Thread: Template Shares v3.1 Nulled
View Single Post
  #11  
Old 3rd May 2008, 15:52
thedizzy thedizzy is offline
Member
  
Join Date: Jan 2008
Posts: 4
Default Re: TS SE v3.1 Nulled
First when i installed ts i click on Staff panel and then i see one form for pincode.I wrote my true code but i saw a error "Your passkey is wrong!" .So i edit my file staffpanel.php like this:

Code:
<?php
$rootpath = "./../";
include($rootpath . 'include/bittorrent.php');
gzip();
dbconn();
loggedinorreturn();
maxsysop();

if ($usergroups['canstaffpanel'] == 'no' OR $usergroups['canstaffpanel'] != 'yes') {
	print_no_permission(true);
	exit;
}
?>
<?
stdhead("Staff Panel");

begin_frame("WELCOME TO ".strtoupper($SITENAME)." - STAFF PANEL");
print("
");
print("<table width=100% border=0 cellspacing=0 cellpadding=2><tr><td align=left>\n");

///////////////////// Remove And Edit Options Sys.Admin \\\\\\\\\\\\\\\\\\\\\\\\\\\\

$sure = $_GET['sure'];
if($sure == "yes") {
$delsosadminid = (int)$_GET['delsosadminid'];
$query = "DELETE FROM sysoppanel WHERE id=" .sqlesc($delsosadminid) . " LIMIT 1";
$sql = sql_query($query);
echo("The option is successfully removed![ Back ]");
end_frame();
print("</table>");
stdfoot();
die();
}
$delsosadminid = (int)$_GET['delsosadminid'];
$name = trim(htmlspecialchars($_GET['mod']));
if($delsosadminid > 0) {
echo("Only Sys.Admin is able to do it 

");
if (get_user_class() >= UC_SYSOP) { 
echo("You and in the truth wish to remove an option? ($name) ( Yes! / No! )");
}
end_frame();
print("</table>");
stdfoot();
die();
}

$editsosadmin = (int)$_GET['editsosadmin'];
if($editsosadmin == 1) {
$id = (int)$_GET['id'];
$mod_name = trim(htmlspecialchars($_GET['mod_name']));
$mod_url = trim(htmlspecialchars($_GET['mod_url']));
$mod_info = trim(htmlspecialchars($_GET['mod_info']));
$query = "UPDATE sysoppanel SET
name = ".sqlesc($mod_name).",
url = ".sqlesc($mod_url).",
info = ".sqlesc($mod_info)." 
WHERE id=".sqlesc($id);
$sql = sql_query($query);
if($sql) {
echo("Only Sys.Admin is able to do it

");
if (get_user_class() >= UC_SYSOP) { 
echo("<table class=main cellspacing=0 cellpadding=5 width=50%>");
echo("<tr><td><div align='center'>It is successfully changed[ Back ]</div></tr>");
echo("</table>");
}
end_frame();
print("</table>");
stdfoot();
die();
}
}
$editsosadminid = (int)$_GET['editsosadminid'];
$name = trim(htmlspecialchars($_GET['name']));
$url = trim(htmlspecialchars($_GET['url']));
$info = trim(htmlspecialchars($_GET['info']));
if($editsosadminid > 0) {
echo("Only Sys.Admin is able to do it

");
if (get_user_class() >= UC_SYSOP) { 
echo("<form name='form1' method='get' action='" . $_SERVER['SCRIPT_NAME'] . "'>");
echo("<table class=main cellspacing=0 cellpadding=5 width=100%>");
echo("<div align='center'><input type='hidden' name='editsosadmin' value='1'>At present you change an option \"$name\"</div>");
echo("
");
echo("<input type='hidden' name='id' value='$editsosadminid'<table class=main cellspacing=0 cellpadding=5 width=50%>");
echo("<tr><td>Option: </td><td align='right'><input type='text' size=50 name='mod_name' value='$name'></td></tr>");
echo("<tr><td>URL-file: </td><td align='right'><input type='text' size=50 name='mod_url' value='$url'></td></tr>");
echo("<tr><td>Info: </td><td align='right'><input type='text' size=50 name='mod_info' value='$info'></td></tr>");
echo("<tr><td></td><td><div align='right'><input type='Submit' value='Change' class=btn></div></td></tr>");
echo("</table></form>");
}
end_frame();
print("</table>");
stdfoot();
die();
}
///////////////////// Remove And Edit Options Admin \\\\\\\\\\\\\\\\\\\\\\\\\\\\

$suree = $_GET['suree'];
if($suree == "yes") {
$deladminid = (int)$_GET['deladminid'];
$query = "DELETE FROM adminpanel WHERE id=" .sqlesc($deladminid) . " LIMIT 1";
$sql = sql_query($query);
echo("The option is successfully removed![ Back ]");
end_frame();
print("</table>");
stdfoot();
die();
}
$deladminid = (int)$_GET['deladminid'];
$nameadmin = htmlspecialchars(trim($_GET['admin']));
if($deladminid > 0) {
echo("Only Sys.Admin is able to do it

");
if (get_user_class() >= UC_SYSOP) { 
echo("You and in the truth wish to remove an option? ($nameadmin) ( Yes! / No! )");
}
end_frame();
print("</table>");
stdfoot();
die();
}

$editadmin = (int)$_GET['editadmin'];
if($editadmin == 1) {
$id = (int)$_GET['id'];
$mod_name = trim(htmlspecialchars($_GET['mod_name']));
$mod_url = trim(htmlspecialchars($_GET['mod_url']));
$mod_info = trim(htmlspecialchars($_GET['mod_info']));
$query = "UPDATE adminpanel SET
name = ".sqlesc($mod_name).",
url = ".sqlesc($mod_url).",
info = ".sqlesc($mod_info)." 
WHERE id=".sqlesc($id);
$sql = sql_query($query);
if($sql) {
echo("Only Sys.Admin is able to do it

");
if (get_user_class() >= UC_SYSOP) { 
echo("<table class=main cellspacing=0 cellpadding=5 width=100%>");
echo("<tr><td><div align='center'>It is successfully changed[ Back ]</div></tr>");
echo("</table>");
}
end_frame();
print("</table>");
stdfoot();
die();
}
}

$editadminid = (int)$_GET['editadminid'];
$name = trim(htmlspecialchars($_GET['name']));
$url = trim(htmlspecialchars($_GET['url']));
$info = trim(htmlspecialchars($_GET['info']));
if($editadminid > 0) {
echo("Only Sys.Admin is able to do it

");
if (get_user_class() >= UC_SYSOP) { 
echo("<form name='form1' method='get' action='" . $_SERVER['SCRIPT_NAME'] . "'>");
echo("<table class=main cellspacing=0 cellpadding=5 width=100%>");
echo("<div align='center'><input type='hidden' name='editadmin' value='1'>At present you change an option \"$name\"</div>");
echo("
");
echo("<input type='hidden' name='id' value='$editadminid'<table class=main cellspacing=0 cellpadding=5 width=100%>");
echo("<tr><td>Option: </td><td align='right'><input type='text' size=50 name='mod_name' value='$name'></td></tr>");
echo("<tr><td>URL-file: </td><td align='right'><input type='text' size=50 name='mod_url' value='$url'></td></tr>");
echo("<tr><td>Info: </td><td align='right'><input type='text' size=50 name='mod_info' value='$info'></td></tr>");
echo("<tr><td></td><td><div align='right'><input type='Submit' value='Change' class=btn></div></td></tr>");
echo("</table></form>");
}
end_frame();
print("</table>");
stdfoot();
die();
}

///////////////////// Remove And Edit Options Moderator \\\\\\\\\\\\\\\\\\\\\\\\\\\\

$sureee = $_GET['sureee'];
if($sureee == "yes") {
$delmodid = (int)$_GET['delmodid'];
$query = "DELETE FROM modpanel WHERE id=" .sqlesc($delmodid) . " LIMIT 1";
$sql = sql_query($query);
echo("The option is successfully removed![ Back ]");
end_frame();
print("</table>");
stdfoot();
die();
}
$delmodid = (int)$_GET['delmodid'];
$namemod = htmlspecialchars(trim($_GET['mod']));
if($delmodid > 0) {
echo("Only Sys.Admin is able to do it

");
if (get_user_class() >= UC_SYSOP) { 
echo("You and in the truth wish to remove an option? ($namemod) ( Yes! / No! )");
}
end_frame();
print("</table>");
stdfoot();
die();
}

$editmod = (int)$_GET['editmod'];
if($editmod == 1) {
$id = (int)$_GET['id'];
$mod_name = trim(htmlspecialchars($_GET['mod_name']));
$mod_url = trim(htmlspecialchars($_GET['mod_url']));
$mod_info = trim(htmlspecialchars($_GET['mod_info']));
$query = "UPDATE modpanel SET
name = ".sqlesc($mod_name).",
url = ".sqlesc($mod_url).",
info = ".sqlesc($mod_info)." 
WHERE id=".sqlesc($id);
$sql = sql_query($query);
if($sql) {
echo("Only Sys.Admin is able to do it

");
if (get_user_class() >= UC_SYSOP) { 
echo("<table class=main cellspacing=0 cellpadding=5 width=100%>");
echo("<tr><td><div align='center'>It is successfully changed[ Back ]</div></tr>");
echo("</table>");
}
end_frame();
print("</table>");
stdfoot();
die();
}
}

$editmodid = (int)$_GET['editmodid'];
$name = trim(htmlspecialchars($_GET['name']));
$url = trim(htmlspecialchars($_GET['url']));
$info = trim(htmlspecialchars($_GET['info']));
if($editmodid > 0) {
echo("Only Sys.Admin is able to do it

");
if (get_user_class() >= UC_SYSOP) { 
echo("<form name='form1' method='get' action='" . $_SERVER['SCRIPT_NAME'] . "'>");
echo("<table class=main cellspacing=0 cellpadding=5 width=100%>");
echo("<div align='center'><input type='hidden' name='editmod' value='1'>At present you change an option \"$name\"</div>");
echo("
");
echo("<input type='hidden' name='id' value='$editmodid'<table class=main cellspacing=0 cellpadding=5 width=100%>");
echo("<tr><td>Option: </td><td align='right'><input type='text' size=50 name='mod_name' value='$name'></td></tr>");
echo("<tr><td>URL-file: </td><td align='right'><input type='text' size=50 name='mod_url' value='$url'></td></tr>");
echo("<tr><td>Info: </td><td align='right'><input type='text' size=50 name='mod_info' value='$info'></td></tr>");
echo("<tr><td></td><td><div align='right'><input type='Submit' value='Change' class=btn></div></td></tr>");
echo("</table></form>");
}
end_frame();
print("</table>");
stdfoot();
die();
}


///////////////////// Add new options \\\\\\\\\\\\\\\\\\\\\\\\\\\\
$add = $_GET['add'];
if($add == 'true') {
$mod_name = trim(htmlspecialchars($_GET['mod_name']));
$mod_url = trim(htmlspecialchars($_GET['mod_url']));
$mod_info = trim(htmlspecialchars($_GET['mod_info']));
$cppanel = trim(htmlspecialchars($_GET['cppanel']));
unset($message);
if ($mod_name == '' OR $mod_url == '') {
	$message = 'Don\'t leave any fields blank';
}else{
$query = "INSERT INTO $cppanel SET name = ".sqlesc($mod_name).", url = ".sqlesc($mod_url).", info = ".sqlesc($mod_info);
$sql = sql_query($query);
if($sql) {
	$message = 'New option has been added.';
} else {
	$message = 'Database error.';
}
}
header("Location:  " . $_SERVER['SCRIPT_NAME'] . "?message=".$message);
}
if (get_user_class() >= UC_SYSOP) {
	if ($_GET['message'])
		$msg = "<font color=red>[b]".htmlspecialchars(trim($_GET['message']));
	else
		$msg = "<font color=black>ADD NEW OPTION";
echo $msg."</font>";
print("
");
echo("<form name='form1' method='get' action='" . $_SERVER['SCRIPT_NAME'] . "'>");
echo("<table class=main cellspacing=0 cellpadding=5 width=100%>");
echo("<tr><td>Name: </td><td align='left'><input type='text' size=50 name='mod_name' id=specialboxn></td></tr>");
echo("<tr><td>URL-file: </td><td align='left'><input type='text' size=50 name='mod_url' id=specialboxn></td></tr>");
echo("<tr><td>Info: </td><td align='left'><input type='text' size=50 name='mod_info' id=specialboxn></td></tr>");
echo("<tr><td>Option for: </td><td align='left'><select name='cppanel'><option value='sysoppanel'>SYSOP</option><option value='adminpanel'>ADMINISTRATOR</option><option value='modpanel'>MODERATOR</option></select><input type='hidden' name='add' value='true'> <input value='Add' type='Submit' class=btn></td></tr>");
echo("</table>");
}
echo("
");
echo("</form>");

///////////////////// Sys.Admin Only \\\\\\\\\\\\\\\\\\\\\\\\\\\\
if (get_user_class() >= UC_SYSOP) { 
echo("</center><h2>FOR SYSOP'S ONLY</h2>");
print("<center>");
print("<table border=1 class=main cellspacing=0 cellpadding=5 width=100%>");
echo("<td class=colhead>NAME/URL</td><td class=colhead>INFO</td><td class=colhead align=center>EDIT</td><td class=colhead align=center>DELETE</td>");
$query = "SELECT * FROM sysoppanel WHERE 1=1 ORDER by NAME";
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql)) {
$id = $row['id'];
$name = $row['name'];
$url = str_replace("admin/", "", $row["url"]);

$info = $row['info'];

echo("<tr><td><a href=$url>$name</a></td> <td>$info</td> <td><div align='center'>[img]$BASEURL/".$pic_base_url."multipage.gif[/img]</div></td> <td><div align='center'>[img]$BASEURL/".$pic_base_url."warned2.gif[/img]</div></td></center>");
}
print("</table>");
print("
");
print("
");
}
///////////////////// Admin Only \\\\\\\\\\\\\\\\\\\\\\\\\\\\
if (get_user_class() >= UC_ADMINISTRATOR) { 
echo("</center><h2>FOR ADMINISTRATOR'S ONLY</h2>");
print("<center>");
print("<table border=1 class=main cellspacing=0 cellpadding=5 width=100%>");
echo("<td class=colhead>NAME/URL</td><td class=colhead>INFO</td><td class=colhead align=center>EDIT</td><td class=colhead align=center>DELETE</td>");
$query = "SELECT * FROM adminpanel WHERE 1=1 ORDER by NAME";
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql)) {
$id = $row['id'];
$name = $row['name'];
$url = str_replace("admin/", "", $row["url"]);
$info = $row['info'];

echo("<tr><td><a href=$url>$name</a></td> <td>$info</td> <td><div align='center'>[img]$BASEURL/".$pic_base_url."multipage.gif[/img]</div></td> <td><div align='center'>[img]$BASEURL/".$pic_base_url."warned2.gif[/img]</div></td></center>");
}
print("</table>");
print("
");
print("
");
}
///////////////////// Moderator Only \\\\\\\\\\\\\\\\\\\\\\\\\\\\
echo("</center><h2>FOR MODERATOR'S ONLY</h2>");
print("<center>");
print("<table border=1 class=main cellspacing=0 cellpadding=5 width=100%>");
echo("<td class=colhead>NAME/URL</td><td class=colhead>INFO</td><td class=colhead align=center>EDIT</td><td class=colhead align=center>DELETE</td>");
$query = "SELECT * FROM modpanel WHERE 1=1 ORDER by NAME";
$sql = sql_query($query);
while ($row = mysql_fetch_array($sql)) {
$id = $row['id'];
$name = $row['name'];
$url = str_replace("admin/", "", $row["url"]);
$info = $row['info'];

echo("<tr><td><a href=$url>$name</a></td> <td>$info</td> <td><div align='center'>[img]$BASEURL/".$pic_base_url."multipage.gif[/img]</div></td> <td><div align='center'>[img]$BASEURL/".$pic_base_url."warned2.gif[/img]</div></td></tr></center>");
}
print("</table>");
end_frame();
end_frame();
stdfoot();
?>
And now the script checks only your class not your pincode and now i have no problems with staff panel :D \

If you have my problem try this!
Reply With Quote