hallo...
Code: Alles auswählen
<?php
/***************************************************************************
* memberlist.php
* -------------------
* begin : Friday, May 11, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: memberlist.php,v 1.36.2.8 2003/06/09 13:06:19 psotfx Exp $
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
//
// CBACK CrackerTracker
// Worm Protection System
//
$cbackcracktrack = $_SERVER['QUERY_STRING'];
// Checking for already known Worm Attacks
$checkworm1 = str_replace("chr(", "*", "$cbackcracktrack");
$checkworm2 = str_replace("wget", "*", "$checkworm1");
$checkworm3 = str_replace("cmd=", "*", "$checkworm2");
$checkworm4 = str_replace("rush=", "*", "$checkworm3");
if ($cbackcracktrack == $checkworm4)
{
//
// End Check-Code of CBACK CrackerTracker
//
define('IN_PHPBB', true);
define('FETCH_ONLINE', TRUE);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_VIEWMEMBERS);
init_userprefs($userdata);
$pagecounter = "3";
//
// End session management
//
if (!$userdata['session_logged_in'] )
{
redirect(append_sid("login.$phpEx?redirect=memberlist.$phpEx", true));
}
$start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_POST_VARS['mode']) ) ? htmlspecialchars($HTTP_POST_VARS['mode']) : htmlspecialchars($HTTP_GET_VARS['mode']);
}
else
{
$mode = 'joined';
}
if(isset($HTTP_POST_VARS['order']))
{
$sort_order = ($HTTP_POST_VARS['order'] == 'ASC') ? 'ASC' : 'DESC';
}
else if(isset($HTTP_GET_VARS['order']))
{
$sort_order = ($HTTP_GET_VARS['order'] == 'ASC') ? 'ASC' : 'DESC';
}
else
{
$sort_order = 'ASC';
}
//
// Memberlist sorting
//
$mode_types_text = array($lang['Sort_Joined'], $lang['Sort_Username'], $lang['Sort_Location'], $lang['Sort_Posts'], $lang['Sort_Email'], $lang['Sort_Website'], $lang['Sort_Top_Ten']);
$mode_types = array('joindate', 'username', 'location', 'posts', 'email', 'website', 'topten');
$select_sort_mode = '<select name="mode">';
for($i = 0; $i < count($mode_types_text); $i++)
{
$selected = ( $mode == $mode_types[$i] ) ? ' selected="selected"' : '';
$select_sort_mode .= '<option value="' . $mode_types[$i] . '"' . $selected . '>' . $mode_types_text[$i] . '</option>';
}
$select_sort_mode .= '</select>';
$select_sort_order = '<select name="order">';
if($sort_order == 'ASC')
{
$select_sort_order .= '<option value="ASC" selected="selected">' . $lang['Sort_Ascending'] . '</option><option value="DESC">' . $lang['Sort_Descending'] . '</option>';
}
else
{
$select_sort_order .= '<option value="ASC">' . $lang['Sort_Ascending'] . '</option><option value="DESC" selected="selected">' . $lang['Sort_Descending'] . '</option>';
}
$select_sort_order .= '</select>';
//
// Generate page
//
$page_title = $lang['Memberlist'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'memberlist_body.tpl')
);
make_jumpbox('viewforum.'.$phpEx);
$template->assign_vars(array(
'L_SELECT_SORT_METHOD' => $lang['Select_sort_method'],
'L_EMAIL' => $lang['Email'],
'L_WEBSITE' => $lang['Website'],
'L_FROM' => $lang['Location'],
'L_ORDER' => $lang['Order'],
'L_SORT' => $lang['Sort'],
'L_SUBMIT' => $lang['Sort'],
'L_AIM' => $lang['AIM'],
'L_YIM' => $lang['YIM'],
'L_MSNM' => $lang['MSNM'],
'L_ICQ' => $lang['ICQ'],
'L_BIRTHDAY' => $lang['Birthday'],
'L_USER_RANK' => $lang['Poster_rank'],
'L_JOINED' => $lang['Joined'],
'L_GENDER' => $lang['Gender'],
'L_POSTS' => $lang['Posts'],
'L_LAST_VISITED' => 'Last Visited',
'L_POST_TIME' => $lang['Last_Post'] . ' ' . $lang['Time'],
'L_PM' => $lang['Private_Message'],
'S_MODE_SELECT' => $select_sort_mode,
'S_ORDER_SELECT' => $select_sort_order,
'S_MODE_ACTION' => append_sid("memberlist.$phpEx"))
);
switch( $mode )
{
case 'joined':
$order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'username':
$order_by = "username $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'location':
$order_by = "user_from $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'posts':
$order_by = "user_posts $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'email':
$order_by = "user_email $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'website':
$order_by = "user_website $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
case 'topten':
$order_by = "user_posts $sort_order LIMIT 10";
break;
default:
$order_by = "user_regdate $sort_order LIMIT $start, " . $board_config['topics_per_page'];
break;
}
$sql = "SELECT *
FROM " . RANKS_TABLE . "
ORDER BY rank_special, rank_min";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Could not obtain ranks information.", '', __LINE__, __FILE__, $sql);
}
$ranksrow = array();
while ( $row = $db->sql_fetchrow($result) )
{
$ranksrow[] = $row;
}
$db->sql_freeresult($result);
$sql = "SELECT username, user_absence, user_absence_mode, user_id, user_viewemail, user_posts, user_regdate, user_from, user_from_flag, user_website, user_email, user_gender, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar, user_birthday, user_rank
FROM " . USERS_TABLE . "
WHERE user_id <> " . ANONYMOUS . "
and show_in_memberlist <> 0
// Memberlist Hidden User MOD
ORDER BY $order_by";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not query users', '', __LINE__, __FILE__, $sql);
}
$time_now = time();
$this_year=create_date('Y', $time_now, $board_config['board_timezone']);
$this_date = create_date('md', $time_now, $board_config['board_timezone']);
if ( $row = $db->sql_fetchrow($result) )
{
$i = 0;
do
{
$username = $row['username'];
$user_id = $row['user_id'];
$from = ( !empty($row['user_from']) ) ? $row['user_from'] : ' ';
// FLAGHACK-start
$flag = ( !empty($row['user_from_flag']) ) ? " <img src=\"images/flags/" . $row['user_from_flag'] . "\" alt=\"" . $row['user_from_flag'] . "\">" : ' <img src="images/flags/blank.gif" alt="">';
// FLAGHACK-end
// Begin Map Mod
$sql = 'SELECT *
FROM ' . MAP_MOD_USER_TABLE . '
WHERE user_id='.$user_id;
if(!$map_result = $db->sql_query($sql))
{
message_die(GENERAL_ERROR, "Couldn't obtain map information.", "", __LINE__, __FILE__, $sql);
}
$map_row = $db->sql_fetchrow($map_result);
if ((intval($map_row['user_id'])<>0) && ((float)$map_row['longitude']<>0.0) && ((float)$map_row['latitude']<>0.0))
{
$map_highlight_id=$row['user_id'];
}
else
{
$map_highlight_id=0;
}
$db->sql_freeresult($map_result);
// End Map Mod
$joined = create_date($lang['DATE_FORMAT'], $row['user_regdate'], $board_config['board_timezone']);
$posts = ( $row['user_posts'] ) ? $row['user_posts'] : 0;
$gender_image = '';
//
// Generate ranks, set them to empty string initially.
//
$user_rank = '';
$rank_image = '';
if ( $row['user_rank'] )
{
for($j = 0; $j < count($ranksrow); $j++)
{
if ( $row['user_rank'] == $ranksrow[$j]['rank_id'] && $ranksrow[$j]['rank_special'] )
{
$user_rank = $ranksrow[$j]['rank_title'];
$rank_image = ( $ranksrow[$j]['rank_image'] ) ? '<img src="' . $ranksrow[$j]['rank_image'] . '" alt="' . $poster_rank . '" title="' . $poster_rank . '" border="0" /><br />' : '';
}
}
}
else
{
for($j = 0; $j < count($ranksrow); $j++)
{
if ( $row['user_posts'] >= $ranksrow[$j]['rank_min'] && !$ranksrow[$j]['rank_special'] )
{
$user_rank = $ranksrow[$j]['rank_title'];
$rank_image = ( $ranksrow[$j]['rank_image'] ) ? '<img src="' . $ranksrow[$j]['rank_image'] . '" alt="' . $poster_rank . '" title="' . $poster_rank . '" border="0" /><br />' : '';
}
}
}
$poster_avatar = '';
if ( $row['user_avatar_type'] && $user_id != ANONYMOUS && $row['user_allowavatar'] )
{
switch( $row['user_avatar_type'] )
{
case USER_AVATAR_UPLOAD:
$poster_avatar = ( $board_config['allow_avatar_upload'] ) ? '<img src="' . $board_config['avatar_path'] . '/' . $row['user_avatar'] . '" alt="" border="0" />' : '';
break;
case USER_AVATAR_REMOTE:
$poster_avatar = ( $board_config['allow_avatar_remote'] ) ? '<img src="' . $row['user_avatar'] . '" alt="" border="0" />' : '';
break;
case USER_AVATAR_GALLERY:
$poster_avatar = ( $board_config['allow_avatar_local'] ) ? '<img src="' . $board_config['avatar_gallery_path'] . '/' . $row['user_avatar'] . '" alt="" border="0" />' : '';
break;
}
}
if ( $row['user_birthday'] != 999999 )
{
$user_birthdate=realdate('md', $row['user_birthday']);
$n=0;
while ($n<26)
{
if ($user_birthdate>=$zodiacdates[$n] & $user_birthdate<=$zodiacdates[$n+1])
{
$zodiac = $lang[$zodiacs[($n/2)]];
$u_zodiac = $images[$zodiacs[($n/2)]];
$zodiac_img = '<img src="'.$u_zodiac.'" alt="'.$zodiac.'" title="'.$zodiac.'" border="0"/>';
$n=26;
} else
{
$n=$n+2;
}
}
$user_age = $this_year - realdate ('Y',$row['user_birthday']);
if ($this_date < $user_birthdate) $user_age--;
$user_age = $lang['Age'] . ':' . $user_age .' ';
} else
{
$zodiac='';
$u_zodiac='';
$zodiac_img='';
$user_age = ' ';
}
if ( !empty($row['user_viewemail']) || $userdata['user_level'] == ADMIN )
{
$email_uri = ( $board_config['board_email_form'] ) ? append_sid("profile.$phpEx?mode=email&" . POST_USERS_URL .'=' . $user_id) : 'mailto:' . $row['user_email'];
$email_img = '<a href="' . $email_uri . '"><img src="' . $images['icon_email'] . '" alt="' . $lang['Send_email'] . '" title="' . $lang['Send_email'] . '" border="0" /></a>';
$email = '<a href="' . $email_uri . '">' . $lang['Send_email'] . '</a>';
}
else
{
$email_img = ' ';
$email = ' ';
}
$temp_url = append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$user_id");
$profile_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_profile'] . '" alt="' . $lang['Read_profile'] . '" title="' . $lang['Read_profile'] . '" border="0" /></a>';
$profile = '<a href="' . $temp_url . '">' . $lang['Read_profile'] . '</a>';
$temp_url = append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL . "=$user_id");
$pm_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_pm'] . '" alt="' . $lang['Send_private_message'] . '" title="' . $lang['Send_private_message'] . '" border="0" /></a>';
$pm = '<a href="' . $temp_url . '">' . $lang['Send_private_message'] . '</a>';
$www_img = ( $row['user_website'] ) ? '<a href="' . $row['user_website'] . '" target="_userwww"><img src="' . $images['icon_www'] . '" alt="' . $lang['Visit_website'] . '" title="' . $lang['Visit_website'] . '" border="0" /></a>' : '';
$www = ( $row['user_website'] ) ? '<a href="' . $row['user_website'] . '" target="_userwww">' . $lang['Visit_website'] . '</a>' : '';
$avatar_img = ($row['user_avatar'] && $row['user_avatar_type']==2 ? '<img src=' . $row['user_avatar'] . '>' : ($row['user_avatar'] && $row['user_avatar_type']==3 ? '<img src=images/avatars/gallery/' . $row['user_avatar'] . '>' : ($row['user_avatar'] && $row['user_avatar_type']==1 ? '<img src=images/avatars/' . $row['user_avatar'] . '>' : false)));
if ( !empty($row['user_gender']))
{
switch ($row['user_gender'])
{
case 1 : $gender_image = "<img src=\"" . $images['icon_minigender_male'] . "\" alt=\"".$lang['Male']."\" title=\"".$lang['Male']. "\" border=\"0\" />"; break;
case 2 : $gender_image = "<img src=\"" . $images['icon_minigender_female'] . "\" alt=\"".$lang['Female']. "\" title=\"".$lang['Female']. "\" border=\"0\" />"; break;
default : $gender_image="";
}
}
if ( !empty($row['user_icq']) )
{
$icq_status_img = '<a href="http://wwp.icq.com/' . $row['user_icq'] . '#pager"><img src="http://web.icq.com/whitepages/online?icq=' . $row['user_icq'] . '&img=5" width="18" height="18" border="0" /></a>';
$temp_url = append_sid('icqinfo.php?info=' . $row['user_icq']);
$temp_popup = "Javascript:window.open('$temp_url', '_icqinfo_popup', 'width=400,height=300,scrollbars=yes');";
$icq_img = '<a href="#" onClick="' . $temp_popup . '"><img src="' . $images['icon_icq'] . '" alt="' . $lang['ICQ'] . '"
title="' . $lang['ICQ'] . '" border="0" /></a>';
$icq = '<a href="http://wwp.icq.com/scripts/search.dll?to=' . $row['user_icq'] . '">' . $lang['ICQ'] . '</a>';
}
else
{
$icq_status_img = '';
$icq_img = '';
$icq = '';
}
$aim_img = ( $row['user_aim'] ) ? '<a href="aim:goim?screenname=' . $row['user_aim'] . '&message=Hello+Are+you+there?"><img src="' . $images['icon_aim'] . '" alt="' . $lang['AIM'] . '" title="' . $lang['AIM'] . '" border="0" /></a>' : '';
$aim = ( $row['user_aim'] ) ? '<a href="aim:goim?screenname=' . $row['user_aim'] . '&message=Hello+Are+you+there?">' . $lang['AIM'] . '</a>' : '';
$temp_url = append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$user_id");
$msn_img = ( $row['user_msnm'] ) ? '<a href="' . $temp_url . '"><img src="' . $images['icon_msnm'] . '" alt="' . $lang['MSNM'] . '" title="' . $lang['MSNM'] . '" border="0" /></a>' : '';
$msn = ( $row['user_msnm'] ) ? '<a href="' . $temp_url . '">' . $lang['MSNM'] . '</a>' : '';
$yim_img = ( $row['user_yim'] ) ? '<a href="http://edit.yahoo.com/config/send_webmesg?.target=' . $row['user_yim'] . '&.src=pg"><img src="' . $images['icon_yim'] . '" alt="' . $lang['YIM'] . '" title="' . $lang['YIM'] . '" border="0" /></a>' : '';
$yim = ( $row['user_yim'] ) ? '<a href="http://edit.yahoo.com/config/send_webmesg?.target=' . $row['user_yim'] . '&.src=pg">' . $lang['YIM'] . '</a>' : '';
$temp_url = append_sid("search.$phpEx?search_author=" . urlencode($username) . "&showresults=posts");
$search_img = '<a href="' . $temp_url . '"><img src="' . $images['icon_search'] . '" alt="' . $lang['Search_user_posts'] . '" title="' . $lang['Search_user_posts'] . '" border="0" /></a>';
$search = '<a href="' . $temp_url . '">' . $lang['Search_user_posts'] . '</a>';
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$visit_time_sql = "SELECT user_lastvisit
FROM " . USERS_TABLE . "
WHERE user_id = " . $user_id . "
LIMIT 1";
if (!$visit_time_result = $db->sql_query($visit_time_sql))
{
message_die(GENERAL_ERROR, 'Error getting user last visit time', '', __LINE__, __FILE__, $visit_time_sql);
}
$visit_time_row = $db->sql_fetchrow($visit_time_result);
$last_visit_time = (!empty($visit_time_row['user_lastvisit'])) ? create_date($lang['DATE_FORMAT'], $visit_time_row['user_lastvisit'], $board_config['board_timezone']) : 'Never';
$post_time_sql = "SELECT post_time
FROM " . POSTS_TABLE . "
WHERE poster_id = " . $user_id . "
ORDER BY post_time DESC
LIMIT 1";
if ( !($post_time_result = $db->sql_query($post_time_sql)) )
{
message_die(GENERAL_ERROR, 'Error getting user last post time', '', __LINE__, __FILE__, $post_time_sql);
}
$post_time_row = $db->sql_fetchrow($post_time_result);
$last_post_time = ( isset($post_time_row['post_time']) ) ? create_date($board_config['default_dateformat'], $post_time_row['post_time'], $board_config['board_timezone']) : $lang['None'];
if ( $row['user_absence'] == TRUE )
{
$absence_mode = create_absence_mode($row['user_absence_mode'], $pm_img, $pm, $email_img, $email, $username, 2);
}
$template->assign_block_vars('memberrow', array(
'U_USER_MAP' => append_sid("map.$phpEx?highlight=".$map_highlight_id),
'ROW_NUMBER' => $i + ( $start + 1 ),
'ROW_COLOR' => '#' . $row_color,
'ROW_CLASS' => $row_class,
'USERNAME' => $username,
'FROM' => $from,
'FLAG' => $flag,
'JOINED' => $joined,
'USER_AGE' => $user_age,
'USER_RANK' => $user_rank,
'USER_RANK_IMG' => $rank_image,
'POSTS' => $posts,
'POSTER_GENDER' => $gender_image,
'AVATAR_IMG' => $poster_avatar,
'PROFILE_IMG' => $profile_img,
'PROFILE' => $profile,
'SEARCH_IMG' => $search_img,
'SEARCH' => $search,
'PM_IMG' => $pm_img,
'PM' => $pm,
'EMAIL_IMG' => $email_img,
'EMAIL' => $email,
'WWW_IMG' => $www_img,
'WWW' => $www,
'AVATAR_IMG' => $avatar_img,
'ICQ_STATUS_IMG' => $icq_status_img,
'ICQ_IMG' => $icq_img,
'ICQ' => $icq,
'AIM_IMG' => $aim_img,
'AIM' => $aim,
'MSN_IMG' => $msn_img,
'MSN' => $msn,
'YIM_IMG' => $yim_img,
'YIM' => $yim,
'LAST_POST_TIME' => $last_post_time,
'LAST_VISIT_TIME' => $last_visit_time,
'ONLINE_STATUS0' => $online_offline[(isset($online_status[$user_id]) || $poster_id == -1) ? $online_status[$user_id] : 0][0],
'ONLINE_STATUS1' => $online_offline[(isset($online_status[$user_id]) || $poster_id == -1) ? $online_status[$user_id] : 0][1],
'ONLINE_STATUS2' => $online_offline[(isset($online_status[$user_id]) || $poster_id == -1) ? $online_status[$user_id] : 0][2],
'U_VIEWPROFILE' => append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=$user_id"))
);
if ($map_highlight_id<>0) {
$template->assign_block_vars('memberrow.switch_user_map', array());
}
else {
$template->assign_block_vars('memberrow.switch_user_no_map', array());
}
$i++;
}
while ( $row = $db->sql_fetchrow($result) );
}
if ( $mode != 'topten' || $board_config['topics_per_page'] < 10 )
{
$sql = "SELECT count(*) AS total
FROM " . USERS_TABLE . "
WHERE user_id <> " . ANONYMOUS;
and show_in_memberlist <> 0";
// Memberlist Hidden User MOD
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error getting total users', '', __LINE__, __FILE__, $sql);
}
if ( $total = $db->sql_fetchrow($result) )
{
$total_members = $total['total'];
$pagination = generate_pagination("memberlist.$phpEx?mode=$mode&order=$sort_order", $total_members, $board_config['topics_per_page'], $start). ' ';
}
}
else
{
$pagination = ' ';
$total_members = 10;
}
$template->assign_vars(array(
'PAGINATION' => $pagination,
'PAGE_NUMBER' => sprintf($lang['Page_of'], ( floor( $start / $board_config['topics_per_page'] ) + 1 ), ceil( $total_members / $board_config['topics_per_page'] )),
'L_GOTO_PAGE' => $lang['Goto_page'])
);
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
//
// CBACK CrackerTracker Worm Protection Part2
//
}
else
{
$cremotead = $REMOTE_ADDR;
$cuseragent = $HTTP_USER_AGENT;
$cstampdate = date(dmy);
$cstamptime = time();
$ctrackerlog = "$cstamptime,$cstampdate,$cremotead,$cbackcracktrack,$cuseragent";
$clog = fopen('ctrack.txt', 'a');
fwrite($clog,$ctrackerlog."\n");
fclose($clog);
echo "Hacker Angriff erkannt! <br /><br /><b>Dieser Angriff wurde mit all deinen Daten inkl. IP geloggt:</b><br />$ctrackerlog";
}
//
// Worms armageddon ;)
//
?>
