anyone wants fixed xzone source ? with extra security like
PHP Code:
////////////////////////////////////////////here we go with some security///////////////////////////////////////////////
function maxsysop () {
global $CURUSER;
$lmaxclass = 6; //max class
$lsysopnames = array("wolfman"); //staff names
if ($CURUSER["class"] >= $lmaxclass)
if (!in_array($CURUSER["username"], $lsysopnames, true)) { // true for strict comparison
$msg = "Fake Account Detected: Username: ".$CURUSER["username"]." - UserID: ".$CURUSER["id"]." - UserIP : ".getip();
write_log($msg);
stderr("Access Denied!","We come to believe you are using a fake account, therefore we've logged this action!");
}
// Check Staff IDS
define ('UC_STAFF', 4); // moderator
if ($CURUSER['class'] >= UC_STAFF) {
$allowed_ID = array(34); // staff IDs
if (!in_array((int)$CURUSER['id'], $allowed_ID, true)) { // true for strict comparison
$msg = "Fake Account Detected: Username: ".$CURUSER["username"]." - UserID: ".$CURUSER["id"]." - UserIP : ".getip();
write_log($msg);
stderr("Access Denied!","We come to believe you are using a fake account, therefore we've logged this action!");
}
}
}
function hacker_dork($hacked_what)
{
$ip=getip();
$ban_ip = sqlesc(trim($_SERVER['REMOTE_ADDR']));
$res = mysql_query("SELECT id, username, modcomment FROM users WHERE ip = $ban_ip AND class < ".UC_ADMINISTRATOR);
if (mysql_num_rows($res) > 0){
$arr = mysql_fetch_assoc($res);
$subject = sqlesc($arr['username']." tired to hack $hacked_what");
$body = sqlesc("user: [url=userdetails.php?id=".$arr['id']."]".$arr['username']."[/url] \n with IP: $ban_ip [server remote address] $ip [function getip]\n tried to hack $hacked_what.\n ");
$modcomment = gmdate("Y-m-d") . " Banned for trying to hack $hacked_what...\n". $arr['modcomment'];
mysql_query("UPDATE users set enabled='no', modcomment = ".sqlesc($modcomment)." where id=".$arr['id']);
} else {
$subject = sqlesc("attempt to hack $hacked_what");
$body = sqlesc("user with IP: $ban_ip \n tried to hack $hacked_what.\n ");
}
auto_post( $subject , $body );
stderr("Wtf You Aint Staff", "Tut Tut..Nice try... You've just gone and banned yourself n00b !!");
die();
}
////////// /* to pages what this suppose to secure add this */ /////////////
////////// /* if (get_user_class() < UC_MODERATOR) */ //////////////////////
////////// /* hacker_dork("haa haa - what ever!"); */ //////////////////////
//////////////////////////////////////////edit ore get error :D ////////////////////////////////////////////////////////
i only need to put up default style for it