<?php require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . '../include' . DIRECTORY_SEPARATOR . 'bittorrent.php'; require_once INCL_DIR . 'user_functions.php'; dbconn(false); loggedinorreturn(); if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') { $modes = array('torrent', 'forum'); $htmlout = $att = ''; if (isset($_POST['search']) && !empty($_POST['search']) && isset($_POST['qsearch']) && in_array($_POST['qsearch'], $modes)) { $cleansearchstr = searchfield(sqlesc($_POST['search'])); $i = 1; if ($_POST['qsearch'] == 'torrent') { $query = sql_query("SELECT * FROM torrents WHERE name LIKE '%{$cleansearchstr}%' AND visible = 'yes' AND banned = 'no' AND nuked = 'no' ORDER BY id LIMIT 5"); $count = $query->num_rows; if (!$count) { die('No Torrent found by that search!'); } while ($res = mysqli_fetch_assoc($query)) { $att .= "<div class='tr'>\r\n\t\t\t\t\t\t\t\t<div class='td'>{$i}</div>\r\n\t\t\t\t\t\t\t\t<div class='td'><a href='details.php?id=" . (int) $res['id'] . "'>" . htmlsafechars($res['name']) . "</a></div>\r\n\t\t\t\t\t\t\t\t<div class='tdclear'></div>\r\n\t\t\t\t\t\t\t</div>"; $i++; } } elseif ($_POST['qsearch'] == 'forum') { $query = sql_query("SELECT forum.*,topic.*,topic.id as tid FROM topics as topic INNER JOIN forums as forum ON topic.forum_id = forum.id AND forum.min_class_read >= 0 AND topic.topic_name LIKE '%{$cleansearchstr}%' ORDER BY tid DESC LIMIT 5"); $count = $query->num_rows; if (!$count) { die('No topic found by that search!'); } while ($res = mysqli_fetch_assoc($query)) { $att .= "<div class='tr'>\r\n\t\t\t\t\t\t\t\t<div class='td'>{$i}</div>\r\n\t\t\t\t\t\t\t\t<div class='td'><a href='details.php?id=" . (int) $res['id'] . "' class='colhead'>" . htmlsafechars($res['name']) . "</a></div>\r\n\t\t\t\t\t\t\t\t<div class='tdclear'></div>\r\n\t\t\t\t\t\t\t</div>"; $i++;
$infohash = sha1($info["string"]); unset($info); $db = new DB("torrents"); $db->select("torrent_save_as = '{$filename}'"); if ($db->numRows()) { throw new Exception("Torrent allready exists"); } $db = new DB("torrents"); $db->setColPrefix("torrent_"); $id = uniqid(true); $db->id = $id; $db->info_hash = $infohash; $db->name = $torrentName; $db->filename = $filename; $db->save_as = $filename; $db->search_text = searchfield("{$torrentName} {$dname}"); $db->nfo = $nfo; $db->size = $totallen; $db->added = time(); $db->type = $type; $db->userid = USER_ID; $db->numfiles = count($filelist); $db->category = $_POST['type']; $db->youtube = $_POST['youtube']; $db->imdb = $_POST['imdb']; $db->freeleech = isset($_POST['freeleech']) ? 1 : 0; $db->insert(); $fp = fopen(PATH_TORRENTS . "{$id}.torrent", "w"); if ($fp) { @fwrite($fp, Bcode::benc($dict), strlen(Bcode::benc($dict))); fclose($fp);
} if (!count($ffa)) { bark("filename error"); } $ffe = implode("/", $ffa); $filelist[] = array($ffe, $ll); } $type = "multi"; } $infohash = pack("H*", sha1($info["string"])); unset($info); // Replace punctuation characters with spaces $torrent = str_replace("_", " ", $torrent); #Morgan: Add version insert if applicable $version_id = get_version_id_for_torrent($version_torrent_id, 0); $ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, info_hash, name, size, numfiles, type,descr, ori_descr, category,license, save_as, added, last_action, nfo, client_created_by, version) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$shortfname} {$dname} {$torrent}"), $fname, $CURUSER["id"], "no", $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, $catid, $lic_id, $dname))) . ", " . time() . ", " . time() . ", {$nfo}, {$tmaker}, {$version_id})"); if (!$ret) { if (mysql_errno() == 1062) { bark("torrent already uploaded!"); } bark("mysql puked: " . mysql_error()); } $id = mysql_insert_id(); @mysql_query("DELETE FROM files WHERE torrent = {$id}"); function file_list($arr, $id) { foreach ($arr as $v) { $new[] = "({$id}," . sqlesc($v[0]) . "," . $v[1] . ")"; } return join(",", $new); }
} else { $countstats = "yes"; } //===end // === allow comments? if (get_user_class() >= UC_MODERATOR && get_user_class() <= UC_CODER) { $allow_comments = unesc($_POST['allow_comments']); } else { $allow_comments = "yes"; } // ===end $nfo = sqlesc(str_replace("\r\r\n", "\r\n", @file_get_contents($nfofilename))); $smalldescr = $_POST["description"]; //$ret = sql_query("INSERT INTO torrents (search_text, filename, owner, visible, tube, multiplicator, uclass, anonymous, request, scene, info_hash, name, size, numfiles, url, poster, hidden, staffonly, countstats, half, newgenre, type, vip, allow_comments, subs, descr, ori_descr, description, category, minclass, save_as, added, last_action, nfo, afterpre) VALUES (" .implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "no", $tube, $multiplicator, $uclass, $anonymous, $request, $scene, $infohash, $torrent, $totallen, count($filelist), $url, $poster, $hidden, $staffonly, $countstats, $half, $genre, $type, $vip, $allow_comments, $subs, $descr, $descr, $smalldescr, 0 + $_POST["type"], $minclass, $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', $nfo, '" . $predif . "')"); // or sqlerr(__FILE__, __LINE__); // == uncomment above to enable doopies pre times on browse $ret = sql_query("INSERT INTO torrents (search_text, filename, owner, visible, tube, multiplicator, uclass, anonymous, request, scene, info_hash, name, size, numfiles, url, poster, hidden, staffonly, countstats, half, newgenre, type, vip, allow_comments, subs, descr, ori_descr, description, category, minclass, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$shortfname} {$dname} {$torrent}"), $fname, $CURUSER["id"], "no", $tube, $multiplicator, $uclass, $anonymous, $request, $scene, $infohash, $torrent, $totallen, count($filelist), $url, $poster, $hidden, $staffonly, $countstats, $half, $genre, $type, $vip, $allow_comments, $subs, $descr, $descr, $smalldescr, 0 + $_POST["type"], $minclass, $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', {$nfo})") or sqlerr(__FILE__, __LINE__); if (!$ret) { if (mysql_errno() == 1062) { bark("torrent already uploaded!"); } bark("mysql puked: " . mysql_error()); } $id = mysql_insert_id(); if ($CURUSER["anonymous"] == 'yes') { $message = "New Torrent : [url={$DEFAULTBASEURL}/details.php?id={$id}] " . safeChar($torrent) . "[/url] Uploaded - Anonymous User"; } else { $message = "New Torrent : [url={$DEFAULTBASEURL}/details.php?id={$id}] " . safeChar($torrent) . "[/url] Uploaded by " . safechar($CURUSER["username"]) . ""; } @sql_query("DELETE FROM files WHERE torrent = {$id}"); function file_list($arr, $id) {
$dict[$i]['value']['info'] = $info[$i]; $dict[$i] = benc($dict[$i]); $dict[$i] = bdec($dict[$i]); list($ann[$i], $info[$i]) = dict_check($dict[$i], "announce(string):info"); unset($dict['value']['created by']); $infohash[$i] = pack("H*", sha1($info[$i]["string"])); /* ...... end of Private Tracker mod */ $torrent[$i] = str_replace("_", " ", $torrent[$i]); $torrent[$i] = str_replace("'", " ", $torrent[$i]); $torrent[$i] = str_replace("\"", " ", $torrent[$i]); $torrent[$i] = str_replace(",", " ", $torrent[$i]); $nfo[$i] = sqlesc(str_replace("\r\r\n", "\r\n", @file_get_contents($nfofilename[$i]))); $first = $shortfname[$i][1]; $second = $dname[$i]; $third = $torrent[$i][1]; $ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$first} {$second} {$third}"), $fname[$i], $CURUSER["id"], "no", $infohash[$i], $torrent[$i][1], $totallen, count($filelist[$i]), $type, $descr, $descr, $cat[$i], $dname[$i]))) . ", '" . get_date_time() . "', '" . get_date_time() . "', {$nfo[$i]})"); // //////new torrent upload detail sent to shoutbox////////// if ($CURUSER["anonymous"] == 'yes') { $message = "[url={$BASEURL}/multidetails.php?id1={$ids['0']}&id2={$ids['1']}&id3={$ids['2']}&id4={$ids['3']}&id5={$ids['4']}]Multiple Torrents were just uploaded! Click here to see them[/url] - Anonymous User"; } else { $message = "[url={$BASEURL}/multidetails.php?id1={$ids['0']}&id2={$ids['1']}&id3={$ids['2']}&id4={$ids['3']}&id5={$ids['4']}]Multiple Torrents were just uploaded! Click here to see them[/url] Uploaded by " . safechar($CURUSER["username"]) . ""; } // ///////////////////////////END/////////////////////////////////// if (!$ret) { if (mysql_errno() == 1062) { bark("#{$i} torrent was already uploaded!"); } bark("mysql puked: " . mysql_error()); } $id = mysql_insert_id(); $ids[] = $id;
if($dvdr_gott != '1') bark('Óleyfileg skráarnöfn í torrent skránni fyrir DVD-R flokkinn'); } } $infohash = pack("H*", sha1($info["string"])); // Replace punctuation characters with spaces $torrent = str_replace("_", " ", $torrent); $nfo = sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", @file_get_contents($nfofilename))); $ret = mysql_query("INSERT INTO torrents (gamalt, scene, anonymous, search_text, filename, owner, visible, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES ($gamalt, \"$scene\", $anonymous, ". implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "no", $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) .", '" . get_date_time() . "', '" . get_date_time() . "', $nfo)"); if (!$ret) { if (mysql_errno() == 1062) bark("torrent hefur þegar verið innsent!"); bark("mysql gubbaði: ".mysql_error()); } $id = mysql_insert_id(); @mysql_query("DELETE FROM files WHERE torrent = $id"); foreach ($filelist as $file) { @mysql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")"); } move_uploaded_file($tmpname, "$torrent_dir/$id.torrent");
function search($_GET, $CURUSER) { $cats = genrelist(); if (isset($_GET["search"])) { $searchstr = unesc($_GET["search"]); $cleansearchstr = searchfield($searchstr); if (empty($cleansearchstr)) { unset($cleansearchstr); } } $orderby = "ORDER BY torrents.id DESC"; $addparam = ""; $wherea = array(); $wherecatina = array(); if (isset($_GET["incldead"]) && $_GET["incldead"] == 1) { $addparam .= "incldead=1&"; if (!isset($CURUSER) || get_user_class() < UC_ADMINISTRATOR) { $wherea[] = "banned != 'yes'"; } } else { if (isset($_GET["incldead"]) && $_GET["incldead"] == 2) { $addparam .= "incldead=2&"; $wherea[] = "visible = 'no'"; } else { $wherea[] = "visible = 'yes'"; } } $category = isset($_GET["cat"]) ? (int) $_GET["cat"] : false; $license = isset($_GET["lic"]) ? (int) $_GET["lic"] : false; $version = isset($_GET["ver"]) ? (int) $_GET["ver"] : false; $user = isset($_GET["user"]) ? (int) $_GET["user"] : false; $all = isset($_GET["all"]) ? $_GET["all"] : false; $page_limit = isset($_GET["page_limit"]) ? $_GET["page_limit"] : false; if (!$all) { if (!$_GET && $CURUSER["notifs"]) { $all = True; foreach ($cats as $cat) { $all &= $cat['id']; if (strpos($CURUSER["notifs"], "[cat" . $cat['id'] . "]") !== False) { $wherecatina[] = $cat['id']; $addparam .= "c{$cat['id']}=1&"; } } } elseif ($category) { if (!is_valid_id($category)) { stderr("Error", "Invalid category ID."); } $wherecatina[] = $category; $addparam .= "cat={$category}&"; } else { $all = True; foreach ($cats as $cat) { $all &= isset($_GET["c{$cat['id']}"]); if (isset($_GET["c{$cat['id']}"])) { $wherecatina[] = $cat['id']; $addparam .= "c{$cat['id']}=1&"; } } } } if ($all) { $wherecatina = array(); $addparam = ""; } if (count($wherecatina) > 1) { $wherecatin = implode(",", $wherecatina); } elseif (count($wherecatina) == 1) { $wherea[] = "category = {$wherecatina['0']}"; } if ($license > 0) { $wherea[] = "license = {$license}"; } if ($user > 0) { $wherea[] = "owner = {$user}"; } if ($version > 0) { $wherea[] = "version = {$version}"; } $wherebase = $wherea; if (isset($cleansearchstr)) { $wherea[] = "MATCH (search_text, ori_descr) AGAINST (" . sqlesc($searchstr) . ")"; //$wherea[] = "0"; $addparam .= "search=" . urlencode($searchstr) . "&"; $orderby = ""; /////////////// SEARCH CLOUD MALARKY ////////////////////// $searchcloud = sqlesc($cleansearchstr); // $r = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM searchcloud WHERE searchedfor = $searchcloud"), MYSQL_NUM); //$a = $r[0]; //if ($a) // mysql_query("UPDATE searchcloud SET howmuch = howmuch + 1 WHERE searchedfor = $searchcloud"); //else // mysql_query("INSERT INTO searchcloud (searchedfor, howmuch) VALUES ($searchcloud, 1)"); mysql_query("INSERT INTO searchcloud (searchedfor, howmuch) VALUES ({$searchcloud}, 1)\n ON DUPLICATE KEY UPDATE howmuch=howmuch+1"); /////////////// SEARCH CLOUD MALARKY END /////////////////// } $where = implode(" AND ", $wherea); if (isset($wherecatin)) { $where .= ($where ? " AND " : "") . "category IN(" . $wherecatin . ")"; } if ($where != "") { $where = "WHERE {$where}"; } $res = mysql_query("SELECT COUNT(*) FROM torrents {$where}") or die(mysql_error()); $row = mysql_fetch_array($res, MYSQL_NUM); $count = $row[0]; if (!$count && isset($cleansearchstr)) { $wherea = $wherebase; $orderby = "ORDER BY id DESC"; $searcha = explode(" ", $cleansearchstr); $sc = 0; foreach ($searcha as $searchss) { if (strlen($searchss) <= 1) { continue; } $sc++; if ($sc > 5) { break; } $ssa = array(); foreach (array("search_text", "ori_descr") as $sss) { $ssa[] = "{$sss} LIKE '%" . sqlwildcardesc($searchss) . "%'"; } $wherea[] = "(" . implode(" OR ", $ssa) . ")"; } if ($sc) { $where = implode(" AND ", $wherea); if ($where != "") { $where = "WHERE {$where}"; } $res = mysql_query("SELECT COUNT(*) FROM torrents {$where}"); $row = mysql_fetch_array($res, MYSQL_NUM); $count = $row[0]; } } $torrentsperpage = $CURUSER["torrentsperpage"]; if ($page_limit) { $torrentsperpage = $page_limit; } if (!$torrentsperpage) { $torrentsperpage = 15; } if ($count) { //list($pagertop, $pagerbottom, $limit) = pager($torrentsperpage, $count, "browse.php?" . $addparam); $pager = pager($torrentsperpage, $count, "browse.php?" . $addparam); $query = "SELECT torrents.id, torrents.category, torrents.leechers, torrents.seeders, torrents.name, torrents.times_completed, torrents.size, torrents.added, torrents.type, torrents.comments,torrents.numfiles,torrents.filename,torrents.owner,IF(torrents.nfo <> '', 1, 0) as nfoav," . "categories.name AS cat_name, categories.image AS cat_pic, users.username, torrents.version, torrents.descr,licenses.name AS lic_name,licenses.url AS lic_url,licenses.description AS lic_desc FROM torrents LEFT JOIN categories ON category = categories.id LEFT JOIN users ON torrents.owner = users.id LEFT JOIN licenses ON torrents.license = licenses.id {$where} {$orderby} {$pager['limit']}"; $res = mysql_query($query) or die(mysql_error()); } else { unset($res); } if ($count) { return array($res, $wherecatina, $pager); } else { return array("", $wherecatina, ""); } }
} if (get_user_class() >= UC_ADMINISTRATOR) { if (($half = $_POST['half'] == '1' ? 'yes' : 'no') != $fetch_assoc['half']) { $updateset[] = 'half = ' . sqlesc($half); } } // Make sure they do not forget to fill these fields :D foreach (array($descr, $type, $name) as $x) { if (empty($x)) { stderr("Err", "Missing from data"); } } // Make sure they do not forget to fill these fields :D if (isset($_POST['name']) && ($name = $_POST['name']) != $fetch_assoc['name'] && valid_torrent_name($name)) { $updateset[] = 'name = ' . sqlesc($name); $updateset[] = 'search_text = ' . sqlesc(searchfield("{$shortfname} {$dname} {$torrent}")); } if (isset($_POST['description']) && ($smalldescr = $_POST['description']) != $fetch_assoc['description']) { $updateset[] = "description = " . sqlesc($smalldescr); } if (isset($_POST['descr']) && ($descr = $_POST['descr']) != $fetch_assoc['descr']) { $updateset[] = 'descr = ' . sqlesc($descr); $updateset[] = 'ori_descr = ' . sqlesc($descr); } if (isset($_POST['type']) && ($category = 0 + $_POST['type']) != $fetch_assoc['category'] && is_valid_id($category)) { $updateset[] = 'category = ' . sqlesc($category); } //////////////////// $movie_cat = array(3, 5, 10, 11); //add here your movie category if (in_array($category, $movie_cat)) {
$updateset[] = "nfo = " . sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", file_get_contents($nfofilename))); } else if ($nfoaction == "remove") $updateset[] = "nfo = ''"; if($_POST['gamalt'] == 'yes') $gamalt = 1; else $gamalt = 2; $updateset[] = "anonymous = '" . ($_POST["anonymous"] ? "1" : "0") . "'"; $updateset[] = "scene = '" . ($_POST["scene"] ? "y" : "n") . "'"; $updateset[] = "gamalt = " . sqlesc($gamalt); $updateset[] = "name = " . sqlesc($name); $updateset[] = "search_text = " . sqlesc(searchfield("$shortfname $dname $torrent")); $updateset[] = "descr = " . sqlesc($descr); $updateset[] = "ori_descr = " . sqlesc($descr); $updateset[] = "category = " . (0 + $type); if ($CURUSER["class"] >= UC_MODERATOR) { if ($_POST["banned"]) { $updateset[] = "banned = 'yes'"; $_POST["visible"] = 0; } else $updateset[] = "banned = 'no'"; if ($_POST['nuked']) { if(!$_POST['nukedr']) bark("Verður að koma með ástæðu fyrir sprengingu"); $updateset[] ="nuked = 'yes'"; $updateset[] = "nukedr = '". $_POST['nukedr'] ."'";
<?php $this->setTitle("Browse"); $acl = new Acl(USER_ID); $db = new DB("torrents"); $db->select("torrent_visible = '1'"); $pager_add = ""; $searchstr = ""; $query_cats = array(); $where = array(); if (isset($_GET['q'])) { $searchstr = $db->escape(searchfield($_GET['q'])); $pager_add .= "&q=" . $searchstr; $where[] = "torrent_search_text LIKE '%" . $searchstr . "%'"; } $cat = new DB("categories"); $cat->setColPrefix("category_"); $cat->setSort("category_name ASC"); $cat->select(); while ($cat->nextRecord()) { if (isset($_GET['c' . $cat->id])) { $query_cats[] = $cat->id; $pager_add .= "&c" . $cat->id . "=1"; } } if (count($query_cats) < 1 && $acl->default_categories != "") { $cats = explode(",", $acl->default_categories); foreach ($cats as $id) { $query_cats[] = $id; $pager_add .= "&c" . $id . "=1"; }
$hspace = "3"; } else { $hspace = "2"; } $iconstr .= "<img src=\"{$dbcat[$stricon]}\" alt=\"{$dbcat[$striconalt]}\" hspace=\"{$hspace}\">\n"; $x++; } } if ($x) { echo "<tr><td><div class=\"spaceleft\"> </div></td></tr>\n"; echo "<tr>\n"; echo "<td class=\"classadd1\"><div class=\"maininputleft\">{$adadd_selicon}</div></td>\n"; echo "<td class=\"classadd2\" height=\"50\">\n"; echo "{$iconstr}<br>\n"; for ($i = 1; $i <= 10; $i++) { if ($dbcat["icon" . $i] && searchfield($catid, "icon{$i}")) { echo "<input type=\"checkbox\" name=\"in[icon{$i}]\">\n"; } } echo "</td></tr>\n"; } echo "<tr>\n"; echo "<td class=\"classadd1\"><div class=\"maininputleft\">{$adseek_text} </div></td>\n"; echo "<td class=\"classadd2\"><input type=text name=\"in[text]\" size=\"{$field_size}\" maxlength=\"50\" value=\"*\"></td>\n"; echo "</tr>\n"; if ($pic_enable) { echo "<tr>\n"; echo "<td class=\"classadd1\"><div class=\"maininputleft\">{$adseek_pic} </div></td>\n"; echo "<td class=\"classadd2\"><input type=\"checkbox\" name=\"in[picture]\"></td>\n"; echo "</tr>\n"; }
$dict['value']['info']['value']['source'] = bdec(benc_str("{$TBDEV['baseurl']} {$TBDEV['site_name']}")); // add link for bitcomet users unset($dict['value']['announce-list']); // remove multi-tracker capability unset($dict['value']['nodes']); // remove cached peers (Bitcomet & Azareus) $dict = bdec(benc($dict)); // double up on the becoding solves the occassional misgenerated infohash list($ann, $info) = dict_check($dict, "announce(string):info"); $infohash = sha1($info["string"]); unset($info); // Replace punctuation characters with spaces $torrent = str_replace("_", " ", $torrent); $url = unesc($_POST['url']); $poster = unesc($_POST['poster']); $ret = sql_query("INSERT INTO torrents (search_text, filename, owner, visible, poster, anonymous, allow_comments, info_hash, name, size, numfiles, type, url, descr, ori_descr, category, free, save_as, added, last_action, nfo, client_created_by) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$shortfname} {$dname} {$torrent}"), $fname, $CURUSER["id"], "no", $poster, $anonymous, $allow_comments, $infohash, $torrent, $totallen, count($filelist), $type, $url, $descr, $descr, 0 + $_POST["type"], $free, $dname))) . ", " . time() . ", " . time() . ", {$nfo}, {$tmaker})"); if (!$ret) { if (mysql_errno() == 1062) { stderr($lang['takeupload_failed'], $lang['takeupload_already']); } stderr($lang['takeupload_failed'], "mysql puked: " . mysql_error()); } $id = mysql_insert_id(); if ($CURUSER["anonymous"] == 'yes') { $message = "New Torrent : [url={$TBDEV['baseurl']}/details.php?id={$id}] " . htmlspecialchars($torrent) . "[/url] Uploaded - Anonymous User"; } else { $message = "New Torrent : [url={$TBDEV['baseurl']}/details.php?id={$id}] " . htmlspecialchars($torrent) . "[/url] Uploaded by " . htmlspecialchars($CURUSER["username"]) . ""; } @sql_query("DELETE FROM files WHERE torrent = {$id}"); function file_list($arr, $id) {
/** * Displays searchbar in table view * * For data of type table, recursive calls are used * The ugly stuff with _POST could be done better * it would also be nicer if a string was returned instead of writing directly */ function searchfield($db, $tableinfo, $nowfield, $_POST, $jscript) { global $USER; $LAYOUT = 16; $column = strtok($tableinfo->fields, ","); while ($column) { if (is_array($_POST) && array_key_exists($column, $_POST)) { ${$column} = $_POST[$column]; } $column = strtok(","); } // cleanup nowfield variable to avoid cross-site scripting $tmp = ${$nowfield['name']}; if (!is_array(${$nowfield['name']})) { ${$nowfield['name']} = strip_xss_stuff(${$nowfield['name']}); ${$nowfield['name']} = str_replace('<', ' ', ${$nowfield['name']}); ${$nowfield['name']} = str_replace('>', ' ', ${$nowfield['name']}); ${$nowfield['name']} = htmlspecialchars(${$nowfield['name']}, ENT_QUOTES); } if ($nowfield['datatype'] == 'int' || $nowfield['datatype'] == 'float' || $nowfield['datatype'] == 'sequence') { if (is_numeric(${$nowfield['name']})) { if (strpos($tmp, '>') !== false) { ${$nowfield['name']} = '>' . substr(${$nowfield['name']}, 1); } if (strpos($tmp, '<') !== false) { ${$nowfield['name']} = '<' . substr(${$nowfield['name']}, 1); } } } if ($nowfield['datatype'] == 'link') { echo "<td style='width: 10%'> </td>\n"; } elseif ($nowfield['name'] == 'ownerid') { //if ($list) { $rowners = $db->Execute("SELECT ownerid FROM {$tableinfo->realname}"); while ($rowners && !$rowners->EOF) { $ownerids[] = $rowners->fields[0]; $rowners->MoveNext(); } if ($ownerids) { $ownerlist = implode(',', $ownerids); } if ($ownerlist) { $rowners2 = $db->Execute("SELECT lastname,id FROM users WHERE id IN ({$ownerlist})"); $text = $rowners2->GetMenu2("{$nowfield['name']}", ${$nowfield[name]}, true, false, 0, "style='width: 80%' {$jscript}"); echo "<td style='width:10%'>{$text}</td>\n"; } else { echo "<td style='width:10%'> </td>\n"; } } elseif ($nowfield['datatype'] == 'int' || $nowfield['datatype'] == 'float' || $nowfield['datatype'] == 'sequence' || $nowfield['datatype'] == 'date') { echo " <td style='width: 10%'><input type='text' name='{$nowfield['name']}' value='" . ${$nowfield[name]} . "'size=5 align='middle'></td>\n"; } elseif ($nowfield['datatype'] == 'text' || $nowfield['datatype'] == 'file') { echo " <td style='width: 25%'><input type='text' name='{$nowfield['name']}' value='" . ${$nowfield[name]} . "'size=7></td>\n"; } elseif ($nowfield['datatype'] == 'textlong') { echo " <td style='width: 10%'><input type='text' name='{$nowfield['name']}' value='" . ${$nowfield[name]} . "'size=8></td>\n"; } elseif ($nowfield['datatype'] == 'pulldown' || $nowfield['datatype'] == 'mpulldown') { echo "<td style='width: 10%'>"; $rpull = $db->Execute("SELECT typeshort,id from {$nowfield['ass_t']} ORDER by sortkey,type"); if ($rpull) { if ($nowfield['datatype'] == 'mpulldown') { $text = $rpull->GetMenu2("{$nowfield['name']}", ${$nowfield[name]}, false, true, 10, "style='width: 100%' align='left'"); } else { $text = $rpull->GetMenu2("{$nowfield['name']}", ${$nowfield[name]}, true, false, 0, "style='width: 80%' {$jscript}"); } } else { $text = " "; } echo "{$text}\n"; // Draw a modify icon to let qualified users change the pulldown menus if ($USER['permissions'] & $LAYOUT && $_SESSION['javascript_enabled']) { $jscript2 = " onclick='MyWindow=window.open (\"general.php?tablename=" . $tableinfo->name . "&edit_type={$nowfield['ass_t']}&jsnewwindow=true&formname={$formname}&selectname={$nowfield['name']}" . SID . "\",\"type\",\"scrollbars,resizable,toolbar,status,menubar,width=600,height=400\");MyWindow.focus()'"; echo "<A href=\"javascript:void(0)\" {$jscript2}> <img src=\"icons/edit_modify.png\" alt=\"modify {$nowfield['name']}\" title=\"modify {$nowfield['label']}\" border=\"0\"/></A>\n"; //echo "<input type='button' name='edit_button' value='Edit $nowfield[label]' $jscript2><br>\n"; } echo "</td>\n"; } elseif ($nowfield['datatype'] == 'table') { $ass_tableinfo = new tableinfo($db, $nowfield['ass_table_name'], false); $rasslk = $db->Execute("SELECT columnname FROM {$ass_tableinfo->desname} WHERE id={$nowfield['ass_column']}"); $ass_Allfields = getvalues($db, $ass_tableinfo, $rasslk->fields[0]); // scary acks, their ugliness shows that we need to reorganize some stuff $ass_Allfields[0]['name'] = $nowfield['name']; $ass_tableinfo->fields = "{$nowfield['name']}"; searchfield($db, $ass_tableinfo, $ass_Allfields[0], $_POST, $jscript); } elseif ($nowfield["datatype"] == "image") { echo "<td style='width: 10%'> </td>"; } }
//== Make sure they do not forget to fill these fields :D foreach (array($type, $descr, $name) as $x) { if (empty($x)) { stderr("Error", $lang['takedit_no_data']); } } if (isset($_POST['youtube']) && preg_match($youtube_pattern, $_POST['youtube'], $temp_youtube)) { if ($temp_youtube[0] != $fetch_assoc['youtube']) { $updateset[] = "youtube = " . sqlesc($temp_youtube[0]); } $torrent_cache['youtube'] = $temp_youtube[0]; } if (isset($_POST['name']) && ($name = $_POST['name']) != $fetch_assoc['name'] && valid_torrent_name($name)) { $updateset[] = 'name = ' . sqlesc($name); $updateset[] = 'search_text = ' . sqlesc(searchfield("{$shortfname} {$dname}")); $torrent_cache['search_text'] = searchfield("{$shortfname} {$dname}"); $torrent_cache['name'] = $name; } if (isset($_POST['descr']) && ($descr = $_POST['descr']) != $fetch_assoc['descr']) { $updateset[] = 'descr = ' . sqlesc($descr); $updateset[] = 'ori_descr = ' . sqlesc($descr); $torrent_txt_cache['descr'] = $descr; } if (isset($_POST['description']) && ($smalldescr = $_POST['description']) != $fetch_assoc['description']) { $updateset[] = "description = " . sqlesc($smalldescr); $torrent_cache['description'] = $smalldescr; } if (isset($_POST['tags']) && ($tags = $_POST['tags']) != $fetch_assoc['tags']) { $updateset[] = "tags = " . sqlesc($tags); $torrent_cache['tags'] = $tags; }
// add link for bitcomet users unset($dict['value']['announce-list']); // remove multi-tracker capability unset($dict['value']['nodes']); // remove cached peers (Bitcomet & Azareus) $dict = bdec(benc($dict)); // double up on the becoding solves the occassional misgenerated infohash $dict['value']['comment'] = bdec(benc_str("In using this torrent you are bound by the '{$SITENAME}' Confidentiality Agreement By Law")); // change torrent comment list($ann, $info) = dict_check($dict, "announce(string):info"); unset($dict['value']['created by']); $infohash = pack("H*", sha1($info["string"])); // Replace punctuation characters with spaces $torrent = str_replace("_", " ", $torrent); $nfo = sqlesc(str_replace("\r\r\n", "\r\n", @file_get_contents($nfofilename))); $ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, anonymous, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$shortfname} {$dname} {$torrent}"), $fname, $CURUSER["id"], "no", $anonymous, $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', {$nfo})"); if (!$ret) { if (mysql_errno() == 1062) { stderr("Error", "torrent already uploaded!"); } stderr("Error", "mysql puked!"); } $id = mysql_insert_id(); @mysql_query("DELETE FROM files WHERE torrent = {$id}"); function file_list($arr, $id) { foreach ($arr as $v) { $new[] = "({$id}," . sqlesc($v[0]) . "," . $v[1] . ")"; } return join(",", $new); }
$url = IMDBSearch1::_movieRedirect("{$movie_info['1']}", "{$movie_info['2']}"); } if (substr($url, -1) == '/') { $url = substr($url, 0, -1); } //if (!$url) //stderr($lang['takeupload_failed'], 'No IMDB Found'); $imdb_info = get_imdb($url); $genre = $imdb_info['gen']; if (!empty($imdb_info['poster'])) { $poster = $imdb_info['poster']; } else { $poster = strip_tags(isset($_POST['poster']) ? trim($_POST['poster']) : ''); } //END IMDB $ret = sql_query("INSERT INTO torrents (search_text, filename, owner, username, visible, vip, release_group, newgenre, poster, anonymous, allow_comments, info_hash, name, size, numfiles, type, offer, request, url, subs, descr, ori_descr, description, category, free, silver, save_as, youtube, tags, added, last_action, mtime, ctime, freetorrent, nfo, client_created_by) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$shortfname} {$dname} {$torrent}"), $fname, $CURUSER["id"], $CURUSER["username"], $visible, $vip, $release_group, $genre, $poster, $anonymous, $allow_comments, $infohash, $torrent, $totallen, count($filelist), $type, $offer, $request, $url, $subs, $descr, $descr, $description, 0 + $_POST["type"], $free, $silver, $dname, $youtube, $tags))) . ", " . TIME_NOW . ", " . TIME_NOW . ", " . TIME_NOW . ", " . TIME_NOW . ", {$freetorrent}, {$nfo}, {$tmaker})"); if (!$ret) { if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) { stderr($lang['takeupload_failed'], $lang['takeupload_already']); } stderr($lang['takeupload_failed'], "mysql puked: " . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); } if (XBT_TRACKER == false) { remove_torrent($infohash); } $id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; $mc1->delete_value('MyPeers_' . $CURUSER['id']); //$mc1->delete_value('lastest_tor_'); // $mc1->delete_value('last5_tor_'); $mc1->delete_value('scroll_tor_'); sql_query("DELETE FROM files WHERE torrent = " . sqlesc($id));
$updateset = array(); $fname = $row["filename"]; preg_match('/^(.+)\\.torrent$/si', $fname, $matches); $shortfname = $matches[1]; $dname = $row["save_as"]; $version_action = $_POST['version_action']; if ($version_action == 'update') { $version_id = get_version_id_for_torrent($_POST['version'], $id); $updateset[] = "version = " . $version_id; } else { if ($version_action == 'remove') { $updateset[] = 'version = 0'; } } $updateset[] = "name = " . sqlesc($name); $updateset[] = "search_text = " . sqlesc(searchfield("{$shortfname} {$dname} {$name}")); $updateset[] = "descr = " . sqlesc($descr); $updateset[] = "ori_descr = " . sqlesc($descr); $updateset[] = "category = " . (0 + $type); $updateset[] = "license = " . (0 + $lic); //if ($CURUSER["admin"] == "yes") { if ($CURUSER['class'] > UC_MODERATOR) { if (isset($_POST["banned"])) { $updateset[] = "banned = 'yes'"; $_POST["visible"] = 0; } else { $updateset[] = "banned = 'no'"; } } $updateset[] = "visible = '" . (isset($_POST["visible"]) ? "yes" : "no") . "'"; mysql_query("UPDATE torrents SET " . join(",", $updateset) . " WHERE id = {$id}");
function search_text_in_db($searchstr, $base_sql, $where_search, $add_where = array(), $strict = false) { global $db, $config; //$stopword_array = @file($root_path . 'languages/lang_' . $config['default_lang'] . '/search_stopwords.txt'); //$synonym_array = @file($root_path . 'languages/lang_' . $config['default_lang'] . '/search_synonyms.txt'); $match_types = array('or', 'not', 'and'); $add_where = sizeof($add_where) ? ' AND ' . implode(' AND ', $add_where) : ''; $cleansearchstr = searchfield($searchstr); $lower_searchstr = utf_strtolower($searchstr); if ($strict) { $split_search = array($lower_searchstr); } else { $split_search = split_words($cleansearchstr); if ($lower_searchstr != $searchstr) { $search_full_string = true; foreach ($match_types as $_null => $match_type) { if (strpos($lower_searchstr, $match_type) !== false) { $search_full_string = false; } } if ($search_full_string) { $split_search[] = $lower_searchstr; } } } $word_count = 0; $current_match_type = 'and'; $word_match = array(); $result_list = array(); for ($i = 0; $i < sizeof($split_search); $i++) { if (utf_strlen(str_replace(array('*', '%'), '', trim($split_search[$i]))) < $config['search_min_chars'] && !in_array($split_search[$i], $match_types)) { $split_search[$i] = ''; continue; } switch ($split_search[$i]) { case 'and': $current_match_type = 'and'; break; case 'or': $current_match_type = 'or'; break; case 'not': $current_match_type = 'not'; break; default: if (!empty($search_terms)) { $current_match_type = 'and'; } if ($strict) { $search = $where_search . ' = \'' . sqlesc($split_search[$i]) . '\'' . $add_where; } else { $match_word = str_replace('*', '%', $split_search[$i]); $search = $where_search . ' LIKE \'%' . sqlesc($match_word) . '%\'' . $add_where; //$search = $where_search . ' REGEXP \'[[:<:]]' . $db->sql_escape($match_word) . '[[:>:]]\'' . $add_where; } $sql = $base_sql . ' WHERE ' . $search; $result = sql_query($sql); $row = array(); while ($temp_row = mysqli_fetch_row($result)) { $row[$temp_row['id']] = 1; if (!$word_count) { $result_list[$temp_row['id']] = 1; } else { if ($current_match_type == 'or') { $result_list[$temp_row['id']] = 1; } else { if ($current_match_type == 'not') { $result_list[$temp_row['id']] = 0; } } } } if ($current_match_type == 'and' && $word_count) { @reset($result_list); foreach ($result_list as $id => $match_count) { if (!isset($row[$id]) || !$row[$id]) { //$result_list[$id] = 0; @($result_list[$id] -= 1); } else { @($result_list[$id] += 1); } } } $word_count++; mysqli_fetch_assoc($result); } } @reset($result_list); $search_ids = array(); foreach ($result_list as $id => $matches) { if ($matches > 0) { //if ( $matches ) { $search_ids[] = $id; } } unset($result_list); return $search_ids; }
$infohash[$i] = sha1($info[$i]["string"]); /* ...... end of Private Tracker mod */ $torrent[$i] = str_replace("_", " ", $torrent[$i]); $torrent[$i] = str_replace("'", " ", $torrent[$i]); $torrent[$i] = str_replace("\"", " ", $torrent[$i]); $torrent[$i] = str_replace(",", " ", $torrent[$i]); $nfo[$i] = sqlesc(str_replace("\r\r\n", "\r\n", @file_get_contents($nfofilename[$i]))); $first = $shortfname[$i][1]; $second = $dname[$i]; $third = $torrent[$i][1]; $vip = isset($_POST["vip1"]) ? "1" : "0"; $vip = isset($_POST["vip2"]) ? "1" : "0"; $vip = isset($_POST["vip3"]) ? "1" : "0"; $vip = isset($_POST["vip4"]) ? "1" : "0"; $vip = isset($_POST["vip5"]) ? "1" : "0"; $ret = mysqli_query($GLOBALS["___mysqli_ston"], "INSERT INTO torrents (search_text, filename, owner, username, visible, anonymous, vip, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("{$first} {$second} {$third}"), $fname[$i], $CURUSER["id"], $CURUSER["username"], "no", $anonymous, $vip, $infohash[$i], $torrent[$i][1], $totallen, count($filelist[$i]), $type, $descr, $descr, $cat[$i], $dname[$i]))) . ", '" . TIME_NOW . "', '" . TIME_NOW . "', {$nfo[$i]})"); if (!$ret) { if ((is_object($GLOBALS["___mysqli_ston"]) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) == 1062) { stderr("Oops", "#{$i} torrent was already uploaded!"); } stderr("Oops", "mysql puked: " . (is_object($GLOBALS["___mysqli_ston"]) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false))); } $id = is_null($___mysqli_res = mysqli_insert_id($GLOBALS["___mysqli_ston"])) ? false : $___mysqli_res; $ids[] = $id; $mc1->delete_value('MyPeers_' . $CURUSER['id']); $mc1->delete_value('lastest_tor_'); sql_query("DELETE FROM files WHERE torrent = {$id}"); foreach ($filelist as $file) { sql_query("INSERT INTO files (torrent, filename, size) VALUES ({$id}, " . sqlesc($file[0]) . "," . $file[1] . ")"); } $fp = fopen("{$INSTALLER09['torrent_dir']}/{$id}.torrent", "w");
require_once "backend/functions.php"; dbconn(); //check permissions if ($site_config["MEMBERSONLY"]) { loggedinonly(); if ($CURUSER["view_torrents"] == "no") { show_error_msg(T_("ERROR"), T_("NO_TORRENT_VIEW"), 1); } } function sqlwildcardesc($x) { return str_replace(array("%", "_"), array("\\%", "\\_"), mysql_real_escape_string($x)); } //GET SEARCH STRING $searchstr = trim($_GET["search"]); $cleansearchstr = searchfield($searchstr); if (empty($cleansearchstr)) { unset($cleansearchstr); } $thisurl = "../search/?"; $addparam = ""; $wherea = array(); $wherecatina = array(); $wherea[] = "banned = 'no'"; $wherecatina = array(); $wherecatin = ""; $res = SQL_Query_exec("SELECT id FROM categories"); while ($row = mysql_fetch_assoc($res)) { if ($_GET["c{$row['id']}"]) { $wherecatina[] = $row[id]; $addparam .= "c{$row['id']}=1&";
// javascript to automatically execute search when pulling down $jscript = "onChange='document.g_form.searchj.value=\"Search\"; document.g_form.submit()'"; echo "<input type='hidden' name='searchj' value=''>\n"; // print header of table echo "<table border='1' align='center'>\n"; // row with search form echo "<tr align='center'>\n"; foreach ($Allfields as $nowfield) { if ($_GET[$nowfield['name']]) { $list = $listb['sql']; $count = $listb['numrows']; } else { $list = $lista; $count = $listb['numrows']; } searchfield($db, $tableinfo, $nowfield, $_GET, $jscript); } echo "<td style='width: 5%'><input type=\"submit\" name=\"search\" value=\"Search\"> "; echo "<input type=\"submit\" name=\"search\" value=\"Show All\"></td>"; echo "</tr>\n\n"; if ($sortdirarray) { echo "<input type='hidden' name='serialsortdirarray' value='" . serialize($sortdirarray) . "'>\n"; } echo "<tr>\n"; foreach ($Allfields as $nowfield) { tableheader($sortdirarray, $nowfield); } echo "<th>Action</th>\n"; echo "</tr>\n\n"; if ($md == 'edit') { display_table_change($db, $tableinfo, $Fieldscomma, ${$queryname}, $num_p_r, ${$pagename}, $rp, $r);