[b]index.php[/b]
[code]
<?php
require("time.php");
require("log.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
 <head>
  <title><?php echo str_repeat(md5(rand(1,1000)),rand(1,5)); ?></title>
  <link rel="stylesheet" type="text/css" href="style.css" />
 </head>
 <body>
  <form id="form" method="post" target="annie" action="kees.php">
   Site: <input type="text" name="henk" size="130" id="site" />
   <input type="submit" value="Ga naar" />
   <select onChange="site.value = this.value; form.submit();">
    <option value="">Snelkeuzes...</option>
    <option value="www.funnygames.nl">Funnygames</option>
    <option value="www.google.nl/firefox">Google</option>
    <option value="www.runescape.com">Runescape</option>
   </select>
  </form>
  <iframe width="100%" name="annie" height="90%" ></iframe>
 </body>
</html>
[/code]

[b]kees.php[/b]
[code]
<?php
require("time.php");
require("log.php");
if(!empty($_POST['henk'])) {
        $henk = $_POST['henk'];
        if(substr($henk,0,8) == "https://") {
                die("Je kan geen https verzoeken doen met PYGO");
        }
        if(substr($henk,0,7) != "http://") {
                $henk = "http://".$henk;
        }
        $check = (@file_get_contents($henk));
        if(!$check) {
                echo "De site <b>".$henk."</b> bestaat niet.<br />";
        } else {
                if(substr($henk,-1) != "/") { $henk = $henk.'/'; }
                $check = str_replace("<head>",'<head><base href="'.$henk.'" target="_self">',$check);
                $check = str_replace("target=\"_new\"","target=\"_self\"",$check);
                $check = str_replace("target=\"_blank\"","target=\"_self\"",$check);
                $check = str_replace("target=\"_parent\"","target=\"_self\"",$check);
                echo($check);
        }
} else {
        echo "Ben jij nou egt een van die mensen die niks gaan invullen om te kijken wat er gebeurt? Er gebeurt lekker niks!";
}
?>
[/code]

[b]error.php[/b]
[code]
<?php require("log.php"); ?>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL <?php echo $_SERVER['PHP_SELF']; ?> was not found on this server.</p>
<hr>
<?php echo $_SERVER['SERVER_SIGNATURE']; ?>
</body></html>
[/code]

[b]log.php[/b]
[code]
<?php
$link = mysql_connect('localhost','***','***');
mysql_select_db('***',$link);


$ban = "SELECT * FROM ban WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
$banres = mysql_query($ban) or die(mysql_error());
if(mysql_num_rows($banres) == 1) {
        header("HTTP/1.0 404 Not Found");
        require("error.php");
        die();
}
$sql = "SELECT * FROM ip_log WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 1) {
        $sql2 = "UPDATE ip_log SET visits = visits + 1 WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
} else {
        $sql2 = "INSERT INTO ip_log (ip,visits) VALUES('".$_SERVER['REMOTE_ADDR']."','1')";
}
$res2 = mysql_query($sql2);
if(empty($_SERVER['HTTP_USER_AGENT'])) {
        $_SERVER['HTTP_USER_AGENT'] = 'Proxy mofo...';
}

$info = "SELECT * FROM info_log WHERE ip = '".$_SERVER['REMOTE_ADDR']."' AND info = '".mysql_real_escape_string($_SERVER['HTTP_USER_AGENT'])."'";
$infoo = mysql_query($info) or die(mysql_error());
if(mysql_num_rows($infoo) == 0) {
        mysql_query("INSERT INTO info_log (info,ip,tijd) VALUES('".mysql_real_escape_string($_SERVER['HTTP_USER_AGENT'])."','".$_SERVER['REMOTE_ADDR']."',NOW())") or d
ie(mysql_error());
}
?>
[/code]

[b]time.php[/b]
[code]
<?php
$time = date("H");
$day = date("N");
if($time >= 16 || $time < 8 || $day == 6 || $day == 7){
        header("HTTP/1.0 404 Not Found");
        require("error.php");
        die();
}
?>
[/code]

[b]admin/index.php[/b]
[code]
<?php
//require("../time.php");
require("../log.php");
if($_SERVER['PHP_AUTH_USER'] != base64_decode("***") || $_SERVER['PHP_AUTH_PW'] != base64_decode("***")) {
        header("WWW-Authenticate: Basic realm=\"Enter username and password to access the P.Y.G.O Controll center...\"");
        header("HTTP/1.0 401 Unauthorized");
        echo "<h1>Authentication Failed</h1>You don't have rights to acces the admin panel.";
} else {
        echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\"><html>";
        echo "<head>";
        echo '<link rel="stylesheet" type="text/css" href="../style.css" /><title></title>';
        echo '</head><body onload="init();">';
        echo "<h2>P.Y.G.O Control center.</h2>";
        echo "<br /><br />WTF wil je doen?";
        echo "<br /><ul>";
        echo "<li><a href=\"index.php\">Terug</a></li>";
        echo "<li><a href=\"index.php?page=truncatee\" >Truncate de log tabellen</a></li>";
        echo "<li><a href=\"index.php?page=ips\">Bekijk banlist/ip log</a></li>";
        echo "<li><a href=\"index.php?page=msg\">Bekijk berichten</a></li>";
        echo "<li><a href=\"index.php?page=mad\">Voeg nieuw admin bericht toe</a></li>";
        echo "</ul>";
        require("msgfunc.php");
        if(isset($_GET['msgid'])) {
                set_message_read($_GET['msgid'],$_SERVER['REMOTE_ADDR']);
        }
        if($_GET['page'] == "mad") {
                if($_SERVER['REQUEST_METHOD'] == "POST") {
                        $add = mysql_query("INSERT INTO messages (title,message,sip,tijd,gelezen) VALUES('".mysql_real_escape_string($_POST['
title'])."','".mysql_real_escape_string(nl2br($_POST['bericht']))."','".$_SERVER['REMOTE_ADDR']."',NOW(),0)");
                        if($add) {
                                echo "Het toevoegen is gelukt. Je kan nu <a href=\"index.php?page=msg\">hier</a> de berichten bekijken";
                        } else {
                                echo "er is iets mis gegaan =D";
                        }
                } else {
                        echo "<br />Voeg een nieuw admin_board bericht toe.:<br />";
                        echo "<form action=\"index.php?page=mad\" method=\"post\">";
                        echo "Onderwerp: <input type=\"text\" name=\"title\" />";
                        echo "<br />Bericht:<br /><textarea name=\"bericht\" rows=\"20\" cols=\"160\"></textarea>";
                        echo "<br /><input type=\"submit\" value=\"Send\" /> Vul alles in en klik daarna op de Send knop.";
                        echo "</form>";
                }
                die("</body></html>");
        }
        echo get_new_messages($_SERVER['REMOTE_ADDR']);
        if(isset($_GET['msgid'])) {
                $msg = read_one_message($_GET['msgid']);
                echo "<br /><b>".$msg['title']."</b>&nbsp;&brvbar;&nbsp;[".$msg['tijd']."]<br /><br />";
                echo $msg['message'];
                die("</body></html>");
        }
        if($_GET['page'] == "msg") {
                echo  "<br /><br />".read_all_messages();
                die("</body></html>");
        }
        if($_GET['page'] == "ban") {
                if($_SERVER['REQUEST_METHOD'] != "POST") {
                        $query = "SELECT ip FROM ip_log WHERE id = '".$_GET['ban']."'";
                        $result = mysql_query($query) or die(mysql_error());
                        $ip = mysql_fetch_array($result);
                        echo "<form action=\"index.php?page=ban&amp;ban=".$_GET['ban']."\" method=\"post\">";
                        echo "Log ID: ".$_GET['ban'];
                        echo "<br />IP: ".$ip['ip'];
                        echo "<br />Naam van de persoon: <input type=\"text\" name=\"naam\" />";
                        echo "<br /><input type=\"hidden\" value=\"".$ip['ip']."\" name=\"ip\" />";
                        echo "<br />Klik om te bannen: <input onclick=\"ban()\" type=\"submit\" value=\"BAN\" /><br /><br />";
                        echo "</form>";
                } else {
                        $ban = mysql_query("INSERT INTO ban (uid,ip,naam) VALUES('".$_GET['ban']."','".$_POST['ip']."','".$_POST['naam']."')"
);
                        if($ban) {
                        echo "<font color=\"red\"><h3>Persoon is gebanned...</h3></font>";
                        }
                }
        }
        if($_GET['page'] == "ips"){
        $sql = "SELECT * FROM ip_log";
        $res = mysql_query($sql);
        echo '<table>';
echo "<tr><td><b>ID</b></td><td><b>IP</b></td><td><b>Visits</b></td><td><b>Actie</b></td><td><b>Status</b></td></tr>";
while($row = mysql_fetch_array($res)) {
        $check = "SELECT * FROM ban WHERE ip = '".$row['ip']."'";
        $checkk = mysql_query($check) or die(mysql_error());
        if(mysql_num_rows($checkk) == 1) {
                $afgh = mysql_fetch_array($checkk);
                $status = "<font color=\"red\">Gebanned (naam: ".$afgh['naam'].")</font>";
        } else {
                $status = "<font color=\"green\">Access</font>";
        }
        if(mysql_num_rows($checkk) == 1) {
                $action = "<a href=\"index.php?page=unban&amp;id=".$row['id']."\">unban</a>";
        } else {
                $action = "<a href=\"index.php?page=ban&amp;ban=".$row['id']."\">ban</a>";
        }
        echo "<tr><td>".$row['id']."</td><td>".$row['ip']."</td><td>".$row['visits']."</td><td>".$action."</td><td>".$status."</td></tr>";
}
        if($_GET['page'] == "unban") {
                $unban = "DELETE FROM ban WHERE uid = '".$_GET['id']."'";
                $unbann = mysql_query($unban) or die(mysql_error());
                if($unbann) {
                        echo "De persoon heeft nu weer de volle toegang tot P.Y.G.O.";
                        echo "<meta http-equiv=\"refresh\" content=\"0; URL=index.php\" /> ";
                }
        }
echo "</table>";
die("</body></html>");
}
if($_GET['page'] == "truncatee") {
        $truncate = "TRUNCATE ip_log";
        mysql_query($truncate) or die(mysql_error());
        $truncate = "TRUNCATE info_log";
        mysql_query($truncate) or die(mysql_error());
        echo "<meta http-equiv=\"refresh\" content=\"0; URL=index.php\" /> ";
}
echo "<br /><br />";
echo "<table>";
echo "<tr><td><b>ID</b></td><td><b>InfoString</b></td><td><b>IP(whois)</b></td><td><b>Tijd</b></td></tr>";
if(is_numeric($_GET['max'])) $max = $_GET['max'];
if(is_numeric($_GET['start'])) $start = $_GET['start'];

if (empty($max)) $max = 5;  // $max is the maximum number of results per page
if (empty($start)) $start = 0; // This is the number to start the query at the right location [DO NOT EDIT]

// Calculate some stuff
$end = $start + $max;   // This is for the query, gives the number for the LIMIT
$prev = $start - $max;   // This number is for $start in the Previous-hyperlink
$next = $end;   // This number is for $start in the Next-hyperlink

// Select everything from the table
$query = mysql_query("SELECT * FROM info_log ORDER BY ip LIMIT $start, $max") or die (mysql_error());

// Number of rows from $query
$num = mysql_num_rows($query);
if (empty($num))
{
echo "Er zijn geen resultaten. Vreemd...";
}
else
{
while ($result = mysql_fetch_row($query))
{
// Show the results
echo "<tr><td>$result[0]</td><td>$result[1]</td><td><a href=\"http://www.ripe.net/fcgi-bin/whois?form_type=simple&amp;full_query_string=&amp;
searchtext=".$result[2]."&amp;submit.x=0&amp;submit.y=0&amp;submit=Search\">$result[2]</a></td><td>$result[3]</td></tr>";
  }

 echo '<p>';
  // Check if $prev is higher than or equal to 0, if so add the Previous-hyperlink
  if ($prev >= '0')
  {
     echo "[<a href=\"index.php?start=$prev&amp;max=$max\">Vorige</a>]\n";
  } else {
     echo "[Vorige]\n";
  }

  // Count how many rows there are in the table
  $count = mysql_fetch_row(mysql_query("SELECT count(*) FROM info_log"));

  // Calculate on which page we are
  $thispage = ceil($start/$max+1);

  // If $count[0] is higher than $max, show the pagenumbers
  if ($count[0] > $max)
  {
     // Calculate the amount of pages
     $total = ceil($count[0]/$max);
     for($i=0;$i<$total;$i++)
     {
          // The number to show has to be $1+1 (because $i starts with 0)
          $number  = $i+1;
          // $start has to be $i * $max
          $start = $i*$max;

         // If thispage is equal to the number, the link has to be bold
         if ($thispage == $number)
          {
           echo "<strong>[<a href=\"index.php?start=" . $start . "&amp;max=" . $max . "\">" . $number . "</a>]</strong>\n";
         } else {
           echo "<a href=\"index.php?start=" . $start . "&amp;max=" . $max . "\">" . $number . "</a>\n";
         }
     }
  }

  // If $count[0] is higher than $next, show the hyperlink
  if ($count[0] > $next)
  {
     echo "[<a href=\"index.php?start=$next&amp;max=$max\">Volgende</a>]\n";
  } else {
     echo "[Volgende]\n";
  }
  echo "</p>\n";
}
        echo "</table></html>";
}
?>
[/code]

[b]admin/msgfunc.php[/b]
[code]
<?php
function get_new_messages($ip) {
        $check = "SELECT * FROM messages WHERE sip != '".$ip."' AND gelezen = 0";
        $checkk = mysql_query($check) or die(mysql_error());
        if(mysql_num_rows($checkk) == 0) {
        } else {
                $return = "<font color=\"red\">Je hebt ".mysql_num_rows($checkk)." ongelezen bericht";
                if(mysql_num_rows($checkk) == 1) {
                        $return .= "</font>";
                } else {
                        $return .= "en</font>";
                }
                return $return;
        }
}
function read_all_messages() {
        $read = "SELECT * FROM messages ORDER BY tijd";
        $readd = mysql_query($read) or die(mysql_error());
        $output = '';
        while($row = mysql_fetch_array($readd)) {
                $output .= "[".$row['tijd']."] <a href=\"index.php?msgid=".$row['id']."\">".$row['title']."</a><br />";
        }
        return $output;
}
function read_one_message($msg) {
        $read = "SELECT * FROM messages WHERE id = '".$msg."'";
        $readd = mysql_query($read) or die(mysql_error());
        $result = mysql_fetch_array($readd);
        return $result;
}
function set_message_read($msg,$ip) {
        $update = "UPDATE messages SET gelezen = 1 WHERE id = '".$msg."' AND sip != '".$ip."'";
        $updatee = mysql_query($update) or die(mysql_error());
}
?>
[/code]

[b]SQL:[/b]
[code]
mysql> describe ban;
+-------+--------------+------+-----+---------+----------------+
| Field | Type         | Null | Key | Default | Extra          |
+-------+--------------+------+-----+---------+----------------+
| id    | int(9)       | NO   | PRI | NULL    | auto_increment |
| uid   | int(9)       | NO   |     |         |                |
| ip    | varchar(50)  | NO   |     |         |                |
| naam  | varchar(100) | NO   |     |         |                |
+-------+--------------+------+-----+---------+----------------+
4 rows in set (0.01 sec)

mysql> describe info_log;
+-------+--------------+------+-----+---------+----------------+
| Field | Type         | Null | Key | Default | Extra          |
+-------+--------------+------+-----+---------+----------------+
| id    | int(9)       | NO   | PRI | NULL    | auto_increment |
| info  | varchar(200) | NO   |     |         |                |
| ip    | varchar(50)  | NO   |     |         |                |
| tijd  | datetime     | NO   |     |         |                |
+-------+--------------+------+-----+---------+----------------+
4 rows in set (0.01 sec)

mysql> describe ip_log;
+--------+--------------+------+-----+---------+----------------+
| Field  | Type         | Null | Key | Default | Extra          |
+--------+--------------+------+-----+---------+----------------+
| id     | int(9)       | NO   | PRI | NULL    | auto_increment |
| ip     | varchar(200) | YES  |     | NULL    |                |
| visits | int(9)       | NO   |     |         |                |
+--------+--------------+------+-----+---------+----------------+
3 rows in set (0.01 sec)

mysql> describe messages;
+---------+--------------+------+-----+---------+----------------+
| Field   | Type         | Null | Key | Default | Extra          |
+---------+--------------+------+-----+---------+----------------+
| id      | int(9)       | NO   | PRI | NULL    | auto_increment |
| title   | varchar(100) | NO   |     |         |                |
| message | text         | NO   |     |         |                |
| sip     | varchar(50)  | NO   |     |         |                |
| tijd    | datetime     | NO   |     |         |                |
| gelezen | int(1)       | NO   |     |         |                |
+---------+--------------+------+-----+---------+----------------+
6 rows in set (0.01 sec)

mysql>

[/code]

[b]SQL:[/b]
[code]
CREATE TABLE ban (
	id int(9) NOT NULL auto_increment PRIMARY KEY,
	uid int(9) NOT NULL,
	ip varchar(50) NOT NULL,
	naam varchar(100) NOT NULL
);

CREATE TABLE info_log (
	id int(9) NOT NULL auto_increment PRIMARY KEY,
	info varchar(200) NOT NULL,
	ip varchar(50) NOT NULL,
	tijd datetime NOT NULL
);

CREATE TABLE ip_log (
	id int(9) NOT NULL auto_increment PRIMARY KEY,
	ip varchar(200) NOT NULL,
	visits int(9) NOT NULL
);

CREATE TABLE messages (
	id int(9) NOT NULL auto_increment PRIMARY KEY,
	title varchar(100) NOT NULL,
	message text NOT NULL,
	sip varchar(50) NOT NULL,
	tijd datetime NOT NULL,
	gelezen int(1)
);
[/code]