} else { if ($search != '') { $addparam .= $search . "&"; } else { $addparam .= ''; } } $torrentperpage = user::$current["torrentsperpage"]; if ($torrentperpage == 0) { $torrentperpage = $ntorrents == 0 ? 15 : $ntorrents; } // Fixed possible SQL injection (thanks to jeremie78) $accepted_orders = array('speed', 'dwned', 'finished', 'leechers', 'seeds', 'size', 'data', 'filename', 'cname'); $order = isset($_GET['order']) && in_array($_GET['order'], $accepted_orders) ? $db->real_escape_string($_GET['order']) : 'data'; $by = isset($_GET["by"]) && $db->real_escape_string($_GET["by"]) == 'ASC' ? 'ASC' : 'DESC'; list($pagertop, $limit) = misc::pager($torrentperpage, $count, $scriptname . "?" . $addparam . (utf8::strlen($addparam) > 0 ? "&" : "") . "order=" . $order . "&by=" . $by . "&"); if ($SHOW_UPLOADER) { $query = "SELECT summary.info_hash AS hash, summary.seeds, summary.leechers, summary.finished AS finished, summary.dlbytes AS dwned, namemap.filename, namemap.url, namemap.info, namemap.anonymous, summary.speed, UNIX_TIMESTAMP( namemap.data ) AS added, categories.image, categories.name AS cname, namemap.category AS catid, namemap.size, namemap.external, namemap.uploader AS upname, users.username AS uploader, prefixcolor, suffixcolor FROM summary LEFT JOIN namemap ON summary.info_hash = namemap.info_hash LEFT JOIN categories ON categories.id = namemap.category LEFT JOIN users ON users.id = namemap.uploader LEFT JOIN users_level ON users.id_level=users_level.id " . $where . " ORDER BY " . $order . " " . $by . " " . $limit; } else { $query = "SELECT summary.info_hash AS hash, summary.seeds, summary.leechers, summary.finished AS finished, summary.dlbytes AS dwned, namemap.filename, namemap.url, namemap.info, summary.speed, UNIX_TIMESTAMP( namemap.data ) AS added, categories.image, categories.name AS cname, namemap.category AS catid, namemap.size, namemap.external, namemap.uploader FROM summary LEFT JOIN namemap ON summary.info_hash = namemap.info_hash LEFT JOIN categories ON categories.id = namemap.category " . $where . " ORDER BY " . $order . " " . $by . " " . $limit; } $results = $db->query($query) or err_msg(ERROR, CANT_DO_QUERY . "<br />" . $query); } $i = 0; if ($by == "ASC") { $mark = " ↑"; } else { $mark = " ↓"; } ?> </tr>
* Copyright (C) 2004-2015 Btiteam.org */ if (!user::$current || user::$current["admin_access"] != "yes") { err_msg(ERROR, NOT_ADMIN_CP_ACCESS); stdfoot(); exit; } else { $delete_timeout = vars::$timestamp - 60 * 60 * 24 * 7; // delete log older then 7 days $db->query("DELETE FROM logs WHERE added < " . $delete_timeout); block_begin("Site Log"); $logres = $db->query("SELECT COUNT(*) FROM logs ORDER BY added DESC"); $lognum = $logres->fetch_row(); $num = (int) $lognum[0]; $perpage = max(0, user::$current["postsperpage"]) > 0 ? user::$current["postsperpage"] : 20; list($pagertop, $limit) = misc::pager($perpage, $num, "admincp.php?user="******"uid"] . "&code=" . user::$current["random"] . "&do=logview&"); print $pagertop; print "\n<table class='lista' width='100%' align='center'><tr>"; print "\n<td class='header'>" . DATE . "</td>"; print "\n<td class='header'>" . USER_NAME . "</td>"; print "\n<td class='header'>" . ACTION . "</td>\n</tr>"; $logres = $db->query("SELECT * FROM logs ORDER BY added DESC " . $limit); if ($logres) { while ($logview = $logres->fetch_array(MYSQLI_BOTH)) { if ($logview["type"] == "delete") { $bgcolor = "style='background-color:#FF95AC; color:#000000;'"; } elseif ($logview["type"] == "add") { $bgcolor = "style='background-color:#C1FF83; color:#000000;'"; } elseif ($logview["type"] == "modify") { $bgcolor = "style='background-color:#DEDEDE; color:#000000;'"; } else {
// Only show if forum is internal if ($GLOBALS["FORUMLINK"] == '' || $GLOBALS["FORUMLINK"] == 'internal') { $sql = $db->query("SELECT * FROM posts INNER JOIN users ON posts.userid = users.id WHERE users.id = " . user::$current["uid"]); $posts = $sql->num_rows; $memberdays = max(1, round((vars::$timestamp - $row['joined']) / 86400)); $posts_per_day = number_format(round($posts / $memberdays, 2), 2); print "<tr>\n<td class='header'>" . FORUM . " " . POSTS . ":</td>\n<td class='lista' colspan='2'>" . $posts . " [" . sprintf(POSTS_PER_DAY, $posts_per_day) . "]</td></tr>\n"; } print "</table>"; block_end(); // ------------------------ block_begin(UPLOADED . " " . MNU_TORRENT); $resuploaded = $db->query("SELECT namemap.filename, UNIX_TIMESTAMP(namemap.data) AS added, namemap.size, summary.seeds, summary.leechers, summary.finished FROM namemap INNER JOIN summary ON namemap.info_hash = summary.info_hash WHERE uploader = " . $uid . " ORDER BY data DESC"); $numtorrent = $resuploaded->num_rows; if ($numtorrent > 0) { list($pagertop, $limit) = misc::pager($utorrents == 0 ? 15 : $utorrents, $numtorrent, $_SERVER["PHP_SELF"] . "?uid=" . $uid . "&"); print $pagertop; $resuploaded = $db->query("SELECT namemap.filename, UNIX_TIMESTAMP(namemap.data) AS added, namemap.size, summary.seeds, summary.leechers, summary.finished, summary.info_hash AS hash FROM namemap INNER JOIN summary ON namemap.info_hash = summary.info_hash WHERE uploader = " . $uid . " ORDER BY data DESC " . $limit); } ?> <table width='100%' class='lista'> <!-- Column Headers --> <tr> <td align='center' class='header'><?php echo FILE; ?> </td> <td align='center' class='header'><?php echo ADDED; ?> </td>
?> </td> <td align='center' class='header'><?php echo RATIO; ?> </td> <td align='center' class='header'>S</td> <td align='center' class='header'>L</td> <td align='center' class='header'>C</TD> </tr> <?php $anq->free(); $anq = $db->query("SELECT history.uid FROM history INNER JOIN namemap ON history.infohash = namemap.info_hash WHERE history.uid = " . $id . " AND history.date IS NOT NULL ORDER BY date DESC"); if ($anq->num_rows > 0) { list($pagertop, $limit) = misc::pager($utorrents == 0 ? 15 : $utorrents, $anq->num_rows, security::esc_url($_SERVER["PHP_SELF"]) . "?id=" . $id . "&", array("pagename" => "historypage")); $anq = $db->query("SELECT namemap.filename, namemap.size, namemap.info_hash, history.active, history.agent, history.downloaded, history.uploaded, summary.seeds, summary.leechers, summary.finished\n FROM history INNER JOIN namemap ON history.infohash = namemap.info_hash INNER JOIN summary ON summary.info_hash = namemap.info_hash WHERE history.uid = " . $id . " AND history.date IS NOT NULL ORDER BY date DESC " . $limit); print "<div align='center'>" . $pagertop . "</div>"; while ($torlist = $anq->fetch_object()) { print "\n<tr>\n<td class='lista'><a href='details.php?id=" . $torlist->info_hash . "'>" . security::html_safe(unesc($torlist->filename)) . "</td>"; print "\n<td class='lista' align='center'>" . misc::makesize((int) $torlist->size) . "</td>"; print "\n<td class='lista' align='center'>" . security::html_safe($torlist->agent) . "</td>"; print "\n<td align='center' class='lista'>" . ($torlist->active == 'yes' ? ACTIVATED : 'Stopped') . "</td>"; print "\n<td align='center' class='lista'>" . misc::makesize((double) $torlist->downloaded) . "</td>"; print "\n<td align='center' class='lista'>" . misc::makesize((double) $torlist->uploaded) . "</td>"; if ($torlist->downloaded > 0) { $peerratio = number_format((double) $torlist->uploaded / (double) $torlist->downloaded, 2); } else { $peerratio = "∞"; } print "\n<td align='center' class='lista'>" . unesc($peerratio) . "</td>";
function print_users() { global $db, $STYLEPATH, $CURRENTPATH; if (!isset($_GET["searchtext"])) { $_GET["searchtext"] = ""; } if (!isset($_GET["level"])) { $_GET["level"] = ""; } $search = security::html_safe($_GET["searchtext"]); $addparams = ""; if ($search != "") { $where = " AND users.username LIKE '%" . security::html_safe($db->real_escape_string($_GET["searchtext"])) . "%'"; $addparams = "searchtext=" . $search; } else { $where = ""; } $level = intval(0 + $_GET["level"]); if ($level > 0) { $where .= " AND users.id_level = " . $level; if ($addparams != "") { $addparams .= "&level=" . $level; } else { $addparams = "level=" . $level; } } $order_param = 3; // getting order if (isset($_GET["order"])) { $order_param = (int) $_GET["order"]; switch ($order_param) { case 1: $order = "username"; break; case 2: $order = "level"; break; case 3: $order = "joined"; break; case 4: $order = "lastconnect"; break; case 5: $order = "flag"; break; case 6: $order = "ratio"; break; default: $order = "joined"; } } else { $order = "joined"; } if (isset($_GET["by"])) { $by_param = (int) $_GET["by"]; $by = $by_param == 1 ? "ASC" : "DESC"; } else { $by = "ASC"; } if ($addparams != "") { $addparams .= "&"; } $scriptname = security::html_safe($_SERVER["PHP_SELF"]); $res = $db->query("SELECT COUNT(*) FROM users INNER JOIN users_level ON users.id_level = users_level.id WHERE users.id > 1 " . $where); $row = $res->fetch_row(); $count = (int) $row[0]; list($pagertop, $limit) = misc::pager(20, $count, "users.php?" . $addparams . "order=" . $order_param . "&by=" . $by_param . "&"); if ($by == "ASC") { $mark = " ↑"; } else { $mark = " ↓"; } ?> <div align='center'> <form action='users.php' name='ricerca' method='get'> <table border='0' class='lista'> <tr> <td class='block'><?php echo FIND_USER; ?> </td> <td class='block'><?php echo USER_LEVEL; ?> </td> <td class='block'> </td> </tr> <tr> <td><input type='text' name='searchtext' size='30' maxlength='50' value='<?php echo $search; ?> ' /></td> <?php print "<td><select name='level'>"; print "<option value='0'" . ($level == 0 ? " selected='selected' " : "") . ">" . ALL . "</option>"; $res = $db->query("SELECT id, level FROM users_level WHERE id_level > 1 ORDER BY id_level"); while ($row = $res->fetch_array(MYSQLI_BOTH)) { $select = "<option value='" . (int) $row["id"] . "'"; if ($level == $row["id"]) { $select .= "selected='selected'"; } $select .= ">" . security::html_safe($row["level"]) . "</option>\n"; print $select; } print "</select></td>"; ?> </td> <td><input type='submit' value='<?php echo SEARCH; ?> ' /></td> </tr> </table> </form> <?php print $pagertop; ?> <table class='lista' width='95%'> <tr> <td class='header' align='center'> <?php echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=1&by=" . ($order == "username" && $by == "ASC" ? "2" : "1") . "'>" . USER_NAME . "</a>" . ($order == "username" ? $mark : ""); ?> </td> <td class='header' align='center'> <?php echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=2&by=" . ($order == "level" && $by == "ASC" ? "2" : "1") . "'>" . USER_LEVEL . "</a>" . ($order == "level" ? $mark : ""); ?> </td> <td class='header' align='center'> <?php echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=3&by=" . ($order == "joined" && $by == "ASC" ? "2" : "1") . "'>" . USER_JOINED . "</a>" . ($order == "joined" ? $mark : ""); ?> </td> <td class='header' align='center'> <?php echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=4&by=" . ($order == "lastconnect" && $by == "ASC" ? "2" : "1") . "'>" . USER_LASTACCESS . "</a>" . ($order == "lastconnect" ? $mark : ""); ?> </td> <td class='header' align='center'> <?php echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=5&by=" . ($order == "flag" && $by == "ASC" ? "2" : "1") . "'>" . PEER_COUNTRY . "</a>" . ($order == "flag" ? $mark : ""); ?> </td> <td class='header' align='center'> <?php echo "<a href='" . $scriptname . "?" . $addparams . "" . "order=6&by=" . ($order == "ratio" && $by == "ASC" ? "2" : "1") . "'>" . RATIO . "</a>" . ($order == "ratio" ? $mark : ""); ?> </td> <?php if (user::$current["uid"] > 1) { ?> <td class='header' align='center'><?php echo PM; ?> </td> <?php } if (user::$current["edit_users"] == "yes") { print "<td class='header' align='center'>" . EDIT . "</td>"; } if (user::$current["delete_users"] == "yes") { print "<td class='header' align='center'>" . DELETE . "</td>"; } else { print "</tr>"; } $query = "SELECT prefixcolor, suffixcolor, users.id, downloaded, uploaded, IF(downloaded > 0, uploaded / downloaded, 0) AS ratio, username, level, UNIX_TIMESTAMP(joined) AS joined, UNIX_TIMESTAMP(lastconnect) AS lastconnect, flag, flagpic, name \n\t FROM users INNER JOIN users_level ON users.id_level = users_level.id LEFT JOIN countries ON users.flag = countries.id \n\t\tWHERE users.id > 1 " . $where . " ORDER BY " . $order . " " . $by . " " . $limit; $rusers = $db->query($query); if ($rusers->num_rows == 0) { print "<tr><td class='lista' colspan='9'>" . NO_USERS_FOUND . "</td></tr>"; } else { include INCL_PATH . 'offset.php'; while ($row_user = $rusers->fetch_array(MYSQLI_BOTH)) { print "<tr>\n"; print "<td class='lista'><a href='userdetails.php?id=" . (int) $row_user["id"] . "'>" . unesc($row_user["prefixcolor"]) . security::html_safe(unesc($row_user["username"])) . unesc($row_user["suffixcolor"]) . "</a></td>"; print "<td class='lista' align='center'>" . security::html_safe($row_user["level"]) . "</td>"; print "<td class='lista' align='center'>" . ($row_user["joined"] == 0 ? NOT_AVAILABLE : date("d/m/Y H:i:s", $row_user["joined"] - $offset)) . "</td>"; print "<td class='lista' align='center'>" . ($row_user["lastconnect"] == 0 ? NOT_AVAILABLE : date("d/m/Y H:i:s", $row_user["lastconnect"] - $offset)) . "</td>"; print "<td class='lista' align='center'>" . ($row_user["flag"] == 0 ? "<img src='images/flag/unknown.gif' alt='" . UNKNOWN . "' title='" . UNKNOWN . "' />" : "<img src='images/flag/" . $row_user['flagpic'] . "' alt='" . security::html_safe($row_user['name']) . "' title='" . security::html_safe($row_user['name']) . "' />") . "</td>"; //user ratio if (max(0, (int) $row_user["downloaded"]) > 0) { $ratio = number_format((double) $row_user["uploaded"] / (double) $row_user["downloaded"], 2); } else { $ratio = "∞"; } print "<td class='lista' align='center'>" . $ratio . "</td>"; if (user::$current["uid"] > 1) { print "<td class='lista' align='center'><a href='usercp.php?do=pm&action=edit&uid=" . user::$current['uid'] . "&what=new&to=" . urlencode(security::html_safe(unesc($row_user["username"]))) . "'>" . image_or_link($STYLEPATH . "/pm.png", "", "PM") . "</a></td>"; } if (user::$current["edit_users"] == "yes") { print "<td class='lista' align='center'><a href='account.php?act=mod&uid=" . (int) $row_user["id"] . "&returnto=" . urlencode("users.php") . "'>" . image_or_link($STYLEPATH . "/edit.png", "", EDIT) . "</a></td>"; } if (user::$current["delete_users"] == "yes") { print "<td class='lista' align='center'><a onclick='return confirm('" . AddSlashes(DELETE_CONFIRM) . "')' href='account.php?act=del&uid=" . (int) $row_user["id"] . "&returnto=" . urlencode("users.php") . "'>" . image_or_link($STYLEPATH . "/delete.png", "", DELETE) . "</a></td>"; } print "</tr>\n"; } } print "</table>\n</div>\n<br />"; }