// Permissions if (isset($_COOKIE['session'])) { $LoginCookie = $Enc->decrypt($_COOKIE['session']); } if (isset($LoginCookie)) { list($SessionID, $LoggedUser['ID']) = explode('|~|', $Enc->decrypt($LoginCookie)); $LoggedUser['ID'] = (int) $LoggedUser['ID']; $UserID = $LoggedUser['ID']; //TODO: UserID should not be LoggedUser if (!$LoggedUser['ID'] || !$SessionID) { logout(); } $UserSessions = $Cache->get_value("users_sessions_{$UserID}"); if (!is_array($UserSessions)) { $DB->query("\n\t\t\tSELECT\n\t\t\t\tSessionID,\n\t\t\t\tBrowser,\n\t\t\t\tOperatingSystem,\n\t\t\t\tIP,\n\t\t\t\tLastUpdate\n\t\t\tFROM users_sessions\n\t\t\tWHERE UserID = '{$UserID}'\n\t\t\t\tAND Active = 1\n\t\t\tORDER BY LastUpdate DESC"); $UserSessions = $DB->to_array('SessionID', MYSQLI_ASSOC); $Cache->cache_value("users_sessions_{$UserID}", $UserSessions, 0); } if (!array_key_exists($SessionID, $UserSessions)) { logout(); } // Check if user is enabled $Enabled = $Cache->get_value('enabled_' . $LoggedUser['ID']); if ($Enabled === false) { $DB->query("\n\t\t\tSELECT Enabled\n\t\t\tFROM users_main\n\t\t\tWHERE ID = '{$LoggedUser['ID']}'"); list($Enabled) = $DB->next_record(); $Cache->cache_value('enabled_' . $LoggedUser['ID'], $Enabled, 0); } if ($Enabled == 2) { logout(); }
$Text = new TEXT; $Feed->channel('Blog', 'RSS feed for site blog.'); if (!$Blog = $Cache->get_value('blog')) { require(SERVER_ROOT.'/classes/class_mysql.php'); //Require the database wrapper $DB=NEW DB_MYSQL; //Load the database wrapper $DB->query("SELECT b.ID, um.Username, b.Title, b.Body, b.Time, b.ThreadID FROM blog AS b LEFT JOIN users_main AS um ON b.UserID=um.ID ORDER BY Time DESC LIMIT 20"); $Blog = $DB->to_array(); $Cache->cache_value('Blog',$Blog,1209600); } foreach ($Blog as $BlogItem) { list($BlogID, $Author, $Title, $Body, $BlogTime, $ThreadID) = $BlogItem; echo $Feed->item($Title, $Text->strip_bbcode($Body), 'forums.php?action=viewthread&threadid='.$ThreadID, SITE_NAME.' Staff','','',$BlogTime); } break; case 'torrents_all': $Feed->channel('All Torrents', 'RSS feed for all new torrent uploads.'); $Feed->retrieve('torrents_all',$_GET['authkey'],$_GET['passkey']); break; case 'torrents_music': $Feed->channel('Music Torrents', 'RSS feed for all new music torrents.'); $Feed->retrieve('torrents_music',$_GET['authkey'],$_GET['passkey']); break;
$DB->query("\n\t\tSELECT Token, Name\n\t\tFROM api_applications\n\t\tWHERE ID = '{$AppID}'\n\t\tLIMIT 1"); $App = $DB->to_array(false, MYSQLI_ASSOC); $Cache->cache_value("api_apps_{$AppID}", $App, 0); } $App = $App[0]; //Handle our request auths if ($_GET['req'] === 'access_request') { if (md5($App['Token']) !== $_GET['key']) { error('invalid'); } } else { $User = $Cache->get_value("api_users_{$UserID}"); if (!is_array($User)) { if (!isset($DB)) { require SERVER_ROOT . '/classes/mysql.class.php'; $DB = new DB_MYSQL(); } $DB->query("\n\t\t\tSELECT AppID, Token, State, Time, Access\n\t\t\tFROM api_users\n\t\t\tWHERE UserID = '{$UserID}'\n\t\t\tLIMIT 1"); //int, no db_string $User = $DB->to_array('AppID', MYSQLI_ASSOC); $Cache->cache_value("api_users_{$UserID}", $User, 0); } $User = $User[$AppID]; if (md5($User['Token'] . $App['Token']) !== $_GET['key']) { error('invalid'); } } die('API put on hold'); require SERVER_ROOT . '/sections/api/' . $_GET['req'] . '.php'; echo '</payload>'; $Debug->profile();
require "misc.class.php"; require "sql.class.php"; $DB = new DB_MYSQL(); $Resolution = ""; if (!isset($_GET['v2'])) { $v2 == "def"; } else { $v2 = $_GET['v2']; } if ($v2 == "def") { $Resolution = "(resolution='1536x1180' OR\n\t\tresolution='1180x1536' OR\n\t\tresolution='1600x1200' OR\n\t\tresolution='1200x1600' OR\n\t\tresolution='2048x1536' OR\n\t\tresolution='1536x2048' OR\n\t\tresolution='2240x1680' OR\n\t\tresolution='1680x2240' OR\n\t\tresolution='2560x1920' OR\n\t\tresolution='1920x2560' OR\n\t\tresolution='3032x2008' OR\n\t\tresolution='2008x3032' OR\n\t\tresolution='3072x2304' OR\n\t\tresolution='2304x3072' OR\n\t\tresolution='3264x2448' OR\n\t\tresolution='2448x3264')"; } else { $Resolution = "resolution='" . db_string($_GET['v2']) . "'"; $IDExtra = ""; } $q = "SELECT Code, Extension\n\t\tFROM uploads\n\t\tWHERE\n{$Resolution}\n{$IDExtra}"; $DB->query($q); $Data = $DB->to_array(); if ($IDExtra) { echo "<a href='?v2=def&v6=" . $_GET['v6'] . "&id=" . ($ID + 20000) . "'>next</a><br />"; } while (list($Key, list($Code, $Ext)) = each($Data)) { if ($_GET['v2'] == "def") { echo sprintf("<a href='http://ptpimg.me/%s.%s'><img src='http://ptpimg.me/%s.%s' height='500' width='500' /></a><br />", $Code, $Ext, $Code, $Ext); } else { echo sprintf("<a href='http://ptpimg.me/%s.%s'><img src='http://ptpimg.me/%s.%s' /></a><br />", $Code, $Ext, $Code, $Ext); } } if ($IDExtra) { echo "<a href='?v2=def&v6=" . $_GET['v6'] . "&id=" . ($ID + 20000) . "'>next</a><br />"; }
if ($Sneaky) { global $DB, $Cache; print_r($DB); print_r($Cache); } } // API Keys; ptpimg+api@nervex.net $ApiKeys = array("QT5LGz7ktGFVZpfFArVHCpEvDcC3qrUZrf0kP", "iSQGkh6VJjAtkMjcDQysTPXOUGxiHutVYBw71"); $Browser = $UA->browser($_SERVER['HTTP_USER_AGENT']); $OperatingSystem = $UA->operating_system($_SERVER['HTTP_USER_AGENT']); //$Mobile = $UA->mobile($_SERVER['HTTP_USER_AGENT']); // Get permissions list($Classes, $ClassLevels) = $Cache->get_value('classes'); if (!$Classes || !$ClassLevels) { $DB->query('SELECT ID, Name, Level FROM permissions ORDER BY Level'); $Classes = $DB->to_array('ID'); $ClassLevels = $DB->to_array('Level'); $Cache->cache_value('classes', array($Classes, $ClassLevels), 0); } if (isset($_COOKIE['session'])) { $LoginCookie = $Enc->decrypt($_COOKIE['session']); } if (isset($LoginCookie)) { list($SessionID, $LoggedUser['ID']) = explode("|~|", $Enc->decrypt($LoginCookie)); $LoggedUser['ID'] = (int) $LoggedUser['ID']; $UserID = $LoggedUser['ID']; //TODO: UserID should not be LoggedUser if (!$LoggedUser['ID'] || !$SessionID) { logout(); } $UserSessions = $Cache->get_value('users_sessions_' . $UserID);
define('SQLHOST', 'localhost'); //The MySQL host ip/fqdn define('SQLLOGIN', 'ptpimg'); //The MySQL login define('SQLPASS', 'mri34mni'); //The MySQL password define('SQLDB', 'ptpimg'); //The MySQL database to use define('SQLPORT', '3306'); //The MySQL port to connect on define('SQLSOCK', '/var/run/mysqld/mysqld.sock'); require "misc.class.php"; require "sql.class.php"; $DB = new DB_MYSQL(); $DB->query("SELECT ID, Code FROM uploads WHERE NewHash=''"); $Results = $DB->to_array('', MYSQLI_NUM, false); $UBound = count($Results); $QueryCount = 0; $Query = array(); while (list($Key, list($ID, $Code)) = each($Results)) { if ($QueryCount > 500) { echo "500 queries, flushing."; $x = microtime(); $x = explode(" ", $x); $x = $x[1] + $x[0]; foreach ($Query as $q) { $DB->query($q); } $y = microtime(); $y = explode(" ", $y); $y = $y[1] + $y[0];
list($BlogID, $Author, $AuthorID, $Title, $Body, $BlogTime, $ThreadID) = $BlogItem; if ($ThreadID) { echo $Feed->item($Title, Text::strip_bbcode($Body), "forums.php?action=viewthread&threadid={$ThreadID}", SITE_NAME . ' Staff', '', '', $BlogTime); } else { echo $Feed->item($Title, Text::strip_bbcode($Body), "blog.php#blog{$BlogID}", SITE_NAME . ' Staff', '', '', $BlogTime); } } break; case 'feed_changelog': $Feed->channel('Gazelle Change Log', 'RSS feed for Gazelle\'s changelog.'); if (!($Changelog = $Cache->get_value('changelog'))) { require SERVER_ROOT . '/classes/mysql.class.php'; require SERVER_ROOT . '/classes/misc.class.php'; $DB = new DB_MYSQL(); $DB->query("\n\t\t\t\tSELECT Message, Author, Date(Time)\n\t\t\t\tFROM changelog\n\t\t\t\tORDER BY Time DESC\n\t\t\t\tLIMIT 20"); $Changelog = $DB->to_array(); $Cache->cache_value('changelog', $Changelog, 86400); } foreach ($Changelog as $Change) { list($Message, $Author, $Date) = $Change; echo $Feed->item("{$Date} by {$Author}", $Message, 'tools.php?action=change_log', SITE_NAME . ' Staff', '', '', $Date); } break; case 'torrents_all': $Feed->channel('All Torrents', 'RSS feed for all new torrent uploads.'); $Feed->retrieve('torrents_all', $_GET['authkey'], $_GET['passkey']); break; case 'torrents_music': $Feed->channel('Music Torrents', 'RSS feed for all new music torrents.'); $Feed->retrieve('torrents_music', $_GET['authkey'], $_GET['passkey']); break;