Code:
<?php
require_once("include/benc.php");
require_once("include/bittorrent.php");
ini_set("upload_max_filesize",$max_torrent_size);
session_start();
$_SESSION["upload"] = $_POST;
function bark($msg) {
genbark($msg, "Nalaganje torrenta neuspešno!");
}
dbconn();
loggedinorreturn();
iplogger ();
if ($CURUSER["uploadpos"] == 'no')
die;
foreach(explode(":","descr:type:name") as $v)
{
if (!isset($_POST[$v]))
bark("Pozabili ste izpolniti eno izmed polj!");
}
if (!isset($_FILES["file"]))
bark("Pozabili ste izbrati .torrent datoteko ali .nfo datoteko!");
$f = $_FILES["file"];
$fname = unesc($f["name"]);
if (empty($fname))
bark("Prazna datoteka!");
if ($_POST['uplver'] == 'yes') {
$anonymous = "yes";
$anon = "Anonymous";
}
else {
$anonymous = "no";
$anon = $CURUSER["username"];
}
$torrentposter = null;
$poster = $_FILES['torrentposterfile'];
if (!empty($poster['name']))
{
$dir = ROOT . DS . 'torrents_poster';
if (!is_dir($dir))
{
mkdir($dir, 0777);
file_put_contents($dir . DS . 'index.php', ':))');
}
if ($poster['size'] > (1024 * 1024))
{
bark('Prevelika slika. Največja velikost je 1MB');
}
$fileName = explode('.', $poster['name']);
$koncnica = end($fileName);
$fileName = md5(uniqid() . rand(0, 100) . microtime()) . '.' . $koncnica;
$filePath = ROOT . DS . 'torrents_poster' . DS . $fileName;
if (@is_uploaded_file($poster['tmp_name']) && move_uploaded_file($poster['tmp_name'], $filePath))
{
$torrentposter = $BASEURL . '/torrents_poster/' . $fileName;
}
}
else if (!empty($_POST['torrentposter']))
{
$torrentposter = unesc($_POST['torrentposter']);
}
if (!empty($_POST['short_descr']))
$short_descr = $_POST['short_descr'];
if (!empty($_POST['info_link']))
$info_link = $_POST['info_link'];
$nfofile = $_FILES['nfo'];
if ($nfofile['name'] != '') {
if (get_user_class() >= UC_MODERATOR || $CURUSER["canfree"] == "da")
{
if ($_POST["free"] == "yes")
{
$freeleech = "yes";
}
else
{
$freeleech = "no";
}
}
else
{
$freeleech = "no";
}
$zanri = $_POST["zanr"];
$zanri = implode("|", $zanri);
if ($nfofile['size'] == 0)
bark("0-byte NFO");
if ($nfofile['size'] > 65535)
bark("NFO datoteka je prevelika! Max 65,535 bajtov.");
$nfofilename = $nfofile['tmp_name'];
if (@!is_uploaded_file($nfofilename))
bark("Nalaganje NFO datoteke neuspešno!");
}
$descr = unesc($_POST["descr"]);
if (!$descr)
bark("Vpisati morate opis vsebine torrenta!");
$catid = (0 + $_POST["type"]);
if (!is_valid_id($catid))
bark("Če želite naložiti torrent morate izbrati kategorijo!");
if (!validfilename($fname))
bark("Nepravilna vrsta datoteke!");
if (!preg_match('/^(.+)\.torrent$/si', $fname, $matches))
bark("Nepravilna končnica datoteke (ime datoteke ni .torrent).");
$shortfname = $torrent = $matches[1];
if (!empty($_POST["name"]))
$torrent = unesc($_POST["name"]);
$tmpname = $f["tmp_name"];
if (!is_uploaded_file($tmpname))
bark("eek");
if (!filesize($tmpname))
bark("Prazna datoteka!");
$dict = bdec_file($tmpname, $max_torrent_size);
if (!isset($dict))
bark("Nepravilna datoteka za nalaganje!");
function dict_check($d, $s) {
if ($d["type"] != "dictionary")
bark("Direktorij ni zapisljiv!");
$a = explode(":", $s);
$dd = $d["value"];
$ret = array();
foreach ($a as $k) {
unset($t);
if (preg_match('/^(.*)\((.*)\)$/', $k, $m)) {
$k = $m[1];
$t = $m[2];
}
if (!isset($dd[$k]))
bark("dictionary is missing key(s)");
if (isset($t)) {
if ($dd[$k]["type"] != $t)
bark("invalid entry in dictionary");
$ret[] = $dd[$k]["value"];
}
else
$ret[] = $dd[$k];
}
return $ret;
}
function dict_get($d, $k, $t) {
if ($d["type"] != "dictionary")
bark("not a dictionary");
$dd = $d["value"];
if (!isset($dd[$k]))
return;
$v = $dd[$k];
if ($v["type"] != $t)
bark("invalid dictionary entry type");
return $v["value"];
}
list($ann, $info) = dict_check($dict, "announce(string):info");
list($dname, $plen, $pieces) = dict_check($info, "name(string):piece length(integer):pieces(string)");
if(get_user_class() <UC_OWNER && $CURUSER["speed"] != "da")
{
if (!in_array($ann, $announce_urls, 1))
{
$aok=false;
foreach($announce_urls as $au)
{
if($ann=="$au?passkey=$CURUSER[passkey]") $aok=true;
}
if(!$aok)
bark("Invalid announce url! Must be: " . $announce_urls[0] . "?passkey=$CURUSER[passkey]");
}
}
if (strlen($pieces) % 20 != 0)
bark("invalid pieces");
$filelist = array();
$totallen = dict_get($info, "length", "integer");
if (isset($totallen)) {
$filelist[] = array($dname, $totallen);
$type = "single";
}
else {
$flist = dict_get($info, "files", "list");
if (!isset($flist))
bark("missing both length and files");
if (!count($flist))
bark("no files");
$totallen = 0;
foreach ($flist as $fn) {
list($ll, $ff) = dict_check($fn, "length(integer):path(list)");
$totallen += $ll;
$ffa = array();
foreach ($ff as $ffe) {
if ($ffe["type"] != "string")
bark("filename error");
$ffa[] = $ffe["value"];
}
if (!count($ffa))
bark("filename error");
$ffe = implode("/", $ffa);
$filelist[] = array($ffe, $ll);
}
$type = "multi";
}
$infohash = pack("H*", sha1($info["string"]));
// Replace punctuation characters with spaces
$torrent = str_replace("_", " ", $torrent);
$nfo = sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", @file_get_contents($nfofilename)));
$ret = sql_query("INSERT INTO torrents (search_text, filename, poster, info_link, owner, visible, anonymous, zanri, free, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" .
implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $torrentposter, $short_descr, $poster, $info_link, $CURUSER["id"], "no", $anonymous, $zanri, $freeleech, $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) .
", '" . get_date_time() . "', '" . get_date_time() . "', $nfo)");
if (!$ret) {
if (mysql_errno() == 1062)
bark("torrent already uploaded!");
bark("mysql puked: ".mysql_error());
}
$id = mysql_insert_id();
@sql_query("DELETE FROM files WHERE torrent = $id");
foreach ($filelist as $file) {
@sql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")");
}
move_uploaded_file($tmpname, "$torrent_dir/$id.torrent");
//===add karma
KPS("+","10.0",$CURUSER["id"]);
//===end
if ($CURUSER["anonymous"]=='yes')
write_log("Torrent $id ($torrent) je naložil uporabnik Anonymous");
else
write_log("Torrent $id ($torrent) je naložil uporabnik $CURUSER[username]");
//===notify people who voted on offer thanks CoLdFuSiOn :)
if (isset($_POST['offer'])) {
$res = mysql_query("SELECT `userid` FROM `offervotes` WHERE `userid` != " . $CURUSER["id"] . " AND `offerid` = ". ($_POST['offer'] + 0)) or sqlerr(__FILE__, __LINE__);
$pn_msg = "The Offer you voted for: \"$torrent\" was uploaded by " . $CURUSER["username"] . ".\nYou can Download the Torrent here";
while($row = mysql_fetch_assoc($res)) {
//=== use this if you DO have subject in your PMs
$subject = "Offer $torrent was just uploaded";
//=== use this if you DO NOT have subject in your PMs
//$some_variable .= "(0, 0, $row[userid], '" . get_date_time() . "', " . sqlesc($pn_msg) . ")";
//=== use this if you DO have subject in your PMs
mysql_query("INSERT INTO messages (poster, sender, subject, receiver, added, msg) VALUES (0, 0, ".sqlesc($subject).", $row[userid], ".sqlesc(get_date_time()).", " . sqlesc($pn_msg) . ")") or sqlerr(__FILE__, __LINE__);
//=== use this if you do NOT have subject in your PMs
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES ".$some_variable."") or sqlerr(__FILE__, __LINE__);
//===end
}
//=== delete all offer stuff
@mysql_query("DELETE FROM `offers` WHERE `id` = ". ($_POST['offer'] + 0));
@mysql_query("DELETE FROM `offervotes` WHERE `offerid` = ". ($_POST['offer'] + 0));
@mysql_query("DELETE FROM `comments` WHERE `offer` = ". ($_POST['offer'] + 0). "");
}
//=== end notify people who voted on offer
/* Email notifs */
$res = sql_query("SELECT name FROM categories WHERE id=$catid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);
$cat = $arr["name"];
$res = sql_query("SELECT email FROM users WHERE enabled='yes' AND parked='no' AND status='confirmed' AND notifs LIKE '%[cat$catid]%' AND notifs LIKE '%[email]%'") or sqlerr(__FILE__, __LINE__);
$uploader = $anon;
$size = mksize($totallen);
$description = ($html ? strip_tags($descr) : $descr);
$body = <<<EOD
Hi,
A new torrent has been uploaded.
Name: $torrent
Size: $size
Category: $cat
Uploaded by: $uploader
Description
-------------------------------------------------------------------------------
$description
-------------------------------------------------------------------------------
You can use the URL below to download the torrent (you may have to login).
$DEFAULTBASEURL/details.php?id=$id&hit=1
------
Yours,
The $SITENAME Team.
EOD;
$to = "";
$nmax = 100; // Max recipients per message
$nthis = 0;
$ntotal = 0;
$total = mysql_num_rows($res);
while ($arr = mysql_fetch_row($res))
{
if ($nthis == 0)
$to = $arr[0];
else
$to .= "," . $arr[0];
++$nthis;
++$ntotal;
if ($nthis == $nmax || $ntotal == $total)
{
$sm = sent_mail("Multiple recipients <$SITEEMAIL>",$SITENAME,$SITEEMAIL,"$SITENAME New torrent - $torrent",$body,"torrent upload",false,true,$to);
if (!$sm)
stderr("Error", "Your torrent has been been uploaded. DO NOT RELOAD THE PAGE!\n" .
"There was however a problem delivering the e-mail notifcations.\n" .
"Please let an administrator know about this error!\n");
$nthis = 0;
}
}
/**
* User Upload če je 10. torrent :D || START
*/
$torrents_res = mysql_query("SELECT COUNT(*) FROM torrents WHERE owner = '" . $CURUSER["id"] . "'") or sqlerr();
$torrents_row = mysql_fetch_row($torrents_res);
$count = $torrents_row[0];
if ($count % 10 == 0) //če je ostanek pri deljenju z 10 enak 0
{
//doda upload
$pristej = 1024 * 1024 * 1024 * 5;
mysql_query("UPDATE users SET uploaded = uploaded + " . $pristej . " WHERE id = '" . $CURUSER["id"] . "'") or sqlerr();
$msg = sqlesc("Sistem vam je dodelil 5 Gb uploada. (Za vsak deseti naloženi torrent prejmete 5 Gb uploada)."); //vsebina sporočila
$added = sqlesc(get_date_time());
sql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, " . $CURUSER["id"] . ", $msg, $added)") or sqlerr(__FILE__, __LINE__);
write_log("Uporabniku " . $CURUSER["username"] . " je Sistem dodelil 5 Gb uploada."); //log strani
}
/**
* User Upload če je 10. torrent :D || END
*/
$userid = 2738;
$username= htmlspecialchars("Sistem");
$date=sqlesc(time());
$text="<font color=red><b>Naložen je bil nov torrent: </b></font><a href=details.php?id=" . htmlspecialchars($id) . " target=_blank>" . htmlspecialchars($torrent) . "</a>" ;
sql_query("INSERT INTO shoutbox (id, userid, username, date, text) VALUES ('id'," . sqlesc($userid) . ", " . sqlesc($username) . ", $date, " . sqlesc($text) . ")") or sqlerr(__FILE__, __LINE__);
unset($_SESSION["upload"]);
header("Location: $BASEURL/details.php?id=".htmlspecialchars($id)."&uploaded=1");
?>