function dict_check($d, $s)
{
global $lang_takeupload;
if ($d["type"] != "dictionary") {
bark($lang_takeupload['std_not_a_dictionary']);
}
$a = explode(":", $s);
$dd = $d["value"];
$ret = array();
foreach ($a as $k) {
unset($t);
if (preg_match('/^(.*)\\((.*)\\)$/', $k, $m)) {
$k = $m[1];
$t = $m[2];
}
if (!isset($dd[$k])) {
bark($lang_takeupload['std_dictionary_is_missing_key']);
}
if (isset($t)) {
if ($dd[$k]["type"] != $t) {
bark($lang_takeupload['std_invalid_entry_in_dictionary']);
}
$ret[] = $dd[$k]["value"];
} else {
$ret[] = $dd[$k];
}
}
return $ret;
}
function addbookmark($torrentid)
{
global $CURUSER;
if (get_row_count("bookmarks", "WHERE userid={$CURUSER['id']} AND torrentid = {$torrentid}") > 0) {
bark("Torrent already bookmarked");
}
mysql_query("INSERT INTO bookmarks (userid, torrentid) VALUES ({$CURUSER['id']}, {$torrentid})") or sqlerr(__FILE__, __LINE__);
}
function invite($email)
{
global $CURUSER;
global $SITENAME;
global $BASEURL;
global $SITEEMAIL;
global $lang_takeinvite;
$id = $CURUSER[id];
$email = unesc(htmlspecialchars(trim($email)));
$email = safe_email($email);
if (!$email) {
bark($lang_takeinvite['std_must_enter_email']);
}
if (!check_email($email)) {
bark($lang_takeinvite['std_invalid_email_address']);
}
if (EmailBanned($email)) {
bark($lang_takeinvite['std_email_address_banned']);
}
if (!EmailAllowed($email)) {
bark($lang_takeinvite['std_wrong_email_address_domains'] . allowedemails());
}
$body = "\n你好,\n\n我邀请你加入 {$SITENAME}, 这是一个拥有丰富资源的非开放社区. \n如果你有兴趣加入我们请阅读规则并确认邀请.最后,确保维持一个良好的分享率 \n分享允许的资源.\n\n欢迎到来! :)\n";
$body = str_replace("<br />", "<br />", nl2br(trim(strip_tags($body))));
if (!$body) {
bark($lang_takeinvite['std_must_enter_personal_message']);
}
// check if email addy is already in use
$a = @mysql_fetch_row(@sql_query("select count(*) from users where email=" . sqlesc($email))) or die(mysql_error());
if ($a[0] != 0) {
bark($lang_takeinvite['std_email_address'] . htmlspecialchars($email) . $lang_takeinvite['std_is_in_use']);
}
$b = @mysql_fetch_row(@sql_query("select count(*) from invites where invitee=" . sqlesc($email))) or die(mysql_error());
if ($b[0] != 0) {
bark($lang_takeinvite['std_invitation_already_sent_to'] . htmlspecialchars($email) . $lang_takeinvite['std_await_user_registeration']);
}
$ret = sql_query("SELECT username FROM users WHERE id = " . sqlesc($id)) or sqlerr();
$arr = mysql_fetch_assoc($ret);
$hash = md5(mt_rand(1, 10000) . $CURUSER['username'] . TIMENOW . $CURUSER['passhash']);
$title = $SITENAME . $lang_takeinvite['mail_tilte'];
$message = <<<EOD
{$lang_takeinvite['mail_one']}{$arr[username]}{$lang_takeinvite['mail_two']}
<b><a href="http://{$BASEURL}/signup.php?type=invite&invitenumber={$hash}" target="_blank">{$lang_takeinvite['mail_here']}</a></b><br />
http://{$BASEURL}/signup.php?type=invite&invitenumber={$hash}
<br />{$lang_takeinvite['mail_three']}{$invite_timeout}{$lang_takeinvite['mail_four']}{$arr[username]}{$lang_takeinvite['mail_five']}<br />
{$body}
<br /><br />{$lang_takeinvite['mail_six']}
EOD;
sent_mail($email, $SITENAME, $SITEEMAIL, change_email_encode(get_langfolder_cookie(), $title), change_email_encode(get_langfolder_cookie(), $message), "invitesignup", false, false, '', get_email_encode(get_langfolder_cookie()));
//this email is sent only when someone give out an invitation
sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('" . mysql_real_escape_string($id) . "', '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($hash) . "', " . sqlesc(date("Y-m-d H:i:s")) . ")");
}
function TTorrentFile($fname, $size)
{
$this->dict = new TDict($fname, $size);
if ($this->dict->ErrorMsg != '') {
bark($dict->ErrorMsg);
}
$this->_tmpname = $fname;
$info = new TDict('', $this->dict->check("info"));
list($dname, $plen, $pieces) = $info->check("name(string):piece length(integer):pieces(string)");
$this->downloadName = $dname;
if (strlen($pieces) % 20 != 0) {
die("invalid pieces");
}
$this->filelist = array();
$totallen = $info->get("length", "integer");
if (isset($totallen)) {
$this->filelist[] = array('filename' => $dname, 'size' => $totallen);
$this->type = "single";
$this->totalSize = $totallen;
$this->numFiles = 1;
} else {
$this->multiList = new TFileList($info->get("files", "list"));
$this->type = "multi";
$this->filelist = $this->multiList->filelist;
$this->totalSize = $this->multiList->totalSize;
$this->numFiles = $this->multiList->count;
}
// change announce url to local
$this->dict->hashSetter("['value']['announce']", bdec(benc_str(DEFAULTBASEURL . "/announce.php")));
// add private tracker flag
$this->dict->hashSetter('[\'value\'][\'info\'][\'value\'][\'private\']', bdec('i1e'));
// add link for bitcomet users
$this->dict->hashSetter('[\'value\'][\'info\'][\'value\'][\'source\']', bdec(benc_str("[" . DEFAULTBASEURL . "] " . SITENAME)));
$this->dict->unsetHash('[\'value\'][\'announce-list\']');
// remove multi-tracker capability
$this->dict->unsetHash('[\'value\'][\'nodes\']');
// remove cached peers (Bitcomet & Azareus)
$this->dict->unsetHash('[\'value\'][\'info\'][\'value\'][\'crc32\']');
// remove crc32
$this->dict->unsetHash('[\'value\'][\'info\'][\'value\'][\'ed2k\']');
// remove ed2k
$this->dict->unsetHash('[\'value\'][\'info\'][\'value\'][\'md5sum\']');
// remove md5sum
$this->dict->unsetHash('[\'value\'][\'info\'][\'value\'][\'sha1\']');
// remove sha1
$this->dict->unsetHash('[\'value\'][\'info\'][\'value\'][\'tiger\']');
// remove tiger
$this->dict->unsetHash('[\'value\'][\'azureus_properties\']');
// remove azureus properties
// double up on the becoding solves the occassional misgenerated infohash
$this->dict->doubleUp();
}
public static function dict_check($d, $s)
{
if ($d["type"] != "dictionary") {
bark("not a dictionary");
}
$a = explode(":", $s);
$dd = $d["value"];
$ret = array();
foreach ($a as $k) {
unset($t);
if (preg_match('/^(.*)\\((.*)\\)$/', $k, $m)) {
$k = $m[1];
$t = $m[2];
}
if (!isset($dd[$k])) {
bark("dictionary is missing key(s)");
}
if (isset($t)) {
if ($dd[$k]["type"] != $t) {
bark("invalid entry in dictionary");
}
$ret[] = $dd[$k]["value"];
} else {
$ret[] = $dd[$k];
}
}
return $ret;
}
$r = $_POST["r"];
$reason = $_POST["reason"];
if ($rt == 1) {
$reasonstr = "Мертвый: 0 раздающих, 0 качающих = 0 пиров";
} elseif ($rt == 2) {
$reasonstr = "Двойник" . ($reason[0] ? ": " . trim($reason[0]) : "!");
} elseif ($rt == 3) {
$reasonstr = "Nuked" . ($reason[1] ? ": " . trim($reason[1]) : "!");
} elseif ($rt == 4) {
if (!$reason[2]) {
bark("Вы не написали пукт правил, которые этот торрент нарушил.");
}
$reasonstr = "Нарушение правил: " . trim($reason[2]);
} else {
if (!$reason[3]) {
bark("Вы не написали причину, почему удаляете торрент.");
}
$reasonstr = trim($reason[3]);
}
deletetorrent($id);
write_log("Торрент {$id} ({$row['name']}) был удален пользователем {$CURUSER['username']} (" . htmlspecialchars_uni($reasonstr) . ")\n", "F25B61", "torrent");
stdhead("Торрент удален!");
if (isset($_POST["returnto"])) {
$ret = "<a href=\"" . htmlspecialchars_uni($_POST["returnto"]) . "\">Назад</a>";
} else {
$ret = "<a href=\"{$DEFAULTBASEURL}/\">На главную</a>";
}
?>
<h2>Торрент удален!</h2>
<p><?php
echo $ret;
| =============================================
| Room Status details page
+------------------------------------------------
**/
require_once "server_config/config.php";
require_once "function/header_footer.php";
require_once "function/mysql_interface.php";
$HTMLOUT = "";
//fetch roomID from
$room_id = 0;
$room_id = 0 + $_GET["room_id"];
if ($room_id != 0) {
db_conn();
//Fetch Room details from database..
$r = @sql_query("SELECT * FROM rooms WHERE room_id={$room_id}");
$room = mysql_fetch_assoc($r) or bark("Invalid Room ID");
//fetch details
$roomName = $room["room_name"];
$roomAddress = $room["room_address"];
$noOfSeats = $room["no_of_seats"];
$roomType = $room["type"];
$seat_conf_btn = "<span class='btn'><a href='seat_config/index.php?room_id={$room_id}'><font color=#FFFFFF>Seat Config for room {$room_id}</font></a></span>";
//Don't know whether this will work or not.
$seat_conf_with_design = "<span class='btn'><a href='seat_config_link.php?action=index?room_id={$room_id}'><font color=#FFFFFF>Seat Config for room {$room_id} (Nicer version)</font></a></span>";
//More info about the rooms:: (Name, Type, Address)
$HTMLOUT .= begin_block("r_info", $caption_t = "Room Information", $per = 98, $tdcls = "colhead5", $img = "<img src='{$TK3GRE['pic_base_url']}info.png' style=' height:28px;' alt='' title='' />", $title = 'Room Information');
$HTMLOUT .= "<table class='stats' border='1' cellspacing='0' cellpadding='5' align='center'>\n\t<tr><td class='rowhead' style='font-family:Trebuchet MS' title='Room Name'>Room Name</td><td align='center'>{$roomName}</td></tr>\n <tr><td class='rowhead' style='font-family:Trebuchet MS' title='Room Type'>Room Type</td><td align='center'>{$roomType}</td></tr>\n <tr><td class='rowhead' style='font-family:Trebuchet MS' title='Room Address'>Room Address <img src='{$TK3GRE['pic_base_url']}address.png' width='25' height='25' alt=''></td><td align='center'>{$roomAddress}</td></tr>\n\t<tr><td class='rowhead' style='font-family:Trebuchet MS' title='Seat Config'>Seat Config</td><td align='center'>{$seat_conf_btn}</td></tr>\n\t</table>";
$HTMLOUT .= end_block();
$HTMLOUT .= "<br />";
//fetch seat details...
$seats = @sql_query("SELECT * FROM seats WHERE room_id={$room_id} ORDER BY seat_id ASC");
require_once get_langfile_path();
loggedinorreturn();
parked();
function bark($msg)
{
global $lang_userdetails;
stdhead();
stdmsg($lang_userdetails['std_error'], $msg);
stdfoot();
exit;
}
$id = 0 + $_GET["id"];
int_check($id, true);
if ($id != $CURUSER['id']) {
$r = sql_query("SELECT * FROM users WHERE id=" . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$user = mysql_fetch_array($r) or bark($lang_userdetails['std_no_such_user']);
} else {
$user = $CURUSER;
}
if ($user["status"] == "pending") {
stderr($lang_userdetails['std_sorry'], $lang_userdetails['std_user_not_confirmed']);
}
if ($user[added] == "0000-00-00 00:00:00") {
$joindate = $lang_userdetails['text_not_available'];
} else {
$joindate = $user[added] . " (" . gettime($user["added"], true, false, true) . ")";
}
$lastseen = $user["last_access"];
if ($lastseen == "0000-00-00 00:00:00") {
$lastseen = $lang_userdetails['text_not_available'];
} else {
<?php
require_once "include/bittorrent.php";
dbconn();
require_once get_langfile_path();
loggedinorreturn();
function bark($msg)
{
stdhead();
stdmsg($lang_takeflush['std_failed'], $msg);
stdfoot();
exit;
}
$id = 0 + $_GET['id'];
int_check($id, true);
if (get_user_class() >= UC_MODERATOR || $CURUSER[id] == "{$id}") {
$deadtime = deadtime();
//$deadtime2 = deadtime();
//$deadtime = time()-600
//sql_query("DELETE FROM peers WHERE ((last_action< FROM_UNIXTIME($deadtime) AND seeder = 'no)' or (last_action<FROM_UNIXTIME($deadtime2) AND seeder = 'yes')) and userid = " . sqlesc($id));
sql_query("DELETE FROM peers WHERE last_action < FROM_UNIXTIME({$deadtime}) AND userid=" . sqlesc($id));
$effected = mysql_affected_rows();
stderr($lang_takeflush['std_success'], "{$effected} " . $lang_takeflush['std_ghost_torrents_cleaned']);
} else {
bark($lang_takeflush['std_cannot_flush_others']);
}
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = $verification == 'admin' ? '' : $secret;
$invite_count = (int) $invite_count;
$wantusername = sqlesc($wantusername);
$wantpasshash = sqlesc($wantpasshash);
$secret = sqlesc($secret);
$editsecret = sqlesc($editsecret);
$send_email = $email;
$email = sqlesc($email);
$country = sqlesc($country);
$gender = sqlesc($gender);
$sitelangid = sqlesc(get_langid_from_langcookie());
$res_check_user = sql_query("SELECT * FROM users WHERE username = "******"";
$ret = sql_query("INSERT INTO users (username, passhash, secret, editsecret, email, country, gender, status, class, invites, " . ($type == 'invite' ? "invited_by," : "") . " added, last_access, lang, stylesheet" . ($showschool == 'yes' ? ", school" : "") . ", uploaded) VALUES (" . $wantusername . "," . $wantpasshash . "," . $secret . "," . $editsecret . "," . $email . "," . $country . "," . $gender . ", 'confirmed', " . $defaultclass_class . "," . $invite_count . ", " . ($type == 'invite' ? "'{$inviter}'," : "") . " '" . date("Y-m-d H:i:s") . "' , " . " '" . date("Y-m-d H:i:s") . "' , " . $sitelangid . "," . $defcss . ($showschool == 'yes' ? "," . $school : "") . "," . ($iniupload_main > 0 ? $iniupload_main : 0) . ")") or sqlerr(__FILE__, __LINE__);
$id = mysql_insert_id();
$dt = sqlesc(date("Y-m-d H:i:s"));
$subject = sqlesc($lang_takesignup['msg_subject'] . $SITENAME . "!");
$msg = sqlesc($lang_takesignup['msg_congratulations'] . htmlspecialchars($wantusername) . $lang_takesignup['msg_you_are_a_member']);
sql_query("INSERT INTO messages (sender, receiver, subject, added, msg) VALUES(0, {$id}, {$subject}, {$dt}, {$msg})") or sqlerr(__FILE__, __LINE__);
//write_log("User account $id ($wantusername) was created");
$res = sql_query("SELECT passhash, secret, editsecret, status FROM users WHERE id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_assoc($res);
$psecret = md5($row['secret']);
$ip = getip();
$usern = htmlspecialchars($wantusername);
$title = $SITENAME . $lang_takesignup['mail_title'];
$msg = "[color=red]Security alert[/color]\n Account: ID=" . $row['id'] . " Somebody (probably you, " . $username . " !) tried to login but failed!" . "\nTheir [b]Ip Address [/b] was : " . $ip . "\n If this wasn't you please report this event to a {$INSTALLER09['site_name']} staff member\n - Thank you.\n";
$sql = "INSERT INTO messages (sender, receiver, msg, subject, added) VALUES('System', '{$to}', " . sqlesc($msg) . ", " . sqlesc($subject) . ", {$added});";
$res = sql_query($sql) or sqlerr(__FILE__, __LINE__);
stderr("Login failed !", "<b>Error</b>: Username or password entry incorrect <br />Have you forgotten your password? <a href='{$INSTALLER09['baseurl']}/resetpw.php'><b>Recover</b></a> your password !");
bark();
}
////Start IP logger ////
$ip = sqlesc(getip());
$added = sqlesc(time());
$userid = sqlesc($row["id"]);
$res = mysql_query("SELECT * FROM ips WHERE ip ={$ip} AND userid ={$userid}") or die(mysql_error());
if (mysql_num_rows($res) == 0) {
sql_query("INSERT INTO ips (userid, ip, lastlogin, type) VALUES ({$userid}, {$ip} , {$added}, 'Login')") or die(mysql_error());
} else {
sql_query("UPDATE ips SET lastlogin = {$added} where ip={$ip} AND userid = {$userid}") or sqlerr(__FILE__, __LINE__);
}
//// End Ip logger /////
if ($row['enabled'] == 'no') {
bark($lang['tlogin_disabled']);
}
$passh = md5($row["passhash"] . $_SERVER["REMOTE_ADDR"]);
logincookie($row["id"], $passh);
if (isset($_POST['use_ssl']) && $_POST['use_ssl'] == 1 && !isset($_SERVER['HTTPS'])) {
$INSTALLER09['baseurl'] = str_replace('http', 'https', $INSTALLER09['baseurl']);
}
if (isset($_POST['perm_ssl']) && $_POST['perm_ssl'] == 1) {
mysql_query('UPDATE users SET ssluse = 2 WHERE id = ' . $row['id']) or sqlerr(__FILE__, __LINE__);
}
$ip = sqlesc(getip());
sql_query("DELETE FROM failedlogins WHERE ip = {$ip}");
header("Location: {$INSTALLER09['baseurl']}/index.php");
if (!preg_match("/^http:\\/\\/[^\\s'\"<>]+\\.(jpg|gif|png)\$/i", $picture)) {
stderr($lang_offers['std_error'], $lang_offers['std_wrong_image_format']);
}
$pic = "[img]" . $picture . "[/img]\n";
}
$descr = "{$pic}";
$descr .= unesc($_POST["body"]);
if (!$name) {
bark($lang_offers['std_must_enter_name']);
}
if (!$descr) {
bark($lang_offers['std_must_enter_description']);
}
$cat = 0 + $_POST["category"];
if (!is_valid_id($cat)) {
bark($lang_offers['std_must_select_category']);
}
$name = sqlesc($name);
$descr = sqlesc($descr);
$cat = sqlesc($cat);
sql_query("UPDATE offers SET category={$cat}, name={$name}, descr={$descr} where id=" . sqlesc($id));
//header("Refresh: 0; url=offers.php?id=$id&off_details=1");
}
//======end take offer edit
//=== offer votes list
if ($_GET["offer_vote"]) {
$offer_vote = 0 + $_GET["offer_vote"];
if ($offer_vote != '1') {
stderr($lang_offers['std_error'], $lang_offers['std_smell_rat']);
}
$offerid = 0 + htmlspecialchars($_GET[id]);
}
$catid = 0 + $type;
if (!is_valid_id($catid)) {
bark($lang_takeedit['std_missing_form_data']);
}
if (!$name || !$descr) {
bark($lang_takeedit['std_missing_form_data']);
}
$newcatmode = get_single_value("categories", "mode", "WHERE id=" . sqlesc($catid));
if ($enablespecial == 'yes' && get_user_class() >= $movetorrent_class) {
$allowmove = true;
} else {
$allowmove = false;
}
if ($oldcatmode != $newcatmode && !$allowmove) {
bark($lang_takeedit['std_cannot_move_torrent']);
}
$updateset[] = "anonymous = '" . ($_POST["anonymous"] ? "yes" : "no") . "'";
$updateset[] = "name = " . sqlesc($name);
$updateset[] = "descr = " . sqlesc($descr);
$updateset[] = "url = " . sqlesc($url);
$updateset[] = "douban_url = " . sqlesc($douban_url);
$updateset[] = "small_descr = " . sqlesc($_POST["small_descr"]);
//$updateset[] = "ori_descr = " . sqlesc($descr);
$updateset[] = "category = " . sqlesc($catid);
$updateset[] = "source = " . sqlesc(0 + $_POST["source_sel"]);
$updateset[] = "medium = " . sqlesc(0 + $_POST["medium_sel"]);
$updateset[] = "codec = " . sqlesc(0 + $_POST["codec_sel"]);
$updateset[] = "standard = " . sqlesc(0 + $_POST["standard_sel"]);
$updateset[] = "processing = " . sqlesc(0 + $_POST["processing_sel"]);
$updateset[] = "team = " . sqlesc(0 + $_POST["team_sel"]);
stdfoot();
exit;
}
if (!mkglobal("id")) {
bark($lang_fastdelete['std_missing_form_data']);
}
$id = 0 + $id;
int_check($id);
$sure = $_GET["sure"];
$res = sql_query("SELECT name,owner,seeders,anonymous FROM torrents WHERE id = {$id}");
$row = mysql_fetch_array($res);
if (!$row) {
die;
}
if (get_user_class() < $torrentmanage_class) {
bark($lang_fastdelete['text_no_permission']);
}
if (!$sure) {
stderr($lang_fastdelete['std_delete_torrent'], $lang_fastdelete['std_delete_torrent_note'] . "<a class=altlink href=fastdelete.php?id={$id}&sure=1>" . $lang_fastdelete['std_here_if_sure'], false);
}
deletetorrent($id);
KPS("-", $uploadtorrent_bonus, $row["owner"]);
if ($row['anonymous'] == 'yes' && $CURUSER["id"] == $row["owner"]) {
write_log("Torrent {$id} ({$row['name']}) was deleted by its anonymous uploader", 'normal');
} else {
write_log("Torrent {$id} ({$row['name']}) was deleted by {$CURUSER['username']}", 'normal');
}
//Send pm to torrent uploader
if ($CURUSER["id"] != $row["owner"]) {
$dt = sqlesc(date("Y-m-d H:i:s"));
$subject = sqlesc($lang_fastdelete_target[get_user_lang($row["owner"])]['msg_torrent_deleted']);
$rating = 0 + $rating;
if ($rating <= 0 || $rating > 5) {
bark("{$lang['rate_invalid']}");
}
$res = mysql_query("SELECT owner FROM torrents WHERE id = {$id}");
$row = mysql_fetch_assoc($res);
if (!$row) {
bark("{$lang['rate_torrent_not_found']}");
}
//if ($row["owner"] == $CURUSER["id"])
// bark("{$lang['rate_not_vote_own_torrent']}");
$time_now = time();
$res = mysql_query("INSERT INTO ratings (torrent, user, rating, added) VALUES ({$id}, " . $CURUSER["id"] . ", {$rating}, {$time_now})");
if (!$res) {
if (mysql_errno() == 1062) {
bark("{$lang['rate_already_voted']}");
} else {
bark(mysql_error());
}
}
mysql_query("UPDATE torrents SET numratings = numratings + 1, ratingsum = ratingsum + {$rating} WHERE id = {$id}");
// 09 Seeding Bonus by Bigjoos // start
// modded by cybernet2u
// support - http://bit.ly/8jd6WH
// http://xList.ro/
// http://tbdev.xlist.ro/
//===add karma
mysql_query("UPDATE users SET seedbonus = seedbonus+5.0 WHERE id = " . sqlesc($userid) . "") or sqlerr(__FILE__, __LINE__);
//===end
// 09 Seeding Bonus by Bigjoos // end
header("Refresh: 0; url=details.php?id={$id}&rated=1");
$pic = '';
if (!empty($_POST['picture'])) {
$picture = unesc($_POST["picture"]);
if (!preg_match("/^http:\\/\\/[^\\s'\"<>]+\\.(jpg|gif|png)\$/i", $picture)) {
stderr("Error", "Image MUST be in jpg, gif or png format.");
}
$pic = "[img]" . $picture . "[/img]\n";
}
$descr = "{$pic}";
$descr .= unesc($_POST["body"]);
if (!$descr) {
bark("You must enter a description!");
}
$cat = 0 + $_POST["category"];
if (!is_valid_id($cat)) {
bark("You must select a category to put the Offer in!");
}
$name = sqlesc($name);
$descr = sqlesc($descr);
$cat = sqlesc($cat);
sql_query("UPDATE offers SET category={$cat}, name={$name}, descr={$descr} where id={$id}");
header("Refresh: 0; url=viewoffers.php?id={$id}&off_details=1");
}
// ======end take offer edit
// === offer votes list
if (isset($_GET["offer_vote"])) {
$offer_vote = 0 + $_GET["offer_vote"];
if ($offer_vote != '1') {
stderr("Error", "I smell a rat!");
}
$offerid = 0 + htmlentities($_GET[id]);
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with TBDevYSE; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
// +--------------------------------------------------------------------------+
// | Do not remove above lines! |
// +--------------------------------------------------------------------------+
*/
require_once "include/bittorrent.php";
function bark($msg)
{
stdhead();
stdmsg($tracker_lang['error'], $msg);
stdfoot();
exit;
}
dbconn();
loggedinorreturn();
if (!isset($_POST[delbookmark])) {
bark("Ничего не выбрано");
}
$res2 = sql_query("SELECT id, userid FROM bookmarks WHERE id IN (" . implode(", ", array_map("sqlesc", $_POST[delbookmark])) . ")") or sqlerr(__FILE__, __LINE__);
while ($arr = mysql_fetch_assoc($res2)) {
if ($arr[userid] == $CURUSER[id] || get_user_class() > 3) {
sql_query("DELETE FROM bookmarks WHERE id = {$arr['id']}") or sqlerr(__FILE__, __LINE__);
} else {
bark("Вы пытаетесь удалить не свою закладку!");
}
}
header("Refresh: 0; url=" . $_SERVER['HTTP_REFERER']);
//$email=safe_email($email);
$password = $_POST['password'];
if (!$email) {
bark($lang_takeinvite['std_must_enter_email']);
}
if (!check_email($email)) {
bark($lang_takeinvite['std_invalid_email_address']);
}
if (EmailBanned($email)) {
bark($lang_takeinvite['std_email_address_banned']);
}
if (!EmailAllowed($email)) {
bark($lang_takeinvite['std_wrong_email_address_domains'] . allowedemails());
}
if ($CURUSER["passhash"] != md5($CURUSER["secret"] . $password . $CURUSER["secret"])) {
bark('密码错误!');
}
sql_query("UPDATE users SET email=" . sqlesc($email) . " WHERE id={$CURUSER['id']}") or sqlerr(__FILE__, __LINE__);
stdmsg('邮箱修改成功!', '请到<a class=faqlink href=usercp.php>个人页面</a>查看。');
stdfoot();
exit;
}
?>
<h1>修改邮箱</h1>
<form method=post action=changeemailforyahoo.php>
<table border=1 cellspacing=0 cellpadding=5>
<tr><td class=rowhead>请输入新邮箱</td><td><input type=text name=email size=40>注意:修改后没有验证环节,因此请谨慎修改,避免填错。</td></tr>
<tr><td class=rowhead>请输入你的密码</td><td><input type=password name=password size=40>如果在此页面发现任何bug请反馈至管理组,谢谢</td></tr>
<tr><td colspan=2 align=center><input type=submit value="确定" class=btn></td></tr>
</table>
<?php
$res = sql_query("SELECT * FROM users WHERE email=" . sqlesc($email) . " LIMIT 1") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or failedlogins($lang_confirm_resend['std_email_not_found'], true);
if ($arr["status"] != "pending") {
failedlogins($lang_confirm_resend['std_user_already_confirm'], true);
}
if ($wantpassword != $passagain) {
bark($lang_confirm_resend['std_passwords_unmatched']);
}
if (strlen($wantpassword) < 6) {
bark($lang_confirm_resend['std_password_too_short']);
}
if (strlen($wantpassword) > 40) {
bark($lang_confirm_resend['std_password_too_long']);
}
if ($wantpassword == $wantusername) {
bark($lang_confirm_resend['std_password_equals_username']);
}
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = $verification == 'admin' ? '' : $secret;
sql_query("UPDATE users SET passhash=" . sqlesc($wantpasshash) . ",secret=" . sqlesc($secret) . ",editsecret=" . sqlesc($editsecret) . " WHERE id=" . sqlesc($arr["id"])) or sqlerr(__FILE__, __LINE__);
if (!mysql_affected_rows()) {
stderr($lang_confirm_resend['std_error'], $lang_confirm_resend['std_database_error']);
}
$psecret = md5($editsecret);
$ip = getip();
$usern = $arr["username"];
$id = $arr["id"];
$title = $SITENAME . $lang_confirm_resend['mail_title'];
$body = <<<EOD
{$lang_confirm_resend['mail_one']}{$usern}{$lang_confirm_resend['mail_two']}({$email}){$lang_confirm_resend['mail_three']}{$ip}{$lang_confirm_resend['mail_four']}
function dict_get($d, $k, $t)
{
global $lang_takeupload;
if ($d["type"] != "dictionary") {
bark($lang_takeupload['std_not_a_dictionary']);
}
$dd = $d["value"];
if (!isset($dd[$k])) {
return;
}
$v = $dd[$k];
if ($v["type"] != $t) {
bark($lang_takeupload['std_invalid_dictionary_entry_type']);
}
return $v["value"];
}
$copy = copy($ifile, $uploaddir . $ifilename);
if (!$copy) {
bark("Error occured uploading image! - Image {$y}");
}
$inames[] = $ifilename;
}
}
//////////////////////////////////////////////
// Replace punctuation characters with spaces
$torrent = htmlspecialchars_uni(str_replace("_", " ", $torrent));
$ret = sql_query("INSERT INTO torrents (filename, owner, visible, not_sticky, info_hash, name, keywords, description, size, numfiles, type, descr, ori_descr, free, image1, image2, image3, image4, image5, category, save_as, added, last_action, multitracker) VALUES (" . implode(",", array_map("sqlesc", array($fname, $CURUSER["id"], "no", $not_sticky, $infohash, $torrent, $keywords, $description, $totallen, count($filelist), $type, $descr, $descr, $free, $inames[0], $inames[1], $inames[2], $inames[3], $inames[4], $catid, $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', " . sqlesc($multi_torrent) . ")");
if (!$ret) {
if (mysql_errno() == 1062) {
bark("torrent already uploaded!");
}
bark("mysql puked: " . mysql_error());
}
$id = mysql_insert_id();
sql_query('INSERT INTO torrents_descr (tid, descr_hash, descr_parsed) VALUES (' . implode(', ', array_map('sqlesc', array($id, md5($descr), format_comment($descr)))) . ')') or sqlerr(__FILE__, __LINE__);
sql_query("INSERT INTO checkcomm (checkid, userid, torrent) VALUES ({$id}, {$CURUSER['id']}, 1)") or sqlerr(__FILE__, __LINE__);
sql_query("DELETE FROM files WHERE torrent = {$id}");
foreach ($filelist as $file) {
sql_query("INSERT INTO files (torrent, filename, size) VALUES ({$id}, " . sqlesc($file[0]) . ", " . $file[1] . ")");
}
move_uploaded_file($tmpname, "{$torrent_dir}/{$id}.torrent");
$fp = fopen("{$torrent_dir}/{$id}.torrent", "w");
if ($fp) {
$dict_str = BEncode($dict);
@fwrite($fp, $dict_str, strlen($dict_str));
fclose($fp);
}
<?php
include "include/init.php";
$id = $_GET["page"];
$news = mysql_query("SELECT * FROM pages WHERE page='" . _filter($id) . "'");
if (mysql_num_rows($news) == 0) {
bark("см");
}
$smarty->display('header.tpl');
$smarty->display('right.tpl');
$pnum = 10;
$curp = $pnum * $page;
$rows = array();
while ($row = mysql_fetch_array($news)) {
$rows[] = $row;
}
$smarty->assign('news', $rows);
$smarty->display('pages.tpl');
$smarty->display('footer.tpl');
hit_count();
$md5secret = md5(mksecret());
$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = mksecret();
$ret = mysql_query("INSERT INTO users (username, passhash, secret, editsecret, email, enabled, md5secret, invitari, status, added) VALUES (" .
implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $email, 'yes', $md5secret, $invitari, 'pending'))) .
",'" . get_date_time() . "')");
$id = mysql_insert_id();
if (!$ret) {
if (mysql_errno() == 1062) {
bark("Notandanafn er nú þegar til!");
}
bark("borked");
}
//write_log("User account $id ($wantusername) was created");
$psecret = md5($editsecret);
$body = <<<EOD
Þessi tölvupóstur er sendur vegna þessa að einhver skráði þetta netfang ($email)
á torrent síðuna $SITENAME
Ef þú skráðir þig ekki, vinsamlegast hunsaðu þennan póst.
Notandinn sem skráði þig var með ip töluna {$_SERVER["REMOTE_ADDR"]}. Ekki svara þessum pósti.
Til að staðfesta aðganginn þinn vinsamlegast farðu á eftirfarandi slóð:
hit_count();
function bark($text = "Rangt notandanafn og/eða lykilorð, til að endursetja lykilorð getur þú smellt <a href=recover.php>hér</a>.")
{
stderr("Innskráning mistókst!", $text);
}
$res = mysql_query('SELECT id, passhash, status, secret, uploaded, downloaded, enabled, deleted, lasttorrent FROM users WHERE username = '******'uploaded']/$row['downloaded']);
if ($row['deleted'] == '1')
stderr('Innskráning mistókst!','Aðgangnum hefur verið eytt vegna broti á reglum, óvirkni, af eigin ósk eða að beiðni bjóðanda.');
elseif ($row['enabled'] == 'no' && $ratio <= '0.2')
stderr('Innskráning mistókst!', 'Aðgangurinn þinn hefur verið gerður óvirkur vegna lélegra hlutfalla. Vinsamlegast hafðu samband við stjórnendur í gegnum tölvupóst á torrent@torrent.is');
elseif ($row['enabled'] == 'no')
stderr('Innskráning mistókst!','Aðgangnum þínum hefur verið gerður óvirkur vegna brota á reglum. Nánari upplýsingar á torrent@torrent.is');
elseif ($row['status'] !== 'confirmed')
stderr('Innskráning mistókst!','Þú hefur ekki enn þá staðfest aðganginn þinn. Staðfestingarslóðin ætti að hafa verið send í gegnum tölvupóst.');
logincookie($row["id"], $row["passhash"]);
$_SESSION['lasttorrent'] = $row['lasttorrent'];
function dict_get($d, $k, $t)
{
if ($d["type"] != "dictionary") {
bark("not a dictionary");
}
$dd = $d["value"];
if (!isset($dd[$k])) {
return;
}
$v = $dd[$k];
if ($v["type"] != $t) {
bark("invalid dictionary entry type");
}
return $v["value"];
}
//print_r($_POST);exit();
require_once "include/bittorrent.php";
if (!mkglobal("username:password")) {
die;
}
session_start();
dbconn();
function bark($text = "Username or password incorrect")
{
stderr("Login failed!", $text);
}
$res = mysql_query("SELECT id, passhash, secret, enabled,status FROM users WHERE username = "******"");
$row = mysql_fetch_assoc($res);
if (!$row) {
bark();
}
if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"])) {
bark();
}
if ($row["status"] == "pending") {
bark('You have not confirmed your email address yet. More information is <a href="faq.php#user1">here</a>.');
}
if ($row["enabled"] == "no") {
bark("This account has been disabled.");
}
logincookie($row["id"], $row["passhash"]);
if (!empty($_POST["returnto"])) {
header("Location: {$_POST['returnto']}");
} else {
header("Location: browse.php");
}
$id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res;
header("Refresh: 0; url=subtitles.php?mode=details&id={$id}");
}
//end upload
if ($action == "edit") {
$id = isset($_POST["id"]) ? 0 + $_POST["id"] : 0;
if ($id == 0) {
stderr("Err", "Not a valid id");
} else {
$res = sql_query("SELECT * FROM subtitles WHERE id={$id} ") or sqlerr(__FILE__, __LINE__);
$arr = mysqli_fetch_assoc($res);
if (mysqli_num_rows($res) == 0) {
stderr("Sorry", "There is no subtitle with that id");
}
if ($CURUSER["id"] != $arr["owner"] && $CURUSER['class'] < UC_MODERATOR) {
bark("You're not the owner! How did that happen?\n");
}
$updateset = array();
if ($arr["name"] != $releasename) {
$updateset[] = "name = " . sqlesc($releasename);
}
if ($arr["imdb"] != $imdb) {
$updateset[] = "imdb = " . sqlesc($imdb);
}
if ($arr["lang"] != $langs) {
$updateset[] = "lang = " . sqlesc($langs);
}
if ($arr["poster"] != $poster) {
$updateset[] = "poster = " . sqlesc($poster);
}
if ($arr["fps"] != $fps) {
if (get_magic_quotes_gpc()) {
$username = stripslashes($username);
}
$res = sql_query("SELECT id, passhash, secret, enabled, status FROM users WHERE username = "******"'" . mysql_real_escape_string($username) . "'");
$row = mysql_fetch_array($res);
if (!$row) {
failedlogins();
}
if ($row['status'] == 'pending') {
failedlogins($lang_takelogin['std_user_account_unconfirmed']);
}
if ($row["passhash"] != md5($row["secret"] . $password . $row["secret"])) {
login_failedlogins();
}
if ($row["enabled"] == "no") {
bark($lang_takelogin['std_account_disabled']);
}
if ($_POST["securelogin"] == "yes") {
$securelogin_indentity_cookie = true;
$passh = md5($row["passhash"] . $_SERVER["REMOTE_ADDR"]);
} else {
$securelogin_indentity_cookie = false;
$passh = md5($row["passhash"]);
}
if ($securelogin == 'yes' || $_POST["ssl"] == "yes") {
$pprefix = "https://";
$ssl = true;
} else {
$pprefix = "http://";
$ssl = false;
}
}
if ($_COOKIE["c_secure_ssl"] == base64("yeah")) {
$ssl = true;
} else {
$ssl = false;
}
logincookie($CURUSER["id"], $passh, 1, 0x7fffffff, $securelogin_indentity_cookie, $ssl);
//sessioncookie($CURUSER["id"], $passh);
$passupdated = 1;
}
if ($disableemailchange != 'no' && $smtptype != 'none' && $email != $CURUSER["email"]) {
if (EmailBanned($email)) {
bark($lang_usercp['std_email_address_banned']);
}
if (!EmailAllowed($email)) {
bark($lang_usercp['std_wrong_email_address_domains'] . allowedemails());
}
if (!validemail($email)) {
stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0);
die;
}
$r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
if (mysql_num_rows($r) > 0) {
stderr($lang_usercp['std_error'], $lang_usercp['std_email_in_use'] . goback("-2"), 0);
die;
}
$changedemail = 1;
}
if ($resetpasskey == 1) {
$passkey = md5($CURUSER['username'] . date("Y-m-d H:i:s") . $CURUSER['passhash']);
$updateset[] = "passkey = " . sqlesc($passkey);
print "<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 " . $SITENAME . " Server at " . $_SERVER['SERVER_NAME'] . " Port 80</address></body></html>\n";
die;
}
function bark($msg)
{
stdhead("Error");
stdmsg("Error", $msg);
stdfoot();
exit;
}
$id = 0 + $_GET["id"];
if (!is_valid_id($id)) {
bark("Bad ID {$id}.");
}
$r = @sql_query("SELECT * FROM users WHERE id={$id}") or sqlerr(__FILE__, __LINE__);
$user = mysql_fetch_array($r) or bark("No User with this ID.");
if ($user["status"] == "pending") {
die;
}
if (get_user_class() >= UC_MODERATOR && $user["class"] < get_user_class()) {
echo "<form method=\"post\" action=\"inpageratioedit.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"edituser\">\n";
echo "<input type=\"hidden\" name=\"userid\" value=\"{$id}\">\n";
echo "<input type=\"hidden\" name=\"class\" value=\"{$user['class']}\">\n";
echo "<input type=\"hidden\" name=\"returnto\" value=\"badratio.php?done=no\">\n";
echo "<br /><table class=\"main\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n";
echo "<tr><td class=colhead colspan=3 align=center>Quick-Edit <a target=_blank href=userdetails.php?id=" . $user["id"] . ">" . $user["username"] . "</a></td></tr>";
?>
<?php
if ($user["immun"] == "no") {