require_once "../../version.php";
require_once "../bta_funcs.php";
/*
 * Get the client's IP address. Used for verifying access.
 */
$ip = str_replace("::ffff:", "", $_SERVER["REMOTE_ADDR"]);
/*
 * Check to make sure person is logged in, and that the session
 * is actually theirs.
 */
if (!admIsLoggedIn($ip)) {
    admShowError("You can't access this page directly.", "You don't appear to be logged in. Use admin/index.php to login to the administrative interface.", $adm_pageerr_title);
    exit;
}
if (!($_SESSION["admin_perms"]["retiredmgmt"] || $_SESSION["admin_perms"]["root"])) {
    admShowMsg("You don't have permission to view this page.", "Permissions have been set to deny you access to this page.", $adm_pageerr_title);
    exit;
}
?>
<HTML>
<HEAD>
	<META NAME="Author" CONTENT="danomac">
	<LINK REL="stylesheet" HREF="../admin.css" TYPE="text/css" TITLE="Default">
	<?php 
echo "<TITLE>Retired torrent help - {$phpbttracker_id} {$phpbttracker_ver}</TITLE>\r\n";
?>
</HEAD>
<BODY CLASS="help">
	<P CLASS="help_title"><?php 
echo "{$phpbttracker_id} {$phpbttracker_ver} - Retired torrent help";
?>
        foreach ($_SESSION["udeletelist"] as $key => $value) {
            @mysql_query("DELETE FROM adminusers WHERE username=\"" . $_SESSION["udeletelist"][$key]["username"] . "\"");
        }
        /*
         * Destroy the variable
         */
        unset($_SESSION["udeletelist"]);
    }
    admShowMsg("Changes applied.", "Redirecting to user administration page.", "Redirecting", true, "bta_usermgmt.php", 3);
    exit;
}
/*
 * Check to make sure something was actually selected.
 */
if (!isset($_POST["uprocess"])) {
    admShowMsg("Nothing selected.", "Redirecting to user administration page.", "Redirecting", true, "bta_usermgmt.php", 3);
    exit;
} else {
    $processlist = $_POST["uprocess"];
}
/*
 * Connect to the database
 */
if ($GLOBALS["persist"]) {
    $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
} else {
    $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
}
mysql_select_db($database) or sqlErr(mysql_error());
if (isset($processlist)) {
    foreach ($processlist as $username => $status) {
                 * Group administration is not enabled, terminate
                 */
                admShowError("Invalid username/password", "Check your username and password and try again.", $adm_pageerr_title);
                exit;
            }
        } else {
            /*
             * The username entered matches the "root" password
             * Check to see if the hashes match for the password
             */
            if (hmac_md5($_POST["id"], md5($admin_pass)) != $_POST["passmd5"]) {
                admShowError("Invalid username/password", "Check your username and password and try again.", $adm_pageerr_title);
                exit;
            }
            /* 
             * Okay the root password matches, now set the permission variable
             */
            $_SESSION["admin_perms"]["root"] = true;
        }
    } else {
        admShowError("There was a problem processing your request", "It appears you are trying to steal a session. Shame on you!", $adm_pageerr_title);
    }
}
/*
 * Wow. All the tests pass. There should be a variable set in _SESSION now to verify
 * that the login was successful. Also, we can now redirect to the "main" administration panel.
 */
$_SESSION['refering_page'] = "";
$_SESSION['authenticated'] = true;
admShowMsg("Authenticated.", "Redirecting to the main administration panel.", $adm_page_title, true, "bta_main.php");
 */
$ip = str_replace("::ffff:", "", $_SERVER["REMOTE_ADDR"]);
/*
 * Check to make sure person is logged in, and that the session
 * is actually theirs.
 */
if (!admIsLoggedIn($ip)) {
    admShowError("You can't access this page directly.", "You don't appear to be logged in. Use admin/index.php to login to the administrative interface.", $adm_pageerr_title);
    exit;
}
/*
 * Group admin: are they actually allowed to view this page?
 * If not, redirect them back to main
 */
if (!($_SESSION["admin_perms"]["advsort"] || $_SESSION["admin_perms"]["root"])) {
    admShowMsg("You don't have permission to view this page.", "Redirecting to the main administration panel.", $adm_page_title, true, "bta_main.php", 3);
}
?>
<HTML>
<HEAD>
	<META NAME="Author" CONTENT="danomac">
	<LINK REL="stylesheet" HREF="../admin.css" TYPE="text/css" TITLE="Default">
	<?php 
echo "<TITLE>Move group help - {$phpbttracker_id} {$phpbttracker_ver}</TITLE>\r\n";
?>
</HEAD>
<BODY CLASS="help">
	<P CLASS="help_title"><?php 
echo "{$phpbttracker_id} {$phpbttracker_ver} - Move torrent group help";
?>
</P>
         * Destroy the variable
         */
        unset($_SESSION["rdeletelist"]);
    }
    if (isset($_SESSION["retiredadmin"])) {
        admShowMsg("Changes applied.", "Redirecting to retired torrents administration page.", "Redirecting", true, "bta_retired.php", 3);
    } else {
        admShowMsg("Changes applied.", "Redirecting to main administration page.", "Redirecting", true, "bta_main.php", 3);
    }
    exit;
}
/*
 * Check to make sure something was actually selected.
 */
if (!isset($_POST["process"])) {
    admShowMsg("Nothing selected.", "Redirecting to main administration page.", "Redirecting", true, "bta_main.php", 3);
    exit;
} else {
    $processlist = $_POST["process"];
}
/*
 * Connect to the database
 */
if ($GLOBALS["persist"]) {
    $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
} else {
    $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
}
mysql_select_db($database) or sqlErr(mysql_error());
foreach ($processlist as $hash => $action) {
    /*
    $_SESSION['refering_page'] = $_SERVER['PHP_SELF'];
}
/*
 * If the admin username and password are not set, terminate
 */
if (!isset($admin_user) || !isset($admin_pass) || strlen($admin_user) == 0 || strlen($admin_pass) == 0) {
    admShowError("Administration root username and/or password not set", "The administration system will not function until you set these in the configuration.", $adm_pageerr_title);
    exit;
}
/*
 * Check to see if this session is logged on already, if it is, go to the main page
 */
if (isset($_SESSION['authenticated'])) {
    if ($_SESSION['authenticated']) {
        $_SESSION['refering_page'] = "";
        admShowMsg("You are logged in already.", "Redirecting to the main administration panel.", $adm_page_title, true, "bta_main.php", 3);
    }
}
/*
 * Output the HEAD tags needed.
 */
echo "<HTML>\r\n<HEAD>\r\n<META NAME=\"Author\" CONTENT=\"danomac\">\r\n";
echo "<LINK REL=\"stylesheet\" HREF=\"admin.css\" TYPE=\"text/css\" TITLE=\"Default\">\r\n";
echo "<TITLE>" . $phpbttracker_id . " " . $phpbttracker_ver . " Administration Login</TITLE>\r\n</HEAD>\r\n\r\n<BODY>\r\n";
/*
 * Connect to the database
 */
if ($GLOBALS["persist"]) {
    $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
} else {
    $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
}
/*
 * Check to make sure something was actually selected.
 */
if (!isset($_POST["process"])) {
    admShowMsg("Nothing selected.", "Redirecting to peer details administration page.", "Redirecting", true, "bta_peers.php", 3);
    exit;
} else {
    $processlist = $_POST["process"];
}
/*
 * Let's get the hash table in question from the session variable
 * previous form.
 */
if (!isset($_SESSION["info_hash"])) {
    admShowMsg("There was an error (-1).", "Redirecting to peer details administration page.", "Redirecting", true, "bta_peers.php", 3);
    exit;
} else {
    $hash = $_SESSION["info_hash"];
}
/*
 * Connect to the database
 */
if ($GLOBALS["persist"]) {
    $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
} else {
    $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
}
mysql_select_db($database) or sqlErr(mysql_error());
foreach ($processlist as $peerid => $action) {
    /*
        /*
         * Check to see if an external torrent needs to be reverted.
         */
        if (isset($_POST["ext_off"])) {
            if (strcmp($_POST["ext_off"], "enabled") == 0) {
                /*
                 * Yes, let's reverse it
                 */
                quickQuery("UPDATE `summary` SET `external_torrent`=\"N\" WHERE `info_hash`=\"{$hash}\"");
                quickQuery("DELETE FROM `trk_ext` WHERE `info_hash`=\"{$hash}\"");
            }
        }
        /*
         * Display the status to the user (always success).
         */
        admShowMsg("Changes applied.", "Returning to the main administration page.", "Redirecting", true, "bta_main.php", 2);
    }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META NAME="Author" CONTENT="danomac">
<LINK REL="stylesheet" HREF="admin.css" TYPE="text/css" TITLE="Default">
<?php 
/*
 * Set the page title.
 */
echo "<TITLE>" . $adm_page_title . " - Edit torrent</TITLE>\r\n";
?>
</HEAD>
    $requestedaction = $_GET['action'];
} else {
    $redirURL = "bta_main.php";
    $redirDelay = 5;
    $redirMSG = "Invalid parameter.";
    $redirDetail = "No action specified.";
    $redirError = true;
}
/*
 * Get the info has needed, and put it in a session variable, if there were no previous errors
 * If there is no hash specified it is a soft error and a redirect should be taken back to the main page.
 */
if (!$redirError) {
    if (isset($_GET['info_hash'])) {
        if (strpos($_GET["info_hash"], " ") !== false || strlen($_GET["info_hash"]) != 40) {
            admShowMsg("Invalid hash parameter", "An invalid hash value was passed.", "Invalid hash value", true, "bta_main.php", 5);
            exit;
        }
        $_SESSION['info_hash'] = $_GET['info_hash'];
    } else {
        $redirDelay = 5;
        $redirError = true;
        $redirMSG = "Invalid parameter.";
        $redirDetail = "Info hash not specified.";
        $redirURL = "bta_main.php";
    }
}
/*
 * This switch statment checks the requested action and sets up redirects.
 * If the action isn't valid, it's considered a "soft" error and a redirect goes to the main page.
 * Only parse the action variable if an error was not discovered earlier.
                                      * Now that it's moved, set the URL to that new file name, and set the
                                      * flag to true, so it isn't accidentally overwritten later.
                                      * Also change the % to %25 for URL encoding when uploading...
                                      */
                                     $copyFilename = ereg_replace("%", "%25", $copyFilename);
                                     $url = "http://" . $_SERVER["HTTP_HOST"] . "/" . $GLOBALS["torrent_folder"] . "/" . $copyFilename;
                                     $copiedTorrent = true;
                                 }
                                 /*
                                  * If only copying the torrent redirect back to the main page here...
                                  */
                                 if (isset($_POST["copytorrentonly"]) && strcmp($_POST["copytorrentonly"], "enabled") == 0) {
                                     /*
                                      * Display the status to the user
                                      */
                                     admShowMsg("Changes applied.", "Torrent uploaded successfully - Returning to the main administration page.", "Redirecting", true, "bta_main.php", 2);
                                 }
                             }
                         }
                     }
                 }
             }
         } else {
             $statusMsg = "Torrent size is too large.";
             $addError = true;
         }
     } else {
         $statusMsg = "Torrents CANNOT contain a HTML Anchor character (#), a control character (^), or a semicolon (;) in the filename.";
         $addError = true;
     }
 } else {
            }
            /*
             * Okay, they are seperated, now sort the 3 lists,
             * and put them in a session variable for later use.
             * First, unset the session variables, in case the screen has been
             * used previously in the same session.
             */
            unset($_SESSION['grouplist'], $_SESSION['ungrouplist']);
            if (count($grouplist) > 0) {
                $_SESSION['grouplist'] = array_sort($grouplist, "name");
            }
            if (count($ungrouplist) > 0) {
                $_SESSION['ungrouplist'] = array_sort($ungrouplist, "name");
            }
            if (count($grouplist) == 0 && count($ungrouplist) == 0) {
                admShowMsg("Update complete", "Redirecting to advanced sorting page.", "Redirecting", true, "bta_advsort.php", 3);
            }
        }
    }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META NAME="Author" CONTENT="danomac">
<LINK REL="stylesheet" HREF="admin.css" TYPE="text/css" TITLE="Default">
<?php 
/*
 * Set the page title.
 */
echo "<TITLE>" . $adm_page_title . " - Confirm selections</TITLE>\r\n";
        } else {
            @mysql_query("INSERT INTO ipbans (ip, iplong, bandate, reason, autoban) \r\n\t\t\t\t\t\t\t\t\tVALUES (\"" . $_SESSION["addban"]["ip"] . "\", \r\n\t\t\t\t\t\t\t\t\t\t{$iplong}, \r\n\t\t\t\t\t\t\t\t\t\t\"" . $_SESSION["addban"]["date"] . "\", \r\n\t\t\t\t\t\t\t\t\t\t\"" . $_SESSION["addban"]["reason"] . "\", \r\n\t\t\t\t\t\t\t\t\t\t\"N\")");
        }
        /*
         * Destroy the variable
         */
        unset($_SESSION["addban"]);
    }
    admShowMsg("Changes applied.", "Redirecting to IP Banning administration page.", "Redirecting", true, "bta_banlist.php", 3);
    exit;
}
/*
 * Check to make sure something was actually selected.
 */
if (!isset($_POST["process"]) && !isset($_POST["addbanip"])) {
    admShowMsg("Nothing to do.", "Redirecting to IP Banning administration page.", "Redirecting", true, "bta_banlist.php", 3);
    exit;
} else {
    $processlist = $_POST["process"];
}
/*
 * Connect to the database
 */
if ($GLOBALS["persist"]) {
    $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
} else {
    $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
}
mysql_select_db($database) or sqlErr(mysql_error());
if (isset($processlist)) {
    foreach ($processlist as $ban_id => $action) {
        session_save_path($GLOBALS["webserver_farm_session_path"]);
    }
}
session_start();
header("Cache-control: private");
/*
 * There are some variables defined in this script that are needed, such as the
 * phpbttracker version strings.
 */
require_once "bta_funcs.php";
/*
 * Let's try to stay HTML 4.01 compliant.
 */
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\r\n";
/*
 * Let's see if the bta_login.php page was used by checking to see if there
 * is a session variable set with the page referrer.
 * If yes, then destroy the session and log out.
 */
if (!isset($_SESSION['authenticated'])) {
    admShowError("You are not logged in.", "Common sense states that before you attempt to log out, you should be logged in to the interface first!", $adm_pageerr_title);
} else {
    //okay, destroy the session.
    admKillSession();
    //ensure the session was destroyed, and display a message
    if (!isset($_SESSION['authenticated'])) {
        admShowMsg("You are now logged off.", "You will need to logon again to use the Administrative interface.", $adm_page_title . " - Logout");
    } else {
        admShowError("ERROR: You are not logged off.", "Could not logoff for an unknown reason.", $adm_pageerr_title);
    }
}
     */
    if ($GLOBALS["persist"]) {
        $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
    } else {
        $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
    }
    mysql_select_db($database) or die("Can't open the database.");
    /*
     * Get information about the torrent itself to display (name, and file size)
     */
    $recordset = mysql_query("SELECT info_hash, \r\n\t\t\t\t\tfilename, \r\n\t\t\t\t\tsize FROM namemap WHERE info_hash=\"{$hash}\"") or showError("Database error. Cannot complete request.");
    /*
     * If nothing returned, it's an error... so stop processing
     */
    if (mysql_num_rows($recordset) == 0) {
        admShowMsg("No hash value", "Either no hash value was passed, or an invalid value was passed.", "Invalid hash value");
        exit;
    }
    $row = mysql_fetch_row($recordset);
    /*
     * Save needed information to variables
     */
    $filename = $row[1];
    $filesize = $row[2];
    /*
     * Get the seeder stats
     */
    $recordset = mysql_query("SELECT peer_id, \r\n\t\t\t\t\t\tip, \r\n\t\t\t\t\t\tport, \r\n\t\t\t\t\t\tuploaded,\r\n\t\t\t\t\t\tclientversion,\r\n\t\t\t\t\t\tbytes,\r\n\t\t\t\t\t\tlastupdate FROM x{$hash} WHERE status = \"seeder\" ORDER BY {$order}") or showError("Database error. Cannot complete request.");
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 */
if (!($_SESSION["admin_perms"]["advsort"] || $_SESSION["admin_perms"]["root"])) {
    admShowMsg("You don't have permission to view this page.", "Permissions have been set to deny you access to this page.", $adm_pageerr_title);
    exit;
}
/*
 * Root user check - they can't be viewing all groups!
 */
if ($_SESSION["admin_perms"]["root"] && !isset($_SESSION["root_last_cat"])) {
    /*
     * Boot the root user back to main to select a subcategory.
     */
    admShowMsg("Root user error", "You have to choose a category on the main page before attempting to sort it.", "Root user error", true, "bta_main.php", 5);
}
if ($GLOBALS["dynamic_torrents"]) {
    admShowMsg("Administration error", "You cannot use the dynamic torrents setting with advanced sorting.", "Dynamic Torrent Setting error", true, "bta_main.php", 5);
}
/*
 * Get the requested category if there is one.
 * If a group is logged in, ignore requests and force them
 * to view their torrents only...
 */
if (!isset($_SESSION["admin_perms"]["category"])) {
    /*
     * Root user, check for selected category is above
     */
    $defaultcategory = $_SESSION["root_last_cat"];
    $where = " WHERE namemap.category = \"" . $_SESSION["root_last_cat"] . "\"";
} else {
    /*
     * Okay, force them to view only their torrents...
        $hrefCategory = "?category={$defaultcategory}";
    }
} else {
    /*
     * Show only the indicated category
     */
    $where = " WHERE category = \"" . $_SESSION["admin_perms"]["category"] . "\"";
    $hrefCategory = "?category=" . $_SESSION["admin_perms"]["category"];
}
/*
 * Get the sort direction from the URL, if one exists.
 * If not specified, assume ascending order.
 */
if (isset($_GET["sort"])) {
    if (strpos($_GET["sort"], " ") !== false) {
        admShowMsg("Invalid sort parameter", "An invalid sort value was passed.", "Invalid sort request", true, "bta_retired.php", 5);
    }
    $requestedsort = $_GET["sort"];
    switch ($requestedsort) {
        case "ascending":
            $sortorder = " ";
            $sortascending = true;
            break;
        case "descending":
            $sortorder = " DESC ";
            $sortascending = false;
            break;
        default:
            $sortorder = " ";
            $sortascending = true;
    }
        $username = $_GET["username"];
        /*
         * Let's put the username in a session variable. This way, the script
         * can allow for corrections if a user makes a mistake, and if the
         * username is changed, there is no screwups...
         */
        $_SESSION["editing_user"] = $username;
        /*
         * Grab info needed
         */
        $recordset = mysql_query("SELECT username,\r\n\t\t\t\t\t\tpassword,\r\n\t\t\t\t\t\tcategory,\r\n\t\t\t\t\t\tcomment,\r\n\t\t\t\t\t\tperm_add,\r\n\t\t\t\t\t\tperm_addext,\r\n\t\t\t\t\t\tperm_edit,\r\n\t\t\t\t\t\tperm_delete,\r\n\t\t\t\t\t\tperm_retire,\r\n\t\t\t\t\t\tperm_unhide,\r\n\t\t\t\t\t\tperm_peers,\r\n\t\t\t\t\t\tperm_viewconf,\r\n\t\t\t\t\t\tperm_retiredmgmt,\r\n\t\t\t\t\t\tperm_ipban,\r\n\t\t\t\t\t\tperm_usermgmt,\r\n\t\t\t\t\t\tperm_mirror,\r\n\t\t\t\t\t\tenabled,\r\n\t\t\t\t\t\tdisable_reason,\r\n\t\t\t\t\t\tperm_advsort FROM adminusers WHERE username = \"{$username}\"");
        /*
         * Make sure there was a record returned. If no record, hash must be invalid.
         */
        if (mysql_num_rows($recordset) == 0) {
            admShowMsg("Invalid username specified.", "Invalid username specified.", "Error", true, "bta_usermgmt.php", 5);
            exit;
        } else {
            /*
             * There is data; retrieve it
             */
            $row = mysql_fetch_row($recordset);
        }
    }
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META NAME="Author" CONTENT="danomac">
<LINK REL="stylesheet" HREF="admin.css" TYPE="text/css" TITLE="Default">