function update_config_table($table_name, $default_cfg, $cfg, $type) { foreach ($default_cfg as $config_name => $config_value) { if (isset($_POST[$config_name]) && $_POST[$config_name] != $cfg[$config_name]) { if ($type == 'str') { $config_value = "'" . bt_sql_esc(unesc($_POST[$config_name])) . "'"; } else { if ($type == 'bool') { $config_value = $_POST[$config_name] ? 1 : 0; } else { if ($type == 'num') { $config_value = round(abs(intval($_POST[$config_name]))); } else { return; } } } $sql = "UPDATE {$table_name} SET\n\t\t\t\tconfig_value = {$config_value}\n\t\t\t\tWHERE config_name = '{$config_name}'"; if (!DB()->sql_query($sql)) { message_die(GENERAL_ERROR, "Failed to update configuration for {$config_name}", '', __LINE__, __FILE__, $sql); } } } return; }
function _torrenttable($rt, $frame_caption, $speed = false) { global $STYLEPATH, $extratpl, $language; $torrent = array(); $num = 0; foreach ($rt as $id => $a) { $num++; if ($a["leechers"] > 0) { $r = $a["seeds"] / $a["leechers"]; $ratio = number_format($r, 2); } else { $ratio = $language["INFINITE"]; } $torrent[$num - 1]["rank"] = $num; if ($GLOBALS["usepopup"]) { $torrent[$num - 1]["filename"] = "<a href=\"javascript:popdetails('index.php?page=details&id=" . $a['hash'] . "');\">" . unesc($a["name"]) . "</a>"; } else { $torrent[$num - 1]["filename"] = "<a href=\"index.php?page=details&id=" . $a['hash'] . "\">" . unesc($a["name"]) . "</a>"; } $torrent[$num - 1]["complete"] = number_format($a["finished"]); $torrent[$num - 1]["seeds"] = number_format($a["seeds"]); $torrent[$num - 1]["leechers"] = number_format($a["leechers"]); $torrent[$num - 1]["peers"] = number_format($a["leechers"] + $a["seeds"]); $torrent[$num - 1]["ratio"] = $ratio; if ($speed) { $torrent[$num - 1]["speed"] = makesize($a["speed"]); } } $extratpl->set("language", $language); $extratpl->set("torrent", $torrent); $extratpl->set("DISPLAY_SPEED", $speed, true); $extratpl->set("DISPLAY_SPEED1", $speed, true); return set_block($frame_caption, "center", $extratpl->fetch(load_template("extra-stats.torrent.tpl"))); }
function read_invitations() { global $TABLE_PREFIX, $admintpl, $language, $CURUSER, $STYLEPATH, $btit_settings; $scriptname = htmlspecialchars($_SERVER["PHP_SELF"] . "?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations"); $addparam = ""; $res = get_result("SELECT COUNT(*) as invites FROM {$TABLE_PREFIX}invitations", true); $count = $res[0]["invites"]; list($pagertop, $pagerbottom, $limit) = pager('15', $count, $scriptname . "&"); $admintpl->set("inv_pagertop", $pagertop); $admintpl->set("inv_pagerbottom", $pagerbottom); $results = get_result("SELECT * FROM {$TABLE_PREFIX}invitations ORDER BY id DESC {$limit}", true); $invitees = array(); $i = 0; foreach ($results as $id => $data) { $res = do_sqlquery("SELECT username FROM {$TABLE_PREFIX}users WHERE id = " . $data["inviter"], true); if (mysql_num_rows($res) > 0) { $inviter_name = mysql_result($res, 0, 0); } else { $inviter_name = 'Unknown'; } $invitees[$i]["inviter"] = "<a href=\"index.php?page=userdetails&user="******"inviter"] . "\">" . $inviter_name . "</a>"; $invitees[$i]["invitee"] = unesc($data["invitee"]); $invitees[$i]["hash"] = unesc($data["hash"]); $invitees[$i]["time_invited"] = $data["time_invited"]; $invitees[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=invitations&action=delete&id=" . $data["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; $i++; } $admintpl->set("invitees", $invitees); $admintpl->set("language", $language); }
function user_with_color($username, $prefix = NULL, $suffix = NULL) { global $TABLE_PREFIX; if (isset($prefix) && isset($suffix)) { return unesc($prefix . $username . $suffix); } else { // get cached version for the user (prefix and suffix) $rps = get_result("SELECT prefixcolor,suffixcolor FROM {$TABLE_PREFIX}users u INNER JOIN {$TABLE_PREFIX}users_level ul ON u.id_level=ul.id WHERE u.username="******"", false, 0); return unesc($rps[0]['prefixcolor'] . $username . $rps[0]['suffixcolor']); } }
function format_shout($text) { global $smilies, $BASEURL, $privatesmilies; $s = $text; $s = strip_tags($s); $s = unesc($s); $f = @fopen("badwords.txt", "r"); if ($f && filesize("badwords.txt") != 0) { $bw = fread($f, filesize("badwords.txt")); $badwords = explode("\n", $bw); for ($i = 0; $i < count($badwords); ++$i) { $badwords[$i] = trim($badwords[$i]); } $s = str_replace($badwords, "*censured*", $s); } @fclose($f); // [b]Bold[/b] $s = preg_replace("/\\[b\\]((\\s|.)+?)\\[\\/b\\]/", "<b>\\1</b>", $s); // [i]Italic[/i] $s = preg_replace("/\\[i\\]((\\s|.)+?)\\[\\/i\\]/", "<i>\\1</i>", $s); // [u]Underline[/u] $s = preg_replace("/\\[u\\]((\\s|.)+?)\\[\\/u\\]/", "<u>\\1</u>", $s); // [color=blue]Text[/color] $s = preg_replace("/\\[color=([a-zA-Z]+)\\]((\\s|.)+?)\\[\\/color\\]/i", "<font color=\\1>\\2</font>", $s); // [color=#ffcc99]Text[/color] $s = preg_replace("/\\[color=(#[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9])\\]((\\s|.)+?)\\[\\/color\\]/i", "<font color=\\1>\\2</font>", $s); // [url=http://www.example.com]Text[/url] $s = preg_replace("/\\[url=((http|ftp|https|ftps|irc):\\/\\/[^<>\\s]+?)\\]((\\s|.)+?)\\[\\/url\\]/i", "<a href=\\1 target=_blank>\\3</a>", $s); // [url]http://www.example.com[/url] $s = preg_replace("/\\[url\\]((http|ftp|https|ftps|irc):\\/\\/[^<>\\s]+?)\\[\\/url\\]/i", "<a href=\\1 target=_blank>\\1</a>", $s); // [url]www.example.com[/url] $s = preg_replace("/\\[url\\](www\\.[^<>\\s]+?)\\[\\/url\\]/i", "<a href='http://\\1' target='_blank'>\\1</a>", $s); // [url=www.example.com]Text[/url] $s = preg_replace("/\\[url=(www\\.[^<>\\s]+?)\\]((\\s|.)+?)\\[\\/url\\]/i", "<a href='http://\\1' target='_blank'>\\2</a>", $s); // [size=4]Text[/size] $s = preg_replace("/\\[size=([1-7])\\]((\\s|.)+?)\\[\\/size\\]/i", "<font size=\\1>\\2</font>", $s); // [font=Arial]Text[/font] $s = preg_replace("/\\[font=([a-zA-Z ,]+)\\]((\\s|.)+?)\\[\\/font\\]/i", "<font face=\"\\1\">\\2</font>", $s); // Linebreaks $s = nl2br($s); // Maintain spacing $s = str_replace(" ", " ", $s); reset($smilies); while (list($code, $url) = each($smilies)) { $s = str_replace($code, "<img border=\"0\" src=\"{$BASEURL}/images/smilies/{$url}\" alt=\"{$code}\" />", $s); } reset($privatesmilies); while (list($code, $url) = each($privatesmilies)) { $s = str_replace($code, "<img border=\"0\" src=\"{$BASEURL}/images/smilies/{$url}\" alt=\"{$code}\" />", $s); } return $s; }
function invite($email) { global $CURUSER; global $SITENAME; global $BASEURL; global $SITEEMAIL; global $lang_takeinvite; $id = $CURUSER[id]; $email = unesc(htmlspecialchars(trim($email))); $email = safe_email($email); if (!$email) { bark($lang_takeinvite['std_must_enter_email']); } if (!check_email($email)) { bark($lang_takeinvite['std_invalid_email_address']); } if (EmailBanned($email)) { bark($lang_takeinvite['std_email_address_banned']); } if (!EmailAllowed($email)) { bark($lang_takeinvite['std_wrong_email_address_domains'] . allowedemails()); } $body = "\n你好,\n\n我邀请你加入 {$SITENAME}, 这是一个拥有丰富资源的非开放社区. \n如果你有兴趣加入我们请阅读规则并确认邀请.最后,确保维持一个良好的分享率 \n分享允许的资源.\n\n欢迎到来! :)\n"; $body = str_replace("<br />", "<br />", nl2br(trim(strip_tags($body)))); if (!$body) { bark($lang_takeinvite['std_must_enter_personal_message']); } // check if email addy is already in use $a = @mysql_fetch_row(@sql_query("select count(*) from users where email=" . sqlesc($email))) or die(mysql_error()); if ($a[0] != 0) { bark($lang_takeinvite['std_email_address'] . htmlspecialchars($email) . $lang_takeinvite['std_is_in_use']); } $b = @mysql_fetch_row(@sql_query("select count(*) from invites where invitee=" . sqlesc($email))) or die(mysql_error()); if ($b[0] != 0) { bark($lang_takeinvite['std_invitation_already_sent_to'] . htmlspecialchars($email) . $lang_takeinvite['std_await_user_registeration']); } $ret = sql_query("SELECT username FROM users WHERE id = " . sqlesc($id)) or sqlerr(); $arr = mysql_fetch_assoc($ret); $hash = md5(mt_rand(1, 10000) . $CURUSER['username'] . TIMENOW . $CURUSER['passhash']); $title = $SITENAME . $lang_takeinvite['mail_tilte']; $message = <<<EOD {$lang_takeinvite['mail_one']}{$arr[username]}{$lang_takeinvite['mail_two']} <b><a href="http://{$BASEURL}/signup.php?type=invite&invitenumber={$hash}" target="_blank">{$lang_takeinvite['mail_here']}</a></b><br /> http://{$BASEURL}/signup.php?type=invite&invitenumber={$hash} <br />{$lang_takeinvite['mail_three']}{$invite_timeout}{$lang_takeinvite['mail_four']}{$arr[username]}{$lang_takeinvite['mail_five']}<br /> {$body} <br /><br />{$lang_takeinvite['mail_six']} EOD; sent_mail($email, $SITENAME, $SITEEMAIL, change_email_encode(get_langfolder_cookie(), $title), change_email_encode(get_langfolder_cookie(), $message), "invitesignup", false, false, '', get_email_encode(get_langfolder_cookie())); //this email is sent only when someone give out an invitation sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('" . mysql_real_escape_string($id) . "', '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($hash) . "', " . sqlesc(date("Y-m-d H:i:s")) . ")"); }
public static function sub_cat($sub) { global $db; MCached::connect(); $key = 'sub::categories::' . $sub; $name = MCached::get($key); if ($name === MCached::NO_RESULT) { $c_q = @$db->query("SELECT name FROM categories WHERE id = '" . $sub . "'"); $c_q = @$c_q->fetch_array(MYSQLI_BOTH); $name = security::html_safe(unesc($c_q["name"])); MCached::add($key, $name, self::ONE_DAY); } return $name; }
function category_read() { global $admintpl, $language, $STYLEURL, $CURUSER, $STYLEPATH, $btit_settings; $admintpl->set("language", $language); $cres = genrelist(); for ($i = 0; $i < count($cres); $i++) { $cres[$i]["frm_number"] = "form" . $i; $cres[$i]["name"] = unesc($cres[$i]["name"]); $cres[$i]["image"] = "<img src=\"{$STYLEURL}/images/categories/" . $cres[$i]["image"] . "\" alt=\"\" border=\"0\" />"; $cres[$i]["smf_select"] = get_forum_list($cres[$i]["forumid"], $cres[$i]["id"]); } $admintpl->set("categories", $cres); unset($cres); }
function readGoldSettings() { global $TABLE_PREFIX, $settings; $res = get_result("SELECT * FROM {$TABLE_PREFIX}gold WHERE id='1'", true); $count = 0; foreach ($res as $key => $value) { $settings[$count]["gold_picture"] = unesc("<img src='../gold/" . $value["gold_picture"] . "' border='0' alt='gold'/>\r\n \t\t\t\t\t\t\t\t\t\t <br/>Choose new picture (max size 100px x 100px):<br/><input type='file' name='gold_picture'/>"); $settings[$count]["level"] = createUsersLevelCombo(unesc($value["level"])); $settings[$count]["silver_picture"] = unesc("<img src='../gold/" . $value["silver_picture"] . "' border='0' alt='silver'/>\r\n \t\t\t\t\t\t\t\t\t\t\t<br/>Choose new picture (max size 100px x 100px):<br/><input type='file' name='silver_picture'/>"); $settings[$count]["gold_description"] = unesc("<textarea name='gold_description' style='width:250px; height:120px; border:1px solid #999999;'>" . $value["gold_description"] . "</textarea>"); $settings[$count]["silver_description"] = unesc("<textarea name='silver_description' style='width:250px; height:120px; border:1px solid #999999;'>" . $value["silver_description"] . "</textarea>"); $settings[$count]["classic_description"] = unesc("<textarea name='classic_description' style='width:250px; height:120px; border:1px solid #999999;'>" . $value["classic_description"] . "</textarea>"); $count++; } }
function faq_read() { global $admintpl, $language, $STYLEURL, $CURUSER, $STYLEPATH; $admintpl->set("faq_add", false, true); $admintpl->set("language", $language); $cres = genrelistfaq('', 'faq_group'); for ($i = 0; $i < count($cres); $i++) { $cres[$i]["name"] = unesc($cres[$i]["title"]); $cres[$i]["edit"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=faq_group&action=edit&id=" . $cres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>"; $cres[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=faq_group&action=delete&id=" . $cres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; } $admintpl->set("faq", $cres); $admintpl->set("faq_add_new", "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=faq_group&action=add\">" . $language["FAQ_ADD"] . "</a>"); unset($cres); }
function category_read() { global $admintpl, $language, $STYLEURL, $CURUSER, $STYLEPATH; $admintpl->set("category_add", false, true); $admintpl->set("language", $language); $cres = genrelist(); for ($i = 0; $i < count($cres); $i++) { $cres[$i]["name"] = unesc($cres[$i]["name"]); $cres[$i]["image"] = "<img src=\"{$STYLEURL}/images/categories/" . $cres[$i]["image"] . "\" alt=\"\" border=\"0\" />"; $cres[$i]["edit"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=category&action=edit&id=" . $cres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>"; $cres[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=category&action=delete&id=" . $cres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; } $admintpl->set("categories", $cres); $admintpl->set("category_add_new", "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=category&action=add\">" . $language["CATEGORY_ADD"] . "</a>"); unset($cres); }
function read_styles() { global $TABLE_PREFIX, $language, $CURUSER, $admintpl, $STYLEPATH; $sres = style_list(); for ($i = 0; $i < count($sres); $i++) { $res = do_sqlquery("SELECT COUNT(*) FROM {$TABLE_PREFIX}users WHERE style = " . $sres[$i]["id"], true); $sres[$i]["style_users"] = mysql_result($res, 0, 0); $sres[$i]["style"] = unesc($sres[$i]["style"]); $sres[$i]["style_url"] = unesc($sres[$i]["style_url"]); $sres[$i]["edit"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=edit&id=" . $sres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>"; $sres[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=delete&id=" . $sres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; } $admintpl->set("style_add", false, true); $admintpl->set("language", $language); $admintpl->set("styles", $sres); $admintpl->set("style_add_new", "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=style&action=add\">" . $language["STYLE_ADD"] . "</a>"); unset($sres); mysql_free_result($res); }
function comment_form() { global $comment, $id, $cid; block_begin(NEW_COMMENT); $comment = str_replace('\\r\\n', "\n", $comment); ?> <center> <form enctype='multipart/form-data' name='comment' method='post'> <input type='hidden' name='info_hash' value='<?php echo $id; ?> ' /> <table class='lista' border='0' cellpadding='10'> <tr> <tr><td align='left' class='header'><?php echo USER_NAME; ?> :</td><td class='lista' align='left'><input name='user' type='text' value='<?php echo security::html_safe($_GET["usern"]); ?> ' size='20' maxlength='100' disabled; readonly></td></tr> <tr><td align='left' class='header'><?php echo COMMENT_1; ?> :</td><td class='lista' align='left'><?php textbbcode("comment", "comment", security::html_safe(unesc($comment))); ?> </td></tr> <tr><td class='header' colspan='2' align='center'><input type='submit' name='confirm' value='<?php echo FRM_CONFIRM; ?> ' /> <input type='submit' name='confirm' value='<?php echo FRM_PREVIEW; ?> ' /></td></tr> </table> </form> </center> <?php block_end(); }
function category_read() { global $admintpl, $language, $STYLEURL, $CURUSER, $STYLEPATH; $admintpl->set("category_add", false, true); $admintpl->set("language", $language); $admintpl->set("perm", false, true); $admintpl->set("permedit", false, true); $cres = genrelist(); for ($i = 0; $i < count($cres); $i++) { $cres[$i]["name"] = unesc($cres[$i]["name"]); $cres[$i]["perm"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=category&action=perm&id=" . $cres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["PERMISSIONS"]) . "</a>"; $cres[$i]["image"] = "<img src=\"{$STYLEURL}/images/categories/" . $cres[$i]["image"] . "\" alt=\"\" border=\"0\" />"; $cres[$i]["edit"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=category&action=edit&id=" . $cres[$i]["id"] . "\">" . image_or_link("{$STYLEPATH}/images/edit.png", "", $language["EDIT"]) . "</a>"; $cres[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=category&action=delete&id=" . $cres[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; } $admintpl->set("categories", $cres); $admintpl->set("category_add_new", "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=category&action=add\">" . $language["CATEGORY_ADD"] . "</a>"); $ajax_order = "<script type=\"text/javascript\">\n\t \t\tfunction updateOrder()\n {\n var options = {\n method : 'post',\n parameters : Sortable.serialize('categories_list'),\n onComplete : function(request) { \t\n\t\t\t new Effect.Highlight(ID.id,{duration:3});\n\t\t\t \n\t\t\t }\n };\n new Ajax.Request('index.php?page=admin&user="******"user"] . "&code=" . $_GET["code"] . "&do=category&action=order', options);\n }\n \t Sortable.create('categories_list', { onUpdate : updateOrder });\n\t \n \n</script>"; $admintpl->set('ajax_order', $ajax_order); unset($cres); }
function catnumber($val = "") { global $TABLE_PREFIX; print "<div id=catnumber style=\"width:100%;overflow:auto\" align=left><table class=\"lista\" cellpadding=\"2\" cellspacing=\"1\" style=\"width:100%;\" align=left>"; $c_q = @mysql_query("SELECT * FROM {$TABLE_PREFIX}categories WHERE sub='0' ORDER BY sort_index ASC"); while ($c = mysql_fetch_array($c_q)) { $cid = $c["id"]; $name = unesc($c["name"]); // lets see if it has sub-categories. $s_q = mysql_query("SELECT * FROM {$TABLE_PREFIX}categories WHERE sub='{$cid}'"); $s_t = mysql_num_rows($s_q); $res = mysql_query("select count(*) as allincat FROM {$TABLE_PREFIX}files where category=" . $cid); if ($res) { $row = mysql_fetch_array($res); $totalall = $row["allincat"]; } else { $totalall = 0; } if ($s_t == 0) { print "<tr><td class=lista align=left><a href='index.php?page=torrents&category={$cid}'><font style=\"font-size:11px;\">" . $name . "</font></a></td><td class=lista align=right><b>" . $totalall . "</b> </td></tr>"; } else { print "<tr><td class=lista align=left colspan=2><font style=\"font-size:11px;\"><b>" . $name . " :</b></font></td></tr>"; // print("<tr><td class=lista align=left colspan=2><a href='torrents.php?category=$cid'><font style=\"font-size:11px;\">".$name." :</font></a></td></tr>"); while ($s = mysql_fetch_array($s_q)) { $sub = $s["id"]; $name = unesc($s["name"]); $name2 = unesc($c["name"]); $res = mysql_query("select count(*) as allincat2 FROM {$TABLE_PREFIX}files where category=" . $sub); if ($res) { $row = mysql_fetch_array($res); $totalall2 = $row["allincat2"]; } else { $totalall2 = 0; } print "<tr><td class=lista align=left> » <a href='index.php?page=torrents&category={$sub}'><font style=\"font-size:11px;\">" . $name . "</font></a></td><td class=lista align=right><b>" . $totalall2 . "</b> </td></tr>"; } } } print "</table></div>"; }
function get_user_combo($select, $opts = array()) { $name = isset($opts['name']) ? ' name="' . $opts['name'] . '" id="' . $opts['name'] . '"' : ''; $complete = isset($opts['complete']) ? (bool) $opts['complete'] : false; $default = isset($opts['default']) ? $opts['default'] : NULL; $id = isset($opts['id']) ? $opts['id'] : 'id'; $value = isset($opts['value']) ? $opts['value'] : 'value'; $combo = ''; if ($complete) { $combo .= '<select' . $name . '>'; } foreach ($select as $option) { $combo .= "\n" . '<option '; if (!is_null($default) && $option[$id] == $default) { $combo .= 'selected="selected" '; } $combo .= 'value="' . $option[$id] . '">' . unesc($option[$value]) . '</option>'; } if ($complete) { $combo .= '</select>'; } return $combo; }
} $rlevel = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT DISTINCT id_level, predef_level, level FROM {$TABLE_PREFIX}users_level ORDER BY id_level"); $alevel = array(); while ($reslevel = mysqli_fetch_assoc($rlevel)) { $alevel[] = $reslevel; } $parents = get_result("SELECT id, name FROM {$TABLE_PREFIX}forums WHERE id_parent=0" . (max(0, $id) > 0 ? " AND id<>{$id}" : "")); if (!isset($id)) { $id = ""; } $admintpl->set("language", $language); $admintpl->set("read", false, true); $admintpl->set("frm_action", "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=forum&action=save&id={$id}&what={$what}"); $forum = array(); $forum["name"] = $what == "new" ? "" : unesc($result["name"]); $forum["description"] = $what == "new" ? "" : unesc($result["description"]); $forum["combo_parent"] = "\n<select name=\"parent\" size=\"1\" " . ($result["i_am_parent"] ? "disabled=\"disabled\"" : "") . ">"; $forum["combo_parent"] .= "\n<option value=\"0\"" . ($result["id_parent"] == 0 ? "selected=\"selected\"" : "") . ">" . $language["NONE"] . "</option>"; foreach ($parents as $id => $parent) { $forum["combo_parent"] .= "\n<option value=\"" . $parent["id"] . "\"" . ($result["id_parent"] == $parent["id"] ? "selected=\"selected\"" : "") . ">" . $parent["name"] . "</option>"; } $forum["combo_parent"] .= "\n</select>" . ($result["i_am_parent"] ? " " . $language["FORUM_SORRY_PARENT"] : ""); $forum["combo_min_read"] = "\n<select name=\"readlevel\" size=\"1\">"; foreach ($alevel as $level) { $forum["combo_min_read"] .= "\n<option value=\"" . $level["id_level"] . ($result["minclassread"] == $level["id_level"] ? "\" selected=\"selected\">" : "\">") . $level["level"] . "</option>"; } $forum["combo_min_read"] .= "\n</select>"; $forum["combo_min_write"] = "\n<select name=\"writelevel\" size=\"1\">"; foreach ($alevel as $level) { $forum["combo_min_write"] .= "\n<option value=\"" . $level["id_level"] . ($result["minclasswrite"] == $level["id_level"] ? "\" selected=\"selected\">" : "\">") . $level["level"] . "</option>"; }
$peers[$i]["FLAG"] = "<img src=\"images/flag/" . $row["flagpic"] . "\" alt=\"" . unesc($row["name"]) . "\" />"; } elseif ($rowuser["flagpic"] != "" && !empty($rowuser["flagpic"])) { $peers[$i]["FLAG"] = "<img src=\"images/flag/" . $rowuser["flagpic"] . "\" alt=\"" . unesc($rowuser["name"]) . "\" />"; } else { $peers[$i]["FLAG"] = "<img src=\"images/flag/unknown.gif\" alt=\"" . $language["UNKNOWN"] . "\" />"; } if (!$XBTT_USE) { $peers[$i]["PORT"] = $row["port"]; } $stat = floor(($tsize - $row["bytes"]) / $tsize * 100); $progress = "<table width=\"100\" cellspacing=\"0\" cellpadding=\"0\"><tr><td class=\"progress\" align=\"left\">"; $progress .= "<img height=\"10\" width=\"" . number_format($stat, 0) . "\" src=\"{$STYLEURL}/images/progress.jpg\" alt=\"\" /></td></tr></table>"; $peers[$i]["PROGRESS"] = $stat . "%<br />" . $progress; $peers[$i]["STATUS"] = $row["status"]; if (!$XBTT_USE) { $peers[$i]["CLIENT"] = htmlspecialchars(getagent(unesc($row["client"]), unesc($row["peer_id"]))); } $dled = makesize($row["downloaded"]); $upld = makesize($row["uploaded"]); $peers[$i]["DOWNLOADED"] = $dled; $peers[$i]["UPLOADED"] = $upld; //Peer Ratio if (intval($row["downloaded"]) > 0) { $ratio = number_format($row["uploaded"] / $row["downloaded"], 2); } else { $ratio = '∞'; } $peers[$i]["RATIO"] = $ratio; //End Peer Ratio $peers[$i]["SEEN"] = get_elapsed_time($row["lastupdate"]) . " ago"; $i++;
function standardheader($title, $normalpage = true, $idlang = 0) { global $SITENAME, $STYLEPATH, $USERLANG, $time_start, $gzip, $GZIP_ENABLED, $err_msg_install, $db; $time_start = get_microtime(); // default settings for blocks/menu if (!isset($GLOBALS["charset"])) { $GLOBALS["charset"] = "iso-8859-1"; } // controll if client can handle gzip if ($GZIP_ENABLED && user::$current['uid'] > 1) { if (stristr($_SERVER["HTTP_ACCEPT_ENCODING"], "gzip") && extension_loaded('zlib') && ini_get("zlib.output_compression") == 0) { if (ini_get('output_handler') != 'ob_gzhandler') { ob_start("ob_gzhandler"); $gzip = 'enabled'; } else { ob_start(); $gzip = 'enabled'; } } else { ob_start(); $gzip = 'disabled'; } } else { $gzip = 'disabled'; } header("Content-Type: text/html; charset=" . $GLOBALS["charset"]); if ($title == "") { $title = unesc($SITENAME); } else { $title = unesc($SITENAME) . " - " . security::html_safe($title); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html><head> <title> <?php echo $title; ?> </title> <?php // get user's style $resheet = $db->query("SELECT * FROM style WHERE id = " . user::$current["style"]); if (!$resheet) { $STYLEPATH = "./style/base"; $style = "./style/base/torrent.css"; } else { $resstyle = $resheet->fetch_array(MYSQLI_BOTH); $STYLEPATH = $resstyle["style_url"]; $style = $resstyle["style_url"] . "/torrent.css"; } print "<link rel='stylesheet' href='" . $style . "' type='text/css' />"; print "<link rel='stylesheet' href='style/base/ui.css' type='text/css' />"; ?> </head> <body> <?php // getting user language if ($idlang == 0) { $reslang = $db->query("SELECT * FROM language WHERE id = " . user::$current["language"]); } else { $reslang = $db->query("SELECT * FROM language WHERE id={$idlang}"); } if (!$reslang) { $USERLANG = "language/english.php"; } else { $rlang = $reslang->fetch_array(MYSQLI_BOTH); $USERLANG = "" . $rlang["language_url"]; } clearstatcache(); if (!file_exists($USERLANG)) { err_msg("Error!", "Missing Language!"); print_version(); print "</body>\n</html>\n"; die; } require_once $USERLANG; if (!file_exists($style)) { err_msg("Error!", "Missing Style!"); print_version(); print "</body>\n</html>\n"; die; } if ($normalpage) { require_once $STYLEPATH . "/header.php"; } echo $err_msg_install; }
} // select lastest 30 records for infohash $res = $db->query("SELECT history.*, username, countries.name AS country, countries.flagpic, level, prefixcolor, suffixcolor FROM history INNER JOIN users ON history.uid = users.id INNER JOIN countries ON users.flag = countries.id INNER JOIN users_level ON users.id_level = users_level.id WHERE history.infohash = '" . $id . "' AND history.date IS NOT NULL ORDER BY date DESC LIMIT 0, 30"); block_begin("Torrent History (Last 30 Snatchers)"); $spacer = " "; print "<table class='lista' border='0' width='100%'>\n"; print "<tr><td align='center' class='header' colspan='2'>" . USER_NAME . "</td>"; print "<td align='center' class='header'>" . PEER_COUNTRY . "</td>"; print "<td align='center' class='header'>Active</td>"; print "<td align='center' class='header'>" . PEER_CLIENT . "</td>\n"; print "<td align='center' class='header'>" . DOWNLOADED . "</td>\n"; print "<td align='center' class='header'>" . UPLOADED . "</td>\n"; print "<td align='center' class='header'>" . RATIO . "</td>\n"; print "<td align='center' class='header'>" . FINISHED . "</td></tr>\n"; while ($row = $res->fetch_array(MYSQLI_BOTH)) { print "<tr><td align='center' class='lista'>" . "<a href='userdetails.php?id=" . (int) $row["uid"] . "'>" . security::html_safe(unesc($row["username"])) . "</a></td>" . "<td align='center' class='lista'><a href='usercp.php?do=pm&action=edit&uid=" . user::$current['uid'] . "&what=new&to=" . urlencode(unesc($row["username"])) . "'>" . image_or_link($STYLEPATH . "/pm.png", "", "PM") . "</a></td>"; if ($row["flagpic"] != "") { print "<td align='center' class='lista'><img src='images/flag/" . $row["flagpic"] . "' alt='" . security::html_safe($row["country"]) . "' /></td>"; } else { print "<td align='center' class='lista'><img src='images/flag/unknown.gif' alt='" . UNKNOWN . "' /></td>"; } print "<td align='center' class='lista'>" . $row["active"] . "</td>"; print "<td align='center' class='lista'>" . security::html_safe($row["agent"]) . "</td>"; $dled = misc::makesize((int) $row["downloaded"]); $upld = misc::makesize((int) $row["uploaded"]); print "<td align='center' class='lista'>" . $dled . "</td>"; print "<td align='center' class='lista'>" . $upld . "</td>"; if (intval($row["downloaded"]) > 0) { $ratio = number_format((int) $row["uploaded"] / (int) $row["downloaded"], 2); } else { $ratio = "∞";
if (isset($_GET['download']) && (int) $_GET['download'] == 1) { $nfoinfo = $torrent_nfo; //blob //build header header("Cache-Control: public, must-revalidate"); header("Content-Type: application/octet-stream"); //header("Content-Length: " .(string)(filesize($myFile)) ); header('Content-Disposition: attachment; filename="' . $id . '.nfo"'); echo $nfoinfo; header("Content-Transfer-Encoding: binary\n"); return; } // view might be one of: "magic", "latin-1", "strict" or "fonthack" $view = ""; if (isset($_GET["view"])) { $view = unesc($_GET["view"]); } else { $view = "magic"; // default behavior } $nfo = ""; if ($view == "latin-1" || $view == "fonthack") { // Do not convert from ibm-437, read bytes as is. // NOTICE: TBSource specifies Latin-1 encoding in include/bittorrent.php: // stdhead() $nfo = htmlspecialchars($torrent_nfo, ENT_COMPAT, "ISO-8859-1"); } else { // Convert from ibm-437 to html unicode entities. // take special care of Swedish letters if in magic view. $nfo = code($torrent_nfo, $view == "magic"); }
function mkglobal($vars) { if (!is_array($vars)) { $vars = explode(":", $vars); } foreach ($vars as $v) { if (isset($_GET[$v])) { $GLOBALS[$v] = unesc($_GET[$v]); } elseif (isset($_POST[$v])) { $GLOBALS[$v] = unesc($_POST[$v]); } else { return 0; } } return 1; }
$postsList .= '<tr><td class="lista"><b><a title="' . $language['FIRST_UNREAD'] . ': ' . $post['title'] . '" href="' . $btit_settings['url'] . '/index.php?page=forum&action=viewtopic&topicid=' . $post['tid'] . '.msg' . $post['pid'] . '#msg' . $post['pid'] . '">' . $post['title'] . '</a></b><br />' . $language['LAST_POST_BY'] . ' <a href="' . $btit_settings['url'] . '/index.php?page=forum&action=profile;u=' . $post['userid'] . '">' . $post['username'] . '</a><br />On ' . date('d/m/Y H:i:s', $post['added']) . '</td></tr>'; } } else { # get posts based if can read $lastPosts = get_result('SELECT p.topicid, p.id as pid, t.subject, p.added, p.body, p.userid FROM ' . $topicsTable . ' as t LEFT JOIN ' . $postsTable . ' as p ON p.topicid=t.id LEFT JOIN ' . $TABLE_PREFIX . 'forums as f ON f.id=t.id WHERE f.minclassread<=' . $CURUSER['id_level'] . ($realLastPosts ? '' : ' AND p.id=t.lastpost') . ' ORDER BY p.added DESC ' . $limit); # format posts foreach ($lastPosts as $post) { # get username $user = get_result('SELECT ul.prefixcolor, u.username, ul.suffixcolor FROM ' . $TABLE_PREFIX . 'users_level as ul LEFT JOIN ' . $TABLE_PREFIX . 'users as u ON u.id_level=ul.id WHERE u.id=' . $post['userid'] . ' LIMIT 1;', true, $CACHE_DURATION); if (isset($user[0])) { $user = $user[0]; $post['username'] = $user['prefixcolor'] . $user['username'] . $user['suffixcolor']; } else { $post['username'] = '******'; } $postsList .= '<tr><td class="lista"><b><a href="' . $btit_settings['url'] . '/index.php?page=forum&action=viewtopic&topicid=' . $post['tid'] . '&msg=' . $post['pid'] . '#' . $post['pid'] . '">' . htmlspecialchars(unesc($post['subject'])) . '</a></b><br />' . $language['LAST_POST_BY'] . ' <a href="' . $btit_settings['url'] . '/index.php?page=userdetails&id=' . $post['userid'] . '">' . $post['username'] . '</a><br />On ' . get_date_time($post['added']) . '</td></tr>'; } } } else { $postsList = '<tr><td class="lista">' . $language['NO_TOPIC'] . '</td></tr>'; } ?> <table cellpadding="4" cellspacing="1" width="100%"> <tr> <td class="lista"> <table width="100%" cellspacing="2" cellpadding="2"> <tr> <td><?php echo $language['TOPICS']; ?> :</td>
$votes = $pollObj->getVotesAsArray(); $title = "" . $pollObj->pollerTitle . ""; if ($pollObj->active == "yes") { $check1 = "checked=\"checked\""; } else { $check1 = ""; } if ($pollObj->active == "no") { $check2 = "checked=\"checked\""; } else { $check2 = ""; } } else { $pollerOptions = array(); $votes = array(); $title = unesc($language["POLL_START_NEW"]); $check1 = "checked=\"checked\""; $check2 = ""; } $block_title = $language["POLLING_SYSTEM"] . " - {$title}"; $admintpl->set("poll_id", $pollObj->ID); $admintpl->set("poll_user_id", $CURUSER["uid"]); $admintpl->set("poll_title", $pollObj->pollerTitle); $admintpl->set("checked_active_yes", $check1); $admintpl->set("checked_active_no", $check2); if (!isset($_POST['new'])) { $i = 0; } foreach ($pollerOptions as $key => $value) { $polls[$i]["key"] = $key; $polls[$i]["option_0"] = $pollerOptions[$key][0];
$arr2 = mysqli_fetch_assoc($res2); if ($FORUMLINK == "smf") { $res3 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT username FROM {$TABLE_PREFIX}users WHERE smf_fid=" . $arr["sender"]) or sqlerr(); } else { $res3 = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT username FROM {$TABLE_PREFIX}users WHERE id=" . $arr["sender"]) or sqlerr(); } $arr3 = mysqli_fetch_assoc($res3); $spy[$i]["id"] = $arr["id"]; if ($arr['sender'] == "0") { $spy[$i]["sender"] = "<a href=index.php?page=userdetails&id=0><b>System</b></a>"; } elseif ($FORUMLINK == "smf") { $spy[$i]["sender"] = "<a href=index.php?page=forum&action=profile;u=" . $arr["sender"] . "><b>" . $arr3["username"] . "</b></a>"; } else { $spy[$i]["sender"] = "<a href=index.php?page=userdetails&id=" . $arr["sender"] . "><b>" . $arr3["username"] . "</b></a>"; } if ($FORUMLINK == "smf") { $spy[$i]["receiver"] = "<a href=index.php?page=forum&action=profile;u=" . $arr["receiver"] . "><b>" . $arr2["username"] . "</b></a>"; } else { $spy[$i]["receiver"] = "<a href=index.php?page=userdetails&id=" . $arr["receiver"] . "><b>" . $arr2["username"] . "</b></a>"; } $spy[$i]["msg"] = format_comment(unesc($arr["msg"])); $spy[$i]["added"] = date("d/m/Y H:i:s", $arr["added"] - $offset); $spy[$i]["readed"] = $arr["readed"]; $spy[$i]["delete"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=ispy&action=delete&id=" . $spy[$i]["id"] . "\" onclick=\"return confirm('" . AddSlashes($language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; $i++; } } $admintpl->set("spy", $spy); unset($arr); mysqli_free_result($res) || is_object($res) && get_class($res) == "mysqli_result" ? true : false; unset($spy);
if ($_GET['do'] == 'list') { $is_mod = $CURUSER["edit_users"] == "yes"; $Query = do_sqlquery('SELECT t.*, u.username, g.prefixcolor, g.suffixcolor FROM ' . $TABLE_PREFIX . 'shoutcastdj t LEFT JOIN ' . $TABLE_PREFIX . 'users u ON t.uid=u.id LEFT JOIN ' . $TABLE_PREFIX . 'users_level g ON u.id_level=g.id ORDER by t.active ASC', true); if (mysqli_num_rows($Query)) { $activedjlist = ' <table width="100%" align="center" border="0" cellpadding="3" cellspacing="0"> <tr> <td colspan="5" class="header"><center>' . $language['djlist'] . '</center></td> </tr> <tr> <td class="header"><center>' . $language['djname'] . '</center></td> <td class="header"><center>' . $language['adays'] . '</center></td> <td class="header"><center>' . $language['atime'] . '</center></td> <td class="header"><center>' . $language['genre'] . '</center></td> <td class="header"><center>' . $language['status'] . '</center></td> </tr>'; while ($List = mysqli_fetch_assoc($Query)) { $activedjlist .= ' <tr' . ((isset($_GET['id']) and $_GET['id'] == $List['id']) ? ' class="highlight"' : '') . '> <td class=lista><center><a href="index.php?page=userdetails&id=' . unesc($List['uid'], $List['username']) . '">' . unesc($List['prefixcolor']) . $List['username'] . unesc($List['suffixcolor']) . '</a></center></td> <td class=lista><center>' . htmlspecialchars($List['activedays']) . '</center></td> <td class=lista><center>' . htmlspecialchars($List['activetime']) . '</center></td> <td class=lista><center>' . htmlspecialchars($List['genre']) . '</center></td> <td class=lista>' . ($is_mod ? '<span style="float: right;"><a href="index.php?page=dj&do=approve&id=' . $List['id'] . '">[' . $language['approve'] . ']</a> <a href="index.php?page=dj&do=deny&id=' . $List['id'] . '">[' . $language['deny'] . ']</a> <a href="index.php?page=dj&do=kick&id=' . $List['id'] . '">[' . $language['kick'] . ']</a> <a href="index.php?page=dj&do=edit&id=' . $List['id'] . '">[' . $language['edit'] . ']</a></span>' : '') . '<center><font color="' . ($List['active'] == '0' ? 'red">' . $language['pending'] : ($List['active'] == '1' ? 'green">' . $language['approved'] : ($List['active'] == '2' ? 'blue">' . $language['denied'] : 'darkred">' . $language['kicked']))) . '</font></center></td> </tr>'; } } else { stderr($language['ERROR'], $language['down2']); } $djtpl->set("list", $activedjlist . '</table>'); }
$inner = $fs11 . '0,*,202' . $fs12 . $content . $list1 . $listsrc . $list2 . $fs13; } else { $inner = $fs11 . '0,*,1' . $fs12 . $content . $list1 . $list2 . $fs13; } $fs21 = '<frameset rows="'; $fs22 = '" id="outerHalf" name="outerHalf" cols="*" frameborder="no" border="0" framespacing="0">'; $player = '<frame src="player.html?310311" name="player" id="player" scrolling="no" noresize="noresize" title="" /> '; $fs23 = '</frameset>'; if ($playerTop == true) { $outer = $fs21 . '25,*' . $fs22 . $player . $inner . $fs23; } else { $outer = $fs21 . '*,25' . $fs22 . $inner . $player . $fs23; } return $outer; } $data = unesc($_POST['scmData']); $playerTop = $_GET['place'] != 'bottom'; $showPlaylist = $_GET['showplaylist'] == 'true'; $url = fixURL($_GET['url']); if ($data == "") { header('Location: http://scmplayer.net'); } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>SCM Music Player</title> </head> <?php
bark("NFO3 upload failed"); } if ($nfofile4['name'] != '') { $nfofilename[] = $nfofile4['tmp_name']; } if (@(!is_uploaded_file($nfofilename[3]))) { bark("NFO4 upload failed"); } if ($nfofile5['name'] != '') { $nfofilename[] = $nfofile5['tmp_name']; } if (@(!is_uploaded_file($nfofilename[4]))) { bark("NFO5 upload failed"); } } $descr = unesc($_POST["description"]); if (!$descr) { bark("Please select either 'Take description from its respective NFO' OR enter a custom description to go with all torrents'"); } $cat = array(); $catid = 0 + $_POST["alltype"]; if (!is_valid_id($catid)) { bark("You must select a category to put ALL the torrent in!"); } // use the posted type category first -- if not set then just apply from settings if (isset($_POST["type1"])) { $cat[0] = 0 + $_POST["type1"]; if (!is_valid_id($cat[0])) { $cat[0] = 0 + $_POST["alltype"]; } }
function tabella($action, $dati = array()) { global $idflag, $link, $idlangue, $idstyle, $CURUSER, $USE_IMAGECODE, $TABLE_PREFIX, $language, $tpl_account, $THIS_BASEPATH; if ($action == "signup") { $dati["username"] = ""; $dati["email"] = ""; $dati["language"] = $idlangue; } // avoid error with js $language["DIF_PASSWORDS"] = AddSlashes($language["DIF_PASSWORDS"]); $language["INSERT_PASSWORD"] = AddSlashes($language["INSERT_PASSWORD"]); $language["USER_PWD_AGAIN"] = AddSlashes($language["USER_PWD_AGAIN"]); $language["INSERT_USERNAME"] = AddSlashes($language["INSERT_USERNAME"]); $language["ERR_NO_EMAIL"] = AddSlashes($language["ERR_NO_EMAIL"]); $language["ERR_NO_EMAIL_AGAIN"] = AddSlashes($language["ERR_NO_EMAIL_AGAIN"]); $language["DIF_EMAIL"] = AddSlashes($language["DIF_EMAIL"]); $tpl_account->set("language", $language); $tpl_account->set("account_action", $action); $tpl_account->set("account_form_actionlink", htmlspecialchars("index.php?page=signup&act={$action}&returnto={$link}")); $tpl_account->set("account_uid", $dati["id"]); $tpl_account->set("account_returnto", urlencode($link)); $tpl_account->set("account_IDlanguage", $idlang); $tpl_account->set("account_IDstyle", $idstyle); $tpl_account->set("account_IDcountry", $idflag); $tpl_account->set("account_username", $dati["username"]); $tpl_account->set("dati", $dati); $tpl_account->set("DEL", $action == "delete", true); $tpl_account->set("DISPLAY_FULL", $action == "signup", true); if ($action == "del") { $tpl_account->set("account_from_delete_confirm", "<input type=\"submit\" name=\"elimina\" value=\"" . $language["FRM_DELETE"] . "\" /> <input type=\"submit\" name=\"elimina\" value=\"" . $language["FRM_CANCEL"] . "\" />"); } else { $tpl_account->set("account_from_delete_confirm", "<input type=\"submit\" name=\"conferma\" value=\"" . $language["FRM_CONFIRM"] . "\" /> <input type=\"reset\" name=\"annulla\" value=\"" . $language["FRM_CANCEL"] . "\" />"); } $lres = language_list(); $option = "\n<select name=\"language\" size=\"1\">"; foreach ($lres as $langue) { $option .= "\n<option "; if ($langue["id"] == $dati["language"]) { $option .= "\"selected\" "; } $option .= "value=\"" . $langue["id"] . "\">" . $langue["language"] . "</option>"; } $option .= "\n</select>"; $tpl_account->set("account_combo_language", $option); $sres = style_list(); $option = "\n<select name=\"style\" size=\"1\">"; foreach ($sres as $style) { $option .= "\n<option "; if ($style["id"] == $dati["style"]) { $option .= "\"selected\" "; } $option .= "value=\"" . $style["id"] . "\">" . $style["style"] . "</option>"; } $option .= "\n</select>"; $tpl_account->set("account_combo_style", $option); $fres = flag_list(); $option = "\n<select name=\"flag\" size=\"1\">\n<option value='0'>---</option>"; $thisip = $_SERVER["REMOTE_ADDR"]; $remotedns = gethostbyaddr($thisip); if ($remotedns != $thisip) { $remotedns = strtoupper($remotedns); preg_match('/^(.+)\\.([A-Z]{2,3})$/', $remotedns, $tldm); if (isset($tldm[2])) { $remotedns = mysql_escape_string($tldm[2]); } } foreach ($fres as $flag) { $option .= "\n<option "; if ($flag["id"] == $dati["flag"] || $flag["domain"] == $remotedns && $action == "signup") { $option .= "\"selected\" "; } $option .= "value=\"" . $flag["id"] . "\">" . $flag["name"] . "</option>"; } $option .= "\n</select>"; $tpl_account->set("account_combo_country", $option); $zone = date('Z', time()); $daylight = date('I', time()) * 3600; $os = $zone - $daylight; if ($os != 0) { $timeoff = $os / 3600; } else { $timeoff = 0; } if (!$CURUSER || $CURUSER["uid"] == 1) { $dati["time_offset"] = $timeoff; } $tres = timezone_list(); $option = "<select name=\"timezone\">"; foreach ($tres as $timezone) { $option .= "\n<option "; if ($timezone["difference"] == $dati["time_offset"]) { $option .= "selected=\"selected\" "; } $option .= "value=\"" . $timezone["difference"] . "\">" . unesc($timezone["timezone"]) . "</option>"; } $option .= "\n</select>"; $tpl_account->set("account_combo_timezone", $option); // ----------------------------- // Captcha hack // ----------------------------- // if set to use secure code: try to display imagecode if ($USE_IMAGECODE && $action != "mod") { if (extension_loaded('gd')) { $arr = gd_info(); if ($arr['FreeType Support'] == 1) { $p = new ocr_captcha(); $tpl_account->set("CAPTCHA", true, true); $tpl_account->set("account_captcha", $p->display_captcha(true)); $private = $p->generate_private(); } else { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = rand(0, count($security_code) - 1); $scode = "<input type=\"hidden\" name=\"security_index\" value=\"{$scode_index}\" />\n"; $scode .= $security_code[$scode_index]["question"]; $tpl_account->set("scode_question", $scode); $tpl_account->set("CAPTCHA", false, true); } } else { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = rand(0, count($security_code) - 1); $scode = "<input type=\"hidden\" name=\"security_index\" value=\"{$scode_index}\" />\n"; $scode .= $security_code[$scode_index]["question"]; $tpl_account->set("scode_question", $scode); $tpl_account->set("CAPTCHA", false, true); } } elseif ($action != "mod") { include "{$THIS_BASEPATH}/include/security_code.php"; $scode_index = rand(0, count($security_code) - 1); $scode = "<input type=\"hidden\" name=\"security_index\" value=\"{$scode_index}\" />\n"; $scode .= $security_code[$scode_index]["question"]; $tpl_account->set("scode_question", $scode); // we will request simple operation to user $tpl_account->set("CAPTCHA", false, true); } // ----------------------------- // Captcha hack // ----------------------------- }
<?php require "include/bittorrent.php"; dbconn(); require_once get_langfile_path(); loggedinorreturn(); parked(); $id = 0 + $_GET["id"]; $type = unesc($_GET["type"]); $_SESSION['inviterand'] = mt_rand(100000, 999999); registration_check('invitesystem', true, false); if ($CURUSER[id] != $id && get_user_class() < $viewinvite_class || !is_valid_id($id)) { stderr($lang_invite['std_sorry'], $lang_invite['std_permission_denied']); } if (get_user_class() < $sendinvite_class) { stderr($lang_invite['std_sorry'], $lang_invite['std_only'] . get_user_class_name($sendinvite_class, false, true, true) . $lang_invite['std_or_above_can_invite'], false); } $res = sql_query("SELECT username FROM users WHERE id = " . mysql_real_escape_string($id)) or sqlerr(); $user = mysql_fetch_assoc($res); stdhead($lang_invite['head_invites']); print "<table width=700 class=main border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>"; print "<h1 align=center><a href=\"invite.php?id=" . $id . "\">" . $user['username'] . $lang_invite['text_invite_system'] . "</a></h1>"; print "<h2 align=center><form method=post action=invite.php?id=" . htmlspecialchars($id) . "&type=new><input type=submit " . ($CURUSER[invites] <= 0 ? "disabled " : "") . " value='" . $lang_invite['sumbit_invite_someone'] . "'></form>" . "</h2>"; $sent = htmlspecialchars($_GET['sent']); if ($sent == 1) { $msg = $lang_invite['text_invite_code_sent']; print "<p align=center><font color=red>" . $msg . "</font></p>"; } $res = sql_query("SELECT invites FROM users WHERE id = " . mysql_real_escape_string($id)) or sqlerr(); $inv = mysql_fetch_assoc($res); //for one or more. "invite"/"invites"