public function updatePassword() { if (!isset($this->clean->password) || !isValid($this->clean->password, 'password')) { $this->data['message'] = reset(array_values(formatErrors(602))); } else { // Check current password $current_password = isset($this->clean->current_password) ? $this->clean->current_password : null; $res = $this->user->read($this->user_id, 1, 1, 'email,password'); if (!isset($res->password)) { $this->data['message'] = 'We could not verify your current password.'; } elseif (verifyHash($current_password, $res->password) != $res->password) { $this->data['message'] = 'Your current password does not match what we have on record.'; } else { $password = generateHash($this->clean->password); $user = $this->user->update($this->user_id, array('password' => $password)); if (isset($user->password) && $user->password == $password) { $this->data['success'] = true; // Send email $this->load->library('email'); $this->email->initialize(); $sent = $this->email->updatePassword($user->email); } else { $this->data['message'] = 'Your password could not be updated at this time. Please try again.'; } } } $this->renderJSON(); }
function doLogin() { if (!verifyHash($_POST['hash'])) { $this->error('非验证的来源!'); } if (empty($_POST['username'])) { $this->error('帐号不能为空!'); } if (empty($_POST['password'])) { $this->error('密码不能为空!'); } if (empty($_POST['verify'])) { $this->error('验证码不能为空!'); } if ($_SESSION['verify'] != strtolower($_POST['verify'])) { $this->error('验证码错误!'); } $info = m('User')->getRowByName($_POST['username']); if (empty($info)) { $this->error('账号不存在'); } if ($info['password'] != md5($_POST['password'])) { $this->error('密码错误!'); } $_SESSION['user_id'] = $info['id']; $_SESSION['user_name'] = $info['username']; $_SESSION['shop_id'] = $info['shop_id']; $_SESSION['shop_name'] = $info['shop_name']; $_SESSION['role_id'] = $info['role_id']; $data = array(); $data['login_time'] = time(); $data['ip_address'] = getIp(); m('User')->update($data, "id='{$info['id']}'"); $this->success('登录成功!', url()); }
public function index() { $this->redirectIfInvalidCSRF(); $this->data['success'] = false; // Find user $this->load->model('users_model', 'user'); $user = $this->user->read("email = '" . $this->db_clean->email . "'", 1, 1); if (!isset($user->user_id)) { $this->data['message'] = sprintf(_('The email address `%s` was not found.'), $this->clean->email); } elseif (!isset($user->active) || empty($user->active)) { $this->data['message'] = _('Your account is no longer active. Please contact support.'); } else { // Check proper password if (strlen($user->password) == 32) { $match = md5($this->clean->password) == $user->password ? true : false; // Try to update to new password security since they are on old MD5 $hash = generateHash($this->clean->password); // If hash is valid and match is valid // Upgrade users to new encryption routine if ($hash !== false && $match === true) { $res = $this->user->update("user_id = '" . $user->user_id . "'", array('password' => $hash)); } } else { $match = verifyHash($this->clean->password, $user->password) == $user->password ? true : false; } // Check if passwords match if ($match === false) { $this->data['message'] = _('Your password is incorrect. Please try again.'); } else { // At this point we are clear for takeoff // Regenerate session // Set session variables and send user on their way $add_redirect = $this->session->userdata('add_redirect'); $redirect = empty($add_redirect) ? '/marks' : $add_redirect; $this->session->unset_userdata('add_redirect'); $user->email = $this->clean->email; $this->session->sess_update(true); $this->sessionAddUser($user); $this->data['success'] = true; $this->data['redirect_url'] = $redirect; } } $this->renderJSON(); }
} // category check $rc = do_sqlquery("SELECT id FROM {$TABLE_PREFIX}categories WHERE id={$categoria}", true); if (mysql_num_rows($rc) == 0) { err_msg($language["ERROR"], $language["WRITE_CATEGORY"]); stdfoot(); exit; } @mysql_free_result($rs); $announce = trim($array["announce"]); if ($categoria == 0) { err_msg($language["ERROR"], $language["WRITE_CATEGORY"]); stdfoot(); exit; } if (strlen($hash) != 40 || !verifyHash($hash)) { err_msg($language["ERROR"], $language["ERR_HASH"]); stdfoot(); exit; } // if ($announce!=$BASEURL."/announce.php" && $EXTERNAL_TORRENTS==false) if (!in_array($announce, $TRACKER_ANNOUNCEURLS) && $EXTERNAL_TORRENTS == false) { err_msg($language["ERROR"], $language["ERR_EXTERNAL_NOT_ALLOWED"]); unlink($_FILES["torrent"]["tmp_name"]); stdfoot(); exit; } $userfile = $_FILES["userfile"]; $screen1 = $_FILES["screen1"]; $screen2 = $_FILES["screen2"]; $screen3 = $_FILES["screen3"];
if ($GLOBALS["allow_scrape"]) { $usehash = false; /* * Was an individual hash requested? */ if (isset($_GET["info_hash"])) { if (get_magic_quotes_gpc()) { $info_hash = stripslashes($_GET["info_hash"]); } else { $info_hash = $_GET["info_hash"]; } if (strlen($info_hash) == 20) { $info_hash = bin2hex($info_hash); } else { if (strlen($info_hash) == 40) { verifyHash($info_hash) or showError("Invalid info hash value."); } else { showError("Invalid info hash value."); } } //make sure torrent isn't hidden scrapeVerifyHash($info_hash) or showError("Invalid info hash value."); $usehash = true; } /* * Get requested info */ if ($usehash) { $query = mysql_query("SELECT summary.info_hash, summary.seeds, summary.finished, summary.leechers, namemap.filename, summary.dlbytes, summary.avgdone, summary.speed FROM summary LEFT JOIN namemap ON summary.info_hash = namemap.info_hash WHERE summary.info_hash=\"{$info_hash}\" AND summary.hide_torrent=\"N\" AND summary.external_torrent=\"N\"") or showError("Database error. Cannot complete request."); } else { $query = mysql_query("SELECT summary.info_hash, summary.seeds, summary.finished, summary.leechers, namemap.filename, summary.dlbytes, summary.avgdone, summary.speed FROM summary LEFT JOIN namemap ON summary.info_hash = namemap.info_hash WHERE summary.hide_torrent=\"N\" AND summary.external_torrent=\"N\" ORDER BY summary.info_hash") or showError("Database error. Cannot complete request.");
function addTorrent() { global $dbhost, $dbuser, $dbpass, $database; global $_POST, $_FILES; require_once "funcsv2.php"; require_once "BDecode.php"; require_once "BEncode.php"; $hash = strtolower($_POST["hash"]); $db = mysql_connect($dbhost, $dbuser, $dbpass) or die("<p class=\"error\">Couldn't connect to database. contact the administrator</p>"); mysql_select_db($database) or die("<p class=\"error\">Can't open the database.</p>"); if (isset($_FILES["torrent"])) { if ($_FILES["torrent"]["error"] != 4) { $fd = fopen($_FILES["torrent"]["tmp_name"], "rb") or die("<p class=\"error\">File upload error 1</p>\n"); is_uploaded_file($_FILES["torrent"]["tmp_name"]) or die("<p class=\"error\">File upload error 2</p>\n"); $alltorrent = fread($fd, filesize($_FILES["torrent"]["tmp_name"])); $array = BDecode($alltorrent); if (!$array) { echo "<p class=\"error\">There was an error handling your uploaded torrent. The parser didn't like it.</p>"; endOutput(); exit; } $hash = @sha1(BEncode($array["info"])); fclose($fd); unlink($_FILES["torrent"]["tmp_name"]); } } if (isset($_POST["filename"])) { $filename = clean($_POST["filename"]); } else { $filename = ""; } if (isset($_POST["url"])) { $url = clean($_POST["url"]); } else { $url = ""; } if (isset($_POST["info"])) { $info = clean($_POST["info"]); } else { $info = ""; } if (isset($_POST["autoset"])) { if (strcmp($_POST["autoset"], "enabled") == 0) { if (strlen($filename) == 0 && isset($array["info"]["name"])) { $filename = $array["info"]["name"]; } if (strlen($info) == 0 && isset($array["info"]["piece length"])) { $info = $array["info"]["piece length"] / 1024 * (strlen($array["info"]["pieces"]) / 20) / 1024; $info = round($info, 2) . " MB"; if (isset($array["comment"])) { $info .= " - " . $array["comment"]; } } } $filename = mysql_escape_string($filename); $url = mysql_escape_string($url); $info = mysql_escape_string($info); if (strlen($hash) != 40 || !verifyHash($hash)) { echo "<p class=\"error\">Error: Info hash must be exactly 40 hex bytes.</p>"; endOutput(); } $query = "INSERT INTO BTPHP_namemap (info_hash, filename, url, info) VALUES (\"{$hash}\", \"{$filename}\", \"{$url}\", \"{$info}\")"; $status = makeTorrent($hash, true); quickQuery($query); if ($status) { echo "<p class=\"error\">Torrent was added successfully.</p>"; } else { echo "<p class=\"error\">There were some errors. Check if this torrent had been added previously.</p>"; } } endOutput(); }
<?php // COMPOSER AUTOLOAD require_once $_SERVER['DOCUMENT_ROOT'] . "/includes.php"; require_once "commons.php"; header('Content-Type: application/json'); $base = dirname($_SERVER['PHP_SELF']); if (ltrim($base, '/')) { $_SERVER['REQUEST_URI'] = substr($_SERVER['REQUEST_URI'], strlen($base)); } if (empty($_GET['hash'])) { //throwUnauth()); } else { if (!verifyHash($_GET['hash'])) { //throwUnauth()); } } function respond($result) { return json_encode($result); } function verifyAuth($response) { if (!Session::isValid($response)) { throwUnauth(); } } $klein = new \Klein\Klein(); $requestType = array("POST", "GET"); $klein->respond($requestType, '/', function () { sleep(1);
/** * main payment action */ public function mainPaymentAction() { setlocale(LC_MONETARY, $GLOBALS['onxshop_conf']['global']['locale']); /** * check input values */ if (is_numeric($this->GET['order_id'])) { $order_id = $this->GET['order_id']; } else { msg('Payment: Missing order_id', 'error', 1); onxshopGoTo("/page/" . $node_conf['id_map-404']); return false; } /** * include node configuration */ require_once 'models/common/common_node.php'; $node_conf = common_node::initConfiguration(); $this->tpl->assign('NODE_CONF', $node_conf); /** * get order detail */ $order_data = $this->Transaction->getOrderDetail($order_id); // need to assign ORDER detail into template before processing Google Analytics $this->tpl->assign("ORDER", $order_data); /** * google analytics */ //TODO: NOTE: Do not include the square brackets when setting the values for the form. In addition, do not use commas to separate the thousands place in your total, tax, and shipping fields - any digits after the comma will be dropped. if ($GLOBALS['onxshop_conf']['global']['google_analytics'] != '') { foreach ($order_data['basket']['items'] as $item) { $this->tpl->assign("ITEM", $item); $this->tpl->parse('content.google_analytics.item'); } $this->tpl->parse('content.google_analytics'); } /** * Google Adwords, must be numeric */ if (is_numeric($GLOBALS['onxshop_conf']['global']['google_adwords'])) { $this->tpl->parse('content.google_adwords'); } /** * find what payment method we use */ $payment_type = $this->Transaction->getPaymentTypeForOrder($order_id); /** * check whether payment is supported */ $controller = "component/ecommerce/payment/{$payment_type}"; if (getTemplateDir($controller . ".html") == '') { msg("Unsupported payment type {$payment_type}", 'error'); return false; } /** * Check order permission */ $is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id']; $is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated(); $is_guest_user = $order_data['client']['customer']['status'] == 5; $is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id']; $has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']); if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) { /** * process payment method only if status = 0 unpaid or 5 failed payment */ if ($this->checkOrderStatusValidForPayment($order_data['status'])) { $total_payment_amount = $order_data['basket']['total']; if (round($total_payment_amount, 2) == 0) { //nil payment - payment is not needed if ($this->processNilPayment($order_data)) { $this->tpl->parse('content.nil_payment'); } else { msg("Cannot process nil payment for order ID {$order_id}", 'error'); } } else { //process payment method as subcontent $_Onxshop_Request = new Onxshop_Request("component/ecommerce/payment/{$payment_type}~order_id={$order_id}~"); $this->tpl->assign("RESULT", $_Onxshop_Request->getContent()); } } else { msg("Order ID {$order_data['id']} cannot be paid, because order status is: {$order_data['status_title']}", 'error'); return false; } } else { /** * forward to login */ if ($_SESSION['client']['customer']['id'] == 0) { msg('You must login first.'); onxshopGoTo("/page/" . $node_conf['id_map-login']); } msg('Unauthorised access to order detail'); onxshopGoTo("/page/" . $node_conf['id_map-404']); return false; } setlocale(LC_MONETARY, LOCALE); return true; }
/** * main action */ public function mainAction() { /** * check GET.id */ if (is_numeric($this->GET['id'])) { $order_id = $this->GET['id']; } else { msg("component/ecommerce/invoice: GET.id is not numeric", 'error'); return false; } /** * initialize */ require_once 'models/ecommerce/ecommerce_invoice.php'; require_once 'models/ecommerce/ecommerce_order.php'; $Invoice = new ecommerce_invoice(); $Order = new ecommerce_order(); $Invoice->setCacheable(false); $Order->setCacheable(false); $this->tpl->assign('CONF', $Invoice->conf); /** * get order data */ $order_data = $Order->getOrder($order_id); /** * check owner */ //security check of the owner $is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id']; $is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated(); $is_guest_user = $order_data['client']['customer']['status'] == 5; $is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id']; $has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']); if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) { /** * check dift option */ if ($order_data['other_data']['delivery_options']['other_data']['gift'] == 1 || $order_data['other_data']['gift'] == 1) { $this->tpl->parse('content.gift'); } /** * display appropriate carrier logo */ $carrier_id = $order_data['other_data']['delivery_options']['carrier_id']; $this->tpl->parse("content.type.carrier_id_{$carrier_id}"); $this->tpl->parse('content.type'); /** * get invoice details */ $invoice_data = $Invoice->getInvoiceForOrder($this->GET['id']); /** * other data */ /* $order_data['other_data'] = unserialize($order_data['other_data']); if (is_array($order_data['other_data'])) { foreach ($order_data['other_data'] as $key=>$value) { //format $key = preg_replace("/required_/","",$key); $key = preg_replace("/_/"," ",$key); $key = ucfirst($key); $note['key'] = $key; $note['value'] = nl2br($value); if ($note['value'] != '') { $this->tpl->assign('OTHER_DATA', $note); $this->tpl->parse('content.other_data.item'); $show_other_data = 1; } } if ($show_other_data == 1) $this->tpl->parse('content.other_data'); } */ //$invoice_data['created'] = strftime('%d/%m/%Y', strtotime($invoice_data['created'])); if (empty($invoice_data['basket_detail_enhanced'])) { $invoice_data['basket_detail_enhanced'] = $invoice_data['basket_detail']; } $this->tpl->assign('INVOICE', $invoice_data); $this->tpl->assign('ORDER', $order_data); if ($Invoice->conf['company_logo'] != '') { $this->tpl->parse('content.logoimage'); } else { $this->tpl->parse('content.logotypo'); } } else { msg('unauthorized access to view order detail'); } return true; }
function verifyForm() { if (!verifyHash($_POST['hash'])) { $this->error('非验证的来源!'); } }
if (isset($_GET["info_hash"])) { if ($pid != "") { $qryStr = substr($_SERVER["QUERY_STRING"], strlen("?pid={$pid}")); } else { $qryStr = $_SERVER["QUERY_STRING"]; } // support for multi-scrape // more info @ http://wiki.depthstrike.com/index.php/P2P:Programming:Trackers:PHP:Multiscrape foreach (explode("&", $qryStr) as $item) { if (substr($item, 0, 10) == "info_hash=") { $ihash = urldecode(substr($item, 10)); if (strlen($ihash) == 20) { $ihash = bin2hex($ihash); } else { if (strlen($ihash) == 40) { if (!verifyHash($ihash)) { continue; } else { continue; } } } // showError(INVALID_INFO_HASH); $newmatches[] = $ihash; } } if (get_magic_quotes_gpc()) { //$info_hash = stripslashes($_GET["info_hash"]); $info_hash = stripslashes(join($newmatches, "','")); } else { // $info_hash = $_GET["info_hash"];
function _wobi_addTorrent($torrent_file_path, $torrent_file_url, $file_path, $file_url) { require "config.php"; $tracker_url = WOBI_TRACKER_URL; $httpseed = true; $tmp1 = explode("/wp-content/", $file_path); $relative_path = "../../" . $tmp1[1]; $getrightseed = false; $httpftplocation = $file_url; $target_path = "torrents/"; $autoset = true; $filename = ""; // $file_path; // Extracted from torrent (if $autoset) $url = "{$file_url}"; // Extracted from torrent (if $autoset) $hash = ""; // Extracted from torrent (if $autoset) // TODO: Only if not already connected. // $db = mysql_connect($dbhost, $dbuser, $dbpass) or die(errorMessage() . "Couldn't connect to the database, contact the administrator.</p>"); // mysql_select_db($database) or die(errorMessage() . "Can't open the database.</p>"); require_once "funcsv2.php"; require_once "BDecode.php"; require_once "BEncode.php"; // Check for errors, we don't care right? $fd = fopen($torrent_file_path, "rb") or die(_wobi_errorMessage() . "File upload error 1</p>\n"); // is_uploaded_file($torrent_file_path) or die(_wobi_errorMessage() . "File upload error 2</p>\n"); $alltorrent = fread($fd, filesize($torrent_file_path)); $array = BDecode($alltorrent); if (!$array) { $wobi_error = _wobi_errorMessage() . "Error: The parser was unable to load your torrent. Please re-create and re-upload the torrent.</p>\n"; return false; } if (strtolower($array["announce"]) != $tracker_url) { $wobi_error = _wobi_errorMessage() . "Error: The tracker announce URL does not match this:<br>{$tracker_url}<br>Please re-create and re-upload the torrent.</p>\n"; return false; } if ($httpseed && $relative_path == "") { $wobi_error = _wobi_errorMessage() . "Error: HTTP seeding was checked however no relative path was given.</p>\n"; return false; } if ($httpseed && $relative_path != "") { if (Substr($relative_path, -1) == "/") { if (!is_dir($relative_path)) { $wobi_error = _wobi_errorMessage() . "Error: HTTP seeding relative path ends in / but is not a valid directory.</p>\n"; return false; } } else { if (!is_file($relative_path)) { $wobi_error = _wobi_errorMessage() . "Error: HTTP seeding relative path is not a valid file.</p>\n"; return false; } } } if ($getrightseed && $httpftplocation == "") { $wobi_error = _wobi_errorMessage() . "Error: GetRight HTTP seeding was checked however no URL was given.</p>\n"; return false; } if ($getrightseed && (Substr($httpftplocation, 0, 7) != "http://" && Substr($httpftplocation, 0, 6) != "ftp://")) { $wobi_error = _wobi_errorMessage() . "Error: GetRight HTTP seeding URL must start with http:// or ftp://</p>\n"; return false; } $hash = @sha1(BEncode($array["info"])); fclose($fd); $target_path = $target_path . basename($torrent_file_path); $move_torrent = rename($torrent_file_path, $target_path); if ($move_torrent == false) { $wobi_error = errorMessage() . "Unable to move {$torrent_file_path} to torrents/</p>\n"; } if (!empty($filename)) { // XXX can probably remove this... $filename = clean($filename); } if (!empty($url)) { // XXX and this $url = clean($url); } if ($autoset) { if (strlen($filename) == 0 && isset($array["info"]["name"])) { $filename = $array["info"]["name"]; } } //figure out total size of all files in torrent $info = $array["info"]; $total_size = 0; if (isset($info["files"])) { foreach ($info["files"] as $file) { $total_size = $total_size + $file["length"]; } } else { $total_size = $info["length"]; } //Validate torrent file, make sure everything is correct $filename = mysql_escape_string($filename); $filename = htmlspecialchars(clean($filename)); $url = htmlspecialchars(mysql_escape_string($url)); if (strlen($hash) != 40 || !verifyHash($hash)) { $wobi_error = _wobi_errorMessage() . "Error: Info hash must be exactly 40 hex bytes.</p>\n"; return false; } if (Substr($url, 0, 7) != "http://" && $url != "") { $wobi_error = _wobi_errorMessage() . "Error: The Torrent URL does not start with http:// Make sure you entered a correct URL.</p>\n"; return false; } $query = "INSERT INTO " . $prefix . "namemap (info_hash, filename, url, size, pubDate) VALUES (\"{$hash}\", \"{$filename}\", \"{$url}\", \"{$total_size}\", \"" . date('D, j M Y h:i:s') . "\")"; $status = makeTorrent($hash, true); quickQuery($query); chmod($target_path, 0644); if ($status) { $wobi_error = "<p class=\"success\">Torrent was added successfully.</p>\n"; require_once "wobi_functions.php"; _wobi_addWebseedfiles($target_path, $relative_path, $httpftplocation, $hash); return true; } else { $wobi_error = _wobi_errorMessage() . "There were some errors. Check if this torrent has been added previously.</p>\n"; return false; } }
function addTorrent() { require "config.php"; $tracker_url = $website_url . substr($_SERVER['REQUEST_URI'], 0, -15) . "announce.php"; $hash = strtolower($_POST["hash"]); $db = mysql_connect($dbhost, $dbuser, $dbpass) or die(errorMessage() . "Couldn't connect to the database, contact the administrator</p>"); mysql_select_db($database) or die(errorMessage() . "Can't open the database.</p>"); require_once "funcsv2.php"; require_once "BDecode.php"; require_once "BEncode.php"; if ($_FILES["torrent"]["error"] != 4) { $fd = fopen($_FILES["torrent"]["tmp_name"], "rb") or die(errorMessage() . "File upload error 1</p>\n"); is_uploaded_file($_FILES["torrent"]["tmp_name"]) or die(errorMessage() . "File upload error 2</p>\n"); $alltorrent = fread($fd, filesize($_FILES["torrent"]["tmp_name"])); $array = BDecode($alltorrent); if (!$array) { echo errorMessage() . "Error: The parser was unable to load your torrent. Please re-create and re-upload the torrent.</p>\n"; endOutput(); exit; } if (strtolower($array["announce"]) != $tracker_url) { echo errorMessage() . "Error: The tracker announce URL does not match this:<br>{$tracker_url}<br>Please re-create and re-upload the torrent.</p>\n"; endOutput(); exit; } if ($_POST["httpseed"] == "enabled" && $_POST["relative_path"] == "") { echo errorMessage() . "Error: HTTP seeding was checked however no relative path was given.</p>\n"; endOutput(); exit; } if ($_POST["httpseed"] == "enabled" && $_POST["relative_path"] != "") { if (Substr($_POST["relative_path"], -1) == "/") { if (!is_dir($_POST["relative_path"])) { echo errorMessage() . "Error: HTTP seeding relative path ends in / but is not a valid directory.</p>\n"; endOutput(); exit; } } else { if (!is_file($_POST["relative_path"])) { echo errorMessage() . "Error: HTTP seeding relative path is not a valid file.</p>\n"; endOutput(); exit; } } } if ($_POST["getrightseed"] == "enabled" && $_POST["httpftplocation"] == "") { echo errorMessage() . "Error: GetRight HTTP seeding was checked however no URL was given.</p>\n"; endOutput(); exit; } if ($_POST["getrightseed"] == "enabled" && (Substr($_POST["httpftplocation"], 0, 7) != "http://" && Substr($_POST["httpftplocation"], 0, 6) != "ftp://")) { echo errorMessage() . "Error: GetRight HTTP seeding URL must start with http:// or ftp://</p>\n"; endOutput(); exit; } $hash = @sha1(BEncode($array["info"])); fclose($fd); $target_path = "torrents/"; $target_path = $target_path . basename(clean($_FILES['torrent']['name'])); $move_torrent = move_uploaded_file($_FILES["torrent"]["tmp_name"], $target_path); if ($move_torrent == false) { echo errorMessage() . "Unable to move " . $_FILES["torrent"]["tmp_name"] . " to torrents/</p>\n"; } } if (isset($_POST["filename"])) { $filename = clean($_POST["filename"]); } else { $filename = ""; } if (isset($_POST["url"])) { $url = clean($_POST["url"]); } else { $url = ""; } if (isset($_POST["autoset"])) { if (strcmp($_POST["autoset"], "enabled") == 0) { if (strlen($filename) == 0 && isset($array["info"]["name"])) { $filename = $array["info"]["name"]; } } } //figure out total size of all files in torrent $info = $array["info"]; $total_size = 0; if (isset($info["files"])) { foreach ($info["files"] as $file) { $total_size = $total_size + $file["length"]; } } else { $total_size = $info["length"]; } //Validate torrent file, make sure everything is correct $filename = mysql_escape_string($filename); $filename = htmlspecialchars(clean($filename)); $url = htmlspecialchars(mysql_escape_string($url)); if (strlen($hash) != 40 || !verifyHash($hash)) { echo errorMessage() . "Error: Info hash must be exactly 40 hex bytes.</p>\n"; endOutput(); } if (Substr($url, 0, 7) != "http://" && $url != "") { echo errorMessage() . "Error: The Torrent URL does not start with http:// Make sure you entered a correct URL.</p>\n"; endOutput(); } $query = "INSERT INTO " . $prefix . "namemap (info_hash, filename, url, size, pubDate) VALUES (\"{$hash}\", \"{$filename}\", \"{$url}\", \"{$total_size}\", \"" . date('D, j M Y h:i:s') . "\")"; $status = makeTorrent($hash, true); quickQuery($query); if ($status) { echo "<p class=\"success\">Torrent was added successfully.</p>\n"; echo "<a href=\"newtorrents.php\"><img src=\"images/add.png\" border=\"0\" class=\"icon\" alt=\"Add Torrent\" title=\"Add Torrent\" /></a><a href=\"newtorrents.php\">Add Another Torrent</a><br>\n"; //rename torrent file to match filename rename("torrents/" . clean($_FILES['torrent']['name']), "torrents/" . $filename . ".torrent"); //make torrent file readable by all chmod("torrents/" . $filename . ".torrent", 0644); //run RSS generator require_once "rss_generator.php"; //Display information from DumpTorrentCGI.php require_once "torrent_functions.php"; } else { echo errorMessage() . "There were some errors. Check if this torrent has been added previously.</p>\n"; //delete torrent file if it doesn't exist in database $query = "SELECT COUNT(*) FROM " . $prefix . "summary WHERE info_hash = '{$hash}'"; $results = mysql_query($query) or die(errorMessage() . "Can't do SQL query - " . mysql_error() . "</p>"); $data = mysql_fetch_row($results); if ($data[0] == 0) { if (file_exists("torrents/" . $_FILES['torrent']['name'])) { unlink("torrents/" . $_FILES['torrent']['name']); } } //make torrent file readable by all chmod("torrents/" . $filename . ".torrent", 0644); endOutput(); } }
</script> </head> <body> <form action="<?php echo $_SERVER["PHP_SELF"]; ?> " method="POST"> <?php require_once "funcsv2.php"; // check database user if (isset($dbuser) && isset($dbpass)) { $db = mysql_connect($dbhost, $dbuser, $dbpass) or die(errorMessage() . "Cannot connect to database. Check your username and password in the config file.</p>"); mysql_select_db($database) or die(errorMessage() . "Error selecting database.</p>"); foreach ($_POST as $left => $right) { if (strlen($left) == 41) { if (!is_numeric($right) || !verifyHash(substr($left, 1))) { continue; } $hash = substr($left, 1); //delete torrent file $query = "SELECT filename FROM " . $prefix . "namemap WHERE info_hash =\"{$hash}\""; $delete_file = mysql_query($query) or die(errorMessage() . "Can't do SQL query - " . mysql_error() . "</p>"); $delete = mysql_fetch_row($delete_file); unlink("torrents/" . $delete[0] . ".torrent"); //continue deleting information in database @mysql_query("DELETE FROM " . $prefix . "summary WHERE info_hash=\"{$hash}\""); @mysql_query("DELETE FROM " . $prefix . "namemap WHERE info_hash=\"{$hash}\""); @mysql_query("DELETE FROM " . $prefix . "timestamps WHERE info_hash=\"{$hash}\""); @mysql_query("DELETE FROM " . $prefix . "webseedfiles WHERE info_hash=\"{$hash}\""); @mysql_query("DROP TABLE " . $prefix . "y{$hash}"); @mysql_query("DROP TABLE " . $prefix . "x{$hash}");
/** * main action */ public function mainAction() { require_once 'models/ecommerce/ecommerce_order.php'; $Order = new ecommerce_order(); $Order->setCacheable(false); if (is_numeric($this->GET['order_id'])) { $order_id = $this->GET['order_id']; } else { msg('Order Detail: Missing order_id', 'error'); return false; } /** * security code to allow unlogged users to pay for the order and view their invoice */ $this->tpl->assign('ORDER_CODE', makeHash($this->GET['order_id'])); /** * include node configuration */ require_once 'models/common/common_node.php'; $node_conf = common_node::initConfiguration(); $this->tpl->assign('NODE_CONF', $node_conf); /** * get detail */ $order_data = $Order->getOrder($order_id); //security check of the owner $is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id']; $is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated(); $is_guest_user = $order_data['client']['customer']['status'] == 5; $is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id']; $has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']); if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) { /** * display Make Payment if appropriate */ if ($Order->checkOrderStatusValidForPayment($order_data['status'])) { $this->tpl->parse('content.make_payment'); } /** * get address detail */ $_Onxshop_Request = new Onxshop_Request("component/client/address~invoices_address_id={$order_data['invoices_address_id']}:hide_button=1~"); $this->tpl->assign("ADDRESS_INVOICES", $_Onxshop_Request->getContent()); $_Onxshop_Request = new Onxshop_Request("component/client/address~delivery_address_id={$order_data['delivery_address_id']}:hide_button=1~"); $this->tpl->assign("ADDRESS_DELIVERY", $_Onxshop_Request->getContent()); /** * basket detail * if the order is payed, display HTML basket from the invoice, otherwise generate on the fly */ require_once 'models/ecommerce/ecommerce_invoice.php'; $Invoice = new ecommerce_invoice(); $Invoice->setCacheable(false); $invoice_data = $Invoice->getInvoiceForOrder($order_data['id']); if ($invoice_data) { $this->tpl->assign("BASKET_DETAIL", $invoice_data['basket_detail']); $this->tpl->parse("content.print_invoice"); } else { $_Onxshop_Request = new Onxshop_Request("component/ecommerce/basket_detail~id={$order_data['basket_id']}:order_id={$order_id}:delivery_address_id={$order_data['delivery_address_id']}:delivery_options[carrier_id]={$order_data['other_data']['delivery_options']['carrier_id']}~"); $this->tpl->assign("BASKET_DETAIL", $_Onxshop_Request->getContent()); } //other data /* don't show $order_data['other_data'] = unserialize($order_data['other_data']); if (is_array($order_data['other_data'])) { foreach ($order_data['other_data'] as $key=>$value) { //format $key = preg_replace("/required_/","",$key); $key = preg_replace("/_/"," ",$key); $key = ucfirst($key); $note['key'] = $key; $note['value'] = nl2br($value); if ($note['value'] != '') { $this->tpl->assign('OTHER_DATA', $note); $this->tpl->parse('content.other_data.item'); $show_other_data = 1; } } if ($show_other_data == 1) $this->tpl->parse('content.other_data'); } */ $order_data['created'] = strftime('%d/%m/%Y', strtotime($order_data['basket']['created'])); $this->tpl->assign('ORDER', $order_data); } else { msg('unauthorised access to view order detail', 'error'); } return true; }