PageRenderTime 53ms CodeModel.GetById 28ms RepoModel.GetById 0ms app.codeStats 0ms

/dead/takeupload.php

https://bitbucket.org/nexea/x00n
PHP | 271 lines | 165 code | 47 blank | 59 comment | 41 complexity | 8218a87cb23f23d4e3e167781a258b26 MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. <?

    2. 

  2. 

    3. 

  3. require_once("include/benc.php");

    4. 

  4. require_once("include/bittorrent.php");

    5. 

  5. require "rconpasswords.php";

    6. 

  6. 

    7. 

  7. 

    8. 

  8. 

    9. 

  9. ini_set("upload_max_filesize",$max_torrent_size);

    10. 

  10. 

    11. 

  11. function bark($msg) {

    12. 

  12. 	genbark($msg, "Upload failed!");

    13. 

  13. }

    14. 

  14. 

    15. 

  15. dbconn(); 

    16. 

  16. 

    17. 

  17. 

    18. 

  18. 

    19. 

  19. loggedinorreturn();

    20. 

  20. 

    21. 

  21. if (get_user_class() < UC_UPLOADER)

    22. 

  22.   die;

    23. 

  23. 

    24. 

  24. foreach(explode(":","descr:type:name") as $v) {

    25. 

  25. 	if (!isset($_POST[$v]))

    26. 

  26. 		bark("missing form data");

    27. 

  27. }

    28. 

  28. 

    29. 

  29. if (!isset($_FILES["file"]))

    30. 

  30. 	bark("missing form data");

    31. 

  31. 

    32. 

  32. $f = $_FILES["file"];

    33. 

  33. $fname = unesc($f["name"]);

    34. 

  34. if (empty($fname))

    35. 

  35. 	bark("Empty filename!");

    36. 

  36. 	

    37. 

  37. 

    38. 

  38. 

    39. 

  39. 

    40. 

  40. $descr = unesc($_POST["descr"]);

    41. 

  41. if (!$descr)

    42. 

  42.   bark("You must enter a description!");

    43. 

  43. 

    44. 

  44. $catid = (0 + $_POST["type"]);

    45. 

  45. if (!is_valid_id($catid))

    46. 

  46. 	bark("You must select a category to put the torrent in!");

    47. 

  47. 	

    48. 

  48. if (!validfilename($fname))

    49. 

  49. 	bark("Invalid filename!");

    50. 

  50. if (!preg_match('/^(.+)\.torrent$/si', $fname, $matches))

    51. 

  51. 	bark("Invalid filename (not a .torrent).");

    52. 

  52. $shortfname = $torrent = $matches[1];

    53. 

  53. if (!empty($_POST["name"]))

    54. 

  54. 	$torrent = unesc($_POST["name"]);

    55. 

  55. 

    56. 

  56. $tmpname = $f["tmp_name"];

    57. 

  57. if (!is_uploaded_file($tmpname))

    58. 

  58. 	bark("eek");

    59. 

  59. if (!filesize($tmpname))

    60. 

  60. 	bark("Empty file!");

    61. 

  61. 

    62. 

  62. $dict = bdec_file($tmpname, $max_torrent_size);

    63. 

  63. if (!isset($dict))

    64. 

  64. 	bark("What the hell did you upload? This is not a bencoded file!");

    65. 

  65. 

    66. 

  66. function dict_check($d, $s) {

    67. 

  67. 	if ($d["type"] != "dictionary")

    68. 

  68. 		bark("not a dictionary");

    69. 

  69. 	$a = explode(":", $s);

    70. 

  70. 	$dd = $d["value"];

    71. 

  71. 	$ret = array();

    72. 

  72. 	foreach ($a as $k) {

    73. 

  73. 		unset($t);

    74. 

  74. 		if (preg_match('/^(.*)\((.*)\)$/', $k, $m)) {

    75. 

  75. 			$k = $m[1];

    76. 

  76. 			$t = $m[2];

    77. 

  77. 		}

    78. 

  78. 		if (!isset($dd[$k]))

    79. 

  79. 			bark("dictionary is missing key(s)");

    80. 

  80. 		if (isset($t)) {

    81. 

  81. 			if ($dd[$k]["type"] != $t)

    82. 

  82. 				bark("invalid entry in dictionary");

    83. 

  83. 			$ret[] = $dd[$k]["value"];

    84. 

  84. 		}

    85. 

  85. 		else

    86. 

  86. 			$ret[] = $dd[$k];

    87. 

  87. 	}

    88. 

  88. 	return $ret;

    89. 

  89. }

    90. 

  90. 

    91. 

  91. function dict_get($d, $k, $t) {

    92. 

  92. 	if ($d["type"] != "dictionary")

    93. 

  93. 		bark("not a dictionary");

    94. 

  94. 	$dd = $d["value"];

    95. 

  95. 	if (!isset($dd[$k]))

    96. 

  96. 		return;

    97. 

  97. 	$v = $dd[$k];

    98. 

  98. 	if ($v["type"] != $t)

    99. 

  99. 		bark("invalid dictionary entry type");

    100. 

  100. 	return $v["value"];

    101. 

  101. }

    102. 

  102. 

    103. 

  103. list($ann, $info) = dict_check($dict, "announce(string):info");

    104. 

  104. list($dname, $plen, $pieces) = dict_check($info, "name(string):piece length(integer):pieces(string)");

    105. 

  105. 

    106. 

  106. if (!in_array($ann, $announce_urls, 1))

    107. 

  107. 	bark("invalid announce url! must be <b>" . $announce_urls[0] . "</b>");

    108. 

  108. 

    109. 

  109. if (strlen($pieces) % 20 != 0)

    110. 

  110. 	bark("invalid pieces");

    111. 

  111. 

    112. 

  112. $filelist = array();

    113. 

  113. $totallen = dict_get($info, "length", "integer");

    114. 

  114. if (isset($totallen)) {

    115. 

  115. 	$filelist[] = array($dname, $totallen);

    116. 

  116. 	$type = "single";

    117. 

  117. }

    118. 

  118. else {

    119. 

  119. 	$flist = dict_get($info, "files", "list");

    120. 

  120. 	if (!isset($flist))

    121. 

  121. 		bark("missing both length and files");

    122. 

  122. 	if (!count($flist))

    123. 

  123. 		bark("no files");

    124. 

  124. 	$totallen = 0;

    125. 

  125. 	foreach ($flist as $fn) {

    126. 

  126. 		list($ll, $ff) = dict_check($fn, "length(integer):path(list)");

    127. 

  127. 		$totallen += $ll;

    128. 

  128. 		$ffa = array();

    129. 

  129. 		foreach ($ff as $ffe) {

    130. 

  130. 			if ($ffe["type"] != "string")

    131. 

  131. 				bark("filename error");

    132. 

  132. 			$ffa[] = $ffe["value"];

    133. 

  133. 		}

    134. 

  134. 		if (!count($ffa))

    135. 

  135. 			bark("filename error");

    136. 

  136. 		$ffe = implode("/", $ffa);

    137. 

  137. 		$filelist[] = array($ffe, $ll);

    138. 

  138. 	}

    139. 

  139. 	$type = "multi";

    140. 

  140. }

    141. 

  141. 

    142. 

  142. $infohash = pack("H*", sha1($info["string"]));

    143. 

  143. 

    144. 

  144. 

    145. 

  145. // Replace punctuation characters with spaces

    146. 

  146. 

    147. 

  147. $torrent = str_replace("_", " ", $torrent);

    148. 

  148. 

    149. 

  149. $ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action) VALUES (" .

    150. 

  150. 		implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "no", $infohash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) .

    151. 

  151. 		", '" . get_date_time() . "', '" . get_date_time() . "')");

    152. 

  152. if (!$ret) {

    153. 

  153. 	if (mysql_errno() == 1062)

    154. 

  154. 		bark("torrent already uploaded!");

    155. 

  155. 	bark("mysql puked: ".mysql_error());

    156. 

  156. }

    157. 

  157. $id = mysql_insert_id();

    158. 

  158. 

    159. 

  159. @mysql_query("DELETE FROM files WHERE torrent = $id");

    160. 

  160. foreach ($filelist as $file) {

    161. 

  161. 	@mysql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")");

    162. 

  162. }

    163. 

  163. 

    164. 

  164. move_uploaded_file($tmpname, "$torrent_dir/$id.torrent");

    165. 

  165. 

    166. 

  166. write_log("Torrent $id ($torrent) was uploaded by " . $CURUSER["username"]);

    167. 

  167. 

    168. 

  168. 

    169. 

  169. /* Game server notif  */

    170. 

  170. 

    171. 

  171. $f = fsockopen("udp://62.212.84.221", 28960);

    172. 

  172. socket_set_timeout($f, 1);

    173. 

  173. fwrite($f, "\xFF\xFF\xFF\xFFrcon $rconpassword say Torrent uploaded: $torrent\n");

    174. 

  174. fread($f, 8192);

    175. 

  175. fclose($f);

    176. 

  176. 

    177. 

  177. 

    178. 

  178. 

    179. 

  179. /* RSS feeds */

    180. 

  180. 

    181. 

  181. if (($fd1 = @fopen("rss.xml", "w")) && ($fd2 = fopen("rssdd.xml", "w")))

    182. 

  182. {

    183. 

  183. 	$cats = "";

    184. 

  184. 	$res = mysql_query("SELECT id, name FROM categories");

    185. 

  185. 	while ($arr = mysql_fetch_assoc($res))

    186. 

  186. 		$cats[$arr["id"]] = $arr["name"];

    187. 

  187. 	$s = "<?xml version=\"1.0\" encoding=\"iso-8859-1\" ?>\n<rss version=\"0.91\">\n<channel>\n" .

    188. 

  188. 		"<title>TorrentBits</title>\n<description>0-week torrents</description>\n<link>$DEFAULTBASEURL/</link>\n";

    189. 

  189. 	@fwrite($fd1, $s);

    190. 

  190. 	@fwrite($fd2, $s);

    191. 

  191. 	$r = mysql_query("SELECT id,name,descr,filename,category FROM torrents ORDER BY added DESC LIMIT 15") or sqlerr(__FILE__, __LINE__);

    192. 

  192. 	while ($a = mysql_fetch_assoc($r))

    193. 

  193. 	{

    194. 

  194. 		$cat = $cats[$a["category"]];

    195. 

  195. 		$s = "<item>\n<title>" . htmlspecialchars($a["name"] . " ($cat)") . "</title>\n" .

    196. 

  196. 			"<description>" . htmlspecialchars($a["descr"]) . "</description>\n";

    197. 

  197. 		@fwrite($fd1, $s);

    198. 

  198. 		@fwrite($fd2, $s);

    199. 

  199. 		@fwrite($fd1, "<link>$DEFAULTBASEURL/details.php?id=$a[id]&amp;hit=1</link>\n</item>\n");

    200. 

  200. 		$filename = htmlspecialchars($a["filename"]);

    201. 

  201. 		@fwrite($fd2, "<link>$DEFAULTBASEURL/download/$a[id]/$filename</link>\n</item>\n");

    202. 

  202. 	}

    203. 

  203. 	$s = "</channel>\n</rss>\n";

    204. 

  204. 	@fwrite($fd1, $s);

    205. 

  205. 	@fwrite($fd2, $s);

    206. 

  206. 	@fclose($fd1);

    207. 

  207. 	@fclose($fd2);

    208. 

  208. }

    209. 

  209. 

    210. 

  210. /* Email notifs */

    211. 

  211. /*******************

    212. 

  212. 

    213. 

  213. $res = mysql_query("SELECT name FROM categories WHERE id=$catid") or sqlerr();

    214. 

  214. $arr = mysql_fetch_assoc($res);

    215. 

  215. $cat = $arr["name"];

    216. 

  216. $res = mysql_query("SELECT email FROM users WHERE enabled='yes' AND notifs LIKE '%[cat$catid]%'") or sqlerr();

    217. 

  217. $uploader = $CURUSER['username'];

    218. 

  218. 

    219. 

  219. $size = mksize($totallen);

    220. 

  220. $description = ($html ? strip_tags($descr) : $descr);

    221. 

  221. 

    222. 

  222. $body = <<<EOD

    223. 

  223. A new torrent has been uploaded.

    224. 

  224. 

    225. 

  225. Name: $torrent

    226. 

  226. Size: $size

    227. 

  227. Category: $cat

    228. 

  228. Uploaded by: $uploader

    229. 

  229. 

    230. 

  230. Description

    231. 

  231. -------------------------------------------------------------------------------

    232. 

  232. $description

    233. 

  233. -------------------------------------------------------------------------------

    234. 

  234. 

    235. 

  235. You can use the URL below to download the torrent (you may have to login).

    236. 

  236. 

    237. 

  237. $DEFAULTBASEURL/details.php?id=$id&hit=1

    238. 

  238. 

    239. 

  239. -- 

    240. 

  240. $SITENAME

    241. 

  241. EOD;

    242. 

  242. $to = "";

    243. 

  243. $nmax = 100; // Max recipients per message

    244. 

  244. $nthis = 0;

    245. 

  245. $ntotal = 0;

    246. 

  246. $total = mysql_num_rows($res);

    247. 

  247. while ($arr = mysql_fetch_row($res))

    248. 

  248. {

    249. 

  249.   if ($nthis == 0)

    250. 

  250.     $to = $arr[0];

    251. 

  251.   else

    252. 

  252.     $to .= "," . $arr[0];

    253. 

  253.   ++$nthis;

    254. 

  254.   ++$ntotal;

    255. 

  255.   if ($nthis == $nmax || $ntotal == $total)

    256. 

  256.   {

    257. 

  257.     if (!mail("Multiple recipients <$SITEEMAIL>", "New torrent - $torrent", $body,

    258. 

  258.     "From: $SITEEMAIL\r\nBcc: $to", "-f$SITEEMAIL"))

    259. 

  259. 	  stderr("Error", "Your torrent has been been uploaded. DO NOT RELOAD THE PAGE!\n" .

    260. 

  260. 	    "There was however a problem delivering the e-mail notifcations.\n" .

    261. 

  261. 	    "Please let an administrator know about this error!\n");

    262. 

  262.     $nthis = 0;

    263. 

  263.   }

    264. 

  264. }

    265. 

  265. *******************/

    266. 

  266. 

    267. 

  267. header("Location: $DEFAULTBASEURL/details.php?id=$id&uploaded=1");

    268. 

  268. 

    269. 

  269. 

    270. 

  270. 

    271. 

  271. ?>

    272. 

  272.