Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
RevCMS Group Addons?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Brad" data-source="post: 375464" data-attributes="member: 17995"><p>That's the one I coded, I'll see If I have it still.</p><p>[doublepost=1464031877,1464031837][/doublepost]turns out I do.</p><p></p><p>[CODE]<?php include('includes/checktheban.php'); ?></p><p><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"</p><p> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"></p><p><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml"></p><p><head></p><p></p><p> <meta http-equiv="content-type" content="text/html; charset=utf-8" /></p><p> <title>{hotelName}: Group Profile</title></p><p></p><p> <script type="text/javascript"></p><p> var andSoItBegins = (new Date()).getTime();</p><p> </script></p><p></p><p> <link rel="shortcut icon" href="{url}/app/tpl/skins/Habbo/web-gallery/v2/favicon.ico" type="image/vnd.microsoft.icon" /></p><p> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/common.css" type="text/css" /></p><p> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/libs2.js" type="text/javascript"></script></p><p> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/visual.js" type="text/javascript"></script></p><p> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/libs.js" type="text/javascript"></script></p><p> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/common.js" type="text/javascript"></script></p><p> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/fullcontent.js" type="text/javascript"></script></p><p></p><p> <script type="text/javascript"></p><p> document.habboLoggedIn = true;</p><p> var habboName = "{username}";</p><p> var habboId = {userid};</p><p> var facebookUser = false;</p><p> var habboReqPath = "";</p><p> var habboStaticFilePath = "{url}/app/tpl/skins/Habbo/web-gallery";</p><p> var habboImagerUrl = "http://www.habbo.com/habbo-imaging/";</p><p> var habboPartner = "";</p><p> var habboDefaultClientPopupUrl = "{url}/client";</p><p> window.name = "habboMain";</p><p> if (typeof HabboClient != "undefined") {</p><p> HabboClient.windowName = "26530fff566f9e67da99560b7fe8da6d71d46391";</p><p> HabboClient.maximizeWindow = true;</p><p> }</p><p> </script></p><p> </p><p></p><p> </p><p> <!--script src="{url}/app/tpl/skins/Habbo//web-gallery/static/js/homeview.js" type="text/javascript"></script--></p><p> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/homes/lightwindow.css" type="text/css" /></p><p> <!--script src="{url}/app/tpl/skins/Habbo//web-gallery/static/js/homeauth.js" type="text/javascript"></script--></p><p> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/homes/group.css" type="text/css" /></p><p> </p><p> </p><p></p><p> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/lightweightmepage.css" type="text/css" /></p><p> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/lightweightmepage.js" type="text/javascript"></script></p><p></p><p> <meta name="description" content="{meta_description}" /></p><p> <meta name="keywords" content="{meta_keywords}" /></p><p></p><p> <!--[if IE 8]></p><p> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/ie8.css" type="text/css" /></p><p> <![endif]--></p><p> <!--[if lt IE 8]></p><p> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/ie.css" type="text/css" /></p><p> <![endif]--></p><p> <!--[if lt IE 7]></p><p> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/ie6.css" type="text/css" /></p><p> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/pngfix.js" type="text/javascript"></script></p><p> <script type="text/javascript"></p><p> try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}</p><p> </script></p><p></p><p> <style type="text/css"></p><p> body { behavior: url(/js/csshover.htc); }</p><p> </style></p><p> <![endif]--></p><p> <meta name="build" content="63-BUILD2470 - 30.09.2013 11:10 - com" /></p><p></head></p><p></p><p><body id="home" class=" "></p><p><div id="overlay"></div></p><p></p><p><?php</p><p></p><p>$navigatorID = 1;</p><p>require_once ('app/tpl/skins/Habbo/template/header.php');</p><p></p><p>?></p><p></p><p> </p><p> </p><p><div id="content-container"></p><p></p><p><div id="navi2-container" class="pngbg"></p><p> <div id="navi2" class="pngbg clearfix"></p><p> <ul></p><p> <?php</p><p></p><p> $subNavigatorID = 2;</p><p> require_once ('app/tpl/skins/Habbo/template/sub_header.php');</p><p></p><p> ?></p><p> </ul></p><p> </div></p><p> </div></p><p> </div><div id="container"></p><p><div id="content" style="position: relative" class="clearfix"></p><p><span style='font-size:10px'></p><p><style type="text/css"></p><p> .staffBox{border-bottom:1px dashed #cccccc;min-height:60px;}.staffBox:last-child{border-bottom:none;}</p><p></p><p> input[type="submit"], input[type="button"] {</p><p> background: url('https://images.fresh-hotel.org/reg_btn.png') top;</p><p> font: bold 13px arial,sans-serif;</p><p> line-height: 25px;</p><p> color: black;</p><p> height: 25px;</p><p> width: 99px;</p><p> border: 0;</p><p> }</p><p> input[type="submit"]:hover, input[type="button"]:hover {</p><p> background-position: bottom;</p><p> cursor: pointer;</p><p> }</p><p></style></p><p><?php</p><p> if(!is_numeric($_GET['i'])) $_GET['i'] = 1;</p><p> $q = mysql_query("SELECT * FROM groups WHERE id = '" . filter($_GET['i']) . "' LIMIT 1");</p><p> if(mysql_num_rows($q) != 1) header("location: {$_CONFIG['hotel']['url']}/groups/'" . filter($_GET['i']) . "'");</p><p> $groupData = mysql_fetch_assoc($q);</p><p> unset($q);</p><p> $userList = mysql_query("SELECT user_id FROM group_memberships WHERE group_id = '{$groupData["id"]}'");</p><p> </p><p>?></p><p></p><p><script></p><p> $(document).on('click', '#btnEdit', function() {</p><p> $("#overlay").show();</p><p> $("#editGroup").fadeIn("slow");</p><p> });</p><p> </p><p> $(document).on('click', '#exitBtn', function() {</p><p> $("#overlay").hide();</p><p> $("#editGroup").fadeOut("slow");</p><p> });</p><p> </p><p> $(document).on('click', '#saveBtn', function() {</p><p> $.ajax({</p><p> type: "POST",</p><p> url: "{url}/index.php?url=group&save",</p><p> data: {</p><p> id:"<?php echo $groupData['id']; ?>",</p><p> name:$("#groupName").val(),</p><p> desc:$("#groupDesc").val(),</p><p> badge:GroupBadge</p><p> },</p><p> success: function (data) {</p><p> if(data == "") alert("The group has been saved.");</p><p> else alert(data);</p><p> </p><p> $('#rGName').html($("#groupName").val());</p><p> $('.name-text').html($("#groupName").val());</p><p> $('#rGImg').attr('src', '<?php echo $_CONFIG['hotel']['url']; ?>/habbo-imaging/badge.php?badge=' + GroupBadge + '.gif"');</p><p> },</p><p> error: function() {</p><p> alert("Unable to save the group.");</p><p> }</p><p> });</p><p> });</p><p></script></p><p><?php</p><p> if(!is_numeric($_GET['i'])) $_GET['i'] = 1;</p><p> $q = mysql_query("SELECT * FROM groups WHERE id = '" . filter($_GET['i']) . "' LIMIT 1");</p><p> if(mysql_num_rows($q) != 1) header("location: {$_CONFIG['hotel']['url']}/groups/'" . filter($_GET['i']) . "'");</p><p> $groupData = mysql_fetch_assoc($q);</p><p> unset($q);</p><p> $userList = mysql_query("SELECT user_id,rank FROM group_memberships WHERE group_id = '{$groupData["id"]}'");</p><p> </p><p>?></p><p></p><p><div id="column1" class="column" style="float:left;width:320px;"></p><p> <div class="habblet-container"> </p><p> <div class="cbb clearfix green"></p><p> <h2 class='title' style='font-size:12px;text-align:left;font-family: "Tahoma",Verdana,Arial;'><span style="float: left;">Group Home Page</span></h2></p><p> <div class="movable widget ProfileWidget" id="widget-902026" style=" left: 25px; top: 26px; z-index: 4;"></p><p><div class="w_skin_defaultskin"></p><p> <div class="widget-corner" id="widget-902026-handle"></p><p> </div></p><p> <div class="widget-body"></p><p> <div class="widget-content"></p><p> <div class="profile-info"></p><p> <div class="name" style="float: left"></p><p> <span class="name-text"><span id='rGName'>&nbsp;&nbsp;Group Name:<b> <?php echo $groupData["name"]; ?></b></span></span></p><p> </div></p><p> </div></p><p> <br class="clear" /></p><p> <span style="float:left;width:130px"></p><p> &nbsp; Created: <?php echo date("d-m-y", $groupData['created']); ?><br/></p><p> &nbsp; Owner: <?php echo mysql_result(mysql_query("SELECT username,look,id FROM users WHERE id = '{$groupData['owner_id']}' LIMIT 1"), 0); ?><br/></p><p> &nbsp; Room: <?php echo mysql_result(mysql_query("SELECT caption FROM rooms WHERE id = '{$groupData['room_id']}' LIMIT 1"), 0); ?><br/></p><p> </span></p><p> <span style="float:right;width:40px;"></p><p> <img id='rGImg' src="<?php echo $_CONFIG['hotel']['url']; ?>/habbo-imaging/badge/<?php echo $groupData["badge"]; ?>.gif"></p><p> </span></p><p> </script></p><p> <div class="clear"></div></p><p> </div></p><p> </div></p><p></div></p><p></div></div></div></p><p> </p><p> <?php $getLook = mysql_query("SELECT * FROM `users` WHERE `id` = '{$groupData['owner_id']}' ORDER BY rand()");</p><p> $look = mysql_fetch_assoc($getLook); ?></p><p> </p><p> </p><p> <div class="habblet-container"> </p><p> <div class="cbb clearfix settings"></p><p> <h2 class='title' style='font-size:12px;text-align:left;font-family: "Tahoma",Verdana,Arial;'>Group Owner<span style="float: right;"><img src="{url}/app/tpl/skins/Habbo/images/<?php echo ''. $look['online'].''; ?>.gif"/></span></h2></p><p> <div style='padding-left:5px;padding-right:5px;padding-top:5px;'></p><p> <?php</p><p> $getBadges = mysql_query("SELECT user_id FROM `group_memberships` WHERE `user_id` = '{$groupData['owner_id']}'");</p><p> $id = mysql_fetch_assoc($getBadges);</p><p> $getLook = mysql_query("SELECT * FROM `users` WHERE `id` = '{$groupData['owner_id']}' ORDER BY rand()");</p><p> $look = mysql_fetch_assoc($getLook);</p><p> echo ' Username: '.$look['username'].'<br /><span style="float: center;"></p><p> Motto: '.$look['motto'].'</p><p> </span> <br /><img src="http://www.habbo.fr/habbo-imaging/avatarimage?figure='.$look['look'].'.gif&direction=2&head_direction=3&gesture=sml&action=wav&" style="padding: 3px;" draggable="false"></p><p> </p><p> </p><p> '; </p><p> </p><p> </p><p> ?></p><p> </p><p> </p><p> </div></p><p> </div></p><p></div></p><p></p><p> </p><p> <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script></p><p> </div></p><p></p><p><div id="column2" class="column" style="float:left;width:450px;"></p><p></p><p> </p><p> </p><p></div></p><p><!--[if lt IE 7]></p><p><script type="text/javascript"></p><p>Pngfix.doPngImageFix();</p><p></script></p><p><![endif]--></p><p></p><p> </p><p> </p><p> <div id="column1" class="column"></p><p> <div class="habblet-container "></p><p> <div class="cbb clearfix blue "></p><p> <h2 class="title"><span style="float: left;">Group Members</span></h2></p><p> <div class="movable widget GroupsWidget" id="widget-1938125" style=" left: 25px; top: 180px; z-index: 10;"></p><p><div class="w_skin_defaultskin"></p><p> <div class="widget-corner" id="widget-1938125-handle"></p><p> <div class="widget-headline"><h3><span class="header-left">&nbsp;</span><span class="header-middle">Group Members (<span id="groups-list-size"><?php echo mysql_num_rows($userList); ?></span>)</span><span class="header-right">&nbsp;</span></h3></p><p> </div> </p><p> </div></p><p> <div class="widget-body"></p><p> <div class="widget-content"></p><p> <?php</p><p> if(mysql_num_rows($userList) == 0) {</p><p> ?></p><p> <div class="groups-list-none"></p><p> There are no member at the moment!:(</p><p> </div></p><p> <?php</p><p> }else {</p><p> while($row = mysql_fetch_assoc($userList)) {</p><p> $userData = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id = '{$row['user_id']}' LIMIT 1"));</p><p> echo '<a href="{url}/home/'.$userData['username'].'"><img height="100" src="http://www.habbo.nl/habbo-imaging/avatarimage?figure='.$userData['look'].'" draggable="false"></img>'.$userData['username'].'</a>';</p><p> }</p><p> }</p><p> ?></p><p> <div class="clear"></div></p><p> </div></p><p></p><p></div></p><p></div></p><p></div></p><p><script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script></p><p><script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script></p><p><script></p><p> var GroupBadge = "<?php echo $groupData['badge']; ?>";</p><p> </p><p> $(document).on('click', '.badgeSlot', function() {</p><p> $(".badgeSlot").removeClass("selected");</p><p> $(this).addClass("selected");</p><p> GroupBadge = $(this).attr('id');</p><p> });</p><p> </p><p> <?php if(isset($_GET['edit']) && $_SESSION['user']['id'] == $groupData['ownerid']) { ?></p><p> $(function() {</p><p> $("#overlay").show();</p><p> $("#editGroup").fadeIn("slow");</p><p> });</p><p> <?php } ?></p><p></script></p><p> </p><p> <script></p><p> $j(document).ready(function() {</p><p> new $j.Zebra_Tooltips($j('.zebra_tips1'));</p><p> });</p><p> </script></p><p> </p><p> </div></p><p> </div></p><p> </div> </p><p> </div> <script></p><p> $j(document).ready(function() {</p><p> new $j.Zebra_Tooltips($j('.zebra_tips1'));</p><p> });</p><p> </script></p><p> </p><p> </div></p><p> </div></p><p> </div> </p><p> </div></p><p> <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script></p><p> </p><p> <script type="text/javascript"></p><p> document.observe('dom:loaded', function() {</p><p> CurrentRoomEvents.init();</p><p> });</p><p> </script></p><p> </div></p><p> <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script></p><p> <script type="text/javascript"></p><p> HabboView.run();</p><p> </script> </p><p> <!--[if lt IE 7]></p><p> <script type="text/javascript"></p><p> Pngfix.doPngImageFix();</p><p> </script></p><p> <![endif]--></p><p> </p><p> <div id="footer" ></p><p> <?php include('includes/footer.php'); ?></p><p> <?php include('includes/checktheban.php'); ?></p><p> </div></p><p> </p><p> </body></p><p></html>[/CODE]</p><p>I believe there's an XSS exploit though.</p></blockquote><p></p>
[QUOTE="Brad, post: 375464, member: 17995"] That's the one I coded, I'll see If I have it still. [doublepost=1464031877,1464031837][/doublepost]turns out I do. [CODE]<?php include('includes/checktheban.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>{hotelName}: Group Profile</title> <script type="text/javascript"> var andSoItBegins = (new Date()).getTime(); </script> <link rel="shortcut icon" href="{url}/app/tpl/skins/Habbo/web-gallery/v2/favicon.ico" type="image/vnd.microsoft.icon" /> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/common.css" type="text/css" /> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/libs2.js" type="text/javascript"></script> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/visual.js" type="text/javascript"></script> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/libs.js" type="text/javascript"></script> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/common.js" type="text/javascript"></script> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/fullcontent.js" type="text/javascript"></script> <script type="text/javascript"> document.habboLoggedIn = true; var habboName = "{username}"; var habboId = {userid}; var facebookUser = false; var habboReqPath = ""; var habboStaticFilePath = "{url}/app/tpl/skins/Habbo/web-gallery"; var habboImagerUrl = "http://www.habbo.com/habbo-imaging/"; var habboPartner = ""; var habboDefaultClientPopupUrl = "{url}/client"; window.name = "habboMain"; if (typeof HabboClient != "undefined") { HabboClient.windowName = "26530fff566f9e67da99560b7fe8da6d71d46391"; HabboClient.maximizeWindow = true; } </script> <!--script src="{url}/app/tpl/skins/Habbo//web-gallery/static/js/homeview.js" type="text/javascript"></script--> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/homes/lightwindow.css" type="text/css" /> <!--script src="{url}/app/tpl/skins/Habbo//web-gallery/static/js/homeauth.js" type="text/javascript"></script--> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/homes/group.css" type="text/css" /> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/lightweightmepage.css" type="text/css" /> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/lightweightmepage.js" type="text/javascript"></script> <meta name="description" content="{meta_description}" /> <meta name="keywords" content="{meta_keywords}" /> <!--[if IE 8]> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/ie8.css" type="text/css" /> <![endif]--> <!--[if lt IE 8]> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/ie.css" type="text/css" /> <![endif]--> <!--[if lt IE 7]> <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/ie6.css" type="text/css" /> <script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/pngfix.js" type="text/javascript"></script> <script type="text/javascript"> try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {} </script> <style type="text/css"> body { behavior: url(/js/csshover.htc); } </style> <![endif]--> <meta name="build" content="63-BUILD2470 - 30.09.2013 11:10 - com" /> </head> <body id="home" class=" "> <div id="overlay"></div> <?php $navigatorID = 1; require_once ('app/tpl/skins/Habbo/template/header.php'); ?> <div id="content-container"> <div id="navi2-container" class="pngbg"> <div id="navi2" class="pngbg clearfix"> <ul> <?php $subNavigatorID = 2; require_once ('app/tpl/skins/Habbo/template/sub_header.php'); ?> </ul> </div> </div> </div><div id="container"> <div id="content" style="position: relative" class="clearfix"> <span style='font-size:10px'> <style type="text/css"> .staffBox{border-bottom:1px dashed #cccccc;min-height:60px;}.staffBox:last-child{border-bottom:none;} input[type="submit"], input[type="button"] { background: url('https://images.fresh-hotel.org/reg_btn.png') top; font: bold 13px arial,sans-serif; line-height: 25px; color: black; height: 25px; width: 99px; border: 0; } input[type="submit"]:hover, input[type="button"]:hover { background-position: bottom; cursor: pointer; } </style> <?php if(!is_numeric($_GET['i'])) $_GET['i'] = 1; $q = mysql_query("SELECT * FROM groups WHERE id = '" . filter($_GET['i']) . "' LIMIT 1"); if(mysql_num_rows($q) != 1) header("location: {$_CONFIG['hotel']['url']}/groups/'" . filter($_GET['i']) . "'"); $groupData = mysql_fetch_assoc($q); unset($q); $userList = mysql_query("SELECT user_id FROM group_memberships WHERE group_id = '{$groupData["id"]}'"); ?> <script> $(document).on('click', '#btnEdit', function() { $("#overlay").show(); $("#editGroup").fadeIn("slow"); }); $(document).on('click', '#exitBtn', function() { $("#overlay").hide(); $("#editGroup").fadeOut("slow"); }); $(document).on('click', '#saveBtn', function() { $.ajax({ type: "POST", url: "{url}/index.php?url=group&save", data: { id:"<?php echo $groupData['id']; ?>", name:$("#groupName").val(), desc:$("#groupDesc").val(), badge:GroupBadge }, success: function (data) { if(data == "") alert("The group has been saved."); else alert(data); $('#rGName').html($("#groupName").val()); $('.name-text').html($("#groupName").val()); $('#rGImg').attr('src', '<?php echo $_CONFIG['hotel']['url']; ?>/habbo-imaging/badge.php?badge=' + GroupBadge + '.gif"'); }, error: function() { alert("Unable to save the group."); } }); }); </script> <?php if(!is_numeric($_GET['i'])) $_GET['i'] = 1; $q = mysql_query("SELECT * FROM groups WHERE id = '" . filter($_GET['i']) . "' LIMIT 1"); if(mysql_num_rows($q) != 1) header("location: {$_CONFIG['hotel']['url']}/groups/'" . filter($_GET['i']) . "'"); $groupData = mysql_fetch_assoc($q); unset($q); $userList = mysql_query("SELECT user_id,rank FROM group_memberships WHERE group_id = '{$groupData["id"]}'"); ?> <div id="column1" class="column" style="float:left;width:320px;"> <div class="habblet-container"> <div class="cbb clearfix green"> <h2 class='title' style='font-size:12px;text-align:left;font-family: "Tahoma",Verdana,Arial;'><span style="float: left;">Group Home Page</span></h2> <div class="movable widget ProfileWidget" id="widget-902026" style=" left: 25px; top: 26px; z-index: 4;"> <div class="w_skin_defaultskin"> <div class="widget-corner" id="widget-902026-handle"> </div> <div class="widget-body"> <div class="widget-content"> <div class="profile-info"> <div class="name" style="float: left"> <span class="name-text"><span id='rGName'> Group Name:<b> <?php echo $groupData["name"]; ?></b></span></span> </div> </div> <br class="clear" /> <span style="float:left;width:130px"> Created: <?php echo date("d-m-y", $groupData['created']); ?><br/> Owner: <?php echo mysql_result(mysql_query("SELECT username,look,id FROM users WHERE id = '{$groupData['owner_id']}' LIMIT 1"), 0); ?><br/> Room: <?php echo mysql_result(mysql_query("SELECT caption FROM rooms WHERE id = '{$groupData['room_id']}' LIMIT 1"), 0); ?><br/> </span> <span style="float:right;width:40px;"> <img id='rGImg' src="<?php echo $_CONFIG['hotel']['url']; ?>/habbo-imaging/badge/<?php echo $groupData["badge"]; ?>.gif"> </span> </script> <div class="clear"></div> </div> </div> </div> </div></div></div> <?php $getLook = mysql_query("SELECT * FROM `users` WHERE `id` = '{$groupData['owner_id']}' ORDER BY rand()"); $look = mysql_fetch_assoc($getLook); ?> <div class="habblet-container"> <div class="cbb clearfix settings"> <h2 class='title' style='font-size:12px;text-align:left;font-family: "Tahoma",Verdana,Arial;'>Group Owner<span style="float: right;"><img src="{url}/app/tpl/skins/Habbo/images/<?php echo ''. $look['online'].''; ?>.gif"/></span></h2> <div style='padding-left:5px;padding-right:5px;padding-top:5px;'> <?php $getBadges = mysql_query("SELECT user_id FROM `group_memberships` WHERE `user_id` = '{$groupData['owner_id']}'"); $id = mysql_fetch_assoc($getBadges); $getLook = mysql_query("SELECT * FROM `users` WHERE `id` = '{$groupData['owner_id']}' ORDER BY rand()"); $look = mysql_fetch_assoc($getLook); echo ' Username: '.$look['username'].'<br /><span style="float: center;"> Motto: '.$look['motto'].' </span> <br /><img src="http://www.habbo.fr/habbo-imaging/avatarimage?figure='.$look['look'].'.gif&direction=2&head_direction=3&gesture=sml&action=wav&" style="padding: 3px;" draggable="false"> '; ?> </div> </div> </div> <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script> </div> <div id="column2" class="column" style="float:left;width:450px;"> </div> <!--[if lt IE 7]> <script type="text/javascript"> Pngfix.doPngImageFix(); </script> <![endif]--> <div id="column1" class="column"> <div class="habblet-container "> <div class="cbb clearfix blue "> <h2 class="title"><span style="float: left;">Group Members</span></h2> <div class="movable widget GroupsWidget" id="widget-1938125" style=" left: 25px; top: 180px; z-index: 10;"> <div class="w_skin_defaultskin"> <div class="widget-corner" id="widget-1938125-handle"> <div class="widget-headline"><h3><span class="header-left"> </span><span class="header-middle">Group Members (<span id="groups-list-size"><?php echo mysql_num_rows($userList); ?></span>)</span><span class="header-right"> </span></h3> </div> </div> <div class="widget-body"> <div class="widget-content"> <?php if(mysql_num_rows($userList) == 0) { ?> <div class="groups-list-none"> There are no member at the moment!:( </div> <?php }else { while($row = mysql_fetch_assoc($userList)) { $userData = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE id = '{$row['user_id']}' LIMIT 1")); echo '<a href="{url}/home/'.$userData['username'].'"><img height="100" src="http://www.habbo.nl/habbo-imaging/avatarimage?figure='.$userData['look'].'" draggable="false"></img>'.$userData['username'].'</a>'; } } ?> <div class="clear"></div> </div> </div> </div> </div> <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> <script> var GroupBadge = "<?php echo $groupData['badge']; ?>"; $(document).on('click', '.badgeSlot', function() { $(".badgeSlot").removeClass("selected"); $(this).addClass("selected"); GroupBadge = $(this).attr('id'); }); <?php if(isset($_GET['edit']) && $_SESSION['user']['id'] == $groupData['ownerid']) { ?> $(function() { $("#overlay").show(); $("#editGroup").fadeIn("slow"); }); <?php } ?> </script> <script> $j(document).ready(function() { new $j.Zebra_Tooltips($j('.zebra_tips1')); }); </script> </div> </div> </div> </div> <script> $j(document).ready(function() { new $j.Zebra_Tooltips($j('.zebra_tips1')); }); </script> </div> </div> </div> </div> <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script> <script type="text/javascript"> document.observe('dom:loaded', function() { CurrentRoomEvents.init(); }); </script> </div> <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script> <script type="text/javascript"> HabboView.run(); </script> <!--[if lt IE 7]> <script type="text/javascript"> Pngfix.doPngImageFix(); </script> <![endif]--> <div id="footer" > <?php include('includes/footer.php'); ?> <?php include('includes/checktheban.php'); ?> </div> </body> </html>[/CODE] I believe there's an XSS exploit though. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
RevCMS Group Addons?
Top