<?
/*
* This is the AJAX page that gets called from the javascript
* function NewReport(), any changes here should probably be
* replicated on static.php.
*/
if(!check_perms('admin_reports')){
error(403);
}
include(SERVER_ROOT.'/classes/class_text.php');
$Text = NEW TEXT;
$DB->query("SELECT
r.ID,
r.ReporterID,
reporter.Username,
r.TorrentID,
r.Type,
r.UserComment,
r.ResolverID,
resolver.Username,
r.Status,
r.ReportedTime,
r.LastChangeTime,
r.ModComment,
r.Track,
r.Image,
r.ExtraID,
r.Link,
<?
include(SERVER_ROOT.'/classes/class_text.php'); // Text formatting class
$Text = new TEXT;
// Quick SQL injection check
if(!$_POST['post'] || !is_number($_POST['post'])) {
error(404);
}
// End injection check
// Variables for database input
$UserID = $LoggedUser['ID'];
$Body = db_string(urldecode($_POST['body']));
$PostID = $_POST['post'];
// Mainly
$DB->query("SELECT cc.Body, cc.UserID, cc.CollageID, (SELECT COUNT(ID) FROM collages_comments WHERE ID <= ".$PostID." AND collages_comments.CollageID = cc.CollageID) FROM collages_comments AS cc WHERE cc.ID='$PostID'");
list($OldBody, $AuthorID, $CollageID, $PostNum) = $DB->next_record();
// Make sure they aren't trying to edit posts they shouldn't
// We use die() here instead of error() because whatever we spit out is displayed to the user in the box where his forum post is
if($UserID!=$AuthorID && !check_perms('site_moderate_forums')) {
die('Permission denied');
}
if($DB->record_count()==0) {
die('Post not found!');
}
// Perform the update
$DB->query("UPDATE collages_comments SET
Body = '$Body'
<?php
authorize(true);
//For sorting tags
function compare($X, $Y)
{
return $Y['count'] - $X['count'];
}
include SERVER_ROOT . '/sections/bookmarks/functions.php';
// has_bookmarked()
include SERVER_ROOT . '/sections/requests/functions.php';
include SERVER_ROOT . '/classes/class_text.php';
// Text formatting class
$Text = new TEXT();
// Similar artist map
include SERVER_ROOT . '/classes/class_artist.php';
include SERVER_ROOT . '/classes/class_artists_similar.php';
$ArtistID = $_GET['id'];
if (!is_number($ArtistID)) {
print json_encode(array('status' => 'failure'));
}
if (empty($ArtistID)) {
if (!empty($_GET['artistname'])) {
$Name = db_string(trim($_GET['artistname']));
$DB->query("SELECT ArtistID FROM artists_alias WHERE Name LIKE '{$Name}'");
if (!(list($ArtistID) = $DB->next_record(MYSQLI_NUM, false))) {
//if (list($ID) = $DB->next_record(MYSQLI_NUM, false)) {
print json_encode(array('status' => 'failure'));
die;
}
// If we get here, we got the ID!
<?php
authorize();
//TODO: Normalize thread_*_info don't need to waste all that ram on things that are already in other caches
/**********|| Page to show individual threads || ********************************\
Things to expect in $_GET:
ThreadID: ID of the forum curently being browsed
page: The page the user's on.
page = 1 is the same as no page
********************************************************************************/
//---------- Things to sort out before it can start printing/generating content
include SERVER_ROOT . '/classes/class_text.php';
$Text = new TEXT();
// Check for lame SQL injection attempts
if (!isset($_GET['threadid']) || !is_number($_GET['threadid'])) {
if (isset($_GET['topicid']) && is_number($_GET['topicid'])) {
$ThreadID = $_GET['topicid'];
} elseif (isset($_GET['postid']) && is_number($_GET['postid'])) {
$DB->query("SELECT TopicID FROM forums_posts WHERE ID = {$_GET['postid']}");
list($ThreadID) = $DB->next_record();
if ($ThreadID) {
header("Location: ajax.php?action=forum&type=viewthread&threadid={$ThreadID}&postid={$_GET['postid']}");
die;
} else {
print json_encode(array('status' => 'failure'));
}
} else {
print json_encode(array('status' => 'failure'));
}
<?php
include SERVER_ROOT . '/classes/class_text.php';
$Text = new TEXT();
$ConvID = $_GET['id'];
if (!$ConvID || !is_number($ConvID)) {
print json_encode(array('status' => 'failure'));
die;
}
$UserID = $LoggedUser['ID'];
$DB->query("SELECT InInbox, InSentbox FROM pm_conversations_users WHERE UserID='{$UserID}' AND ConvID='{$ConvID}'");
if ($DB->record_count() == 0) {
print json_encode(array('status' => 'failure'));
die;
}
list($InInbox, $InSentbox) = $DB->next_record();
if (!$InInbox && !$InSentbox) {
print json_encode(array('status' => 'failure'));
die;
}
// Get information on the conversation
$DB->query("SELECT\n\tc.Subject,\n\tcu.Sticky,\n\tcu.UnRead,\n\tcu.ForwardedTo,\n\tum.Username\n\tFROM pm_conversations AS c\n\tJOIN pm_conversations_users AS cu ON c.ID=cu.ConvID\n\tLEFT JOIN users_main AS um ON um.ID=cu.ForwardedTo\n\tWHERE c.ID='{$ConvID}' AND UserID='{$UserID}'");
list($Subject, $Sticky, $UnRead, $ForwardedID, $ForwardedName) = $DB->next_record();
$DB->query("SELECT UserID, Username, PermissionID, Enabled, Donor, Warned\n\tFROM pm_messages AS pm\n\tJOIN users_info AS ui ON ui.UserID=pm.SenderID\n\tJOIN users_main AS um ON um.ID=pm.SenderID\n\tWHERE pm.ConvID='{$ConvID}'");
while (list($PMUserID, $Username, $PermissionID, $Enabled, $Donor, $Warned) = $DB->next_record()) {
$PMUserID = (int) $PMUserID;
$Users[$PMUserID]['UserStr'] = format_username($PMUserID, $Username, $Donor, $Warned, $Enabled == 2 ? false : true, $PermissionID);
$Users[$PMUserID]['Username'] = $Username;
}
$Users[0]['UserStr'] = 'System';
// in case it's a message from the system
<?php
include SERVER_ROOT . '/classes/class_text.php';
// Text formatting class
$Text = new TEXT();
include SERVER_ROOT . '/sections/requests/functions.php';
if (empty($_GET['id']) || !is_numeric($_GET['id'])) {
error(0);
}
$UserID = $_GET['id'];
if ($UserID == $LoggedUser['ID']) {
$OwnProfile = true;
} else {
$OwnProfile = false;
}
if (check_perms('users_mod')) {
// Person viewing is a staff member
$DB->query("SELECT\n\t\tm.Username,\n\t\tm.Email,\n\t\tm.LastAccess,\n\t\tm.IP,\n\t\tp.Level AS Class,\n\t\tm.Enabled,\n\t\tm.Invites,\n\t\ti.JoinDate,\n\t\ti.Info,\n\t\ti.Avatar,\n\t\ti.Country,\n\t\ti.AdminComment,\n\t\ti.Donor,\n\t\ti.Artist,\n\t\ti.Warned,\n\t\ti.SupportFor,\n\t\ti.RestrictedForums,\n\t\ti.PermittedForums,\n\t\ti.Inviter,\n\t\tinviter.Username,\n\t\ti.DisableAvatar,\n\t\ti.DisableInvites,\n\t\ti.DisablePosting,\n\t\ti.DisableForums,\n\t\ti.DisableTagging,\n\t\ti.DisableUpload,\n\t\ti.DisableWiki,\n\t\ti.DisablePM,\n\t\ti.DisableIRC,\n\t\ti.DisableRequests,\n\t\ti.HideCountryChanges,\n\t\ti.OnIRC,\n\t\ti.Country,\n\t\ti.Timezone\n\t\tFROM users_main AS m\n\t\tJOIN users_info AS i ON i.UserID = m.ID\n\t\tLEFT JOIN users_main AS inviter ON i.Inviter = inviter.ID\n\t\tLEFT JOIN permissions AS p ON p.ID=m.PermissionID\n\t\tWHERE m.ID = '" . $UserID . "'");
if ($DB->record_count() == 0) {
// If user doesn't exist
header("Location: log.php?search=User+" . $UserID);
}
list($Username, $Email, $LastAccess, $IP, $Class, $Enabled, $Invites, $JoinDate, $Info, $Avatar, $Country, $AdminComment, $Donor, $Artist, $Warned, $SupportFor, $RestrictedForums, $PermittedForums, $InviterID, $InviterName, $DisableAvatar, $DisableInvites, $DisablePosting, $DisableForums, $DisableTagging, $DisableUpload, $DisableWiki, $DisablePM, $DisableIRC, $DisableRequests, $DisableCountry, $OnIRC, $Country, $Timezone) = $DB->next_record(MYSQLI_NUM, array(8, 11));
} else {
// Person viewing is a normal user
$DB->query("SELECT\n\t\tm.Username,\n\t\tm.Email,\n\t\tm.LastAccess,\n\t\tm.IP,\n\t\tp.Level AS Class,\n\t\tm.Enabled,\n\t\tm.Invites,\n\t\ti.JoinDate,\n\t\ti.Info,\n\t\ti.Avatar,\n\t\ti.Country,\n\t\ti.Donor,\n\t\ti.Warned,\n\t\ti.Inviter,\n\t\ti.DisableInvites,\n\t\tinviter.username,\n\t\ti.OnIRC,\n\t\ti.Country,\n\t\ti.Timezone\n\t\tFROM users_main AS m\n\t\tJOIN users_info AS i ON i.UserID = m.ID\n\t\tLEFT JOIN permissions AS p ON p.ID=m.PermissionID\n\t\tLEFT JOIN users_main AS inviter ON i.Inviter = inviter.ID\n\t\tWHERE m.ID = {$UserID}");
if ($DB->record_count() == 0) {
// If user doesn't exist
header("Location: log.php?search=User+" . $UserID);
}
list($Username, $Email, $LastAccess, $IP, $Class, $Enabled, $Invites, $JoinDate, $Info, $Avatar, $Country, $Donor, $Warned, $InviterID, $DisableInvites, $InviterName, $OnIRC, $Country, $Timezone) = $DB->next_record(MYSQLI_NUM, array(9, 11));
<?
/************************************************************************
************************************************************************/
if(!check_perms('admin_reports')) {
error(404);
}
// Number of reports per page
define('REPORTS_PER_PAGE', '10');
include(SERVER_ROOT.'/classes/class_text.php');
$Text = NEW TEXT;
list($Page,$Limit) = page_limit(REPORTS_PER_PAGE);
include(SERVER_ROOT.'/sections/reports/array.php');
// Header
show_header('Reports');
$Reports = $DB->query("SELECT SQL_CALC_FOUND_ROWS r.ID, r.UserID, um.Username, r.ThingID, r.Type, r.ReportedTime, r.Reason FROM reports AS r JOIN users_main AS um ON r.UserID=um.ID WHERE Status='New' ORDER BY ReportedTime DESC LIMIT ".$Limit);
// Number of results (for pagination)
$DB->query('SELECT FOUND_ROWS()');
list($Results) = $DB->next_record();
// Done with the number of results. Move $DB back to the result set for the reports
$DB->set_query_id($Reports);
// Start printing stuff
?>
Body,
Time
FROM news
ORDER BY Time DESC
LIMIT 5");
$News = $DB->to_array();
$Cache->cache_value('news',$News,1209600);
}
foreach ($News as $NewsItem) {
list($NewsID,$Title,$Body,$NewsTime) = $NewsItem;
echo $Feed->item($Title, $Text->strip_bbcode($Body), 'index.php#'.$NewsID, SITE_NAME.' Staff','','',$NewsTime);
}
break;
case 'feed_blog':
include(SERVER_ROOT.'/classes/class_text.php');
$Text = new TEXT;
$Feed->channel('Blog', 'RSS feed for site blog.');
if (!$Blog = $Cache->get_value('blog')) {
require(SERVER_ROOT.'/classes/class_mysql.php'); //Require the database wrapper
$DB=NEW DB_MYSQL; //Load the database wrapper
$DB->query("SELECT
b.ID,
um.Username,
b.Title,
b.Body,
b.Time,
b.ThreadID
FROM blog AS b LEFT JOIN users_main AS um ON b.UserID=um.ID
ORDER BY Time DESC
LIMIT 20");
$Blog = $DB->to_array();
if ($Refunded) {
die("done");
}
// They've already been refunded. Do nothing.
$DB->query("UPDATE users_bp SET Points=Points+{$RefundAmount} WHERE UserID=" . $UserID);
$DB->query("UPDATE bp_pendingct SET Refunded='1' WHERE ID=" . db_string($_GET['eid']));
bp_getpoints($UserID, 1);
}
echo "ok";
die;
}
show_header();
$DB->query("SELECT \n\t\t\tpt.ID,\n\t\t\tpt.UserID,\n\t\t\tpt.Title,\n\t\t\tpt.Approved,\n\t\t\tpt.StaffID,\n\t\t\tpt.Time,\n\t\t\tpt.TimeChange,\n\t\t\tum1.Username as Username,\n\t\t\tum2.Username as StaffUsername,\n\t\t\tum1.Title AS CurrentTitle,\n\t\t\tum1.PermissionID,\n\t\t\tum1.Enabled,\n\t\t\tui1.Donor,\n\t\t\tui1.Warned\n\t\t\tFROM bp_pendingct AS pt\n\t\t\tLEFT JOIN users_main AS um1 ON um1.ID=pt.UserID\n\t\t\tLEFT JOIN users_main AS um2 ON um2.ID=pt.StaffID\n\t\t\tLEFT JOIN users_info AS ui1 ON ui1.UserID=pt.UserID\n\t\t\tORDER BY pt.ID");
$Pending = $DB->to_array();
include SERVER_ROOT . '/classes/class_text.php';
$Text = new TEXT();
function status($c)
{
switch ($c) {
case '-1':
return "Denied";
break;
case '0':
return "Pending";
break;
case '1':
return "Approved";
}
}
?>
<?
include(SERVER_ROOT.'/classes/class_text.php'); // Text formatting class
$Text = new TEXT;
include(SERVER_ROOT.'/sections/requests/functions.php');
if (empty($_GET['id']) || !is_number($_GET['id'])) { error(0); }
$UserID = $_GET['id'];
if($UserID == $LoggedUser['ID']) {
$OwnProfile = true;
} else {
$OwnProfile = false;
}
if(check_perms('users_mod')) { // Person viewing is a staff member
$DB->query("SELECT
m.Username,
m.Email,
m.LastAccess,
m.IP,
p.Level AS Class,
m.Uploaded,
m.Downloaded,
m.RequiredRatio,
m.Title,
m.torrent_pass,
m.Enabled,
m.Cursed,
m.Paranoia,
function textInject($text)
{
if (strpos($text, '<?php ') === false) {
$this->innerHead($text);
} else {
$open = 0;
$php = '';
$xml = '';
$tokens = token_get_all($text);
foreach ($tokens as $token) {
if (is_array($token)) {
switch ($token[0]) {
case T_OPEN_TAG:
$open = 1;
if ($xml) {
$textNode = new TEXT();
$textNode->setParent($this);
$textNode->setBuilder($this);
$textNode->parse($xml);
$this->childNodes[] = $textNode;
}
$xml = '';
$php = '<?php ';
break;
case T_OPEN_TAG_WITH_ECHO:
$open = 2;
if ($xml) {
$textNode = new TEXT();
$textNode->setParent($this);
$textNode->setBuilder($this);
$textNode->parse($xml);
$this->childNodes[] = $textNode;
}
$xml = '';
$php = '<?php echo ';
break;
case T_CLOSE_TAG:
$open = 0;
$phpNode = new PHP();
$phpNode->setParent($this);
$phpNode->setBuilder($this->constructor);
$phpNode->parse($php . ($open === 2 && substr(trim($php), -1) != ';' ? ';' : '') . '?>');
$this->childNodes[] = $phpNode;
$php = '';
break;
default:
if ($open) {
$php .= $token[1];
} else {
$xml .= $token[1];
}
break;
}
} else {
if ($open) {
$php .= $token;
} else {
$xml .= $token;
}
}
}
if ($php) {
$phpNode = new PHP();
$phpNode->setParent($this);
$phpNode->setBuilder($this->constructor);
$phpNode->parse($php . ($open === 2 ? ';' && substr(trim($php), -1) != ';' : '') . '?>');
$this->childNodes[] = $phpNode;
}
if ($xml) {
$textNode = new TEXT();
$textNode->setParent($this);
$textNode->setBuilder($this);
$textNode->parse($xml);
$this->childNodes[] = $textNode;
}
}
}
<?
enforce_login();
include(SERVER_ROOT.'/classes/class_text.php'); // Text formatting class
$Text = new TEXT;
if(!empty($_REQUEST['action'])) {
if($_REQUEST['action'] == 'my_torrents') {
$My_Torrents = true;
}
} else {
$My_Torrents = false;
}
if(isset($_GET['id'])) {
$UserID = $_GET['id'];
$UserInfo = (user_info($UserID));
$Username = $UserInfo['Username'];
if($LoggedUser['ID'] == $_GET['id']) {
$Self = true;
} else {
$Self = false;
}
}
else {
$UserID = $LoggedUser['ID'];
$Username = $LoggedUser['Username'];
$Self = true;
}
if(!is_number($UserID)) {
<ul>
<?
foreach($Type['guidelines'] as $Guideline) {
?>
<li><?php
echo $Guideline;
?>
</li>
<? } ?>
</ul>
<p>In short, please include as much detail as possible when reporting. Thank you. </p>
</div>
<?
include(SERVER_ROOT.'/classes/class_text.php'); // Text formatting class
$Text = new TEXT;
switch($Short) {
case "user" :
$DB->query("SELECT Username FROM users_main WHERE ID=".$ID);
if($DB->record_count() < 1) {
error(404);
}
list($Username) = $DB->next_record();
?>
<p>You are reporting the user <strong><?php
echo display_str($Username);
?>
</strong></p>
<?
$UploadForm = $Categories[$Properties['CategoryID']-1];
$Properties['CategoryName'] = $Categories[$Properties['CategoryID']-1];
$Properties['Artists'] = get_request_artists($_GET['requestid']);
$Properties['TagList'] = implode(", ", get_request_tags($_GET['requestid']));
}
if(!empty($ArtistForm)) {
$Properties['Artists'] = $ArtistForm;
}
require(SERVER_ROOT.'/classes/class_torrent_form.php');
$TorrentForm = new TORRENT_FORM($Properties, $Err);
if(!isset($Text)) {
include(SERVER_ROOT.'/classes/class_text.php'); // Text formatting class
$Text = new TEXT;
}
$GenreTags = $Cache->get_value('genre_tags');
if(!$GenreTags) {
$DB->query("SELECT Name FROM tags WHERE TagType='genre' ORDER BY Name");
$GenreTags = $DB->collect('Name');
$Cache->cache_value('genre_tags', $GenreTags, 3600*6);
}
?>
<div style="margin:0px auto;width:700px">
<h3 id="dnu_header">Do not upload</h3>
<p>The following releases are currently forbidden from being uploaded from the site. Do not upload them unless your torrent meets a condition specified in the comment.</p>
<?
$DB->query("SELECT
d.Name,
<?php
/* AJAX Previews, simple stuff. */
include SERVER_ROOT . '/classes/class_text.php';
// Text formatting class
$Text = new TEXT();
if (!empty($_POST['AdminComment'])) {
echo $Text->full_format($_POST['AdminComment']);
} else {
$Content = $_REQUEST['body'];
// Don't use URL decode.
echo $Text->full_format($Content);
}
<?
//~~~~~~~~~~~ Main collage page ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
function compare($X, $Y){
return($Y['count'] - $X['count']);
}
include(SERVER_ROOT.'/classes/class_text.php'); // Text formatting class
$Text = new TEXT;
$CollageID = $_GET['id'];
if(!is_number($CollageID)) { error(0); }
$Data = $Cache->get_value('collage_'.$CollageID);
if($Data) {
$Data = unserialize($Data);
list($K, list($Name, $Description, $CollageDataList, $TorrentList, $CommentList, $Deleted)) = each($Data);
} else {
$DB->query("SELECT Name, Description, UserID, Deleted FROM collages WHERE ID='$CollageID'");
if($DB->record_count() > 0) {
list($Name, $Description, $UserID, $Deleted) = $DB->next_record();
$TorrentList='';
$CollageList='';
} else {
$Deleted = '1';
}
}
if($Deleted == '1') {
header('Location: log.php?search=Collage+'.$CollageID);
<?
function compare($X, $Y){
return($Y['score'] - $X['score']);
}
include(SERVER_ROOT.'/classes/class_text.php');
$Text=NEW TEXT;
$GroupID=ceil($_GET['id']);
if(!empty($_GET['revisionid']) && is_number($_GET['revisionid'])) {
$RevisionID = $_GET['revisionid'];
} else { $RevisionID = 0; }
if(!$RevisionID) {
$TorrentCache=$Cache->get_value('torrents_details_'.$GroupID);
}
if($RevisionID || !is_array($TorrentCache)) {
// Fetch the group details
$SQL = "SELECT ";
if(!$RevisionID) {
$SQL.="
g.WikiBody,
g.WikiImage, ";
} else {
$SQL.="
w.Body,
<?
include(SERVER_ROOT.'/classes/class_text.php');
$Text = new TEXT;
$ConvID = $_GET['id'];
if(!$ConvID || !is_number($ConvID)) { error(404); }
$UserID = $LoggedUser['ID'];
$DB->query("SELECT UserID FROM pm_conversations_users WHERE UserID='$UserID' AND ConvID='$ConvID'");
if($DB->record_count() == 0) {
error(403);
}
// Get information on the conversation
$DB->query("SELECT
c.Subject,
cu1.Sticky,
cu1.UnRead,
cu1.UserID AS u1ID,
um1.Username AS u1Username,
um1.PermissionID AS u1Class,
um1.Enabled AS u1Enabled,
ui1.Donor AS u1Donor,
ui1.Warned AS u1Warned,
cu2.UserID AS u2ID,
um2.Username AS u2Username,
um2.PermissionID AS u2Class,
um2.Enabled AS u2Enabled,
<? /* AJAX Previews, simple stuff. */ include(SERVER_ROOT.'/classes/class_text.php'); // Text formatting class $Text = new TEXT; $Content = $_REQUEST['body']; // Don't use URL decode. echo $Text->full_format($Content); ?>