Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Downloads (http://www.bvlist.com/forumdisplay.php?f=16)
-   -   Darkseeder PreModded Source (http://www.bvlist.com/showthread.php?t=1124)

Subzero 9th October 2008 02:25
Subzeros PreModded Source
 
1 Attachment(s)
install like any tbsource code, edit bittorrent.php and secrets.php with server details.

Screen Shots Included

RikT 9th October 2008 14:54
Installs real quick and easy up and running in less than 5 min evrything seems to work fine added a staff panel just needs a few more mods which i expect will go easy Respect Dude!!! :hi::hi:

D3SI 9th October 2008 15:43
any details what's installed and fixed and improved etc?

cheers

3v0 10th October 2008 03:36
Well I'm guessing here by some of the last modified times of these files (2005-2006) that this has some old coding and not any newer mods from at least 2007 onwards

wMan 12th October 2008 11:37
Code:
/****************************************************************\
* Staff panel for the TBDEV source code                          *
* -------------------------------------------------------------- *
* An easy to config staff panel for different staff classes,    *
* with different options for each class, like add, edit, delete  *
* the pages and to log the actions.                              *
* -------------------------------------------------------------- *
* @author: Alex2005 for TBDEV.NET                                *
* @copyright: Alex2005                                          *
* @package: Staff Panel                                          *
* @category: Staff Tools                                        *
* @version: v1.10 04/07/2008                                    *
* @license: GNU General Public License                          *
\****************************************************************/

include("include/bittorrent.php");
dbconn();
loggedinorreturn();
noaccess("staffpanel.php", UC_MODERATOR);
maxsysop ();

/**
* Staff classes config
*
* UC_XYZ  : integer -> the name of the defined class
*
* Options for a selected class
** add    : boolean -> enable/disable page adding
** edit  : boolean -> enable/disable page editing
** delete : boolean -> enable/disable page deletion
** log    : boolean -> enable/disable the loging of the actions
*
* @result $staff_classes array();
*/
$staff_classes = array(
UC_MODERATOR                => array('add' => false,        'edit' => false,        'delete' => false,          'log' => true),
UC_ADMINISTRATOR        => array('add' => false,        'edit' => false,        'delete' => false,          'log' => true),
UC_SYSOP                        => array('add' => true,        'edit' => true,        'delete' => true,                'log' => false)
);

if (!isset($staff_classes[$CURUSER['class']]))
stderr('Error', 'Access Denied!');

$action = (isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : NULL));
$id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : NULL));
$class_color = (function_exists('get_user_class_color') ? true : false);

if ($action == 'delete' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['delete'])
{
$sure = ((isset($_GET['sure']) ? $_GET['sure'] : '') == 'yes');

$res = mysql_query('SELECT av_class'.(!$sure || $staff_classes[$CURUSER['class']]['log'] ? ', page_name' : '').' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);

if ($CURUSER['class'] < $arr['av_class'])
stderr('Error', 'You are not allowed to delete this page.');

if (!$sure)
stderr('Sanity check', 'Are you sure you want to delete this page: "'.htmlspecialchars($arr['page_name']).'"? Click here to delete it or here to go back.');

mysql_query('DELETE FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);

if (mysql_affected_rows())
{
if ($staff_classes[$CURUSER['class']]['log'])
write_log('Page "'.$arr['page_name'].'"('.($class_color ? '' : '').get_user_class_name($arr['av_class']).($class_color ? '' : '').') was deleted from the staff panel by '.$CURUSER['username'].'('.($class_color ? '' : '').get_user_class_name($CURUSER['class']).($class_color ? '' : '').')');

header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
else
stderr('Error', 'There was a database error, please retry.');
}
else if (($action == 'add' && $staff_classes[$CURUSER['class']]['add']) || ($action == 'edit' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['edit']))
{
$names = array('page_name', 'file_name', 'description', 'av_class');

if ($action == 'edit')
{
$res = mysql_query('SELECT '.implode(', ', $names).' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
}

foreach ($names as $name)
$$name = htmlspecialchars((isset($_POST[$name]) ? $_POST[$name] : ($action == 'edit' ? $arr[$name] : '')));

if ($action == 'edit' && $CURUSER['class'] < $av_class)
stderr('Error', 'You are not allowed to edit this page.');

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$errors = array();

if (empty($page_name))
$errors[] = 'The page name cannot be empty.';

if (empty($file_name))
$errors[] = 'The filename cannot be empty.';

if (empty($description))
$errors[] = 'The description cannot be empty.';

if (!isset($staff_classes[$av_class]))
$errors[] = 'The selected class is not a valid staff class.';

if (preg_match('/.php/', $file_name))
$errors[] = 'Please remove the ".php" extension from the filename.';

if (!is_file($file_name.'.php') && !empty($file_name) && !preg_match('/.php/', $file_name))
$errors[] = 'Inexistent php file.';

if (strlen($page_name) < 4 && !empty($page_name))
$errors[] = 'The page name is too short (min 4 chars).';

if (strlen($page_name) > 30)
$errors[] = 'The page name is too long (max 30 chars).';

if (strlen($file_name) > 30)
$errors[] = 'The filename is too long (max 30 chars).';

if (strlen($description) > 100)
$errors[] = 'The description is too long (max 100 chars).';

if (empty($errors))
{
if ($action == 'add')
{
$res = mysql_query("INSERT INTO staffpanel (page_name, file_name, description, av_class, added_by, added) ".
"VALUES (".implode(", ", array_map("sqlesc", array($page_name, $file_name, $description, (int)$av_class, (int)$CURUSER['id'], gmtime()))).")");

if (!$res)
{
if (mysql_errno() == 1062)
$errors[] = "This filename is already submited.";
else
$errors[] = "There was a database error, please retry.";
}
}
else
{
$res = mysql_query("UPDATE staffpanel SET page_name = ".sqlesc($page_name).", file_name = ".sqlesc($file_name).", description = ".sqlesc($description).", av_class = ".sqlesc((int)$av_class)." WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);

if (!$res)
$errors[] = "There was a database error, please retry.";
}

if (empty($errors))
{
if ($staff_classes[$CURUSER['class']]['log'])
write_log('Page "'.$page_name.'"('.($class_color ? '' : '').get_user_class_name($av_class).($class_color ? '' : '').') in the staff panel was '.($action == 'add' ? 'added' : 'edited').' by '.$CURUSER['username'].'('.($class_color ? '' : '').get_user_class_name($CURUSER['class']).($class_color ? '' : '').')');

header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
}
}

stdhead('Staff Panel :: '.($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page'); begin_main_frame();

if (!empty($errors))
{
stdmsg('There '.(count($errors)>1?'are':'is').' '.count($errors).' error'.(count($errors)>1?'s':'').' in the form.', ''.implode('', $errors).'');
?> }

?>
'>

if ($action == 'edit')
{
?> }

?>




















Page name
Filename.php
Description
Available for










'>



end_main_frame(); stdfoot();
}
else
{
stdhead('Staff Panel'); begin_main_frame();

?>

Welcome to the Staff Panel!


if ($staff_classes[$CURUSER['class']]['add'])
{
stdmsg('Options', 'Add a new page');
?> }

$res = mysql_query('SELECT staffpanel.*, users.username '.
'FROM staffpanel '.
'LEFT JOIN users ON users.id = staffpanel.added_by '.
'WHERE av_class <= '.sqlesc($CURUSER['class']).' '.
'ORDER BY av_class DESC, page_name ASC') or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) > 0)
{
$db_classes = $unique_classes = $mysql_data = array();

while ($arr = mysql_fetch_assoc($res))
$mysql_data[] = $arr;

foreach ($mysql_data as $key => $value)
$db_classes[$value['av_class']][] = $value['av_class'];

$i=1;
foreach ($mysql_data as $key => $arr)
{
$end_table = (count($db_classes[$arr['av_class']]) == $i ? true : false);

if (!in_array($arr['av_class'], $unique_classes))
{
$unique_classes[] = $arr['av_class'];

?>
>







if ($staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
{
?> }
?>

}

?>




if ($staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
{
?>

}
?>


$i++;
if ($end_table)
{
$i=1;
?>

' : '').get_user_class_name($arr['av_class']).' Panel'.($class_color ? '' : ''); ?>
Page name Added by Date added Links





ago

if ($staff_classes[$CURUSER['class']]['edit'])
{
?>[E] }

if ($staff_classes[$CURUSER['class']]['delete'])
{
?>[D] }
?>
}
}
}
else
stdmsg('Sorry', 'Nothing found.');

end_main_frame(); stdfoot();
}
?>

underx 12th October 2008 21:15
some problems !
 
after adding the sql file with phpmy admin (it's OK), then in the home page (index.php) I got:


Code:
Notice: Undefined variable: CURUSER in /www/obxhost.net/t/n/t/tntorrents/htdocs/index.php on line 32

Notice: Undefined variable: activeusers in /www/obxhost.net/t/n/t/tntorrents/htdocs/index.php on line 116

Notice: Undefined variable: ss_uri in /www/obxhost.net/t/n/t/tntorrents/htdocs/include/bittorrent.php on line 439

Notice: Undefined variable: unread in /www/obxhost.net/t/n/t/tntorrents/htdocs/include/bittorrent.php on line 536

Warning: set_time_limit() has been disabled for security reasons in /www/obxhost.net/t/n/t/tntorrents/htdocs/include/cleanup.php on line 8

Notice: Undefined index: 33 in /www/obxhost.net/t/n/t/tntorrents/htdocs/include/cleanup.php on line 103
and what's the admin pass?

wMan 12th October 2008 21:19
Code:
INSERT INTO `staffpanel` VALUES (1, 'Polls', 'makepoll', 'Make a Poll', 5, 1, 1221495944);
INSERT INTO `staffpanel` VALUES (2, 'Unconfirmed Users', 'pusers', 'Manage unconfirmed users', 5, 1, 1221496037);
INSERT INTO `staffpanel` VALUES (3, 'Look for a user', 'usersearch', 'Advanced search user', 5, 1, 1221496239);
INSERT INTO `staffpanel` VALUES (4, 'Maybe Cheaters', 'maybecheaters', 'A list of users with a ratio above 100. (VIP class and under)', 5, 1, 1221496333);
INSERT INTO `staffpanel` VALUES (5, 'Reports', 'reports', 'Show Reports (forum,comment,torrent,request)', 5, 1, 1221496380);
INSERT INTO `staffpanel` VALUES (6, 'Duplicate IP Check', 'ipcheck', 'Check for Duplicate IP Users', 5, 1, 1221496423);
INSERT INTO `staffpanel` VALUES (7, 'Warned users', 'warninfo', 'See all warned users on tracker', 5, 1, 1221496484);
INSERT INTO `staffpanel` VALUES (8, 'Add User', 'adduser', 'Create new user account', 5, 1, 1221496534);
INSERT INTO `staffpanel` VALUES (9, 'Newest users', 'newsuser', '100 newest user accounts', 5, 1, 1221496579);
INSERT INTO `staffpanel` VALUES (10, 'Uploaders info panel', 'statsuploaders', 'Addon to monitor uploades activity', 5, 1, 1221496648);
INSERT INTO `staffpanel` VALUES (11, 'Logs', 'log', 'Show Logs', 5, 1, 1221496713);
INSERT INTO `staffpanel` VALUES (12, 'Leechers', 'leechers', 'Show users with ratio under 0.50', 5, 1, 1221496773);
INSERT INTO `staffpanel` VALUES (13, 'Delete Account', 'delacctadmin', 'Delete User Account', 6, 1, 1221496822);
INSERT INTO `staffpanel` VALUES (14, 'Poll overview', 'polloverview', 'View poll votes', 6, 1, 1221496907);
INSERT INTO `staffpanel` VALUES (15, 'Mass PM', 'staffmess', 'Send PM to all users', 6, 1, 1221496946);
INSERT INTO `staffpanel` VALUES (16, 'Ban System', 'bans', 'Ban / Unban IP', 6, 1, 1221496995);
INSERT INTO `staffpanel` VALUES (17, 'What is changing', 'modlog', 'Activity of the staff', 7, 1, 1221497300);
INSERT INTO `staffpanel` VALUES (18, 'Site Statistics', 'statistics', 'Registration, Rating, Post, PM, Torrents, Ban, Comment', 7, 1, 1221497506);
INSERT INTO `staffpanel` VALUES (19, 'Cleanup', 'docleanup', 'Perform a cleanup', 7, 1, 1221497544);
INSERT INTO `staffpanel` VALUES (20, 'Mass mailer', 'massmail', 'Send e-mail to all users on the tracker', 7, 1, 1221497596);
INSERT INTO `staffpanel` VALUES (21, 'MySQL Stats', 'status', 'See MySql stats', 7, 1, 1221497649);
INSERT INTO `staffpanel` VALUES (22, 'Spam', 'showmsg', 'Check Spam Pms', 7, 1, 1221497828);
INSERT INTO `staffpanel` VALUES (23, 'Mass Invite', 'massinvite', 'Give all users X invites', 7, 1, 1221497940);
INSERT INTO `staffpanel` VALUES (24, 'Abnormal Upload Speed Detector', 'cheaters', 'See cheaters', 5, 1, 1221498248);
INSERT INTO `staffpanel` VALUES (25, 'News page', 'news', 'Add, edit and remove news items from the homepage', 7, 1, 1221498396);
INSERT INTO `staffpanel` VALUES (26, 'Request to be Uploader', 'uploadapp', 'Uploader Requests', 5, 1, 1221498662);
INSERT INTO `staffpanel` VALUES (27, 'Failed Logins', 'maxlogin', 'Show Failed Login Attempts', 6, 1, 1221501051);
INSERT INTO `staffpanel` VALUES (28, 'Manage Tracker Categories', 'category', 'Edit/Delete tracker categories', 7, 1, 1221823909);
Code:
CREATE TABLE `staffpanel` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `page_name` varchar(30) NOT NULL default '',
  `file_name` varchar(30) NOT NULL default '',
  `description` varchar(100) NOT NULL default '',
  `av_class` tinyint(3) unsigned NOT NULL default '0',
  `added_by` int(10) unsigned NOT NULL default '0',
  `added` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`id`),
  UNIQUE KEY `file_name` (`file_name`),
  KEY `av_class` (`av_class`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=29 ;

underx 12th October 2008 21:27
it's an answer dor my problems clocktower ???
if it is I didn't understand you :p

wMan 12th October 2008 22:31
add the sql code in your sites database jesssssssssssssss

Dragan3591 13th October 2008 06:57
Why don't you make a step by step instructions?:relax:

johnake 13th October 2008 15:57
I would like to see a modded source with some security thinking in mind. The following were verified in a very short time:
changeusername.php:

Replace:
PHP Code:
if (get_user_class() < 6
with
PHP Code:
if (get_user_class() < UC_SYSOP
Request mod... kinda dangerous xss&sql injection

adminstuff.php

PHP Code:
if ($CURUSER['class'] < 7
with
PHP Code:
if ($CURUSER['class'] < UC_SYSOP
delacct.php you should either delete it or you have two choices:

1. Put a conditional statement that verifies that the current user's id is equivalent with the one that's gonna be deleted
2. Instead of letting the user deleting his own account you should make a form that asks the staff to do this, with a reason of course.

details.php

find:
PHP Code:
stdhead("Details for torrent \"" $row["name"] . "\""); 
replace with:

PHP Code:
stdhead("Details for torrent \"" htmlspecialchars($row["name"]) . "\""); 
log.php (should not be visible for everyone and):

find:
PHP Code:
print("<tr><td>$date</td><td>$time</td><td align=left>$arr[txt]</td></tr>\n"); 
replace with:
PHP Code:
print("<tr><td>$date</td><td>$time</td><td align=left>".htmlspecialchars($arr['txt'])."</td></tr>\n"); 
repair.php (everyone could repair the database and sensitive information about the database poped out). So...


PHP Code:
<?php
require_once("include/secrets.php");
require_once("include/bittorrent.php");
dbconn();
loggedinorreturn();

if (get_user_class() < UC_MODERATOR)
  stderr("Error","Permission denied.");


$db mysql_connect($mysql_host$mysql_user$mysql_pass);
$sql "SHOW DATABASES";
$dbs_result mysql_query($sql$db);
if(mysql_num_rows($dbs_result))
{
while($dbs_row=mysql_fetch_assoc($dbs_result))
{
$database $dbs_row["Database"];
echo "\n\nOptimizing database $database : \n";
mysql_select_db($database$db);
$sql "SHOW TABLE STATUS";
$tbls_result mysql_query($sql$db);
if(mysql_num_rows($tbls_result))
{
while($tbls_row=mysql_fetch_assoc($tbls_result))
{
$TableName "`".$tbls_row["Name"]."`";
$sql "REPAIR TABLE ".$TableName;
echo "\n".$sql;
mysql_query($sql$db);
$sql "OPTIMIZE TABLE ".$TableName;
echo "\n".$sql;
mysql_query($sql$db);
}
}
}
}
echo "\n\n";
mysql_close($db);
?>
So, secure your files...

wMan 13th October 2008 16:22
also in delacct.php

add

Code:
if (get_user_class() < UC_ADMINISTRATOR)
stderr("Sorry", "Access denied.");
so only staff cant delete a users account

al_ltoticmat 13th October 2008 19:01
What is username tbdev password?

Also, I want to add my username as Sysop.

Thank you.

wMan 13th October 2008 19:30
add your tracker signup your then the sysop/owner ..............hey presto

underx 13th October 2008 21:13
Quote:
Originally Posted by clocktower (Post 5178)
add the sql code in your sites database jesssssssssssssss
I added the sql in my data base and I got those errors !!!

al_ltoticmat 14th October 2008 05:57
Thank you.

How can I used skin from http://bvlist.com/tbdev-source/794-t...etmaniack.html ?

weezy 25th October 2010 06:00
i have a probel with the status bar!
 
I don't have a status bar

asdfag 30th June 2013 02:58
Hi
 
When i import the database is giving me this error:

Quote:
Error
SQL query:

#
# Structura de tabel pentru tabelul `addedrequests`
#
CREATE TABLE `addedrequests` (

`id` INT( 10 ) UNSIGNED NOT NULL AUTO_INCREMENT ,
`requestid` INT( 10 ) UNSIGNED NOT NULL DEFAULT '0',
`userid` INT( 10 ) UNSIGNED NOT NULL DEFAULT '0',
PRIMARY KEY ( `id` ) ,
KEY `pollid` ( `id` ) ,
KEY `userid` ( `userid` )
) TYPE = MYISAM AUTO_INCREMENT =48;

MySQL said:

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TYPE=MyISAM AUTO_INCREMENT=48' at line 12
Can anyone help me?

wMan 12th July 2013 20:06
this will fix it mate :muscle:



Code:
CREATE TABLE IF NOT EXISTS  `addedrequests` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `requestid` int(10) unsigned NOT NULL default '0',
  `userid` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`id`),
  KEY `pollid` (`id`),
  KEY `userid` (`userid`),
  KEY `requestid_userid` (`requestid`,`userid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

--
-- Dumping data for table `addedrequests`
--


-- --------------------------------------------------------

Krack3r 8th November 2013 19:37
Thanks m8
 
Thanks m8 getting ready to rock and roll:war:

Dani18 4th February 2024 18:48
Problem registered!

https://i.postimg.cc/FHDFqnPz/Immagine.png

https://i.postimg.cc/hGv4qbwr/Immagine1.png

crowni 6th February 2024 07:54
See if this table has been imported into the database.


CREATE TABLE users


All times are GMT +2. The time now is 15:07.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.