function parked() { global $CURUSER; if ($CURUSER["parked"] == "yes") { stderr("Error", "<b>Your account is currently parked.</b>"); } }
function write_staffs2() { global $lang; //==ids $t = '$INSTALLER09'; $iconfigfile = "<" . "?php\n/**\n{$lang['staffcfg_file_created']}" . date('M d Y H:i:s') . ".\n{$lang['staffcfg_mod_by']}\n**/\n"; $ri = sql_query("SELECT id, username, class FROM users WHERE class BETWEEN " . UC_STAFF . " AND " . UC_MAX . " ORDER BY id ASC") or sqlerr(__FILE__, __LINE__); $iconfigfile .= "" . $t . "['allowed_staff']['id'] = array("; while ($ai = mysqli_fetch_assoc($ri)) { $ids[] = $ai['id']; $usernames[] = "'" . $ai["username"] . "' => 1"; } $iconfigfile .= "" . join(",", $ids); $iconfigfile .= ");"; $iconfigfile .= "\n?" . ">"; $filenum = fopen('./cache/staff_settings.php', 'w'); ftruncate($filenum, 0); fwrite($filenum, $iconfigfile); fclose($filenum); //==names $t = '$INSTALLER09'; $nconfigfile = "<" . "?php\n/**\n{$lang['staffcfg_file_created']}" . date('M d Y H:i:s') . ".\n{$lang['staffcfg_mod_by']}\n**/\n"; $nconfigfile .= "" . $t . "['staff']['allowed'] = array("; $nconfigfile .= "" . join(",", $usernames); $nconfigfile .= ");"; $nconfigfile .= "\n?" . ">"; $filenum1 = fopen('./cache/staff_settings2.php', 'w'); ftruncate($filenum1, 0); fwrite($filenum1, $nconfigfile); fclose($filenum1); stderr($lang['staffcfg_success'], $lang['staffcfg_updated']); }
function showLoginPasswordProtect($error_msg) { stderr("Admin Login", "\n\n<html>\n<head>\n <META HTTP-EQUIV=CACHE-CONTROL CONTENT=NO-CACHE>\n <META HTTP-EQUIV=PRAGMA CONTENT=NO-CACHE>\n</head>\n<body>\n <style>\n input { border: 1px solid black; }\n </style>\n<table align=center cellpadding=2 cellspacing=2 border=1 width=90%>\n<tr>\n<td align=center class=lista>\n <form method=post>\n\n\t<div><center><font color=red><b>\n\tYou are now entering a page that needs extra login details. Be sure\n\tthat you are entering the correct information</b></center></font></div>\n</td>\n</tr>\n</table>\n <br><div align=center><font color=red size=3><b>" . $error_msg . "</b></font></div><br>\n<table align=center class=lista border=0 cellpadding=10>\n<tr>\n<td class=embedded>\n<h2><center>Login Form</center></h2>\n<table align=center class=lista border=0 cellpadding=10>\n<tr>\n<td align=right class=header>Username:</td><td class=lista><input type=input name=access_login size=40 /></td></tr>\n<tr>\n<td align=right class=header>Password:</td>\n<td class=lista><input type=password name=access_password size=40 /></td>\n</tr>\n<tr>\n<td align=left class=header>Submit :</td>\n<td align=left class=lista><center><input type=submit name=Submit value=Enter /></center></td>\n</tr>\n</table>\n</table>\n </form>\n <br>\n </div>\n</body>\n</html>\n\n<?php\n "); stdfoot(); exit; // stop at this point die; }
function I_smell_a_rat($var) { if (0 + $var == 1) { $var = 0 + $var; } else { stderr($lang['bonus_error'], $lang['bonus_smellrat']); } }
function I_smell_a_rat($var) { if (0 + $var == 1) { $var = 0 + $var; } else { stderr("Error", "I smell a rat!"); } }
function addbookmark($torrentid) { global $CURUSER; if (get_row_count("bookmarks", "WHERE userid={$CURUSER['id']} AND torrentid = {$torrentid}") > 0) { stderr("Error", "Torrent already bookmarked"); } sql_query("INSERT INTO bookmarks (userid, torrentid) VALUES ({$CURUSER['id']}, {$torrentid})") or sqlerr(__FILE__, __LINE__); }
function check($id) { if (!is_valid_id($id)) { return stderr("Error", "Invalid ID"); } else { return true; } }
function validate($id) { global $lang; if (!is_valid_id($id)) { stderr($lang['failed_sorry'], "{$lang['failed_bad_id']}"); } else { return true; } }
function kaupa($PRI) { global $CURUSER, $lang; if ($PRI > $CURUSER['coins']) { stderr($lang['shop_error'], $lang['shop_notenn']); } else { sql_query("UPDATE users SET coins=coins-{$PRI} WHERE id={$CURUSER['id']}") or sqlerr(__FILE__, __LINE__); } }
function check_banned_emails($email) { $expl = explode("@", $email); $wildemail = "*@" . $expl[1]; /* Ban emails by x0r @tbdev.net */ $res = sql_query("SELECT id, comment FROM bannedemails WHERE email = " . sqlesc($email) . " OR email = " . sqlesc($wildemail) . "") or sqlerr(__FILE__, __LINE__); if ($arr = mysql_fetch_assoc($res)) { stderr("Sorry..", "This email address is banned!<br /><br /><strong>Reason</strong>: {$arr['comment']}", false); } }
function addbookmark($torrentid) { global $CURUSER, $mc1, $INSTALLER09; if (get_row_count("bookmarks", "WHERE userid=" . sqlesc($CURUSER['id']) . " AND torrentid = " . sqlesc($torrentid)) > 0) { stderr("Error", "Torrent already bookmarked"); } sql_query("INSERT INTO bookmarks (userid, torrentid) VALUES (" . sqlesc($CURUSER['id']) . ", " . sqlesc($torrentid) . ")") or sqlerr(__FILE__, __LINE__); $mc1->delete_value('bookmm_' . $CURUSER['id']); make_bookmarks($CURUSER['id'], 'bookmm_'); }
function parked() { global $CURUSER; if ($CURUSER["parked"] == "yes") { stderr("Error", "<b>Your account is currently parked.</b>"); } //require_once (CLASS_DIR . 'class_user_options.php'); //global $CURUSER; //if ($CURUSER['opt1'] & user_options::PARKED) stderr("Error", "<b>Your account is currently parked.</b>"); }
/** * https://github.com/Bigjoos/ * Licence Info: GPL * Copyright (C) 2010 U-232 v.3 * A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon. * Project Leaders: Mindless, putyn. * */ function check_banned_emails($email) { global $lang; $expl = explode("@", $email); $wildemail = "*@" . $expl[1]; /* Ban emails by x0r @tbdev.net */ $res = sql_query("SELECT id, comment FROM bannedemails WHERE email = " . sqlesc($email) . " OR email = " . sqlesc($wildemail)) or sqlerr(__FILE__, __LINE__); if ($arr = mysqli_fetch_assoc($res)) { stderr("{$lang['takesignup_user_error']}", "{$lang['takesignup_bannedmail']}" . htmlsafechars($arr['comment'])); } }
function check($task_name = 'Default') { global $CURUSER, $INSTALLER09, $lang, $_SESSION; $returl = isset($_SERVER['HTTP_REFERER']) ? htmlspecialchars($_SERVER['HTTP_REFERER']) : $INSTALLER09['baseurl'] . "/login.php"; $returl = str_replace('&', '&', $returl); if (isset($_SESSION['HTTP_USER_AGENT']) && $_SESSION['HTTP_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) { stderr("Error", "Please resubmit the form. <a href='" . $returl . "'>Click HERE</a>", false); } if (isset($_SESSION['Task']) && $_SESSION['Task'] != md5('user_id:' . $CURUSER['id'] . '::taskname-' . $task_name . '::' . $_SESSION['Task_Time'])) { stderr("Error", "Please resubmit the form. <a href='" . $returl . "'>Click HERE</a>", false); } $this->create(); }
function bark($text = 'Username or password incorrect') { global $lang, $INSTALLER09, $mc1; $sha = sha1($_SERVER['REMOTE_ADDR']); $dict_key = 'dictbreaker:::' . $sha; $flood = $mc1->get_value($dict_key); if ($flood === false) { $mc1->cache_value($dict_key, 'flood_check', 20); } else { die('Minimum 8 seconds between login attempts :)'); } stderr($lang['tlogin_failed'], $text); }
function check_admins($flag = true, $usertypes = "") { //$flag=false 表示是否为论坛版主,否则为各等级管理员; global $lang_signin; global $CURUSER; if ($flag) { if (get_user_class() < 12) { stderr($lang_signin['std_sorry'], $lang_signin['std_permission_denied_only'] . get_user_class_name(12, false, true, true) . $lang_signin['std_or_above_can_view'], false, false, true, true); } } elseif ($usertypes == "admin") { if (get_user_class() < 14) { stderr($lang_signin['std_sorry'], $lang_signin['std_permission_denied_onlyadmin'] . get_user_class_name(14, false, true, true) . $lang_signin['std_or_admin_can_view'], false, false, true, true); } return true; //不是管理员 } elseif ($usertypes == "forumman") { //以下内容不在等级系统中 $mysql = "SELECT * FROM forummods WHERE forummods.userid = '" . $CURUSER['id'] . "'"; $res = mysql_query($mysql); if ("" == mysql_fetch_array($res)) { return false; //bu是论坛版主 } return true; //确实是论坛版主 } elseif ($usertypes == "picker") { $mysql = "SELECT * FROM users WHERE users.id = '" . $CURUSER['id'] . "' and users.picker = 'yes'"; $res = mysql_query($mysql); if ("" == mysql_fetch_array($res)) { return false; //不是保种员 } return true; //确实是保种员 } elseif ($usertypes == "support") { $mysql = "SELECT * FROM users WHERE users.id = '" . $CURUSER['id'] . "' and users.support = 'yes'"; $res = mysql_query($mysql); if ("" == mysql_fetch_array($res)) { return false; //不是保种员 } return true; //确实是保种员 } }
function validusername($username) { global $lang; if ($username == "") { return false; } $namelength = strlen($username); if ($namelength < 3 or $namelength > 32) { stderr($lang['takesignup_user_error'], $lang['takesignup_username_length']); } // The following characters are allowed in user names $allowedchars = $lang['takesignup_allowed_chars']; for ($i = 0; $i < $namelength; ++$i) { if (strpos($allowedchars, $username[$i]) === false) { return false; } } return true; }
function takereport($reportid, $type, $reason) { global $CURUSER, $lang_report, $Cache; int_check($reportid); // Check if takereason is set if ($reason == '') { stderr($lang_report['std_error'], $lang_report['std_missing_reason']); die; } $res = sql_query("SELECT id FROM reports WHERE addedby = " . sqlesc($CURUSER[id]) . " AND reportid= " . sqlesc($reportid) . " AND type = " . sqlesc($type)) or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) { $date = sqlesc(date("Y-m-d H:i:s")); sql_query("INSERT into reports (addedby,reportid,type,reason,added) VALUES (" . sqlesc($CURUSER[id]) . "," . sqlesc($reportid) . "," . sqlesc($type) . ", " . sqlesc(trim($reason)) . "," . $date . ")") or sqlerr(__FILE__, __LINE__); $Cache->delete_value('staff_report_count'); $Cache->delete_value('staff_new_report_count'); stderr($lang_report['std_message'], $lang_report['std_successfully_reported']); die; } else { stderr($lang_report['std_error'], $lang_report['std_already_reported_this']); die; } }
} if (isset($_POST["unit"])) { if ($openbet >= $maxusrbet) { stderr($lang['gl_sorry'], "{$lang['casino_there_are_already']} " . htmlsafechars($openbet) . " {$lang['casino_bets_open_take_an_open_bet']} !"); } if ($nobits <= 0) { stderr($lang['gl_sorry'], " {$lang['casino_this_wont_work_enter_a_pos_val']}?"); } if ($nobits == ".") { stderr($lang['gl_sorry'], " {$lang['casino_this_wont_work_enter_without_a_dec']}?"); } $newups = $CURUSER['uploaded'] - $nobits; $debt = $nobits - $CURUSER['uploaded']; if ($CURUSER['uploaded'] < $nobits) { if ($alwdebt != 1) { stderr($lang['gl_sorry'], "<h2>{$lang['casino_thats']} " . htmlsafechars(mksize($debt)) . " {$lang['casino_more_than_you_got']}!</h2>{$goback}"); } } $betsp = sql_query("SELECT id, amount FROM casino_bets WHERE userid = " . sqlesc($CURUSER['id']) . " ORDER BY time ASC") or sqlerr(__FILE__, __LINE__); $tbet2 = mysqli_fetch_row($betsp); $dummy = "<h2>{$lang['casino_bet_added_you_will_receive_a_pm_notify']}</h2>"; $user = $CURUSER['username']; $bet = mksize($nobits); $message = "[color=green][b]{$user}[/b][/color] {$lang['casino_has_just_placed_a']} [color=red][b]{$bet}[/b][/color] {$lang['casino_bet_in_the_casino']}"; $messages = "{$user} {$lang['casino_has_just_placed_a']} {$bet} {$lang['casino_bet_in_the_casino']}"; sql_query("INSERT INTO casino_bets ( userid, proposed, challenged, amount, time) VALUES (" . sqlesc($CURUSER['id']) . "," . sqlesc($CURUSER['username']) . ", 'empty', {$nobits}, {$time})") or sqlerr(__FILE__, __LINE__); sql_query("UPDATE users SET uploaded = " . sqlesc($newups) . " WHERE id = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__); sql_query("UPDATE casino SET deposit = deposit + " . sqlesc($nobits) . " WHERE userid = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__); $update['uploaded'] = $newups; //==stats $mc1->begin_transaction('userstats_' . $CURUSER['id']);
$id = 0 + $_GET["id"]; $points = 0 + $_GET["points"]; if (!is_valid_id($id) || !is_valid_id($points)) { die; } $pointscangive = array("10", "20", "50", "100", "200", "500", "1000"); if (!in_array($points, $pointscangive)) { stderr("Error", "You can't give that amount of points!!!"); } $sdsa = mysql_query("SELECT 1 FROM coins WHERE torrentid=" . sqlesc($id) . " AND userid =" . sqlesc($CURUSER["id"])) or die; $asdd = mysql_fetch_array($sdsa); if ($asdd) { stderr("Error", "You already gave points to this torrent."); } $res = mysql_query("SELECT owner,name FROM torrents WHERE id = " . sqlesc($id)) or die; $row = mysql_fetch_assoc($res) or stderr("Error", "Torrent was not found"); $userid = $row["owner"]; if ($userid == $CURUSER["id"]) { stderr("Error", "You can't give your self points!"); } if ($CURUSER["seedbonus"] < $points) { stderr("Error", "You dont have enough points"); } mysql_query("INSERT INTO coins (userid, torrentid, points) VALUES (" . sqlesc($CURUSER["id"]) . ", " . sqlesc($id) . ", " . sqlesc($points) . ")") or sqlerr(__FILE__, __LINE__); mysql_query("UPDATE users SET seedbonus=seedbonus+" . $points . " WHERE id=" . sqlesc($userid)) or sqlerr(__FILE__, __LINE__); mysql_query("UPDATE users SET seedbonus=seedbonus-" . $points . " WHERE id=" . sqlesc($CURUSER["id"])) or sqlerr(__FILE__, __LINE__); mysql_query("UPDATE torrents SET points=points+" . $points . " WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__); $msg = sqlesc("You have been given " . $points . " points by " . $CURUSER["username"] . " for torrent [url=" . $TBDEV['baseurl'] . "/details.php?id=" . $id . "]" . $row["name"] . "[/url]."); mysql_query("INSERT INTO messages (sender, receiver, msg, added, subject) VALUES(0, {$userid}, {$msg}, " . sqlesc(time()) . ", 'You have been given a gift')") or sqlerr(__FILE__, __LINE__); stderr("Done", "Successfully gave points to this torrent.");
$request = isset($_POST['requesttitle']) ? $_POST['requesttitle'] : ''; if ($request == '') { stderr("{$lang['error_error']}", "{$lang['error_title']}"); } $cat = isset($_POST['category']) ? (int) $_POST['category'] : 0; if (!is_valid_id($cat)) { stderr("{$lang['error_error']}", "{$lang['error_cat']}"); } $descrmain = isset($_POST['body']) ? $_POST['body'] : ''; if (!$descrmain) { stderr("{$lang['error_error']}", "{$lang['error_descr']}"); } $pic = ''; if (!empty($_POST['picture'])) { if (!preg_match('/^https?:\\/\\/([a-zA-Z0-9\\-\\_]+\\.)+([a-zA-Z]{1,5}[^\\.])(\\/[^<>]+)+\\.(jpg|jpeg|gif|png|tif|tiff|bmp)$/i', $_POST['picture'])) { stderr("{$lang['error_error']}", "{$lang['error_image']}"); } $picture = $_POST['picture']; // $picture2 = trim(urldecode($_POST['picture'])); // $headers = get_headers($picture2); // if (strpos($headers[0], '200') === false) // $picture = $INSTALLER09['baseurl'].'/pic/notfound.png'; $pic = "[img]" . $picture . "[/img]\n"; } $descr = "{$pic}"; $descr .= "{$descrmain}"; $request2 = sqlesc($request); $descr = sqlesc($descr); sql_query("INSERT INTO requests (hits, userid, cat, request, descr, added) VALUES(1,{$CURUSER['id']}, {$cat}, {$request2}, {$descr}, " . TIME_NOW . ")") or sqlerr(__FILE__, __LINE__); $id = mysql_insert_id(); sql_query("INSERT INTO voted_requests VALUES(0, {$id}, {$CURUSER['id']})") or sqlerr();
if ($CURUSER["downloaded"] > 0) { $ratio = number_format($CURUSER["uploaded"] / $CURUSER["downloaded"], 3); } elseif ($CURUSER["uploaded"] > 0) { $ratio = 999; } else { $ratio = 0; } if ($INSTALLER09['ratio_free'] === false && $ratio < $required_ratio) { stderr("Sorry " . $CURUSER["username"], "Your ratio is lower than the requirement of " . $required_ratio . "%."); } $res = sql_query("SELECT status, gameover FROM blackjack WHERE userid = " . sqlesc($CURUSER['id'])); $arr = mysqli_fetch_assoc($res); if ($arr['status'] == 'waiting') { stderr("Sorry", "You'll have to wait until your last game completes before you play a new one."); } elseif ($arr['status'] == 'playing') { stderr("Sorry", "You must finish your old game first.<form method='post' action='" . $_SERVER['PHP_SELF'] . "'><input type='hidden' name='game' value='hit' readonly='readonly' /><input type='hidden' name='continue' value='yes' readonly='readonly' /><input type='submit' value='Continue old game' /></form>"); } cheater_check($arr['gameover'] == 'yes'); $cardids = array(); for ($i = 0; $i <= 1; $i++) { $cardids[] = rand(1, $cardcount); } foreach ($cardids as $cardid) { while (in_array($cardid, $cardids)) { $cardid = rand(1, $cardcount); } $cardres = sql_query("SELECT points, pic FROM cards WHERE id='{$cardid}'"); $cardarr = mysqli_fetch_assoc($cardres); if ($cardarr["points"] > 1) { $points += $cardarr["points"]; } else {
if ($expiry == $x[0]) { $flag = 1; } } if (!isset($flag)) { stderr('Error', 'Invalid expiry selection'); } $expires = TIME_NOW + 86400 * $expiry; // 86400 seconds in one day. $created = TIME_NOW; $query = sprintf('INSERT INTO announcement_main ' . '(owner_id, created, expires, sql_query, subject, body) ' . 'VALUES (%s, %s, %s, %s, %s, %s)', sqlesc($CURUSER['id']), sqlesc($created), sqlesc($expires), sqlesc($ann_query), sqlesc($subject), sqlesc($body)); sql_query($query); if (mysqli_affected_rows($GLOBALS["___mysqli_ston"])) { stderr('Success', 'Announcement was successfully created'); } stderr('Error', 'Contact an administrator'); } echo stdhead("Create Announcement", false); $HTMLOUT = ""; $HTMLOUT .= "<table class='main' width='750' border='0' cellspacing='0' cellpadding='0'>\r\n \t<tr>\r\n \t<td class='embedded'><div align='center'>\r\n \t<h1>Create Announcement for " . $n_pms . " user" . ($n_pms > 1 ? 's' : '') . " !</h1>"; $HTMLOUT .= "<form name='compose' method='post' action='{$INSTALLER09['baseurl']}/new_announcement.php'>\r\n \t<table border='1' cellspacing='0' cellpadding='5'>\r\n \t<tr>\r\n \t<td colspan='2'><b>Subject: </b>\r\n \t<input name='subject' type='text' size='76' value='" . htmlsafechars($subject) . "' /></td>\r\n \t</tr>\r\n \t<tr><td colspan='2'><div align='center'>\r\n " . textbbcode("compose", "msg", $body) . "\r\n </div></td></tr>"; $HTMLOUT .= "<tr><td colspan='2' align='center'>"; $HTMLOUT .= "<select name='expiry'>"; reset($days); foreach ($days as $x) { $HTMLOUT .= '<option value="' . $x[0] . '"' . ($expiry == $x[0] ? '' : '') . '>' . $x[1] . '</option>'; } $HTMLOUT .= "</select>\r\n\r\n \t<input type='submit' name='buttonval' value='Preview' class='btn' />\r\n \t<input type='submit' name='buttonval' value='Submit' class='btn' />\r\n \t</td></tr></table>\r\n \t<input type='hidden' name='n_pms' value='" . $n_pms . "' />\r\n \t<input type='hidden' name='ann_query' value='" . $ann_query . "' />\r\n \t<input type='hidden' name='ann_hash' value='" . $ann_hash . "' />\r\n \t</form><br /><br />\r\n \t</div></td></tr></table>"; if ($body) { $newtime = TIME_NOW + 86400 * $expiry; $HTMLOUT .= "<table width='700' class='main' border='0' cellspacing='1' cellpadding='1'>\r\n \t<tr><td bgcolor='#663366' align='center' valign='baseline'><h2><font color='white'>Announcement: \r\n \t" . htmlsafechars($subject) . "</font></h2></td></tr>\r\n \t<tr><td class='text'>\r\n \t" . format_comment($body) . "<br /><hr />Expires: " . get_date($newtime, 'DATE') . "";
function result_screen($mode = 'reg') { global $INSTALLER09, $inbound, $month_names, $lang; $page_title = $lang['stats_ex_center_result']; $page_detail = " "; if (!checkdate($inbound['to_month'], $inbound['to_day'], $inbound['to_year'])) { stderr($lang['stats_ex_ustderr'], $lang['stats_ex_ustderr1']); } if (!checkdate($inbound['from_month'], $inbound['from_day'], $inbound['from_year'])) { stderr($lang['stats_ex_ustderr'], $lang['stats_ex_dstderr']); } $to_time = mktime(0, 0, 0, $inbound['to_month'], $inbound['to_day'], $inbound['to_year']); $from_time = mktime(0, 0, 0, $inbound['from_month'], $inbound['from_day'], $inbound['from_year']); $human_to_date = getdate($to_time); $human_from_date = getdate($from_time); if ($mode == 'reg') { $table = $lang['stats_ex_registr']; $sql_table = 'users'; $sql_field = 'added'; $page_detail = $lang['stats_ex_rdetails']; } else { if ($mode == 'topic') { $table = $lang['stats_ex_newtopicst']; $sql_table = 'topics'; $sql_field = 'added'; $page_detail = $lang['stats_ex_topdetails']; } else { if ($mode == 'post') { $table = $lang['stats_ex_poststs']; $sql_table = 'posts'; $sql_field = 'added'; $page_detail = $lang['stats_ex_postdetails']; } else { if ($mode == 'msg') { $table = $lang['stats_ex_pmsts']; $sql_table = 'messages'; $sql_field = 'added'; $page_detail = $lang['stats_ex_pmdetails']; } else { if ($mode == 'comms') { $table = $lang['stats_ex_comsts']; $sql_table = 'comments'; $sql_field = 'added'; $page_detail = $lang['stats_ex_cdetails']; } else { if ($mode == 'torrents') { $table = $lang['stats_ex_torrsts']; $sql_table = 'torrents'; $sql_field = 'added'; $page_detail = $lang['stats_ex_tordetails']; } else { if ($mode == 'reps') { $table = $lang['stats_ex_repsts']; $sql_table = 'reputation'; $sql_field = 'dateadd'; $page_detail = $lang['stats_ex_repdetails']; } } } } } } } switch ($inbound['timescale']) { case 'daily': $sql_date = "%w %U %m %Y"; $php_date = "F jS - Y"; break; case 'monthly': $sql_date = "%m %Y"; $php_date = "F Y"; break; default: // weekly $sql_date = "%U %Y"; $php_date = " [F Y]"; break; } $sort_by = $inbound['sortby'] == 'DESC' ? 'DESC' : 'ASC'; $sql = array('from_time' => $from_time, 'to_time' => $to_time, 'sortby' => $sort_by, 'sql_field' => $sql_field, 'sql_table' => $sql_table, 'sql_date' => $sql_date); $q1 = sql_query("SELECT MAX({$sql['sql_field']}) as result_maxdate,\n\t\t\t\t COUNT(*) as result_count,\n\t\t\t\t DATE_FORMAT(from_unixtime({$sql['sql_field']}),'{$sql['sql_date']}') AS result_time\n\t\t\t\t FROM {$sql['sql_table']}\n\t\t\t\t WHERE {$sql['sql_field']} > '{$sql['from_time']}'\n\t\t\t\t AND {$sql['sql_field']} < '{$sql['to_time']}'\n\t\t\t\t GROUP BY result_time\n\t\t\t\t ORDER BY {$sql['sql_field']} {$sql['sortby']}"); $running_total = 0; $max_result = 0; $results = array(); $heading = ucfirst($inbound['timescale']) . " {$table} ({$human_from_date['mday']} {$month_names[$human_from_date['mon']]} {$human_from_date['year']} to {$human_to_date['mday']} {$month_names[$human_to_date['mon']]} {$human_to_date['year']})"; $menu = make_side_menu(); $htmlout = "<div>\n <div class='row'><div class='col-md-12'><h2 class='text-center'>{$lang['stats_ex_center']}</h2></div></div><br>\n <div class='row'><div class='col-md-12'>{$menu}</div></div><br>\n <div class='row'><div class='col-md-12'><table class='table table-bordered'>\n\t\t<tr>\n <td colspan='3' align='left'>{$heading}<br />{$page_detail}</td>\n </tr><tr>\n <td>{$lang['stats_ex_date']}</td>\n <td>{$lang['stats_ex_result']}</td>\n <td>{$lang['stats_ex_count']}</td>\n </tr>"; if (mysqli_num_rows($q1)) { while ($row = mysqli_fetch_assoc($q1)) { if ($row['result_count'] > $max_result) { $max_result = $row['result_count']; } $running_total += $row['result_count']; $results[] = array('result_maxdate' => $row['result_maxdate'], 'result_count' => $row['result_count'], 'result_time' => $row['result_time']); } foreach ($results as $data) { $img_width = intval($data['result_count'] / $max_result * 100 - 8); if ($img_width < 1) { $img_width = 1; } $img_width .= '%'; if ($inbound['timescale'] == 'weekly') { $date = "Week #" . strftime("%W", $data['result_maxdate']) . date($php_date, $data['result_maxdate']); } else { $date = date($php_date, $data['result_maxdate']); } $htmlout .= "<tr>\n \t\t\t<td>{$date}</td>\n \t\t\t<td><img src='{$INSTALLER09['pic_base_url']}/bar_left.gif' border='0' width='4' height='11' align='middle' alt='' /><img src='{$INSTALLER09['pic_base_url']}/bar.gif' border='0' width='{$img_width}' height='11' align='middle' alt='' /><img src='{$INSTALLER09['pic_base_url']}/bar_right.gif' border='0' width='4' height='11' align='middle' alt='' /></td>\n\t\t\t\t\t<td>{$data['result_count']}</td>\n\t\t\t\t\t</tr>"; } $htmlout .= "<tr>\n<td> </td>\n<td><div align='right'><b>{$lang['stats_ex_total']}</b></div></td>\n<td><b>{$running_total}</b></td>\n</tr>"; } else { $htmlout .= "<tr><td colspan='3' align='center'>{$lang['stats_ex_noresult']}</td></tr>"; } $htmlout .= '</table></div></div>'; echo stdhead($page_title) . $htmlout . stdfoot(); }
$passupdated = 1; } if ($disableemailchange != 'no' && $smtptype != 'none' && $email != $CURUSER["email"]) { if (EmailBanned($email)) { bark($lang_usercp['std_email_address_banned']); } if (!EmailAllowed($email)) { bark($lang_usercp['std_wrong_email_address_domains'] . allowedemails()); } if (!validemail($email)) { stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0); die; } $r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr(); if (mysql_num_rows($r) > 0) { stderr($lang_usercp['std_error'], $lang_usercp['std_email_in_use'] . goback("-2"), 0); die; } $changedemail = 1; } if ($resetpasskey == 1) { $passkey = md5($CURUSER['username'] . date("Y-m-d H:i:s") . $CURUSER['passhash']); $updateset[] = "passkey = " . sqlesc($passkey); } if ($changedemail == 1) { $sec = mksecret(); $hash = md5($sec . $email . $sec); $obemail = rawurlencode($email); $updateset[] = "editsecret = " . sqlesc($sec); $subject = "{$SITENAME}" . $lang_usercp['mail_profile_change_confirmation']; $body = <<<EOD
$sub = "Warn removed"; $body = "Hey, your warning was removed by " . $CURUSER["username"] . "\nPlease keep in your best behaviour from now on."; $mc1->delete_value('user' . $_uids); $mc1->delete_value('MyUser_' . $_uids); $pms = array(); foreach ($_uids as $id) { $pms[] = "(0," . $id . "," . sqlesc($sub) . "," . sqlesc($body) . "," . sqlesc(time()) . ")"; } if (count($pms)) { $g = sql_query("INSERT INTO messages(sender,receiver,subject,msg,added) VALUE " . join(",", $pms)) or $q_err = mysql_error(); $q1 = sql_query("UPDATE users set warned='0', modcomment=CONCAT(" . sqlesc(get_date(time(), 'DATE', 1) . " - Warning removed by " . $CURUSER['username'] . "\n") . ",modcomment) WHERE id IN (" . join(",", $_uids) . ")") or $q2_err = mysql_error(); if ($g && $q1) { header("Refresh: 2; url=" . $r); stderr("Success", count($pms) . " user" . (count($pms) > 1 ? "s" : "") . " unwarned"); } else { stderr("Err", "Something went wrong! Q1 - " . $q_err . "<br />Q2 - " . $q2_err); } } } exit; } switch ($do) { case "disabled": $query = "SELECT id,username, class, downloaded, uploaded, IF(downloaded>0, round((uploaded/downloaded),2), '---') as ratio, disable_reason, added, last_access FROM users WHERE enabled='no' ORDER BY last_access DESC "; $title = "Disabled users"; $link = "<a href=\"staffpanel.php?tool=warn&action=warn&?do=warned\">warned users</a>"; break; case "warned": $query = "SELECT id, username, class, downloaded, uploaded, IF(downloaded>0, round((uploaded/downloaded),2), '---') as ratio, warn_reason, warned, added, last_access FROM users WHERE warned>='1' ORDER BY last_access DESC, warned DESC "; $title = "Warned users"; $link = "<a href=\"staffpanel.php?tool=warn&action=warn&do=disabled\">disabled users</a>";
$HTMLOUT = ''; $HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\t\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n\t\t<html xmlns='http://www.w3.org/1999/xhtml'>\n\t\t<head>\n\t\t<title>Error!</title>\n\t\t</head>\n\t\t<body>\n\t<div style='font-size:33px;color:white;background-color:red;text-align:center;'>Incorrect access<br />You cannot access this file directly.</div>\n\t</body></html>"; echo $HTMLOUT; exit; } require_once INCL_DIR . 'user_functions.php'; require_once INCL_DIR . 'html_functions.php'; require_once INCL_DIR . 'pager_functions.php'; require_once CLASS_DIR . 'class_check.php'; $class = get_access(basename($_SERVER['REQUEST_URI'])); class_check($class); $lang = array_merge($lang, load_language('cheaters')); $HTMLOUT = ""; if (isset($_POST["nowarned"]) && $_POST["nowarned"] == "nowarned") { if (empty($_POST["desact"]) && empty($_POST["remove"])) { stderr($lang['cheaters_err'], $lang['cheaters_seluser']); } if (!empty($_POST["remove"])) { sql_query("DELETE FROM cheaters WHERE id IN (" . implode(", ", array_map("sqlesc", $_POST["remove"])) . ")") or sqlerr(__FILE__, __LINE__); } if (!empty($_POST["desact"])) { sql_query("UPDATE users SET enabled = 'no' WHERE id IN (" . implode(", ", array_map("sqlesc", $_POST["desact"])) . ")") or sqlerr(__FILE__, __LINE__); } } $HTMLOUT .= "<div class='row'><div class='col-md-12'>"; $HTMLOUT .= "<h2>{$lang['cheaters_users']}</h2>"; $res = sql_query("SELECT COUNT(*) FROM cheaters") or sqlerr(__FILE__, __LINE__); $row = mysqli_fetch_array($res); $count = $row[0]; $perpage = 15; $pager = pager($perpage, $count, "staffpanel.php?tool=cheaters&action=cheaters&");
} $id = intval($_GET['uid']); $md5 = $_GET['key']; $email = urldecode($_GET['email']); if (!validemail($email)) { stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_false_email']}"); } dbconn(); $res = sql_query("SELECT editsecret FROM users WHERE id =" . sqlesc($id)); $row = mysqli_fetch_assoc($res); if (!$row) { stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}"); } $sec = $row['editsecret']; if (preg_match('/^ *$/s', $sec)) { stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}"); } if ($md5 != md5($sec . $email . $sec)) { stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}"); } sql_query("UPDATE users SET editsecret='', email=" . sqlesc($email) . " WHERE id=" . sqlesc($id) . " AND editsecret=" . sqlesc($row["editsecret"])); $mc1->begin_transaction('MyUser_' . $id); $mc1->update_row(false, array('editsecret' => '', 'email' => $email)); $mc1->commit_transaction($INSTALLER09['expires']['curuser']); $mc1->begin_transaction('user' . $id); $mc1->update_row(false, array('editsecret' => '', 'email' => $email)); $mc1->commit_transaction($INSTALLER09['expires']['user_cache']); if (!mysqli_affected_rows($GLOBALS["___mysqli_ston"])) { stderr("{$lang['confirmmail_user_error']}", "{$lang['confirmmail_not_complete']}"); } header("Refresh: 0; url={$INSTALLER09['baseurl']}/usercp.php?action=security&emailch=1");
} else { $ratio = 0; } } if ($ratio < $required_ratio) { stderr("Sorry " . $CURUSER["username"], "Your ratio is lower than the requirement of " . $required_ratio . "%."); } $res = sql_query("select count(*) from blackjack where userid={$CURUSER['id']} and status='waiting'"); $arr = mysql_fetch_array($res); if ($arr[0] > 0) { stderr("Sorry", "You'll have to wait until your last game completes before you play a new one."); } else { $res = sql_query("select count(*) from blackjack where userid={$CURUSER['id']} and status='playing'"); $arr = mysql_fetch_array($res); if ($arr[0] > 0) { stderr("Sorry", "You must finish your old game first. <form method=post name=form action={$phpself}><input type=hidden name=game value=cont><input type=submit value=' Continue old game '></form>", false); } } $cardid = rand(1, $cardcount); $cardres = sql_query("select * from cards where id={$cardid}") or sqlerr(__FILE__, __LINE__); $cardarr = mysql_fetch_array($cardres); if ($cardarr[points] == 1) { $cardarr[points] = 11; } sql_query("insert into blackjack (userid, points, cards, date) values({$CURUSER['id']}, {$cardarr['points']}, {$cardid}, {$now})") or sqlerr(__FILE__, __LINE__); stdhead("Blackjack"); echo "<h1>Welcome, <a href=userdetails.php?id={$CURUSER['id']}>{$CURUSER['username']}</a>!</h1>\n"; echo "<table cellspacing=0 cellpadding=3 width=600>\n"; echo "<tr><td colspan=2 cellspacing=0 cellpadding=5 >"; echo "<form name=blackjack method=post action={$phpself}>"; echo "<table class=message width=100% cellspacing=0 cellpadding=5 bgcolor=black>\n";
if ($arr["owner"] == $CURUSER["id"] || $CURUSER['class'] > UC_MODERATOR) { $HTMLOUT .= "<a href='subtitles.php?mode=edit&id=" . $arr["id"] . "'><img src='pic/edit.png' alt='Edit Sub' title='Edit Sub' style='border:none;padding:2px;' /></a>\n<a href='subtitles.php?mode=delete&id=" . (int) $arr["id"] . "'><img src='pic/drop.png' alt='Delete Sub' title='Delete Sub' style='border:none;padding:2px;' /></a>"; } $HTMLOUT .= "</td></tr>\n<tr><td align='left'>Added : <b>" . get_date($arr["added"], 'LONG', 0, 1) . "</b></td></tr>\n</table>"; $HTMLOUT .= end_main_frame(); echo stdhead("Details for " . htmlsafechars($arr["name"]) . "") . $HTMLOUT . stdfoot(); } } elseif ($mode == "preview") { $id = isset($_GET["id"]) ? 0 + $_GET["id"] : 0; if ($id == 0) { stderr("Err", "Not a valid id"); } else { $res = sql_query("SELECT id, name,filename FROM subtitles WHERE id={$id} ") or sqlerr(__FILE__, __LINE__); $arr = mysqli_fetch_assoc($res); if (mysqli_num_rows($res) == 0) { stderr("Sorry", "There is no subtitle with that id"); } $file = $INSTALLER09['sub_up_dir'] . "/" . $arr["filename"]; $fileContent = file_get_contents($file); $HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n\t\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n\t\t<html xmlns='http://www.w3.org/1999/xhtml'>\n\t\t<head>\n\t\t<title>Preview for - " . htmlsafechars($arr["name"]) . "</title>\n\t\t</head>\n\t\t<body>\n\t<div style='font-size:12px;color:black;background-color:#CCCCCC;'>Subtitle preview<br />" . htmlsafechars($fileContent) . "</div>\n\t</body></html>"; echo $HTMLOUT; } } else { $HTMLOUT .= begin_frame(); $s = isset($_GET["s"]) ? htmlsafechars($_GET["s"]) : ""; $w = isset($_GET["w"]) ? htmlsafechars($_GET["w"]) : ""; if ($s && $w == "name") { $where = "WHERE s.name LIKE " . sqlesc("%" . $s . "%"); } elseif ($s && $w == "imdb") { $where = "WHERE s.imdb LIKE " . sqlesc("%" . $s . "%"); } elseif ($s && $w == "comment") {