Code Placement

TheUnknown · April 6, 2008

i have implemented this code everywhere needed except in my upload file

Heres the code to the upload file

<?

ob_start();
require_once("backend/functions.php");
dbconn();
loggedinorreturn();

//Here we decide if uploads are for uploaders only
if ($UPLOADERSONLY)
{
if (get_user_class() < UC_UPLOADER) {
	stdhead("Uploaders Only");
	begin_frame("Uploaders Only");
	echo "<center><br><BR><B>You are not a uploader class, you cannot upload.<br><BR><b>";
	echo "<br><BR>You can apply to become a uploader by filling out <a href=uploadapp.php>this</a> form<br><BR></center>";
	end_frame();
	stdfoot();
	exit;
}
}
//end



ini_set("upload_max_filesize",$max_torrent_size);

if($MAX_FILE_SIZE) {
  require_once("backend/benc.php");

  foreach(explode(":","descr:type:name") as $v) {
if (!isset($_POST[$v]))
  $message = "Missing form data";
  }

  if (!isset($_FILES["file"]))
$message = "Missing form data";

  $f = $_FILES["file"];
  $fname = unesc($f["name"]);
  if (empty($fname))
$message = "Empty filename!";

if ($_FILES['nfo']['size'] != 0) {
  $nfofile = $_FILES['nfo'];
  if ($nfofile['name'] == '')
	$message = "No NFO!";
        
    if (!preg_match('/^(.+)\.nfo$/si', $nfofile['name'], $fmatches))
$message = "Invalid filename (not a .NFO).";

  if ($nfofile['size'] == 0)
	$message = "0-byte NFO";

  if ($nfofile['size'] > 65535)
	$message = "NFO is too big! Max 65,535 bytes.";

  $nfofilename = $nfofile['tmp_name'];
  if (@!is_uploaded_file($nfofilename))
	$message = "NFO upload failed";
    
}

  $descr = unesc($_POST["descr"]);
  if (!$descr)
    $message = "You must enter at least a short description";

  $catid = (0 + $_POST["type"]);
  if (!is_valid_id($catid))
$message = "Please be sure to select a torrent category";

  if (!validfilename($fname))
$message = "Invalid filename!";
  if (!preg_match('/^(.+)\.torrent$/si', $fname, $matches))
$message = "Invalid filename (not a .torrent).";
  $shortfname = $torrent = $matches[1];
  if (!empty($_POST["name"]))
$torrent = unesc($_POST["name"]);

  $tmpname = $f["tmp_name"];
  if (!is_uploaded_file($tmpname))
$message = "The file was uploaded, but wasn't found on the temp directoy.";

  $dict = bdec_file($tmpname, $max_torrent_size);
  if (!isset($dict))
$message = "What the hell did you upload? This is not a bencoded file!";

  /*function dict_check($d, $s) {
if ($d["type"] != "dictionary")
  $message = "Not a dictionary";
$a = explode(":", $s);
$dd = $d["value"];
$ret = array();
foreach ($a as $k) {
	unset($t);
	if (preg_match('/^(.*)\((.*)\)$/', $k, $m)) {
		$k = $m[1];
		$t = $m[2];
	}
	if (!isset($dd[$k]))
		$message = "The dictionary is missing key(s)";
	if (isset($t)) {
		if ($dd[$k]["type"] != $t)
			$message = "There is an invalid entry in the dictionary";
		$ret[] = $dd[$k]["value"];
	}
	else
		$ret[] = $dd[$k];
}
return $ret;
  }*/

  function dict_get($d, $k, $t) {
if ($d["type"] != "dictionary")
	$message = "This isn't a dictionary.";
$dd = $d["value"];
if (!isset($dd[$k]))
	return;
$v = $dd[$k];
if ($v["type"] != $t)
	$message = "invalid dictionary entry type";
return $v["value"];
  }

  list($ann, $info) = dict_check($dict, "announce(string):info");
  
  $external='no';
list($ann, $info) = dict_check($dict, "announce(string):info");

   $url_ann = array();
$a=0;
$announcelist = dict_get($dict, "announce-list","list");

   if (isset($announcelist) && count($announcelist))
       {
     foreach ($announcelist as $fn) {
       $hi = $fn["value"];

        for ($i=0;$i < count($hi);$i++  )
         {
         $url_ann[] =  $hi[$i]["value"];
         }
     }
     for ($j=0;$j<count($announce_urls);$j++)
      {
     for ($k=0;$k<count($url_ann);$k++)
     {
     //echo "<br>".$url_ann[$k]; // debug purposes only
     if  ($announce_urls[$j]==$url_ann[$k])  $a+=1;
     }
      }
    if ($a<1)
    $external = 'yes';
        }
    else
    {
    if (!in_array($ann, $announce_urls, 1))
  $external='yes';
    }


list($dname, $plen, $pieces) = dict_check($info, "name(string):piece length(integer):pieces(string)");
  
  
  
  /*list($dname, $plen, $pieces) = dict_check($info, "name(string):piece length(integer):pieces(string)");


  if (!in_array($ann, $announce_urls, 1))
$message = "$ann Invalid announce url! It MUST be <b>" . $announce_urls[0] . "</b>";*/

  if (strlen($pieces) % 20 != 0)
$message = "Invalid pieces!";

  $filelist = array();
  $totallen = dict_get($info, "length", "integer");
  if (isset($totallen)) {
$filelist[] = array($dname, $totallen);
$type = "single";
  }
  else {
$flist = dict_get($info, "files", "list");
if (!isset($flist))
	$message = "Missing both length and files";
if (!count($flist))
	$message = "No files";
$totallen = 0;
foreach ($flist as $fn) {
	list($ll, $ff) = dict_check($fn, "length(integer):path(list)");
	$totallen += $ll;
	$ffa = array();
	foreach ($ff as $ffe) {
		if ($ffe["type"] != "string")
			$message = "Filename error";
		$ffa[] = $ffe["value"];
	}
	if (!count($ffa))
		$message = "Filename error";
	$ffe = implode("/", $ffa);
	$filelist[] = array($ffe, $ll);
}
$type = "multi";
  }

if ($DHT){
// DHT private key
$dict["value"]["info"]["value"]["private"]["type"] = "integer";
$dict["value"]["info"]["value"]["private"]["value"] = 1;
$fn = benc($dict);
$dict = bdec($fn);
list($info) = dict_check($dict, "info");
// end private key
}

$tmphex = sha1($info["string"]);
$hexhash = strtolower($tmphex);


if (strlen($hexhash) != 40)
{
$message = "Error: Info hash must be exactly 40 hex bytes. Contact an admin to fix this";
}

  // Replace punctuation characters with spaces
  if(!$message) {
    $torrent = str_replace("_", " ", $torrent);

    $nfo = sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", @file_get_contents($nfofilename)));
   $ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo,announce,external) VALUES (" .
implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "no", $hexhash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) .
", '" . get_date_time() . "', '" . get_date_time() . "', $nfo,'".$ann."','".$external."')");
    if (!$ret) {
      $message = "Mysql Error: ".mysql_error();
  if (mysql_errno() == 1062)
	$message = "Torrent already uploaded!";
    }
    $id = mysql_insert_id();
move_uploaded_file($tmpname, "$torrent_dir/$id.torrent");
    //chown("$torrent_dir/$id.torrent", "$apacheUID");
    //chgrp("$torrent_dir/$id.torrent", "$apacheGID");
    @mysql_query("DELETE FROM files WHERE torrent = $id");
    foreach ($filelist as $file) {
  @mysql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")");
    }

   // move_uploaded_file($tmpname, "$torrent_dir/$id.torrent");
 if ($external=='yes')
  {
  $msg = "<br><br><div align=justify>The tracker has detected that you have uploaded an external torrent with the following announce url :<b> ".$ann."</b><br><br>";

  if (url_validate($ann))
  $status = "online";
  else $status = "offline";

  $ret = mysql_query("INSERT INTO announce (`announce_url`, `force`, `status`) VALUES ('".$ann."','no','".$status."')");
  if (!$ret)
  {  // we can't insert, because it already exists ! then we update !
// echo "<br>2)Mysql Error: ".mysql_errno(). "-".mysql_error();
  if (mysql_errno() == 1062) { mysql_query("UPDATE announce SET status='".$status."' WHERE announce_url=".$ann." AND force='no' "); }

         else {

         $id = mysql_insert_id();
         $msg.="This is the first time one torrent is coming from this tracker. Please allow some time for the site to scrape this tracker !</div><br>";
         }

  }


  if ($status=="online")
  $msg .= "<br><center><u>Tracker Status:</u> <font color=green size=4>ONLINE</font></center><br>";
  else
  $msg .= "<br><center><u>Tracker Status:</u> <font color=red size=4>OFFLINE</font></center><br>";
   //do a quick scrape on externals that are uploaded,comment out next 2 lines if not needed
    require_once("quickscrape-func.php");
    quickscrape($id);
    //end quickscrape
  }



  write_log("Torrent $id ($torrent) was uploaded by " . $CURUSER["username"]);

if (isset($_FILES['nfo'])) {
	move_uploaded_file($nfofilename, "$nfo_dir/$id.nfo");
}
    
    
    
    //write_log("Torrent $id ($torrent) was uploaded by " . $CURUSER["username"]);

if (isset($_POST['request'])) {
if ($_POST['request'] > 0) {
/* PM for requested user */
$res = mysql_query("SELECT `userid` FROM `requests` WHERE `id` = ". ($_POST['request'] + 0)) or sqlerr(__FILE__, __LINE__);
$re_msg = "Your request \"$torrent\" was filled by " . $CURUSER["username"] . ".You can download it <a href=".$SITEURL."/torrents-details.php?id=$id&hit=1>HERE</a>";
while($row = mysql_fetch_assoc($res)) {
mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES(0, 0, $row[userid], '" . get_date_time() . "', " . sqlesc($re_msg) . ")") or sqlerr(__FILE__, __LINE__);
}
/* requests delete */
@mysql_query("DELETE FROM `requests` WHERE `id` = ". ($_POST['request'] + 0));
@mysql_query("DELETE FROM `addedrequests` WHERE `requestid` = ". ($_POST['request'] + 0));
write_log("The request ($torrent) was filled by " . $CURUSER["username"] . "");
}
}

if ($DHT){
// Code to write the updated dictionary to the torrent file
$fp = fopen("$torrent_dir/$id.torrent", "w");
if ($fp)
{
@fwrite($fp, benc($dict), strlen(benc($dict)));
fclose($fp);
}
// End of code to write the updated dictionary to the torrent file
}
// start irc announce hack v1.0 by FLASH
if ($IRCANNOUNCE)
{
$rs = mysql_query(" SELECT * FROM categories WHERE id='" . intval($catid) . "' LIMIT 1"); 
$cat_details = mysql_fetch_assoc($rs); 
$user = mysql_fetch_array(mysql_query("SELECT username FROM users WHERE id=".$CURUSER["id"])); 
$user = $user["username"]; 
$msg_bt = chr(3)."9".chr(2)." $SITENAME".chr(2)." -".chr(3)."10 New Torrent: (".chr(3)."15 $torrent".chr(3)."10 ) Size: (".chr(3)."15 ".mksize($totallen).chr(3)."10 )  Category: (".chr(3)."15 ". $cat_details["name"].chr(3)."10 ) Uploader: (".chr(3)."15 $user".chr(3)."10 ) Link: (".chr(3)."15 $SITEURL/torrents-details.php?id=$id&hit=1".chr(3)."10 )\r\n"; 
$fs = fsockopen($ANNOUNCEIP, $ANNOUNCEPORT, $errno, $errstr);
if($fs) { 
       fwrite($fs, $msg_bt); 
       fclose($fs); 
} 
}
//end irc announce hack v1.0 by FLASH
    $res = mysql_query("SELECT name FROM categories WHERE id=$catid") or sqlerr();
    $arr = mysql_fetch_assoc($res);
    $cat = $arr["name"];
    $res = mysql_query("SELECT email FROM users WHERE enabled='yes' AND notifs LIKE '%[cat$catid]%'") or sqlerr();
    $uploader = $CURUSER['username'];

    $size = mksize($totallen);
    $description = ($html ? strip_tags($descr) : $descr);
//EMAIL NOTIFICATION
    $body = <<<EOD
A new torrent has been uploaded.

Name: $torrent
Size: $size
Category: $cat
Uploaded by: $uploader

Description:
-------------------------------------------------------------------------------
$description
-------------------------------------------------------------------------------

You can use the URL below to download the torrent (you may have to login).

$SITEURL/torrents-details.php?id=$id&hit=1

--
$SITENAME
EOD;
    $to = "";
    $nmax = 100; // Max recipients per message
    $nthis = 0;
    $ntotal = 0;
    $total = mysql_num_rows($res);
    while ($arr = mysql_fetch_row($res)) {
      if ($nthis == 0)
        $to = $arr[0];
      else
        $to .= "," . $arr[0];
      ++$nthis;
      ++$ntotal;
     
    }
    bark("Upload Succeeded", "The torrent has been uploaded successfully!
    <br>
    <br>
    <br>
    Now that you have uploaded a torrent, you will need to seed it in order to allow other users to download the file.<br>
    To seed the file, open the .TORRENT file you just uploaded and open it in your favourite BitTorrent Client.<br>
    Have your client save to the same file that you have just created the torrent. It will then check for completion and begin to seed.<br><br>
    To download a copy of the .torrent file you just uploaded so you can seed - <a href=\"download.php?id=$id&name=$fname\">CLICK HERE</a> -
    ", Success);
    
  }
}

stdhead("Upload");
begin_frame("" . UPLOAD_RULES . "");
?>
<br />
<ol>
<li>All releases must include a description.</li>
<li>If you are releasing movies you should also include a .nfo file wherever
possible.</li>
<li>Try to make sure your torrents are well-seeded for at least 24-48 hours.</li>
<li>Do not re-release material that is still active.</li>
<li>No password protected files- Accounts will be banned without warning</li>
<li>Do not upload adult material-Accounts will be banned without warning </li>
<li>Only upload material you have the rights too. </li>
<li>Do not upload spam torrents like free iPod/PSP/phones</li>
<li>Do not upload Viruses, spyware, affiliate links and everything related</li>

</ol>

<?
end_frame();
begin_frame("Image Upload", center);
?>
<center>
<iframe src="http://imageshack.us/iframe.php?txtcolor=111111&type=blank&size=30" scrolling="no" allowtransparency="true" frameborder="0" width="280" height="90">Upload picture to Imageshack.US</iframe>
</center>
<center>Click "Host It" & another page will open for the code you need to post in the description box.</center>
<?
end_frame();
begin_frame("" . UPLOAD . "");
$max_torrent_size_nice = mksize($max_torrent_size);
$max_nfo_size_nice = mksize($max_nfo_size);

if ($message != "")
  bark2("" . UPLOAD_FAILED . "", $message);

?>
<form enctype="multipart/form-data" name="bbform" action="torrents-upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="<?=$max_torrent_size?>" />
<table border="0" cellspacing="0" cellpadding="6" align="center">
<?
$nfofile = "Is Not Required";
//tr("" . ANNOUNCE . "", "$announce_urls[0]\n", 1);
tr("" . ANNOUNCE . "", "$announce_urls[0]\n<BR>We also Except external torrents", 1);
tr("" . TORRENT_FILE . "", "<input type=file name=file size=50 value=" . $_FILES['file']['name'] . "><br />" . MAX_SIZE_T . " $max_torrent_size_nice\n", 1);
tr("" . NFO . "", "<input type=file name=nfo size=50 value=" . $_FILES['nfo']['name'] . "><br />" . NFO . " $nfofile ", 1);
tr("" . TNAME . "", "<input type=text name=name size=60 value=" . $_POST['name'] . ">\n", 1);
include("bbhack.php");
tr("" . TDESC . "", "<textarea name=descr rows=7 cols=45>$descr</textarea>" .
  "<br />" . NO_HTML . "", 1);

$s = "<select name=\"type\">\n<option value=\"0\">" . CHOOSE_ONE . "</option>\n";

$cats = genrelist();
foreach ($cats as $row)
$s .= "<option value=\"" . $row["id"] . "\">" . htmlspecialchars($row["name"]) . "</option>\n";

$s .= "</select>\n";
tr("" . TTYPE . "", $s, 1);

//Request filled?
if ($REQUESTSON){
$sql_request = "SELECT `id`, `request` FROM requests ORDER BY `request` ASC";
$res = mysql_query($sql_request) or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) > 0) {
	$request = "<select name=\"request\">\n<option value=\"0\">(Chose the request to be filled)</option>\n";
	while($row = mysql_fetch_array($res)) {
	$request .= "<option value=\"" . $row["id"] . "\">" . htmlspecialchars($row["request"]) . "</option>\n";
}
	$request .= "</select>\n";
	tr("If your upload is to fill a resquest, select it here", $request , 1);
}
}
//end requests

?>
<tr><td></td><td><input type="submit" value="<? print("" . UPLOADT . "\n"); ?>" /></td></tr>
</table>
</form>
<?

end_frame();
begin_frame("Image Upload", center);
?>
<? include_once("backend/captcha.php"); $hash = create_captcha(); echo "
                        <tr>      
                                <td valign=top>Confirmation code: <font color=\"#FF0000\">*</font></td>
                                <td><input type=\"text\" name=\"imagestring\" size=\"20\" value=\"\" /><p>Please, enter the        
text displayed at image above.<br />This process disables automatic registration.</p><img
src=\"captcha.php?imagehash=$hash\" alt=\"Captcha\" /><br /><font color=\"red\">Code is case
sensitive.</font><input
type=\"hidden\" name=\"imagehash\" value=\"$hash\" /></td>
                        </tr>"; ?>
<?
end_frame();
stdfoot();

?>

Im trying to find out where to put

$b = get_row_count("captcha", "WHERE imagehash = ".sqlesc($_POST["imagehash"])." AND imagestring = ".sqlesc($_POST["imagestring"]));
mysql_query("DELETE FROM captcha WHERE imagehash = ".sqlesc($_POST["imagehash"])) or die(mysql_error());
if ($b == 0)
    $message = "You have entered the wrong confirmation code.";

No matter where i put it i get "You have entered the wrong confirmation code" , even tho its correct

Any ideas?

Thanks

poleposters · April 7, 2008

It could be because you've left out the curly braces on your if conditional.

if ($b == 0)
{
    $message = "You have entered the wrong confirmation code.";
}

cooldude832 · April 7, 2008

they are not requried for single statements, however you use functions that are not part of the php core that we don't know what they do and odds are if you didn't write this you don't know ether so figure out what this is trying to do first and then you can see the problem

Sign In

Code Placement

Recommended Posts

TheUnknown

Link to comment

Share on other sites

poleposters

Link to comment

Share on other sites

cooldude832

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information