Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > Template Shares
Reply
  #11  
Old 22nd December 2019, 12:48
Floky123 Floky123 is offline
Senior Member
 
Join Date: Nov 2013
Slovenia
Posts: 55
Default
Quote:
Originally Posted by Napon View Post
Code:
ALTER TABLE `torrents` ADD `poster` varchar(255) NOT NULL default '';
yeah, thank you..but then i got another error in when i press Upload torrent:

mysql puked: Column count doesn't match value count at row 1
Reply With Quote
  #12  
Old 22nd December 2019, 14:02
elvira's Avatar
elvira elvira is offline
Senior Member
 
Join Date: Jan 2008
Slovenia
Posts: 172
Default
preveri takeupload.php moraš imeti poster in ret-u



Quote:
$ret = sql_query("INSERT INTO torrents (search_text, filename, owner, visible, imdb, imdbrating, subs, release_group, request, anonymous, poster, tube, info_hash, name, size, numfiles, type, descr, description, ori_descr, category, save_as, added, last_action, nfo) VALUES (" .
implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "no", $subs, $imdb, $imdbrating, $release_group, $request, $anonymous, $poster, $tube, $infohash, $torrent, $totallen, count($filelist), $type, $descr, $smalldescr, $descr, 0 + $_POST["type"], $dname))) .
", '" . get_date_time() . "', '" . get_date_time() . "', $nfo)");
Reply With Quote
  #13  
Old 22nd December 2019, 14:11
Floky123 Floky123 is offline
Senior Member
 
Join Date: Nov 2013
Slovenia
Posts: 55
Default
Quote:
Originally Posted by elvira View Post
preveri takeupload.php moraš imeti poster in ret-u
To je moj takeupload.php in mislim da je.

PHP Code:
<?php
require_once("include/benc.php");
require_once(
"include/bittorrent.php");
ini_set("upload_max_filesize",$max_torrent_size);


session_start();
$_SESSION["upload"] = $_POST;



function 
bark($msg) {
    
genbark($msg"Nalaganje torrenta neuspešno!");
}
dbconn(); 
loggedinorreturn();
iplogger ();


if (
$CURUSER["uploadpos"] == 'no')
    die;

foreach(
explode(":","descr:type:name") as $v)
{
    if (!isset(
$_POST[$v]))
        
bark("Pozabili ste izpolniti eno izmed polj!");
}

if (!isset(
$_FILES["file"]))
    
bark("Pozabili ste izbrati .torrent datoteko ali .nfo datoteko!");

$f $_FILES["file"];
$fname unesc($f["name"]);
if (empty(
$fname))
    
bark("Prazna datoteka!");
if (
$_POST['uplver'] == 'yes') {
    
$anonymous "yes";
    
$anon "Anonymous";
}
else {
    
$anonymous "no";
    
$anon $CURUSER["username"];
}

$torrentposter null;
$poster $_FILES['torrentposterfile'];
if (!empty(
$poster['name']))
{
    
$dir ROOT DS 'torrents_poster';
    if (!
is_dir($dir))
    {
        
mkdir($dir0777);
        
file_put_contents($dir DS 'index.php'':))');
    }
    if (
$poster['size'] > (1024 1024))
    {
        
bark('Prevelika slika. Največja velikost je 1MB');
    }
    
$fileName explode('.'$poster['name']);
    
$koncnica end($fileName);
    
$fileName md5(uniqid() . rand(0100) . microtime()) . '.' $koncnica;
    
$filePath ROOT DS 'torrents_poster' DS $fileName;
    if (@
is_uploaded_file($poster['tmp_name']) && move_uploaded_file($poster['tmp_name'], $filePath))
    {
        
$torrentposter $BASEURL '/torrents_poster/' $fileName;
    }
}
else if (!empty(
$_POST['torrentposter'])) 
{
    
$torrentposter unesc($_POST['torrentposter']);
}

if (!empty(
$_POST['short_descr']))
    
$short_descr $_POST['short_descr'];

if (!empty(
$_POST['info_link']))
$info_link $_POST['info_link'];
    
$nfofile $_FILES['nfo'];
if (
$nfofile['name'] != '') {


if (
get_user_class() >= UC_MODERATOR || $CURUSER["canfree"] == "da")
{
    if (
$_POST["free"] == "yes")
    {
        
$freeleech "yes";
    }
    else
    {
        
$freeleech "no";
    }
}
else
{
    
$freeleech "no";
}

$zanri $_POST["zanr"];
$zanri implode("|"$zanri);


if (
$nfofile['size'] == 0)
    
bark("0-byte NFO");

if (
$nfofile['size'] > 65535)
    
bark("NFO datoteka je prevelika! Max 65,535 bajtov.");

$nfofilename $nfofile['tmp_name'];

if (@!
is_uploaded_file($nfofilename))
    
bark("Nalaganje NFO datoteke neuspešno!");
}

$descr unesc($_POST["descr"]);
if (!
$descr)
  
bark("Vpisati morate opis vsebine torrenta!");

$catid = ($_POST["type"]);
if (!
is_valid_id($catid))
    
bark("Če želite naložiti torrent morate izbrati kategorijo!");
    
if (!
validfilename($fname))
    
bark("Nepravilna vrsta datoteke!");
if (!
preg_match('/^(.+)\.torrent$/si'$fname$matches))
    
bark("Nepravilna končnica datoteke (ime datoteke ni .torrent).");
$shortfname $torrent $matches[1];
if (!empty(
$_POST["name"]))
    
$torrent unesc($_POST["name"]);

$tmpname $f["tmp_name"];
if (!
is_uploaded_file($tmpname))
    
bark("eek");
if (!
filesize($tmpname))
    
bark("Prazna datoteka!");

$dict bdec_file($tmpname$max_torrent_size);
if (!isset(
$dict))
    
bark("Nepravilna datoteka za nalaganje!");

function 
dict_check($d$s) {
    if (
$d["type"] != "dictionary")
        
bark("Direktorij ni zapisljiv!");
    
$a explode(":"$s);
    
$dd $d["value"];
    
$ret = array();
    foreach (
$a as $k) {
        unset(
$t);
        if (
preg_match('/^(.*)\((.*)\)$/'$k$m)) {
            
$k $m[1];
            
$t $m[2];
        }
        if (!isset(
$dd[$k]))
            
bark("dictionary is missing key(s)");
        if (isset(
$t)) {
            if (
$dd[$k]["type"] != $t)
                
bark("invalid entry in dictionary");
            
$ret[] = $dd[$k]["value"];
        }
        else
            
$ret[] = $dd[$k];
    }
    return 
$ret;
}

function 
dict_get($d$k$t) {
    if (
$d["type"] != "dictionary")
        
bark("not a dictionary");
    
$dd $d["value"];
    if (!isset(
$dd[$k]))
        return;
    
$v $dd[$k];
    if (
$v["type"] != $t)
        
bark("invalid dictionary entry type");
    return 
$v["value"];
}

list(
$ann$info) = dict_check($dict"announce(string):info");
list(
$dname$plen$pieces) = dict_check($info"name(string):piece length(integer):pieces(string)");

if(
get_user_class() <UC_OWNER && $CURUSER["speed"] != "da")
{
    if (!
in_array($ann$announce_urls1))
    {
        
$aok=false;
        foreach(
$announce_urls as $au)
        {
            if(
$ann=="$au?passkey=$CURUSER[passkey]")  $aok=true;
        }
        if(!
$aok)
            
bark("Invalid announce url! Must be: " $announce_urls[0] . "?passkey=$CURUSER[passkey]");
    }
}



if (
strlen($pieces) % 20 != 0)
    
bark("invalid pieces");

$filelist = array();
$totallen dict_get($info"length""integer");
if (isset(
$totallen)) {
    
$filelist[] = array($dname$totallen);
    
$type "single";
}
else {
    
$flist dict_get($info"files""list");
    if (!isset(
$flist))
        
bark("missing both length and files");
    if (!
count($flist))
        
bark("no files");
    
$totallen 0;
    foreach (
$flist as $fn) {
        list(
$ll$ff) = dict_check($fn"length(integer):path(list)");
        
$totallen += $ll;
        
$ffa = array();
        foreach (
$ff as $ffe) {
            if (
$ffe["type"] != "string")
                
bark("filename error");
            
$ffa[] = $ffe["value"];
        }
        if (!
count($ffa))
            
bark("filename error");
        
$ffe implode("/"$ffa);
        
$filelist[] = array($ffe$ll);
    }
    
$type "multi";
}

$infohash pack("H*"sha1($info["string"]));

// Replace punctuation characters with spaces

$torrent str_replace("_"" "$torrent);

$nfo sqlesc(str_replace("\x0d\x0d\x0a""\x0d\x0a", @file_get_contents($nfofilename)));

$ret sql_query("INSERT INTO torrents (search_text, filename, poster, info_link, owner, visible, anonymous, zanri, free, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" .
        
implode(","array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname$torrentposter$short_descr$info_link$CURUSER["id"], "no"$anonymous$zanri$freeleech$infohash$torrent$totallencount($filelist), $type$descr$descr$_POST["type"], $dname))) .
        
", '" get_date_time() . "', '" get_date_time() . "', $nfo)");
if (!
$ret) {
    if (
mysql_errno() == 1062)
        
bark("torrent already uploaded!");
    
bark("mysql puked: ".mysql_error());
}
$id mysql_insert_id();

@
sql_query("DELETE FROM files WHERE torrent = $id");
foreach (
$filelist as $file) {
    @
sql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")");
}

move_uploaded_file($tmpname"$torrent_dir/$id.torrent");

//===add karma
KPS("+","10.0",$CURUSER["id"]);
//===end

if ($CURUSER["anonymous"]=='yes')
    
write_log("Torrent $id ($torrent) je naložil uporabnik Anonymous");
else
    
write_log("Torrent $id ($torrent) je naložil uporabnik $CURUSER[username]");

//===notify people who voted on offer thanks CoLdFuSiOn :)
if (isset($_POST['offer'])) {
$res mysql_query("SELECT `userid` FROM `offervotes` WHERE `userid` != " $CURUSER["id"] . " AND `offerid` = ". ($_POST['offer'] + 0)) or sqlerr(__FILE____LINE__);
$pn_msg "The Offer you voted for: \"$torrent\" was uploaded by " $CURUSER["username"] . ".\nYou can Download the Torrent [url=$DEFAULTBASEURL/details.php?id=$id&hit=1]here[/url]";

while(
$row mysql_fetch_assoc($res)) {
//=== use this if you DO have subject in your PMs
$subject "Offer $torrent was just uploaded";
//=== use this if you DO NOT have subject in your PMs
//$some_variable .= "(0, 0, $row[userid], '" . get_date_time() . "', " . sqlesc($pn_msg) . ")";

//=== use this if you DO have subject in your PMs
mysql_query("INSERT INTO messages (poster, sender, subject, receiver, added, msg) VALUES (0, 0, ".sqlesc($subject).", $row[userid], ".sqlesc(get_date_time()).", " sqlesc($pn_msg) . ")") or sqlerr(__FILE____LINE__);
//=== use this if you do NOT have subject in your PMs
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES ".$some_variable."") or sqlerr(__FILE__, __LINE__);
//===end
}
//=== delete all offer stuff
@mysql_query("DELETE FROM `offers` WHERE `id` = ". ($_POST['offer'] + 0));
@
mysql_query("DELETE FROM `offervotes` WHERE `offerid` = ". ($_POST['offer'] + 0));
@
mysql_query("DELETE FROM `comments` WHERE `offer` = ". ($_POST['offer'] + 0). "");
}
//=== end notify people who voted on offer

/* Email notifs */


$res sql_query("SELECT name FROM categories WHERE id=$catid") or sqlerr(__FILE__,__LINE__);
$arr mysql_fetch_assoc($res);
$cat $arr["name"];
$res sql_query("SELECT email FROM users WHERE enabled='yes' AND parked='no' AND status='confirmed' AND notifs LIKE '%[cat$catid]%' AND notifs LIKE '%[email]%'") or sqlerr(__FILE____LINE__);

$uploader $anon;

$size mksize($totallen);
$description = ($html strip_tags($descr) : $descr);

$body = <<<EOD
Hi,

A new torrent has been uploaded.

Name: 
$torrent
Size: 
$size
Category: 
$cat
Uploaded by: 
$uploader

Description
-------------------------------------------------------------------------------
$description
-------------------------------------------------------------------------------

You can use the URL below to download the torrent (you may have to login).

$DEFAULTBASEURL/details.php?id=$id&hit=1

------
Yours,
The 
$SITENAME Team.
EOD;
$to "";
$nmax 100// Max recipients per message
$nthis 0;
$ntotal 0;
$total mysql_num_rows($res);
while (
$arr mysql_fetch_row($res))
{
  if (
$nthis == 0)
    
$to $arr[0];
  else
    
$to .= "," $arr[0];
  ++
$nthis;
  ++
$ntotal;
  if (
$nthis == $nmax || $ntotal == $total)
  {
      
$sm sent_mail("Multiple recipients <$SITEEMAIL>",$SITENAME,$SITEEMAIL,"$SITENAME New torrent - $torrent",$body,"torrent upload",false,true,$to);
    if (!
$sm)
      
stderr("Error""Your torrent has been been uploaded. DO NOT RELOAD THE PAGE!\n" .
        
"There was however a problem delivering the e-mail notifcations.\n" .
        
"Please let an administrator know about this error!\n");
    
$nthis 0;
  }
}

/**
* User Upload če je 10. torrent :D || START
*/

$torrents_res mysql_query("SELECT COUNT(*) FROM torrents WHERE owner = '" $CURUSER["id"] . "'") or sqlerr();
$torrents_row mysql_fetch_row($torrents_res);
$count $torrents_row[0];

if (
$count 10 == 0//če je ostanek pri deljenju z 10 enak 0
{
    
//doda upload
    
$pristej 1024 1024 1024 5;
    
mysql_query("UPDATE users SET uploaded = uploaded + " $pristej " WHERE id = '" $CURUSER["id"] . "'") or sqlerr();
    
    
    
$msg sqlesc("Sistem vam je dodelil 5 Gb uploada. (Za vsak deseti naloženi torrent prejmete 5 Gb uploada)."); //vsebina sporočila
    
$added sqlesc(get_date_time());
    
sql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, " $CURUSER["id"] . ", $msg$added)") or sqlerr(__FILE____LINE__);
    
write_log("Uporabniku " $CURUSER["username"] . " je Sistem dodelil 5 Gb uploada."); //log strani
}

/**
* User Upload če je 10. torrent :D || END
*/

$userid 2738;
$usernamehtmlspecialchars("Sistem");
$date=sqlesc(time());
$text="<font color=red><b>Naložen je bil nov torrent: </b></font><a href=details.php?id=" htmlspecialchars($id) . " target=_blank>" htmlspecialchars($torrent) . "</a>" ;
    
sql_query("INSERT INTO shoutbox (id, userid, username, date, text) VALUES ('id'," sqlesc($userid) . ", " sqlesc($username) . ", $date, " sqlesc($text) . ")") or sqlerr(__FILE____LINE__);

unset(
$_SESSION["upload"]);
header("Location: $BASEURL/details.php?id=".htmlspecialchars($id)."&uploaded=1");
?>
Reply With Quote
  #14  
Old 22nd December 2019, 14:20
elvira's Avatar
elvira elvira is offline
Senior Member
 
Join Date: Jan 2008
Slovenia
Posts: 172
Default
you must have poster and $poster to sql query try this one


Code:
 <?php
require_once("include/benc.php");
require_once("include/bittorrent.php");
ini_set("upload_max_filesize",$max_torrent_size);


session_start();
$_SESSION["upload"] = $_POST;



function bark($msg) {
    genbark($msg, "Nalaganje torrenta neuspešno!");
}
dbconn(); 
loggedinorreturn();
iplogger ();


if ($CURUSER["uploadpos"] == 'no')
    die;

foreach(explode(":","descr:type:name") as $v)
{
    if (!isset($_POST[$v]))
        bark("Pozabili ste izpolniti eno izmed polj!");
}

if (!isset($_FILES["file"]))
    bark("Pozabili ste izbrati .torrent datoteko ali .nfo datoteko!");

$f = $_FILES["file"];
$fname = unesc($f["name"]);
if (empty($fname))
    bark("Prazna datoteka!");
if ($_POST['uplver'] == 'yes') {
    $anonymous = "yes";
    $anon = "Anonymous";
}
else {
    $anonymous = "no";
    $anon = $CURUSER["username"];
}

$torrentposter = null;
$poster = $_FILES['torrentposterfile'];
if (!empty($poster['name']))
{
    $dir = ROOT . DS . 'torrents_poster';
    if (!is_dir($dir))
    {
        mkdir($dir, 0777);
        file_put_contents($dir . DS . 'index.php', ':))');
    }
    if ($poster['size'] > (1024 * 1024))
    {
        bark('Prevelika slika. Največja velikost je 1MB');
    }
    $fileName = explode('.', $poster['name']);
    $koncnica = end($fileName);
    $fileName = md5(uniqid() . rand(0, 100) . microtime()) . '.' . $koncnica;
    $filePath = ROOT . DS . 'torrents_poster' . DS . $fileName;
    if (@is_uploaded_file($poster['tmp_name']) && move_uploaded_file($poster['tmp_name'], $filePath))
    {
        $torrentposter = $BASEURL . '/torrents_poster/' . $fileName;
    }
}
else if (!empty($_POST['torrentposter'])) 
{
    $torrentposter = unesc($_POST['torrentposter']);
}

if (!empty($_POST['short_descr']))
    $short_descr = $_POST['short_descr'];

if (!empty($_POST['info_link']))
$info_link = $_POST['info_link'];
    
$nfofile = $_FILES['nfo'];
if ($nfofile['name'] != '') {


if (get_user_class() >= UC_MODERATOR || $CURUSER["canfree"] == "da")
{
    if ($_POST["free"] == "yes")
    {
        $freeleech = "yes";
    }
    else
    {
        $freeleech = "no";
    }
}
else
{
    $freeleech = "no";
}

$zanri = $_POST["zanr"];
$zanri = implode("|", $zanri);


if ($nfofile['size'] == 0)
    bark("0-byte NFO");

if ($nfofile['size'] > 65535)
    bark("NFO datoteka je prevelika! Max 65,535 bajtov.");

$nfofilename = $nfofile['tmp_name'];

if (@!is_uploaded_file($nfofilename))
    bark("Nalaganje NFO datoteke neuspešno!");
}

$descr = unesc($_POST["descr"]);
if (!$descr)
  bark("Vpisati morate opis vsebine torrenta!");

$catid = (0 + $_POST["type"]);
if (!is_valid_id($catid))
    bark("Če želite naložiti torrent morate izbrati kategorijo!");
    
if (!validfilename($fname))
    bark("Nepravilna vrsta datoteke!");
if (!preg_match('/^(.+)\.torrent$/si', $fname, $matches))
    bark("Nepravilna končnica datoteke (ime datoteke ni .torrent).");
$shortfname = $torrent = $matches[1];
if (!empty($_POST["name"]))
    $torrent = unesc($_POST["name"]);

$tmpname = $f["tmp_name"];
if (!is_uploaded_file($tmpname))
    bark("eek");
if (!filesize($tmpname))
    bark("Prazna datoteka!");

$dict = bdec_file($tmpname, $max_torrent_size);
if (!isset($dict))
    bark("Nepravilna datoteka za nalaganje!");

function dict_check($d, $s) {
    if ($d["type"] != "dictionary")
        bark("Direktorij ni zapisljiv!");
    $a = explode(":", $s);
    $dd = $d["value"];
    $ret = array();
    foreach ($a as $k) {
        unset($t);
        if (preg_match('/^(.*)\((.*)\)$/', $k, $m)) {
            $k = $m[1];
            $t = $m[2];
        }
        if (!isset($dd[$k]))
            bark("dictionary is missing key(s)");
        if (isset($t)) {
            if ($dd[$k]["type"] != $t)
                bark("invalid entry in dictionary");
            $ret[] = $dd[$k]["value"];
        }
        else
            $ret[] = $dd[$k];
    }
    return $ret;
}

function dict_get($d, $k, $t) {
    if ($d["type"] != "dictionary")
        bark("not a dictionary");
    $dd = $d["value"];
    if (!isset($dd[$k]))
        return;
    $v = $dd[$k];
    if ($v["type"] != $t)
        bark("invalid dictionary entry type");
    return $v["value"];
}

list($ann, $info) = dict_check($dict, "announce(string):info");
list($dname, $plen, $pieces) = dict_check($info, "name(string):piece length(integer):pieces(string)");

if(get_user_class() <UC_OWNER && $CURUSER["speed"] != "da")
{
    if (!in_array($ann, $announce_urls, 1))
    {
        $aok=false;
        foreach($announce_urls as $au)
        {
            if($ann=="$au?passkey=$CURUSER[passkey]")  $aok=true;
        }
        if(!$aok)
            bark("Invalid announce url! Must be: " . $announce_urls[0] . "?passkey=$CURUSER[passkey]");
    }
}



if (strlen($pieces) % 20 != 0)
    bark("invalid pieces");

$filelist = array();
$totallen = dict_get($info, "length", "integer");
if (isset($totallen)) {
    $filelist[] = array($dname, $totallen);
    $type = "single";
}
else {
    $flist = dict_get($info, "files", "list");
    if (!isset($flist))
        bark("missing both length and files");
    if (!count($flist))
        bark("no files");
    $totallen = 0;
    foreach ($flist as $fn) {
        list($ll, $ff) = dict_check($fn, "length(integer):path(list)");
        $totallen += $ll;
        $ffa = array();
        foreach ($ff as $ffe) {
            if ($ffe["type"] != "string")
                bark("filename error");
            $ffa[] = $ffe["value"];
        }
        if (!count($ffa))
            bark("filename error");
        $ffe = implode("/", $ffa);
        $filelist[] = array($ffe, $ll);
    }
    $type = "multi";
}

$infohash = pack("H*", sha1($info["string"]));

// Replace punctuation characters with spaces

$torrent = str_replace("_", " ", $torrent);

$nfo = sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", @file_get_contents($nfofilename)));

$ret = sql_query("INSERT INTO torrents (search_text, filename, poster, info_link, owner, visible, anonymous, zanri, free, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" .
        implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $torrentposter, $short_descr, $poster, $info_link, $CURUSER["id"], "no", $anonymous, $zanri, $freeleech, $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) .
        ", '" . get_date_time() . "', '" . get_date_time() . "', $nfo)");
if (!$ret) {
    if (mysql_errno() == 1062)
        bark("torrent already uploaded!");
    bark("mysql puked: ".mysql_error());
}
$id = mysql_insert_id();

@sql_query("DELETE FROM files WHERE torrent = $id");
foreach ($filelist as $file) {
    @sql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")");
}

move_uploaded_file($tmpname, "$torrent_dir/$id.torrent");

//===add karma
KPS("+","10.0",$CURUSER["id"]);
//===end

if ($CURUSER["anonymous"]=='yes')
    write_log("Torrent $id ($torrent) je naložil uporabnik Anonymous");
else
    write_log("Torrent $id ($torrent) je naložil uporabnik $CURUSER[username]");

//===notify people who voted on offer thanks CoLdFuSiOn :)
if (isset($_POST['offer'])) {
$res = mysql_query("SELECT `userid` FROM `offervotes` WHERE `userid` != " . $CURUSER["id"] . " AND `offerid` = ". ($_POST['offer'] + 0)) or sqlerr(__FILE__, __LINE__);
$pn_msg = "The Offer you voted for: \"$torrent\" was uploaded by " . $CURUSER["username"] . ".\nYou can Download the Torrent here";

while($row = mysql_fetch_assoc($res)) {
//=== use this if you DO have subject in your PMs
$subject = "Offer $torrent was just uploaded";
//=== use this if you DO NOT have subject in your PMs
//$some_variable .= "(0, 0, $row[userid], '" . get_date_time() . "', " . sqlesc($pn_msg) . ")";

//=== use this if you DO have subject in your PMs
mysql_query("INSERT INTO messages (poster, sender, subject, receiver, added, msg) VALUES (0, 0, ".sqlesc($subject).", $row[userid], ".sqlesc(get_date_time()).", " . sqlesc($pn_msg) . ")") or sqlerr(__FILE__, __LINE__);
//=== use this if you do NOT have subject in your PMs
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES ".$some_variable."") or sqlerr(__FILE__, __LINE__);
//===end
}
//=== delete all offer stuff
@mysql_query("DELETE FROM `offers` WHERE `id` = ". ($_POST['offer'] + 0));
@mysql_query("DELETE FROM `offervotes` WHERE `offerid` = ". ($_POST['offer'] + 0));
@mysql_query("DELETE FROM `comments` WHERE `offer` = ". ($_POST['offer'] + 0). "");
}
//=== end notify people who voted on offer

/* Email notifs */


$res = sql_query("SELECT name FROM categories WHERE id=$catid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);
$cat = $arr["name"];
$res = sql_query("SELECT email FROM users WHERE enabled='yes' AND parked='no' AND status='confirmed' AND notifs LIKE '%[cat$catid]%' AND notifs LIKE '%[email]%'") or sqlerr(__FILE__, __LINE__);

$uploader = $anon;

$size = mksize($totallen);
$description = ($html ? strip_tags($descr) : $descr);

$body = <<<EOD
Hi,

A new torrent has been uploaded.

Name: $torrent
Size: $size
Category: $cat
Uploaded by: $uploader

Description
-------------------------------------------------------------------------------
$description
-------------------------------------------------------------------------------

You can use the URL below to download the torrent (you may have to login).

$DEFAULTBASEURL/details.php?id=$id&hit=1

------
Yours,
The $SITENAME Team.
EOD;
$to = "";
$nmax = 100; // Max recipients per message
$nthis = 0;
$ntotal = 0;
$total = mysql_num_rows($res);
while ($arr = mysql_fetch_row($res))
{
  if ($nthis == 0)
    $to = $arr[0];
  else
    $to .= "," . $arr[0];
  ++$nthis;
  ++$ntotal;
  if ($nthis == $nmax || $ntotal == $total)
  {
      $sm = sent_mail("Multiple recipients <$SITEEMAIL>",$SITENAME,$SITEEMAIL,"$SITENAME New torrent - $torrent",$body,"torrent upload",false,true,$to);
    if (!$sm)
      stderr("Error", "Your torrent has been been uploaded. DO NOT RELOAD THE PAGE!\n" .
        "There was however a problem delivering the e-mail notifcations.\n" .
        "Please let an administrator know about this error!\n");
    $nthis = 0;
  }
}

/**
* User Upload če je 10. torrent :D || START
*/

$torrents_res = mysql_query("SELECT COUNT(*) FROM torrents WHERE owner = '" . $CURUSER["id"] . "'") or sqlerr();
$torrents_row = mysql_fetch_row($torrents_res);
$count = $torrents_row[0];

if ($count % 10 == 0) //če je ostanek pri deljenju z 10 enak 0
{
    //doda upload
    $pristej = 1024 * 1024 * 1024 * 5;
    mysql_query("UPDATE users SET uploaded = uploaded + " . $pristej . " WHERE id = '" . $CURUSER["id"] . "'") or sqlerr();
    
    
    $msg = sqlesc("Sistem vam je dodelil 5 Gb uploada. (Za vsak deseti naloženi torrent prejmete 5 Gb uploada)."); //vsebina sporočila
    $added = sqlesc(get_date_time());
    sql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, " . $CURUSER["id"] . ", $msg, $added)") or sqlerr(__FILE__, __LINE__);
    write_log("Uporabniku " . $CURUSER["username"] . " je Sistem dodelil 5 Gb uploada."); //log strani
}

/**
* User Upload če je 10. torrent :D || END
*/

$userid = 2738;
$username= htmlspecialchars("Sistem");
$date=sqlesc(time());
$text="<font color=red><b>Naložen je bil nov torrent: </b></font><a href=details.php?id=" . htmlspecialchars($id) . " target=_blank>" . htmlspecialchars($torrent) . "</a>" ;
    
sql_query("INSERT INTO shoutbox (id, userid, username, date, text) VALUES ('id'," . sqlesc($userid) . ", " . sqlesc($username) . ", $date, " . sqlesc($text) . ")") or sqlerr(__FILE__, __LINE__);

unset($_SESSION["upload"]);
header("Location: $BASEURL/details.php?id=".htmlspecialchars($id)."&uploaded=1");
?>
Reply With Quote
  #15  
Old 22nd December 2019, 17:51
firefly007's Avatar
firefly007 firefly007 is offline
SUPPORT GURU
 
Join Date: Jun 2010
P2P
Posts: 721
Default
Look if u ran the query to add poster to the torrent table then poster will be added at the end of the table so the same needs to apply to the query. U cant added it where ever u like. So backup takeupload.php and then edit and find and replace the main insertion query with this...

PHP Code:

$ret 
sql_query("INSERT INTO torrents (search_text, filename, info_link, owner, visible, anonymous, zanri, free, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo, poster) VALUES (" .
        
implode(","array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname$short_descr$info_link$CURUSER["id"], "no"$anonymous$zanri$freeleech$infohash$torrent$totallencount($filelist), $type$descr$descr$_POST["type"], $dname))) .
        
", '" get_date_time() . "', '" get_date_time() . "', $nfo$torrentposter)"); 
__________________




Please Support Majority Report


You can contact me on Skype live:phesadent.elect but please let me know first.


If you are ever need me desperately then please email me at dan.oak44@gmail.com and I will contact u within a week.


Due to free time I'm able to help interested member's with their tracker.

Please Note!
Depending on your requests I will charge you for my assistance for Tracker installs and mods.
All my mods are custom and prices will very depending on the request.
I'm able to install any tracker and mods including themes.

Please PM me

Reply With Quote
  #16  
Old 22nd December 2019, 19:16
Floky123 Floky123 is offline
Senior Member
 
Join Date: Nov 2013
Slovenia
Posts: 55
Default
Quote:
Originally Posted by firefly007 View Post
Look if u ran the query to add poster to the torrent table then poster will be added at the end of the table so the same needs to apply to the query. U cant added it where ever u like. So backup takeupload.php and then edit and find and replace the main insertion query with this...

PHP Code:

$ret 
sql_query("INSERT INTO torrents (search_text, filename, info_link, owner, visible, anonymous, zanri, free, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo, poster) VALUES (" .
        
implode(","array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname$short_descr$info_link$CURUSER["id"], "no"$anonymous$zanri$freeleech$infohash$torrent$totallencount($filelist), $type$descr$descr$_POST["type"], $dname))) .
        
", '" get_date_time() . "', '" get_date_time() . "', $nfo$torrentposter)"); 
New problem that i have after this..

mysql puked: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '://tvoj-orion.si/torrents_poster/0831cc6a36b904497d9ea29f43d77b6c.jpg)' at line 1
Reply With Quote
  #17  
Old 22nd December 2019, 19:55
firefly007's Avatar
firefly007 firefly007 is offline
SUPPORT GURU
 
Join Date: Jun 2010
P2P
Posts: 721
Default
Try and sanitize $torrentposter
__________________




Please Support Majority Report


You can contact me on Skype live:phesadent.elect but please let me know first.


If you are ever need me desperately then please email me at dan.oak44@gmail.com and I will contact u within a week.


Due to free time I'm able to help interested member's with their tracker.

Please Note!
Depending on your requests I will charge you for my assistance for Tracker installs and mods.
All my mods are custom and prices will very depending on the request.
I'm able to install any tracker and mods including themes.

Please PM me

Reply With Quote
  #18  
Old 22nd December 2019, 23:00
Napon Napon is offline
Banned
 
Join Date: Feb 2016
P2P
Posts: 522
Default
should be


$poster


To match the poster


so it should be



Code:
$ret = sql_query("INSERT INTO torrents (search_text, filename, info_link, owner, visible, anonymous, zanri, free, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo, poster) VALUES (" . 
        implode(",", array_map("sqlesc", array(searchfield("$shortfname$dname$torrent"), $fname, $short_descr, $info_link, $CURUSER["id"], "no", $anonymous, $zanri, $freeleech, $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) . 
        ", '" . get_date_time() . "', '" . get_date_time() . "', $nfo, $poster)");  



This is call on a sql_query you do not have $torrentposter
Reply With Quote
  #19  
Old 23rd December 2019, 12:43
firefly007's Avatar
firefly007 firefly007 is offline
SUPPORT GURU
 
Join Date: Jun 2010
P2P
Posts: 721
Default
Quote:
Originally Posted by Napon View Post
should be


$poster


To match the poster


so it should be



Code:
$ret = sql_query("INSERT INTO torrents (search_text, filename, info_link, owner, visible, anonymous, zanri, free, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo, poster) VALUES (" . 
        implode(",", array_map("sqlesc", array(searchfield("$shortfname$dname$torrent"), $fname, $short_descr, $info_link, $CURUSER["id"], "no", $anonymous, $zanri, $freeleech, $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) . 
        ", '" . get_date_time() . "', '" . get_date_time() . "', $nfo, $poster)");  



This is call on a sql_query you do not have $torrentposter
Napon I'm so glad u are participating rather than just criticizing and flaming members.
__________________




Please Support Majority Report


You can contact me on Skype live:phesadent.elect but please let me know first.


If you are ever need me desperately then please email me at dan.oak44@gmail.com and I will contact u within a week.


Due to free time I'm able to help interested member's with their tracker.

Please Note!
Depending on your requests I will charge you for my assistance for Tracker installs and mods.
All my mods are custom and prices will very depending on the request.
I'm able to install any tracker and mods including themes.

Please PM me

Reply With Quote
  #20  
Old 23rd December 2019, 18:21
Napon Napon is offline
Banned
 
Join Date: Feb 2016
P2P
Posts: 522
Default
well true but some time like bambam just can not help him self, but there you go with a want to be coder..On a sidenote ill help out where i can

Last edited by Napon; 23rd December 2019 at 18:52.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 16:05. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.