HEX
Server: Apache/2.4.25 (Debian)
System: Linux server17 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
User: web37 (1062)
PHP: 7.4.30
Disabled: show_source, highlight_file, apache_child_terminate, apache_get_modules, apache_note, apache_setenv, virtual, dl, disk_total_space, posix_getpwnam, posix_getpwuid, posix_mkfifo, posix_mknod, posix_setpgid, posix_setsid, posix_setuid, posix_uname, proc_nice, openlog, syslog, pfsockopen
$ pwd: /var/www/web37/htdocs/arschficken/
Upload Files
File: /var/www/web37/htdocs/arschficken/add.php
<?php 
############################################
### Top-XL - Add user add.php ######
############################################
/// 1. You are NOT entiteld to rent, lease, transfer, reproduce or distribute this Software.
/// 2. You are entiteld to adapt, and modify the Software to your need.
/// 3. You can use this Script on all of YOUR Domains.
/// 4. Any modification or removal to the links in the footer and member area shall terminate this license immediately .
/// 5. The Script has been tested on different Servers and found free of any notable errors by the author. The Author shall not in any case be liable for any special, incidental indirect or other similar damages arising from the use of this Script.
/// 6. Author: Simon Zehender - Contact: https://www.paddelberg.de
////////////////////////////////////////////
////////////////////////////////////////////
@ini_set ('error_reporting', 0);
@error_reporting (0);
@ini_set ('default_charset', 'utf-8');
header ('Content-Type: text/html; charset=utf-8');

$scriptpath = $_SERVER['DOCUMENT_ROOT'];

////////////////////////////////////////
/// add.php - add new entry
///////////////////////////////////////

include("inc/sql.php");
include("inc/vars.php");
include("inc/functions.php");

$langget = get_lang ($config['stanlang']);
include ("lang/members-".get_lang_file ($langget, $config['stanlang'], $config['langs'], $config['langdetect']).".php");

$do = !empty ($_GET["do"]) ? safety($_GET["do"]) : ''; 
$error1 = '';
$error2 = '';
$error3 = '';
$error4 = '';
$error5 = '';
$error6 = '';
$error7 = '';
$error8 = '';
$error24 = '';
$error32 = '';
$message = '';

////////////////////////////////////////
/// if submit
///////////////////////////////////////

if ($config['addvalicode']=="yes") 
	{session_start ();}

if ($do == "submitter" and $config['addperget']=="yes")
	{
	$name = !empty ($_GET["name"]) ? safety ($_GET["name"]) : '';
	$email = !empty ($_GET["email"]) ? safety ($_GET["email"]) : '';
	$url = !empty ($_GET["url"]) ? safety ($_GET["url"]) : '';
	$reciprocal = !empty ($_GET["reciprocal"]) ? safety ($_GET["reciprocal"]) : '';
	$bannerurl = !empty ($_GET["bannerurl"]) ? safety ($_GET["bannerurl"]) : '';
	$title = !empty ($_GET["title"]) ? safety ($_GET["title"]) : '';
	$description = !empty ($_GET["description"]) ? safety ($_GET["description"]) : '';
	$notes = !empty ($_GET["notes"]) ? safety ($_GET["notes"]) : '';
	$pass = !empty ($_GET["pass"]) ? safety ($_GET["pass"]) : '';
	$pass2 = !empty ($_GET["pass2"]) ? safety ($_GET["pass2"]) : '';
	$rulechecker = "yes";
	}

else
	{
	$name = !empty ($_POST["name"]) ? safety ($_POST["name"]) : '';
	$email = !empty ($_POST["email"]) ? safety ($_POST["email"]) : '';
	$url = !empty ($_POST["url"]) ? safety ($_POST["url"]) : '';
	$reciprocal = !empty ($_POST["reciprocal"]) ? safety ($_POST["reciprocal"]) : '';
	$bannerurl = !empty ($_POST["bannerurl"]) ? safety ($_POST["bannerurl"]) : '';
	$title = !empty ($_POST["title"]) ? safety ($_POST["title"]) : '';
	$description = !empty ($_POST["description"]) ? safety ($_POST["description"]) : '';
	$notes = !empty ($_POST["notes"]) ? safety ($_POST["notes"]) : '';
	$pass = !empty ($_POST["pass"]) ? safety ($_POST["pass"]) : '';
	$pass2 = !empty ($_POST["pass2"]) ? safety ($_POST["pass2"]) : '';
	$rulechecker = !empty ($_POST["rulechecker"]) ? safety ($_POST["rulechecker"]) : '';
	}


# post - save changes
if (!empty ($_POST['submit']) || $do == "submitter")
	{
	if ($config['refereraddcheck']=="yes")
		{
		$ref = $_SERVER["HTTP_REFERER"];
		if (empty ($ref) || !preg_match ("@^".$url_protocols."@", $ref))
			{
			echo "No valid referer";
			exit;
			}
		$topsiteurl1=get_dom($config['topsiteurl']);
		$ref=get_dom($ref);
		if ($ref!=$topsiteurl1)
			{echo "No valid referer";exit;}
		}

	if ($config['addvalicode']=="yes")
		{
		if (empty ($_SESSION['code']) || empty ($_POST['valicode']) || $_POST['valicode'] != $_SESSION['code'])
			{$error32 = $errortext32;}
		}

	$urlslash = slashcheck($url);
	if($urlslash == 3)
		{$url = $url."/";}

	$recislash = slashcheck($reciprocal);
	if($recislash == 3)
		{$reciprocal = $reciprocal."/";}

	$db -> query ("SELECT url,reciprocal FROM ".$topxl_user_table." WHERE reciprocal='".$reciprocal."' or url='".$url."'");
	$urlcheck = $db -> fetch ();

	$urlchkeckurl = $urlcheck['url'];
	$urlchkeckreciprocal = $urlcheck['reciprocal'];

	if (empty ($name))
		{$error1 = $errortext1;}
	elseif (strlen($name) > 60)
		{$error1 = $errortext1b;}

	if (empty ($email)) 
		{$error2 = $errortext2;}
	elseif (validateEmail (trim($email)) == false)
		{$error2 = $errortext2a;}
	elseif (strlen($email) > 255)
			{$error2 = $errortext5b;}

	if (empty ($url) || !preg_match ("@^".$url_protocols."@", $url))
		{$error3 = $errortext3;}
	elseif (strlen($url) > 255)
		{$error3 = $errortext5b;}
	elseif ($urlchkeckurl == $url)
		{$error3 = $errortext3a;}

	if (empty ($reciprocal) || !preg_match ("@^".$url_protocols."@", $reciprocal))
		{$error4 = $errortext4;}
	elseif (strlen($reciprocal) > 255)
			{$error4 = $errortext5b;}
	elseif ($urlchkeckreciprocal == $reciprocal)
		{$error4 = $errortext4a;}

	if ($config['showbanner'] == "yes")
		{
		if (empty ($bannerurl) || !preg_match ("@^".$url_protocols."@", $bannerurl))
			{$error5 = $errortext5;}
		else 
			{
			if (strlen($bannerurl) > 255)
				{$error5 = $errortext5b;}
			$sqlholder = ",bannerurl='".$bannerurl."'";
			$ext = strrchr ($bannerurl, '.');
			$limitedext=array(".gif",".jpg",".jpeg",".png"); 
			if (!in_array($ext,$limitedext))
				{$error5 = $errortext5a;}
			}
		}

	if (empty ($title))
		{$error6 = $errortext6;}
	elseif (strlen($title) > $config['maxsigntitle'])
		{$error6 = $errortext6a;}

	if (empty ($description))
		{$error7 = $errortext7;}
	elseif (strlen($description) > $config['maxsigndesc'])
		{$error7 = $errortext7a;}

	if (!empty ($pass)) 
		{
		if ($pass != $pass2)		 
			{$error8 = $errortext8a;}    
	  	elseif (strlen($pass)< 8)
	     	{$error8 = $errortext8b;}
		elseif (strlen($pass)> 60)
			{$error8 = $errortext1b;}
	  	}
	else 
      {$error8 = $errortext8c;}	

	if (empty ($rulechecker) || $rulechecker != "yes")
		{$error24 = $errortext24;}

	//// if an error happens
	if (!empty ($error1) || !empty ($error2) || !empty ($error3) || !empty ($error4) || !empty ($error5) || !empty ($error6) || !empty ($error7) || !empty ($error8) || !empty ($error24) || !empty ($error32))
		{$message = $messageerror;}

	else
		{
		$signupip = getenv("REMOTE_ADDR");
		$title = trim($title);
		$description = trim($description);
		$mailpass = $pass;
		$pass = md5($pass);
		$timestamp = time();
		$joindate = date("Y-m-d-H-i-s");
		
		$title = str_replace ('\'', '', stripslashes ($title));
		$title = addslashes (str_replace ('"', '', $title));

		if ($config['validatesites'] == "yes")
			{$sqlholder2 = ",active='no'";}
		else
			{$sqlholder2 = ",active='yes',newentry='no',validationdate='".$timestamp."'";}

		$db -> query ("INSERT INTO ".$topxl_user_table." SET joindate='".$joindate."',timestamp='".$timestamp."',name='".$name."',email='".$email."',url='".$url."'".$sqlholder.",reciprocal='".$reciprocal."',title='".$title."',description='".$description."',notes='".$notes."',pass='".$pass."',lang='".$langget."',signupip='".$signupip."'".$sqlholder2."");
		
		$id = $db -> insertId ();

		/// Html Codes to show on the success site
		if ($config['mailtouser'] == "yes" or $config['mailtoadmin'] == "yes")
			{$htmlcode2 = $bodycode_text."\n";}

		$htmlcode = "<b>".$bodycode_text."</b><br>";
		$htmlcode3="";

		if ($config['reftype']=="textlink" or $config['reftype']=="textban")
			{
			if ($config['mailtouser']=="yes")
				{
				$recicodetext=recipcodetext($id,$topxl_admin_table,$config['topsiteurl'],$config['linktitle'],$config['filename'],$config['recicodetext'],$db);
				$htmlcode3="\n".$text_textlink."\n";
				$htmlcode3.=$htmlcodescript."\n".$recicodetext."\n";
				}
			$htmlcode.=texthtmlgen($id,$topxl_admin_table,$config['topsiteurl'],$config['linktitle'],$config['filename'],$text_textlink,$htmlcodescript,$text_preview,$config['recicodetext'],$db);
			}

		if ($config['reftype']=="banner" or $config['reftype']=="textban")
			{
			$recicodebanner=recipcodebanner($id,$topxl_admin_table,$config['topsiteurl'],$config['topbannerurl'],$config['linktitle'],$config['filename'],$config['recicodebanner'],$db);
			if ($config['mailtouser']=="yes" or $config['mailtoadmin']=="yes")
				{
				$htmlcode3.="\n".$text_banner." 1\n".$htmlcodescript."\n".recipcodebanner($id,$topxl_admin_table,$config['topsiteurl'],$config['topbannerurl'],$config['linktitle'],$config['filename'],$config['recicodebanner'],$db)."\n";
			if ($config['topbannerurla']!="")
				{$htmlcode3.="\n".$text_banner." 2\n".$htmlcodescript."\n".recipcodebanner($id,$topxl_admin_table,$config['topsiteurl'],$config['topbannerurla'],$config['linktitle'],$config['filename'],$config['recicodebanner'],$db)."\n";}
			if ($config['topbannerurlb']!="")
				{$htmlcode3.="\n".$text_banner." 3\n".$htmlcodescript."\n".recipcodebanner($id,$topxl_admin_table,$config['topsiteurl'],$config['topbannerurlb'],$config['linktitle'],$config['filename'],$config['recicodebanner'],$db)."\n";}
			if ($config['topbannerurlc']!="")
				{$htmlcode3.="\n".$text_banner." 4\n".$htmlcodescript."\n".recipcodebanner($id,$topxl_admin_table,$config['topsiteurl'],$config['topbannerurlc'],$config['linktitle'],$config['filename'],$config['recicodebanner'],$db)."\n";}
			if ($config['topbannerurld']!="")
				{$htmlcode3.="\n".$text_banner." 5\n".$htmlcodescript."\n".recipcodebanner($id,$topxl_admin_table,$config['topsiteurl'],$config['topbannerurld'],$config['linktitle'],$config['filename'],$config['recicodebanner'],$db)."\n";}
				}

			$htmlcode.=bannerhtmlgen($id,$topxl_admin_table,$config['topsiteurl'],$config['topbannerurl'],$config['linktitle'],$config['filename'],$text_banner,$htmlcodescript,$text_preview,$config['recicodebanner'],$db);
			if ($config['topbannerurla']!="")
				{$htmlcode.=bannerhtmlgen($id,$topxl_admin_table,$config['topsiteurl'],$config['topbannerurla'],$config['linktitle'],$config['filename'],$text_banner,$htmlcodescript,$text_preview,$config['recicodebanner'],$db);}
			if ($config['topbannerurlb']!="")
				{$htmlcode.=bannerhtmlgen($id,$topxl_admin_table,$config['topsiteurl'],$config['topbannerurlb'],$config['linktitle'],$config['filename'],$text_banner,$htmlcodescript,$text_preview,$config['recicodebanner'],$db);}
			if ($config['topbannerurlc']!="")
				{$htmlcode.=bannerhtmlgen($id,$topxl_admin_table,$config['topsiteurl'],$config['topbannerurlc'],$config['linktitle'],$config['filename'],$text_banner,$htmlcodescript,$text_preview,$config['recicodebanner'],$db);}
			if ($config['topbannerurld']!="")
				{$htmlcode.=bannerhtmlgen($id,$topxl_admin_table,$config['topsiteurl'],$config['topbannerurld'],$config['linktitle'],$config['filename'],$text_banner,$htmlcodescript,$text_preview,$config['recicodebanner'],$db);}
			}

		$htmlcodemail = $htmlcode2." ".$htmlcode3;
		if ($config['validatesites'] == "yes")
			{
			$message = $messagesuccess;
			$bodytextx=$bodytext1;
			$bodytexty=$bodytext2;
			}

		else
			{
			$message = $messagesuccess1;
			$bodytextx=$bodytext3;
			$bodytexty=$bodytext4;
			}

		if ($config['mailtouser'] == "yes")
			{
			/// send mail to user
			$subject = $subjecttext." ".$config['topsitename'];
			$body1 = $bodytextx."\n\n".$bodytexty."\n\n";
			$body2 = $htmlcodemail;
			$body3 = "\n\nLogin Data\n".$text_loginid." ".$id."\n".$text_pass." ".$mailpass."\n\n".$text_account_information."\n".$text_name." ".$name."\n".$text_email." ".$email."\n".$text_url." ".$url."\n".$text_bannerurl." ".$bannerurl."\n".$text_reciprocal." ".$reciprocal."\n".$text_title." ".$title."\n".$text_description." ".$description."\n".$text_notes." ".$notes."\n".$text_signupip." ".$signupip."\n".$text_joindate." ".$joindate."\n\n".$config['mailpromo']."\n\n".$commercialmailtext;
			$body = strip_tags (stripslashes ($body1));
			$body .= $body2;
			$body .= strip_tags($body3);
			mail($email,$subject,$body,"From: ".$config['adminmail']."\nReply-To: ".$config['adminmail']);
			}
	
		if ($config['mailtoadmin'] == "yes")
			{
			include("lang/members-".$config['stanlang'].".php");
			$validateurl = $config['topsiteurl']."/admin/index.php?do=validate";
			/// send mail to admin
			$subject2 = $subjecttextadmin;
			$body2 = $validateurl."\n\n".$text_name." ".$name."\n".$text_email." ".$email."\n".$text_pass." ".$mailpass."\n".$text_url." ".$url."\n".$text_bannerurl." ".$bannerurl."\n".$text_reciprocal." ".$reciprocal."\n".$text_title." ".$title."\n".$text_description." ".$description."\n".$text_notes." ".$notes."\n".$text_adminsignupip." ".$signupip."\n".$text_joindate." ".$joindate."\n\n";
			$body2  = strip_tags (stripslashes ($body2));
			mail($config['adminmail2'],$subject2,$body2,"From: ".$config['adminmail']."\nReply-To: ".$email);
			include("lang/members-".get_lang_file($langget,$config['stanlang'],$config['langs'],$config['langdetect']).".php");
			}
	
		/// Template 
		if(!file_exists("html/".$config['design']."/add.html"))
			{echo "The template file html/".$config['design']."/add.html does not exist.";exit;}
		$fp1 = fopen("html/".$config['design']."/added.html","r");  
		$zeile = fread ($fp1, filesize ("html/".$config['design']."/added.html"));
		$zeile = str_replace("{text_loginname}", $text_loginname,$zeile);
		$zeile = str_replace("{text_htmlcode}", $bodytexty,$zeile);
		$zeile = str_replace("{text_pass}", $text_pass,$zeile);
		$zeile = str_replace("{text_name}", $text_loginname,$zeile);
		$zeile = str_replace("{message}", $message,$zeile);
		$zeile = str_replace("{name}", $id,$zeile);
		$zeile = str_replace("{pass}", $mailpass,$zeile);
		$zeile = str_replace("{text_logindata}", $text_logindata,$zeile);
		$zeile = str_replace("{htmlcode}", $exp_javascript_backlink."<br><br>".stripslashes($htmlcode),$zeile);
		$zeile = str_replace("{text_signup}", $text_signup,$zeile);
		echo $zeile;
		exit;
		}
	}
	
/////////////////////////////////////
//// add form
/////////////////////////////////////

$prevhtmlcode = "<strong>".$text_previewhtmlcode."</strong><br><br>";
if ($config['reftype']=="textlink" or $config['reftype']=="textban")
	{
	$recicodetext=recipcodetext("none",$topxl_admin_table,$config['topsiteurl'],$config['linktitle'],$config['filename'],$config['recicodetext'],$config['recicodetext'],$db);
	$prevhtmlcode.="<strong>".$text_textlink."</strong><br>".$recicodetext."<br>";
	}

if ($config['reftype']=="banner" or $config['reftype']=="textban")
	{
	$prevhtmlcode.="<br><strong>".$text_banner." 1</strong><br>".recipcodebanner("none",$topxl_admin_table,$config['topsiteurl'],$config['topbannerurl'],$config['linktitle'],$config['filename'],$config['recicodebanner'],$db)."<br>";
	if ($config['topbannerurla']!="")
		{$prevhtmlcode.="<br><strong>".$text_banner." 2</strong><br>".recipcodebanner("none",$topxl_admin_table,$config['topsiteurl'],$config['topbannerurla'],$config['linktitle'],$config['filename'],$config['recicodebanner'],$db)."<br>";}
	if ($config['topbannerurlb']!="")
		{$prevhtmlcode.="<br><strong>".$text_banner." 3</strong><br>".recipcodebanner("none",$topxl_admin_table,$config['topsiteurl'],$config['topbannerurlb'],$config['linktitle'],$config['filename'],$config['recicodebanner'],$db)."<br>";}
	if ($config['topbannerurlc']!="")
		{$prevhtmlcode.="<br><strong>".$text_banner." 4</strong><br>".recipcodebanner("none",$topxl_admin_table,$config['topsiteurl'],$config['topbannerurlc'],$config['linktitle'],$config['filename'],$config['recicodebanner'],$db)."<br>";}
	if ($config['topbannerurld']!="")
		{$prevhtmlcode.="<br><strong>".$text_banner." 5</strong><br>".recipcodebanner("none",$topxl_admin_table,$config['topsiteurl'],$config['topbannerurld'],$config['linktitle'],$config['filename'],$config['recicodebanner'],$db)."<br>";}
	}

if ($config['showbanner'] == "yes")
	{
	if(!file_exists("html/".$config['design']."/add_banner_row.html"))
		{echo "The template file html/".$config['design']."/add_banner_row.html does not exist.";exit;}
	$fp1 = fopen("html/".$config['design']."/add_banner_row.html","r");
	$zeile = fread ($fp1, filesize ("html/".$config['design']."/add_banner_row.html"));
	$zeile = str_replace("{text_bannerurl}",$text_bannerurl,$zeile);
	$zeile = str_replace("{bannerurl}",$bannerurl,$zeile);
	$bannerbox = str_replace("{error5}",$error5,$zeile);
	}

else
	{$bannerbox = "";}

$saveadd_html = '';
if ($config['addvalicode']=="yes")
	{
	$_SESSION['code'] = rand(10000, 99999);
	if(!file_exists("html/".$config['design']."/add_save_row.html"))
		{echo "The template file html/".$config['design']."/add_save_row.html does not exist.";exit;}
	$fp1 = fopen("html/".$config['design']."/add_save_row.html","r");
	$zeile = fread ($fp1, filesize ("html/".$config['design']."/add_save_row.html"));
	$zeile = str_replace("{text_valicode}",$text_valicode,$zeile);
	$saveadd_html = str_replace("{error32}",$error32,$zeile);
	}

/// Template
if(!file_exists("html/".$config['design']."/add.html"))
	{echo "The template file html/".$config['design']."/add.html does not exist.";exit;}
$fp1 = fopen("html/".$config['design']."/add.html","r");
$zeile = fread ($fp1, filesize ("html/".$config['design']."/add.html"));
$zeile = str_replace("{text_name}",$text_name,$zeile);
$zeile = str_replace("{saveadd_html}",$saveadd_html,$zeile);
$zeile = str_replace("{text_email}",$text_email,$zeile);
$zeile = str_replace("{text_url}",$text_url,$zeile);
$zeile = str_replace("{text_reciprocal}",$text_reciprocal,$zeile);
$zeile = str_replace("{text_title}",$text_title,$zeile);
$zeile = str_replace("{text_description}",$text_description,$zeile);
$zeile = str_replace("{text_notes}",$text_notes,$zeile);
$zeile = str_replace("{error1}",$error1,$zeile);
$zeile = str_replace("{error2}",$error2,$zeile);
$zeile = str_replace("{error3}",$error3,$zeile);
$zeile = str_replace("{error4}",$error4,$zeile);
$zeile = str_replace("{error6}",$error6,$zeile);
$zeile = str_replace("{error7}",$error7,$zeile);
$zeile = str_replace("{error8}",$error8,$zeile);
$zeile = str_replace("{error24}",$error24,$zeile);
$zeile = str_replace("{message}",$message,$zeile);
$zeile = str_replace("{bannerbox}",$bannerbox,$zeile);
$zeile = str_replace ("{name}", html_special_chars (stripslashes ($name)), $zeile);
$zeile = str_replace ("{email}", html_special_chars (stripslashes ($email)), $zeile);
$zeile = str_replace ("{url}", stripslashes ($url), $zeile);
$zeile = str_replace ("{reciprocal}", stripslashes ($reciprocal), $zeile);
$zeile = str_replace ("{title}", html_special_chars (stripslashes ($title)), $zeile);
$zeile = str_replace ("{description}", html_special_chars (stripslashes ($description)), $zeile);
$zeile = str_replace ("{notes}", html_special_chars (stripslashes ($notes)), $zeile);
$zeile = str_replace("{text_pass}",$text_pass,$zeile);
$zeile = str_replace("{pass}",$pass,$zeile);
$zeile = str_replace("{pass2}",$pass2,$zeile);
$zeile = str_replace("{text_signup}",$text_signup,$zeile);
$zeile = str_replace("{prevhtmlcode}",$prevhtmlcode,$zeile);
$zeile = str_replace("{text_rules}",$text_rules,$zeile);
$zeile = str_replace("{text_exp_rules}",$text_exp_rules,$zeile);
$zeile = str_replace("{text_stats}",$text_stats,$zeile);
$zeile = str_replace("{hitstoday}",$config['hitstoday'],$zeile);
$zeile = str_replace("{text_hitstoday}",$text_viewstoday,$zeile);
$zeile = str_replace("{hitsyesterday}", $config['hitsyesterday'],$zeile);
$zeile = str_replace("{text_hitsyesterday}",$text_viewsyesterday,$zeile);
$zeile = str_replace("{hitstotal}",$config['hitstotal'],$zeile);
$zeile = str_replace("{text_hitstotal}",$text_viewstotal,$zeile);
$zeile = str_replace("{loadstotal}",$config['loadstotal'],$zeile);
$zeile = str_replace("{text_loadstotal}",$text_loadstotal,$zeile);
$zeile = str_replace("{text_acceptrules}",$text_acceptrules,$zeile);
echo $zeile;
exit;
?>
@ Telegram