function check_paranoia_here($Setting) { global $Paranoia, $Class, $UserID, $Preview; if ($Preview == 1) { return check_paranoia($Setting, $Paranoia, $Class); } else { return check_paranoia($Setting, $Paranoia, $Class, $UserID); } }
/** * Generate a table row for a staff member on staff.php * * @param $Row used for alternating row colors * @param $ID the user ID of the staff member * @param $Paranoia the user's paranoia * @param $Class the user class * @param $LastAccess datetime the user last browsed the site * @param $Remark the "Staff remark" or FLS' "Support for" text * @param $HiddenBy the text that is displayed when a staff member's * paranoia hides their LastAccess time * @return string $Row */ function make_staff_row($Row, $ID, $Paranoia, $Class, $LastAccess, $Remark = '', $HiddenBy = 'Hidden by user') { $Row = $Row === 'a' ? 'b' : 'a'; echo "\t\t\t<tr class=\"row{$Row}\">\n\t\t\t\t<td class=\"nobr\">\n\t\t\t\t\t" . Users::format_username($ID, false, false, false) . "\n\t\t\t\t</td>\n\t\t\t\t<td class=\"nobr\">\n\t\t\t\t\t"; //used for proper indentation of HTML if (check_paranoia('lastseen', $Paranoia, $Class)) { echo time_diff($LastAccess); } else { echo "{$HiddenBy}"; } echo "\n\t\t\t\t</td>\n\t\t\t\t<td class=\"nobr\">" . Text::full_format($Remark) . "</td>\n\t\t\t</tr>\n"; // the "\n" is needed for pretty HTML // the foreach loop that calls this function needs to know the new value of $Row return $Row; }
break; case 'voted': if (!empty($UserInfo)) { if (!check_paranoia('requestsvoted_list', $UserInfo['Paranoia'], $Perms['Class'], $UserInfo['ID'])) { error(403); } $Title = "Requests voted for by {$UserInfo['Username']}"; $SphQL->where('voter', $UserInfo['ID']); } else { $Title = 'Requests I have voted on'; $SphQL->where('voter', $LoggedUser['ID']); } break; case 'filled': if (!empty($UserInfo)) { if (!check_paranoia('requestsfilled_list', $UserInfo['Paranoia'], $Perms['Class'], $UserInfo['ID'])) { error(403); } $Title = "Requests filled by {$UserInfo['Username']}"; $SphQL->where('fillerid', $UserInfo['ID']); } else { $Title = 'Requests I have filled'; $SphQL->where('fillerid', $LoggedUser['ID']); } break; case 'bookmarks': $Title = 'Your bookmarked requests'; $BookmarkView = true; $SphQL->where('bookmarker', $LoggedUser['ID']); break; default:
case 'uploads': if (!check_paranoia('uploads', $User['Paranoia'], $UserClass, $UserID)) { error(403); } $SQL = "WHERE t.UserID = '{$UserID}'"; $Month = "t.Time"; break; case 'snatches': if (!check_paranoia('snatched', $User['Paranoia'], $UserClass, $UserID)) { error(403); } $SQL = "\n\t\t\t\t\tJOIN xbt_snatched AS x ON t.ID = x.fid\n\t\t\t\tWHERE x.uid = '{$UserID}'"; $Month = "FROM_UNIXTIME(x.tstamp)"; break; case 'seeding': if (!check_paranoia('seeding', $User['Paranoia'], $UserClass, $UserID)) { error(403); } $SQL = "\n\t\t\t\t\tJOIN xbt_files_users AS xfu ON t.ID = xfu.fid\n\t\t\t\tWHERE xfu.uid = '{$UserID}'\n\t\t\t\t\tAND xfu.remaining = 0"; $Month = "FROM_UNIXTIME(xfu.mtime)"; break; default: error(0); } } $DownloadsQ = $DB->query("\n\tSELECT\n\t\tt.ID AS TorrentID,\n\t\tDATE_FORMAT({$Month}, '%Y - %m') AS Month,\n\t\tt.GroupID,\n\t\tt.Media,\n\t\tt.Format,\n\t\tt.Encoding,\n\t\tIF(t.RemasterYear = 0, tg.Year, t.RemasterYear) AS Year,\n\t\ttg.Name,\n\t\tt.Size\n\tFROM torrents AS t\n\t\tJOIN torrents_group AS tg ON t.GroupID = tg.ID\n\t{$SQL}\n\tGROUP BY TorrentID"); $Collector = new TorrentsDL($DownloadsQ, "{$Username}'s " . ucfirst($_GET['type'])); while (list($Downloads, $GroupIDs) = $Collector->get_downloads('TorrentID')) { $Artists = Artists::get_artists($GroupIDs); $TorrentIDs = array_keys($GroupIDs); $TorrentFilesQ = $DB->query('
function check_paranoia_here($Setting) { global $Paranoia, $Class, $UserID; return check_paranoia($Setting, $Paranoia, $Class, $UserID); }
?> </strong> <?php } if (check_paranoia('downloaded', $Paranoia, $Class, $FriendID)) { ?> Down: <strong><?php echo Format::get_size($Downloaded); ?> </strong> <?php } ?> </span> <?php if (check_paranoia('lastseen', $Paranoia, $Class, $FriendID)) { ?> <span style="float: right;"><?php echo time_diff($LastAccess); ?> </span> <?php } ?> </td> </tr> <tr> <?php if (Users::has_avatars_enabled()) { ?> <td class="col_avatar avatar" valign="top">
function make_tree() { $QueryID = G::$DB->get_query_id(); $UserID = $this->UserID; ?> <div class="invitetree pad"> <?php G::$DB->query("\n\t\t\tSELECT TreePosition, TreeID, TreeLevel\n\t\t\tFROM invite_tree\n\t\t\tWHERE UserID = {$UserID}"); list($TreePosition, $TreeID, $TreeLevel) = G::$DB->next_record(MYSQLI_NUM, false); if (!$TreeID) { return; } G::$DB->query("\n\t\t\tSELECT TreePosition\n\t\t\tFROM invite_tree\n\t\t\tWHERE TreeID = {$TreeID}\n\t\t\t\tAND TreeLevel = {$TreeLevel}\n\t\t\t\tAND TreePosition > {$TreePosition}\n\t\t\tORDER BY TreePosition ASC\n\t\t\tLIMIT 1"); if (G::$DB->has_results()) { list($MaxPosition) = G::$DB->next_record(MYSQLI_NUM, false); } else { $MaxPosition = false; } $TreeQuery = G::$DB->query("\n\t\t\tSELECT\n\t\t\t\tit.UserID,\n\t\t\t\tEnabled,\n\t\t\t\tPermissionID,\n\t\t\t\tDonor,\n\t\t\t\tUploaded,\n\t\t\t\tDownloaded,\n\t\t\t\tParanoia,\n\t\t\t\tTreePosition,\n\t\t\t\tTreeLevel\n\t\t\tFROM invite_tree AS it\n\t\t\t\tJOIN users_main AS um ON um.ID = it.UserID\n\t\t\t\tJOIN users_info AS ui ON ui.UserID = it.UserID\n\t\t\tWHERE TreeID = {$TreeID}\n\t\t\t\tAND TreePosition > {$TreePosition}" . ($MaxPosition ? " AND TreePosition < {$MaxPosition}" : '') . "\n\t\t\t\tAND TreeLevel > {$TreeLevel}\n\t\t\tORDER BY TreePosition"); $PreviousTreeLevel = $TreeLevel; // Stats for the summary $MaxTreeLevel = $TreeLevel; // The deepest level (this changes) $OriginalTreeLevel = $TreeLevel; // The level of the user we're viewing $BaseTreeLevel = $TreeLevel + 1; // The level of users invited by our user $Count = 0; $Branches = 0; $DisabledCount = 0; $DonorCount = 0; $ParanoidCount = 0; $TotalUpload = 0; $TotalDownload = 0; $TopLevelUpload = 0; $TopLevelDownload = 0; $ClassSummary = array(); global $Classes; foreach ($Classes as $ClassID => $Val) { $ClassSummary[$ClassID] = 0; } // We store this in an output buffer, so we can show the summary at the top without having to loop through twice ob_start(); while (list($ID, $Enabled, $Class, $Donor, $Uploaded, $Downloaded, $Paranoia, $TreePosition, $TreeLevel) = G::$DB->next_record(MYSQLI_NUM, false)) { // Do stats $Count++; if ($TreeLevel > $MaxTreeLevel) { $MaxTreeLevel = $TreeLevel; } if ($TreeLevel == $BaseTreeLevel) { $Branches++; $TopLevelUpload += $Uploaded; $TopLevelDownload += $Downloaded; } $ClassSummary[$Class]++; if ($Enabled == 2) { $DisabledCount++; } if ($Donor) { $DonorCount++; } // Manage tree depth if ($TreeLevel > $PreviousTreeLevel) { for ($i = 0; $i < $TreeLevel - $PreviousTreeLevel; $i++) { echo "\n\n<ul class=\"invitetree\">\n\t<li>\n"; } } elseif ($TreeLevel < $PreviousTreeLevel) { for ($i = 0; $i < $PreviousTreeLevel - $TreeLevel; $i++) { echo "\t</li>\n</ul>\n"; } echo "\t</li>\n\t<li>\n"; } else { echo "\t</li>\n\t<li>\n"; } $UserClass = $Classes[$Class]['Level']; ?> <strong><?php echo Users::format_username($ID, true, true, $Enabled != 2 ? false : true, true); ?> </strong> <?php if (check_paranoia(array('uploaded', 'downloaded'), $Paranoia, $UserClass)) { $TotalUpload += $Uploaded; $TotalDownload += $Downloaded; ?> Uploaded: <strong><?php echo Format::get_size($Uploaded); ?> </strong> Downloaded: <strong><?php echo Format::get_size($Downloaded); ?> </strong> Ratio: <strong><?php echo Format::get_ratio_html($Uploaded, $Downloaded); ?> </strong> <?php } else { $ParanoidCount++; ?> Hidden <?php } ?> <?php $PreviousTreeLevel = $TreeLevel; G::$DB->set_query_id($TreeQuery); } $Tree = ob_get_clean(); for ($i = 0; $i < $PreviousTreeLevel - $OriginalTreeLevel; $i++) { $Tree .= "\t</li>\n</ul>\n"; } if ($Count) { ?> <p style="font-weight: bold;"> This tree has <?php echo number_format($Count); ?> entries, <?php echo number_format($Branches); ?> branches, and a depth of <?php echo number_format($MaxTreeLevel - $OriginalTreeLevel); ?> . It has <?php $ClassStrings = array(); foreach ($ClassSummary as $ClassID => $ClassCount) { if ($ClassCount == 0) { continue; } $LastClass = Users::make_class_string($ClassID); if ($ClassCount > 1) { if ($LastClass == 'Torrent Celebrity') { $LastClass = 'Torrent Celebrities'; } else { $LastClass .= 's'; } } $LastClass = "{$ClassCount} {$LastClass} (" . number_format($ClassCount / $Count * 100) . '%)'; $ClassStrings[] = $LastClass; } if (count($ClassStrings) > 1) { array_pop($ClassStrings); echo implode(', ', $ClassStrings); echo ' and ' . $LastClass; } else { echo $LastClass; } echo '. '; echo $DisabledCount; echo $DisabledCount == 1 ? ' user is' : ' users are'; echo ' disabled ('; if ($DisabledCount == 0) { echo '0%)'; } else { echo number_format($DisabledCount / $Count * 100) . '%)'; } echo ', and '; echo $DonorCount; echo $DonorCount == 1 ? ' user has' : ' users have'; echo ' donated ('; if ($DonorCount == 0) { echo '0%)'; } else { echo number_format($DonorCount / $Count * 100) . '%)'; } echo '. </p>'; echo '<p style="font-weight: bold;">'; echo 'The total amount uploaded by the entire tree was ' . Format::get_size($TotalUpload); echo '; the total amount downloaded was ' . Format::get_size($TotalDownload); echo '; and the total ratio is ' . Format::get_ratio_html($TotalUpload, $TotalDownload) . '. '; echo '</p>'; echo '<p style="font-weight: bold;">'; echo 'The total amount uploaded by direct invitees (the top level) was ' . Format::get_size($TopLevelUpload); echo '; the total amount downloaded was ' . Format::get_size($TopLevelDownload); echo '; and the total ratio is ' . Format::get_ratio_html($TopLevelUpload, $TopLevelDownload) . '. '; echo "These numbers include the stats of paranoid users and will be factored into the invitation giving script.\n\t\t</p>\n"; if ($ParanoidCount) { echo '<p style="font-weight: bold;">'; echo $ParanoidCount; echo $ParanoidCount == 1 ? ' user (' : ' users ('; echo number_format($ParanoidCount / $Count * 100); echo '%) '; echo $ParanoidCount == 1 ? ' is' : ' are'; echo ' too paranoid to have their stats shown here, and '; echo $ParanoidCount == 1 ? ' was' : ' were'; echo ' not factored into the stats for the total tree.'; echo '</p>'; } } ?> <br /> <?php echo $Tree; ?> </div> <?php G::$DB->set_query_id($QueryID); }
function check_paranoia_here($Setting) { global $User; return check_paranoia($Setting, $User['Paranoia'], $User['Class'], $User['ID']); }
function check_paranoia($Property, $Paranoia, $UserClass, $UserID = false) { global $Classes; if ($Property == false) { return false; } if (!is_array($Paranoia)) { $Paranoia = unserialize($Paranoia); } if (!is_array($Paranoia)) { $Paranoia = array(); } if (is_array($Property)) { $all = true; foreach ($Property as $P) { $all = $all && check_paranoia($P, $Paranoia, $UserClass, $UserID); } return $all; } else { if ($UserID !== false && G::$LoggedUser['ID'] == $UserID) { return PARANOIA_ALLOWED; } $May = !in_array($Property, $Paranoia) && !in_array($Property . '+', $Paranoia); if ($May) { return PARANOIA_ALLOWED; } if (check_perms('users_override_paranoia', $UserClass)) { return PARANOIA_OVERRIDDEN; } $Override = false; switch ($Property) { case 'downloaded': case 'ratio': case 'uploaded': case 'lastseen': if (check_perms('users_mod', $UserClass)) { return PARANOIA_OVERRIDDEN; } break; case 'snatched': case 'snatched+': if (check_perms('users_view_torrents_snatchlist', $UserClass)) { return PARANOIA_OVERRIDDEN; } break; case 'uploads': case 'uploads+': case 'seeding': case 'seeding+': case 'leeching': case 'leeching+': if (check_perms('users_view_seedleech', $UserClass)) { return PARANOIA_OVERRIDDEN; } break; case 'invitedcount': if (check_perms('users_view_invites', $UserClass)) { return PARANOIA_OVERRIDDEN; } break; } return false; } }
Using $_GET['userid'] allows a mod to see any user's token history. Nonmods and empty userid show $LoggedUser['ID']'s history ************************************************************************/ if (isset($_GET['userid'])) { $UserID = $_GET['userid']; } else { $UserID = $LoggedUser['ID']; } if (!is_number($UserID)) { error(404); } $UserInfo = Users::user_info($UserID); $Perms = Permissions::get_permissions($UserInfo['PermissionID']); $UserClass = $Perms['Class']; if (!check_perms('users_mod')) { if ($LoggedUser['ID'] != $UserID && !check_paranoia(false, $User['Paranoia'], $UserClass, $UserID)) { error(403); } } if (isset($_GET['expire'])) { if (!check_perms('users_mod')) { error(403); } $UserID = $_GET['userid']; $TorrentID = $_GET['torrentid']; if (!is_number($UserID) || !is_number($TorrentID)) { error(403); } $DB->query("\n\t\tSELECT info_hash\n\t\tFROM torrents\n\t\tWHERE ID = {$TorrentID}"); if (list($InfoHash) = $DB->next_record(MYSQLI_NUM, FALSE)) { $DB->query("\n\t\t\tUPDATE users_freeleeches\n\t\t\tSET Expired = TRUE\n\t\t\tWHERE UserID = {$UserID}\n\t\t\t\tAND TorrentID = {$TorrentID}");
<?php if (!check_perms('users_mod')) { error(403); } if (isset($_GET['userid']) && is_number($_GET['userid'])) { $UserHeavyInfo = Users::user_heavy_info($_GET['userid']); if (isset($UserHeavyInfo['torrent_pass'])) { $TorrentPass = $UserHeavyInfo['torrent_pass']; $UserPeerStats = Tracker::user_peer_count($TorrentPass); $UserInfo = Users::user_info($_GET['userid']); $UserLevel = $Classes[$UserInfo['PermissionID']]['Level']; if (!check_paranoia('leeching+', $UserInfo['Paranoia'], $UserLevel, $_GET['userid'])) { $UserPeerStats[0] = false; } if (!check_paranoia('seeding+', $UserInfo['Paranoia'], $UserLevel, $_GET['userid'])) { $UserPeerStats[1] = false; } } else { $UserPeerStats = false; } } else { $MainStats = Tracker::info(); } View::show_header('Tracker info'); ?> <div class="thin"> <div class="header"> <h2>Tracker info</h2> </div> <div class="linkbox">
default: error(404); } if (!empty($_GET['filter'])) { if ($_GET['filter'] === 'perfectflac') { if (!check_paranoia('perfectflacs', $User['Paranoia'], $UserClass, $UserID)) { error(403); } $ExtraWhere .= " AND t.Format = 'FLAC'"; if (empty($_GET['media'])) { $ExtraWhere .= "\n\t\t\t\tAND (\n\t\t\t\t\tt.LogScore = 100 OR\n\t\t\t\t\tt.Media IN ('Vinyl', 'WEB', 'DVD', 'Soundboard', 'Cassette', 'SACD', 'Blu-ray', 'DAT')\n\t\t\t\t\t)"; } elseif (strtoupper($_GET['media']) === 'CD' && empty($_GET['log'])) { $ExtraWhere .= "\n\t\t\t\tAND t.LogScore = 100"; } } elseif ($_GET['filter'] === 'uniquegroup') { if (!check_paranoia('uniquegroups', $User['Paranoia'], $UserClass, $UserID)) { error(403); } $GroupBy = 'tg.ID'; } } if (empty($GroupBy)) { $GroupBy = 't.ID'; } if ((empty($_GET['search']) || trim($_GET['search']) === '') && $Order != 'Name') { $SQL = "\n\t\tSELECT\n\t\t\tSQL_CALC_FOUND_ROWS\n\t\t\tt.GroupID,\n\t\t\tt.ID AS TorrentID,\n\t\t\t{$Time} AS Time,\n\t\t\ttg.CategoryID\n\t\tFROM {$From}\n\t\t\tJOIN torrents_group AS tg ON tg.ID = t.GroupID\n\t\tWHERE {$UserField} = '{$UserID}'\n\t\t\t{$ExtraWhere}\n\t\t\t{$SearchWhere}\n\t\tGROUP BY {$GroupBy}\n\t\tORDER BY {$Order} {$Way}\n\t\tLIMIT {$Limit}"; } else { $DB->query("\n\t\tCREATE TEMPORARY TABLE temp_sections_torrents_user (\n\t\t\tGroupID int(10) unsigned not null,\n\t\t\tTorrentID int(10) unsigned not null,\n\t\t\tTime int(12) unsigned not null,\n\t\t\tCategoryID int(3) unsigned,\n\t\t\tSeeders int(6) unsigned,\n\t\t\tLeechers int(6) unsigned,\n\t\t\tSnatched int(10) unsigned,\n\t\t\tName mediumtext,\n\t\t\tSize bigint(12) unsigned,\n\t\tPRIMARY KEY (TorrentID)) CHARSET=utf8"); $DB->query("\n\t\tINSERT IGNORE INTO temp_sections_torrents_user\n\t\t\tSELECT\n\t\t\t\tt.GroupID,\n\t\t\t\tt.ID AS TorrentID,\n\t\t\t\t{$Time} AS Time,\n\t\t\t\ttg.CategoryID,\n\t\t\t\tt.Seeders,\n\t\t\t\tt.Leechers,\n\t\t\t\tt.Snatched,\n\t\t\t\tCONCAT_WS(' ', GROUP_CONCAT(aa.Name SEPARATOR ' '), ' ', tg.Name, ' ', tg.Year, ' ') AS Name,\n\t\t\t\tt.Size\n\t\t\tFROM {$From}\n\t\t\t\tJOIN torrents_group AS tg ON tg.ID = t.GroupID\n\t\t\t\tLEFT JOIN torrents_artists AS ta ON ta.GroupID = tg.ID\n\t\t\t\tLEFT JOIN artists_alias AS aa ON aa.AliasID = ta.AliasID\n\t\t\tWHERE {$UserField} = '{$UserID}'\n\t\t\t\t{$ExtraWhere}\n\t\t\t\t{$SearchWhere}\n\t\t\tGROUP BY TorrentID, Time"); if (!empty($_GET['search']) && trim($_GET['search']) !== '') { $Words = array_unique(explode(' ', db_string($_GET['search'])));
* uploaded = comments left on one's uploads * If missing or invalid, this defaults to the comments one made */ // User ID if (isset($_GET['id']) && is_number($_GET['id'])) { $UserID = (int) $_GET['id']; $UserInfo = Users::user_info($UserID); $Username = $UserInfo['Username']; if ($LoggedUser['ID'] == $UserID) { $Self = true; } else { $Self = false; } $Perms = Permissions::get_permissions($UserInfo['PermissionID']); $UserClass = $Perms['Class']; if (!check_paranoia('torrentcomments', $UserInfo['Paranoia'], $UserClass, $UserID)) { error(403); } } else { $UserID = $LoggedUser['ID']; $Username = $LoggedUser['Username']; $Self = true; } // Posts per page limit stuff if (isset($LoggedUser['PostsPerPage'])) { $PerPage = $LoggedUser['PostsPerPage']; } else { $PerPage = POSTS_PER_PAGE; } list($Page, $Limit) = Format::page_limit($PerPage); if (!isset($_REQUEST['action'])) {
$Perms = Permissions::get_permissions($User['PermissionID']); $UserClass = $Perms['Class']; $UserLink = '<a href="user.php?id=' . $UserID . '">' . $User['Username'] . '</a>'; if (!empty($_GET['contrib'])) { if (!check_paranoia('collagecontribs', $User['Paranoia'], $UserClass, $UserID)) { error(403); } $DB->query("\n\t\t\tSELECT DISTINCT CollageID\n\t\t\tFROM collages_torrents\n\t\t\tWHERE UserID = {$UserID}"); $CollageIDs = $DB->collect('CollageID'); if (empty($CollageIDs)) { $SQL .= " AND 0"; } else { $SQL .= " AND c.ID IN(" . db_string(implode(',', $CollageIDs)) . ')'; } } else { if (!check_paranoia('collages', $User['Paranoia'], $UserClass, $UserID)) { error(403); } $SQL .= " AND UserID = '" . $_GET['userid'] . "'"; } $Categories[] = 0; } if (!empty($Categories)) { $SQL .= " AND CategoryID IN(" . db_string(implode(',', $Categories)) . ')'; } if (isset($_GET['action']) && $_GET['action'] === 'mine') { $SQL = $BaseSQL; $SQL .= "\n\t\tAND c.UserID = '" . $LoggedUser['ID'] . "'\n\t\tAND c.CategoryID = 0"; } $SQL .= "\n\tORDER BY {$Order} {$Way}\n\tLIMIT {$Limit}"; $DB->query($SQL);