Exemple #1
0
// |                                                                          |
// | You should have received a copy of the GNU General Public License        |
// | along with TBDevYSE; if not, write to the Free Software Foundation,      |
// | Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA            |
// +--------------------------------------------------------------------------+
// |                                               Do not remove above lines! |
// +--------------------------------------------------------------------------+
*/
require_once "include/bittorrent.php";
function bark($msg)
{
    stderr("Произошла ошибка", $msg);
}
dbconn();
loggedinorreturn();
if (!mkglobal("email:oldpassword:chpassword:passagain")) {
    bark("missing form data");
}
// $set = array();
$updateset = array();
$changedemail = 0;
if ($chpassword != "") {
    if (strlen($chpassword) > 40) {
        bark("Извините, ваш пароль слишком длинный (максимум 40 символов)");
    }
    if ($chpassword != $passagain) {
        bark("Пароли не совпадают. Попробуйте еще раз.");
    }
    if ($CURUSER["passhash"] != md5($CURUSER["secret"] . $oldpassword . $CURUSER["secret"])) {
        bark("Вы ввели неправильный старый пароль.");
    }
Exemple #2
0
/**
*
* @Author Neptune
* @Credits All credit to Retro for the great idea of his updated modtask.php
* @Project TBDev.net
* @Category Addon Mods
* @Date Monday, Jan 5, 2009
*/
require 'include/bittorrent.php';
require 'include/bbcode_functions.php';
require 'include/user_functions.php';
define('MIN_CLASS', UC_MODERATOR);
define('NFO_SIZE', 65535);
$possible_extensions = array('nfo', 'txt');
if (!mkglobal('id:name:descr:type')) {
    die;
}
$id = 0 + $id;
if (!is_valid_id($id)) {
    stderr('Error', 'Invalid ID!');
}
dbconn();
maxcoder();
if (!logged_in()) {
    header("HTTP/1.0 404 Not Found");
    // moddifed logginorreturn by retro//Remember to change the following line to match your server
    print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
    die;
}
/**
Exemple #3
0
}
if ($type == "signup" && mkglobal("email")) {
    if (!validemail($email)) {
        stderr($tracker_lang['error'], "Это не похоже на реальный email адрес.");
    }
    stdhead($tracker_lang['signup_successful']);
    stdmsg($tracker_lang['signup_successful'], $use_email_act ? sprintf($tracker_lang['confirmation_mail_sent'], htmlspecialchars_uni($email)) : sprintf($tracker_lang['thanks_for_registering'], $SITENAME));
    stdfoot();
} elseif ($type == "sysop") {
    stdhead($tracker_lang['sysop_activated']);
    if (isset($CURUSER)) {
        stdmsg($tracker_lang['sysop_activated'], sprintf($tracker_lang['sysop_account_activated'], $DEFAULTBASEURL));
    } else {
        print "<p>Your account has been activated! However, it appears that you could not be logged in automatically. A possible reason is that you disabled cookies in your browser. You have to enable cookies to use your account. Please do that and then <a href=\"login.php\">log in</a> and try again.</p>\n";
    }
    mkglobal('email');
    stdfoot();
} elseif ($type == "confirmed") {
    stdhead($tracker_lang['account_activated']);
    stdmsg($tracker_lang['account_activated'], $tracker_lang['this_account_activated']);
    stdfoot();
} elseif ($type == "confirm") {
    if (isset($CURUSER)) {
        stdhead("Подтверждение регистрации");
        print "<h1>Ваш аккаунт успешно подтвержден!</h1>\n";
        print "<p>Ваш аккаунт теперь активирован! Вы автоматически вошли. Теперь вы можете <a href=\"{$DEFAULTBASEURL}/\"><b>перейти на главную</b></a> и начать использовать ваш аккаунт.</p>\n";
        print "<p>Прежде чем начать использовать {$SITENAME} мы рекомендуем вам прочитать <a href=\"rules.php\"><b>правила</b></a> и <a href=\"faq.php\"><b>ЧаВо</b></a>.</p>\n";
        stdfoot();
    } else {
        stdhead("Signup confirmation");
        print "<h1>Account successfully confirmed!</h1>\n";
Exemple #4
0
/**
 *   https://github.com/Bigjoos/
 *   Licence Info: GPL
 *   Copyright (C) 2010 U-232 v.3
 *   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
 *   Project Leaders: Mindless, putyn.
 *
 */
//==bookmark.php - by pdq
require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'include' . DIRECTORY_SEPARATOR . 'bittorrent.php';
require_once INCL_DIR . 'user_functions.php';
dbconn();
loggedinorreturn();
$lang = array_merge(load_language('global'));
$HTMLOUT = '';
if (!mkglobal("torrent")) {
    stderr("Error", "missing form data");
}
$userid = (int) $CURUSER['id'];
if (!is_valid_id($userid)) {
    stderr("Error", "Invalid ID.");
}
if ($userid != $CURUSER["id"]) {
    stderr("Error", "Access denied.");
}
$torrentid = 0 + $_GET["torrent"];
if (!is_valid_id($torrentid)) {
    die;
}
if (!isset($torrentid)) {
    stderr("Error", "Failed. No torrent selected");
Exemple #5
0
|   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.   |
|--------------------------------------------------------------------------|
|   Project Leaders: Mindless, Autotron, whocares, Swizzles.					    |
|--------------------------------------------------------------------------|
_   _   _   _   _     _   _   _   _   _   _     _   _   _   _
/ \ / \ / \ / \ / \   / \ / \ / \ / \ / \ / \   / \ / \ / \ / \
( U | - | 2 | 3 | 2 )-( S | o | u | r | c | e )-( C | o | d | e )
\_/ \_/ \_/ \_/ \_/   \_/ \_/ \_/ \_/ \_/ \_/   \_/ \_/ \_/ \_/
*/
require_once __DIR__ . DIRECTORY_SEPARATOR . 'include' . DIRECTORY_SEPARATOR . 'bittorrent.php';
require_once INCL_DIR . 'user_functions.php';
require_once INCL_DIR . 'html_functions.php';
require_once INCL_DIR . 'bbcode_functions.php';
require_once CLASS_DIR . 'page_verify.php';
global $CURUSER;
if (!mkglobal("id")) {
    die;
}
$id = 0 + $id;
if (!$id) {
    die;
}
/** who is modding by pdq **/
if (isset($_GET['unedit']) && $_GET['unedit'] == 1 && $CURUSER['class'] >= UC_STAFF) {
    $returl = "details.php?id={$id}";
    if (isset($_POST["returnto"])) {
        $returl .= "&returnto=" . urlencode($_POST["returnto"]);
    }
    header("Refresh: 1; url={$returl}");
    $mc1->delete_value('editedby_' . $id);
    exit;
Exemple #6
0
    $HTMLOUT = '';
    $HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\r\n\t\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n\t\t<html xmlns='http://www.w3.org/1999/xhtml'>\r\n\t\t<head>\r\n\t\t<title>Error!</title>\r\n\t\t</head>\r\n\t\t<body>\r\n\t<div style='font-size:33px;color:white;background-color:red;text-align:center;'>Incorrect access<br />You cannot access this file directly.</div>\r\n\t</body></html>";
    print $HTMLOUT;
    exit;
}
require_once INCL_DIR . 'user_functions.php';
require_once INCL_DIR . 'html_functions.php';
if (!min_class(UC_ADMINISTRATOR)) {
    // or just simply: if (!min_class(UC_STAFF))
    header("Location: {$TBDEV['baseurl']}/index.php");
}
$lang = array_merge($lang);
$select = '';
$HTMLOUT = '';
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    mkglobal("subforum:descr:place:minclassread:minclasswrite:minclasscreate");
    if (empty($subforum) || empty($descr) || empty($place)) {
        stderr("Err", "You missed something !");
    } else {
        mysql_query("INSERT INTO forums(`name`,`description` ,`minclassread` ,`minclasswrite` ,`minclasscreate`,`place`,`forid`) VALUES(" . join(",", array_map("sqlesc", array($subforum, $descr, $minclassread, $minclasswrite, $minclasscreate, $place, $place))) . ")") or sqlerr(__FILE__, __LINE__);
        if (mysql_insert_id()) {
            header('Refresh: 3; url=' . $TBDEV['baseurl'] . '/admin.php?action=msubforums');
            stderr("Success", "Forum added");
        } else {
            header('Refresh: 2; url=' . $TBDEV['baseurl'] . '/admin.php?action=msubforums');
        }
        stderr("Err", "Something was wrong");
    }
} else {
    $HTMLOUT .= begin_frame();
    //== First build the list with all the subforums
Exemple #7
0
<?

require_once("include/bittorrent.php");

hit_start();

dbconn();

hit_count();

if (!mkglobal("type"))
	die();

if ($type == "signup" && mkglobal("email")) {
	stdhead("Skráning notanda");
        stdmsg("Skráning tókst!",
	"Það hefur verið sendur póstur á netfangið sem þú skráðir, fylgið hlekknum sem þar er til að virkja aðganginn.");
	stdfoot();
}
elseif ($type == "confirmed") {
	stdhead("Aðgangur nú þegar virkur");
	print("<h1>Aðgangur nú þegar virkur</h1>\n");
	print("<p>Þessi aðgangur hefur nú þegar verið virkur, þú getur skráð þig inn á <a href=\"login.php\">innskráningarsíðunni</a></p>\n");
	stdfoot();
}
elseif ($type == "confirm") {
	if (isset($CURUSER)) {
		stdhead("Virkjun aðgangs");
		print("<h1>Virkjun á aðgangi þínum tókst!</h1>\n");
		print("<p>Aðgangur þinn hefur verið gerður virkur! Þú varst skráður inn sjálfkrafa. Þú getur nú farið á <a href=\"/\"><b>aðalsíðuna</b></a> og byrjað að nota aðganginn þinn.</p>\n");
		print("<p>Áður en þú notar Istorrent ber þér skylda að lesa <a href=\"rules.php\"><b>reglurnar</b></a> og <a href=\"faq.php\"><b>SOS</b></a>.</p>\n");
Exemple #8
0
<?php

require_once './config.php';
require_once './class/conn.class.php';
include './include/function.php';
$con = new conn();
if (!mkglobal('user:password:openid')) {
    exit(json_encode(array('status' => 'fail', 'errmsg' => '非法操作')));
}
$sql = "SELECT * FROM `weixin` WHERE `openid` = '{$openid}'";
$result = $con->query($sql);
if (!empty($result)) {
    exit(json_encode(array('status' => 'fail', 'errmsg' => '已绑定账户!')));
}
$sql = "SELECT * FROM `users` WHERE `username` = '{$user}' ";
$result = $con->query($sql);
if ($result != NULL) {
    $rs = $result[0];
    if ($rs['status'] == 'pending') {
        echo json_encode(array('status' => 'fail', 'errmsg' => '账户未激活'));
        exit;
    }
    if ($rs['passhash'] != md5($rs['secret'] . $password . $rs['secret'])) {
        var_dump($rs);
        echo md5($rs['secret'] . $password . $rs['secret']);
        echo json_encode(array('status' => 'fail', 'errmsg' => '密码错误!'));
        exit;
    }
    $sql = "INSERT INTO `weixin` (`ptid` , `openid` ) VALUES ('{$rs['id']}','{$openid}')";
    if ($con->query($sql)) {
        echo json_encode(array('status' => 'success', 'errmsg' => '成功!'));
Exemple #9
0
$lang = array_merge(load_language('global'), load_language('takelogin'));
// 09 failed logins thanks to pdq - Retro
function failedloginscheck()
{
    global $INSTALLER09;
    $total = 0;
    $ip = getip();
    $res = sql_query("SELECT SUM(attempts) FROM failedlogins WHERE ip=" . sqlesc($ip)) or sqlerr(__FILE__, __LINE__);
    list($total) = mysqli_fetch_row($res);
    if ($total >= $INSTALLER09['failedlogins']) {
        sql_query("UPDATE failedlogins SET banned = 'yes' WHERE ip=" . sqlesc($ip)) or sqlerr(__FILE__, __LINE__);
        stderr("Login Locked!", "You have been <b>Exceeded</b> the allowed maximum login attempts without successful login, therefore your ip address <b>(" . htmlsafechars($ip) . ")</b> has been locked for 24 hours.");
    }
}
// End
if (!mkglobal('username:password' . ($INSTALLER09['captcha_on'] ? ":captchaSelection:" : ":") . 'submitme')) {
    die('Something went wrong');
}
if ($submitme != 'X') {
    stderr('Ha Ha', 'You Missed, You plonker !');
}
if ($INSTALLER09['captcha_on'] && !$gotkey) {
    if (empty($captchaSelection) || $_SESSION['simpleCaptchaAnswer'] != $captchaSelection) {
        header('Location: login.php');
        exit;
    }
}
function bark($text = 'Username or password incorrect')
{
    global $lang, $INSTALLER09, $mc1;
    $sha = sha1($_SERVER['REMOTE_ADDR']);
Exemple #10
0
|   =============================================
|   by CoLdFuSiOn
|   (c) 2003 - 2009 TBDev.Net
|   http://www.tbdev.net
|   =============================================
|   svn: http://sourceforge.net/projects/tbdevnet/
|   Licence Info: GPL
+------------------------------------------------
|   $Date$
|   $Revision$
|   $Author$
|   $URL$
+------------------------------------------------
*/
require_once 'include/bittorrent.php';
if (!mkglobal('username:password:captcha')) {
    die;
}
session_start();
if (empty($captcha) || $_SESSION['captcha_id'] != strtoupper($captcha)) {
    header('Location: login.php');
    exit;
}
dbconn();
$lang = array_merge(load_language('global'), load_language('takelogin'));
function bark($text = 'Username or password incorrect')
{
    global $lang;
    stderr($lang['tlogin_failed'], $text);
}
$res = mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = "******" AND status = 'confirmed'");
Exemple #11
0
//== 09 failed logins thanks to pdq - Retro
function failedloginscheck()
{
    global $INSTALLER09;
    $total = 0;
    $ip = sqlesc(getip());
    $res = sql_query("SELECT SUM(attempts) FROM failedlogins WHERE ip={$ip}") or sqlerr(__FILE__, __LINE__);
    list($total) = mysql_fetch_row($res);
    if ($total >= $INSTALLER09['failedlogins']) {
        mysql_query("UPDATE failedlogins SET banned = 'yes' WHERE ip={$ip}") or sqlerr(__FILE__, __LINE__);
        stderr("Login Locked!", "You have been <b>Exceeded</b> the allowed maximum login attempts without successful login, therefore your ip address <b>(" . htmlspecialchars($ip) . ")</b> has been locked for 24 hours.");
    }
}
//==End
failedloginscheck();
if (!mkglobal("qlogin") || strlen($qlogin = htmlspecialchars($qlogin)) != 96) {
    die(n00b);
}
function bark($text = "<b>Oops</b>: Theres been an error - w00t!")
{
    stderr("Error", $text);
}
$hash1 = substr($qlogin, 0, 32);
$hash2 = substr($qlogin, 32, 32);
$hash3 = substr($qlogin, 64, 32);
$hash1 .= $hash2 . $hash3;
$res = sql_query("SELECT id, username, passhash, enabled FROM users WHERE hash1 = " . sqlesc($hash1) . " AND class >= " . UC_MODERATOR . " AND status = 'confirmed' LIMIT 1");
$row = mysql_fetch_assoc($res);
if (!$row) {
    $ip = sqlesc(getip());
    $added = sqlesc(time());
Exemple #12
0
// | Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA            |
// +--------------------------------------------------------------------------+
// |                                               Do not remove above lines! |
// +--------------------------------------------------------------------------+
*/
require_once 'include/bittorrent.php';
dbconn();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if ($use_captcha) {
        $b = get_row_count('captcha', 'WHERE imagehash = ' . sqlesc($_POST['imagehash']) . ' AND imagestring = ' . sqlesc($_POST['imagestring']));
        sql_query('DELETE FROM captcha WHERE imagehash = ' . sqlesc($_POST['imagehash'])) or die(mysql_error());
        if ($b == 0) {
            stderr($tracker_lang['error'], 'Вы ввели неправильный код подтверждения.');
        }
    }
    if (!mkglobal('useremail:subject:message')) {
        stderr($tracker_lang['error'], 'Вы не заполнили все поля формы! Вернитесь назад и попробуйте еще раз.');
    }
    if (!validemail($useremail)) {
        stderr($tracker_lang['error'], 'Это не похоже на реальный email адрес.');
    }
    $ip = getip();
    $username = $CURUSER['username'] ? $CURUSER['username'] : '******';
    if ($CURUSER) {
        $userid = $CURUSER['id'];
    } else {
        $userid = 0;
    }
    $body = <<<EOD
Сообщение через обратную связь на {$website_name}:
Exemple #13
0
//== 09 failed logins thanks to pdq - Retro
function failedloginscheck()
{
    global $INSTALLER09;
    $total = 0;
    $ip = getip();
    $res = sql_query("SELECT SUM(attempts) FROM failedlogins WHERE ip=" . sqlesc($ip)) or sqlerr(__FILE__, __LINE__);
    list($total) = mysqli_fetch_row($res);
    if ($total >= $INSTALLER09['failedlogins']) {
        sql_query("UPDATE failedlogins SET banned = 'yes' WHERE ip=" . sqlesc($ip)) or sqlerr(__FILE__, __LINE__);
        stderr("Login Locked!", "You have <b>Exceeded</b> the allowed maximum login attempts without successful login, therefore your ip address <b>(" . htmlsafechars($ip) . ")</b> has been locked out for 24 hours.");
    }
}
//==End
failedloginscheck();
if (!mkglobal("qlogin") || strlen($qlogin = $qlogin) != 96) {
    die(n00b);
}
function bark($text = 'Username or password incorrect')
{
    global $lang, $INSTALLER09, $mc1;
    $sha = sha1($_SERVER['REMOTE_ADDR']);
    $dict_key = 'dictbreaker:::' . $sha;
    $flood = $mc1->get_value($dict_key);
    if ($flood === false) {
        $mc1->cache_value($dict_key, 'flood_check', 20);
    } else {
        die('Minimum 8 seconds between login attempts :)');
    }
    stderr($lang['tlogin_failed'], $text);
}
Exemple #14
0
*/
require_once __DIR__ . DIRECTORY_SEPARATOR . 'include' . DIRECTORY_SEPARATOR . 'bittorrent.php';
require_once INCL_DIR . 'user_functions.php';
require_once INCL_DIR . 'password_functions.php';
dbconn();
// Begin the session
ini_set('session.use_trans_sid', '0');
session_start();
global $CURUSER;
if (!$CURUSER) {
    get_template();
}
$lang = array_merge(load_language('global'), load_language('recover'));
$stdhead = array('js' => array('jquery', 'jquery.simpleCaptcha-0.2'));
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (!mkglobal('email' . ($INSTALLER09['captcha_on'] ? ":captchaSelection" : "") . '')) {
        stderr("Oops", "Missing form data - You must fill all fields");
    }
    if ($INSTALLER09['captcha_on']) {
        if (empty($captchaSelection) || $_SESSION['simpleCaptchaAnswer'] != $captchaSelection) {
            header('Location: recover.php');
            exit;
        }
    }
    $email = trim($_POST["email"]);
    if (!validemail($email)) {
        stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_invalidemail']}");
    }
    $res = sql_query("SELECT * FROM users WHERE email=" . sqlesc($email) . " LIMIT 1") or sqlerr(__FILE__, __LINE__);
    $arr = mysqli_fetch_assoc($res) or stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_notfound']}");
    $sec = mksecret();
Exemple #15
0
 * @Date Monday, Aug 2, 2010
 */
require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'include' . DIRECTORY_SEPARATOR . 'bittorrent.php';
require_once INCL_DIR . 'user_functions.php';
require_once CLASS_DIR . 'page_verify.php';
require_once INCL_DIR . 'function_memcache.php';
define('MIN_CLASS', UC_STAFF);
define('NFO_SIZE', 65535);
dbconn();
loggedinorreturn();
$lang = array_merge(load_language('global'), load_language('takeedit'));
$newpage = new page_verify();
$newpage->check('teit');
$torrent_cache = $torrent_txt_cache = '';
$possible_extensions = array('nfo', 'txt');
if (!mkglobal('id:name:body:type')) {
    die('Id,descr,name or type missing');
}
$id = isset($_POST['id']) ? (int) $_POST['id'] : 0;
if (!is_valid_id($id)) {
    stderr($lang['takedit_failed'], $lang['takedit_no_data']);
}
/**
 *
 * @Function valid_torrent_name
 * @Notes only safe characters are allowed..
 * @Begin
 */
function valid_torrent_name($torrent_name)
{
    $allowedchars = 'abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_[]*()';
Exemple #16
0
loggedinorreturn();
function ratios($up, $down)
{
    if ($down > 0) {
        $ratio = number_format($up / $down, 3);
        return "<font color='" . get_ratio_color($ratio) . "'>{$ratio}</font>";
    } else {
        if ($up > 0) {
            return "Inf.";
        } else {
            return "---";
        }
    }
    return;
}
mkglobal("captcha");
session_start();
if (empty($captcha) || $_SESSION['captcha_id'] != strtoupper($captcha)) {
    stderr("Error", "Wrong word verification. Go back and try again!");
    exit;
}
$n_pms = isset($_POST["n_pms"]) ? $_POST["n_pms"] : false;
if ($n_pms) {
    //////  MM  ///
    if ($CURUSER['class'] < UC_MODERATOR) {
        stderr("Error", "Permission denied");
    }
    $msg = trim($_POST["msg"]);
    if (!$msg) {
        stderr("Error", "Please enter something!");
    }
Exemple #17
0
    if (empty($answer)) {
        stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error6']}");
    }
    if ($fetch['hintanswer'] != md5($answer)) {
        $ip = getip();
        $useragent = $_SERVER['HTTP_USER_AGENT'];
        $msg = "" . htmlspecialchars($fetch['username']) . ", on " . get_date(time(), '', 1, 0) . ", {$lang['main_message']}" . "\n\n{$lang['main_message1']} " . $ip . " (" . @gethostbyaddr($ip) . ")" . "\n {$lang['main_message2']} " . $useragent . "\n\n {$lang['main_message3']}\n {$lang['main_message4']}\n";
        $subject = "Failed password reset";
        mysql_query('INSERT INTO messages (receiver, msg, subject, added) VALUES (' . sqlesc((int) $fetch['id']) . ', ' . sqlesc($msg) . ', ' . sqlesc($subject) . ', ' . sqlesc(time()) . ')') or sqlerr(__FILE__, __LINE__);
        stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error7']}");
    } else {
        $HTMLOUT .= "<form method='post' action='?step=3'>\r\n<table border='1' cellspacing='0' cellpadding='10'>\r\n<tr><td class='rowhead'>{$lang['main_new_pass']}</td>\r\n<td><input type='password' size='40' name='newpass' /></td></tr>\r\n<tr><td class='rowhead'>{$lang['main_new_pass_confirm']}</td><td><input type='password' size='40' name='newpassagain' /></td></tr>\r\n<tr><td colspan='2' align='center'><input type='submit' value='{$lang['main_changeit']}' class='btn' />\r\n<input type='hidden' name='id' value='" . (int) $fetch['id'] . "' /></td></tr></table></form>";
        print stdhead('Reset Lost Password') . $HTMLOUT . stdfoot();
    }
} elseif ($step == '3') {
    if (!mkglobal('id:newpass:newpassagain')) {
        die;
    }
    $select = mysql_query('SELECT id, editsecret FROM users WHERE id = ' . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
    $fetch = mysql_fetch_assoc($select) or stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error8']}");
    if (empty($newpass)) {
        stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error9']}");
    }
    if ($newpass != $newpassagain) {
        stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error10']}");
    }
    if (strlen($newpass) < 6) {
        stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error11']}");
    }
    if (strlen($newpass) > 40) {
        stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error12']}");
Exemple #18
0
<?php

require_once "include/bittorrent.php";
require_once "include/bbcode_functions.php";
dbconn();
maxcoder();
$res = sql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $maxusers) {
    stderr("Error", "Sorry, user limit reached. Please try again later.");
}
if (!mkglobal("wantusername:wantpassword:passagain:email:captcha:passhint:hintanswer")) {
    die;
}
session_start();
if (empty($captcha) || $_SESSION['captcha_id'] != strtoupper($captcha)) {
    header('Location: index.php');
    exit;
}
function bark($msg)
{
    stdhead();
    stdmsg("Signup failed!", $msg);
    stdfoot();
    exit;
}
function isportopen($port)
{
    $sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);
    if ($sd) {
        fclose($sd);
Exemple #19
0
<?php

require_once "include/bittorrent.php";
dbconn();
require_once get_langfile_path();
loggedinorreturn();
function bark($msg)
{
    global $lang_takeedit;
    genbark($msg, $lang_takeedit['std_edit_failed']);
}
if (!mkglobal("id:name:descr:type")) {
    global $lang_takeedit;
    bark($lang_takeedit['std_missing_form_data']);
}
$id = 0 + $id;
if (!$id) {
    die;
}
$res = sql_query("SELECT category, owner, filename, save_as, anonymous, picktype, picktime, added FROM torrents WHERE id = " . mysql_real_escape_string($id));
$row = mysql_fetch_array($res);
$torrentAddedTimeString = $row['added'];
if (!$row) {
    die;
}
if ($CURUSER["id"] != $row["owner"] && get_user_class() < $torrentmanage_class) {
    bark($lang_takeedit['std_not_owner']);
}
$oldcatmode = get_single_value("categories", "mode", "WHERE id=" . sqlesc($row['category']));
$updateset = array();
//$fname = $row["filename"];
Exemple #20
0
<?php

require_once "include/bittorrent.php";
require_once "include/user_functions.php";
function bark($msg)
{
    genbark($msg, "Update failed!");
}
dbconn();
loggedinorreturn();
if (!mkglobal("email:chpassword:passagain:chmailpass")) {
    bark("missing form data");
}
// $set = array();
$updateset = array();
$changedemail = 0;
if ($chpassword != "") {
    if (strlen($chpassword) > 40) {
        bark("Sorry, password is too long (max is 40 chars)");
    }
    if ($chpassword != $passagain) {
        bark("The passwords didn't match. Try again.");
    }
    $sec = mksecret();
    $passhash = md5($sec . $chpassword . $sec);
    $updateset[] = "secret = " . sqlesc($sec);
    $updateset[] = "passhash = " . sqlesc($passhash);
    logincookie($CURUSER["id"], $passhash);
}
if ($email != $CURUSER["email"]) {
    if (!validemail($email)) {
Exemple #21
0
<?php

require_once "include/bittorrent.php";
header("Content-Type: text/html; charset=utf-8");
if (!mkglobal("username:password")) {
    die;
}
dbconn();
require_once get_langfile_path("", false, get_langfolder_cookie());
cur_user_check();
function bark($text = "")
{
    global $lang_takelogin;
    $text = $text == "" ? $lang_takelogin['std_login_fail_note'] : $text;
    stderr($lang_takelogin['std_login_fail'], $text, false);
}
if ($iv == "yes") {
    check_code($_POST['imagehash'], $_POST['imagestring'], 'login.php', true);
}
if (get_magic_quotes_gpc()) {
    $username = stripslashes($username);
}
$res = sql_query("SELECT id, passhash, secret, enabled, status FROM users WHERE username = "******"'" . mysql_real_escape_string($username) . "'");
$row = mysql_fetch_array($res);
if (!$row) {
    failedlogins();
}
if ($row['status'] == 'pending') {
    failedlogins($lang_takelogin['std_user_account_unconfirmed']);
}
if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"])) {
Exemple #22
0
        stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error7']}");
    } else {
        $sec = mksecret();
        $sechash = md5($sec . $fetch['id'] . $fetch['hintanswer']);
        sql_query("UPDATE users SET editsecret = " . sqlesc($sec) . " WHERE id = " . sqlesc($id));
        $mc1->begin_transaction('MyUser_' . $fetch["id"]);
        $mc1->update_row(false, array('editsecret' => $sec));
        $mc1->commit_transaction($INSTALLER09['expires']['curuser']);
        $mc1->begin_transaction('user' . $fetch["id"]);
        $mc1->update_row(false, array('editsecret' => $sec));
        $mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
        $HTMLOUT .= "<form method='post' action='?step=3'>\n    <table border='1' cellspacing='0' cellpadding='10'>\n    <tr><td class='rowhead'>{$lang['main_new_pass']}</td>\n    <td><input type='password' size='40' name='newpass' /></td></tr>\n    <tr><td class='rowhead'>{$lang['main_new_pass_confirm']}</td><td><input type='password' size='40' name='newpassagain' /></td></tr>\n    <tr><td colspan='2' align='center'><input type='submit' value='{$lang['main_changeit']}' class='btn' />\n    <input type='hidden' name='id' value='" . (int) $fetch['id'] . "' />\n    <input type='hidden' name='hash' value='" . $sechash . "' /></td></tr></table></form>";
        echo stdhead('Reset Lost Password') . $HTMLOUT . stdfoot();
    }
} elseif ($step == '3') {
    if (!mkglobal('id:newpass:newpassagain:hash')) {
        die;
    }
    if (strlen($hash) != 32 || !ctype_xdigit($hash)) {
        die('access denied');
    }
    $select = sql_query('SELECT id, editsecret FROM users WHERE id = ' . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
    $fetch = mysqli_fetch_assoc($select) or stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error8']}");
    if (empty($newpass)) {
        stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error9']}");
    }
    if ($newpass != $newpassagain) {
        stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error10']}");
    }
    if (strlen($newpass) < 6) {
        stderr("{$lang['stderr_errorhead']}", "{$lang['stderr_error11']}");
Exemple #23
0
/**
 *   http://btdev.net:1337/svn/test/Installer09_Beta
 *   Licence Info: GPL
 *   Copyright (C) 2010 BTDev Installer v.1
 *   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
 *   Project Leaders: Mindless,putyn.
 **/
require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'include' . DIRECTORY_SEPARATOR . 'bittorrent.php';
dbconn();
loggedinorreturn();
$lang = array_merge(load_language('global'), load_language('takerate'));
if (!isset($CURUSER)) {
    stderr("Error", "{$lang['rate_login']}");
}
if (!mkglobal("rating:id")) {
    stderr("Error", "{$lang['rate_miss_form_data']}");
}
$id = 0 + $id;
if (!$id) {
    stderr("Error", "{$lang['rate_invalid_id']}");
}
$rating = 0 + $rating;
if ($rating <= 0 || $rating > 5) {
    stderr("Error", "{$lang['rate_invalid']}");
}
$res = sql_query("SELECT owner FROM torrents WHERE id = {$id}");
$row = mysql_fetch_assoc($res);
if (!$row) {
    stderr("Error", "{$lang['rate_torrent_not_found']}");
}
Exemple #24
0
if (!$CURUSER) {
    get_template();
}
$ip = getip();
if (!$INSTALLER09['openreg']) {
    stderr('Sorry', 'Invite only - Signups are closed presently if you have an invite code click <a href="' . $INSTALLER09['baseurl'] . '/invite_signup.php"><b> Here</b></a>');
}
$res = sql_query("SELECT COUNT(id) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysqli_fetch_row($res);
if ($arr[0] >= $INSTALLER09['maxusers']) {
    stderr($lang['takesignup_error'], $lang['takesignup_limit']);
}
$lang = array_merge(load_language('global'), load_language('takesignup'));
$newpage = new page_verify();
$newpage->check('tesu');
if (!mkglobal('wantusername:wantpassword:passagain:email' . ($INSTALLER09['captcha_on'] ? ":captchaSelection:" : ":") . 'submitme:passhint:hintanswer:country')) {
    stderr($lang['takesignup_user_error'], $lang['takesignup_form_data']);
}
if ($submitme != 'X') {
    stderr('Ha Ha', 'You Missed, You plonker !');
}
if ($INSTALLER09['captcha_on']) {
    if (empty($captchaSelection) || $_SESSION['simpleCaptchaAnswer'] != $captchaSelection) {
        header('Location: signup.php');
        exit;
    }
}
function validusername($username)
{
    global $lang;
    if ($username == "") {
Exemple #25
0
}
// 09 failed logins thanks to pdq - Retro
function failedloginscheck()
{
    global $INSTALLER09;
    $total = 0;
    $ip = sqlesc(getip());
    $res = sql_query("SELECT SUM(attempts) FROM failedlogins WHERE ip={$ip}") or sqlerr(__FILE__, __LINE__);
    list($total) = mysql_fetch_row($res);
    if ($total >= $INSTALLER09['failedlogins']) {
        mysql_query("UPDATE failedlogins SET banned = 'yes' WHERE ip={$ip}") or sqlerr(__FILE__, __LINE__);
        stderr("Login Locked!", "You have been <b>Exceeded</b> the allowed maximum login attempts without successful login, therefore your ip address <b>(" . htmlspecialchars($ip) . ")</b> has been locked for 24 hours.");
    }
}
//==End
if (!mkglobal('username:password:captchaSelection:submitme')) {
    die('Something went wrong');
}
if ($submitme != 'X') {
    stderr('Ha Ha', 'You Missed, You plonker !');
}
session_start();
if (empty($captchaSelection) || $_SESSION['simpleCaptchaAnswer'] != $captchaSelection) {
    header('Location: login.php');
    exit;
}
dbconn();
$lang = array_merge(load_language('global'), load_language('takelogin'));
$newpage = new page_verify();
$newpage->check('takelogin');
function bark($text = 'Username or password incorrect')
Exemple #26
0
<?php

require_once "include/bittorrent.php";
dbconn();
$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
$arr[0]--;
if ($arr[0] >= $maxusers) {
    stderr("Error", "Sorry, user limit reached. Please try again later.");
}
if (!mkglobal("wantusername:wantpassword:passagain:email:captcha")) {
    die;
}
session_start();
if (empty($captcha) || $_SESSION['captcha_id'] != strtoupper($captcha)) {
    header('Location: signup.php');
    exit;
}
function bark($msg)
{
    stdhead();
    stdmsg("Signup failed!", $msg);
    stdfoot();
    exit;
}
function validusername($username)
{
    if ($username == "") {
        return false;
    }
    // The following characters are allowed in user names
Exemple #27
0
<?

require_once("include/bittorrent.php");

hit_start();

dbconn();

#$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
#$arr = mysql_fetch_row($res);
#if ($arr[0] >= $maxusers)
#	stderr("Villa", "Afsakið, netþjónninn er fullur. reynið aftur síðar.");

if (!mkglobal("wantusername:wantpassword:passagain:email"))
	die();

function bark($msg) {
  stdhead();
	stdmsg("Skráning mistókst!", $msg);
  stdfoot();
  exit;
}

function validusername($username)
{
	if ($username == "")
	  return false;

	// The following characters are allowed in user names
	$allowedchars = "aábcdðeéfghiíjklmnoópqrstuúvwxyýzþæöAÁBCDÐEÉFGHIÍJKLMNOÓPQRSTUÚVWXYZÞÆÖ0123456789";
Exemple #28
0
$main = trim($_POST["main"]);
if (!$main)
{
  stdhead();
  stdmsg("�ps...", "�� ver�ur a� sl� inn eitthva�!");
  stdfoot();
  exit;
}

hit_count();

if (!isset($CURUSER))
	die();

if (!mkglobal("main:id"))
	die();

$id = 0 + $id;
if (!$id)
	die();

$res = mysql_query("SELECT 1 FROM torrents WHERE id = $id");
$row = mysql_fetch_array($res);
if (!$row)
	die();
$dags = get_date_time();
$sqlinsert = 'INSERT INTO comments (user, torrent, added, text, ori_text) VALUES (\''.$CURUSER[id].'\',\''.$id.'\',\''.$dags.'\','.sqlesc($main).','.sqlesc($main).')';
mysql_query($sqlinsert);
Exemple #29
0
            $image['img_height'] = $img_size[1];
        }
        $updateset[] = "sig_w = " . sqlesc($image['img_width']);
        $updateset[] = "sig_h = " . sqlesc($image['img_height']);
        $updateset[] = "signature = " . sqlesc("[img]" . $signature . "[/img]\n");
    }
    $updateset[] = "signatures = '{$signatures}'";
    if (isset($_POST["info"]) && ($info = $_POST["info"]) != $CURUSER["info"]) {
        $updateset[] = "info = " . sqlesc($info);
    }
    $action = "signature";
} elseif ($action == "security") {
    if (isset($_POST['ssluse']) && ($ssluse = (int) $_POST['ssluse']) && $ssluse != $CURUSER['ssluse']) {
        $updateset[] = "ssluse = " . $ssluse;
    }
    if (!mkglobal("email:chpassword:passagain:chmailpass:secretanswer")) {
        stderr("Error", $lang['takeeditcp_no_data']);
    }
    if ($chpassword != "") {
        if (strlen($chpassword) > 40) {
            stderr("Error", $lang['takeeditcp_pass_long']);
        }
        if ($chpassword != $passagain) {
            stderr("Error", $lang['takeeditcp_pass_not_match']);
        }
        $secret = mksecret();
        $passhash = make_passhash($secret, md5($chpassword));
        $updateset[] = "secret = " . sqlesc($secret);
        $updateset[] = "passhash = " . sqlesc($passhash);
        logincookie($CURUSER["id"], md5($passhash . $_SERVER["REMOTE_ADDR"]));
    }
Exemple #30
0
<?php

require "include/bittorrent.php";
require_once "include/bbcode_functions.php";
dbconn();
if (!logged_in()) {
    header("HTTP/1.0 404 Not Found");
    // moddifed logginorreturn by retro//Remember to change the following line to match your server
    print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
    die;
}
if (get_user_class() < UC_ADMINISTRATOR) {
    stderr("Error", "Access denied.");
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    mkglobal("readclass:writeclass:createclass:subforum:descr:place");
    if (empty($readclass) || empty($writeclass) || empty($createclass) || empty($subforum) || empty($descr) || empty($place)) {
        stderr("Err", "You missed something !");
    } else {
        mysql_query("INSERT INTO forums(`name`,`description` ,`minclassread` ,`minclasswrite` ,`minclasscreate`,`place`,`forid`) VALUES(" . join(",", array_map("sqlesc", array($subforum, $descr, $readclass, $writeclass, $createclass, $place, $place))) . ")") or sqlerr(__FILE__, __LINE__);
        if (mysql_insert_id()) {
            header("Refresh: 2; url=" . $_SERVER["PHP_SELF"]);
            stderr("Succes", "Forum added");
        } else {
            stderr("Err", "Something was wrong");
        }
    }
} else {
    stdhead();
    begin_frame();
    // first build the list with all the subforums