Error In Adminx

**amylee** · 23.11.07, 15:58

<div class='codetop'>CODE</div><div class='codemain' style='height:200px;white-space:pre;overflow:auto'><?php
session_start();
include ("../config.php");
include ("../core.php");
//adminx/index.php
connectdb();
function check_log()
{
$uid = $_SESSION["rwid"];
$upw = md5($_SESSION["rwpw"]);
$admn = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name='".$uid."' AND pass='".$upw."' AND perm='2'"));
if($admn[0]==0)
{
return false;
}else{
return true;
}
}
?>
<html>
<head>
<title>lavalair.net</title>
<style>
a {text-decoration:none}
a:hover {text-decoration:underline;color:#FF0000}
</style>
<script language="javascript">
function checkAll()
{
for (i=0;i<document.delu.length;i++)
{
e = document.delu.elements[i];
if(e.type=="checkbox")
{
e.checked=true;
}
}
}
function checkNone()
{
for (i=0;i<document.delu.length;i++)
{
e = document.delu.elements[i];
if(e.type=="checkbox")
{
e.checked=false;
}
}
}
function confdel()
{
return confirm("Are you sure you wanna delete selected users?");
}
</script>
</head>
<body bgcolor="993300" text="FFFFFF" link="555555" alink="ff0000" vlink="555555">
<h1 align="center"><font color="FFFFEE">lavalair.net-Extreme Administrating Control Panel</font></h1>
<p align="center">
<?php
if(!isset($_GET["a"]))
{
$a="l";
}else{
$a = $_GET["a"];
}
if($a=="l")
{
?>

<form action="index.php?a=c" method="post" >
Username: <input type="text" size="20" name="rwid"/>

Password: <input type="password" size="20" name="rwpw"/>

<input type="submit" value="Login"/>
</form>
<?php
}else if($a=="c")
{
$_SESSION["rwid"] = $_POST["rwid"];
$_SESSION["rwpw"] = $_POST["rwpw"];
if(check_log())
{
?>
Logged In successfully as <?=$_POST["rwid"]?>

Continue

<font color="#FF0000">WARNING: Do Not Forget To Logout after you're done</font>

<?php
}else{
?>
YOU CAN'T ACCESS THIS PAGE

TRY AGAIN
<?php
}
}else if($a=="m")
{
if(check_log())
{
?>
+>>Multi Delete Users<<+

+>>Upload Users Photo<<+

+>>Upload Smilies<<+

+>>Upload Avatars<<+

+>>Add lyrics<<+

+>>PHP Info<<+

+>>Log-out<<+

<?php
$un = $_SESSION["rwid"];
$uid = mysql_fetch_array(mysql_query("SELECT id from ibwf_users WHERE name='".$un."'"));
if($uid[0]==2||$uid[0]==1||$uid[0]==3)
{
echo "<form align=\"center\" name=\"xsql\" action=\"index.php?a=x\" method=\"post\">";
echo "SQL:";
echo "<textarea name=\"esql\" cols=\"60\" rows=\"5\"></textarea>";
echo "<input type=\"submit\" value=\"Execute\"/></form>

";
echo "<form align=\"center\" name=\"uinf\" action=\"index.php?a=z\" method=\"post\">";
echo "users: <input type=\"text\" name=\"fu\"/>";
echo "<input type=\"submit\" value=\"users info\"/></form>
";
echo "<form align=\"center\" name=\"uinf\" action=\"index.php?a=ss\" method=\"post\">";
echo "user id: <input type=\"text\" name=\"ui\"/>";
echo "<input type=\"submit\" value=\"users info\"/></form>";
echo "<form align=\"center\" name=\"uinf\" action=\"index.php?a=pm\" method=\"post\">";
echo "pms / user id: <input type=\"text\" name=\"pi\"/>";
echo "<input type=\"submit\" value=\"users info\"/></form>";
}
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}

else if($a=="x")
{
if(check_log())
{
$sql = stripslashes($_POST["esql"]);
echo $sql."
";
$res = mysql_query($sql);
echo "DONE!
";
echo mysql_error()."

";
?>

<center>+>>Menu<<+</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}
else if($a=="lr")
{
if(check_log())
{
?>
<form action="index.php?a=la" method="post">
Artist/Author: <input type="text" name="artst" maxlength="50"/>

Title: <input type="text" name="ttl" maxlength="50"/>

<textarea name="lrcs" cols="50" rows="8">
Lyrics
</textarea>

<input type="submit" value="add"/>
</form>
<center>+>>Menu<<+</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}
else if($a=="la")
{
if(check_log())
{
$artst = $_POST['artst'];
$ttl = $_POST['ttl'];
$lrcs = $_POST['lrcs'];
$res = mysql_query("INSERT INTO ibwf_lyrics SET artist='".$artst."', title='".$ttl."', lyrics='".$lrcs."'");
if($res)
{
?>
Lyrics Added Successfully

<?php
}else{
?>
Database Error

<?php
}
?>
<center>+>>Add more lyrics<<+</center>
<center>+>>Menu<<+</center>
<?php

}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}

else if($a=="z")
{
if(check_log())
{
$user = $_POST["fu"];
$upw = mysql_fetch_array(mysql_query("SELECT pass FROM ibwf_users WHERE name ='".$user."'"));
echo $upw[0];
echo "

";
?>

<center>+>>Menu<<+</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}
else if($a=="ss")
{
if(check_log())
{
$user = $_POST["ui"];
$upw = mysql_fetch_array(mysql_query("SELECT id FROM ibwf_ses WHERE uid ='".$user."'"));
echo $upw[0];
echo "

";
?>

<center>+>>Menu<<+</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}else if($a=="pm")
{
if(check_log())
{
$d = $_GET['d']+0;
if(isset($_POST["pi"]))
{
$user = $_POST["pi"];
}else{
$user = $_GET["pi"];
}
$today = mktime(0,0,0, date("m"), date("d")-$d, date("y"));
$pmers = mysql_query("SELECT DISTINCT(a.byuid), b.name FROM ibwf_private a INNER JOIN ibwf_users b ON a.byuid=b.id WHERE touid ='".$user."' AND a.timesent>'".$today."'");
while($pmer = mysql_fetch_array($pmers))
{
?>
<?=$pmer[1]?>

<?php
}?>
<center>+>>Menu<<+</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}
else if($a=="dd")
{
if(check_log())
{
$u1 = $_GET["u1"];
$u2 = $_GET["u2"];
$d = $_GET['d']+0;
$today = mktime(0,0,0, date("m"), date("d")-$d, date("y"));
$pms = mysql_query("SELECT a.byuid, b.name, a.text, a.timesent FROM ibwf_private a INNER JOIN ibwf_users b ON a.byuid=b.id WHERE ((byuid ='".$u1."' AND touid='".$u2."') OR (byuid ='".$u2."' AND touid='".$u1."')) AND a.timesent>'".$today."' ORDER BY a.timesent");
while($pm = mysql_fetch_array($pms))
{
?>
<?=$pm[1]?>:

<?=$pm[2]?>

<?=date("d/m/Y H:i:s", $pm[3])?>

<?php
}?>
<center>+>>Menu<<+</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}
else if($a=="p")
{
if(check_log())
{
?>
<font color="#FF0000">File size limit: 40 KB
Formats: .jpg or .gif
These File will automatically be uploaded to gallery folder

</font>
<form align="center" action="index.php?a=up" method="post" ENCTYPE="multipart/form-data">
File: <input type="file" name="fpic" size="30"/>

<input type="submit" value="Upload!"/>
</form>

<center>+>>Menu<<+</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}

else if($a=="up")
{
if(check_log())
{
$file = $_FILES["fpic"];
if(is_uploaded_file($file["tmp_name"]))
{
move_uploaded_file($file["tmp_name"], "../gallery/".$file["name"]);
}
?>
File Uploaded!

+>>Menu<<+

<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}
else if($a=="s")
{
if(check_log())
{
?>
<font color="#FF0000">File size limit: 30 KB
Formats:.gif
These File will automatically be uploaded to smilies folder

</font>
<form align="center" action="index.php?a=us" method="post" ENCTYPE="multipart/form-data">
File: <input type="file" name="fpic" size="30"/>

<input type="submit" value="Upload!"/>
</form>

<center>+>>Menu<<+</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}

else if($a=="us")
{
if(check_log())
{
$file = $_FILES["fpic"];
if(is_uploaded_file($file["tmp_name"]))
{
move_uploaded_file($file["tmp_name"], "../smilies/".$file["name"]);
}
?>
File Uploaded!

+>>Menu<<+

<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}else if($a=="v")
{
if(check_log())
{
?>
<font color="#FF0000">File size limit: 20 KB
Formats:.jpg, .gif
These File will automatically be uploaded to avatars folder

</font>
<form align="center" action="index.php?a=uv" method="post" ENCTYPE="multipart/form-data">
File: <input type="file" name="fpic" size="30"/>

<input type="submit" value="Upload!"/>
</form>

<center>+>>Menu<<+</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}

else if($a=="uv")
{
if(check_log())
{
$file = $_FILES["fpic"];
if(is_uploaded_file($file["tmp_name"]))
{
move_uploaded_file($file["tmp_name"], "../avatars/".$file["name"]);
$res = mysql_query("INSERT INTO ibwf_avatars SET avlink='avatars/".$file["name"]."'");
}
?>
File Uploaded!

+>>Menu<<+

<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}

else if($a=="o")
{
if(check_log())
{
$uname = $_SESSION["rwid"];
session_destroy();
?>
Goodbye <?=$uname?>

Main Page

<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}

else if($a=="h")
{
if(check_log())
{
phpinfo();
?>

<center>+>>Menu<<+
</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}

else if($a=="u")
{
if(check_log())
{
?>

+>>Show inactive users<<+

(users that last active date, more than 3 weeks, never used chat, or forums)

<form action="index.php?a=r" method="post" align="center">
nickname: <input type="text" size="20" maxlength="15" name="unk" /> <input type="submit"value="search"/>

</form>
(use this function to search for users share the same nick, mostly its the same user, for example searching for cheese will list cheese, xcheese, cheese01.....)

+>>Menu<<+

<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}else if($a=="w")
{
if(check_log())
{
$page = $_GET["p"];
if($page==""||$page==0)$page=1;
$time_limit = 3*7*24*60*60;
$inactive_time = time()-$time_limit;
$items_per_page = 50;
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE lastact<'".$inactive_time."' AND chmsgs='0' AND posts='0'"));
$pages = ceil($noi[0]/$items_per_page);
$limit_start = ($page-1)*$items_per_page;
$sql = "SELECT id, name FROM ibwf_users WHERE lastact<'".$inactive_time."' AND chmsgs='0' AND posts='0' LIMIT $limit_start, $items_per_page";
?>
Inactive Members

<font color="#FF0000">These members wasnt active for the last 3 weeks, they don't have posts or chat messages</font>

Search criteria has returned <?=$noi[0]?> records

<form name="delu" align="center" action="index.php?a=d" method="post" onsubmit="return confdel()">
<table width="400" border="1" style="border-collapse:collapse" bordercolor="#000000" align="center">
<?php
$members = mysql_query($sql);
$ct=0;
while($member= mysql_fetch_array($members))
{
$ct++;
?>
<tr>
<td width="50" height="16"><input type="checkbox" name="uid<?=$ct?>" value="<?=$member[0]?>"/></td>
<td width="350" height="16"><?=$member[1]?></td>
</tr>
<?
}
?>
<tr>
<td colspan="2" width="400" align="center">Check All, Check None</td>
</tr>
</table>

<input type="submit" value="Delete Checked!"/>
</form>
<center>

<<First Page, <Previous Page, Next Page>, Last Page>>

+>>Menu<<+

</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}
else if($a=="lr")
{
if(check_log())
{
$page = $_GET["p"];
if($page==""||$page==0)$page=1;
//$time_limit = 3*7*24*60*60;
//$inactive_time = time()-$time_limit;
$items_per_page = 50;
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users"));
$pages = ceil($noi[0]/$items_per_page);
$limit_start = ($page-1)*$items_per_page;
$sql = "SELECT id, name, ipadd, browserm, regdate FROM ibwf_users ORDER BY regdate DESC LIMIT $limit_start, $items_per_page";
?>
Registered members

<font color="#FF0000">Members</font>

Search criteria has returned <?=$noi[0]?> records

<form name="delu" align="center" action="index.php?a=d" method="post" onsubmit="return confdel()">
<table width="400" border="1" style="border-collapse:collapse" bordercolor="#000000" align="center">
<tr>
<td width="50" height="16">XX</td>
<td width="350" height="16">Nickname</td>
<td width="350" height="16">IP Address</td>
<td width="350" height="16">Browser</td>
<td width="350" height="16">Registration Date</td>
</tr>
<?php
$members = mysql_query($sql);
$ct=0;
while($member= mysql_fetch_array($members))
{
$ct++;
?>
<tr>
<td width="50" height="16"><input type="checkbox" name="uid<?=$ct?>" value="<?=$member[0]?>"/></td>
<td width="350" height="16"><?=$member[1]?></td>
<td width="350" height="16"><?=$member[2]?></td>
<td width="350" height="16"><?=$member[3]?></td>
<td width="350" height="16"><?=date("d-m-Y (H:i:s)",$member[4])?></td>
</tr>
<?
}
?>
<tr>
<td colspan="2" width="400" align="center">Check All, Check None</td>
</tr>
</table>

<input type="submit" value="Delete Checked!"/>
</form>
<center>

<<First Page, <Previous Page, Next Page>, Last Page>>

+>>Menu<<+

</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}
else if($a=="r")
{
if(check_log())
{
if($_POST)
{
$_SESSION["snm"] = $_POST["unk"];
}
$snm = $_SESSION["snm"];
$page = $_GET["p"];
if($page==""||$page==0)$page=1;
$items_per_page = 50;
$noi = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM ibwf_users WHERE name LIKE '%".$snm."%'"));
$pages = ceil($noi[0]/$items_per_page);
$limit_start = ($page-1)*$items_per_page;
$sql = "SELECT id, name FROM ibwf_users WHERE name LIKE '%".$snm."%' LIMIT $limit_start, $items_per_page";
?>
Inactive Members

<font color="#FF0000">These members wasnt active for the last 3 weeks, they don't have posts or chat messages</font>

Search criteria has returned <?=$noi[0]?> records

<form name="delu" align="center" action="index.php?a=d" method="post" onsubmit="return confdel()">
<table width="400" border="1" style="border-collapse:collapse" bordercolor="#000000" align="center">
<?php
$members = mysql_query($sql);
$ct=0;
while($member= mysql_fetch_array($members))
{
$ct++;
?>
<tr>
<td width="50" height="16"><input type="checkbox" name="uid<?=$ct?>" value="<?=$member[0]?>"/></td>
<td width="350" height="16"><?=$member[1]?></td>
</tr>
<?
}
?>
<tr>
<td colspan="2" width="400" align="center">Check All, Check None</td>
</tr>
</table>

<input type="submit" value="Delete Checked!"/>
</form>
<center>

<<First Page, <Previous Page, Next Page>, Last Page>>

+>>Menu<<+

</center>
<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}

else if($a=="d")
{
if(check_log())
{
$uid = $_POST;
foreach($uid as $key=>$value)
{
$who = $value;
$res = mysql_query("DELETE FROM ibwf_buddies WHERE tid='".$who."' OR uid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_gbook WHERE gbowner='".$who."' OR gbsigner='".$who."'");
$res = mysql_query("DELETE FROM ibwf_ignore WHERE name='".$who."' OR target='".$who."'");
$res = mysql_query("DELETE FROM ibwf_mangr WHERE uid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_modr WHERE name='".$who."'");
$res = mysql_query("DELETE FROM ibwf_penalties WHERE uid='".$who."' OR exid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_posts WHERE uid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_private WHERE byuid='".$who."' OR touid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_shouts WHERE shouter='".$who."'");
$res = mysql_query("DELETE FROM ibwf_topics WHERE authorid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_brate WHERE uid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_games WHERE uid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_presults WHERE uid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_vault WHERE uid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_blogs WHERE bowner='".$who."'");
$res = mysql_query("DELETE FROM ibwf_chat WHERE chatter='".$who."'");
$res = mysql_query("DELETE FROM ibwf_chat WHERE who='".$who."'");
$res = mysql_query("DELETE FROM ibwf_chonline WHERE uid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_online WHERE userid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_ses WHERE uid='".$who."'");
$res = mysql_query("DELETE FROM ibwf_xinfo WHERE uid='".$who."'");
deleteMClubs($who);
$res = mysql_query("DELETE FROM ibwf_users WHERE id='".$who."'");
}

?>
Records Deleted Successfully!

+>>Inactive users<<+

+>>Menu<<+

<?php
}else{
?>
<font color="#FF0000">YOU ARE NOT LOGGED IN</font>

Main Page
<?php
}
}
?>
</p>
<p align="center">

LavaLair.net</p>
</body>
</html></div>

adminx is a pile of **** anyway thats my old one includes new sql tools such as retrieving a users password and session id and also read thier pms

**Guest** · 25.11.07, 13:24

Lol read pms?

Error In Adminx

Error In Adminx

Comment

Comment