= 41) { $PHP_SELF = $_SERVER['PHP_SELF']; } if(isset($admin)){ $admin = base64_decode($admin); $admin = addslashes($admin); $admin = base64_encode($admin); } if(isset($user)){ $user = base64_decode($user); $user = addslashes($user); $user = base64_encode($user); } foreach ($_GET as $sec_key => $secvalue) { if ((eregi("<[^>]*script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("\([^>]*\"?[^)]*\)", $secvalue)) || (eregi("\"", $secvalue))) { die ("not allowed"); } } foreach ($_POST as $secvalue) { if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) { die ("not allowed"); } } include ("config.php"); include("mysql.class.php"); $db = new sql_db($dbhost, $dbuname, $dbpass, $dbname, false); if(!$db->db_connect_id) { include("header.php"); echo "

Error:


Connection to database has faild!
check mysql server/database name/username/password









"; echo mysql_error(); include("footer.php"); die(); } //load the site info from db. $setup_sql = $db->sql_query("SELECT * FROM ".$prefix."_setupme"); $setup_row = $db->sql_fetchrow($setup_sql); $site_name = stripslashes($setup_row['site_name']); $site_email= stripslashes($setup_row['site_email']); $site_url = stripslashes($setup_row['site_url']); $site_info = stripslashes($setup_row['site_info']); $language = stripslashes($setup_row['language']); $tmp_header = stripslashes($setup_row['tmp_header']); $tmp_header2 = stripslashes($setup_row['tmp_header2']); $tmp_cp = stripslashes($setup_row['tmp_cp']); $tmp_footer = stripslashes($setup_row['tmp_footer']); $m_Version = stripslashes($setup_row['m_Version']); $m_ChatWidth = stripslashes($setup_row['m_ChatWidth']); $m_ChatHeight = stripslashes($setup_row['m_ChatHeight']); $m_defRoomID = stripslashes($setup_row['m_defRoomID']); $m_TalkLimit = stripslashes($setup_row['m_TalkLimit']); $m_KickTime = stripslashes($setup_row['m_KickTime']); $m_Server = stripslashes($setup_row['m_Server']); $m_AccountID = stripslashes($setup_row['m_AccountID']); $m_TextWinWidth = stripslashes($setup_row['m_TextWinWidth']); $m_ListBgColor = stripslashes($setup_row['m_ListBgColor']); $m_TextFontName = stripslashes($setup_row['m_TextFontName']); $m_TextFontSize = stripslashes($setup_row['m_TextFontSize']); $m_TextUserColor = stripslashes($setup_row['m_TextUserColor']); $m_TextColor = stripslashes($setup_row['m_TextColor']); $m_TextWinBgColor = stripslashes($setup_row['m_TextWinBgColor']); $m_WelcomeMess = stripslashes($setup_row['m_WelcomeMess']); $m_TextChatLimit = stripslashes($setup_row['m_TextChatLimit']); $m_FloodControl = stripslashes($setup_row['m_FloodControl']); $m_TextWinBgImage = stripslashes($setup_row['m_TextWinBgImage']); $m_PublicCamEnable = stripslashes($setup_row['m_PublicCamEnable']); $m_TextFilter = stripslashes($setup_row['m_TextFilter']); $m_AnimationFolder = stripslashes($setup_row['m_AnimationFolder']); $m_PrivateMessage = stripslashes($setup_row['m_PrivateMessage']); $m_PriveteVoice = stripslashes($setup_row['m_PriveteVoice']); $m_Sms = stripslashes($setup_row['m_Sms']); $m_Sms_dir = stripslashes($setup_row['m_Sms_dir']); //load the language include ("lang/$language.php"); //global function for checkig whethar user is logged in or not. //you will notice we will use it everwhere in the script. function is_logged_in($user) { global $db,$prefix; if(!is_array($user)) { $read_cookie = explode("|", base64_decode($user)); $userid = $read_cookie[0]; $passwd = $read_cookie[2]; } else { $userid = $read_cookie[0]; $passwd = $read_cookie[2]; } $userid = addslashes($userid); $userid = intval($userid); if ($userid != "" AND $passwd != "") { $result = $db->sql_query("SELECT password FROM ".$prefix."_users WHERE userid='$userid'"); $row = $db->sql_fetchrow($result); $pass = $row['password']; if($pass == $passwd && $pass != "") { return 1; } } return 0; } function is_logged_in_admin($admin) { global $db,$prefix; if(!is_array($admin)) { $read_cookie = explode("|", base64_decode($admin)); $adminid = $read_cookie[0]; $passwd = $read_cookie[2]; } else { $adminid = $read_cookie[0]; $passwd = $read_cookie[2]; } $adminid = addslashes($adminid); $adminid = intval($adminid); if ($adminid != "" AND $passwd != "") { $result = $db->sql_query("SELECT password FROM ".$prefix."_admin WHERE adminid='$adminid'"); $row = $db->sql_fetchrow($result); $pass = $row['password']; if($pass == $passwd && $pass != "") { return 1; } } return 0; } $allowed = $_SERVER['SERVER_NAME']; $lisence = ""._www.""; $lisence2 = ""._www2.""; if($allowed != "$lisence2" && "$lisence1"){ echo"Sorry, you may purchase owen script. Contact xerwate at hotmail dot com."; die(); } function msg_redirect($msg,$url,$seconds){ global $site_name, $site_url; $redir = $_SERVER['PHP_SELF']; echo " $site_name -
Çawerêbe..
- Kemêk çawerêbe ta em pencereye erwa.
Eger em kare katî zorî xayand kirte lêre bike
"; } ?>