<?php
if (!defined('Nican'))
die('Hacking attempt...');
function db_query($query){
$q = mysql_query($query);
if($q === FALSE){
echo "\n" . mysql_error() . "\n" . $query . "<hr>";
}
return $q;
}
function Main(){
global $context;
$context['optheader'] = "Main";
$resul = db_query('SELECT id,name,fcount,ccount FROM `sm_smfiles`',__FILE__,__LINE__);
while ($line = mysql_fetch_array($resul, MYSQL_ASSOC)) {
$context['fileinfo'][] = Array(
'id' => $line['id'],
'name' => $line['name'],
);
}
usort($context['fileinfo'], "SortByName");
}
function SortByName($a, $b)
{
if ($a['name'] == $b['name']) {
return 0;
}
return ($a['name'] < $b['name']) ? -1 : 1;
}
function ShowOpts(){
global $context;
if(!isset($_GET['id']) || $_GET['id'] == "")
exit("No Results found.");
if(strlen($_GET['id']) > 30)
exit("No Results found.");
$context['usetopandbo'] = Array ( false,false);
$query = 'SELECT id,func,inc FROM `sm_smfunctions` WHERE LCASE(func) LIKE \'%'.strtolower(mysql_real_escape_string($_GET['id'])).'%\' OR description LIKE \'%'.mysql_real_escape_string($_GET['id']).' %\' COLLATE latin1_swedish_ci';
$result = db_query($query,__FILE__,__LINE__);
$context['answers'] = Array();
$context['numresults'] = mysql_num_rows($result);
if($context['numresults'] > 100)
return;
$files = Array ();
$i = 0;
if($context['numresults'] > 0){
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
$context['answers'][ $line['inc'] ][ $line['id'] ] = $line['func'];
$context['lastone'][ $line['inc'] ] = $line['id'];
if(!isset( $files [ $line['inc'] ])){
$files [ $line['inc'] ] = $i;
$i++;
}
}
$fliped = array_flip( $files );
$query = db_query('SELECT id,name FROM `sm_smfiles` WHERE id IN ('. implode(",",$fliped) .')',__FILE__,__LINE__);
while ($line = mysql_fetch_array($query, MYSQL_ASSOC)) {
$context['files'][ $line['id'] ] = $line['name'];
}
}
}
function ShowInfo(){
global $context;
if(!isset($_GET['id']) || $_GET['id'] == "")
exit("No Results found.");
$query = 'SELECT func,fullfunc,description,treturn,funcinput,exemple,inc,incname,typeof,onerror,version FROM `sm_smfunctions` WHERE id = '.intval($_GET['id']).' LIMIT 1';
$result = db_query($query,__FILE__,__LINE__);
$context['numresults'] = mysql_num_rows($result);
if($context['numresults'] > 0){
$context['answers'] = mysql_fetch_array($result, MYSQL_ASSOC);
$context['topmenu'][] = Array (
$context['answers']['incname'],
'index.php?action=file&id='.$context['answers']['inc']
);
$context['optheader'] = $context['answers']['func'];
$result = db_query('SELECT fcount,ccount FROM `sm_smfiles` WHERE id = '.$context['answers']['inc'].' LIMIT 1',__FILE__,__LINE__);
$context['fileinfo'] = mysql_fetch_array($result, MYSQL_ASSOC);
$result = db_query('SELECT time,poster,body FROM `sm_smposts` WHERE file = '.$context['answers']['inc'].' AND func = '.intval($_GET['id']).'',__FILE__,__LINE__);
$context['sm']['pcount'] = mysql_num_rows($result);
if($context['sm']['pcount'] > 0){
$context['sm']['posts'] = Array();
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
$context['sm']['posts'][] = Array (
'poster' => $line['poster'],
'time' => date("F j, Y, g:i a",$line['time']),
'body' => parse_bbc($line['body']),
);
}
}
}
}
function ShowFile(){
global $context;
if(!isset($_GET['id']) || $_GET['id'] == "" || strlen($_GET['id']) > 2)
exit("No Results found.");
$result = db_query('SELECT name,filename,fcount,ccount FROM `sm_smfiles` WHERE id = '.intval($_GET['id']).' LIMIT 1',__FILE__,__LINE__);
$context['letters'] = Array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v');
$context['numresults'] = mysql_num_rows($result);
if($context['numresults'] > 0){
$info = mysql_fetch_array($result, MYSQL_ASSOC);
$context['name'] = $info['name'];
$context['filename'] = $info['filename'];
$context['fcount'] = $info['fcount'];
$context['ccount'] = $info['ccount'];
$context['optheader'] = $info['filename'];
$result = db_query('SELECT time,poster,body FROM `sm_smposts` WHERE file = '.intval($_GET['id']).' AND func = -1',__FILE__,__LINE__);
$context['sm']['pcount'] = mysql_num_rows($result);
if($context['sm']['pcount'] > 0){
$context['sm']['posts'] = Array();
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
$context['sm']['posts'][] = Array (
'poster' => $line['poster'],
'time' => date("F j, Y, g:i a",$line['time']),
'body' => parse_bbc($line['body']),
);
}
}
$context['topmenu'][] = Array (
$context['filename'],
'index.php?action=file&id='.$_GET['id']
);
if(isset($_GET['type']) && $info['fcount'] > 0) return LoadThis(0);
if(isset($_GET['file'])) return LoadThis(2);
if($info['ccount'] > 0) return LoadThis(1);
if($info['fcount'] > 0) return LoadThis(0);
return LoadThis(2);
}
}
function LoadThis($type){
global $context;
$context['goon'] = $type;
switch($type){
case 0:
$resul = db_query('SELECT id,func,description FROM `sm_smfunctions` WHERE inc = '.intval($_GET['id']).'',__FILE__,__LINE__);
while ($line = mysql_fetch_array($resul, MYSQL_ASSOC)) {
$context['infos'][] = Array(
'id' => $line['id'],
'func' => $line['func'],
'desc' => $line['description'],
);
}
break;
case 1:
$resul = db_query('SELECT descrip,`fulltext` FROM `sm_smconst` WHERE fileid = '.intval($_GET['id']).'',__FILE__,__LINE__);
while ($line = mysql_fetch_array($resul, MYSQL_ASSOC)) {
$context['infos'][] = $line;
}
break;
case 2:
$resul = db_query('SELECT cont FROM `sm_smfilescon` WHERE id = '.intval($_GET['id']).'',__FILE__,__LINE__);
$context['infos'] = mysql_fetch_array($resul, MYSQL_ASSOC);
break;
}
}
function HighLight(){
global $context;
$context['goon'] = isset($_GET['goon']);
if($context['goon']){
if(isset($_POST['signature']) && trim($_POST['signature']) != ""){
$newinfo =stripslashes($_POST['signature']);
HighLightThis($newinfo);
} elseif (is_uploaded_file($_FILES['uploadedfile']['tmp_name'])) {
switch ($_FILES['uploadedfile']['error']){
case 1: $context['imagerror'] = 'The uploaded file exceeds max size.'; break;
case 2: $context['imagerror'] = 'The uploaded file exceeds max size.'; break;
case 3: $context['imagerror'] = 'The uploaded file was only partially uploaded.'; break;
case 7: $context['imagerror'] = 'Failed to write file to disk.'; break;
case 8: $context['imagerror'] = 'File upload stopped by extension.'; break;
}
if(isset($context['imagerror']))
return;
$code = file_get_contents($_FILES['uploadedfile']['tmp_name']);
HighLightThis($code);
$context['topmenu'][] = Array (
$_FILES['uploadedfile']['name'],
'index.php?action=codehigh'
);
} else {
$context['imagerror'] = 'Could not upload file, or no data found.';
$context['topmenu'][] = Array (
'MyCode',
'index.php?action=codehigh'
);
}
}
}
function HighLightThis($code){
global $context;
$search[0] = Array('<?php ','?>');
$replace[1] = Array('','');
$theresults = Array();
$result = mysql_query('SELECT id,func FROM sm_smfunctions') or die('Query failed: ' . mysql_error());
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
$theresults[] = Array (
'id' => $line['id'],
'func' => $line['func'],
'strlen' => strlen($line['func']),
);
}
//I need to sort it and do that stupid thing of $thereplaceid so that one function becomes two, like SetClientListeningFlags and SetClientListening
usort($theresults, "CompareSTRLEN");
foreach($theresults as $go){
$thereplaceid = "<!<" . $go['id'] . ">!>";
$search[0][] = $go['func'];
$replace[0][] = $thereplaceid;
$search[1][] = $thereplaceid;
$replace[1][] = '<a href="index.php?action=show&id='.$go['id'].'" onmouseout="hideSMFunc()" onmouseover="showSMfunc('.$go['id'].')">' . $go['func'] . '</a>';
}
$result = mysql_query('SELECT id,variable FROM sm_smdefine') or die('Query failed: ' . mysql_error());
while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) {
$search[2][] = $line['variable'];
$replace[2][] = '<a onmouseout="hideSMFunc()" onmouseover="showSMconst('.$line['id'].')">' . $line['variable'] . '</a>';
}
$str = highlight_string('<?php ' . $code . ' ?>', true);
$str = str_replace($search[0], $replace[0], $str);
$str = str_replace($search[1], $replace[1], $str);
$str = str_replace($search[2], $replace[2], $str);
$context['str'] = $str; //explode("<br />",$str);
}
function PreviewPost(){
echo parse_bbc(stripslashes($_POST['message']));
die();
}
function PostThis(){
global $context,$templatefunc;
if($context['user']['guest'])
exit("3");
if(!isset($_GET['id']) || $_GET['id'] == '' || strlen($_GET['id']) > 5)
exit("0");
$typearray = Array ( 'file' , 'func');
if(!isset($_GET['type']) || array_search($_GET['type'], $typearray) === false)
exit("0");
if(!isset($_POST['message']) || $_POST['message'] == '')
exit("1");
$time = time();
$query = db_query('SELECT time FROM sm_smposts WHERE ip = "'.$context['user']['ip'].'" ORDER BY time DESC LIMIT 1',__FILE__,__LINE__);
if(mysql_num_rows($query) > 0){
$line = mysql_fetch_array($query, MYSQL_NUM);
if($time < $line[0] + 15)
exit("2");
}
switch($_GET['type']){
case "file":
$query = db_query('SELECT id FROM sm_smfiles WHERE id = '.intval($_GET['id']).' LIMIT 1',__FILE__,__LINE__);
if(mysql_num_rows($query) == 0)
exit("0");
$file = $_GET['id'];
$func = -1;
$afterfunc = "ShowFile";
break;
case "func":
$query = db_query('SELECT inc FROM sm_smfunctions WHERE id = '.intval($_GET['id']).' LIMIT 1',__FILE__,__LINE__);
if(mysql_num_rows($query) == 0)
exit("0");
$line = mysql_fetch_array($query);
$file = $line[0];
$func = $_GET['id'];
$afterfunc = "ShowInfo";
break;
}
db_query('INSERT INTO sm_smposts(file,func,time,poster,body,ip) VALUES
('.$file.','.$func.','.$time.',"'. $context['user']['name'] .'",\''.mysql_real_escape_string($_POST['message']).'\',"'.$context['user']['ip'].'")',__FILE__,__LINE__);
$afterfunc();
$templatefunc = $afterfunc . "_template";
}
function LoginWebiste(){
echo LoginUser();
exit;
}
function LogOutWebsite(){
global $cookieaddr, $scripturl, $cookiename;
setcookie ($cookiename, '', time() - 100000, '/', $cookieaddr, 0 ,1);
echo 'Logging out...';
sleep(2);
echo '<script type="text/javascript">window.location="'.$scripturl.'"</script>';
exit;
}
?>