xbtit_dt_fm_v7.1-SUBTITLES - Page 2

lpanosl · #11 15th November 2014, 23:17

PHP Code:


			
<?php

/////////////////////////////////////////////////////////////////////////////////////

// xbtit - Bittorrent tracker/frontend

//

// Copyright (C) 2004 - 2013  Btiteam

//

//    This file is part of xbtit DT FM.

//

// Redistribution and use in source and binary forms, with or without modification,

// are permitted provided that the following conditions are met:

//

//   1. Redistributions of source code must retain the above copyright notice,

//      this list of conditions and the following disclaimer.

//   2. Redistributions in binary form must reproduce the above copyright notice,

//      this list of conditions and the following disclaimer in the documentation

//      and/or other materials provided with the distribution.

//   3. The name of the author may not be used to endorse or promote products

//      derived from this software without specific prior written permission.

//

// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED

// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

// IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED

// TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

// PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

// LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

// NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,

// EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

//

////////////////////////////////////////////////////////////////////////////////////



//by CobraCRK 21.07.2006 - [url]www.extremeshare.org[/url] - [email]cobracrk@yahoo.com[/email]



//converted to xbtit by cooly



if (!defined("IN_BTIT"))



      die("non direct access!");



require"include/sanitize.php";

require(load_language("lang_subs.php"));







$subsaddtpl=new bTemplate();











if ($CURUSER["can_upload"]=="no")



   {



       err_msg(ERROR,NOT_AUTH_VIEW_NEWS);



       stdfoot();



       exit;



}











$nume="";

$hash="";

$pic="";

$cds="";

$autor="";

$link="";

$frame="";



if(isset($_POST['crk'])) {



$nume=$_POST['nume'];

$hash=$_POST['hash'];



$pic=$_POST['pic'];



$cds=$_POST['cds'];



$autor=$_POST['author'];



$link=$_POST['link'];



$frame=$_POST['frame'];

$idflag=intval($_POST["flag"]);

$file=$_POST["file"];

$ping=mysql_query("SELECT info_hash FROM {$TABLE_PREFIX}files WHERE info_hash='$hash'");

$find = mysql_fetch_assoc($ping);



if($hash>$find["info_hash"]){

stderr("Error","No torrent matches this info hash");

stdfoot();

exit;

}











if(empty($nume)|| empty($hash) || empty($idflag)) {



stderr("Error","Please Complete all the fields!");

stdfoot(false,false,true);



             die;



}



$file = $_FILES['file'];



if (!$file || $file["size"] == 0 || $file["name"] == "")

stderr("Error", "Nothing received! The selected file may have been too large.");





if ($file["size"] > 1048576)

stderr("Error", "Subs are too big! Max 1,048,576 bytes.");







$res=get_result("SELECT * FROM {$TABLE_PREFIX}subtitles",true);

$dupe=$res[0];





if($nume==$dupe['name']){

stderr("Error","Duplicate name!");

stdfoot(false,false,true);



             die;

}



//if($pic==$dupe['pic']){

//stderr("Error","Duplicate pic!");

//stdfoot(false,false,true);



            // die;

//}/////other subs may be the same.



//if($link==$dupe['imdb']){

//stderr("Error","Duplicate imdb link!");

//stdfoot(false,false,true);



  //           die;

//}/////other subs may be the same.





if($_FILES['file']['name']==$dupe['file']){

stderr("Error","Duplicate file name");

stdfoot(false,false,true);



             die;

}





$cds=sanitize_paranoid_string($cds);



$autor=sanitize_paranoid_string($autor);



 



$x=$_FILES['file']['name'];



if($_POST)//patch by Petr1fied

{

    $ext=substr($_FILES['file']['name'], strrpos($_FILES['file']['name'], ".")+1);

    $allowedext=array('sub', 'srt', 'zip', 'rar', 'ace', 'txt', 'SUB', 'SRT', 'ZIP', 'RAR', 'ACE', 'TXT');



    if(!in_array($ext, $allowedext))

        die("Error: File extension <strong>$ext</strong> not allowed.");



   

    $THIS_BASEPATH=dirname(__FILE__);



    $target_path = "subtitles/";



    $target_path = $target_path . basename( $_FILES['file']['name']); 



    $handle = fopen($_FILES['file']['tmp_name'], "r");

    $haystack = fread($handle, filesize($_FILES['file']['tmp_name']));

    fclose($handle);



    $needles=array("<?php", "<?", "?>");

    $found=0;



    foreach ($needles as $needle)

    {

        if (!(strpos($haystack,$needle)===false))

        {

            $found=1;

            break;

        }

    }



    if($found==1)

        die("Upload not permitted");

    else

    {







if(move_uploaded_file($_FILES['file']['tmp_name'], $target_path)) {



$uid=$CURUSER['uid'];



@chmod("$THIS_BASEPATH/$target_path", 0777); 

}



}



mysql_query("INSERT INTO `{$TABLE_PREFIX}subtitles` (`id`, `name`, `hash`, `file`, `imdb`, `pic`, `Framerate`, `cds`, `uploader`, `downloaded`, `author`, `flag`) VALUES ('', '$nume', '$hash', '$x', '$link', '$pic', '$frame', '$cds', $uid, 0, '$autor',$idflag); ") or die(mysql_error());







    success_msg("Success","The subtitle was added to the database!<br><a href=index.php?page=subtitles>Back To Subtitles!</a>");

    stdfoot(false,false,true);



             die;



} else{



   stderr("Error","There was an error while uploading, please try again!");



    stdfoot(false,false,true);



             die;       



       



       



}





}



else {



   $fres=flag_list();

   $option="\n<select name=\"flag\" size=\"1\">\n<option value='0'>---</option>";



   $thisip = $_SERVER["REMOTE_ADDR"];

   $remotedns = gethostbyaddr($thisip);



   if ($remotedns != $thisip)

       {

       $remotedns = strtoupper($remotedns);

       preg_match('/^(.+)\.([A-Z]{2,3})$/', $remotedns, $tldm);

       if (isset($tldm[2]))

              $remotedns = mysql_escape_string($tldm[2]);

     }



   foreach($fres as $flag)

    {

        $option.="\n<option ";

            if ($flag["id"]==$dati["flag"] || ($flag["domain"]==$remotedns && $action=="signup"))

              $option.="\"selected\" ";

            $option.="value=\"".$flag["id"]."\">".$flag["name"]."</option>";

    }

   $option.="\n</select>";











$upform="<form id=\"form1\" enctype=\"multipart/form-data\" name=\"form1\" method=\"post\" action=\"index.php?page=subadd\">



<p>&nbsp;</p>



<table border=\"0\" align=\"center\">

<tr><td class=\"block\" colspan=\"4\">&nbsp;</td></tr><tr>



  <tr>



    <td class=\"header\">".$language['SUB_NAME']." *</td>



    <td class=\"lista\"><input name=\"nume\" type=\"text\" id=\"nume\" size=\"40\" /></td>



  </tr>

   <tr>



    <td class=header>".$language['SUB_HASH']." *</td>



    <td class=\"lista\"><input name=\"hash\" type=\"text\" id=\"hash\" size=\"40\" /></td>



  </tr>



  <tr>



    <td class=\"header\">".$language['SUB_IMDB']."</td>



    <td class=\"lista\"><input name=\"link\" type=\"text\" id=\"link\" size=\"40\" /></td>



  </tr>

       <tr>



       <td align=\"left\" class=\"header\">".$language['SUB_LANG']." *</td>



       <td align=\"left\" class=\"lista\">".$option."</td>



    </tr>



  <tr>



    <td class=\"header\">".$language['SUB_IMG']."</td>



    <td class=\"lista\"><input name=\"pic\" type=\"text\" id=\"pic\" size=\"40\" /></td>



  </tr>



  <tr>



    <td class=\"header\">".$language['SUB_FR']."</td>



    <td class=\"lista\"><input name=\"frame\" type=\"text\" id=\"frame\" size=\"10\" /></td>



  </tr>



  <tr>



    <td class=\"header\">".$language['SUB_CD']."</td>



    <td class=\"lista\"><input name=\"cds\" type=\"text\" id=\"cds\" size=\"10\" /></td>



  </tr>



  <tr>



    <td class=\"header\">".$language['SUB_AUTH']."</td>



    <td class=\"lista\"><input name=\"author\" type=\"text\" id=\"author\" size=\"40\" /></td>



  </tr>



  <tr>



    <td class=\"header\">".$language['SUB_FILE']." *</td>



    <td class=\"lista\"><br />



      <input type=\"file\" name=\"file\" />



<br />".$language['SUB_FILE_T']."

</td>



  </tr>



</table>







<p align=\"center\">



  <input name=\"crk\" type=\"hidden\" id=\"crk\" value=\"100\" />



  <input class=btn name=\"Submit\" type=\"submit\" id=\"Submit\" value=\"".$language['SUB']."\" />&nbsp;".$language['SUBCANCEL']."



</p>



</form>";







}









$subsaddtpl->set("upform",$upform);



//converted to xbtit by cooly



//by CobraCRK 21.07.2006 - [url]www.extremeshare.org[/url] - [email]cobracrk@yahoo.com[/email]



?>

firefly007 · #12 15th November 2014, 23:23

I sent you a PM

lpanosl · #13 15th November 2014, 23:25

as i say its test server i will delete if we solve the problem

firefly007 · #14 15th November 2014, 23:58

Fixed!! please test

lpanosl · #15 16th November 2014, 00:04

yesss..thnks :). add subs fixed...where was the problem???

firefly007 · #16 16th November 2014, 00:07

Command out wasn't closed !!

Eg

lpanosl · #17 16th November 2014, 00:11

oo ok...and what about Search
???

firefly007 · #18 16th November 2014, 00:34

done!

Bump: You must make sure that use use a correct interpreter when editing files if indeed you are editing them :)

lpanosl · #19 16th November 2014, 00:45

thnk you very much ...

there was proble only on those two files?
(index.php,subtitle_add.php)

firefly007 · #20 16th November 2014, 00:50

Don't know for sure but it seems like it.