} else {
if ($search != '') {
$addparam .= $search . "&";
} else {
$addparam .= '';
}
}
$torrentperpage = user::$current["torrentsperpage"];
if ($torrentperpage == 0) {
$torrentperpage = $ntorrents == 0 ? 15 : $ntorrents;
}
// Fixed possible SQL injection (thanks to jeremie78)
$accepted_orders = array('speed', 'dwned', 'finished', 'leechers', 'seeds', 'size', 'data', 'filename', 'cname');
$order = isset($_GET['order']) && in_array($_GET['order'], $accepted_orders) ? $db->real_escape_string($_GET['order']) : 'data';
$by = isset($_GET["by"]) && $db->real_escape_string($_GET["by"]) == 'ASC' ? 'ASC' : 'DESC';
list($pagertop, $limit) = misc::pager($torrentperpage, $count, $scriptname . "?" . $addparam . (utf8::strlen($addparam) > 0 ? "&" : "") . "order=" . $order . "&by=" . $by . "&");
if ($SHOW_UPLOADER) {
$query = "SELECT summary.info_hash AS hash, summary.seeds, summary.leechers, summary.finished AS finished, summary.dlbytes AS dwned, namemap.filename, namemap.url, namemap.info, namemap.anonymous, summary.speed, UNIX_TIMESTAMP( namemap.data ) AS added, categories.image, categories.name AS cname, namemap.category AS catid, namemap.size, namemap.external, namemap.uploader AS upname, users.username AS uploader, prefixcolor, suffixcolor FROM summary LEFT JOIN namemap ON summary.info_hash = namemap.info_hash LEFT JOIN categories ON categories.id = namemap.category LEFT JOIN users ON users.id = namemap.uploader LEFT JOIN users_level ON users.id_level=users_level.id " . $where . " ORDER BY " . $order . " " . $by . " " . $limit;
} else {
$query = "SELECT summary.info_hash AS hash, summary.seeds, summary.leechers, summary.finished AS finished, summary.dlbytes AS dwned, namemap.filename, namemap.url, namemap.info, summary.speed, UNIX_TIMESTAMP( namemap.data ) AS added, categories.image, categories.name AS cname, namemap.category AS catid, namemap.size, namemap.external, namemap.uploader FROM summary LEFT JOIN namemap ON summary.info_hash = namemap.info_hash LEFT JOIN categories ON categories.id = namemap.category " . $where . " ORDER BY " . $order . " " . $by . " " . $limit;
}
$results = $db->query($query) or err_msg(ERROR, CANT_DO_QUERY . "<br />" . $query);
}
$i = 0;
if ($by == "ASC") {
$mark = " ↑";
} else {
$mark = " ↓";
}
?>
</tr>
* Copyright (C) 2004-2015 Btiteam.org
*/
if (!user::$current || user::$current["admin_access"] != "yes") {
err_msg(ERROR, NOT_ADMIN_CP_ACCESS);
stdfoot();
exit;
} else {
$delete_timeout = vars::$timestamp - 60 * 60 * 24 * 7;
// delete log older then 7 days
$db->query("DELETE FROM logs WHERE added < " . $delete_timeout);
block_begin("Site Log");
$logres = $db->query("SELECT COUNT(*) FROM logs ORDER BY added DESC");
$lognum = $logres->fetch_row();
$num = (int) $lognum[0];
$perpage = max(0, user::$current["postsperpage"]) > 0 ? user::$current["postsperpage"] : 20;
list($pagertop, $limit) = misc::pager($perpage, $num, "admincp.php?user="******"uid"] . "&code=" . user::$current["random"] . "&do=logview&");
print $pagertop;
print "\n<table class='lista' width='100%' align='center'><tr>";
print "\n<td class='header'>" . DATE . "</td>";
print "\n<td class='header'>" . USER_NAME . "</td>";
print "\n<td class='header'>" . ACTION . "</td>\n</tr>";
$logres = $db->query("SELECT * FROM logs ORDER BY added DESC " . $limit);
if ($logres) {
while ($logview = $logres->fetch_array(MYSQLI_BOTH)) {
if ($logview["type"] == "delete") {
$bgcolor = "style='background-color:#FF95AC; color:#000000;'";
} elseif ($logview["type"] == "add") {
$bgcolor = "style='background-color:#C1FF83; color:#000000;'";
} elseif ($logview["type"] == "modify") {
$bgcolor = "style='background-color:#DEDEDE; color:#000000;'";
} else {
// Only show if forum is internal
if ($GLOBALS["FORUMLINK"] == '' || $GLOBALS["FORUMLINK"] == 'internal') {
$sql = $db->query("SELECT * FROM posts INNER JOIN users ON posts.userid = users.id WHERE users.id = " . user::$current["uid"]);
$posts = $sql->num_rows;
$memberdays = max(1, round((vars::$timestamp - $row['joined']) / 86400));
$posts_per_day = number_format(round($posts / $memberdays, 2), 2);
print "<tr>\n<td class='header'>" . FORUM . " " . POSTS . ":</td>\n<td class='lista' colspan='2'>" . $posts . " [" . sprintf(POSTS_PER_DAY, $posts_per_day) . "]</td></tr>\n";
}
print "</table>";
block_end();
// ------------------------
block_begin(UPLOADED . " " . MNU_TORRENT);
$resuploaded = $db->query("SELECT namemap.filename, UNIX_TIMESTAMP(namemap.data) AS added, namemap.size, summary.seeds, summary.leechers, summary.finished FROM namemap INNER JOIN summary ON namemap.info_hash = summary.info_hash WHERE uploader = " . $uid . " ORDER BY data DESC");
$numtorrent = $resuploaded->num_rows;
if ($numtorrent > 0) {
list($pagertop, $limit) = misc::pager($utorrents == 0 ? 15 : $utorrents, $numtorrent, $_SERVER["PHP_SELF"] . "?uid=" . $uid . "&");
print $pagertop;
$resuploaded = $db->query("SELECT namemap.filename, UNIX_TIMESTAMP(namemap.data) AS added, namemap.size, summary.seeds, summary.leechers, summary.finished, summary.info_hash AS hash FROM namemap INNER JOIN summary ON namemap.info_hash = summary.info_hash WHERE uploader = " . $uid . " ORDER BY data DESC " . $limit);
}
?>
<table width='100%' class='lista'>
<!-- Column Headers -->
<tr>
<td align='center' class='header'><?php
echo FILE;
?>
</td>
<td align='center' class='header'><?php
echo ADDED;
?>
</td>
?>
</td>
<td align='center' class='header'><?php
echo RATIO;
?>
</td>
<td align='center' class='header'>S</td>
<td align='center' class='header'>L</td>
<td align='center' class='header'>C</TD>
</tr>
<?php
$anq->free();
$anq = $db->query("SELECT history.uid FROM history INNER JOIN namemap ON history.infohash = namemap.info_hash WHERE history.uid = " . $id . " AND history.date IS NOT NULL ORDER BY date DESC");
if ($anq->num_rows > 0) {
list($pagertop, $limit) = misc::pager($utorrents == 0 ? 15 : $utorrents, $anq->num_rows, security::esc_url($_SERVER["PHP_SELF"]) . "?id=" . $id . "&", array("pagename" => "historypage"));
$anq = $db->query("SELECT namemap.filename, namemap.size, namemap.info_hash, history.active, history.agent, history.downloaded, history.uploaded, summary.seeds, summary.leechers, summary.finished\n FROM history INNER JOIN namemap ON history.infohash = namemap.info_hash INNER JOIN summary ON summary.info_hash = namemap.info_hash WHERE history.uid = " . $id . " AND history.date IS NOT NULL ORDER BY date DESC " . $limit);
print "<div align='center'>" . $pagertop . "</div>";
while ($torlist = $anq->fetch_object()) {
print "\n<tr>\n<td class='lista'><a href='details.php?id=" . $torlist->info_hash . "'>" . security::html_safe(unesc($torlist->filename)) . "</td>";
print "\n<td class='lista' align='center'>" . misc::makesize((int) $torlist->size) . "</td>";
print "\n<td class='lista' align='center'>" . security::html_safe($torlist->agent) . "</td>";
print "\n<td align='center' class='lista'>" . ($torlist->active == 'yes' ? ACTIVATED : 'Stopped') . "</td>";
print "\n<td align='center' class='lista'>" . misc::makesize((double) $torlist->downloaded) . "</td>";
print "\n<td align='center' class='lista'>" . misc::makesize((double) $torlist->uploaded) . "</td>";
if ($torlist->downloaded > 0) {
$peerratio = number_format((double) $torlist->uploaded / (double) $torlist->downloaded, 2);
} else {
$peerratio = "∞";
}
print "\n<td align='center' class='lista'>" . unesc($peerratio) . "</td>";
function print_users()
{
global $db, $STYLEPATH, $CURRENTPATH;
if (!isset($_GET["searchtext"])) {
$_GET["searchtext"] = "";
}
if (!isset($_GET["level"])) {
$_GET["level"] = "";
}
$search = security::html_safe($_GET["searchtext"]);
$addparams = "";
if ($search != "") {
$where = " AND users.username LIKE '%" . security::html_safe($db->real_escape_string($_GET["searchtext"])) . "%'";
$addparams = "searchtext=" . $search;
} else {
$where = "";
}
$level = intval(0 + $_GET["level"]);
if ($level > 0) {
$where .= " AND users.id_level = " . $level;
if ($addparams != "") {
$addparams .= "&level=" . $level;
} else {
$addparams = "level=" . $level;
}
}
$order_param = 3;
// getting order
if (isset($_GET["order"])) {
$order_param = (int) $_GET["order"];
switch ($order_param) {
case 1:
$order = "username";
break;
case 2:
$order = "level";
break;
case 3:
$order = "joined";
break;
case 4:
$order = "lastconnect";
break;
case 5:
$order = "flag";
break;
case 6:
$order = "ratio";
break;
default:
$order = "joined";
}
} else {
$order = "joined";
}
if (isset($_GET["by"])) {
$by_param = (int) $_GET["by"];
$by = $by_param == 1 ? "ASC" : "DESC";
} else {
$by = "ASC";
}
if ($addparams != "") {
$addparams .= "&";
}
$scriptname = security::html_safe($_SERVER["PHP_SELF"]);
$res = $db->query("SELECT COUNT(*) FROM users INNER JOIN users_level ON users.id_level = users_level.id WHERE users.id > 1 " . $where);
$row = $res->fetch_row();
$count = (int) $row[0];
list($pagertop, $limit) = misc::pager(20, $count, "users.php?" . $addparams . "order=" . $order_param . "&by=" . $by_param . "&");
if ($by == "ASC") {
$mark = " ↑";
} else {
$mark = " ↓";
}
?>
<div align='center'>
<form action='users.php' name='ricerca' method='get'>
<table border='0' class='lista'>
<tr>
<td class='block'><?php
echo FIND_USER;
?>
</td>
<td class='block'><?php
echo USER_LEVEL;
?>
</td>
<td class='block'> </td>
</tr>
<tr>
<td><input type='text' name='searchtext' size='30' maxlength='50' value='<?php
echo $search;
?>
' /></td>
<?php
print "<td><select name='level'>";
print "<option value='0'" . ($level == 0 ? " selected='selected' " : "") . ">" . ALL . "</option>";
$res = $db->query("SELECT id, level FROM users_level WHERE id_level > 1 ORDER BY id_level");
while ($row = $res->fetch_array(MYSQLI_BOTH)) {
$select = "<option value='" . (int) $row["id"] . "'";
if ($level == $row["id"]) {
$select .= "selected='selected'";
}
$select .= ">" . security::html_safe($row["level"]) . "</option>\n";
print $select;
}
print "</select></td>";
?>
</td>
<td><input type='submit' value='<?php
echo SEARCH;
?>
' /></td>
</tr>
</table>
</form>
<?php
print $pagertop;
?>
<table class='lista' width='95%'>
<tr>
<td class='header' align='center'>
<?php
echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=1&by=" . ($order == "username" && $by == "ASC" ? "2" : "1") . "'>" . USER_NAME . "</a>" . ($order == "username" ? $mark : "");
?>
</td>
<td class='header' align='center'>
<?php
echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=2&by=" . ($order == "level" && $by == "ASC" ? "2" : "1") . "'>" . USER_LEVEL . "</a>" . ($order == "level" ? $mark : "");
?>
</td>
<td class='header' align='center'>
<?php
echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=3&by=" . ($order == "joined" && $by == "ASC" ? "2" : "1") . "'>" . USER_JOINED . "</a>" . ($order == "joined" ? $mark : "");
?>
</td>
<td class='header' align='center'>
<?php
echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=4&by=" . ($order == "lastconnect" && $by == "ASC" ? "2" : "1") . "'>" . USER_LASTACCESS . "</a>" . ($order == "lastconnect" ? $mark : "");
?>
</td>
<td class='header' align='center'>
<?php
echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=5&by=" . ($order == "flag" && $by == "ASC" ? "2" : "1") . "'>" . PEER_COUNTRY . "</a>" . ($order == "flag" ? $mark : "");
?>
</td>
<td class='header' align='center'>
<?php
echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=6&by=" . ($order == "ratio" && $by == "ASC" ? "2" : "1") . "'>" . RATIO . "</a>" . ($order == "ratio" ? $mark : "");
?>
</td>
<?php
if (user::$current["uid"] > 1) {
?>
<td class='header' align='center'><?php
echo PM;
?>
</td>
<?php
}
if (user::$current["edit_users"] == "yes") {
print "<td class='header' align='center'>" . EDIT . "</td>";
}
if (user::$current["delete_users"] == "yes") {
print "<td class='header' align='center'>" . DELETE . "</td>";
} else {
print "</tr>";
}
$query = "SELECT prefixcolor, suffixcolor, users.id, downloaded, uploaded, IF(downloaded > 0, uploaded / downloaded, 0) AS ratio, username, level, UNIX_TIMESTAMP(joined) AS joined, UNIX_TIMESTAMP(lastconnect) AS lastconnect, flag, flagpic, name \n\t FROM users INNER JOIN users_level ON users.id_level = users_level.id LEFT JOIN countries ON users.flag = countries.id \n\t\tWHERE users.id > 1 " . $where . " ORDER BY " . $order . " " . $by . " " . $limit;
$rusers = $db->query($query);
if ($rusers->num_rows == 0) {
print "<tr><td class='lista' colspan='9'>" . NO_USERS_FOUND . "</td></tr>";
} else {
include INCL_PATH . 'offset.php';
while ($row_user = $rusers->fetch_array(MYSQLI_BOTH)) {
print "<tr>\n";
print "<td class='lista'><a href='userdetails.php?id=" . (int) $row_user["id"] . "'>" . unesc($row_user["prefixcolor"]) . security::html_safe(unesc($row_user["username"])) . unesc($row_user["suffixcolor"]) . "</a></td>";
print "<td class='lista' align='center'>" . security::html_safe($row_user["level"]) . "</td>";
print "<td class='lista' align='center'>" . ($row_user["joined"] == 0 ? NOT_AVAILABLE : date("d/m/Y H:i:s", $row_user["joined"] - $offset)) . "</td>";
print "<td class='lista' align='center'>" . ($row_user["lastconnect"] == 0 ? NOT_AVAILABLE : date("d/m/Y H:i:s", $row_user["lastconnect"] - $offset)) . "</td>";
print "<td class='lista' align='center'>" . ($row_user["flag"] == 0 ? "<img src='images/flag/unknown.gif' alt='" . UNKNOWN . "' title='" . UNKNOWN . "' />" : "<img src='images/flag/" . $row_user['flagpic'] . "' alt='" . security::html_safe($row_user['name']) . "' title='" . security::html_safe($row_user['name']) . "' />") . "</td>";
//user ratio
if (max(0, (int) $row_user["downloaded"]) > 0) {
$ratio = number_format((double) $row_user["uploaded"] / (double) $row_user["downloaded"], 2);
} else {
$ratio = "∞";
}
print "<td class='lista' align='center'>" . $ratio . "</td>";
if (user::$current["uid"] > 1) {
print "<td class='lista' align='center'><a href='usercp.php?do=pm&action=edit&uid=" . user::$current['uid'] . "&what=new&to=" . urlencode(security::html_safe(unesc($row_user["username"]))) . "'>" . image_or_link($STYLEPATH . "/pm.png", "", "PM") . "</a></td>";
}
if (user::$current["edit_users"] == "yes") {
print "<td class='lista' align='center'><a href='account.php?act=mod&uid=" . (int) $row_user["id"] . "&returnto=" . urlencode("users.php") . "'>" . image_or_link($STYLEPATH . "/edit.png", "", EDIT) . "</a></td>";
}
if (user::$current["delete_users"] == "yes") {
print "<td class='lista' align='center'><a onclick='return confirm('" . AddSlashes(DELETE_CONFIRM) . "')' href='account.php?act=del&uid=" . (int) $row_user["id"] . "&returnto=" . urlencode("users.php") . "'>" . image_or_link($STYLEPATH . "/delete.png", "", DELETE) . "</a></td>";
}
print "</tr>\n";
}
}
print "</table>\n</div>\n<br />";
}
