if (!is_numeric($uploaded)) { throw new IllegalArgumentException("Non-numeric upload amount specified"); } $downloaded = $_GET["downloaded"]; if (!$downloaded) { $downloaded = 0; } if (!is_numeric($downloaded)) { throw new IllegalArgumentException("Non-numeric download amount specified"); } if (!$ip) { $ip = $_SERVER["REMOTE_ADDR"]; } // Is the IP banned? db_init(); if (isIPBanned($ip)) { trackerError("Banned IP: " . $ip); } // Check that the info_hash is one that we allow: $queryHandle = mysql_query("SELECT * from bittorrent_files where info_hash=\"" . process_user_text($info_hash) . "\""); echo mysql_error(); if (!mysql_num_rows($queryHandle)) { trackerError("The tracker does not allow tracking of this file:" . $info_hash . " [] " . $_GET["info_hash"]); } $infoHashObject = mysql_fetch_object($queryHandle); // If the peer is actively doing something let's update the DB if ($event == "started" || $event == "stopped" || $event == "completed") { mysql_query("REPLACE into bittorrent_peers SET fileid=" . $infoHashObject->id . ", peerid=\"" . process_user_text($peer_id) . "\", ip=\"" . process_user_text($ip) . "\", port=\"" . process_user_text($port) . "\", status=\"" . $event . "\", uploaded=" . process_user_text($uploaded) . ", downloaded=" . process_user_text($downloaded) . ", timestamp=" . time()); echo mysql_error(); } else { mysql_query("REPLACE delayed into bittorrent_peers SET fileid=" . $infoHashObject->id . ", peerid=\"" . process_user_text($peer_id) . "\", ip=\"" . process_user_text($ip) . "\", port=\"" . process_user_text($port) . "\", uploaded=" . process_user_text($uploaded) . ", downloaded=" . process_user_text($downloaded) . ", timestamp=" . time());
<?php if (is_array($_POST) && isset($_POST['pb_action'])) { if ($_POST['pb_action'] == "pb_flag_request") { global $wpdb; if ($_POST['flag_op'] == "abuse") { $req_id = $_POST['req_id']; $time_now = time(); $ip_address = $_SERVER['REMOTE_ADDR']; $wpdb->insert($wpdb->prefix . 'pb_flags', array('request_id' => $req_id, 'flagged_date' => $time_now, 'ip_address' => $ip_address)); $flag_msg = isIPBanned($ip_address) == "pass" ? PB_THANK_YOU_FLAGGER : PB_ILLEGAL_FLAGGER; echo $flag_msg; exit; } elseif ($_POST['flag_op'] == "prayed") { $req_id = $_POST['req_id']; $time_now = time(); $ip_address = $_SERVER['REMOTE_ADDR']; $wpdb->insert($wpdb->prefix . 'pb_prayedfor', array('request_id' => $req_id, 'prayedfor_date' => $time_now, 'ip_address' => $ip_address)); echo "prayed"; exit; } } }
//Delete expired sessions Query("delete from {sessions} where expiration != 0 and expiration < {0}", time()); function isIPBanned($ip) { $rIPBan = Query("select * from {ipbans} where instr({0}, ip)=1", $ip); while ($ipban = Fetch($rIPBan)) { // check if this IP ban is actually good // if the last character is a number, IPs have to match precisely if (ctype_alnum(substr($ipban['ip'], -1)) && $ip !== $ipban['ip']) { continue; } return $ipban; } return false; } $ipban = isIPBanned($_SERVER['REMOTE_ADDR']); if ($ipban) { $adminemail = Settings::get('ownerEmail'); print "You have been IP-banned from this board" . ($ipban['date'] ? " until " . gmdate("M jS Y, G:i:s", $ipban['date']) . " (GMT). That's " . TimeUnits($ipban['date'] - time()) . " left" : "") . ". Attempting to get around this in any way will result in worse things."; print '<br>Reason: ' . $ipban['reason']; if ($adminemail) { print '<br><br>If you were erroneously banned, contact the board owner at: ' . $adminemail; } exit; } function doHash($data) { return hash('sha256', $data, FALSE); } $loguser = NULL; if ($_COOKIE['logsession'] && !$ipban) {
<?php // AcmlmBoard XD - IP ban management tool // Access: administrators only $title = __("IP bans"); CheckPermission('admin.manageipbans'); MakeCrumbs(array(actionLink("admin") => __("Admin"), actionLink("ipbans") => __("IP ban manager"))); if (isset($_POST['actionadd'])) { //This doesn't allow you to ban IP ranges... //if(!filter_var($_POST['ip'], FILTER_VALIDATE_IP)) // Alert("Invalid IP"); //else if (isIPBanned($_POST['ip'])) { Alert("Already banned IP!"); } else { $rIPBan = Query("insert into {ipbans} (ip, reason, date) values ({0}, {1}, {2})", $_POST['ip'], $_POST['reason'], (int) $_POST['days'] > 0 ? time() + (int) $_POST['days'] * 86400 : 0); Alert(__("Added."), __("Notice")); } } elseif ($_GET['action'] == "delete") { $rIPBan = Query("delete from {ipbans} where ip={0} limit 1", $_GET['ip']); Alert(__("Removed."), __("Notice")); } $rIPBan = Query("select * from {ipbans} order by date desc, ip asc"); $banList = ""; while ($ipban = Fetch($rIPBan)) { $cellClass = ($cellClass + 1) % 2; if ($ipban['date']) { $date = formatdate($ipban['date']) . " (" . TimeUnits($ipban['date'] - time()) . " left)"; } else { $date = __("Permanent"); }
// responds to request to register and sends registration form if (isset($_GET['register'])) { // check to see if session is set if (isset($_SESSION['loggedIn'])) { $title = 'Please log out'; $longdesc = "You need to log out in order to register a new account."; include $siteroot . 'demo2/app/pages_public/confirmation.inc.html.php'; exit; } include $siteroot . 'demo2/app/pages_public/register.inc.html.php'; exit; } // create new user if (isset($_POST['action']) and $_POST['action'] == 'registerform') { // check to see if userIP is banned if (isIPBanned() == TRUE) { $title = "Your IP Address Has Been Banned"; $longdesc = "Your ip was banned from logging into this website,\n registering a new account, or recovering a password. If you feel\n this is a mistake, please contact the convention staff for \n assistance."; include $siteroot . 'demo2/app/pages_public/confirmation.inc.html.php'; exit; } // checks to see if password fields match if ($_POST['password'] != $_POST['password2']) { $title = "Error"; $longdesc = 'The passwords did not match.'; include $siteroot . 'demo2/app/pages_public/confirmation.inc.html.php'; exit; } // checks to see if email entered isn't already in use by a registered account $sql = 'SELECT COUNT(*) FROM users WHERE email = :email';
function display_pb_forms($atts) { global $wpdb; if (isset($_POST['action']) && $_POST['action'] == "update_request") { //UPDATE REQUEST $req_id = $_POST['req_id']; $anon = isset($_POST['anon']) && $_POST['anon'] == 'on' ? 1 : 0; $notify = isset($_POST['notify']) && $_POST['notify'] == 'on' ? 1 : 0; if (isset($_POST['closed']) && $_POST['closed'] == 'on') { $closed = time(); $active = 2; $wpdb->update($wpdb->prefix . 'pb_requests', array('anon' => $anon, 'closed' => $closed, 'notify' => $notify, 'active' => $active), array('id' => $req_id)); } else { $wpdb->update($wpdb->prefix . 'pb_requests', array('anon' => $anon, 'notify' => $notify), array('id' => $req_id)); } $updated_title = isset($closed) ? PB_REQ_CLOSED_TITLE : PB_REQ_UPDATED_TITLE; $updated_msg = isset($closed) ? PB_REQ_CLOSED_MSG : PB_REQ_UPDATED_MSG; $updated_request_output = "<div id='praybox_wrapper'>"; $updated_request_output .= "<h2 class='pbx-title'>{$updated_title}</h2>"; $updated_request_output .= "<p class='pbx-text'>{$updated_msg}</p>"; $updated_request_output .= "</div>"; return $updated_request_output; } elseif (isset($_POST['action']) && $_POST['action'] == "submit_request") { //Submit Request to DB, Email Mgmt Link, and Display a Message $first_name = isset($_POST['first_name']) && $_POST['first_name'] != "" ? clean($_POST['first_name']) : "anon"; $last_name = isset($_POST['last_name']) && $_POST['last_name'] != "" ? clean($_POST['last_name']) : "anon"; $anon = isset($_POST['anon']) && $_POST['anon'] == 'on' ? 1 : 0; $email = $_POST['email']; $authcode = rand_chars(); $title = clean($_POST['title']); $body = clean($_POST['body']); $notify = isset($_POST['notify']) && $_POST['notify'] == 'on' ? 1 : 0; $ip_address = $_SERVER['REMOTE_ADDR']; $time_now = time(); if (get_option('pb_admin_moderation') == 1) { $active = 0; } else { $active = 1; } //THROW FLAGS IF ANY OF THESE CONDITIONS ARE MET if (isIPBanned($ip_address) == "fail" || isDuplicate($first_name, $last_name, $email, $title, $ip_address) == "fail") { $flaggit = 1; } else { $flaggit = 0; } //IF NO FLAGS, RUN IT if ($flaggit == 0) { $site_name = get_bloginfo('name'); $wpdb->insert($wpdb->prefix . 'pb_requests', array('first_name' => $first_name, 'last_name' => $last_name, 'anon' => $anon, 'email' => $email, 'authcode' => $authcode, 'submitted' => $time_now, 'title' => $title, 'body' => $body, 'notify' => $notify, 'ip_address' => $ip_address, 'active' => $active)); $management_url = getManagementUrl($authcode); $email_from = get_option('pb_reply_to_email'); $email_message = get_option('pb_email_prefix'); $email_message .= "\n\n" . PB_REQ_EMAIL_MSG1 . " {$management_url}\n\n" . PB_REQ_EMAIL_MSG2 . "\n\n"; $email_message .= get_option('pb_email_suffix'); $headers = 'Reply-To:' . $site_name . ' <' . $email_from . '>' . "\r\n"; $headers .= 'From:' . $site_name . ' <' . $email_from . '>' . "\r\n"; wp_mail($email, PB_REQ_EMAIL_SUBJECT, $email_message, $headers); $submitted_output = "<div id='praybox_wrapper'>"; $submitted_output .= "<h2 class='pbx-title'>" . PB_REQ_SUBMITTED_TITLE . "</h2>"; $submitted_output .= "<p class='pbx-text'>" . PB_REQ_SUBMITTED_MSG . "</p>"; $submitted_output .= "</div>"; } else { $submitted_output = "<div id='praybox_wrapper'>"; $submitted_output .= "<h2 class='pbx-title'>" . PB_REQ_FAIL_TITLE . "</h2>"; $submitted_output .= "<p class='pbx-text'>" . PB_REQ_FAIL_MSG . "</p><ul>"; if (isDuplicate($first_name, $last_name, $email, $title, $ip_address) == "fail") { $submitted_output .= "<li>" . PB_REQ_FAIL_DUPLICATE . "</li>"; } if ($_POST['required'] != "") { $submitted_output .= "<li>" . PB_REQ_FAIL_SPAM . "</li>"; } if (isIPBanned($ip_address) == "fail") { $submitted_output .= "<li>" . PB_REQ_FAIL_BANNED . "</li>"; } $submitted_output .= "</ul></div>"; } return $submitted_output; } else { if (!isset($_GET['pbid']) || $_GET['pbid'] == "") { $stat = 0; //new request $anon = ""; $notify = ""; $sub_form_title = PB_FORM_TITLE; $sub_form_msg = get_option('PB_REQ_form_intro'); $sub_form_action = "submit_request"; $sub_form_req_id_input = ""; $sub_form_submit = PB_FORM_SUBMIT; } else { $authcode = $_GET['pbid']; if (isRequestActive($authcode) == "yes") { $prayer_request = $wpdb->get_row("SELECT id,first_name,last_name,anon,email,title,body,notify FROM " . $wpdb->prefix . "pb_requests WHERE authcode='{$authcode}'"); $stat = 1; //open request $anon = $prayer_request->anon == 1 ? "checked" : ""; $notify = $prayer_request->notify == 1 ? "checked" : ""; $sub_form_title = PB_FORM_EDIT_TITLE; $sub_form_msg = PB_FORM_EDIT_MSG; $sub_form_action = "update_request"; $sub_form_req_id_input = "<input type='hidden' name='req_id' value='" . $prayer_request->id . "' />"; $sub_form_submit = PB_FORM_EDIT_SUBMIT; } else { $stat = 2; //request is closed } } $sub_form_output = "<div id='praybox_wrapper'>"; if ($stat == 2) { //CLOSED REQUEST OUTPUT $sub_form_output .= "<h2 class='pbx-title'>" . PB_FORM_CLOSED_TITLE . "</h2>"; $sub_form_output .= "<p class='pbx-text'>" . PB_FORM_CLOSED_MSG . "</p>"; } else { //INITIAL SUBMISSION FORM OUTPUT $sub_form_output .= "<h2 class='pbx-title'>{$sub_form_title}</h2>"; $sub_form_output .= "<p class='pbx-text'>{$sub_form_msg}</p>"; $sub_form_output .= "<form class='pbx-form' method='post'><input type='hidden' name='action' value='{$sub_form_action}' />{$sub_form_req_id_input}"; $sub_form_output .= $stat == 0 ? "<div class='pbx-formfield'><label>" . PB_FORM_FIRST_NAME . ":</label><input type='text' name='first_name' /></div>" : ""; $sub_form_output .= $stat == 0 ? "<div class='pbx-formfield'><label>" . PB_FORM_LAST_NAME . ":</label><input type='text' name='last_name' /></div>" : ""; $sub_form_output .= "<div class='pbx-formfield'><label><input type='checkbox' name='anon' {$anon} /> " . PB_FORM_ANONYMOUS . "</label></div>"; $sub_form_output .= $stat == 0 ? "<div class='pbx-formfield'><label>" . PB_FORM_EMAIL . ":</label><input type='text' name='email' /></div>" : ""; $sub_form_output .= $stat == 0 ? "<div class='pbx-formfield'><label>" . PB_FORM_REQTITLE . ":</label><input type='text' name='title' /></div>" : ""; $sub_form_output .= $stat == 0 ? "<div class='pbx-formfield'><label>" . PB_FORM_REQ . ":</label><textarea name='body'></textarea></div>" : ""; $sub_form_output .= "<div class='pbx-formfield'><label><input type='checkbox' name='notify' {$notify} /> " . PB_FORM_NOTIFY . "</label></div>"; $sub_form_output .= $stat == 1 ? "<div class='pbx-formfield'><label><input type='checkbox' name='closed' /> " . PB_FORM_EDIT_CLOSE . "</label></div>" : ""; $sub_form_output .= "<div class='pbx-formfield'><input type='submit' value='{$sub_form_submit}' /></div>"; $sub_form_output .= "</form>"; } $sub_form_output .= "</div>"; return $sub_form_output; /* }else{ $authcode=$_GET['pbid']; if (isRequestActive($authcode)=="yes"){ //IF REQUEST IS OPEN $prayer_request=$wpdb->get_row("SELECT id,first_name,last_name,anon,email,title,body,notify FROM ".$wpdb->prefix."pb_requests WHERE authcode='$authcode'"); $req_id=$prayer_request->id; if($prayer_request->anon==1){$anon="checked";}else{$anon="";} if($prayer_request->notify==1){$notify="checked";}else{$notify="";} $mgmt_form_output="<div id='praybox'>"; $mgmt_form_output.="<div class='title'>Make Changes to Your Prayer Request<div style='clear:both;'></div></div>"; $mgmt_form_output.="<div class='intro'>Use the form below to make changes to your prayer request listing.<div style='clear:both;'></div></div>"; $mgmt_form_output.="<form method='post'><input type='hidden' name='action' value='update_request' /><input type='hidden' name='req_id' value='$req_id' />"; $mgmt_form_output.="<table class='subform'>"; $mgmt_form_output.="<tr><td class='checkbox'><input type='checkbox' name='anon' $anon /> I would like to remain anonymous. Please do not post my name.</td></tr>"; $mgmt_form_output.="<tr><td class='checkbox'><input type='checkbox' name='notify' $notify /> I would like to be notified (once per day) when I have been prayed for.</td></tr>"; $mgmt_form_output.="<tr><td><hr /></td></tr>"; $mgmt_form_output.="<tr><td class='checkbox'><input type='checkbox' name='closed' /> I would like to close this prayer request.</td></tr>"; $mgmt_form_output.="<tr><td class='submit'><input type='submit' value='Update My Prayer Request' /></td></tr>"; $mgmt_form_output.="</table>"; $mgmt_form_output.="</form>"; $mgmt_form_output.="<div style='clear:both;'></div></div>"; }else{ //IF REQUEST IS CLOSED $mgmt_form_output="<div id='praybox'>"; $mgmt_form_output.="<div class='title'>This Request Has Been Closed<div style='clear:both;'></div></div>"; $mgmt_form_output.="<div class='intro'>Sorry, this Prayer Request has been closed and can no longer be edited.<div style='clear:both;'></div></div>"; $mgmt_form_output.="<div style='clear:both;'></div></div>"; } return $mgmt_form_output; } */ } }