示例#1
0
if (!is_numeric($uploaded)) {
    throw new IllegalArgumentException("Non-numeric upload amount specified");
}
$downloaded = $_GET["downloaded"];
if (!$downloaded) {
    $downloaded = 0;
}
if (!is_numeric($downloaded)) {
    throw new IllegalArgumentException("Non-numeric download amount specified");
}
if (!$ip) {
    $ip = $_SERVER["REMOTE_ADDR"];
}
// Is the IP banned?
db_init();
if (isIPBanned($ip)) {
    trackerError("Banned IP: " . $ip);
}
// Check that the info_hash is one that we allow:
$queryHandle = mysql_query("SELECT * from bittorrent_files where info_hash=\"" . process_user_text($info_hash) . "\"");
echo mysql_error();
if (!mysql_num_rows($queryHandle)) {
    trackerError("The tracker does not allow tracking of this file:" . $info_hash . " [] " . $_GET["info_hash"]);
}
$infoHashObject = mysql_fetch_object($queryHandle);
// If the peer is actively doing something let's update the DB
if ($event == "started" || $event == "stopped" || $event == "completed") {
    mysql_query("REPLACE into bittorrent_peers SET fileid=" . $infoHashObject->id . ", peerid=\"" . process_user_text($peer_id) . "\", ip=\"" . process_user_text($ip) . "\", port=\"" . process_user_text($port) . "\", status=\"" . $event . "\", uploaded=" . process_user_text($uploaded) . ", downloaded=" . process_user_text($downloaded) . ", timestamp=" . time());
    echo mysql_error();
} else {
    mysql_query("REPLACE delayed into bittorrent_peers SET fileid=" . $infoHashObject->id . ", peerid=\"" . process_user_text($peer_id) . "\", ip=\"" . process_user_text($ip) . "\", port=\"" . process_user_text($port) . "\", uploaded=" . process_user_text($uploaded) . ", downloaded=" . process_user_text($downloaded) . ", timestamp=" . time());
示例#2
0
<?php

if (is_array($_POST) && isset($_POST['pb_action'])) {
    if ($_POST['pb_action'] == "pb_flag_request") {
        global $wpdb;
        if ($_POST['flag_op'] == "abuse") {
            $req_id = $_POST['req_id'];
            $time_now = time();
            $ip_address = $_SERVER['REMOTE_ADDR'];
            $wpdb->insert($wpdb->prefix . 'pb_flags', array('request_id' => $req_id, 'flagged_date' => $time_now, 'ip_address' => $ip_address));
            $flag_msg = isIPBanned($ip_address) == "pass" ? PB_THANK_YOU_FLAGGER : PB_ILLEGAL_FLAGGER;
            echo $flag_msg;
            exit;
        } elseif ($_POST['flag_op'] == "prayed") {
            $req_id = $_POST['req_id'];
            $time_now = time();
            $ip_address = $_SERVER['REMOTE_ADDR'];
            $wpdb->insert($wpdb->prefix . 'pb_prayedfor', array('request_id' => $req_id, 'prayedfor_date' => $time_now, 'ip_address' => $ip_address));
            echo "prayed";
            exit;
        }
    }
}
示例#3
0
//Delete expired sessions
Query("delete from {sessions} where expiration != 0 and expiration < {0}", time());
function isIPBanned($ip)
{
    $rIPBan = Query("select * from {ipbans} where instr({0}, ip)=1", $ip);
    while ($ipban = Fetch($rIPBan)) {
        // check if this IP ban is actually good
        // if the last character is a number, IPs have to match precisely
        if (ctype_alnum(substr($ipban['ip'], -1)) && $ip !== $ipban['ip']) {
            continue;
        }
        return $ipban;
    }
    return false;
}
$ipban = isIPBanned($_SERVER['REMOTE_ADDR']);
if ($ipban) {
    $adminemail = Settings::get('ownerEmail');
    print "You have been IP-banned from this board" . ($ipban['date'] ? " until " . gmdate("M jS Y, G:i:s", $ipban['date']) . " (GMT). That's " . TimeUnits($ipban['date'] - time()) . " left" : "") . ". Attempting to get around this in any way will result in worse things.";
    print '<br>Reason: ' . $ipban['reason'];
    if ($adminemail) {
        print '<br><br>If you were erroneously banned, contact the board owner at: ' . $adminemail;
    }
    exit;
}
function doHash($data)
{
    return hash('sha256', $data, FALSE);
}
$loguser = NULL;
if ($_COOKIE['logsession'] && !$ipban) {
示例#4
0
<?php

//  AcmlmBoard XD - IP ban management tool
//  Access: administrators only
$title = __("IP bans");
CheckPermission('admin.manageipbans');
MakeCrumbs(array(actionLink("admin") => __("Admin"), actionLink("ipbans") => __("IP ban manager")));
if (isset($_POST['actionadd'])) {
    //This doesn't allow you to ban IP ranges...
    //if(!filter_var($_POST['ip'], FILTER_VALIDATE_IP))
    //	Alert("Invalid IP");
    //else
    if (isIPBanned($_POST['ip'])) {
        Alert("Already banned IP!");
    } else {
        $rIPBan = Query("insert into {ipbans} (ip, reason, date) values ({0}, {1}, {2})", $_POST['ip'], $_POST['reason'], (int) $_POST['days'] > 0 ? time() + (int) $_POST['days'] * 86400 : 0);
        Alert(__("Added."), __("Notice"));
    }
} elseif ($_GET['action'] == "delete") {
    $rIPBan = Query("delete from {ipbans} where ip={0} limit 1", $_GET['ip']);
    Alert(__("Removed."), __("Notice"));
}
$rIPBan = Query("select * from {ipbans} order by date desc, ip asc");
$banList = "";
while ($ipban = Fetch($rIPBan)) {
    $cellClass = ($cellClass + 1) % 2;
    if ($ipban['date']) {
        $date = formatdate($ipban['date']) . " (" . TimeUnits($ipban['date'] - time()) . " left)";
    } else {
        $date = __("Permanent");
    }
示例#5
0
// responds to request to register and sends registration form
if (isset($_GET['register'])) {
    // check to see if session is set
    if (isset($_SESSION['loggedIn'])) {
        $title = 'Please log out';
        $longdesc = "You need to log out in order to register a new account.";
        include $siteroot . 'demo2/app/pages_public/confirmation.inc.html.php';
        exit;
    }
    include $siteroot . 'demo2/app/pages_public/register.inc.html.php';
    exit;
}
// create new user
if (isset($_POST['action']) and $_POST['action'] == 'registerform') {
    // check to see if userIP is banned
    if (isIPBanned() == TRUE) {
        $title = "Your IP Address Has Been Banned";
        $longdesc = "Your ip was banned from logging into this website,\n            registering a new account, or recovering a password.  If you feel\n            this is a mistake, please contact the convention staff for \n            assistance.";
        include $siteroot . 'demo2/app/pages_public/confirmation.inc.html.php';
        exit;
    }
    // checks to see if password fields match
    if ($_POST['password'] != $_POST['password2']) {
        $title = "Error";
        $longdesc = 'The passwords did not match.';
        include $siteroot . 'demo2/app/pages_public/confirmation.inc.html.php';
        exit;
    }
    // checks to see if email entered isn't already in use by a registered account
    $sql = 'SELECT COUNT(*) FROM users WHERE 
    email = :email';
function display_pb_forms($atts)
{
    global $wpdb;
    if (isset($_POST['action']) && $_POST['action'] == "update_request") {
        //UPDATE REQUEST
        $req_id = $_POST['req_id'];
        $anon = isset($_POST['anon']) && $_POST['anon'] == 'on' ? 1 : 0;
        $notify = isset($_POST['notify']) && $_POST['notify'] == 'on' ? 1 : 0;
        if (isset($_POST['closed']) && $_POST['closed'] == 'on') {
            $closed = time();
            $active = 2;
            $wpdb->update($wpdb->prefix . 'pb_requests', array('anon' => $anon, 'closed' => $closed, 'notify' => $notify, 'active' => $active), array('id' => $req_id));
        } else {
            $wpdb->update($wpdb->prefix . 'pb_requests', array('anon' => $anon, 'notify' => $notify), array('id' => $req_id));
        }
        $updated_title = isset($closed) ? PB_REQ_CLOSED_TITLE : PB_REQ_UPDATED_TITLE;
        $updated_msg = isset($closed) ? PB_REQ_CLOSED_MSG : PB_REQ_UPDATED_MSG;
        $updated_request_output = "<div id='praybox_wrapper'>";
        $updated_request_output .= "<h2 class='pbx-title'>{$updated_title}</h2>";
        $updated_request_output .= "<p class='pbx-text'>{$updated_msg}</p>";
        $updated_request_output .= "</div>";
        return $updated_request_output;
    } elseif (isset($_POST['action']) && $_POST['action'] == "submit_request") {
        //Submit Request to DB, Email Mgmt Link, and Display a Message
        $first_name = isset($_POST['first_name']) && $_POST['first_name'] != "" ? clean($_POST['first_name']) : "anon";
        $last_name = isset($_POST['last_name']) && $_POST['last_name'] != "" ? clean($_POST['last_name']) : "anon";
        $anon = isset($_POST['anon']) && $_POST['anon'] == 'on' ? 1 : 0;
        $email = $_POST['email'];
        $authcode = rand_chars();
        $title = clean($_POST['title']);
        $body = clean($_POST['body']);
        $notify = isset($_POST['notify']) && $_POST['notify'] == 'on' ? 1 : 0;
        $ip_address = $_SERVER['REMOTE_ADDR'];
        $time_now = time();
        if (get_option('pb_admin_moderation') == 1) {
            $active = 0;
        } else {
            $active = 1;
        }
        //THROW FLAGS IF ANY OF THESE CONDITIONS ARE MET
        if (isIPBanned($ip_address) == "fail" || isDuplicate($first_name, $last_name, $email, $title, $ip_address) == "fail") {
            $flaggit = 1;
        } else {
            $flaggit = 0;
        }
        //IF NO FLAGS, RUN IT
        if ($flaggit == 0) {
            $site_name = get_bloginfo('name');
            $wpdb->insert($wpdb->prefix . 'pb_requests', array('first_name' => $first_name, 'last_name' => $last_name, 'anon' => $anon, 'email' => $email, 'authcode' => $authcode, 'submitted' => $time_now, 'title' => $title, 'body' => $body, 'notify' => $notify, 'ip_address' => $ip_address, 'active' => $active));
            $management_url = getManagementUrl($authcode);
            $email_from = get_option('pb_reply_to_email');
            $email_message = get_option('pb_email_prefix');
            $email_message .= "\n\n" . PB_REQ_EMAIL_MSG1 . " {$management_url}\n\n" . PB_REQ_EMAIL_MSG2 . "\n\n";
            $email_message .= get_option('pb_email_suffix');
            $headers = 'Reply-To:' . $site_name . ' <' . $email_from . '>' . "\r\n";
            $headers .= 'From:' . $site_name . ' <' . $email_from . '>' . "\r\n";
            wp_mail($email, PB_REQ_EMAIL_SUBJECT, $email_message, $headers);
            $submitted_output = "<div id='praybox_wrapper'>";
            $submitted_output .= "<h2 class='pbx-title'>" . PB_REQ_SUBMITTED_TITLE . "</h2>";
            $submitted_output .= "<p class='pbx-text'>" . PB_REQ_SUBMITTED_MSG . "</p>";
            $submitted_output .= "</div>";
        } else {
            $submitted_output = "<div id='praybox_wrapper'>";
            $submitted_output .= "<h2 class='pbx-title'>" . PB_REQ_FAIL_TITLE . "</h2>";
            $submitted_output .= "<p class='pbx-text'>" . PB_REQ_FAIL_MSG . "</p><ul>";
            if (isDuplicate($first_name, $last_name, $email, $title, $ip_address) == "fail") {
                $submitted_output .= "<li>" . PB_REQ_FAIL_DUPLICATE . "</li>";
            }
            if ($_POST['required'] != "") {
                $submitted_output .= "<li>" . PB_REQ_FAIL_SPAM . "</li>";
            }
            if (isIPBanned($ip_address) == "fail") {
                $submitted_output .= "<li>" . PB_REQ_FAIL_BANNED . "</li>";
            }
            $submitted_output .= "</ul></div>";
        }
        return $submitted_output;
    } else {
        if (!isset($_GET['pbid']) || $_GET['pbid'] == "") {
            $stat = 0;
            //new request
            $anon = "";
            $notify = "";
            $sub_form_title = PB_FORM_TITLE;
            $sub_form_msg = get_option('PB_REQ_form_intro');
            $sub_form_action = "submit_request";
            $sub_form_req_id_input = "";
            $sub_form_submit = PB_FORM_SUBMIT;
        } else {
            $authcode = $_GET['pbid'];
            if (isRequestActive($authcode) == "yes") {
                $prayer_request = $wpdb->get_row("SELECT id,first_name,last_name,anon,email,title,body,notify FROM " . $wpdb->prefix . "pb_requests WHERE authcode='{$authcode}'");
                $stat = 1;
                //open request
                $anon = $prayer_request->anon == 1 ? "checked" : "";
                $notify = $prayer_request->notify == 1 ? "checked" : "";
                $sub_form_title = PB_FORM_EDIT_TITLE;
                $sub_form_msg = PB_FORM_EDIT_MSG;
                $sub_form_action = "update_request";
                $sub_form_req_id_input = "<input type='hidden' name='req_id' value='" . $prayer_request->id . "' />";
                $sub_form_submit = PB_FORM_EDIT_SUBMIT;
            } else {
                $stat = 2;
                //request is closed
            }
        }
        $sub_form_output = "<div id='praybox_wrapper'>";
        if ($stat == 2) {
            //CLOSED REQUEST OUTPUT
            $sub_form_output .= "<h2 class='pbx-title'>" . PB_FORM_CLOSED_TITLE . "</h2>";
            $sub_form_output .= "<p class='pbx-text'>" . PB_FORM_CLOSED_MSG . "</p>";
        } else {
            //INITIAL SUBMISSION FORM OUTPUT
            $sub_form_output .= "<h2 class='pbx-title'>{$sub_form_title}</h2>";
            $sub_form_output .= "<p class='pbx-text'>{$sub_form_msg}</p>";
            $sub_form_output .= "<form class='pbx-form' method='post'><input type='hidden' name='action' value='{$sub_form_action}' />{$sub_form_req_id_input}";
            $sub_form_output .= $stat == 0 ? "<div class='pbx-formfield'><label>" . PB_FORM_FIRST_NAME . ":</label><input type='text' name='first_name' /></div>" : "";
            $sub_form_output .= $stat == 0 ? "<div class='pbx-formfield'><label>" . PB_FORM_LAST_NAME . ":</label><input type='text' name='last_name' /></div>" : "";
            $sub_form_output .= "<div class='pbx-formfield'><label><input type='checkbox' name='anon' {$anon} /> " . PB_FORM_ANONYMOUS . "</label></div>";
            $sub_form_output .= $stat == 0 ? "<div class='pbx-formfield'><label>" . PB_FORM_EMAIL . ":</label><input type='text' name='email' /></div>" : "";
            $sub_form_output .= $stat == 0 ? "<div class='pbx-formfield'><label>" . PB_FORM_REQTITLE . ":</label><input type='text' name='title' /></div>" : "";
            $sub_form_output .= $stat == 0 ? "<div class='pbx-formfield'><label>" . PB_FORM_REQ . ":</label><textarea name='body'></textarea></div>" : "";
            $sub_form_output .= "<div class='pbx-formfield'><label><input type='checkbox' name='notify' {$notify} /> " . PB_FORM_NOTIFY . "</label></div>";
            $sub_form_output .= $stat == 1 ? "<div class='pbx-formfield'><label><input type='checkbox' name='closed' /> " . PB_FORM_EDIT_CLOSE . "</label></div>" : "";
            $sub_form_output .= "<div class='pbx-formfield'><input type='submit' value='{$sub_form_submit}' /></div>";
            $sub_form_output .= "</form>";
        }
        $sub_form_output .= "</div>";
        return $sub_form_output;
        /*
        }else{
        	$authcode=$_GET['pbid'];
        	
        	if (isRequestActive($authcode)=="yes"){
        		//IF REQUEST IS OPEN
        		$prayer_request=$wpdb->get_row("SELECT id,first_name,last_name,anon,email,title,body,notify FROM ".$wpdb->prefix."pb_requests WHERE authcode='$authcode'");
        		$req_id=$prayer_request->id;
        		if($prayer_request->anon==1){$anon="checked";}else{$anon="";}
        		if($prayer_request->notify==1){$notify="checked";}else{$notify="";}
        		
        		$mgmt_form_output="<div id='praybox'>";
        		$mgmt_form_output.="<div class='title'>Make Changes to Your Prayer Request<div style='clear:both;'></div></div>";
        		$mgmt_form_output.="<div class='intro'>Use the form below to make changes to your prayer request listing.<div style='clear:both;'></div></div>";
        		$mgmt_form_output.="<form method='post'><input type='hidden' name='action' value='update_request' /><input type='hidden' name='req_id' value='$req_id' />";
        		$mgmt_form_output.="<table class='subform'>";
        		$mgmt_form_output.="<tr><td class='checkbox'><input type='checkbox' name='anon' $anon /> I would like to remain anonymous. Please do not post my name.</td></tr>";
        		$mgmt_form_output.="<tr><td class='checkbox'><input type='checkbox' name='notify' $notify /> I would like to be notified (once per day) when I have been prayed for.</td></tr>";
        		$mgmt_form_output.="<tr><td><hr /></td></tr>";
        		$mgmt_form_output.="<tr><td class='checkbox'><input type='checkbox' name='closed' /> I would like to close this prayer request.</td></tr>";
        		$mgmt_form_output.="<tr><td class='submit'><input type='submit' value='Update My Prayer Request' /></td></tr>";
        		$mgmt_form_output.="</table>";
        		$mgmt_form_output.="</form>";
        		$mgmt_form_output.="<div style='clear:both;'></div></div>";
        	}else{
        		//IF REQUEST IS CLOSED
        		$mgmt_form_output="<div id='praybox'>";
        		$mgmt_form_output.="<div class='title'>This Request Has Been Closed<div style='clear:both;'></div></div>";
        		$mgmt_form_output.="<div class='intro'>Sorry, this Prayer Request has been closed and can no longer be edited.<div style='clear:both;'></div></div>";
        		$mgmt_form_output.="<div style='clear:both;'></div></div>";
        	}
        return $mgmt_form_output;
        	
        }
        */
    }
}