function json_scoreboard($user_type = null)
{
$values = array();
if (is_valid_id($user_type)) {
$values['user_type'] = $user_type;
}
$scores = db_query_fetch_all('
SELECT
u.id AS user_id,
u.team_name,
co.country_code,
SUM(c.points) AS score,
MAX(s.added) AS tiebreaker
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1
LEFT JOIN challenges AS c ON c.id = s.challenge
WHERE
u.competing = 1
' . (is_valid_id($user_type) ? 'AND u.user_type = :user_type' : '') . '
GROUP BY u.id
ORDER BY score DESC, tiebreaker ASC', $values);
$scoreboard = array();
for ($i = 0; $i < count($scores); $i++) {
$scoreboard['standings'][$i] = array('pos' => $i + 1, 'team' => $scores[$i]['team_name'], 'score' => array_get($scores[$i], 'score', 0), 'country' => $scores[$i]['country_code']);
}
echo json_encode($scoreboard);
}
function update_poll()
{
global $INSTALLER09, $CURUSER, $mc1, $lang;
$total_votes = 0;
if (!isset($_POST['pid']) or !is_valid_id($_POST['pid'])) {
stderr($lang['poll_up_usr_err'], $lang['poll_up_no_poll']);
}
$pid = intval($_POST['pid']);
if (!isset($_POST['poll_question']) or empty($_POST['poll_question'])) {
stderr($lang['poll_up_usr_err'], $lang['poll_up_no_title']);
}
$poll_title = sqlesc(htmlsafechars(strip_tags($_POST['poll_question']), ENT_QUOTES));
//get the main crux of the poll data
$poll_data = makepoll();
$total_votes = isset($poll_data['total_votes']) ? intval($poll_data['total_votes']) : 0;
unset($poll_data['total_votes']);
if (!is_array($poll_data) or !count($poll_data)) {
stderr($lang['poll_up_sys_err'], $lang['poll_up_no_data']);
}
//all ok, serialize
$poll_data = sqlesc(serialize($poll_data));
$username = sqlesc($CURUSER['username']);
sql_query("UPDATE polls SET choices={$poll_data}, starter_id={$CURUSER['id']}, starter_name={$username}, votes={$total_votes}, poll_question={$poll_title} WHERE pid=" . sqlesc($pid)) or sqlerr(__FILE__, __LINE__);
$mc1->delete_value('poll_data_' . $CURUSER['id']);
if (-1 == mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
$msg = "<h2>{$lang['poll_up_error']}</h2>\n <a href='javascript:history.back()' title='{$lang['poll_up_fix_it']}' style='color:green;font-weight:bold'><span class='btn' style='padding:3px;'><img style='vertical-align:middle;' src='{$INSTALLER09['pic_base_url']}/polls/p_delete.gif' alt='{$lang['poll_up_back']}' />{$lang['poll_up_back']}</span></a>";
} else {
$msg = "<h2>{$lang['poll_up_worked']}</h2>\n <a href='staffpanel.php?tool=polls_manager&action=polls_manager' title='{$lang['poll_up_return']}' style='color:green;font-weight:bold'><span class='btn' style='padding:3px;'><img style='vertical-align:middle;' src='{$INSTALLER09['pic_base_url']}/polls/p_tick.gif' alt='{$lang['poll_up_success']}' />{$lang['poll_up_success']}</span></a>";
}
echo stdhead($lang['poll_up_stdhead']) . $msg . stdfoot();
}
function update_poll()
{
global $INSTALLER09, $CURUSER, $mc1;
$total_votes = 0;
if (!isset($_POST['pid']) or !is_valid_id($_POST['pid'])) {
stderr('USER ERROR', 'There is no poll with that ID!');
}
$pid = intval($_POST['pid']);
if (!isset($_POST['poll_question']) or empty($_POST['poll_question'])) {
stderr('USER ERROR', 'There is no title defined!');
}
$poll_title = sqlesc(htmlspecialchars(strip_tags($_POST['poll_question']), ENT_QUOTES));
//get the main crux of the poll data
$poll_data = makepoll();
$total_votes = isset($poll_data['total_votes']) ? intval($poll_data['total_votes']) : 0;
unset($poll_data['total_votes']);
if (!is_array($poll_data) or !count($poll_data)) {
stderr('SYSTEM ERROR', 'There was no data sent');
}
//all ok, serialize
$poll_data = sqlesc(serialize($poll_data));
$username = sqlesc($CURUSER['username']);
@sql_query("UPDATE polls SET choices={$poll_data}, starter_id={$CURUSER['id']}, starter_name={$username}, votes={$total_votes}, poll_question={$poll_title} WHERE pid={$pid}") or sqlerr(__FILE__, __LINE__);
$mc1->delete_value('poll_data_' . $CURUSER['id']);
if (-1 == mysql_affected_rows()) {
$msg = "<h2>An Error Occured!</h2>\r\n <a href='javascript:history.back()' title='Go back and fix the error' style='color:green;font-weight:bold'><span class='btn' style='padding:3px;'><img style='vertical-align:middle;' src='{$INSTALLER09['pic_base_url']}/polls/p_delete.gif' alt='Go Back' />Go Back</span></a>";
} else {
$msg = "<h2>Groovy, everything went hunky dory!</h2>\r\n <a href='staffpanel.php?tool=polls_manager&action=polls_manager' title='Return to Polls Manager' style='color:green;font-weight:bold'><span class='btn' style='padding:3px;'><img style='vertical-align:middle;' src='{$INSTALLER09['pic_base_url']}/polls/p_tick.gif' alt='Success' />Success</span></a>";
}
echo stdhead('Poll Manager::Add New Poll') . $msg . stdfoot();
}
function check($id)
{
if (!is_valid_id($id)) {
return stderr("Error", "Invalid ID");
} else {
return true;
}
}
function validate($id)
{
global $lang;
if (!is_valid_id($id)) {
stderr($lang['failed_sorry'], "{$lang['failed_bad_id']}");
} else {
return true;
}
}
public function update($data, $id)
{
if (empty($data['domain']) || !is_valid_id($id)) {
return FALSE;
} else {
$this->db->where('id', $id);
$this->db->update('website', $data);
return TRUE;
}
}
public function update($data, $id)
{
if (empty($data['type']) || !is_valid_id($id)) {
return FALSE;
} else {
$this->db->where('id', $id);
$this->db->update('producttype', $data);
return TRUE;
}
}
function delete_file($id)
{
if (!is_valid_id($id)) {
message_error('Invalid ID.');
}
db_delete('files', array('id' => $id));
if (file_exists(CONST_PATH_FILE_UPLOAD . $id)) {
unlink(CONST_PATH_FILE_UPLOAD . $id);
}
}
public function remove($client_id)
{
is_valid_id($client_id, 'client') ? '' : show_error($this->lang->line('not_valid_id'));
$is_remove = $this->relation->remove($client_id);
if ($is_remove) {
set_flash($this->lang->line('db_client_removed'));
redirect('dashboard', 'refresh');
} else {
set_flash($this->lang->line('db_client_remove_error'));
redirect('dashboard', 'refresh');
}
}
public function update()
{
$p = $this->input->post('p');
if (!is_valid_id($p["id"])) {
echo "COULD NOT UPDATE - MISSING WEBSITE ID";
} else {
$id = $p["id"];
}
if ($this->Website_model->update($p['update'], $id)) {
echo "SUCCESS";
} else {
echo "UPDATE FAILED";
}
}
public function update_product_types($data, $id)
{
if (!is_valid_id($id)) {
return FALSE;
} else {
// Delete all the existing joined product types
$this->db->where('collectionID', $id);
$this->db->delete('collectionjoinproducttype');
if (array_valid($data)) {
// Insert the new product type associations
foreach ($data as $ptype_id) {
$this->db->insert('collectionjoinproducttype', array('collectionID' => $id, 'productTypeID' => $ptype_id));
}
}
return TRUE;
}
}
public function update()
{
$p = $this->input->post('p');
if (!is_valid_id($p["id"])) {
echo "COULD NOT UPDATE - MISSING COLLECTION ID";
} else {
$id = $p["id"];
}
if ($this->Collection_model->update($p['update'], $id)) {
if ($this->Collection_model->update_product_types($p['product_types'], $id)) {
echo "SUCCESS";
} else {
echo "COULD NOT SETUP PRODUCT TYPE ASSOCIATIONS";
}
} else {
echo "UPDATE FAILED";
}
}
public function update_password($data, $id)
{
if (array_valid($data) && is_valid_id($id)) {
// Ensure no bogus whitespace on any of the information
array_trim($data);
// Let's be sure the passwords match
$new_password = $data['magickey'];
$match_password = $data['matchkey'];
if ($new_password === $match_password) {
$update_data['magickey'] = sha1($new_password);
$this->db->where('id', $id);
$this->db->update('user', $update_data);
return TRUE;
} else {
$errors[] = 'The passwords for both fields did not match, please try again';
}
} else {
$errors[] = 'No user information was provided';
}
if (array_valid($errors)) {
return $errors;
}
}
* Project Leaders: Mindless, putyn.
*
*/
// Achievements mod by MelvinMeow
require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'include' . DIRECTORY_SEPARATOR . 'bittorrent.php';
require_once INCL_DIR . 'user_functions.php';
require_once INCL_DIR . 'pager_functions.php';
require_once CLASS_DIR . 'page_verify.php';
dbconn();
loggedinorreturn();
$newpage = new page_verify();
$newpage->create('takecounts');
$lang = array_merge(load_language('global'));
$HTMLOUT = "";
$id = (int) $_GET["id"];
if (!is_valid_id($id)) {
stderr("Error", "It appears that you have entered an invalid id.");
}
$res = sql_query("SELECT users.id, users.username, usersachiev.achpoints, usersachiev.spentpoints FROM users LEFT JOIN usersachiev ON users.id = usersachiev.id WHERE users.id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$arr = mysqli_fetch_assoc($res);
if (!$arr) {
stderr("Error", "It appears that there is no user with that id.");
}
$achpoints = (int) $arr['achpoints'];
$spentpoints = (int) $arr['spentpoints'];
$res = sql_query("SELECT COUNT(*) FROM achievements WHERE userid =" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$row = mysqli_fetch_row($res);
$count = $row[0];
$perpage = 15;
if (!$count) {
stderr("No Achievements", "It appears that <a class='altlink' href='userdetails.php?id=" . (int) $arr['id'] . "'>" . htmlsafechars($arr['username']) . "</a> currently has no achievements.");
//print_r($input);
//die;
}
//$input['reputation'] = 'pos';
//$input['reason'] = 'la di da di di la';
///////////////////////////////////////////////
// Just added to Reputation?
///////////////////////////////////////////////
if (isset($input['done'])) {
rep_output($lang["info_reputation_added"]);
}
///////////////////////////////////////////////
// Nope, so do something different, like check stuff
///////////////////////////////////////////////
/// weeeeeeeeee =]
$check = isset($input['pid']) ? is_valid_id($input['pid']) : false;
$locales = array('posts', 'comments', 'torrents', 'users');
$rep_locale = isset($input['locale']) && in_array($input['locale'], $locales) ? $input['locale'] : 'posts';
if (!$check) {
rep_output('Incorrect Access');
}
if ($rep_locale == 'posts') {
///////////////////////////////////////////////
// check the post actually exists!
///////////////////////////////////////////////
$forum = sql_query("SELECT posts.topicid AS locale, posts.userid, forums.minclassread,\r\nusers.username, users.reputation\r\nFROM posts\r\nLEFT JOIN topics ON topicid = topics.id\r\nLEFT JOIN forums ON topics.forumid = forums.id\r\nLEFT JOIN users ON posts.userid = users.id\r\nWHERE posts.id ={$input['pid']}");
} elseif ($rep_locale == 'comments') {
///////////////////////////////////////////////
// check the comment actually exists!
///////////////////////////////////////////////
//uncomment the following if use comments.anonymous field
<?php
require_once "../../config/init.php";
$slug = extract_slug_id($_GET["id"]);
if (!is_valid_id($slug['id'])) {
header('location: /index.php');
exit;
}
$productID = $slug['id'];
//Information for necklace pages are set in this file
require_once "necklace.inc";
$page->set_all($p);
$page->display();
if (isset($_GET['inbox']) && $arr["unread"] == "yes") {
SQL_Query_exec("UPDATE messages SET `unread` = 'no' WHERE `id` = {$arr['id']} AND `receiver` = {$CURUSER['id']}");
}
}
if ($arr["unread"] == "yes") {
$format = "font-weight:bold;";
$unread = true;
}
$table[' '] = th_left("<input type=\"checkbox\" name=\"msgs[{$arr['id']}]\" " . ($reading ? "checked='checked'" : "") . " onclick=\"this.form.remove.disabled=true;\" />", 1);
$table['Sender'] = th_left("{$sender}", 1, $format);
$table['Sent_to'] = th_left("{$sentto}", 1, $format);
$table['Subject'] = th_left("<a href=\"javascript:read({$arr['id']});\"><img src=\"" . $site_config["SITEURL"] . "/images/plus.gif\" id=\"img_{$arr['id']}\" class=\"read\" border=\"0\" alt='' /></a> <a href=\"javascript:read({$arr['id']});\">{$subject}</a>", 1, $format);
$table['Date'] = th_left(utc_to_tz($arr['added']), 1, $format);
table($table, $tablefmt);
$display = "<div>" . format_comment($arr['msg']) . "<br /><br />";
if (isset($_GET['inbox']) && is_valid_id($arr["sender"])) {
$display .= "<input type=\"submit\" name=\"compose[{$arr['id']}]\" value=\"Reply\" /> \n";
} elseif (isset($_GET['draft']) || isset($_GET['templates'])) {
$display .= "<input type=\"submit\" name=\"compose[{$arr['id']}]\" value=\"Edit\" /> ";
}
if (isset($_GET['inbox']) && $arr['unread'] == 'yes') {
$display .= "<input type=\"submit\" name=\"mark[{$arr['id']}]\" value=\"Mark as Read\" /> \n";
}
$display .= "<input type=\"submit\" name=\"remove[{$arr['id']}]\" value=\"Delete\" /> \n";
$display .= "</div>";
table(td_left($display, 1, "padding:0 6px 6px 6px"), $tablefmt, "id=\"msg_{$arr['id']}\" style=\"display:none;\"");
}
// if ($count)
//{
$buttons = "<input type=\"button\" value=\"" . T_("SELECTED_DELETE") . "\" onclick=\"this.form.remove.disabled=!this.form.remove.disabled;\" />";
$buttons .= "<input type=\"submit\" name=\"remove\" value=\"...confirm\" disabled=\"disabled\" />";
$HTMLOUT = '';
$HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\t\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n\t\t<html xmlns='http://www.w3.org/1999/xhtml'>\n\t\t<head>\n\t\t<title>Error!</title>\n\t\t</head>\n\t\t<body>\n\t<div style='font-size:33px;color:white;background-color:red;text-align:center;'>Incorrect access<br />You cannot access this file directly.</div>\n\t</body></html>";
echo $HTMLOUT;
exit;
}
require_once INCL_DIR . 'user_functions.php';
require_once INCL_DIR . 'html_functions.php';
require_once INCL_DIR . 'pager_functions.php';
require_once CLASS_DIR . 'class_check.php';
$class = get_access(basename($_SERVER['REQUEST_URI']));
class_check($class);
$lang = array_merge($lang, load_language('ad_banemail'));
/* Ban emails by x0r @tbdev.net */
$HTMLOUT = '';
$remove = isset($_GET['remove']) ? (int) $_GET['remove'] : 0;
if (is_valid_id($remove)) {
sql_query("DELETE FROM bannedemails WHERE id = " . sqlesc($remove)) or sqlerr(__FILE__, __LINE__);
write_log("{$lang['ad_banemail_log1']} {$remove} {$lang['ad_banemail_log2']} {$CURUSER['username']}");
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = htmlsafechars(trim($_POST["email"]));
$comment = htmlsafechars(trim($_POST["comment"]));
if (!$email || !$comment) {
stderr("{$lang['ad_banemail_error']}", "{$lang['ad_banemail_missing']}");
}
sql_query("INSERT INTO bannedemails (added, addedby, comment, email) VALUES(" . TIME_NOW . ", " . sqlesc($CURUSER['id']) . ", " . sqlesc($comment) . ", " . sqlesc($email) . ")") or sqlerr(__FILE__, __LINE__);
header("Location: staffpanel.php?tool=bannedemails");
die;
}
$HTMLOUT .= begin_frame("{$lang['ad_banemail_add']}", true);
$HTMLOUT .= "<form method=\"post\" action=\"staffpanel.php?tool=bannedemails\">\n<table border='1' cellspacing='0' cellpadding='5'>\n<tr><td class='rowhead'>{$lang['ad_banemail_email']}</td>\n<td><input type=\"text\" name=\"email\" size=\"40\"/></td></tr>\n<tr><td class='rowhead'align='left'>{$lang['ad_banemail_comment']}</td>\n<td><input type=\"text\" name=\"comment\" size=\"40\"/></td></tr>\n<tr><td colspan='2'>{$lang['ad_banemail_info']}</td></tr>\n<tr><td colspan='2' align='center'>\n<input type=\"submit\" value=\"{$lang['ad_banemail_ok']}\" class=\"btn\"/></td></tr>\n</table></form>\n";
$HTMLOUT .= '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>ERROR</title>
</head><body>
<h1 style="text-align:center;">ERROR</h1>
<p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p>
</body></html>';
echo $HTMLOUT;
exit;
}
global $lang;
$topic_id = isset($_GET['topic_id']) ? intval($_GET['topic_id']) : (isset($_POST['topic_id']) ? intval($_POST['topic_id']) : 0);
$forum_id = isset($_GET['forum_id']) ? intval($_GET['forum_id']) : (isset($_POST['forum_id']) ? intval($_POST['forum_id']) : 0);
//=== first see if they are being norty...
$norty_res = sql_query('SELECT min_class_read FROM forums WHERE id = ' . sqlesc($forum_id));
$norty_arr = mysqli_fetch_row($norty_res);
if (!is_valid_id($topic_id) || $norty_arr[0] > $CURUSER['class'] || !is_valid_id($forum_id)) {
stderr($lang['gl_error'], $lang['gl_bad_id']);
}
//=== see if they are subscribed already
$res = sql_query('SELECT id FROM subscriptions WHERE user_id = ' . sqlesc($CURUSER['id']) . ' AND topic_id = ' . sqlesc($topic_id));
$arr = mysqli_fetch_row($res);
if ($arr[0] > 0) {
stderr($lang['gl_error'], $lang['fe_you_already_subscib']);
}
//=== ok, that the hell, let's add it \o/
sql_query('INSERT INTO `subscriptions` (`user_id`, `topic_id`) VALUES (' . sqlesc($CURUSER['id']) . ', ' . sqlesc($topic_id) . ')');
header('Location: ' . $INSTALLER09['baseurl'] . '/forums.php?action=view_topic&topic_id=' . $topic_id . '&s=1');
die;
function insert_compose_frame($id, $newtopic = true, $quote = false, $attachment = false)
{
global $CURUSER, $INSTALLER09, $Multi_forum;
$htmlout = '';
if ($newtopic) {
$res = sql_query("SELECT name FROM forums WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$arr = mysqli_fetch_assoc($res) or die("Bad forum ID!");
// $htmlout .="<h3>New topic in <a href='{$INSTALLER09['baseurl']}/forums.php?action=viewforum&forumid=".$id."'>".htmlsafechars($arr["name"])."</a> forum</h3>";
$htmlout .= "<!--<div class='navigation'>\n\t\t\t\t<a href='index.php'>" . $INSTALLER09["site_name"] . "</a> \n\t\t\t\t>\n\t\t\t\t<a href='forums.php'>Forums</a>\n\t\t\t\t>\n\t\t\t\t<a href='{$INSTALLER09['baseurl']}/forums.php?action=viewforum&forumid=" . $id . "'>" . htmlsafechars($arr["name"]) . "</a>\n\t\t\t\t<br><img src='templates/1/pic/carbon/nav_bit.png' alt=''>\n\t\t\t\t<span class='active'>New Topic</span>\n\t\t\t\t</div><br />-->";
} else {
$res = sql_query("SELECT t.forum_id, t.topic_name, t.locked, f.min_class_read, f.name AS forum_name FROM topics AS t LEFT JOIN forums AS f ON f.id = t.forum_id WHERE t.id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$arr = mysqli_fetch_assoc($res) or die("Forum error, Topic not found.");
$forum = htmlsafechars($arr["forum_name"]);
$forumid = (int) $arr['forum_id'];
if ($arr['locked'] == 'yes') {
stderr("Sorry", "The topic is locked.");
$htmlout .= end_table();
$htmlout .= end_main_frame();
echo stdhead("Compose", true, $stdhead) . $htmlout . stdfoot($stdfoot);
exit;
}
if ($CURUSER["class"] < $arr["min_class_read"]) {
$htmlout .= stdmsg("Sorry", "You are not allowed in here.");
$htmlout .= end_table();
$htmlout .= end_main_frame();
echo stdhead("Compose") . $htmlout . stdfoot();
exit;
}
$htmlout .= "<!--<div class='navigation'>\n\t\t\t\t<a href='index.php'>" . $INSTALLER09["site_name"] . "</a> \n\t\t\t\t>\n\t\t\t\t<a href='forums.php'>Forums</a>\n\t\t\t\t>\n\t\t\t\t<a href='{$INSTALLER09['baseurl']}/forums.php?action=viewforum&forumid=" . $forumid . "'>{$forum}</a>\n\t\t\t\t>\n\t\t\t\t<a href='{$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=" . $id . "'>" . htmlsafechars($arr["topic_name"]) . "</a>\n\t\t\t\t<br><img src='templates/1/pic/carbon/nav_bit.png' alt=''>\n\t\t\t\t<span class='active'>Post Reply</span>\n\t\t\t\t</div><br />-->";
// $htmlout .="<h3 align='center'>Reply to topic:<a href='{$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=".$id."'>".htmlsafechars($arr["topic_name"])."</a></h3>";
}
$htmlout .= "\n <script type='text/javascript'>\n /*<![CDATA[*/\n function Preview()\n {\n document.compose.action = './forums/preview.php'\n document.compose.target = '_blank';\n document.compose.submit();\n return true;\n }\n /*]]>*/\n </script>";
//$htmlout .= begin_frame("Compose", true);
$htmlout .= "<form method='post' name='compose' action='{$INSTALLER09['baseurl']}/forums.php' enctype='multipart/form-data'>\n\t <input type='hidden' name='action' value='post' />\n\t <input type='hidden' name='" . ($newtopic ? 'forumid' : 'topicid') . "' value='" . $id . "' />";
//$htmlout .= begin_table(true);
$htmlout .= "<table border='0' cellspacing='0' cellpadding='5' class='tborder'>\n\t<tr>\n<td class='thead' colspan='2'><strong>Compose</strong></td>\n</tr>\n\t";
if ($newtopic) {
$htmlout .= "<tr>\n\t\t\t<td class=row width='10%'>Subject</td>\n\t\t\t<td class=row align='left'>\n\t\t\t\t<input type='text' class='form-control col-md-12' size='100' maxlength='{$Multi_forum['configs']['maxsubjectlength']}' name='topic_name' />\n\t\t\t</td>\n\t\t</tr>";
}
if ($quote) {
$postid = (int) $_GET["postid"];
if (!is_valid_id($postid)) {
stderr("Error", "Invalid ID!");
$htmlout .= end_table();
$htmlout .= end_main_frame();
echo stdhead("Compose", true, $stdhead) . $htmlout . stdfoot($stdfoot);
exit;
}
$res = sql_query("SELECT posts.*, users.username FROM posts JOIN users ON posts.user_id = users.id WHERE posts.id =" . sqlesc($postid)) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res) == 0) {
stderr("Error", "No post with this ID");
$htmlout .= end_table();
$htmlout .= end_main_frame();
echo stdhead("Error - No post with this ID", true, $stdhead) . $htmlout . stdfoot($stdfoot);
exit;
}
$arr = mysqli_fetch_assoc($res);
}
$htmlout .= "<tr>\n\t\t<td class=row valign='top'>Body</td>\n\t\t<td class=row>";
$qbody = $quote ? "[quote=" . htmlsafechars($arr["username"]) . "]" . htmlsafechars($arr["body"]) . "[/quote]" : "";
//if (function_exists('BBcode'))
//$htmlout .= BBcode($qbody, true);
if (function_exists('textbbcode')) {
$htmlout .= '
' . textbbcode('compose', 'body', isset($qbody) ? htmlsafechars($qbody) : '') . '
';
} else {
$htmlout .= "<textarea name='body' style='width:99%' rows='7'>{$qbody}</textarea>";
}
$htmlout .= "</td></tr>";
if ($Multi_forum['configs']['use_attachment_mod'] && $attachment) {
$htmlout .= "<tr>\n\t\t\t\t<td colspan='2'><fieldset class='fieldset'><legend>Add Attachment</legend>\n\t\t\t\t<input type='checkbox' name='uploadattachment' value='yes' />\n\t\t\t\t<input type='file' name='file' size='60' />\n <div class='error'>Allowed Files: rar, zip<br />Size Limit " . mksize($Multi_forum['configs']['maxfilesize']) . "</div></fieldset>\n\t\t\t\t</td>\n\t\t\t</tr>";
}
$htmlout .= "<tr>\n \t <td class=row align='center' colspan='2'>" . post_icons() . "</td>\n \t </tr><tr class=row>\n \t\t <td colspan='2' align='center'>\n \t <input class='btn btn-primary dropdown-toggle' type='submit' value='Submit' /><input class='btn btn-primary dropdown-toggle' type='button' value='Preview' name='button2' onclick='return Preview();' />\n";
if ($newtopic) {
$htmlout .= "Anonymous Topic<input type='checkbox' name='anonymous' value='yes'/>\n";
} else {
$htmlout .= "Anonymous Post<input type='checkbox' name='anonymous' value='yes'/>\n";
}
$htmlout .= "</td></tr></form>\n";
$htmlout .= "<tr>\n\t\t\t\t<td colspan='2' align='right' class='tfoot'>\n\t\t\t\t" . insert_quick_jump_menu() . "\n\t\t\t\t</td>\n\t\t\t</tr>";
$htmlout .= end_table();
$htmlout .= "<br />";
// $htmlout .= end_frame();
// ------ Get 10 last posts if this is a reply
if (!$newtopic && $INSTALLER09['show_last_10']) {
$postres = sql_query("SELECT p.id, p.added, p.body, p.anonymous, u.id AS uid, u.enabled, u.class, u.donor, u.warned, u.chatpost, u.leechwarn, u.pirate, u.king, u.username, u.avatar, u.offensive_avatar " . "FROM posts AS p " . "LEFT JOIN users AS u ON u.id = p.user_id " . "WHERE p.topic_id=" . sqlesc($id) . " " . "ORDER BY p.id DESC LIMIT 10") or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($postres) > 0) {
$htmlout .= "<br />";
$htmlout .= begin_frame("10 last posts, in reverse order");
while ($post = mysqli_fetch_assoc($postres)) {
//$avatar = ($CURUSER["avatars"] == "all" ? htmlsafechars($post["avatar"]) : ($CURUSER["avatars"] == "some" && $post["offavatar"] == "no" ? htmlsafechars($post["avatar"]) : ""));
$avatar = $CURUSER["avatars"] == "yes" ? avatar_stuff($post) : "";
if ($post['anonymous'] == 'yes') {
$avatar = $INSTALLER09['pic_base_url'] . $Multi_forum['configs']['forum_pics']['default_avatar'];
} else {
$avatar = $CURUSER["avatars"] == "yes" ? avatar_stuff($post) : '';
}
if (empty($avatar)) {
$avatar = $INSTALLER09['pic_base_url'] . $Multi_forum['configs']['forum_pics']['default_avatar'];
}
$user_stuff = $post;
$user_stuff['id'] = (int) $post['uid'];
if ($post["anonymous"] == "yes") {
if ($CURUSER['class'] < UC_STAFF && $post["uid"] != $CURUSER["id"]) {
$htmlout .= "<p class='sub'>#" . (int) $post["id"] . " by <i>Anonymous</i> at " . get_date($post["added"], 'LONG', 1, 0) . "</p>";
} else {
$htmlout .= "<p class='sub'>#" . (int) $post["id"] . " by <i>Anonymous</i> [<b>" . format_username($user_stuff, true) . "</b>] at " . get_date($post["added"], 'LONG', 1, 0) . "</p>";
}
} else {
$htmlout .= "<p class='sub'>#" . (int) $post["id"] . " by " . (!empty($post["username"]) ? format_username($user_stuff, true) : "unknown[" . (int) $post['uid'] . "]") . " at " . get_date($post["added"], 'LONG', 1, 0) . "</p>";
}
$htmlout .= begin_table(true);
$htmlout .= "<tr>\n\t\t\t\t <td height='100' width='100' align='center' style='padding: 0px' valign='top'><img height='100' width='100' src='" . $avatar . "' alt='User avvy' /></td>\n\t\t\t\t <td class='comment' valign='top'>" . format_comment($post["body"]) . "</td>\n\t\t\t\t </tr>";
$htmlout .= end_table();
}
$htmlout .= end_frame();
}
}
//$htmlout .= insert_quick_jump_menu();
return $htmlout;
}
$mc1->begin_transaction('userstats_' . $CURUSER["id"]);
$mc1->update_row(false, array('seedbonus' => $update['seedbonus']));
$mc1->commit_transaction($INSTALLER09['expires']['u_stats']);
$mc1->begin_transaction('user_stats_' . $CURUSER["id"]);
$mc1->update_row(false, array('seedbonus' => $update['seedbonus']));
$mc1->commit_transaction($INSTALLER09['expires']['user_stats']);
//===end
}
header("Refresh: 0; url={$locale_link}.php?id={$tid}{$extra_link}");
die;
} elseif ($action == "vieworiginal") {
if ($CURUSER['class'] < UC_STAFF) {
stderr("{$lang['comment_error']}", "{$lang['comment_denied']}");
}
$commentid = isset($_GET['cid']) ? (int) $_GET['cid'] : 0;
if (!is_valid_id($commentid)) {
stderr("{$lang['comment_error']}", "{$lang['comment_invalid_id']}");
}
$res = sql_query("SELECT c.*, t.{$name} FROM comments AS c LEFT JOIN {$table_type} AS t ON c.{$locale} = t.id WHERE c.id=" . sqlesc($commentid)) or sqlerr(__FILE__, __LINE__);
$arr = mysqli_fetch_assoc($res);
if (!$arr) {
stderr("{$lang['comment_error']}", "{$lang['comment_invalid_id']} {$commentid}.");
}
$HTMLOUT = '';
$HTMLOUT .= "<h1>{$lang['comment_original_content']}#{$commentid}</h1>\n <table width='500' border='1' cellspacing='0' cellpadding='5'>\n <tr><td class='comment'>\n " . htmlsafechars($arr["ori_text"]) . "\n </td></tr></table>";
$returnto = isset($_SERVER['HTTP_REFERER']) ? htmlsafechars($_SERVER['HTTP_REFERER']) : 0;
if ($returnto) {
$HTMLOUT .= "<p>(<a href='{$returnto}'>back</a>)</p>\n";
}
echo stdhead("{$lang['comment_original']}", true, $stdhead) . $HTMLOUT . stdfoot($stdfoot);
die;
$fontsize = $_POST["fontsize"];
if ($fontsize == 'large') {
$updateset[] = "fontsize = 'large'";
} elseif ($fontsize == 'small') {
$updateset[] = "fontsize = 'small'";
} else {
$updateset[] = "fontsize = 'medium'";
}
$updateset[] = "notifs = " . sqlesc($notifs);
if (is_valid_id($stylesheet)) {
$updateset[] = "stylesheet = " . sqlesc($stylesheet);
}
if (is_valid_id($caticon)) {
$updateset[] = "caticon = " . sqlesc($caticon);
}
if (is_valid_id($sitelanguage)) {
$lang_folder = validlang($sitelanguage);
if (get_langfolder_cookie() != $lang_folder) {
set_langfolder_cookie($lang_folder);
header("Location: " . $_SERVER['PHP_SELF']);
}
$updateset[] = "lang = " . sqlesc($sitelanguage);
}
$updateset[] = "torrentsperpage = " . min(100, 0 + $_POST["torrentsperpage"]);
if ($showmovies['hot'] == "yes") {
$showhot = $_POST["show_hot"];
$updateset[] = "showhot = " . sqlesc($showhot);
}
if ($showmovies['classic'] == "yes") {
$showclassic = $_POST["show_classic"];
$updateset[] = "showclassic = " . sqlesc($showclassic);
/**
* http://btdev.net:1337/svn/test/Installer09_Beta
* Licence Info: GPL
* Copyright (C) 2010 BTDev Installer v.1
* A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
* Project Leaders: Mindless,putyn.
**/
require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'include' . DIRECTORY_SEPARATOR . 'bittorrent.php';
require_once INCL_DIR . 'user_functions.php';
dbconn();
loggedinorreturn();
$lang = array_merge(load_language('global'));
// / Mod by dokty - tbdev.net
$id = 0 + $_GET["id"];
$points = 0 + $_GET["points"];
if (!is_valid_id($id) || !is_valid_id($points)) {
die;
}
$pointscangive = array("10", "20", "50", "100", "200", "500", "1000");
if (!in_array($points, $pointscangive)) {
stderr("Error", "You can't give that amount of points!!!");
}
$sdsa = mysql_query("SELECT 1 FROM coins WHERE torrentid=" . sqlesc($id) . " AND userid =" . sqlesc($CURUSER["id"])) or die;
$asdd = mysql_fetch_array($sdsa);
if ($asdd) {
stderr("Error", "You already gave points to this torrent.");
}
$res = mysql_query("SELECT owner,name FROM torrents WHERE id = " . sqlesc($id)) or die;
$row = mysql_fetch_assoc($res) or stderr("Error", "Torrent was not found");
$userid = $row["owner"];
if ($userid == $CURUSER["id"]) {
print "<tr><td class='table_col1'>Status:</td><td class='table_col1'><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #ff0000;\" selected=\"selected\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option></select></td></tr>";
} else {
print "<tr><td class='table_col1'>Status:</td><td class='table_col1'><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #ff0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\" selected=\"selected\">Normal</option></select></td></tr>";
}
print "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"edit\" value=\"Edit\" style=\"width: 60px;\" /></td></tr>\n";
print "</table></form>";
}
}
end_frame();
stdfoot();
} elseif ($_GET[action] == "edititem" && is_valid_id($_POST[id]) && $_POST[question] != NULL && $_POST[answer] != NULL && is_valid_int($_POST[flag]) && is_valid_id($_POST[categ])) {
$question = sqlesc($_POST[question]);
$answer = sqlesc($_POST[answer]);
SQL_Query_exec("UPDATE `faq` SET `question`={$question}, `answer`={$answer}, `flag`='{$_POST['flag']}', `categ`='{$_POST['categ']}' WHERE id='{$_POST['id']}'");
header("Refresh: 0; url=faq-manage.php");
} elseif ($_GET[action] == "editsect" && is_valid_id($_POST[id]) && $_POST[title] != NULL && is_valid_int($_POST[flag])) {
$title = sqlesc($_POST[title]);
SQL_Query_exec("UPDATE `faq` SET `question`={$title}, `answer`='', `flag`='{$_POST['flag']}', `categ`='0' WHERE id='{$_POST['id']}'");
header("Refresh: 0; url=faq-manage.php");
} elseif ($_GET[action] == "delete" && isset($_GET[id])) {
if ($_GET[confirm] == "yes") {
SQL_Query_exec("DELETE FROM `faq` WHERE `id`='{$_GET['id']}' LIMIT 1");
header("Refresh: 0; url=faq-manage.php");
} else {
stdhead(T_("FAQ_MANAGEMENT"));
begin_frame();
print "<h1 align=\"center\">Confirmation required</h1>";
print "<table border=\"0\" cellspacing=\"0\" cellpadding=\"5\" align=\"center\" width=\"95%\">\n<tr><td align=\"center\">Please click <a href=\"faq-actions.php?action=delete&id={$_GET['id']}&confirm=yes\">here</a> to confirm.</td></tr>\n</table>\n";
end_frame();
stdfoot();
}
<?php
require "include/bittorrent.php";
dbconn();
require_once get_langfile_path();
loggedinorreturn();
parked();
$id = $_GET["id"];
if (get_user_class() < $viewnfo_class || !is_valid_id($id) || $enablenfo_main != 'yes') {
permissiondenied();
}
$sql = new_mysqli();
$query = $sql->prepare("SELECT `name`, `nfo` FROM `torrents` WHERE `id` = ?");
$query->bind_param("i", $id);
$query->execute();
$query->bind_result($torrent_name, $torrent_nfo);
$query->fetch() or die($lang_viewnfo['std_puke']);
$sql->close();
//error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
// Download nfo file
if (isset($_GET['download']) && (int) $_GET['download'] == 1) {
$nfoinfo = $torrent_nfo;
//blob
//build header
header("Cache-Control: public, must-revalidate");
header("Content-Type: application/octet-stream");
//header("Content-Length: " .(string)(filesize($myFile)) );
header('Content-Disposition: attachment; filename="' . $id . '.nfo"');
echo $nfoinfo;
header("Content-Transfer-Encoding: binary\n");
return;
stderr('Error', 'Invalid ID');
}
$check_if_there = sql_query('SELECT suspect FROM shit_list WHERE userid=' . sqlesc($CURUSER['id']) . ' AND suspect=' . sqlesc($shit_list_id));
if (mysqli_num_rows($check_if_there) == 1) {
stderr('Error', 'That user is already on your shit list.');
}
sql_query('INSERT INTO shit_list VALUES (' . $CURUSER['id'] . ',' . $shit_list_id . ', ' . $shittyness . ', ' . TIME_NOW . ', ' . sqlesc($_POST['text']) . ')');
$mc1->delete_value('shit_list_' . $shit_list_id);
$message = '<h1>Success! Member added to your personal shitlist!</h1><a class="altlink" href="' . $return_to . '">go back to where you were?</a>';
break;
//=== action2: delete
//=== action2: delete
case 'delete':
$shit_list_id = isset($_GET['shit_list_id']) ? intval($_GET['shit_list_id']) : 0;
$sure = isset($_GET['sure']) ? intval($_GET['sure']) : '';
if (!is_valid_id($shit_list_id)) {
stderr('Error', 'Invalid ID');
}
$res_name = sql_query('SELECT username FROM users WHERE id=' . $shit_list_id);
$arr_name = mysqli_fetch_assoc($res_name);
if (!$sure) {
stderr('Delete ' . htmlsafechars($arr_name['username']) . ' from shit list', 'Do you really want to delete <b>' . htmlsafechars($arr_name['username']) . '</b> from your shit list?
<a class="altlink" href="staffpanel.php?tool=shit_list&action=shit_list&action2=delete&shit_list_id=' . $shit_list_id . '&sure=1">here</a> if you are sure.');
}
sql_query('DELETE FROM shit_list WHERE userid=' . $CURUSER['id'] . ' AND suspect=' . $shit_list_id);
if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) == 0) {
stderr('Error', 'No member found to delete!');
}
$mc1->delete_value('shit_list_' . $shit_list_id);
$message = '<h1>Success! <b>' . htmlsafechars($arr_name['username']) . '</b> deleted from your shit list!</h1>';
break;
$HTMLOUT .= "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml'>\n<head>\n<meta http-equiv='Pragma' content='no-cache' />\n<meta http-equiv='expires' content='-1' />\n<html xmlns='http://www.w3.org/1999/xhtml'>\n<meta http-equiv='Content-Type' content='text/html; charset=" . charset() . "' />\n<script type='text/javascript' src='./scripts/shout.js'></script>\n<style type='text/css'>\n#specialbox{\nborder: 1px solid gray;\nwidth: 600px;\nbackground: #FBFCFA;\nfont: 11px verdana, sans-serif;\ncolor: #000000;\npadding: 3px;\toutline: none;\n}\n#specialbox:focus{\nborder: 1px solid black;\n}\n#btn {\ncursor:pointer;\nborder:outset 1px #ccc;\nbackground:#999;\ncolor:#666;\nfont-weight:bold;\npadding: 1px 2px;\nbackground: #000000 repeat-x left top;\n}\n</style>\n</head>\n<body bgcolor='#F5F4EA' class='date'>\n<form method='post' action='./shoutbox.php'>\n<input type='hidden' name='id' value='" . (int) $res['id'] . "' />\n<input type='hidden' name='user' value='" . (int) $res['userid'] . "' />\n<textarea name='text' rows='3' id='specialbox'>" . htmlsafechars($res['text']) . "</textarea>\n<input type='submit' name='save' value='save' class='btn' />\n</form></body></html>";
echo $HTMLOUT;
die;
}
// Staff shout edit
if (isset($_POST['text']) && $CURUSER['class'] >= UC_STAFF && is_valid_id($_POST['id'])) {
require_once INCL_DIR . 'bbcode_functions.php';
$text = trim($_POST['text']);
$text_parsed = format_comment($text);
sql_query('UPDATE shoutbox SET text = ' . sqlesc($text) . ', text_parsed = ' . sqlesc($text_parsed) . ' WHERE id=' . sqlesc($_POST['id'])) or sqlerr(__FILE__, __LINE__);
$mc1->delete_value('shoutbox_');
//$mc1->delete_value('staff_shoutbox_');
unset($text, $text_parsed);
}
// Power User+ shout edit by pdq
if (isset($_POST['text']) && isset($_POST['user']) == $CURUSER['id'] && ($CURUSER['class'] >= UC_POWER_USER && $CURUSER['class'] < UC_STAFF) && is_valid_id($_POST['id'])) {
require_once INCL_DIR . 'bbcode_functions.php';
$text = trim($_POST['text']);
$text_parsed = format_comment($text);
sql_query('UPDATE shoutbox SET text = ' . sqlesc($text) . ', text_parsed = ' . sqlesc($text_parsed) . ' WHERE userid=' . sqlesc($_POST['user']) . ' AND id=' . sqlesc($_POST['id'])) or sqlerr(__FILE__, __LINE__);
$mc1->delete_value('shoutbox_');
//$mc1->delete_value('staff_shoutbox_');
unset($text, $text_parsed);
}
//== begin main output
$HTMLOUT .= "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml'>\n<head>\n<title>ShoutBox</title>\n<meta http-equiv='REFRESH' content='60; URL=./shoutbox.php' />\n<script type='text/javascript' src='./scripts/shout.js'></script>\n<meta http-equiv='Content-Type' content='text/html; charset=" . charset() . "' />\n<style type='text/css'>\nA {color: #356AA0; font-weight: bold; font-size: 9pt; }\nA:hover {color: #FF0000;}\n.small {color: #ff0000; font-size: 9pt; font-family: arial; }\n.date {color: #ff0000; font-size: 9pt;}\n.error {\n color: #990000;\n background-color: #FFF0F0;\n padding: 7px;\n margin-top: 5px;\n margin-bottom: 10px;\n border: 1px dashed #990000;\n}\nA {color: #FFFFFF; font-weight: bold; }\nA:hover {color: #FFFFFF;}\n.small {font-size: 10pt; font-family: arial; }\n.date {font-size: 8pt;}\nspan.size1 { font-size:0.75em; }\nspan.size2 { font-size:1em; }\nspan.size3 { font-size:1.25em; }\nspan.size4 { font-size:1.5em; }\nspan.size5 { font-size:1.75em; }\nspan.size6 { font-size:2em; }\nspan.size7 { font-size:2.25em; }\n</style>";
//==Background colours begin
//== White
if ($CURUSER['shoutboxbg'] == 1) {
$HTMLOUT .= "<style type='text/css'>\nA {color: #000000; font-weight: bold; }\nA:hover {color: #FF273D;}\n.small {font-size: 10pt; font-family: arial; }\n.date {font-size: 8pt;}\n</style>";
$bg = '#ffffff';
$res = sql_query("SELECT p.*, pa.id AS pa_id, pa.selection FROM postpolls AS p LEFT JOIN postpollanswers AS pa ON pa.pollid = p.id AND pa.userid = " . sqlesc($CURUSER['id']) . " WHERE p.id=" . sqlesc($pollid)) or sqlerr(__FILE__, __LINE__);
if (mysqli_num_rows($res) > 0) {
$arr1 = mysqli_fetch_assoc($res);
$userid = (int) $CURUSER['id'];
$question = htmlsafechars($arr1["question"]);
$o = array($arr1["option0"], $arr1["option1"], $arr1["option2"], $arr1["option3"], $arr1["option4"], $arr1["option5"], $arr1["option6"], $arr1["option7"], $arr1["option8"], $arr1["option9"], $arr1["option10"], $arr1["option11"], $arr1["option12"], $arr1["option13"], $arr1["option14"], $arr1["option15"], $arr1["option16"], $arr1["option17"], $arr1["option18"], $arr1["option19"]);
$HTMLOUT .= "<table cellpadding='5' width='{$Multi_forum['configs']['forum_width']}' align='center'>\r\n\t\t <tr><td class='colhead' align='left'><h2>Poll";
if ($userid == $t_userid || $CURUSER['class'] >= UC_STAFF) {
$HTMLOUT .= "<font class='small'> - [<a href='{$INSTALLER09['baseurl']}/forums.php?action=makepoll&subaction=edit&pollid=" . $pollid . "'><b>Edit</b></a>]</font>";
if ($CURUSER['class'] >= UC_STAFF) {
$HTMLOUT .= "<font class='small'> - [<a href='{$INSTALLER09['baseurl']}/forums.php?action=deletepoll&pollid=" . $pollid . "'><b>Delete</b></a>]</font>";
}
}
$HTMLOUT .= "</h2></td></tr>";
$HTMLOUT .= "<tr><td align='center' class='clearalt7'>\r\n\t\t <table width='55%'><tr><td class='clearalt6'><div align='center'><b>{$question}</b></div>";
$voted = is_valid_id($arr1['pa_id']) ? true : false;
if ($locked && $CURUSER['class'] < UC_STAFF ? true : $voted) {
$uservote = $arr1["selection"] != '' ? (int) $arr1["selection"] : -1;
$res_v = sql_query("SELECT selection FROM postpollanswers WHERE pollid=" . sqlesc($pollid) . " AND selection < 20");
$tvotes = mysqli_num_rows($res_v);
$vs = $os = array();
for ($i = 0; $i < 20; $i++) {
$vs[$i] = 0;
}
while ($arr_v = mysqli_fetch_row($res_v)) {
$vs[$arr_v[0]] += 1;
}
reset($o);
for ($i = 0; $i < count($o); ++$i) {
if ($o[$i]) {
$os[$i] = array($vs[$i], $o[$i]);
if (!defined('IN_REQUESTS')) {
exit('No direct script access allowed');
}
/**
* https://09source.kicks-ass.net:8443/svn/installer09/
* Licence Info: GPL
* Copyright (C) 2010 Installer09 v.2
* A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
* Project Leaders: Mindless,putyn,kidvision.
**/
$request = isset($_POST['requesttitle']) ? $_POST['requesttitle'] : '';
if ($request == '') {
stderr("{$lang['error_error']}", "{$lang['error_title']}");
}
$cat = isset($_POST['category']) ? (int) $_POST['category'] : 0;
if (!is_valid_id($cat)) {
stderr("{$lang['error_error']}", "{$lang['error_cat']}");
}
$descrmain = isset($_POST['body']) ? $_POST['body'] : '';
if (!$descrmain) {
stderr("{$lang['error_error']}", "{$lang['error_descr']}");
}
$pic = '';
if (!empty($_POST['picture'])) {
if (!preg_match('/^https?:\\/\\/([a-zA-Z0-9\\-\\_]+\\.)+([a-zA-Z]{1,5}[^\\.])(\\/[^<>]+)+\\.(jpg|jpeg|gif|png|tif|tiff|bmp)$/i', $_POST['picture'])) {
stderr("{$lang['error_error']}", "{$lang['error_image']}");
}
$picture = $_POST['picture'];
// $picture2 = trim(urldecode($_POST['picture']));
// $headers = get_headers($picture2);
// if (strpos($headers[0], '200') === false)
$r1 = sql_query("SELECT u.*,s.last_status,s.last_update FROM users as u LEFT JOIN ustatus as s ON u.id = s.userid WHERE u.id={$id}") or sqlerr();
$user = mysql_fetch_assoc($r1) or stderr("Error", "{$lang['userdetails_no_user']}");
$mc1->cache_value('user' . $id, $user, $INSTALLER09['expires']['user_cache']);
}
if ($user["status"] == "pending") {
stderr("Error", "User is still pending.");
}
//=== paranoid settings
if ($user['paranoia'] == 3 && $CURUSER['class'] < UC_STAFF && $CURUSER['id'] != $id) {
stderr('Error!', '<span style="font-weight: bold; text-align: center;"><img src="pic/smilies/tinfoilhat.gif" alt="I wear a tin-foil hat!" title="I wear a tin-foil hat!" />
This members paranoia settings are at tinfoil hat levels!!! <img src="pic/smilies/tinfoilhat.gif" alt="I wear a tin-foil hat!" title="I wear a tin-foil hat!" /></span>');
}
//=== delete H&R
if (isset($_GET['delete_hit_and_run']) && $CURUSER['class'] >= UC_STAFF) {
$delete_me = isset($_GET['delete_hit_and_run']) ? intval($_GET['delete_hit_and_run']) : 0;
if (!is_valid_id($delete_me)) {
stderr('Error!', 'Bad ID');
}
sql_query('UPDATE snatched SET hit_and_run = \'0\', mark_of_cain = \'no\' WHERE id = ' . $delete_me) or sqlerr(__FILE__, __LINE__);
if (@mysql_affected_rows() === 0) {
stderr('Error!', 'H&R not deleted!');
}
header('Location: ?id=' . $id . '&completed=1');
die;
}
$user_torrents = $mc1->get_value('user_torrents_' . $id);
if ($user_torrents === false) {
$a = sql_query("SELECT t.id, t.name, t.seeders, t.leechers, c.name AS cname, c.image FROM torrents t LEFT JOIN categories c ON t.category = c.id WHERE t.owner = {$id} ORDER BY t.name") or sqlerr(__FILE__, __LINE__);
while ($user_torrents2 = mysql_fetch_assoc($a)) {
$user_torrents[] = $user_torrents2;
}
