintenance
//===========================================
$maintenance = new Maintenance();
$maintenance->forcedexec = true;
$maintenance->All();
//===========================================
//Newsletter
//===========================================
sendNewsletter();
} else {
echo "Cronjobs disabled";
}
//===========================================
//Database: Disconnect
//===========================================
$dblink->disconnect();
?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0056 ]-- |