function commenttable_new($rows)
{
global $CURUSER, $HTTP_SERVER_VARS;
begin_main_frame();
begin_frame();
$count = 0;
foreach ($rows as $row) {
$subres = mysql_query("SELECT name from torrents where id=" . unsafeChar($row["torrent"])) or sqlerr(__FILE__, __LINE__);
$subrow = mysql_fetch_array($subres);
print "<br /><a href=\"details.php?id=" . safeChar($row["torrent"]) . "\">" . safeChar($subrow["name"]) . "</a><br />\n";
print "<p class=sub>#" . $row["id"] . " by ";
if (isset($row["username"])) {
print "<a name=comm" . $row["id"] . " href=userdetails.php?id=" . safeChar($row["user"]) . "><b>" . safechar($row["username"]) . "</b></a>" . ($row["warned"] == "yes" ? "<img src=" . "pic/warned.gif alt=\"Warned\">" : "");
} else {
print "<a name=\"comm" . safeChar($row["id"]) . "\"><i>(orphaned)</i></a>\n";
}
print " at " . safeChar($row["added"]) . " GMT" . "- [<a href=comment.php?action=edit&cid={$row['id']}>Edit</a>]" . "- [<a href=deletecomment.php?id={$row['id']}>Delete</a>]</p>\n";
$avatar = $CURUSER["avatars"] == "yes" ? safechar($row["avatar"]) : "";
if (!$avatar) {
$avatar = "pic/default_avatar.gif";
}
begin_table(true);
print "<tr valign=top>\n";
print "<td align=center width=150 style='padding: 0px'><img width=150 src={$avatar}></td>\n";
print "<td class=text>" . format_comment($row["text"]) . "</td>\n";
print "</tr>\n";
end_table();
}
end_frame();
end_main_frame();
}
function sqlesc($x)
{
if (get_magic_quotes_gpc()) {
$x = stripslashes($x);
}
if (is_numeric($x)) {
return "'" . $x . "'";
}
return "'" . mysql_real_escape_string(unsafeChar($x)) . "'";
}
$s = "sad";
} else {
$s = "cry";
}
}
}
}
}
$sr = floor($sr * 1000) / 1000;
$sr = "<table border=0 cellspacing=0 cellpadding=0><tr><td class=embedded><font color=" . get_ratio_color($sr) . ">" . number_format($sr, 3) . "</font></td><td class=embedded> <img src=/pic/smilies/{$s}.gif></td></tr></table>";
echo "<tr><td class=rowhead style='vertical-align: middle'>Share ratio</td><td align=left valign=center style='padding-top: 1px; padding-bottom: 0px'>{$sr}</td></tr>\n";
}
}
$connectable = "";
// Get connetibility and # of leeches/seeds
$resnew = sql_query("SELECT seeder,connectable,COUNT(userid) as count,userid from peers group by seeder,userid having userid=" . unsafeChar($CURUSER["id"]));
while ($resopt = mysql_fetch_row($resnew)) {
if ($resopt[0] == 'yes') {
$activeseed = $resopt[2];
} else {
$activeleech = $resopt[2];
}
$connect = $resopt[1];
}
if (!$activeseed) {
$activeseed = 0;
}
if (!$activeleech) {
$activeleech = 0;
}
/// Check Connectibility
//$player = UC_BANNED;
//$player = UC_LEECH;
//$player = UC_USER;
$player = UC_POWER_USER;
//$player = UC_VIP;
//$player = UC_UPLOADER;
//$player = UC_MODERATOR;
//$player = UC_ADMINISTRATOR;
//$player = UC_SYSOP;
//$player = UC_OWNER;
//$player = UC_CODER;
if (get_user_class() < $player) {
stderr("Sorry " . $CURUSER["username"], "The MODERATOR do not allow your class to play casino. Power Users and above only.");
}
if ($_POST["agree"] == "Yes") {
mysql_query("UPDATE users SET casagree = 'yes' WHERE id = '" . unsafeChar($CURUSER['id']) . "'");
header("Location: {$BASEURL}/casino.php");
} elseif ($_POST["agree"] == "No") {
header("Location: {$BASEURL}/index.php");
}
////////////////////////////////////////////////standard html begin
stdhead(casino);
begin_main_frame();
begin_table();
echo "<form name=agree method=post action={$phpself}>";
echo "<table width=\"700\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\"><tr><td class=\"embedded\">";
begin_frame("Casino Agreement");
tr("Yes I have read this agreement and understand this agreement, Please take me to the casino", '<input name="agree" type="radio" checked value="Yes">', 1);
tr("No I do not agree with this agreement, return to the home page ", '<input name="agree" type="radio" value="No">', 1);
tr("Submit:", "<input type=submit value='Submit!' >", 1);
echo "<center><h1>" . safeChar($CURUSER[username]) . "</h1></center>";
self.location.href='<?php
$_SERVER["PHP_SELF"];
?>
?action=del&id='+id;
}
}
//-->
</script>
<?php
echo '<table width="100%" border="0" align="center" cellpadding="2" cellspacing="0">';
echo "<tr><td class=colhead align=left>Name</td><td class=colhead>OverForum</td><td class=colhead>Read</td><td class=colhead>Write</td><td class=colhead>Create topic</td><td class=colhead>Modify</td></tr>";
$result = sql_query("SELECT * FROM forums ORDER BY sort ASC");
if ($row = mysql_fetch_array($result)) {
do {
$forid = $row['forid'];
$res2 = sql_query("SELECT name FROM overforums WHERE id=" . unsafeChar($forid) . "");
$arr2 = mysql_fetch_array($res2);
$name = $arr2['name'];
echo "<tr><td><a href=forums.php?action=viewforum&forumid=" . safeChar($row["id"]) . "><b>" . safeChar($row["name"]) . "</b></a><br>" . safeChar($row["description"]) . "</td>";
echo "<td>" . safeChar($name) . "</td><td>" . get_user_class_name($row["minclassread"]) . "</td><td>" . get_user_class_name($row["minclasswrite"]) . "</td><td>" . get_user_class_name($row["minclasscreate"]) . "</td><td align=center nowrap><b><a href=\"" . $PHP_SELF . "?action=editforum&id=" . safeChar($row["id"]) . "\">Edit</a> | <a href=\"javascript:confirm_delete('" . $row["id"] . "');\"><font color=red>Delete</font></a></b></td></tr>";
} while ($row = mysql_fetch_array($result));
} else {
print "<tr><td>Sorry, no records were found!</td></tr>";
}
echo "</table>";
?>
<br><br>
<form method=post action="<?php
echo $_SERVER["PHP_SELF"];
?>
">
function safechar($var)
{
return htmlspecialchars(unsafeChar($var));
}
}
$newup = $CURUSER['uploaded'] - $nobits;
$debt = $nobits - $CURUSER['uploaded'];
if ($CURUSER['uploaded'] < $nobits) {
if ($alwdebt != 'y') {
stderr("Sorry", "<h2>Thats " . safeChar(prefixed($debt)) . " more than you got!</h2>{$goback}");
}
}
$betsp = sql_query("SELECT id, amount FROM casino_bets WHERE userid = " . unsafeChar($CURUSER['id']) . " ORDER BY time ASC") or sqlerr(__FILE__, __LINE__);
$tbet2 = mysql_fetch_row($betsp);
$dummy = "<H2>Bet added, you will receive a PM notifying you of the results when someone has taken it</H2>";
sql_query("INSERT INTO casino_bets ( userid, proposed, challenged, amount, time) VALUES ('" . unsafeChar($CURUSER['id']) . "','" . unsafeChar($CURUSER['username']) . "', 'empty', '{$nobits}', '{$time}')") or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE users SET uploaded = {$newup} WHERE id = " . unsafeChar($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE casino SET deposit = deposit + {$nobits} WHERE userid = " . unsafeChar($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
if (mysql_affected_rows() == 0) {
sql_query("INSERT INTO casino (userid, date, deposit) VALUES (" . unsafeChar($CURUSER['id']) . ", '{$time}', '" . unsafeChar($nobits) . "')") or sqlerr(__FILE__, __LINE__);
}
}
$loca = sql_query("SELECT * FROM casino_bets WHERE challenged ='empty'");
$totbets = mysql_num_rows($loca);
// //////////////////////////////////////////////standard html begin
stdhead(Casino);
echo "<h1>bet P2P with other users:</h1>";
echo "<table class=message width=650 cellspacing=0 cellpadding=5>\n";
echo "<tr><td align=center >";
echo $dummy;
// Place bet table
if ($openbet < $maxusrbet) {
if ($totbets >= $maxtotbet) {
echo "<br>There are already " . safeChar($maxtotbet) . " bets open, take an open bet !<br>";
} else {
if (!mkglobal("id")) {
die;
}
$id = 0 + $id;
if (!$id) {
die;
}
dbconn();
maxcoder();
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
$res = mysql_query("SELECT * FROM torrents WHERE id =" . unsafeChar($id) . "");
$row = mysql_fetch_assoc($res);
if (!$row) {
die;
}
stdhead("Edit torrent \"" . $row["name"] . "\"");
if (!isset($CURUSER) || $CURUSER["id"] != $row["owner"] && get_user_class() < UC_MODERATOR) {
echo "<h1>Can't edit this torrent</h1>\n";
echo "<p>You're not the rightful owner, or you're not <a href=\"login.php?returnto=" . urlencode(substr($_SERVER["REQUEST_URI"], 1)) . "&nowarn=1\">logged in</a> properly.</p>\n";
} else {
echo "<form name=edit method=post action=takeedit.php enctype=multipart/form-data>\n";
echo "<input type=\"hidden\" name=\"id\" value=\"{$id}\">\n";
if (isset($_GET["returnto"])) {
echo "<input type=\"hidden\" name=\"returnto\" value=\"" . safeChar($_GET["returnto"]) . "\" />\n";
}
echo "<table border=\"1\" cellspacing=\"0\" cellpadding=\"10\">\n";
$res1 = mysql_query("SELECT COUNT(*) FROM shoutbox {$limit}") or sqlerr();
$row1 = mysql_fetch_array($res1);
$count = $row1[0];
$shoutsperpage = 30;
list($pagertop, $pagerbottom, $limit) = pager($shoutsperpage, $count, "shistory.php?");
print "{$pagertop}";
$res = sql_query("SELECT * FROM shoutbox ORDER BY date DESC {$limit}") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) {
print "\n";
} else {
print "<table border=0 cellspacing=0 cellpadding=2 width='100%' align='left' class='small'>\n";
$i = 0;
while ($arr = mysql_fetch_assoc($res)) {
$res2 = sql_query("SELECT username,class,donor,warned,downloadpos,chatpost,forumpost,uploadpos,parked FROM users WHERE id=" . unsafeChar($arr[userid]) . "") or sqlerr(__FILE__, __LINE__);
$arr2 = mysql_fetch_array($res2);
$resowner = sql_query("SELECT id, username, class FROM users WHERE id=" . unsafeChar($arr[userid]) . "") or sqlerr(__FILE__, __LINE__);
$rowowner = mysql_fetch_array($resowner);
if ($rowowner["class"] == "7") {
$usercolor = " <font color='#" . get_user_class_color($rowowner['class']) . "'>" . safechar($rowowner['username']) . "</font>";
}
if ($rowowner["class"] == "6") {
$usercolor = " <font color='#" . get_user_class_color($rowowner['class']) . "'>" . safechar($rowowner['username']) . "</font>";
}
if ($rowowner["class"] == "5") {
$usercolor = " <font color='#" . get_user_class_color($rowowner['class']) . "'>" . safechar($rowowner['username']) . "</font>";
}
if ($rowowner["class"] == "4") {
$usercolor = " <font color='#" . get_user_class_color($rowowner['class']) . "'>" . safechar($rowowner['username']) . "</font>";
}
if ($rowowner["class"] == "3") {
$usercolor = " <font color='#" . get_user_class_color($rowowner['class']) . "'>" . safechar($rowowner['username']) . "</font>";
$res = mysql_query("SELECT id, name from torrents where id=" . unsafeChar($id) . "");
if (mysql_num_rows($res) == 0) {
stderr("Err", "No torrent with this id ");
} else {
$arr = mysql_fetch_array($res);
stdhead("Bookmarks for " . $arr["name"] . "");
?>
<h2>Bookmarks for torrent <br/><a href=details.php?id=<?php
echo $id;
?>
><?php
echo $arr['name'];
?>
</a></h2><table>
<?php
$res = mysql_query("SELECT b.userid, u.username FROM bookmarks AS b LEFT JOIN users AS u ON b.userid=u.id WHERE torrentid=" . unsafeChar($id) . " AND b.private = 'no' ORDER BY u.username ASC ") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) > 0) {
?>
<tr><td class='colhead'>Username</td></tr>
<?php
while ($ar = mysql_fetch_array($res)) {
?>
<tr><td align='center'><a href='userdetails.php?id=<?php
echo $ar['userid'];
?>
'><?php
echo $ar['username'];
?>
</a></td></tr>
<?php
}
if (!mkglobal("rating:id")) {
bark("missing form data");
}
$id = 0 + $id;
if (!$id) {
bark("invalid id");
}
$rating = 0 + $rating;
if ($rating <= 0 || $rating > 5) {
bark("invalid rating");
}
$res = sql_query("SELECT owner FROM torrents WHERE id = " . unsafeChar($id) . "");
$row = mysql_fetch_array($res);
if (!$row) {
bark("no such torrent");
}
// if ($row["owner"] == $CURUSER["id"])
// bark("You can't vote on your own torrents.");
$res = sql_query("INSERT INTO ratings (torrent, user, rating, added) VALUES ({$id}, " . unsafeChar($CURUSER["id"]) . ", {$rating}, NOW())");
if (!$res) {
if (mysql_errno() == 1062) {
bark("You have already rated this torrent.");
} else {
bark(mysql_error());
}
}
sql_query("UPDATE torrents SET numratings = numratings + 1, ratingsum = ratingsum + {$rating} WHERE id = " . unsafeChar($id) . "");
// ===add karma
sql_query("UPDATE users SET seedbonus = seedbonus+5.0 WHERE id = " . unsafeChar($CURUSER["id"]) . "") or sqlerr(__FILE__, __LINE__);
// ===end
header("Refresh: 0; url=details.php?id={$id}&rated=1");
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
if (get_user_class() < UC_SYSOP) {
hacker_dork("Ratio Edit - Nosey C**t !");
}
if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") {
if ($HTTP_POST_VARS["username"] == "" || $HTTP_POST_VARS["uploaded"] == "" || $HTTP_POST_VARS["downloaded"] == "") {
stderr("Error", "Missing form data.");
}
$username = unsafeChar($HTTP_POST_VARS["username"]);
$uploaded = unsafeChar($HTTP_POST_VARS["uploaded"]);
$downloaded = unsafeChar($HTTP_POST_VARS["downloaded"]);
// getting the id of user in cause // CyBerFuN
$cyberfun_sql_x = sql_query("SELECT id\nFROM `users`\nWHERE `username` LIKE " . sqlesc($username) . "\nLIMIT 1 ;") or sqlerr(__FILE__, __LINE__);
//
$cyberfun_response_row = mysql_fetch_row($cyberfun_sql_x);
$cfn_id = $cyberfun_response_row[0];
// $cfn_status = $cyberfun_response_row[1];
sql_query("UPDATE users SET uploaded = {$uploaded}, downloaded = {$downloaded} WHERE id = {$cfn_id}") or sqlerr(__FILE__, __LINE__);
write_log("Ratio edited", "{$username} had their ratio adjusted by {$CURUSER['username']} to {$uploaded} bytes uploaded and {$downloaded} bytes downloaded.");
if (!$cyberfun_response_row) {
stderr("Error", "Unable to update account.");
}
header("Location: {$BASEURL}/userdetails.php?id={$cyberfun_response_row['0']}");
die;
}
stdhead("Ratio Edit");
require_once "include/bbcode_functions.php";
dbconn();
maxcoder();
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
stdhead("Delete Torrent");
begin_main_frame();
if ($_GET[mode] == "delete") {
if (get_user_class() >= UC_MODERATOR) {
$table = "torrents";
$table2 = "sitelog";
$res = sql_query("SELECT id, name,owner,seeders FROM torrents WHERE id IN (" . implode(", ", unsafeChar($_POST[delete])) . ")") or sqlerr(__FILE__, __LINE__);
echo "The following torrents has been deleted:<br><br>";
while ($row = mysql_fetch_array($res)) {
echo "ID: " . safeChar($row[id]) . " - " . safeChar($row[name]) . "<br>";
$reasonstr = "Dead: 0 seeders, 0 leechers = 0 peers total";
$text = "Torrent " . safeChar($row[id]) . " (" . safeChar($row[name]) . ") was deleted by " . safeChar($CURUSER[username]) . "({$reasonstr})\n";
$added = sqlesc(get_date_time());
write_log("torrentdelete", "Torrent {$id} ({$row['name']}) was deleted by '<a href=\"userdetails.php?id={$CURUSER['id']}\">{$CURUSER['username']}</a>' Reason : ({$reasonstr})\n");
}
sql_query("DELETE FROM {$table} where id IN (" . implode(", ", unsafeChar($_POST[delete])) . ")") or sqlerr(__FILE__, __LINE__);
} else {
echo "You are not allowed to view this page";
}
}
end_main_frame();
stdfoot();
stdhead();
stdmsg("Thanks failed!", $msg);
stdfoot();
exit;
}
if (!isset($CURUSER)) {
die;
}
if (!mkglobal("id")) {
die;
}
$id = 0 + $id;
if (!$id) {
die;
}
$res = sql_query("SELECT 1 FROM torrents WHERE id = " . unsafeChar($id) . "");
$row = mysql_fetch_array($res);
if (!$row) {
die;
}
$ras = sql_query("select 1 from thanks WHERE torid=" . unsafeChar($id) . " AND uid =" . unsafeChar($CURUSER["id"]) . "") or die(mysql_error());
$raw = mysql_fetch_array($ras);
if ($raw) {
bark("You already thanked.");
}
$text = ":thankyou:";
sql_query("INSERT INTO thanks (uid, torid, thank_date) VALUES (" . unsafeChar($CURUSER["id"]) . ",{$id}, '" . get_date_time() . "')");
sql_query("INSERT INTO comments (user, torrent, added, text, ori_text) VALUES (" . unsafeChar($CURUSER["id"]) . ",{$id}, '" . get_date_time() . "', " . sqlesc($text) . "," . sqlesc($text) . ")");
$newid = mysql_insert_id();
sql_query("UPDATE torrents SET thanks = thanks + 1 WHERE id = " . unsafeChar($id) . "");
header("Refresh: 0; url=details.php?id={$id}&viewcomm={$newid}#comm{$newid}");
case 0:
$commentbar = "<p align=center>" . $language['dtrevoked'] . "</p>\n";
break;
case 1:
$commentbar = "<p align=center><a class=index href=comment.php?action=add&tid={$id}>" . $language['dt65'] . "</a></p>\n <a class=index href=takethankyou.php?id={$id}> <img src=" . $pic_base_url . "thankyou.gif border=0></a></p>";
break;
case 2:
$commentbar = "<p align=center>" . $language['dtnocom'] . "</p>\n";
default:
die('Contact Administrator');
break;
}
$subres = sql_query("SELECT COUNT(*) FROM comments WHERE torrent = " . unsafeChar($id) . "");
$subrow = mysql_fetch_array($subres);
$count = $subrow[0];
$tures = sql_query("SELECT id,username FROM users,thanks WHERE users.id = thanks.uid AND thanks.torid = " . unsafeChar($id) . "");
begin_main_frame();
end_main_frame();
if (!$count) {
echo "<h2>" . $language['dt64'] . "</h2>\n";
} else {
list($pagertop, $pagerbottom, $limit) = pager(20, $count, "details.php?id={$id}&", array("lastpagedefault" => 1));
$subres = sql_query("SELECT comments.id, text, user, comments.added, comments.anonymous, editedby, editedat, avatar, warned, " . "username, title, reputation, class, signature, signatures, donor FROM comments LEFT JOIN users ON comments.user = users.id WHERE torrent = " . "{$id} ORDER BY comments.id {$limit}") or sqlerr(__FILE__, __LINE__);
$allrows = array();
while ($subrow = mysql_fetch_assoc($subres)) {
$allrows[] = $subrow;
}
echo $commentbar;
echo $pagertop;
commenttable($allrows);
echo $pagerbottom;
$id = $CURUSER["id"];
}
$res = mysql_query("SELECT COUNT(*) FROM userhits WHERE hitid = " . unsafeChar($id) . "") or sqlerr();
$row = mysql_fetch_row($res);
$count = $row[0];
$perpage = 100;
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, "?id={$id}&");
if (!$count) {
stderr("No views", "This user has had no profile views yet.");
}
$res = mysql_query("SELECT username FROM users WHERE id = " . unsafeChar($id) . "") or sqlerr();
// remove 'hits' if you do NOT use the cleanup code
$user = mysql_fetch_assoc($res);
stdhead("Profile views of " . safeChar($user['username']) . "");
print "<h1>Profile views of <a href=\"userdetails.php?id={$id}\">" . safeChar($user['username']) . "</a></h1>\n";
print "<h2>In total " . safeChar($count) . " views</h2>\n";
// replace $user[hits] with $count if you do NOT use the cleanup code
if ($count > $perpage) {
print "{$pagertop}";
}
print "<table border=0 cellspacing=0 cellpadding=5>\n";
print "<tr><td class=colhead>Nr.</td><td class=colhead>Username</td><td class=colhead>Viewed at</td></tr>\n";
$res = mysql_query("SELECT uh.*, username, users.id as uid FROM userhits uh LEFT JOIN users ON uh.userid = users.id WHERE hitid =" . unsafeChar($id) . " ORDER BY uh.id DESC") or sqlerr();
while ($arr = mysql_fetch_assoc($res)) {
print "<tr><td>" . number_format($arr["number"]) . "</td><td><b><a href=\"userdetails.php?id={$arr['uid']}\">" . safeChar($arr['username']) . "</a></b></td><td>" . safeChar($arr['added']) . "</td></tr>\n";
}
print "</table>\n";
if ($count > $perpage) {
print "{$pagerbottom}";
}
stdfoot();
require_once "include/bittorrent.php";
require_once "include/user_functions.php";
require_once "include/bbcode_functions.php";
dbconn();
maxcoder();
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
parked();
$fileid = (int) $_GET['fileid'];
$res = sql_query("SELECT * FROM attachmentdownloads WHERE fileid=" . unsafeChar($fileid)) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == "0") {
die("Nothing found!");
} else {
stdhead();
print "<html><head><link rel=\"stylesheet\" href=\"/themes/default/default.css\" type=\"text/css\" media=\"screen\" /></head><body>\n";
print "<table border=1 width=100% cellspacing=0 cellpadding=2>\n";
print "<tr align=center><td class=colhead align=center>File ID</td>\n <td class=colhead align=center>Filename</td>\n <td class=colhead align=center>Downloaded from</td>\n <td class=colhead align=center>Downloads</td>\n <td class=colhead align=center>Date</td></tr>\n";
while ($arr = mysql_fetch_assoc($res)) {
print "<tr><td align=center>{$arr['fileid']}</td><td align=center>" . safeChar($arr[filename]) . "</td><td align=center><a href=\"#\" onclick=\"opener.location=('userdetails.php?id={$arr['userid']}'); self.close();\">{$arr['username']}</a></td><td align=center>{$arr['downloads']}</td><td align=center>{$arr['date']}</td></tr>";
}
$res = sql_query("SELECT downloads FROM attachments WHERE id=" . unsafeChar($fileid)) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
print "<tr><td colspan=5><div class=error><font color=blue>Total Downloads: {$arr['downloads']}</font></div></td</tr>";
print "</table></body></html>\n";
}
stdfoot();
if (get_user_class() < UC_MODERATOR) {
hacker_dork("Invitedby - Nosey C**t !");
}
stdhead();
begin_frame("Invited Users");
// ///////// by rulzmaker /////////////
$res2 = sql_query("SELECT COUNT(*) FROM users WHERE invitedby > 0");
$row = mysql_fetch_array($res2);
$count = $row[0];
$perpage = 50;
list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] . "?");
echo $pagertop;
// ///////// by rulzmaker /////////////
echo '<table width="640" border="0" align="center" cellpadding="2" cellspacing="0">';
echo "<tr><td class=colhead align=left>User</td><td class=colhead>Invited by</td><td class=colhead>Ratio</td><td class=colhead>IP</td><td class=colhead>Date Joined</td><td class=colhead>Last Access</td><td class=colhead>Download</td><td class=colhead>Upload</td></tr>";
$result = sql_query("SELECT * FROM users WHERE " . unsafeChar(invitedby) . " > 0 AND status = 'confirmed' ORDER BY added DESC {$limit}");
if ($row = mysql_fetch_array($result)) {
do {
if ($row["uploaded"] == "0") {
$ratio = "inf";
} elseif ($row["downloaded"] == "0") {
$ratio = "inf";
} else {
$ratio = number_format($row["uploaded"] / $row["downloaded"], 3);
$ratio = "<font color=" . get_ratio_color($ratio) . ">{$ratio}</font>";
}
$invitedby = sql_query("SELECT username FROM users WHERE id={$row['invitedby']}");
$invitedby2 = mysql_fetch_array($invitedby);
echo "<tr><td><a href=userdetails.php?id=" . $row["id"] . "><b>" . $row["username"] . "</b></a></td><td><a href=userdetails.php?id=" . $row["invitedby"] . ">" . $invitedby2["username"] . "</a></td><td><strong>" . $ratio . "</strong></td><td>" . $row["ip"] . "</td><td>" . $row["added"] . "</td><td>" . $row["last_access"] . "</td><td>" . prefixed($row["downloaded"]) . "</td><td>" . prefixed($row["uploaded"]) . "</td></tr>";
} while ($row = mysql_fetch_array($result));
} else {
echo '<td class=colhead align=center>Conn.</td>';
echo '<td class=colhead align=center>Seeding</td>';
echo '<td class=colhead align=center>Started</td>';
echo '<td class=colhead align=center>Last<br>Action</td>';
echo '<td class=colhead align=center>Prev.<br>Action</td>';
echo '<td class=colhead align=center>Upload<br>Offset</td>';
echo '<td class=colhead align=center>Download<br>Offset</td>';
echo '<td class=colhead align=center>To<br>Go</td>';
echo '</tr>';
while ($row = mysql_fetch_assoc($result)) {
$sql1 = "SELECT * FROM users WHERE id = " . unsafeChar($row[userid]) . "";
$result1 = mysql_query($sql1);
while ($row1 = mysql_fetch_assoc($result1)) {
echo '<tr>';
echo '<td><a href="userdetails.php?id=' . safeChar($row['userid']) . '">' . safeChar($row1['username']) . '</a></td>';
$sql2 = "SELECT * FROM torrents WHERE id = " . unsafeChar($row[torrent]) . "";
$result2 = mysql_query($sql2);
while ($row2 = mysql_fetch_assoc($result2)) {
$smallname = substr(safeChar($row2["name"]), 0, 20);
if ($smallname != safeChar($row2["name"])) {
$smallname .= '...';
}
#$smallname = safechar($row2["name"]);
echo '<td><a href="details.php?id=' . safeChar($row['torrent']) . '">' . $smallname . '</td>';
echo '<td align=center>' . $row['ip'] . '</td>';
echo '<td align=center>' . safeChar($row['port']) . '</td>';
if ($row['uploaded'] < $row['downloaded']) {
echo '<td align=center><font color=red>' . safeChar(prefixed($row['uploaded'])) . '</font></td>';
} else {
if ($row['uploaded'] == '0') {
echo '<td align=center>' . safeChar(prefixed($row['uploaded'])) . '</td>';
<?php
require "include/bittorrent.php";
require_once "include/user_functions.php";
require_once "include/bbcode_functions.php";
dbconn(false);
maxcoder();
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
$userid = 0 + $CURUSER["id"];
$torrentid = 0 + $_POST["torrentid"];
if (!$torrentid) {
header("Location: browse.php");
} else {
$checkfreepoll = mysql_query("SELECT userid FROM freepoll WHERE torrentid=" . unsafeChar($torrentid) . " AND userid=" . unsafeChar($userid) . "");
}
$trows = mysql_fetch_row($checkfreepoll);
if ($trows[0] > 0) {
header("Location: details.php?id={$torrentid}&poll=0");
} else {
$res = mysql_query("INSERT INTO freepoll (torrentid, userid) VALUES (" . unsafeChar($torrentid) . ", " . unsafeChar($userid) . ")");
header("Location: details.php?id={$torrentid}");
}
echo "<td class=tabletorrent align=right>Uspeed</td>\n";
echo "<td class=tabletorrent align=right>Download</td>\n";
echo "<td class=tabletorrent align=right>Dspeed</td>\n";
echo "<td class=tabletorrent align=right>Ratio</td>\n";
echo "<td class=tabletorrent align=right>complete</td>\n";
echo "<td class=tabletorrent align=right>HitnRun</td>\n";
echo "<td class=tabletorrent align=right>Marked</td>\n";
echo "<td class=tabletorrent align=right>Seedtime</td>\n";
echo "<td class=tabletorrent align=right>Leechtime</td>\n";
echo "<td class=tabletorrent align=center>Last action</td>\n";
echo "<td class=tabletorrent align=center>Completed At</td>\n";
echo "<td class=tabletorrent align=center>Port</td>\n";
echo "<td class=tabletorrent align=center>seeding</td>\n";
echo "<td class=tabletorrent align=center>Announced</td>\n";
echo "</tr>\n";
$res = mysql_query("SELECT s.*, size, username, parked, warned, enabled, donor, timesann, hit_and_run, mark_of_cain FROM snatched AS s INNER JOIN users ON s.userid = users.id INNER JOIN torrents ON s.torrentid = torrents.id WHERE torrentid =" . unsafeChar($id) . " ORDER BY complete_date DESC {$limit}") or sqlerr();
while ($arr = mysql_fetch_assoc($res)) {
$upspeed = $arr["upspeed"] > 0 ? prefixed($arr["upspeed"]) : ($arr["seedtime"] > 0 ? prefixed($arr["uploaded"] / ($arr["seedtime"] + $arr["leechtime"])) : prefixed(0));
$downspeed = $arr["downspeed"] > 0 ? prefixed($arr["downspeed"]) : ($arr["leechtime"] > 0 ? prefixed($arr["downloaded"] / $arr["leechtime"]) : prefixed(0));
$ratio = $arr["downloaded"] > 0 ? number_format($arr["uploaded"] / $arr["downloaded"], 3) : ($arr["uploaded"] > 0 ? "Inf." : "---");
$completed = sprintf("%.2f%%", 100 * (1 - $arr["to_go"] / $arr["size"]));
$res9 = mysql_query("SELECT seeder FROM peers WHERE torrent={$_GET['id']} AND userid={$arr['userid']}");
$arr9 = mysql_fetch_assoc($res9);
echo "<tr>\n";
echo "<td align=left><a href=userdetails.php?id={$arr['userid']}>{$arr['username']}</a>" . get_user_icons($arr) . "</td>\n";
echo "<td align=right>" . safeChar($arr["id"]) . "</td>\n";
echo "<td align=center>" . ($arr["connectable"] == "yes" ? "<img src=/pic/online.gif>" : "<img src=/pic/offline.gif>") . "</td>\n";
echo "<td align=right>" . prefixed($arr["uploaded"]) . "</td>\n";
echo "<td align=right>{$upspeed}/s</td>\n";
echo "<td align=right>" . prefixed($arr["downloaded"]) . "</td>\n";
echo "<td align=right>{$downspeed}/s</td>\n";
if (get_user_class() < UC_CODER) {
hacker_dork("Proxys?- Nosey C**t !");
}
stdhead("Possible Proxy User List");
print "<big><b>Possible Proxy Users</b></big><p>";
print "<b>Lists User That Have Different Ip On the Tracker</b><p>";
print "<table border=1 cellpadding=2 cellspacing=1>\n";
print "<tr style='font-weight:bold'><td>userid</td><td>Host</td><td>Joined</td><td>Logged IP</td><td>Tracked IP</td><td>Warned</td></tr>\n";
$res = mysql_query("SELECT DISTINCT ip,userid FROM peers") or sqlerr();
while ($row = mysql_fetch_array($res)) {
$userip = $row["ip"];
$userid = $row["userid"];
$longip = ip2long($userip);
$upper = $longip + 167772160;
$lower = $longip - 167772160;
$res3 = mysql_query("SELECT username,ip,added,warned,class,donor FROM users WHERE id=" . unsafeChar($userid) . " and ip<>" . unsafeChar($userip) . "") or sqlerr();
$active = mysql_num_rows($res3);
if ($active == 1) {
$row2 = mysql_fetch_array($res3);
$ip = $row2["ip"];
$name = $row2["username"];
$joindate = $row2["added"];
$warned = $row2["warned"];
$class = $row2["class"];
$donor = $row2["donor"];
$ip2 = $ip;
$dom = @gethostbyaddr($ip);
if ($dom == $ip || @gethostbyname($dom) != $ip) {
$addr = $ip2;
} else {
$dom = strtoupper($dom);
}
// -------- Action: View comments
if ($action == "viewcomments") {
$select_is = "COUNT(*)";
// LEFT due to orphan comments
$from_is = "comments AS c LEFT JOIN torrents as t\r\n\t ON c.torrent = t.id";
$where_is = "c.user = {$userid}";
$order_is = "c.id DESC";
$query = "SELECT {$select_is} FROM {$from_is} WHERE {$where_is} ORDER BY {$order_is}";
$res = mysql_query($query) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res) or stderr("Error", "No comments found");
$commentcount = $arr[0];
// ------ Make page menu
list($pagertop, $pagerbottom, $limit) = pager($perpage, $commentcount, $_SERVER["PHP_SELF"] . "?action=viewcomments&id={$userid}&");
// ------ Get user data
$res = mysql_query("SELECT username, donor, warned, enabled FROM users WHERE id=" . unsafeChar($userid) . "") or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 1) {
$arr = mysql_fetch_assoc($res);
$subject = "<a href=userdetails.php?id={$userid}><b>{$arr['username']}</b></a>" . get_user_icons($arr, true);
} else {
$subject = "unknown[{$userid}]";
}
// ------ Get comments
$select_is = "t.name, c.torrent AS t_id, c.id, c.added, c.text";
$query = "SELECT {$select_is} FROM {$from_is} WHERE {$where_is} ORDER BY {$order_is} {$limit}";
$res = mysql_query($query) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) {
stderr("Error", "No comments found");
}
stdhead("Comments history");
print "<h1>Comments history for {$subject}</h1>\n";
<?php
require "include/bittorrent.php";
require_once "include/bbcode_functions.php";
require_once "include/user_functions.php";
header("Content-Type: text/html; charset=" . $language['charset']);
dbconn();
maxcoder();
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
//==Modifed Ajax userlist taken from softmp3 09
$nick = unsafeChar(trim($_GET["text"]));
if (strlen($nick) < 1) {
$nick = "a";
}
$res = mysql_query("SELECT * FROM users WHERE username LIKE '{$nick}%' ORDER BY username LIMIT 50");
$count = mysql_num_rows($res);
$num = mysql_num_rows($res);
$ut .= "<table border=1 cellspacing=0 cellpadding=5>\n";
$ut .= "<tr><td class=colhead align=left>Username</td><td class=colhead>Registered</td><td class=colhead>Last logged in</td><td class=colhead>Country</td><td class=colhead align=left>Class</td></tr>\n";
for ($i = 0; $i < $num; ++$i) {
$arr = mysql_fetch_assoc($res);
if ($arr['country'] > 0) {
$cres = mysql_query("SELECT name,flagpic FROM countries WHERE id={$arr['country']}");
if (mysql_num_rows($cres) == 1) {
$carr = mysql_fetch_assoc($cres);
$country = "<td style='padding: 0px' align=center><img src=\"{$pic_base_url}flag/{$carr[flagpic]}\" alt=\"" . safeChar($carr[name]) . "\"></td>";
require_once "include/bbcode_functions.php";
dbconn(false);
maxcoder();
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
$action = isset($_GET['action']) ? $_GET['action'] : '';
stdhead();
?>
<table class=main width=750 border=0 cellspacing=0 cellpadding=10><tr><td class=embedded>
<h2 align=center><font size=6>Announcement History</font></h2>
<?php
$query = sprintf('SELECT m.main_id, m.subject, m.body FROM announcement_main AS m ' . 'LEFT JOIN announcement_process AS p ' . 'ON m.main_id = p.main_id AND p.user_id = %s ' . 'WHERE p.status = 2', unsafeChar($CURUSER['id']));
$result = mysql_query($query);
$ann_list = array();
while ($x = mysql_fetch_array($result)) {
$ann_list[] = $x;
}
unset($x);
unset($result);
reset($ann_list);
if ($action == 'read_announce') {
$id = 0 + (isset($_GET['id']) ? $_GET['id'] : 0);
if (!is_int($id)) {
stdmsg('Error', 'Invalid ID');
stdfoot();
die;
}
function commenttable($rows)
{
global $CURUSER, $HTTP_SERVER_VARS;
// === get smilie based on ratio
begin_main_frame();
begin_frame();
$count = 0;
foreach ($rows as $row) {
$querie = sql_query("SELECT anonymous FROM comments WHERE id =" . unsafeChar($row['id']) . "");
$arraya = mysql_fetch_assoc($querie);
echo "<p class=sub>#" . safeChar($row["id"]) . " by ";
$title = !empty($row["title"]) ? $row["title"] : get_user_class_name($row["class"]);
if ($arraya['anonymous'] == 'no' && isset($row["username"])) {
$username = $row["username"];
$ratres = sql_query("SELECT uploaded, downloaded from users where username='******'");
$rat = mysql_fetch_array($ratres);
if ($rat["downloaded"] > 0) {
$ratio = $rat['uploaded'] / $rat['downloaded'];
$ratio = number_format($ratio, 3);
$color = get_ratio_color($ratio);
if ($color) {
$ratio = "<font color={$color}>" . safeChar($ratio) . " " . get_user_ratio_image($ratio) . "</font>";
}
} else {
if ($rat["uploaded"] > 0) {
$ratio = "Inf.";
} else {
$ratio = "---";
}
}
echo "<a name=comm" . $row["id"] . " href=userdetails.php?id=" . safeChar($row["user"]) . "><b>" . safeChar($row["username"]) . "</b></a> " . $title . " " . ($row["donor"] == "yes" ? "<img src=pic/star.gif alt='Donor'>" : "") . ($row["warned"] == "yes" ? "<img src=" . "/pic/warned.gif alt=\"Warned\">" : "") . " Ratio: {$ratio}\n";
} else {
if (!isset($row["username"])) {
echo "<a name=\"comm" . $row["id"] . "\"><i>(orphaned)</i></a>\n";
} else {
if ($arraya['anonymous'] == 'yes') {
echo "<a name=\"comm" . $row["id"] . "\"><font color=blue><b>Anonymous</b></font></a>\n";
}
}
}
echo " at " . display_date_time($row["added"]) . " GMT" . ($row["user"] == $CURUSER["id"] || get_user_class() >= UC_MODERATOR ? "- [<a href=comment.php?action=edit&cid={$row['id']}>" . 'Edit' . "</a>] " : "") . (get_user_class() >= UC_VIP ? " - [<a href=report.php?type=Comment&id={$row['id']}>Report this Comment</a>]" : "") . (get_user_class() >= UC_MODERATOR ? "- [<a href=comment.php?action=delete&cid={$row['id']}>" . 'Delete' . "</a>]" : "") . ($row["editedby"] && get_user_class() >= UC_MODERATOR ? " - [<a href=comment.php?action=vieworiginal&cid={$row['id']}>" . 'View_original' . "</a>]" : "") . "</p>\n";
$resa = sql_query("SELECT owner, anonymous FROM torrents WHERE owner = {$row['user']}");
$array = mysql_fetch_assoc($resa);
if ($row['anonymous'] == 'yes' && $row['user'] == $array['owner']) {
$avatar = "/pic/default_avatar.gif";
} else {
$avatar = $CURUSER["avatars"] == "yes" ? safeChar($row["avatar"]) : "";
}
if (!$avatar) {
$avatar = "/pic/default_avatar.gif";
}
begin_table(true);
echo "<tr valign=top>\n";
echo "<td align=center width=100 style='padding: 0px'><img width=100 src={$avatar}><br />" . get_reputation($row, 'comments') . "</td>\n";
echo "<td class=text>" . format_comment($row["text"]) . "</td>\n";
echo "</tr>\n";
end_table();
}
end_frame();
end_main_frame();
}
echo "</tr></table><br />";
mysql_free_result($res1);
unset($arr1);
}
// ////////////////////////////////////////
// /////////////Birthday cache///////////////////////////////////
$file2 = "{$CACHE}/birthday.txt";
$expire = 21600;
// 6 hours
if (file_exists($file2) && filemtime($file2) > time() - $expire) {
$res3 = unserialize(file_get_contents($file2));
} else {
$today = date("'%'-m-d");
$current_date = getdate();
list($year1, $month1, $day1) = split('-', $currentdate);
$res1 = sql_query("SELECT id, username, birthday, class, gender, bohp, donor FROM users WHERE MONTH(birthday) = '" . unsafeChar($current_date['mon']) . "' AND DAYOFMONTH(birthday) = '" . unsafeChar($current_date['mday']) . "' ORDER BY class DESC ") or sqlerr(__FILE__, __LINE__);
while ($res2 = mysql_fetch_array($res1)) {
$res3[] = $res2;
}
$OUTPUT = serialize($res3);
$fp = fopen($file2, "w");
fputs($fp, $OUTPUT);
fclose($fp);
}
// end else
$birthdayusers = '';
if (is_array($res3)) {
foreach ($res3 as $arr) {
$birthday = date($arr["birthday"]);
if ($birthdayusers) {
$birthdayusers .= ",\n";
<?php
require "include/bittorrent.php";
require_once "include/user_functions.php";
require_once "include/bbcode_functions.php";
dbconn();
maxcoder();
if (!logged_in()) {
header("HTTP/1.0 404 Not Found");
// moddifed logginorreturn by retro//Remember to change the following line to match your server
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
stdhead("Reset Shoutbox");
if (get_user_class() < UC_SYSOP) {
print "Access Denied!";
exit;
}
if (isset($_GET['yes']) && $_GET['yes'] == 1) {
sql_query("DELETE FROM shoutbox") or sqlerr(__FILE__, __LINE__);
sql_query("INSERT INTO shoutbox (userid, username, date, text) VALUES(2, 'System', UNIX_TIMESTAMP(NOW()), '" . unsafeChar($SITENAME) . ")");
echo "Threads in Shoutbox have been erased!";
} else {
echo "Are you sure to empty the shoutbox? <a href='resetshoutbox.php?yes=1'>yes</a>";
}
stdfoot();
