function uploadimage($x, $imgname, $tid)
{
global $site_config;
$imagesdir = $site_config["torrent_dir"] . "/images";
$allowed_types =& $site_config["allowed_image_types"];
if (!($_FILES["image{$x}"]["name"] == "")) {
if ($imgname != "") {
$img = "{$imagesdir}/{$imgname}";
$del = unlink($img);
}
$y = $x + 1;
$im = getimagesize($_FILES["image{$x}"]["tmp_name"]);
if (!$im[2]) {
show_error_msg(T_("ERROR"), "Invalid Image {$y}.", 1);
}
if (!array_key_exists($im['mime'], $allowed_types)) {
show_error_msg(T_("ERROR"), T_("INVALID_FILETYPE_IMAGE"), 1);
}
if ($_FILES["image{$x}"]["size"] > $site_config['image_max_filesize']) {
show_error_msg(T_("ERROR"), sprintf(T_("INVAILD_FILE_SIZE_IMAGE"), $y), 1);
}
$uploaddir = "{$imagesdir}/";
$ifilename = $tid . $x . $allowed_types[$im['mime']];
$copy = copy($_FILES["image{$x}"]["tmp_name"], $uploaddir . $ifilename);
if (!$copy) {
show_error_msg(T_("ERROR"), sprintf(T_("ERROR_UPLOADING_IMAGE"), $y), 1);
}
return $ifilename;
}
}
private function __construct()
{
if (function_exists('bbcode_create')) {
$this->bbcode = bbcode_create($this->getTags());
$this->initSmilies();
return;
}
show_error_msg('Error', 'BBCode not available, you need to run `pecl install bbcode-1.0.3b1`', 1);
}
function error_msg_exit($msg)
{
echo <<<EOT
<html>
<head>
<title>Developer Tools</title>
<meta http-equiv="Content-Type" content="text/html; charset=euc-jp">
</head>
<body>
EOT;
show_error_msg($msg);
echo <<<EOT
</body>
</html>
EOT;
exit;
}
function main()
{
if (isset($_GET['day'])) {
$day = $_GET['day'];
} else {
$day = date('Y-m-d');
}
check_post_values();
create_html_start();
show_error_msg();
create_edit_form($day);
create_html_end();
}
dbconn(true);
loggedinonly(true);
?>
<?php
if (!$CURUSER) {
?>
<meta http-equiv='refresh' content='0;url=account-login.php' />
<?php
}
stdhead(T_("HOME"));
//check
if (file_exists("check.php") && $CURUSER["class"] == 7) {
show_error_msg("WARNING", "Check.php still exists, please delete or rename the file as it could pose a security risk<br /><br /><a href='check.php'>View Check.php</a> - Use to check your config!<br /><br />", 0);
}
//Site Notice
if ($site_config['SITENOTICEON']) {
begin_frame(T_("NOTICE"));
echo $site_config['SITENOTICE'];
end_frame();
}
//Site News
if ($site_config['NEWSON'] && $CURUSER['view_news'] == "yes") {
begin_frame(T_("NEWS"));
$res = SQL_Query_exec("SELECT news.id, news.title, news.added, news.body, users.username FROM news LEFT JOIN users ON news.userid = users.id ORDER BY added DESC LIMIT 10");
if (mysql_num_rows($res) > 0) {
print "<table width='100%' border='0' cellspacing='0' cellpadding='0'><tr><td>\n<ul>";
$news_flag = 0;
while ($array = mysql_fetch_assoc($res)) {
} else {
$subject = @$_POST['subject'];
$msg = sqlesc(@$_POST['msg']);
}
if ($msg) {
$subject = sqlesc($subject);
if ((isset($_POST['draft']) || isset($_POST['template'])) && isset($_POST['msgid'])) {
SQL_Query_exec("UPDATE messages SET `subject` = {$subject}, `msg` = {$msg} WHERE `id` = {$_POST['msgid']} AND `sender` = {$CURUSER['id']}") or die("arghh");
} else {
$to = @$_POST['draft'] ? 'draft' : (@$_POST['template'] ? 'template' : (@$_POST['save'] ? 'both' : 'in'));
$status = @$_POST['send'] ? 'yes' : 'no';
//===| Start Blocked Users
$blocked = SQL_Query_exec("SELECT id FROM blocked WHERE userid={$sendto} AND blockid={$CURUSER['id']}");
$show = mysql_num_rows($blocked);
if ($show != 0 && $CURUSER["control_panel"] != "yes") {
show_error_msg("Error", "[B]You're blocked by this member and you can not send messages to him![/B]\n", 1);
}
//===| End Blocked Users
SQL_Query_exec("INSERT INTO `messages` (`sender`, `receiver`, `added`, `subject`, `msg`, `unread`, `location`) VALUES ('{$CURUSER['id']}', '{$sendto}', '" . get_date_time() . "', {$subject}, {$msg}, '{$status}', '{$to}')") or die("Aargh!");
// email notif
$res = SQL_Query_exec("SELECT id, acceptpms, notifs, email FROM users WHERE id='{$sendto}'");
$user = mysql_fetch_assoc($res);
if (strpos($user['notifs'], '[pm]') !== false) {
$cusername = $CURUSER["username"];
$body = "You have received a PM from " . $cusername . "\n\nYou can use the URL below to view the message (you may have to login).\n\n " . $site_config['SITEURL'] . "/mailbox.php\n\n" . $site_config['SITENAME'] . "";
sendmail($user["email"], "You have received a PM from {$cusername}", $body, "From: {$site_config['SITEEMAIL']}", "-f{$site_config['SITEEMAIL']}");
}
//end email notif
if (isset($_POST['msgid'])) {
SQL_Query_exec("DELETE FROM messages WHERE `location` = 'draft' AND `sender` = {$CURUSER['id']} AND `id` = {$_POST['msgid']}") or die("arghh");
}
<html lang="ja">
<head>
<title>開発用サービス</title>
<meta http-equiv="content-type" content="text/html; charset=euc-jp">
<meta http-equiv="CONTENT-STYLE-TYPE" content="text/css">
<link rel="stylesheet" type="text/css" href="inc/style.css">
<script language="JavaScript" type="text/javascript"><!--
function init() {
document.LoginForm.pwd.focus();
}
//--> </script>
</head>
<body onLoad="init()">
<div id="contents">
<?php
echo show_error_msg($errors);
?>
<center>
<span class="Font2">開発用サービス</span><br /><br />
<form method="post" action="login.php" name="LoginForm" autocomplete="off">
<table border="0">
<tr>
<td nowrap><b>名前</b></td>
<td>
<?php
if ($users != false) {
?>
<select name='aid'>
<option value="">(あなたのお名前)</option>
<?php
foreach ($users as $user) {
<?php
//
// TorrentTrader v2.x
// $LastChangedDate: 2012-09-28 20:35:06 +0100 (Fri, 28 Sep 2012) $
// $LastChangedBy: torrenttrader $
//
// http://www.torrenttrader.org
//
require_once "backend/functions.php";
dbconn();
$id = (int) $_GET["id"];
$md5 = $_GET["secret"];
$email = $_GET["email"];
if (!$id || !$md5 || !$email) {
show_error_msg(T_("ERROR"), T_("MISSING_FORM_DATA"), 1);
}
$res = SQL_Query_exec("SELECT `editsecret` FROM `users` WHERE `enabled` = 'yes' AND `status` = 'confirmed' AND `editsecret` != '' AND `id` = '{$id}'");
$row = mysql_fetch_assoc($res);
if (!$row) {
show_error_msg(T_("ERROR"), T_("NOTHING_FOUND"), 1);
}
$sec = $row["editsecret"];
if ($md5 != md5($sec . $email . $sec)) {
show_error_msg(T_("ERROR"), T_("NOTHING_FOUND"), 1);
}
SQL_Query_exec("UPDATE `users` SET `editsecret` = '', `email` = " . sqlesc($email) . " WHERE `id` = '{$id}' AND `editsecret` = " . sqlesc($row["editsecret"]));
header("Refresh: 0; url=account.php");
header("Location: account.php");
function &execute()
{
$query = $this->read();
$res = mysql_query($query);
if ($res || mysql_errno() == 1062) {
return $res;
}
$mysql_error = mysql_error();
$mysql_errno = mysql_errno();
// If debug_backtrace() is available, we can find exactly where the query was called from
if (function_exists("debug_backtrace")) {
$bt = debug_backtrace();
$i = 1;
if ($bt[$i]["function"] == "SQL_Query_exec_cached" || $bt[$i]["function"] == "get_row_count_cached" || $bt[$i]["function"] == "get_row_count") {
$i++;
}
$line = $bt[$i]["line"];
$file = str_replace(getcwd() . DIRECTORY_SEPARATOR, "", $bt[$i]["file"]);
$msg = "Database Error in {$file} on line {$line}: {$mysql_error}. Query was: {$query}.";
} else {
$file = str_replace(getcwd() . DIRECTORY_SEPARATOR, "", $_SERVER["SCRIPT_FILENAME"]);
$msg = "Database Error in {$file}: {$mysql_error}. Query was: {$query}";
}
mysql_query("INSERT INTO `sqlerr` (`txt`, `time`) \n VALUES (" . sqlesc($msg) . ", '" . get_date_time() . "')");
if (function_exists('show_error_msg')) {
show_error_msg("Database Error", "Database Error. Please report this to an administrator.", 1);
}
}
if ($upd["enabled"] == 0 && $upd["position"] == "left" && $_POST["enable_" . $upd["id"]] == 1) {
$update[] = "sort = " . $nextleft;
} elseif ($upd["enabled"] == 0 && $upd["position"] == "middle" && $_POST["enable_" . $upd["id"]] == 1) {
$update[] = "sort = " . $nextmiddle;
} elseif ($upd["enabled"] == 0 && $upd["position"] == "right" && $_POST["enable_" . $upd["id"]] == 1) {
$update[] = "sort = " . $nextright;
} elseif ($upd["enabled"] == 1 && $upd["position"] == "left" && $_POST["enable_" . $upd["id"]] == 0) {
$update[] = "sort = 0";
} elseif ($upd["enabled"] == 1 && $upd["position"] == "middle" && $_POST["enable_" . $upd["id"]] == 0) {
$update[] = "sort = 0";
} elseif ($upd["enabled"] == 1 && $upd["position"] == "right" && $_POST["enable_" . $upd["id"]] == 0) {
$update[] = "sort = 0";
} else {
$update[] = "sort = " . $upd["sort"];
}
SQL_Query_exec("UPDATE blocks SET " . implode(", ", $update) . " WHERE id={$id}") or show_error_msg(T_("ERROR"), "" . T_("_FAIL_DB_QUERY_") . ": " . mysql_error());
}
}
resortleft();
resortmiddle();
resortright();
}
// == end edit
echo "<center><a href=\"index.php\">" . T_("HOME") . "</a> • <a href=\"admincp.php\">" . T_("ADMIN_CP") . "</a> • <a href=\"admincp.php?action=blocks&do=view\">" . T_("_BLC_MAN_") . "</a></center>";
// ---- <table> for blocks in database -----------------------------------------
print "<hr />";
$res = SQL_Query_exec("SELECT * FROM blocks ORDER BY enabled DESC, position, sort");
print "<table align=\"center\"><tr><td>" . "<form name=\"blocks\" method=\"post\" action=\"blocks-edit.php\">" . "<input type=\"hidden\" name=\"edit\" value=\"true\" />" . "<table align=\"center\" class=\"table_table\" cellspacing=\"0\" width=\"650\">" . "<tr>" . "<td class=\"table_head\" align=\"center\"><font size=\"2\"><b>" . T_("_BLC_MAN_") . "</b></font></td>" . "</tr>" . "</table><br />" . "<table cellspacing=\"0\" class=\"table_table\" align=\"center\" width=\"650\">" . "<tr>" . "<th rowspan=\"2\" class=\"table_head\">" . T_("_NAMED_") . "<br />(" . T_("_FL_NM_IF_NO_SET_") . ")</th>" . "<th rowspan=\"2\" class=\"table_head\">" . T_("_FILE_NAME_") . "</th>" . "<th rowspan=\"2\" class=\"table_head\">" . T_("DESCRIPTION") . "<br />(" . T_("_MAX_") . " 255 " . T_("_CHARS_") . ")</th>" . "<th rowspan=\"2\" colspan=\"3\" class=\"table_head\">" . T_("_POSITION_") . "</th>" . "<th rowspan=\"2\" colspan=\"2\" class=\"table_head\">" . T_("_SORT_ORDER_") . "</th>" . "<th colspan=\"2\" class=\"table_head\">" . T_("ENABLED") . "</th>" . "<th rowspan=\"2\" class=\"table_head\">" . T_("_DEL_") . "</th>" . "</tr>" . "<tr>" . "<th class=\"table_head\">" . T_("YES") . "</th>" . "<th class=\"table_head\">" . T_("NO") . "</th>" . "</tr>";
while ($blocks2 = mysql_fetch_assoc($res)) {
$down = $blocks["id"];
if (!$setclass) {
$sure = htmlentities($_GET['sure']);
$type = htmlentities($_GET['type']);
if (!is_valid_id($targetid)) {
show_error_msg("Error", "Invalid ID {$userid}.", 1);
}
if (!$sure) {
show_error_msg("Delete {$type}", "<div style='margin-top:10px; margin-bottom:10px' align='center'>Do you really want to delete this {$typ}? \n" . "<a href=?id={$userid}&action=delete&type={$type}&targetid={$targetid}&sure=1>Yes</a> | <a href=/watch/>No</a></div>", 1);
}
if ($type == 'bookmarkuser') {
SQL_Query_exec("DELETE FROM bookmarkuser WHERE userid={$userid} AND bkid={$targetid}");
if (mysql_affected_rows() == 0) {
show_error_msg("Error", "No bookmarkuser found with ID {$targetid}", 1);
}
$frag = "bookmarkuser";
} else {
show_error_msg("Error", "Unknown type {$type}", 1);
}
header("Location: " . $site_config['SITEURL'] . "/watch/?id={$userid}#{$frag}");
die;
}
//===| Main Body |================================================================//
stdhead("Personal lists for " . $user['username']);
begin_frame("Personal lists for " . class_user($user[username]) . "");
print "<div style='margin-top:10px; margin-bottom:20px' align='center'><font size=2><font color=#0080FF><b>List of Personal watched users</b></font></div>";
?>
<table class="table_table" border="0" width="100%">
<tr>
<th class="table_head"><b>User Name</b></td></th>
<th class="table_head"><b>Account enabled?</b></td></th>
<th class="table_head"><b>Contact user</td></th>
<th class="table_head"><b>Last Seen</b></td></th>
$leechers = strip_tags($stats['peers']);
$downloaded = strip_tags($stats['downloaded']);
SQL_Query_exec("UPDATE torrents SET leechers='" . $leechers . "', seeders='" . $seeders . "',times_completed='" . $downloaded . "',last_action= '" . get_date_time() . "',visible='yes' WHERE id='" . $id . "'");
}
//END SCRAPE
write_log("Torrent {$id} ({$name}) was Uploaded by {$CURUSER['username']}");
$message .= "<br /><b>" . T_("UPLOAD_OK") . "</b><br /><a href='torrents-details.php?id=" . $id . "'>" . T_("UPLOAD_VIEW_DL") . "</a><br /><br />";
echo $message;
@unlink("{$dir}/{$fname}");
}
echo "</center>";
end_frame();
stdfoot();
die;
} else {
show_error_msg(T_("UPLOAD_FAILED"), $message, 1);
}
}
//takeupload
///////////////////// FORMAT PAGE ////////////////////////
stdhead(T_("UPLOAD"));
begin_frame(T_("UPLOAD"));
?>
<form name="upload" enctype="multipart/form-data" action="torrents-import.php" method="post">
<input type="hidden" name="takeupload" value="yes" />
<table border="0" cellspacing="0" cellpadding="6" align="center">
<tr><td align="right" valign="top"><b>File List:</b></td><td align="left"><?php
if (!count($files)) {
echo T_("NOTHING_TO_SHOW_FILES") . " {$dir}/.";
} else {
foreach ($files as $f) {
if ($arr) {
$sec = mksecret();
$secmd5 = md5($sec);
$id = $arr['id'];
$body = T_("SOMEONE_FROM") . " " . $_SERVER["REMOTE_ADDR"] . " " . T_("MAILED_BACK") . " ({$email}) " . T_("BE_MAILED_BACK") . " \r\n\r\n " . T_("ACCOUNT_INFO") . " \r\n\r\n " . T_("USERNAME") . ": " . $arr["username"] . " \r\n " . T_("CHANGE_PSW") . "\n\n{$site_config['SITEURL']}/account-recover.php?id={$id}&secret={$secmd5}\n\n\n" . $site_config["SITENAME"] . "\r\n";
@sendmail($arr["email"], T_("ACCOUNT_DETAILS"), $body, "", "-f" . $site_config['SITEEMAIL']);
$res2 = SQL_Query_exec("UPDATE `users` SET `secret` = " . sqlesc($sec) . " WHERE `email`= " . sqlesc($email) . " LIMIT 1");
$msg = sprintf(T_('MAIL_RECOVER'), htmlspecialchars($email));
$kind = T_("SUCCESS");
}
}
}
stdhead();
begin_frame(T_("RECOVER_ACCOUNT"));
if ($kind != "0") {
show_error_msg("Notice", "{$kind}: {$msg}", 0);
}
if (is_valid_id($_GET["id"]) && strlen($_GET["secret"]) == 32) {
?>
<form method="post" action="account-recover.php">
<table border="0" cellspacing="0" cellpadding="5">
<tr>
<td>
<b><?php
echo T_("NEW_PASSWORD");
?>
</b>:
</td>
<td>
<input type="hidden" name="secret" value="<?php
echo $_GET['secret'];
if (!is_valid_id($topicid)) {
showerror(T_("FORUM_ERROR"), "Topic Not Valid");
}
$userid = $CURUSER["id"];
//------ Get topic info
$res = SQL_Query_exec("SELECT * FROM forum_topics WHERE id={$topicid}");
$arr = mysql_fetch_assoc($res) or showerror(T_("FORUM_ERROR"), "Topic not found");
$locked = $arr["locked"] == 'yes';
$subject = stripslashes($arr["subject"]);
$sticky = $arr["sticky"] == "yes";
$forumid = $arr["forumid"];
// Check if user has access to this forum
$res2 = SQL_Query_exec("SELECT minclassread, guest_read FROM forum_forums WHERE id={$forumid}");
$arr2 = mysql_fetch_assoc($res2);
if (!$arr2 || get_user_class() < $arr2["minclassread"] && $arr2["guest_read"] == "no") {
show_error_msg("Error: Access Denied", "You do not have access to the forum this topic is in.");
}
// Update Topic Views
$viewsq = SQL_Query_exec("SELECT views FROM forum_topics WHERE id={$topicid}");
$viewsa = mysql_fetch_array($viewsq);
$views = $viewsa[0];
$new_views = $views + 1;
$uviews = SQL_Query_exec("UPDATE forum_topics SET views = {$new_views} WHERE id={$topicid}");
// End
//------ Get forum
$res = SQL_Query_exec("SELECT * FROM forum_forums WHERE id={$forumid}");
$arr = mysql_fetch_assoc($res) or showerror(T_("FORUM_ERROR"), "Forum is empty");
$forum = stripslashes($arr["name"]);
//------ Get post count
$res = SQL_Query_exec("SELECT COUNT(*) FROM forum_posts WHERE topicid={$topicid}");
$arr = mysql_fetch_row($res);
<?php
#================================#
# TorrentTrader 2.08 #
# http://www.torrenttrader.org #
#--------------------------------#
# Modified by BigMax #
#================================#
require_once "backend/functions.php";
dbconn();
loggedinonly();
$gottorrent = (int) $_GET["torrent"];
if (!isset($gottorrent)) {
show_error_msg("Error", " ... No torrent selected", 1);
}
if (get_row_count("bookmarks", "WHERE userid={$CURUSER['id']} AND torrentid = {$gottorrent}") > 0) {
show_error_msg("Error", "Already bookmarked torrent", 1);
}
if (get_row_count("torrents", "WHERE id = {$gottorrent}") > 0) {
SQL_Query_exec("INSERT INTO bookmarks (userid, torrentid) VALUES ({$CURUSER['id']}, {$gottorrent})");
stdhead("Bookmarks");
begin_frame("Successfully");
echo "<div style='margin-top:10px; margin-bottom:10px' align='center'>\n\t\t\tTorrent was successfully bookmarked. \n\t\t\t[<a href=torrents-details.php?id={$gottorrent}><b>Go to Torrent</b></a>] or\n\t\t\t[<a href=bookmark.php><b>See Your Bookmarks</b></a>]\n\t\t</div>";
end_frame();
stdfoot();
} else {
show_error_msg("Error", "ID not found", 1);
}
function main()
{
create_html_start();
// If check_post_values returns true, then new
// user is succesfully created (or at least it should be...)
// Note that show_error_msg shows message where is
// message that user is registered succesfully!
if (check_post_values()) {
show_error_msg();
echo '<br />';
echo '<a href="index.php">Back to main page</a>';
} else {
show_error_msg();
create_register_form();
}
create_html_end();
}
if ($CURUSER["view_torrents"] == "no") {
show_error_msg(T_("ERROR"), T_("NO_TORRENT_VIEW"), 1);
}
}
$id = (int) $_GET["id"];
$res = SQL_Query_exec("SELECT name, external, banned FROM torrents WHERE id = {$id}");
$row = mysql_fetch_assoc($res);
if (!$row || $row["banned"] == "yes" && $CURUSER["edit_torrents"] == "no") {
show_error_msg(T_("ERROR"), T_("TORRENT_NOT_FOUND"), 1);
}
if ($row["external"] == "yes") {
show_error_msg(T_("ERROR"), T_("THIS_TORRENT_IS_EXTERNALLY_TRACKED"), 1);
}
$res = SQL_Query_exec("SELECT users.id, users.username, users.uploaded, users.downloaded, users.privacy, completed.date FROM users LEFT JOIN completed ON users.id = completed.userid WHERE users.enabled = 'yes' AND completed.torrentid = '{$id}'");
if (mysql_num_rows($res) == 0) {
show_error_msg(T_("ERROR"), T_("NO_DOWNLOADS_YET"), 1);
}
$title = sprintf(T_("COMPLETED_DOWNLOADS"), CutName($row["name"], 40));
stdhead($title);
begin_frame($title);
?>
<table cellpadding="3" cellspacing="0" align="center" class="table_table">
<tr>
<th class="table_head"><?php
echo T_("USERNAME");
?>
</th>
<th class="table_head"><?php
echo T_("CURRENTLY_SEEDING");
?>
}
$res = SQL_Query_exec("SELECT filename, banned, external, announce FROM torrents WHERE id =" . intval($id));
$row = mysql_fetch_assoc($res);
$torrent_dir = $site_config["torrent_dir"];
$fn = "{$torrent_dir}/{$id}.torrent";
if (!$row) {
show_error_msg(T_("FILE_NOT_FOUND"), T_("ID_NOT_FOUND"), 1);
}
if ($row["banned"] == "yes") {
show_error_msg(T_("ERROR"), T_("BANNED_TORRENT"), 1);
}
if (!is_file($fn)) {
show_error_msg(T_("FILE_NOT_FOUND"), T_("FILE_NOT_FILE"), 1);
}
if (!is_readable($fn)) {
show_error_msg(T_("FILE_NOT_FOUND"), T_("FILE_UNREADABLE"), 1);
}
$name = $row['filename'];
$friendlyurl = str_replace("http://", "", $site_config["SITEURL"]);
$friendlyname = str_replace(".torrent", "", $name);
$friendlyext = ".torrent";
$name = $friendlyname . "[" . $friendlyurl . "]" . $friendlyext;
SQL_Query_exec("UPDATE torrents SET hits = hits + 1 WHERE id = {$id}");
require_once "backend/BEncode.php";
require_once "backend/BDecode.php";
//if user dont have a passkey generate one, only if tracker is set to members only
if ($site_config["MEMBERSONLY"]) {
if (strlen($CURUSER['passkey']) != 32) {
$rand = array_sum(explode(" ", microtime()));
$CURUSER['passkey'] = md5($CURUSER['username'] . $rand . $CURUSER['secret'] . $rand * mt_rand());
SQL_Query_exec("UPDATE users SET passkey='{$CURUSER['passkey']}' WHERE id={$CURUSER['id']}");
// TorrentTrader v2.x
// $LastChangedDate: 2011-10-20 11:45:04 +0100 (Thu, 20 Oct 2011) $
// $LastChangedBy: x-cooly-btit $
//
// http://www.torrenttrader.org
//
require_once "backend/functions.php";
dbconn();
$id = (int) $_GET["id"];
$md5 = $_GET["secret"];
if (!$id || !$md5) {
show_error_msg(T_("ERROR"), T_("INVALID_ID"), 1);
}
$res = SQL_Query_exec("SELECT `password`, `secret`, `status` FROM `users` WHERE `id` = '{$id}'");
$row = mysql_fetch_assoc($res);
if (!$row) {
show_error_msg(T_("ERROR"), sprintf(T_("CONFIRM_EXPIRE"), $site_config['signup_timeout'] / 86400), 1);
}
if ($row["status"] != "pending") {
header("Refresh: 0; url=account-confirm-ok.php?type=confirmed");
die;
}
if ($md5 != md5($row["secret"])) {
show_error_msg(T_("ERROR"), T_("SIGNUP_ACTIVATE_LINK"), 1);
}
$secret = mksecret();
SQL_Query_exec("UPDATE `users` SET `secret` = " . sqlesc($secret) . ", `status` = 'confirmed' WHERE `id` = '{$id}' AND `secret` = " . sqlesc($row["secret"]) . " AND `status` = 'pending'");
if (!mysql_affected_rows()) {
show_error_msg(T_("ERROR"), T_("SIGNUP_UNABLE"), 1);
}
header("Refresh: 0; url=account-confirm-ok.php?type=confirm");
$where_is .= isset($where_is) ? " AND " : "";
$where_is .= "u.username NOT LIKE '%invite_%'";
$queryc = "SELECT COUNT(" . $distinct . "u.id) FROM " . $from_is . ($where_is == "" ? "" : " WHERE {$where_is} ");
$querypm = "FROM " . $from_is . ($where_is == "" ? " " : " WHERE {$where_is} ");
$select_is = "u.id, u.username, u.email, u.status, u.added, u.last_access, u.ip,\n\t\tu.class, u.uploaded, u.downloaded, u.donated, u.modcomment, u.enabled, u.warned, u.invited_by";
$query = "SELECT " . $distinct . " " . $select_is . " " . $querypm;
$res = SQL_Query_exec($queryc);
$arr = mysql_fetch_row($res);
$count = $arr[0];
$q = isset($q) ? $q . "&" : "";
$perpage = 25;
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "admincp.php?action=usersearch&{$q}");
$query .= $limit;
$res = SQL_Query_exec($query);
if (mysql_num_rows($res) == 0) {
show_error_msg("Warning", "No user was found.", 0);
} else {
if ($count > $perpage) {
echo $pagertop;
}
echo "<form action='admincp.php?action=usersearch&do=warndisable' method='post'>";
echo "<table border='0' class='table_table' cellspacing='0' cellpadding='0' width='100%'>\n";
echo "<tr><th class='table_head'>" . T_("NAME") . "</th>\n\t\t\t<th class='table_head'>IP</th>\n\t\t\t<th class='table_head'>" . T_("EMAIL") . "</th>" . "<th class='table_head'>Joined:</th>" . "<th class='table_head'>Last Seen:</th>" . "<th class='table_head'>Status</th>" . "<th class='table_head'>Enabled</th>" . "<th class='table_head'>Ratio</th>" . "<th class='table_head'>Uploaded</th>" . "<th class='table_head'>Downloaded</th>" . "<th class='table_head'>History</th>" . "<th class='table_head' colspan='2'>Status</th></tr>\n";
while ($user = mysql_fetch_array($res)) {
if ($user['added'] == '0000-00-00 00:00:00') {
$user['added'] = '---';
}
if ($user['last_access'] == '0000-00-00 00:00:00') {
$user['last_access'] = '---';
}
if ($user['ip']) {
//
// TorrentTrader v2.x
// $LastChangedDate: 2012-01-08 13:16:21 +0000 (Sun, 08 Jan 2012) $
// $LastChangedBy: dj-howarth1 $
//
// http://www.torrenttrader.org
//
//
require_once "backend/functions.php";
dbconn();
//check permissions
if ($site_config["MEMBERSONLY"]) {
loggedinonly();
if ($CURUSER["view_torrents"] == "no") {
show_error_msg(T_("ERROR"), T_("NO_TORRENT_VIEW"), 1);
}
}
function sqlwildcardesc($x)
{
return str_replace(array("%", "_"), array("\\%", "\\_"), mysql_real_escape_string($x));
}
//GET SEARCH STRING
$searchstr = trim($_GET["search"]);
$cleansearchstr = searchfield($searchstr);
if (empty($cleansearchstr)) {
unset($cleansearchstr);
}
$thisurl = "../search/?";
$addparam = "";
$wherea = array();
function ParseTorrent($filename)
{
require_once "BDecode.php";
require_once "BEncode.php";
$TorrentInfo = array();
global $array;
//check file type is a torrent
$torrent = explode(".", $filename);
$fileend = end($torrent);
$fileend = strtolower($fileend);
if ($fileend == "torrent") {
$parseme = @file_get_contents("{$filename}");
if ($parseme == FALSE) {
show_error_msg(T_("ERROR"), T_("PARSE_CONTENTS"), 1);
}
if (!isset($parseme)) {
show_error_msg(T_("ERROR"), T_("PARSE_OPEN"), 1);
} else {
$array = BDecode($parseme);
if ($array === FALSE) {
show_error_msg(T_("ERROR"), T_("PARSE_DECODE"), 1);
} else {
if (!@count($array['info'])) {
show_error_msg(T_("ERROR"), T_("PARSE_OPEN"), 1);
} else {
//Get Announce URL
$TorrentInfo[0] = $array["announce"];
//Get Announce List Array
if (isset($array["announce-list"])) {
$TorrentInfo[6] = $array["announce-list"];
}
//Read info, store as (infovariable)
$infovariable = $array["info"];
// Calculates SHA1 Hash
$infohash = sha1(BEncode($infovariable));
$TorrentInfo[1] = $infohash;
// Calculates date from UNIX Epoch
$makedate = date('r', $array["creation date"]);
$TorrentInfo[2] = $makedate;
// The name of the torrent is different to the file name
$TorrentInfo[3] = $infovariable['name'];
//Get File List
if (isset($infovariable["files"])) {
// Multi File Torrent
$filecount = "";
//Get filenames here
$TorrentInfo[8] = $infovariable["files"];
foreach ($infovariable["files"] as $file) {
$filecount += "1";
$multiname = $file['path'];
//Not needed here really
$multitorrentsize = $file['length'];
$torrentsize += $file['length'];
}
$TorrentInfo[4] = $torrentsize;
//Add all parts sizes to get total
$TorrentInfo[5] = $filecount;
//Get file count
} else {
// Single File Torrent
$torrentsize = $infovariable['length'];
$TorrentInfo[4] = $torrentsize;
//Get file count
$TorrentInfo[5] = "1";
}
// Get Torrent Comment
if (isset($array['comment'])) {
$TorrentInfo[7] = $array['comment'];
}
}
}
}
}
return $TorrentInfo;
}
$mod_name = $adb->query_result($result, $x, "name");
$module_name[$y] = $mod_name;
$y++;
}
}
}
if (isset($_REQUEST['selected_module']) && $_REQUEST['selected_module'] != '') {
$select_module = vtlib_purify($_REQUEST['selected_module']);
if (!in_array($select_module, $module_name)) {
show_error_msg();
}
} else {
if (count($module_name) > 0) {
$select_module = $module_name[0];
} else {
show_error_msg('no_permitted_modules');
}
}
$focus = CRMEntity::getInstance($select_module);
if (count($module_name) > 0) {
$cur_mod_view = new CustomView($select_module);
$viewid = $cur_mod_view->getViewIdByName('All', $select_module);
global $current_user;
$queryGenerator = new QueryGenerator($select_module, $current_user);
$queryGenerator->initForCustomViewById($viewid);
// Enabling Module Search
$url_string = '';
if ($_REQUEST['query'] == 'true') {
$queryGenerator->addUserSearchConditions($_REQUEST);
$ustring = getSearchURL($_REQUEST);
$url_string .= "&query=true{$ustring}";
if ($a[0] != 0) {
$message = sprintf(T_("EMAIL_ADDRESS_INUSE_S"), $email);
}
}
//check username isnt in use
$a = @mysql_fetch_row(@SQL_Query_exec("select count(*) from users where username='******'"));
if ($a[0] != 0) {
$message = sprintf(T_("USERNAME_INUSE_S"), $wantusername);
}
$secret = mksecret();
//generate secret field
$wantpassword = passhash($wantpassword);
// hash the password
}
if ($message != "") {
show_error_msg(T_("SIGNUP_FAILED"), $message, 1);
}
if ($message == "") {
if ($invite_row) {
SQL_Query_exec("UPDATE users SET username="******", password="******", secret=" . sqlesc($secret) . ", status='confirmed', added='" . get_date_time() . "' WHERE id={$invite_row['id']}");
//send pm to new user
if ($site_config["WELCOMEPMON"]) {
$dt = sqlesc(get_date_time());
$msg = sqlesc($site_config["WELCOMEPMMSG"]);
SQL_Query_exec("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, {$invite_row['id']}, {$dt}, {$msg}, 0)");
}
header("Refresh: 0; url=account-confirm-ok.php?type=confirm");
die;
}
if ($site_config["CONFIRMEMAIL"]) {
//req confirm email true/false
function show_login()
{
echo '<div id="login">';
echo '<h2>Login</h2>';
echo '<form action="index.php" method="post">';
show_error_msg();
echo '<table>';
echo '<tr>';
echo '<td>Username</td>';
echo '<td><input type="text" name="todo_username"></td>';
echo '</tr>';
echo '<tr>';
echo '<td>Password</td>';
echo '<td><input type="password" name="password"></td>';
echo '</tr>';
echo '<tr>';
echo '<td colspan="2">';
echo '<input type="submit" value="Login"> ';
echo '</td>';
echo '</tr>';
echo '<tr>';
echo '<td colspan="2"></td>';
echo '</tr>';
echo '</table>';
echo '</form>';
echo '<a href="register.php">Register</a>';
echo '</div>';
}
end_frame();
stdfoot();
die;
}
//report comment form
if ($comment != "") {
$res = SQL_Query_exec("SELECT id, text FROM comments WHERE id={$comment}");
if (mysql_num_rows($res) == 0) {
print "Invalid Comment";
end_frame();
stdfoot();
die;
}
$arr = mysql_fetch_assoc($res);
print "<b>Are you sure you would like to report Comment:</b><br /><br /><b>" . format_comment($arr["text"]) . "</b>?<br />";
print "<p>Please note, this is <b>not</b> to be used to report leechers, we have scripts in place to deal with them</p>";
print "<b>Reason</b> (required): <form method='post' action='report.php'><input type='hidden' name='comment' value='{$comment}' /><input type='text' size='100' name='reason' /><input type='submit' value='Confirm' /></form>";
end_frame();
stdfoot();
die;
}
//error
if ($user != "" && $torrent != "") {
print "<h1>" . T_("MISSING_INFO") . "</h1>";
end_frame();
stdfoot();
die;
}
show_error_msg(T_("ERROR"), T_("MISSING_INFO") . ".", 0);
end_frame();
stdfoot();
<?php
//
// TorrentTrader v2.x
// $LastChangedDate: 2012-06-14 17:31:26 +0100 (Thu, 14 Jun 2012) $
// $LastChangedBy: torrenttrader $
//
// http://www.torrenttrader.org
//
//
require_once "backend/functions.php";
dbconn();
loggedinonly();
if (!$CURUSER || $CURUSER["control_panel"] != "yes") {
show_error_msg(T_("ERROR"), T_("SORRY_NO_RIGHTS_TO_ACCESS"), 1);
}
// ACTION: reorder - reorder sections and items
if ($_GET[action] == "reorder") {
foreach ($_POST[order] as $id => $position) {
SQL_Query_exec("UPDATE `faq` SET `order`='{$position}' WHERE id='{$id}'");
}
header("Refresh: 0; url=faq-manage.php");
} elseif ($_GET[action] == "edit" && is_valid_id($_GET[id])) {
stdhead(T_("FAQ_MANAGEMENT"));
begin_frame();
print "<h1 align=\"center\">Edit Section or Item</h1>";
$res = SQL_Query_exec("SELECT * FROM `faq` WHERE `id`='{$_GET['id']}' LIMIT 1");
while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) {
$arr[question] = stripslashes(htmlspecialchars($arr[question]));
$arr[answer] = stripslashes(htmlspecialchars($arr[answer]));
if ($arr[type] == "item") {
write_log("NFO ({$id}) was updated by {$CURUSER['username']}.");
show_error_msg(T_("NFO_UPDATED"), T_("NFO_UPDATED"), 1);
}
}
if ($do == "delete") {
$reason = htmlspecialchars($_POST["reason"]);
if (get_row_count("torrents", "WHERE `nfo` = 'yes' AND `id` = {$id}")) {
unlink($nfo);
write_log("NFO ({$id}) was deleted by {$CURUSER['username']} {$reason}");
SQL_Query_exec("UPDATE `torrents` SET `nfo` = 'no' WHERE `id` = {$id}");
show_error_msg(T_("NFO_DELETED"), T_("NFO_DELETED"), 1);
}
show_error_msg(T_("ERROR"), sprintf(T_("NFO_NOT_EXIST"), $id), 1);
}
if (!is_valid_id($id) || !($contents = file_get_contents($nfo))) {
show_error_msg(T_("ERROR"), T_("NFO_NOT_FOUND"), 1);
}
stdhead(T_("NFO_EDITOR"));
begin_frame(T_("NFO_EDIT"));
?>
<center>
<form method="post" action="nfo-edit.php">
<input type="hidden" name="id" value="<?php
echo $id;
?>
" />
<input type="hidden" name="do" value="update" />
<textarea class="nfo" name="content" cols="100%" rows="80"><?php
echo htmlspecialchars(stripslashes($contents));
?>
$res = SQL_Query_exec("SELECT * FROM news WHERE id = {$id}");
$row = mysql_fetch_array($res);
if (!$row) {
show_error_msg(T_("ERROR"), "News id invalid", 0);
stdfoot();
}
begin_frame(T_("NEWS"));
echo htmlspecialchars($row['title']) . "<br /><br />" . format_comment($row['body']) . "<br />";
end_frame();
}
//TORRENT
if ($type == "torrent") {
$res = SQL_Query_exec("SELECT id, name FROM torrents WHERE id = {$id}");
$row = mysql_fetch_array($res);
if (!$row) {
show_error_msg(T_("ERROR"), "News id invalid", 0);
stdfoot();
}
echo "<center><b>" . T_("COMMENTSFOR") . "</b> <a href='torrents-details.php?id=" . $row['id'] . "'>" . htmlspecialchars($row['name']) . "</a></center><br />";
}
begin_frame(T_("COMMENTS"));
$subres = SQL_Query_exec("SELECT COUNT(*) FROM comments WHERE {$type} = {$id}");
$subrow = mysql_fetch_array($subres);
$commcount = $subrow[0];
if ($commcount) {
list($pagertop, $pagerbottom, $limit) = pager(10, $commcount, "comments.php?id={$id}&type={$type}&");
$commquery = "SELECT comments.id, text, user, comments.added, avatar, signature, username, title, class, uploaded, downloaded, privacy, donated FROM comments LEFT JOIN users ON comments.user = users.id WHERE {$type} = {$id} ORDER BY comments.id {$limit}";
$commres = SQL_Query_exec($commquery);
} else {
unset($commres);
}
$tracker = str_replace("/announce", "/scrape", $announce);
$stats = torrent_scrape_url($tracker, $infohash);
$seeders = (int) strip_tags($stats['seeds']);
$leechers = (int) strip_tags($stats['peers']);
$downloaded = (int) strip_tags($stats['downloaded']);
SQL_Query_exec("UPDATE torrents SET leechers='" . $leechers . "', seeders='" . $seeders . "',times_completed='" . $downloaded . "',last_action= '" . get_date_time() . "',visible='yes' WHERE id='" . $id . "'");
}
//END SCRAPE
write_log(sprintf(T_("TORRENT_UPLOADED"), htmlspecialchars($name), $CURUSER["username"]));
//Uploaded ok message (update later)
if ($external == 'no') {
$message = sprintf(T_("TORRENT_UPLOAD_LOCAL"), $name, $id, $id);
} else {
$message = sprintf(T_("TORRENT_UPLOAD_EXTERNAL"), $name, $id);
}
show_error_msg(T_("UPLOAD_COMPLETE"), $message, 1);
die;
}
//takeupload
///////////////////// FORMAT PAGE ////////////////////////
stdhead(T_("UPLOAD"));
begin_frame(T_("UPLOAD_RULES"));
echo "<b>" . stripslashes($site_config["UPLOADRULES"]) . "</b>";
echo "<br />";
end_frame();
begin_frame(T_("UPLOAD"));
?>
<form name="upload" enctype="multipart/form-data" action="torrents-upload.php" method="post">
<input type="hidden" name="takeupload" value="yes" />
<table border="0" cellspacing="0" cellpadding="6" align="center">
