require_once "../../version.php"; require_once "../bta_funcs.php"; /* * Get the client's IP address. Used for verifying access. */ $ip = str_replace("::ffff:", "", $_SERVER["REMOTE_ADDR"]); /* * Check to make sure person is logged in, and that the session * is actually theirs. */ if (!admIsLoggedIn($ip)) { admShowError("You can't access this page directly.", "You don't appear to be logged in. Use admin/index.php to login to the administrative interface.", $adm_pageerr_title); exit; } if (!($_SESSION["admin_perms"]["retiredmgmt"] || $_SESSION["admin_perms"]["root"])) { admShowMsg("You don't have permission to view this page.", "Permissions have been set to deny you access to this page.", $adm_pageerr_title); exit; } ?> <HTML> <HEAD> <META NAME="Author" CONTENT="danomac"> <LINK REL="stylesheet" HREF="../admin.css" TYPE="text/css" TITLE="Default"> <?php echo "<TITLE>Retired torrent help - {$phpbttracker_id} {$phpbttracker_ver}</TITLE>\r\n"; ?> </HEAD> <BODY CLASS="help"> <P CLASS="help_title"><?php echo "{$phpbttracker_id} {$phpbttracker_ver} - Retired torrent help"; ?>
foreach ($_SESSION["udeletelist"] as $key => $value) { @mysql_query("DELETE FROM adminusers WHERE username=\"" . $_SESSION["udeletelist"][$key]["username"] . "\""); } /* * Destroy the variable */ unset($_SESSION["udeletelist"]); } admShowMsg("Changes applied.", "Redirecting to user administration page.", "Redirecting", true, "bta_usermgmt.php", 3); exit; } /* * Check to make sure something was actually selected. */ if (!isset($_POST["uprocess"])) { admShowMsg("Nothing selected.", "Redirecting to user administration page.", "Redirecting", true, "bta_usermgmt.php", 3); exit; } else { $processlist = $_POST["uprocess"]; } /* * Connect to the database */ if ($GLOBALS["persist"]) { $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>"); } else { $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>"); } mysql_select_db($database) or sqlErr(mysql_error()); if (isset($processlist)) { foreach ($processlist as $username => $status) {
* Group administration is not enabled, terminate */ admShowError("Invalid username/password", "Check your username and password and try again.", $adm_pageerr_title); exit; } } else { /* * The username entered matches the "root" password * Check to see if the hashes match for the password */ if (hmac_md5($_POST["id"], md5($admin_pass)) != $_POST["passmd5"]) { admShowError("Invalid username/password", "Check your username and password and try again.", $adm_pageerr_title); exit; } /* * Okay the root password matches, now set the permission variable */ $_SESSION["admin_perms"]["root"] = true; } } else { admShowError("There was a problem processing your request", "It appears you are trying to steal a session. Shame on you!", $adm_pageerr_title); } } /* * Wow. All the tests pass. There should be a variable set in _SESSION now to verify * that the login was successful. Also, we can now redirect to the "main" administration panel. */ $_SESSION['refering_page'] = ""; $_SESSION['authenticated'] = true; admShowMsg("Authenticated.", "Redirecting to the main administration panel.", $adm_page_title, true, "bta_main.php");
*/ $ip = str_replace("::ffff:", "", $_SERVER["REMOTE_ADDR"]); /* * Check to make sure person is logged in, and that the session * is actually theirs. */ if (!admIsLoggedIn($ip)) { admShowError("You can't access this page directly.", "You don't appear to be logged in. Use admin/index.php to login to the administrative interface.", $adm_pageerr_title); exit; } /* * Group admin: are they actually allowed to view this page? * If not, redirect them back to main */ if (!($_SESSION["admin_perms"]["advsort"] || $_SESSION["admin_perms"]["root"])) { admShowMsg("You don't have permission to view this page.", "Redirecting to the main administration panel.", $adm_page_title, true, "bta_main.php", 3); } ?> <HTML> <HEAD> <META NAME="Author" CONTENT="danomac"> <LINK REL="stylesheet" HREF="../admin.css" TYPE="text/css" TITLE="Default"> <?php echo "<TITLE>Move group help - {$phpbttracker_id} {$phpbttracker_ver}</TITLE>\r\n"; ?> </HEAD> <BODY CLASS="help"> <P CLASS="help_title"><?php echo "{$phpbttracker_id} {$phpbttracker_ver} - Move torrent group help"; ?> </P>
* Destroy the variable */ unset($_SESSION["rdeletelist"]); } if (isset($_SESSION["retiredadmin"])) { admShowMsg("Changes applied.", "Redirecting to retired torrents administration page.", "Redirecting", true, "bta_retired.php", 3); } else { admShowMsg("Changes applied.", "Redirecting to main administration page.", "Redirecting", true, "bta_main.php", 3); } exit; } /* * Check to make sure something was actually selected. */ if (!isset($_POST["process"])) { admShowMsg("Nothing selected.", "Redirecting to main administration page.", "Redirecting", true, "bta_main.php", 3); exit; } else { $processlist = $_POST["process"]; } /* * Connect to the database */ if ($GLOBALS["persist"]) { $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>"); } else { $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>"); } mysql_select_db($database) or sqlErr(mysql_error()); foreach ($processlist as $hash => $action) { /*
$_SESSION['refering_page'] = $_SERVER['PHP_SELF']; } /* * If the admin username and password are not set, terminate */ if (!isset($admin_user) || !isset($admin_pass) || strlen($admin_user) == 0 || strlen($admin_pass) == 0) { admShowError("Administration root username and/or password not set", "The administration system will not function until you set these in the configuration.", $adm_pageerr_title); exit; } /* * Check to see if this session is logged on already, if it is, go to the main page */ if (isset($_SESSION['authenticated'])) { if ($_SESSION['authenticated']) { $_SESSION['refering_page'] = ""; admShowMsg("You are logged in already.", "Redirecting to the main administration panel.", $adm_page_title, true, "bta_main.php", 3); } } /* * Output the HEAD tags needed. */ echo "<HTML>\r\n<HEAD>\r\n<META NAME=\"Author\" CONTENT=\"danomac\">\r\n"; echo "<LINK REL=\"stylesheet\" HREF=\"admin.css\" TYPE=\"text/css\" TITLE=\"Default\">\r\n"; echo "<TITLE>" . $phpbttracker_id . " " . $phpbttracker_ver . " Administration Login</TITLE>\r\n</HEAD>\r\n\r\n<BODY>\r\n"; /* * Connect to the database */ if ($GLOBALS["persist"]) { $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>"); } else { $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>");
} /* * Check to make sure something was actually selected. */ if (!isset($_POST["process"])) { admShowMsg("Nothing selected.", "Redirecting to peer details administration page.", "Redirecting", true, "bta_peers.php", 3); exit; } else { $processlist = $_POST["process"]; } /* * Let's get the hash table in question from the session variable * previous form. */ if (!isset($_SESSION["info_hash"])) { admShowMsg("There was an error (-1).", "Redirecting to peer details administration page.", "Redirecting", true, "bta_peers.php", 3); exit; } else { $hash = $_SESSION["info_hash"]; } /* * Connect to the database */ if ($GLOBALS["persist"]) { $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>"); } else { $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>"); } mysql_select_db($database) or sqlErr(mysql_error()); foreach ($processlist as $peerid => $action) { /*
/* * Check to see if an external torrent needs to be reverted. */ if (isset($_POST["ext_off"])) { if (strcmp($_POST["ext_off"], "enabled") == 0) { /* * Yes, let's reverse it */ quickQuery("UPDATE `summary` SET `external_torrent`=\"N\" WHERE `info_hash`=\"{$hash}\""); quickQuery("DELETE FROM `trk_ext` WHERE `info_hash`=\"{$hash}\""); } } /* * Display the status to the user (always success). */ admShowMsg("Changes applied.", "Returning to the main administration page.", "Redirecting", true, "bta_main.php", 2); } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML> <HEAD> <META NAME="Author" CONTENT="danomac"> <LINK REL="stylesheet" HREF="admin.css" TYPE="text/css" TITLE="Default"> <?php /* * Set the page title. */ echo "<TITLE>" . $adm_page_title . " - Edit torrent</TITLE>\r\n"; ?> </HEAD>
$requestedaction = $_GET['action']; } else { $redirURL = "bta_main.php"; $redirDelay = 5; $redirMSG = "Invalid parameter."; $redirDetail = "No action specified."; $redirError = true; } /* * Get the info has needed, and put it in a session variable, if there were no previous errors * If there is no hash specified it is a soft error and a redirect should be taken back to the main page. */ if (!$redirError) { if (isset($_GET['info_hash'])) { if (strpos($_GET["info_hash"], " ") !== false || strlen($_GET["info_hash"]) != 40) { admShowMsg("Invalid hash parameter", "An invalid hash value was passed.", "Invalid hash value", true, "bta_main.php", 5); exit; } $_SESSION['info_hash'] = $_GET['info_hash']; } else { $redirDelay = 5; $redirError = true; $redirMSG = "Invalid parameter."; $redirDetail = "Info hash not specified."; $redirURL = "bta_main.php"; } } /* * This switch statment checks the requested action and sets up redirects. * If the action isn't valid, it's considered a "soft" error and a redirect goes to the main page. * Only parse the action variable if an error was not discovered earlier.
* Now that it's moved, set the URL to that new file name, and set the * flag to true, so it isn't accidentally overwritten later. * Also change the % to %25 for URL encoding when uploading... */ $copyFilename = ereg_replace("%", "%25", $copyFilename); $url = "http://" . $_SERVER["HTTP_HOST"] . "/" . $GLOBALS["torrent_folder"] . "/" . $copyFilename; $copiedTorrent = true; } /* * If only copying the torrent redirect back to the main page here... */ if (isset($_POST["copytorrentonly"]) && strcmp($_POST["copytorrentonly"], "enabled") == 0) { /* * Display the status to the user */ admShowMsg("Changes applied.", "Torrent uploaded successfully - Returning to the main administration page.", "Redirecting", true, "bta_main.php", 2); } } } } } } } else { $statusMsg = "Torrent size is too large."; $addError = true; } } else { $statusMsg = "Torrents CANNOT contain a HTML Anchor character (#), a control character (^), or a semicolon (;) in the filename."; $addError = true; } } else {
} /* * Okay, they are seperated, now sort the 3 lists, * and put them in a session variable for later use. * First, unset the session variables, in case the screen has been * used previously in the same session. */ unset($_SESSION['grouplist'], $_SESSION['ungrouplist']); if (count($grouplist) > 0) { $_SESSION['grouplist'] = array_sort($grouplist, "name"); } if (count($ungrouplist) > 0) { $_SESSION['ungrouplist'] = array_sort($ungrouplist, "name"); } if (count($grouplist) == 0 && count($ungrouplist) == 0) { admShowMsg("Update complete", "Redirecting to advanced sorting page.", "Redirecting", true, "bta_advsort.php", 3); } } } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML> <HEAD> <META NAME="Author" CONTENT="danomac"> <LINK REL="stylesheet" HREF="admin.css" TYPE="text/css" TITLE="Default"> <?php /* * Set the page title. */ echo "<TITLE>" . $adm_page_title . " - Confirm selections</TITLE>\r\n";
} else { @mysql_query("INSERT INTO ipbans (ip, iplong, bandate, reason, autoban) \r\n\t\t\t\t\t\t\t\t\tVALUES (\"" . $_SESSION["addban"]["ip"] . "\", \r\n\t\t\t\t\t\t\t\t\t\t{$iplong}, \r\n\t\t\t\t\t\t\t\t\t\t\"" . $_SESSION["addban"]["date"] . "\", \r\n\t\t\t\t\t\t\t\t\t\t\"" . $_SESSION["addban"]["reason"] . "\", \r\n\t\t\t\t\t\t\t\t\t\t\"N\")"); } /* * Destroy the variable */ unset($_SESSION["addban"]); } admShowMsg("Changes applied.", "Redirecting to IP Banning administration page.", "Redirecting", true, "bta_banlist.php", 3); exit; } /* * Check to make sure something was actually selected. */ if (!isset($_POST["process"]) && !isset($_POST["addbanip"])) { admShowMsg("Nothing to do.", "Redirecting to IP Banning administration page.", "Redirecting", true, "bta_banlist.php", 3); exit; } else { $processlist = $_POST["process"]; } /* * Connect to the database */ if ($GLOBALS["persist"]) { $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>"); } else { $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>"); } mysql_select_db($database) or sqlErr(mysql_error()); if (isset($processlist)) { foreach ($processlist as $ban_id => $action) {
session_save_path($GLOBALS["webserver_farm_session_path"]); } } session_start(); header("Cache-control: private"); /* * There are some variables defined in this script that are needed, such as the * phpbttracker version strings. */ require_once "bta_funcs.php"; /* * Let's try to stay HTML 4.01 compliant. */ echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\r\n"; /* * Let's see if the bta_login.php page was used by checking to see if there * is a session variable set with the page referrer. * If yes, then destroy the session and log out. */ if (!isset($_SESSION['authenticated'])) { admShowError("You are not logged in.", "Common sense states that before you attempt to log out, you should be logged in to the interface first!", $adm_pageerr_title); } else { //okay, destroy the session. admKillSession(); //ensure the session was destroyed, and display a message if (!isset($_SESSION['authenticated'])) { admShowMsg("You are now logged off.", "You will need to logon again to use the Administrative interface.", $adm_page_title . " - Logout"); } else { admShowError("ERROR: You are not logged off.", "Could not logoff for an unknown reason.", $adm_pageerr_title); } }
*/ if ($GLOBALS["persist"]) { $db = @mysql_pconnect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>"); } else { $db = @mysql_connect($dbhost, $dbuser, $dbpass) or die("<HTML><BODY><FONT COLOR=\"red\">Couldn't connect to database. Incorrect username/password?</FONT></BODY></HTML>"); } mysql_select_db($database) or die("Can't open the database."); /* * Get information about the torrent itself to display (name, and file size) */ $recordset = mysql_query("SELECT info_hash, \r\n\t\t\t\t\tfilename, \r\n\t\t\t\t\tsize FROM namemap WHERE info_hash=\"{$hash}\"") or showError("Database error. Cannot complete request."); /* * If nothing returned, it's an error... so stop processing */ if (mysql_num_rows($recordset) == 0) { admShowMsg("No hash value", "Either no hash value was passed, or an invalid value was passed.", "Invalid hash value"); exit; } $row = mysql_fetch_row($recordset); /* * Save needed information to variables */ $filename = $row[1]; $filesize = $row[2]; /* * Get the seeder stats */ $recordset = mysql_query("SELECT peer_id, \r\n\t\t\t\t\t\tip, \r\n\t\t\t\t\t\tport, \r\n\t\t\t\t\t\tuploaded,\r\n\t\t\t\t\t\tclientversion,\r\n\t\t\t\t\t\tbytes,\r\n\t\t\t\t\t\tlastupdate FROM x{$hash} WHERE status = \"seeder\" ORDER BY {$order}") or showError("Database error. Cannot complete request."); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
*/ if (!($_SESSION["admin_perms"]["advsort"] || $_SESSION["admin_perms"]["root"])) { admShowMsg("You don't have permission to view this page.", "Permissions have been set to deny you access to this page.", $adm_pageerr_title); exit; } /* * Root user check - they can't be viewing all groups! */ if ($_SESSION["admin_perms"]["root"] && !isset($_SESSION["root_last_cat"])) { /* * Boot the root user back to main to select a subcategory. */ admShowMsg("Root user error", "You have to choose a category on the main page before attempting to sort it.", "Root user error", true, "bta_main.php", 5); } if ($GLOBALS["dynamic_torrents"]) { admShowMsg("Administration error", "You cannot use the dynamic torrents setting with advanced sorting.", "Dynamic Torrent Setting error", true, "bta_main.php", 5); } /* * Get the requested category if there is one. * If a group is logged in, ignore requests and force them * to view their torrents only... */ if (!isset($_SESSION["admin_perms"]["category"])) { /* * Root user, check for selected category is above */ $defaultcategory = $_SESSION["root_last_cat"]; $where = " WHERE namemap.category = \"" . $_SESSION["root_last_cat"] . "\""; } else { /* * Okay, force them to view only their torrents...
$hrefCategory = "?category={$defaultcategory}"; } } else { /* * Show only the indicated category */ $where = " WHERE category = \"" . $_SESSION["admin_perms"]["category"] . "\""; $hrefCategory = "?category=" . $_SESSION["admin_perms"]["category"]; } /* * Get the sort direction from the URL, if one exists. * If not specified, assume ascending order. */ if (isset($_GET["sort"])) { if (strpos($_GET["sort"], " ") !== false) { admShowMsg("Invalid sort parameter", "An invalid sort value was passed.", "Invalid sort request", true, "bta_retired.php", 5); } $requestedsort = $_GET["sort"]; switch ($requestedsort) { case "ascending": $sortorder = " "; $sortascending = true; break; case "descending": $sortorder = " DESC "; $sortascending = false; break; default: $sortorder = " "; $sortascending = true; }
$username = $_GET["username"]; /* * Let's put the username in a session variable. This way, the script * can allow for corrections if a user makes a mistake, and if the * username is changed, there is no screwups... */ $_SESSION["editing_user"] = $username; /* * Grab info needed */ $recordset = mysql_query("SELECT username,\r\n\t\t\t\t\t\tpassword,\r\n\t\t\t\t\t\tcategory,\r\n\t\t\t\t\t\tcomment,\r\n\t\t\t\t\t\tperm_add,\r\n\t\t\t\t\t\tperm_addext,\r\n\t\t\t\t\t\tperm_edit,\r\n\t\t\t\t\t\tperm_delete,\r\n\t\t\t\t\t\tperm_retire,\r\n\t\t\t\t\t\tperm_unhide,\r\n\t\t\t\t\t\tperm_peers,\r\n\t\t\t\t\t\tperm_viewconf,\r\n\t\t\t\t\t\tperm_retiredmgmt,\r\n\t\t\t\t\t\tperm_ipban,\r\n\t\t\t\t\t\tperm_usermgmt,\r\n\t\t\t\t\t\tperm_mirror,\r\n\t\t\t\t\t\tenabled,\r\n\t\t\t\t\t\tdisable_reason,\r\n\t\t\t\t\t\tperm_advsort FROM adminusers WHERE username = \"{$username}\""); /* * Make sure there was a record returned. If no record, hash must be invalid. */ if (mysql_num_rows($recordset) == 0) { admShowMsg("Invalid username specified.", "Invalid username specified.", "Error", true, "bta_usermgmt.php", 5); exit; } else { /* * There is data; retrieve it */ $row = mysql_fetch_row($recordset); } } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML> <HEAD> <META NAME="Author" CONTENT="danomac"> <LINK REL="stylesheet" HREF="admin.css" TYPE="text/css" TITLE="Default">