<?php

require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . '../include' . DIRECTORY_SEPARATOR . 'bittorrent.php';
require_once INCL_DIR . 'user_functions.php';
dbconn(false);
loggedinorreturn();
if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
    $modes = array('torrent', 'forum');
    $htmlout = $att = '';
    if (isset($_POST['search']) && !empty($_POST['search']) && isset($_POST['qsearch']) && in_array($_POST['qsearch'], $modes)) {
        $cleansearchstr = searchfield(sqlesc($_POST['search']));
        $i = 1;
        if ($_POST['qsearch'] == 'torrent') {
            $query = sql_query("SELECT * FROM torrents WHERE name LIKE '%{$cleansearchstr}%' AND visible = 'yes' AND banned = 'no' AND nuked = 'no' ORDER BY id LIMIT 5");
            $count = $query->num_rows;
            if (!$count) {
                die('No Torrent found by that search!');
            }
            while ($res = mysqli_fetch_assoc($query)) {
                $att .= "<div class='tr'>\r\n\t\t\t\t\t\t\t\t<div class='td'>{$i}</div>\r\n\t\t\t\t\t\t\t\t<div class='td'><a href='details.php?id=" . (int) $res['id'] . "'>" . htmlsafechars($res['name']) . "</a></div>\r\n\t\t\t\t\t\t\t\t<div class='tdclear'></div>\r\n\t\t\t\t\t\t\t</div>";
                $i++;
            }
        } elseif ($_POST['qsearch'] == 'forum') {
            $query = sql_query("SELECT forum.*,topic.*,topic.id as tid FROM topics as topic INNER JOIN forums as forum ON topic.forum_id = forum.id AND forum.min_class_read >= 0 AND topic.topic_name LIKE '%{$cleansearchstr}%' ORDER BY tid DESC LIMIT 5");
            $count = $query->num_rows;
            if (!$count) {
                die('No topic found by that search!');
            }
            while ($res = mysqli_fetch_assoc($query)) {
                $att .= "<div class='tr'>\r\n\t\t\t\t\t\t\t\t<div class='td'>{$i}</div>\r\n\t\t\t\t\t\t\t\t<div class='td'><a href='details.php?id=" . (int) $res['id'] . "' class='colhead'>" . htmlsafechars($res['name']) . "</a></div>\r\n\t\t\t\t\t\t\t\t<div class='tdclear'></div>\r\n\t\t\t\t\t\t\t</div>";
                $i++;
Esempio n. 2
0
 $infohash = sha1($info["string"]);
 unset($info);
 $db = new DB("torrents");
 $db->select("torrent_save_as = '{$filename}'");
 if ($db->numRows()) {
     throw new Exception("Torrent allready exists");
 }
 $db = new DB("torrents");
 $db->setColPrefix("torrent_");
 $id = uniqid(true);
 $db->id = $id;
 $db->info_hash = $infohash;
 $db->name = $torrentName;
 $db->filename = $filename;
 $db->save_as = $filename;
 $db->search_text = searchfield("{$torrentName} {$dname}");
 $db->nfo = $nfo;
 $db->size = $totallen;
 $db->added = time();
 $db->type = $type;
 $db->userid = USER_ID;
 $db->numfiles = count($filelist);
 $db->category = $_POST['type'];
 $db->youtube = $_POST['youtube'];
 $db->imdb = $_POST['imdb'];
 $db->freeleech = isset($_POST['freeleech']) ? 1 : 0;
 $db->insert();
 $fp = fopen(PATH_TORRENTS . "{$id}.torrent", "w");
 if ($fp) {
     @fwrite($fp, Bcode::benc($dict), strlen(Bcode::benc($dict)));
     fclose($fp);
Esempio n. 3
0
        }
        if (!count($ffa)) {
            bark("filename error");
        }
        $ffe = implode("/", $ffa);
        $filelist[] = array($ffe, $ll);
    }
    $type = "multi";
}
$infohash = pack("H*", sha1($info["string"]));
unset($info);
// Replace punctuation characters with spaces
$torrent = str_replace("_", " ", $torrent);
#Morgan: Add version insert if applicable
$version_id = get_version_id_for_torrent($version_torrent_id, 0);
$ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, info_hash, name, size, numfiles, type,descr, ori_descr, category,license, save_as, added, last_action, nfo, client_created_by, version) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$shortfname} {$dname} {$torrent}"), $fname, $CURUSER["id"], "no", $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, $catid, $lic_id, $dname))) . ", " . time() . ", " . time() . ", {$nfo}, {$tmaker}, {$version_id})");
if (!$ret) {
    if (mysql_errno() == 1062) {
        bark("torrent already uploaded!");
    }
    bark("mysql puked: " . mysql_error());
}
$id = mysql_insert_id();
@mysql_query("DELETE FROM files WHERE torrent = {$id}");
function file_list($arr, $id)
{
    foreach ($arr as $v) {
        $new[] = "({$id}," . sqlesc($v[0]) . "," . $v[1] . ")";
    }
    return join(",", $new);
}
Esempio n. 4
0
} else {
    $countstats = "yes";
}
//===end
// === allow comments?
if (get_user_class() >= UC_MODERATOR && get_user_class() <= UC_CODER) {
    $allow_comments = unesc($_POST['allow_comments']);
} else {
    $allow_comments = "yes";
}
// ===end
$nfo = sqlesc(str_replace("\r\r\n", "\r\n", @file_get_contents($nfofilename)));
$smalldescr = $_POST["description"];
//$ret = sql_query("INSERT INTO torrents (search_text, filename, owner, visible, tube, multiplicator, uclass, anonymous, request, scene, info_hash, name, size, numfiles, url, poster, hidden, staffonly, countstats, half, newgenre, type, vip, allow_comments, subs, descr, ori_descr, description, category, minclass, save_as, added, last_action, nfo, afterpre) VALUES (" .implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "no", $tube, $multiplicator, $uclass, $anonymous, $request, $scene, $infohash, $torrent, $totallen, count($filelist), $url, $poster, $hidden, $staffonly, $countstats, $half, $genre, $type, $vip, $allow_comments, $subs, $descr, $descr, $smalldescr, 0 + $_POST["type"], $minclass, $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', $nfo, '" . $predif . "')");  // or sqlerr(__FILE__, __LINE__);
// == uncomment above to enable doopies pre times on browse
$ret = sql_query("INSERT INTO torrents (search_text, filename, owner, visible, tube, multiplicator, uclass, anonymous, request, scene, info_hash, name, size, numfiles, url, poster, hidden, staffonly, countstats, half, newgenre, type, vip, allow_comments, subs, descr, ori_descr, description, category, minclass, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$shortfname} {$dname} {$torrent}"), $fname, $CURUSER["id"], "no", $tube, $multiplicator, $uclass, $anonymous, $request, $scene, $infohash, $torrent, $totallen, count($filelist), $url, $poster, $hidden, $staffonly, $countstats, $half, $genre, $type, $vip, $allow_comments, $subs, $descr, $descr, $smalldescr, 0 + $_POST["type"], $minclass, $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', {$nfo})") or sqlerr(__FILE__, __LINE__);
if (!$ret) {
    if (mysql_errno() == 1062) {
        bark("torrent already uploaded!");
    }
    bark("mysql puked: " . mysql_error());
}
$id = mysql_insert_id();
if ($CURUSER["anonymous"] == 'yes') {
    $message = "New Torrent : [url={$DEFAULTBASEURL}/details.php?id={$id}] " . safeChar($torrent) . "[/url] Uploaded - Anonymous User";
} else {
    $message = "New Torrent : [url={$DEFAULTBASEURL}/details.php?id={$id}] " . safeChar($torrent) . "[/url] Uploaded by " . safechar($CURUSER["username"]) . "";
}
@sql_query("DELETE FROM files WHERE torrent = {$id}");
function file_list($arr, $id)
{
 $dict[$i]['value']['info'] = $info[$i];
 $dict[$i] = benc($dict[$i]);
 $dict[$i] = bdec($dict[$i]);
 list($ann[$i], $info[$i]) = dict_check($dict[$i], "announce(string):info");
 unset($dict['value']['created by']);
 $infohash[$i] = pack("H*", sha1($info[$i]["string"]));
 /* ...... end of Private Tracker mod */
 $torrent[$i] = str_replace("_", " ", $torrent[$i]);
 $torrent[$i] = str_replace("'", " ", $torrent[$i]);
 $torrent[$i] = str_replace("\"", " ", $torrent[$i]);
 $torrent[$i] = str_replace(",", " ", $torrent[$i]);
 $nfo[$i] = sqlesc(str_replace("\r\r\n", "\r\n", @file_get_contents($nfofilename[$i])));
 $first = $shortfname[$i][1];
 $second = $dname[$i];
 $third = $torrent[$i][1];
 $ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$first} {$second} {$third}"), $fname[$i], $CURUSER["id"], "no", $infohash[$i], $torrent[$i][1], $totallen, count($filelist[$i]), $type, $descr, $descr, $cat[$i], $dname[$i]))) . ", '" . get_date_time() . "', '" . get_date_time() . "', {$nfo[$i]})");
 // //////new torrent upload detail sent to shoutbox//////////
 if ($CURUSER["anonymous"] == 'yes') {
     $message = "[url={$BASEURL}/multidetails.php?id1={$ids['0']}&id2={$ids['1']}&id3={$ids['2']}&id4={$ids['3']}&id5={$ids['4']}]Multiple Torrents were just uploaded! Click here to see them[/url] - Anonymous User";
 } else {
     $message = "[url={$BASEURL}/multidetails.php?id1={$ids['0']}&id2={$ids['1']}&id3={$ids['2']}&id4={$ids['3']}&id5={$ids['4']}]Multiple Torrents were just uploaded! Click here to see them[/url]  Uploaded by " . safechar($CURUSER["username"]) . "";
 }
 // ///////////////////////////END///////////////////////////////////
 if (!$ret) {
     if (mysql_errno() == 1062) {
         bark("#{$i} torrent was already uploaded!");
     }
     bark("mysql puked: " . mysql_error());
 }
 $id = mysql_insert_id();
 $ids[] = $id;
Esempio n. 6
0
		if($dvdr_gott != '1')
			bark('Óleyfileg skráarnöfn í torrent skránni fyrir DVD-R flokkinn');
	}
}

$infohash = pack("H*", sha1($info["string"]));

// Replace punctuation characters with spaces

$torrent = str_replace("_", " ", $torrent);

$nfo = sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", @file_get_contents($nfofilename)));
$ret = mysql_query("INSERT INTO torrents (gamalt, scene, anonymous, search_text, filename, owner, visible, 
info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, 
nfo) 
VALUES ($gamalt, \"$scene\", $anonymous, ". implode(",", array_map("sqlesc", array(searchfield("$shortfname 
$dname $torrent"), $fname, $CURUSER["id"], "no", $infohash, $torrent, $totallen, 
count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) .", '" . 
get_date_time() . "', '" . get_date_time() . "', $nfo)");
if (!$ret) {
if (mysql_errno() == 1062)
bark("torrent hefur þegar verið innsent!");
bark("mysql gubbaði: ".mysql_error());
}
$id = mysql_insert_id();

@mysql_query("DELETE FROM files WHERE torrent = $id");
foreach ($filelist as $file) {
@mysql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")");
}

move_uploaded_file($tmpname, "$torrent_dir/$id.torrent");
Esempio n. 7
0
function search($_GET, $CURUSER)
{
    $cats = genrelist();
    if (isset($_GET["search"])) {
        $searchstr = unesc($_GET["search"]);
        $cleansearchstr = searchfield($searchstr);
        if (empty($cleansearchstr)) {
            unset($cleansearchstr);
        }
    }
    $orderby = "ORDER BY torrents.id DESC";
    $addparam = "";
    $wherea = array();
    $wherecatina = array();
    if (isset($_GET["incldead"]) && $_GET["incldead"] == 1) {
        $addparam .= "incldead=1&amp;";
        if (!isset($CURUSER) || get_user_class() < UC_ADMINISTRATOR) {
            $wherea[] = "banned != 'yes'";
        }
    } else {
        if (isset($_GET["incldead"]) && $_GET["incldead"] == 2) {
            $addparam .= "incldead=2&amp;";
            $wherea[] = "visible = 'no'";
        } else {
            $wherea[] = "visible = 'yes'";
        }
    }
    $category = isset($_GET["cat"]) ? (int) $_GET["cat"] : false;
    $license = isset($_GET["lic"]) ? (int) $_GET["lic"] : false;
    $version = isset($_GET["ver"]) ? (int) $_GET["ver"] : false;
    $user = isset($_GET["user"]) ? (int) $_GET["user"] : false;
    $all = isset($_GET["all"]) ? $_GET["all"] : false;
    $page_limit = isset($_GET["page_limit"]) ? $_GET["page_limit"] : false;
    if (!$all) {
        if (!$_GET && $CURUSER["notifs"]) {
            $all = True;
            foreach ($cats as $cat) {
                $all &= $cat['id'];
                if (strpos($CURUSER["notifs"], "[cat" . $cat['id'] . "]") !== False) {
                    $wherecatina[] = $cat['id'];
                    $addparam .= "c{$cat['id']}=1&amp;";
                }
            }
        } elseif ($category) {
            if (!is_valid_id($category)) {
                stderr("Error", "Invalid category ID.");
            }
            $wherecatina[] = $category;
            $addparam .= "cat={$category}&amp;";
        } else {
            $all = True;
            foreach ($cats as $cat) {
                $all &= isset($_GET["c{$cat['id']}"]);
                if (isset($_GET["c{$cat['id']}"])) {
                    $wherecatina[] = $cat['id'];
                    $addparam .= "c{$cat['id']}=1&amp;";
                }
            }
        }
    }
    if ($all) {
        $wherecatina = array();
        $addparam = "";
    }
    if (count($wherecatina) > 1) {
        $wherecatin = implode(",", $wherecatina);
    } elseif (count($wherecatina) == 1) {
        $wherea[] = "category = {$wherecatina['0']}";
    }
    if ($license > 0) {
        $wherea[] = "license = {$license}";
    }
    if ($user > 0) {
        $wherea[] = "owner = {$user}";
    }
    if ($version > 0) {
        $wherea[] = "version = {$version}";
    }
    $wherebase = $wherea;
    if (isset($cleansearchstr)) {
        $wherea[] = "MATCH (search_text, ori_descr) AGAINST (" . sqlesc($searchstr) . ")";
        //$wherea[] = "0";
        $addparam .= "search=" . urlencode($searchstr) . "&amp;";
        $orderby = "";
        /////////////// SEARCH CLOUD MALARKY //////////////////////
        $searchcloud = sqlesc($cleansearchstr);
        // $r = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM searchcloud WHERE searchedfor = $searchcloud"), MYSQL_NUM);
        //$a = $r[0];
        //if ($a)
        // mysql_query("UPDATE searchcloud SET howmuch = howmuch + 1 WHERE searchedfor = $searchcloud");
        //else
        // mysql_query("INSERT INTO searchcloud (searchedfor, howmuch) VALUES ($searchcloud, 1)");
        mysql_query("INSERT INTO searchcloud (searchedfor, howmuch) VALUES ({$searchcloud}, 1)\n                ON DUPLICATE KEY UPDATE howmuch=howmuch+1");
        /////////////// SEARCH CLOUD MALARKY END ///////////////////
    }
    $where = implode(" AND ", $wherea);
    if (isset($wherecatin)) {
        $where .= ($where ? " AND " : "") . "category IN(" . $wherecatin . ")";
    }
    if ($where != "") {
        $where = "WHERE {$where}";
    }
    $res = mysql_query("SELECT COUNT(*) FROM torrents {$where}") or die(mysql_error());
    $row = mysql_fetch_array($res, MYSQL_NUM);
    $count = $row[0];
    if (!$count && isset($cleansearchstr)) {
        $wherea = $wherebase;
        $orderby = "ORDER BY id DESC";
        $searcha = explode(" ", $cleansearchstr);
        $sc = 0;
        foreach ($searcha as $searchss) {
            if (strlen($searchss) <= 1) {
                continue;
            }
            $sc++;
            if ($sc > 5) {
                break;
            }
            $ssa = array();
            foreach (array("search_text", "ori_descr") as $sss) {
                $ssa[] = "{$sss} LIKE '%" . sqlwildcardesc($searchss) . "%'";
            }
            $wherea[] = "(" . implode(" OR ", $ssa) . ")";
        }
        if ($sc) {
            $where = implode(" AND ", $wherea);
            if ($where != "") {
                $where = "WHERE {$where}";
            }
            $res = mysql_query("SELECT COUNT(*) FROM torrents {$where}");
            $row = mysql_fetch_array($res, MYSQL_NUM);
            $count = $row[0];
        }
    }
    $torrentsperpage = $CURUSER["torrentsperpage"];
    if ($page_limit) {
        $torrentsperpage = $page_limit;
    }
    if (!$torrentsperpage) {
        $torrentsperpage = 15;
    }
    if ($count) {
        //list($pagertop, $pagerbottom, $limit) = pager($torrentsperpage, $count, "browse.php?" . $addparam);
        $pager = pager($torrentsperpage, $count, "browse.php?" . $addparam);
        $query = "SELECT torrents.id, torrents.category, torrents.leechers, torrents.seeders, torrents.name, torrents.times_completed, torrents.size, torrents.added, torrents.type,  torrents.comments,torrents.numfiles,torrents.filename,torrents.owner,IF(torrents.nfo <> '', 1, 0) as nfoav," . "categories.name AS cat_name, categories.image AS cat_pic, users.username, torrents.version, torrents.descr,licenses.name AS lic_name,licenses.url AS lic_url,licenses.description AS lic_desc FROM torrents LEFT JOIN categories ON category = categories.id LEFT JOIN users ON torrents.owner = users.id LEFT JOIN licenses ON torrents.license = licenses.id {$where} {$orderby} {$pager['limit']}";
        $res = mysql_query($query) or die(mysql_error());
    } else {
        unset($res);
    }
    if ($count) {
        return array($res, $wherecatina, $pager);
    } else {
        return array("", $wherecatina, "");
    }
}
Esempio n. 8
0
}
if (get_user_class() >= UC_ADMINISTRATOR) {
    if (($half = $_POST['half'] == '1' ? 'yes' : 'no') != $fetch_assoc['half']) {
        $updateset[] = 'half = ' . sqlesc($half);
    }
}
// Make sure they do not forget to fill these fields :D
foreach (array($descr, $type, $name) as $x) {
    if (empty($x)) {
        stderr("Err", "Missing from data");
    }
}
// Make sure they do not forget to fill these fields :D
if (isset($_POST['name']) && ($name = $_POST['name']) != $fetch_assoc['name'] && valid_torrent_name($name)) {
    $updateset[] = 'name = ' . sqlesc($name);
    $updateset[] = 'search_text = ' . sqlesc(searchfield("{$shortfname} {$dname} {$torrent}"));
}
if (isset($_POST['description']) && ($smalldescr = $_POST['description']) != $fetch_assoc['description']) {
    $updateset[] = "description = " . sqlesc($smalldescr);
}
if (isset($_POST['descr']) && ($descr = $_POST['descr']) != $fetch_assoc['descr']) {
    $updateset[] = 'descr = ' . sqlesc($descr);
    $updateset[] = 'ori_descr = ' . sqlesc($descr);
}
if (isset($_POST['type']) && ($category = 0 + $_POST['type']) != $fetch_assoc['category'] && is_valid_id($category)) {
    $updateset[] = 'category = ' . sqlesc($category);
}
////////////////////
$movie_cat = array(3, 5, 10, 11);
//add here your movie category
if (in_array($category, $movie_cat)) {
Esempio n. 9
0
    $updateset[] = "nfo = " . sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", file_get_contents($nfofilename)));
}
else
  if ($nfoaction == "remove")
    $updateset[] = "nfo = ''";

if($_POST['gamalt'] == 'yes')
	$gamalt = 1;
else
	$gamalt = 2;

$updateset[] = "anonymous = '" . ($_POST["anonymous"] ? "1" : "0") . "'";
$updateset[] = "scene = '" . ($_POST["scene"] ? "y" : "n") . "'";
$updateset[] = "gamalt = " . sqlesc($gamalt);
$updateset[] = "name = " . sqlesc($name);
$updateset[] = "search_text = " . sqlesc(searchfield("$shortfname $dname $torrent"));
$updateset[] = "descr = " . sqlesc($descr);
$updateset[] = "ori_descr = " . sqlesc($descr);
$updateset[] = "category = " . (0 + $type);
if ($CURUSER["class"] >= UC_MODERATOR) {
	if ($_POST["banned"]) {
		$updateset[] = "banned = 'yes'";
		$_POST["visible"] = 0;
	}
	else
		$updateset[] = "banned = 'no'";
	if ($_POST['nuked']) {
		if(!$_POST['nukedr'])
			bark("Verður að koma með ástæðu fyrir sprengingu");
		$updateset[] ="nuked = 'yes'";
		$updateset[] = "nukedr = '". $_POST['nukedr'] ."'";
Esempio n. 10
0
<?php

$this->setTitle("Browse");
$acl = new Acl(USER_ID);
$db = new DB("torrents");
$db->select("torrent_visible = '1'");
$pager_add = "";
$searchstr = "";
$query_cats = array();
$where = array();
if (isset($_GET['q'])) {
    $searchstr = $db->escape(searchfield($_GET['q']));
    $pager_add .= "&q=" . $searchstr;
    $where[] = "torrent_search_text LIKE '%" . $searchstr . "%'";
}
$cat = new DB("categories");
$cat->setColPrefix("category_");
$cat->setSort("category_name ASC");
$cat->select();
while ($cat->nextRecord()) {
    if (isset($_GET['c' . $cat->id])) {
        $query_cats[] = $cat->id;
        $pager_add .= "&c" . $cat->id . "=1";
    }
}
if (count($query_cats) < 1 && $acl->default_categories != "") {
    $cats = explode(",", $acl->default_categories);
    foreach ($cats as $id) {
        $query_cats[] = $id;
        $pager_add .= "&c" . $id . "=1";
    }
            $hspace = "3";
        } else {
            $hspace = "2";
        }
        $iconstr .= "<img src=\"{$dbcat[$stricon]}\" alt=\"{$dbcat[$striconalt]}\" hspace=\"{$hspace}\">\n";
        $x++;
    }
}
if ($x) {
    echo "<tr><td><div class=\"spaceleft\">&nbsp</div></td></tr>\n";
    echo "<tr>\n";
    echo "<td class=\"classadd1\"><div class=\"maininputleft\">{$adadd_selicon}</div></td>\n";
    echo "<td class=\"classadd2\" height=\"50\">\n";
    echo "{$iconstr}<br>\n";
    for ($i = 1; $i <= 10; $i++) {
        if ($dbcat["icon" . $i] && searchfield($catid, "icon{$i}")) {
            echo "<input type=\"checkbox\" name=\"in[icon{$i}]\">\n";
        }
    }
    echo "</td></tr>\n";
}
echo "<tr>\n";
echo "<td class=\"classadd1\"><div class=\"maininputleft\">{$adseek_text} </div></td>\n";
echo "<td class=\"classadd2\"><input type=text name=\"in[text]\" size=\"{$field_size}\" maxlength=\"50\" value=\"*\"></td>\n";
echo "</tr>\n";
if ($pic_enable) {
    echo "<tr>\n";
    echo "<td class=\"classadd1\"><div class=\"maininputleft\">{$adseek_pic} </div></td>\n";
    echo "<td class=\"classadd2\"><input type=\"checkbox\" name=\"in[picture]\"></td>\n";
    echo "</tr>\n";
}
Esempio n. 12
0
$dict['value']['info']['value']['source'] = bdec(benc_str("{$TBDEV['baseurl']} {$TBDEV['site_name']}"));
// add link for bitcomet users
unset($dict['value']['announce-list']);
// remove multi-tracker capability
unset($dict['value']['nodes']);
// remove cached peers (Bitcomet & Azareus)
$dict = bdec(benc($dict));
// double up on the becoding solves the occassional misgenerated infohash
list($ann, $info) = dict_check($dict, "announce(string):info");
$infohash = sha1($info["string"]);
unset($info);
// Replace punctuation characters with spaces
$torrent = str_replace("_", " ", $torrent);
$url = unesc($_POST['url']);
$poster = unesc($_POST['poster']);
$ret = sql_query("INSERT INTO torrents (search_text, filename, owner, visible, poster, anonymous, allow_comments, info_hash, name, size, numfiles, type, url, descr, ori_descr, category, free, save_as, added, last_action, nfo, client_created_by) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$shortfname} {$dname} {$torrent}"), $fname, $CURUSER["id"], "no", $poster, $anonymous, $allow_comments, $infohash, $torrent, $totallen, count($filelist), $type, $url, $descr, $descr, 0 + $_POST["type"], $free, $dname))) . ", " . time() . ", " . time() . ", {$nfo}, {$tmaker})");
if (!$ret) {
    if (mysql_errno() == 1062) {
        stderr($lang['takeupload_failed'], $lang['takeupload_already']);
    }
    stderr($lang['takeupload_failed'], "mysql puked: " . mysql_error());
}
$id = mysql_insert_id();
if ($CURUSER["anonymous"] == 'yes') {
    $message = "New Torrent : [url={$TBDEV['baseurl']}/details.php?id={$id}] " . htmlspecialchars($torrent) . "[/url] Uploaded - Anonymous User";
} else {
    $message = "New Torrent : [url={$TBDEV['baseurl']}/details.php?id={$id}] " . htmlspecialchars($torrent) . "[/url] Uploaded by " . htmlspecialchars($CURUSER["username"]) . "";
}
@sql_query("DELETE FROM files WHERE torrent = {$id}");
function file_list($arr, $id)
{
Esempio n. 13
0
/**
 *  Displays searchbar in table view
 *
 * For data of type table, recursive calls are used
 * The ugly stuff with _POST could be done better
 * it would also be nicer if a string was returned instead of writing directly
 */
function searchfield($db, $tableinfo, $nowfield, $_POST, $jscript)
{
    global $USER;
    $LAYOUT = 16;
    $column = strtok($tableinfo->fields, ",");
    while ($column) {
        if (is_array($_POST) && array_key_exists($column, $_POST)) {
            ${$column} = $_POST[$column];
        }
        $column = strtok(",");
    }
    // cleanup nowfield variable to avoid cross-site scripting
    $tmp = ${$nowfield['name']};
    if (!is_array(${$nowfield['name']})) {
        ${$nowfield['name']} = strip_xss_stuff(${$nowfield['name']});
        ${$nowfield['name']} = str_replace('<', ' ', ${$nowfield['name']});
        ${$nowfield['name']} = str_replace('>', ' ', ${$nowfield['name']});
        ${$nowfield['name']} = htmlspecialchars(${$nowfield['name']}, ENT_QUOTES);
    }
    if ($nowfield['datatype'] == 'int' || $nowfield['datatype'] == 'float' || $nowfield['datatype'] == 'sequence') {
        if (is_numeric(${$nowfield['name']})) {
            if (strpos($tmp, '>') !== false) {
                ${$nowfield['name']} = '>' . substr(${$nowfield['name']}, 1);
            }
            if (strpos($tmp, '<') !== false) {
                ${$nowfield['name']} = '<' . substr(${$nowfield['name']}, 1);
            }
        }
    }
    if ($nowfield['datatype'] == 'link') {
        echo "<td style='width: 10%'>&nbsp;</td>\n";
    } elseif ($nowfield['name'] == 'ownerid') {
        //if ($list) {
        $rowners = $db->Execute("SELECT ownerid FROM {$tableinfo->realname}");
        while ($rowners && !$rowners->EOF) {
            $ownerids[] = $rowners->fields[0];
            $rowners->MoveNext();
        }
        if ($ownerids) {
            $ownerlist = implode(',', $ownerids);
        }
        if ($ownerlist) {
            $rowners2 = $db->Execute("SELECT lastname,id FROM users WHERE id IN ({$ownerlist})");
            $text = $rowners2->GetMenu2("{$nowfield['name']}", ${$nowfield[name]}, true, false, 0, "style='width: 80%' {$jscript}");
            echo "<td style='width:10%'>{$text}</td>\n";
        } else {
            echo "<td style='width:10%'>&nbsp;</td>\n";
        }
    } elseif ($nowfield['datatype'] == 'int' || $nowfield['datatype'] == 'float' || $nowfield['datatype'] == 'sequence' || $nowfield['datatype'] == 'date') {
        echo " <td style='width: 10%'><input type='text' name='{$nowfield['name']}' value='" . ${$nowfield[name]} . "'size=5 align='middle'></td>\n";
    } elseif ($nowfield['datatype'] == 'text' || $nowfield['datatype'] == 'file') {
        echo " <td style='width: 25%'><input type='text' name='{$nowfield['name']}' value='" . ${$nowfield[name]} . "'size=7></td>\n";
    } elseif ($nowfield['datatype'] == 'textlong') {
        echo " <td style='width: 10%'><input type='text' name='{$nowfield['name']}' value='" . ${$nowfield[name]} . "'size=8></td>\n";
    } elseif ($nowfield['datatype'] == 'pulldown' || $nowfield['datatype'] == 'mpulldown') {
        echo "<td style='width: 10%'>";
        $rpull = $db->Execute("SELECT typeshort,id from {$nowfield['ass_t']} ORDER by sortkey,type");
        if ($rpull) {
            if ($nowfield['datatype'] == 'mpulldown') {
                $text = $rpull->GetMenu2("{$nowfield['name']}", ${$nowfield[name]}, false, true, 10, "style='width: 100%' align='left'");
            } else {
                $text = $rpull->GetMenu2("{$nowfield['name']}", ${$nowfield[name]}, true, false, 0, "style='width: 80%' {$jscript}");
            }
        } else {
            $text = "&nbsp;";
        }
        echo "{$text}\n";
        // Draw a modify icon to let qualified users change the pulldown menus
        if ($USER['permissions'] & $LAYOUT && $_SESSION['javascript_enabled']) {
            $jscript2 = " onclick='MyWindow=window.open (\"general.php?tablename=" . $tableinfo->name . "&amp;edit_type={$nowfield['ass_t']}&amp;jsnewwindow=true&amp;formname={$formname}&amp;selectname={$nowfield['name']}" . SID . "\",\"type\",\"scrollbars,resizable,toolbar,status,menubar,width=600,height=400\");MyWindow.focus()'";
            echo "<A href=\"javascript:void(0)\" {$jscript2}> <img src=\"icons/edit_modify.png\" alt=\"modify {$nowfield['name']}\" title=\"modify {$nowfield['label']}\" border=\"0\"/></A>\n";
            //echo "<input type='button' name='edit_button' value='Edit $nowfield[label]' $jscript2><br>\n";
        }
        echo "</td>\n";
    } elseif ($nowfield['datatype'] == 'table') {
        $ass_tableinfo = new tableinfo($db, $nowfield['ass_table_name'], false);
        $rasslk = $db->Execute("SELECT columnname FROM {$ass_tableinfo->desname} WHERE id={$nowfield['ass_column']}");
        $ass_Allfields = getvalues($db, $ass_tableinfo, $rasslk->fields[0]);
        // scary acks, their ugliness shows that we need to reorganize some stuff
        $ass_Allfields[0]['name'] = $nowfield['name'];
        $ass_tableinfo->fields = "{$nowfield['name']}";
        searchfield($db, $ass_tableinfo, $ass_Allfields[0], $_POST, $jscript);
    } elseif ($nowfield["datatype"] == "image") {
        echo "<td style='width: 10%'>&nbsp;</td>";
    }
}
Esempio n. 14
0
//== Make sure they do not forget to fill these fields :D
foreach (array($type, $descr, $name) as $x) {
    if (empty($x)) {
        stderr("Error", $lang['takedit_no_data']);
    }
}
if (isset($_POST['youtube']) && preg_match($youtube_pattern, $_POST['youtube'], $temp_youtube)) {
    if ($temp_youtube[0] != $fetch_assoc['youtube']) {
        $updateset[] = "youtube = " . sqlesc($temp_youtube[0]);
    }
    $torrent_cache['youtube'] = $temp_youtube[0];
}
if (isset($_POST['name']) && ($name = $_POST['name']) != $fetch_assoc['name'] && valid_torrent_name($name)) {
    $updateset[] = 'name = ' . sqlesc($name);
    $updateset[] = 'search_text = ' . sqlesc(searchfield("{$shortfname} {$dname}"));
    $torrent_cache['search_text'] = searchfield("{$shortfname} {$dname}");
    $torrent_cache['name'] = $name;
}
if (isset($_POST['descr']) && ($descr = $_POST['descr']) != $fetch_assoc['descr']) {
    $updateset[] = 'descr = ' . sqlesc($descr);
    $updateset[] = 'ori_descr = ' . sqlesc($descr);
    $torrent_txt_cache['descr'] = $descr;
}
if (isset($_POST['description']) && ($smalldescr = $_POST['description']) != $fetch_assoc['description']) {
    $updateset[] = "description = " . sqlesc($smalldescr);
    $torrent_cache['description'] = $smalldescr;
}
if (isset($_POST['tags']) && ($tags = $_POST['tags']) != $fetch_assoc['tags']) {
    $updateset[] = "tags = " . sqlesc($tags);
    $torrent_cache['tags'] = $tags;
}
Esempio n. 15
0
// add link for bitcomet users
unset($dict['value']['announce-list']);
// remove multi-tracker capability
unset($dict['value']['nodes']);
// remove cached peers (Bitcomet & Azareus)
$dict = bdec(benc($dict));
// double up on the becoding solves the occassional misgenerated infohash
$dict['value']['comment'] = bdec(benc_str("In using this torrent you are bound by the '{$SITENAME}' Confidentiality Agreement By Law"));
// change torrent comment
list($ann, $info) = dict_check($dict, "announce(string):info");
unset($dict['value']['created by']);
$infohash = pack("H*", sha1($info["string"]));
// Replace punctuation characters with spaces
$torrent = str_replace("_", " ", $torrent);
$nfo = sqlesc(str_replace("\r\r\n", "\r\n", @file_get_contents($nfofilename)));
$ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, anonymous, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$shortfname} {$dname} {$torrent}"), $fname, $CURUSER["id"], "no", $anonymous, $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', {$nfo})");
if (!$ret) {
    if (mysql_errno() == 1062) {
        stderr("Error", "torrent already uploaded!");
    }
    stderr("Error", "mysql puked!");
}
$id = mysql_insert_id();
@mysql_query("DELETE FROM files WHERE torrent = {$id}");
function file_list($arr, $id)
{
    foreach ($arr as $v) {
        $new[] = "({$id}," . sqlesc($v[0]) . "," . $v[1] . ")";
    }
    return join(",", $new);
}
Esempio n. 16
0
    $url = IMDBSearch1::_movieRedirect("{$movie_info['1']}", "{$movie_info['2']}");
}
if (substr($url, -1) == '/') {
    $url = substr($url, 0, -1);
}
//if (!$url)
//stderr($lang['takeupload_failed'], 'No IMDB Found');
$imdb_info = get_imdb($url);
$genre = $imdb_info['gen'];
if (!empty($imdb_info['poster'])) {
    $poster = $imdb_info['poster'];
} else {
    $poster = strip_tags(isset($_POST['poster']) ? trim($_POST['poster']) : '');
}
//END IMDB
$ret = sql_query("INSERT INTO torrents (search_text, filename, owner, username, visible, vip, release_group, newgenre, poster, anonymous, allow_comments, info_hash, name, size, numfiles, type, offer, request, url, subs, descr, ori_descr, description, category, free, silver, save_as, youtube, tags, added, last_action, mtime, ctime, freetorrent, nfo, client_created_by) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$shortfname} {$dname} {$torrent}"), $fname, $CURUSER["id"], $CURUSER["username"], $visible, $vip, $release_group, $genre, $poster, $anonymous, $allow_comments, $infohash, $torrent, $totallen, count($filelist), $type, $offer, $request, $url, $subs, $descr, $descr, $description, 0 + $_POST["type"], $free, $silver, $dname, $youtube, $tags))) . ", " . TIME_NOW . ", " . TIME_NOW . ", " . TIME_NOW . ", " . TIME_NOW . ", {$freetorrent}, {$nfo}, {$tmaker})");
if (!$ret) {
    if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) {
        stderr($lang['takeupload_failed'], $lang['takeupload_already']);
    }
    stderr($lang['takeupload_failed'], "mysql puked: " . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
}
if (XBT_TRACKER == false) {
    remove_torrent($infohash);
}
$id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
$mc1->delete_value('MyPeers_' . $CURUSER['id']);
//$mc1->delete_value('lastest_tor_');  //
$mc1->delete_value('last5_tor_');
$mc1->delete_value('scroll_tor_');
sql_query("DELETE FROM files WHERE torrent = " . sqlesc($id));
Esempio n. 17
0
$updateset = array();
$fname = $row["filename"];
preg_match('/^(.+)\\.torrent$/si', $fname, $matches);
$shortfname = $matches[1];
$dname = $row["save_as"];
$version_action = $_POST['version_action'];
if ($version_action == 'update') {
    $version_id = get_version_id_for_torrent($_POST['version'], $id);
    $updateset[] = "version = " . $version_id;
} else {
    if ($version_action == 'remove') {
        $updateset[] = 'version = 0';
    }
}
$updateset[] = "name = " . sqlesc($name);
$updateset[] = "search_text = " . sqlesc(searchfield("{$shortfname} {$dname} {$name}"));
$updateset[] = "descr = " . sqlesc($descr);
$updateset[] = "ori_descr = " . sqlesc($descr);
$updateset[] = "category = " . (0 + $type);
$updateset[] = "license = " . (0 + $lic);
//if ($CURUSER["admin"] == "yes") {
if ($CURUSER['class'] > UC_MODERATOR) {
    if (isset($_POST["banned"])) {
        $updateset[] = "banned = 'yes'";
        $_POST["visible"] = 0;
    } else {
        $updateset[] = "banned = 'no'";
    }
}
$updateset[] = "visible = '" . (isset($_POST["visible"]) ? "yes" : "no") . "'";
mysql_query("UPDATE torrents SET " . join(",", $updateset) . " WHERE id = {$id}");
Esempio n. 18
0
function search_text_in_db($searchstr, $base_sql, $where_search, $add_where = array(), $strict = false)
{
    global $db, $config;
    //$stopword_array = @file($root_path . 'languages/lang_' . $config['default_lang'] . '/search_stopwords.txt');
    //$synonym_array = @file($root_path . 'languages/lang_' . $config['default_lang'] . '/search_synonyms.txt');
    $match_types = array('or', 'not', 'and');
    $add_where = sizeof($add_where) ? ' AND ' . implode(' AND ', $add_where) : '';
    $cleansearchstr = searchfield($searchstr);
    $lower_searchstr = utf_strtolower($searchstr);
    if ($strict) {
        $split_search = array($lower_searchstr);
    } else {
        $split_search = split_words($cleansearchstr);
        if ($lower_searchstr != $searchstr) {
            $search_full_string = true;
            foreach ($match_types as $_null => $match_type) {
                if (strpos($lower_searchstr, $match_type) !== false) {
                    $search_full_string = false;
                }
            }
            if ($search_full_string) {
                $split_search[] = $lower_searchstr;
            }
        }
    }
    $word_count = 0;
    $current_match_type = 'and';
    $word_match = array();
    $result_list = array();
    for ($i = 0; $i < sizeof($split_search); $i++) {
        if (utf_strlen(str_replace(array('*', '%'), '', trim($split_search[$i]))) < $config['search_min_chars'] && !in_array($split_search[$i], $match_types)) {
            $split_search[$i] = '';
            continue;
        }
        switch ($split_search[$i]) {
            case 'and':
                $current_match_type = 'and';
                break;
            case 'or':
                $current_match_type = 'or';
                break;
            case 'not':
                $current_match_type = 'not';
                break;
            default:
                if (!empty($search_terms)) {
                    $current_match_type = 'and';
                }
                if ($strict) {
                    $search = $where_search . ' = \'' . sqlesc($split_search[$i]) . '\'' . $add_where;
                } else {
                    $match_word = str_replace('*', '%', $split_search[$i]);
                    $search = $where_search . ' LIKE \'%' . sqlesc($match_word) . '%\'' . $add_where;
                    //$search = $where_search . ' REGEXP \'[[:<:]]' . $db->sql_escape($match_word) . '[[:>:]]\'' . $add_where;
                }
                $sql = $base_sql . ' WHERE ' . $search;
                $result = sql_query($sql);
                $row = array();
                while ($temp_row = mysqli_fetch_row($result)) {
                    $row[$temp_row['id']] = 1;
                    if (!$word_count) {
                        $result_list[$temp_row['id']] = 1;
                    } else {
                        if ($current_match_type == 'or') {
                            $result_list[$temp_row['id']] = 1;
                        } else {
                            if ($current_match_type == 'not') {
                                $result_list[$temp_row['id']] = 0;
                            }
                        }
                    }
                }
                if ($current_match_type == 'and' && $word_count) {
                    @reset($result_list);
                    foreach ($result_list as $id => $match_count) {
                        if (!isset($row[$id]) || !$row[$id]) {
                            //$result_list[$id] = 0;
                            @($result_list[$id] -= 1);
                        } else {
                            @($result_list[$id] += 1);
                        }
                    }
                }
                $word_count++;
                mysqli_fetch_assoc($result);
        }
    }
    @reset($result_list);
    $search_ids = array();
    foreach ($result_list as $id => $matches) {
        if ($matches > 0) {
            //if ( $matches ) {
            $search_ids[] = $id;
        }
    }
    unset($result_list);
    return $search_ids;
}
Esempio n. 19
0
 $infohash[$i] = sha1($info[$i]["string"]);
 /* ...... end of Private Tracker mod */
 $torrent[$i] = str_replace("_", " ", $torrent[$i]);
 $torrent[$i] = str_replace("'", " ", $torrent[$i]);
 $torrent[$i] = str_replace("\"", " ", $torrent[$i]);
 $torrent[$i] = str_replace(",", " ", $torrent[$i]);
 $nfo[$i] = sqlesc(str_replace("\r\r\n", "\r\n", @file_get_contents($nfofilename[$i])));
 $first = $shortfname[$i][1];
 $second = $dname[$i];
 $third = $torrent[$i][1];
 $vip = isset($_POST["vip1"]) ? "1" : "0";
 $vip = isset($_POST["vip2"]) ? "1" : "0";
 $vip = isset($_POST["vip3"]) ? "1" : "0";
 $vip = isset($_POST["vip4"]) ? "1" : "0";
 $vip = isset($_POST["vip5"]) ? "1" : "0";
 $ret = mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO torrents (search_text, filename, owner, username, visible, anonymous, vip, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$first} {$second} {$third}"), $fname[$i], $CURUSER["id"], $CURUSER["username"], "no", $anonymous, $vip, $infohash[$i], $torrent[$i][1], $totallen, count($filelist[$i]), $type, $descr, $descr, $cat[$i], $dname[$i]))) . ", '" . TIME_NOW . "', '" . TIME_NOW . "', {$nfo[$i]})");
 if (!$ret) {
     if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) {
         stderr("Oops", "#{$i} torrent was already uploaded!");
     }
     stderr("Oops", "mysql puked: " . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
 }
 $id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
 $ids[] = $id;
 $mc1->delete_value('MyPeers_' . $CURUSER['id']);
 $mc1->delete_value('lastest_tor_');
 sql_query("DELETE FROM files WHERE torrent = {$id}");
 foreach ($filelist as $file) {
     sql_query("INSERT INTO files (torrent, filename, size) VALUES ({$id}, " . sqlesc($file[0]) . "," . $file[1] . ")");
 }
 $fp = fopen("{$INSTALLER09['torrent_dir']}/{$id}.torrent", "w");
Esempio n. 20
0
require_once "backend/functions.php";
dbconn();
//check permissions
if ($site_config["MEMBERSONLY"]) {
    loggedinonly();
    if ($CURUSER["view_torrents"] == "no") {
        show_error_msg(T_("ERROR"), T_("NO_TORRENT_VIEW"), 1);
    }
}
function sqlwildcardesc($x)
{
    return str_replace(array("%", "_"), array("\\%", "\\_"), mysql_real_escape_string($x));
}
//GET SEARCH STRING
$searchstr = trim($_GET["search"]);
$cleansearchstr = searchfield($searchstr);
if (empty($cleansearchstr)) {
    unset($cleansearchstr);
}
$thisurl = "../search/?";
$addparam = "";
$wherea = array();
$wherecatina = array();
$wherea[] = "banned = 'no'";
$wherecatina = array();
$wherecatin = "";
$res = SQL_Query_exec("SELECT id FROM categories");
while ($row = mysql_fetch_assoc($res)) {
    if ($_GET["c{$row['id']}"]) {
        $wherecatina[] = $row[id];
        $addparam .= "c{$row['id']}=1&amp;";
Esempio n. 21
0
 // javascript to automatically execute search when pulling down
 $jscript = "onChange='document.g_form.searchj.value=\"Search\"; document.g_form.submit()'";
 echo "<input type='hidden' name='searchj' value=''>\n";
 // print header of table
 echo "<table border='1' align='center'>\n";
 // row with search form
 echo "<tr align='center'>\n";
 foreach ($Allfields as $nowfield) {
     if ($_GET[$nowfield['name']]) {
         $list = $listb['sql'];
         $count = $listb['numrows'];
     } else {
         $list = $lista;
         $count = $listb['numrows'];
     }
     searchfield($db, $tableinfo, $nowfield, $_GET, $jscript);
 }
 echo "<td style='width: 5%'><input type=\"submit\" name=\"search\" value=\"Search\">&nbsp;";
 echo "<input type=\"submit\" name=\"search\" value=\"Show All\"></td>";
 echo "</tr>\n\n";
 if ($sortdirarray) {
     echo "<input type='hidden' name='serialsortdirarray' value='" . serialize($sortdirarray) . "'>\n";
 }
 echo "<tr>\n";
 foreach ($Allfields as $nowfield) {
     tableheader($sortdirarray, $nowfield);
 }
 echo "<th>Action</th>\n";
 echo "</tr>\n\n";
 if ($md == 'edit') {
     display_table_change($db, $tableinfo, $Fieldscomma, ${$queryname}, $num_p_r, ${$pagename}, $rp, $r);