public function updatePassword()
{
if (!isset($this->clean->password) || !isValid($this->clean->password, 'password')) {
$this->data['message'] = reset(array_values(formatErrors(602)));
} else {
// Check current password
$current_password = isset($this->clean->current_password) ? $this->clean->current_password : null;
$res = $this->user->read($this->user_id, 1, 1, 'email,password');
if (!isset($res->password)) {
$this->data['message'] = 'We could not verify your current password.';
} elseif (verifyHash($current_password, $res->password) != $res->password) {
$this->data['message'] = 'Your current password does not match what we have on record.';
} else {
$password = generateHash($this->clean->password);
$user = $this->user->update($this->user_id, array('password' => $password));
if (isset($user->password) && $user->password == $password) {
$this->data['success'] = true;
// Send email
$this->load->library('email');
$this->email->initialize();
$sent = $this->email->updatePassword($user->email);
} else {
$this->data['message'] = 'Your password could not be updated at this time. Please try again.';
}
}
}
$this->renderJSON();
}
function doLogin()
{
if (!verifyHash($_POST['hash'])) {
$this->error('非验证的来源!');
}
if (empty($_POST['username'])) {
$this->error('帐号不能为空!');
}
if (empty($_POST['password'])) {
$this->error('密码不能为空!');
}
if (empty($_POST['verify'])) {
$this->error('验证码不能为空!');
}
if ($_SESSION['verify'] != strtolower($_POST['verify'])) {
$this->error('验证码错误!');
}
$info = m('User')->getRowByName($_POST['username']);
if (empty($info)) {
$this->error('账号不存在');
}
if ($info['password'] != md5($_POST['password'])) {
$this->error('密码错误!');
}
$_SESSION['user_id'] = $info['id'];
$_SESSION['user_name'] = $info['username'];
$_SESSION['shop_id'] = $info['shop_id'];
$_SESSION['shop_name'] = $info['shop_name'];
$_SESSION['role_id'] = $info['role_id'];
$data = array();
$data['login_time'] = time();
$data['ip_address'] = getIp();
m('User')->update($data, "id='{$info['id']}'");
$this->success('登录成功!', url());
}
public function index()
{
$this->redirectIfInvalidCSRF();
$this->data['success'] = false;
// Find user
$this->load->model('users_model', 'user');
$user = $this->user->read("email = '" . $this->db_clean->email . "'", 1, 1);
if (!isset($user->user_id)) {
$this->data['message'] = sprintf(_('The email address `%s` was not found.'), $this->clean->email);
} elseif (!isset($user->active) || empty($user->active)) {
$this->data['message'] = _('Your account is no longer active. Please contact support.');
} else {
// Check proper password
if (strlen($user->password) == 32) {
$match = md5($this->clean->password) == $user->password ? true : false;
// Try to update to new password security since they are on old MD5
$hash = generateHash($this->clean->password);
// If hash is valid and match is valid
// Upgrade users to new encryption routine
if ($hash !== false && $match === true) {
$res = $this->user->update("user_id = '" . $user->user_id . "'", array('password' => $hash));
}
} else {
$match = verifyHash($this->clean->password, $user->password) == $user->password ? true : false;
}
// Check if passwords match
if ($match === false) {
$this->data['message'] = _('Your password is incorrect. Please try again.');
} else {
// At this point we are clear for takeoff
// Regenerate session
// Set session variables and send user on their way
$add_redirect = $this->session->userdata('add_redirect');
$redirect = empty($add_redirect) ? '/marks' : $add_redirect;
$this->session->unset_userdata('add_redirect');
$user->email = $this->clean->email;
$this->session->sess_update(true);
$this->sessionAddUser($user);
$this->data['success'] = true;
$this->data['redirect_url'] = $redirect;
}
}
$this->renderJSON();
}
}
// category check
$rc = do_sqlquery("SELECT id FROM {$TABLE_PREFIX}categories WHERE id={$categoria}", true);
if (mysql_num_rows($rc) == 0) {
err_msg($language["ERROR"], $language["WRITE_CATEGORY"]);
stdfoot();
exit;
}
@mysql_free_result($rs);
$announce = trim($array["announce"]);
if ($categoria == 0) {
err_msg($language["ERROR"], $language["WRITE_CATEGORY"]);
stdfoot();
exit;
}
if (strlen($hash) != 40 || !verifyHash($hash)) {
err_msg($language["ERROR"], $language["ERR_HASH"]);
stdfoot();
exit;
}
// if ($announce!=$BASEURL."/announce.php" && $EXTERNAL_TORRENTS==false)
if (!in_array($announce, $TRACKER_ANNOUNCEURLS) && $EXTERNAL_TORRENTS == false) {
err_msg($language["ERROR"], $language["ERR_EXTERNAL_NOT_ALLOWED"]);
unlink($_FILES["torrent"]["tmp_name"]);
stdfoot();
exit;
}
$userfile = $_FILES["userfile"];
$screen1 = $_FILES["screen1"];
$screen2 = $_FILES["screen2"];
$screen3 = $_FILES["screen3"];
if ($GLOBALS["allow_scrape"]) {
$usehash = false;
/*
* Was an individual hash requested?
*/
if (isset($_GET["info_hash"])) {
if (get_magic_quotes_gpc()) {
$info_hash = stripslashes($_GET["info_hash"]);
} else {
$info_hash = $_GET["info_hash"];
}
if (strlen($info_hash) == 20) {
$info_hash = bin2hex($info_hash);
} else {
if (strlen($info_hash) == 40) {
verifyHash($info_hash) or showError("Invalid info hash value.");
} else {
showError("Invalid info hash value.");
}
}
//make sure torrent isn't hidden
scrapeVerifyHash($info_hash) or showError("Invalid info hash value.");
$usehash = true;
}
/*
* Get requested info
*/
if ($usehash) {
$query = mysql_query("SELECT summary.info_hash, summary.seeds, summary.finished, summary.leechers, namemap.filename, summary.dlbytes, summary.avgdone, summary.speed FROM summary LEFT JOIN namemap ON summary.info_hash = namemap.info_hash WHERE summary.info_hash=\"{$info_hash}\" AND summary.hide_torrent=\"N\" AND summary.external_torrent=\"N\"") or showError("Database error. Cannot complete request.");
} else {
$query = mysql_query("SELECT summary.info_hash, summary.seeds, summary.finished, summary.leechers, namemap.filename, summary.dlbytes, summary.avgdone, summary.speed FROM summary LEFT JOIN namemap ON summary.info_hash = namemap.info_hash WHERE summary.hide_torrent=\"N\" AND summary.external_torrent=\"N\" ORDER BY summary.info_hash") or showError("Database error. Cannot complete request.");
function addTorrent()
{
global $dbhost, $dbuser, $dbpass, $database;
global $_POST, $_FILES;
require_once "funcsv2.php";
require_once "BDecode.php";
require_once "BEncode.php";
$hash = strtolower($_POST["hash"]);
$db = mysql_connect($dbhost, $dbuser, $dbpass) or die("<p class=\"error\">Couldn't connect to database. contact the administrator</p>");
mysql_select_db($database) or die("<p class=\"error\">Can't open the database.</p>");
if (isset($_FILES["torrent"])) {
if ($_FILES["torrent"]["error"] != 4) {
$fd = fopen($_FILES["torrent"]["tmp_name"], "rb") or die("<p class=\"error\">File upload error 1</p>\n");
is_uploaded_file($_FILES["torrent"]["tmp_name"]) or die("<p class=\"error\">File upload error 2</p>\n");
$alltorrent = fread($fd, filesize($_FILES["torrent"]["tmp_name"]));
$array = BDecode($alltorrent);
if (!$array) {
echo "<p class=\"error\">There was an error handling your uploaded torrent. The parser didn't like it.</p>";
endOutput();
exit;
}
$hash = @sha1(BEncode($array["info"]));
fclose($fd);
unlink($_FILES["torrent"]["tmp_name"]);
}
}
if (isset($_POST["filename"])) {
$filename = clean($_POST["filename"]);
} else {
$filename = "";
}
if (isset($_POST["url"])) {
$url = clean($_POST["url"]);
} else {
$url = "";
}
if (isset($_POST["info"])) {
$info = clean($_POST["info"]);
} else {
$info = "";
}
if (isset($_POST["autoset"])) {
if (strcmp($_POST["autoset"], "enabled") == 0) {
if (strlen($filename) == 0 && isset($array["info"]["name"])) {
$filename = $array["info"]["name"];
}
if (strlen($info) == 0 && isset($array["info"]["piece length"])) {
$info = $array["info"]["piece length"] / 1024 * (strlen($array["info"]["pieces"]) / 20) / 1024;
$info = round($info, 2) . " MB";
if (isset($array["comment"])) {
$info .= " - " . $array["comment"];
}
}
}
$filename = mysql_escape_string($filename);
$url = mysql_escape_string($url);
$info = mysql_escape_string($info);
if (strlen($hash) != 40 || !verifyHash($hash)) {
echo "<p class=\"error\">Error: Info hash must be exactly 40 hex bytes.</p>";
endOutput();
}
$query = "INSERT INTO BTPHP_namemap (info_hash, filename, url, info) VALUES (\"{$hash}\", \"{$filename}\", \"{$url}\", \"{$info}\")";
$status = makeTorrent($hash, true);
quickQuery($query);
if ($status) {
echo "<p class=\"error\">Torrent was added successfully.</p>";
} else {
echo "<p class=\"error\">There were some errors. Check if this torrent had been added previously.</p>";
}
}
endOutput();
}
<?php
// COMPOSER AUTOLOAD
require_once $_SERVER['DOCUMENT_ROOT'] . "/includes.php";
require_once "commons.php";
header('Content-Type: application/json');
$base = dirname($_SERVER['PHP_SELF']);
if (ltrim($base, '/')) {
$_SERVER['REQUEST_URI'] = substr($_SERVER['REQUEST_URI'], strlen($base));
}
if (empty($_GET['hash'])) {
//throwUnauth());
} else {
if (!verifyHash($_GET['hash'])) {
//throwUnauth());
}
}
function respond($result)
{
return json_encode($result);
}
function verifyAuth($response)
{
if (!Session::isValid($response)) {
throwUnauth();
}
}
$klein = new \Klein\Klein();
$requestType = array("POST", "GET");
$klein->respond($requestType, '/', function () {
sleep(1);
/**
* main payment action
*/
public function mainPaymentAction()
{
setlocale(LC_MONETARY, $GLOBALS['onxshop_conf']['global']['locale']);
/**
* check input values
*/
if (is_numeric($this->GET['order_id'])) {
$order_id = $this->GET['order_id'];
} else {
msg('Payment: Missing order_id', 'error', 1);
onxshopGoTo("/page/" . $node_conf['id_map-404']);
return false;
}
/**
* include node configuration
*/
require_once 'models/common/common_node.php';
$node_conf = common_node::initConfiguration();
$this->tpl->assign('NODE_CONF', $node_conf);
/**
* get order detail
*/
$order_data = $this->Transaction->getOrderDetail($order_id);
// need to assign ORDER detail into template before processing Google Analytics
$this->tpl->assign("ORDER", $order_data);
/**
* google analytics
*/
//TODO: NOTE: Do not include the square brackets when setting the values for the form. In addition, do not use commas to separate the thousands place in your total, tax, and shipping fields - any digits after the comma will be dropped.
if ($GLOBALS['onxshop_conf']['global']['google_analytics'] != '') {
foreach ($order_data['basket']['items'] as $item) {
$this->tpl->assign("ITEM", $item);
$this->tpl->parse('content.google_analytics.item');
}
$this->tpl->parse('content.google_analytics');
}
/**
* Google Adwords, must be numeric
*/
if (is_numeric($GLOBALS['onxshop_conf']['global']['google_adwords'])) {
$this->tpl->parse('content.google_adwords');
}
/**
* find what payment method we use
*/
$payment_type = $this->Transaction->getPaymentTypeForOrder($order_id);
/**
* check whether payment is supported
*/
$controller = "component/ecommerce/payment/{$payment_type}";
if (getTemplateDir($controller . ".html") == '') {
msg("Unsupported payment type {$payment_type}", 'error');
return false;
}
/**
* Check order permission
*/
$is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id'];
$is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated();
$is_guest_user = $order_data['client']['customer']['status'] == 5;
$is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id'];
$has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']);
if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) {
/**
* process payment method only if status = 0 unpaid or 5 failed payment
*/
if ($this->checkOrderStatusValidForPayment($order_data['status'])) {
$total_payment_amount = $order_data['basket']['total'];
if (round($total_payment_amount, 2) == 0) {
//nil payment - payment is not needed
if ($this->processNilPayment($order_data)) {
$this->tpl->parse('content.nil_payment');
} else {
msg("Cannot process nil payment for order ID {$order_id}", 'error');
}
} else {
//process payment method as subcontent
$_Onxshop_Request = new Onxshop_Request("component/ecommerce/payment/{$payment_type}~order_id={$order_id}~");
$this->tpl->assign("RESULT", $_Onxshop_Request->getContent());
}
} else {
msg("Order ID {$order_data['id']} cannot be paid, because order status is: {$order_data['status_title']}", 'error');
return false;
}
} else {
/**
* forward to login
*/
if ($_SESSION['client']['customer']['id'] == 0) {
msg('You must login first.');
onxshopGoTo("/page/" . $node_conf['id_map-login']);
}
msg('Unauthorised access to order detail');
onxshopGoTo("/page/" . $node_conf['id_map-404']);
return false;
}
setlocale(LC_MONETARY, LOCALE);
return true;
}
/**
* main action
*/
public function mainAction()
{
/**
* check GET.id
*/
if (is_numeric($this->GET['id'])) {
$order_id = $this->GET['id'];
} else {
msg("component/ecommerce/invoice: GET.id is not numeric", 'error');
return false;
}
/**
* initialize
*/
require_once 'models/ecommerce/ecommerce_invoice.php';
require_once 'models/ecommerce/ecommerce_order.php';
$Invoice = new ecommerce_invoice();
$Order = new ecommerce_order();
$Invoice->setCacheable(false);
$Order->setCacheable(false);
$this->tpl->assign('CONF', $Invoice->conf);
/**
* get order data
*/
$order_data = $Order->getOrder($order_id);
/**
* check owner
*/
//security check of the owner
$is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id'];
$is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated();
$is_guest_user = $order_data['client']['customer']['status'] == 5;
$is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id'];
$has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']);
if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) {
/**
* check dift option
*/
if ($order_data['other_data']['delivery_options']['other_data']['gift'] == 1 || $order_data['other_data']['gift'] == 1) {
$this->tpl->parse('content.gift');
}
/**
* display appropriate carrier logo
*/
$carrier_id = $order_data['other_data']['delivery_options']['carrier_id'];
$this->tpl->parse("content.type.carrier_id_{$carrier_id}");
$this->tpl->parse('content.type');
/**
* get invoice details
*/
$invoice_data = $Invoice->getInvoiceForOrder($this->GET['id']);
/**
* other data
*/
/*
$order_data['other_data'] = unserialize($order_data['other_data']);
if (is_array($order_data['other_data'])) {
foreach ($order_data['other_data'] as $key=>$value) {
//format
$key = preg_replace("/required_/","",$key);
$key = preg_replace("/_/"," ",$key);
$key = ucfirst($key);
$note['key'] = $key;
$note['value'] = nl2br($value);
if ($note['value'] != '') {
$this->tpl->assign('OTHER_DATA', $note);
$this->tpl->parse('content.other_data.item');
$show_other_data = 1;
}
}
if ($show_other_data == 1) $this->tpl->parse('content.other_data');
}
*/
//$invoice_data['created'] = strftime('%d/%m/%Y', strtotime($invoice_data['created']));
if (empty($invoice_data['basket_detail_enhanced'])) {
$invoice_data['basket_detail_enhanced'] = $invoice_data['basket_detail'];
}
$this->tpl->assign('INVOICE', $invoice_data);
$this->tpl->assign('ORDER', $order_data);
if ($Invoice->conf['company_logo'] != '') {
$this->tpl->parse('content.logoimage');
} else {
$this->tpl->parse('content.logotypo');
}
} else {
msg('unauthorized access to view order detail');
}
return true;
}
function verifyForm()
{
if (!verifyHash($_POST['hash'])) {
$this->error('非验证的来源!');
}
}
if (isset($_GET["info_hash"])) {
if ($pid != "") {
$qryStr = substr($_SERVER["QUERY_STRING"], strlen("?pid={$pid}"));
} else {
$qryStr = $_SERVER["QUERY_STRING"];
}
// support for multi-scrape
// more info @ http://wiki.depthstrike.com/index.php/P2P:Programming:Trackers:PHP:Multiscrape
foreach (explode("&", $qryStr) as $item) {
if (substr($item, 0, 10) == "info_hash=") {
$ihash = urldecode(substr($item, 10));
if (strlen($ihash) == 20) {
$ihash = bin2hex($ihash);
} else {
if (strlen($ihash) == 40) {
if (!verifyHash($ihash)) {
continue;
} else {
continue;
}
}
}
// showError(INVALID_INFO_HASH);
$newmatches[] = $ihash;
}
}
if (get_magic_quotes_gpc()) {
//$info_hash = stripslashes($_GET["info_hash"]);
$info_hash = stripslashes(join($newmatches, "','"));
} else {
// $info_hash = $_GET["info_hash"];
function _wobi_addTorrent($torrent_file_path, $torrent_file_url, $file_path, $file_url)
{
require "config.php";
$tracker_url = WOBI_TRACKER_URL;
$httpseed = true;
$tmp1 = explode("/wp-content/", $file_path);
$relative_path = "../../" . $tmp1[1];
$getrightseed = false;
$httpftplocation = $file_url;
$target_path = "torrents/";
$autoset = true;
$filename = "";
// $file_path; // Extracted from torrent (if $autoset)
$url = "{$file_url}";
// Extracted from torrent (if $autoset)
$hash = "";
// Extracted from torrent (if $autoset)
// TODO: Only if not already connected.
// $db = mysql_connect($dbhost, $dbuser, $dbpass) or die(errorMessage() . "Couldn't connect to the database, contact the administrator.</p>");
// mysql_select_db($database) or die(errorMessage() . "Can't open the database.</p>");
require_once "funcsv2.php";
require_once "BDecode.php";
require_once "BEncode.php";
// Check for errors, we don't care right?
$fd = fopen($torrent_file_path, "rb") or die(_wobi_errorMessage() . "File upload error 1</p>\n");
// is_uploaded_file($torrent_file_path) or die(_wobi_errorMessage() . "File upload error 2</p>\n");
$alltorrent = fread($fd, filesize($torrent_file_path));
$array = BDecode($alltorrent);
if (!$array) {
$wobi_error = _wobi_errorMessage() . "Error: The parser was unable to load your torrent. Please re-create and re-upload the torrent.</p>\n";
return false;
}
if (strtolower($array["announce"]) != $tracker_url) {
$wobi_error = _wobi_errorMessage() . "Error: The tracker announce URL does not match this:<br>{$tracker_url}<br>Please re-create and re-upload the torrent.</p>\n";
return false;
}
if ($httpseed && $relative_path == "") {
$wobi_error = _wobi_errorMessage() . "Error: HTTP seeding was checked however no relative path was given.</p>\n";
return false;
}
if ($httpseed && $relative_path != "") {
if (Substr($relative_path, -1) == "/") {
if (!is_dir($relative_path)) {
$wobi_error = _wobi_errorMessage() . "Error: HTTP seeding relative path ends in / but is not a valid directory.</p>\n";
return false;
}
} else {
if (!is_file($relative_path)) {
$wobi_error = _wobi_errorMessage() . "Error: HTTP seeding relative path is not a valid file.</p>\n";
return false;
}
}
}
if ($getrightseed && $httpftplocation == "") {
$wobi_error = _wobi_errorMessage() . "Error: GetRight HTTP seeding was checked however no URL was given.</p>\n";
return false;
}
if ($getrightseed && (Substr($httpftplocation, 0, 7) != "http://" && Substr($httpftplocation, 0, 6) != "ftp://")) {
$wobi_error = _wobi_errorMessage() . "Error: GetRight HTTP seeding URL must start with http:// or ftp://</p>\n";
return false;
}
$hash = @sha1(BEncode($array["info"]));
fclose($fd);
$target_path = $target_path . basename($torrent_file_path);
$move_torrent = rename($torrent_file_path, $target_path);
if ($move_torrent == false) {
$wobi_error = errorMessage() . "Unable to move {$torrent_file_path} to torrents/</p>\n";
}
if (!empty($filename)) {
// XXX can probably remove this...
$filename = clean($filename);
}
if (!empty($url)) {
// XXX and this
$url = clean($url);
}
if ($autoset) {
if (strlen($filename) == 0 && isset($array["info"]["name"])) {
$filename = $array["info"]["name"];
}
}
//figure out total size of all files in torrent
$info = $array["info"];
$total_size = 0;
if (isset($info["files"])) {
foreach ($info["files"] as $file) {
$total_size = $total_size + $file["length"];
}
} else {
$total_size = $info["length"];
}
//Validate torrent file, make sure everything is correct
$filename = mysql_escape_string($filename);
$filename = htmlspecialchars(clean($filename));
$url = htmlspecialchars(mysql_escape_string($url));
if (strlen($hash) != 40 || !verifyHash($hash)) {
$wobi_error = _wobi_errorMessage() . "Error: Info hash must be exactly 40 hex bytes.</p>\n";
return false;
}
if (Substr($url, 0, 7) != "http://" && $url != "") {
$wobi_error = _wobi_errorMessage() . "Error: The Torrent URL does not start with http:// Make sure you entered a correct URL.</p>\n";
return false;
}
$query = "INSERT INTO " . $prefix . "namemap (info_hash, filename, url, size, pubDate) VALUES (\"{$hash}\", \"{$filename}\", \"{$url}\", \"{$total_size}\", \"" . date('D, j M Y h:i:s') . "\")";
$status = makeTorrent($hash, true);
quickQuery($query);
chmod($target_path, 0644);
if ($status) {
$wobi_error = "<p class=\"success\">Torrent was added successfully.</p>\n";
require_once "wobi_functions.php";
_wobi_addWebseedfiles($target_path, $relative_path, $httpftplocation, $hash);
return true;
} else {
$wobi_error = _wobi_errorMessage() . "There were some errors. Check if this torrent has been added previously.</p>\n";
return false;
}
}
function addTorrent()
{
require "config.php";
$tracker_url = $website_url . substr($_SERVER['REQUEST_URI'], 0, -15) . "announce.php";
$hash = strtolower($_POST["hash"]);
$db = mysql_connect($dbhost, $dbuser, $dbpass) or die(errorMessage() . "Couldn't connect to the database, contact the administrator</p>");
mysql_select_db($database) or die(errorMessage() . "Can't open the database.</p>");
require_once "funcsv2.php";
require_once "BDecode.php";
require_once "BEncode.php";
if ($_FILES["torrent"]["error"] != 4) {
$fd = fopen($_FILES["torrent"]["tmp_name"], "rb") or die(errorMessage() . "File upload error 1</p>\n");
is_uploaded_file($_FILES["torrent"]["tmp_name"]) or die(errorMessage() . "File upload error 2</p>\n");
$alltorrent = fread($fd, filesize($_FILES["torrent"]["tmp_name"]));
$array = BDecode($alltorrent);
if (!$array) {
echo errorMessage() . "Error: The parser was unable to load your torrent. Please re-create and re-upload the torrent.</p>\n";
endOutput();
exit;
}
if (strtolower($array["announce"]) != $tracker_url) {
echo errorMessage() . "Error: The tracker announce URL does not match this:<br>{$tracker_url}<br>Please re-create and re-upload the torrent.</p>\n";
endOutput();
exit;
}
if ($_POST["httpseed"] == "enabled" && $_POST["relative_path"] == "") {
echo errorMessage() . "Error: HTTP seeding was checked however no relative path was given.</p>\n";
endOutput();
exit;
}
if ($_POST["httpseed"] == "enabled" && $_POST["relative_path"] != "") {
if (Substr($_POST["relative_path"], -1) == "/") {
if (!is_dir($_POST["relative_path"])) {
echo errorMessage() . "Error: HTTP seeding relative path ends in / but is not a valid directory.</p>\n";
endOutput();
exit;
}
} else {
if (!is_file($_POST["relative_path"])) {
echo errorMessage() . "Error: HTTP seeding relative path is not a valid file.</p>\n";
endOutput();
exit;
}
}
}
if ($_POST["getrightseed"] == "enabled" && $_POST["httpftplocation"] == "") {
echo errorMessage() . "Error: GetRight HTTP seeding was checked however no URL was given.</p>\n";
endOutput();
exit;
}
if ($_POST["getrightseed"] == "enabled" && (Substr($_POST["httpftplocation"], 0, 7) != "http://" && Substr($_POST["httpftplocation"], 0, 6) != "ftp://")) {
echo errorMessage() . "Error: GetRight HTTP seeding URL must start with http:// or ftp://</p>\n";
endOutput();
exit;
}
$hash = @sha1(BEncode($array["info"]));
fclose($fd);
$target_path = "torrents/";
$target_path = $target_path . basename(clean($_FILES['torrent']['name']));
$move_torrent = move_uploaded_file($_FILES["torrent"]["tmp_name"], $target_path);
if ($move_torrent == false) {
echo errorMessage() . "Unable to move " . $_FILES["torrent"]["tmp_name"] . " to torrents/</p>\n";
}
}
if (isset($_POST["filename"])) {
$filename = clean($_POST["filename"]);
} else {
$filename = "";
}
if (isset($_POST["url"])) {
$url = clean($_POST["url"]);
} else {
$url = "";
}
if (isset($_POST["autoset"])) {
if (strcmp($_POST["autoset"], "enabled") == 0) {
if (strlen($filename) == 0 && isset($array["info"]["name"])) {
$filename = $array["info"]["name"];
}
}
}
//figure out total size of all files in torrent
$info = $array["info"];
$total_size = 0;
if (isset($info["files"])) {
foreach ($info["files"] as $file) {
$total_size = $total_size + $file["length"];
}
} else {
$total_size = $info["length"];
}
//Validate torrent file, make sure everything is correct
$filename = mysql_escape_string($filename);
$filename = htmlspecialchars(clean($filename));
$url = htmlspecialchars(mysql_escape_string($url));
if (strlen($hash) != 40 || !verifyHash($hash)) {
echo errorMessage() . "Error: Info hash must be exactly 40 hex bytes.</p>\n";
endOutput();
}
if (Substr($url, 0, 7) != "http://" && $url != "") {
echo errorMessage() . "Error: The Torrent URL does not start with http:// Make sure you entered a correct URL.</p>\n";
endOutput();
}
$query = "INSERT INTO " . $prefix . "namemap (info_hash, filename, url, size, pubDate) VALUES (\"{$hash}\", \"{$filename}\", \"{$url}\", \"{$total_size}\", \"" . date('D, j M Y h:i:s') . "\")";
$status = makeTorrent($hash, true);
quickQuery($query);
if ($status) {
echo "<p class=\"success\">Torrent was added successfully.</p>\n";
echo "<a href=\"newtorrents.php\"><img src=\"images/add.png\" border=\"0\" class=\"icon\" alt=\"Add Torrent\" title=\"Add Torrent\" /></a><a href=\"newtorrents.php\">Add Another Torrent</a><br>\n";
//rename torrent file to match filename
rename("torrents/" . clean($_FILES['torrent']['name']), "torrents/" . $filename . ".torrent");
//make torrent file readable by all
chmod("torrents/" . $filename . ".torrent", 0644);
//run RSS generator
require_once "rss_generator.php";
//Display information from DumpTorrentCGI.php
require_once "torrent_functions.php";
} else {
echo errorMessage() . "There were some errors. Check if this torrent has been added previously.</p>\n";
//delete torrent file if it doesn't exist in database
$query = "SELECT COUNT(*) FROM " . $prefix . "summary WHERE info_hash = '{$hash}'";
$results = mysql_query($query) or die(errorMessage() . "Can't do SQL query - " . mysql_error() . "</p>");
$data = mysql_fetch_row($results);
if ($data[0] == 0) {
if (file_exists("torrents/" . $_FILES['torrent']['name'])) {
unlink("torrents/" . $_FILES['torrent']['name']);
}
}
//make torrent file readable by all
chmod("torrents/" . $filename . ".torrent", 0644);
endOutput();
}
}
</script>
</head>
<body>
<form action="<?php
echo $_SERVER["PHP_SELF"];
?>
" method="POST">
<?php
require_once "funcsv2.php";
// check database user
if (isset($dbuser) && isset($dbpass)) {
$db = mysql_connect($dbhost, $dbuser, $dbpass) or die(errorMessage() . "Cannot connect to database. Check your username and password in the config file.</p>");
mysql_select_db($database) or die(errorMessage() . "Error selecting database.</p>");
foreach ($_POST as $left => $right) {
if (strlen($left) == 41) {
if (!is_numeric($right) || !verifyHash(substr($left, 1))) {
continue;
}
$hash = substr($left, 1);
//delete torrent file
$query = "SELECT filename FROM " . $prefix . "namemap WHERE info_hash =\"{$hash}\"";
$delete_file = mysql_query($query) or die(errorMessage() . "Can't do SQL query - " . mysql_error() . "</p>");
$delete = mysql_fetch_row($delete_file);
unlink("torrents/" . $delete[0] . ".torrent");
//continue deleting information in database
@mysql_query("DELETE FROM " . $prefix . "summary WHERE info_hash=\"{$hash}\"");
@mysql_query("DELETE FROM " . $prefix . "namemap WHERE info_hash=\"{$hash}\"");
@mysql_query("DELETE FROM " . $prefix . "timestamps WHERE info_hash=\"{$hash}\"");
@mysql_query("DELETE FROM " . $prefix . "webseedfiles WHERE info_hash=\"{$hash}\"");
@mysql_query("DROP TABLE " . $prefix . "y{$hash}");
@mysql_query("DROP TABLE " . $prefix . "x{$hash}");
/**
* main action
*/
public function mainAction()
{
require_once 'models/ecommerce/ecommerce_order.php';
$Order = new ecommerce_order();
$Order->setCacheable(false);
if (is_numeric($this->GET['order_id'])) {
$order_id = $this->GET['order_id'];
} else {
msg('Order Detail: Missing order_id', 'error');
return false;
}
/**
* security code to allow unlogged users to pay for the order and view their invoice
*/
$this->tpl->assign('ORDER_CODE', makeHash($this->GET['order_id']));
/**
* include node configuration
*/
require_once 'models/common/common_node.php';
$node_conf = common_node::initConfiguration();
$this->tpl->assign('NODE_CONF', $node_conf);
/**
* get detail
*/
$order_data = $Order->getOrder($order_id);
//security check of the owner
$is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id'];
$is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated();
$is_guest_user = $order_data['client']['customer']['status'] == 5;
$is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id'];
$has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']);
if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) {
/**
* display Make Payment if appropriate
*/
if ($Order->checkOrderStatusValidForPayment($order_data['status'])) {
$this->tpl->parse('content.make_payment');
}
/**
* get address detail
*/
$_Onxshop_Request = new Onxshop_Request("component/client/address~invoices_address_id={$order_data['invoices_address_id']}:hide_button=1~");
$this->tpl->assign("ADDRESS_INVOICES", $_Onxshop_Request->getContent());
$_Onxshop_Request = new Onxshop_Request("component/client/address~delivery_address_id={$order_data['delivery_address_id']}:hide_button=1~");
$this->tpl->assign("ADDRESS_DELIVERY", $_Onxshop_Request->getContent());
/**
* basket detail
* if the order is payed, display HTML basket from the invoice, otherwise generate on the fly
*/
require_once 'models/ecommerce/ecommerce_invoice.php';
$Invoice = new ecommerce_invoice();
$Invoice->setCacheable(false);
$invoice_data = $Invoice->getInvoiceForOrder($order_data['id']);
if ($invoice_data) {
$this->tpl->assign("BASKET_DETAIL", $invoice_data['basket_detail']);
$this->tpl->parse("content.print_invoice");
} else {
$_Onxshop_Request = new Onxshop_Request("component/ecommerce/basket_detail~id={$order_data['basket_id']}:order_id={$order_id}:delivery_address_id={$order_data['delivery_address_id']}:delivery_options[carrier_id]={$order_data['other_data']['delivery_options']['carrier_id']}~");
$this->tpl->assign("BASKET_DETAIL", $_Onxshop_Request->getContent());
}
//other data
/* don't show
$order_data['other_data'] = unserialize($order_data['other_data']);
if (is_array($order_data['other_data'])) {
foreach ($order_data['other_data'] as $key=>$value) {
//format
$key = preg_replace("/required_/","",$key);
$key = preg_replace("/_/"," ",$key);
$key = ucfirst($key);
$note['key'] = $key;
$note['value'] = nl2br($value);
if ($note['value'] != '') {
$this->tpl->assign('OTHER_DATA', $note);
$this->tpl->parse('content.other_data.item');
$show_other_data = 1;
}
}
if ($show_other_data == 1) $this->tpl->parse('content.other_data');
}
*/
$order_data['created'] = strftime('%d/%m/%Y', strtotime($order_data['basket']['created']));
$this->tpl->assign('ORDER', $order_data);
} else {
msg('unauthorised access to view order detail', 'error');
}
return true;
}
