- Katılım
- 22 Şub 2018
- Konular
- 1
- Mesajlar
- 1
- Reaksiyon Skoru
- 0
- Altın Konu
- 0
- TM Yaşı
- 8 Yıl 3 Ay 18 Gün
- Başarım Puanı
- 5
- Yaş
- 31
- MmoLira
- 0
- DevLira
- 0
ROHAN2 WORLD 1-120 TR TİPİ OFFICIAL YOHARA, BALATHOR VE AMON! 80. GÜNÜNDE! +10.000 ONLİNE! HİLE VE BOT %100 ENGELLİ HEMEN TIKLA!
Merhaba çocuklar
Kayıt panelini sola değiştirmek ve diğer menüyü sağa değiştirmek istiyorum
kod index
Kayıt panelini sola değiştirmek ve diğer menüyü sağa değiştirmek istiyorum
kod index
Kod:
<?PHP
include('./iosec.php'); //Include Little-Host.ro Protection
error_reporting(0);
session_start();
require("inc/config.inc.php");
require("inc/rights.inc.php");
require("inc/functions.inc.php");
$sqlHp = mysql_connect(SQL_HP_HOST, SQL_HP_USER, SQL_HP_PASS);
$sqlServ = mysql_connect(SQL_HOST, SQL_USER, SQL_PASS);
if(!is_resource($sqlServ) OR !is_resource($sqlHp)) {
echo("<meta http-equiv=\"refresh\" content=\"0; url=/error.php\">");
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!-- START XSS Protection -->
<?php
/**
* Protejeaza de atacuri xss
* @param type string $str - stringul care trebuie protejat de xss
* @param type string $allowable_tags - tagurile pe care nu le va elimina, exemplu <b>
*/
function strip_xss($str,$allowable_tags=false){
//daca sa setat tag care sa nu fie eliminat
if(!$allowable_tags){
//facem strip_tags fara a elimina tagul(rile) dorit
$rez = strip_tags($str,$allowable_tags);
}
//altfel
else{
//facem strip_tags
$rez = strip_tags($str);
}
//daca se introduce javascript:alert() in input
if(stripos($rez, "javascript:") !== false) {
//eliminam javascript:
$result = str_replace("javascript:","", htmlentities($rez, ENT_QUOTES));
}
//altfel
else {
//tranformama in entitati html, protectia este pusa pentru " onchange="alert(document.cookie); etc
$result = htmlentities($rez, ENT_QUOTES);
}
return $result;
}
?>
<!-- END XSS Protection -->
<!-- ANTI-FURT -->
<script language=Javascript1.2> function ejs_nodroit() {return(false); } document.oncontextmenu = ejs_nodroit; </script>
<!-- ANTI-FURT -->
<!-- START Anti-SQL Injection -->
<?php
function madSafety($string) {
$string = stripslashes($string);
$string = strip_tags($string);
$string = mysql_real_escape_string($string);
return $string;
}
?>
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("l dS of F Y h:i:s A");
$fp = fopen ("[WEB]SQL_Injection.txt", "a+");
$sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
$sql_inject_2 = array("", "","","""); #To wont replace
$GET_KEY = array_keys($_GET); #array keys from $_GET
$POST_KEY = array_keys($_POST); #array keys from $_POST
$COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
/*begin clear $_GET */
for($i=0;$i<count($GET_KEY);$i++)
{
$real_get[$i] = $_GET[$GET_KEY[$i]];
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
if($real_get[$i] != $_GET[$GET_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: GET\r\n");
fwrite ($fp, "Value: $real_get[$i]\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_GET */
/*begin clear $_POST */
for($i=0;$i<count($POST_KEY);$i++)
{
$real_post[$i] = $_POST[$POST_KEY[$i]];
$_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
if($real_post[$i] != $_POST[$POST_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: POST\r\n");
fwrite ($fp, "Value: $real_post[$i]\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_POST */
/*begin clear $_COOKIE */
for($i=0;$i<count($COOKIE_KEY);$i++)
{
$real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
$_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: COOKIE\r\n");
fwrite ($fp, "Value: $real_cookie[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_COOKIE */
fclose ($fp);
?>
<?PHP
FUNCTION anti_injection( $user, $pass ) {
$banlist = ARRAY (
"insert", "select", "update", "delete", "distinct", "having", "truncate", "replace",
"handler", "like", " as ", "or ", "procedure", "limit", "order by", "group by", "asc", "desc"
);
IF ( EREGI ( "[a-zA-Z0-9]+", $user ) ) {
$user = TRIM ( STR_REPLACE ( $banlist, '', STRTOLOWER ( $user ) ) );
} ELSE {
$user = NULL;
}
IF ( EREGI ( "[a-zA-Z0-9]+", $pass ) ) {
$pass = TRIM ( STR_REPLACE ( $banlist, '', STRTOLOWER ( $userpass ) ) );
} ELSE {
$pass = NULL;
}
$array = ARRAY ( 'user' => $user, 'pass' => $userpass );
IF ( IN_ARRAY ( NULL, $array ) ) {
DIE ( 'Invalid use of login and/or password. Please use a normal method.' );
} ELSE {
RETURN $array;
}
}
?>
<?php
function mysql_safe($query,$params=false) {
if ($params) {
foreach ($params as &$v) { $v = mysql_real_escape_string($v); }
$sql_query = vsprintf( str_replace("?","'%s'",$query), $params );
$sql_query = mysql_query($sql_query);
} else {
$sql_query = mysql_query($query);
}
return ($sql_query);
}
?>
<?php
class secure{ function secureSuperGlobalGET($key)
{
$_GET[$key] = str_ireplace("script", "blocked", $_GET[$key]);
$_GET[$key] = strip_tags($_GET[$key]);
return $_GET[$key];
}
function secureSuperGlobalPOST($key)
{
$_POST[$key] = str_ireplace("script", "blocked", $_POST[$key]);
$_POST[$key] = strip_tags($_POST[$key]);
return $_POST[$key];
}
function secureVar($key){
$key = str_ireplace("script", "blocked", $key);
$key = strip_tags($key);
return $key;
}
}
?>
<!-- END Anti-SQL Injection -->
<!-- START FIREWALL -->
<?php
define('PHP_FIREWALL_REQUEST_URI', strip_tags( $_SERVER['REQUEST_URI'] ) );
define('PHP_FIREWALL_ACTIVATION', true );
if ( is_file( @dirname(__FILE__).'/php-firewall/firewall.php' ) )
include_once( @dirname(__FILE__).'/php-firewall/firewall.php' );
?>
<!-- STOP FIREWALL -->
<!-- Cookie Protect -->
<?php
foreach ($_COOKIE as $key => $value) {
if(get_magic_quotes_gpc()) $_COOKIE[$key]=stripslashes($value);
$_COOKIE[$key] = mysql_real_escape_string($value);
}
?>
<!-- END Cookie Protect -->
<?PHP include("css/link.php");
?>
</head>
<body>
<div id="google_translate_element"></div><script>
function googleTranslateElementInit() {
new google.translate.TranslateElement({
pageLanguage: 'ro',
multilanguagePage: true,
layout: google.translate.TranslateElement.InlineLayout.SIMPLE
}, 'google_translate_element');
}
</script>
<!-- #MMO:NETBAR# -->
<div id="pagefoldtarget"></div>
<!-- #/MMO:NETBAR# -->
</div>
<header role="banner">
<!-- header -->
<section id="slideshow_slides" data-viewport=".carousel.container>.carousel" data-ui=".ui.container>.carousel">
</section>
<div class="carousel container">
<div class="carousel">
<!-- script insert background slides here! -->
</div>
</div>
<h1 class="logo">Metin 2</h1>
<?php
session_start ();
if($_SESSION['id'] == "") {
include('css/1.php'); }
else {
$coins = $_SESSION['coins'];
echo "";
include('css/2.php');
}
?>
</header>
<div class="container">
<div role="navigation">
<nav>
<ul>
<li><a href="index.php?s=home" class="selected">Acasa</a></li>
<li><a href="index.php?s=news">Noutăți</a></li>
<li><a href="index.php?s=register">Inregistrare</a></li>
<li><a href="index.php?s=Descarca">Descărcare</a></li>
<?PHP
if(isset($_SESSION['user_admin']) && checkInt($_SESSION['user_admin']) && $_SESSION['user_admin']>=0) {
?>
<?php
if($_SESSION['user_admin']>0)
echo "<li><a href='index.php?s=admin'>Administrare</a></li>";?>
<?PHP
}
?>
<li><a href=""><?php
mysql_select_db("player");
$exe = mysql_query("SELECT COUNT(*) as count FROM player WHERE DATE_SUB(NOW(), INTERVAL 5 MINUTE) < last_play;");
$player_online = mysql_fetch_object($exe)->count;
if ($player_online == '1')
echo "<b><font face='' color='red'>$player_online jucator online. </font></b>";
else
echo "<center><strong><h3><b><font face='' color='gold'>$player_online jucatori online. </font></strong></center></h3></b>";
$cont = "SELECT * from player";
?></a></li>
<li><a href="">
<?php
mysql_select_db("account");
$test = "SELECT * from account";
$testquery = mysql_query($test);
$num2 = mysql_num_rows($testquery);
echo "<b><font face='' color='gold'> $num2 Conturi</font></b>";
// 24H <---------------------------------------------------------------------->?>
</a></li>
<li><a href="">
<?php // 24H <---------------------------------------------------------------------->
mysql_select_db("player");
$cont = "SELECT * from player";
$contquery = mysql_query($cont);
$num = mysql_num_rows($contquery);
echo "<b><font face='' color='gold'>$num Caractere</font></b><br>";
?>
</a></li>
<li><a href="">
<?php
mysql_select_db("player");
$exe = mysql_query("SELECT COUNT(*) as count FROM player WHERE DATE_SUB(NOW(), INTERVAL 1440 MINUTE) < last_play;");
$player_online = mysql_fetch_object($exe)->count;
echo "<b><font face='' color='gold'>$player_online On / 24 h</font></b>";
?>
</a></li>
</ul>
</nav>
<nav>
<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//www.facebook.com/Metin2Arkosia-367169626990658/";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
<div class="fb-like-box" data-href="<?PHP echo $serverSettings['facebook']; ?>" data-width="20" data-height="The pixel height of the plugin" data-colorscheme="light" data-show-faces="true" data-header="false" data-stream="false" data-show-border="false"></div>
</nav>
</div>
<div role="main">
<!-- content area -->
<?PHP
if(isset($_GET['s']) && !empty($_GET['s']))
{
if(file_exists(realpath('./pages/')."/".$_GET['s'].".php"))
{
include(realpath('./pages/')."/".$_GET['s'].".php");
}
else {
include(realpath('./pages/').'/notfound.php');
}
} else
{
include(realpath('./pages/').'/home.php');
}
?>
</div>
<script type="text/javascript">
$(document).ready(function(){
$(".mini-gallery a").fancybox({
overlayOpacity: 0.9,
overlayColor: '#000',
transitionIn: 'elastic',
transitionOut: 'elastic'
});
});
</script>
<div class="secondary">
<!-- side boxes -->
<?php
session_start ();
if($_SESSION['id'] == "") {
include('css/3.php'); }
else {
$coins = $_SESSION['coins'];
echo "";
include('css/4.php');
}
?>
<aside class="download" role="complementary">
<h2>Descarcare</h2>
<a href="?s=Descarca" title="Descarca Metin2Nume apasand Click">Descarca Jocul!</a>
</aside>
<aside class="highscore" role="complementary">
<h2>Clasament</h2>
<ul class="tabcontrols">
<li class="selected"><a href="#players"><img src="img/player.png" alt="Spieler" title="Spieler" /></a></li>
<li><a href="#guilds"><img src="img/guild.png" alt="Gilden" title="Gilden" /></a></li>
</ul>
<div class="tab players selected">
<div id="highscore-player">
<?PHP
$sqlCmd = "SELECT player.id,player.name,player.level,player.exp,player_index.empire,guild.name AS guild_name
FROM player.player
LEFT JOIN player.player_index
ON player_index.id=player.account_id
LEFT JOIN player.guild_member
ON guild_member.pid=player.id
LEFT JOIN player.guild
ON guild.id=guild_member.guild_id
INNER JOIN account.account
ON account.id=player.account_id
WHERE player.name NOT LIKE '[%]%' AND account.status!='BLOCK'
ORDER BY player.level DESC, player.exp DESC
LIMIT 0,10";
//echo $sqlCmd;
$sqlQry = mysql_query($sqlCmd,$sqlServ);
$i=0;
while($getPlayers = mysql_fetch_object($sqlQry)) {
$i = $i + 1;
$zF = ($i%2==0) ? " <tr class='alt'>" : "";
echo"
<table >
<td class=\"positio\"><font color='#DAA520'> ". $i ."</font></td>
<td class=\"name\"> <a href='?s=player&char=".$getPlayers->name."'>".$getPlayers->name." </a></td>
<td class=\"faction\"> <img src='img/kingdom/".$getPlayers->empire.".a.jpg' height='20'/></td>
</tr>
</table>
";
}
?>
</div>
<a href="?s=players" rel="nofollow">Top 100</a>
</div>
<div class="tab guilds">
<div id="highscore-guild">
<table border="0" cellpadding="0" cellspacing="0" >
<tr >
<?php
$db = "player";
mysql_connect($host_db, $Login_db, $pwd_db) OR
die();
mysql_select_db($db) OR
die();
$sql = "SELECT * FROM guild ORDER BY ladder_point desc, exp desc, name asc limit 0,10";
$i = "0" ;
$ergebnis = mysql_query($sql);
while($row = mysql_fetch_object($ergebnis))
{
$i = $i + 1 ;
$zF = ($i%2==0) ? "guildrank-td-2-1" : "guildrank-td-1-1";
$zF2 = ($i%2==0) ? "guildrank-td-2-2." : "guildrank-td-1-2";
$zF3 = ($i%2==0) ? "guildrank-td-2-3" : "guildrank-td-1-3";
$zF4 = ($i%2==0) ? "guildrank-td-2-4" : "guildrank-td-2-4";
$zF5 = ($i%2==0) ? "guildrank-td-2-5" : "guildrank-td-1-5";
$zF5 = ($i%2==0) ? "guildrank-td-2-5" : "guildrank-td-1-5";
$leader = $row->master;
echo"<td class=\"$zF\"><font color='#DAA520'>$i</font></td>";
echo" <td class=\"name\"><a href='#'>$row->name</a></td>";
echo"";
$reich = mysql_query("SELECT empire from player_index where pid1 = '$leader' OR pid2 = '$leader' OR pid3 = '$leader' OR pid4 = '$leader'");
$reich2 = mysql_fetch_object($reich);
$empire = $reich2->empire;
if($empire == 1) {
echo"<td class=\"$zF5\"><img src=\"img/icons/shinsoo.jpg\"></td>";
} elseif($empire == 2) {
echo"<td class=\"$zF5\"><img src=\"img/icons/chunjo.jpg\"></td>";
} else {
echo"<td class=\"$zF5\"><img src=\"img/icons/jinno.png\"></td>";
}
echo"";
echo"</tr>";
}
echo "</table>";
?>
</div>
<a href="?s=guilds" rel="nofollow">Top 100</a>
</div>
</aside>
</div>
</div>
</body>
</html>
<script type="text/javascript">
//<![CDATA[
try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dok3v=1613a3a185/"},atok:"ca43b324955e2837ee1e5efff95ea8e8",petok:"a36b5f7cf0da04db076a0d78cbb79ce0cc4b871b-1452126402-1800",zone:"www.google.ro",rocket:"0",apps:{"ga_key":{"ua":"UA-56388958-1","ga_bs":"2"}},sha2test:0}];!function(a,b){a=document.createElement("script"),b=document.getElementsByTagName("script")[0],a.async=!0,a.src="//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=38857570ac/cloudflare.min.js",b.parentNode.insertBefore(a,b)}()}}catch(e){};
//]]>
</script>
<script type='text/javascript'>
//<![CDATA[
shortcut={all_shortcuts:{},add:function(a,b,c){var d={type:"keydown",propagate:!1,disable_in_input:!1,target:document,keycode:!1};if(c)for(var e in d)"undefined"==typeof c[e]&&(c[e]=d[e]);else c=d;d=c.target,"string"==typeof c.target&&(d=document.getElementById(c.target)),a=a.toLowerCase(),e=function(d){d=d||window.event;if(c.disable_in_input){var e;d.target?e=d.target:d.srcElement&&(e=d.srcElement),3==e.nodeType&&(e=e.parentNode);if("INPUT"==e.tagName||"TEXTAREA"==e.tagName)return}d.keyCode?code=d.keyCode:d.which&&(code=d.which),e=String.fromCharCode(code).toLowerCase(),188==code&&(e=","),190==code&&(e=".");var f=a.split("+"),g=0,h={"`":"~",1:"!",2:"@",3:"#",4:"$",5:"%",6:"^",7:"&",8:"*",9:"(",0:")","-":"_","=":"+",";":":","'":'"',",":"<",".":">","/":"?","\\":"|"},i={esc:27,escape:27,tab:9,space:32,"return":13,enter:13,backspace:8,scrolllock:145,scroll_lock:145,scroll:145,capslock:20,caps_lock:20,caps:20,numlock:144,num_lock:144,num:144,pause:19,"break":19,insert:45,home:36,"delete":46,end:35,pageup:33,page_up:33,pu:33,pagedown:34,page_down:34,pd:34,left:37,up:38,right:39,down:40,f1:112,f2:113,f3:114,f4:115,f5:116,f6:117,f7:118,f8:119,f9:120,f10:121,f11:122,f12:123},j=!1,l=!1,m=!1,n=!1,o=!1,p=!1,q=!1,r=!1;d.ctrlKey&&(n=!0),d.shiftKey&&(l=!0),d.altKey&&(p=!0),d.metaKey&&(r=!0);for(var s=0;k=f[s],s<f.length;s++)"ctrl"==k||"control"==k?(g++,m=!0):"shift"==k?(g++,j=!0):"alt"==k?(g++,o=!0):"meta"==k?(g++,q=!0):1<k.length?i[k]==code&&g++:c.keycode?c.keycode==code&&g++:e==k?g++:h[e]&&d.shiftKey&&(e=h[e],e==k&&g++);if(g==f.length&&n==m&&l==j&&p==o&&r==q&&(b(d),!c.propagate))return d.cancelBubble=!0,d.returnValue=!1,d.stopPropagation&&(d.stopPropagation(),d.preventDefault()),!1},this.all_shortcuts[a]={callback:e,target:d,event:c.type},d.addEventListener?d.addEventListener(c.type,e,!1):d.attachEvent?d.attachEvent("on"+c.type,e):d["on"+c.type]=e},remove:function(a){var a=a.toLowerCase(),b=this.all_shortcuts[a];delete this.all_shortcuts[a];if(b){var a=b.event,c=b.target,b=b.callback;c.detachEvent?c.detachEvent("on"+a,b):c.removeEventListener?c.removeEventListener(a,b,!1):c["on"+a]=!1}}},shortcut.add("Ctrl+U",function(){top.location.href="https://www.google.ro/"});
//]]>
</script>
<script language=Javascript1.2> function ejs_nodroit() {return(false); } document.oncontextmenu = ejs_nodroit; </script>
<script language=JavaScript1.2> function ejs_nodroit() { alert('Click dreapta este interzis !!!'); return(false); } document.oncontextmenu = ejs_nodroit; </script>
