function takereport($reportid, $type, $reason)
{
global $CURUSER, $lang_report, $Cache;
int_check($reportid);
// Check if takereason is set
if ($reason == '') {
stderr($lang_report['std_error'], $lang_report['std_missing_reason']);
die;
}
$res = sql_query("SELECT id FROM reports WHERE addedby = " . sqlesc($CURUSER[id]) . " AND reportid= " . sqlesc($reportid) . " AND type = " . sqlesc($type)) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) {
$date = sqlesc(date("Y-m-d H:i:s"));
sql_query("INSERT into reports (addedby,reportid,type,reason,added) VALUES (" . sqlesc($CURUSER[id]) . "," . sqlesc($reportid) . "," . sqlesc($type) . ", " . sqlesc(trim($reason)) . "," . $date . ")") or sqlerr(__FILE__, __LINE__);
$Cache->delete_value('staff_report_count');
$Cache->delete_value('staff_new_report_count');
stderr($lang_report['std_message'], $lang_report['std_successfully_reported']);
die;
} else {
stderr($lang_report['std_error'], $lang_report['std_already_reported_this']);
die;
}
}
<?php
require_once "include/bittorrent.php";
dbconn();
require_once get_langfile_path();
loggedinorreturn();
function bark($msg)
{
stdhead();
stdmsg($lang_takeflush['std_failed'], $msg);
stdfoot();
exit;
}
$id = 0 + $_GET['id'];
int_check($id, true);
if (get_user_class() >= UC_MODERATOR || $CURUSER[id] == "{$id}") {
$deadtime = deadtime();
//$deadtime2 = deadtime();
//$deadtime = time()-600
//sql_query("DELETE FROM peers WHERE ((last_action< FROM_UNIXTIME($deadtime) AND seeder = 'no)' or (last_action<FROM_UNIXTIME($deadtime2) AND seeder = 'yes')) and userid = " . sqlesc($id));
sql_query("DELETE FROM peers WHERE last_action < FROM_UNIXTIME({$deadtime}) AND userid=" . sqlesc($id));
$effected = mysql_affected_rows();
stderr($lang_takeflush['std_success'], "{$effected} " . $lang_takeflush['std_ghost_torrents_cleaned']);
} else {
bark($lang_takeflush['std_cannot_flush_others']);
}
function int_check($value, $stdhead = false, $stdfood = true, $die = true, $log = true)
{
global $CURUSER;
$msg = "Invalid ID Attempt: Username: "******"username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip();
if (is_array($value)) {
foreach ($value as $val) {
int_check($val);
}
} else {
if (!is_valid_id($value)) {
if ($stdhead) {
if ($log) {
write_log($msg);
}
stderr("ERROR", "Invalid ID! For security reason, we have been logged this action.");
} else {
print "<h2>Error</h2><table width=100% border=1 cellspacing=0 cellpadding=10><tr><td class=text>";
print "Invalid ID! For security reason, we have been logged this action.</td></tr></table>";
if ($log) {
write_log($msg);
}
}
if ($stdfood) {
stdfoot();
}
if ($die) {
die;
}
} else {
return true;
}
}
}
}
echo $pagerbottom;
}
print $lang_log['time_zone_note'];
stdfoot();
die;
break;
case "poll":
$do = $_GET["do"];
$pollid = $_GET["pollid"];
$returnto = htmlspecialchars($_GET["returnto"]);
if ($do == "delete") {
if (get_user_class() < $chrmanage_class) {
stderr($lang_log['std_error'], $lang_log['std_permission_denied']);
}
int_check($pollid, true);
$sure = $_GET["sure"];
if (!$sure) {
stderr($lang_log['std_delete_poll'], $lang_log['std_delete_poll_confirmation'] . "<a href=?action=poll&do=delete&pollid={$pollid}&returnto={$returnto}&sure=1>" . $lang_log['std_here_if_sure'], false);
}
sql_query("DELETE FROM pollanswers WHERE pollid = {$pollid}") or sqlerr();
sql_query("DELETE FROM polls WHERE id = {$pollid}") or sqlerr();
$Cache->delete_value('current_poll_content');
$Cache->delete_value('current_poll_result', true);
if ($returnto == "main") {
header("Location: " . get_protocol_prefix() . "{$BASEURL}");
} else {
header("Location: " . get_protocol_prefix() . "{$BASEURL}/log.php?action=poll&deleted=1");
}
die;
}
<?php
// Magic for torrent promotion V2.0
// By Dai, 2013.6
require "include/bittorrent.php";
dbconn();
require_once get_langfile_path();
loggedinorreturn();
//stdhead($lang_magic['head_magic']);
if (get_user_class() < UC_SYSOP) {
stderr("Sorry", "Sorry, we are updating this module.");
die;
}
//check id
$id = 0 + $_GET["id"];
int_check($id);
if (!isset($id) || !$id) {
die;
}
//get info of a id
$res = sql_query("SELECT torrents.name, torrents.size, torrents.owner, torrents.sp_state, torrents.anonymous FROM torrents WHERE torrents.id = {$id} LIMIT 1") or sqlerr();
$row = mysql_fetch_array($res);
//get the user info
$myid = $CURUSER["id"];
$myreq = sql_query("SELECT users.class FROM users WHERE users.id = {$myid} LIMIT 1") or sqlerr();
$tmparr = mysql_fetch_array($myreq);
$myclass = $tmparr['class'];
$ownerid = $row['owner'];
$myreq = sql_query("SELECT users.class FROM users WHERE users.id = {$ownerid} LIMIT 1") or sqlerr();
$tmparr = mysql_fetch_array($myreq);
$ownerclass = $tmparr['class'];
function check_whether_exist($id, $place = 'forum')
{
global $lang_forums;
int_check($id, true);
switch ($place) {
case 'forum':
$count = get_row_count("forums", "WHERE id=" . sqlesc($id));
if (!$count) {
stderr($lang_forums['std_error'], $lang_forums['std_no_forum_id']);
}
break;
case 'topic':
$count = get_row_count("topics", "WHERE id=" . sqlesc($id));
if (!$count) {
stderr($lang_forums['std_error'], $lang_forums['std_bad_topic_id']);
}
$forumid = get_single_value("topics", "forumid", "WHERE id=" . sqlesc($id));
check_whether_exist($forumid, 'forum');
break;
case 'post':
$count = get_row_count("posts", "WHERE id=" . sqlesc($id));
if (!$count) {
stderr($lang_forums['std_error'], $lang_forums['std_no_post_id']);
}
$topicid = get_single_value("posts", "topicid", "WHERE id=" . sqlesc($id));
check_whether_exist($topicid, 'topic');
break;
}
}
<?php
require "include/bittorrent.php";
dbconn();
loggedinorreturn();
if (get_user_class() < UC_SYSOP) {
stderr("Error", "Permission denied.");
}
$class = 0 + $_POST["class"];
if ($class) {
int_check($class, true);
}
$or = $_POST["or"];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$res = sql_query("SELECT id, username, email FROM users WHERE class {$or} " . mysql_real_escape_string($class)) or sqlerr(__FILE__, __LINE__);
$subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80);
if ($subject == "") {
$subject = "(no subject)";
}
$subject = "Fw: {$subject}";
$message1 = htmlspecialchars(trim($_POST["message"]));
if ($message1 == "") {
stderr("Error", "Empty message!");
}
while ($arr = mysql_fetch_array($res)) {
$to = $arr["email"];
$message = "Message received from " . $SITENAME . " on " . date("Y-m-d H:i:s") . ".\n" . "---------------------------------------------------------------------\n\n" . $message1 . "\n\n" . "---------------------------------------------------------------------\n{$SITENAME}\n";
$success = sent_mail($to, $SITENAME, $SITEEMAIL, $subject, $message, "Mass Mail", false);
}
if ($success) {
stderr("Success", "Messages sent.");
if (!mkglobal("wantusername:wantpassword:passagain:email")) {
die;
}
$email = htmlspecialchars(trim($email));
//$email = safe_email($email);
//if (!check_email($email))
// bark($lang_takesignup['std_invalid_email_address']);
//if(EmailBanned($email))
// bark($lang_takesignup['std_email_address_banned']);
//if(!EmailAllowed($email))
// bark($lang_takesignup['std_wrong_email_address_domains'].allowedemails());
$country = $_POST["country"];
int_check($country);
if ($showschool == 'yes') {
$school = $_POST["school"];
int_check($school);
}
$gender = htmlspecialchars(trim($_POST["gender"]));
$allowed_genders = array("Male", "Female", "male", "female");
if (!in_array($gender, $allowed_genders, true)) {
bark($lang_takesignup['std_invalid_gender']);
}
//if (empty($wantusername) || empty($wantpassword) || empty($email) || empty($country) || empty($gender))
if (empty($wantusername) || empty($wantpassword) || empty($country) || empty($gender)) {
bark($lang_takesignup['std_blank_field']);
}
if (strlen($wantusername) > 12) {
bark($lang_takesignup['std_username_too_long']);
}
if ($wantpassword != $passagain) {
bark($lang_takesignup['std_passwords_unmatched']);
<?php
require "include/bittorrent.php";
dbconn();
require_once get_langfile_path();
loggedinorreturn();
parked();
$userid = $_GET["id"];
int_check($userid, true);
if ($CURUSER["id"] != $userid && get_user_class() < $viewhistory_class) {
permissiondenied();
}
$action = htmlspecialchars($_GET["action"]);
//-------- Global variables
$perpage = 15;
//-------- Action: View posts
if ($action == "viewposts") {
$select_is = "COUNT(DISTINCT p.id)";
$from_is = "posts AS p LEFT JOIN topics as t ON p.topicid = t.id LEFT JOIN forums AS f ON t.forumid = f.id";
$where_is = "p.userid = {$userid} AND f.minclassread <= " . $CURUSER['class'];
$order_is = "p.id DESC";
$query = "SELECT {$select_is} FROM {$from_is} WHERE {$where_is}";
$res = sql_query($query) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res) or stderr($lang_userhistory['std_error'], $lang_userhistory['std_no_posts_found']);
$postcount = $arr[0];
//------ Make page menu
list($pagertop, $pagerbottom, $limit) = pager($perpage, $postcount, $_SERVER["PHP_SELF"] . "?action=viewposts&id={$userid}&");
//------ Get user data
$res = sql_query("SELECT username, donor, warned, enabled FROM users WHERE id={$userid}") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 1) {
$arr = mysql_fetch_assoc($res);
function int_check($value, $stdhead = false, $stdfood = true, $die = true, $log = true)
{
global $lang_functions;
global $CURUSER;
if (is_array($value)) {
foreach ($value as $val) {
int_check($val);
}
} else {
if (!is_valid_id($value)) {
$msg = "Invalid ID Attempt: Username: "******"username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip();
if ($log) {
write_log($msg, 'mod');
}
if ($stdhead) {
stderr($lang_functions['std_error'], $lang_functions['std_invalid_id']);
} else {
print "<h2>" . $lang_functions['std_error'] . "</h2><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"10\"><tr><td class=\"text\">";
print $lang_functions['std_invalid_id'] . "</td></tr></table>";
}
if ($stdfood) {
stdfoot();
}
if ($die) {
die;
}
} else {
return true;
}
}
}
require "include/bittorrent.php";
dbconn();
require_once get_langfile_path();
loggedinorreturn();
parked();
if (isset($_GET["name"])) {
$receiver_name = $_GET["name"];
$res = sql_query("SELECT id FROM users WHERE username="******" LIMIT 1");
$arr = mysql_fetch_assoc($res);
$receiver = $arr['id'];
if (!is_numeric($receiver)) {
stderr($lang_sendmessage['std_error'], $lang_sendmessage['std_no_user_id']);
}
} else {
$receiver = $_GET["receiver"];
int_check($receiver, true);
}
$replyto = $_GET["replyto"];
if ($replyto && !is_valid_id($replyto)) {
stderr($lang_sendmessage['std_error'], $lang_sendmessage['std_permission_denied']);
}
$res = sql_query("SELECT * FROM users WHERE id={$receiver}") or die(mysql_error());
$user = mysql_fetch_assoc($res);
if (!$user) {
stderr($lang_sendmessage['std_error'], $lang_sendmessage['std_no_user_id']);
}
$subject = "";
$body = "";
if ($replyto) {
$res = sql_query("SELECT * FROM messages WHERE id={$replyto}") or sqlerr();
$msga = mysql_fetch_assoc($res);
if ($type == "request") {
sql_query("UPDATE req SET comments = comments - 1 WHERE id = {$parent_id}") or sqlerr(__FILE__, __LINE__);
}
}
}
}
KPS("-", $addcomment_bonus, $userpostid);
$returnto = $_GET["returnto"] ? $_GET["returnto"] : htmlspecialchars($_SERVER["HTTP_REFERER"]);
header("Location: {$returnto}");
die;
} elseif ($action == "vieworiginal") {
if (get_user_class() < $commanage_class) {
stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']);
}
$commentid = 0 + $_GET["cid"];
int_check($commentid, true);
if ($type == "torrent") {
$res = sql_query("SELECT c.*, t.name FROM comments AS c JOIN torrents AS t ON c.torrent = t.id WHERE c.id={$commentid}") or sqlerr(__FILE__, __LINE__);
} else {
if ($type == "offer") {
$res = sql_query("SELECT c.*, o.name FROM comments AS c JOIN offers AS o ON c.offer = o.id WHERE c.id={$commentid}") or sqlerr(__FILE__, __LINE__);
} else {
if ($type == "request") {
$res = sql_query("SELECT c.*, r.name as name FROM comments AS c JOIN req AS r ON c.name = r.id WHERE c.id={$commentid}") or sqlerr(__FILE__, __LINE__);
}
}
}
$arr = mysql_fetch_array($res);
if (!$arr) {
stderr($lang_comment['std_error'], $lang_comment['std_invalid_id']);
}
}
$notify = $_POST['notify'];
if ($notify != 'yes') {
$notify = 'no';
}
sql_query("INSERT INTO news (userid, added, body, title, notify) VALUES (" . sqlesc($CURUSER['id']) . ", {$added}, " . sqlesc($body) . ", " . sqlesc($title) . ", " . sqlesc($notify) . ")") or sqlerr(__FILE__, __LINE__);
$Cache->delete_value('recent_news', true);
if (mysql_affected_rows() != 1) {
stderr($lang_news['std_error'], $lang_news['std_something_weird_happened']);
}
header("Location: " . get_protocol_prefix() . "{$BASEURL}/index.php");
}
// Edit News Item ////////////////////////////////////////////////////////
if ($action == 'edit') {
$newsid = 0 + $_GET["newsid"];
int_check($newsid, true);
$res = sql_query("SELECT * FROM news WHERE id=" . sqlesc($newsid)) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) != 1) {
stderr($lang_news['std_error'], $lang_news['std_invalid_news_id'] . $newsid);
}
$arr = mysql_fetch_array($res);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$body = htmlspecialchars($_POST['body'], ENT_QUOTES);
if ($body == "") {
stderr($lang_news['std_error'], $lang_news['std_news_body_empty']);
}
$title = htmlspecialchars($_POST['subject']);
if ($title == "") {
stderr($lang_news['std_error'], $lang_news['std_news_title_empty']);
}
$body = sqlesc($body);
$wherecodecina[] = $codec_get;
$addparam .= "codec={$codec_get}&";
} elseif ($standard_get) {
int_check($standard_get, true, true, true);
$wherestandardina[] = $standard_get;
$addparam .= "standard={$standard_get}&";
} elseif ($processing_get) {
int_check($processing_get, true, true, true);
$whereprocessingina[] = $processing_get;
$addparam .= "processing={$processing_get}&";
} elseif ($team_get) {
int_check($team_get, true, true, true);
$whereteamina[] = $team_get;
$addparam .= "team={$team_get}&";
} elseif ($audiocodec_get) {
int_check($audiocodec_get, true, true, true);
$whereaudiocodecina[] = $audiocodec_get;
$addparam .= "audiocodec={$audiocodec_get}&";
} else {
$all = True;
foreach ($cats as $cat) {
$all &= $_GET["cat{$cat['id']}"];
if ($_GET["cat{$cat['id']}"]) {
$wherecatina[] = $cat[id];
$addparam .= "cat{$cat['id']}=1&";
}
}
if ($showsubcat) {
if ($showsource) {
foreach ($sources as $source) {
$all &= $_GET["source{$source['id']}"];
<?php
require "include/bittorrent.php";
dbconn();
loggedinorreturn();
if (get_user_class() < UC_MODERATOR) {
stderr("Sorry", "Access denied.");
}
$status = $_GET['status'];
if ($status) {
int_check($status, true);
}
$res = sql_query("SELECT * FROM users WHERE status='pending' ORDER BY username") or sqlerr();
if (mysql_num_rows($res) != 0) {
stdhead("Unconfirmed Users");
begin_main_frame();
begin_frame("");
print '<br><table width=100% border=1 cellspacing=0 cellpadding=5>';
if ($status) {
print '<tr><td class=rowhead colspan=5><font color=red size=1>The User account has been updated!</font></tr></td>';
}
print '<tr>';
print '<td class=rowhead><center>Name</center></td>';
print '<td class=rowhead><center>eMail</center></td>';
print '<td class=rowhead><center>Added</center></td>';
print '<td class=rowhead><center>Set Status</center></td>';
print '<td class=rowhead><center>Confirm</center></td>';
print '</tr>';
while ($row = mysql_fetch_assoc($res)) {
$id = $row['id'];
print '<tr><form method=post action=modtask.php>';
<?php
ob_start();
//Do not delete this line
require_once "include/bittorrent.php";
dbconn();
require_once get_langfile_path();
if ($showextinfo['imdb'] == 'yes') {
require_once "imdb/imdb.class.php";
}
loggedinorreturn();
int_check($_GET["id"]);
if (!isset($_GET["id"]) || !$_GET["id"]) {
stderr("错误的参数");
}
$id = 0 + $_GET["id"];
$res = sql_query("SELECT torrents.status AS status, torrents.cache_stamp, torrents.sp_state, torrents.url, torrents.dburl, torrents.small_descr, torrents.seeders, torrents.banned, torrents.leechers, torrents.info_hash, torrents.filename, nfo, LENGTH(torrents.nfo) AS nfosz, torrents.last_action, torrents.name, torrents.owner, torrents.save_as, torrents.descr, torrents.visible, torrents.size, torrents.added, torrents.views, torrents.hits, torrents.times_completed, torrents.id, torrents.type, torrents.numfiles, torrents.anonymous, categories.name AS cat_name, sources.name AS source_name, media.name AS medium_name, codecs.name AS codec_name, standards.name AS standard_name, processings.name AS processing_name, teams.name AS team_name, audiocodecs.name AS audiocodec_name FROM torrents LEFT JOIN categories ON torrents.category = categories.id LEFT JOIN sources ON torrents.source = sources.id LEFT JOIN media ON torrents.medium = media.id LEFT JOIN codecs ON torrents.codec = codecs.id LEFT JOIN standards ON torrents.standard = standards.id LEFT JOIN processings ON torrents.processing = processings.id LEFT JOIN teams ON torrents.team = teams.id LEFT JOIN audiocodecs ON torrents.audiocodec = audiocodecs.id WHERE torrents.id = {$id} LIMIT 1") or sqlerr();
$row = mysql_fetch_array($res);
if (get_user_class() >= $torrentmanage_class || $CURUSER["id"] == $row["owner"]) {
$owned = 1;
} else {
$owned = 0;
}
$ownerid = $row['owner'];
if (!$row) {
stderr($lang_details['std_error'], $lang_details['std_no_torrent_id']);
} elseif ($row['banned'] == 'yes' && get_user_class() < $seebanned_class && !$owned) {
permissiondenied();
} else {
if ($_GET["hit"]) {
sql_query("UPDATE torrents SET views = views + 1 WHERE id = {$id}");
