function uploadimage($x, $imgname, $tid) { global $site_config; $imagesdir = $site_config["torrent_dir"] . "/images"; $allowed_types =& $site_config["allowed_image_types"]; if (!($_FILES["image{$x}"]["name"] == "")) { if ($imgname != "") { $img = "{$imagesdir}/{$imgname}"; $del = unlink($img); } $y = $x + 1; $im = getimagesize($_FILES["image{$x}"]["tmp_name"]); if (!$im[2]) { show_error_msg(T_("ERROR"), "Invalid Image {$y}.", 1); } if (!array_key_exists($im['mime'], $allowed_types)) { show_error_msg(T_("ERROR"), T_("INVALID_FILETYPE_IMAGE"), 1); } if ($_FILES["image{$x}"]["size"] > $site_config['image_max_filesize']) { show_error_msg(T_("ERROR"), sprintf(T_("INVAILD_FILE_SIZE_IMAGE"), $y), 1); } $uploaddir = "{$imagesdir}/"; $ifilename = $tid . $x . $allowed_types[$im['mime']]; $copy = copy($_FILES["image{$x}"]["tmp_name"], $uploaddir . $ifilename); if (!$copy) { show_error_msg(T_("ERROR"), sprintf(T_("ERROR_UPLOADING_IMAGE"), $y), 1); } return $ifilename; } }
private function __construct() { if (function_exists('bbcode_create')) { $this->bbcode = bbcode_create($this->getTags()); $this->initSmilies(); return; } show_error_msg('Error', 'BBCode not available, you need to run `pecl install bbcode-1.0.3b1`', 1); }
function error_msg_exit($msg) { echo <<<EOT <html> <head> <title>Developer Tools</title> <meta http-equiv="Content-Type" content="text/html; charset=euc-jp"> </head> <body> EOT; show_error_msg($msg); echo <<<EOT </body> </html> EOT; exit; }
function main() { if (isset($_GET['day'])) { $day = $_GET['day']; } else { $day = date('Y-m-d'); } check_post_values(); create_html_start(); show_error_msg(); create_edit_form($day); create_html_end(); }
dbconn(true); loggedinonly(true); ?> <?php if (!$CURUSER) { ?> <meta http-equiv='refresh' content='0;url=account-login.php' /> <?php } stdhead(T_("HOME")); //check if (file_exists("check.php") && $CURUSER["class"] == 7) { show_error_msg("WARNING", "Check.php still exists, please delete or rename the file as it could pose a security risk<br /><br /><a href='check.php'>View Check.php</a> - Use to check your config!<br /><br />", 0); } //Site Notice if ($site_config['SITENOTICEON']) { begin_frame(T_("NOTICE")); echo $site_config['SITENOTICE']; end_frame(); } //Site News if ($site_config['NEWSON'] && $CURUSER['view_news'] == "yes") { begin_frame(T_("NEWS")); $res = SQL_Query_exec("SELECT news.id, news.title, news.added, news.body, users.username FROM news LEFT JOIN users ON news.userid = users.id ORDER BY added DESC LIMIT 10"); if (mysql_num_rows($res) > 0) { print "<table width='100%' border='0' cellspacing='0' cellpadding='0'><tr><td>\n<ul>"; $news_flag = 0; while ($array = mysql_fetch_assoc($res)) {
} else { $subject = @$_POST['subject']; $msg = sqlesc(@$_POST['msg']); } if ($msg) { $subject = sqlesc($subject); if ((isset($_POST['draft']) || isset($_POST['template'])) && isset($_POST['msgid'])) { SQL_Query_exec("UPDATE messages SET `subject` = {$subject}, `msg` = {$msg} WHERE `id` = {$_POST['msgid']} AND `sender` = {$CURUSER['id']}") or die("arghh"); } else { $to = @$_POST['draft'] ? 'draft' : (@$_POST['template'] ? 'template' : (@$_POST['save'] ? 'both' : 'in')); $status = @$_POST['send'] ? 'yes' : 'no'; //===| Start Blocked Users $blocked = SQL_Query_exec("SELECT id FROM blocked WHERE userid={$sendto} AND blockid={$CURUSER['id']}"); $show = mysql_num_rows($blocked); if ($show != 0 && $CURUSER["control_panel"] != "yes") { show_error_msg("Error", "[B]You're blocked by this member and you can not send messages to him![/B]\n", 1); } //===| End Blocked Users SQL_Query_exec("INSERT INTO `messages` (`sender`, `receiver`, `added`, `subject`, `msg`, `unread`, `location`) VALUES ('{$CURUSER['id']}', '{$sendto}', '" . get_date_time() . "', {$subject}, {$msg}, '{$status}', '{$to}')") or die("Aargh!"); // email notif $res = SQL_Query_exec("SELECT id, acceptpms, notifs, email FROM users WHERE id='{$sendto}'"); $user = mysql_fetch_assoc($res); if (strpos($user['notifs'], '[pm]') !== false) { $cusername = $CURUSER["username"]; $body = "You have received a PM from " . $cusername . "\n\nYou can use the URL below to view the message (you may have to login).\n\n " . $site_config['SITEURL'] . "/mailbox.php\n\n" . $site_config['SITENAME'] . ""; sendmail($user["email"], "You have received a PM from {$cusername}", $body, "From: {$site_config['SITEEMAIL']}", "-f{$site_config['SITEEMAIL']}"); } //end email notif if (isset($_POST['msgid'])) { SQL_Query_exec("DELETE FROM messages WHERE `location` = 'draft' AND `sender` = {$CURUSER['id']} AND `id` = {$_POST['msgid']}") or die("arghh"); }
<html lang="ja"> <head> <title>開発用サービス</title> <meta http-equiv="content-type" content="text/html; charset=euc-jp"> <meta http-equiv="CONTENT-STYLE-TYPE" content="text/css"> <link rel="stylesheet" type="text/css" href="inc/style.css"> <script language="JavaScript" type="text/javascript"><!-- function init() { document.LoginForm.pwd.focus(); } //--> </script> </head> <body onLoad="init()"> <div id="contents"> <?php echo show_error_msg($errors); ?> <center> <span class="Font2">開発用サービス</span><br /><br /> <form method="post" action="login.php" name="LoginForm" autocomplete="off"> <table border="0"> <tr> <td nowrap><b>名前</b></td> <td> <?php if ($users != false) { ?> <select name='aid'> <option value="">(あなたのお名前)</option> <?php foreach ($users as $user) {
<?php // // TorrentTrader v2.x // $LastChangedDate: 2012-09-28 20:35:06 +0100 (Fri, 28 Sep 2012) $ // $LastChangedBy: torrenttrader $ // // http://www.torrenttrader.org // require_once "backend/functions.php"; dbconn(); $id = (int) $_GET["id"]; $md5 = $_GET["secret"]; $email = $_GET["email"]; if (!$id || !$md5 || !$email) { show_error_msg(T_("ERROR"), T_("MISSING_FORM_DATA"), 1); } $res = SQL_Query_exec("SELECT `editsecret` FROM `users` WHERE `enabled` = 'yes' AND `status` = 'confirmed' AND `editsecret` != '' AND `id` = '{$id}'"); $row = mysql_fetch_assoc($res); if (!$row) { show_error_msg(T_("ERROR"), T_("NOTHING_FOUND"), 1); } $sec = $row["editsecret"]; if ($md5 != md5($sec . $email . $sec)) { show_error_msg(T_("ERROR"), T_("NOTHING_FOUND"), 1); } SQL_Query_exec("UPDATE `users` SET `editsecret` = '', `email` = " . sqlesc($email) . " WHERE `id` = '{$id}' AND `editsecret` = " . sqlesc($row["editsecret"])); header("Refresh: 0; url=account.php"); header("Location: account.php");
function &execute() { $query = $this->read(); $res = mysql_query($query); if ($res || mysql_errno() == 1062) { return $res; } $mysql_error = mysql_error(); $mysql_errno = mysql_errno(); // If debug_backtrace() is available, we can find exactly where the query was called from if (function_exists("debug_backtrace")) { $bt = debug_backtrace(); $i = 1; if ($bt[$i]["function"] == "SQL_Query_exec_cached" || $bt[$i]["function"] == "get_row_count_cached" || $bt[$i]["function"] == "get_row_count") { $i++; } $line = $bt[$i]["line"]; $file = str_replace(getcwd() . DIRECTORY_SEPARATOR, "", $bt[$i]["file"]); $msg = "Database Error in {$file} on line {$line}: {$mysql_error}. Query was: {$query}."; } else { $file = str_replace(getcwd() . DIRECTORY_SEPARATOR, "", $_SERVER["SCRIPT_FILENAME"]); $msg = "Database Error in {$file}: {$mysql_error}. Query was: {$query}"; } mysql_query("INSERT INTO `sqlerr` (`txt`, `time`) \n VALUES (" . sqlesc($msg) . ", '" . get_date_time() . "')"); if (function_exists('show_error_msg')) { show_error_msg("Database Error", "Database Error. Please report this to an administrator.", 1); } }
if ($upd["enabled"] == 0 && $upd["position"] == "left" && $_POST["enable_" . $upd["id"]] == 1) { $update[] = "sort = " . $nextleft; } elseif ($upd["enabled"] == 0 && $upd["position"] == "middle" && $_POST["enable_" . $upd["id"]] == 1) { $update[] = "sort = " . $nextmiddle; } elseif ($upd["enabled"] == 0 && $upd["position"] == "right" && $_POST["enable_" . $upd["id"]] == 1) { $update[] = "sort = " . $nextright; } elseif ($upd["enabled"] == 1 && $upd["position"] == "left" && $_POST["enable_" . $upd["id"]] == 0) { $update[] = "sort = 0"; } elseif ($upd["enabled"] == 1 && $upd["position"] == "middle" && $_POST["enable_" . $upd["id"]] == 0) { $update[] = "sort = 0"; } elseif ($upd["enabled"] == 1 && $upd["position"] == "right" && $_POST["enable_" . $upd["id"]] == 0) { $update[] = "sort = 0"; } else { $update[] = "sort = " . $upd["sort"]; } SQL_Query_exec("UPDATE blocks SET " . implode(", ", $update) . " WHERE id={$id}") or show_error_msg(T_("ERROR"), "" . T_("_FAIL_DB_QUERY_") . ": " . mysql_error()); } } resortleft(); resortmiddle(); resortright(); } // == end edit echo "<center><a href=\"index.php\">" . T_("HOME") . "</a> • <a href=\"admincp.php\">" . T_("ADMIN_CP") . "</a> • <a href=\"admincp.php?action=blocks&do=view\">" . T_("_BLC_MAN_") . "</a></center>"; // ---- <table> for blocks in database ----------------------------------------- print "<hr />"; $res = SQL_Query_exec("SELECT * FROM blocks ORDER BY enabled DESC, position, sort"); print "<table align=\"center\"><tr><td>" . "<form name=\"blocks\" method=\"post\" action=\"blocks-edit.php\">" . "<input type=\"hidden\" name=\"edit\" value=\"true\" />" . "<table align=\"center\" class=\"table_table\" cellspacing=\"0\" width=\"650\">" . "<tr>" . "<td class=\"table_head\" align=\"center\"><font size=\"2\"><b>" . T_("_BLC_MAN_") . "</b></font></td>" . "</tr>" . "</table><br />" . "<table cellspacing=\"0\" class=\"table_table\" align=\"center\" width=\"650\">" . "<tr>" . "<th rowspan=\"2\" class=\"table_head\">" . T_("_NAMED_") . "<br />(" . T_("_FL_NM_IF_NO_SET_") . ")</th>" . "<th rowspan=\"2\" class=\"table_head\">" . T_("_FILE_NAME_") . "</th>" . "<th rowspan=\"2\" class=\"table_head\">" . T_("DESCRIPTION") . "<br />(" . T_("_MAX_") . " 255 " . T_("_CHARS_") . ")</th>" . "<th rowspan=\"2\" colspan=\"3\" class=\"table_head\">" . T_("_POSITION_") . "</th>" . "<th rowspan=\"2\" colspan=\"2\" class=\"table_head\">" . T_("_SORT_ORDER_") . "</th>" . "<th colspan=\"2\" class=\"table_head\">" . T_("ENABLED") . "</th>" . "<th rowspan=\"2\" class=\"table_head\">" . T_("_DEL_") . "</th>" . "</tr>" . "<tr>" . "<th class=\"table_head\">" . T_("YES") . "</th>" . "<th class=\"table_head\">" . T_("NO") . "</th>" . "</tr>"; while ($blocks2 = mysql_fetch_assoc($res)) { $down = $blocks["id"]; if (!$setclass) {
$sure = htmlentities($_GET['sure']); $type = htmlentities($_GET['type']); if (!is_valid_id($targetid)) { show_error_msg("Error", "Invalid ID {$userid}.", 1); } if (!$sure) { show_error_msg("Delete {$type}", "<div style='margin-top:10px; margin-bottom:10px' align='center'>Do you really want to delete this {$typ}? \n" . "<a href=?id={$userid}&action=delete&type={$type}&targetid={$targetid}&sure=1>Yes</a> | <a href=/watch/>No</a></div>", 1); } if ($type == 'bookmarkuser') { SQL_Query_exec("DELETE FROM bookmarkuser WHERE userid={$userid} AND bkid={$targetid}"); if (mysql_affected_rows() == 0) { show_error_msg("Error", "No bookmarkuser found with ID {$targetid}", 1); } $frag = "bookmarkuser"; } else { show_error_msg("Error", "Unknown type {$type}", 1); } header("Location: " . $site_config['SITEURL'] . "/watch/?id={$userid}#{$frag}"); die; } //===| Main Body |================================================================// stdhead("Personal lists for " . $user['username']); begin_frame("Personal lists for " . class_user($user[username]) . ""); print "<div style='margin-top:10px; margin-bottom:20px' align='center'><font size=2><font color=#0080FF><b>List of Personal watched users</b></font></div>"; ?> <table class="table_table" border="0" width="100%"> <tr> <th class="table_head"><b>User Name</b></td></th> <th class="table_head"><b>Account enabled?</b></td></th> <th class="table_head"><b>Contact user</td></th> <th class="table_head"><b>Last Seen</b></td></th>
$leechers = strip_tags($stats['peers']); $downloaded = strip_tags($stats['downloaded']); SQL_Query_exec("UPDATE torrents SET leechers='" . $leechers . "', seeders='" . $seeders . "',times_completed='" . $downloaded . "',last_action= '" . get_date_time() . "',visible='yes' WHERE id='" . $id . "'"); } //END SCRAPE write_log("Torrent {$id} ({$name}) was Uploaded by {$CURUSER['username']}"); $message .= "<br /><b>" . T_("UPLOAD_OK") . "</b><br /><a href='torrents-details.php?id=" . $id . "'>" . T_("UPLOAD_VIEW_DL") . "</a><br /><br />"; echo $message; @unlink("{$dir}/{$fname}"); } echo "</center>"; end_frame(); stdfoot(); die; } else { show_error_msg(T_("UPLOAD_FAILED"), $message, 1); } } //takeupload ///////////////////// FORMAT PAGE //////////////////////// stdhead(T_("UPLOAD")); begin_frame(T_("UPLOAD")); ?> <form name="upload" enctype="multipart/form-data" action="torrents-import.php" method="post"> <input type="hidden" name="takeupload" value="yes" /> <table border="0" cellspacing="0" cellpadding="6" align="center"> <tr><td align="right" valign="top"><b>File List:</b></td><td align="left"><?php if (!count($files)) { echo T_("NOTHING_TO_SHOW_FILES") . " {$dir}/."; } else { foreach ($files as $f) {
if ($arr) { $sec = mksecret(); $secmd5 = md5($sec); $id = $arr['id']; $body = T_("SOMEONE_FROM") . " " . $_SERVER["REMOTE_ADDR"] . " " . T_("MAILED_BACK") . " ({$email}) " . T_("BE_MAILED_BACK") . " \r\n\r\n " . T_("ACCOUNT_INFO") . " \r\n\r\n " . T_("USERNAME") . ": " . $arr["username"] . " \r\n " . T_("CHANGE_PSW") . "\n\n{$site_config['SITEURL']}/account-recover.php?id={$id}&secret={$secmd5}\n\n\n" . $site_config["SITENAME"] . "\r\n"; @sendmail($arr["email"], T_("ACCOUNT_DETAILS"), $body, "", "-f" . $site_config['SITEEMAIL']); $res2 = SQL_Query_exec("UPDATE `users` SET `secret` = " . sqlesc($sec) . " WHERE `email`= " . sqlesc($email) . " LIMIT 1"); $msg = sprintf(T_('MAIL_RECOVER'), htmlspecialchars($email)); $kind = T_("SUCCESS"); } } } stdhead(); begin_frame(T_("RECOVER_ACCOUNT")); if ($kind != "0") { show_error_msg("Notice", "{$kind}: {$msg}", 0); } if (is_valid_id($_GET["id"]) && strlen($_GET["secret"]) == 32) { ?> <form method="post" action="account-recover.php"> <table border="0" cellspacing="0" cellpadding="5"> <tr> <td> <b><?php echo T_("NEW_PASSWORD"); ?> </b>: </td> <td> <input type="hidden" name="secret" value="<?php echo $_GET['secret'];
if (!is_valid_id($topicid)) { showerror(T_("FORUM_ERROR"), "Topic Not Valid"); } $userid = $CURUSER["id"]; //------ Get topic info $res = SQL_Query_exec("SELECT * FROM forum_topics WHERE id={$topicid}"); $arr = mysql_fetch_assoc($res) or showerror(T_("FORUM_ERROR"), "Topic not found"); $locked = $arr["locked"] == 'yes'; $subject = stripslashes($arr["subject"]); $sticky = $arr["sticky"] == "yes"; $forumid = $arr["forumid"]; // Check if user has access to this forum $res2 = SQL_Query_exec("SELECT minclassread, guest_read FROM forum_forums WHERE id={$forumid}"); $arr2 = mysql_fetch_assoc($res2); if (!$arr2 || get_user_class() < $arr2["minclassread"] && $arr2["guest_read"] == "no") { show_error_msg("Error: Access Denied", "You do not have access to the forum this topic is in."); } // Update Topic Views $viewsq = SQL_Query_exec("SELECT views FROM forum_topics WHERE id={$topicid}"); $viewsa = mysql_fetch_array($viewsq); $views = $viewsa[0]; $new_views = $views + 1; $uviews = SQL_Query_exec("UPDATE forum_topics SET views = {$new_views} WHERE id={$topicid}"); // End //------ Get forum $res = SQL_Query_exec("SELECT * FROM forum_forums WHERE id={$forumid}"); $arr = mysql_fetch_assoc($res) or showerror(T_("FORUM_ERROR"), "Forum is empty"); $forum = stripslashes($arr["name"]); //------ Get post count $res = SQL_Query_exec("SELECT COUNT(*) FROM forum_posts WHERE topicid={$topicid}"); $arr = mysql_fetch_row($res);
<?php #================================# # TorrentTrader 2.08 # # http://www.torrenttrader.org # #--------------------------------# # Modified by BigMax # #================================# require_once "backend/functions.php"; dbconn(); loggedinonly(); $gottorrent = (int) $_GET["torrent"]; if (!isset($gottorrent)) { show_error_msg("Error", " ... No torrent selected", 1); } if (get_row_count("bookmarks", "WHERE userid={$CURUSER['id']} AND torrentid = {$gottorrent}") > 0) { show_error_msg("Error", "Already bookmarked torrent", 1); } if (get_row_count("torrents", "WHERE id = {$gottorrent}") > 0) { SQL_Query_exec("INSERT INTO bookmarks (userid, torrentid) VALUES ({$CURUSER['id']}, {$gottorrent})"); stdhead("Bookmarks"); begin_frame("Successfully"); echo "<div style='margin-top:10px; margin-bottom:10px' align='center'>\n\t\t\tTorrent was successfully bookmarked. \n\t\t\t[<a href=torrents-details.php?id={$gottorrent}><b>Go to Torrent</b></a>] or\n\t\t\t[<a href=bookmark.php><b>See Your Bookmarks</b></a>]\n\t\t</div>"; end_frame(); stdfoot(); } else { show_error_msg("Error", "ID not found", 1); }
function main() { create_html_start(); // If check_post_values returns true, then new // user is succesfully created (or at least it should be...) // Note that show_error_msg shows message where is // message that user is registered succesfully! if (check_post_values()) { show_error_msg(); echo '<br />'; echo '<a href="index.php">Back to main page</a>'; } else { show_error_msg(); create_register_form(); } create_html_end(); }
if ($CURUSER["view_torrents"] == "no") { show_error_msg(T_("ERROR"), T_("NO_TORRENT_VIEW"), 1); } } $id = (int) $_GET["id"]; $res = SQL_Query_exec("SELECT name, external, banned FROM torrents WHERE id = {$id}"); $row = mysql_fetch_assoc($res); if (!$row || $row["banned"] == "yes" && $CURUSER["edit_torrents"] == "no") { show_error_msg(T_("ERROR"), T_("TORRENT_NOT_FOUND"), 1); } if ($row["external"] == "yes") { show_error_msg(T_("ERROR"), T_("THIS_TORRENT_IS_EXTERNALLY_TRACKED"), 1); } $res = SQL_Query_exec("SELECT users.id, users.username, users.uploaded, users.downloaded, users.privacy, completed.date FROM users LEFT JOIN completed ON users.id = completed.userid WHERE users.enabled = 'yes' AND completed.torrentid = '{$id}'"); if (mysql_num_rows($res) == 0) { show_error_msg(T_("ERROR"), T_("NO_DOWNLOADS_YET"), 1); } $title = sprintf(T_("COMPLETED_DOWNLOADS"), CutName($row["name"], 40)); stdhead($title); begin_frame($title); ?> <table cellpadding="3" cellspacing="0" align="center" class="table_table"> <tr> <th class="table_head"><?php echo T_("USERNAME"); ?> </th> <th class="table_head"><?php echo T_("CURRENTLY_SEEDING"); ?>
} $res = SQL_Query_exec("SELECT filename, banned, external, announce FROM torrents WHERE id =" . intval($id)); $row = mysql_fetch_assoc($res); $torrent_dir = $site_config["torrent_dir"]; $fn = "{$torrent_dir}/{$id}.torrent"; if (!$row) { show_error_msg(T_("FILE_NOT_FOUND"), T_("ID_NOT_FOUND"), 1); } if ($row["banned"] == "yes") { show_error_msg(T_("ERROR"), T_("BANNED_TORRENT"), 1); } if (!is_file($fn)) { show_error_msg(T_("FILE_NOT_FOUND"), T_("FILE_NOT_FILE"), 1); } if (!is_readable($fn)) { show_error_msg(T_("FILE_NOT_FOUND"), T_("FILE_UNREADABLE"), 1); } $name = $row['filename']; $friendlyurl = str_replace("http://", "", $site_config["SITEURL"]); $friendlyname = str_replace(".torrent", "", $name); $friendlyext = ".torrent"; $name = $friendlyname . "[" . $friendlyurl . "]" . $friendlyext; SQL_Query_exec("UPDATE torrents SET hits = hits + 1 WHERE id = {$id}"); require_once "backend/BEncode.php"; require_once "backend/BDecode.php"; //if user dont have a passkey generate one, only if tracker is set to members only if ($site_config["MEMBERSONLY"]) { if (strlen($CURUSER['passkey']) != 32) { $rand = array_sum(explode(" ", microtime())); $CURUSER['passkey'] = md5($CURUSER['username'] . $rand . $CURUSER['secret'] . $rand * mt_rand()); SQL_Query_exec("UPDATE users SET passkey='{$CURUSER['passkey']}' WHERE id={$CURUSER['id']}");
// TorrentTrader v2.x // $LastChangedDate: 2011-10-20 11:45:04 +0100 (Thu, 20 Oct 2011) $ // $LastChangedBy: x-cooly-btit $ // // http://www.torrenttrader.org // require_once "backend/functions.php"; dbconn(); $id = (int) $_GET["id"]; $md5 = $_GET["secret"]; if (!$id || !$md5) { show_error_msg(T_("ERROR"), T_("INVALID_ID"), 1); } $res = SQL_Query_exec("SELECT `password`, `secret`, `status` FROM `users` WHERE `id` = '{$id}'"); $row = mysql_fetch_assoc($res); if (!$row) { show_error_msg(T_("ERROR"), sprintf(T_("CONFIRM_EXPIRE"), $site_config['signup_timeout'] / 86400), 1); } if ($row["status"] != "pending") { header("Refresh: 0; url=account-confirm-ok.php?type=confirmed"); die; } if ($md5 != md5($row["secret"])) { show_error_msg(T_("ERROR"), T_("SIGNUP_ACTIVATE_LINK"), 1); } $secret = mksecret(); SQL_Query_exec("UPDATE `users` SET `secret` = " . sqlesc($secret) . ", `status` = 'confirmed' WHERE `id` = '{$id}' AND `secret` = " . sqlesc($row["secret"]) . " AND `status` = 'pending'"); if (!mysql_affected_rows()) { show_error_msg(T_("ERROR"), T_("SIGNUP_UNABLE"), 1); } header("Refresh: 0; url=account-confirm-ok.php?type=confirm");
$where_is .= isset($where_is) ? " AND " : ""; $where_is .= "u.username NOT LIKE '%invite_%'"; $queryc = "SELECT COUNT(" . $distinct . "u.id) FROM " . $from_is . ($where_is == "" ? "" : " WHERE {$where_is} "); $querypm = "FROM " . $from_is . ($where_is == "" ? " " : " WHERE {$where_is} "); $select_is = "u.id, u.username, u.email, u.status, u.added, u.last_access, u.ip,\n\t\tu.class, u.uploaded, u.downloaded, u.donated, u.modcomment, u.enabled, u.warned, u.invited_by"; $query = "SELECT " . $distinct . " " . $select_is . " " . $querypm; $res = SQL_Query_exec($queryc); $arr = mysql_fetch_row($res); $count = $arr[0]; $q = isset($q) ? $q . "&" : ""; $perpage = 25; list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "admincp.php?action=usersearch&{$q}"); $query .= $limit; $res = SQL_Query_exec($query); if (mysql_num_rows($res) == 0) { show_error_msg("Warning", "No user was found.", 0); } else { if ($count > $perpage) { echo $pagertop; } echo "<form action='admincp.php?action=usersearch&do=warndisable' method='post'>"; echo "<table border='0' class='table_table' cellspacing='0' cellpadding='0' width='100%'>\n"; echo "<tr><th class='table_head'>" . T_("NAME") . "</th>\n\t\t\t<th class='table_head'>IP</th>\n\t\t\t<th class='table_head'>" . T_("EMAIL") . "</th>" . "<th class='table_head'>Joined:</th>" . "<th class='table_head'>Last Seen:</th>" . "<th class='table_head'>Status</th>" . "<th class='table_head'>Enabled</th>" . "<th class='table_head'>Ratio</th>" . "<th class='table_head'>Uploaded</th>" . "<th class='table_head'>Downloaded</th>" . "<th class='table_head'>History</th>" . "<th class='table_head' colspan='2'>Status</th></tr>\n"; while ($user = mysql_fetch_array($res)) { if ($user['added'] == '0000-00-00 00:00:00') { $user['added'] = '---'; } if ($user['last_access'] == '0000-00-00 00:00:00') { $user['last_access'] = '---'; } if ($user['ip']) {
// // TorrentTrader v2.x // $LastChangedDate: 2012-01-08 13:16:21 +0000 (Sun, 08 Jan 2012) $ // $LastChangedBy: dj-howarth1 $ // // http://www.torrenttrader.org // // require_once "backend/functions.php"; dbconn(); //check permissions if ($site_config["MEMBERSONLY"]) { loggedinonly(); if ($CURUSER["view_torrents"] == "no") { show_error_msg(T_("ERROR"), T_("NO_TORRENT_VIEW"), 1); } } function sqlwildcardesc($x) { return str_replace(array("%", "_"), array("\\%", "\\_"), mysql_real_escape_string($x)); } //GET SEARCH STRING $searchstr = trim($_GET["search"]); $cleansearchstr = searchfield($searchstr); if (empty($cleansearchstr)) { unset($cleansearchstr); } $thisurl = "../search/?"; $addparam = ""; $wherea = array();
function ParseTorrent($filename) { require_once "BDecode.php"; require_once "BEncode.php"; $TorrentInfo = array(); global $array; //check file type is a torrent $torrent = explode(".", $filename); $fileend = end($torrent); $fileend = strtolower($fileend); if ($fileend == "torrent") { $parseme = @file_get_contents("{$filename}"); if ($parseme == FALSE) { show_error_msg(T_("ERROR"), T_("PARSE_CONTENTS"), 1); } if (!isset($parseme)) { show_error_msg(T_("ERROR"), T_("PARSE_OPEN"), 1); } else { $array = BDecode($parseme); if ($array === FALSE) { show_error_msg(T_("ERROR"), T_("PARSE_DECODE"), 1); } else { if (!@count($array['info'])) { show_error_msg(T_("ERROR"), T_("PARSE_OPEN"), 1); } else { //Get Announce URL $TorrentInfo[0] = $array["announce"]; //Get Announce List Array if (isset($array["announce-list"])) { $TorrentInfo[6] = $array["announce-list"]; } //Read info, store as (infovariable) $infovariable = $array["info"]; // Calculates SHA1 Hash $infohash = sha1(BEncode($infovariable)); $TorrentInfo[1] = $infohash; // Calculates date from UNIX Epoch $makedate = date('r', $array["creation date"]); $TorrentInfo[2] = $makedate; // The name of the torrent is different to the file name $TorrentInfo[3] = $infovariable['name']; //Get File List if (isset($infovariable["files"])) { // Multi File Torrent $filecount = ""; //Get filenames here $TorrentInfo[8] = $infovariable["files"]; foreach ($infovariable["files"] as $file) { $filecount += "1"; $multiname = $file['path']; //Not needed here really $multitorrentsize = $file['length']; $torrentsize += $file['length']; } $TorrentInfo[4] = $torrentsize; //Add all parts sizes to get total $TorrentInfo[5] = $filecount; //Get file count } else { // Single File Torrent $torrentsize = $infovariable['length']; $TorrentInfo[4] = $torrentsize; //Get file count $TorrentInfo[5] = "1"; } // Get Torrent Comment if (isset($array['comment'])) { $TorrentInfo[7] = $array['comment']; } } } } } return $TorrentInfo; }
$mod_name = $adb->query_result($result, $x, "name"); $module_name[$y] = $mod_name; $y++; } } } if (isset($_REQUEST['selected_module']) && $_REQUEST['selected_module'] != '') { $select_module = vtlib_purify($_REQUEST['selected_module']); if (!in_array($select_module, $module_name)) { show_error_msg(); } } else { if (count($module_name) > 0) { $select_module = $module_name[0]; } else { show_error_msg('no_permitted_modules'); } } $focus = CRMEntity::getInstance($select_module); if (count($module_name) > 0) { $cur_mod_view = new CustomView($select_module); $viewid = $cur_mod_view->getViewIdByName('All', $select_module); global $current_user; $queryGenerator = new QueryGenerator($select_module, $current_user); $queryGenerator->initForCustomViewById($viewid); // Enabling Module Search $url_string = ''; if ($_REQUEST['query'] == 'true') { $queryGenerator->addUserSearchConditions($_REQUEST); $ustring = getSearchURL($_REQUEST); $url_string .= "&query=true{$ustring}";
if ($a[0] != 0) { $message = sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email); } } //check username isnt in use $a = @mysql_fetch_row(@SQL_Query_exec("select count(*) from users where username='******'")); if ($a[0] != 0) { $message = sprintf(T_("USERNAME_INUSE_S"), $wantusername); } $secret = mksecret(); //generate secret field $wantpassword = passhash($wantpassword); // hash the password } if ($message != "") { show_error_msg(T_("SIGNUP_FAILED"), $message, 1); } if ($message == "") { if ($invite_row) { SQL_Query_exec("UPDATE users SET username="******", password="******", secret=" . sqlesc($secret) . ", status='confirmed', added='" . get_date_time() . "' WHERE id={$invite_row['id']}"); //send pm to new user if ($site_config["WELCOMEPMON"]) { $dt = sqlesc(get_date_time()); $msg = sqlesc($site_config["WELCOMEPMMSG"]); SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, {$invite_row['id']}, {$dt}, {$msg}, 0)"); } header("Refresh: 0; url=account-confirm-ok.php?type=confirm"); die; } if ($site_config["CONFIRMEMAIL"]) { //req confirm email true/false
function show_login() { echo '<div id="login">'; echo '<h2>Login</h2>'; echo '<form action="index.php" method="post">'; show_error_msg(); echo '<table>'; echo '<tr>'; echo '<td>Username</td>'; echo '<td><input type="text" name="todo_username"></td>'; echo '</tr>'; echo '<tr>'; echo '<td>Password</td>'; echo '<td><input type="password" name="password"></td>'; echo '</tr>'; echo '<tr>'; echo '<td colspan="2">'; echo '<input type="submit" value="Login"> '; echo '</td>'; echo '</tr>'; echo '<tr>'; echo '<td colspan="2"></td>'; echo '</tr>'; echo '</table>'; echo '</form>'; echo '<a href="register.php">Register</a>'; echo '</div>'; }
end_frame(); stdfoot(); die; } //report comment form if ($comment != "") { $res = SQL_Query_exec("SELECT id, text FROM comments WHERE id={$comment}"); if (mysql_num_rows($res) == 0) { print "Invalid Comment"; end_frame(); stdfoot(); die; } $arr = mysql_fetch_assoc($res); print "<b>Are you sure you would like to report Comment:</b><br /><br /><b>" . format_comment($arr["text"]) . "</b>?<br />"; print "<p>Please note, this is <b>not</b> to be used to report leechers, we have scripts in place to deal with them</p>"; print "<b>Reason</b> (required): <form method='post' action='report.php'><input type='hidden' name='comment' value='{$comment}' /><input type='text' size='100' name='reason' /><input type='submit' value='Confirm' /></form>"; end_frame(); stdfoot(); die; } //error if ($user != "" && $torrent != "") { print "<h1>" . T_("MISSING_INFO") . "</h1>"; end_frame(); stdfoot(); die; } show_error_msg(T_("ERROR"), T_("MISSING_INFO") . ".", 0); end_frame(); stdfoot();
<?php // // TorrentTrader v2.x // $LastChangedDate: 2012-06-14 17:31:26 +0100 (Thu, 14 Jun 2012) $ // $LastChangedBy: torrenttrader $ // // http://www.torrenttrader.org // // require_once "backend/functions.php"; dbconn(); loggedinonly(); if (!$CURUSER || $CURUSER["control_panel"] != "yes") { show_error_msg(T_("ERROR"), T_("SORRY_NO_RIGHTS_TO_ACCESS"), 1); } // ACTION: reorder - reorder sections and items if ($_GET[action] == "reorder") { foreach ($_POST[order] as $id => $position) { SQL_Query_exec("UPDATE `faq` SET `order`='{$position}' WHERE id='{$id}'"); } header("Refresh: 0; url=faq-manage.php"); } elseif ($_GET[action] == "edit" && is_valid_id($_GET[id])) { stdhead(T_("FAQ_MANAGEMENT")); begin_frame(); print "<h1 align=\"center\">Edit Section or Item</h1>"; $res = SQL_Query_exec("SELECT * FROM `faq` WHERE `id`='{$_GET['id']}' LIMIT 1"); while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) { $arr[question] = stripslashes(htmlspecialchars($arr[question])); $arr[answer] = stripslashes(htmlspecialchars($arr[answer])); if ($arr[type] == "item") {
write_log("NFO ({$id}) was updated by {$CURUSER['username']}."); show_error_msg(T_("NFO_UPDATED"), T_("NFO_UPDATED"), 1); } } if ($do == "delete") { $reason = htmlspecialchars($_POST["reason"]); if (get_row_count("torrents", "WHERE `nfo` = 'yes' AND `id` = {$id}")) { unlink($nfo); write_log("NFO ({$id}) was deleted by {$CURUSER['username']} {$reason}"); SQL_Query_exec("UPDATE `torrents` SET `nfo` = 'no' WHERE `id` = {$id}"); show_error_msg(T_("NFO_DELETED"), T_("NFO_DELETED"), 1); } show_error_msg(T_("ERROR"), sprintf(T_("NFO_NOT_EXIST"), $id), 1); } if (!is_valid_id($id) || !($contents = file_get_contents($nfo))) { show_error_msg(T_("ERROR"), T_("NFO_NOT_FOUND"), 1); } stdhead(T_("NFO_EDITOR")); begin_frame(T_("NFO_EDIT")); ?> <center> <form method="post" action="nfo-edit.php"> <input type="hidden" name="id" value="<?php echo $id; ?> " /> <input type="hidden" name="do" value="update" /> <textarea class="nfo" name="content" cols="100%" rows="80"><?php echo htmlspecialchars(stripslashes($contents)); ?>
$res = SQL_Query_exec("SELECT * FROM news WHERE id = {$id}"); $row = mysql_fetch_array($res); if (!$row) { show_error_msg(T_("ERROR"), "News id invalid", 0); stdfoot(); } begin_frame(T_("NEWS")); echo htmlspecialchars($row['title']) . "<br /><br />" . format_comment($row['body']) . "<br />"; end_frame(); } //TORRENT if ($type == "torrent") { $res = SQL_Query_exec("SELECT id, name FROM torrents WHERE id = {$id}"); $row = mysql_fetch_array($res); if (!$row) { show_error_msg(T_("ERROR"), "News id invalid", 0); stdfoot(); } echo "<center><b>" . T_("COMMENTSFOR") . "</b> <a href='torrents-details.php?id=" . $row['id'] . "'>" . htmlspecialchars($row['name']) . "</a></center><br />"; } begin_frame(T_("COMMENTS")); $subres = SQL_Query_exec("SELECT COUNT(*) FROM comments WHERE {$type} = {$id}"); $subrow = mysql_fetch_array($subres); $commcount = $subrow[0]; if ($commcount) { list($pagertop, $pagerbottom, $limit) = pager(10, $commcount, "comments.php?id={$id}&type={$type}&"); $commquery = "SELECT comments.id, text, user, comments.added, avatar, signature, username, title, class, uploaded, downloaded, privacy, donated FROM comments LEFT JOIN users ON comments.user = users.id WHERE {$type} = {$id} ORDER BY comments.id {$limit}"; $commres = SQL_Query_exec($commquery); } else { unset($commres); }
$tracker = str_replace("/announce", "/scrape", $announce); $stats = torrent_scrape_url($tracker, $infohash); $seeders = (int) strip_tags($stats['seeds']); $leechers = (int) strip_tags($stats['peers']); $downloaded = (int) strip_tags($stats['downloaded']); SQL_Query_exec("UPDATE torrents SET leechers='" . $leechers . "', seeders='" . $seeders . "',times_completed='" . $downloaded . "',last_action= '" . get_date_time() . "',visible='yes' WHERE id='" . $id . "'"); } //END SCRAPE write_log(sprintf(T_("TORRENT_UPLOADED"), htmlspecialchars($name), $CURUSER["username"])); //Uploaded ok message (update later) if ($external == 'no') { $message = sprintf(T_("TORRENT_UPLOAD_LOCAL"), $name, $id, $id); } else { $message = sprintf(T_("TORRENT_UPLOAD_EXTERNAL"), $name, $id); } show_error_msg(T_("UPLOAD_COMPLETE"), $message, 1); die; } //takeupload ///////////////////// FORMAT PAGE //////////////////////// stdhead(T_("UPLOAD")); begin_frame(T_("UPLOAD_RULES")); echo "<b>" . stripslashes($site_config["UPLOADRULES"]) . "</b>"; echo "<br />"; end_frame(); begin_frame(T_("UPLOAD")); ?> <form name="upload" enctype="multipart/form-data" action="torrents-upload.php" method="post"> <input type="hidden" name="takeupload" value="yes" /> <table border="0" cellspacing="0" cellpadding="6" align="center">