HEX
Server: Apache/2.4.25 (Debian)
System: Linux server17 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
User: web37 (1062)
PHP: 7.4.30
Disabled: show_source, highlight_file, apache_child_terminate, apache_get_modules, apache_note, apache_setenv, virtual, dl, disk_total_space, posix_getpwnam, posix_getpwuid, posix_mkfifo, posix_mknod, posix_setpgid, posix_setsid, posix_setuid, posix_uname, proc_nice, openlog, syslog, pfsockopen
$ pwd: /var/www/web37/htdocs/topsex/admin/
Upload Files
File: /var/www/web37/htdocs/topsex/admin/search.php
<?php
############################################
### Top-XL - Seach User search.php 
############################################
/// 1. You are NOT entiteld to rent, lease, transfer, reproduce or distribute this Software.
/// 2. You are entiteld to adapt, and modify the Software to your need.
/// 3. You can use this Script on all of YOUR Domains.
/// 4. Any modification or removal to the links in the footer and member area shall terminate this license immediately .
/// 5. The Script has been tested on different Servers and found free of any notable errors by the author. The Author shall not in any case be liable for any special, incidental indirect or other similar damages arising from the use of this Script.
/// 6. Author: Simon Zehender - Contact: https://www.paddelberg.de
////////////////////////////////////////////
////////////////////////////////////////////
if ($scriptpath!=$_SERVER['DOCUMENT_ROOT'])
	{echo "Are you looking for something?";exit;}

$fromsite = "search";
$main_content = '';

$id = !empty ($_POST["id"]) ? safety($_POST["id"]) : (!empty ($_GET["id"]) ? safety($_GET["id"]) : '');
$title = !empty ($_POST["title"]) ? safety($_POST["title"]) : (!empty ($_GET["title"]) ? safety($_GET["title"]) : '');
$url = !empty ($_POST["url"]) ? safety($_POST["url"]) : (!empty ($_GET["url"]) ? safety($_GET["url"]) : '');
$email = !empty ($_POST["email"]) ? safety($_POST["email"]) : (!empty ($_GET["email"]) ? safety($_GET["email"]) : '');
$name = !empty ($_POST["name"]) ? safety($_POST["name"]) : (!empty ($_GET["name"]) ? safety($_GET["name"]) : '');
$action = !empty ($_GET["action"]) ? safety ($_GET["action"]) : '';

if (!empty ($_POST['submit']))
	{
	if ($action == "lockchange")
		{
		$searched = !empty ($_GET["searched"]) ? safety ($_GET["searched"]) : '';
		$ids = !empty ($_POST["ids"]) ? substr (safety ($_POST["ids"]), 0, -1) : '';
		$ids = explode(",",$ids);
		$max = (count($ids));
		for ($i= 0; $i<=$max; $i++) 
			{
			$status = $_POST[$ids[$i]];
			if ($status == "no") /// freischalten
				{
				$db -> query ("SELECT newentry FROM ".$topxl_user_table." WHERE id=".$ids[$i]);
				$checknewrow = $db -> fetch ();
				$validationdate = time();

				if ($checknewrow["newentry"]=="yes")
					{$db -> query ("Update ".$topxl_user_table." SET active='yes',newentry='no',validationdate='".$validationdate."' WHERE id=".$ids[$i]);}
				else
					{$db -> query ("Update ".$topxl_user_table." SET active='yes' WHERE id=".$ids[$i]);}
				}

			elseif ($status == "yes")
				{$db -> query ("Update ".$topxl_user_table." SET active='no' WHERE id=".$ids[$i]);}
			}

		header ("Location: index.php?do=search&".$searched);
		exit;
		}

	$sqlholder = '';
	$searched = '';

	if (!empty ($id))
		{
		$sqlholder = "WHERE id LIKE '%$id%'";
		$searched = "id=".$id;
		}
	if (!empty ($title))
		{
		$sqlholder = "WHERE title LIKE '%".$title."%'";
		$searched .= "title=".$title;
		}
	if (!empty ($url))
		{
		$sqlholder = "WHERE url LIKE '%".$url."%'";
		$searched .= "url=".$url;
		}
	if (!empty ($email))
		{
		$sqlholder = "WHERE email LIKE '%".$email."%'";
		$searched .= "email=".$email;
		}
	if (!empty ($name))	
		{
		$sqlholder = "WHERE name LIKE '%".$name."%'";
		$searched .= "name=".$name;
		}

	$rowmarker = 0;
	$main_content = "
	<form name=\"form1\" method=\"post\" action=\"index.php?do=search&action=lockchange&searched=".$searched."\">
	<table width=\"874\" border=\"0\" cellpadding=\"0\" cellspacing=\"1\" bgcolor=\"#CCCCCC\">
		<tr>
			<td height=\"35\" colspan=\"8\" bgcolor=\"#FFFFFF\" class=\"top\"><strong class=\"heading\">".$text_searchaccount."</strong></td>
		</tr>
		<tr>
			<td width=\"56\"  bgcolor=\"#E4E4E4\" align=\"right\">".$text_id."</td>
			<td width=\"50\"  bgcolor=\"#E4E4E4\" align=\"center\">".$text_url."</td>
			<td width=\"59\"  bgcolor=\"#E4E4E4\" align=\"right\">".$text_in."</td>
			<td width=\"59\"  bgcolor=\"#E4E4E4\" align=\"right\">".$text_out."</td>
			<td width=\"50\"  bgcolor=\"#E4E4E4\" align=\"right\">".$text_active."</td>
			<td width=\"60\"  bgcolor=\"#E4E4E4\" align=\"right\">".$text_email."</td>
			<td width=\"40\"  bgcolor=\"#E4E4E4\" align=\"right\"><a href=\"index.php?do=validate\">".$text_status."</a></td>
			<td width=\"40\"  bgcolor=\"#E4E4E4\" align=\"right\">".$text_edit."</td>
		</tr>";		
	
	$db -> query ("SELECT * FROM ".$topxl_user_table." ".$sqlholder);
	
	$ids = '';

	while ($searchgetrows = $db -> fetch ())
		{
		$rowmarker++;
		if ($rowmarker == 2)
			{
			$tdbgcolor = "bgcolor=\"#F7F7F7\"";
			$rowmarker = 0;
			}
		else
			{$tdbgcolor = "bgcolor=\"#FFFFFF\"";}

		$now = time();
		$inactivetime1 = $now-($config['inactivetime']);
		if($searchgetrows['lastactive']>$inactivetime1)
			{$aktivecheck=$text_yes;}
		else 
			{$aktivecheck=$text_no;}

		$ids .= $searchgetrows['id'].",";

		$main_content .= "
		<tr>
			<td ".$tdbgcolor." align=\"right\">".$searchgetrows['id']."</td>
			<td ".$tdbgcolor.">
			".$searchgetrows['name']."<br>
			".$searchgetrows['title']."<br>
			<a href=\"".$searchgetrows['url']."\" target=\"_blank\" class=\"titlelink\">".$searchgetrows['url']."</a><br>";
			if ($config['showbanner'] == "yes")
				{$main_content .= "<a href=\"".$searchgetrows['url']."\" target=\"_blank\"><img width=\"468\" height=\"60\" src=\"".stripslashes ($searchgetrows['bannerurl'])."\" alt=\"".$searchgetrows['id']." ".stripslashes ($searchgetrows['title'])."\" border=\"0\" class=\"banner\" vspace=\"4\" hspace=\"4\"></a>";}
			$main_content .= "
				<div align=\"justify\" class=\"description\">".stripslashes ($searchgetrows['description'])."</div>
			</td>
			<td ".$tdbgcolor." align=\"right\">".$searchgetrows['hitin']."<br>".$searchgetrows['hitintotal']."</td>
			<td ".$tdbgcolor." align=\"right\">".$searchgetrows['hitout']."<br>".$searchgetrows['hitouttotal']."</td>
			<td ".$tdbgcolor." align=\"right\">".$aktivecheck."</td>
			<td ".$tdbgcolor." align=\"right\"><a href=\"mailto:".stripslashes ($searchgetrows['email'])."\" target=\"_blank\">".$text_email."</a></td>
			<td ".$tdbgcolor." align=\"right\">
			<select name=\"".$searchgetrows['id']."\">
			<option value=\"no\"";
			if ($searchgetrows['active'] == "yes")
				{$main_content .= "selected";}
			$main_content .= ">".$text_no."</option>
			<option value=\"yes\"";
			if ($searchgetrows['active'] == "no")
				{$main_content .= "selected";}
			$main_content .= ">".$text_yes."</option>
			</select>
			</td>
			<td ".$tdbgcolor." align=\"center\"><a href=\"index.php?do=editaccount&id=".$searchgetrows['id']."&fromsite=".$fromsite."\">".$text_edit."</a><br><a href=\"".$config['topsiteurl']."/members/index.php?do=main&id=".$searchgetrows['id']."\" target=\"_blank\">".$text_show."</a><br><a href=\"index.php?do=delete&id=".$searchgetrows['id']."&fromsite=".$fromsite."\">".$text_del."</a></td>
		</tr>";
		}

	$main_content .= "			
			<tr>
				<td height=\"42\" colspan=\"8\" bgcolor=\"#FFFFFF\" align=\"right\"><input type=\"hidden\" name=\"ids\" value=\"".$ids."\"><input name=\"submit\" type=\"submit\" class=\"submitbuton\" value=\"".$text_submit."\"></td>
			</tr>
	</table>
	</form>";
	}

else
	{
	$main_content = "
	<form name=\"form1\" method=\"post\" action=\"index.php?do=search\">
	<table width=\"874\" border=\"0\" cellpadding=\"0\" cellspacing=\"1\" bgcolor=\"#CCCCCC\">
		<tr>
		<td height=\"35\" colspan=\"3\" bgcolor=\"#FFFFFF\" class=\"top\"><strong class=\"heading\">".$text_searchaccount."</strong></td>
	  </tr>
		<tr>
			<td width=\"100\" bgcolor=\"#FFFFFF\">".$text_id."</td>
			<td width=\"220\" bgcolor=\"#FFFFFF\"><input type=\"text\" name=\"id\" value=\"".$id."\"></td>
			<td width=\"550\" bgcolor=\"#FFFFFF\"></td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_title."</td>
			<td bgcolor=\"#FFFFFF\"><input type=\"text\" name=\"title\" value=\"".$title."\"></td>
			<td bgcolor=\"#FFFFFF\"></td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_url."</td>
			<td bgcolor=\"#FFFFFF\"><input type=\"text\" name=\"url\" value=\"".$url."\"></td>
			<td bgcolor=\"#FFFFFF\"></td>
		</tr>		
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_name."</td>
			<td bgcolor=\"#FFFFFF\"><input type=\"text\" name=\"name\" value=\"".$name."\"></td>
			<td bgcolor=\"#FFFFFF\"></td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\">".$text_email."</td>
			<td bgcolor=\"#FFFFFF\"><input type=\"text\" name=\"email\" value=\"".$email."\"></td>
			<td bgcolor=\"#FFFFFF\"></td>
		</tr>
		<tr>
			<td bgcolor=\"#FFFFFF\"></td>
			<td bgcolor=\"#FFFFFF\"><input name=\"submit\" type=\"submit\" class=\"submitbuton\" value=\"".$text_submit."\"> <input name=\"reset\" type=\"reset\" class=\"submitbuton\" value=\"".$text_reset."\"></td>
			<td bgcolor=\"#FFFFFF\"></td>
		</tr>
	</table>
	</form>";
	}

/// Template 
if(!file_exists($file))
	{echo "The template ".$file." does not exist."; exit;}
$fp1 = fopen($file,"r");  
$zeile = fread ($fp1, filesize ($file));
include("template.php");
echo $zeile;
exit;
?>
@ Telegram