Esempio n. 1
function parked()
    global $CURUSER;
    if ($CURUSER["parked"] == "yes") {
        stderr("Error", "<b>Your account is currently parked.</b>");
Esempio n. 2
function write_staffs2()
    global $lang;
    $t = '$INSTALLER09';
    $iconfigfile = "<" . "?php\n/**\n{$lang['staffcfg_file_created']}" . date('M d Y H:i:s') . ".\n{$lang['staffcfg_mod_by']}\n**/\n";
    $ri = sql_query("SELECT id, username, class FROM users WHERE class BETWEEN " . UC_STAFF . " AND " . UC_MAX . " ORDER BY id ASC") or sqlerr(__FILE__, __LINE__);
    $iconfigfile .= "" . $t . "['allowed_staff']['id'] = array(";
    while ($ai = mysqli_fetch_assoc($ri)) {
        $ids[] = $ai['id'];
        $usernames[] = "'" . $ai["username"] . "' => 1";
    $iconfigfile .= "" . join(",", $ids);
    $iconfigfile .= ");";
    $iconfigfile .= "\n?" . ">";
    $filenum = fopen('./cache/staff_settings.php', 'w');
    ftruncate($filenum, 0);
    fwrite($filenum, $iconfigfile);
    $t = '$INSTALLER09';
    $nconfigfile = "<" . "?php\n/**\n{$lang['staffcfg_file_created']}" . date('M d Y H:i:s') . ".\n{$lang['staffcfg_mod_by']}\n**/\n";
    $nconfigfile .= "" . $t . "['staff']['allowed'] = array(";
    $nconfigfile .= "" . join(",", $usernames);
    $nconfigfile .= ");";
    $nconfigfile .= "\n?" . ">";
    $filenum1 = fopen('./cache/staff_settings2.php', 'w');
    ftruncate($filenum1, 0);
    fwrite($filenum1, $nconfigfile);
    stderr($lang['staffcfg_success'], $lang['staffcfg_updated']);
Esempio n. 3
 function showLoginPasswordProtect($error_msg)
     stderr("Admin Login", "\n\n<html>\n<head>\n  <META HTTP-EQUIV=CACHE-CONTROL CONTENT=NO-CACHE>\n  <META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>\n</head>\n<body>\n  <style>\n    input { border: 1px solid black; }\n  </style>\n<table align=center cellpadding=2 cellspacing=2 border=1 width=90%>\n<tr>\n<td align=center class=lista>\n  <form method=post>\n\n\t<div><center><font color=red><b>\n\tYou are now entering a page that needs extra login details. Be sure\n\tthat you are entering the correct information</b></center></font></div>\n</td>\n</tr>\n</table>\n    <br><div align=center><font color=red size=3><b>" . $error_msg . "</b></font></div><br>\n<table align=center class=lista border=0 cellpadding=10>\n<tr>\n<td class=embedded>\n<h2><center>Login Form</center></h2>\n<table align=center class=lista border=0 cellpadding=10>\n<tr>\n<td align=right class=header>Username:</td><td class=lista><input type=input name=access_login size=40 /></td></tr>\n<tr>\n<td align=right class=header>Password:</td>\n<td class=lista><input type=password name=access_password size=40 /></td>\n</tr>\n<tr>\n<td align=left class=header>Submit :</td>\n<td align=left class=lista><center><input type=submit name=Submit value=Enter /></center></td>\n</tr>\n</table>\n</table>\n  </form>\n  <br>\n  </div>\n</body>\n</html>\n\n<?php\n ");
     // stop at this point
Esempio n. 4
function I_smell_a_rat($var)
    if (0 + $var == 1) {
        $var = 0 + $var;
    } else {
        stderr($lang['bonus_error'], $lang['bonus_smellrat']);
Esempio n. 5
function I_smell_a_rat($var)
    if (0 + $var == 1) {
        $var = 0 + $var;
    } else {
        stderr("Error", "I smell a rat!");
Esempio n. 6
 function addbookmark($torrentid)
     global $CURUSER;
     if (get_row_count("bookmarks", "WHERE userid={$CURUSER['id']} AND torrentid = {$torrentid}") > 0) {
         stderr("Error", "Torrent already bookmarked");
     sql_query("INSERT INTO bookmarks (userid, torrentid) VALUES ({$CURUSER['id']}, {$torrentid})") or sqlerr(__FILE__, __LINE__);
Esempio n. 7
function check($id)
    if (!is_valid_id($id)) {
        return stderr("Error", "Invalid ID");
    } else {
        return true;
function validate($id)
    global $lang;
    if (!is_valid_id($id)) {
        stderr($lang['failed_sorry'], "{$lang['failed_bad_id']}");
    } else {
        return true;
Esempio n. 9
function kaupa($PRI)
    global $CURUSER, $lang;
    if ($PRI > $CURUSER['coins']) {
        stderr($lang['shop_error'], $lang['shop_notenn']);
    } else {
        sql_query("UPDATE users SET coins=coins-{$PRI} WHERE id={$CURUSER['id']}") or sqlerr(__FILE__, __LINE__);
Esempio n. 10
function check_banned_emails($email)
    $expl = explode("@", $email);
    $wildemail = "*@" . $expl[1];
    /* Ban emails by x0r */
    $res = sql_query("SELECT id, comment FROM bannedemails WHERE email = " . sqlesc($email) . " OR email = " . sqlesc($wildemail) . "") or sqlerr(__FILE__, __LINE__);
    if ($arr = mysql_fetch_assoc($res)) {
        stderr("Sorry..", "This email address is banned!<br /><br /><strong>Reason</strong>: {$arr['comment']}", false);
Esempio n. 11
 function addbookmark($torrentid)
     global $CURUSER, $mc1, $INSTALLER09;
     if (get_row_count("bookmarks", "WHERE userid=" . sqlesc($CURUSER['id']) . " AND torrentid = " . sqlesc($torrentid)) > 0) {
         stderr("Error", "Torrent already bookmarked");
     sql_query("INSERT INTO bookmarks (userid, torrentid) VALUES (" . sqlesc($CURUSER['id']) . ", " . sqlesc($torrentid) . ")") or sqlerr(__FILE__, __LINE__);
     $mc1->delete_value('bookmm_' . $CURUSER['id']);
     make_bookmarks($CURUSER['id'], 'bookmm_');
function parked()
    global $CURUSER;
    if ($CURUSER["parked"] == "yes") {
        stderr("Error", "<b>Your account is currently parked.</b>");
    //require_once (CLASS_DIR . 'class_user_options.php');
    //global $CURUSER;
    //if ($CURUSER['opt1'] & user_options::PARKED) stderr("Error", "<b>Your account is currently parked.</b>");
Esempio n. 13
 *   Licence Info: GPL
 *   Copyright (C) 2010 U-232 v.3
 *   A bittorrent tracker source based on
 *   Project Leaders: Mindless, putyn.
function check_banned_emails($email)
    global $lang;
    $expl = explode("@", $email);
    $wildemail = "*@" . $expl[1];
    /* Ban emails by x0r */
    $res = sql_query("SELECT id, comment FROM bannedemails WHERE email = " . sqlesc($email) . " OR email = " . sqlesc($wildemail)) or sqlerr(__FILE__, __LINE__);
    if ($arr = mysqli_fetch_assoc($res)) {
        stderr("{$lang['takesignup_user_error']}", "{$lang['takesignup_bannedmail']}" . htmlsafechars($arr['comment']));
Esempio n. 14
 function check($task_name = 'Default')
     global $CURUSER, $INSTALLER09, $lang, $_SESSION;
     $returl = isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : $INSTALLER09['baseurl'] . "/login.php";
     $returl = str_replace('&amp;', '&', $returl);
         stderr("Error", "Please resubmit the form. <a href='" . $returl . "'>Click HERE</a>", false);
     if (isset($_SESSION['Task']) && $_SESSION['Task'] != md5('user_id:' . $CURUSER['id'] . '::taskname-' . $task_name . '::' . $_SESSION['Task_Time'])) {
         stderr("Error", "Please resubmit the form. <a href='" . $returl . "'>Click HERE</a>", false);
function bark($text = 'Username or password incorrect')
    global $lang, $INSTALLER09, $mc1;
    $sha = sha1($_SERVER['REMOTE_ADDR']);
    $dict_key = 'dictbreaker:::' . $sha;
    $flood = $mc1->get_value($dict_key);
    if ($flood === false) {
        $mc1->cache_value($dict_key, 'flood_check', 20);
    } else {
        die('Minimum 8 seconds between login attempts :)');
    stderr($lang['tlogin_failed'], $text);
Esempio n. 16
function check_admins($flag = true, $usertypes = "")
    //$flag=false 表示是否为论坛版主,否则为各等级管理员;
    global $lang_signin;
    global $CURUSER;
    if ($flag) {
        if (get_user_class() < 12) {
            stderr($lang_signin['std_sorry'], $lang_signin['std_permission_denied_only'] . get_user_class_name(12, false, true, true) . $lang_signin['std_or_above_can_view'], false, false, true, true);
    } elseif ($usertypes == "admin") {
        if (get_user_class() < 14) {
            stderr($lang_signin['std_sorry'], $lang_signin['std_permission_denied_onlyadmin'] . get_user_class_name(14, false, true, true) . $lang_signin['std_or_admin_can_view'], false, false, true, true);
        return true;
    } elseif ($usertypes == "forumman") {
        $mysql = "SELECT * FROM forummods WHERE forummods.userid = '" . $CURUSER['id'] . "'";
        $res = mysql_query($mysql);
        if ("" == mysql_fetch_array($res)) {
            return false;
        return true;
    } elseif ($usertypes == "picker") {
        $mysql = "SELECT * FROM users WHERE = '" . $CURUSER['id'] . "' and users.picker = 'yes'";
        $res = mysql_query($mysql);
        if ("" == mysql_fetch_array($res)) {
            return false;
        return true;
    } elseif ($usertypes == "support") {
        $mysql = "SELECT * FROM users WHERE = '" . $CURUSER['id'] . "' and = 'yes'";
        $res = mysql_query($mysql);
        if ("" == mysql_fetch_array($res)) {
            return false;
        return true;
Esempio n. 17
function validusername($username)
    global $lang;
    if ($username == "") {
        return false;
    $namelength = strlen($username);
    if ($namelength < 3 or $namelength > 32) {
        stderr($lang['takesignup_user_error'], $lang['takesignup_username_length']);
    // The following characters are allowed in user names
    $allowedchars = $lang['takesignup_allowed_chars'];
    for ($i = 0; $i < $namelength; ++$i) {
        if (strpos($allowedchars, $username[$i]) === false) {
            return false;
    return true;
Esempio n. 18
function takereport($reportid, $type, $reason)
    global $CURUSER, $lang_report, $Cache;
    // Check if takereason is set
    if ($reason == '') {
        stderr($lang_report['std_error'], $lang_report['std_missing_reason']);
    $res = sql_query("SELECT id FROM reports WHERE addedby = " . sqlesc($CURUSER[id]) . " AND reportid= " . sqlesc($reportid) . " AND type = " . sqlesc($type)) or sqlerr(__FILE__, __LINE__);
    if (mysql_num_rows($res) == 0) {
        $date = sqlesc(date("Y-m-d H:i:s"));
        sql_query("INSERT into reports (addedby,reportid,type,reason,added) VALUES (" . sqlesc($CURUSER[id]) . "," . sqlesc($reportid) . "," . sqlesc($type) . ", " . sqlesc(trim($reason)) . "," . $date . ")") or sqlerr(__FILE__, __LINE__);
        stderr($lang_report['std_message'], $lang_report['std_successfully_reported']);
    } else {
        stderr($lang_report['std_error'], $lang_report['std_already_reported_this']);
Esempio n. 19
 if (isset($_POST["unit"])) {
     if ($openbet >= $maxusrbet) {
         stderr($lang['gl_sorry'], "{$lang['casino_there_are_already']} " . htmlsafechars($openbet) . " {$lang['casino_bets_open_take_an_open_bet']} !");
     if ($nobits <= 0) {
         stderr($lang['gl_sorry'], " {$lang['casino_this_wont_work_enter_a_pos_val']}?");
     if ($nobits == ".") {
         stderr($lang['gl_sorry'], " {$lang['casino_this_wont_work_enter_without_a_dec']}?");
     $newups = $CURUSER['uploaded'] - $nobits;
     $debt = $nobits - $CURUSER['uploaded'];
     if ($CURUSER['uploaded'] < $nobits) {
         if ($alwdebt != 1) {
             stderr($lang['gl_sorry'], "<h2>{$lang['casino_thats']} " . htmlsafechars(mksize($debt)) . " {$lang['casino_more_than_you_got']}!</h2>{$goback}");
     $betsp = sql_query("SELECT id, amount FROM casino_bets WHERE userid = " . sqlesc($CURUSER['id']) . " ORDER BY time ASC") or sqlerr(__FILE__, __LINE__);
     $tbet2 = mysqli_fetch_row($betsp);
     $dummy = "<h2>{$lang['casino_bet_added_you_will_receive_a_pm_notify']}</h2>";
     $user = $CURUSER['username'];
     $bet = mksize($nobits);
     $message = "[color=green][b]{$user}[/b][/color] {$lang['casino_has_just_placed_a']} [color=red][b]{$bet}[/b][/color] {$lang['casino_bet_in_the_casino']}";
     $messages = "{$user} {$lang['casino_has_just_placed_a']} {$bet} {$lang['casino_bet_in_the_casino']}";
     sql_query("INSERT INTO casino_bets ( userid, proposed, challenged, amount, time) VALUES (" . sqlesc($CURUSER['id']) . "," . sqlesc($CURUSER['username']) . ", 'empty', {$nobits}, {$time})") or sqlerr(__FILE__, __LINE__);
     sql_query("UPDATE users SET uploaded = " . sqlesc($newups) . " WHERE id = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
     sql_query("UPDATE casino SET deposit = deposit + " . sqlesc($nobits) . " WHERE userid = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
     $update['uploaded'] = $newups;
     $mc1->begin_transaction('userstats_' . $CURUSER['id']);
Esempio n. 20
$id = 0 + $_GET["id"];
$points = 0 + $_GET["points"];
if (!is_valid_id($id) || !is_valid_id($points)) {
$pointscangive = array("10", "20", "50", "100", "200", "500", "1000");
if (!in_array($points, $pointscangive)) {
    stderr("Error", "You can't give that amount of points!!!");
$sdsa = mysql_query("SELECT 1 FROM coins WHERE torrentid=" . sqlesc($id) . " AND userid =" . sqlesc($CURUSER["id"])) or die;
$asdd = mysql_fetch_array($sdsa);
if ($asdd) {
    stderr("Error", "You already gave points to this torrent.");
$res = mysql_query("SELECT owner,name FROM torrents WHERE id = " . sqlesc($id)) or die;
$row = mysql_fetch_assoc($res) or stderr("Error", "Torrent was not found");
$userid = $row["owner"];
if ($userid == $CURUSER["id"]) {
    stderr("Error", "You can't give your self points!");
if ($CURUSER["seedbonus"] < $points) {
    stderr("Error", "You dont have enough points");
mysql_query("INSERT INTO coins (userid, torrentid, points) VALUES (" . sqlesc($CURUSER["id"]) . ", " . sqlesc($id) . ", " . sqlesc($points) . ")") or sqlerr(__FILE__, __LINE__);
mysql_query("UPDATE users SET seedbonus=seedbonus+" . $points . " WHERE id=" . sqlesc($userid)) or sqlerr(__FILE__, __LINE__);
mysql_query("UPDATE users SET seedbonus=seedbonus-" . $points . " WHERE id=" . sqlesc($CURUSER["id"])) or sqlerr(__FILE__, __LINE__);
mysql_query("UPDATE torrents SET points=points+" . $points . " WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$msg = sqlesc("You have been given " . $points . " points by " . $CURUSER["username"] . " for torrent [url=" . $TBDEV['baseurl'] . "/details.php?id=" . $id . "]" . $row["name"] . "[/url].");
mysql_query("INSERT INTO messages (sender, receiver, msg, added, subject) VALUES(0, {$userid}, {$msg}, " . sqlesc(time()) . ", 'You have been given a gift')") or sqlerr(__FILE__, __LINE__);
stderr("Done", "Successfully gave points to this torrent.");
Esempio n. 21
$request = isset($_POST['requesttitle']) ? $_POST['requesttitle'] : '';
if ($request == '') {
    stderr("{$lang['error_error']}", "{$lang['error_title']}");
$cat = isset($_POST['category']) ? (int) $_POST['category'] : 0;
if (!is_valid_id($cat)) {
    stderr("{$lang['error_error']}", "{$lang['error_cat']}");
$descrmain = isset($_POST['body']) ? $_POST['body'] : '';
if (!$descrmain) {
    stderr("{$lang['error_error']}", "{$lang['error_descr']}");
$pic = '';
if (!empty($_POST['picture'])) {
    if (!preg_match('/^https?:\\/\\/([a-zA-Z0-9\\-\\_]+\\.)+([a-zA-Z]{1,5}[^\\.])(\\/[^<>]+)+\\.(jpg|jpeg|gif|png|tif|tiff|bmp)$/i', $_POST['picture'])) {
        stderr("{$lang['error_error']}", "{$lang['error_image']}");
    $picture = $_POST['picture'];
    //    $picture2 = trim(urldecode($_POST['picture']));
    //    $headers  = get_headers($picture2);
    //    if (strpos($headers[0], '200') === false)
    //        $picture = $INSTALLER09['baseurl'].'/pic/notfound.png';
    $pic = "[img]" . $picture . "[/img]\n";
$descr = "{$pic}";
$descr .= "{$descrmain}";
$request2 = sqlesc($request);
$descr = sqlesc($descr);
sql_query("INSERT INTO requests (hits, userid, cat, request, descr, added) VALUES(1,{$CURUSER['id']}, {$cat}, {$request2}, {$descr}, " . TIME_NOW . ")") or sqlerr(__FILE__, __LINE__);
$id = mysql_insert_id();
sql_query("INSERT INTO voted_requests VALUES(0, {$id}, {$CURUSER['id']})") or sqlerr();
Esempio n. 22
 if ($CURUSER["downloaded"] > 0) {
     $ratio = number_format($CURUSER["uploaded"] / $CURUSER["downloaded"], 3);
 } elseif ($CURUSER["uploaded"] > 0) {
     $ratio = 999;
 } else {
     $ratio = 0;
 if ($INSTALLER09['ratio_free'] === false && $ratio < $required_ratio) {
     stderr("Sorry " . $CURUSER["username"], "Your ratio is lower than the requirement of " . $required_ratio . "%.");
 $res = sql_query("SELECT status, gameover FROM blackjack WHERE userid = " . sqlesc($CURUSER['id']));
 $arr = mysqli_fetch_assoc($res);
 if ($arr['status'] == 'waiting') {
     stderr("Sorry", "You'll have to wait until your last game completes before you play a new one.");
 } elseif ($arr['status'] == 'playing') {
     stderr("Sorry", "You must finish your old game first.<form method='post' action='" . $_SERVER['PHP_SELF'] . "'><input type='hidden' name='game' value='hit' readonly='readonly' /><input type='hidden' name='continue' value='yes' readonly='readonly' /><input type='submit' value='Continue old game' /></form>");
 cheater_check($arr['gameover'] == 'yes');
 $cardids = array();
 for ($i = 0; $i <= 1; $i++) {
     $cardids[] = rand(1, $cardcount);
 foreach ($cardids as $cardid) {
     while (in_array($cardid, $cardids)) {
         $cardid = rand(1, $cardcount);
     $cardres = sql_query("SELECT points, pic FROM cards WHERE id='{$cardid}'");
     $cardarr = mysqli_fetch_assoc($cardres);
     if ($cardarr["points"] > 1) {
         $points += $cardarr["points"];
     } else {
Esempio n. 23
         if ($expiry == $x[0]) {
             $flag = 1;
     if (!isset($flag)) {
         stderr('Error', 'Invalid expiry selection');
     $expires = TIME_NOW + 86400 * $expiry;
     // 86400 seconds in one day.
     $created = TIME_NOW;
     $query = sprintf('INSERT INTO announcement_main ' . '(owner_id, created, expires, sql_query, subject, body) ' . 'VALUES (%s, %s, %s, %s, %s, %s)', sqlesc($CURUSER['id']), sqlesc($created), sqlesc($expires), sqlesc($ann_query), sqlesc($subject), sqlesc($body));
     if (mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
         stderr('Success', 'Announcement was successfully created');
     stderr('Error', 'Contact an administrator');
 echo stdhead("Create Announcement", false);
 $HTMLOUT = "";
 $HTMLOUT .= "<table class='main' width='750' border='0' cellspacing='0' cellpadding='0'>\r\n \t<tr>\r\n \t<td class='embedded'><div align='center'>\r\n \t<h1>Create Announcement for " . $n_pms . " user" . ($n_pms > 1 ? 's' : '') . "&nbsp;!</h1>";
 $HTMLOUT .= "<form name='compose' method='post' action='{$INSTALLER09['baseurl']}/new_announcement.php'>\r\n \t<table border='1' cellspacing='0' cellpadding='5'>\r\n \t<tr>\r\n \t<td colspan='2'><b>Subject: </b>\r\n \t<input name='subject' type='text' size='76' value='" . htmlsafechars($subject) . "' /></td>\r\n \t</tr>\r\n \t<tr><td colspan='2'><div align='center'>\r\n  " . textbbcode("compose", "msg", $body) . "\r\n  </div></td></tr>";
 $HTMLOUT .= "<tr><td colspan='2' align='center'>";
 $HTMLOUT .= "<select name='expiry'>";
 foreach ($days as $x) {
     $HTMLOUT .= '<option value="' . $x[0] . '"' . ($expiry == $x[0] ? '' : '') . '>' . $x[1] . '</option>';
 $HTMLOUT .= "</select>\r\n\r\n \t<input type='submit' name='buttonval' value='Preview' class='btn' />\r\n \t<input type='submit' name='buttonval' value='Submit' class='btn' />\r\n \t</td></tr></table>\r\n \t<input type='hidden' name='n_pms' value='" . $n_pms . "' />\r\n \t<input type='hidden' name='ann_query' value='" . $ann_query . "' />\r\n \t<input type='hidden' name='ann_hash' value='" . $ann_hash . "' />\r\n \t</form><br /><br />\r\n \t</div></td></tr></table>";
 if ($body) {
     $newtime = TIME_NOW + 86400 * $expiry;
     $HTMLOUT .= "<table width='700' class='main' border='0' cellspacing='1' cellpadding='1'>\r\n \t<tr><td bgcolor='#663366' align='center' valign='baseline'><h2><font color='white'>Announcement: \r\n \t" . htmlsafechars($subject) . "</font></h2></td></tr>\r\n \t<tr><td class='text'>\r\n \t" . format_comment($body) . "<br /><hr />Expires: " . get_date($newtime, 'DATE') . "";
Esempio n. 24
function result_screen($mode = 'reg')
    global $INSTALLER09, $inbound, $month_names, $lang;
    $page_title = $lang['stats_ex_center_result'];
    $page_detail = "&nbsp;";
    if (!checkdate($inbound['to_month'], $inbound['to_day'], $inbound['to_year'])) {
        stderr($lang['stats_ex_ustderr'], $lang['stats_ex_ustderr1']);
    if (!checkdate($inbound['from_month'], $inbound['from_day'], $inbound['from_year'])) {
        stderr($lang['stats_ex_ustderr'], $lang['stats_ex_dstderr']);
    $to_time = mktime(0, 0, 0, $inbound['to_month'], $inbound['to_day'], $inbound['to_year']);
    $from_time = mktime(0, 0, 0, $inbound['from_month'], $inbound['from_day'], $inbound['from_year']);
    $human_to_date = getdate($to_time);
    $human_from_date = getdate($from_time);
    if ($mode == 'reg') {
        $table = $lang['stats_ex_registr'];
        $sql_table = 'users';
        $sql_field = 'added';
        $page_detail = $lang['stats_ex_rdetails'];
    } else {
        if ($mode == 'topic') {
            $table = $lang['stats_ex_newtopicst'];
            $sql_table = 'topics';
            $sql_field = 'added';
            $page_detail = $lang['stats_ex_topdetails'];
        } else {
            if ($mode == 'post') {
                $table = $lang['stats_ex_poststs'];
                $sql_table = 'posts';
                $sql_field = 'added';
                $page_detail = $lang['stats_ex_postdetails'];
            } else {
                if ($mode == 'msg') {
                    $table = $lang['stats_ex_pmsts'];
                    $sql_table = 'messages';
                    $sql_field = 'added';
                    $page_detail = $lang['stats_ex_pmdetails'];
                } else {
                    if ($mode == 'comms') {
                        $table = $lang['stats_ex_comsts'];
                        $sql_table = 'comments';
                        $sql_field = 'added';
                        $page_detail = $lang['stats_ex_cdetails'];
                    } else {
                        if ($mode == 'torrents') {
                            $table = $lang['stats_ex_torrsts'];
                            $sql_table = 'torrents';
                            $sql_field = 'added';
                            $page_detail = $lang['stats_ex_tordetails'];
                        } else {
                            if ($mode == 'reps') {
                                $table = $lang['stats_ex_repsts'];
                                $sql_table = 'reputation';
                                $sql_field = 'dateadd';
                                $page_detail = $lang['stats_ex_repdetails'];
    switch ($inbound['timescale']) {
        case 'daily':
            $sql_date = "%w %U %m %Y";
            $php_date = "F jS - Y";
        case 'monthly':
            $sql_date = "%m %Y";
            $php_date = "F Y";
            // weekly
            $sql_date = "%U %Y";
            $php_date = " [F Y]";
    $sort_by = $inbound['sortby'] == 'DESC' ? 'DESC' : 'ASC';
    $sql = array('from_time' => $from_time, 'to_time' => $to_time, 'sortby' => $sort_by, 'sql_field' => $sql_field, 'sql_table' => $sql_table, 'sql_date' => $sql_date);
    $q1 = sql_query("SELECT MAX({$sql['sql_field']}) as result_maxdate,\n\t\t\t\t COUNT(*) as result_count,\n\t\t\t\t DATE_FORMAT(from_unixtime({$sql['sql_field']}),'{$sql['sql_date']}') AS result_time\n\t\t\t\t FROM {$sql['sql_table']}\n\t\t\t\t WHERE {$sql['sql_field']} > '{$sql['from_time']}'\n\t\t\t\t AND {$sql['sql_field']} < '{$sql['to_time']}'\n\t\t\t\t GROUP BY result_time\n\t\t\t\t ORDER BY {$sql['sql_field']} {$sql['sortby']}");
    $running_total = 0;
    $max_result = 0;
    $results = array();
    $heading = ucfirst($inbound['timescale']) . " {$table} ({$human_from_date['mday']} {$month_names[$human_from_date['mon']]} {$human_from_date['year']} to {$human_to_date['mday']} {$month_names[$human_to_date['mon']]} {$human_to_date['year']})";
    $menu = make_side_menu();
    $htmlout = "<div>\n      <div class='row'><div class='col-md-12'><h2 class='text-center'>{$lang['stats_ex_center']}</h2></div></div><br>\n      <div class='row'><div class='col-md-12'>{$menu}</div></div><br>\n      <div class='row'><div class='col-md-12'><table class='table table-bordered'>\n\t\t<tr>\n    <td colspan='3' align='left'>{$heading}<br />{$page_detail}</td>\n    </tr><tr>\n    <td>{$lang['stats_ex_date']}</td>\n    <td>{$lang['stats_ex_result']}</td>\n    <td>{$lang['stats_ex_count']}</td>\n    </tr>";
    if (mysqli_num_rows($q1)) {
        while ($row = mysqli_fetch_assoc($q1)) {
            if ($row['result_count'] > $max_result) {
                $max_result = $row['result_count'];
            $running_total += $row['result_count'];
            $results[] = array('result_maxdate' => $row['result_maxdate'], 'result_count' => $row['result_count'], 'result_time' => $row['result_time']);
        foreach ($results as $data) {
            $img_width = intval($data['result_count'] / $max_result * 100 - 8);
            if ($img_width < 1) {
                $img_width = 1;
            $img_width .= '%';
            if ($inbound['timescale'] == 'weekly') {
                $date = "Week #" . strftime("%W", $data['result_maxdate']) . date($php_date, $data['result_maxdate']);
            } else {
                $date = date($php_date, $data['result_maxdate']);
            $htmlout .= "<tr>\n    \t\t\t<td>{$date}</td>\n    \t\t\t<td><img src='{$INSTALLER09['pic_base_url']}/bar_left.gif' border='0' width='4' height='11' align='middle' alt='' /><img src='{$INSTALLER09['pic_base_url']}/bar.gif' border='0' width='{$img_width}' height='11' align='middle' alt='' /><img src='{$INSTALLER09['pic_base_url']}/bar_right.gif' border='0' width='4' height='11' align='middle' alt='' /></td>\n\t\t\t\t\t<td>{$data['result_count']}</td>\n\t\t\t\t\t</tr>";
        $htmlout .= "<tr>\n<td>&nbsp;</td>\n<td><div align='right'><b>{$lang['stats_ex_total']}</b></div></td>\n<td><b>{$running_total}</b></td>\n</tr>";
    } else {
        $htmlout .= "<tr><td colspan='3' align='center'>{$lang['stats_ex_noresult']}</td></tr>";
    $htmlout .= '</table></div></div>';
    echo stdhead($page_title) . $htmlout . stdfoot();
Esempio n. 25
     $passupdated = 1;
 if ($disableemailchange != 'no' && $smtptype != 'none' && $email != $CURUSER["email"]) {
     if (EmailBanned($email)) {
     if (!EmailAllowed($email)) {
         bark($lang_usercp['std_wrong_email_address_domains'] . allowedemails());
     if (!validemail($email)) {
         stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0);
     $r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
     if (mysql_num_rows($r) > 0) {
         stderr($lang_usercp['std_error'], $lang_usercp['std_email_in_use'] . goback("-2"), 0);
     $changedemail = 1;
 if ($resetpasskey == 1) {
     $passkey = md5($CURUSER['username'] . date("Y-m-d H:i:s") . $CURUSER['passhash']);
     $updateset[] = "passkey = " . sqlesc($passkey);
 if ($changedemail == 1) {
     $sec = mksecret();
     $hash = md5($sec . $email . $sec);
     $obemail = rawurlencode($email);
     $updateset[] = "editsecret = " . sqlesc($sec);
     $subject = "{$SITENAME}" . $lang_usercp['mail_profile_change_confirmation'];
     $body = <<<EOD
Esempio n. 26
        $sub = "Warn removed";
        $body = "Hey, your warning was removed by " . $CURUSER["username"] . "\nPlease keep in your best behaviour from now on.";
        $mc1->delete_value('user' . $_uids);
        $mc1->delete_value('MyUser_' . $_uids);
        $pms = array();
        foreach ($_uids as $id) {
            $pms[] = "(0," . $id . "," . sqlesc($sub) . "," . sqlesc($body) . "," . sqlesc(time()) . ")";
        if (count($pms)) {
            $g = sql_query("INSERT INTO messages(sender,receiver,subject,msg,added) VALUE " . join(",", $pms)) or $q_err = mysql_error();
            $q1 = sql_query("UPDATE users set warned='0', modcomment=CONCAT(" . sqlesc(get_date(time(), 'DATE', 1) . " - Warning removed by " . $CURUSER['username'] . "\n") . ",modcomment) WHERE id IN (" . join(",", $_uids) . ")") or $q2_err = mysql_error();
            if ($g && $q1) {
                header("Refresh: 2; url=" . $r);
                stderr("Success", count($pms) . " user" . (count($pms) > 1 ? "s" : "") . " unwarned");
            } else {
                stderr("Err", "Something went wrong! Q1 - " . $q_err . "<br />Q2 - " . $q2_err);
switch ($do) {
    case "disabled":
        $query = "SELECT id,username, class, downloaded, uploaded, IF(downloaded>0, round((uploaded/downloaded),2), '---') as ratio, disable_reason, added, last_access FROM users WHERE enabled='no' ORDER BY last_access DESC ";
        $title = "Disabled users";
        $link = "<a href=\"staffpanel.php?tool=warn&amp;action=warn&amp;?do=warned\">warned users</a>";
    case "warned":
        $query = "SELECT id, username, class, downloaded, uploaded, IF(downloaded>0, round((uploaded/downloaded),2), '---') as ratio, warn_reason, warned, added, last_access FROM users WHERE warned>='1' ORDER BY last_access DESC, warned DESC ";
        $title = "Warned users";
        $link = "<a href=\"staffpanel.php?tool=warn&amp;action=warn&amp;do=disabled\">disabled users</a>";
Esempio n. 27
    $HTMLOUT = '';
    $HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\t\t\"\">\n\t\t<html xmlns=''>\n\t\t<head>\n\t\t<title>Error!</title>\n\t\t</head>\n\t\t<body>\n\t<div style='font-size:33px;color:white;background-color:red;text-align:center;'>Incorrect access<br />You cannot access this file directly.</div>\n\t</body></html>";
    echo $HTMLOUT;
require_once INCL_DIR . 'user_functions.php';
require_once INCL_DIR . 'html_functions.php';
require_once INCL_DIR . 'pager_functions.php';
require_once CLASS_DIR . 'class_check.php';
$class = get_access(basename($_SERVER['REQUEST_URI']));
$lang = array_merge($lang, load_language('cheaters'));
$HTMLOUT = "";
if (isset($_POST["nowarned"]) && $_POST["nowarned"] == "nowarned") {
    if (empty($_POST["desact"]) && empty($_POST["remove"])) {
        stderr($lang['cheaters_err'], $lang['cheaters_seluser']);
    if (!empty($_POST["remove"])) {
        sql_query("DELETE FROM cheaters WHERE id IN (" . implode(", ", array_map("sqlesc", $_POST["remove"])) . ")") or sqlerr(__FILE__, __LINE__);
    if (!empty($_POST["desact"])) {
        sql_query("UPDATE users SET enabled = 'no' WHERE id IN (" . implode(", ", array_map("sqlesc", $_POST["desact"])) . ")") or sqlerr(__FILE__, __LINE__);
$HTMLOUT .= "<div class='row'><div class='col-md-12'>";
$HTMLOUT .= "<h2>{$lang['cheaters_users']}</h2>";
$res = sql_query("SELECT COUNT(*) FROM cheaters") or sqlerr(__FILE__, __LINE__);
$row = mysqli_fetch_array($res);
$count = $row[0];
$perpage = 15;
$pager = pager($perpage, $count, "staffpanel.php?tool=cheaters&amp;action=cheaters&amp;");
Esempio n. 28
$id = intval($_GET['uid']);
$md5 = $_GET['key'];
$email = urldecode($_GET['email']);
if (!validemail($email)) {
    stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_false_email']}");
$res = sql_query("SELECT editsecret FROM users WHERE id =" . sqlesc($id));
$row = mysqli_fetch_assoc($res);
if (!$row) {
    stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}");
$sec = $row['editsecret'];
if (preg_match('/^ *$/s', $sec)) {
    stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}");
if ($md5 != md5($sec . $email . $sec)) {
    stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}");
sql_query("UPDATE users SET editsecret='', email=" . sqlesc($email) . " WHERE id=" . sqlesc($id) . " AND editsecret=" . sqlesc($row["editsecret"]));
$mc1->begin_transaction('MyUser_' . $id);
$mc1->update_row(false, array('editsecret' => '', 'email' => $email));
$mc1->begin_transaction('user' . $id);
$mc1->update_row(false, array('editsecret' => '', 'email' => $email));
if (!mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
    stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}");
header("Refresh: 0; url={$INSTALLER09['baseurl']}/usercp.php?action=security&emailch=1");
Esempio n. 29
     } else {
         $ratio = 0;
 if ($ratio < $required_ratio) {
     stderr("Sorry " . $CURUSER["username"], "Your ratio is lower than the requirement of " . $required_ratio . "%.");
 $res = sql_query("select count(*) from blackjack where userid={$CURUSER['id']} and status='waiting'");
 $arr = mysql_fetch_array($res);
 if ($arr[0] > 0) {
     stderr("Sorry", "You'll have to wait until your last game completes before you play a new one.");
 } else {
     $res = sql_query("select count(*) from blackjack where userid={$CURUSER['id']} and status='playing'");
     $arr = mysql_fetch_array($res);
     if ($arr[0] > 0) {
         stderr("Sorry", "You must finish your old game first. <form method=post name=form action={$phpself}><input type=hidden name=game value=cont><input type=submit value=' Continue old game '></form>", false);
 $cardid = rand(1, $cardcount);
 $cardres = sql_query("select * from cards where id={$cardid}") or sqlerr(__FILE__, __LINE__);
 $cardarr = mysql_fetch_array($cardres);
 if ($cardarr[points] == 1) {
     $cardarr[points] = 11;
 sql_query("insert into blackjack (userid, points, cards, date) values({$CURUSER['id']}, {$cardarr['points']}, {$cardid}, {$now})") or sqlerr(__FILE__, __LINE__);
 echo "<h1>Welcome, <a href=userdetails.php?id={$CURUSER['id']}>{$CURUSER['username']}</a>!</h1>\n";
 echo "<table cellspacing=0 cellpadding=3 width=600>\n";
 echo "<tr><td colspan=2 cellspacing=0 cellpadding=5 >";
 echo "<form name=blackjack method=post action={$phpself}>";
 echo "<table class=message width=100% cellspacing=0 cellpadding=5 bgcolor=black>\n";
        if ($arr["owner"] == $CURUSER["id"] || $CURUSER['class'] > UC_MODERATOR) {
            $HTMLOUT .= "<a href='subtitles.php?mode=edit&amp;id=" . $arr["id"] . "'><img src='pic/edit.png' alt='Edit Sub' title='Edit Sub' style='border:none;padding:2px;' /></a>\n<a href='subtitles.php?mode=delete&amp;id=" . (int) $arr["id"] . "'><img src='pic/drop.png' alt='Delete Sub' title='Delete Sub' style='border:none;padding:2px;' /></a>";
        $HTMLOUT .= "</td></tr>\n<tr><td align='left'>Added :&nbsp;<b>" . get_date($arr["added"], 'LONG', 0, 1) . "</b></td></tr>\n</table>";
        $HTMLOUT .= end_main_frame();
        echo stdhead("Details for " . htmlsafechars($arr["name"]) . "") . $HTMLOUT . stdfoot();
} elseif ($mode == "preview") {
    $id = isset($_GET["id"]) ? 0 + $_GET["id"] : 0;
    if ($id == 0) {
        stderr("Err", "Not a valid id");
    } else {
        $res = sql_query("SELECT id, name,filename FROM subtitles  WHERE id={$id} ") or sqlerr(__FILE__, __LINE__);
        $arr = mysqli_fetch_assoc($res);
        if (mysqli_num_rows($res) == 0) {
            stderr("Sorry", "There is no subtitle with that id");
        $file = $INSTALLER09['sub_up_dir'] . "/" . $arr["filename"];
        $fileContent = file_get_contents($file);
        $HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\t\t\"\">\n\t\t<html xmlns=''>\n\t\t<head>\n\t\t<title>Preview for - " . htmlsafechars($arr["name"]) . "</title>\n\t\t</head>\n\t\t<body>\n\t<div style='font-size:12px;color:black;background-color:#CCCCCC;'>Subtitle preview<br />" . htmlsafechars($fileContent) . "</div>\n\t</body></html>";
        echo $HTMLOUT;
} else {
    $HTMLOUT .= begin_frame();
    $s = isset($_GET["s"]) ? htmlsafechars($_GET["s"]) : "";
    $w = isset($_GET["w"]) ? htmlsafechars($_GET["w"]) : "";
    if ($s && $w == "name") {
        $where = "WHERE LIKE " . sqlesc("%" . $s . "%");
    } elseif ($s && $w == "imdb") {
        $where = "WHERE LIKE " . sqlesc("%" . $s . "%");
    } elseif ($s && $w == "comment") {