function takereport($reportid, $type, $reason) { global $CURUSER, $lang_report, $Cache; int_check($reportid); // Check if takereason is set if ($reason == '') { stderr($lang_report['std_error'], $lang_report['std_missing_reason']); die; } $res = sql_query("SELECT id FROM reports WHERE addedby = " . sqlesc($CURUSER[id]) . " AND reportid= " . sqlesc($reportid) . " AND type = " . sqlesc($type)) or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) { $date = sqlesc(date("Y-m-d H:i:s")); sql_query("INSERT into reports (addedby,reportid,type,reason,added) VALUES (" . sqlesc($CURUSER[id]) . "," . sqlesc($reportid) . "," . sqlesc($type) . ", " . sqlesc(trim($reason)) . "," . $date . ")") or sqlerr(__FILE__, __LINE__); $Cache->delete_value('staff_report_count'); $Cache->delete_value('staff_new_report_count'); stderr($lang_report['std_message'], $lang_report['std_successfully_reported']); die; } else { stderr($lang_report['std_error'], $lang_report['std_already_reported_this']); die; } }
<?php require_once "include/bittorrent.php"; dbconn(); require_once get_langfile_path(); loggedinorreturn(); function bark($msg) { stdhead(); stdmsg($lang_takeflush['std_failed'], $msg); stdfoot(); exit; } $id = 0 + $_GET['id']; int_check($id, true); if (get_user_class() >= UC_MODERATOR || $CURUSER[id] == "{$id}") { $deadtime = deadtime(); //$deadtime2 = deadtime(); //$deadtime = time()-600 //sql_query("DELETE FROM peers WHERE ((last_action< FROM_UNIXTIME($deadtime) AND seeder = 'no)' or (last_action<FROM_UNIXTIME($deadtime2) AND seeder = 'yes')) and userid = " . sqlesc($id)); sql_query("DELETE FROM peers WHERE last_action < FROM_UNIXTIME({$deadtime}) AND userid=" . sqlesc($id)); $effected = mysql_affected_rows(); stderr($lang_takeflush['std_success'], "{$effected} " . $lang_takeflush['std_ghost_torrents_cleaned']); } else { bark($lang_takeflush['std_cannot_flush_others']); }
function int_check($value, $stdhead = false, $stdfood = true, $die = true, $log = true) { global $CURUSER; $msg = "Invalid ID Attempt: Username: "******"username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip(); if (is_array($value)) { foreach ($value as $val) { int_check($val); } } else { if (!is_valid_id($value)) { if ($stdhead) { if ($log) { write_log($msg); } stderr("ERROR", "Invalid ID! For security reason, we have been logged this action."); } else { print "<h2>Error</h2><table width=100% border=1 cellspacing=0 cellpadding=10><tr><td class=text>"; print "Invalid ID! For security reason, we have been logged this action.</td></tr></table>"; if ($log) { write_log($msg); } } if ($stdfood) { stdfoot(); } if ($die) { die; } } else { return true; } } }
} echo $pagerbottom; } print $lang_log['time_zone_note']; stdfoot(); die; break; case "poll": $do = $_GET["do"]; $pollid = $_GET["pollid"]; $returnto = htmlspecialchars($_GET["returnto"]); if ($do == "delete") { if (get_user_class() < $chrmanage_class) { stderr($lang_log['std_error'], $lang_log['std_permission_denied']); } int_check($pollid, true); $sure = $_GET["sure"]; if (!$sure) { stderr($lang_log['std_delete_poll'], $lang_log['std_delete_poll_confirmation'] . "<a href=?action=poll&do=delete&pollid={$pollid}&returnto={$returnto}&sure=1>" . $lang_log['std_here_if_sure'], false); } sql_query("DELETE FROM pollanswers WHERE pollid = {$pollid}") or sqlerr(); sql_query("DELETE FROM polls WHERE id = {$pollid}") or sqlerr(); $Cache->delete_value('current_poll_content'); $Cache->delete_value('current_poll_result', true); if ($returnto == "main") { header("Location: " . get_protocol_prefix() . "{$BASEURL}"); } else { header("Location: " . get_protocol_prefix() . "{$BASEURL}/log.php?action=poll&deleted=1"); } die; }
<?php // Magic for torrent promotion V2.0 // By Dai, 2013.6 require "include/bittorrent.php"; dbconn(); require_once get_langfile_path(); loggedinorreturn(); //stdhead($lang_magic['head_magic']); if (get_user_class() < UC_SYSOP) { stderr("Sorry", "Sorry, we are updating this module."); die; } //check id $id = 0 + $_GET["id"]; int_check($id); if (!isset($id) || !$id) { die; } //get info of a id $res = sql_query("SELECT torrents.name, torrents.size, torrents.owner, torrents.sp_state, torrents.anonymous FROM torrents WHERE torrents.id = {$id} LIMIT 1") or sqlerr(); $row = mysql_fetch_array($res); //get the user info $myid = $CURUSER["id"]; $myreq = sql_query("SELECT users.class FROM users WHERE users.id = {$myid} LIMIT 1") or sqlerr(); $tmparr = mysql_fetch_array($myreq); $myclass = $tmparr['class']; $ownerid = $row['owner']; $myreq = sql_query("SELECT users.class FROM users WHERE users.id = {$ownerid} LIMIT 1") or sqlerr(); $tmparr = mysql_fetch_array($myreq); $ownerclass = $tmparr['class'];
function check_whether_exist($id, $place = 'forum') { global $lang_forums; int_check($id, true); switch ($place) { case 'forum': $count = get_row_count("forums", "WHERE id=" . sqlesc($id)); if (!$count) { stderr($lang_forums['std_error'], $lang_forums['std_no_forum_id']); } break; case 'topic': $count = get_row_count("topics", "WHERE id=" . sqlesc($id)); if (!$count) { stderr($lang_forums['std_error'], $lang_forums['std_bad_topic_id']); } $forumid = get_single_value("topics", "forumid", "WHERE id=" . sqlesc($id)); check_whether_exist($forumid, 'forum'); break; case 'post': $count = get_row_count("posts", "WHERE id=" . sqlesc($id)); if (!$count) { stderr($lang_forums['std_error'], $lang_forums['std_no_post_id']); } $topicid = get_single_value("posts", "topicid", "WHERE id=" . sqlesc($id)); check_whether_exist($topicid, 'topic'); break; } }
<?php require "include/bittorrent.php"; dbconn(); loggedinorreturn(); if (get_user_class() < UC_SYSOP) { stderr("Error", "Permission denied."); } $class = 0 + $_POST["class"]; if ($class) { int_check($class, true); } $or = $_POST["or"]; if ($_SERVER["REQUEST_METHOD"] == "POST") { $res = sql_query("SELECT id, username, email FROM users WHERE class {$or} " . mysql_real_escape_string($class)) or sqlerr(__FILE__, __LINE__); $subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80); if ($subject == "") { $subject = "(no subject)"; } $subject = "Fw: {$subject}"; $message1 = htmlspecialchars(trim($_POST["message"])); if ($message1 == "") { stderr("Error", "Empty message!"); } while ($arr = mysql_fetch_array($res)) { $to = $arr["email"]; $message = "Message received from " . $SITENAME . " on " . date("Y-m-d H:i:s") . ".\n" . "---------------------------------------------------------------------\n\n" . $message1 . "\n\n" . "---------------------------------------------------------------------\n{$SITENAME}\n"; $success = sent_mail($to, $SITENAME, $SITEEMAIL, $subject, $message, "Mass Mail", false); } if ($success) { stderr("Success", "Messages sent.");
if (!mkglobal("wantusername:wantpassword:passagain:email")) { die; } $email = htmlspecialchars(trim($email)); //$email = safe_email($email); //if (!check_email($email)) // bark($lang_takesignup['std_invalid_email_address']); //if(EmailBanned($email)) // bark($lang_takesignup['std_email_address_banned']); //if(!EmailAllowed($email)) // bark($lang_takesignup['std_wrong_email_address_domains'].allowedemails()); $country = $_POST["country"]; int_check($country); if ($showschool == 'yes') { $school = $_POST["school"]; int_check($school); } $gender = htmlspecialchars(trim($_POST["gender"])); $allowed_genders = array("Male", "Female", "male", "female"); if (!in_array($gender, $allowed_genders, true)) { bark($lang_takesignup['std_invalid_gender']); } //if (empty($wantusername) || empty($wantpassword) || empty($email) || empty($country) || empty($gender)) if (empty($wantusername) || empty($wantpassword) || empty($country) || empty($gender)) { bark($lang_takesignup['std_blank_field']); } if (strlen($wantusername) > 12) { bark($lang_takesignup['std_username_too_long']); } if ($wantpassword != $passagain) { bark($lang_takesignup['std_passwords_unmatched']);
<?php require "include/bittorrent.php"; dbconn(); require_once get_langfile_path(); loggedinorreturn(); parked(); $userid = $_GET["id"]; int_check($userid, true); if ($CURUSER["id"] != $userid && get_user_class() < $viewhistory_class) { permissiondenied(); } $action = htmlspecialchars($_GET["action"]); //-------- Global variables $perpage = 15; //-------- Action: View posts if ($action == "viewposts") { $select_is = "COUNT(DISTINCT p.id)"; $from_is = "posts AS p LEFT JOIN topics as t ON p.topicid = t.id LEFT JOIN forums AS f ON t.forumid = f.id"; $where_is = "p.userid = {$userid} AND f.minclassread <= " . $CURUSER['class']; $order_is = "p.id DESC"; $query = "SELECT {$select_is} FROM {$from_is} WHERE {$where_is}"; $res = sql_query($query) or sqlerr(__FILE__, __LINE__); $arr = mysql_fetch_row($res) or stderr($lang_userhistory['std_error'], $lang_userhistory['std_no_posts_found']); $postcount = $arr[0]; //------ Make page menu list($pagertop, $pagerbottom, $limit) = pager($perpage, $postcount, $_SERVER["PHP_SELF"] . "?action=viewposts&id={$userid}&"); //------ Get user data $res = sql_query("SELECT username, donor, warned, enabled FROM users WHERE id={$userid}") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 1) { $arr = mysql_fetch_assoc($res);
function int_check($value, $stdhead = false, $stdfood = true, $die = true, $log = true) { global $lang_functions; global $CURUSER; if (is_array($value)) { foreach ($value as $val) { int_check($val); } } else { if (!is_valid_id($value)) { $msg = "Invalid ID Attempt: Username: "******"username"] . " - UserID: " . $CURUSER["id"] . " - UserIP : " . getip(); if ($log) { write_log($msg, 'mod'); } if ($stdhead) { stderr($lang_functions['std_error'], $lang_functions['std_invalid_id']); } else { print "<h2>" . $lang_functions['std_error'] . "</h2><table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"10\"><tr><td class=\"text\">"; print $lang_functions['std_invalid_id'] . "</td></tr></table>"; } if ($stdfood) { stdfoot(); } if ($die) { die; } } else { return true; } } }
require "include/bittorrent.php"; dbconn(); require_once get_langfile_path(); loggedinorreturn(); parked(); if (isset($_GET["name"])) { $receiver_name = $_GET["name"]; $res = sql_query("SELECT id FROM users WHERE username="******" LIMIT 1"); $arr = mysql_fetch_assoc($res); $receiver = $arr['id']; if (!is_numeric($receiver)) { stderr($lang_sendmessage['std_error'], $lang_sendmessage['std_no_user_id']); } } else { $receiver = $_GET["receiver"]; int_check($receiver, true); } $replyto = $_GET["replyto"]; if ($replyto && !is_valid_id($replyto)) { stderr($lang_sendmessage['std_error'], $lang_sendmessage['std_permission_denied']); } $res = sql_query("SELECT * FROM users WHERE id={$receiver}") or die(mysql_error()); $user = mysql_fetch_assoc($res); if (!$user) { stderr($lang_sendmessage['std_error'], $lang_sendmessage['std_no_user_id']); } $subject = ""; $body = ""; if ($replyto) { $res = sql_query("SELECT * FROM messages WHERE id={$replyto}") or sqlerr(); $msga = mysql_fetch_assoc($res);
if ($type == "request") { sql_query("UPDATE req SET comments = comments - 1 WHERE id = {$parent_id}") or sqlerr(__FILE__, __LINE__); } } } } KPS("-", $addcomment_bonus, $userpostid); $returnto = $_GET["returnto"] ? $_GET["returnto"] : htmlspecialchars($_SERVER["HTTP_REFERER"]); header("Location: {$returnto}"); die; } elseif ($action == "vieworiginal") { if (get_user_class() < $commanage_class) { stderr($lang_comment['std_error'], $lang_comment['std_permission_denied']); } $commentid = 0 + $_GET["cid"]; int_check($commentid, true); if ($type == "torrent") { $res = sql_query("SELECT c.*, t.name FROM comments AS c JOIN torrents AS t ON c.torrent = t.id WHERE c.id={$commentid}") or sqlerr(__FILE__, __LINE__); } else { if ($type == "offer") { $res = sql_query("SELECT c.*, o.name FROM comments AS c JOIN offers AS o ON c.offer = o.id WHERE c.id={$commentid}") or sqlerr(__FILE__, __LINE__); } else { if ($type == "request") { $res = sql_query("SELECT c.*, r.name as name FROM comments AS c JOIN req AS r ON c.name = r.id WHERE c.id={$commentid}") or sqlerr(__FILE__, __LINE__); } } } $arr = mysql_fetch_array($res); if (!$arr) { stderr($lang_comment['std_error'], $lang_comment['std_invalid_id']); }
} $notify = $_POST['notify']; if ($notify != 'yes') { $notify = 'no'; } sql_query("INSERT INTO news (userid, added, body, title, notify) VALUES (" . sqlesc($CURUSER['id']) . ", {$added}, " . sqlesc($body) . ", " . sqlesc($title) . ", " . sqlesc($notify) . ")") or sqlerr(__FILE__, __LINE__); $Cache->delete_value('recent_news', true); if (mysql_affected_rows() != 1) { stderr($lang_news['std_error'], $lang_news['std_something_weird_happened']); } header("Location: " . get_protocol_prefix() . "{$BASEURL}/index.php"); } // Edit News Item //////////////////////////////////////////////////////// if ($action == 'edit') { $newsid = 0 + $_GET["newsid"]; int_check($newsid, true); $res = sql_query("SELECT * FROM news WHERE id=" . sqlesc($newsid)) or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) { stderr($lang_news['std_error'], $lang_news['std_invalid_news_id'] . $newsid); } $arr = mysql_fetch_array($res); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $body = htmlspecialchars($_POST['body'], ENT_QUOTES); if ($body == "") { stderr($lang_news['std_error'], $lang_news['std_news_body_empty']); } $title = htmlspecialchars($_POST['subject']); if ($title == "") { stderr($lang_news['std_error'], $lang_news['std_news_title_empty']); } $body = sqlesc($body);
$wherecodecina[] = $codec_get; $addparam .= "codec={$codec_get}&"; } elseif ($standard_get) { int_check($standard_get, true, true, true); $wherestandardina[] = $standard_get; $addparam .= "standard={$standard_get}&"; } elseif ($processing_get) { int_check($processing_get, true, true, true); $whereprocessingina[] = $processing_get; $addparam .= "processing={$processing_get}&"; } elseif ($team_get) { int_check($team_get, true, true, true); $whereteamina[] = $team_get; $addparam .= "team={$team_get}&"; } elseif ($audiocodec_get) { int_check($audiocodec_get, true, true, true); $whereaudiocodecina[] = $audiocodec_get; $addparam .= "audiocodec={$audiocodec_get}&"; } else { $all = True; foreach ($cats as $cat) { $all &= $_GET["cat{$cat['id']}"]; if ($_GET["cat{$cat['id']}"]) { $wherecatina[] = $cat[id]; $addparam .= "cat{$cat['id']}=1&"; } } if ($showsubcat) { if ($showsource) { foreach ($sources as $source) { $all &= $_GET["source{$source['id']}"];
<?php require "include/bittorrent.php"; dbconn(); loggedinorreturn(); if (get_user_class() < UC_MODERATOR) { stderr("Sorry", "Access denied."); } $status = $_GET['status']; if ($status) { int_check($status, true); } $res = sql_query("SELECT * FROM users WHERE status='pending' ORDER BY username") or sqlerr(); if (mysql_num_rows($res) != 0) { stdhead("Unconfirmed Users"); begin_main_frame(); begin_frame(""); print '<br><table width=100% border=1 cellspacing=0 cellpadding=5>'; if ($status) { print '<tr><td class=rowhead colspan=5><font color=red size=1>The User account has been updated!</font></tr></td>'; } print '<tr>'; print '<td class=rowhead><center>Name</center></td>'; print '<td class=rowhead><center>eMail</center></td>'; print '<td class=rowhead><center>Added</center></td>'; print '<td class=rowhead><center>Set Status</center></td>'; print '<td class=rowhead><center>Confirm</center></td>'; print '</tr>'; while ($row = mysql_fetch_assoc($res)) { $id = $row['id']; print '<tr><form method=post action=modtask.php>';
<?php ob_start(); //Do not delete this line require_once "include/bittorrent.php"; dbconn(); require_once get_langfile_path(); if ($showextinfo['imdb'] == 'yes') { require_once "imdb/imdb.class.php"; } loggedinorreturn(); int_check($_GET["id"]); if (!isset($_GET["id"]) || !$_GET["id"]) { stderr("错误的参数"); } $id = 0 + $_GET["id"]; $res = sql_query("SELECT torrents.status AS status, torrents.cache_stamp, torrents.sp_state, torrents.url, torrents.dburl, torrents.small_descr, torrents.seeders, torrents.banned, torrents.leechers, torrents.info_hash, torrents.filename, nfo, LENGTH(torrents.nfo) AS nfosz, torrents.last_action, torrents.name, torrents.owner, torrents.save_as, torrents.descr, torrents.visible, torrents.size, torrents.added, torrents.views, torrents.hits, torrents.times_completed, torrents.id, torrents.type, torrents.numfiles, torrents.anonymous, categories.name AS cat_name, sources.name AS source_name, media.name AS medium_name, codecs.name AS codec_name, standards.name AS standard_name, processings.name AS processing_name, teams.name AS team_name, audiocodecs.name AS audiocodec_name FROM torrents LEFT JOIN categories ON torrents.category = categories.id LEFT JOIN sources ON torrents.source = sources.id LEFT JOIN media ON torrents.medium = media.id LEFT JOIN codecs ON torrents.codec = codecs.id LEFT JOIN standards ON torrents.standard = standards.id LEFT JOIN processings ON torrents.processing = processings.id LEFT JOIN teams ON torrents.team = teams.id LEFT JOIN audiocodecs ON torrents.audiocodec = audiocodecs.id WHERE torrents.id = {$id} LIMIT 1") or sqlerr(); $row = mysql_fetch_array($res); if (get_user_class() >= $torrentmanage_class || $CURUSER["id"] == $row["owner"]) { $owned = 1; } else { $owned = 0; } $ownerid = $row['owner']; if (!$row) { stderr($lang_details['std_error'], $lang_details['std_no_torrent_id']); } elseif ($row['banned'] == 'yes' && get_user_class() < $seebanned_class && !$owned) { permissiondenied(); } else { if ($_GET["hit"]) { sql_query("UPDATE torrents SET views = views + 1 WHERE id = {$id}");