/takeedit.php
PHP | 199 lines | 122 code | 34 blank | 43 comment | 86 complexity | 72b59fe327e4f188433656cfb71aa0b5 MD5 | raw file
Possible License(s): GPL-2.0
- <?php
- /**
- * @Author Neptune
- * @Credits All credit to Retro for the great idea of his updated modtask.php
- * @Project TBDev.net
- * @Category Addon Mods
- * @Date Monday, Jan 5, 2009
- */
- require 'include/bittorrent.php';
- require 'include/bbcode_functions.php';
- define('MIN_CLASS', UC_MODERATOR);
- define('NFO_SIZE', 65535);
- $possible_extensions = array('nfo', 'txt');
-
- if (!mkglobal('id:name:descr:type')) die();
-
- $id = 0 + $id;
-
- if(!is_valid_id($id))
- stderr('Error', 'Invalid ID!');
-
- dbconn();
- maxcoder();
- if(!logged_in())
- {
- header("HTTP/1.0 404 Not Found");
- // moddifed logginorreturn by retro//Remember to change the following line to match your server
- print("<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 (xxxxx) Server at ".$_SERVER['SERVER_NAME']." Port 80</address></body></html>\n");
- die();
- }
- /**
- * @Function valid_torrent_name
- * @Notes only safe characters are allowed..
- * @Begin
- */
- function valid_torrent_name($torrent_name) {
-
- $allowedchars = 'abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_';
- for ($i = 0; $i < strlen($torrent_name); ++$i)
- if (strpos($allowedchars, $torrent_name[$i]) === false)
- return false;
- return true;
-
- }
- /**
- * @Function valid_torrent_name
- * @Notes only safe characters are allowed..
- * @End
- */
- /**
- * @Function is_valid_url
- * @Begin
- */
- if (!function_exists('is_valid_url')) {
-
- function is_valid_url($link) {
-
- return preg_match('|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $link);
-
- }
- }
-
- /**
- * @Function is_valid_url
- * @End
- */
-
- $select_torrent = mysql_query('SELECT * FROM torrents WHERE id = ' . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
- $fetch_assoc = mysql_fetch_assoc($select_torrent) or stderr('Error', 'No torrent with this ID!');
-
- if ($CURUSER['id'] != $fetch_assoc['owner'] && get_user_class() < MIN_CLASS)
- stderr('You\'re not the owner!', 'How did that happen?');
-
- $updateset = array();
-
- $fname = $fetch_assoc['filename'];
- preg_match('/^(.+)\.torrent$/si', $fname, $matches);
- $shortfname = $matches[1];
- $dname = $fetch_assoc['save_as'];
-
- if ((isset($_POST['nfoaction'])) && ($_POST['nfoaction'] == 'update')) {
-
- if (empty($_FILES['nfo']['name']))
- stderr('Updated failed', 'No NFO!');
-
- if ($_FILES['nfo']['size'] == 0)
- stderr('Updated failed', '0-byte NFO!');
-
- if (!preg_match('/^(.+)\.['.join(']|[', $possible_extensions).']$/si', $_FILES['nfo']['name']))
- stderr('Updated failed', 'Invalid extension. <b>' . join(', ', $possible_extensions).'</b> only!', FALSE);
-
- if (!empty($_FILES['nfo']['name']) && $_FILES['nfo']['size'] > NFO_SIZE)
- stderr('Updated failed', 'NFO is too big! Max ' . number_format(NFO_SIZE) . ' bytes!');
-
- if (@is_uploaded_file($_FILES['nfo']['tmp_name']) && @filesize($_FILES['nfo']['tmp_name']) > 0)
- $updateset[] = "nfo = " . sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", file_get_contents($_FILES['nfo']['tmp_name'])));
-
- }
-
- else
- $updateset[] = 'nfo = ""';
-
- // Make sure they do not forget to fill these fields :D
- foreach(explode('||',"$descr||$type||$name") as $cannotbeblank) {
-
- if (empty($cannotbeblank))
- stderr('Updated failed', 'Missing form data!');
-
- }
- // Make sure they do not forget to fill these fields :D
-
- if(isset($_POST['name']) && (($name = $_POST['name']) != $fetch_assoc['name']) && valid_torrent_name($name))
- $updateset[] = 'name = ' . sqlesc($name);
- $updateset[] = 'search_text = ' . sqlesc(searchfield("$shortfname $dname $torrent"));
-
- if(isset($_POST['descr']) && ($descr = $_POST['descr']) != $fetch_assoc['descr'])
- $updateset[] = 'descr = ' . sqlesc($descr);
- $updateset[] = 'ori_descr = ' . sqlesc($descr);
-
- if(isset($_POST['type']) && (($category = 0 + $_POST['type']) != $fetch_assoc['category']) && is_valid_id($category))
- $updateset[] = 'category = ' . sqlesc($category);
-
- if(($visible = ($_POST['visible'] != ''?'yes':'no')) != $fetch_assoc['visible'])
- $updateset[] = 'visible = ' . sqlesc($visible);
- /**
- * @Custom Mods
- * @Notes Uncomment the mods you want..
- */
- //==Sticky torrents by tony
- if(($sticky = ($_POST['sticky'] != ''?'yes':'no')) != $fetch_assoc['sticky'])
- $updateset[] = 'sticky = ' . sqlesc($sticky);
- //==Simple nuke/reason mod by BIGBOSS
- if(isset($_POST['nuked']) && ($nuked = $_POST['nuked']) != $fetch_assoc['nuked'])
- $updateset[] = 'nuked = ' . sqlesc($nuked);
- if(isset($_POST['nukereason']) && ($nukereason = $_POST['nukereason']) != $fetch_assoc['nukereason'])
- $updateset[] = 'nukereason = ' . sqlesc($nukereason);
- //== Poster Mod by johim and EnzoF1
- if(isset($_POST['poster']) && (($poster = $_POST['poster']) != $fetch_assoc['poster'] && !empty($poster)))
- if (!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $poster))
- stderr('Updated failed', 'Poster MUST be in jpg, gif or png format. Make sure you include http:// in the URL.');
- $updateset[] = 'poster = ' . sqlesc($poster);
- //==Genre Mod without mysql table by Traffic
- $genreaction = $_POST['genre'];
- if ($genreaction != "keep") {
-
- if (isset($_POST["music"]))
- $genre = implode(",", $_POST['music']);
- elseif (isset($_POST["movie"]))
- $genre = implode(",", $_POST['movie']);
- elseif (isset($_POST["game"]))
- $genre = implode(",", $_POST['game']);
- $updateset[] = "newgenre = " .sqlesc($genre);
-
- }
- if(($recommended = isset($_POST['recommended']) ? ($_POST['recommended'] == 'yes' ? 'yes' : 'no') : 'no') != $fetch_assoc['recommended'])
- $updateset[] = 'recommended = ' . sqlesc($recommended);
- //===count stats / free download
- if ((isset($_POST['countstats'])) && (($countstats = $_POST['countstats']) != $row['countstats'])){
- if(get_user_class() >= UC_MODERATOR)
- $updateset[] = "countstats = " . sqlesc($countstats);
- }
- else
- $updateset[] = "countstats = 'yes'";
- //==vip
- if(($vip = ($_POST['vip'] == 1?'yes':'no')) != $fetch_assoc['vip'])
- $updateset[] = 'vip = ' . sqlesc($vip);
- //==Requested & Released Type by dokty
- if(($scene = ($_POST['scene'] == 'no'?'no':'yes')) != $fetch_assoc['scene'])
- $updateset[] = 'scene = ' . sqlesc($scene);
-
- if(($request = ($_POST['request'] == 'no'?'no':'yes')) != $fetch_assoc['request'])
- $updateset[] = 'request = ' . sqlesc($request);
- /////////////////////imdb mod///////////////////
- if(isset($_POST['url']) && (($url = $_POST['url']) != $fetch_assoc['url'] && !empty($url)))
- if (!preg_match('|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $url))
- stderr('Updated failed', 'Make sure you include http:// in the URL.');
- $updateset[] = 'url = ' . sqlesc($url);
- /////////////////////utube mod///////////////////
- if(isset($_POST['tube']) && (($tube = $_POST['tube']) != $fetch_assoc['tube'] && !empty($tube)))
- if (!preg_match('|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $tube))
- stderr('Updated failed', 'Make sure you include http:// in the URL.');
- $updateset[] = 'tube = ' . sqlesc($tube);
- //==Anonymous mod
- if(($anonymous = ($_POST['anonymous'] != ''?'yes':'no')) != $fetch_assoc['anonymous'])
- $updateset[] = 'anonymous = ' . sqlesc($anonymous);
- /////////////torrent mulplier//////////////
- if(get_user_class() >= UC_ADMINISTRATOR)
- $multiplicator = (isset($_POST['multiplicator']) ? $_POST['multiplicator'] : '');
- $valid_inputs = array(2,3,4,5);
- $multiplicator = (($multiplicator && in_array($multiplicator,$valid_inputs)) ? $multiplicator : 0);
- if($multiplicator != $fetch_assoc['multiplicator'])
- $updateset[] = 'multiplicator = ' . sqlesc($multiplicator);
- mysql_query('UPDATE torrents SET ' . implode(',', $updateset) . ' WHERE id = ' . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
-
- write_log(htmlspecialchars($name) . ' was edited by ' . (($fetch_assoc['anonymous'] == 'yes') ? 'Anonymous' : htmlspecialchars($CURUSER['username'])));
-
- $returl = (isset($_POST['returnto']) ? '&returnto=' . urlencode($_POST['returnto']) : 'details.php?id=' . $id . '&edited=1');
- header("Refresh: 0; url=$returl");
- ?>