function get_value($what, $table, $area, $id) { global $TABLE_PREFIX; $query = do_sqlquery("SELECT {$what} FROM {$TABLE_PREFIX}{$table} WHERE {$area}={$id}", true); $object_to_array = mysql_fetch_array($query) or sql_err(__FILE__, __LINE__); return $object_to_array[$what]; }
function read_invitations() { global $TABLE_PREFIX, $admintpl, $language, $CURUSER, $STYLEPATH, $btit_settings; $scriptname = htmlspecialchars($_SERVER["PHP_SELF"] . "?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations"); $addparam = ""; $res = get_result("SELECT COUNT(*) as invites FROM {$TABLE_PREFIX}invitations", true); $count = $res[0]["invites"]; list($pagertop, $pagerbottom, $limit) = pager('15', $count, $scriptname . "&"); $admintpl->set("inv_pagertop", $pagertop); $admintpl->set("inv_pagerbottom", $pagerbottom); $results = get_result("SELECT * FROM {$TABLE_PREFIX}invitations ORDER BY id DESC {$limit}", true); $invitees = array(); $i = 0; foreach ($results as $id => $data) { $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE id = " . $data["inviter"], true); if (mysql_num_rows($res) > 0) { $inviter_name = mysql_result($res, 0, 0); } else { $inviter_name = 'Unknown'; } $invitees[$i]["inviter"] = "<a href=\"index.php?page=userdetails&user="******"inviter"] . "\">" . $inviter_name . "</a>"; $invitees[$i]["invitee"] = unesc($data["invitee"]); $invitees[$i]["hash"] = unesc($data["hash"]); $invitees[$i]["time_invited"] = $data["time_invited"]; $invitees[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations&action=delete&id=" . $data["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; $i++; } $admintpl->set("invitees", $invitees); $admintpl->set("language", $language); }
function scrape($url, $infohash = '') { global $TABLE_PREFIX, $BASEDIR; if (isset($url)) { $url_c = parse_url($url); if (!isset($url_c["port"]) || empty($url_c["port"])) { $url_c["port"] = 80; } require_once $BASEDIR . "/phpscraper/" . $url_c["scheme"] . "tscraper.php"; try { $timeout = 5; if ($url_c["scheme"] == "udp") { $scraper = new udptscraper($timeout); } else { $scraper = new httptscraper($timeout); } $ret = $scraper->scrape($url_c["scheme"] . "://" . $url_c["host"] . ":" . $url_c["port"] . ($url_c["scheme"] == "udp" ? "" : "/announce"), array($infohash)); do_sqlquery("UPDATE `{$TABLE_PREFIX}files` SET `lastupdate`=NOW(), `lastsuccess`=NOW(), `seeds`=" . $ret[$infohash]["seeders"] . ", `leechers`=" . $ret[$infohash]["leechers"] . ", `finished`=" . $ret[$infohash]["completed"] . " WHERE `announce_url` = '" . $url . "'" . ($infohash == "" ? "" : " AND `info_hash`='" . $infohash . "'"), true); if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) == 1) { write_log('SUCCESS update external torrent from ' . $url . ' tracker (infohash: ' . $infohash . ')', ''); } } catch (ScraperException $e) { write_log("FAILED update external torrent " . ($infohash == "" ? "" : "(infohash: " . $infohash . ")") . " from " . $url . " tracker (" . $e->getMessage() . "))", ""); } return; } return; }
function UploadImage($file, $to_url, $allowed_types = NULL, $allowed_ext = NULL) { global $uid, $max_file_size, $max_image_width, $max_image_height, $TABLE_PREFIX; if (is_uploaded_file($file["tmp_name"])) { list($x, $y, $image_type) = getimagesize($file["tmp_name"]); $size = filesize($file["tmp_name"]); if ($x > $max_image_width or $max_image_height > 200) { redirect("index.php?page=usercp&do=avatar&action=read&what=image_size&uid=" . $uid . ""); die; } if ($size > $max_file_size) { redirect("index.php?page=usercp&do=avatar&action=read&what=file_size&uid=" . $uid . ""); die; } $split_name = explode(".", $file["name"]); $file_name = $file["name"]; if (($allowed_types == NULL || array_search($image_type, $allowed_types, true) !== false) && ($allowed_ext == NULL || array_search(strtolower($split_name[count($split_name) - 1]), $allowed_ext) !== false)) { $pattern = "1234567890abcdefghijklmnopqrstuvwxyz"; while (file_exists($to_url . $file_name)) { $split_name[0] = $split_name[0] . $pattern[rand(0, 35)]; $file_name = implode(".", $split_name); } move_uploaded_file($file["tmp_name"], $to_url . $file_name); do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `avatar_upload_name`='{$file_name}' WHERE `id` = {$uid}", true); return $file_name; } } return false; }
function get_settings($key) { global $TABLE_PREFIX; $curr_conf_query = do_sqlquery("SELECT `value` FROM `{$TABLE_PREFIX}settings` WHERE `key` = '" . $key . "'", true); $curr_conf = mysql_fetch_assoc($curr_conf_query); return $curr_conf["value"]; }
function sortCategories($key) { global $TABLE_PREFIX; $categories_ordering = 1; foreach ($_POST[$key] as $categories_id) { //echo $banner_id.", "; $query = "UPDATE {$TABLE_PREFIX}categories SET sort_index = '{$categories_ordering}' WHERE id = " . (int) $categories_id; echo $query . "\n"; do_sqlquery($query); $categories_ordering++; } }
function paypal_form($amount, $mail, $item, $curr) { global $CURUSER, $btit_settings, $TABLE_PREFIX, $BASEURL; // get user's style $resheet = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}style where id=" . $CURUSER["style"] . " LIMIT 1", TRUE, $btit_settings["cache_duration"]); if (!$resheet) { $STYLEPATH = "{$THIS_BASEPATH}/style/xbtit_default"; $STYLEURL = "{$BASEURL}/style/xbtit_default"; } else { $resstyle = mysqli_fetch_array($resheet); $STYLEPATH = "{$THIS_BASEPATH}/" . $resstyle["style_url"]; $STYLEURL = "{$BASEURL}/" . $resstyle["style_url"]; } // get settings $zap_pp = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM {$TABLE_PREFIX}paypal_settings WHERE id ='1'"); $settings = mysqli_fetch_array($zap_pp); $form = ' <html> <head><title>processing</title><link rel="stylesheet" type="text/css" href="' . $STYLEURL . '/main.css" /></head> <body onload="document.paypal.submit();"><br/><br/><br/><br/><br/> <table width=30% align=center><tr><td class="block"><center><b>Processing</b></center></td></tr><tr> <td class=lista><center><img border="0" src="images/safe-secure.gif"></td></tr></table> <form action="' . ($settings["test"] == "true" ? "https://www.sandbox.paypal.com/cgi-bin/webscr" : "https://www.paypal.com/cgi-bin/webscr") . '" method="post" name="paypal"> <input type="hidden" name="cmd" value="_xclick" /> <input type="hidden" name="no_note" value="1" /> <input type="hidden" name="no_shipping" value="1" /> <input type="hidden" name="business" value="' . $mail . '" /> <input type="hidden" name="item_number" value="' . $item . '" /> <input type="hidden" name="item_name" value="Donation from uid: ' . $CURUSER['uid'] . '" /> <input type="hidden" name="quantity" value="1" /> <input type="hidden" name="amount" value="' . $amount . '" /> <input type="hidden" name="currency_code" value="' . $curr . '" /> <input type="hidden" name="email" value="' . $CURUSER['email'] . '" /> <input type="hidden" name="address1" value="" /> <input type="hidden" name="address2" value="" /> <input type="hidden" name="city" value="" /> <input type="hidden" name="country" value="" /> <input type="hidden" name="zip" value="" /> <input type="hidden" name="night_phone_a" value="" /> <input type="hidden" name="night_phone_b" value="" /> <input type="hidden" name="return" value="' . ($return_to_address ? $return_to_address['true'] : $BASEURL . '/index.php?page=success') . '" /> <input type="hidden" name="cancel_return" value="' . ($return_to_address ? $return_to_address['false'] : $BASEURL . $_SERVER['SCRIPT_NAME'] . '?do=cancel') . '" /> </form> </body> </html>'; if ($CURUSER['uid'] === 0 or $CURUSER['username'] === 'Guest') { unset($CURUSER); } return $form; }
function read_styles() { global $TABLE_PREFIX, $language, $CURUSER, $admintpl, $STYLEPATH; $sres = style_list(); for ($i = 0; $i < count($sres); $i++) { $res = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}users WHERE style = " . $sres[$i]["id"], true); $sres[$i]["style_users"] = mysql_result($res, 0, 0); $sres[$i]["style"] = unesc($sres[$i]["style"]); $sres[$i]["style_url"] = unesc($sres[$i]["style_url"]); $sres[$i]["edit"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=edit&id=" . $sres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>"; $sres[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=delete&id=" . $sres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; } $admintpl->set("style_add", false, true); $admintpl->set("language", $language); $admintpl->set("styles", $sres); $admintpl->set("style_add_new", "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=add\">" . $language["STYLE_ADD"] . "</a>"); unset($sres); mysql_free_result($res); }
if ($CURUSER["view_users"] == "no") { err_msg($language["ERROR"], $language["NOT_AUTHORIZED"] . " " . strtolower($language["STAFF"]) . "!"); stdfoot(); exit; } else { $query = "SELECT u.id, u.username, u.avatar, UNIX_TIMESTAMP(u.joined) joined, "; $query .= "UNIX_TIMESTAMP(u.lastconnect) lastconnect, ul.level, ul.prefixcolor, "; $query .= "ul.suffixcolor, c.name country, c.flagpic, o.lastaction "; $query .= "FROM {$TABLE_PREFIX}users u "; $query .= "LEFT JOIN {$TABLE_PREFIX}users_level ul ON u.id_level = ul.id "; $query .= "LEFT JOIN {$TABLE_PREFIX}countries c ON u.flag = c.id "; $query .= "LEFT JOIN {$TABLE_PREFIX}online o ON u.id = o.user_id "; $query .= "WHERE u.id_level >=6 "; $query .= "AND u.id_level <=8 "; $query .= "ORDER BY u.id_level DESC, u.id ASC"; $res = do_sqlquery($query); $i = 0; while ($row = mysql_fetch_assoc($res)) { is_null($row["avatar"]) || $row["avatar"] == "" ? $avatar = "<img src='{$STYLEURL}/images/default_avatar.gif' height=80 width=80>" : ($avatar = "<img src='" . $row["avatar"] . "' height=80 width=80>"); is_null($row["lastaction"]) ? $lastseen = $row["lastconnect"] : ($lastseen = $row["lastaction"]); time() - $lastseen > 900 ? $status = "<img src='images/offline.gif' border='0' alt='" . $language["OFFLINE"] . "'>" : ($status = "<img src='images/online.gif' border='0' alt='" . $language["ONLINE"] . "'>"); if (is_null($row["flagpic"])) { $row["flagpic"] = "unknown.gif"; $row["country"] = $language["UNKNOWN"]; } $user[$i] = "<tr>"; $user[$i] .= "<td class='lista' width='84'><center>{$avatar}</center></td>"; $user[$i] .= "<td class='lista'><center><a href='index.php?page=usercp&do=pm&action=edit&uid=" . $CURUSER["uid"] . "&what=new&to=" . $row["username"] . "'><img src='{$STYLEURL}/images/pm.gif'alt='" . $language["PM"] . "' border='0'></a></center></td>"; $user[$i] .= "<td class='lista'><center><a href='index.php?page=userdetails&id=" . $row["id"] . "'>" . stripslashes($row["prefixcolor"]) . $row["username"] . stripslashes($row["suffixcolor"]) . "</a></center></td>"; $user[$i] .= "<td class='lista'><center>" . ucfirst($row["level"]) . "</center></td>"; $user[$i] .= "<td class='lista'><center><img src='images/flag/" . $row["flagpic"] . "' border='0' alt='" . $row["country"] . "'></center></td>";
$org = $CURUSER['username']; $r = do_sqlquery("SELECT * from {$TABLE_PREFIX}users where id={$uid}"); $c = mysqli_result($r, 0, "seedbonus"); if ($c >= $GLOBALS["price_name"]) { if (isset($_POST["name"])) { $custom = mysqli_real_escape_string($DBDT, $_POST["name"]); } else { $custom = ""; } if ("{$custom}" == "") { } else { $res = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}users WHERE username='******'", true); if (mysqli_num_rows($res) > 0) { } else { do_sqlquery("UPDATE {$TABLE_PREFIX}users SET username='******' WHERE id={$CURUSER['uid']}"); if ($FORUMLINK == "smf") { do_sqlquery("UPDATE {db_prefix}members SET memberName='" . htmlspecialchars($custom) . "' WHERE ID_MEMBER=" . $CURUSER["smf_fid"]); } $p = $GLOBALS["price_name"]; do_sqlquery("UPDATE {$TABLE_PREFIX}users SET seedbonus=seedbonus-{$p} WHERE id={$CURUSER['uid']}"); } // sb control @mysqli_query($GLOBALS["___mysqli_ston"], "INSERT into {$TABLE_PREFIX}sb (id,what,gb,points,date) VALUES ('{$uid}','Username ( " . htmlspecialchars($custom) . " )','0', '" . $GLOBALS["price_name"] . "',NOW())"); // sb control do_sqlquery("INSERT INTO {$TABLE_PREFIX}username (uid,username,org,date) VALUES (\"{$uid}\",\"{$custom}\",\"{$org}\",NOW())"); } } header("Location: index.php?page=modules&module=seedbonus"); } else { header("Location: index.php"); }
foreach ($alevel as $level) { $combo_max_view .= "\n<option value=\"" . $level["id_level"] . ($level["id_level"] == 8 ? "\" selected=\"selected\">" : "\">") . $level["level"] . "</option>"; } $combo_max_view .= "\n</select>"; } $admintpl->set("combo_min_view", $combo_min_view); $admintpl->set("combo_max_view", $combo_max_view); $admintpl->set("frm_action", "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=blocks&action=confirm&id={$id}"); $admintpl->set("language", $language); $admintpl->set("edit_block", true, true); break; case 'save': if ($_POST["confirm"] == $language["FRM_CONFIRM"]) { $br = get_result("SELECT * FROM {$TABLE_PREFIX}blocks", true); foreach ($br as $id => $block) { $active = isset($_POST["status_" . $block["blockid"]]) ? 1 : 0; $position = sqlesc($_POST["position_" . $block["blockid"]]); $sort = max(0, $_POST["sort_" . $block["blockid"]]); $block_minview = sqlesc(intval($_POST["minclassview_" . $block["blockid"]])); $block_maxview = sqlesc(intval($_POST["maxclassview_" . $block["blockid"]])); $id = $block["blockid"]; do_sqlquery("UPDATE {$TABLE_PREFIX}blocks SET position={$position}, sortid={$sort}, status={$active}, minclassview={$block_minview}, maxclassview={$block_maxview} WHERE blockid={$id}", true); } } // don't break, we read the new block's position ;) // don't break, we read the new block's position ;) case '': case 'read': default: read_blocks(); }
$usys = " <img src='images/user_images/" . $sy . "' alt='" . $btit_settings["text_sys"] . "' title='" . $btit_settings["text_sys"] . "' />"; } // user image // gift $xmasdayst = mktime(0, 0, 0, 12, 1, 2015); $xmasdayend = mktime(0, 0, 0, 1, 5, 2016); $today = mktime(date("G"), date("i"), date("s"), date("m"), date("d"), date("Y")); if ($CURUSER["gotgift"] == 'no' && $today >= $xmasdayst && $today <= $xmasdayend) { ?> <td class='lista' style='text-align:center;;' align='center'><a href='index.php?page=gift&open=1'><img src='images/gift.png' alt='Xmas Gift' title='Xmas Gift' /></a></td> <?php } // gift // DT reputation system start $reput = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}reputation_settings WHERE id =1"); $setrep = mysqli_fetch_array($reput); if ($setrep["rep_is_online"] == 'false') { //do nothing } else { if ($rowuser["reputation"] == 0) { $rep = "<a href=index.php?page=reputationpage > Reputace <img src='images/rep/reputation_balance.gif' border='0' alt='" . $setrep["no_level"] . "' title='" . $setrep["no_level"] . "' /></a>"; } if ($rowuser["reputation"] >= 1) { $rep = "<a href=index.php?page=reputationpage > Reputace <img src='images/rep/reputation_pos.gif' border='0' alt='" . $setrep["good_level"] . "' title='" . $setrep["good_level"] . "' /></a>"; } if ($rowuser["reputation"] <= -1) { $rep = "<a href=index.php?page=reputationpage > Reputace <img src='images/rep/reputation_neg.gif'border='0' alt='" . $setrep["bad_level"] . "' title='" . $setrep["bad_level"] . "' /></a>"; } if ($rowuser["reputation"] >= 101) { $rep = "<a href=index.php?page=reputationpage > Reputace <img src='images/rep/reputation_highpos.gif' border='0' alt='" . $setrep["best_level"] . "' title='" . $setrep["best_level"] . "' /></a>";
<input type="text" name="genre" value="" size="50" /> </fieldset> </td> </tr> <tr> <td align="center" class="header"> <input type="submit" value="' . $language['f3'] . '" /> <input type="reset" value="' . $language['f4'] . '" /> </td> </tr> </table> </form>'; $djtpl->set("reqform", $reqform); } if ($_GET['do'] == 'list') { $is_mod = $CURUSER["edit_users"] == "yes"; $Query = do_sqlquery('SELECT t.*, u.username, g.prefixcolor, g.suffixcolor FROM ' . $TABLE_PREFIX . 'shoutcastdj t LEFT JOIN ' . $TABLE_PREFIX . 'users u ON t.uid=u.id LEFT JOIN ' . $TABLE_PREFIX . 'users_level g ON u.id_level=g.id ORDER by t.active ASC', true); if (mysqli_num_rows($Query)) { $activedjlist = ' <table width="100%" align="center" border="0" cellpadding="3" cellspacing="0"> <tr> <td colspan="5" class="header"><center>' . $language['djlist'] . '</center></td> </tr> <tr> <td class="header"><center>' . $language['djname'] . '</center></td> <td class="header"><center>' . $language['adays'] . '</center></td> <td class="header"><center>' . $language['atime'] . '</center></td> <td class="header"><center>' . $language['genre'] . '</center></td> <td class="header"><center>' . $language['status'] . '</center></td> </tr>'; while ($List = mysqli_fetch_assoc($Query)) { $activedjlist .= '
$lastip = sprintf("%u", ip2long($lastip)); if ($firstip == -1 || $lastip == -1) { err_msg($language["ERROR"], $language["BAN_IP_ERROR"]); } else { $comment = sqlesc($comment); $added = sqlesc(time()); do_sqlquery("INSERT INTO {$TABLE_PREFIX}bannedip (added, addedby, first, last, comment) VALUES({$added}, {$CURUSER['uid']}, {$firstip}, {$lastip}, {$comment})", true); } } // don't break, so now we read directly ;) // don't break, so now we read directly ;) case '': case 'read': default: $banned = array(); $getbanned = do_sqlquery("SELECT b.*, u.username FROM {$TABLE_PREFIX}bannedip b LEFT JOIN {$TABLE_PREFIX}users u ON u.id=b.addedby ORDER BY b.added DESC", true); $rowsbanned = @mysql_num_rows($getbanned); $admintpl->set("frm_action", "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=banip&action=write"); $i = 0; if ($rowsbanned > 0) { $admintpl->set("no_records", false, true); while ($arr = mysql_fetch_assoc($getbanned)) { $banned[$i]["first_ip"] = long2ip($arr["first"]); $banned[$i]["last_ip"] = long2ip($arr["last"]); $banned[$i]["date"] = get_date_time($arr['added']); $banned[$i]["comments"] = htmlspecialchars(unesc($arr["comment"])); $banned[$i]["by"] = "<a href=\"index.php?page=userdetails&id=" . $arr["addedby"] . "\">" . unesc($arr["username"]) . "</a>"; $banned[$i]["remove"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=banip&action=delete&ip={$arr['id']}\" onclick=\"return confirm('" . str_replace("'", "\\'", $language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; $i++; } } else {
stdfoot(); exit; } elseif ($_POST["new_pwd"] != $_POST["new_pwd1"]) { err_msg($language["ERROR"], $language["DIF_PASSWORDS"]); stdfoot(); exit; } else { $respwd = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}users WHERE id={$uid} AND password='******' AND username="******"username"]) . ""); if (!$respwd || mysql_num_rows($respwd) == 0) { err_msg($language["ERROR"], $language["ERR_RETR_DATA"]); } else { $arr = mysql_fetch_assoc($respwd); do_sqlquery("UPDATE {$TABLE_PREFIX}users SET password='******' WHERE id={$uid} AND password='******' AND username="******"username"]) . "") or die(mysql_error()); if ($GLOBALS["FORUMLINK"] == "smf") { $passhash = smf_passgen($CURUSER["username"], $_POST["new_pwd"]); do_sqlquery("UPDATE {$db_prefix}members SET passwd='{$passhash['0']}', passwordSalt='{$passhash['1']}' WHERE ID_MEMBER=" . $arr["smf_fid"]) or die(mysql_error()); } success_msg($language["PWD_CHANGED"], "" . $language["NOW_LOGIN"] . "<br /><a href=\"index.php?page=login\">Go</a>"); stdfoot(true, false); } } break; case '': case 'change': default: $pwdtpl = array(); $pwdtpl["frm_action"] = "index.php?page=usercp&do=pwd&action=post&uid=" . $uid . ""; $pwdtpl["frm_cancel"] = "index.php?page=usercp&uid=" . $uid . ""; $usercptpl->set("pwd", $pwdtpl); break; }
header("Location: index.php?page=moder&hash=" . $_POST["hash"] . ""); } $torrenttpl->set("return", "index.php?page=moder"); } else { $check8 = TRUE; } $torrenttpl->set("editing", $editing); } } else { $check2 = TRUE; } $torrenttpl->set("return", "index.php?page=moder"); } else { $check3 = TRUE; $sql = $full . " WHERE moder!='ok'"; $row = do_sqlquery($sql, true); if (mysql_num_rows($row) > 0) { $selecting = "<table border=\"1\">"; $selecting .= "<tr><td align=\"center\"><b>Mod.</b></td><td align=\"center\"><b>Cat.</b></td><td align=\"center\"><b>Name<b></td><td align=\"center\"><b>Dl<b></td><td align=\"center\"><b>Uploader</b></td></tr>"; while ($data = mysql_fetch_array($row)) { if ($CURUSER['edit_torrents'] == "yes") { $link = "edit&info_hash"; } else { $link = "moder&edit"; } $selecting .= "<tr>"; $selecting .= "<td align=\"center\"><a href=\"index.php?page=" . $link . "=" . $data["info_hash"] . "\" title=\"" . $data["moder"] . "\"><img alt=\"" . $data["moder"] . "\" src=\"images/mod/" . $data["moder"] . ".png\"></a></td>"; $selecting .= "<td align=\"center\"><a href=\"index.php?page=torrents&category={$data['catid']}\" title=\"" . $data["cname"] . "\">" . image_or_link($data["image"] == "" ? "" : "{$STYLEPATH}/images/categories/" . $data["image"], "", $data["cname"]) . "</a></td>"; $selecting .= "<td align=\"center\"><a href=\"index.php?page=torrent-details&id=" . $data['info_hash'] . "\">" . $data['filename'] . "</a></td>"; $selecting .= "<td align=\"center\"><a href=\"download.php?id=" . $data["info_hash"] . "&f=" . urlencode($data["filename"]) . ".torrent\" title=\"" . $data["filename"] . "\">" . image_or_link("images/download.gif", "", "torrent") . "</a></td>"; $selecting .= "<td align=\"center\"><a href=\"index.php?page=userdetails&id=" . $data['upname'] . "\">" . $data['uploader'] . "</a></td>";
} print "<td style=\"text-align:center;\" align=\"center\"><a class=\"mainuser\" href=\"index.php?page=flush\"><img src=\"images/ghost.png\" /></a></td>\n"; print "<td style=\"text-align:center;\" align=\"center\"><a class=\"mainuser\" href=\"index.php?page=friendlist\"><img src=\"images/friend.png\" /></a></td>\n"; if ($CURUSER["admin_access"] == "yes" and $btit_settings["slon"] == true) { print "<td style=\"text-align:center;\" align=\"center\"><a class=\"mainuser\" href=\"index.php?page=shitlist\"><img src=\"images/shit.png\" /></a></td>\n"; } if ($CURUSER["admin_access"] == "yes") { print "\n<td align=\"center\" style=\"text-align:center;\"><a class=\"mainuser\" href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "\"><img src=\"images/staff.png\" /></a></td>\n"; } print "<td style=\"text-align:center;\" align=\"center\"><a class=\"mainuser\" href=\"index.php?page=usercp&uid=" . $CURUSER["uid"] . "\"><img src=\"images/user.png\" /></a></td>\n"; if ($btit_settings["noteon"] == true) { print "<td style=\"text-align:center;\" align=\"center\"><a href=\"index.php?page=notepad\"><img src=\"images/note.png\" /></a></td>\n"; } if ($INVITATIONSON) { require load_language("lang_usercp.php"); $resinvs = do_sqlquery("SELECT invitations FROM {$TABLE_PREFIX}users WHERE id=" . $CURUSER["uid"]); $arrinvs = mysqli_fetch_row($resinvs); $invs = $arrinvs[0]; print "<td style=\"text-align:center;\" align=\"center\"><a href=\"index.php?page=usercp&do=invite&action=read&uid=" . $CURUSER["uid"] . "\"><img src=\"images/Invitation.png\" />" . ($invs > 0 ? "(" . $invs . ")" : "") . "</a></td>\n"; } if (substr($FORUMLINK, 0, 3) == "smf") { $resmail = get_result("SELECT `unread" . ($FORUMLINK == "smf" ? "M" : "_m") . "essages` `ur` FROM `{$db_prefix}members` WHERE " . ($FORUMLINK == "smf" ? "`ID_MEMBER`" : "`id_member`") . "=" . $CURUSER["smf_fid"], true, $btit_settings['cache_duration']); } elseif ($FORUMLINK == "ipb") { $resmail = get_result("SELECT `msg_count_new` `ur` FROM `{$ipb_prefix}members` WHERE `member_id`=" . $CURUSER["ipb_fid"], true, $btit_settings['cache_duration']); } else { $resmail = get_result("SELECT COUNT(*) `ur` FROM `{$TABLE_PREFIX}messages` WHERE `readed`='no' AND `receiver`=" . $CURUSER["uid"], true, $btit_settings['cache_duration']); } if ($resmail && count($resmail) > 0) { $mail = $resmail[0]; if ($mail['ur'] > 0) { if ($btit_settings["pmpop"] == true) {
// end of case 'manage' // end of case 'manage' case 'change_to_yes': $id = max(0, $_GET["id"]); $admintpl->set("language", $language); do_sqlquery("UPDATE {$TABLE_PREFIX}modules SET activated='yes', changed=NOW() WHERE id={$id}", true); redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=manage"); die; break; case 'change_to_no': $id = max(0, $_GET["id"]); $admintpl->set("language", $language); do_sqlquery("UPDATE {$TABLE_PREFIX}modules SET activated='no', changed=NOW() WHERE id={$id}", true); redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=manage"); die; break; case 'add': $admintpl->set("language", $language); if ($_POST["confirm"] == $language["FRM_CONFIRM"]) { if ($_POST["module_name"] != "") { do_sqlquery("INSERT INTO {$TABLE_PREFIX}modules (`name`, `type`, `changed`, `created`) VALUES (" . sqlesc($_POST["module_name"]) . "," . sqlesc($_POST["module_type"]) . ",NOW(), NOW())", true); redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=module_config&action=manage"); die; } else { stderr($language["ERROR"], $language["ALL_FIELDS_REQUIRED"]); } } break; // end of case 'add' } // end of switch ($action)
} if ($now >= $expire || $enabled != 'yes') { err_msg($language["ERROR"], $language["CANNOT_SELL_CLOSED"]); stdfoot(); die; } if ($_POST['number'] > $purchaseable || $_POST['number'] < 1) { err_msg($language["ERROR"], $language["LOTT_LIMIT_PURCHASE"] . " " . $purchaseable); stdfoot(); die; } if ($_POST['number'] + $user_tickets > $limit_buy) { err_msg($language["ERROR"], $language["LOTT_LIMIT_BUY"] . " " . $limit_buy); stdfoot(); die; } $upload = $result["uploaded"] - $minupload * $_POST['number']; do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `uploaded`=" . $upload . " WHERE `id`=" . $CURUSER['uid'] . "", true); $tickets = $_POST['number']; for ($i = 0; $i < $tickets; $i++) { do_sqlquery("INSERT INTO {$TABLE_PREFIX}lottery_tickets(user) VALUES(" . $CURUSER['uid'] . ")", true); } $me = mysqli_num_rows(do_sqlquery("SELECT * FROM `{$TABLE_PREFIX}lottery_tickets` WHERE user="******"", true)); // load language file require load_language("lang_lottery.php"); $ticketstpl = new bTemplate(); $ticketstpl->set("language", $language); $ticketstpl->set("nr_tickets", $tickets); $ticketstpl->set("total_tickets", $me); $ticketstpl->set("new_upload", makesize($upload)); header("Refresh: 5; URL=index.php?page=lottery_tickets");
} else { if (empty($dh["don_ation_5"])) { do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_5="' . $don . '",donate_date_5=NOW() WHERE don_id=' . $id); } else { if (empty($dh["don_ation_6"])) { do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_6="' . $don . '",donate_date_6=NOW() WHERE don_id=' . $id); } else { if (empty($dh["don_ation_7"])) { do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_7="' . $don . '",donate_date_7=NOW() WHERE don_id=' . $id); } else { if (empty($dh["don_ation_8"])) { do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_8="' . $don . '",donate_date_8=NOW() WHERE don_id=' . $id); } else { if (empty($dh["don_ation_9"])) { do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_9="' . $don . '",donate_date_9=NOW() WHERE don_id=' . $id); } else { if (empty($dh["don_ation_10"])) { do_sqlquery('update ' . $TABLE_PREFIX . 'don_historie SET don_ation_10="' . $don . '",donate_date_10=NOW() WHERE don_id=' . $id); } } } } } } } } } } } header('Location: ' . $returnto); die;
if ($FORUMLINK == "smf") { $res2 = do_sqlquery("SELECT COUNT(*) FROM {$db_prefix}personal_messages pm LEFT JOIN {$db_prefix}pm_recipients pmr ON pm.ID_PM=pmr.ID_PM {$where}"); } else { $res2 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT COUNT(*) FROM {$TABLE_PREFIX}messages {$where}"); } $row = mysqli_fetch_array($res2); $count = $row[0]; $perpage = 8; list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=ispy&"); $admintpl->set("language", $language); $admintpl->set("pager_top", $pagertop); $admintpl->set("pager_bottom", $pagerbottom); if ($FORUMLINK == "smf") { $res = do_sqlquery("SELECT pm.ID_PM id, pm.ID_MEMBER_FROM sender, pmr.ID_MEMBER receiver, pm.msgtime added, pm.subject, pm.body msg, IF(pmr.is_read=1,'yes','no') readed, pm.fromName sendername FROM {$db_prefix}personal_messages pm LEFT JOIN {$db_prefix}pm_recipients pmr ON pm.ID_PM=pmr.ID_PM WHERE pmr.deleted!=1 ORDER BY added DESC {$limit}"); } else { $res = do_sqlquery("select m.*, IF(m.sender=0,'System',u.username) as sendername FROM {$TABLE_PREFIX}messages m LEFT JOIN {$TABLE_PREFIX}users u on u.id=m.sender ORDER BY added DESC {$limit}"); } $spy = array(); $i = 0; include "{$THIS_BASEPATH}/include/offset.php"; if ($res) { while ($arr = mysqli_fetch_assoc($res)) { if ($FORUMLINK == "smf") { $res2 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT username FROM {$TABLE_PREFIX}users WHERE smf_fid=" . $arr["receiver"]) or sqlerr(); } else { $res2 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT username FROM {$TABLE_PREFIX}users WHERE id=" . $arr["receiver"]) or sqlerr(); } $arr2 = mysqli_fetch_assoc($res2); if ($FORUMLINK == "smf") { $res3 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT username FROM {$TABLE_PREFIX}users WHERE smf_fid=" . $arr["sender"]) or sqlerr(); } else {
if ($CURUSER['id_level'] <= $att['id_level']) { stderr("Forget It", "you can not demote/promote a member with the same or a higher rank than you !!"); stdfoot(); die; } // protection $dt3 = (int) $_POST['level']; $dt2 = 'yes'; $dt1 = rank_expiration(mktime(date('H') + 2, date('i'), date('s'), date('m'), date('d') + addslashes($_POST['t_days']), date('Y'))); $returnto = $_POST['returnto']; // staff control do_sqlquery("INSERT INTO {$TABLE_PREFIX}t_rank (userid, old_rank, new_rank, date, byt , enddate) VALUES ({$id},{$idd},{$dt3}, NOW(), {$CURUSER['uid']}, '{$dt1}' )", true); // staff control $res4 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT level FROM {$TABLE_PREFIX}users_level WHERE id ='{$dt3}'"); $arr4 = mysqli_fetch_assoc($res4); $newrank = $arr4[level]; $res5 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT old_rank FROM {$TABLE_PREFIX}users WHERE id ='{$id}'"); $arr5 = mysqli_fetch_assoc($res5); $res6 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT level FROM {$TABLE_PREFIX}users_level WHERE id ='{$arr5['old_rank']}'"); $arr6 = mysqli_fetch_assoc($res6); $oldrank = $arr6[level]; function rank_expiration($timestamp = 0) { return gmdate('Y-m-d H:i:s', $timestamp); } $subj = sqlesc("Your rank is changed !"); $msg = sqlesc("Your rank is changed to " . $newrank . "\n\n this is a timed rank and it will expire " . $dt1 . "\n\n after that you will get your old rank " . $oldrank . " back\n\n [color=red]This is a automatic system message , so DO NOT reply ![/color]"); do_sqlquery("UPDATE `{$TABLE_PREFIX}users` SET `old_rank` = '" . $idd . "',`timed_rank`='" . $dt1 . "', `rank_switch`='" . $dt2 . "', `id_level`='" . $dt3 . "' WHERE `id`=" . $id); send_pm(0, $id, $subj, $msg); header('Location: ' . $returnto); die;
$successadd = "<br><h2>Team successfully added!</h2>"; } $admintpl->set("success", $successadd); $close = "<br>\n</form>"; $admintpl->set("close", $close); //ELSE Display Teams $current = "\n<table class=main cellspacing=0 cellpadding=3 width=50%><tr><td class=header align=center colspan=6>" . $language['TEAM_CURR'] . "</td></tr><tr>\n<td class=header style=\"text-align:center\">" . $language['TEAM_ID_H'] . "</td><td class=header style=\"text-align:center\">" . $language['TEAM_LOGO_H'] . "</td><td class=header style=\"text-align:center\">" . $language['TEAM_NAME_H'] . "</td><td class=header style=\"text-align:center\">" . $language['TEAM_OWNER_H'] . "</td><td class=header style=\"text-align:center\">" . $language['TEAM_DESC_H'] . "</td><td class=header style=\"text-align:center\">" . $language['TEAM_EDIT_H'] . "</td>"; $admintpl->set("current", $current); $teamsres = do_sqlquery("SELECT COUNT(*) from {$TABLE_PREFIX}teams where id>0 ORDER BY id ASC {$limit}"); $teamnum = mysqli_fetch_row($teamsres); $num2 = $teamnum[0]; $perpage = max(0, $CURUSER["torrentsperpage"]) > 0 ? $CURUSER["torrentsperpage"] : 10; list($pagertop, $pagerbottom, $limit) = pager($perpage, $num2, "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=teams&"); $admintpl->set("pagertop", $pagertop); $admintpl->set("pagerbottom", $pagerbottom); $teamres = do_sqlquery("SELECT id, name, image, owner, info from {$TABLE_PREFIX}teams where id>0 ORDER BY id ASC {$limit}"); $teams = array(); $i = 0; while ($row = mysqli_fetch_array($teamres)) { $teams[$i][id] = (int) $row['id']; $teams[$i][name] = htmlspecialchars($row['name']); $teams[$i][image] = htmlspecialchars($row['image']); $teams[$i][owner] = (int) $row['owner']; $teams[$i][info] = format_comment($row['info']); $owner = (int) $row['owner']; $OWNERNAME1 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT username, ul.prefixcolor, ul.suffixcolor FROM {$TABLE_PREFIX}users u left join {$TABLE_PREFIX}users_level ul on u.id_level=ul.id WHERE u.id={$owner}"); $OWNERNAME2 = mysqli_fetch_array($OWNERNAME1); $teams[$i][OWNERNAME] = stripslashes($OWNERNAME2[prefixcolor]) . $OWNERNAME2['username'] . stripslashes($OWNERNAME2[suffixcolor]); $OWNERNAME = $OWNERNAME2['username']; $id = (int) $row['id']; $name = htmlspecialchars($row['name']);
$t[$i]["info"] = $tstatus['Msg_type']; $t[$i]["status"] = $tstatus['Msg_text']; $i++; } $admintpl->set("language", $language); $admintpl->set("results", $t); $admintpl->set("db_status", false, true); $admintpl->set("table_result", true, true); } } else { header("Location: index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=dbutil&action=status"); } break; case 'status': default: $dbstatus = do_sqlquery("SHOW TABLE STATUS"); if (mysql_num_rows($dbstatus) > 0) { $admintpl->set("frm_action", "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=dbutil&action=tables"); $i = 0; $bytes = 0; $records = 0; $overhead = 0; $tables = array(); // display current status for tables while ($tstatus = mysql_fetch_array($dbstatus)) { $tables[$i]["name"] = $tstatus['Name']; $tables[$i]["rows"] = $tstatus['Rows']; $tables[$i]["length"] = makesize($tstatus['Data_length'] + $tstatus['Index_length']); $tables[$i]["overhead"] = $tstatus['Data_free'] == 0 ? "-" : makesize($tstatus['Data_free']); $i++; $bytes += $tstatus['Data_length'] + $tstatus['Index_length'];
$admintpl->set("show_poller", false, true); $admintpl->set("new_poll", true, true); $admintpl->set("polls", $polls); $admintpl->set("new_polls", $newpolls); } /*** * Show poll voters ***/ if (isset($votes) && !isset($_POST['new']) && empty($id)) { //Per Page Listing Limitation Start - 7:29 PM 3/22/2007 $count = $voters; $perpage = $GLOBALS["votesppage"]; list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=poller&votes=" . $votes . "&voters=" . $voters . "&" . $addparams); //Per Page Listing Limitation Stop //mysql query to select all information on polls in the database $resource = do_sqlquery("SELECT pv.*, username, prefixcolor, suffixcolor, optionText, defaultChecked FROM {$TABLE_PREFIX}poller_vote pv LEFT JOIN {$TABLE_PREFIX}users u ON pv.memberID=u.id LEFT JOIN {$TABLE_PREFIX}users_level ul on u.id_level=ul.id_level LEFT JOIN {$TABLE_PREFIX}poller_option po on pv.optionID=po.ID WHERE pv.pollerID='" . $votes . "' GROUP BY pv.voteDate " . $limit . "", true); //die("SELECT pv.*, username, prefixcolor, suffixcolor, optionText, defaultChecked FROM {$TABLE_PREFIX}poller_vote pv LEFT JOIN {$TABLE_PREFIX}users u ON pv.memberID=u.id LEFT JOIN {$TABLE_PREFIX}users_level ul on u.id_level=ul.id_level LEFT JOIN {$TABLE_PREFIX}poller_option po on pv.optionID=po.ID WHERE pv.pollerID='".$votes."' GROUP BY pv.voteDate ".$limit.""); $block_title = $language["POLLING_SYSTEM"] . " - " . $language["POLL_VOTERS"]; //Per Page Listing Limitation Start - 7:35 PM 3/22/2007 if ($count > $perpage) { $admintpl->set("poll_pager_top", $pagertop); } else { $admintpl->set("poll_pager_top", ""); } //Per Page Listing Limitation Stop $i = 0; while ($results = mysqli_fetch_assoc($resource)) { //background color for checked poll option $bold = "normal"; if ($CURUSER["uid"] == $results["memberID"]) { $bold = "bold";
stderr("Error", "No torrent matches this info hash"); stdfoot(); exit; } if (is_null($nume) || is_null($hash) || is_null($pic) || is_null($cds) || is_null($autor) || is_null($link) || is_null($frame)) { stderr("Error", "Please Complete all the fields!"); stdfoot(false, false, true); die; } $cds = sanitize_paranoid_string($cds); $autor = sanitize_paranoid_string($autor); do_sqlquery("UPDATE {$TABLE_PREFIX}subtitles SET name='{$nume}', hash='{$hash}', pic='{$pic}', cds='{$cds}', author='{$autor}', imdb='{$link}', Framerate='{$frame}', flag='{$idflag}' WHERE id=" . $_GET['id']) or sqlerr(); redirect("index.php?page=subtitles"); } } $getname = do_sqlquery("select * from {$TABLE_PREFIX}countries where id=" . $arr["flag"]); $named = mysqli_fetch_assoc($getname); $fres = flag_list(); $option = "\n<select name=\"flag\" size=\"1\">\n<option value='" . $arr["flag"] . "'>" . $named["name"] . "</option>"; $thisip = $_SERVER["REMOTE_ADDR"]; $remotedns = gethostbyaddr($thisip); if ($remotedns != $thisip) { $remotedns = strtoupper($remotedns); preg_match('/^(.+)\\.([A-Z]{2,3})$/', $remotedns, $tldm); if (isset($tldm[2])) { $remotedns = mysqli_real_escape_string($DBDT, $tldm[2]); } } foreach ($fres as $flag) { $option .= "\n<option "; if ($flag["id"] == $dati["flag"] || $flag["domain"] == $remotedns && $action == "signup") {
{ $your_version.="<table width=\"100%\"><tr><td align=\"right\">Installed version:</td><td align=\"left\">".implode(" ",$current_version)."</td></tr>\n"; $your_version.="<tr><td align=\"right\">Current version:</td><td align=\"left\">".implode(" ",$last_version)."</td></tr>\n"; $your_version.="<tr><td colspan=\"2\" align=\"center\">Get Last Version <a href=\"http://www.btiteam.org\" target=\"_blank\">here</a>!</td></tr>\n</table>"; } else { $your_version.="You have the latest xBtit version installed.($tracker_version Rev.$tracker_revision)"; } if (!empty($your_version)) $admin["xbtit_version"]=$your_version."<br />\n"; */ $admin["infos"] .= "<br />\n<table border=\"0\">\n"; $admin["infos"] .= "<tr><td class=\"header\" align=\"center\">Server's OS</td></tr><tr><td align=\"left\">" . php_uname() . "</td></tr>"; $admin["infos"] .= "<tr><td class=\"header\" align=\"center\">PHP version</td></tr><tr><td align=\"left\">" . phpversion() . "</td></tr>"; $sqlver = mysql_fetch_row(do_sqlquery("SELECT VERSION()")); $admin["infos"] .= "\n<tr><td class=\"header\" align=\"center\">MYSQL version</td></tr><tr><td align=\"left\">{$sqlver['0']}</td></tr>"; $sqlver = mysql_stat(); $sqlver = explode(' ', $sqlver); $admin["infos"] .= "\n<tr><td valign=\"top\" class=\"header\" align=\"center\">MYSQL stats</td></tr>\n"; for ($i = 0; $i < count($sqlver); $i++) { $admin["infos"] .= "<tr><td align=\"left\">{$sqlver[$i]}</td></tr>\n"; } $admin["infos"] .= "\n</table><br />\n"; unset($sqlver); // check for news on btiteam site (read rss from comunication forum) /* if($btit_url_rss!="") { include("$THIS_BASEPATH/include/class.rssreader.php");
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED // TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR // PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF // LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING // NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, // EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // //////////////////////////////////////////////////////////////////////////////////// if (!defined("IN_BTIT")) { die("non direct access!"); } if ($CURUSER["uid"] > 1) { $pr = (int) $_GET['pr']; $img = (int) $_GET['img']; $uid = $CURUSER["uid"]; $resuser = do_sqlquery("SELECT u.dona,u.donb,u.birt,u.mal,u.fem,u.bann,u.war,u.par,u.bot,u.trmu,u.trmo,u.vimu,u.vimo,u.friend,u.junkie,u.staff ,u.sysop FROM {$TABLE_PREFIX}users u WHERE u.id=" . $uid); $row_user = mysqli_fetch_array($resuser); if (is_null($pr) || !is_numeric($pr) || is_null($img) || !is_numeric($img) || $CURUSER["view_torrents"] == "no") { header("Location: index.php"); } if ($img == '1' and $row_user["dona"] == "no") { $ui = "dona='yes'"; } else { if ($img == '1' and $row_user["dona"] == "yes") { stderr("error", "You already have this user image ...."); stdfoot(); exit; } } if ($img == '2' and $row_user["donb"] == "no") { $ui = "donb='yes'";
$admintpl->set("forum", $forum); break; case "save": if ($_POST["confirm"] == $language["FRM_CONFIRM"]) { $what = $_GET["what"]; $minclassread = max(1, $_POST["readlevel"]); $minclasswrite = max(1, $_POST["writelevel"]); $minclasscreate = max(1, $_POST["createlevel"]); $description = sqlesc($_POST["description"]); $parent_forum = max(0, $_POST["parent"]); $name = sqlesc($_POST["name"]); if ($what != "new") { $id = intval($_GET["id"]); do_sqlquery("UPDATE {$TABLE_PREFIX}forums SET name={$name},description={$description},minclassread={$minclassread},minclasswrite={$minclasswrite},minclasscreate={$minclasscreate}, id_parent={$parent_forum} WHERE id={$id}", true); } else { do_sqlquery("INSERT INTO {$TABLE_PREFIX}forums SET name={$name},description={$description},minclassread={$minclassread},minclasswrite={$minclasswrite},minclasscreate={$minclasscreate}, id_parent={$parent_forum}", true); } } redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=forum&action=read"); exit; break; case "delete": $id = intval($_GET["id"]); // control if there are posts/topics $resforum = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT *,IF((SELECT COUNT(*) FROM {$TABLE_PREFIX}forums WHERE id_parent={$id})>0,1,0) as i_am_parent FROM {$TABLE_PREFIX}forums WHERE id={$id}"); if ($_GET["confirm"] == 1) { mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM {$TABLE_PREFIX}posts WHERE topicid IN (SELECT id FROM {$TABLE_PREFIX}topics WHERE forumid={$id})") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)); mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM {$TABLE_PREFIX}topics WHERE forumid={$id}") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)); mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM {$TABLE_PREFIX}forums WHERE id={$id}") or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)); redirect("index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=forum&action=read"); exit;
function aggiungiutente() { global $SITENAME, $SITEEMAIL, $BASEURL, $VALIDATION, $USERLANG, $USE_IMAGECODE, $TABLE_PREFIX, $XBTT_USE, $language, $THIS_BASEPATH, $FORUMLINK, $db_prefix; $utente = mysql_escape_string($_POST["user"]); $pwd = mysql_escape_string($_POST["pwd"]); $pwd1 = mysql_escape_string($_POST["pwd1"]); $email = mysql_escape_string($_POST["email"]); $idlangue = intval($_POST["language"]); $idstyle = intval($_POST["style"]); $idflag = intval($_POST["flag"]); $timezone = intval($_POST["timezone"]); if (strtoupper($utente) == strtoupper("Guest")) { err_msg($language["ERROR"], $language["ERR_GUEST_EXISTS"]); stdfoot(); exit; } if ($pwd != $pwd1) { err_msg($language["ERROR"], $language["DIF_PASSWORDS"]); stdfoot(); exit; } if ($VALIDATION == "none") { $idlevel = 3; } else { $idlevel = 2; } # Create Random number $floor = 100000; $ceiling = 999999; srand((double) microtime() * 1000000); $random = rand($floor, $ceiling); if ($utente == "" || $pwd == "" || $email == "") { return -1; exit; } $res = do_sqlquery("SELECT email FROM {$TABLE_PREFIX}users WHERE email='{$email}'"); if (mysql_num_rows($res) > 0) { return -2; exit; } // valid email check - by vibes $regex = "^[_+a-z0-9-]+(\\.[_+a-z0-9-]+)*" . "@[a-z0-9-]+(\\.[a-z0-9-]{1,})*" . "\\.([a-z]{2,}){1}\$"; if (!eregi($regex, $email)) { return -3; exit; } // valid email check end // duplicate username $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE username='******'"); if (mysql_num_rows($res) > 0) { return -4; exit; } // duplicate username if (strpos(mysql_escape_string($utente), " ") == true) { return -7; exit; } if ($USE_IMAGECODE) { if (extension_loaded('gd')) { $arr = gd_info(); if ($arr['FreeType Support'] == 1) { $public = $_POST['public_key']; $private = $_POST['private_key']; $p = new ocr_captcha(); if ($p->check_captcha($public, $private) != true) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } else { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = intval($_POST["security_index"]); if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } } else { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = intval($_POST["security_index"]); if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } } else { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = intval($_POST["security_index"]); if ($security_code[$scode_index]["answer"] != $_POST["scode_answer"]) { err_msg($language["ERROR"], $language["ERR_IMAGE_CODE"]); stdfoot(); exit; } } $bannedchar = array("\\", "/", ":", "*", "?", "\"", "@", "\$", "'", "`", ",", ";", ".", "<", ">", "!", "£", "%", "^", "&", "(", ")", "+", "=", "#", "~"); if (straipos(mysql_escape_string($utente), $bannedchar) == true) { return -8; exit; } if (strlen(mysql_real_escape_string($pwd)) < 4) { return -9; exit; } $pid = md5(uniqid(rand(), true)); do_sqlquery("INSERT INTO {$TABLE_PREFIX}users (username, password, random, id_level, email, style, language, flag, joined, lastconnect, pid, time_offset) VALUES ('{$utente}', '" . md5($pwd) . "', {$random}, {$idlevel}, '{$email}', {$idstyle}, {$idlangue}, {$idflag}, NOW(), NOW(),'{$pid}', '" . $timezone . "')", true); $newuid = mysql_insert_id(); // Continue to create smf members if they disable smf mode // $test=do_sqlquery("SELECT COUNT(*) FROM {$db_prefix}members"); $test = do_sqlquery("SHOW TABLES LIKE '{$db_prefix}members'"); if ($FORUMLINK == "smf" || mysql_num_rows($test)) { $smfpass = smf_passgen($utente, $pwd); $flevel = $idlevel + 10; do_sqlquery("INSERT INTO {$db_prefix}members (memberName, dateRegistered, ID_GROUP, realName, passwd, emailAddress, memberIP, memberIP2, is_activated, passwordSalt) VALUES ('{$utente}', UNIX_TIMESTAMP(), {$flevel}, '{$utente}', '{$smfpass['0']}', '{$email}', '" . getip() . "', '" . getip() . "', 1, '{$smfpass['1']}')"); $fid = mysql_insert_id(); do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = {$fid} WHERE `variable` = 'latestMember'"); do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = '{$utente}' WHERE `variable` = 'latestRealName'"); do_sqlquery("UPDATE `{$db_prefix}settings` SET `value` = UNIX_TIMESTAMP() WHERE `variable` = 'memberlist_updated'"); do_sqlquery("UPDATE {$TABLE_PREFIX}users SET smf_fid={$fid} WHERE id={$newuid}"); } // xbt if ($XBTT_USE) { $resin = do_sqlquery("INSERT INTO xbt_users (uid, torrent_pass) VALUES ({$newuid},'{$pid}')"); } if ($VALIDATION == "user") { ini_set("sendmail_from", ""); if (mysql_errno() == 0) { send_mail($email, $language["ACCOUNT_CONFIRM"], $language["ACCOUNT_MSG"] . "\n\n" . $BASEURL . "/index.php?page=account&act=confirm&confirm={$random}&language={$idlangue}"); write_log("Signup new user {$utente} ({$email})", "add"); } else { die(mysql_error()); } } return mysql_errno(); }