function usercommenttable($rows)
{
    global $CURUSER, $pic_base_url, $userid;
    begin_main_frame();
    begin_frame();
    $count = 0;
    foreach ($rows as $row) {
        echo "<p class=sub>#" . $row["id"] . " by ";
        if (isset($row["username"])) {
            $title = $row["title"];
            if ($title == "") {
                $title = get_user_class_name($row["class"]);
            } else {
                $title = safeChar($title);
            }
            echo "<a name=comm" . $row["id"] . " href=userdetails.php?id=" . $row["user"] . "><b>" . safeChar($row["username"]) . "</b></a>" . ($row["donor"] == "yes" ? "<img src=\"{$pic_base_url}star.gif\" alt='Donor'>" : "") . ($row["warned"] == "yes" ? "<img src=" . "\"{$pic_base_url}warned.gif\" alt=\"Warned\">" : "") . " ({$title})\n";
        } else {
            echo "<a name=\"comm" . $row["id"] . "\"><i>(orphaned)</i></a>\n";
        }
        echo " at " . $row["added"] . " GMT" . ($userid == $CURUSER["id"] || $row["user"] == $CURUSER["id"] || get_user_class() >= UC_MODERATOR ? "- [<a href=usercomment.php?action=edit&amp;cid={$row['id']}>Edit</a>]" : "") . ($userid == $CURUSER["id"] || get_user_class() >= UC_MODERATOR ? "- [<a href=usercomment.php?action=delete&amp;cid={$row['id']}>Delete</a>]" : "") . ($row["editedby"] && get_user_class() >= UC_MODERATOR ? "- [<a href=usercomment.php?action=vieworiginal&amp;cid={$row['id']}>View original</a>]" : "") . "</p>\n";
        $avatar = $CURUSER["avatars"] == "yes" ? safeChar($row["avatar"]) : "";
        $text = format_comment($row["text"]);
        if ($row["editedby"]) {
            $text .= "<p><font size=1 class=small>Last edited by <a href=userdetails.php?id={$row['editedby']}><b>{$row['username']}</b></a> at {$row['editedat']} GMT</font></p>\n";
        }
        begin_table(true);
        echo "<tr valign=top>\n";
        echo "<td align=center width=150 style='padding: 0px'><img width=150 src=\"{$avatar}\"></td>\n";
        echo "<td class=text>{$text}</td>\n";
        echo "</tr>\n";
        end_table();
    }
    end_frame();
    end_main_frame();
}
function commenttable_new($rows)
{
    global $CURUSER, $HTTP_SERVER_VARS;
    begin_main_frame();
    begin_frame();
    $count = 0;
    foreach ($rows as $row) {
        $subres = mysql_query("SELECT name from torrents where id=" . unsafeChar($row["torrent"])) or sqlerr(__FILE__, __LINE__);
        $subrow = mysql_fetch_array($subres);
        print "<br /><a href=\"details.php?id=" . safeChar($row["torrent"]) . "\">" . safeChar($subrow["name"]) . "</a><br />\n";
        print "<p class=sub>#" . $row["id"] . " by ";
        if (isset($row["username"])) {
            print "<a name=comm" . $row["id"] . " href=userdetails.php?id=" . safeChar($row["user"]) . "><b>" . safechar($row["username"]) . "</b></a>" . ($row["warned"] == "yes" ? "<img src=" . "pic/warned.gif alt=\"Warned\">" : "");
        } else {
            print "<a name=\"comm" . safeChar($row["id"]) . "\"><i>(orphaned)</i></a>\n";
        }
        print " at " . safeChar($row["added"]) . " GMT" . "- [<a href=comment.php?action=edit&cid={$row['id']}>Edit</a>]" . "- [<a href=deletecomment.php?id={$row['id']}>Delete</a>]</p>\n";
        $avatar = $CURUSER["avatars"] == "yes" ? safechar($row["avatar"]) : "";
        if (!$avatar) {
            $avatar = "pic/default_avatar.gif";
        }
        begin_table(true);
        print "<tr valign=top>\n";
        print "<td align=center width=150 style='padding: 0px'><img width=150 src={$avatar}></td>\n";
        print "<td class=text>" . format_comment($row["text"]) . "</td>\n";
        print "</tr>\n";
        end_table();
    }
    end_frame();
    end_main_frame();
}
Beispiel #3
0
function newmsg($heading = '', $text = '', $div = 'success', $htmlstrip = false)
{
    if ($htmlstrip) {
        $heading = safeChar(trim($heading));
        $text = safeChar(trim($text));
    }
    print "<table class=\"main\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td class=\"embedded\">\n";
    print "<div class=\"{$div}\">" . ($heading ? "<b>{$heading}</b><br />" : "") . "{$text}</div></td></tr></table>\n";
}
Beispiel #4
0
function makeSafeText($arr)
{
    foreach ($arr as $k => $v) {
        if (is_array($v)) {
            $arr[$k] = makeSafeText($v);
        } else {
            $arr[$k] = safeChar($v);
        }
    }
    return $arr;
}
Beispiel #5
0
function stdmsg2($heading, $text, $htmlstrip = false)
{
    if ($htmlstrip) {
        $heading = safeChar($heading);
        $text = safeChar($text);
    }
    print "<table class=main width=750 border=0 cellpadding=0 cellspacing=0><tr><td class=embedded>\n";
    if ($heading) {
        print "<h2>{$heading}</h2>\n";
    }
    print "<table width=100% border=1 cellspacing=0 cellpadding=10><tr><td class=text>\n";
    print $text . "</td></tr></table></td></tr></table>\n";
}
Beispiel #6
0
    }
    $apps = array('Burning', 'Encoding', 'Anti-Virus', 'Office', 'Os', 'Misc', 'Image');
    for ($x = 0; $x < count($apps); $x++) {
        echo "<label><input type=\"checkbox\" value=\"{$apps[$x]}\" name=\"apps[]\" class=\"DEPENDS ON genre BEING apps\">{$apps[$x]}</label>";
    }
    ?>
</td></tr></table>
</td></tr>
<?php 
    echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" value='Edit it!' style='height: 25px; width: 100px'> <input type=reset value='Revert changes' style='height: 25px; width: 100px'></td></tr>\n";
    echo "</table>\n";
    echo "</form>\n";
    echo "<p>\n";
    echo "<form method=\"post\" action=\"delete.php\">\n";
    echo "<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n";
    echo "<tr><td class=embedded style='background-color: #000000;padding-bottom: 5px' colspan=\"2\"><b>Delete torrent.</b> Reason:</td></tr>";
    echo "<td><input name=\"reasontype\" type=\"radio\" value=\"1\">&nbsp;Dead </td><td> 0 seeders, 0 leechers = 0 peers total</td></tr>\n";
    echo "<tr><td><input name=\"reasontype\" type=\"radio\" value=\"2\">&nbsp;Dupe</td><td><input type=\"text\" size=\"40\" name=\"reason[]\"></td></tr>\n";
    echo "<tr><td><input name=\"reasontype\" type=\"radio\" value=\"3\">&nbsp;Nuked</td><td><input type=\"text\" size=\"40\" name=\"reason[]\"></td></tr>\n";
    echo "<tr><td><input name=\"reasontype\" type=\"radio\" value=\"4\">&nbsp;{$BASEURL} rules</td><td><input type=\"text\" size=\"40\" name=\"reason[]\">(req)</td></tr>";
    echo "<tr><td><input name=\"reasontype\" type=\"radio\" value=\"5\" checked>&nbsp;Other:</td><td><input type=\"text\" size=\"40\" name=\"reason[]\">(req)</td></tr>\n";
    echo "<input type=\"hidden\" name=\"id\" value=\"{$id}\">\n";
    if (isset($_GET["returnto"])) {
        echo "<input type=\"hidden\" name=\"returnto\" value=\"" . safeChar($_GET["returnto"]) . "\" />\n";
    }
    echo "<td colspan=\"2\" align=\"center\"><input type=submit value='Delete it!' style='height: 25px'></td></tr>\n";
    echo "</table>";
    echo "</form>\n";
    echo "</p>\n";
}
stdfoot();
Beispiel #7
0
    $downspeed = $arr["downspeed"] > 0 ? prefixed($arr["downspeed"]) : ($arr["leechtime"] > 0 ? prefixed($arr["downloaded"] / $arr["leechtime"]) : prefixed(0));
    $ratio = $arr["downloaded"] > 0 ? number_format($arr["uploaded"] / $arr["downloaded"], 3) : ($arr["uploaded"] > 0 ? "Inf." : "---");
    $completed = sprintf("%.2f%%", 100 * (1 - $arr["to_go"] / $arr["size"]));
    $res9 = mysql_query("SELECT seeder FROM peers WHERE torrent={$_GET['id']} AND userid={$arr['userid']}");
    $arr9 = mysql_fetch_assoc($res9);
    echo "<tr>\n";
    echo "<td align=left><a href=userdetails.php?id={$arr['userid']}>{$arr['username']}</a>" . get_user_icons($arr) . "</td>\n";
    echo "<td align=right>" . safeChar($arr["id"]) . "</td>\n";
    echo "<td align=center>" . ($arr["connectable"] == "yes" ? "<img src=/pic/online.gif>" : "<img src=/pic/offline.gif>") . "</td>\n";
    echo "<td align=right>" . prefixed($arr["uploaded"]) . "</td>\n";
    echo "<td align=right>{$upspeed}/s</td>\n";
    echo "<td align=right>" . prefixed($arr["downloaded"]) . "</td>\n";
    echo "<td align=right>{$downspeed}/s</td>\n";
    echo "<td align=right>{$ratio}</td>\n";
    echo "<td align=right>{$completed}</td>\n";
    echo "<td align=right>" . safeChar($arr["hit_and_run"]) . "</td>\n";
    echo "<td align=right>" . safeChar($arr["mark_of_cain"]) . "</td>\n";
    echo "<td align=right><center><b>" . get_snatched_color($arr["seedtime"]) . "</b></center></td>\n";
    echo "<td align=right>" . mkprettytime($arr["leechtime"]) . "</td>\n";
    echo "<td align=center>{$arr['last_action']}</td>\n";
    echo "<td align=center>" . safeChar($arr["complete_date"] == "0000-00-00 00:00:00" ? "Not Complete Yet" : $arr["complete_date"]) . "</td>\n";
    echo "<td align=center>" . safeChar($arr[port]) . "</td>\n";
    echo "<td align=center>" . ($arr9["seeder"] == "yes" ? "<img src=" . $pic_base_url . "online.gif border=0 alt=\"active Seeder\">" : "<img src=" . $pic_base_url . "offline.gif border=0 alt=\"Not seeding!\">") . "</td>\n";
    echo "<td align=right>" . safeChar($arr["timesann"]) . "</td>\n";
    echo "</tr>\n";
}
echo "</table>\n";
if ($count > $perpage) {
    echo "{$pagerbottom}";
}
stdfoot();
Beispiel #8
0
function dooptimizedb()
{
    global $SITENAME, $CURUSER, $DEFAULTBASEURL, $optimizedb_interval, $queries, $query_stat;
    set_time_limit(1200);
    $result = mysql_query("show processlist") or sqlerr(__FILE__, __LINE__);
    while ($row = mysql_fetch_array($result)) {
        if ($row["Time"] > 100 || $row["Command"] == "Sleep") {
            $sql = "kill " . $row["Id"] . "";
            mysql_query($sql) or sqlerr(__FILE__, __LINE__);
        }
    }
    ignore_user_abort(1);
    $alltables = mysql_query("SHOW TABLES") or sqlerr(__FILE__, __LINE__);
    while ($table = mysql_fetch_assoc($alltables)) {
        foreach ($table as $db => $tablename) {
            $sql = "OPTIMIZE TABLE {$tablename}";
            /* Preg match the sql incase it was hijacked somewhere!(will use CHECK|ANALYZE|REPAIR|later) */
            if (preg_match('@^(CHECK|ANALYZE|REPAIR|OPTIMIZE)[[:space:]]TABLE[[:space:]]' . $tablename . '$@i', $sql)) {
                @mysql_query($sql) or die("<b>Something was not right!</b>.\n<br />Query: " . $sql . "<br />\nError: (" . mysql_errno() . ") " . safeChar(mysql_error()));
            }
        }
    }
    @mysql_free_result($alltables);
    write_log("autooptimizedb", " --------------------Auto Optimization Complete using {$queries} queries --------------------");
}
Beispiel #9
0
function insert_compose_frame($id, $newtopic = true, $quote = false, $attachment = false)
{
    global $maxsubjectlength, $CURUSER, $max_torrent_size, $maxfilesize, $pic_base_url, $use_attachment_mod, $forum_pics, $DEFAULTBASEURL;
    if ($newtopic) {
        $res = sql_query("SELECT name FROM forums WHERE id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
        $arr = mysql_fetch_assoc($res) or die("Bad forum ID!");
        ?>
<h3>New topic in <a href='<?php 
        echo $_SERVER['PHP_SELF'];
        ?>
?action=viewforum&amp;forumid=<?php 
        echo $id;
        ?>
'><?php 
        echo safeChar($arr["name"]);
        ?>
</a> forum</h3><?php 
    } else {
        $res = sql_query("SELECT subject, locked FROM topics WHERE id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
        $arr = mysql_fetch_assoc($res) or die("Forum error, Topic not found.");
        if ($arr['locked'] == 'yes') {
            stdmsg("Sorry", "The topic is locked.");
            end_table();
            end_main_frame();
            stdfoot();
            exit;
        }
        ?>
<h3 align="center"><?php 
        echo $language['replyto'];
        ?>
<a href='<?php 
        echo $_SERVER['PHP_SELF'];
        ?>
action=viewtopic&amp;topicid=<?php 
        echo $id;
        ?>
'><?php 
        echo safeChar($arr["subject"]);
        ?>
</a></h3><?php 
    }
    begin_frame("Compose", true);
    ?>
<form method='post' name='compose' action='<?php 
    echo $_SERVER['PHP_SELF'];
    ?>
' enctype='multipart/form-data'>
	<input type="hidden" name="action" value="post" />
	<input type='hidden' name='<?php 
    echo $newtopic ? 'forumid' : 'topicid';
    ?>
' value='<?php 
    echo $id;
    ?>
' /><?php 
    begin_table(true);
    if ($newtopic) {
        ?>
		<tr>
			<td class='rowhead' width="10%">Subject</td>
			<td align='left'>
				<input type='text' size='100' maxlength='<?php 
        echo $maxsubjectlength;
        ?>
' name='subject' style='height: 19px' />
			</td>
		</tr><?php 
    }
    if ($quote) {
        $postid = (int) $_GET["postid"];
        if (!is_valid_id($postid)) {
            stdmsg("Error", "Invalid ID!");
            end_table();
            end_main_frame();
            stdfoot();
            exit;
        }
        $res = sql_query("SELECT posts.*, users.username FROM posts JOIN users ON posts.userid = users.id WHERE posts.id = {$postid}") or sqlerr(__FILE__, __LINE__);
        if (mysql_num_rows($res) == 0) {
            stdmsg("Error", "No post with this ID");
            end_table();
            end_main_frame();
            stdfoot();
            exit;
        }
        $arr = mysql_fetch_assoc($res);
    }
    ?>
<tr>
		<td class='rowhead' width="10%">Body</td>
		<td><?php 
    $qbody = $quote ? "[quote=" . safeChar($arr["username"]) . "]" . safeChar(unesc($arr["body"])) . "[/quote]" : '';
    if (function_exists('textbbcode')) {
        textbbcode("compose", "body", $qbody);
    } else {
        ?>
<textarea name="body" style="width:99%" rows="7"><?php 
        echo $qbody;
        ?>
</textarea><?php 
    }
    if ($use_attachment_mod && $attachment) {
        ?>
<tr>
				<td colspan='2'><fieldset class="fieldset"><legend>Add attachment</legend>
					<input type='checkbox' name='uploadattachment' value='yes' />
					<input type="file" name="file" size="60" />
                    <div class='error'>Allowed files: rar, zip<br />Max file size: <?php 
        echo prefixed($maxfilesize);
        ?>
</div></fieldset>
				</td>
			</tr><?php 
    }
    ?>
		<tr>
		<td align=center colspan=2>
		<?php 
    echo post_icons();
    ?>
		</td>
	</tr>
		<tr>
        	<td colspan='2' align='center'>
            <input type='submit' value='Submit' />
			</td>
		</tr>

		</td>
        </tr><?php 
    end_table();
    ?>
</form><?php 
    end_frame();
    // ------ Get 10 last posts if this is a reply
    if (!$newtopic) {
        $postres = sql_query("SELECT p.id, p.added, p.body, u.id AS uid, u.username, u.avatar " . "FROM posts AS p " . "LEFT JOIN users AS u ON u.id = p.userid " . "WHERE p.topicid = " . sqlesc($id) . " " . "ORDER BY p.id DESC LIMIT 10") or sqlerr(__FILE__, __LINE__);
        if (mysql_num_rows($postres) > 0) {
            ?>
<br /><?php 
            begin_frame("Last 10 post's in reverse order");
            while ($post = mysql_fetch_assoc($postres)) {
                $avatar = $CURUSER["avatars"] == "yes" ? safeChar($post["avatar"]) : '';
                if (empty($avatar)) {
                    $avatar = $pic_base_url . $forum_pics['default_avatar'];
                }
                ?>
<p class=sub>#<?php 
                echo $post["id"];
                ?>
 by <?php 
                echo !empty($post["username"]) ? $post["username"] : "******";
                ?>
 at <?php 
                echo $post["added"];
                ?>
 GMT</p><?php 
                begin_table(true);
                ?>
					<tr>
						<td height='100' width='100' align='center' style='padding: 0px' valign="top"><img height='100' width='100' src="<?php 
                echo $avatar;
                ?>
" /></td>
						<td class='comment' valign='top'><?php 
                echo format_comment($post["body"]);
                ?>
</td>
					</tr><?php 
                end_table();
            }
            end_frame();
        }
    }
    insert_quick_jump_menu();
}
<?php

// CyBerFuN.Ro
// By CyBerNe7
//            //
// http://cyberfun.ro/
// http://xlist.ro/
header("Content-Type: text/html; charset=iso-8859-1");
require_once "include/bittorrent.php";
dbconn();
if (!logged_in()) {
    header("HTTP/1.0 404 Not Found");
    // moddifed logginorreturn by retro//Remember to change the following line to match your server
    print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
    die;
}
$id = 0 + $_GET["id"];
$s = "<table width=500 class=colorss class=main border=\"1\" cellspacing=0 cellpadding=\"5\">\n";
$subres = sql_query("SELECT * FROM files WHERE torrent = {$id} ORDER BY id");
$s .= "<tr><td width=500 class=colhead>Type</td><td class=colhead>Path</td><td class=colhead align=right>Size</td></tr>\n";
while ($subrow = mysql_fetch_array($subres)) {
    preg_match('/\\.([A-Za-z0-9]+)$/', $subrow["filename"], $ext);
    $ext = strtolower($ext[1]);
    if (!file_exists("pic/icons/" . $ext . ".png")) {
        $ext = "Unknown";
    }
    $s .= "<tr><td align\"center\"><img align=center src=\"pic/icons/" . $ext . ".png\" alt=\"{$ext} file\"></td><td class=tableb2 width=700>" . safeChar($subrow["filename"]) . "</td><td align=\"right\">" . prefixed($subrow["size"]) . "</td></tr>\n";
}
$s .= "</table>\n";
echo $s;
    hacker_dork("Secure Ip - Nosey C**t !");
}
// in the case part add staff names exactly as they are on site
//example
//case 'Admin':
//case 'System':
// and so on
switch ($_POST['staffname']) {
    case 'Mindless':
    case 'System':
        $name = safeChar($_POST['staffname']);
        $pass = safeChar($_POST['secrettop']);
        break;
    default:
        $naughtyboy = getip();
        $name = safeChar($_POST['staffname']);
        $msg = "Someone is trying to login through the Staff login page with the name {$name} and ip {$naughtyboy}";
        $subject = "ALERT Failed staff login attempt";
        // change id to your id to recieve a pm if someone tried to login with failed name or just comment it out
        mysql_query("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES (0, 1, '" . get_date_time() . "', " . sqlesc($msg) . ", 0)") or sqlerr(__FILE__, __LINE__);
        stderr("Error", "WARNING ! You're not a staff member");
        die;
        break;
}
//Just keep adding the elseif and validpass until all staff have been added..
if ($_POST['staffname'] == "Mindless") {
    $validpass = "******";
} elseif ($_POST['staffname'] == "System") {
    $validpass = "******";
} else {
    die;
Beispiel #12
0
 $usernamegift = htmlentities(trim($_POST['username']));
 $res = sql_query("SELECT id,uploaded,bonuscomment,username FROM users WHERE username="******"unit"] == '2') {
         $nobits = $_POST["amnt"] * $mb_basic * 1024;
     }
 }
 $amt1 = $_POST["amnt"];
 if ($ubonus >= $nobits) {
     $upgift = safeChar($upgift, 1);
     $bonuscomment = gmdate("Y-m-d") . " - " . prefixed($nobits) . " Upload Credit as gift to {$usernamegift} .\n " . $bonuscomment;
     $bonuscomment_gift = gmdate("Y-m-d") . " - recieved " . prefixed($nobits) . " Upload Credit as gift from {$CURUSER['username']} .\n " . $bonuscomment_gift;
     $upbonus = $ubonus - $nobits;
     $upbonus1 = $userupload + $nobits;
     if ($userid == $useridgift) {
         header("Refresh: 0; url={$BASEURL}/mybonus.php?gift_fail1=1");
         die;
     }
     if (!$useridgift) {
         header("Refresh: 0; url={$BASEURL}/mybonus.php?gift_fail_user=1");
         die;
     }
     if ($amt1 <= 0) {
         header("Refresh: 0; url={$BASEURL}/mybonus.php?gift_fail2=1");
         die;
    die;
}
if (get_user_class() < UC_MODERATOR) {
    hacker_dork("Admin Bookmarks - Nosey C**t !");
}
stdhead("Staff Bookmarks");
begin_main_frame();
$addbookmark = number_format(get_row_count("users", "WHERE addbookmark='yes'"));
begin_frame("In total ({$addbookmark})", true);
begin_table();
?>
<table cellpadding="4" cellspacing="1" border="0" style="width:800px" class="tableinborder" ><tr><td class="tabletitle">ID</td><td class="tabletitle" align="left">Username</td><td class="tabletitle" align="left">Suspicion</td><td class="tabletitle" align="left">Uploaded</td><td class="tabletitle" align="left">Downloaded</td><td class="tabletitle" align="left">Ratio</td></tr>
<?php 
$res = mysql_query("SELECT id,username,bookmcomment,uploaded,downloaded FROM users WHERE addbookmark='yes' ORDER BY id") or print mysql_error();
while ($arr = @mysql_fetch_assoc($res)) {
    if ($arr["downloaded"] != 0) {
        $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 3);
    } else {
        $ratio = "---";
    }
    $ratio = "<font color=" . get_ratio_color($ratio) . ">{$ratio}</font>";
    $uploaded = prefixed($arr["uploaded"]);
    $downloaded = prefixed($arr["downloaded"]);
    $uploaded = str_replace(" ", "<br>", prefixed($arr["uploaded"]));
    $downloaded = str_replace(" ", "<br>", prefixed($arr["downloaded"]));
    echo "<tr><td class=table >" . safeChar($arr[id]) . "</td><td class=table align=\"left\"><b><a href=userdetails.php?id=" . safeChar($arr[id]) . ">" . safeChar($arr[username]) . "</b></td><td class=table align=\"left\">" . safeChar($arr[bookmcomment]) . "</a></td><td class=table align=\"left\">" . $uploaded . "</td></a></td><td class=table align=\"left\">" . $downloaded . "</td><td class=table align=\"left\">{$ratio}</td></tr>";
}
end_main_frame();
end_frame();
end_table();
stdfoot();
Beispiel #14
0
}
begin_table();
echo "<p align=center><a class=altlink href=donations.php>Current Donors</a> || <a class=altlink href=donations.php?total_donors=1>All Donations</a></p>";
echo $pagertop;
echo "<tr><td class=colhead>ID</td><td class=colhead align=left>Username</td><td class=colhead align=left>e-mail</td>" . "<td class=colhead align=left>Joined</td><td class=colhead align=left>Donor Until?</td><td class=colhead align=left>" . "Current</td><td class=colhead align=left>Total</td><td class=colhead align=left>PM</td></tr>";
while ($arr = @mysql_fetch_assoc($res)) {
    // =======change colors
    if ($count2 == 0) {
        $count2 = $count2 + 1;
        $class = "clearalt7";
    } else {
        $count2 = 0;
        $class = "clearalt6";
    }
    // =======end
    echo "<tr><td valign=bottom class={$class}><a class=altlink href=userdetails.php?id=" . safeChar($arr[id]) . ">" . safeChar($arr[id]) . "</a></td>" . "<td align=left valign=bottom class={$class}><b><a class=altlink href=userdetails.php?id=" . safeChar($arr[id]) . ">" . safeChar($arr[username]) . "</b>" . "</td><td align=left valign=bottom class={$class}><a class=altlink href=mailto:" . safeChar($arr[email]) . ">" . safeChar($arr[email]) . "</a>" . "</td><td align=left valign=bottom class={$class}><font size=\"-3\">" . safeChar($arr[added]) . "</font></a>" . "</td><td align=left valign=bottom class={$class}>";
    $r = @mysql_query("SELECT donoruntil FROM users WHERE id=" . sqlesc($arr[id]) . "") or sqlerr();
    $user = mysql_fetch_array($r);
    $donoruntil = $user['donoruntil'];
    if ($donoruntil == '0000-00-00 00:00:00') {
        echo "n/a";
    } else {
        echo "<font size=\"-3\"><p>{$donoruntil} [ " . mkprettytime(strtotime($donoruntil) - gmtime()) . " ] to go...</font></p>";
    }
    echo "</td><td align=left valign=bottom class={$class}><b>£" . safeChar($arr[donated]) . "</b></td>" . "<td align=left valign=bottom class={$class}><b>£" . safeChar($arr[total_donated]) . "</b></td>" . "<td align=left valign=bottom class={$class}><b><a class=altlink href=sendmessage.php?receiver=" . safeChar($arr[id]) . ">PM</a></b></td></tr>";
}
end_table();
end_frame();
echo $pagerbottom;
stdfoot();
die;
Beispiel #15
0
require_once "include/bbcode_functions.php";
dbconn(false);
maxcoder();
if (!logged_in()) {
    header("HTTP/1.0 404 Not Found");
    // moddifed logginorreturn by retro//Remember to change the following line to match your server
    print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
    die;
}
if (get_user_class() < UC_SYSOP) {
    hacker_dork("Shout History - Nosey C**t !");
}
stdhead("Admin Shout History Check");
$count1 = number_format(get_row_count("shoutbox"));
print "<h2 align=center>Full Shout History</h2>";
print "<center><font class=small>We currently have " . safeChar($count1) . " shouts on history</font></center>";
begin_main_frame();
$res1 = mysql_query("SELECT COUNT(*) FROM shoutbox {$limit}") or sqlerr();
$row1 = mysql_fetch_array($res1);
$count = $row1[0];
$shoutsperpage = 30;
list($pagertop, $pagerbottom, $limit) = pager($shoutsperpage, $count, "shistory.php?");
print "{$pagertop}";
$res = sql_query("SELECT * FROM shoutbox ORDER BY date DESC {$limit}") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) {
    print "\n";
} else {
    print "<table border=0 cellspacing=0 cellpadding=2 width='100%' align='left' class='small'>\n";
    $i = 0;
    while ($arr = mysql_fetch_assoc($res)) {
        $res2 = sql_query("SELECT username,class,donor,warned,downloadpos,chatpost,forumpost,uploadpos,parked FROM users WHERE id=" . unsafeChar($arr[userid]) . "") or sqlerr(__FILE__, __LINE__);
Beispiel #16
0
            $letsdoit = mysql_query("SELECT * FROM secureiptable WHERE username="******"UPDATE secureiptable SET eticket=" . sqlesc($editsecret) . " WHERE username="******"INSERT INTO secureiptable VALUES (0, " . sqlesc($name) . ", " . sqlesc($trackingyou) . ", 0,'" . get_date_time() . "'," . sqlesc($editsecret) . ")") or sqlerr(__FILE__, __LINE__);
            }
            break;
        default:
            stderr("Ok", "You can add it later");
            die;
            break;
    }
    stderr("Almost Done", "Check your email account to confirm addition of the ip, NOTE: Check your spam folder");
}
if (!empty($_GET['requested']) && !empty($_GET['secret'])) {
    $confirmname = safeChar($_GET['requested']);
    $secretsauce = $_GET["secret"];
    $added = sqlesc(get_date_time());
    if (!$confirmname) {
        httperr();
    }
    dbconn();
    $res23 = mysql_query("SELECT eticket,ip FROM secureiptable WHERE username = "******"ip"];
    if (!$row23) {
        stderr("Ok", "query not matchin");
    }
    $sec = hash_pad($row23["eticket"]);
    if ($secretsauce != md5($sec)) {
        stderr("Ok", "eticket not matching");
Beispiel #17
0
}
$r = @sql_query("SELECT * FROM users WHERE id={$id}") or sqlerr(__FILE__, __LINE__);
$user = mysql_fetch_array($r) or bark("No User with this ID.");
if ($user["status"] == "pending") {
    die;
}
if (get_user_class() >= UC_MODERATOR && $user["class"] < get_user_class()) {
    echo "<form method=\"post\" action=\"inpageedit.php\">\n";
    echo "<input type=\"hidden\" name=\"action\" value=\"edituser\">\n";
    echo "<input type=\"hidden\" name=\"userid\" value=\"{$id}\">\n";
    echo "<input type=\"hidden\" name=\"torrent\" value=\"{$tid}\">\n";
    echo "<input type=\"hidden\" name=\"returnto\" value=\"snatchleave.php?done=no\">\n";
    echo "<br /><table class=\"main\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n";
    echo "<tr><td class=colhead colspan=3 align=center>Quick-Edit <a target=_blank href=userdetails.php?id=" . $user["id"] . ">" . $user["username"] . "</a></td></tr>";
    if ($user["immun"] == "yes" && $tor["sl_warned"] == "no") {
        $modcomment = safeChar($user["modcomment"]);
        echo "<tr><td class=rowhead>Modcomment:</td><td colspan=2><textarea cols=90 rows=4 readonly>" . $modcomment . "</textarea></td></tr>";
        echo "<tr><td class=rowhead>Warnstatus</td><td align=left colspan=2>\n" . ($user["warns"] > 0 ? "<input type=radio name=warns value=" . ($user["warns"] - 10) . "%>" . ($user["warns"] - 10) . "%" : "") . "\n<input type=radio name=warns value=" . $user["warns"] . "><font color=blue>" . $user["warns"] . " (actually Warnstatus)</font>\n<input type=radio name=warns checked value=" . ($user["warns"] + 10) . ">" . ($user["warns"] + 10) . "%</td></tr>\n";
        echo "<tr><td class=rowhead>Reason of Warnadjustment:</td><td class=tablea colspan=2 align=left><textarea cols=90 rows=6 name=whywarn>H&R on " . $tor["name"] . " \nFileratio: " . $shared . " \nSeedtime: " . mkprettytime($tor["seedtime"]) . "</textarea></td></tr>\n";
        echo "<tr><td class=rowhead>Earlier Warns:</td><td colspan=2><textarea cols=90 rows=4 readonly>" . $user["whywarned"] . "</textarea></td></tr>";
        $realdlremoved = $user['dlremoveuntil'] != "0000-00-00 00:00:00" ? date("d.m.Y - H:i:s", strtotime($user['dlremoveuntil'])) : "Not yet";
        echo "<tr><td class=rowhead>DL disabled until</td><td colspan=2>" . $realdlremoved . "</td></tr>\n";
        echo "<tr><td colspan=\"3\" align=\"center\"><input type=\"submit\" class=\"btn\" value=\"OK\"></td></tr>\n";
        echo "</table>\n";
        echo "</form>\n";
    } else {
        if ($user["immun"] == "yes") {
            $whynot = "This User is immune";
        } elseif ($tor["sl_warned"] == "yes") {
            $whynot = "The Member is already warned for this H&R";
        }
Beispiel #18
0
    // moddifed logginorreturn by retro//Remember to change the following line to match your server
    print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
    die;
}
function puke($text = "You have forgotten here someting?")
{
    stderr("Error", $text);
}
if (get_user_class() < UC_MODERATOR) {
    puke("Access Denied");
}
$action = isset($_POST["action"]) && $_POST["action"] == "edituser" ? $_POST["action"] : '';
if ($action == "edituser") {
    $userid = $_POST["userid"];
    $tid = $_POST["torrent"];
    $modcomm = safeChar($_POST["modcomm"]);
    $percwarn = $_POST["warns"];
    $whywarned = $_POST["whywarn"];
    $class = 0 + $_POST["class"];
    if (!is_valid_id($userid) || !is_valid_user_class($class)) {
        stderr("Error", "cant see which member this should be.");
    }
    // check target user class
    $res = sql_query("SELECT immun, warns, dlremoveuntil, whywarned, enabled, username, class, modcomment FROM users WHERE id = {$userid}") or sqlerr(__FILE__, __LINE__);
    $arr = mysql_fetch_assoc($res) or puke("MySQL: " . mysql_error());
    $editedusername = $arr["username"];
    $warncomment = $arr["whywarned"];
    $curdownloadpos = $arr["downloadpos"];
    $nowdlremoved = $arr["dlremoveuntil"];
    $curpercwarn = $arr["warns"];
    if ($_POST["warns"] == $arr["warns"]) {
Beispiel #19
0
function genbark($x, $y)
{
    stdhead($y);
    echo "<h2>" . safeChar($y) . "</h2>\n";
    echo "<p>" . safeChar($x) . "</p>\n";
    stdfoot();
    exit;
}
   }
}
//-->
</script>
<?php 
echo '<table width="100%"  border="0" align="center" cellpadding="2" cellspacing="0">';
echo "<tr><td class=colhead align=left>Name</td><td class=colhead>OverForum</td><td class=colhead>Read</td><td class=colhead>Write</td><td class=colhead>Create topic</td><td class=colhead>Modify</td></tr>";
$result = sql_query("SELECT  * FROM forums ORDER BY sort ASC");
if ($row = mysql_fetch_array($result)) {
    do {
        $forid = $row['forid'];
        $res2 = sql_query("SELECT name FROM overforums WHERE id=" . unsafeChar($forid) . "");
        $arr2 = mysql_fetch_array($res2);
        $name = $arr2['name'];
        echo "<tr><td><a href=forums.php?action=viewforum&forumid=" . safeChar($row["id"]) . "><b>" . safeChar($row["name"]) . "</b></a><br>" . safeChar($row["description"]) . "</td>";
        echo "<td>" . safeChar($name) . "</td><td>" . get_user_class_name($row["minclassread"]) . "</td><td>" . get_user_class_name($row["minclasswrite"]) . "</td><td>" . get_user_class_name($row["minclasscreate"]) . "</td><td align=center nowrap><b><a href=\"" . $PHP_SELF . "?action=editforum&id=" . safeChar($row["id"]) . "\">Edit</a>&nbsp;|&nbsp;<a href=\"javascript:confirm_delete('" . $row["id"] . "');\"><font color=red>Delete</font></a></b></td></tr>";
    } while ($row = mysql_fetch_array($result));
} else {
    print "<tr><td>Sorry, no records were found!</td></tr>";
}
echo "</table>";
?>
<br><br>
<form method=post action="<?php 
echo $_SERVER["PHP_SELF"];
?>
">
<table width="100%"  border="0" cellspacing="0" cellpadding="3" align="center">
<tr align="center">
    <td colspan="2" class=colhead>Make new forum</td>
  </tr>
    echo "<input type=\"hidden\" name=\"class\" value=\"{$user['class']}\">\n";
    echo "<input type=\"hidden\" name=\"returnto\" value=\"badratio.php?done=no\">\n";
    echo "<br /><table class=\"main\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n";
    echo "<tr><td class=colhead colspan=3 align=center>Quick-Edit <a target=_blank href=userdetails.php?id=" . $user["id"] . ">" . $user["username"] . "</a></td></tr>";
    ?>

<?php 
    if ($user["immun"] == "no") {
        $modcomment = safeChar($user["modcomment"]);
        if ($user["downloaded"] > 0) {
            $uratio = $user["uploaded"] / $user["downloaded"];
            $uratio = number_format($uratio, 3);
        }
        $timeto = get_date_time(gmtime() + 14 * 86400);
        $frist = get_date_time(gmtime() + 8 * 86400);
        $bookmcomment = "" . safeChar($user["bookmcomment"]) . "";
        $enabled = $user["enabled"] == 'yes';
        echo "<form action=\"\" target=bookmcomment name=bookmcomment><tr><td class=rowhead>Add to Bookmarks?</td><td colspan=2 class=tablea align=left><input type=radio name=addbookmark value=yes" . ($user["addbookmark"] == "yes" ? " checked" : "") . ">Yes - One to watch<input type=radio onClick=\"fuellen(this.form,'text1','Bad Ratio (" . $uratio . ") Time until " . date("d.m.Y", strtotime($timeto)) . "')\" name=addbookmark value=ratio" . ($user["addbookmark"] == "ratio" ? " checked" : "") . ">Yes - Bad Ratio <input type=radio onClick=\"fuellen(this.form,'text1','" . $bookmcomment . " / Time until because Ratio ({$uratio}) extended to " . date("d.m.Y", strtotime($frist)) . " ')\" name=addbookmark value=frist>Extend time until <input type=radio name=addbookmark onClick=\"fuellen(this.form,'text1','')\" value=no" . ($user["addbookmark"] == "no" ? " checked" : "") . ">No</td></tr>\n";
        echo "<tr><td class=rowhead>Bookmark Reason:</td><td class=tablea colspan=2 align=left><textarea cols=90 rows=6 name=bookmcomment>{$bookmcomment}</textarea></td></tr>\n";
        echo "<tr><td class=rowhead>Teamcomment:</td><td colspan=2><textarea cols=90 rows=4 readonly>" . $modcomment . "</textarea></td></tr>";
        echo "<tr><td class=rowhead>Warnstatus</td><td align=left colspan=2>" . $user["warns"] . "%</td></tr>\n";
        echo "<tr><td class=\"rowhead\" rowspan=\"2\">Enabled</td><td colspan=\"2\" align=\"left\"><input name=\"enabled\" onClick=\"fuellen2(this.form,'text1','')\" value=\"yes\" type=\"radio\"" . ($enabled ? " checked" : "") . ">Yes <input name=\"enabled\" onClick=\"fuellen2(this.form,'text1','Bad Ratio (" . $uratio . ") ')\" value=\"no\" type=\"radio\"" . (!$enabled ? " checked" : "") . ">No</td></tr>\n";
        echo "<tr><td colspan=\"2\" align=\"left\">Disable Reason:&nbsp;<input type=\"text\" name=\"disreason\" size=\"60\" /></td></tr>";
        echo "<tr><td colspan=\"3\" align=\"center\"><input type=\"submit\" class=\"btn\" value=\"OK\"></td></tr>\n";
        echo "</table>\n";
        echo "</form>\n";
        echo "<br><table><tr><td class=colhead colspan=2 align=center>Depending on the action the member will receive either:</td></tr>";
        echo "<tr><td>Bad ratio warning</td>";
        echo "<td>Bad ratio warning period extended</td></tr>";
        echo "</table>";
    } else {
Beispiel #22
0
$nfo = sqlesc(str_replace("\r\r\n", "\r\n", @file_get_contents($nfofilename)));
$smalldescr = $_POST["description"];
//$ret = sql_query("INSERT INTO torrents (search_text, filename, owner, visible, tube, multiplicator, uclass, anonymous, request, scene, info_hash, name, size, numfiles, url, poster, hidden, staffonly, countstats, half, newgenre, type, vip, allow_comments, subs, descr, ori_descr, description, category, minclass, save_as, added, last_action, nfo, afterpre) VALUES (" .implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "no", $tube, $multiplicator, $uclass, $anonymous, $request, $scene, $infohash, $torrent, $totallen, count($filelist), $url, $poster, $hidden, $staffonly, $countstats, $half, $genre, $type, $vip, $allow_comments, $subs, $descr, $descr, $smalldescr, 0 + $_POST["type"], $minclass, $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', $nfo, '" . $predif . "')");  // or sqlerr(__FILE__, __LINE__);
// == uncomment above to enable doopies pre times on browse
$ret = sql_query("INSERT INTO torrents (search_text, filename, owner, visible, tube, multiplicator, uclass, anonymous, request, scene, info_hash, name, size, numfiles, url, poster, hidden, staffonly, countstats, half, newgenre, type, vip, allow_comments, subs, descr, ori_descr, description, category, minclass, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$shortfname} {$dname} {$torrent}"), $fname, $CURUSER["id"], "no", $tube, $multiplicator, $uclass, $anonymous, $request, $scene, $infohash, $torrent, $totallen, count($filelist), $url, $poster, $hidden, $staffonly, $countstats, $half, $genre, $type, $vip, $allow_comments, $subs, $descr, $descr, $smalldescr, 0 + $_POST["type"], $minclass, $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', {$nfo})") or sqlerr(__FILE__, __LINE__);
if (!$ret) {
    if (mysql_errno() == 1062) {
        bark("torrent already uploaded!");
    }
    bark("mysql puked: " . mysql_error());
}
$id = mysql_insert_id();
if ($CURUSER["anonymous"] == 'yes') {
    $message = "New Torrent : [url={$DEFAULTBASEURL}/details.php?id={$id}] " . safeChar($torrent) . "[/url] Uploaded - Anonymous User";
} else {
    $message = "New Torrent : [url={$DEFAULTBASEURL}/details.php?id={$id}] " . safeChar($torrent) . "[/url] Uploaded by " . safechar($CURUSER["username"]) . "";
}
@sql_query("DELETE FROM files WHERE torrent = {$id}");
function file_list($arr, $id)
{
    foreach ($arr as $v) {
        $new[] = "({$id}," . sqlesc($v[0]) . "," . $v[1] . ")";
    }
    return join(",", $new);
}
mysql_query("INSERT INTO files (torrent, filename, size) VALUES " . file_list($filelist, $id));
$fp = fopen("{$torrent_dir}/{$id}.torrent", "w");
if ($fp) {
    @fwrite($fp, benc($dict), strlen(benc($dict)));
    fclose($fp);
}
Beispiel #23
0
}
if (get_user_class() <= UC_MODERATOR) {
    stderr("Sorry", "Access denied!");
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $ids = $_POST["ids"];
    if (!isset($ids)) {
        header('Location: ' . $_SERVER['PHP_SELF']);
        exit;
    }
    foreach ($ids as $id) {
        if (!is_valid_id($id)) {
            stderr('Error...', 'Invalid ID!');
        }
    }
    $do = safeChar($_POST['do']);
    if ($do == 'enabled') {
        sql_query("UPDATE users SET enabled = 'yes' WHERE ID IN(" . join(', ', $ids) . ") AND enabled = 'no'");
    } elseif ($do == 'confirm') {
        sql_query("UPDATE users SET status = 'confirmed' WHERE ID IN(" . join(', ', $ids) . ") AND status = 'pending'");
    } elseif ($do == 'delete') {
        sql_query("DELETE FROM users WHERE ID IN(" . join(', ', $ids) . ")");
    } else {
        header('Location: ' . $_SERVER['PHP_SELF']);
        exit;
    }
}
$disabled = number_format(get_row_count("users", "WHERE enabled='no'"));
$pending = number_format(get_row_count("users", "WHERE status='pending'"));
$count = number_format(get_row_count("users", "WHERE enabled='no' OR status='pending' ORDER BY username DESC"));
$perpage = '25';
Beispiel #24
0
        stderr("Confirm Bookmark", "Do you really want to mark this bookmark public? Click\n" . "<a href=?torrent={$torrentid}&action=public&sure=1&h={$hash}>here</a> if you are sure.", false);
    }
    if ($_GET['h'] != $hash) {
        stderr('Error', 'what are you doing?');
    }
    function publickbookmark($torrentid)
    {
        global $CURUSER;
        mysql_query("UPDATE bookmarks SET private = 'no' WHERE private = 'yes' AND torrentid = {$torrentid} AND userid = {$CURUSER['id']}");
    }
    publickbookmark($torrentid);
    stdhead("Bookmark made public!");
    echo '<h2>Bookmark made public!</h2>';
} elseif ($action == 'private') {
    $torrentid = (int) $_GET['torrent'];
    $sure = safeChar($_GET['sure']);
    if (!is_valid_id($torrentid)) {
        stderr("Error", "Invalid ID.");
    }
    $hash = md5('the salt to' . $torrentid . 'add' . 'mu55y');
    if (!$sure) {
        stderr("Confirm Bookmark", "Do you really want to mark this bookmark private? Click\n" . "<a href=?torrent={$torrentid}&action=private&sure=1&h={$hash}>here</a> if you are sure.", false);
    }
    if ($_GET['h'] != $hash) {
        stderr('Error', 'what are you doing?');
    }
    if (!is_valid_id($torrentid)) {
        stderr("Error", "Invalid ID.");
    }
    function privatebookmark($torrentid)
    {
Beispiel #25
0
    }
    $updateset[] = 'url = ' . sqlesc($url);
}
// ///////////////////utube mod///////////////////
if (isset($_POST['tube']) && (($tube = $_POST['tube']) != $fetch_assoc['tube'] && !empty($tube))) {
    if (!preg_match('|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $tube)) {
        stderr('Updated failed', 'Make sure you include http:// in the URL.');
    }
    $updateset[] = 'tube = ' . sqlesc($tube);
}
// ==Anonymous mod
if (($anonymous = $_POST['anonymous'] != '' ? 'yes' : 'no') != $fetch_assoc['anonymous']) {
    $updateset[] = 'anonymous = ' . sqlesc($anonymous);
}
// ///////////torrent mulplier//////////////
if (get_user_class() >= UC_ADMINISTRATOR) {
    $multiplicator = isset($_POST['multiplicator']) ? $_POST['multiplicator'] : '';
    $valid_inputs = array(2, 3, 4, 5);
    $multiplicator = $multiplicator && in_array($multiplicator, $valid_inputs) ? $multiplicator : 0;
    if ($multiplicator != $fetch_assoc['multiplicator']) {
        $updateset[] = 'multiplicator = ' . sqlesc($multiplicator);
    }
}
sql_query('UPDATE torrents SET ' . implode(',', $updateset) . ' WHERE id = ' . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
write_log("torrentedit", "" . safeChar($name) . ' was edited by ' . ($fetch_assoc['anonymous'] == 'yes' ? 'Anonymous' : safeChar($CURUSER['username'])) . "");
$modfile = 'cache/details/' . $id . '_moddin.txt';
if (file_exists($modfile)) {
    unlink($modfile);
}
$returl = isset($_POST['returnto']) ? '&returnto=' . urlencode($_POST['returnto']) : 'details.php?id=' . $id . '&edited=1';
header("Refresh: 0; url={$returl}");
Beispiel #26
0
        print "<td align=center class=bottom style=\"padding-bottom: 2px;padding-left: 7px;border:none;\"><input name=c{$cat['id']} type=\"checkbox\" " . (in_array($cat['id'], $wherecatina) ? "checked " : "") . "value=1 /><a class=catlink href=browse.php?cat={$cat['id']}>" . $catz . "</a></td>\n";
        $i++;
    }
    print "</tr></table>";
    print "</td></tr>";
}
?>
</table>

</form>



<?php 
if (isset($cleansearchstr)) {
    print "<h2>" . $language['str1'] . " \"" . safeChar($searchstr) . "\"</h2>\n";
}
if ($CURUSER['update_new'] != 'no') {
    // === if you want a button
    echo '<a href="?clear_new=1"><input type=submit value="clear new tag" class=button></a>';
    // === if you want a link
    // echo'<p><a href="?clear_new=1">clear new tag</a></p>';
}
if ($count) {
    print $pagertop;
    torrenttable($records);
    print $pagerbottom;
} else {
    if (isset($cleansearchstr)) {
        print "<h2>" . $language['str20'] . "</h2>\n";
        print "<p>" . $language['str16'] . "</p>\n";
Beispiel #27
0
    print "<form action=\"inactive.php\" method=\"post\">";
    print "<table class=main border=1 cellspacing=0 cellpadding=5><tr>\n";
    print "<td class=colhead>Username</td>";
    print "<td class=colhead>Class</td>";
    print "<td class=colhead>Mail</td>";
    print "<td class=colhead>Ratio</td>";
    print "<td class=colhead>Last Seen</td>";
    print "<td class=colhead align=\"center\">x</td>";
    while ($arr = mysql_fetch_assoc($res)) {
        $ratio = $arr["downloaded"] > 0 ? number_format($arr["uploaded"] / $arr["downloaded"], 3) : ($arr["uploaded"] > 0 ? "Inf." : "---");
        $last_seen = $arr["last_access"] == "0000-00-00 00:00:00" ? "never" : "" . get_elapsed_time(sql_timestamp_to_unix_timestamp($arr["last_access"])) . "&nbsp;ago";
        $class = get_user_class_name($arr["class"]);
        print "<tr>";
        print "<td><a href=\"userdetails.php?id=" . $arr["id"] . "\">" . $arr["username"] . "</a></td>";
        print "<td>" . $class . "</td>";
        print "<td><a href=\"mailto:" . $arr["email"] . "\">" . safeChar($arr["email"]) . "</a></td>";
        print "<td>" . $ratio . "</td>";
        print "<td>" . $last_seen . "</td>";
        print "<td align=\"center\" bgcolor=\"#FF0000\"><input type=\"checkbox\" name=\"userid[]\" value=\"" . $arr["id"] . "\" /></td>";
        print "</tr>";
    }
    print "<tr><td colspan=\"6\" class=\"colhead\" align=\"center\">\n<select name=\"action\">\n<option value=\"mail\">Send mail</option>\n<option value=\"deluser\" " . ($CURUSER["class"] < UC_ADMINISTRATOR ? "disabled" : "") . ">Delete users</option>\n<option value=\"disable\">Disable Accounts</option>\n</select>&nbsp;&nbsp;<input type=\"submit\" name=\"submit\" value=\"Apply Changes\"/>&nbsp;&nbsp;<input type=\"button\" value=\"Check all\" onClick=\"this.value=check(form)\"></td></tr>";
    if ($record_mail) {
        $ress = sql_query("SELECT avps.value_s AS userid, avps.value_i AS last_mail, avps.value_u AS mails, users.username FROM avps LEFT JOIN users ON avps.value_s=users.id WHERE avps.arg='inactivemail' LIMIT 1");
        $date = mysql_fetch_assoc($ress);
        if ($date["last_mail"] > 0) {
            print "<tr><td colspan=\"6\" class=\"colhead\" align=\"center\" style=\"color:red;\">Last Email sent by <a href=\"usersdetails.php?id=" . htmlspecialchars($date["userid"]) . "\">" . htmlspecialchars($date["username"]) . "</a> on <b>" . gmdate("d M Y", $date["last_mail"]) . " -  " . $date["mails"] . "</b> Email" . ($date["mails"] > 1 ? "s" : "") . "  sent !</td></tr>";
        }
    }
    print "</table></form>";
} else {
Beispiel #28
0
}
if (get_user_class() < UC_SYSOP) {
    stderr('Error', 'Permission denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $err = "";
    if (isset($_POST['removeit']) && $_POST['removeit'] == 'Remove') {
        $filenum = fopen($CACHE . "/countdown.txt", 'w');
        $truncate = ftruncate($filenum, 0);
        fclose($filenum);
        $err .= $truncate ? "File was deleted" : "There was a problem!";
    } else {
        $day = isset($_POST['day']) ? 0 + $_POST['day'] : '';
        $month = isset($_POST['month']) ? 0 + $_POST['month'] : '';
        $year = isset($_POST['year']) ? 0 + $_POST['year'] : '';
        $comment = isset($_POST['comment']) ? safeChar($_POST['comment']) : '';
        if (!checkdate($month, $day, $year) || !$comment) {
            stderr('Error', 'Missing form data');
        }
        $countdown = array('day' => $day, 'month' => $month, 'year' => $year, 'comment' => $comment);
        $filenum = fopen($CACHE . "/countdown.txt", 'w+');
        $write = fwrite($filenum, serialize($countdown));
        fclose($filenum);
        $err .= $write ? "Event saved!" : "Something happned, and the event was not saved";
    }
}
stdhead('Countdown');
$cur = unserialize(@file_get_contents($CACHE . "/countdown.txt"));
?>
<h2>Create Countdown</h2>
<!--original idea from hellix alter by putyn :)-->
Beispiel #29
0
</h2></td></tr>
<tr><td>
<?php 
    $res = mysql_query("SELECT cl.id, cl.userid, cl.added, cl.title, cl.body, cl.sticky, u.username " . "FROM changelog AS cl " . "LEFT JOIN users AS u ON u.id = cl.userid " . "WHERE ADDDATE(cl.added, INTERVAL 30 DAY) > NOW() " . "ORDER BY sticky, cl.added DESC LIMIT 10") or sqlerr(__FILE__, __LINE__);
    if (mysql_num_rows($res) > 0) {
        for ($i = 0; $arr = mysql_fetch_assoc($res); ++$i) {
            ?>
	<table width='100%' border='1' cellspacing='0' cellpadding='10'>
		<tr><td class='colhead'>&nbsp;<?php 
            echo gmdate("d M/Y", strtotime($arr['added']));
            ?>
&nbsp;&nbsp;<a href="javascript:klappe_descr('changelog<?php 
            echo $arr['id'];
            ?>
')"><?php 
            echo safeChar($arr['title']);
            ?>
</a>
			<?php 
            if ($CURUSER['class'] >= UC_SYSOP) {
                ?>
&nbsp;<font size="-2"> &nbsp; [<a class='altlink' href='/changelog.php?action=edit&amp;changelogid=<?php 
                echo $arr['id'];
                ?>
&amp;returnto=<?php 
                echo urlencode($_SERVER['PHP_SELF']);
                ?>
'><b>E</b></a>]</font><?php 
                ?>
&nbsp;<font size="-2">[<a class='altlink' href='/changelog.php?action=delete&amp;changelogid=<?php 
                echo $arr['id'];
Beispiel #30
0
    $res = mysql_query("SELECT topic, user FROM ratings WHERE topic =" . unsafeChar($topic_id) . " AND user ="******"id"]) . "");
    $row = mysql_fetch_array($res);
    if ($row["topic"] >= 1) {
        bark("You have already rated this topic.");
    }
    if ($row["topic"] == 0) {
        $res = sql_query("UPDATE ratings SET rating = {$rate_me} WHERE topic =" . unsafeChar($topic_id) . " AND user ="******"id"]) . "");
    }
    if (!$row) {
        $res = sql_query("INSERT INTO ratings (topic, user, rating, added) VALUES (" . unsafeChar($topic_id) . ", " . unsafeChar($CURUSER["id"]) . ", {$rate_me}, NOW())");
    }
    sql_query("UPDATE topics SET numratings = numratings + 1, ratingsum = ratingsum + {$rate_me} WHERE id = " . unsafeChar($topic_id) . "");
    // ===add karma
    sql_query("UPDATE users SET seedbonus = seedbonus+5.0 WHERE id =" . unsafeChar($CURUSER["id"]) . "") or sqlerr(__FILE__, __LINE__);
    // ===end
    $refererto = str_replace('&amp;', '&', safeChar($_SERVER["HTTP_REFERER"]));
    $referer = $_SERVER["HTTP_REFERER"] ? $refererto : "/forums.php?action=viewtopic&topicid={$topic_id}";
    header("Refresh: 0; url={$referer}");
    die;
}
if (!mkglobal("rating:id")) {
    bark("missing form data");
}
$id = 0 + $id;
if (!$id) {
    bark("invalid id");
}
$rating = 0 + $rating;
if ($rating <= 0 || $rating > 5) {
    bark("invalid rating");
}