|
#11
|
|||
|
|||
Quote:
mysql puked: Column count doesn't match value count at row 1 |
#12
|
||||
|
||||
preveri takeupload.php moraš imeti poster in ret-u
Quote:
|
#13
|
|||
|
|||
To je moj takeupload.php in mislim da je.
PHP Code:
|
#14
|
||||
|
||||
you must have poster and $poster to sql query try this one
Code:
<?php require_once("include/benc.php"); require_once("include/bittorrent.php"); ini_set("upload_max_filesize",$max_torrent_size); session_start(); $_SESSION["upload"] = $_POST; function bark($msg) { genbark($msg, "Nalaganje torrenta neuspešno!"); } dbconn(); loggedinorreturn(); iplogger (); if ($CURUSER["uploadpos"] == 'no') die; foreach(explode(":","descr:type:name") as $v) { if (!isset($_POST[$v])) bark("Pozabili ste izpolniti eno izmed polj!"); } if (!isset($_FILES["file"])) bark("Pozabili ste izbrati .torrent datoteko ali .nfo datoteko!"); $f = $_FILES["file"]; $fname = unesc($f["name"]); if (empty($fname)) bark("Prazna datoteka!"); if ($_POST['uplver'] == 'yes') { $anonymous = "yes"; $anon = "Anonymous"; } else { $anonymous = "no"; $anon = $CURUSER["username"]; } $torrentposter = null; $poster = $_FILES['torrentposterfile']; if (!empty($poster['name'])) { $dir = ROOT . DS . 'torrents_poster'; if (!is_dir($dir)) { mkdir($dir, 0777); file_put_contents($dir . DS . 'index.php', ':))'); } if ($poster['size'] > (1024 * 1024)) { bark('Prevelika slika. Največja velikost je 1MB'); } $fileName = explode('.', $poster['name']); $koncnica = end($fileName); $fileName = md5(uniqid() . rand(0, 100) . microtime()) . '.' . $koncnica; $filePath = ROOT . DS . 'torrents_poster' . DS . $fileName; if (@is_uploaded_file($poster['tmp_name']) && move_uploaded_file($poster['tmp_name'], $filePath)) { $torrentposter = $BASEURL . '/torrents_poster/' . $fileName; } } else if (!empty($_POST['torrentposter'])) { $torrentposter = unesc($_POST['torrentposter']); } if (!empty($_POST['short_descr'])) $short_descr = $_POST['short_descr']; if (!empty($_POST['info_link'])) $info_link = $_POST['info_link']; $nfofile = $_FILES['nfo']; if ($nfofile['name'] != '') { if (get_user_class() >= UC_MODERATOR || $CURUSER["canfree"] == "da") { if ($_POST["free"] == "yes") { $freeleech = "yes"; } else { $freeleech = "no"; } } else { $freeleech = "no"; } $zanri = $_POST["zanr"]; $zanri = implode("|", $zanri); if ($nfofile['size'] == 0) bark("0-byte NFO"); if ($nfofile['size'] > 65535) bark("NFO datoteka je prevelika! Max 65,535 bajtov."); $nfofilename = $nfofile['tmp_name']; if (@!is_uploaded_file($nfofilename)) bark("Nalaganje NFO datoteke neuspešno!"); } $descr = unesc($_POST["descr"]); if (!$descr) bark("Vpisati morate opis vsebine torrenta!"); $catid = (0 + $_POST["type"]); if (!is_valid_id($catid)) bark("Če želite naložiti torrent morate izbrati kategorijo!"); if (!validfilename($fname)) bark("Nepravilna vrsta datoteke!"); if (!preg_match('/^(.+)\.torrent$/si', $fname, $matches)) bark("Nepravilna končnica datoteke (ime datoteke ni .torrent)."); $shortfname = $torrent = $matches[1]; if (!empty($_POST["name"])) $torrent = unesc($_POST["name"]); $tmpname = $f["tmp_name"]; if (!is_uploaded_file($tmpname)) bark("eek"); if (!filesize($tmpname)) bark("Prazna datoteka!"); $dict = bdec_file($tmpname, $max_torrent_size); if (!isset($dict)) bark("Nepravilna datoteka za nalaganje!"); function dict_check($d, $s) { if ($d["type"] != "dictionary") bark("Direktorij ni zapisljiv!"); $a = explode(":", $s); $dd = $d["value"]; $ret = array(); foreach ($a as $k) { unset($t); if (preg_match('/^(.*)\((.*)\)$/', $k, $m)) { $k = $m[1]; $t = $m[2]; } if (!isset($dd[$k])) bark("dictionary is missing key(s)"); if (isset($t)) { if ($dd[$k]["type"] != $t) bark("invalid entry in dictionary"); $ret[] = $dd[$k]["value"]; } else $ret[] = $dd[$k]; } return $ret; } function dict_get($d, $k, $t) { if ($d["type"] != "dictionary") bark("not a dictionary"); $dd = $d["value"]; if (!isset($dd[$k])) return; $v = $dd[$k]; if ($v["type"] != $t) bark("invalid dictionary entry type"); return $v["value"]; } list($ann, $info) = dict_check($dict, "announce(string):info"); list($dname, $plen, $pieces) = dict_check($info, "name(string):piece length(integer):pieces(string)"); if(get_user_class() <UC_OWNER && $CURUSER["speed"] != "da") { if (!in_array($ann, $announce_urls, 1)) { $aok=false; foreach($announce_urls as $au) { if($ann=="$au?passkey=$CURUSER[passkey]") $aok=true; } if(!$aok) bark("Invalid announce url! Must be: " . $announce_urls[0] . "?passkey=$CURUSER[passkey]"); } } if (strlen($pieces) % 20 != 0) bark("invalid pieces"); $filelist = array(); $totallen = dict_get($info, "length", "integer"); if (isset($totallen)) { $filelist[] = array($dname, $totallen); $type = "single"; } else { $flist = dict_get($info, "files", "list"); if (!isset($flist)) bark("missing both length and files"); if (!count($flist)) bark("no files"); $totallen = 0; foreach ($flist as $fn) { list($ll, $ff) = dict_check($fn, "length(integer):path(list)"); $totallen += $ll; $ffa = array(); foreach ($ff as $ffe) { if ($ffe["type"] != "string") bark("filename error"); $ffa[] = $ffe["value"]; } if (!count($ffa)) bark("filename error"); $ffe = implode("/", $ffa); $filelist[] = array($ffe, $ll); } $type = "multi"; } $infohash = pack("H*", sha1($info["string"])); // Replace punctuation characters with spaces $torrent = str_replace("_", " ", $torrent); $nfo = sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", @file_get_contents($nfofilename))); $ret = sql_query("INSERT INTO torrents (search_text, filename, poster, info_link, owner, visible, anonymous, zanri, free, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $torrentposter, $short_descr, $poster, $info_link, $CURUSER["id"], "no", $anonymous, $zanri, $freeleech, $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', $nfo)"); if (!$ret) { if (mysql_errno() == 1062) bark("torrent already uploaded!"); bark("mysql puked: ".mysql_error()); } $id = mysql_insert_id(); @sql_query("DELETE FROM files WHERE torrent = $id"); foreach ($filelist as $file) { @sql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")"); } move_uploaded_file($tmpname, "$torrent_dir/$id.torrent"); //===add karma KPS("+","10.0",$CURUSER["id"]); //===end if ($CURUSER["anonymous"]=='yes') write_log("Torrent $id ($torrent) je naložil uporabnik Anonymous"); else write_log("Torrent $id ($torrent) je naložil uporabnik $CURUSER[username]"); //===notify people who voted on offer thanks CoLdFuSiOn :) if (isset($_POST['offer'])) { $res = mysql_query("SELECT `userid` FROM `offervotes` WHERE `userid` != " . $CURUSER["id"] . " AND `offerid` = ". ($_POST['offer'] + 0)) or sqlerr(__FILE__, __LINE__); $pn_msg = "The Offer you voted for: \"$torrent\" was uploaded by " . $CURUSER["username"] . ".\nYou can Download the Torrent here"; while($row = mysql_fetch_assoc($res)) { //=== use this if you DO have subject in your PMs $subject = "Offer $torrent was just uploaded"; //=== use this if you DO NOT have subject in your PMs //$some_variable .= "(0, 0, $row[userid], '" . get_date_time() . "', " . sqlesc($pn_msg) . ")"; //=== use this if you DO have subject in your PMs mysql_query("INSERT INTO messages (poster, sender, subject, receiver, added, msg) VALUES (0, 0, ".sqlesc($subject).", $row[userid], ".sqlesc(get_date_time()).", " . sqlesc($pn_msg) . ")") or sqlerr(__FILE__, __LINE__); //=== use this if you do NOT have subject in your PMs //mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES ".$some_variable."") or sqlerr(__FILE__, __LINE__); //===end } //=== delete all offer stuff @mysql_query("DELETE FROM `offers` WHERE `id` = ". ($_POST['offer'] + 0)); @mysql_query("DELETE FROM `offervotes` WHERE `offerid` = ". ($_POST['offer'] + 0)); @mysql_query("DELETE FROM `comments` WHERE `offer` = ". ($_POST['offer'] + 0). ""); } //=== end notify people who voted on offer /* Email notifs */ $res = sql_query("SELECT name FROM categories WHERE id=$catid") or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_assoc($res); $cat = $arr["name"]; $res = sql_query("SELECT email FROM users WHERE enabled='yes' AND parked='no' AND status='confirmed' AND notifs LIKE '%[cat$catid]%' AND notifs LIKE '%[email]%'") or sqlerr(__FILE__, __LINE__); $uploader = $anon; $size = mksize($totallen); $description = ($html ? strip_tags($descr) : $descr); $body = <<<EOD Hi, A new torrent has been uploaded. Name: $torrent Size: $size Category: $cat Uploaded by: $uploader Description ------------------------------------------------------------------------------- $description ------------------------------------------------------------------------------- You can use the URL below to download the torrent (you may have to login). $DEFAULTBASEURL/details.php?id=$id&hit=1 ------ Yours, The $SITENAME Team. EOD; $to = ""; $nmax = 100; // Max recipients per message $nthis = 0; $ntotal = 0; $total = mysql_num_rows($res); while ($arr = mysql_fetch_row($res)) { if ($nthis == 0) $to = $arr[0]; else $to .= "," . $arr[0]; ++$nthis; ++$ntotal; if ($nthis == $nmax || $ntotal == $total) { $sm = sent_mail("Multiple recipients <$SITEEMAIL>",$SITENAME,$SITEEMAIL,"$SITENAME New torrent - $torrent",$body,"torrent upload",false,true,$to); if (!$sm) stderr("Error", "Your torrent has been been uploaded. DO NOT RELOAD THE PAGE!\n" . "There was however a problem delivering the e-mail notifcations.\n" . "Please let an administrator know about this error!\n"); $nthis = 0; } } /** * User Upload če je 10. torrent :D || START */ $torrents_res = mysql_query("SELECT COUNT(*) FROM torrents WHERE owner = '" . $CURUSER["id"] . "'") or sqlerr(); $torrents_row = mysql_fetch_row($torrents_res); $count = $torrents_row[0]; if ($count % 10 == 0) //če je ostanek pri deljenju z 10 enak 0 { //doda upload $pristej = 1024 * 1024 * 1024 * 5; mysql_query("UPDATE users SET uploaded = uploaded + " . $pristej . " WHERE id = '" . $CURUSER["id"] . "'") or sqlerr(); $msg = sqlesc("Sistem vam je dodelil 5 Gb uploada. (Za vsak deseti naloženi torrent prejmete 5 Gb uploada)."); //vsebina sporočila $added = sqlesc(get_date_time()); sql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, " . $CURUSER["id"] . ", $msg, $added)") or sqlerr(__FILE__, __LINE__); write_log("Uporabniku " . $CURUSER["username"] . " je Sistem dodelil 5 Gb uploada."); //log strani } /** * User Upload če je 10. torrent :D || END */ $userid = 2738; $username= htmlspecialchars("Sistem"); $date=sqlesc(time()); $text="<font color=red><b>Naložen je bil nov torrent: </b></font><a href=details.php?id=" . htmlspecialchars($id) . " target=_blank>" . htmlspecialchars($torrent) . "</a>" ; sql_query("INSERT INTO shoutbox (id, userid, username, date, text) VALUES ('id'," . sqlesc($userid) . ", " . sqlesc($username) . ", $date, " . sqlesc($text) . ")") or sqlerr(__FILE__, __LINE__); unset($_SESSION["upload"]); header("Location: $BASEURL/details.php?id=".htmlspecialchars($id)."&uploaded=1"); ?> |
#15
|
||||
|
||||
Look if u ran the query to add poster to the torrent table then poster will be added at the end of the table so the same needs to apply to the query. U cant added it where ever u like. So backup takeupload.php and then edit and find and replace the main insertion query with this...
PHP Code:
__________________
Please Support Majority Report You can contact me on Skype live:phesadent.elect but please let me know first. If you are ever need me desperately then please email me at dan.oak44@gmail.com and I will contact u within a week. Due to free time I'm able to help interested member's with their tracker. Please Note! Depending on your requests I will charge you for my assistance for Tracker installs and mods. All my mods are custom and prices will very depending on the request. I'm able to install any tracker and mods including themes. Please PM me |
#16
|
|||
|
|||
Quote:
mysql puked: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '://tvoj-orion.si/torrents_poster/0831cc6a36b904497d9ea29f43d77b6c.jpg)' at line 1 |
#17
|
||||
|
||||
Try and sanitize $torrentposter
__________________
Please Support Majority Report You can contact me on Skype live:phesadent.elect but please let me know first. If you are ever need me desperately then please email me at dan.oak44@gmail.com and I will contact u within a week. Due to free time I'm able to help interested member's with their tracker. Please Note! Depending on your requests I will charge you for my assistance for Tracker installs and mods. All my mods are custom and prices will very depending on the request. I'm able to install any tracker and mods including themes. Please PM me |
#18
|
|||
|
|||
should be
$poster To match the poster so it should be Code:
$ret = sql_query("INSERT INTO torrents (search_text, filename, info_link, owner, visible, anonymous, zanri, free, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo, poster) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("$shortfname$dname$torrent"), $fname, $short_descr, $info_link, $CURUSER["id"], "no", $anonymous, $zanri, $freeleech, $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) . ", '" . get_date_time() . "', '" . get_date_time() . "', $nfo, $poster)"); This is call on a sql_query you do not have $torrentposter |
#19
|
||||
|
||||
Quote:
__________________
Please Support Majority Report You can contact me on Skype live:phesadent.elect but please let me know first. If you are ever need me desperately then please email me at dan.oak44@gmail.com and I will contact u within a week. Due to free time I'm able to help interested member's with their tracker. Please Note! Depending on your requests I will charge you for my assistance for Tracker installs and mods. All my mods are custom and prices will very depending on the request. I'm able to install any tracker and mods including themes. Please PM me |
#20
|
|||
|
|||
well true but some time like bambam just can not help him self, but there you go with a want to be coder..On a sidenote ill help out where i can
Last edited by Napon; 23rd December 2019 at 18:52. |
|
|