function parked()
{
global $CURUSER;
if ($CURUSER["parked"] == "yes") {
stderr("Error", "<b>Your account is currently parked.</b>");
}
}
function write_staffs2()
{
global $lang;
//==ids
$t = '$INSTALLER09';
$iconfigfile = "<" . "?php\n/**\n{$lang['staffcfg_file_created']}" . date('M d Y H:i:s') . ".\n{$lang['staffcfg_mod_by']}\n**/\n";
$ri = sql_query("SELECT id, username, class FROM users WHERE class BETWEEN " . UC_STAFF . " AND " . UC_MAX . " ORDER BY id ASC") or sqlerr(__FILE__, __LINE__);
$iconfigfile .= "" . $t . "['allowed_staff']['id'] = array(";
while ($ai = mysqli_fetch_assoc($ri)) {
$ids[] = $ai['id'];
$usernames[] = "'" . $ai["username"] . "' => 1";
}
$iconfigfile .= "" . join(",", $ids);
$iconfigfile .= ");";
$iconfigfile .= "\n?" . ">";
$filenum = fopen('./cache/staff_settings.php', 'w');
ftruncate($filenum, 0);
fwrite($filenum, $iconfigfile);
fclose($filenum);
//==names
$t = '$INSTALLER09';
$nconfigfile = "<" . "?php\n/**\n{$lang['staffcfg_file_created']}" . date('M d Y H:i:s') . ".\n{$lang['staffcfg_mod_by']}\n**/\n";
$nconfigfile .= "" . $t . "['staff']['allowed'] = array(";
$nconfigfile .= "" . join(",", $usernames);
$nconfigfile .= ");";
$nconfigfile .= "\n?" . ">";
$filenum1 = fopen('./cache/staff_settings2.php', 'w');
ftruncate($filenum1, 0);
fwrite($filenum1, $nconfigfile);
fclose($filenum1);
stderr($lang['staffcfg_success'], $lang['staffcfg_updated']);
}
function showLoginPasswordProtect($error_msg)
{
stderr("Admin Login", "\n\n<html>\n<head>\n <META HTTP-EQUIV=CACHE-CONTROL CONTENT=NO-CACHE>\n <META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>\n</head>\n<body>\n <style>\n input { border: 1px solid black; }\n </style>\n<table align=center cellpadding=2 cellspacing=2 border=1 width=90%>\n<tr>\n<td align=center class=lista>\n <form method=post>\n\n\t<div><center><font color=red><b>\n\tYou are now entering a page that needs extra login details. Be sure\n\tthat you are entering the correct information</b></center></font></div>\n</td>\n</tr>\n</table>\n <br><div align=center><font color=red size=3><b>" . $error_msg . "</b></font></div><br>\n<table align=center class=lista border=0 cellpadding=10>\n<tr>\n<td class=embedded>\n<h2><center>Login Form</center></h2>\n<table align=center class=lista border=0 cellpadding=10>\n<tr>\n<td align=right class=header>Username:</td><td class=lista><input type=input name=access_login size=40 /></td></tr>\n<tr>\n<td align=right class=header>Password:</td>\n<td class=lista><input type=password name=access_password size=40 /></td>\n</tr>\n<tr>\n<td align=left class=header>Submit :</td>\n<td align=left class=lista><center><input type=submit name=Submit value=Enter /></center></td>\n</tr>\n</table>\n</table>\n </form>\n <br>\n </div>\n</body>\n</html>\n\n<?php\n ");
stdfoot();
exit;
// stop at this point
die;
}
function I_smell_a_rat($var)
{
if (0 + $var == 1) {
$var = 0 + $var;
} else {
stderr($lang['bonus_error'], $lang['bonus_smellrat']);
}
}
function I_smell_a_rat($var)
{
if (0 + $var == 1) {
$var = 0 + $var;
} else {
stderr("Error", "I smell a rat!");
}
}
function addbookmark($torrentid)
{
global $CURUSER;
if (get_row_count("bookmarks", "WHERE userid={$CURUSER['id']} AND torrentid = {$torrentid}") > 0) {
stderr("Error", "Torrent already bookmarked");
}
sql_query("INSERT INTO bookmarks (userid, torrentid) VALUES ({$CURUSER['id']}, {$torrentid})") or sqlerr(__FILE__, __LINE__);
}
function check($id)
{
if (!is_valid_id($id)) {
return stderr("Error", "Invalid ID");
} else {
return true;
}
}
function validate($id)
{
global $lang;
if (!is_valid_id($id)) {
stderr($lang['failed_sorry'], "{$lang['failed_bad_id']}");
} else {
return true;
}
}
function kaupa($PRI)
{
global $CURUSER, $lang;
if ($PRI > $CURUSER['coins']) {
stderr($lang['shop_error'], $lang['shop_notenn']);
} else {
sql_query("UPDATE users SET coins=coins-{$PRI} WHERE id={$CURUSER['id']}") or sqlerr(__FILE__, __LINE__);
}
}
function check_banned_emails($email)
{
$expl = explode("@", $email);
$wildemail = "*@" . $expl[1];
/* Ban emails by x0r @tbdev.net */
$res = sql_query("SELECT id, comment FROM bannedemails WHERE email = " . sqlesc($email) . " OR email = " . sqlesc($wildemail) . "") or sqlerr(__FILE__, __LINE__);
if ($arr = mysql_fetch_assoc($res)) {
stderr("Sorry..", "This email address is banned!<br /><br /><strong>Reason</strong>: {$arr['comment']}", false);
}
}
function addbookmark($torrentid)
{
global $CURUSER, $mc1, $INSTALLER09;
if (get_row_count("bookmarks", "WHERE userid=" . sqlesc($CURUSER['id']) . " AND torrentid = " . sqlesc($torrentid)) > 0) {
stderr("Error", "Torrent already bookmarked");
}
sql_query("INSERT INTO bookmarks (userid, torrentid) VALUES (" . sqlesc($CURUSER['id']) . ", " . sqlesc($torrentid) . ")") or sqlerr(__FILE__, __LINE__);
$mc1->delete_value('bookmm_' . $CURUSER['id']);
make_bookmarks($CURUSER['id'], 'bookmm_');
}
function parked()
{
global $CURUSER;
if ($CURUSER["parked"] == "yes") {
stderr("Error", "<b>Your account is currently parked.</b>");
}
//require_once (CLASS_DIR . 'class_user_options.php');
//global $CURUSER;
//if ($CURUSER['opt1'] & user_options::PARKED) stderr("Error", "<b>Your account is currently parked.</b>");
}
/**
* https://github.com/Bigjoos/
* Licence Info: GPL
* Copyright (C) 2010 U-232 v.3
* A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
* Project Leaders: Mindless, putyn.
*
*/
function check_banned_emails($email)
{
global $lang;
$expl = explode("@", $email);
$wildemail = "*@" . $expl[1];
/* Ban emails by x0r @tbdev.net */
$res = sql_query("SELECT id, comment FROM bannedemails WHERE email = " . sqlesc($email) . " OR email = " . sqlesc($wildemail)) or sqlerr(__FILE__, __LINE__);
if ($arr = mysqli_fetch_assoc($res)) {
stderr("{$lang['takesignup_user_error']}", "{$lang['takesignup_bannedmail']}" . htmlsafechars($arr['comment']));
}
}
function check($task_name = 'Default')
{
global $CURUSER, $INSTALLER09, $lang, $_SESSION;
$returl = isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : $INSTALLER09['baseurl'] . "/login.php";
$returl = str_replace('&', '&', $returl);
if (isset($_SESSION['HTTP_USER_AGENT']) && $_SESSION['HTTP_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) {
stderr("Error", "Please resubmit the form. <a href='" . $returl . "'>Click HERE</a>", false);
}
if (isset($_SESSION['Task']) && $_SESSION['Task'] != md5('user_id:' . $CURUSER['id'] . '::taskname-' . $task_name . '::' . $_SESSION['Task_Time'])) {
stderr("Error", "Please resubmit the form. <a href='" . $returl . "'>Click HERE</a>", false);
}
$this->create();
}
function bark($text = 'Username or password incorrect')
{
global $lang, $INSTALLER09, $mc1;
$sha = sha1($_SERVER['REMOTE_ADDR']);
$dict_key = 'dictbreaker:::' . $sha;
$flood = $mc1->get_value($dict_key);
if ($flood === false) {
$mc1->cache_value($dict_key, 'flood_check', 20);
} else {
die('Minimum 8 seconds between login attempts :)');
}
stderr($lang['tlogin_failed'], $text);
}
function check_admins($flag = true, $usertypes = "")
{
//$flag=false 表示是否为论坛版主,否则为各等级管理员;
global $lang_signin;
global $CURUSER;
if ($flag) {
if (get_user_class() < 12) {
stderr($lang_signin['std_sorry'], $lang_signin['std_permission_denied_only'] . get_user_class_name(12, false, true, true) . $lang_signin['std_or_above_can_view'], false, false, true, true);
}
} elseif ($usertypes == "admin") {
if (get_user_class() < 14) {
stderr($lang_signin['std_sorry'], $lang_signin['std_permission_denied_onlyadmin'] . get_user_class_name(14, false, true, true) . $lang_signin['std_or_admin_can_view'], false, false, true, true);
}
return true;
//不是管理员
} elseif ($usertypes == "forumman") {
//以下内容不在等级系统中
$mysql = "SELECT * FROM forummods WHERE forummods.userid = '" . $CURUSER['id'] . "'";
$res = mysql_query($mysql);
if ("" == mysql_fetch_array($res)) {
return false;
//bu是论坛版主
}
return true;
//确实是论坛版主
} elseif ($usertypes == "picker") {
$mysql = "SELECT * FROM users WHERE users.id = '" . $CURUSER['id'] . "' and users.picker = 'yes'";
$res = mysql_query($mysql);
if ("" == mysql_fetch_array($res)) {
return false;
//不是保种员
}
return true;
//确实是保种员
} elseif ($usertypes == "support") {
$mysql = "SELECT * FROM users WHERE users.id = '" . $CURUSER['id'] . "' and users.support = 'yes'";
$res = mysql_query($mysql);
if ("" == mysql_fetch_array($res)) {
return false;
//不是保种员
}
return true;
//确实是保种员
}
}
function validusername($username)
{
global $lang;
if ($username == "") {
return false;
}
$namelength = strlen($username);
if ($namelength < 3 or $namelength > 32) {
stderr($lang['takesignup_user_error'], $lang['takesignup_username_length']);
}
// The following characters are allowed in user names
$allowedchars = $lang['takesignup_allowed_chars'];
for ($i = 0; $i < $namelength; ++$i) {
if (strpos($allowedchars, $username[$i]) === false) {
return false;
}
}
return true;
}
function takereport($reportid, $type, $reason)
{
global $CURUSER, $lang_report, $Cache;
int_check($reportid);
// Check if takereason is set
if ($reason == '') {
stderr($lang_report['std_error'], $lang_report['std_missing_reason']);
die;
}
$res = sql_query("SELECT id FROM reports WHERE addedby = " . sqlesc($CURUSER[id]) . " AND reportid= " . sqlesc($reportid) . " AND type = " . sqlesc($type)) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0) {
$date = sqlesc(date("Y-m-d H:i:s"));
sql_query("INSERT into reports (addedby,reportid,type,reason,added) VALUES (" . sqlesc($CURUSER[id]) . "," . sqlesc($reportid) . "," . sqlesc($type) . ", " . sqlesc(trim($reason)) . "," . $date . ")") or sqlerr(__FILE__, __LINE__);
$Cache->delete_value('staff_report_count');
$Cache->delete_value('staff_new_report_count');
stderr($lang_report['std_message'], $lang_report['std_successfully_reported']);
die;
} else {
stderr($lang_report['std_error'], $lang_report['std_already_reported_this']);
die;
}
}
}
if (isset($_POST["unit"])) {
if ($openbet >= $maxusrbet) {
stderr($lang['gl_sorry'], "{$lang['casino_there_are_already']} " . htmlsafechars($openbet) . " {$lang['casino_bets_open_take_an_open_bet']} !");
}
if ($nobits <= 0) {
stderr($lang['gl_sorry'], " {$lang['casino_this_wont_work_enter_a_pos_val']}?");
}
if ($nobits == ".") {
stderr($lang['gl_sorry'], " {$lang['casino_this_wont_work_enter_without_a_dec']}?");
}
$newups = $CURUSER['uploaded'] - $nobits;
$debt = $nobits - $CURUSER['uploaded'];
if ($CURUSER['uploaded'] < $nobits) {
if ($alwdebt != 1) {
stderr($lang['gl_sorry'], "<h2>{$lang['casino_thats']} " . htmlsafechars(mksize($debt)) . " {$lang['casino_more_than_you_got']}!</h2>{$goback}");
}
}
$betsp = sql_query("SELECT id, amount FROM casino_bets WHERE userid = " . sqlesc($CURUSER['id']) . " ORDER BY time ASC") or sqlerr(__FILE__, __LINE__);
$tbet2 = mysqli_fetch_row($betsp);
$dummy = "<h2>{$lang['casino_bet_added_you_will_receive_a_pm_notify']}</h2>";
$user = $CURUSER['username'];
$bet = mksize($nobits);
$message = "[color=green][b]{$user}[/b][/color] {$lang['casino_has_just_placed_a']} [color=red][b]{$bet}[/b][/color] {$lang['casino_bet_in_the_casino']}";
$messages = "{$user} {$lang['casino_has_just_placed_a']} {$bet} {$lang['casino_bet_in_the_casino']}";
sql_query("INSERT INTO casino_bets ( userid, proposed, challenged, amount, time) VALUES (" . sqlesc($CURUSER['id']) . "," . sqlesc($CURUSER['username']) . ", 'empty', {$nobits}, {$time})") or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE users SET uploaded = " . sqlesc($newups) . " WHERE id = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
sql_query("UPDATE casino SET deposit = deposit + " . sqlesc($nobits) . " WHERE userid = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
$update['uploaded'] = $newups;
//==stats
$mc1->begin_transaction('userstats_' . $CURUSER['id']);
$id = 0 + $_GET["id"];
$points = 0 + $_GET["points"];
if (!is_valid_id($id) || !is_valid_id($points)) {
die;
}
$pointscangive = array("10", "20", "50", "100", "200", "500", "1000");
if (!in_array($points, $pointscangive)) {
stderr("Error", "You can't give that amount of points!!!");
}
$sdsa = mysql_query("SELECT 1 FROM coins WHERE torrentid=" . sqlesc($id) . " AND userid =" . sqlesc($CURUSER["id"])) or die;
$asdd = mysql_fetch_array($sdsa);
if ($asdd) {
stderr("Error", "You already gave points to this torrent.");
}
$res = mysql_query("SELECT owner,name FROM torrents WHERE id = " . sqlesc($id)) or die;
$row = mysql_fetch_assoc($res) or stderr("Error", "Torrent was not found");
$userid = $row["owner"];
if ($userid == $CURUSER["id"]) {
stderr("Error", "You can't give your self points!");
}
if ($CURUSER["seedbonus"] < $points) {
stderr("Error", "You dont have enough points");
}
mysql_query("INSERT INTO coins (userid, torrentid, points) VALUES (" . sqlesc($CURUSER["id"]) . ", " . sqlesc($id) . ", " . sqlesc($points) . ")") or sqlerr(__FILE__, __LINE__);
mysql_query("UPDATE users SET seedbonus=seedbonus+" . $points . " WHERE id=" . sqlesc($userid)) or sqlerr(__FILE__, __LINE__);
mysql_query("UPDATE users SET seedbonus=seedbonus-" . $points . " WHERE id=" . sqlesc($CURUSER["id"])) or sqlerr(__FILE__, __LINE__);
mysql_query("UPDATE torrents SET points=points+" . $points . " WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$msg = sqlesc("You have been given " . $points . " points by " . $CURUSER["username"] . " for torrent [url=" . $TBDEV['baseurl'] . "/details.php?id=" . $id . "]" . $row["name"] . "[/url].");
mysql_query("INSERT INTO messages (sender, receiver, msg, added, subject) VALUES(0, {$userid}, {$msg}, " . sqlesc(time()) . ", 'You have been given a gift')") or sqlerr(__FILE__, __LINE__);
stderr("Done", "Successfully gave points to this torrent.");
$request = isset($_POST['requesttitle']) ? $_POST['requesttitle'] : '';
if ($request == '') {
stderr("{$lang['error_error']}", "{$lang['error_title']}");
}
$cat = isset($_POST['category']) ? (int) $_POST['category'] : 0;
if (!is_valid_id($cat)) {
stderr("{$lang['error_error']}", "{$lang['error_cat']}");
}
$descrmain = isset($_POST['body']) ? $_POST['body'] : '';
if (!$descrmain) {
stderr("{$lang['error_error']}", "{$lang['error_descr']}");
}
$pic = '';
if (!empty($_POST['picture'])) {
if (!preg_match('/^https?:\\/\\/([a-zA-Z0-9\\-\\_]+\\.)+([a-zA-Z]{1,5}[^\\.])(\\/[^<>]+)+\\.(jpg|jpeg|gif|png|tif|tiff|bmp)$/i', $_POST['picture'])) {
stderr("{$lang['error_error']}", "{$lang['error_image']}");
}
$picture = $_POST['picture'];
// $picture2 = trim(urldecode($_POST['picture']));
// $headers = get_headers($picture2);
// if (strpos($headers[0], '200') === false)
// $picture = $INSTALLER09['baseurl'].'/pic/notfound.png';
$pic = "[img]" . $picture . "[/img]\n";
}
$descr = "{$pic}";
$descr .= "{$descrmain}";
$request2 = sqlesc($request);
$descr = sqlesc($descr);
sql_query("INSERT INTO requests (hits, userid, cat, request, descr, added) VALUES(1,{$CURUSER['id']}, {$cat}, {$request2}, {$descr}, " . TIME_NOW . ")") or sqlerr(__FILE__, __LINE__);
$id = mysql_insert_id();
sql_query("INSERT INTO voted_requests VALUES(0, {$id}, {$CURUSER['id']})") or sqlerr();
if ($CURUSER["downloaded"] > 0) {
$ratio = number_format($CURUSER["uploaded"] / $CURUSER["downloaded"], 3);
} elseif ($CURUSER["uploaded"] > 0) {
$ratio = 999;
} else {
$ratio = 0;
}
if ($INSTALLER09['ratio_free'] === false && $ratio < $required_ratio) {
stderr("Sorry " . $CURUSER["username"], "Your ratio is lower than the requirement of " . $required_ratio . "%.");
}
$res = sql_query("SELECT status, gameover FROM blackjack WHERE userid = " . sqlesc($CURUSER['id']));
$arr = mysqli_fetch_assoc($res);
if ($arr['status'] == 'waiting') {
stderr("Sorry", "You'll have to wait until your last game completes before you play a new one.");
} elseif ($arr['status'] == 'playing') {
stderr("Sorry", "You must finish your old game first.<form method='post' action='" . $_SERVER['PHP_SELF'] . "'><input type='hidden' name='game' value='hit' readonly='readonly' /><input type='hidden' name='continue' value='yes' readonly='readonly' /><input type='submit' value='Continue old game' /></form>");
}
cheater_check($arr['gameover'] == 'yes');
$cardids = array();
for ($i = 0; $i <= 1; $i++) {
$cardids[] = rand(1, $cardcount);
}
foreach ($cardids as $cardid) {
while (in_array($cardid, $cardids)) {
$cardid = rand(1, $cardcount);
}
$cardres = sql_query("SELECT points, pic FROM cards WHERE id='{$cardid}'");
$cardarr = mysqli_fetch_assoc($cardres);
if ($cardarr["points"] > 1) {
$points += $cardarr["points"];
} else {
if ($expiry == $x[0]) {
$flag = 1;
}
}
if (!isset($flag)) {
stderr('Error', 'Invalid expiry selection');
}
$expires = TIME_NOW + 86400 * $expiry;
// 86400 seconds in one day.
$created = TIME_NOW;
$query = sprintf('INSERT INTO announcement_main ' . '(owner_id, created, expires, sql_query, subject, body) ' . 'VALUES (%s, %s, %s, %s, %s, %s)', sqlesc($CURUSER['id']), sqlesc($created), sqlesc($expires), sqlesc($ann_query), sqlesc($subject), sqlesc($body));
sql_query($query);
if (mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
stderr('Success', 'Announcement was successfully created');
}
stderr('Error', 'Contact an administrator');
}
echo stdhead("Create Announcement", false);
$HTMLOUT = "";
$HTMLOUT .= "<table class='main' width='750' border='0' cellspacing='0' cellpadding='0'>\r\n \t<tr>\r\n \t<td class='embedded'><div align='center'>\r\n \t<h1>Create Announcement for " . $n_pms . " user" . ($n_pms > 1 ? 's' : '') . " !</h1>";
$HTMLOUT .= "<form name='compose' method='post' action='{$INSTALLER09['baseurl']}/new_announcement.php'>\r\n \t<table border='1' cellspacing='0' cellpadding='5'>\r\n \t<tr>\r\n \t<td colspan='2'><b>Subject: </b>\r\n \t<input name='subject' type='text' size='76' value='" . htmlsafechars($subject) . "' /></td>\r\n \t</tr>\r\n \t<tr><td colspan='2'><div align='center'>\r\n " . textbbcode("compose", "msg", $body) . "\r\n </div></td></tr>";
$HTMLOUT .= "<tr><td colspan='2' align='center'>";
$HTMLOUT .= "<select name='expiry'>";
reset($days);
foreach ($days as $x) {
$HTMLOUT .= '<option value="' . $x[0] . '"' . ($expiry == $x[0] ? '' : '') . '>' . $x[1] . '</option>';
}
$HTMLOUT .= "</select>\r\n\r\n \t<input type='submit' name='buttonval' value='Preview' class='btn' />\r\n \t<input type='submit' name='buttonval' value='Submit' class='btn' />\r\n \t</td></tr></table>\r\n \t<input type='hidden' name='n_pms' value='" . $n_pms . "' />\r\n \t<input type='hidden' name='ann_query' value='" . $ann_query . "' />\r\n \t<input type='hidden' name='ann_hash' value='" . $ann_hash . "' />\r\n \t</form><br /><br />\r\n \t</div></td></tr></table>";
if ($body) {
$newtime = TIME_NOW + 86400 * $expiry;
$HTMLOUT .= "<table width='700' class='main' border='0' cellspacing='1' cellpadding='1'>\r\n \t<tr><td bgcolor='#663366' align='center' valign='baseline'><h2><font color='white'>Announcement: \r\n \t" . htmlsafechars($subject) . "</font></h2></td></tr>\r\n \t<tr><td class='text'>\r\n \t" . format_comment($body) . "<br /><hr />Expires: " . get_date($newtime, 'DATE') . "";
function result_screen($mode = 'reg')
{
global $INSTALLER09, $inbound, $month_names, $lang;
$page_title = $lang['stats_ex_center_result'];
$page_detail = " ";
if (!checkdate($inbound['to_month'], $inbound['to_day'], $inbound['to_year'])) {
stderr($lang['stats_ex_ustderr'], $lang['stats_ex_ustderr1']);
}
if (!checkdate($inbound['from_month'], $inbound['from_day'], $inbound['from_year'])) {
stderr($lang['stats_ex_ustderr'], $lang['stats_ex_dstderr']);
}
$to_time = mktime(0, 0, 0, $inbound['to_month'], $inbound['to_day'], $inbound['to_year']);
$from_time = mktime(0, 0, 0, $inbound['from_month'], $inbound['from_day'], $inbound['from_year']);
$human_to_date = getdate($to_time);
$human_from_date = getdate($from_time);
if ($mode == 'reg') {
$table = $lang['stats_ex_registr'];
$sql_table = 'users';
$sql_field = 'added';
$page_detail = $lang['stats_ex_rdetails'];
} else {
if ($mode == 'topic') {
$table = $lang['stats_ex_newtopicst'];
$sql_table = 'topics';
$sql_field = 'added';
$page_detail = $lang['stats_ex_topdetails'];
} else {
if ($mode == 'post') {
$table = $lang['stats_ex_poststs'];
$sql_table = 'posts';
$sql_field = 'added';
$page_detail = $lang['stats_ex_postdetails'];
} else {
if ($mode == 'msg') {
$table = $lang['stats_ex_pmsts'];
$sql_table = 'messages';
$sql_field = 'added';
$page_detail = $lang['stats_ex_pmdetails'];
} else {
if ($mode == 'comms') {
$table = $lang['stats_ex_comsts'];
$sql_table = 'comments';
$sql_field = 'added';
$page_detail = $lang['stats_ex_cdetails'];
} else {
if ($mode == 'torrents') {
$table = $lang['stats_ex_torrsts'];
$sql_table = 'torrents';
$sql_field = 'added';
$page_detail = $lang['stats_ex_tordetails'];
} else {
if ($mode == 'reps') {
$table = $lang['stats_ex_repsts'];
$sql_table = 'reputation';
$sql_field = 'dateadd';
$page_detail = $lang['stats_ex_repdetails'];
}
}
}
}
}
}
}
switch ($inbound['timescale']) {
case 'daily':
$sql_date = "%w %U %m %Y";
$php_date = "F jS - Y";
break;
case 'monthly':
$sql_date = "%m %Y";
$php_date = "F Y";
break;
default:
// weekly
$sql_date = "%U %Y";
$php_date = " [F Y]";
break;
}
$sort_by = $inbound['sortby'] == 'DESC' ? 'DESC' : 'ASC';
$sql = array('from_time' => $from_time, 'to_time' => $to_time, 'sortby' => $sort_by, 'sql_field' => $sql_field, 'sql_table' => $sql_table, 'sql_date' => $sql_date);
$q1 = sql_query("SELECT MAX({$sql['sql_field']}) as result_maxdate,\n\t\t\t\t COUNT(*) as result_count,\n\t\t\t\t DATE_FORMAT(from_unixtime({$sql['sql_field']}),'{$sql['sql_date']}') AS result_time\n\t\t\t\t FROM {$sql['sql_table']}\n\t\t\t\t WHERE {$sql['sql_field']} > '{$sql['from_time']}'\n\t\t\t\t AND {$sql['sql_field']} < '{$sql['to_time']}'\n\t\t\t\t GROUP BY result_time\n\t\t\t\t ORDER BY {$sql['sql_field']} {$sql['sortby']}");
$running_total = 0;
$max_result = 0;
$results = array();
$heading = ucfirst($inbound['timescale']) . " {$table} ({$human_from_date['mday']} {$month_names[$human_from_date['mon']]} {$human_from_date['year']} to {$human_to_date['mday']} {$month_names[$human_to_date['mon']]} {$human_to_date['year']})";
$menu = make_side_menu();
$htmlout = "<div>\n <div class='row'><div class='col-md-12'><h2 class='text-center'>{$lang['stats_ex_center']}</h2></div></div><br>\n <div class='row'><div class='col-md-12'>{$menu}</div></div><br>\n <div class='row'><div class='col-md-12'><table class='table table-bordered'>\n\t\t<tr>\n <td colspan='3' align='left'>{$heading}<br />{$page_detail}</td>\n </tr><tr>\n <td>{$lang['stats_ex_date']}</td>\n <td>{$lang['stats_ex_result']}</td>\n <td>{$lang['stats_ex_count']}</td>\n </tr>";
if (mysqli_num_rows($q1)) {
while ($row = mysqli_fetch_assoc($q1)) {
if ($row['result_count'] > $max_result) {
$max_result = $row['result_count'];
}
$running_total += $row['result_count'];
$results[] = array('result_maxdate' => $row['result_maxdate'], 'result_count' => $row['result_count'], 'result_time' => $row['result_time']);
}
foreach ($results as $data) {
$img_width = intval($data['result_count'] / $max_result * 100 - 8);
if ($img_width < 1) {
$img_width = 1;
}
$img_width .= '%';
if ($inbound['timescale'] == 'weekly') {
$date = "Week #" . strftime("%W", $data['result_maxdate']) . date($php_date, $data['result_maxdate']);
} else {
$date = date($php_date, $data['result_maxdate']);
}
$htmlout .= "<tr>\n \t\t\t<td>{$date}</td>\n \t\t\t<td><img src='{$INSTALLER09['pic_base_url']}/bar_left.gif' border='0' width='4' height='11' align='middle' alt='' /><img src='{$INSTALLER09['pic_base_url']}/bar.gif' border='0' width='{$img_width}' height='11' align='middle' alt='' /><img src='{$INSTALLER09['pic_base_url']}/bar_right.gif' border='0' width='4' height='11' align='middle' alt='' /></td>\n\t\t\t\t\t<td>{$data['result_count']}</td>\n\t\t\t\t\t</tr>";
}
$htmlout .= "<tr>\n<td> </td>\n<td><div align='right'><b>{$lang['stats_ex_total']}</b></div></td>\n<td><b>{$running_total}</b></td>\n</tr>";
} else {
$htmlout .= "<tr><td colspan='3' align='center'>{$lang['stats_ex_noresult']}</td></tr>";
}
$htmlout .= '</table></div></div>';
echo stdhead($page_title) . $htmlout . stdfoot();
}
$passupdated = 1;
}
if ($disableemailchange != 'no' && $smtptype != 'none' && $email != $CURUSER["email"]) {
if (EmailBanned($email)) {
bark($lang_usercp['std_email_address_banned']);
}
if (!EmailAllowed($email)) {
bark($lang_usercp['std_wrong_email_address_domains'] . allowedemails());
}
if (!validemail($email)) {
stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0);
die;
}
$r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
if (mysql_num_rows($r) > 0) {
stderr($lang_usercp['std_error'], $lang_usercp['std_email_in_use'] . goback("-2"), 0);
die;
}
$changedemail = 1;
}
if ($resetpasskey == 1) {
$passkey = md5($CURUSER['username'] . date("Y-m-d H:i:s") . $CURUSER['passhash']);
$updateset[] = "passkey = " . sqlesc($passkey);
}
if ($changedemail == 1) {
$sec = mksecret();
$hash = md5($sec . $email . $sec);
$obemail = rawurlencode($email);
$updateset[] = "editsecret = " . sqlesc($sec);
$subject = "{$SITENAME}" . $lang_usercp['mail_profile_change_confirmation'];
$body = <<<EOD
$sub = "Warn removed";
$body = "Hey, your warning was removed by " . $CURUSER["username"] . "\nPlease keep in your best behaviour from now on.";
$mc1->delete_value('user' . $_uids);
$mc1->delete_value('MyUser_' . $_uids);
$pms = array();
foreach ($_uids as $id) {
$pms[] = "(0," . $id . "," . sqlesc($sub) . "," . sqlesc($body) . "," . sqlesc(time()) . ")";
}
if (count($pms)) {
$g = sql_query("INSERT INTO messages(sender,receiver,subject,msg,added) VALUE " . join(",", $pms)) or $q_err = mysql_error();
$q1 = sql_query("UPDATE users set warned='0', modcomment=CONCAT(" . sqlesc(get_date(time(), 'DATE', 1) . " - Warning removed by " . $CURUSER['username'] . "\n") . ",modcomment) WHERE id IN (" . join(",", $_uids) . ")") or $q2_err = mysql_error();
if ($g && $q1) {
header("Refresh: 2; url=" . $r);
stderr("Success", count($pms) . " user" . (count($pms) > 1 ? "s" : "") . " unwarned");
} else {
stderr("Err", "Something went wrong! Q1 - " . $q_err . "<br />Q2 - " . $q2_err);
}
}
}
exit;
}
switch ($do) {
case "disabled":
$query = "SELECT id,username, class, downloaded, uploaded, IF(downloaded>0, round((uploaded/downloaded),2), '---') as ratio, disable_reason, added, last_access FROM users WHERE enabled='no' ORDER BY last_access DESC ";
$title = "Disabled users";
$link = "<a href=\"staffpanel.php?tool=warn&action=warn&?do=warned\">warned users</a>";
break;
case "warned":
$query = "SELECT id, username, class, downloaded, uploaded, IF(downloaded>0, round((uploaded/downloaded),2), '---') as ratio, warn_reason, warned, added, last_access FROM users WHERE warned>='1' ORDER BY last_access DESC, warned DESC ";
$title = "Warned users";
$link = "<a href=\"staffpanel.php?tool=warn&action=warn&do=disabled\">disabled users</a>";
$HTMLOUT = '';
$HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\t\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n\t\t<html xmlns='http://www.w3.org/1999/xhtml'>\n\t\t<head>\n\t\t<title>Error!</title>\n\t\t</head>\n\t\t<body>\n\t<div style='font-size:33px;color:white;background-color:red;text-align:center;'>Incorrect access<br />You cannot access this file directly.</div>\n\t</body></html>";
echo $HTMLOUT;
exit;
}
require_once INCL_DIR . 'user_functions.php';
require_once INCL_DIR . 'html_functions.php';
require_once INCL_DIR . 'pager_functions.php';
require_once CLASS_DIR . 'class_check.php';
$class = get_access(basename($_SERVER['REQUEST_URI']));
class_check($class);
$lang = array_merge($lang, load_language('cheaters'));
$HTMLOUT = "";
if (isset($_POST["nowarned"]) && $_POST["nowarned"] == "nowarned") {
if (empty($_POST["desact"]) && empty($_POST["remove"])) {
stderr($lang['cheaters_err'], $lang['cheaters_seluser']);
}
if (!empty($_POST["remove"])) {
sql_query("DELETE FROM cheaters WHERE id IN (" . implode(", ", array_map("sqlesc", $_POST["remove"])) . ")") or sqlerr(__FILE__, __LINE__);
}
if (!empty($_POST["desact"])) {
sql_query("UPDATE users SET enabled = 'no' WHERE id IN (" . implode(", ", array_map("sqlesc", $_POST["desact"])) . ")") or sqlerr(__FILE__, __LINE__);
}
}
$HTMLOUT .= "<div class='row'><div class='col-md-12'>";
$HTMLOUT .= "<h2>{$lang['cheaters_users']}</h2>";
$res = sql_query("SELECT COUNT(*) FROM cheaters") or sqlerr(__FILE__, __LINE__);
$row = mysqli_fetch_array($res);
$count = $row[0];
$perpage = 15;
$pager = pager($perpage, $count, "staffpanel.php?tool=cheaters&action=cheaters&");
}
$id = intval($_GET['uid']);
$md5 = $_GET['key'];
$email = urldecode($_GET['email']);
if (!validemail($email)) {
stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_false_email']}");
}
dbconn();
$res = sql_query("SELECT editsecret FROM users WHERE id =" . sqlesc($id));
$row = mysqli_fetch_assoc($res);
if (!$row) {
stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}");
}
$sec = $row['editsecret'];
if (preg_match('/^ *$/s', $sec)) {
stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}");
}
if ($md5 != md5($sec . $email . $sec)) {
stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}");
}
sql_query("UPDATE users SET editsecret='', email=" . sqlesc($email) . " WHERE id=" . sqlesc($id) . " AND editsecret=" . sqlesc($row["editsecret"]));
$mc1->begin_transaction('MyUser_' . $id);
$mc1->update_row(false, array('editsecret' => '', 'email' => $email));
$mc1->commit_transaction($INSTALLER09['expires']['curuser']);
$mc1->begin_transaction('user' . $id);
$mc1->update_row(false, array('editsecret' => '', 'email' => $email));
$mc1->commit_transaction($INSTALLER09['expires']['user_cache']);
if (!mysqli_affected_rows($GLOBALS["___mysqli_ston"])) {
stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}");
}
header("Refresh: 0; url={$INSTALLER09['baseurl']}/usercp.php?action=security&emailch=1");
} else {
$ratio = 0;
}
}
if ($ratio < $required_ratio) {
stderr("Sorry " . $CURUSER["username"], "Your ratio is lower than the requirement of " . $required_ratio . "%.");
}
$res = sql_query("select count(*) from blackjack where userid={$CURUSER['id']} and status='waiting'");
$arr = mysql_fetch_array($res);
if ($arr[0] > 0) {
stderr("Sorry", "You'll have to wait until your last game completes before you play a new one.");
} else {
$res = sql_query("select count(*) from blackjack where userid={$CURUSER['id']} and status='playing'");
$arr = mysql_fetch_array($res);
if ($arr[0] > 0) {
stderr("Sorry", "You must finish your old game first. <form method=post name=form action={$phpself}><input type=hidden name=game value=cont><input type=submit value=' Continue old game '></form>", false);
}
}
$cardid = rand(1, $cardcount);
$cardres = sql_query("select * from cards where id={$cardid}") or sqlerr(__FILE__, __LINE__);
$cardarr = mysql_fetch_array($cardres);
if ($cardarr[points] == 1) {
$cardarr[points] = 11;
}
sql_query("insert into blackjack (userid, points, cards, date) values({$CURUSER['id']}, {$cardarr['points']}, {$cardid}, {$now})") or sqlerr(__FILE__, __LINE__);
stdhead("Blackjack");
echo "<h1>Welcome, <a href=userdetails.php?id={$CURUSER['id']}>{$CURUSER['username']}</a>!</h1>\n";
echo "<table cellspacing=0 cellpadding=3 width=600>\n";
echo "<tr><td colspan=2 cellspacing=0 cellpadding=5 >";
echo "<form name=blackjack method=post action={$phpself}>";
echo "<table class=message width=100% cellspacing=0 cellpadding=5 bgcolor=black>\n";
if ($arr["owner"] == $CURUSER["id"] || $CURUSER['class'] > UC_MODERATOR) {
$HTMLOUT .= "<a href='subtitles.php?mode=edit&id=" . $arr["id"] . "'><img src='pic/edit.png' alt='Edit Sub' title='Edit Sub' style='border:none;padding:2px;' /></a>\n<a href='subtitles.php?mode=delete&id=" . (int) $arr["id"] . "'><img src='pic/drop.png' alt='Delete Sub' title='Delete Sub' style='border:none;padding:2px;' /></a>";
}
$HTMLOUT .= "</td></tr>\n<tr><td align='left'>Added : <b>" . get_date($arr["added"], 'LONG', 0, 1) . "</b></td></tr>\n</table>";
$HTMLOUT .= end_main_frame();
echo stdhead("Details for " . htmlsafechars($arr["name"]) . "") . $HTMLOUT . stdfoot();
}
} elseif ($mode == "preview") {
$id = isset($_GET["id"]) ? 0 + $_GET["id"] : 0;
if ($id == 0) {
stderr("Err", "Not a valid id");
} else {
$res = sql_query("SELECT id, name,filename FROM subtitles WHERE id={$id} ") or sqlerr(__FILE__, __LINE__);
$arr = mysqli_fetch_assoc($res);
if (mysqli_num_rows($res) == 0) {
stderr("Sorry", "There is no subtitle with that id");
}
$file = $INSTALLER09['sub_up_dir'] . "/" . $arr["filename"];
$fileContent = file_get_contents($file);
$HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\t\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n\t\t<html xmlns='http://www.w3.org/1999/xhtml'>\n\t\t<head>\n\t\t<title>Preview for - " . htmlsafechars($arr["name"]) . "</title>\n\t\t</head>\n\t\t<body>\n\t<div style='font-size:12px;color:black;background-color:#CCCCCC;'>Subtitle preview<br />" . htmlsafechars($fileContent) . "</div>\n\t</body></html>";
echo $HTMLOUT;
}
} else {
$HTMLOUT .= begin_frame();
$s = isset($_GET["s"]) ? htmlsafechars($_GET["s"]) : "";
$w = isset($_GET["w"]) ? htmlsafechars($_GET["w"]) : "";
if ($s && $w == "name") {
$where = "WHERE s.name LIKE " . sqlesc("%" . $s . "%");
} elseif ($s && $w == "imdb") {
$where = "WHERE s.imdb LIKE " . sqlesc("%" . $s . "%");
} elseif ($s && $w == "comment") {