PageRenderTime 25ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/takemultiupload.php

https://github.com/Bigjoos/U-232-V2
PHP | 350 lines | 323 code | 16 blank | 11 comment | 55 complexity | 632e5f3d11f9785a3396ff7bb8d2cbb9 MD5 | raw file
    

  1. <?php

    2. 

  2. /**

    3. 

  3.  *   https://09source.kicks-ass.net:8443/svn/installer09/

    4. 

  4.  *   Licence Info: GPL

    5. 

  5.  *   Copyright (C) 2010 Installer09 v.2

    6. 

  6.  *   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.

    7. 

  7.  *   Project Leaders: Mindless,putyn,kidvision.

    8. 

  8.  **/

    9. 

  9. require_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'include'.DIRECTORY_SEPARATOR.'bittorrent.php');

    10. 

  10. require_once(INCL_DIR.'benc.php');

    11. 

  11. require_once(INCL_DIR.'user_functions.php');

    12. 

  12. require_once(CLASS_DIR.'page_verify.php');

    13. 

  13. dbconn(); 

    14. 

  14. loggedinorreturn();

    15. 

  15.     

    16. 

  16.     $lang = array_merge( load_language('global'), load_language('takeupload') );

    17. 

  17.     $newpage = new page_verify(); 

    18. 

  18.     $newpage->check('tamud');

    19. 

  19.     if ($CURUSER['class'] < UC_UPLOADER OR $CURUSER["uploadpos"] == 0 || $CURUSER["uploadpos"] > 1 || $CURUSER['suspended'] == 'yes')

    20. 

  20.     header( "Location: {$INSTALLER09['baseurl']}/multiupload.php" );

    21. 

  21. 

    22. 

  22.     $nfofilename = array();

    23. 

  23.     $matches = array();

    24. 

  24.     $fname = array();

    25. 

  25. 

    26. 

  26.     if (!isset($_FILES["file1"]) && !isset($_FILES["file2"]) && !isset($_FILES["file3"]) && !isset($_FILES["file4"]) && !isset($_FILES["file5"])) {

    27. 

  27.     stderr("Ooops", "You didn't specify a filename!");

    28. 

  28.     } else {

    29. 

  29.     $f1 = $_FILES["file1"];

    30. 

  30.     $nfofile1 = $_FILES['nfo1'];

    31. 

  31.     $fname[] = unesc($f1["name"]);

    32. 

  32.     if ($nfofile1['size'] > 65535)

    33. 

  33.     stderr("Oops", "No NFO! for #1 torrent OR NFO #1 is too big! Max 65,535 bytes.");

    34. 

  34. 

    35. 

  35.     $f2 = $_FILES["file2"];

    36. 

  36.     $nfofile2 = $_FILES['nfo2'];

    37. 

  37.     $fname[] = unesc($f2["name"]);

    38. 

  38.     if ($nfofile2['size'] > 65535)

    39. 

  39.     stderr("Error", "No NFO! for #2 torrent OR NFO #2 is too big! Max 65,535 bytes.");

    40. 

  40. 

    41. 

  41.     $f3 = $_FILES["file3"];

    42. 

  42.     $nfofile3 = $_FILES['nfo3'];

    43. 

  43.     $fname[] = unesc($f3["name"]);

    44. 

  44.     if ($nfofile3['size'] > 65535)

    45. 

  45.     stderr("Oops", "No NFO! for #3 torrent OR NFO #3 is too big! Max 65,535 bytes.");

    46. 

  46. 

    47. 

  47.     $f4 = $_FILES["file4"];

    48. 

  48.     $nfofile4 = $_FILES['nfo4'];

    49. 

  49.     $fname[] = unesc($f4["name"]);

    50. 

  50.     if ($nfofile4['size'] > 65535)

    51. 

  51.     stderr("Oops", "No NFO! for #4 torrent OR NFO #4 is too big! Max 65,535 bytes.");

    52. 

  52. 

    53. 

  53.     $f5 = $_FILES["file5"];

    54. 

  54.     $nfofile5 = $_FILES['nfo5'];

    55. 

  55.     $fname[] = unesc($f5["name"]);

    56. 

  56.     if ($nfofile5['size'] > 65535)

    57. 

  57.     stderr("Oops", "No NFO! #5 torrent OR NFO #5 is too big! Max 65,535 bytes.");

    58. 

  58.     

    59. 

  59.     function dict_check($d, $s)

    60. 

  60.     {

    61. 

  61.     // echo $d["type"];

    62. 

  62.     // print_r($d);

    63. 

  63.     if ($d["type"] != "dictionary")

    64. 

  64.         stderr("Oops", "not a dictionary");

    65. 

  65. 

    66. 

  66.     $a = explode(":", $s);

    67. 

  67.     $dd = $d["value"];

    68. 

  68.     $ret = array();

    69. 

  69.     foreach ($a as $k) {

    70. 

  70.         unset($t);

    71. 

  71.         if (preg_match('/^(.*)\((.*)\)$/', $k, $m)) {

    72. 

  72.             $k = $m[1];

    73. 

  73.             $t = $m[2];

    74. 

  74.         }

    75. 

  75.         if (!isset($dd[$k]))

    76. 

  76.             stderr("Oops", "dictionary is missing key(s)");

    77. 

  77.         if (isset($t)) {

    78. 

  78.             if ($dd[$k]["type"] != $t)

    79. 

  79.                 stderr("Oops", "invalid entry in dictionary");

    80. 

  80.             $ret[] = $dd[$k]["value"];

    81. 

  81.         } else

    82. 

  82.             $ret[] = $dd[$k];

    83. 

  83.     }

    84. 

  84.     return $ret;

    85. 

  85. }

    86. 

  86. 

    87. 

  87. function dict_get($d, $k, $t)

    88. 

  88. {

    89. 

  89.     if ($d["type"] != "dictionary")

    90. 

  90.         stderr("Oops", "not a dictionary");

    91. 

  91.     $dd = $d["value"];

    92. 

  92.     if (!isset($dd[$k]))

    93. 

  93.         return;

    94. 

  94.     $v = $dd[$k];

    95. 

  95.     if ($v["type"] != $t)

    96. 

  96.         stderr("Oops", "invalid dictionary entry type");

    97. 

  97.     return $v["value"];

    98. 

  98. }

    99. 

  99. 

    100. 

  100.     //== Some crucial checks

    101. 

  101.     if (!validfilename($fname[0]) || !validfilename($fname[1]) || !validfilename($fname[2]) || !validfilename($fname[3]) || !validfilename($fname[4]))

    102. 

  102.     stderr("Oops", "One of the filenames was invalid!");

    103. 

  103. 

    104. 

  104.     if (!preg_match('/^(.+)\.torrent$/si', $fname[0], $matches[0]))

    105. 

  105.     stderr("Oops", "Invalid filename 1(not a .torrent).");

    106. 

  106.     if (!preg_match('/^(.+)\.torrent$/si', $fname[1], $matches[1]))

    107. 

  107.     stderr("Oops", "Invalid filename 2(not a .torrent).");

    108. 

  108.     if (!preg_match('/^(.+)\.torrent$/si', $fname[2], $matches[2]))

    109. 

  109.     stderr("Oops", "Invalid filename 3(not a .torrent).");

    110. 

  110.     if (!preg_match('/^(.+)\.torrent$/si', $fname[3], $matches[3]))

    111. 

  111.     stderr("Oops", "Invalid filename 4(not a .torrent).");

    112. 

  112.     if (!preg_match('/^(.+)\.torrent$/si', $fname[4], $matches[4]))

    113. 

  113.     stderr("Oops", "Invalid filename 5(not a .torrent).");

    114. 

  114.     //== very important check in terms of security

    115. 

  115.     if ($nfofile1['name'] != '')

    116. 

  116.         $nfofilename[] = $nfofile1['tmp_name'];

    117. 

  117.     if (@!is_uploaded_file($nfofilename[0]))

    118. 

  118.         stderr("Oops", "NFO1 upload failed");

    119. 

  119.     if ($nfofile2['name'] != '')

    120. 

  120.         $nfofilename[] = $nfofile2['tmp_name'];

    121. 

  121.     if (@!is_uploaded_file($nfofilename[1]))

    122. 

  122.         stderr("Oops", "NFO2 upload failed");

    123. 

  123.     if ($nfofile3['name'] != '')

    124. 

  124.         $nfofilename[] = $nfofile3['tmp_name'];

    125. 

  125.     if (@!is_uploaded_file($nfofilename[2]))

    126. 

  126.         stderr("Oops", "NFO3 upload failed");

    127. 

  127.     if ($nfofile4['name'] != '')

    128. 

  128.         $nfofilename[] = $nfofile4['tmp_name'];

    129. 

  129.     if (@!is_uploaded_file($nfofilename[3]))

    130. 

  130.         stderr("Oops", "NFO4 upload failed");

    131. 

  131.     if ($nfofile5['name'] != '')

    132. 

  132.         $nfofilename[] = $nfofile5['tmp_name'];

    133. 

  133.     if (@!is_uploaded_file($nfofilename[4]))

    134. 

  134.         stderr("oOPS", "NFO5 upload failed");

    135. 

  135.     }

    136. 

  136. 

    137. 

  137.     $descr = unesc($_POST["description"]);

    138. 

  138.     if (!$descr) {

    139. 

  139.     stderr("Oops", "Please select either 'Take description from its respective NFO' OR enter a custom description to go with all torrents'");

    140. 

  140.     }

    141. 

  141. 

    142. 

  142.     $cat = array();

    143. 

  143.     $catid = (0 + $_POST["alltype"]);

    144. 

  144.     if (!is_valid_id($catid))

    145. 

  145.     stderr("Oops", "You must select a category to put ALL the torrent in!");

    146. 

  146. //== Use the posted type category first -- if not set then just apply from settings

    147. 

  147. if (isset($_POST["type1"])) {

    148. 

  148.     $cat[0] = 0 + $_POST["type1"];

    149. 

  149.     if (!is_valid_id($cat[0]))

    150. 

  150.         $cat[0] = 0 + $_POST["alltype"];

    151. 

  151. }

    152. 

  152. if (isset($_POST["type2"])) {

    153. 

  153.     $cat[1] = 0 + $_POST["type2"];

    154. 

  154.     if (!is_valid_id($cat[1]))

    155. 

  155.         $cat[1] = 0 + $_POST["alltype"];

    156. 

  156. }

    157. 

  157. if (isset($_POST["type3"])) {

    158. 

  158.     $cat[2] = 0 + $_POST["type3"];

    159. 

  159.     if (!is_valid_id($cat[2]))

    160. 

  160.         $cat[2] = 0 + $_POST["alltype"];

    161. 

  161. }

    162. 

  162. 

    163. 

  163. if (isset($_POST["type4"])) {

    164. 

  164.     $cat[3] = 0 + $_POST["type4"];

    165. 

  165.     if (!is_valid_id($cat[3]))

    166. 

  166.         $cat[3] = 0 + $_POST["alltype"];

    167. 

  167. }

    168. 

  168. if (isset($_POST["type5"])) {

    169. 

  169.     $cat[4] = 0 + $_POST["type5"];

    170. 

  170.     if (!is_valid_id($cat[4]))

    171. 

  171.         $cat[4] = 0 + $_POST["alltype"];

    172. 

  172. }

    173. 

  173. 

    174. 

  174. if(isset($_POST['uplver1']) && $_POST['uplver1'] == 'yes') {

    175. 

  175.      $anonymous = "yes";

    176. 

  176.      $anon = "Anonymous";

    177. 

  177.      } else {

    178. 

  178.      $anonymous = "no";

    179. 

  179.      $anon = $CURUSER["username"];

    180. 

  180.      }

    181. 

  181. if(isset($_POST['uplver2']) && $_POST['uplver2'] == 'yes') {

    182. 

  182.      $anonymous = "yes";

    183. 

  183.      $anon = "Anonymous";

    184. 

  184.      } else {

    185. 

  185.      $anonymous = "no";

    186. 

  186.      $anon = $CURUSER["username"];

    187. 

  187.      }

    188. 

  188. if(isset($_POST['uplver3']) && $_POST['uplver3'] == 'yes') {

    189. 

  189.      $anonymous = "yes";

    190. 

  190.      $anon = "Anonymous";

    191. 

  191.      } else {

    192. 

  192.      $anonymous = "no";

    193. 

  193.      $anon = $CURUSER["username"];

    194. 

  194.      }

    195. 

  195. if(isset($_POST['uplver4']) && $_POST['uplver4'] == 'yes') {

    196. 

  196.      $anonymous = "yes";

    197. 

  197.      $anon = "Anonymous";

    198. 

  198.      } else {

    199. 

  199.      $anonymous = "no";

    200. 

  200.      $anon = $CURUSER["username"];

    201. 

  201.      }

    202. 

  202. if(isset($_POST['uplver5']) && $_POST['uplver5'] == 'yes') {

    203. 

  203.      $anonymous = "yes";

    204. 

  204.      $anon = "Anonymous";

    205. 

  205.      } else {

    206. 

  206.      $anonymous = "no";

    207. 

  207.      $anon = $CURUSER["username"];

    208. 

  208.      }

    209. 

  209. //== Arrays

    210. 

  210. $shortname = array();

    211. 

  211. $tmpname = array();

    212. 

  212. $dict = array();

    213. 

  213. $ann = array();

    214. 

  214. $info = array();

    215. 

  215. $dbname = array();

    216. 

  216. $plen = array();

    217. 

  217. $pieces = array();

    218. 

  218. $filelist = array();

    219. 

  219. $totallen = array();

    220. 

  220. $infohash = array();

    221. 

  221. $torrent = array();

    222. 

  222. $nfo = array();

    223. 

  223. $ids = array();

    224. 

  224. $tmpname[] = $f1["tmp_name"];

    225. 

  225. $tmpname[] = $f2["tmp_name"];

    226. 

  226. $tmpname[] = $f3["tmp_name"];

    227. 

  227. $tmpname[] = $f4["tmp_name"];

    228. 

  228. $tmpname[] = $f5["tmp_name"];

    229. 

  229. $i = 0; 

    230. 

  230. 

    231. 

  231. foreach($tmpname as $value) {

    232. 

  232.     $shortfname[$i] = $torrent[$i] = $matches[$i];

    233. 

  233. 

    234. 

  234.     if (!is_uploaded_file($value))

    235. 

  235.         stderr("Opps", "Bad filename found on file no #$i");

    236. 

  236.     if (!filesize($value))

    237. 

  237.         stderr("Oops", "Empty file! $value");

    238. 

  238. 

    239. 

  239.     $dict[] = bdec_file($value, $INSTALLER09['max_torrent_size']);

    240. 

  240.   

    241. 

  241.     if (!isset($dict[$i]))

    242. 

  242.         stderr("Oops", "What the hell did you upload? This is not a bencoded file 1!");

    243. 

  243.     

    244. 

  244.     list($ann[$i], $info[$i]) = dict_check($dict[$i], "announce(string):info");

    245. 

  245.     list($dname[$i], $plen[$i], $pieces[$i]) = dict_check($info[$i], "name(string):piece length(integer):pieces(string)");

    246. 

  246.     if (!in_array($ann[$i], $INSTALLER09['announce_urls'], 1))

    247. 

  247.         stderr("Oops", "invalid announce url! in file no #$i must be {$INSTALLER09['announce_urls'][0]} - Make sure its exactly like that even the port number should be in there like '80'");

    248. 

  248.     if (strlen($pieces[$i]) % 20 != 0)

    249. 

  249.         stderr("Oops", "invalid pieces in file $i");

    250. 

  250.    

    251. 

  251.    

    252. 

  252.    $totallen = dict_get($info[$i], "length", "integer");

    253. 

  253.     if (isset($totallen)) {

    254. 

  254.         $filelist[] = array($dname[$i], $totallen);

    255. 

  255.         $type = "single";

    256. 

  256.     } else {

    257. 

  257.         $flist = dict_get($info[$i], "files", "list");

    258. 

  258.         if (!isset($flist)) {

    259. 

  259.             stderr("Oops", "missing both length and files in #$i torrent");

    260. 

  260.         }

    261. 

  261.         if (!count($flist)) {

    262. 

  262.             stderr("Oops", "Missing files in torrent #$i");

    263. 

  263.         }

    264. 

  264.         $totallen = 0;

    265. 

  265. 

    266. 

  266.         foreach ($flist as $fn) {

    267. 

  267.             list($ll, $ff) = dict_check($fn, "length(integer):path(list)");

    268. 

  268.             $totallen += $ll;

    269. 

  269.             $ffa = array();

    270. 

  270.             foreach ($ff as $ffe) {

    271. 

  271.                 if ($ffe["type"] != "string")

    272. 

  272.                     stderr("Oops", "filename error on torrent #$i");

    273. 

  273.                 $ffa[] = $ffe["value"];

    274. 

  274.             }

    275. 

  275.             if (!count($ffa))

    276. 

  276.                 stderr("Oops", "filename error");

    277. 

  277.             $ffe = implode("/", $ffa);

    278. 

  278.             $filelist[] = array($ffe, $ll);

    279. 

  279.         }

    280. 

  280. 

    281. 

  281.         $type = "multi";

    282. 

  282.     }

    283. 

  283.  

    284. 

  284.     /* Private Tracker mod code */

    285. 

  285.     $info[$i]['value']['source']['type'] = "string";

    286. 

  286.     $info[$i]['value']['source']['value'] = $INSTALLER09['site_name'];

    287. 

  287.     $info[$i]['value']['source']['strlen'] = strlen($info[$i]['value']['source']['value']);

    288. 

  288.     $info[$i]['value']['private']['type'] = "integer";

    289. 

  289.     $info[$i]['value']['private']['value'] = 1;

    290. 

  290.     $dict[$i]['value']['info'] = $info[$i];

    291. 

  291.     $dict[$i] = benc($dict[$i]);

    292. 

  292.     $dict[$i] = bdec($dict[$i]);

    293. 

  293.     list($ann[$i], $info[$i]) = dict_check($dict[$i], "announce(string):info");

    294. 

  294.     $tmaker = (isset($dict['value']['created by']) && !empty($dict['value']['created by']['value'])) ? sqlesc($dict['value']['created by']['value']) : sqlesc("Unknown");

    295. 

  295.     unset($dict['value']['created by']);

    296. 

  296.     $infohash[$i] = sha1($info[$i]["string"]);

    297. 

  297.     /* ...... end of Private Tracker mod */

    298. 

  298.     $torrent[$i] = str_replace("_", " ", $torrent[$i]);

    299. 

  299.     $torrent[$i] = str_replace("'", " ", $torrent[$i]);

    300. 

  300.     $torrent[$i] = str_replace("\"", " ", $torrent[$i]);

    301. 

  301.     $torrent[$i] = str_replace(",", " ", $torrent[$i]);

    302. 

  302.     $nfo[$i] = sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", @file_get_contents($nfofilename[$i])));

    303. 

  303.     $first = $shortfname[$i][1];

    304. 

  304.     $second = $dname[$i];

    305. 

  305.     $third = $torrent[$i][1];

    306. 

  306.     $vip = (isset($_POST["vip1"]) ? "1" : "0");

    307. 

  307.     $vip = (isset($_POST["vip2"]) ? "1" : "0");

    308. 

  308.     $vip = (isset($_POST["vip3"]) ? "1" : "0");

    309. 

  309.     $vip = (isset($_POST["vip4"]) ? "1" : "0");

    310. 

  310.     $vip = (isset($_POST["vip5"]) ? "1" : "0");

    311. 

  311.     $ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, anonymous, vip, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo) VALUES (" . implode(",", array_map("sqlesc", array(searchfield("$first $second $third"), $fname[$i], $CURUSER["id"], "no", $anonymous, $vip, $infohash[$i], $torrent[$i][1], $totallen, count($filelist[$i]), $type, $descr, $descr, $cat[$i], $dname[$i]))) . ", '" . time() . "', '" . time() . "', $nfo[$i])");

    312. 

  312.     if (!$ret) {

    313. 

  313.         if (mysql_errno() == 1062)

    314. 

  314.             stderr("Oops", "#$i torrent was already uploaded!");

    315. 

  315.         stderr("Oops", "mysql puked: " . mysql_error());

    316. 

  316.     }

    317. 

  317. 

    318. 

  318.     $id = mysql_insert_id();

    319. 

  319.     $ids[] = $id;

    320. 

  320.     $mc1->delete_value('MyPeers_'.$CURUSER['id']);

    321. 

  321.     $mc1->delete_value('lastest_tor_');

    322. 

  322.     

    323. 

  323.     sql_query("DELETE FROM files WHERE torrent = $id");

    324. 

  324.     foreach ($filelist as $file) {

    325. 

  325.     sql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, " . sqlesc($file[0]) . "," . $file[1] . ")");

    326. 

  326.     }

    327. 

  327.     

    328. 

  328.     $fp = fopen("{$INSTALLER09['torrent_dir']}/$id.torrent", "w");

    329. 

  329.     if ($fp) {

    330. 

  330.         @fwrite($fp, benc($dict[$i]), strlen(benc($dict[$i])));

    331. 

  331.         fclose($fp);

    332. 

  332.     }

    333. 

  333.     $i++;

    334. 

  334.     }

    335. 

  335.     //unset($filelist);

    336. 

  336.     //unset($flist);

    337. 

  337.     // ===add karma

    338. 

  338.     sql_query("UPDATE users SET seedbonus = seedbonus+75.0 WHERE id =".sqlesc($CURUSER['id'])."") or sqlerr(__FILE__, __LINE__);

    339. 

  339.     // ===end

    340. 

  340.     ////////new torrent upload detail sent to shoutbox//////////

    341. 

  341.     if ($CURUSER["anonymous"] == 'yes')

    342. 

  342.     $message = "[url={$INSTALLER09['baseurl']}/multidetails.php?id1=$ids[0]&id2=$ids[1]&id3=$ids[2]&id4=$ids[3]&id5=$ids[4]]Multiple Torrents were just uploaded! Click here to see them[/url] - Anonymous User";

    343. 

  343.     else

    344. 

  344.     $message = "[url={$INSTALLER09['baseurl']}/multidetails.php?id1=$ids[0]&id2=$ids[1]&id3=$ids[2]&id4=$ids[3]&id5=$ids[4]]Multiple Torrents were just uploaded! Click here to see them[/url]  Uploaded by ".htmlspecialchars($CURUSER["username"])."";

    345. 

  345.     // ///////////////////////////END///////////////////////////////////

    346. 

  346.     // //////new torrent upload detail sent to shoutbox//////////

    347. 

  347.     autoshout($message);

    348. 

  348.     // ///////////////////////////end///////////////////////////////////

    349. 

  349. header("Location: {$INSTALLER09['baseurl']}/multidetails.php?id1=$ids[0]&id2=$ids[1]&id3=$ids[2]&id4=$ids[3]&id5=$ids[4]&uploaded=1");

    350. 

  350. ?>
    351.