function get_value($what, $table, $area, $id)
{
global $TABLE_PREFIX;
$query = do_sqlquery("SELECT {$what} FROM {$TABLE_PREFIX}{$table} WHERE {$area}={$id}", true);
$object_to_array = mysql_fetch_array($query) or sql_err(__FILE__, __LINE__);
return $object_to_array[$what];
}
function read_invitations()
{
global $TABLE_PREFIX, $admintpl, $language, $CURUSER, $STYLEPATH, $btit_settings;
$scriptname = htmlspecialchars($_SERVER["PHP_SELF"] . "?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations");
$addparam = "";
$res = get_result("SELECT COUNT(*) as invites FROM {$TABLE_PREFIX}invitations", true);
$count = $res[0]["invites"];
list($pagertop, $pagerbottom, $limit) = pager('15', $count, $scriptname . "&");
$admintpl->set("inv_pagertop", $pagertop);
$admintpl->set("inv_pagerbottom", $pagerbottom);
$results = get_result("SELECT * FROM {$TABLE_PREFIX}invitations ORDER BY id DESC {$limit}", true);
$invitees = array();
$i = 0;
foreach ($results as $id => $data) {
$res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE id = " . $data["inviter"], true);
if (mysql_num_rows($res) > 0) {
$inviter_name = mysql_result($res, 0, 0);
} else {
$inviter_name = 'Unknown';
}
$invitees[$i]["inviter"] = "<a href=\"index.php?page=userdetails&user="******"inviter"] . "\">" . $inviter_name . "</a>";
$invitees[$i]["invitee"] = unesc($data["invitee"]);
$invitees[$i]["hash"] = unesc($data["hash"]);
$invitees[$i]["time_invited"] = $data["time_invited"];
$invitees[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations&action=delete&id=" . $data["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
$i++;
}
$admintpl->set("invitees", $invitees);
$admintpl->set("language", $language);
}
function scrape($url, $infohash = '')
{
global $TABLE_PREFIX, $BASEDIR;
if (isset($url)) {
$url_c = parse_url($url);
if (!isset($url_c["port"]) || empty($url_c["port"])) {
$url_c["port"] = 80;
}
require_once $BASEDIR . "/phpscraper/" . $url_c["scheme"] . "tscraper.php";
try {
$timeout = 5;
if ($url_c["scheme"] == "udp") {
$scraper = new udptscraper($timeout);
} else {
$scraper = new httptscraper($timeout);
}
$ret = $scraper->scrape($url_c["scheme"] . "://" . $url_c["host"] . ":" . $url_c["port"] . ($url_c["scheme"] == "udp" ? "" : "/announce"), array($infohash));
do_sqlquery("UPDATE `{$TABLE_PREFIX}files` SET `lastupdate`=NOW(), `lastsuccess`=NOW(), `seeds`=" . $ret[$infohash]["seeders"] . ", `leechers`=" . $ret[$infohash]["leechers"] . ", `finished`=" . $ret[$infohash]["completed"] . " WHERE `announce_url` = '" . $url . "'" . ($infohash == "" ? "" : " AND `info_hash`='" . $infohash . "'"), true);
if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) == 1) {
write_log('SUCCESS update external torrent from ' . $url . ' tracker (infohash: ' . $infohash . ')', '');
}
} catch (ScraperException $e) {
write_log("FAILED update external torrent " . ($infohash == "" ? "" : "(infohash: " . $infohash . ")") . " from " . $url . " tracker (" . $e->getMessage() . "))", "");
}
return;
}
return;
}
function UploadImage($file, $to_url, $allowed_types = NULL, $allowed_ext = NULL)
{
global $uid, $max_file_size, $max_image_width, $max_image_height, $TABLE_PREFIX;
if (is_uploaded_file($file["tmp_name"])) {
list($x, $y, $image_type) = getimagesize($file["tmp_name"]);
$size = filesize($file["tmp_name"]);
if ($x > $max_image_width or $max_image_height > 200) {
redirect("index.php?page=usercp&do=avatar&action=read&what=image_size&uid=" . $uid . "");
die;
}
if ($size > $max_file_size) {
redirect("index.php?page=usercp&do=avatar&action=read&what=file_size&uid=" . $uid . "");
die;
}
$split_name = explode(".", $file["name"]);
$file_name = $file["name"];
if (($allowed_types == NULL || array_search($image_type, $allowed_types, true) !== false) && ($allowed_ext == NULL || array_search(strtolower($split_name[count($split_name) - 1]), $allowed_ext) !== false)) {
$pattern = "1234567890abcdefghijklmnopqrstuvwxyz";
while (file_exists($to_url . $file_name)) {
$split_name[0] = $split_name[0] . $pattern[rand(0, 35)];
$file_name = implode(".", $split_name);
}
move_uploaded_file($file["tmp_name"], $to_url . $file_name);
do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `avatar_upload_name`='{$file_name}' WHERE `id` = {$uid}", true);
return $file_name;
}
}
return false;
}
function get_settings($key)
{
global $TABLE_PREFIX;
$curr_conf_query = do_sqlquery("SELECT `value` FROM `{$TABLE_PREFIX}settings` WHERE `key` = '" . $key . "'", true);
$curr_conf = mysql_fetch_assoc($curr_conf_query);
return $curr_conf["value"];
}
function sortCategories($key)
{
global $TABLE_PREFIX;
$categories_ordering = 1;
foreach ($_POST[$key] as $categories_id) {
//echo $banner_id.", ";
$query = "UPDATE {$TABLE_PREFIX}categories SET sort_index = '{$categories_ordering}' WHERE id = " . (int) $categories_id;
echo $query . "\n";
do_sqlquery($query);
$categories_ordering++;
}
}
function paypal_form($amount, $mail, $item, $curr)
{
global $CURUSER, $btit_settings, $TABLE_PREFIX, $BASEURL;
// get user's style
$resheet = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}style where id=" . $CURUSER["style"] . " LIMIT 1", TRUE, $btit_settings["cache_duration"]);
if (!$resheet) {
$STYLEPATH = "{$THIS_BASEPATH}/style/xbtit_default";
$STYLEURL = "{$BASEURL}/style/xbtit_default";
} else {
$resstyle = mysqli_fetch_array($resheet);
$STYLEPATH = "{$THIS_BASEPATH}/" . $resstyle["style_url"];
$STYLEURL = "{$BASEURL}/" . $resstyle["style_url"];
}
// get settings
$zap_pp = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM {$TABLE_PREFIX}paypal_settings WHERE id ='1'");
$settings = mysqli_fetch_array($zap_pp);
$form = '
<html>
<head><title>processing</title><link rel="stylesheet" type="text/css" href="' . $STYLEURL . '/main.css" /></head>
<body onload="document.paypal.submit();"><br/><br/><br/><br/><br/>
<table width=30% align=center><tr><td class="block"><center><b>Processing</b></center></td></tr><tr>
<td class=lista><center><img border="0" src="images/safe-secure.gif"></td></tr></table>
<form action="' . ($settings["test"] == "true" ? "https://www.sandbox.paypal.com/cgi-bin/webscr" : "https://www.paypal.com/cgi-bin/webscr") . '" method="post" name="paypal">
<input type="hidden" name="cmd" value="_xclick" />
<input type="hidden" name="no_note" value="1" />
<input type="hidden" name="no_shipping" value="1" />
<input type="hidden" name="business" value="' . $mail . '" />
<input type="hidden" name="item_number" value="' . $item . '" />
<input type="hidden" name="item_name" value="Donation from uid: ' . $CURUSER['uid'] . '" />
<input type="hidden" name="quantity" value="1" />
<input type="hidden" name="amount" value="' . $amount . '" />
<input type="hidden" name="currency_code" value="' . $curr . '" />
<input type="hidden" name="email" value="' . $CURUSER['email'] . '" />
<input type="hidden" name="address1" value="" />
<input type="hidden" name="address2" value="" />
<input type="hidden" name="city" value="" />
<input type="hidden" name="country" value="" />
<input type="hidden" name="zip" value="" />
<input type="hidden" name="night_phone_a" value="" />
<input type="hidden" name="night_phone_b" value="" />
<input type="hidden" name="return" value="' . ($return_to_address ? $return_to_address['true'] : $BASEURL . '/index.php?page=success') . '" />
<input type="hidden" name="cancel_return" value="' . ($return_to_address ? $return_to_address['false'] : $BASEURL . $_SERVER['SCRIPT_NAME'] . '?do=cancel') . '" />
</form>
</body>
</html>';
if ($CURUSER['uid'] === 0 or $CURUSER['username'] === 'Guest') {
unset($CURUSER);
}
return $form;
}
function read_styles()
{
global $TABLE_PREFIX, $language, $CURUSER, $admintpl, $STYLEPATH;
$sres = style_list();
for ($i = 0; $i < count($sres); $i++) {
$res = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}users WHERE style = " . $sres[$i]["id"], true);
$sres[$i]["style_users"] = mysql_result($res, 0, 0);
$sres[$i]["style"] = unesc($sres[$i]["style"]);
$sres[$i]["style_url"] = unesc($sres[$i]["style_url"]);
$sres[$i]["edit"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=edit&id=" . $sres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>";
$sres[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=delete&id=" . $sres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
}
$admintpl->set("style_add", false, true);
$admintpl->set("language", $language);
$admintpl->set("styles", $sres);
$admintpl->set("style_add_new", "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=add\">" . $language["STYLE_ADD"] . "</a>");
unset($sres);
mysql_free_result($res);
}
if ($CURUSER["view_users"] == "no") {
err_msg($language["ERROR"], $language["NOT_AUTHORIZED"] . " " . strtolower($language["STAFF"]) . "!");
stdfoot();
exit;
} else {
$query = "SELECT u.id, u.username, u.avatar, UNIX_TIMESTAMP(u.joined) joined, ";
$query .= "UNIX_TIMESTAMP(u.lastconnect) lastconnect, ul.level, ul.prefixcolor, ";
$query .= "ul.suffixcolor, c.name country, c.flagpic, o.lastaction ";
$query .= "FROM {$TABLE_PREFIX}users u ";
$query .= "LEFT JOIN {$TABLE_PREFIX}users_level ul ON u.id_level = ul.id ";
$query .= "LEFT JOIN {$TABLE_PREFIX}countries c ON u.flag = c.id ";
$query .= "LEFT JOIN {$TABLE_PREFIX}online o ON u.id = o.user_id ";
$query .= "WHERE u.id_level >=6 ";
$query .= "AND u.id_level <=8 ";
$query .= "ORDER BY u.id_level DESC, u.id ASC";
$res = do_sqlquery($query);
$i = 0;
while ($row = mysql_fetch_assoc($res)) {
is_null($row["avatar"]) || $row["avatar"] == "" ? $avatar = "<img src='{$STYLEURL}/images/default_avatar.gif' height=80 width=80>" : ($avatar = "<img src='" . $row["avatar"] . "' height=80 width=80>");
is_null($row["lastaction"]) ? $lastseen = $row["lastconnect"] : ($lastseen = $row["lastaction"]);
time() - $lastseen > 900 ? $status = "<img src='images/offline.gif' border='0' alt='" . $language["OFFLINE"] . "'>" : ($status = "<img src='images/online.gif' border='0' alt='" . $language["ONLINE"] . "'>");
if (is_null($row["flagpic"])) {
$row["flagpic"] = "unknown.gif";
$row["country"] = $language["UNKNOWN"];
}
$user[$i] = "<tr>";
$user[$i] .= "<td class='lista' width='84'><center>{$avatar}</center></td>";
$user[$i] .= "<td class='lista'><center><a href='index.php?page=usercp&do=pm&action=edit&uid=" . $CURUSER["uid"] . "&what=new&to=" . $row["username"] . "'><img src='{$STYLEURL}/images/pm.gif'alt='" . $language["PM"] . "' border='0'></a></center></td>";
$user[$i] .= "<td class='lista'><center><a href='index.php?page=userdetails&id=" . $row["id"] . "'>" . stripslashes($row["prefixcolor"]) . $row["username"] . stripslashes($row["suffixcolor"]) . "</a></center></td>";
$user[$i] .= "<td class='lista'><center>" . ucfirst($row["level"]) . "</center></td>";
$user[$i] .= "<td class='lista'><center><img src='images/flag/" . $row["flagpic"] . "' border='0' alt='" . $row["country"] . "'></center></td>";
$org = $CURUSER['username'];
$r = do_sqlquery("SELECT * from {$TABLE_PREFIX}users where id={$uid}");
$c = mysqli_result($r, 0, "seedbonus");
if ($c >= $GLOBALS["price_name"]) {
if (isset($_POST["name"])) {
$custom = mysqli_real_escape_string($DBDT, $_POST["name"]);
} else {
$custom = "";
}
if ("{$custom}" == "") {
} else {
$res = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}users WHERE username='******'", true);
if (mysqli_num_rows($res) > 0) {
} else {
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET username='******' WHERE id={$CURUSER['uid']}");
if ($FORUMLINK == "smf") {
do_sqlquery("UPDATE {db_prefix}members SET memberName='" . htmlspecialchars($custom) . "' WHERE ID_MEMBER=" . $CURUSER["smf_fid"]);
}
$p = $GLOBALS["price_name"];
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET seedbonus=seedbonus-{$p} WHERE id={$CURUSER['uid']}");
}
// sb control
@mysqli_query($GLOBALS["___mysqli_ston"], "INSERT into {$TABLE_PREFIX}sb (id,what,gb,points,date) VALUES ('{$uid}','Username ( " . htmlspecialchars($custom) . " )','0', '" . $GLOBALS["price_name"] . "',NOW())");
// sb control
do_sqlquery("INSERT INTO {$TABLE_PREFIX}username (uid,username,org,date) VALUES (\"{$uid}\",\"{$custom}\",\"{$org}\",NOW())");
}
}
header("Location: index.php?page=modules&module=seedbonus");
} else {
header("Location: index.php");
}
foreach ($alevel as $level) {
$combo_max_view .= "\n<option value=\"" . $level["id_level"] . ($level["id_level"] == 8 ? "\" selected=\"selected\">" : "\">") . $level["level"] . "</option>";
}
$combo_max_view .= "\n</select>";
}
$admintpl->set("combo_min_view", $combo_min_view);
$admintpl->set("combo_max_view", $combo_max_view);
$admintpl->set("frm_action", "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=blocks&action=confirm&id={$id}");
$admintpl->set("language", $language);
$admintpl->set("edit_block", true, true);
break;
case 'save':
if ($_POST["confirm"] == $language["FRM_CONFIRM"]) {
$br = get_result("SELECT * FROM {$TABLE_PREFIX}blocks", true);
foreach ($br as $id => $block) {
$active = isset($_POST["status_" . $block["blockid"]]) ? 1 : 0;
$position = sqlesc($_POST["position_" . $block["blockid"]]);
$sort = max(0, $_POST["sort_" . $block["blockid"]]);
$block_minview = sqlesc(intval($_POST["minclassview_" . $block["blockid"]]));
$block_maxview = sqlesc(intval($_POST["maxclassview_" . $block["blockid"]]));
$id = $block["blockid"];
do_sqlquery("UPDATE {$TABLE_PREFIX}blocks SET position={$position}, sortid={$sort}, status={$active}, minclassview={$block_minview}, maxclassview={$block_maxview} WHERE blockid={$id}", true);
}
}
// don't break, we read the new block's position ;)
// don't break, we read the new block's position ;)
case '':
case 'read':
default:
read_blocks();
}
$usys = " <img src='images/user_images/" . $sy . "' alt='" . $btit_settings["text_sys"] . "' title='" . $btit_settings["text_sys"] . "' />";
}
// user image
// gift
$xmasdayst = mktime(0, 0, 0, 12, 1, 2015);
$xmasdayend = mktime(0, 0, 0, 1, 5, 2016);
$today = mktime(date("G"), date("i"), date("s"), date("m"), date("d"), date("Y"));
if ($CURUSER["gotgift"] == 'no' && $today >= $xmasdayst && $today <= $xmasdayend) {
?>
<td class='lista' style='text-align:center;;' align='center'><a href='index.php?page=gift&open=1'><img src='images/gift.png' alt='Xmas Gift' title='Xmas Gift' /></a></td>
<?php
}
// gift
// DT reputation system start
$reput = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}reputation_settings WHERE id =1");
$setrep = mysqli_fetch_array($reput);
if ($setrep["rep_is_online"] == 'false') {
//do nothing
} else {
if ($rowuser["reputation"] == 0) {
$rep = "<a href=index.php?page=reputationpage > Reputace <img src='images/rep/reputation_balance.gif' border='0' alt='" . $setrep["no_level"] . "' title='" . $setrep["no_level"] . "' /></a>";
}
if ($rowuser["reputation"] >= 1) {
$rep = "<a href=index.php?page=reputationpage > Reputace <img src='images/rep/reputation_pos.gif' border='0' alt='" . $setrep["good_level"] . "' title='" . $setrep["good_level"] . "' /></a>";
}
if ($rowuser["reputation"] <= -1) {
$rep = "<a href=index.php?page=reputationpage > Reputace <img src='images/rep/reputation_neg.gif'border='0' alt='" . $setrep["bad_level"] . "' title='" . $setrep["bad_level"] . "' /></a>";
}
if ($rowuser["reputation"] >= 101) {
$rep = "<a href=index.php?page=reputationpage > Reputace <img src='images/rep/reputation_highpos.gif' border='0' alt='" . $setrep["best_level"] . "' title='" . $setrep["best_level"] . "' /></a>";
<input type="text" name="genre" value="" size="50" />
</fieldset>
</td>
</tr>
<tr>
<td align="center" class="header">
<input type="submit" value="' . $language['f3'] . '" /> <input type="reset" value="' . $language['f4'] . '" />
</td>
</tr>
</table>
</form>';
$djtpl->set("reqform", $reqform);
}
if ($_GET['do'] == 'list') {
$is_mod = $CURUSER["edit_users"] == "yes";
$Query = do_sqlquery('SELECT t.*, u.username, g.prefixcolor, g.suffixcolor FROM ' . $TABLE_PREFIX . 'shoutcastdj t LEFT JOIN ' . $TABLE_PREFIX . 'users u ON t.uid=u.id LEFT JOIN ' . $TABLE_PREFIX . 'users_level g ON u.id_level=g.id ORDER by t.active ASC', true);
if (mysqli_num_rows($Query)) {
$activedjlist = '
<table width="100%" align="center" border="0" cellpadding="3" cellspacing="0">
<tr>
<td colspan="5" class="header"><center>' . $language['djlist'] . '</center></td>
</tr>
<tr>
<td class="header"><center>' . $language['djname'] . '</center></td>
<td class="header"><center>' . $language['adays'] . '</center></td>
<td class="header"><center>' . $language['atime'] . '</center></td>
<td class="header"><center>' . $language['genre'] . '</center></td>
<td class="header"><center>' . $language['status'] . '</center></td>
</tr>';
while ($List = mysqli_fetch_assoc($Query)) {
$activedjlist .= '
$lastip = sprintf("%u", ip2long($lastip));
if ($firstip == -1 || $lastip == -1) {
err_msg($language["ERROR"], $language["BAN_IP_ERROR"]);
} else {
$comment = sqlesc($comment);
$added = sqlesc(time());
do_sqlquery("INSERT INTO {$TABLE_PREFIX}bannedip (added, addedby, first, last, comment) VALUES({$added}, {$CURUSER['uid']}, {$firstip}, {$lastip}, {$comment})", true);
}
}
// don't break, so now we read directly ;)
// don't break, so now we read directly ;)
case '':
case 'read':
default:
$banned = array();
$getbanned = do_sqlquery("SELECT b.*, u.username FROM {$TABLE_PREFIX}bannedip b LEFT JOIN {$TABLE_PREFIX}users u ON u.id=b.addedby ORDER BY b.added DESC", true);
$rowsbanned = @mysql_num_rows($getbanned);
$admintpl->set("frm_action", "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=banip&action=write");
$i = 0;
if ($rowsbanned > 0) {
$admintpl->set("no_records", false, true);
while ($arr = mysql_fetch_assoc($getbanned)) {
$banned[$i]["first_ip"] = long2ip($arr["first"]);
$banned[$i]["last_ip"] = long2ip($arr["last"]);
$banned[$i]["date"] = get_date_time($arr['added']);
$banned[$i]["comments"] = htmlspecialchars(unesc($arr["comment"]));
$banned[$i]["by"] = "<a href=\"index.php?page=userdetails&id=" . $arr["addedby"] . "\">" . unesc($arr["username"]) . "</a>";
$banned[$i]["remove"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=banip&action=delete&ip={$arr['id']}\" onclick=\"return confirm('" . str_replace("'", "\\'", $language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>";
$i++;
}
} else {
stdfoot();
exit;
} elseif ($_POST["new_pwd"] != $_POST["new_pwd1"]) {
err_msg($language["ERROR"], $language["DIF_PASSWORDS"]);
stdfoot();
exit;
} else {
$respwd = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}users WHERE id={$uid} AND password='******' AND username="******"username"]) . "");
if (!$respwd || mysql_num_rows($respwd) == 0) {
err_msg($language["ERROR"], $language["ERR_RETR_DATA"]);
} else {
$arr = mysql_fetch_assoc($respwd);
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET password='******' WHERE id={$uid} AND password='******' AND username="******"username"]) . "") or die(mysql_error());
if ($GLOBALS["FORUMLINK"] == "smf") {
$passhash = smf_passgen($CURUSER["username"], $_POST["new_pwd"]);
do_sqlquery("UPDATE {$db_prefix}members SET passwd='{$passhash['0']}', passwordSalt='{$passhash['1']}' WHERE ID_MEMBER=" . $arr["smf_fid"]) or die(mysql_error());
}
success_msg($language["PWD_CHANGED"], "" . $language["NOW_LOGIN"] . "<br /><a href=\"index.php?page=login\">Go</a>");
stdfoot(true, false);
}
}
break;
case '':
case 'change':
default:
$pwdtpl = array();
$pwdtpl["frm_action"] = "index.php?page=usercp&do=pwd&action=post&uid=" . $uid . "";
$pwdtpl["frm_cancel"] = "index.php?page=usercp&uid=" . $uid . "";
$usercptpl->set("pwd", $pwdtpl);
break;
}
header("Location: index.php?page=moder&hash=" . $_POST["hash"] . "");
}
$torrenttpl->set("return", "index.php?page=moder");
} else {
$check8 = TRUE;
}
$torrenttpl->set("editing", $editing);
}
} else {
$check2 = TRUE;
}
$torrenttpl->set("return", "index.php?page=moder");
} else {
$check3 = TRUE;
$sql = $full . " WHERE moder!='ok'";
$row = do_sqlquery($sql, true);
if (mysql_num_rows($row) > 0) {
$selecting = "<table border=\"1\">";
$selecting .= "<tr><td align=\"center\"><b>Mod.</b></td><td align=\"center\"><b>Cat.</b></td><td align=\"center\"><b>Name<b></td><td align=\"center\"><b>Dl<b></td><td align=\"center\"><b>Uploader</b></td></tr>";
while ($data = mysql_fetch_array($row)) {
if ($CURUSER['edit_torrents'] == "yes") {
$link = "edit&info_hash";
} else {
$link = "moder&edit";
}
$selecting .= "<tr>";
$selecting .= "<td align=\"center\"><a href=\"index.php?page=" . $link . "=" . $data["info_hash"] . "\" title=\"" . $data["moder"] . "\"><img alt=\"" . $data["moder"] . "\" src=\"images/mod/" . $data["moder"] . ".png\"></a></td>";
$selecting .= "<td align=\"center\"><a href=\"index.php?page=torrents&category={$data['catid']}\" title=\"" . $data["cname"] . "\">" . image_or_link($data["image"] == "" ? "" : "{$STYLEPATH}/images/categories/" . $data["image"], "", $data["cname"]) . "</a></td>";
$selecting .= "<td align=\"center\"><a href=\"index.php?page=torrent-details&id=" . $data['info_hash'] . "\">" . $data['filename'] . "</a></td>";
$selecting .= "<td align=\"center\"><a href=\"download.php?id=" . $data["info_hash"] . "&f=" . urlencode($data["filename"]) . ".torrent\" title=\"" . $data["filename"] . "\">" . image_or_link("images/download.gif", "", "torrent") . "</a></td>";
$selecting .= "<td align=\"center\"><a href=\"index.php?page=userdetails&id=" . $data['upname'] . "\">" . $data['uploader'] . "</a></td>";
}
print "<td style=\"text-align:center;\" align=\"center\"><a class=\"mainuser\" href=\"index.php?page=flush\"><img src=\"images/ghost.png\" /></a></td>\n";
print "<td style=\"text-align:center;\" align=\"center\"><a class=\"mainuser\" href=\"index.php?page=friendlist\"><img src=\"images/friend.png\" /></a></td>\n";
if ($CURUSER["admin_access"] == "yes" and $btit_settings["slon"] == true) {
print "<td style=\"text-align:center;\" align=\"center\"><a class=\"mainuser\" href=\"index.php?page=shitlist\"><img src=\"images/shit.png\" /></a></td>\n";
}
if ($CURUSER["admin_access"] == "yes") {
print "\n<td align=\"center\" style=\"text-align:center;\"><a class=\"mainuser\" href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "\"><img src=\"images/staff.png\" /></a></td>\n";
}
print "<td style=\"text-align:center;\" align=\"center\"><a class=\"mainuser\" href=\"index.php?page=usercp&uid=" . $CURUSER["uid"] . "\"><img src=\"images/user.png\" /></a></td>\n";
if ($btit_settings["noteon"] == true) {
print "<td style=\"text-align:center;\" align=\"center\"><a href=\"index.php?page=notepad\"><img src=\"images/note.png\" /></a></td>\n";
}
if ($INVITATIONSON) {
require load_language("lang_usercp.php");
$resinvs = do_sqlquery("SELECT invitations FROM {$TABLE_PREFIX}users WHERE id=" . $CURUSER["uid"]);
$arrinvs = mysqli_fetch_row($resinvs);
$invs = $arrinvs[0];
print "<td style=\"text-align:center;\" align=\"center\"><a href=\"index.php?page=usercp&do=invite&action=read&uid=" . $CURUSER["uid"] . "\"><img src=\"images/Invitation.png\" />" . ($invs > 0 ? "(" . $invs . ")" : "") . "</a></td>\n";
}
if (substr($FORUMLINK, 0, 3) == "smf") {
$resmail = get_result("SELECT `unread" . ($FORUMLINK == "smf" ? "M" : "_m") . "essages` `ur` FROM `{$db_prefix}members` WHERE " . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $CURUSER["smf_fid"], true, $btit_settings['cache_duration']);
} elseif ($FORUMLINK == "ipb") {
$resmail = get_result("SELECT `msg_count_new` `ur` FROM `{$ipb_prefix}members` WHERE `member_id`=" . $CURUSER["ipb_fid"], true, $btit_settings['cache_duration']);
} else {
$resmail = get_result("SELECT COUNT(*) `ur` FROM `{$TABLE_PREFIX}messages` WHERE `readed`='no' AND `receiver`=" . $CURUSER["uid"], true, $btit_settings['cache_duration']);
}
if ($resmail && count($resmail) > 0) {
$mail = $resmail[0];
if ($mail['ur'] > 0) {
if ($btit_settings["pmpop"] == true) {
// end of case 'manage'
// end of case 'manage'
case 'change_to_yes':
$id = max(0, $_GET["id"]);
$admintpl->set("language", $language);
do_sqlquery("UPDATE {$TABLE_PREFIX}modules SET activated='yes', changed=NOW() WHERE id={$id}", true);
redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=manage");
die;
break;
case 'change_to_no':
$id = max(0, $_GET["id"]);
$admintpl->set("language", $language);
do_sqlquery("UPDATE {$TABLE_PREFIX}modules SET activated='no', changed=NOW() WHERE id={$id}", true);
redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=manage");
die;
break;
case 'add':
$admintpl->set("language", $language);
if ($_POST["confirm"] == $language["FRM_CONFIRM"]) {
if ($_POST["module_name"] != "") {
do_sqlquery("INSERT INTO {$TABLE_PREFIX}modules (`name`, `type`, `changed`, `created`) VALUES (" . sqlesc($_POST["module_name"]) . "," . sqlesc($_POST["module_type"]) . ",NOW(), NOW())", true);
redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=manage");
die;
} else {
stderr($language["ERROR"], $language["ALL_FIELDS_REQUIRED"]);
}
}
break;
// end of case 'add'
}
// end of switch ($action)
}
if ($now >= $expire || $enabled != 'yes') {
err_msg($language["ERROR"], $language["CANNOT_SELL_CLOSED"]);
stdfoot();
die;
}
if ($_POST['number'] > $purchaseable || $_POST['number'] < 1) {
err_msg($language["ERROR"], $language["LOTT_LIMIT_PURCHASE"] . " " . $purchaseable);
stdfoot();
die;
}
if ($_POST['number'] + $user_tickets > $limit_buy) {
err_msg($language["ERROR"], $language["LOTT_LIMIT_BUY"] . " " . $limit_buy);
stdfoot();
die;
}
$upload = $result["uploaded"] - $minupload * $_POST['number'];
do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `uploaded`=" . $upload . " WHERE `id`=" . $CURUSER['uid'] . "", true);
$tickets = $_POST['number'];
for ($i = 0; $i < $tickets; $i++) {
do_sqlquery("INSERT INTO {$TABLE_PREFIX}lottery_tickets(user) VALUES(" . $CURUSER['uid'] . ")", true);
}
$me = mysqli_num_rows(do_sqlquery("SELECT * FROM `{$TABLE_PREFIX}lottery_tickets` WHERE user="******"", true));
// load language file
require load_language("lang_lottery.php");
$ticketstpl = new bTemplate();
$ticketstpl->set("language", $language);
$ticketstpl->set("nr_tickets", $tickets);
$ticketstpl->set("total_tickets", $me);
$ticketstpl->set("new_upload", makesize($upload));
header("Refresh: 5; URL=index.php?page=lottery_tickets");
} else {
if (empty($dh["don_ation_5"])) {
do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_5="' . $don . '",donate_date_5=NOW() WHERE don_id=' . $id);
} else {
if (empty($dh["don_ation_6"])) {
do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_6="' . $don . '",donate_date_6=NOW() WHERE don_id=' . $id);
} else {
if (empty($dh["don_ation_7"])) {
do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_7="' . $don . '",donate_date_7=NOW() WHERE don_id=' . $id);
} else {
if (empty($dh["don_ation_8"])) {
do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_8="' . $don . '",donate_date_8=NOW() WHERE don_id=' . $id);
} else {
if (empty($dh["don_ation_9"])) {
do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_9="' . $don . '",donate_date_9=NOW() WHERE don_id=' . $id);
} else {
if (empty($dh["don_ation_10"])) {
do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_10="' . $don . '",donate_date_10=NOW() WHERE don_id=' . $id);
}
}
}
}
}
}
}
}
}
}
}
header('Location: ' . $returnto);
die;
if ($FORUMLINK == "smf") {
$res2 = do_sqlquery("SELECT COUNT(*) FROM {$db_prefix}personal_messages pm LEFT JOIN {$db_prefix}pm_recipients pmr ON pm.ID_PM=pmr.ID_PM {$where}");
} else {
$res2 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT COUNT(*) FROM {$TABLE_PREFIX}messages {$where}");
}
$row = mysqli_fetch_array($res2);
$count = $row[0];
$perpage = 8;
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=ispy&");
$admintpl->set("language", $language);
$admintpl->set("pager_top", $pagertop);
$admintpl->set("pager_bottom", $pagerbottom);
if ($FORUMLINK == "smf") {
$res = do_sqlquery("SELECT pm.ID_PM id, pm.ID_MEMBER_FROM sender, pmr.ID_MEMBER receiver, pm.msgtime added, pm.subject, pm.body msg, IF(pmr.is_read=1,'yes','no') readed, pm.fromName sendername FROM {$db_prefix}personal_messages pm LEFT JOIN {$db_prefix}pm_recipients pmr ON pm.ID_PM=pmr.ID_PM WHERE pmr.deleted!=1 ORDER BY added DESC {$limit}");
} else {
$res = do_sqlquery("select m.*, IF(m.sender=0,'System',u.username) as sendername FROM {$TABLE_PREFIX}messages m LEFT JOIN {$TABLE_PREFIX}users u on u.id=m.sender ORDER BY added DESC {$limit}");
}
$spy = array();
$i = 0;
include "{$THIS_BASEPATH}/include/offset.php";
if ($res) {
while ($arr = mysqli_fetch_assoc($res)) {
if ($FORUMLINK == "smf") {
$res2 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT username FROM {$TABLE_PREFIX}users WHERE smf_fid=" . $arr["receiver"]) or sqlerr();
} else {
$res2 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT username FROM {$TABLE_PREFIX}users WHERE id=" . $arr["receiver"]) or sqlerr();
}
$arr2 = mysqli_fetch_assoc($res2);
if ($FORUMLINK == "smf") {
$res3 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT username FROM {$TABLE_PREFIX}users WHERE smf_fid=" . $arr["sender"]) or sqlerr();
} else {
if ($CURUSER['id_level'] <= $att['id_level']) {
stderr("Forget It", "you can not demote/promote a member with the same or a higher rank than you !!");
stdfoot();
die;
}
// protection
$dt3 = (int) $_POST['level'];
$dt2 = 'yes';
$dt1 = rank_expiration(mktime(date('H') + 2, date('i'), date('s'), date('m'), date('d') + addslashes($_POST['t_days']), date('Y')));
$returnto = $_POST['returnto'];
// staff control
do_sqlquery("INSERT INTO {$TABLE_PREFIX}t_rank (userid, old_rank, new_rank, date, byt , enddate) VALUES ({$id},{$idd},{$dt3}, NOW(), {$CURUSER['uid']}, '{$dt1}' )", true);
// staff control
$res4 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT level FROM {$TABLE_PREFIX}users_level WHERE id ='{$dt3}'");
$arr4 = mysqli_fetch_assoc($res4);
$newrank = $arr4[level];
$res5 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT old_rank FROM {$TABLE_PREFIX}users WHERE id ='{$id}'");
$arr5 = mysqli_fetch_assoc($res5);
$res6 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT level FROM {$TABLE_PREFIX}users_level WHERE id ='{$arr5['old_rank']}'");
$arr6 = mysqli_fetch_assoc($res6);
$oldrank = $arr6[level];
function rank_expiration($timestamp = 0)
{
return gmdate('Y-m-d H:i:s', $timestamp);
}
$subj = sqlesc("Your rank is changed !");
$msg = sqlesc("Your rank is changed to " . $newrank . "\n\n this is a timed rank and it will expire " . $dt1 . "\n\n after that you will get your old rank " . $oldrank . " back\n\n [color=red]This is a automatic system message , so DO NOT reply ![/color]");
do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `old_rank` = '" . $idd . "',`timed_rank`='" . $dt1 . "', `rank_switch`='" . $dt2 . "', `id_level`='" . $dt3 . "' WHERE `id`=" . $id);
send_pm(0, $id, $subj, $msg);
header('Location: ' . $returnto);
die;
$successadd = "<br><h2>Team successfully added!</h2>";
}
$admintpl->set("success", $successadd);
$close = "<br>\n</form>";
$admintpl->set("close", $close);
//ELSE Display Teams
$current = "\n<table class=main cellspacing=0 cellpadding=3 width=50%><tr><td class=header align=center colspan=6>" . $language['TEAM_CURR'] . "</td></tr><tr>\n<td class=header style=\"text-align:center\">" . $language['TEAM_ID_H'] . "</td><td class=header style=\"text-align:center\">" . $language['TEAM_LOGO_H'] . "</td><td class=header style=\"text-align:center\">" . $language['TEAM_NAME_H'] . "</td><td class=header style=\"text-align:center\">" . $language['TEAM_OWNER_H'] . "</td><td class=header style=\"text-align:center\">" . $language['TEAM_DESC_H'] . "</td><td class=header style=\"text-align:center\">" . $language['TEAM_EDIT_H'] . "</td>";
$admintpl->set("current", $current);
$teamsres = do_sqlquery("SELECT COUNT(*) from {$TABLE_PREFIX}teams where id>0 ORDER BY id ASC {$limit}");
$teamnum = mysqli_fetch_row($teamsres);
$num2 = $teamnum[0];
$perpage = max(0, $CURUSER["torrentsperpage"]) > 0 ? $CURUSER["torrentsperpage"] : 10;
list($pagertop, $pagerbottom, $limit) = pager($perpage, $num2, "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=teams&");
$admintpl->set("pagertop", $pagertop);
$admintpl->set("pagerbottom", $pagerbottom);
$teamres = do_sqlquery("SELECT id, name, image, owner, info from {$TABLE_PREFIX}teams where id>0 ORDER BY id ASC {$limit}");
$teams = array();
$i = 0;
while ($row = mysqli_fetch_array($teamres)) {
$teams[$i][id] = (int) $row['id'];
$teams[$i][name] = htmlspecialchars($row['name']);
$teams[$i][image] = htmlspecialchars($row['image']);
$teams[$i][owner] = (int) $row['owner'];
$teams[$i][info] = format_comment($row['info']);
$owner = (int) $row['owner'];
$OWNERNAME1 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT username, ul.prefixcolor, ul.suffixcolor FROM {$TABLE_PREFIX}users u left join {$TABLE_PREFIX}users_level ul on u.id_level=ul.id WHERE u.id={$owner}");
$OWNERNAME2 = mysqli_fetch_array($OWNERNAME1);
$teams[$i][OWNERNAME] = stripslashes($OWNERNAME2[prefixcolor]) . $OWNERNAME2['username'] . stripslashes($OWNERNAME2[suffixcolor]);
$OWNERNAME = $OWNERNAME2['username'];
$id = (int) $row['id'];
$name = htmlspecialchars($row['name']);
$t[$i]["info"] = $tstatus['Msg_type'];
$t[$i]["status"] = $tstatus['Msg_text'];
$i++;
}
$admintpl->set("language", $language);
$admintpl->set("results", $t);
$admintpl->set("db_status", false, true);
$admintpl->set("table_result", true, true);
}
} else {
header("Location: index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=dbutil&action=status");
}
break;
case 'status':
default:
$dbstatus = do_sqlquery("SHOW TABLE STATUS");
if (mysql_num_rows($dbstatus) > 0) {
$admintpl->set("frm_action", "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=dbutil&action=tables");
$i = 0;
$bytes = 0;
$records = 0;
$overhead = 0;
$tables = array();
// display current status for tables
while ($tstatus = mysql_fetch_array($dbstatus)) {
$tables[$i]["name"] = $tstatus['Name'];
$tables[$i]["rows"] = $tstatus['Rows'];
$tables[$i]["length"] = makesize($tstatus['Data_length'] + $tstatus['Index_length']);
$tables[$i]["overhead"] = $tstatus['Data_free'] == 0 ? "-" : makesize($tstatus['Data_free']);
$i++;
$bytes += $tstatus['Data_length'] + $tstatus['Index_length'];
$admintpl->set("show_poller", false, true);
$admintpl->set("new_poll", true, true);
$admintpl->set("polls", $polls);
$admintpl->set("new_polls", $newpolls);
}
/***
* Show poll voters
***/
if (isset($votes) && !isset($_POST['new']) && empty($id)) {
//Per Page Listing Limitation Start - 7:29 PM 3/22/2007
$count = $voters;
$perpage = $GLOBALS["votesppage"];
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=poller&votes=" . $votes . "&voters=" . $voters . "&" . $addparams);
//Per Page Listing Limitation Stop
//mysql query to select all information on polls in the database
$resource = do_sqlquery("SELECT pv.*, username, prefixcolor, suffixcolor, optionText, defaultChecked FROM {$TABLE_PREFIX}poller_vote pv LEFT JOIN {$TABLE_PREFIX}users u ON pv.memberID=u.id LEFT JOIN {$TABLE_PREFIX}users_level ul on u.id_level=ul.id_level LEFT JOIN {$TABLE_PREFIX}poller_option po on pv.optionID=po.ID WHERE pv.pollerID='" . $votes . "' GROUP BY pv.voteDate " . $limit . "", true);
//die("SELECT pv.*, username, prefixcolor, suffixcolor, optionText, defaultChecked FROM {$TABLE_PREFIX}poller_vote pv LEFT JOIN {$TABLE_PREFIX}users u ON pv.memberID=u.id LEFT JOIN {$TABLE_PREFIX}users_level ul on u.id_level=ul.id_level LEFT JOIN {$TABLE_PREFIX}poller_option po on pv.optionID=po.ID WHERE pv.pollerID='".$votes."' GROUP BY pv.voteDate ".$limit."");
$block_title = $language["POLLING_SYSTEM"] . " - " . $language["POLL_VOTERS"];
//Per Page Listing Limitation Start - 7:35 PM 3/22/2007
if ($count > $perpage) {
$admintpl->set("poll_pager_top", $pagertop);
} else {
$admintpl->set("poll_pager_top", "");
}
//Per Page Listing Limitation Stop
$i = 0;
while ($results = mysqli_fetch_assoc($resource)) {
//background color for checked poll option
$bold = "normal";
if ($CURUSER["uid"] == $results["memberID"]) {
$bold = "bold";
stderr("Error", "No torrent matches this info hash");
stdfoot();
exit;
}
if (is_null($nume) || is_null($hash) || is_null($pic) || is_null($cds) || is_null($autor) || is_null($link) || is_null($frame)) {
stderr("Error", "Please Complete all the fields!");
stdfoot(false, false, true);
die;
}
$cds = sanitize_paranoid_string($cds);
$autor = sanitize_paranoid_string($autor);
do_sqlquery("UPDATE {$TABLE_PREFIX}subtitles SET name='{$nume}', hash='{$hash}', pic='{$pic}', cds='{$cds}', author='{$autor}', imdb='{$link}', Framerate='{$frame}', flag='{$idflag}' WHERE id=" . $_GET['id']) or sqlerr();
redirect("index.php?page=subtitles");
}
}
$getname = do_sqlquery("select * from {$TABLE_PREFIX}countries where id=" . $arr["flag"]);
$named = mysqli_fetch_assoc($getname);
$fres = flag_list();
$option = "\n<select name=\"flag\" size=\"1\">\n<option value='" . $arr["flag"] . "'>" . $named["name"] . "</option>";
$thisip = $_SERVER["REMOTE_ADDR"];
$remotedns = gethostbyaddr($thisip);
if ($remotedns != $thisip) {
$remotedns = strtoupper($remotedns);
preg_match('/^(.+)\\.([A-Z]{2,3})$/', $remotedns, $tldm);
if (isset($tldm[2])) {
$remotedns = mysqli_real_escape_string($DBDT, $tldm[2]);
}
}
foreach ($fres as $flag) {
$option .= "\n<option ";
if ($flag["id"] == $dati["flag"] || $flag["domain"] == $remotedns && $action == "signup") {
{
$your_version.="<table width=\"100%\"><tr><td align=\"right\">Installed version:</td><td align=\"left\">".implode(" ",$current_version)."</td></tr>\n";
$your_version.="<tr><td align=\"right\">Current version:</td><td align=\"left\">".implode(" ",$last_version)."</td></tr>\n";
$your_version.="<tr><td colspan=\"2\" align=\"center\">Get Last Version <a href=\"http://www.btiteam.org\" target=\"_blank\">here</a>!</td></tr>\n</table>";
}
else
{
$your_version.="You have the latest xBtit version installed.($tracker_version Rev.$tracker_revision)";
}
if (!empty($your_version))
$admin["xbtit_version"]=$your_version."<br />\n";
*/
$admin["infos"] .= "<br />\n<table border=\"0\">\n";
$admin["infos"] .= "<tr><td class=\"header\" align=\"center\">Server's OS</td></tr><tr><td align=\"left\">" . php_uname() . "</td></tr>";
$admin["infos"] .= "<tr><td class=\"header\" align=\"center\">PHP version</td></tr><tr><td align=\"left\">" . phpversion() . "</td></tr>";
$sqlver = mysql_fetch_row(do_sqlquery("SELECT VERSION()"));
$admin["infos"] .= "\n<tr><td class=\"header\" align=\"center\">MYSQL version</td></tr><tr><td align=\"left\">{$sqlver['0']}</td></tr>";
$sqlver = mysql_stat();
$sqlver = explode(' ', $sqlver);
$admin["infos"] .= "\n<tr><td valign=\"top\" class=\"header\" align=\"center\">MYSQL stats</td></tr>\n";
for ($i = 0; $i < count($sqlver); $i++) {
$admin["infos"] .= "<tr><td align=\"left\">{$sqlver[$i]}</td></tr>\n";
}
$admin["infos"] .= "\n</table><br />\n";
unset($sqlver);
// check for news on btiteam site (read rss from comunication forum)
/*
if($btit_url_rss!="")
{
include("$THIS_BASEPATH/include/class.rssreader.php");
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
////////////////////////////////////////////////////////////////////////////////////
if (!defined("IN_BTIT")) {
die("non direct access!");
}
if ($CURUSER["uid"] > 1) {
$pr = (int) $_GET['pr'];
$img = (int) $_GET['img'];
$uid = $CURUSER["uid"];
$resuser = do_sqlquery("SELECT u.dona,u.donb,u.birt,u.mal,u.fem,u.bann,u.war,u.par,u.bot,u.trmu,u.trmo,u.vimu,u.vimo,u.friend,u.junkie,u.staff ,u.sysop FROM {$TABLE_PREFIX}users u WHERE u.id=" . $uid);
$row_user = mysqli_fetch_array($resuser);
if (is_null($pr) || !is_numeric($pr) || is_null($img) || !is_numeric($img) || $CURUSER["view_torrents"] == "no") {
header("Location: index.php");
}
if ($img == '1' and $row_user["dona"] == "no") {
$ui = "dona='yes'";
} else {
if ($img == '1' and $row_user["dona"] == "yes") {
stderr("error", "You already have this user image ....");
stdfoot();
exit;
}
}
if ($img == '2' and $row_user["donb"] == "no") {
$ui = "donb='yes'";
$admintpl->set("forum", $forum);
break;
case "save":
if ($_POST["confirm"] == $language["FRM_CONFIRM"]) {
$what = $_GET["what"];
$minclassread = max(1, $_POST["readlevel"]);
$minclasswrite = max(1, $_POST["writelevel"]);
$minclasscreate = max(1, $_POST["createlevel"]);
$description = sqlesc($_POST["description"]);
$parent_forum = max(0, $_POST["parent"]);
$name = sqlesc($_POST["name"]);
if ($what != "new") {
$id = intval($_GET["id"]);
do_sqlquery("UPDATE {$TABLE_PREFIX}forums SET name={$name},description={$description},minclassread={$minclassread},minclasswrite={$minclasswrite},minclasscreate={$minclasscreate}, id_parent={$parent_forum} WHERE id={$id}", true);
} else {
do_sqlquery("INSERT INTO {$TABLE_PREFIX}forums SET name={$name},description={$description},minclassread={$minclassread},minclasswrite={$minclasswrite},minclasscreate={$minclasscreate}, id_parent={$parent_forum}", true);
}
}
redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=forum&action=read");
exit;
break;
case "delete":
$id = intval($_GET["id"]);
// control if there are posts/topics
$resforum = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT *,IF((SELECT COUNT(*) FROM {$TABLE_PREFIX}forums WHERE id_parent={$id})>0,1,0) as i_am_parent FROM {$TABLE_PREFIX}forums WHERE id={$id}");
if ($_GET["confirm"] == 1) {
mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM {$TABLE_PREFIX}posts WHERE topicid IN (SELECT id FROM {$TABLE_PREFIX}topics WHERE forumid={$id})") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM {$TABLE_PREFIX}topics WHERE forumid={$id}") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM {$TABLE_PREFIX}forums WHERE id={$id}") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=forum&action=read");
exit;
function aggiungiutente()
{
global $SITENAME, $SITEEMAIL, $BASEURL, $VALIDATION, $USERLANG, $USE_IMAGECODE, $TABLE_PREFIX, $XBTT_USE, $language, $THIS_BASEPATH, $FORUMLINK, $db_prefix;
$utente = mysql_escape_string($_POST["user"]);
$pwd = mysql_escape_string($_POST["pwd"]);
$pwd1 = mysql_escape_string($_POST["pwd1"]);
$email = mysql_escape_string($_POST["email"]);
$idlangue = intval($_POST["language"]);
$idstyle = intval($_POST["style"]);
$idflag = intval($_POST["flag"]);
$timezone = intval($_POST["timezone"]);
if (strtoupper($utente) == strtoupper("Guest")) {
err_msg($language["ERROR"], $language["ERR_GUEST_EXISTS"]);
stdfoot();
exit;
}
if ($pwd != $pwd1) {
err_msg($language["ERROR"], $language["DIF_PASSWORDS"]);
stdfoot();
exit;
}
if ($VALIDATION == "none") {
$idlevel = 3;
} else {
$idlevel = 2;
}
# Create Random number
$floor = 100000;
$ceiling = 999999;
srand((double) microtime() * 1000000);
$random = rand($floor, $ceiling);
if ($utente == "" || $pwd == "" || $email == "") {
return -1;
exit;
}
$res = do_sqlquery("SELECT email FROM {$TABLE_PREFIX}users WHERE email='{$email}'");
if (mysql_num_rows($res) > 0) {
return -2;
exit;
}
// valid email check - by vibes
$regex = "^[_+a-z0-9-]+(\\.[_+a-z0-9-]+)*" . "@[a-z0-9-]+(\\.[a-z0-9-]{1,})*" . "\\.([a-z]{2,}){1}\$";
if (!eregi($regex, $email)) {
return -3;
exit;
}
// valid email check end
// duplicate username
$res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE username='******'");
if (mysql_num_rows($res) > 0) {
return -4;
exit;
}
// duplicate username
if (strpos(mysql_escape_string($utente), " ") == true) {
return -7;
exit;
}
if ($USE_IMAGECODE) {
if (extension_loaded('gd')) {
$arr = gd_info();
if ($arr['FreeType Support'] == 1) {
$public = $_POST['public_key'];
$private = $_POST['private_key'];
$p = new ocr_captcha();
if ($p->check_captcha($public, $private) != true) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
} else {
include "{$THIS_BASEPATH}/include/security_code.php";
$scode_index = intval($_POST["security_index"]);
if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
}
} else {
include "{$THIS_BASEPATH}/include/security_code.php";
$scode_index = intval($_POST["security_index"]);
if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
}
} else {
include "{$THIS_BASEPATH}/include/security_code.php";
$scode_index = intval($_POST["security_index"]);
if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) {
err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]);
stdfoot();
exit;
}
}
$bannedchar = array("\\", "/", ":", "*", "?", "\"", "@", "\$", "'", "`", ",", ";", ".", "<", ">", "!", "£", "%", "^", "&", "(", ")", "+", "=", "#", "~");
if (straipos(mysql_escape_string($utente), $bannedchar) == true) {
return -8;
exit;
}
if (strlen(mysql_real_escape_string($pwd)) < 4) {
return -9;
exit;
}
$pid = md5(uniqid(rand(), true));
do_sqlquery("INSERT INTO {$TABLE_PREFIX}users (username, password, random, id_level, email, style, language, flag, joined, lastconnect, pid, time_offset) VALUES ('{$utente}', '" . md5($pwd) . "', {$random}, {$idlevel}, '{$email}', {$idstyle}, {$idlangue}, {$idflag}, NOW(), NOW(),'{$pid}', '" . $timezone . "')", true);
$newuid = mysql_insert_id();
// Continue to create smf members if they disable smf mode
// $test=do_sqlquery("SELECT COUNT(*) FROM {$db_prefix}members");
$test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'");
if ($FORUMLINK == "smf" || mysql_num_rows($test)) {
$smfpass = smf_passgen($utente, $pwd);
$flevel = $idlevel + 10;
do_sqlquery("INSERT INTO {$db_prefix}members (memberName, dateRegistered, ID_GROUP, realName, passwd, emailAddress, memberIP, memberIP2, is_activated, passwordSalt) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')");
$fid = mysql_insert_id();
do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = {$fid} WHERE `variable` = 'latestMember'");
do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = '{$utente}' WHERE `variable` = 'latestRealName'");
do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = UNIX_TIMESTAMP() WHERE `variable` = 'memberlist_updated'");
do_sqlquery("UPDATE {$TABLE_PREFIX}users SET smf_fid={$fid} WHERE id={$newuid}");
}
// xbt
if ($XBTT_USE) {
$resin = do_sqlquery("INSERT INTO xbt_users (uid, torrent_pass) VALUES ({$newuid},'{$pid}')");
}
if ($VALIDATION == "user") {
ini_set("sendmail_from", "");
if (mysql_errno() == 0) {
send_mail($email, $language["ACCOUNT_CONFIRM"], $language["ACCOUNT_MSG"] . "\n\n" . $BASEURL . "/index.php?page=account&act=confirm&confirm={$random}&language={$idlangue}");
write_log("Signup new user {$utente} ({$email})", "add");
} else {
die(mysql_error());
}
}
return mysql_errno();
}
