sqlesc PHP Code Examples

Example #1

0

Show file

File: class_attachment.php Project: CptTZ/NexusPHP

 function set_count_so_far()
 {
     $userid = $this->userid;
     $now = date("Y-m-d H:i:s", TIMENOW - 86400);
     $countsofar = get_row_count("attachments", "WHERE userid=" . sqlesc($userid) . " AND added > " . sqlesc($now));
     $this->countsofar = $countsofar;
 }

Example #2

0

Show file

File: user_functions.php Project: Bigjoos/U-232-V5

function autoshout($msg)
{
    global $INSTALLER09, $mc1;
    require_once INCL_DIR . 'bbcode_functions.php';
    sql_query('INSERT INTO shoutbox(userid,date,text,text_parsed,autoshout)VALUES (' . $INSTALLER09['bot_id'] . ',' . TIME_NOW . ',' . sqlesc($msg) . ',' . sqlesc(format_comment($msg)) . ', "yes")');
    $mc1->delete_value('auto_shoutbox_');
}

Example #3

0

Show file

File: delete.php Project: CharlieHD/U-232-V3

function deletetorrent($id)
{
    global $INSTALLER09, $mc1, $CURUSER, $lang;
    sql_query("DELETE peers.*, files.*, comments.*, snatched.*, thanks.*, bookmarks.*, coins.*, rating.*, torrents.* FROM torrents \n\t\t\t\t LEFT JOIN peers ON peers.torrent = torrents.id\n\t\t\t\t LEFT JOIN files ON files.torrent = torrents.id\n\t\t\t\t LEFT JOIN comments ON comments.torrent = torrents.id\n\t\t\t\t LEFT JOIN thanks ON thanks.torrentid = torrents.id\n\t\t\t\t LEFT JOIN bookmarks ON bookmarks.torrentid = torrents.id\n\t\t\t\t LEFT JOIN coins ON coins.torrentid = torrents.id\n\t\t\t\t LEFT JOIN rating ON rating.torrent = torrents.id\n\t\t\t\t LEFT JOIN snatched ON snatched.torrentid = torrents.id\n\t\t\t\t WHERE torrents.id =" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
    unlink("{$INSTALLER09['torrent_dir']}/{$id}.torrent");
    $mc1->delete_value('MyPeers_' . $CURUSER['id']);
}

Example #4

0

Show file

File: preadddata.php Project: scriptzteam/SCENE-SCRiPTS

function addspam($type, $rlsname, $url, $filename, $fromnet, $ann = true)
{
    global $mc;
    $whichdb = array('ADDNFO' => 'nfosdb', 'OLDNFO' => 'nfosdb', 'ADDSFV' => 'sfvsdb', 'OLDSFV' => 'sfvsdb', 'ADDM3U' => 'm3usdb', 'OLDM3U' => 'm3usdb');
    $w = mysql_query("SELECT COUNT(id) AS tid FROM " . $whichdb[$type] . " WHERE rlsname = " . sqlesc($rlsname) . "") or exit("Err1 " . mysql_error());
    $qw = mysql_fetch_assoc($w);
    if ($qw['tid'] == 0) {
        $a = get_url_data(trim($url));
        $size = $a['size'] == 0 ? strlen($a['data']) : $a['size'];
        if ($size == 0 || $size < 25 || $a['error'] == 404 || $a['data'] == "") {
            return 'URL FAIL';
        } else {
            $crc = strtoupper(dechex(crc32($a['data'])));
            $newdata = gzcompress($a['data'], 9);
            $grp = explode("-", $rlsname);
            $grp = $grp[count($grp) - 1];
            $fromdata = explode(":", trim($fromnet));
            $fromdata[1] = "#" . $fromdata[1];
            mysql_query("INSERT INTO " . $whichdb[$type] . " ( `rlsname` , `grp` , `time` , `data` , `filename` , `size` ) VALUES (" . sqlesc($rlsname) . "," . sqlesc($grp) . "," . time() . "," . sqlesc($newdata) . "," . sqlesc($filename) . "," . sqlesc($size) . ")") or exit('Err2 ' . mysql_error());
            $id = mysql_insert_id();
            mysql_query("INSERT INTO fromspamdata ( `spamid` , `type` , `time` , `nick` , `chan` , `network` ) VALUES (" . $id . "," . sqlesc($type) . "," . time() . "," . sqlesc($fromdata[0]) . "," . sqlesc($fromdata[1]) . "," . sqlesc($fromdata[2]) . ")") or exit('Err3 ' . mysql_error());
            if ($ann == true) {
                $mcdata = array('ID' => $id, 'TYPE' => $type);
                $hash1 = md5($id . $type . $rlsname . $url);
                $hash2 = md5(md5($filename . time()) . time() . $rlsname);
                $key = md5(md5($hash1 . $hash2) . md5($hash2 . $hash1));
                $mc->set($key, $mcdata, false, 300) or die("Failed to save data at memcache server");
                return $key . " " . $crc . " " . $size;
            } else {
                return;
            }
        }
    }
}

Example #5

0

Show file

File: takemultiupload.php Project: Bigjoos/U-232-V5

function file_list($arr, $id)
{
    foreach ($arr as $v) {
        $new[] = "({$id}," . sqlesc($v[0]) . "," . $v[1] . ")";
    }
    return join(",", $new);
}

Example #6

0

Show file

File: backupdb.php Project: UniversalAdministrator/U-232-V4

function docleanup($data)
{
    global $INSTALLER09, $queries, $bdir;
    set_time_limit(0);
    ignore_user_abort(1);
    $mysql_host = $INSTALLER09['mysql_host'];
    $mysql_user = $INSTALLER09['mysql_user'];
    $mysql_pass = $INSTALLER09['mysql_pass'];
    $mysql_db = $INSTALLER09['mysql_db'];
    $bdir = $_SERVER["DOCUMENT_ROOT"] . "/include/backup";
    $c1 = "mysqldump -h " . $mysql_host . " -u " . $mysql_user . " -p" . $mysql_pass . " " . $mysql_db . " -d > " . $bdir . "/db_structure.sql";
    $c = "mysqldump -h " . $mysql_host . " -u " . $mysql_user . " -p" . $mysql_pass . " " . $mysql_db . " " . tables("peers|messages|sitelog") . " | bzip2 -cq9 > " . $bdir . "/db_" . date("m_d_y", TIME_NOW) . ".sql.bz2";
    system($c1);
    system($c);
    $files = glob($bdir . "/db_*");
    foreach ($files as $file) {
        if (TIME_NOW - filemtime($file) > 3 * 86400) {
            unlink($file);
        }
    }
    $ext = "db_" . date("m_d_y", TIME_NOW) . ".sql.bz2";
    sql_query("INSERT INTO dbbackup (name, added, userid) VALUES (" . sqlesc($ext) . ", " . TIME_NOW . ", " . $INSTALLER09['site']['owner'] . ")") or sqlerr(__FILE__, __LINE__);
    if ($queries > 0) {
        write_log("Auto-dbbackup----------------------Auto Back Up Complete using {$queries} queries---------------------");
    }
    if (false !== mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
        $data['clean_desc'] = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) . " items deleted/updated";
    }
    if ($data['clean_log']) {
        cleanup_log($data);
    }
}

Example #7

0

Show file

File: iusers.php Project: klldll/tbdev

function iUsers($iname, $ipass, $imail)
{
    global $admin_file, $CURUSER;
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
        list($iclass) = mysql_fetch_row(sql_query('SELECT class FROM users WHERE username = '******'Администратор ' . $CURUSER['username'] . ' пробовал изменить учетные данные пользователя ' . $iname . ' классом выше!', 'red', 'error');
        } else {
            $updateset = array();
            if (!empty($ipass)) {
                $secret = mksecret();
                $hash = md5($secret . $ipass . $secret);
                $updateset[] = "secret = " . sqlesc($secret);
                $updateset[] = "passhash = " . sqlesc($hash);
            }
            if (!empty($imail) && validemail($imail)) {
                $updateset[] = "email = " . sqlesc($imail);
            }
            if (count($updateset)) {
                $res = sql_query("UPDATE users SET " . implode(", ", $updateset) . " WHERE username = "******"Ошибка", "Смена пароля завершилась неудачей! Возможно указано несуществующее имя пользователя.", "error");
            } else {
                stdmsg("Изменения пользователя прошло успешно", "Имя пользователя: " . $iname . (!empty($hash) ? "<br />Новый пароль: " . $ipass : "") . (!empty($imail) ? "<br />Новая почта: " . $imail : ""));
            }
        }
    } else {
        echo "<form method=\"post\" action=\"" . $admin_file . ".php?op=iUsers\">" . "<table border=\"0\" cellspacing=\"0\" cellpadding=\"3\">" . "<tr><td class=\"colhead\" colspan=\"2\">Смена пароля</td></tr>" . "<tr>" . "<td><b>Пользователь</b></td>" . "<td><input name=\"iname\" type=\"text\"></td>" . "</tr>" . "<tr>" . "<td><b>Новый пароль</b></td>" . "<td><input name=\"ipass\" type=\"password\"></td>" . "</tr>" . "<tr>" . "<td><b>Новая почта</b></td>" . "<td><input name=\"imail\" type=\"text\"></td>" . "</tr>" . "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"isub\" value=\"Сделать\"></td></tr>" . "</table>" . "<input type=\"hidden\" name=\"op\" value=\"iUsers\" />" . "</form>";
    }
}

Example #8

0

Show file

File: ajax.like.php Project: UniversalAdministrator/U-232-V4

function comment_like_unlike()
{
    global $CURUSER, $type, $tb_fields, $the_id, $banned_users, $disabled_time;
    $userip = $_SERVER['REMOTE_ADDR'];
    $res = sql_query("SELECT user_likes,disabled_time FROM " . $tb_fields[$type[0]] . " LEFT OUTER JOIN manage_likes ON manage_likes.user_id = " . sqlesc($CURUSER['id']) . " WHERE " . $tb_fields[$type[0]] . ".id = " . sqlesc($the_id) . "") or sqlerr(__FILE__, __LINE__);
    $data = mysqli_fetch_row($res);
    if ($data[1] + $disabled_time > time()) {
        die($lang['ajlike_you_been_disabled']);
    } elseif (in_array($CURUSER['id'], $banned_users)) {
        die($lang['ajlike_you_been_banned']);
    }
    $exp = explode(',', $data[0]);
    if ($res && $type[1] == 'like' && array_key_exists($type[0], $tb_fields)) {
        if (!in_array($CURUSER['id'], $exp)) {
            $res2 = sql_query("UPDATE " . $tb_fields[$type[0]] . " SET user_likes = IF(LENGTH(user_likes),CONCAT(user_likes,','," . sqlesc((string) $CURUSER['id']) . ")," . sqlesc((string) $CURUSER['id']) . ") WHERE id = " . sqlesc($the_id) . "") or sqlerr(__FILE__, __LINE__);
        } else {
            die($lang['ajlike_you_already_liked']);
        }
    } elseif ($res && $type[1] == 'unlike' && array_key_exists($type[0], $tb_fields)) {
        if (in_array($CURUSER['id'], $exp)) {
            $key = array_search($CURUSER['id'], $exp);
            unset($exp[$key]);
            $exp = implode(",", $exp);
            $res2 = sql_query("UPDATE " . $tb_fields[$type[0]] . " SET user_likes = " . sqlesc($exp) . "WHERE id = " . sqlesc($the_id) . "") or sqlerr(__FILE__, __LINE__);
        } else {
            die($lang['ajlike_you_already_unliked']);
        }
    } else {
        die($lang['ajlike_get_lost']);
    }
}

Example #9

0

Show file

File: delete_torrents_xbt_update.php Project: UniversalAdministrator/U-232-V4

function docleanup($data)
{
    global $INSTALLER09, $queries, $mc1;
    set_time_limit(1200);
    ignore_user_abort(1);
    //== delete torrents - ????
    $days = 30;
    $dt = TIME_NOW - $days * 86400;
    sql_query("UPDATE torrents SET flags='1' WHERE added < {$dt} AND seeders='0' AND leechers='0'") or sqlerr(__FILE__, __LINE__);
    $res = sql_query("SELECT id, name FROM torrents WHERE mtime < {$dt} AND seeders='0' AND leechers='0' AND flags='1'") or sqlerr(__FILE__, __LINE__);
    while ($arr = mysqli_fetch_assoc($res)) {
        sql_query("DELETE files.*, comments.*, thankyou.*, thanks.*, thumbsup.*, bookmarks.*, coins.*, rating.*, xbt_files_users.* FROM xbt_files_users\n                                 LEFT JOIN files ON files.torrent = xbt_files_users.fid\n                                 LEFT JOIN comments ON comments.torrent = xbt_files_users.fid\n                                 LEFT JOIN thankyou ON thankyou.torid = xbt_files_users.fid\n                                 LEFT JOIN thanks ON thanks.torrentid = xbt_files_users.fid\n                                 LEFT JOIN bookmarks ON bookmarks.torrentid = xbt_files_users.fid\n                                 LEFT JOIN coins ON coins.torrentid = xbt_files_users.fid\n                                 LEFT JOIN rating ON rating.torrent = xbt_files_users.fid\n                                 LEFT JOIN thumbsup ON thumbsup.torrentid = xbt_files_users.fid\n                                 WHERE xbt_files_users.fid =" . sqlesc($arr['id'])) or sqlerr(__FILE__, __LINE__);
        @unlink("{$INSTALLER09['torrent_dir']}/{$arr['id']}.torrent");
        write_log("Torrent " . (int) $arr['id'] . " (" . htmlsafechars($arr['name']) . ") was deleted by system (older than {$days} days and no seeders)");
    }
    if ($queries > 0) {
        write_log("Delete Old Torrents XBT Clean -------------------- Delete Old XBT Torrents cleanup Complete using {$queries} queries --------------------");
    }
    if (false !== mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
        $data['clean_desc'] = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) . " items deleted/updated";
    }
    if ($data['clean_log']) {
        cleanup_log($data);
    }
}

Example #10

0

Show file

File: snatchclean_update.php Project: Bigjoos/U-232-V5

/**
|--------------------------------------------------------------------------|
|   https://github.com/Bigjoos/                                |
|--------------------------------------------------------------------------|
|   Licence Info: GPL                                              |
|--------------------------------------------------------------------------|
|   Copyright (C) 2010 U-232 V5                        |
|--------------------------------------------------------------------------|
|   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.   |
|--------------------------------------------------------------------------|
|   Project Leaders: Mindless, Autotron, whocares, Swizzles.                       |
|--------------------------------------------------------------------------|
 _   _   _   _   _     _   _   _   _   _   _     _   _   _   _
/ \ / \ / \ / \ / \   / \ / \ / \ / \ / \ / \   / \ / \ / \ / \
( U | - | 2 | 3 | 2 )-( S | o | u | r | c | e )-( C | o | d | e )
\_/ \_/ \_/ \_/ \_/   \_/ \_/ \_/ \_/ \_/ \_/   \_/ \_/ \_/ \_/
*/
function docleanup($data)
{
    global $INSTALLER09, $queries, $mc1;
    set_time_limit(0);
    ignore_user_abort(1);
    //== Delete snatched
    $dt = TIME_NOW - 30 * 86400;
    sql_query("DELETE FROM snatched WHERE complete_date < " . sqlesc($dt)) or sqlerr(__FILE__, __LINE__);
    if (false !== mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
        $data['clean_desc'] = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) . " items deleted/updated";
    }
    $snatchedcounts = array();
    $snatchedres = sql_query("SELECT torrentid, COUNT(*) AS count FROM snatched WHERE complete_date > 0 GROUP BY torrentid");
    while ($row = mysqli_fetch_assoc($snatchedres)) {
        $snatchedcounts[$row['torrentid']] = (int) $row['count'];
    }
    $tcompletedres = sql_query("SELECT id, times_completed FROM torrents");
    while ($row2 = mysqli_fetch_assoc($tcompletedres)) {
        if (!array_key_exists($row2['id'], $snatchedcounts) || array_key_exists($row2['id'], $snatchedcounts) && $row2['times_completed'] != $snatchedcounts[$row2['id']]) {
            sql_query("UPDATE torrents SET times_completed = " . $snatchedcounts[$row2['id']] . " WHERE id = " . $row2['id']);
            ++$snatchedcounts;
        }
    }
    if ($queries > 0) {
        write_log("Snatch list clean-------------------- Removed snatches not seeded for 99 days. Cleanup Complete using {$queries} queries --------------------");
    }
    if ($data['clean_log']) {
        cleanup_log($data);
    }
}

Example #11

0

Show file

File: backup_update.php Project: UniversalAdministrator/U-232-V4

function docleanup($data)
{
    global $INSTALLER09, $queries, $mc1;
    set_time_limit(0);
    ignore_user_abort(1);
    //== Delete old backup's
    $days = 3;
    $res = sql_query("SELECT id, name FROM dbbackup WHERE added < " . sqlesc(TIME_NOW - $days * 86400)) or sqlerr(__FILE__, __LINE__);
    if (mysqli_num_rows($res) > 0) {
        $ids = array();
        while ($arr = mysqli_fetch_assoc($res)) {
            $ids[] = (int) $arr['id'];
            $filename = $INSTALLER09['backup_dir'] . '/' . $arr['name'];
            if (is_file($filename)) {
                unlink($filename);
            }
        }
        sql_query('DELETE FROM dbbackup WHERE id IN (' . implode(', ', $ids) . ')') or sqlerr(__FILE__, __LINE__);
    }
    //== end
    if ($queries > 0) {
        write_log("Backup Clean -------------------- Backup Clean Complete using {$queries} queries--------------------");
    }
    if (false !== mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
        $data['clean_desc'] = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) . " items deleted/updated";
    }
    if ($data['clean_log']) {
        cleanup_log($data);
    }
}

Example #12

0

Show file

File: thanks.php Project: Bigjoos/U-232-V5

function print_list()
{
    global $uid, $tid, $ajax;
    $target = $ajax ? '_self' : '_parent';
    $qt = sql_query("SELECT th.userid, u.username, u.seedbonus FROM thanks as th INNER JOIN users as u ON u.id=th.userid WHERE th.torrentid=" . sqlesc($tid) . " ORDER BY u.class DESC") or sqlerr(__FILE__, __LINE__);
    $list = array();
    $hadTh = false;
    if (mysqli_num_rows($qt) > 0) {
        while ($a = mysqli_fetch_assoc($qt)) {
            $list[] = '<a href=\'userdetails.php?id=' . (int) $a['userid'] . '\' target=\'' . $target . '\'>' . htmlsafechars($a['username']) . '</a>';
            $ids[] = (int) $a['userid'];
        }
        $hadTh = in_array($uid, $ids) ? true : false;
    }
    if ($ajax) {
        return json_encode(array('list' => count($list) > 0 ? join(', ', $list) : 'Not yet', 'hadTh' => $hadTh, 'status' => true));
    } else {
        $form = !$hadTh ? "<br/><form action='thanks.php' method='post'><input type='submit' class='btn' name='submit' value='Say thanks' /><input type='hidden' name='torrentid' value='{$tid}' /><input type='hidden' name='action' value='add' /></form>" : "";
        $out = count($list) > 0 ? join(', ', $list) : 'Not yet';
        return <<<IFRAME
        
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<style type='text/css'>
body { margin:0;padding:0; 
\t   font-size:12px;
\t   font-family:arial,sans-serif;
\t   color: #FFFFFF;
}
a, a:link, a:visited {
  text-decoration: none;
  color: #FFFFFF;
  font-size:12px;
}
a:hover {
  color: #FFFFFF
  text-decoration:underline;
  
}
.btn {
background-color:#890537;
border:1px solid #000000;
color:#FFFFFF;
font-family:arial,sans-serif;
font-size:12px;
padding:1px 3px;
}
</style>
<title>::</title>
</head>
<body>
{$out}{$form}
</body>
</html>

IFRAME;
    }
}

Example #13

0

Show file

File: user_functions.php Project: ZenoX2012/CyBerFuN-CoDeX

function getpage()
{
    global $CURUSER;
    $page = getenv("SCRIPT_NAME");
    if ($CURUSER && $CURUSER["page_now"] != $page) {
        sql_query("UPDATE users SET page_now = " . sqlesc($page) . " WHERE id = {$CURUSER['id']}") or sqlerr(__FILE__, __LINE__);
    }
}

Example #14

0

Show file

File: forum_update.php Project: CharlieHD/U-232-V3

function cleanup_log($data)
{
    $text = sqlesc($data['clean_title']);
    $added = TIME_NOW;
    $ip = sqlesc($_SERVER['REMOTE_ADDR']);
    $desc = sqlesc($data['clean_desc']);
    sql_query("INSERT INTO cleanup_log (clog_event, clog_time, clog_ip, clog_desc) VALUES ({$text}, {$added}, {$ip}, {$desc})") or sqlerr(__FILE__, __LINE__);
}

Example #15

0

Show file

File: fastdelete.php Project: Bigjoos/U-232-V5

function deletetorrent_xbt($id)
{
    global $INSTALLER09, $mc1, $CURUSER, $lang;
    sql_query("UPDATE torrents SET flags = 1 WHERE id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
    sql_query("DELETE files.*, comments.*, thankyou.*, thanks.*, thumbsup.*, bookmarks.*, coins.*, rating.*, xbt_files_users.* FROM xbt_files_users\n                                     LEFT JOIN files ON files.torrent = xbt_files_users.fid\n                                     LEFT JOIN comments ON comments.torrent = xbt_files_users.fid\n                                     LEFT JOIN thankyou ON thankyou.torid = xbt_files_users.fid\n                                     LEFT JOIN thanks ON thanks.torrentid = xbt_files_users.fid\n                                     LEFT JOIN bookmarks ON bookmarks.torrentid = xbt_files_users.fid\n                                     LEFT JOIN coins ON coins.torrentid = xbt_files_users.fid\n                                     LEFT JOIN rating ON rating.torrent = xbt_files_users.fid\n                                     LEFT JOIN thumbsup ON thumbsup.torrentid = xbt_files_users.fid\n                                     WHERE xbt_files_users.fid =" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
    unlink("{$INSTALLER09['torrent_dir']}/{$id}.torrent");
    $mc1->delete_value('MyPeers_XBT_' . $CURUSER['id']);
}

Example #16

0

Show file

File: lotteryclean.php Project: UniversalAdministrator/U-232-V4

function docleanup($data)
{
    global $INSTALLER09, $queries;
    set_time_limit(0);
    ignore_user_abort(1);
    $lconf = sql_query('SELECT * FROM lottery_config') or sqlerr(__FILE__, __LINE__);
    while ($aconf = mysqli_fetch_assoc($lconf)) {
        $lottery_config[$aconf['name']] = $aconf['value'];
    }
    if ($lottery_config['enable'] && TIME_NOW > $lottery_config['end_date']) {
        $q = mysqli_query($GLOBALS["___mysqli_ston"], 'SELECT t.user as uid, u.seedbonus, u.modcomment FROM tickets as t LEFT JOIN users as u ON u.id = t.user ORDER BY RAND() ') or sqlerr(__FILE__, __LINE__);
        while ($a = mysqli_fetch_assoc($q)) {
            $tickets[] = $a;
        }
        shuffle($tickets);
        $lottery['winners'] = array();
        $lottery['total_tickets'] = count($tickets);
        for ($i = 0; $i < $lottery['total_tickets']; $i++) {
            if (!isset($lottery['winners'][$tickets[$i]['uid']])) {
                $lottery['winners'][$tickets[$i]['uid']] = $tickets[$i];
            }
            if ($lottery_config['total_winners'] == count($lottery['winners'])) {
                break;
            }
        }
        if ($lottery_config['use_prize_fund']) {
            $lottery['total_pot'] = $lottery_config['prize_fund'];
        } else {
            $lottery['total_pot'] = $lottery['total_tickets'] * $lottery_config['ticket_amount'];
        }
        $lottery['user_pot'] = round($lottery['total_pot'] / $lottery_config['total_winners'], 2);
        $msg['subject'] = sqlesc('You have won the lottery');
        $msg['body'] = sqlesc('Congratulations, You have won : ' . $lottery['user_pot'] . '. This has been added to your seedbonus total amount. Thanks for playing Lottery.');
        foreach ($lottery['winners'] as $winner) {
            $_userq[] = '(' . $winner['uid'] . ',' . ($winner['seedbonus'] + $lottery['user_pot']) . ',' . sqlesc("User won the lottery: " . $lottery['user_pot'] . " at " . get_date(TIME_NOW, 'LONG') . "\n" . $winner['modcomment']) . ')';
            $_pms[] = '(0,' . $winner['uid'] . ',' . $msg['subject'] . ',' . $msg['body'] . ',' . TIME_NOW . ')';
        }
        $lconfig_update = array('(\'enable\',0)', '(\'lottery_winners_time\',' . TIME_NOW . ')', '(\'lottery_winners_amount\',' . $lottery['user_pot'] . ')', '(\'lottery_winners\',\'' . join('|', array_keys($lottery['winners'])) . '\')');
        if (count($_userq)) {
            sql_query('INSERT INTO users(id,seedbonus,modcomment) VALUES ' . join(',', $_userq) . ' ON DUPLICATE KEY UPDATE seedbonus = values(seedbonus), modcomment = values(modcomment)') or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
        }
        if (count($_pms)) {
            sql_query('INSERT INTO messages(sender, receiver, subject, msg, added) VALUES ' . join(',', $_pms)) or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
        }
        sql_query('INSERT INTO lottery_config(name,value) VALUES ' . join(',', $lconfig_update) . ' ON DUPLICATE KEY UPDATE value=values(value)') or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
        sql_query('DELETE FROM tickets') or die(is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false));
    }
    //==End 09 seedbonus lottery by putyn
    if ($queries > 0) {
        write_log("Lottery clean-------------------- lottery Complete using {$queries} queries --------------------");
    }
    if (false !== mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
        $data['clean_desc'] = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) . " items deleted";
    }
    if ($data['clean_log']) {
        cleanup_log($data);
    }
}

Example #17

0

Show file

File: steal.php Project: chenrizhi/mtpt

function changestealstatus($userid, $num, $reset)
{
    $userid = sqlesc($userid);
    if ($reset == 'no') {
        sql_query("UPDATE users SET stealstatus = stealstatus + {$num} WHERE id={$userid}") or sqlerr(__FILE__, __LINE__);
    } else {
        sql_query("UPDATE users SET stealstatus = {$reset} WHERE id={$userid}") or sqlerr(__FILE__, __LINE__);
    }
}

Example #18

0

Show file

File: funds_update.php Project: CharlieHD/U-232-V3

function docleanup($data)
{
    global $INSTALLER09, $queries, $mc1;
    set_time_limit(1200);
    ignore_user_abort(1);
    // ===Clear funds on first day of the month
    if (date("d") == 1) {
        sql_query("TRUNCATE funds");
    }
    //if (mysqli_affected_rows() > 0)
    $mc1->delete_value('totalfunds_');
    // ===End
    //== Donation Progress Mod Updated For Tbdev 2009/2010 by Bigjoos/pdq
    $res = sql_query("SELECT id, modcomment, vipclass_before FROM users WHERE donor='yes' AND donoruntil < " . TIME_NOW . " AND donoruntil <> '0'") or sqlerr(__FILE__, __LINE__);
    $msgs_buffer = $users_buffer = array();
    if (mysqli_num_rows($res) > 0) {
        $subject = "Donor status removed by system.";
        $msg = "Your Donor status has timed out and has been auto-removed by the system, and your Vip status has been removed. We would like to thank you once again for your support to {$INSTALLER09['site_name']}. If you wish to re-new your donation, Visit the site paypal link. Cheers!\n";
        while ($arr = mysqli_fetch_assoc($res)) {
            $modcomment = $arr['modcomment'];
            $modcomment = get_date(TIME_NOW, 'DATE', 1) . " - Donation status Automatically Removed By System.\n" . $modcomment;
            $modcom = sqlesc($modcomment);
            $msgs_buffer[] = '(0,' . $arr['id'] . ',' . TIME_NOW . ', ' . sqlesc($msg) . ',' . sqlesc($subject) . ')';
            $users_buffer[] = '(' . $arr['id'] . ',' . $arr['vipclass_before'] . ',\'no\',\'0\', ' . $modcom . ')';
            $update['class'] = $arr['vipclass_before'];
            $mc1->begin_transaction('user' . $arr['id']);
            $mc1->update_row(false, array('class' => $update['class'], 'donor' => 'no', 'donoruntil' => 0));
            $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
            $mc1->begin_transaction('user_stats_' . $arr['id']);
            $mc1->update_row(false, array('modcomment' => $modcomment));
            $mc1->commit_transaction($INSTALLER09['expires']['user_stats']);
            $mc1->begin_transaction('MyUser_' . $arr['id']);
            $mc1->update_row(false, array('class' => $update['class'], 'donor' => 'no', 'donoruntil' => 0));
            $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
            $mc1->delete_value('inbox_new_' . $arr['id']);
            $mc1->delete_value('inbox_new_sb_' . $arr['id']);
        }
        $count = count($users_buffer);
        if ($count > 0) {
            sql_query("INSERT INTO messages (sender,receiver,added,msg,subject) VALUES " . implode(', ', $msgs_buffer)) or sqlerr(__FILE__, __LINE__);
            sql_query("INSERT INTO users (id, class, donor, donoruntil, modcomment) VALUES " . implode(', ', $users_buffer) . " ON DUPLICATE key UPDATE class=values(class),\n            donor=values(donor),donoruntil=values(donoruntil),modcomment=concat(values(modcomment),modcomment)") or sqlerr(__FILE__, __LINE__);
            write_log("Cleanup: Donation status expired - " . $count . " Member(s)");
        }
        unset($users_buffer, $msgs_buffer, $update, $count);
    }
    //===End===//
    if ($queries > 0) {
        write_log("Delete Old Funds Clean -------------------- Delete Old Funds cleanup Complete using {$queries} queries --------------------");
    }
    if (false !== mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
        $data['clean_desc'] = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) . " items deleted/updated";
    }
    if ($data['clean_log']) {
        cleanup_log($data);
    }
}

Example #19

0

Show file

File: pu_update.php Project: CharlieHD/U-232-V3

function docleanup($data)
{
    global $INSTALLER09, $queries, $mc1;
    set_time_limit(1200);
    ignore_user_abort(1);
    //== Updated promote power users
    $limit = 25 * 1024 * 1024 * 1024;
    $minratio = 1.05;
    $maxdt = TIME_NOW - 86400 * 28;
    $res = sql_query("SELECT id, uploaded, downloaded, invites, modcomment FROM users WHERE class = " . UC_USER . " AND uploaded >= {$limit} AND uploaded / downloaded >= {$minratio} AND enabled='yes' AND added < {$maxdt}") or sqlerr(__FILE__, __LINE__);
    $msgs_buffer = $users_buffer = array();
    if (mysqli_num_rows($res) > 0) {
        $subject = "Auto Promotion";
        $msg = "Congratulations, you have been Auto-Promoted to [b]Power User[/b]. :)\n You get one extra invite.\n";
        while ($arr = mysqli_fetch_assoc($res)) {
            $ratio = number_format($arr['uploaded'] / $arr['downloaded'], 3);
            $modcomment = $arr['modcomment'];
            $modcomment = get_date(TIME_NOW, 'DATE', 1) . " - Promoted to Power User by System (UL=" . mksize($arr['uploaded']) . ", DL=" . mksize($arr['downloaded']) . ", R=" . $ratio . ").\n" . $modcomment;
            $modcom = sqlesc($modcomment);
            $msgs_buffer[] = '(0,' . $arr['id'] . ', ' . TIME_NOW . ', ' . sqlesc($msg) . ', ' . sqlesc($subject) . ')';
            $users_buffer[] = '(' . $arr['id'] . ', 1, 1, ' . $modcom . ')';
            $update['invites'] = $arr['invites'] + 1;
            $mc1->begin_transaction('user' . $arr['id']);
            $mc1->update_row(false, array('class' => 1, 'invites' => $update['invites']));
            $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
            $mc1->begin_transaction('user_stats_' . $arr['id']);
            $mc1->update_row(false, array('modcomment' => $modcomment));
            $mc1->commit_transaction($INSTALLER09['expires']['user_stats']);
            $mc1->begin_transaction('MyUser_' . $arr['id']);
            $mc1->update_row(false, array('class' => 1, 'invites' => $update['invites']));
            $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
            $mc1->delete_value('inbox_new_' . $arr['id']);
            $mc1->delete_value('inbox_new_sb_' . $arr['id']);
        }
        $count = count($users_buffer);
        if ($count > 0) {
            sql_query("INSERT INTO messages (sender,receiver,added,msg,subject) VALUES " . implode(', ', $msgs_buffer)) or sqlerr(__FILE__, __LINE__);
            sql_query("INSERT INTO users (id, class, invites, modcomment) VALUES " . implode(', ', $users_buffer) . " ON DUPLICATE key UPDATE class=values(class), invites = invites+values(invites), modcomment=concat(values(modcomment),modcomment)") or sqlerr(__FILE__, __LINE__);
            write_log("Cleanup: Promoted " . $count . " member(s) from User to Power User");
        }
        unset($users_buffer, $msgs_buffer, $update, $count);
        status_change($arr['id']);
        //== For Retros announcement mod
    }
    //==
    if ($queries > 0) {
        write_log("Power User Updates -------------------- Power User Updates Clean Complete using {$queries} queries--------------------");
    }
    if (false !== mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
        $data['clean_desc'] = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) . " items deleted/updated";
    }
    if ($data['clean_log']) {
        cleanup_log($data);
    }
}

Example #20

0

Show file

File: function_bemail.php Project: CharlieHD/U-232-V3

/**
 *   https://github.com/Bigjoos/
 *   Licence Info: GPL
 *   Copyright (C) 2010 U-232 v.3
 *   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
 *   Project Leaders: Mindless, putyn.
 *
 */
function check_banned_emails($email)
{
    global $lang;
    $expl = explode("@", $email);
    $wildemail = "*@" . $expl[1];
    /* Ban emails by x0r @tbdev.net */
    $res = sql_query("SELECT id, comment FROM bannedemails WHERE email = " . sqlesc($email) . " OR email = " . sqlesc($wildemail)) or sqlerr(__FILE__, __LINE__);
    if ($arr = mysqli_fetch_assoc($res)) {
        stderr("{$lang['takesignup_user_error']}", "{$lang['takesignup_bannedmail']}" . htmlsafechars($arr['comment']));
    }
}

Example #21

0

Show file

File: users.functions.php Project: Karpec/gizd

function user_with_color($username, $prefix = NULL, $suffix = NULL)
{
    global $TABLE_PREFIX;
    if (isset($prefix) && isset($suffix)) {
        return unesc($prefix . $username . $suffix);
    } else {
        // get cached version for the user (prefix and suffix)
        $rps = get_result("SELECT prefixcolor,suffixcolor FROM {$TABLE_PREFIX}users u INNER JOIN {$TABLE_PREFIX}users_level ul ON u.id_level=ul.id WHERE u.username="******"", false, 0);
        return unesc($rps[0]['prefixcolor'] . $username . $rps[0]['suffixcolor']);
    }
}

Example #22

0

Show file

File: autoinvite_update.php Project: Bigjoos/U-232-V5

/**
|--------------------------------------------------------------------------|
|   https://github.com/Bigjoos/                			    |
|--------------------------------------------------------------------------|
|   Licence Info: GPL			                                    |
|--------------------------------------------------------------------------|
|   Copyright (C) 2010 U-232 V5					    |
|--------------------------------------------------------------------------|
|   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.   |
|--------------------------------------------------------------------------|
|   Project Leaders: Mindless, Autotron, whocares, Swizzles.					    |
|--------------------------------------------------------------------------|
 _   _   _   _   _     _   _   _   _   _   _     _   _   _   _
/ \ / \ / \ / \ / \   / \ / \ / \ / \ / \ / \   / \ / \ / \ / \
( U | - | 2 | 3 | 2 )-( S | o | u | r | c | e )-( C | o | d | e )
\_/ \_/ \_/ \_/ \_/   \_/ \_/ \_/ \_/ \_/ \_/   \_/ \_/ \_/ \_/
*/
function docleanup($data)
{
    global $INSTALLER09, $queries, $mc1;
    set_time_limit(1200);
    ignore_user_abort(1);
    //== 09 Auto invite by Bigjoos/pdq
    $ratiocheck = 1.0;
    $joined = TIME_NOW - 86400 * 90;
    $res = sql_query("SELECT id, uploaded, invites, downloaded, modcomment FROM users WHERE invites='1' AND class = " . UC_USER . " AND uploaded / downloaded <= {$ratiocheck} AND enabled='yes' AND added < {$joined}") or sqlerr(__FILE__, __LINE__);
    $msgs_buffer = $users_buffer = array();
    if (mysqli_num_rows($res) > 0) {
        $subject = "Auto Invites";
        $msg = "Congratulations, your user group met a set out criteria therefore you have been awarded 2 invites  :)\n Please use them carefully. Cheers " . $INSTALLER09['site_name'] . " staff.\n";
        while ($arr = mysqli_fetch_assoc($res)) {
            $ratio = number_format($arr['uploaded'] / $arr['downloaded'], 3);
            $modcomment = $arr['modcomment'];
            $modcomment = get_date(TIME_NOW, 'DATE', 1) . " - Awarded 2 bonus invites by System (UL=" . mksize($arr['uploaded']) . ", DL=" . mksize($arr['downloaded']) . ", R=" . $ratio . ") .\n" . $modcomment;
            $modcom = sqlesc($modcomment);
            $msgs_buffer[] = '(0,' . $arr['id'] . ', ' . TIME_NOW . ', ' . sqlesc($msg) . ', ' . sqlesc($subject) . ')';
            $users_buffer[] = '(' . $arr['id'] . ', 2, ' . $modcom . ')';
            //== 2 in the user_buffer is award amount :)
            $update['invites'] = $arr['invites'] + 2;
            //== 2 in the user_buffer is award amount :)
            $mc1->begin_transaction('user' . $arr['id']);
            $mc1->update_row(false, array('invites' => $update['invites']));
            $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
            $mc1->begin_transaction('user_stats_' . $arr['id']);
            $mc1->update_row(false, array('modcomment' => $modcomment));
            $mc1->commit_transaction($INSTALLER09['expires']['user_stats']);
            $mc1->begin_transaction('MyUser_' . $arr['id']);
            $mc1->update_row(false, array('invites' => $update['invites']));
            $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
            $mc1->delete_value('inbox_new_' . $arr['id']);
            $mc1->delete_value('inbox_new_sb_' . $arr['id']);
        }
        $count = count($users_buffer);
        if ($count > 0) {
            sql_query("INSERT INTO messages (sender,receiver,added,msg,subject) VALUES " . implode(', ', $msgs_buffer)) or sqlerr(__FILE__, __LINE__);
            sql_query("INSERT INTO users (id, invites, modcomment) VALUES " . implode(', ', $users_buffer) . " ON DUPLICATE key UPDATE invites = invites+values(invites), modcomment=values(modcomment)") or sqlerr(__FILE__, __LINE__);
            write_log("Cleanup: Awarded 2 bonus invites to " . $count . " member(s) ");
        }
        unset($users_buffer, $msgs_buffer, $update, $count);
    }
    //==
    if ($queries > 0) {
        write_log("Auto Invites -------------------- Auto Cleanups cleanup Complete using {$queries} queries --------------------");
    }
    if (false !== mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
        $data['clean_desc'] = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) . " items deleted/updated";
    }
    if ($data['clean_log']) {
        cleanup_log($data);
    }
}

Example #23

0

Show file

File: announce.php Project: chenrizhi/mtpt

function Clean_Free($id, $state, $endtime)
{
    if ($state != "1" && $endtime != "0000-00-00 00:00:00") {
        if ($endtime < date("Y-m-d H:i:s", time())) {
            sql_query("UPDATE torrents SET sp_state = '1' WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
            return true;
        }
    } else {
        return false;
    }
}

Example #24

0

Show file

File: captcha.php Project: klldll/tbdev

function create_captcha()
{
    global $_COOKIE_SALT;
    //$randomstr = mksecret(5);
    $randomstr = rand(10000, 99999);
    $imagehash = md5($randomstr . $_COOKIE_SALT);
    // Additional security tightening
    // Have to use MYsql_query to prohibit seeing imagestring in debugmode
    mysql_query("INSERT INTO captcha SET imagehash = " . sqlesc($imagehash) . ", imagestring = " . sqlesc($randomstr) . ", dateline = " . sqlesc(time())) or sqlerr(__FILE__, __LINE__);
    return $imagehash;
}

Example #25

0

Show file

File: takelogin.php Project: CharlieHD/U-232-V2

function failedloginscheck()
{
    global $INSTALLER09;
    $total = 0;
    $ip = sqlesc(getip());
    $res = sql_query("SELECT SUM(attempts) FROM failedlogins WHERE ip={$ip}") or sqlerr(__FILE__, __LINE__);
    list($total) = mysql_fetch_row($res);
    if ($total >= $INSTALLER09['failedlogins']) {
        mysql_query("UPDATE failedlogins SET banned = 'yes' WHERE ip={$ip}") or sqlerr(__FILE__, __LINE__);
        stderr("Login Locked!", "You have been <b>Exceeded</b> the allowed maximum login attempts without successful login, therefore your ip address <b>(" . htmlspecialchars($ip) . ")</b> has been locked for 24 hours.");
    }
}

Example #26

0

Show file

File: pu_demote_update.php Project: CharlieHD/U-232-V3

function docleanup($data)
{
    global $INSTALLER09, $queries, $mc1;
    set_time_limit(1200);
    ignore_user_abort(1);
    //== Updated demote power users
    $minratio = 0.85;
    $res = sql_query("SELECT id, uploaded, downloaded, modcomment FROM users WHERE class = " . UC_POWER_USER . " AND uploaded / downloaded < {$minratio}") or sqlerr(__FILE__, __LINE__);
    $subject = "Auto Demotion";
    $msgs_buffer = $users_buffer = array();
    if (mysqli_num_rows($res) > 0) {
        $msg = "You have been auto-demoted from [b]Power User[/b] to [b]User[/b] because your share ratio has dropped below  {$minratio}.\n";
        while ($arr = mysqli_fetch_assoc($res)) {
            $ratio = number_format($arr['uploaded'] / $arr['downloaded'], 3);
            $modcomment = $arr['modcomment'];
            $modcomment = get_date(TIME_NOW, 'DATE', 1) . " - Demoted To User by System (UL=" . mksize($arr['uploaded']) . ", DL=" . mksize($arr['downloaded']) . ", R=" . $ratio . ").\n" . $modcomment;
            $modcom = sqlesc($modcomment);
            $msgs_buffer[] = '(0,' . $arr['id'] . ', ' . TIME_NOW . ', ' . sqlesc($msg) . ', ' . sqlesc($subject) . ')';
            $users_buffer[] = '(' . $arr['id'] . ', 0, ' . $modcom . ')';
            $mc1->begin_transaction('user' . $arr['id']);
            $mc1->update_row(false, array('class' => 0));
            $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
            $mc1->begin_transaction('user_stats_' . $arr['id']);
            $mc1->update_row(false, array('modcomment' => $modcomment));
            $mc1->commit_transaction($INSTALLER09['expires']['user_stats']);
            $mc1->begin_transaction('MYuser_' . $arr['id']);
            $mc1->update_row(false, array('class' => 0));
            $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
            $mc1->delete_value('inbox_new_' . $arr['id']);
            $mc1->delete_value('inbox_new_sb_' . $arr['id']);
        }
        $count = count($users_buffer);
        if ($count > 0) {
            sql_query("INSERT INTO messages (sender,receiver,added,msg,subject) VALUES " . implode(', ', $msgs_buffer)) or sqlerr(__FILE__, __LINE__);
            sql_query("INSERT INTO users (id, class, modcomment) VALUES " . implode(', ', $users_buffer) . " ON DUPLICATE key UPDATE class=values(class),modcomment=concat(values(modcomment),modcomment)") or sqlerr(__FILE__, __LINE__);
            write_log("Cleanup: Demoted " . $count . " member(s) from Power User to User");
            status_change($arr['id']);
        }
        unset($users_buffer, $msgs_buffer, $count);
        status_change($arr['id']);
        //== For Retros announcement mod
    }
    //==End
    if ($queries > 0) {
        write_log("Power User Demote Updates -------------------- Power User Demote Updates Clean Complete using {$queries} queries--------------------");
    }
    if (false !== mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
        $data['clean_desc'] = mysqli_affected_rows($GLOBALS["___mysqli_ston"]) . " items deleted/updated";
    }
    if ($data['clean_log']) {
        cleanup_log($data);
    }
}

Example #27

0

Show file

File: viewinvitebox.php Project: NullYing/mtpt

function invite($email)
{
    global $CURUSER;
    global $SITENAME;
    global $BASEURL;
    global $SITEEMAIL;
    global $lang_takeinvite;
    $id = $CURUSER[id];
    $email = unesc(htmlspecialchars(trim($email)));
    $email = safe_email($email);
    if (!$email) {
        bark($lang_takeinvite['std_must_enter_email']);
    }
    if (!check_email($email)) {
        bark($lang_takeinvite['std_invalid_email_address']);
    }
    if (EmailBanned($email)) {
        bark($lang_takeinvite['std_email_address_banned']);
    }
    if (!EmailAllowed($email)) {
        bark($lang_takeinvite['std_wrong_email_address_domains'] . allowedemails());
    }
    $body = "\n你好,\n\n我邀请你加入 {$SITENAME}, 这是一个拥有丰富资源的非开放社区. \n如果你有兴趣加入我们请阅读规则并确认邀请.最后,确保维持一个良好的分享率 \n分享允许的资源.\n\n欢迎到来! :)\n";
    $body = str_replace("<br />", "<br />", nl2br(trim(strip_tags($body))));
    if (!$body) {
        bark($lang_takeinvite['std_must_enter_personal_message']);
    }
    // check if email addy is already in use
    $a = @mysql_fetch_row(@sql_query("select count(*) from users where email=" . sqlesc($email))) or die(mysql_error());
    if ($a[0] != 0) {
        bark($lang_takeinvite['std_email_address'] . htmlspecialchars($email) . $lang_takeinvite['std_is_in_use']);
    }
    $b = @mysql_fetch_row(@sql_query("select count(*) from invites where invitee=" . sqlesc($email))) or die(mysql_error());
    if ($b[0] != 0) {
        bark($lang_takeinvite['std_invitation_already_sent_to'] . htmlspecialchars($email) . $lang_takeinvite['std_await_user_registeration']);
    }
    $ret = sql_query("SELECT username FROM users WHERE id = " . sqlesc($id)) or sqlerr();
    $arr = mysql_fetch_assoc($ret);
    $hash = md5(mt_rand(1, 10000) . $CURUSER['username'] . TIMENOW . $CURUSER['passhash']);
    $title = $SITENAME . $lang_takeinvite['mail_tilte'];
    $message = <<<EOD
{$lang_takeinvite['mail_one']}{$arr[username]}{$lang_takeinvite['mail_two']}
<b><a href="http://{$BASEURL}/signup.php?type=invite&invitenumber={$hash}" target="_blank">{$lang_takeinvite['mail_here']}</a></b><br />
http://{$BASEURL}/signup.php?type=invite&invitenumber={$hash}
<br />{$lang_takeinvite['mail_three']}{$invite_timeout}{$lang_takeinvite['mail_four']}{$arr[username]}{$lang_takeinvite['mail_five']}<br />
{$body}
<br /><br />{$lang_takeinvite['mail_six']}
EOD;
    sent_mail($email, $SITENAME, $SITEEMAIL, change_email_encode(get_langfolder_cookie(), $title), change_email_encode(get_langfolder_cookie(), $message), "invitesignup", false, false, '', get_email_encode(get_langfolder_cookie()));
    //this email is sent only when someone give out an invitation
    sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('" . mysql_real_escape_string($id) . "', '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($hash) . "', " . sqlesc(date("Y-m-d H:i:s")) . ")");
}

Example #28

0

Show file

File: stealth.php Project: UniversalAdministrator/U-232-V4

function stealth($id, $stealth = true)
{
    global $CURUSER, $mc1, $INSTALLER09;
    $setbits = $clrbits = 0;
    if ($stealth) {
        $display = 'is';
        $setbits |= bt_options::PERMS_STEALTH;
        // stealth on
    } else {
        $display = 'is not';
        $clrbits |= bt_options::PERMS_STEALTH;
        // stealth off
    }
    // update perms
    if ($setbits || $clrbits) {
        sql_query('UPDATE users SET perms = ((perms | ' . $setbits . ') & ~' . $clrbits . ') 
                 WHERE id = ' . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
    }
    // grab current data
    $res = sql_query('SELECT username, perms, modcomment FROM users 
                     WHERE id = ' . sqlesc($id) . ' LIMIT 1') or sqlerr(__FILE__, __LINE__);
    $row = mysqli_fetch_assoc($res);
    $row['perms'] = (int) $row['perms'];
    $modcomment = get_date(TIME_NOW, '', 1) . ' - ' . $display . ' in Stealth Mode thanks to ' . $CURUSER['username'] . "\n" . $row['modcomment'];
    sql_query('UPDATE users SET modcomment = ' . sqlesc($modcomment) . ' WHERE id = ' . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
    // update caches
    $mc1->begin_transaction('user' . $id);
    $mc1->update_row(false, array('perms' => $row['perms']));
    $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
    $mc1->begin_transaction('MyUser_' . $id);
    $mc1->update_row(false, array('perms' => $row['perms']));
    $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
    $mc1->begin_transaction('user_stats_' . $id);
    $mc1->update_row(false, array('modcomment' => $modcomment));
    $mc1->commit_transaction($INSTALLER09['expires']['user_stats']);
    if ($id == $CURUSER['id']) {
        $mc1->begin_transaction('user' . $CURUSER['id']);
        $mc1->update_row(false, array('perms' => $row['perms']));
        $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
        $mc1->begin_transaction('MyUser_' . $CURUSER['id']);
        $mc1->update_row(false, array('perms' => $row['perms']));
        $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
        $mc1->begin_transaction('user_stats_' . $CURUSER['id']);
        $mc1->update_row(false, array('modcomment' => $modcomment));
        $mc1->commit_transaction($INSTALLER09['expires']['user_stats']);
    }
    write_log('Member [b][url=userdetails.php?id=' . $id . ']' . htmlsafechars($row['username']) . '[/url][/b] ' . $display . ' in Stealth Mode thanks to [b]' . $CURUSER['username'] . '[/b]');
    // header ouput
    $mc1->cache_value('display_stealth' . $CURUSER['id'], $display, 5);
    header('Location: userdetails.php?id=' . $id);
    exit;
}

Example #29

0

Show file

File: db.php Project: ratatoeskr-cms/r7r-repo

function qdb_vfmt($args)
{
    global $config;
    if (count($args) < 1) {
        throw new InvalidArgumentException('Need at least one parameter');
    }
    $query = $args[0];
    $data = array_map(function ($x) {
        return is_string($x) ? sqlesc($x) : $x;
    }, array_slice($args, 1));
    $query = str_replace("PREFIX_", $config["mysql"]["prefix"], $query);
    return vsprintf($query, $data);
}

Example #30

0

Show file

File: shoutbox.php Project: CptTZ/NexusPHP-1

function ai_response($content)
{
    # AI Module V0.1.20130409
    # Test only.
    global $ai_library, $function_library;
    global $CURUSER;
    foreach ($ai_library as $value) {
        foreach ($value['keyword'] as $kw) {
            if (preg_match($kw, $content)) {
                $ret = $value['response'][array_rand($value['response'], 1)];
                if (preg_match("/function/", $ret)) {
                    if ($ret == "function:date") {
                        // date
                        //check user level
                        if (get_user_class() >= UC_INSANE_USER) {
                            $ret = $function_library['date']['success'];
                        } else {
                            $ret = $function_library['date']['fail'];
                        }
                    }
                    if ($ret == "function:midautumn") {
                        // mid autumn
                        $res = sql_query("SELECT * FROM midautumn WHERE userid = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
                        if (mysql_num_rows($res) != 0) {
                            $ret = $function_library['midautumn']['fail'];
                        } else {
                            $bscom = date("Y-m-d") . " - " . " 500 Points for Mid-autumn Festival.\n " . $CURUSER['bonuscomment'];
                            sql_query("UPDATE users SET seedbonus = seedbonus + 500, bonuscomment = " . sqlesc($bscom) . " WHERE id = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
                            sql_query("INSERT into midautumn (userid) VALUES (" . sqlesc($CURUSER['id']) . ")") or sqlerr(__FILE__, __LINE__);
                            $ret = $function_library['midautumn']['success'];
                        }
                    }
                    if ($ret == "function:closenhdrobot") {
                        // close NHDRobot
                        sql_query("UPDATE users SET shownhdrobot = 'no' WHERE id = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
                        //$ret = $function_library['closenhdrobot'];
                        $ret = "norep";
                    }
                    if ($ret == "function:opennhdrobot") {
                        // open NHDRobot
                        sql_query("UPDATE users SET shownhdrobot = 'yes' WHERE id = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
                        //$ret = $function_library['opennhdrobot'];
                        $ret = "norep";
                    }
                }
                return $ret;
            }
        }
    }
    return "";
}

PHP sqlesc Examples