function punish_comments($hours = 6) { global $globals, $db; $log = new Annotation('punish-comment'); if ($log->read() && $log->time > time() - 3600 * $hours) { echo "Comments already verified at: " . get_date_time($log->time) . "\n"; return false; } if ($globals['min_karma_for_comments'] > 0) { $min_karma = $globals['min_karma_for_comments']; } else { $min_karma = 4.5; } $votes_from = time() - $hours * 3600; // 'date_sub(now(), interval 6 hour)'; $comments_from = time() - 2 * $hours * 3600; //'date_sub(now(), interval 12 hour)'; echo "Starting karma_comments...\n"; $users = "SELECT SQL_NO_CACHE distinct comment_user_id as user_id from comments, users where comment_date > from_unixtime({$comments_from}) and comment_karma < -50 and comment_user_id = user_id and user_level != 'disabled' and user_karma >= {$min_karma}"; $result = $db->get_results($users); $log->store(); if (!$result) { return; } foreach ($result as $dbuser) { $user = new User(); $user->id = $dbuser->user_id; $user->read(); printf("%07d %s\n", $user->id, $user->username); $punish = 0; $comment_votes_count = (int) $db->get_var("SELECT SQL_NO_CACHE count(*) from votes, comments where comment_user_id = {$user->id} and comment_date > from_unixtime({$comments_from}) and vote_type='comments' and vote_link_id = comment_id and vote_date > from_unixtime({$votes_from}) and vote_user_id != {$user->id}"); if ($comment_votes_count > 5) { $votes_karma = (int) $db->get_var("SELECT SQL_NO_CACHE sum(vote_value) from votes, comments where comment_user_id = {$user->id} and comment_date > from_unixtime({$comments_from}) and vote_type='comments' and vote_link_id = comment_id and vote_date > from_unixtime({$votes_from}) and vote_user_id != {$user->id}"); if ($votes_karma < 50) { $distinct_votes_count = (int) $db->get_var("SELECT SQL_NO_CACHE count(distinct comment_id) from votes, comments where comment_user_id = {$user->id} and comment_date > from_unixtime({$comments_from}) and vote_type='comments' and vote_link_id = comment_id and vote_date > from_unixtime({$votes_from}) and vote_user_id != {$user->id}"); $comments_count = (int) $db->get_var("SELECT SQL_NO_CACHE count(*) from comments where comment_user_id = {$user->id} and comment_date > from_unixtime({$comments_from})"); $comment_coeff = min($comments_count / 10, 1) * min($distinct_votes_count / ($comments_count * 0.75), 1); $punish = max(-2, round($votes_karma * $comment_coeff * 1 / 1000, 2)); } } if ($punish < -0.1) { echo "comments: {$comments_count} votes distinct: {$distinct_votes_count} karma: {$votes_karma} coef: {$comment_coeff} -> {$punish}\n"; $user->karma += $punish; //$user->store(); $annotation = new Annotation("karma-{$user->id}"); //$annotation->append(_('Penalización por comentarios').": $punish, nuevo karma: $user->karma\n"); echo _('Penalización por comentarios') . ": {$punish}, nuevo karma: {$user->karma}\n"; $log->append(_('Penalización') . " {$user->username}: {$punish}, nuevo karma: {$user->karma}\n"); } $db->barrier(); } }
function do_load() { global $db, $current_user; $annotation = new Annotation('ec2-autoscaler'); if (!$annotation->read()) { return _('no hay estadísticas disponibles'); } $group = unserialize($annotation->text); $str = "web instances: $group->instances, "; $str .= "cpu average load: ".round($group->load, 2) . "%, "; $str .= "cpu max average ($group->measures periods): ".round($group->load_max, 2)."%, "; $str .= "stored at: ". get_date_time($annotation->time); return $str; }
function insert_coder() { if ($_POST['coderpass'] != $_POST['coderpass2']) { die('error: The coder passwords do not match!'); } $username = $_POST['coderuser']; $usermail = $_POST['codermail']; $secret = mksecret(); $wantpasshash = md5($secret . $_POST['coderpass'] . $secret); $editsecret = mksecret(); $ret = mysql_query("INSERT INTO users (username, class, passhash, secret, editsecret, email, status, added) VALUES (" . implode(",", array_map("sqlesc", array($username, 8, $wantpasshash, $secret, $editsecret, $usermail, 'confirmed'))) . ",'" . get_date_time() . "')"); $rndpasshash = createRandomPassword(); $rndsecret = createRandomPassword(); $rndeditsecret = createRandomPassword(); $rex = mysql_query("INSERT INTO users (id, username, class, passhash, secret, editsecret, email, status, added) VALUES (" . implode(",", array_map("sqlesc", array(2, 'System', 1, $rndpasshash, $rndsecret, $rndeditsecret, '*****@*****.**', 'confirmed'))) . ",'" . get_date_time() . "')"); }
function addmp3info($type, $rlsname, $genre, $year, $hertz, $tp, $bitrate, $bittype, $fromnet, $ann = true) { $w = mysql_query("SELECT COUNT(id) AS tid FROM mp3info WHERE rlsname = " . sqlesc($rlsname) . "") or die("Err1 " . mysql_error()); $qw = mysql_fetch_assoc($w); if ($qw['tid'] == 0) { $fromdata = explode(":", trim($fromnet)); $fromdata[1] = "#" . $fromdata[1]; mysql_query("INSERT INTO mp3info ( `rlsname` , `genre` , `year` , `hertz` , `type` , `bitrate` , `bittype` , `unixtime` , `addedon` , `fromnet` ) VALUES (" . sqlesc($rlsname) . "," . sqlesc($genre) . "," . sqlesc($year) . "," . sqlesc($hertz) . "," . sqlesc($tp) . "," . sqlesc($bitrate) . "," . sqlesc($bittype) . "," . time() . "," . sqlesc(get_date_time()) . "," . sqlesc($fromnet) . ")") or die('Err2 ' . mysql_error()); $id = mysql_insert_id(); mysql_query("INSERT INTO frominfodata ( `infoid` , `type` , `time` , `nick` , `chan` , `network` ) VALUES (" . $id . "," . sqlesc($type) . "," . time() . "," . sqlesc($fromdata[0]) . "," . sqlesc($fromdata[1]) . "," . sqlesc($fromdata[2]) . ")") or die('Err3 ' . mysql_error()); if ($ann == true) { $sbotdata = array($type, $rlsname, $genre, $year, $hertz, $tp, $bitrate, $bittype); sendbot(join(" ", $sbotdata)); return "OK"; } else { return "FAiL"; } } }
function print_summary($link = 0, $length = 0, $single_link = true) { global $current_user, $globals; if (!$this->read) { return; } echo '<li id="c-' . $this->order . '">'; $this->hidden = $this->karma < -80 || $this->user_level == 'disabled' && $this->type != 'admin'; if ($this->hidden) { $comment_meta_class = 'comment-meta-hidden'; $comment_class = 'comment-body-hidden'; } else { $comment_meta_class = 'comment-meta'; $comment_class = 'comment-body'; if ($this->karma > $globals['comment_highlight_karma']) { $comment_class .= ' high'; } } $this->link_permalink = $link->get_relative_permalink(); echo '<div class="' . $comment_class . '">'; echo '<strong>#' . $this->order . '</strong>'; echo ' <span id="cid-' . $this->id . '">'; if ($this->hidden && ($current_user->user_comment_pref & 1) == 0) { echo '» <a href="javascript:load_html(\'get_commentmobile.php\',\'comment\',\'cid-' . $this->id . '\',0,' . $this->id . ')" title="' . _('ver comentario') . '">' . _('ver comentario') . '</a>'; } else { $this->print_text($length); } echo '</span></div>'; // The comments info bar echo '<div class="' . $comment_meta_class . '">'; if ($this->type == 'admin') { $author = '<strong>' . _('admin') . '</strong> '; } else { $author = '<a href="' . get_user_uri($this->username) . '" title="karma: ' . $this->user_karma . '">' . $this->username . '</a> '; } printf(_('por %s el %s'), $author, get_date_time($this->date)); // Check that the user can vote if ($this->type != 'admin' && $this->user_level != 'disabled') { echo ' ' . _('votos') . ': <span id="vc-' . $this->id . '">' . $this->votes . '</span>, ' . _('karma') . ': <span id="vk-' . $this->id . '">' . $this->karma . '</span>'; } echo '</div>'; echo "</li>\n"; }
} SQL_Query_exec("DELETE FROM comments WHERE id = {$id}"); write_log($CURUSER['username'] . " has deleted comment: ID: {$id}"); show_error_msg(T_("COMPLETE"), "Comment deleted OK", 1); } stdhead(T_("COMMENTS")); //take comment add if ($_GET["takecomment"] == 'yes') { $body = $_POST['body']; if (!$body) { show_error_msg(T_("ERROR"), T_("YOU_DID_NOT_ENTER_ANYTHING"), 1); } if ($type == "torrent") { SQL_Query_exec("UPDATE torrents SET comments = comments + 1 WHERE id = {$id}"); } SQL_Query_exec("INSERT INTO comments (user, " . $type . ", added, text) VALUES (" . $CURUSER["id"] . ", " . $id . ", '" . get_date_time() . "', " . sqlesc($body) . ")"); if (mysql_affected_rows() == 1) { show_error_msg(T_("COMPLETED"), "Your Comment was added successfully.", 0); } else { show_error_msg(T_("ERROR"), T_("UNABLE_TO_ADD_COMMENT"), 0); } } //end insert comment //NEWS if ($type == "news") { $res = SQL_Query_exec("SELECT * FROM news WHERE id = {$id}"); $row = mysql_fetch_array($res); if (!$row) { show_error_msg(T_("ERROR"), "News id invalid", 0); stdfoot(); }
$btit_url_last=""; $btit_url_rss=""; if(get_remote_file("http://www.btiteam.org")) { $btit_url_rss="http://www.btiteam.org/smf/index.php?type=rss;action=.xml;board=83;sa=news"; $btit_url_last="http://www.btiteam.org/last_version.txt"; } */ $admin = array(); $res = do_sqlquery("SELECT * FROM {$TABLE_PREFIX}tasks"); if ($res) { while ($result = mysql_fetch_array($res)) { if ($result["task"] == "sanity") { $admin["lastsanity"] = $language["LAST_SANITY"] . "<br />\n" . get_date_time($result["last_time"]) . "<br />\n(" . $language["NEXT"] . ": " . get_date_time($result["last_time"] + intval($GLOBALS["clean_interval"])) . ")<br />\n<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=sanity&action=now\">Do it now!</a><br />"; } elseif ($result["task"] == "update") { $admin["lastscrape"] = "<br />\n" . $language["LAST_EXTERNAL"] . "<br />\n" . get_date_time($result["last_time"]) . "<br />\n(" . $language["NEXT"] . ": " . get_date_time($result["last_time"] + intval($GLOBALS["update_interval"])) . ")<br />"; } } } // check if XBTT tables are present in current db $res = do_sqlquery("SHOW TABLES LIKE 'xbt%'"); $xbt_tables = array('xbt_config', 'xbt_deny_from_hosts', 'xbt_files', 'xbt_files_users', 'xbt_users'); $xbt_in_db = array(); if ($res) { while ($result = mysql_fetch_row($res)) { $xbt_in_db[] = $result[0]; } } $ad = array_diff($xbt_tables, $xbt_in_db); if (count($ad) == 0) { $admin["xbtt_ok"] = "<br />\nIT SEEMS THAT ALL XBTT TABLES ARE PRESENT!<br />\n<br />\n";
$postsList .= '<tr><td class="lista"><b><a title="' . $language['FIRST_UNREAD'] . ': ' . $post['title'] . '" href="' . $btit_settings['url'] . '/index.php?page=forum&action=viewtopic&topicid=' . $post['tid'] . '.msg' . $post['pid'] . '#msg' . $post['pid'] . '">' . $post['title'] . '</a></b><br />' . $language['LAST_POST_BY'] . ' <a href="' . $btit_settings['url'] . '/index.php?page=forum&action=profile;u=' . $post['userid'] . '">' . $post['username'] . '</a><br />On ' . date('d/m/Y H:i:s', $post['added']) . '</td></tr>'; } } else { # get posts based if can read $lastPosts = get_result('SELECT p.topicid, p.id as pid, t.subject, p.added, p.body, p.userid FROM ' . $topicsTable . ' as t LEFT JOIN ' . $postsTable . ' as p ON p.topicid=t.id LEFT JOIN ' . $TABLE_PREFIX . 'forums as f ON f.id=t.id WHERE f.minclassread<=' . $CURUSER['id_level'] . ($realLastPosts ? '' : ' AND p.id=t.lastpost') . ' ORDER BY p.added DESC ' . $limit); # format posts foreach ($lastPosts as $post) { # get username $user = get_result('SELECT ul.prefixcolor, u.username, ul.suffixcolor FROM ' . $TABLE_PREFIX . 'users_level as ul LEFT JOIN ' . $TABLE_PREFIX . 'users as u ON u.id_level=ul.id WHERE u.id=' . $post['userid'] . ' LIMIT 1;', true, $CACHE_DURATION); if (isset($user[0])) { $user = $user[0]; $post['username'] = $user['prefixcolor'] . $user['username'] . $user['suffixcolor']; } else { $post['username'] = '******'; } $postsList .= '<tr><td class="lista"><b><a href="' . $btit_settings['url'] . '/index.php?page=forum&action=viewtopic&topicid=' . $post['tid'] . '&msg=' . $post['pid'] . '#' . $post['pid'] . '">' . htmlspecialchars(unesc($post['subject'])) . '</a></b><br />' . $language['LAST_POST_BY'] . ' <a href="' . $btit_settings['url'] . '/index.php?page=userdetails&id=' . $post['userid'] . '">' . $post['username'] . '</a><br />On ' . get_date_time($post['added']) . '</td></tr>'; } } } else { $postsList = '<tr><td class="lista">' . $language['NO_TOPIC'] . '</td></tr>'; } ?> <table cellpadding="4" cellspacing="1" width="100%"> <tr> <td class="lista"> <table width="100%" cellspacing="2" cellpadding="2"> <tr> <td><?php echo $language['TOPICS']; ?> :</td>
while ($results = mysqli_fetch_assoc($resource)) { //background color for checked poll option $bold = "normal"; if ($CURUSER["uid"] == $results["memberID"]) { $bold = "bold"; } // if (!$results["username"]) { $user = $language["POLL_ACCOUNT_DEL"]; } else { $user = "******"index.php?page=userdetails&id=" . $results["memberID"] . "\">" . StripSlashes($results["prefixcolor"] . $results["username"] . $results["suffixcolor"]) . "</a>"; } //print rows with voters $polls[$i]["option_text"] = $results["optionText"]; $polls[$i]["ip_address"] = long2ip($results["ipAddress"]); $polls[$i]["vote_date"] = get_date_time($results["voteDate"]); $polls[$i]["user"] = $user; $polls[$i]["bold"] = $bold; $i++; } //Per Page Listing Limitation Start - 7:35 PM 3/22/2007 if ($count > $perpage) { $admintpl->set("poll_pager_bottom", $pagerbottom); } else { $admintpl->set("poll_pager_bottom", ""); } //Per Page Listing Limitation Stop $admintpl->set("show_poller", true, true); $admintpl->set("new_poll", false, true); $admintpl->set("polls", $polls); }
} elseif ($chances == 3) { $banthisip = getip(); $first = ip2long($banthisip); $last = ip2long($banthisip); $added = sqlesc(get_date_time()); $msg = sqlesc("disabled after 3 tries"); mysql_query("UPDATE users SET enabled='no' WHERE username="******"DELETE FROM secureiptable WHERE username="******"INSERT INTO bans (added, addedby, first, last, comment) VALUES({$added}, 14, {$first}, {$last}, {$msg})") or sqlerr(__FILE__, __LINE__); // change id to your id to recieve a pm if someone was banned or just comment it out mysql_query("INSERT INTO messages (sender, receiver, added, msg, poster, subject) VALUES (0, 1, '" . get_date_time() . "', " . sqlesc($msg) . ", 0, " . sqlesc($subject) . ")"); die; } else { $iptrack = getip(); $trackingyou = ip2long($iptrack); mysql_query("INSERT INTO secureiptable VALUES(0, " . sqlesc($name) . ", " . sqlesc($trackingyou) . ", 1, '" . get_date_time() . "', 0)") or sqlerr(__FILE__, __LINE__); stderr("Error", "Wrong Pin #, You got 3 tries left before having your account disabled!<br/><br/><input type=\"button\" value=\" Go Back \" onclick=\"history.back()\">", false); } } // end of 3 failed code $tempip = getip(); $first1 = trim($tempip); $last1 = trim($tempip); $first = ip2long($first1); $last = ip2long($last1); $doubleip = mysql_query("SELECT * FROM ipsecureip WHERE {$first} >= first AND {$last} <= last") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($doubleip) > 0) { stderr("Error", "This IP is already in there no need to re-add"); die; } else { stdhead("Request to add TempIP Gateway");
$dict[$i]['value']['info'] = $info[$i]; $dict[$i] = benc($dict[$i]); $dict[$i] = bdec($dict[$i]); list($ann[$i], $info[$i]) = dict_check($dict[$i], "announce(string):info"); unset($dict['value']['created by']); $infohash[$i] = pack("H*", sha1($info[$i]["string"])); /* ...... end of Private Tracker mod */ $torrent[$i] = str_replace("_", " ", $torrent[$i]); $torrent[$i] = str_replace("'", " ", $torrent[$i]); $torrent[$i] = str_replace("\"", " ", $torrent[$i]); $torrent[$i] = str_replace(",", " ", $torrent[$i]); $nfo[$i] = sqlesc(str_replace("\r\r\n", "\r\n", @file_get_contents($nfofilename[$i]))); $first = $shortfname[$i][1]; $second = $dname[$i]; $third = $torrent[$i][1]; $ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$first} {$second} {$third}"), $fname[$i], $CURUSER["id"], "no", $infohash[$i], $torrent[$i][1], $totallen, count($filelist[$i]), $type, $descr, $descr, $cat[$i], $dname[$i]))) . ", '" . get_date_time() . "', '" . get_date_time() . "', {$nfo[$i]})"); // //////new torrent upload detail sent to shoutbox////////// if ($CURUSER["anonymous"] == 'yes') { $message = "[url={$BASEURL}/multidetails.php?id1={$ids['0']}&id2={$ids['1']}&id3={$ids['2']}&id4={$ids['3']}&id5={$ids['4']}]Multiple Torrents were just uploaded! Click here to see them[/url] - Anonymous User"; } else { $message = "[url={$BASEURL}/multidetails.php?id1={$ids['0']}&id2={$ids['1']}&id3={$ids['2']}&id4={$ids['3']}&id5={$ids['4']}]Multiple Torrents were just uploaded! Click here to see them[/url] Uploaded by " . safechar($CURUSER["username"]) . ""; } // ///////////////////////////END/////////////////////////////////// if (!$ret) { if (mysql_errno() == 1062) { bark("#{$i} torrent was already uploaded!"); } bark("mysql puked: " . mysql_error()); } $id = mysql_insert_id(); $ids[] = $id;
function do_load() { global $db, $current_user; $annotation = new Annotation('ec2_watch'); if (!$annotation->read()) { return _('no hay estadísticas disponibles'); } $group = json_decode($annotation->text); $str = "web instances: {$group->instances}, "; $str .= "cpu average load: " . round($group->avg_load, 2) . "%, "; $str .= "last action: {$group->action} "; $str .= "last change: " . get_date_time($group->changed_ts) . " "; $str .= "stored at: " . get_date_time($annotation->time); return $str; }
case 'ignored': if ($prefered_id != $current_user->user_id) { return; } $friend_value = 'AND friend_value < 0'; $prefered_total = $db->get_var("SELECT count(*) FROM friends WHERE friend_type='manual' AND friend_from={$prefered_id} {$friend_value}"); $dbusers = $db->get_results("SELECT friend_to as who, unix_timestamp(friend_date) as date FROM friends, users WHERE friend_type='manual' AND friend_from={$prefered_id} and user_id = friend_to {$friend_value} order by user_login asc LIMIT {$prefered_offset},{$prefered_page_size}"); break; } if ($dbusers) { $friend = new User(); foreach ($dbusers as $dbuser) { $friend->id = $dbuser->who; $friend->read(); $title = $friend->username; if ($dbuser->date > 0) { $title .= sprintf(' %s %s', _('desde'), get_date_time($dbuser->date)); } echo '<div class="friends-item">'; echo '<a href="' . get_user_uri($friend->username) . '" title="' . $title . '">'; echo '<img class="avatar" src="' . get_avatar_url($friend->id, $friend->avatar, 20) . '" width="20" height="20" alt="' . $friend->username . '"/>'; echo $friend->username . '</a> '; if ($current_user->user_id > 0 && $current_user->user_id != $friend->id) { echo '<a id="friend-' . $prefered_type . '-' . $current_user->user_id . '-' . $friend->id . '" href="javascript:get_votes(\'get_friend.php\',\'' . $current_user->user_id . '\',\'friend-' . $prefered_type . '-' . $current_user->user_id . '-' . $friend->id . '\',0,\'' . $friend->id . '\')">' . User::friend_teaser($current_user->user_id, $friend->id) . '</a>'; } echo '</div>'; } echo "<br clear='left'/>\n"; do_contained_pages($prefered_id, $prefered_total, $prefered_page, $prefered_page_size, 'get_friends_bars.php', $prefered_type, $prefered_type . '-container'); echo "<br clear='all'/>\n"; }
print '<h3><a href=\'userdetails.php?id=' . $userid . '\'>Go to ' . $user['username'] . '\'s Profile</a></h3><br />'; } print "<table class=main width=737 border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>"; $fcount = number_format(get_row_count("friends", "WHERE userid='" . $userid . "' AND confirmed = 'yes'")); // print("<h2 align=left><a name=\"friends\">".$user['username']." has ".$fcount." Friends</a></h2>\n"); print "<h2 align=left><a name=\"friends\">" . $user['username'] . " has " . $fcount . " Friend " . ($fcount > 1 ? "s" : "") . "</a></h2>\n"; print "<table width=737 border=1 cellspacing=0 cellpadding=5><tr><td>"; $i = 0; $res = mysql_query("SELECT f.friendid as id, u.username AS name, u.class, u.avatar, u.title, u.donor, u.warned, u.enabled, u.last_access FROM friends AS f LEFT JOIN users as u ON f.friendid = u.id WHERE userid={$userid} AND f.confirmed='yes' ORDER BY name") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) { $friends = "<em>" . $user['username'] . " has no friends.</em>"; } else { while ($friend = mysql_fetch_array($res)) { $pm_pic = "<img src=" . $pic_base_url . "button_pm.gif alt='Send PM' border=0>"; $dt = gmtime() - 180; $online = $friend["last_access"] >= '' . get_date_time($dt) . '' ? ' <img src=' . $pic_base_url . 'user_online.gif border=0 alt=Online>' : '<img src=' . $pic_base_url . 'user_offline.gif border=0 alt=Offline>'; $title = htmlspecialchars($friend["title"]); if (!$title) { $title = get_user_class_name($friend["class"]); } $body1 = "<a href=userdetails.php?id=" . $friend['id'] . "><b>" . $friend['name'] . "</b></a>" . get_user_icons($friend) . " ({$title}) {$online}<br /><br />last seen on " . $friend['last_access'] . "<br />(" . get_elapsed_time(sql_timestamp_to_unix_timestamp($friend['last_access'])) . " ago)"; $body2 = $id == $CURUSER['id'] ? "" : "<br /><a href=friends.php?id={$CURUSER['id']}&action=add&type=friend&targetid=" . $friend['id'] . ">Add Friend</a>" . "<br /><br /><a href=sendmessage.php?receiver=" . $friend['id'] . ">" . $pm_pic . "</a>"; $avatar = $CURUSER["avatars"] == "yes" ? htmlspecialchars($friend["avatar"]) : ""; // if (!$avatar) // $avatar = "".$pic_base_url."default_avatar.gif"; if ($i % 2 == 0) { print "<table width=737 style='padding: 0px'><tr><td class=bottom style='padding: 5px' width=50% align=center>"; } else { print "<td class=bottom style='padding: 5px' width=50% align=center>"; } print "<table class=main width=737 height=75px>";
if($checkinv['enabled'] === 'no' || $checkinv['deleted'] == '1' || $checkinv['warned'] === 'yes') bark('Bjóðandi má ekki vera óvirkur, eyddur eða hafa viðvörun.'); if($invite['email'] != $email) bark('Þessi boðslykill er eingöngu nothæfur til að búa til aðgang fyrir netfangið '.$invite['email']); if(mysql_num_rows($query) < 1) bark("Þetta er rangur boðslykill"); mysql_query("UPDATE invites SET used=1 WHERE secret_hash = '$invid' AND email='$email'") or sqlerr(); hit_count(); $md5secret = md5(mksecret()); $secret = mksecret(); $wantpasshash = md5($secret . $wantpassword . $secret); $editsecret = mksecret(); $ret = mysql_query("INSERT INTO users (username, passhash, secret, editsecret, email, enabled, md5secret, invitari, status, added) VALUES (" . implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $email, 'yes', $md5secret, $invitari, 'pending'))) . ",'" . get_date_time() . "')"); $id = mysql_insert_id(); if (!$ret) { if (mysql_errno() == 1062) { bark("Notandanafn er nú þegar til!"); } bark("borked"); } //write_log("User account $id ($wantusername) was created"); $psecret = md5($editsecret); $body = <<<EOD
$tid = isset($_POST["tid"]) ? 0 + $_POST["tid"] : 0; if ($tid == 0) { stderr(":w00t:", "wtf are your trying to do!?"); } if (get_row_count("torrents", "where id=" . $tid) != 1) { stderr(":w00t:", "That is not a torrent !!!!"); } $q = mysql_query("SELECT s.downloaded as sd , t.id as tid, t.name,t.size, u.username,u.id as uid,u.downloaded as ud FROM torrents as t LEFT JOIN snatched as s ON s.torrentid = t.id LEFT JOIN users as u ON u.id = s.userid WHERE t.id =" . $tid) or print mysql_error(); while ($a = mysql_fetch_assoc($q)) { $newd = $a["ud"] > 0 ? $a["ud"] - $a["sd"] : 0; $new_download[] = "(" . $a["uid"] . "," . $newd . ")"; $tname = $a["name"]; $msg = "Hey , " . $a["username"] . "\n"; $msg .= "Looks like torrent [b]" . $a["name"] . "[/b] is nuked and we want to take back the data you downloaded\n"; $msg .= "So you downloaded " . prefixed($a["sd"]) . " your new download will be " . prefixed($newd) . "\n"; $pms[] = "(0," . $a["uid"] . "," . sqlesc(get_date_time()) . "," . sqlesc($msg) . ")"; } //send the pm !! mysql_query("INSERT into messages (sender, receiver, added, msg) VALUES " . join(",", $pms)) or print mysql_error(); //update user download amount mysql_query("INSERT INTO users (id,downloaded) VALUES " . join(",", $new_download) . " ON DUPLICATE key UPDATE downloaded=values(downloaded)") or print mysql_error(); deletetorrent($tid); stderr(":w00t:", "it worked! long live tbdev!"); write_log("Torrent {$tname} was deleted by " . $CURUSER["username"] . " and users Re-Paid Download"); } else { stdhead("Torrent Reset"); begin_frame(); ?> <form action="<?php echo $_SERVER["PHP_SELF"]; ?>
$option12 = $_POST["option12"]; $option13 = $_POST["option13"]; $option14 = $_POST["option14"]; $option15 = $_POST["option15"]; $option16 = $_POST["option16"]; $option17 = $_POST["option17"]; $option18 = $_POST["option18"]; $option19 = $_POST["option19"]; $sort = $_POST["sort"]; if (!$question || !$option0 || !$option1) { stderr("Error", "Missing form data!"); } if ($pollid) { sql_query("UPDATE polls SET " . "question = " . sqlesc($question) . ", " . "option0 = " . sqlesc($option0) . ", " . "option1 = " . sqlesc($option1) . ", " . "option2 = " . sqlesc($option2) . ", " . "option3 = " . sqlesc($option3) . ", " . "option4 = " . sqlesc($option4) . ", " . "option5 = " . sqlesc($option5) . ", " . "option6 = " . sqlesc($option6) . ", " . "option7 = " . sqlesc($option7) . ", " . "option8 = " . sqlesc($option8) . ", " . "option9 = " . sqlesc($option9) . ", " . "option10 = " . sqlesc($option10) . ", " . "option11 = " . sqlesc($option11) . ", " . "option12 = " . sqlesc($option12) . ", " . "option13 = " . sqlesc($option13) . ", " . "option14 = " . sqlesc($option14) . ", " . "option15 = " . sqlesc($option15) . ", " . "option16 = " . sqlesc($option16) . ", " . "option17 = " . sqlesc($option17) . ", " . "option18 = " . sqlesc($option18) . ", " . "option19 = " . sqlesc($option19) . ", " . "sort = " . sqlesc($sort) . " " . "WHERE id = {$pollid}") or sqlerr(__FILE__, __LINE__); } else { sql_query("INSERT INTO polls VALUES(0" . ", '" . get_date_time() . "'" . ", " . sqlesc($question) . ", " . sqlesc($option0) . ", " . sqlesc($option1) . ", " . sqlesc($option2) . ", " . sqlesc($option3) . ", " . sqlesc($option4) . ", " . sqlesc($option5) . ", " . sqlesc($option6) . ", " . sqlesc($option7) . ", " . sqlesc($option8) . ", " . sqlesc($option9) . ", " . sqlesc($option10) . ", " . sqlesc($option11) . ", " . sqlesc($option12) . ", " . sqlesc($option13) . ", " . sqlesc($option14) . ", " . sqlesc($option15) . ", " . sqlesc($option16) . ", " . sqlesc($option17) . ", " . sqlesc($option18) . ", " . sqlesc($option19) . ", " . sqlesc($sort) . ", 0 " . ")") or sqlerr(__FILE__, __LINE__); $pollnum = mysql_insert_id(); sql_query("UPDATE topics SET pollid = {$pollnum} WHERE id = {$topicid}"); } header("Location: {$returnto}"); die; } stdhead(); ?> <table border=1 cellspacing=0 cellpadding=5 width=80%> <?php if ($pollid) { print "<tr><td class=colhead2 colspan=2 align=center><h1>Edit poll</h1></td></tr>"; } else { print "<tr><td class=colhead2 colspan=2 align=center><h1>Add poll</h1></td></tr>";
$added = sqlesc(time()); do_sqlquery("INSERT INTO {$TABLE_PREFIX}bannedip (added, addedby, first, last, comment) VALUES({$added}, {$CURUSER['uid']}, {$firstip}, {$lastip}, {$comment})", true); } } // don't break, so now we read directly ;) // don't break, so now we read directly ;) case '': case 'read': default: $banned = array(); $getbanned = do_sqlquery("SELECT b.*, u.username FROM {$TABLE_PREFIX}bannedip b LEFT JOIN {$TABLE_PREFIX}users u ON u.id=b.addedby ORDER BY b.added DESC", true); $rowsbanned = @mysql_num_rows($getbanned); $admintpl->set("frm_action", "index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=banip&action=write"); $i = 0; if ($rowsbanned > 0) { $admintpl->set("no_records", false, true); while ($arr = mysql_fetch_assoc($getbanned)) { $banned[$i]["first_ip"] = long2ip($arr["first"]); $banned[$i]["last_ip"] = long2ip($arr["last"]); $banned[$i]["date"] = get_date_time($arr['added']); $banned[$i]["comments"] = htmlspecialchars(unesc($arr["comment"])); $banned[$i]["by"] = "<a href=\"index.php?page=userdetails&id=" . $arr["addedby"] . "\">" . unesc($arr["username"]) . "</a>"; $banned[$i]["remove"] = "<a href=\"index.php?page=admin&user="******"uid"] . "&code=" . $CURUSER["random"] . "&do=banip&action=delete&ip={$arr['id']}\" onclick=\"return confirm('" . str_replace("'", "\\'", $language["DELETE_CONFIRM"]) . "')\">" . image_or_link("{$STYLEPATH}/images/delete.png", "", $language["DELETE"]) . "</a>"; $i++; } } else { $admintpl->set("no_records", true, true); } $admintpl->set("bannedip", $banned); $admintpl->set("language", $language); }
echo "Period (h): $period<br>\n"; $from_time = "date_sub(now(), interval 4 day)"; #$from_where = "FROM votes, links WHERE $last_published = $db->get_var("SELECT SQL_NO_CACHE UNIX_TIMESTAMP(max(link_published_date)) from links WHERE link_status='published'"); if (!$last_published) $last_published = $now - 24*3600*30; $history_from = $last_published - 200*3600; $diff = $now - $last_published; $d = min(MAX, MAX - ($diff/3000)*(MAX-MIN) ); $d = max(0.80, $d); print "Last published at: " . get_date_time($last_published) ."<br>\n"; echo "Decay: $d<br>\n"; $continue = true; $i=0; $past_karma = $db->get_var("SELECT SQL_NO_CACHE avg(link_karma) from links WHERE link_published_date > FROM_UNIXTIME($history_from) and link_status='published'"); echo "Past karma: $past_karma<br>\n"; while ($continue) { $continue = false; ////////////// $min_karma = round(max($past_karma * $d, 20)); $min_votes = 5; ///////////// echo "Current MIN karma: <b>$min_karma</b> MIN votes: $min_votes<br>\n";
function &execute() { $query = $this->read(); $res = mysql_query($query); if ($res || mysql_errno() == 1062) { return $res; } $mysql_error = mysql_error(); $mysql_errno = mysql_errno(); // If debug_backtrace() is available, we can find exactly where the query was called from if (function_exists("debug_backtrace")) { $bt = debug_backtrace(); $i = 1; if ($bt[$i]["function"] == "SQL_Query_exec_cached" || $bt[$i]["function"] == "get_row_count_cached" || $bt[$i]["function"] == "get_row_count") { $i++; } $line = $bt[$i]["line"]; $file = str_replace(getcwd() . DIRECTORY_SEPARATOR, "", $bt[$i]["file"]); $msg = "Database Error in {$file} on line {$line}: {$mysql_error}. Query was: {$query}."; } else { $file = str_replace(getcwd() . DIRECTORY_SEPARATOR, "", $_SERVER["SCRIPT_FILENAME"]); $msg = "Database Error in {$file}: {$mysql_error}. Query was: {$query}"; } mysql_query("INSERT INTO `sqlerr` (`txt`, `time`) \n VALUES (" . sqlesc($msg) . ", '" . get_date_time() . "')"); if (function_exists('show_error_msg')) { show_error_msg("Database Error", "Database Error. Please report this to an administrator.", 1); } }
$ratiounconn = $row['ratiounconn']; $unconnectables = $row['unconnectables']; $ratio = round($row['ratio'] * 100); $peers = number_format($row['peers']); $numactive = number_format($row['numactive']); $donors = number_format($row['donors']); $forumposts = number_format($row['forumposts']); $forumtopics = number_format($row['forumtopics']); $file1 = "{$CACHE}/active.txt"; $expire = 30; // 30 seconds if (file_exists($file1) && filemtime($file1) > time() - $expire) { $active3 = unserialize(file_get_contents($file1)); } else { $dt = gmtime() - 180; $dt = sqlesc(get_date_time($dt)); $active1 = sql_query("SELECT id, username, class, warned, donor FROM users WHERE last_access >= " . unsafeChar($dt) . " ORDER BY class DESC") or sqlerr(__FILE__, __LINE__); while ($active2 = mysql_fetch_array($active1)) { $active3[] = $active2; } $OUTPUT = serialize($active3); $fp = fopen($file1, "w"); fputs($fp, $OUTPUT); fclose($fp); } // end else $activeusers = ''; if (is_array($active3)) { foreach ($active3 as $arr) { if ($activeusers) { $activeusers .= ",\n";
stderr("Err", "You can't remove/add 0"); } $sendpm = isset($_POST["pm"]) && $_POST["pm"] == "yes" ? true : false; $pms = array(); $users = array(); //select the users $q = mysql_query("SELECT id,invites FROM users " . ($all ? "" : "WHERE class in (" . join(",", $classes) . ")") . " ORDER BY id desc ") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($q) == 0) { stderr("Sorry", "There are no users in the class(es) you selected"); } while ($a = mysql_fetch_assoc($q)) { $users[] = "(" . $a["id"] . ", " . ($do == "remove_all" ? 0 : ($do == "add" ? $a["invites"] + $invites : mkpositive($a["invites"] - $invites))) . ")"; if ($sendpm) { $subject = sqlesc($do == "remove_all" && $do == "remove" ? "Invites removed" : "Invites added"); $body = sqlesc("Hey,\n we have decided to " . ($do == "remove_all" ? "remove all invites from your group class" : ($do == "add" ? "add {$invites} invite" . ($invites > 1 ? "s" : "") . " to your group class" : "remove {$invites} invite" . ($invites > 1 ? "s" : "") . " from your group class")) . " !\n " . $SITENAME . " staff"); $pms[] = "(0," . $a["id"] . "," . sqlesc(get_date_time()) . ",{$subject},{$body})"; } } if (sizeof($users) > 0) { $r = mysql_query("INSERT INTO users(id,invites) VALUES " . join(",", $users) . " ON DUPLICATE key UPDATE invites=values(invites) ") or sqlerr(__FILE__, __LINE__); } if (sizeof($pms) > 0) { $r1 = mysql_query("INSERT INTO messages (sender, receiver, added, subject, msg) VALUES " . join(",", $pms) . " ") or sqlerr(__FILE__, __LINE__); } if ($r && ($sendpm ? $r1 : true)) { header("Refresh: 2; url=" . $_SERVER["PHP_SELF"]); stderr("Success", "Operation done!"); } else { stderr("Error", "Something was wrong"); } }
} if ($msg) { $subject = sqlesc($subject); if ((isset($_POST['draft']) || isset($_POST['template'])) && isset($_POST['msgid'])) { SQL_Query_exec("UPDATE messages SET `subject` = {$subject}, `msg` = {$msg} WHERE `id` = {$_POST['msgid']} AND `sender` = {$CURUSER['id']}") or die("arghh"); } else { $to = @$_POST['draft'] ? 'draft' : (@$_POST['template'] ? 'template' : (@$_POST['save'] ? 'both' : 'in')); $status = @$_POST['send'] ? 'yes' : 'no'; //===| Start Blocked Users $blocked = SQL_Query_exec("SELECT id FROM blocked WHERE userid={$sendto} AND blockid={$CURUSER['id']}"); $show = mysql_num_rows($blocked); if ($show != 0 && $CURUSER["control_panel"] != "yes") { show_error_msg("Error", "[B]You're blocked by this member and you can not send messages to him![/B]\n", 1); } //===| End Blocked Users SQL_Query_exec("INSERT INTO `messages` (`sender`, `receiver`, `added`, `subject`, `msg`, `unread`, `location`) VALUES ('{$CURUSER['id']}', '{$sendto}', '" . get_date_time() . "', {$subject}, {$msg}, '{$status}', '{$to}')") or die("Aargh!"); // email notif $res = SQL_Query_exec("SELECT id, acceptpms, notifs, email FROM users WHERE id='{$sendto}'"); $user = mysql_fetch_assoc($res); if (strpos($user['notifs'], '[pm]') !== false) { $cusername = $CURUSER["username"]; $body = "You have received a PM from " . $cusername . "\n\nYou can use the URL below to view the message (you may have to login).\n\n " . $site_config['SITEURL'] . "/mailbox.php\n\n" . $site_config['SITENAME'] . ""; sendmail($user["email"], "You have received a PM from {$cusername}", $body, "From: {$site_config['SITEEMAIL']}", "-f{$site_config['SITEEMAIL']}"); } //end email notif if (isset($_POST['msgid'])) { SQL_Query_exec("DELETE FROM messages WHERE `location` = 'draft' AND `sender` = {$CURUSER['id']} AND `id` = {$_POST['msgid']}") or die("arghh"); } } if (isset($_POST['send'])) { $info = "Message sent successfully" . (@$_POST['save'] ? ", a copy has been saved in your Outbox" : "");
if ($record_mail) { $date = time(); $userid = $CURUSER["id"]; if ($count > 0 && $mail) { mysql_query("update avps set value_i='{$date}', value_u='{$count}', value_s='{$userid}' WHERE arg='inactivemail' ") or sqlerr(__FILE__, __LINE__); } } if ($mail) { stderr("Success", "Messages sent."); } else { stderr("Error", "Try again."); } } } stdhead("Inactive Users"); $dt = sqlesc(get_date_time(gmtime() - $days * 86400)); $res = sql_query("SELECT id,username,class,email,uploaded,downloaded,last_access FROM users WHERE last_access<{$dt} AND status='confirmed' AND enabled='yes' ORDER BY last_access DESC ") or sqlerr(__FILE__, __LINE__); $count = mysql_num_rows($res); if ($count > 0) { ?> <script LANGUAGE="JavaScript"> <!-- Begin var checkflag = "false"; function check(field) { if (checkflag == "false") { for (i = 0; i < field.length; i++) { field[i].checked = true;} checkflag = "true"; return "Uncheck All"; } else {
$subject = sqlesc("BlackJack Results."); sql_query("INSERT INTO messages (sender, receiver, added, msg, poster, subject) VALUES(0, {$a['userid']}, {$dt}, {$msg}, 0, {$subject})") or sqlerr(__FILE__, __LINE__); } elseif ($a["points"] > $playerarr[points] && $a[points] > 21) { $winorlose = "you won " . prefixed($mb); sql_query("update users set uploaded = uploaded + {$mb}, bjwins = bjwins + 1 where id={$CURUSER['id']}") or sqlerr(__FILE__, __LINE__); sql_query("update users set uploaded = uploaded - {$mb}, bjlosses = bjlosses + 1 where id={$a['userid']}") or sqlerr(__FILE__, __LINE__); sql_query("delete from blackjack where userid={$CURUSER['id']}"); sql_query("delete from blackjack where userid={$a['userid']}"); $dt = sqlesc(get_date_time()); $msg = sqlesc("You lost to {$CURUSER['username']} (You had {$a['points']} points, {$CURUSER['username']} had {$playerarr['points']} points).\n\n - [b][url=blackjack.php]Play again[/url][/b]"); $subject = sqlesc("BlackJack Results."); sql_query("INSERT INTO messages (sender, receiver, added, msg, poster, subject) VALUES(0, {$a['userid']}, {$dt}, {$msg}, 0, {$subject})") or sqlerr(__FILE__, __LINE__); } echo "<tr><td align=center>Your opponent was " . get_user_name($a["userid"]) . ", they had {$a['points']} points, {$winorlose}.<br /><br /><center><b><a href=blackjack.php>Play again</a></b></center></td></tr>"; } else { sql_query("update blackjack set status = 'waiting', date='" . get_date_time() . "' where userid = {$CURUSER['id']}") or sqlerr(__FILE__, __LINE__); echo "<tr><td align=center>There are no other players, so you'll have to wait until someone plays against you.<br />You will receive a PM with the game results.<br /><br /><center><b><a href=blackjack.php>Back</a></b><br /></center></td></tr>"; } echo "</table>"; echo "</td></tr></table><br>"; stdfoot(); } } else { // Start screen - Not currently playing a game stdhead("Blackjack"); echo "<h1><center>Blackjack</center></h1>\n"; echo "<table cellspacing=0 cellpadding=3 width=400>\n"; echo "<tr><td colspan=2 cellspacing=0 cellpadding=5 align=center>\n"; echo "<table class=message width=100% cellspacing=0 cellpadding=10 bgcolor=black>\n"; echo "<tr><td align=center><img src=pic/cards/tp.bmp width=71 height=96 border=0> <img src=pic/cards/vp.bmp width=71 height=96 border=0> </td></tr>\n"; echo "<tr><td align=left>You must collect 21 points without going over.<br><br>\n";
$updateset[] = "warned = " . sqlesc($warned); $updateset[] = "warneduntil = 0"; if ($warned == 'no') { $modcomment = get_date(time(), 'DATE', 1) . "{$lang['modtask_warned']}" . $CURUSER['username'] . ".\n" . $modcomment; $msg = sqlesc("{$lang['modtask_warned_removed']}" . $CURUSER['username'] . "."); $added = time(); mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, {$userid}, {$msg}, {$added})") or sqlerr(__FILE__, __LINE__); } } // Reset LastUpload // Auto Demote Uploader by XiaNYdE // start // support - http://bit.ly/5NtmgT // http://xList.ro/ // http://tbdev.xlist.ro/ if (isset($_POST['reset']) && $_POST['reset']) { mysql_query("UPDATE users SET last_upload = '" . get_date_time() . "', upped = 'no' WHERE id={$userid}") or sqlerr(__FILE__, __LINE__); $modcomment = gmdate("Y-m-d") . " - LastUp Time Reset by " . $CURUSER['username'] . ".\n" . $modcomment; } // Set warning - Time based if (isset($_POST['warnlength']) && ($warnlength = 0 + $_POST['warnlength'])) { unset($warnpm); if (isset($_POST['warnpm'])) { $warnpm = $_POST['warnpm']; } if ($warnlength == 255) { $modcomment = get_date(time(), 'DATE', 1) . "{$lang['modtask_warned_by']}" . $CURUSER['username'] . ".\n{$lang['modtask_reason']} {$warnpm}\n" . $modcomment; $msg = sqlesc("{$lang['modtask_warning_received']}" . $CURUSER['username'] . ($warnpm ? "\n\n{$lang['modtask_reason']} {$warnpm}" : "")); $updateset[] = "warneduntil = 0"; } else { $warneduntil = time() + $warnlength * 604800; $dur = $warnlength . "{$lang['modtask_week']}" . ($warnlength > 1 ? "s" : "");
$ctype = "image/gif"; break; case "png": $ctype = "image/png"; break; case "jpeg": case "jpg": $ctype = "image/jpg"; break; default: $ctype = "application/force-download"; } sql_query("UPDATE attachments SET downloads = downloads + 1 WHERE id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT fileid FROM attachmentdownloads WHERE fileid=" . sqlesc($id) . " AND userid=" . sqlesc($CURUSER['id'])); if (mysql_num_rows($res) == "0") { sql_query("INSERT INTO attachmentdownloads (filename,fileid,username,userid,date,downloads) VALUES (" . sqlesc($resat['filename']) . ", " . sqlesc($id) . ", " . sqlesc($CURUSER['username']) . ", " . sqlesc($CURUSER['id']) . ", " . sqlesc(get_date_time()) . ", 1)") or sqlerr(__FILE__, __LINE__); } else { sql_query("UPDATE attachmentdownloads SET downloads = downloads + 1 WHERE fileid=" . sqlesc($id) . " AND userid=" . sqlesc($CURUSER['id'])); } header("Pragma: public"); // required header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); // required for certain browsers header("Content-Type: {$ctype}"); // change, added quotes to allow spaces in filenames, by Rajkumar Singh header("Content-Disposition: attachment; filename=\"" . basename($filename) . "\";"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . filesize($filename)); readfile("{$filename}");
echo '</fieldset>'; echo '</div>'; break; case 4: // Show logs echo '<div class="voters" id="voters">'; echo '<fieldset><legend>'._('registro de eventos de la noticia').'</legend>'; echo '<div id="voters-container">'; $logs = $db->get_results("select logs.*, UNIX_TIMESTAMP(logs.log_date) as ts, user_id, user_login, user_level, user_avatar from logs, users where log_type in ('link_new', 'link_publish', 'link_discard', 'link_edit', 'link_geo_edit', 'link_depublished') and log_ref_id=$link->id and user_id= log_user_id order by log_date desc"); if ($logs) { foreach ($logs as $log) { echo '<div style="width:100%; display: block; clear: both; border-bottom: 1px solid #FFE2C5;">'; echo '<div style="width:30%; float: left;padding: 4px 0 4px 0;">'.get_date_time($log->ts).'</div>'; echo '<div style="width:24%; float: left;padding: 4px 0 4px 0;"><strong>'.$log->log_type.'</strong></div>'; echo '<div style="width:45%; float: left;padding: 4px 0 4px 0;">'; if ($link->author != $log->user_id && ($log->user_level == 'admin' || $log->user_level == 'god')) { // It was edited by an admin echo '<img src="'.get_no_avatar_url(20).'" width="20" height="20" alt="'.$log->user_login.'"/> '; echo ('admin'); if ($current_user->admin) { echo ' ('.$log->user_login.')'; } } else { echo '<a href="'.get_user_uri($log->user_login).'" title="'.$log->date.'">'; echo '<img src="'.get_avatar_url($log->log_user_id, $log->user_avatar, 20).'" width="20" height="20" alt="'.$log->user_login.'"/> '; echo $log->user_login; echo '</a>'; }
} $row = mysql_fetch_row($result); if ($row && ($CURUSER["edit_users"] == "yes" || $CURUSER['username'] == $row[1])) { $query = "DELETE FROM shoutbox WHERE msgid=" . $_GET['del']; write_log("<b><font color='orange'>Shout Deleted: </font> Deleted by " . $CURUSER['username'] . "</b>"); SQL_Query_exec($query); } } //INSERT MESSAGE if (!empty($_POST['message']) && $CURUSER) { $_POST['message'] = sqlesc($_POST['message']); $query = "SELECT COUNT(*) FROM shoutbox WHERE message=" . $_POST['message'] . " AND user='******'username'] . "' AND UNIX_TIMESTAMP('" . get_date_time() . "')-UNIX_TIMESTAMP(date) < 30"; $result = SQL_Query_exec($query); $row = mysql_fetch_row($result); if ($row[0] == '0') { $query = "INSERT INTO shoutbox (msgid, user, message, date, userid) VALUES (NULL, '" . $CURUSER['username'] . "', " . $_POST['message'] . ", '" . get_date_time() . "', '" . $CURUSER['id'] . "')"; SQL_Query_exec($query); } } //GET CURRENT USERS THEME AND LANGUAGE if ($CURUSER) { $ss_a = @mysql_fetch_assoc(@SQL_Query_exec("select uri from stylesheets where id=" . $CURUSER["stylesheet"])); if ($ss_a) { $THEME = $ss_a["uri"]; } } else { //not logged in so get default theme/language $ss_a = mysql_fetch_assoc(SQL_Query_exec("select uri from stylesheets where id='" . $site_config['default_theme'] . "'")); if ($ss_a) { $THEME = $ss_a["uri"]; }
function write_log($text, $color = "transparent", $type = "tracker") { $type = sqlesc($type); $color = sqlesc($color); $text = sqlesc($text); $added = sqlesc(get_date_time()); sql_query("INSERT INTO sitelog (added, color, txt, type) VALUES({$added}, {$color}, {$text}, {$type})"); }