Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > Torrent Trader
Reply
  #1  
Old 10th September 2019, 13:52
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 305
Default comments.php **SQL INJECTION WARNING**
PHP Code:
<?php
//
//  TorrentTrader v2.x
//      $LastChangedDate: 2011-06-04 15:19:54 +0100 (Sat, 04 Jun 2011) $
//      $LastChangedBy: torrentialstorm $
//
//      http://www.torrenttrader.org
//
//
require_once("backend/functions.php");
require_once(
"backend/BDecode.php") ;
require_once(
"backend/bbcode.php");
dbconn();


$id = (int)$_GET["id"];
$type $_GET["type"];
$edit = (int)$_GET["edit"];
$delete = (int)$_GET["delete"];

if (
$edit == || $delete == || $_GET["takecomment"] == 'yes'loggedinonly();


if (!isset(
$id) || !$id || ($type != "torrent" && $type != "news"))
    
show_error_msg("ERROR"T_("ERROR"), 1);

if (
$edit=='1'){
    
$row mysql_fetch_assoc(mysql_query("SELECT user FROM comments WHERE id=$id"));

    if((
$CURUSER["edit_torrents"]=="no" || $CURUSER["edit_forum"]=="no") && $CURUSER['id'] != $row['user'])
        
show_error_msg("ERROR","You cant do this!",1);

        
$save = (int)$_GET["save"];

        if(
$save){
            
$text sqlesc($_POST['text']);

            
$query="UPDATE comments SET text=$text WHERE id=$id";
            
$result=mysql_query($query);
            
write_log($CURUSER['username']." has edited comment: ID:$id");
            
show_error_msg(T_("COMPLETE"), "Comment Edited OK",1);
        }

        
stdhead("Edit Comment");

        
$res mysql_query("SELECT * FROM comments WHERE id=$id");
        
$arr mysql_fetch_array($res);

        
begin_frame("Edit Comment");
        print(
"<center><b>Edit comment </b><p>\n");
        print(
"<form method=\"post\" name=\"comment\" action=\"comments.php?type=torrent&edit=1&save=1&id=$id\">\n");
        print (
"".textbbcode("comment","text","" htmlspecialchars($arr["text"]) . "")."");
        print(
"<p><input type=\"submit\" class=btn value=\"Submit Changes\" /></p></form></center>\n");
        
end_frame();
        
stdfoot();
        die();
}

if (
$delete=='1'){
    if(
$CURUSER["delete_torrents"]=="no" || $CURUSER["delete_forum"]=="no")
        
show_error_msg("ERROR","You cant do this!",1);

    if (
$type == "torrent") {
        
$res mysql_query("SELECT torrent FROM comments WHERE id=$id");
        
$row mysql_fetch_assoc($res);
        if (
$row["torrent"] > 0) {
            
mysql_query("UPDATE torrents SET comments = comments - 1 WHERE id = $row[torrent]") or die(mysql_error());
        }
    }

    
mysql_query("DELETE FROM comments WHERE id = $id");
    
write_log($CURUSER['username']." has deleted comment: ID: $id");
    
show_error_msg(T_("COMPLETE"), "Comment deleted OK"1);
}


stdhead(T_("COMMENTS"));


//take comment add
if ($_GET["takecomment"] == 'yes'){
    
$commentbody $_POST['body'];
    
    if (!
$commentbody)
        
show_error_msg(T_("ERROR"), T_("YOU_DID_NOT_ENTER_ANYTHING"), 1);

    if (
$type =="torrent"){
        
mysql_query("UPDATE torrents SET comments = comments + 1 WHERE id = $id") or die(mysql_error());
    }

    
mysql_query("INSERT INTO comments (user, ".$type.", added, text) VALUES (".$CURUSER["id"].", ".$id.", '" .get_date_time(). "', " sqlesc($body).")") or die(mysql_error());

    if (
mysql_affected_rows() == 1)
            
show_error_msg(T_("COMPLETED"), "Your Comment was added successfully."0);
        else
            
show_error_msg(T_("ERROR"), T_("UNABLE_TO_ADD_COMMENT"), 0);
}
//end insert comment

//NEWS
if ($type =="news"){
    
$res mysql_query("SELECT * FROM news WHERE id = $id");
    
$row mysql_fetch_array($res);

    if (!
$row){
        
show_error_msg(T_("ERROR"), "News id invalid"0);
        
stdfoot();
    }

    
begin_frame("News");
    echo 
"".$row['title']."<BR><BR>".format_comment($row['body'])."<BR>";
    
end_frame();
    
}

//TORRENT
if ($type =="torrent"){
    
$res mysql_query("SELECT id, name FROM torrents WHERE id = $id");
    
$row mysql_fetch_array($res);

    if (!
$row){
        
show_error_msg(T_("ERROR"), "News id invalid"0);
        
stdfoot();
    }

    echo 
"<CENTER><b>Comments for:</b> <a href=torrents-details.php?id=".$row['id'].">".htmlspecialchars($row['name'])."</a></CENTER><BR>";
    
}

begin_frame(T_("COMMENTS"));
    
    
$subres mysql_query("SELECT COUNT(*) FROM comments WHERE $type = $id") or die(mysql_error());
    
$subrow mysql_fetch_array($subres);
    
$commcount $subrow[0];

    if (
$commcount) {
        list(
$pagertop$pagerbottom$limit) = pager(10$commcount"comments.php?id=$id&type=$type&");
        
$commquery "SELECT comments.id, text, user, comments.added, avatar, signature, username, title, class, uploaded, downloaded, privacy, donated FROM comments LEFT JOIN users ON comments.user = users.id WHERE $type = $id ORDER BY comments.id $limit";
        
$commres mysql_query($commquery) or die(mysql_error());
    }else{
        unset(
$commres);
    }

    if (
$commcount) {
        print(
$pagertop);
        
commenttable($commres);
        print(
$pagerbottom);
    }else {
        print(
"<BR><b><CENTER>" .T_("NOCOMMENTS"). "</CENTER></b><BR>\n");
    }

    echo 
"<CENTER>";
    echo 
"<form name=\"comment\" method=\"post\" action=\"comments.php?type=$type&id=$id&takecomment=yes\">";
    echo 
"".textbbcode("comment","body")."<br>";
    echo 
"<input type=\"submit\" class=btn value=\"Add Comment\" />";
    echo 
"</form></CENTER>";

    
end_frame();

stdfoot();
?>
Check mysql_query() function for variables and wrap mysql_real_escape_string
__________________
\sudo,yum/
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 13:38. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2019, vBulletin Solutions Inc.