function json_scoreboard($user_type = null) { $values = array(); if (is_valid_id($user_type)) { $values['user_type'] = $user_type; } $scores = db_query_fetch_all(' SELECT u.id AS user_id, u.team_name, co.country_code, SUM(c.points) AS score, MAX(s.added) AS tiebreaker FROM users AS u LEFT JOIN countries AS co ON co.id = u.country_id LEFT JOIN submissions AS s ON u.id = s.user_id AND s.correct = 1 LEFT JOIN challenges AS c ON c.id = s.challenge WHERE u.competing = 1 ' . (is_valid_id($user_type) ? 'AND u.user_type = :user_type' : '') . ' GROUP BY u.id ORDER BY score DESC, tiebreaker ASC', $values); $scoreboard = array(); for ($i = 0; $i < count($scores); $i++) { $scoreboard['standings'][$i] = array('pos' => $i + 1, 'team' => $scores[$i]['team_name'], 'score' => array_get($scores[$i], 'score', 0), 'country' => $scores[$i]['country_code']); } echo json_encode($scoreboard); }
function update_poll() { global $INSTALLER09, $CURUSER, $mc1, $lang; $total_votes = 0; if (!isset($_POST['pid']) or !is_valid_id($_POST['pid'])) { stderr($lang['poll_up_usr_err'], $lang['poll_up_no_poll']); } $pid = intval($_POST['pid']); if (!isset($_POST['poll_question']) or empty($_POST['poll_question'])) { stderr($lang['poll_up_usr_err'], $lang['poll_up_no_title']); } $poll_title = sqlesc(htmlsafechars(strip_tags($_POST['poll_question']), ENT_QUOTES)); //get the main crux of the poll data $poll_data = makepoll(); $total_votes = isset($poll_data['total_votes']) ? intval($poll_data['total_votes']) : 0; unset($poll_data['total_votes']); if (!is_array($poll_data) or !count($poll_data)) { stderr($lang['poll_up_sys_err'], $lang['poll_up_no_data']); } //all ok, serialize $poll_data = sqlesc(serialize($poll_data)); $username = sqlesc($CURUSER['username']); sql_query("UPDATE polls SET choices={$poll_data}, starter_id={$CURUSER['id']}, starter_name={$username}, votes={$total_votes}, poll_question={$poll_title} WHERE pid=" . sqlesc($pid)) or sqlerr(__FILE__, __LINE__); $mc1->delete_value('poll_data_' . $CURUSER['id']); if (-1 == mysqli_affected_rows($GLOBALS["___mysqli_ston"])) { $msg = "<h2>{$lang['poll_up_error']}</h2>\n <a href='javascript:history.back()' title='{$lang['poll_up_fix_it']}' style='color:green;font-weight:bold'><span class='btn' style='padding:3px;'><img style='vertical-align:middle;' src='{$INSTALLER09['pic_base_url']}/polls/p_delete.gif' alt='{$lang['poll_up_back']}' />{$lang['poll_up_back']}</span></a>"; } else { $msg = "<h2>{$lang['poll_up_worked']}</h2>\n <a href='staffpanel.php?tool=polls_manager&action=polls_manager' title='{$lang['poll_up_return']}' style='color:green;font-weight:bold'><span class='btn' style='padding:3px;'><img style='vertical-align:middle;' src='{$INSTALLER09['pic_base_url']}/polls/p_tick.gif' alt='{$lang['poll_up_success']}' />{$lang['poll_up_success']}</span></a>"; } echo stdhead($lang['poll_up_stdhead']) . $msg . stdfoot(); }
function update_poll() { global $INSTALLER09, $CURUSER, $mc1; $total_votes = 0; if (!isset($_POST['pid']) or !is_valid_id($_POST['pid'])) { stderr('USER ERROR', 'There is no poll with that ID!'); } $pid = intval($_POST['pid']); if (!isset($_POST['poll_question']) or empty($_POST['poll_question'])) { stderr('USER ERROR', 'There is no title defined!'); } $poll_title = sqlesc(htmlspecialchars(strip_tags($_POST['poll_question']), ENT_QUOTES)); //get the main crux of the poll data $poll_data = makepoll(); $total_votes = isset($poll_data['total_votes']) ? intval($poll_data['total_votes']) : 0; unset($poll_data['total_votes']); if (!is_array($poll_data) or !count($poll_data)) { stderr('SYSTEM ERROR', 'There was no data sent'); } //all ok, serialize $poll_data = sqlesc(serialize($poll_data)); $username = sqlesc($CURUSER['username']); @sql_query("UPDATE polls SET choices={$poll_data}, starter_id={$CURUSER['id']}, starter_name={$username}, votes={$total_votes}, poll_question={$poll_title} WHERE pid={$pid}") or sqlerr(__FILE__, __LINE__); $mc1->delete_value('poll_data_' . $CURUSER['id']); if (-1 == mysql_affected_rows()) { $msg = "<h2>An Error Occured!</h2>\r\n <a href='javascript:history.back()' title='Go back and fix the error' style='color:green;font-weight:bold'><span class='btn' style='padding:3px;'><img style='vertical-align:middle;' src='{$INSTALLER09['pic_base_url']}/polls/p_delete.gif' alt='Go Back' />Go Back</span></a>"; } else { $msg = "<h2>Groovy, everything went hunky dory!</h2>\r\n <a href='staffpanel.php?tool=polls_manager&action=polls_manager' title='Return to Polls Manager' style='color:green;font-weight:bold'><span class='btn' style='padding:3px;'><img style='vertical-align:middle;' src='{$INSTALLER09['pic_base_url']}/polls/p_tick.gif' alt='Success' />Success</span></a>"; } echo stdhead('Poll Manager::Add New Poll') . $msg . stdfoot(); }
function check($id) { if (!is_valid_id($id)) { return stderr("Error", "Invalid ID"); } else { return true; } }
function validate($id) { global $lang; if (!is_valid_id($id)) { stderr($lang['failed_sorry'], "{$lang['failed_bad_id']}"); } else { return true; } }
public function update($data, $id) { if (empty($data['domain']) || !is_valid_id($id)) { return FALSE; } else { $this->db->where('id', $id); $this->db->update('website', $data); return TRUE; } }
public function update($data, $id) { if (empty($data['type']) || !is_valid_id($id)) { return FALSE; } else { $this->db->where('id', $id); $this->db->update('producttype', $data); return TRUE; } }
function delete_file($id) { if (!is_valid_id($id)) { message_error('Invalid ID.'); } db_delete('files', array('id' => $id)); if (file_exists(CONST_PATH_FILE_UPLOAD . $id)) { unlink(CONST_PATH_FILE_UPLOAD . $id); } }
public function remove($client_id) { is_valid_id($client_id, 'client') ? '' : show_error($this->lang->line('not_valid_id')); $is_remove = $this->relation->remove($client_id); if ($is_remove) { set_flash($this->lang->line('db_client_removed')); redirect('dashboard', 'refresh'); } else { set_flash($this->lang->line('db_client_remove_error')); redirect('dashboard', 'refresh'); } }
public function update() { $p = $this->input->post('p'); if (!is_valid_id($p["id"])) { echo "COULD NOT UPDATE - MISSING WEBSITE ID"; } else { $id = $p["id"]; } if ($this->Website_model->update($p['update'], $id)) { echo "SUCCESS"; } else { echo "UPDATE FAILED"; } }
public function update_product_types($data, $id) { if (!is_valid_id($id)) { return FALSE; } else { // Delete all the existing joined product types $this->db->where('collectionID', $id); $this->db->delete('collectionjoinproducttype'); if (array_valid($data)) { // Insert the new product type associations foreach ($data as $ptype_id) { $this->db->insert('collectionjoinproducttype', array('collectionID' => $id, 'productTypeID' => $ptype_id)); } } return TRUE; } }
public function update() { $p = $this->input->post('p'); if (!is_valid_id($p["id"])) { echo "COULD NOT UPDATE - MISSING COLLECTION ID"; } else { $id = $p["id"]; } if ($this->Collection_model->update($p['update'], $id)) { if ($this->Collection_model->update_product_types($p['product_types'], $id)) { echo "SUCCESS"; } else { echo "COULD NOT SETUP PRODUCT TYPE ASSOCIATIONS"; } } else { echo "UPDATE FAILED"; } }
public function update_password($data, $id) { if (array_valid($data) && is_valid_id($id)) { // Ensure no bogus whitespace on any of the information array_trim($data); // Let's be sure the passwords match $new_password = $data['magickey']; $match_password = $data['matchkey']; if ($new_password === $match_password) { $update_data['magickey'] = sha1($new_password); $this->db->where('id', $id); $this->db->update('user', $update_data); return TRUE; } else { $errors[] = 'The passwords for both fields did not match, please try again'; } } else { $errors[] = 'No user information was provided'; } if (array_valid($errors)) { return $errors; } }
* Project Leaders: Mindless, putyn. * */ // Achievements mod by MelvinMeow require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'include' . DIRECTORY_SEPARATOR . 'bittorrent.php'; require_once INCL_DIR . 'user_functions.php'; require_once INCL_DIR . 'pager_functions.php'; require_once CLASS_DIR . 'page_verify.php'; dbconn(); loggedinorreturn(); $newpage = new page_verify(); $newpage->create('takecounts'); $lang = array_merge(load_language('global')); $HTMLOUT = ""; $id = (int) $_GET["id"]; if (!is_valid_id($id)) { stderr("Error", "It appears that you have entered an invalid id."); } $res = sql_query("SELECT users.id, users.username, usersachiev.achpoints, usersachiev.spentpoints FROM users LEFT JOIN usersachiev ON users.id = usersachiev.id WHERE users.id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__); $arr = mysqli_fetch_assoc($res); if (!$arr) { stderr("Error", "It appears that there is no user with that id."); } $achpoints = (int) $arr['achpoints']; $spentpoints = (int) $arr['spentpoints']; $res = sql_query("SELECT COUNT(*) FROM achievements WHERE userid =" . sqlesc($id)) or sqlerr(__FILE__, __LINE__); $row = mysqli_fetch_row($res); $count = $row[0]; $perpage = 15; if (!$count) { stderr("No Achievements", "It appears that <a class='altlink' href='userdetails.php?id=" . (int) $arr['id'] . "'>" . htmlsafechars($arr['username']) . "</a> currently has no achievements.");
//print_r($input); //die; } //$input['reputation'] = 'pos'; //$input['reason'] = 'la di da di di la'; /////////////////////////////////////////////// // Just added to Reputation? /////////////////////////////////////////////// if (isset($input['done'])) { rep_output($lang["info_reputation_added"]); } /////////////////////////////////////////////// // Nope, so do something different, like check stuff /////////////////////////////////////////////// /// weeeeeeeeee =] $check = isset($input['pid']) ? is_valid_id($input['pid']) : false; $locales = array('posts', 'comments', 'torrents', 'users'); $rep_locale = isset($input['locale']) && in_array($input['locale'], $locales) ? $input['locale'] : 'posts'; if (!$check) { rep_output('Incorrect Access'); } if ($rep_locale == 'posts') { /////////////////////////////////////////////// // check the post actually exists! /////////////////////////////////////////////// $forum = sql_query("SELECT posts.topicid AS locale, posts.userid, forums.minclassread,\r\nusers.username, users.reputation\r\nFROM posts\r\nLEFT JOIN topics ON topicid = topics.id\r\nLEFT JOIN forums ON topics.forumid = forums.id\r\nLEFT JOIN users ON posts.userid = users.id\r\nWHERE posts.id ={$input['pid']}"); } elseif ($rep_locale == 'comments') { /////////////////////////////////////////////// // check the comment actually exists! /////////////////////////////////////////////// //uncomment the following if use comments.anonymous field
<?php require_once "../../config/init.php"; $slug = extract_slug_id($_GET["id"]); if (!is_valid_id($slug['id'])) { header('location: /index.php'); exit; } $productID = $slug['id']; //Information for necklace pages are set in this file require_once "necklace.inc"; $page->set_all($p); $page->display();
if (isset($_GET['inbox']) && $arr["unread"] == "yes") { SQL_Query_exec("UPDATE messages SET `unread` = 'no' WHERE `id` = {$arr['id']} AND `receiver` = {$CURUSER['id']}"); } } if ($arr["unread"] == "yes") { $format = "font-weight:bold;"; $unread = true; } $table[' '] = th_left("<input type=\"checkbox\" name=\"msgs[{$arr['id']}]\" " . ($reading ? "checked='checked'" : "") . " onclick=\"this.form.remove.disabled=true;\" />", 1); $table['Sender'] = th_left("{$sender}", 1, $format); $table['Sent_to'] = th_left("{$sentto}", 1, $format); $table['Subject'] = th_left("<a href=\"javascript:read({$arr['id']});\"><img src=\"" . $site_config["SITEURL"] . "/images/plus.gif\" id=\"img_{$arr['id']}\" class=\"read\" border=\"0\" alt='' /></a> <a href=\"javascript:read({$arr['id']});\">{$subject}</a>", 1, $format); $table['Date'] = th_left(utc_to_tz($arr['added']), 1, $format); table($table, $tablefmt); $display = "<div>" . format_comment($arr['msg']) . "<br /><br />"; if (isset($_GET['inbox']) && is_valid_id($arr["sender"])) { $display .= "<input type=\"submit\" name=\"compose[{$arr['id']}]\" value=\"Reply\" /> \n"; } elseif (isset($_GET['draft']) || isset($_GET['templates'])) { $display .= "<input type=\"submit\" name=\"compose[{$arr['id']}]\" value=\"Edit\" /> "; } if (isset($_GET['inbox']) && $arr['unread'] == 'yes') { $display .= "<input type=\"submit\" name=\"mark[{$arr['id']}]\" value=\"Mark as Read\" /> \n"; } $display .= "<input type=\"submit\" name=\"remove[{$arr['id']}]\" value=\"Delete\" /> \n"; $display .= "</div>"; table(td_left($display, 1, "padding:0 6px 6px 6px"), $tablefmt, "id=\"msg_{$arr['id']}\" style=\"display:none;\""); } // if ($count) //{ $buttons = "<input type=\"button\" value=\"" . T_("SELECTED_DELETE") . "\" onclick=\"this.form.remove.disabled=!this.form.remove.disabled;\" />"; $buttons .= "<input type=\"submit\" name=\"remove\" value=\"...confirm\" disabled=\"disabled\" />";
$HTMLOUT = ''; $HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\t\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n\t\t<html xmlns='http://www.w3.org/1999/xhtml'>\n\t\t<head>\n\t\t<title>Error!</title>\n\t\t</head>\n\t\t<body>\n\t<div style='font-size:33px;color:white;background-color:red;text-align:center;'>Incorrect access<br />You cannot access this file directly.</div>\n\t</body></html>"; echo $HTMLOUT; exit; } require_once INCL_DIR . 'user_functions.php'; require_once INCL_DIR . 'html_functions.php'; require_once INCL_DIR . 'pager_functions.php'; require_once CLASS_DIR . 'class_check.php'; $class = get_access(basename($_SERVER['REQUEST_URI'])); class_check($class); $lang = array_merge($lang, load_language('ad_banemail')); /* Ban emails by x0r @tbdev.net */ $HTMLOUT = ''; $remove = isset($_GET['remove']) ? (int) $_GET['remove'] : 0; if (is_valid_id($remove)) { sql_query("DELETE FROM bannedemails WHERE id = " . sqlesc($remove)) or sqlerr(__FILE__, __LINE__); write_log("{$lang['ad_banemail_log1']} {$remove} {$lang['ad_banemail_log2']} {$CURUSER['username']}"); } if ($_SERVER["REQUEST_METHOD"] == "POST") { $email = htmlsafechars(trim($_POST["email"])); $comment = htmlsafechars(trim($_POST["comment"])); if (!$email || !$comment) { stderr("{$lang['ad_banemail_error']}", "{$lang['ad_banemail_missing']}"); } sql_query("INSERT INTO bannedemails (added, addedby, comment, email) VALUES(" . TIME_NOW . ", " . sqlesc($CURUSER['id']) . ", " . sqlesc($comment) . ", " . sqlesc($email) . ")") or sqlerr(__FILE__, __LINE__); header("Location: staffpanel.php?tool=bannedemails"); die; } $HTMLOUT .= begin_frame("{$lang['ad_banemail_add']}", true); $HTMLOUT .= "<form method=\"post\" action=\"staffpanel.php?tool=bannedemails\">\n<table border='1' cellspacing='0' cellpadding='5'>\n<tr><td class='rowhead'>{$lang['ad_banemail_email']}</td>\n<td><input type=\"text\" name=\"email\" size=\"40\"/></td></tr>\n<tr><td class='rowhead'align='left'>{$lang['ad_banemail_comment']}</td>\n<td><input type=\"text\" name=\"comment\" size=\"40\"/></td></tr>\n<tr><td colspan='2'>{$lang['ad_banemail_info']}</td></tr>\n<tr><td colspan='2' align='center'>\n<input type=\"submit\" value=\"{$lang['ad_banemail_ok']}\" class=\"btn\"/></td></tr>\n</table></form>\n";
$HTMLOUT .= '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" /> <title>ERROR</title> </head><body> <h1 style="text-align:center;">ERROR</h1> <p style="text-align:center;">How did you get here? silly rabbit Trix are for kids!.</p> </body></html>'; echo $HTMLOUT; exit; } global $lang; $topic_id = isset($_GET['topic_id']) ? intval($_GET['topic_id']) : (isset($_POST['topic_id']) ? intval($_POST['topic_id']) : 0); $forum_id = isset($_GET['forum_id']) ? intval($_GET['forum_id']) : (isset($_POST['forum_id']) ? intval($_POST['forum_id']) : 0); //=== first see if they are being norty... $norty_res = sql_query('SELECT min_class_read FROM forums WHERE id = ' . sqlesc($forum_id)); $norty_arr = mysqli_fetch_row($norty_res); if (!is_valid_id($topic_id) || $norty_arr[0] > $CURUSER['class'] || !is_valid_id($forum_id)) { stderr($lang['gl_error'], $lang['gl_bad_id']); } //=== see if they are subscribed already $res = sql_query('SELECT id FROM subscriptions WHERE user_id = ' . sqlesc($CURUSER['id']) . ' AND topic_id = ' . sqlesc($topic_id)); $arr = mysqli_fetch_row($res); if ($arr[0] > 0) { stderr($lang['gl_error'], $lang['fe_you_already_subscib']); } //=== ok, that the hell, let's add it \o/ sql_query('INSERT INTO `subscriptions` (`user_id`, `topic_id`) VALUES (' . sqlesc($CURUSER['id']) . ', ' . sqlesc($topic_id) . ')'); header('Location: ' . $INSTALLER09['baseurl'] . '/forums.php?action=view_topic&topic_id=' . $topic_id . '&s=1'); die;
function insert_compose_frame($id, $newtopic = true, $quote = false, $attachment = false) { global $CURUSER, $INSTALLER09, $Multi_forum; $htmlout = ''; if ($newtopic) { $res = sql_query("SELECT name FROM forums WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__); $arr = mysqli_fetch_assoc($res) or die("Bad forum ID!"); // $htmlout .="<h3>New topic in <a href='{$INSTALLER09['baseurl']}/forums.php?action=viewforum&forumid=".$id."'>".htmlsafechars($arr["name"])."</a> forum</h3>"; $htmlout .= "<!--<div class='navigation'>\n\t\t\t\t<a href='index.php'>" . $INSTALLER09["site_name"] . "</a> \n\t\t\t\t>\n\t\t\t\t<a href='forums.php'>Forums</a>\n\t\t\t\t>\n\t\t\t\t<a href='{$INSTALLER09['baseurl']}/forums.php?action=viewforum&forumid=" . $id . "'>" . htmlsafechars($arr["name"]) . "</a>\n\t\t\t\t<br><img src='templates/1/pic/carbon/nav_bit.png' alt=''>\n\t\t\t\t<span class='active'>New Topic</span>\n\t\t\t\t</div><br />-->"; } else { $res = sql_query("SELECT t.forum_id, t.topic_name, t.locked, f.min_class_read, f.name AS forum_name FROM topics AS t LEFT JOIN forums AS f ON f.id = t.forum_id WHERE t.id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__); $arr = mysqli_fetch_assoc($res) or die("Forum error, Topic not found."); $forum = htmlsafechars($arr["forum_name"]); $forumid = (int) $arr['forum_id']; if ($arr['locked'] == 'yes') { stderr("Sorry", "The topic is locked."); $htmlout .= end_table(); $htmlout .= end_main_frame(); echo stdhead("Compose", true, $stdhead) . $htmlout . stdfoot($stdfoot); exit; } if ($CURUSER["class"] < $arr["min_class_read"]) { $htmlout .= stdmsg("Sorry", "You are not allowed in here."); $htmlout .= end_table(); $htmlout .= end_main_frame(); echo stdhead("Compose") . $htmlout . stdfoot(); exit; } $htmlout .= "<!--<div class='navigation'>\n\t\t\t\t<a href='index.php'>" . $INSTALLER09["site_name"] . "</a> \n\t\t\t\t>\n\t\t\t\t<a href='forums.php'>Forums</a>\n\t\t\t\t>\n\t\t\t\t<a href='{$INSTALLER09['baseurl']}/forums.php?action=viewforum&forumid=" . $forumid . "'>{$forum}</a>\n\t\t\t\t>\n\t\t\t\t<a href='{$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=" . $id . "'>" . htmlsafechars($arr["topic_name"]) . "</a>\n\t\t\t\t<br><img src='templates/1/pic/carbon/nav_bit.png' alt=''>\n\t\t\t\t<span class='active'>Post Reply</span>\n\t\t\t\t</div><br />-->"; // $htmlout .="<h3 align='center'>Reply to topic:<a href='{$INSTALLER09['baseurl']}/forums.php?action=viewtopic&topicid=".$id."'>".htmlsafechars($arr["topic_name"])."</a></h3>"; } $htmlout .= "\n <script type='text/javascript'>\n /*<![CDATA[*/\n function Preview()\n {\n document.compose.action = './forums/preview.php'\n document.compose.target = '_blank';\n document.compose.submit();\n return true;\n }\n /*]]>*/\n </script>"; //$htmlout .= begin_frame("Compose", true); $htmlout .= "<form method='post' name='compose' action='{$INSTALLER09['baseurl']}/forums.php' enctype='multipart/form-data'>\n\t <input type='hidden' name='action' value='post' />\n\t <input type='hidden' name='" . ($newtopic ? 'forumid' : 'topicid') . "' value='" . $id . "' />"; //$htmlout .= begin_table(true); $htmlout .= "<table border='0' cellspacing='0' cellpadding='5' class='tborder'>\n\t<tr>\n<td class='thead' colspan='2'><strong>Compose</strong></td>\n</tr>\n\t"; if ($newtopic) { $htmlout .= "<tr>\n\t\t\t<td class=row width='10%'>Subject</td>\n\t\t\t<td class=row align='left'>\n\t\t\t\t<input type='text' class='form-control col-md-12' size='100' maxlength='{$Multi_forum['configs']['maxsubjectlength']}' name='topic_name' />\n\t\t\t</td>\n\t\t</tr>"; } if ($quote) { $postid = (int) $_GET["postid"]; if (!is_valid_id($postid)) { stderr("Error", "Invalid ID!"); $htmlout .= end_table(); $htmlout .= end_main_frame(); echo stdhead("Compose", true, $stdhead) . $htmlout . stdfoot($stdfoot); exit; } $res = sql_query("SELECT posts.*, users.username FROM posts JOIN users ON posts.user_id = users.id WHERE posts.id =" . sqlesc($postid)) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($res) == 0) { stderr("Error", "No post with this ID"); $htmlout .= end_table(); $htmlout .= end_main_frame(); echo stdhead("Error - No post with this ID", true, $stdhead) . $htmlout . stdfoot($stdfoot); exit; } $arr = mysqli_fetch_assoc($res); } $htmlout .= "<tr>\n\t\t<td class=row valign='top'>Body</td>\n\t\t<td class=row>"; $qbody = $quote ? "[quote=" . htmlsafechars($arr["username"]) . "]" . htmlsafechars($arr["body"]) . "[/quote]" : ""; //if (function_exists('BBcode')) //$htmlout .= BBcode($qbody, true); if (function_exists('textbbcode')) { $htmlout .= ' ' . textbbcode('compose', 'body', isset($qbody) ? htmlsafechars($qbody) : '') . ' '; } else { $htmlout .= "<textarea name='body' style='width:99%' rows='7'>{$qbody}</textarea>"; } $htmlout .= "</td></tr>"; if ($Multi_forum['configs']['use_attachment_mod'] && $attachment) { $htmlout .= "<tr>\n\t\t\t\t<td colspan='2'><fieldset class='fieldset'><legend>Add Attachment</legend>\n\t\t\t\t<input type='checkbox' name='uploadattachment' value='yes' />\n\t\t\t\t<input type='file' name='file' size='60' />\n <div class='error'>Allowed Files: rar, zip<br />Size Limit " . mksize($Multi_forum['configs']['maxfilesize']) . "</div></fieldset>\n\t\t\t\t</td>\n\t\t\t</tr>"; } $htmlout .= "<tr>\n \t <td class=row align='center' colspan='2'>" . post_icons() . "</td>\n \t </tr><tr class=row>\n \t\t <td colspan='2' align='center'>\n \t <input class='btn btn-primary dropdown-toggle' type='submit' value='Submit' /><input class='btn btn-primary dropdown-toggle' type='button' value='Preview' name='button2' onclick='return Preview();' />\n"; if ($newtopic) { $htmlout .= "Anonymous Topic<input type='checkbox' name='anonymous' value='yes'/>\n"; } else { $htmlout .= "Anonymous Post<input type='checkbox' name='anonymous' value='yes'/>\n"; } $htmlout .= "</td></tr></form>\n"; $htmlout .= "<tr>\n\t\t\t\t<td colspan='2' align='right' class='tfoot'>\n\t\t\t\t" . insert_quick_jump_menu() . "\n\t\t\t\t</td>\n\t\t\t</tr>"; $htmlout .= end_table(); $htmlout .= "<br />"; // $htmlout .= end_frame(); // ------ Get 10 last posts if this is a reply if (!$newtopic && $INSTALLER09['show_last_10']) { $postres = sql_query("SELECT p.id, p.added, p.body, p.anonymous, u.id AS uid, u.enabled, u.class, u.donor, u.warned, u.chatpost, u.leechwarn, u.pirate, u.king, u.username, u.avatar, u.offensive_avatar " . "FROM posts AS p " . "LEFT JOIN users AS u ON u.id = p.user_id " . "WHERE p.topic_id=" . sqlesc($id) . " " . "ORDER BY p.id DESC LIMIT 10") or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($postres) > 0) { $htmlout .= "<br />"; $htmlout .= begin_frame("10 last posts, in reverse order"); while ($post = mysqli_fetch_assoc($postres)) { //$avatar = ($CURUSER["avatars"] == "all" ? htmlsafechars($post["avatar"]) : ($CURUSER["avatars"] == "some" && $post["offavatar"] == "no" ? htmlsafechars($post["avatar"]) : "")); $avatar = $CURUSER["avatars"] == "yes" ? avatar_stuff($post) : ""; if ($post['anonymous'] == 'yes') { $avatar = $INSTALLER09['pic_base_url'] . $Multi_forum['configs']['forum_pics']['default_avatar']; } else { $avatar = $CURUSER["avatars"] == "yes" ? avatar_stuff($post) : ''; } if (empty($avatar)) { $avatar = $INSTALLER09['pic_base_url'] . $Multi_forum['configs']['forum_pics']['default_avatar']; } $user_stuff = $post; $user_stuff['id'] = (int) $post['uid']; if ($post["anonymous"] == "yes") { if ($CURUSER['class'] < UC_STAFF && $post["uid"] != $CURUSER["id"]) { $htmlout .= "<p class='sub'>#" . (int) $post["id"] . " by <i>Anonymous</i> at " . get_date($post["added"], 'LONG', 1, 0) . "</p>"; } else { $htmlout .= "<p class='sub'>#" . (int) $post["id"] . " by <i>Anonymous</i> [<b>" . format_username($user_stuff, true) . "</b>] at " . get_date($post["added"], 'LONG', 1, 0) . "</p>"; } } else { $htmlout .= "<p class='sub'>#" . (int) $post["id"] . " by " . (!empty($post["username"]) ? format_username($user_stuff, true) : "unknown[" . (int) $post['uid'] . "]") . " at " . get_date($post["added"], 'LONG', 1, 0) . "</p>"; } $htmlout .= begin_table(true); $htmlout .= "<tr>\n\t\t\t\t <td height='100' width='100' align='center' style='padding: 0px' valign='top'><img height='100' width='100' src='" . $avatar . "' alt='User avvy' /></td>\n\t\t\t\t <td class='comment' valign='top'>" . format_comment($post["body"]) . "</td>\n\t\t\t\t </tr>"; $htmlout .= end_table(); } $htmlout .= end_frame(); } } //$htmlout .= insert_quick_jump_menu(); return $htmlout; }
$mc1->begin_transaction('userstats_' . $CURUSER["id"]); $mc1->update_row(false, array('seedbonus' => $update['seedbonus'])); $mc1->commit_transaction($INSTALLER09['expires']['u_stats']); $mc1->begin_transaction('user_stats_' . $CURUSER["id"]); $mc1->update_row(false, array('seedbonus' => $update['seedbonus'])); $mc1->commit_transaction($INSTALLER09['expires']['user_stats']); //===end } header("Refresh: 0; url={$locale_link}.php?id={$tid}{$extra_link}"); die; } elseif ($action == "vieworiginal") { if ($CURUSER['class'] < UC_STAFF) { stderr("{$lang['comment_error']}", "{$lang['comment_denied']}"); } $commentid = isset($_GET['cid']) ? (int) $_GET['cid'] : 0; if (!is_valid_id($commentid)) { stderr("{$lang['comment_error']}", "{$lang['comment_invalid_id']}"); } $res = sql_query("SELECT c.*, t.{$name} FROM comments AS c LEFT JOIN {$table_type} AS t ON c.{$locale} = t.id WHERE c.id=" . sqlesc($commentid)) or sqlerr(__FILE__, __LINE__); $arr = mysqli_fetch_assoc($res); if (!$arr) { stderr("{$lang['comment_error']}", "{$lang['comment_invalid_id']} {$commentid}."); } $HTMLOUT = ''; $HTMLOUT .= "<h1>{$lang['comment_original_content']}#{$commentid}</h1>\n <table width='500' border='1' cellspacing='0' cellpadding='5'>\n <tr><td class='comment'>\n " . htmlsafechars($arr["ori_text"]) . "\n </td></tr></table>"; $returnto = isset($_SERVER['HTTP_REFERER']) ? htmlsafechars($_SERVER['HTTP_REFERER']) : 0; if ($returnto) { $HTMLOUT .= "<p>(<a href='{$returnto}'>back</a>)</p>\n"; } echo stdhead("{$lang['comment_original']}", true, $stdhead) . $HTMLOUT . stdfoot($stdfoot); die;
$fontsize = $_POST["fontsize"]; if ($fontsize == 'large') { $updateset[] = "fontsize = 'large'"; } elseif ($fontsize == 'small') { $updateset[] = "fontsize = 'small'"; } else { $updateset[] = "fontsize = 'medium'"; } $updateset[] = "notifs = " . sqlesc($notifs); if (is_valid_id($stylesheet)) { $updateset[] = "stylesheet = " . sqlesc($stylesheet); } if (is_valid_id($caticon)) { $updateset[] = "caticon = " . sqlesc($caticon); } if (is_valid_id($sitelanguage)) { $lang_folder = validlang($sitelanguage); if (get_langfolder_cookie() != $lang_folder) { set_langfolder_cookie($lang_folder); header("Location: " . $_SERVER['PHP_SELF']); } $updateset[] = "lang = " . sqlesc($sitelanguage); } $updateset[] = "torrentsperpage = " . min(100, 0 + $_POST["torrentsperpage"]); if ($showmovies['hot'] == "yes") { $showhot = $_POST["show_hot"]; $updateset[] = "showhot = " . sqlesc($showhot); } if ($showmovies['classic'] == "yes") { $showclassic = $_POST["show_classic"]; $updateset[] = "showclassic = " . sqlesc($showclassic);
/** * http://btdev.net:1337/svn/test/Installer09_Beta * Licence Info: GPL * Copyright (C) 2010 BTDev Installer v.1 * A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon. * Project Leaders: Mindless,putyn. **/ require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'include' . DIRECTORY_SEPARATOR . 'bittorrent.php'; require_once INCL_DIR . 'user_functions.php'; dbconn(); loggedinorreturn(); $lang = array_merge(load_language('global')); // / Mod by dokty - tbdev.net $id = 0 + $_GET["id"]; $points = 0 + $_GET["points"]; if (!is_valid_id($id) || !is_valid_id($points)) { die; } $pointscangive = array("10", "20", "50", "100", "200", "500", "1000"); if (!in_array($points, $pointscangive)) { stderr("Error", "You can't give that amount of points!!!"); } $sdsa = mysql_query("SELECT 1 FROM coins WHERE torrentid=" . sqlesc($id) . " AND userid =" . sqlesc($CURUSER["id"])) or die; $asdd = mysql_fetch_array($sdsa); if ($asdd) { stderr("Error", "You already gave points to this torrent."); } $res = mysql_query("SELECT owner,name FROM torrents WHERE id = " . sqlesc($id)) or die; $row = mysql_fetch_assoc($res) or stderr("Error", "Torrent was not found"); $userid = $row["owner"]; if ($userid == $CURUSER["id"]) {
print "<tr><td class='table_col1'>Status:</td><td class='table_col1'><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #ff0000;\" selected=\"selected\">Hidden</option><option value=\"1\" style=\"color: #000000;\">Normal</option></select></td></tr>"; } else { print "<tr><td class='table_col1'>Status:</td><td class='table_col1'><select name=\"flag\" style=\"width: 110px;\"><option value=\"0\" style=\"color: #ff0000;\">Hidden</option><option value=\"1\" style=\"color: #000000;\" selected=\"selected\">Normal</option></select></td></tr>"; } print "<tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"edit\" value=\"Edit\" style=\"width: 60px;\" /></td></tr>\n"; print "</table></form>"; } } end_frame(); stdfoot(); } elseif ($_GET[action] == "edititem" && is_valid_id($_POST[id]) && $_POST[question] != NULL && $_POST[answer] != NULL && is_valid_int($_POST[flag]) && is_valid_id($_POST[categ])) { $question = sqlesc($_POST[question]); $answer = sqlesc($_POST[answer]); SQL_Query_exec("UPDATE `faq` SET `question`={$question}, `answer`={$answer}, `flag`='{$_POST['flag']}', `categ`='{$_POST['categ']}' WHERE id='{$_POST['id']}'"); header("Refresh: 0; url=faq-manage.php"); } elseif ($_GET[action] == "editsect" && is_valid_id($_POST[id]) && $_POST[title] != NULL && is_valid_int($_POST[flag])) { $title = sqlesc($_POST[title]); SQL_Query_exec("UPDATE `faq` SET `question`={$title}, `answer`='', `flag`='{$_POST['flag']}', `categ`='0' WHERE id='{$_POST['id']}'"); header("Refresh: 0; url=faq-manage.php"); } elseif ($_GET[action] == "delete" && isset($_GET[id])) { if ($_GET[confirm] == "yes") { SQL_Query_exec("DELETE FROM `faq` WHERE `id`='{$_GET['id']}' LIMIT 1"); header("Refresh: 0; url=faq-manage.php"); } else { stdhead(T_("FAQ_MANAGEMENT")); begin_frame(); print "<h1 align=\"center\">Confirmation required</h1>"; print "<table border=\"0\" cellspacing=\"0\" cellpadding=\"5\" align=\"center\" width=\"95%\">\n<tr><td align=\"center\">Please click <a href=\"faq-actions.php?action=delete&id={$_GET['id']}&confirm=yes\">here</a> to confirm.</td></tr>\n</table>\n"; end_frame(); stdfoot(); }
<?php require "include/bittorrent.php"; dbconn(); require_once get_langfile_path(); loggedinorreturn(); parked(); $id = $_GET["id"]; if (get_user_class() < $viewnfo_class || !is_valid_id($id) || $enablenfo_main != 'yes') { permissiondenied(); } $sql = new_mysqli(); $query = $sql->prepare("SELECT `name`, `nfo` FROM `torrents` WHERE `id` = ?"); $query->bind_param("i", $id); $query->execute(); $query->bind_result($torrent_name, $torrent_nfo); $query->fetch() or die($lang_viewnfo['std_puke']); $sql->close(); //error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE); // Download nfo file if (isset($_GET['download']) && (int) $_GET['download'] == 1) { $nfoinfo = $torrent_nfo; //blob //build header header("Cache-Control: public, must-revalidate"); header("Content-Type: application/octet-stream"); //header("Content-Length: " .(string)(filesize($myFile)) ); header('Content-Disposition: attachment; filename="' . $id . '.nfo"'); echo $nfoinfo; header("Content-Transfer-Encoding: binary\n"); return;
stderr('Error', 'Invalid ID'); } $check_if_there = sql_query('SELECT suspect FROM shit_list WHERE userid=' . sqlesc($CURUSER['id']) . ' AND suspect=' . sqlesc($shit_list_id)); if (mysqli_num_rows($check_if_there) == 1) { stderr('Error', 'That user is already on your shit list.'); } sql_query('INSERT INTO shit_list VALUES (' . $CURUSER['id'] . ',' . $shit_list_id . ', ' . $shittyness . ', ' . TIME_NOW . ', ' . sqlesc($_POST['text']) . ')'); $mc1->delete_value('shit_list_' . $shit_list_id); $message = '<h1>Success! Member added to your personal shitlist!</h1><a class="altlink" href="' . $return_to . '">go back to where you were?</a>'; break; //=== action2: delete //=== action2: delete case 'delete': $shit_list_id = isset($_GET['shit_list_id']) ? intval($_GET['shit_list_id']) : 0; $sure = isset($_GET['sure']) ? intval($_GET['sure']) : ''; if (!is_valid_id($shit_list_id)) { stderr('Error', 'Invalid ID'); } $res_name = sql_query('SELECT username FROM users WHERE id=' . $shit_list_id); $arr_name = mysqli_fetch_assoc($res_name); if (!$sure) { stderr('Delete ' . htmlsafechars($arr_name['username']) . ' from shit list', 'Do you really want to delete <b>' . htmlsafechars($arr_name['username']) . '</b> from your shit list? <a class="altlink" href="staffpanel.php?tool=shit_list&action=shit_list&action2=delete&shit_list_id=' . $shit_list_id . '&sure=1">here</a> if you are sure.'); } sql_query('DELETE FROM shit_list WHERE userid=' . $CURUSER['id'] . ' AND suspect=' . $shit_list_id); if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]) == 0) { stderr('Error', 'No member found to delete!'); } $mc1->delete_value('shit_list_' . $shit_list_id); $message = '<h1>Success! <b>' . htmlsafechars($arr_name['username']) . '</b> deleted from your shit list!</h1>'; break;
$HTMLOUT .= "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml'>\n<head>\n<meta http-equiv='Pragma' content='no-cache' />\n<meta http-equiv='expires' content='-1' />\n<html xmlns='http://www.w3.org/1999/xhtml'>\n<meta http-equiv='Content-Type' content='text/html; charset=" . charset() . "' />\n<script type='text/javascript' src='./scripts/shout.js'></script>\n<style type='text/css'>\n#specialbox{\nborder: 1px solid gray;\nwidth: 600px;\nbackground: #FBFCFA;\nfont: 11px verdana, sans-serif;\ncolor: #000000;\npadding: 3px;\toutline: none;\n}\n#specialbox:focus{\nborder: 1px solid black;\n}\n#btn {\ncursor:pointer;\nborder:outset 1px #ccc;\nbackground:#999;\ncolor:#666;\nfont-weight:bold;\npadding: 1px 2px;\nbackground: #000000 repeat-x left top;\n}\n</style>\n</head>\n<body bgcolor='#F5F4EA' class='date'>\n<form method='post' action='./shoutbox.php'>\n<input type='hidden' name='id' value='" . (int) $res['id'] . "' />\n<input type='hidden' name='user' value='" . (int) $res['userid'] . "' />\n<textarea name='text' rows='3' id='specialbox'>" . htmlsafechars($res['text']) . "</textarea>\n<input type='submit' name='save' value='save' class='btn' />\n</form></body></html>"; echo $HTMLOUT; die; } // Staff shout edit if (isset($_POST['text']) && $CURUSER['class'] >= UC_STAFF && is_valid_id($_POST['id'])) { require_once INCL_DIR . 'bbcode_functions.php'; $text = trim($_POST['text']); $text_parsed = format_comment($text); sql_query('UPDATE shoutbox SET text = ' . sqlesc($text) . ', text_parsed = ' . sqlesc($text_parsed) . ' WHERE id=' . sqlesc($_POST['id'])) or sqlerr(__FILE__, __LINE__); $mc1->delete_value('shoutbox_'); //$mc1->delete_value('staff_shoutbox_'); unset($text, $text_parsed); } // Power User+ shout edit by pdq if (isset($_POST['text']) && isset($_POST['user']) == $CURUSER['id'] && ($CURUSER['class'] >= UC_POWER_USER && $CURUSER['class'] < UC_STAFF) && is_valid_id($_POST['id'])) { require_once INCL_DIR . 'bbcode_functions.php'; $text = trim($_POST['text']); $text_parsed = format_comment($text); sql_query('UPDATE shoutbox SET text = ' . sqlesc($text) . ', text_parsed = ' . sqlesc($text_parsed) . ' WHERE userid=' . sqlesc($_POST['user']) . ' AND id=' . sqlesc($_POST['id'])) or sqlerr(__FILE__, __LINE__); $mc1->delete_value('shoutbox_'); //$mc1->delete_value('staff_shoutbox_'); unset($text, $text_parsed); } //== begin main output $HTMLOUT .= "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml'>\n<head>\n<title>ShoutBox</title>\n<meta http-equiv='REFRESH' content='60; URL=./shoutbox.php' />\n<script type='text/javascript' src='./scripts/shout.js'></script>\n<meta http-equiv='Content-Type' content='text/html; charset=" . charset() . "' />\n<style type='text/css'>\nA {color: #356AA0; font-weight: bold; font-size: 9pt; }\nA:hover {color: #FF0000;}\n.small {color: #ff0000; font-size: 9pt; font-family: arial; }\n.date {color: #ff0000; font-size: 9pt;}\n.error {\n color: #990000;\n background-color: #FFF0F0;\n padding: 7px;\n margin-top: 5px;\n margin-bottom: 10px;\n border: 1px dashed #990000;\n}\nA {color: #FFFFFF; font-weight: bold; }\nA:hover {color: #FFFFFF;}\n.small {font-size: 10pt; font-family: arial; }\n.date {font-size: 8pt;}\nspan.size1 { font-size:0.75em; }\nspan.size2 { font-size:1em; }\nspan.size3 { font-size:1.25em; }\nspan.size4 { font-size:1.5em; }\nspan.size5 { font-size:1.75em; }\nspan.size6 { font-size:2em; }\nspan.size7 { font-size:2.25em; }\n</style>"; //==Background colours begin //== White if ($CURUSER['shoutboxbg'] == 1) { $HTMLOUT .= "<style type='text/css'>\nA {color: #000000; font-weight: bold; }\nA:hover {color: #FF273D;}\n.small {font-size: 10pt; font-family: arial; }\n.date {font-size: 8pt;}\n</style>"; $bg = '#ffffff';
$res = sql_query("SELECT p.*, pa.id AS pa_id, pa.selection FROM postpolls AS p LEFT JOIN postpollanswers AS pa ON pa.pollid = p.id AND pa.userid = " . sqlesc($CURUSER['id']) . " WHERE p.id=" . sqlesc($pollid)) or sqlerr(__FILE__, __LINE__); if (mysqli_num_rows($res) > 0) { $arr1 = mysqli_fetch_assoc($res); $userid = (int) $CURUSER['id']; $question = htmlsafechars($arr1["question"]); $o = array($arr1["option0"], $arr1["option1"], $arr1["option2"], $arr1["option3"], $arr1["option4"], $arr1["option5"], $arr1["option6"], $arr1["option7"], $arr1["option8"], $arr1["option9"], $arr1["option10"], $arr1["option11"], $arr1["option12"], $arr1["option13"], $arr1["option14"], $arr1["option15"], $arr1["option16"], $arr1["option17"], $arr1["option18"], $arr1["option19"]); $HTMLOUT .= "<table cellpadding='5' width='{$Multi_forum['configs']['forum_width']}' align='center'>\r\n\t\t <tr><td class='colhead' align='left'><h2>Poll"; if ($userid == $t_userid || $CURUSER['class'] >= UC_STAFF) { $HTMLOUT .= "<font class='small'> - [<a href='{$INSTALLER09['baseurl']}/forums.php?action=makepoll&subaction=edit&pollid=" . $pollid . "'><b>Edit</b></a>]</font>"; if ($CURUSER['class'] >= UC_STAFF) { $HTMLOUT .= "<font class='small'> - [<a href='{$INSTALLER09['baseurl']}/forums.php?action=deletepoll&pollid=" . $pollid . "'><b>Delete</b></a>]</font>"; } } $HTMLOUT .= "</h2></td></tr>"; $HTMLOUT .= "<tr><td align='center' class='clearalt7'>\r\n\t\t <table width='55%'><tr><td class='clearalt6'><div align='center'><b>{$question}</b></div>"; $voted = is_valid_id($arr1['pa_id']) ? true : false; if ($locked && $CURUSER['class'] < UC_STAFF ? true : $voted) { $uservote = $arr1["selection"] != '' ? (int) $arr1["selection"] : -1; $res_v = sql_query("SELECT selection FROM postpollanswers WHERE pollid=" . sqlesc($pollid) . " AND selection < 20"); $tvotes = mysqli_num_rows($res_v); $vs = $os = array(); for ($i = 0; $i < 20; $i++) { $vs[$i] = 0; } while ($arr_v = mysqli_fetch_row($res_v)) { $vs[$arr_v[0]] += 1; } reset($o); for ($i = 0; $i < count($o); ++$i) { if ($o[$i]) { $os[$i] = array($vs[$i], $o[$i]);
if (!defined('IN_REQUESTS')) { exit('No direct script access allowed'); } /** * https://09source.kicks-ass.net:8443/svn/installer09/ * Licence Info: GPL * Copyright (C) 2010 Installer09 v.2 * A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon. * Project Leaders: Mindless,putyn,kidvision. **/ $request = isset($_POST['requesttitle']) ? $_POST['requesttitle'] : ''; if ($request == '') { stderr("{$lang['error_error']}", "{$lang['error_title']}"); } $cat = isset($_POST['category']) ? (int) $_POST['category'] : 0; if (!is_valid_id($cat)) { stderr("{$lang['error_error']}", "{$lang['error_cat']}"); } $descrmain = isset($_POST['body']) ? $_POST['body'] : ''; if (!$descrmain) { stderr("{$lang['error_error']}", "{$lang['error_descr']}"); } $pic = ''; if (!empty($_POST['picture'])) { if (!preg_match('/^https?:\\/\\/([a-zA-Z0-9\\-\\_]+\\.)+([a-zA-Z]{1,5}[^\\.])(\\/[^<>]+)+\\.(jpg|jpeg|gif|png|tif|tiff|bmp)$/i', $_POST['picture'])) { stderr("{$lang['error_error']}", "{$lang['error_image']}"); } $picture = $_POST['picture']; // $picture2 = trim(urldecode($_POST['picture'])); // $headers = get_headers($picture2); // if (strpos($headers[0], '200') === false)
$r1 = sql_query("SELECT u.*,s.last_status,s.last_update FROM users as u LEFT JOIN ustatus as s ON u.id = s.userid WHERE u.id={$id}") or sqlerr(); $user = mysql_fetch_assoc($r1) or stderr("Error", "{$lang['userdetails_no_user']}"); $mc1->cache_value('user' . $id, $user, $INSTALLER09['expires']['user_cache']); } if ($user["status"] == "pending") { stderr("Error", "User is still pending."); } //=== paranoid settings if ($user['paranoia'] == 3 && $CURUSER['class'] < UC_STAFF && $CURUSER['id'] != $id) { stderr('Error!', '<span style="font-weight: bold; text-align: center;"><img src="pic/smilies/tinfoilhat.gif" alt="I wear a tin-foil hat!" title="I wear a tin-foil hat!" /> This members paranoia settings are at tinfoil hat levels!!! <img src="pic/smilies/tinfoilhat.gif" alt="I wear a tin-foil hat!" title="I wear a tin-foil hat!" /></span>'); } //=== delete H&R if (isset($_GET['delete_hit_and_run']) && $CURUSER['class'] >= UC_STAFF) { $delete_me = isset($_GET['delete_hit_and_run']) ? intval($_GET['delete_hit_and_run']) : 0; if (!is_valid_id($delete_me)) { stderr('Error!', 'Bad ID'); } sql_query('UPDATE snatched SET hit_and_run = \'0\', mark_of_cain = \'no\' WHERE id = ' . $delete_me) or sqlerr(__FILE__, __LINE__); if (@mysql_affected_rows() === 0) { stderr('Error!', 'H&R not deleted!'); } header('Location: ?id=' . $id . '&completed=1'); die; } $user_torrents = $mc1->get_value('user_torrents_' . $id); if ($user_torrents === false) { $a = sql_query("SELECT t.id, t.name, t.seeders, t.leechers, c.name AS cname, c.image FROM torrents t LEFT JOIN categories c ON t.category = c.id WHERE t.owner = {$id} ORDER BY t.name") or sqlerr(__FILE__, __LINE__); while ($user_torrents2 = mysql_fetch_assoc($a)) { $user_torrents[] = $user_torrents2; }