HEX
Server: Apache/2.4.25 (Debian)
System: Linux server17 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
User: web37 (1062)
PHP: 7.4.30
Disabled: show_source, highlight_file, apache_child_terminate, apache_get_modules, apache_note, apache_setenv, virtual, dl, disk_total_space, posix_getpwnam, posix_getpwuid, posix_mkfifo, posix_mknod, posix_setpgid, posix_setsid, posix_setuid, posix_uname, proc_nice, openlog, syslog, pfsockopen
$ pwd: /var/www/web37/htdocs/top100-sexnetzwerk/admin/
Upload Files
File: /var/www/web37/htdocs/top100-sexnetzwerk/admin/editaccount.php
<?php
############################################
### Top-XL - Edit User editaccount.php 
############################################
/// 1. You are NOT entiteld to rent, lease, transfer, reproduce or distribute this Software.
/// 2. You are entiteld to adapt, and modify the Software to your need.
/// 3. You can use this Script on all of YOUR Domains.
/// 4. Any modification or removal to the links in the footer and member area shall terminate this license immediately .
/// 5. The Script has been tested on different Servers and found free of any notable errors by the author. The Author shall not in any case be liable for any special, incidental indirect or other similar damages arising from the use of this Script.
/// 6. Author: Simon Zehender - Contact: https://www.paddelberg.de
////////////////////////////////////////////
////////////////////////////////////////////
if ($scriptpath!=$_SERVER['DOCUMENT_ROOT'])
	{echo "Are you looking for something?";exit;}

$id = !empty ($_GET["id"]) ? safety($_GET["id"]) : '';
$fromsite = !empty ($_GET["fromsite"]) ? safety($_GET["fromsite"]) : '';

$db -> query ("SELECT * FROM ".$topxl_user_table." WHERE id='".$id."'"); 
$datagetrow = $db -> fetch ();

$error1 = '';
$error2 = '';
$error3 = '';
$error4 = '';
$error5 = '';
$error6 = '';
$error7 = '';
$error11 = '';
$error12 = '';
$message = '';

if (!empty ($_POST['submit']))
	{
	$name = !empty ($_POST["name"]) ? safety ($_POST["name"]) : '';
	$email = !empty ($_POST["email"]) ? safety ($_POST["email"]) : '';
	$title = !empty ($_POST["title"]) ? safety ($_POST["title"]) : '';
	$description = !empty ($_POST["description"]) ? addslashes ($_POST["description"]) : '';
	$url = !empty ($_POST["url"]) ? safety ($_POST["url"]) : '';
	$bannerurl = !empty ($_POST["bannerurl"]) ? safety ($_POST["bannerurl"]) : '';
	$reciprocal = !empty ($_POST["reciprocal"]) ? safety ($_POST["reciprocal"]) : '';
	$notes = !empty ($_POST["notes"]) ? addslashes ($_POST["notes"]) : '';
	$active = !empty ($_POST["active"]) ? safety($_POST["active"]) : '';
	$hitin = !empty ($_POST["hitin"]) ? safety($_POST["hitin"]) : '';
	$hitout = !empty ($_POST["hitout"]) ? safety($_POST["hitout"]) : '';

	$urlslash = slashcheck ($url); 

	if($urlslash==3)
		{$url=$url."/";}
	$recislash=slashcheck($reciprocal);
	if($recislash==3)
		{$reciprocal=$reciprocal."/";}

	if (empty ($name))
		{$error1=$errortext1;}
	elseif (strlen($name) > 60)
		{$error1=$errortext1b;}

	if (empty ($email))
		{$error2=$errortext2;}
	elseif (validateEmail (trim($email)) == false)
		{$error2=$errortext2a;}
	elseif (strlen($email) > 255)
		{$error2=$errortext5b;}

	if (empty ($url) || !preg_match ("@^".$url_protocols."@", $url))
		{$error3=$errortext3;}
	elseif (strlen($url) > 255)
		{$error3=$errortext5b;}

	if (empty ($reciprocal) || !preg_match ("@^".$url_protocols."@", $reciprocal))
		{$error4=$errortext4;}
	elseif (strlen($reciprocal) > 255)
		{$error4=$errortext5b;}

	if ($config['showbanner']=="yes")
		{
		if (empty ($bannerurl) || !preg_match ("@^".$url_protocols."@", $bannerurl))
			{$error5=$errortext5;}
		else
			{
			$sqlholder=",bannerurl='".$bannerurl."'";
			if (strlen($bannerurl) > 255)
				{$error5=$errortext5b;}
			$ext = strrchr ($bannerurl, '.');
			$limitedext=array(".gif",".jpg",".jpeg",".png"); 
			if (!in_array($ext,$limitedext))
				{$error5=$errortext5a;}
			}
		}

	if (empty ($title))
		{$error6=$errortext6;}
	elseif (strlen($title) > $config['maxsigntitle'])
		{$error6=$errortext6a;}

	if (empty ($description))
		{$error7=$errortext7;}
	elseif (strlen($description) > $config['maxsigndesc'])
		{$error7=$errortext7a;}
	
	if (!is_numeric($hitout) && !empty ($hitout))
		{$error11=$text_notnumeric;}

	if (empty ($hitout))
		{$hitout = 0;}

	if (!is_numeric($hitin) && !empty ($hitin))
		{$error12=$text_notnumeric;}
	
	if (empty ($hitin))
		{$hitin = 0;}

	if ($hitout!=$datagetrow['hitout'])
		{
		$diffout=$hitout-$datagetrow['hitout'];
		if($hitout<$datagetrow['hitout'])
			{
			$diffout=str_replace("-","",$diffout);
			$hitouttotal=$datagetrow['hitouttotal']-$diffout;;
			}
		else 
			{$hitouttotal=$datagetrow['hitouttotal']+$diffout;}
		}

	else
		{$hitouttotal=$datagetrow['hitouttotal'];}

	if ($hitin!=$datagetrow['hitin'])
		{
		$diffin=$hitin-$datagetrow['hitin'];
		if($hitin<$datagetrow['hitin'])
			{
			$diffin=str_replace("-","",$diffin);
			$hitintotal=$datagetrow['hitintotal']-$diffin;
			}
		else 
			{$hitintotal=$datagetrow['hitintotal']+$diffin;}
		}
	else 
		{$hitintotal=$datagetrow['hitintotal'];}

	//// if an error happens
	if (!empty ($error1) || !empty ($error2) || !empty ($error3) || !empty ($error4) || !empty ($error5) || !empty ($error6) || !empty ($error7) || !empty ($error11) || !empty ($error12))
		{$message=$messageerror;}

	else
		{
		if ($active=="yes")
			{
			$db -> query ("SELECT newentry FROM ".$topxl_user_table." WHERE id=".$id);
			$checknewrow = $db -> fetch ();

			if ($checknewrow["newentry"]=="yes")
				{
				$validationdate=time();
				$activeholder=",active='yes',newentry='no',validationdate='".$validationdate."'";
				}
			else
				{$activeholder=",active='yes'";}
			}

		else
			{$activeholder=",active='no'";}
		
		$title = str_replace ('\'', '', stripslashes ($title));
		$title = addslashes (str_replace ('"', '', $title));

		$title=rtrim($title);
		$description=rtrim($description);	
		$db -> query ("UPDATE ".$topxl_user_table." SET name='".$name."',email='".$email."',title='".$title."',description='".$description."',url='".$url."',bannerurl='".$bannerurl."',reciprocal='".$reciprocal."',notes='".$notes."'".$activeholder.",hitin='".$hitin."',hitout='".$hitout."',hitintotal='".$hitintotal."',hitouttotal='".$hitouttotal."' WHERE id='".$id."'");
		
		$message=$messageupdate;
		}
	}

else
	{
	$name=$datagetrow['name'];
	$email=$datagetrow['email'];
	$title=$datagetrow['title'];
	$description=$datagetrow['description'];
	$url=$datagetrow['url'];
	$bannerurl=$datagetrow['bannerurl'];
	$reciprocal=$datagetrow['reciprocal'];
	$notes=$datagetrow['notes'];
	$active=$datagetrow['active'];
	$hitin=$datagetrow['hitin'];
	$hitout=$datagetrow['hitout'];
	}

if (!empty ($_GET["back"]))
	{
	$back = safety($_GET["back"]);
	$back++;
	}
else
	{$back=1;}

$main_content = "
	<table width=\"874\" border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"1\" bgcolor=\"#CCCCCC\">
		<tr>
			<td height=\"35\" colspan=\"3\" bgcolor=\"#FFFFFF\" class=\"top\"><strong class=\"heading\">".$text_editaccountdata." ".$id."<strong> &nbsp;&nbsp;".$message."</td>
		</tr>
		<tr>
			<td height=\"28\" colspan=\"3\" bgcolor=\"#FFFFFF\"><a href=\"javascript:history.go(-$back)\">".$text_back."</a></td>
		</tr>
		<form name=\"form1\" method=\"post\" action=\"index.php?do=editaccount&id=".$id."&fromsite=".$fromsite."&back=".$back."\">
		<tr>
			<td width=\"120\" bgcolor=\"#FFFFFF\">".$text_name."</td>
			<td width=\"210\" align=\"center\" bgcolor=\"#FFFFFF\"><input name=\"name\" type=\"text\" class=\"inputs\" value=\"".html_special_chars (stripslashes ($name))."\"></td>
			<td width=\"541\" bgcolor=\"#FFFFFF\"><span class=\"error\">".$error1."</span></td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_email."</td>
			<td align=\"center\" bgcolor=\"#FFFFFF\"><input name=\"email\" type=\"text\" class=\"inputs\" value=\"".stripslashes ($email)."\"></td>
			<td bgcolor=\"#FFFFFF\"><span  class=\"error\">".$error2."</span> <a href=\"mailto:".stripslashes ($email)."\" target=\"_blank\">".$text_email."</a></td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_url."</td>
			<td align=\"center\" bgcolor=\"#FFFFFF\"><input name=\"url\" type=\"text\" class=\"inputs\" id=\"url\" value=\"".stripslashes ($url)."\"></td>
			<td bgcolor=\"#FFFFFF\"><span class=\"error\">".$error3."</span> <a href=\"".stripslashes ($url)."\" target=\"_blank\">".$text_view."</a></td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_reciprocal."</td>
			<td align=\"center\" bgcolor=\"#FFFFFF\"><input name=\"reciprocal\" type=\"text\" class=\"inputs\" id=\"reciprocal\" value=\"".stripslashes ($reciprocal)."\"></td>
			<td bgcolor=\"#FFFFFF\"><span  class=\"error\">".$error4."</span> <a href=\"".stripslashes ($reciprocal)."\" target=\"_blank\">".$text_view."</a></td>
		</tr>";
		if ($config['showbanner']=="yes")
			{
			$main_content.="
			<tr>
			<td bgcolor=\"#FFFFFF\">".$text_bannerurl.":</td>
			<td align=\"center\" bgcolor=\"#FFFFFF\"><input name=\"bannerurl\" type=\"text\" class=\"inputs\" id=\"bannerurl\" value=\"".stripslashes ($bannerurl)."\"></td>
			<td bgcolor=\"#FFFFFF\"><span class=\"error\">".$error5."</span> <img width=\"468\" height=\"60\" src=\"".stripslashes ($bannerurl)."\" border=\"0\" class=\"banner\" vspace=\"4\" hspace=\"4\"></td>
			</tr>";
			}
		$main_content.="
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_title."</td>
			<td align=\"center\" bgcolor=\"#FFFFFF\"><input name=\"title\" type=\"text\" class=\"inputs\" id=\"title\" value=\"".html_special_chars (stripslashes ($title))."\"></td>
			<td bgcolor=\"#FFFFFF\"><span class=\"error\">".$error6."</span></td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_description."</td>
			<td align=\"center\" bgcolor=\"#FFFFFF\"><textarea name=\"description\" id=\"description\" class=\"textarea1\">".html_special_chars (stripslashes ($description))."</textarea></td>
			<td bgcolor=\"#FFFFFF\"><span class=\"error\">".$error7."</span></td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_notes."</td>
			<td align=\"center\" bgcolor=\"#FFFFFF\"><textarea name=\"notes\" id=\"notes\" class=\"textarea1\">".html_special_chars (stripslashes ($notes))."</textarea></td>
			<td bgcolor=\"#FFFFFF\">&nbsp;</td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_activeentry."</td>
			<td bgcolor=\"#FFFFFF\">
			<select name=\"active\">
		<option value=\"yes\"";
			if ($active=="yes")
				{$main_content.=" selected";}
			$main_content.=">".$text_yes."</option>
		<option value=\"no\"";
			if ($active=="no")
				{$main_content.=" selected";}
			$main_content.=">".$text_no."</option>
		</select>
			</td>
			<td bgcolor=\"#FFFFFF\">&nbsp;</td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_hitout."</td>
			<td align=\"center\" bgcolor=\"#FFFFFF\"><input type=\"text\" class=\"inputs\" name=\"hitout\" id=\"hitout\" value=\"".$hitout."\"></td>
			<td bgcolor=\"#FFFFFF\"><span class=\"error\">".$error11."</span> ".$text_exp_hitschange."</td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_hitin."</td>
			<td align=\"center\" bgcolor=\"#FFFFFF\"><input type=\"text\" class=\"inputs\" name=\"hitin\" id=\"hitin\" value=\"".$hitin."\"></td>
			<td bgcolor=\"#FFFFFF\"><span class=\"error\">".$error12."</span> ".$text_exp_hitschange1."</td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_deleteuser."</td>
			<td bgcolor=\"#FFFFFF\"><a href=\"index.php?do=delete&id=".$id."&fromsite=".$fromsite."\">".$text_del."</a></td>
			<td bgcolor=\"#FFFFFF\"></td>
		</tr>
		<tr>
			<td height=\"41\" bgcolor=\"#FFFFFF\">&nbsp;</td>
			<td align=\"center\" valign=\"middle\" bgcolor=\"#FFFFFF\">
			<input name=\"submit\" type=\"submit\" class=\"submitbuton\" value=\"".$text_submit."\">
			<input name=\"reset\" type=\"reset\" class=\"submitbuton\" value=\"".$text_reset."\"></td>
			<td bgcolor=\"#FFFFFF\">&nbsp;</td>
		</tr></form>
	</table>";

/// Template 
if(!file_exists($file))
	{echo "The template ".$file." does not exist."; exit;}
$fp1=fopen($file,"r");  
$zeile=fread ($fp1, filesize ($file));
include("template.php");
echo $zeile;
exit;
?>
@ Telegram