Bravo List

Bravo List (http://www.bvlist.com/index.php)
-   Mods & Themes (http://www.bvlist.com/forumdisplay.php?f=109)
-   -   request mod for tbv 08 (http://www.bvlist.com/showthread.php?t=8517)

wMan 22nd November 2012 02:53

request mod for tbv 08
 
request mod for tbv 08
hello im looking for a request mod any one help with this as ive made a 08 site and need a request mod to complate the code will post the fully mod to blist when done it as it is nearly fully mod:drink:

rabtb 27th November 2012 22:41

think i got it all anything missing lemme know

SQL
Code:

CREATE TABLE IF NOT EXISTS `requests` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `userid` int(10) unsigned NOT NULL DEFAULT '0',
  `request` varchar(225) DEFAULT NULL,
  `descr` text NOT NULL,
  `added` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  `hits` int(10) unsigned NOT NULL DEFAULT '0',
  `cat` int(10) unsigned NOT NULL DEFAULT '0',
  `filledby` int(10) unsigned NOT NULL DEFAULT '0',
  `filledurl` varchar(70) DEFAULT NULL,
  `filled` enum('yes','no') NOT NULL DEFAULT 'no',
  PRIMARY KEY (`id`),
  KEY `userid` (`userid`),
  KEY `id_added` (`id`,`added`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1461 ;

viewrequests.php

Code:


require_once("include/bittorrent.php");

dbconn(false);

loggedinorreturn();

parked();                //=== uncomment if you use the parked mod

function bark($msg) {
stdhead("Requests Error");
stdmsg("Error!", $msg);
 stdfoot();
 exit;
}

if ($_GET["category"]){
$categ = isset($_GET['category']) ? (int)$_GET['category'] : 0;
if(!is_valid_id($categ))
stderr("Error", "I smell a rat!");
}

if ($_GET["requestorid"]){
$requestorid = 0 + htmlentities($_GET["requestorid"]);
if (ereg("^[0-9]+$", !$requestorid))
stderr("Error", "I smell a rat!");
}

if ($_GET["id"]){
$id = 0 + htmlentities($_GET["id"]);
if (ereg("^[0-9]+$", !$id))
stderr("Error", "I smell a rat!");
}

//==== add request
if ($_GET["add_request"]){

$add_request = 0 + $_GET["add_request"];
if($add_request != '1')
stderr("Error", "I smell a rat!");

stdhead("Requests Page");

if (get_user_class() < UC_LIGHT_WEIGHT)        //=== requests for VIP and above
{
begin_frame("Sorry",true);
 print("

Oups!

You must be VIP or above AND have a ratio above 1.0 to make a request. Please see the ".
 "FAQ for more information on different user classes and what they can do.

" .$SITENAME." staff");
die();
}

//=== only allow users with a ratio of at least .5 who have uploaded at least 10 gigs or VIP and above
if ($CURUSER)
{
  // ratio as a string
        function format_ratio($up,$down, $color = True)
        {
                if ($down > 0)
                {
                        $r = number_format($up / $down, 2);
            if ($color)
                                $r = "$r";
                }
                else
                        if ($up > 0)
                          $r = "'Inf.'";
                  else
                          $r = "'---'";
                return $r;
        }

        if ($CURUSER["class"] < UC_LIGHT_WEIGHT)
        {
        $gigsdowned = ($CURUSER["downloaded"]);
        if ($gigsdowned >= 10737418240){
          $gigs = $CURUSER["uploaded"] / (1024*1024*1024);
          $ratio = (($CURUSER["downloaded"] > 0) ? ($CURUSER["uploaded"] / $CURUSER["downloaded"]) : 0);
          }
        }
//=== use this if you are using the Karma point system
/*begin_frame("Request Rules",true);
        print("To make a request you must have a ratio of at least 1.0 AND have uploaded at least 10 GB.".
        " A request will also cost you 5 Karma Points.... In your particular case ".
        "" . $CURUSER['username'] . ", ");
*/
//=== use this if you are NOT using the Karma point system
begin_frame("Request Rules",true);
        print("To make a request you must have a ratio of at least 1.0 AND have uploaded at least 10 GB. ".
        "In your particular case " . $CURUSER['username'] . ", ");

$gigsupped = ($CURUSER["uploaded"]);
$ratio = (($CURUSER["downloaded"] > 0) ? ($CURUSER["uploaded"] / $CURUSER["downloaded"]) : 0);

//===karma          //=== uncomment this bit if you are using the karma system
/*
if ($CURUSER["seedbonus"] <5.0)
          print("you do not have enough Karma Points ...".
          " you can not make requests.

To view all requests, click here

\n");
//===end
*/
//=== if you are using the karma mod change this next line too
//elseif ($gigsupped < 10737418240)
if ($gigsupped < 10737418240)
          print("you have not yet uploaded 10 GB... you can not make requests.

".
          "To view all requests, click here

\n");
elseif ($ratio < 1.0){
        $byboth = $byratio && $byul;
            print(
              ($byboth ? "both " : "") .
              ($byratio ? "your ratio of " . format_ratio($CURUSER["uploaded"],$CURUSER["downloaded"]) : "") .
              ($byboth ? " and " : "") .
              ($byul ? "your total uploaded of " . round($gigs,2) . " GB" : "") . "" .
              ($byboth ? "" : "") . " We see that you have not met the minimum requirements." .
              ($byboth ? "" : " (because your " . ($byratio ? "total uploaded is " . round($gigs,2) . " GB" : "ratio is " . format_ratio($CURUSER["uploaded"],$CURUSER["downloaded"])) . ".)

To view all requests, click here

\n"));
        }
else
        {
print("you can make requests.

To view all requests, click here

\n");

//===end check

print("
".
"Please search torrents before adding a request! And make sure the file is on nforce as a release
".
"in if ($_GET["incldead"])
$deadchkbox .= " checked=\"checked\"";
$deadchkbox .= " /> including dead torrents\n";
print(" ".$catdropdown." ".$deadchkbox."
\n");

print("
".
"".
"".
"
".
"Requests are for Users with a good ratio who have uploaded at least 10 gigs Only... Share and you shall recieve!
Title:".
"
Image:".
"(Direct link to image, NO TAGS NEEDED! Will be shown in description)
Description:\n");
textbbcode("compose","body","$body");
print("
\n");
}
}

$res = mysql_query("SELECT users.username, requests.id, requests.userid, requests.request, requests.added, uploaded, downloaded, categories.image, categories.name as cat FROM requests inner join categories on requests.cat = categories.id inner join users on requests.userid = users.id order by requests.id desc LIMIT 10") or sqlerr();
$num = mysql_num_rows($res);

print("".
"".
"\n");
for ($i = 0; $i < $num; ++$i)
{
//=======change colors
                if($count == 0)
{
$count = $count+1;
$class = "clearalt6";
}
else
{
$count = 0;
$class = "clearalt7";
}
                //=======end
 $arr = mysql_fetch_assoc($res);
 {
$addedby = "";
 }

 print("" .
 "".
  "$addedby\n");
}
print("
CategoryRequestAddedRequested By
$arr[username]
$arr[request]$arr[added]
".
"
\n");

stdfoot();
die;
}
//=== end requests

//=== take new request
if ($_GET["new_request"]){

$new_request = 0 + $_GET["new_request"];
if($new_request != '1')
stderr("Error", "I smell a rat!");

$userid = 0 + $CURUSER["id"];
if (ereg("^[0-9]+$", !$userid))
stderr("Error", "I smell a rat!");

$request = htmlentities($_POST["requesttitle"]);
if ($request == "")
 bark("You must enter a title!");

$cat = (0 + $_POST["category"]);
if (!is_valid_id($cat))
 bark("You must select a category to put the request in!");

$descrmain = unesc($_POST["body"]);
if (!$descrmain)
 bark("You must enter a description!");

if (!empty($_POST['picture'])){
$picture = unesc($_POST["picture"]);
if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture))
stderr("Error", "Image MUST be in jpg, gif or png format.");
$pic = "[img]".$picture."[/img]\n";
}
$descr = "$pic";
$descr .= "$descrmain";

$userid = sqlesc($userid);
$request2 = sqlesc($request);
$descr = sqlesc($descr);
$cat = sqlesc($cat);

mysql_query("INSERT INTO requests (hits,userid, cat, request, descr, added) VALUES(1,$CURUSER[id], $cat, $request2, $descr, '" . get_date_time() . "')") or sqlerr(__FILE__,__LINE__);
$id = mysql_insert_id();
@mysql_query("INSERT INTO addedrequests VALUES(0, $id, $CURUSER[id])") or sqlerr();

//===add karma          //===  uncomment using karma mod
//mysql_query("UPDATE users SET seedbonus = seedbonus-5.0 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);
//===end

write_log("Request ($request) was added to the Request section by $CURUSER[username]");

header("Refresh: 0; url=viewrequests.php?id=$id&req_details=1");
}
//===end take new request

//=== request details
if ($_GET["req_details"]){

$req_details = 0 + $_GET["req_details"];
if($req_details != '1')
stderr("Error", "I smell a rat!");

$id = 0+$_GET["id"];

stdhead("Request Details");

$res = mysql_query("SELECT *,UNIX_TIMESTAMP(added) as utadded FROM requests WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

//$timezone = display_date_time($num["utadded"] , $CURUSER[tzoffset] );        //=== use this line if you have the timezone mod
$timezone = get_date_time($num["utadded"]);

$s = $num["request"];

begin_frame("Details Of Request: $s",true);
print("");
if ($num["descr"]){
$req_bb = format_comment($num["descr"]);
print("");
}
print("");

$cres = mysql_query("SELECT username FROM users WHERE id=$num[userid]");
  if (mysql_num_rows($cres) == 1)
  {
    $carr = mysql_fetch_assoc($cres);
    $username = "$carr[username]";
  }

if ($CURUSER[id] == $num[userid] || get_user_class() >= UC_MODERATOR){
$edit = "[ Edit Request ]";
$delete = "[ Delete Request ]";
if ($num["filled"] == yes)
$reset = "[ Re-set Request ]";
}

//=== chances are you have some sort of "report" function in your site...
//=== if so, use the below bit and adjust it to work with your report script...

/*print("");
*/

//=== use this if you have no report function
print("");


if ($num["filled"] == no)
{
print("".
"".
"
".
"$s
$req_bb
Added:$timezone
Requested By:".
"$username  $edit  $delete
".
"Vote for this request:
Vote".
"
Report Request:".
"
for breaking the rules ".
"
Requested By:".
"$username  $edit  $delete $reset
".
"Vote for this request:
Vote".
"
Fill This Request:".
"Enter the full URL of the torrent i.e. $BASEURL/details.php?id= [ just copy/paste from another window/tab or modify the existing URL to have the correct ID number ]
\n");
}
if ($num["filled"] == yes)
print("
This Request was filled:$num[filledurl]
");

//--- added comments
function reqcommenttable($rows)
{
      global $CURUSER, $HTTP_SERVER_VARS;
      begin_main_frame();
      begin_frame();
      $count = 0;

      foreach ($rows as $row)
      {
//=======change colors
                if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}
print("");
                begin_table(true);
                print("

#" . $row["id"] . " by: ");
  if (isset($row["username"]))
 {
 $username = $row["username"];
 $ratres = mysql_query("SELECT uploaded, downloaded from users where username='$username'");
      $rat = mysql_fetch_array($ratres);
 if ($rat["downloaded"] > 0)
{
$ratio = $rat['uploaded'] / $rat['downloaded'];
$ratio = number_format($ratio, 3);
$color = get_ratio_color($ratio);
if ($color)
$ratio = "$ratio";
}
else
if ($rat["uploaded"] > 0)
    $ratio = "Inf.";
else
$ratio = "---";

        $title = $row["title"];
        if ($title == "")
  $title = get_user_class_name($row["class"]);
        else
  $title = htmlspecialchars($title);
      print("               " href=userdetails.php?id=" . $row["user"] . ">" .
              htmlspecialchars($row["username"]) . "
" . ($row["donor"] == "yes" ? "Donor" : "") . ($row["warned"] == "yes" ? "\"Warned\"" : "") . " ($title) (ratio: $ratio)\n");
 }
 else
 print("(orphaned)\n");

 //=== if using report mod uncomment the next bit and change to your report system

 print(" at " . $row["added"] . " GMT
     " .
        ($row["user"] == $CURUSER["id"] || get_user_class() >= UC_MODERATOR ? "[ Edit ]" : "") .
        (get_user_class() >= UC_MODERATOR ? "  [ Delete ] " : "") .
        ($row["editedby"] && get_user_class() >= UC_MODERATOR ? "" : "") . " [ Profile ] [ PM ] [ Report ]

\n");
 /*
 //=== if not using report use this instead
 print(" at " . $row["added"] . " GMT     " .
        ($row["user"] == $CURUSER["id"] || get_user_class() >= UC_MODERATOR ? "[ Edit ]" : "") .
        (get_user_class() >= UC_MODERATOR ? "  [ Delete ] " : "") .
        ($row["editedby"] && get_user_class() >= UC_MODERATOR ? "" : "") . " [ Profile ] [ PM ]

\n");
  */
 $avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($row["avatar"]) : "");
 if (!$avatar)
        $avatar = "$imgdir/pic/default_avatar.gif";

 $text = format_comment($row["text"]);
  if ($row["editedby"])
$text .= "

Edited by $row[username]  $row[editedat] GMT

\n";
print("$text\n");
end_table();
}
end_frame();
end_main_frame();
}
//=== end request comment

print("

\n");

      $commentbar = "

Add Comment

\n";
      $subres = mysql_query("SELECT COUNT(*) FROM comments WHERE request = $id");
      $subrow = mysql_fetch_array($subres);
      $count = $subrow[0];
print("");

if (!$count)
print("

No comments

\n");
else {
 list($pagertop, $pagerbottom, $limit) = pager(20, $count, "viewrequests.php?id=$id&req_details=1&", array(lastpagedefault => 1));
$subres = mysql_query("SELECT comments.id, text, user, comments.added, editedby, editedat, avatar, warned, ".
                "username, title, class, donor FROM comments LEFT JOIN users ON comments.user = users.id WHERE request = " .
                "$id ORDER BY comments.id $limit") or sqlerr(__FILE__, __LINE__);

 $allrows = array();
 while ($subrow = mysql_fetch_array($subres))
        $allrows[] = $subrow;

 print($commentbar);
 print($pagertop);
 reqcommenttable($allrows);
 print($pagerbottom);
}
 print($commentbar);

end_frame();
die;
}
//=== end request details

//=== added edit request
if ($_GET["edit_request"]) {

$edit_request = 0 + $_GET["edit_request"];
if($edit_request != '1')
stderr("Error", "I smell a rat!");

$id = 0+$_GET["id"];

$res = mysql_query("SELECT *,UNIX_TIMESTAMP(added) as utadded FROM requests WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

//$timezone = display_date_time($num["utadded"] , $CURUSER[tzoffset] );        //=== use this line if you have timezone mod
$timezone = get_date_time($num["utadded"]);

$s = $num["request"];
$id2 = $num["cat"];

if ($CURUSER["id"] != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error!", "This is not your Request to edit.");

$request = sqlesc($s);
$body = htmlspecialchars(unesc($num["descr"]));
$res2 = mysql_query("SELECT name FROM categories WHERE id=$id2")or sqlerr(__FILE__, __LINE__);
$num2 = mysql_fetch_array($res2);
$name = $num2["name"];
$s2 = "\n";

stdhead("Edit Request");

print("
".
"".
"".
"\n");
//=== if staff
if (get_user_class() >= UC_MODERATOR){
print("".
"");
}
//===end  if staff
print("

Edit Request ".
"\":\" $s

Title: Type: $s2
Image:".
"(Direct link to image. NO TAG NEEDED! Will be shown in description)".
"
Description:\n");
textbbcode("compose","body","$body");
print("
Staff only:
Filled:".
"
Filled by id:".
"
".
"Torrent url:
\n");

stdfoot();
die;
}
//===end added edit request

//==== take req edit
if ($_GET["take_req_edit"]){

$take_req_edit = 0 + $_GET["take_req_edit"];
if($take_req_edit != '1')
stderr("Error", "I smell a rat!");

$id = 0 + $_GET["id"];

$res = mysql_query("SELECT userid FROM requests WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

if ($CURUSER["id"] != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error", "Access denied.");

$request = htmlentities($_POST["requesttitle"]);
if (!empty($_POST['picture'])){
$picture = unesc($_POST["picture"]);
if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture))
stderr("Error", "Image MUST be in jpg, gif or png format.");
$pic = "[img]".$picture."[/img]\n";
}
$descr = "$pic";
$descr .= unesc($_POST["body"]);
if (!$descr)
  bark("You must enter a description!");
$cat = (0 + $_POST["category"]);
if (!is_valid_id($cat))
        bark("You must select a category to put the request in!");

$request = sqlesc($request);
$descr = sqlesc($descr);
$cat = sqlesc($cat);
$filledby = htmlentities( 0 + $_POST["filledby"]);
$filled = $_POST["filled"];
if ($filled)
{
if (!is_valid_id($filledby))
        bark("Not a valid id!");
$res = mysql_query("SELECT id FROM users WHERE id=".$filledby."");
if (mysql_num_rows($res) == 0)
      bark("ID doesn't match any users, try again");

$filledurl = htmlentities($_POST['filledurl']);
if(!preg_match("#^".preg_quote("$BASEURL/details.php?id=")."([0-9]{1,6})$#", $filledurl))
stderr("Error", "Something is wrong with that url. URL must be: $BASEURL/details.php?id=(torrent id)");

if (!$filledurl)
        bark("No torrent url");
mysql_query("UPDATE requests SET cat=$cat, request=$request, descr=$descr, filledby=$filledby, filled ='yes', filledurl='$filledurl' WHERE id = $id") or sqlerr(__FILE__,__LINE__);
}
else
mysql_query("UPDATE requests SET cat=$cat, filledby = 0, request=$request, descr=$descr, filled = 'no' WHERE id = $id") or sqlerr(__FILE__,__LINE__);

header("Refresh: 0; url=viewrequests.php?id=$id&req_details=1");
}
//=== end take req edit

//=== request filled
if ($_GET["req_filled"]){

$req_filled = 0 + $_GET["req_filled"];
if($req_filled != '1')
stderr("Error", "I smell a rat!");

if ($_GET["requestid"]){
$requestid = 0 + htmlentities($_GET["requestid"]);
if (ereg("^[0-9]+$", !$requestid))
stderr("Error", "I smell a rat!");
}

$filledurl = htmlentities($_POST['filledurl']);
if(!preg_match("#^".preg_quote("$BASEURL/details.php?id=")."([0-9]{1,6})$#", $filledurl))
stderr("Error", "Something is wrong with that url. URL must be: $BASEURL/details.php?id=(torrent id)");

stdhead("Request Filled");

begin_main_frame();

$res = mysql_query("SELECT users.username, requests.userid, requests.filled, requests.request FROM requests inner join users on requests.userid = users.id where requests.id = $requestid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);

$res2 = mysql_query("SELECT username FROM users where id =" . $CURUSER[id]) or sqlerr(__FILE__, __LINE__);
$arr2 = mysql_fetch_assoc($res2);

if ($arr['filled']==no){
$msg = "Your request, " . $arr[request] . " has been filled by " . $arr2[username] . ". You can download your request from " . $filledurl. ".  Please do not forget to leave thanks where due.  If for some reason this is not what you requested, please reset your request so someone else can fill it by following this link.  Do NOT follow this link unless you are sure that this does not match your request.";

mysql_query ("UPDATE requests SET filled = 'Yes', filledurl = '$filledurl', filledby = $CURUSER[id] WHERE id = $requestid") or sqlerr(__FILE__, __LINE__);

//=== remove the next query if you DON'T have subject in your PM system and use the other one
mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg, subject, location) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ", 'Request Filled', 1)") or sqlerr(__FILE__, __LINE__);
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg, location) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ", 1)") or sqlerr(__FILE__, __LINE__); //=== use this line if you don't have subject in your PM system

//===add karma        uncomment if you have the karma system
//mysql_query("UPDATE users SET seedbonus = seedbonus+10.0 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);
//===end

//===notify people who voted on request thanks CoLdFuSiOn :)
//$res = mysql_query("SELECT `userid` FROM `addedrequests` WHERE `requestid` = $requestid AND userid != $arr[userid]") or sqlerr(__FILE__, __LINE__);
//$pn_msg = "The Request you voted for " . $arr[request] . " has been filled by " . $arr2[username] . ". You can download your request from " . $filledurl. ".  Please do not forget to leave thanks where due.";
//$some_variable = '';
//while($row = mysql_fetch_assoc($res)) {
//=== use this if you DO have subject in your PMs
//$some_variable .= "(0, 0, 'Request " . $arr[request] . " was just uploaded', $row[userid], '" . get_date_time() . "', " . sqlesc($pn_msg) . ")";
//=== use this if you DO NOT have subject in your PMs
//$some_variable = "(0, 0, $row[userid], '" . get_date_time() . "', " . sqlesc($pn_msg) . ")";
//}
//=== use this if you DO have subject in your PMs
//mysql_query("INSERT INTO messages (poster, sender, subject, receiver, added, msg) VALUES ".$some_variable."") or sqlerr(__FILE__, __LINE__);
//=== use this if you do NOT have subject in your PMs
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES ".$some_variable."") or sqlerr(__FILE__, __LINE__);
//===end

print("

Succex!

".
"Request $requestid successfully filled with $filledurl.  ".
"User $arr[username] automatically PMd.  ".
"If you have made a mistake in filling in the URL or have realised that your torrent does not actually satisfy this request".
", please reset the request so someone else can fill it by clicking HERE".
"  Do NOT follow this link unless you are sure there is a problem.
");
}
else
{
print("

Succex!

".
"Request $requestid successfully filled with $filledurl.  User ".
"$arr[username] automatically PMed.  ".
"If you have made a mistake in filling in the URL or have realised that your torrent does not actually satisfy this request".
", please reset the request so someone else can fill it by clicking HERE".
"  Do NOT follow this link unless you are sure there is a problem.
");
}

end_main_frame();
stdfoot();
die;
}
//===end req filled

//=== request reset
if ($_GET["req_reset"]){

$req_reset = 0 + $_GET["req_reset"];
if($req_reset != '1')
stderr("Error", "I smell a rat!");

$requestid = htmlentities($_GET["id"]);
$requestid = 0 + $requestid;

stdhead("Reset Request");

begin_main_frame();

$res = mysql_query("SELECT userid, filledby,filled FROM requests WHERE id =$requestid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);

if (($CURUSER[id] == $arr[userid]) || (get_user_class() >= UC_MODERATOR) || ($CURUSER[id] == $arr[filledby]))
{
//===remove karma remove if not using karma system
 if ($arr['filled']=='yes')
 mysql_query("UPDATE users SET seedbonus = seedbonus-10.0 WHERE id = $arr[filledby]") or sqlerr(__FILE__, __LINE__);
 //===end
 @mysql_query("UPDATE requests SET filled='no', filledurl='', filledby='0' WHERE id =$requestid") or sqlerr(__FILE__, __LINE__);

print("".
"

Succex!

Request $requestid successfully reset.
");
}
else{
print("

Error!

".
"Sorry, cannot reset a request when you are not the owner, staff or person filling it.
");
}

end_main_frame();
stdfoot();
die;
}
//===end request reset

//=== vote for request
if ($_GET["req_vote"]){

$req_vote = 0 + $_GET["req_vote"];
if($req_vote != '1')
stderr("Error", "I smell a rat!");

$requestid = 0 + $_GET["id"];

$userid = 0 + $CURUSER["id"];
if (!is_valid_id($userid))
stderr("Error", "I smell a rat!");

stdhead("Vote");

$res = mysql_query("SELECT * FROM addedrequests WHERE requestid=$requestid and userid = $userid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);
$voted = $arr;

if ($voted) {
print("

You've Already Voted

".
"

You've already voted for this request, only 1 vote for each request is allowed

".
"

Back to request details

");
}
else
{
mysql_query("UPDATE requests SET hits = hits + 1 WHERE id=$requestid") or sqlerr(__FILE__,__LINE__);
@mysql_query("INSERT INTO addedrequests VALUES(0, $requestid, $userid)") or sqlerr(__FILE__,__LINE__);
print("

Vote accepted

".
"

Successfully voted for request $requestid

Back to ".
"request details

");
}
stdfoot();
die;
}
//=== end vote for request

//===  votes_view
if ($_GET["votes_view"]){

$votes_view = 0 + $_GET["votes_view"];
if($votes_view != '1')
stderr("Error", "I smell a rat!");

$requestid = 0 + $_GET["requestid"];
if (!is_valid_id($requestid))
stderr("Error", "I smell a rat!");

$res2 = mysql_query("select count(addedrequests.id) from addedrequests inner join users on addedrequests.userid = users.id inner join requests on addedrequests.requestid = requests.id WHERE addedrequests.requestid =$requestid") or die(mysql_error());
$row = mysql_fetch_array($res2);
$count = $row[0];


$perpage = 25;

 list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] ."?" );

$res = mysql_query("select users.id as userid,users.username, users.downloaded,users.uploaded, requests.id as requestid, requests.request from addedrequests inner join users on addedrequests.userid = users.id inner join requests on addedrequests.requestid = requests.id WHERE addedrequests.requestid =$requestid $limit") or sqlerr();

stdhead("Voters");

$res2 = mysql_query("select request from requests where id=$requestid");
$arr2 = mysql_fetch_assoc($res2);

print("

Voters for $arr2[request]

");
print("

Vote for this request

");

echo $pagertop;

if (mysql_num_rows($res) == 0)
 print("

Nothing found

\n");
else
{
 print("\n");
 print("".
  "\n");

 while ($arr = mysql_fetch_assoc($res))
 {
//=======change colors
                if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}
if ($arr["downloaded"] > 0)
{
      $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 3);
      $ratio = "$ratio";
    }
    else
      if ($arr["uploaded"] > 0)
        $ratio = "Inf.";
 else
  $ratio = "---";
$uploaded =mksize($arr["uploaded"]);
$joindate = "$arr[added] (" . get_elapsed_time(sql_timestamp_to_unix_timestamp($arr["added"])) . " ago)";
$downloaded = mksize($arr["downloaded"]);
if ($arr["enabled"] == 'no')
 $enabled = "No";
else
 $enabled = "Yes";

 print("\n");
 }
 print("
UsernameUploadedDownloadedShare Ratio
$arr[username]$uploaded$downloaded$ratio
\n");
}

echo $pagerbottom;

stdfoot();
die;
}
//===end votes_view

//=== delete request user / staff
if ($_GET["del_req"]){

$del_req = 0 + $_GET["del_req"];
if($del_req != '1')
stderr("Error", "I smell a rat!");

$requestid = 0 + $_GET["id"];

$userid = 0 + $CURUSER["id"];
if (!is_valid_id($userid))
stderr("Error", "I smell a rat!");

$res = mysql_query("SELECT * FROM requests WHERE id = $requestid") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

if ($userid != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error", "This is not your Request to delete!");

$sure = 0 + $_GET["sure"];

 if ($sure == 0)
 stderr("Delete Request", "You`re about to delete this request. Click\n here, if you`re sure.");
elseif ($sure == 1){
mysql_query("DELETE FROM requests WHERE id=$requestid") or sqlerr(__FILE__,__LINE__);
mysql_query("DELETE FROM addedrequests WHERE requestid = $requestid") or sqlerr(__FILE__,__LINE__);
mysql_query("DELETE FROM comments WHERE request=$requestid") or sqlerr(__FILE__,__LINE__);
write_log("Request: $request ($num[request]) was deleted from the Request section by $CURUSER[username]");
header("Refresh: 0; url=viewrequests.php");
}
else
stderr("Error", "I smell a rat!");
}
//===end delete request user / staff

//=== delete multi requests for staff
if ($_GET["staff_delete"]){

$staff_delete = 0 + $_GET["staff_delete"];
if($staff_delete != '1')
stderr("Error", "I smell a rat!");

if (get_user_class() >= UC_MODERATOR)
{
if (empty($_POST["delreq"]))
  bark("Don't leave any fields blank.");

$do="DELETE FROM requests WHERE id IN (" . implode(", ", $_POST[delreq]) . ")";
$do2="DELETE FROM addedrequests WHERE requestid IN (" . implode(", ", $_POST[delreq]) . ")";
$do3="DELETE FROM comments WHERE request IN (" . implode(", ", $_POST[delreq]) . ")";
$res=mysql_query($do);
$res2=mysql_query($do2);
$res3=mysql_query($do3);
}
else
{
bark("You're not staff, bugger off");}
header("Refresh: 0; url=viewrequests.php");
}
// end delete multi requests

//=== prolly not needed, but what the hell... basically stopping the page getting screwed up
if ($_GET["sort"]){
$sort = $_GET["sort"];
if($sort == 'votes' || $sort == 'cat' || $sort == 'request' || $sort == 'added')
$sort = $_GET["sort"];
else
stderr("Error", "I smell a rat!");
}
if ($_GET["filter"]){
$filter = $_GET["filter"];
if($filter == 'true' || $filter == 'false')
$filter = $_GET["filter"];
else
stderr("Error", "I smell a rat!"); 
}
//=== end of prolly not needed, but what the hell :P

stdhead("Requests Page");

begin_main_frame();

print("
".
"

Requests Section

\n

Make a request  View my requests

".
"

Hide Filled");

//==== for mods only to make deleting filled requests simple... yeah, I'm lazy :P
if (get_user_class() >= UC_MODERATOR)
print(" - Only Filled");
print("

Look in the Offers Section before you make a Request

");

$search = htmlspecialchars ($_GET["search"]);
$search = " AND requests.request like ".sqlesc('%'.$search.'%');

if ($sort == "votes")
$sort = " ORDER BY hits DESC";
elseif ($sort == "cat")
$sort = " ORDER BY cat ";
else if ($sort == "request")
$sort = " ORDER BY request ";
else if ($sort == "added")
$sort = " ORDER BY added ASC";
else
$sort = " ORDER BY added DESC";

if ($filter == "true")
$filter = " AND requests.filledby = '0' ";
elseif ($filter == "false")
$filter = " AND requests.filled = 'yes' ";
else
$filter = "";

if ($requestorid <> NULL)
      {
      if (($categ <> NULL) && ($categ <> 0))
 $categ = "WHERE requests.cat = " . $categ . " AND requests.userid = " . $requestorid;
      else
 $categ = "WHERE requests.userid = " . $requestorid;
      }

else if ($categ == 0)
      $categ = '';
else
      $categ = "WHERE requests.cat = " . $categ;

$res = mysql_query("SELECT count(requests.id) FROM requests inner join categories on requests.cat = categories.id inner join users on requests.userid = users.id  $categ $filter $search") or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_array($res);
$count = $row[0];

$perpage = 25;

list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] ."?" . "category=" . $_GET[category] . "&sort=" . $_GET["sort"] . "&" );
print("
");

$res = mysql_query("SELECT users.downloaded, users.uploaded, users.username, requests.filled, requests.filledby, requests.id, requests.userid, requests.request, requests.added, requests.hits, requests.filledurl, categories.image, categories.name as cat FROM requests inner join categories on requests.cat = categories.id inner join users on requests.userid = users.id  $categ $filter $search $sort $limit") or sqlerr(__FILE__, __LINE__);
$num = mysql_num_rows($res);

print("
\n");
print("
Search Requests: ".
"
");

echo $pagertop;
?>

print("
".
"".
"".
"".
"".
"");
if (get_user_class() >= UC_MODERATOR)
print("");

print("\n");
for ($i = 0; $i < $num; ++$i)
{
//=======change colors
                if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}

$arr = mysql_fetch_assoc($res);

if ($arr["downloaded"] > 0)
  {
    $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 2);
    $ratio = "$ratio";
  }
  else if ($arr["uploaded"] > 0)
      $ratio = "Inf.";
  else
      $ratio = "---";

$res2 = mysql_query("SELECT username from users where id=" . $arr[filledby]);
$arr2 = mysql_fetch_assoc($res2);
if ($arr2[username])
      $filledby = $arr2[username];
else
      $filledby = " ";
$addedby = "$arr[username] ($ratio)";
$filled = $arr[filled];
if ($filled =="yes")
      $filled = "Yes";
else
      $filled = "No";
 print("
" .
 "".
 "$addedby".
 "".
 "");
 if (get_user_class() >= UC_MODERATOR)
 print("");
 print("\n");
}

if (get_user_class() >= UC_MODERATOR)
print("");

print("
TypeNameAddedRequested byFilled?Filled ByVotesDel
$arr[request]$arr[added]$filled$arr2[username]$arr[hits]
:SetChecked(1,'delreq[]')\">".
"select all
- :SetChecked(0,'delreq[]')\">un-select all".
"
\n");

echo $pagerbottom;

print("");

end_main_frame();
stdfoot();
die;
?>

ndbj 28th December 2012 03:16

missing sql for table addedrequests

rabtb 28th December 2012 03:47

Code:

CREATE TABLE IF NOT EXISTS `addedrequests` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `requestid` int(10) unsigned NOT NULL DEFAULT '0',
  `userid` int(10) unsigned NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`),
  KEY `pollid` (`id`),
  KEY `userid` (`userid`),
  KEY `requestid_userid` (`requestid`,`userid`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2031 ;


ndbj 28th December 2012 03:52

thanks

what about sql to tables offers and the viewoffers.php file?
and maybe also a reqcomment.php?

\n");
end_table();
}
end_frame();
end_main_frame();
}

function bark($msg) {
stdhead("Offer Error");
stdmsg("Error!", $msg);
 stdfoot();
 exit;
}

if ($_GET["category"]){
$categ = isset($_GET['category']) ? (int)$_GET['category'] : 0;
if(!is_valid_id($categ))
stderr("Error", "I smell a rat!");
}

if ($_GET["id"]){
$id = 0 + htmlentities($_GET["id"]);
if (ereg("^[0-9]+$", !$id))
stderr("Error", "I smell a rat!");
}

//==== add offer
if ($_GET["add_offer"]){

$add_offer = 0 + $_GET["add_offer"];
if($add_offer != '1')
stderr("Error", "I smell a rat!");

stdhead("Offer");

print("
rabtb 28th December 2012 04:31

Code:

CREATE TABLE IF NOT EXISTS `offers` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `userid` int(10) unsigned NOT NULL DEFAULT '0',
  `name` varchar(225) DEFAULT NULL,
  `descr` text NOT NULL,
  `added` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  `yeah` int(10) unsigned NOT NULL DEFAULT '0',
  `against` int(10) unsigned NOT NULL DEFAULT '0',
  `category` int(11) NOT NULL DEFAULT '0',
  `comments` int(11) NOT NULL DEFAULT '0',
  `allowed` enum('allowed','pending','denied') NOT NULL DEFAULT 'pending',
  PRIMARY KEY (`id`),
  KEY `userid` (`userid`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=6 ;

viewoffers.php
Code:


require_once("include/bittorrent.php");

dbconn(false);

loggedinorreturn();

parked();                //=== uncomment if you use the parked mod

function offcommenttable($rows)
{
      global $CURUSER, $HTTP_SERVER_VARS;
      begin_main_frame();
      begin_frame();
      $count = 0;

      foreach ($rows as $row)
      {
          //=======change colors
if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}
print("");
                begin_table(true);
                print("

#" . $row["id"] . " by: ");
  if (isset($row["username"]))
 {
 $username = $row["username"];
 $ratres = mysql_query("SELECT uploaded, downloaded from users where username='$username'");
      $rat = mysql_fetch_array($ratres);
 if ($rat["downloaded"] > 0)
{
$ratio = $rat['uploaded'] / $rat['downloaded'];
$ratio = number_format($ratio, 3);
$color = get_ratio_color($ratio);
if ($color)
$ratio = "$ratio";
}
else
if ($rat["uploaded"] > 0)
$ratio = "Inf.";
else
$ratio = "---";

  $title = $row["title"];
        if ($title == "")
  $title = get_user_class_name($row["class"]);
        else
  $title = htmlspecialchars($title);
      print("               " href=userdetails.php?id=" . $row["user"] . ">" .
              htmlspecialchars($row["username"]) . "
" . ($row["donor"] == "yes" ? "Donor" : "") . ($row["warned"] == "yes" ? "\"Warned\"" : "") . " ($title) (ratio: $ratio)\n");
 }
 else
print("(orphaned)\n");

 print(" at " . $row["added"] . " GMT     " .
        ($row["user"] == $CURUSER["id"] || get_user_class() >= UC_MODERATOR ? "[ Edit ] " : "") .
        (get_user_class() >= UC_MODERATOR ? "[ Delete ]" : "") .
        ($row["editedby"] && get_user_class() >= UC_MODERATOR ? "" : "") . "      [ Profile ] [ PM ]

\n");
 $avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($row["avatar"]) : "");
 if (!$avatar)
 $avatar = "$imgdir/pic/default_avatar.gif";

 $text = format_comment($row["text"]);
  if ($row["editedby"])
$text .= "

Edited by $row[username]  $row[editedat] GMT

\n";
print("
$text
".
"Please search torrents before adding an Offer!
".
"in if ($_GET["incldead"])
$deadchkbox .= " checked=\"checked\"";
$deadchkbox .= " /> including dead torrents\n";
print(" ".$catdropdown." ".$deadchkbox."
\n");


print("
".
"\n");

$s = "\n";
print("".
"".
"
Offers are open to all users... a great ratio boost!
Type: $s
Title Offered:".
"
Image or Photo:".
"(Link to the picture. Will be shown in description)
Description:\n");
textbbcode("compose","body","$body");
print("
\n");

//===list other offers
$res = mysql_query("SELECT users.username, offers.id, offers.userid, offers.name, offers.added, uploaded, downloaded, categories.image, categories.name as cat FROM offers inner join categories on offers.category = categories.id inner join users on offers.userid = users.id order by offers.id desc LIMIT 10") or sqlerr();
$num = mysql_num_rows($res);

print("".
"".
"\n");
for ($i = 0; $i < $num; ++$i)
{
//=======change colors
                if($count == 0)
{
$count = $count+1;
$class = "clearalt6";
}
else
{
$count = 0;
$class = "clearalt7";
}
                //=======end
 $arr = mysql_fetch_assoc($res);
 {
$addedby = "";
 }

 print("" .
 "".
  "$addedby\n");
}
print("
CategoryOfferAddedOffered By
$arr[username]
$arr[name]$arr[added]
".
"
\n");

stdfoot();
die;
}
//=== end add offer

//=== take new offer
if ($_GET["new_offer"]){

$new_offer = 0 + $_GET["new_offer"];
if($new_offer != '1')
stderr("Error", "I smell a rat!");

$userid = 0 + $CURUSER["id"];
if (ereg("^[0-9]+$", !$userid))
stderr("Error", "I smell a rat!");

$name = htmlentities($_POST["name"]);
if ($name == "")
 bark("You must enter a name!");

$cat = (0 + $_POST["type"]);
if (!is_valid_id($cat))
 bark("You must select a category to put the offer in!");

$descrmain = unesc($_POST["body"]);
if (!$descrmain)
 bark("You must enter a description!");

if (!empty($_POST['picture'])){
$picture = unesc($_POST["picture"]);
if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture))
stderr("Error", "Image MUST be in jpg, gif or png format.");
$pic = "[img]".$picture."[/img]\n";
}

$descr = "$pic";
$descr .= "$descrmain";

$res = mysql_query("SELECT name FROM offers WHERE name =".sqlesc($_POST[name])) or sqlerr();
$arr = mysql_fetch_assoc($res);
if (!$arr['name']){
 //===add karma //=== uncomment if you use the mod
//mysql_query("UPDATE users SET seedbonus = seedbonus+10.0 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);
//===end

$ret = mysql_query("INSERT INTO offers (userid, name, descr, category, added) VALUES (" .
implode(",", array_map("sqlesc", array($CURUSER["id"], $name, $descr, 0 + $_POST["type"]))) .
", '" . get_date_time() . "')");
if (!$ret) {
      if (mysql_errno() == 1062)
 bark("!!!");
      bark("mysql puked: ".mysql_error());
}
$id = mysql_insert_id();

write_log("offer $name was added by ".$CURUSER[username]);

header("Refresh: 0; url=viewoffers.php?id=$id&off_details=1");

stdhead("Success!");
}
else{
stdhead("Error!");
print("

Error!

".
"Offer allready exists! View all offers
");
}
stdfoot();
die;
}
//==end take new offer

//=== offer details
if ($_GET["off_details"]){

$off_details = 0 + $_GET["off_details"];
if($off_details != '1')
stderr("Error", "I smell a rat!");

$id = 0+$_GET["id"];

$res = mysql_query("SELECT * FROM offers WHERE id = $id") or sqlerr();
$num = mysql_fetch_array($res);

$s = $num["name"];

stdhead("Offer Details for \"$s\"");

begin_frame("Details for Offer:$s",true);
print("");
if ($num["descr"]){
$off_bb = format_comment($num["descr"]);
print("");
}
print("");
if ($num["allowed"] == "pending")
print("");
elseif ($num["allowed"] == "allowed")
print("");
else
print("");

$cres = mysql_query("SELECT username FROM users WHERE id=$num[userid]");
  if (mysql_num_rows($cres) == 1)
  {
    $carr = mysql_fetch_assoc($cres);
    $username = "$carr[username]";
  }

if ($CURUSER[id] == $num[userid] || get_user_class() >= UC_MODERATOR){
$edit = "[ Edit Offer ]";
$delete = "[ Delete Offer ]";
}

print("");

//=== if you want to have a pending thing for uploaders use this next bit
if (get_user_class() >= UC_MODERATOR && $num["allowed"] == "pending")
print("");

//if pending
if ($num["allowed"] == "pending"){
print("");
}
//===upload torrent message
if ($num["allowed"] == "allowed" && $CURUSER["id"] != $num["userid"])
print("");
if ($num["allowed"] == "allowed" && $CURUSER["id"] == $num["userid"]){
print("");
}
//=== if you DON'T want to have a pending thing for uploaders use this next bit        instead
/*
if ($CURUSER["id"] != $num["userid"]){
print("");
}
*/
$zres = mysql_query("SELECT COUNT(*) from offervotes where vote='yeah' and offerid=$id");
$arr = mysql_fetch_row($zres);
$za = $arr[0];
$pres = mysql_query("SELECT COUNT(*) from offervotes where vote='against' and offerid=$id");
$arr2 = mysql_fetch_row($pres);
$protiv = $arr2[0];
 //=== in the following section, there is a line to report comment... either remove the link or change it to work with your report script :)
/*
print("".
"
".
"$s
$off_bb
Added:$num[added]
Status:Pending
Status:Allowed
Status:Denied
Offered by:".
"$username $edit $delete
".
"
".
"
Vote:".
"For
- ".
"Against
Offer Allowed:".
"If you voted for this offer, you will be PMed when it is upped!
Offer Allowed:".
"This offer has been allowed! Please upload it as soon as possible.
Vote:".
"For
- ".
"Against
Votes".
"For: $za  Against: $protiv
Report Offer:
".
" for breaking the rules
".
"

\n");
*/
      $commentbar = "

Add Comment

\n";
      $subres = mysql_query("SELECT COUNT(*) FROM comments WHERE offer = $id");
      $subrow = mysql_fetch_array($subres);
      $count = $subrow[0];
print("
");
      if (!$count) {
print("

No comments

\n");
      }
else {
 list($pagertop, $pagerbottom, $limit) = pager(20, $count, "viewoffers.php?id=$id&off_details=1&", array(lastpagedefault => 1));

 $subres = mysql_query("SELECT comments.id, text, user, comments.added, editedby, editedat, avatar, warned, ".
                "username, title, class, donor FROM comments LEFT JOIN users ON comments.user = users.id WHERE offer = " .
                "$id ORDER BY comments.id $limit") or sqlerr(__FILE__, __LINE__);
 $allrows = array();
 while ($subrow = mysql_fetch_array($subres))
        $allrows[] = $subrow;

 print($commentbar);
 print($pagertop);

 offcommenttable($allrows);

 print($pagerbottom);
      }

print($commentbar);

stdfoot();
die;
}
//=== end offer details

//=== allow offer by staff
if ($_GET["allow_offer"]) {

if (get_user_class() < UC_MODERATOR)
stderr("Access denied!", "this is a mans job!");

$allow_offer = 0 + $_GET["allow_offer"];
if($allow_offer != '1')
stderr("Error", "I smell a rat!");

//=== to allow the offer  credit to S4NE for this next bit :)
//if ($_POST["offerid"]){
$offid = 0 + $_POST["offerid"];
if(!is_valid_id($offid))
stderr("Error", "I smell a rat!");

$res = mysql_query("SELECT users.username, offers.userid, offers.name FROM offers inner join users on offers.userid = users.id where offers.id = $offid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);

$msg = "$CURUSER[username] has allowed you to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b]. You will find a new option on the upload page.";

mysql_query ("UPDATE offers SET allowed = 'allowed' WHERE id = $offid") or sqlerr(__FILE__,__LINE__);

//===use this line if you DO HAVE subject in your PM system
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg, subject) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ", 'Your Offer has been allowed')") or sqlerr(__FILE__, __LINE__);
//===use this line if you DO NOT have subject in your PM system
mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);

write_log("$CURUSER[username] allowed offer $arr[name]");
header("Refresh: 0; url=$BASEURL/viewoffers.php?id=$offid&off_details=1");
}
//=== end allow the offer

//=== allow offer by vote
if ($_GET["finish_offer"]) {

if (get_user_class() < UC_MODERATOR)
stderr("Access denied!", "this is a mans job!");

$finish_offer = 0 + $_GET["finish_offer"];
if($finish_offer != '1')
stderr("Error", "I smell a rat!");

$offid = 0 + $_POST["finish"];
if(!is_valid_id($offid))
stderr("Error", "I smell a rat!");

$res = mysql_query("SELECT users.username, offers.userid, offers.name FROM offers inner join users on offers.userid = users.id where offers.id = $offid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);

$voteresyes = mysql_query("SELECT COUNT(*) from offervotes where vote='yeah' and offerid=$offid");
$arryes = mysql_fetch_row($voteresyes);
$yes = $arryes[0];
$voteresno = mysql_query("SELECT COUNT(*) from offervotes where vote='against' and offerid=$offid");
$arrno = mysql_fetch_row($voteresno);
$no = $arrno[0];

if($yes == '0' && $no == '0')
stderr("Sorry", "No votes yet... Back to Offer details");

if ($yes >= $no){
$msg = "Your Offer has been voted on. you are allowed to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b]. You will find a new option on the upload page.";
mysql_query ("UPDATE offers SET allowed = 'allowed' WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
}
else{
$msg = "Your Offer has been voted on. You are not allowed to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b].. Your offer will be deleted.";
mysql_query ("UPDATE offers SET allowed = 'denied' WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
}
//===use this line if you DO HAVE subject in your PM system
//mysql_query("INSERT INTO messages (poster, sender, subject, receiver, added, msg) VALUES(0, 0, 'Your offer $arr[name] has been voted on', $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
//===use this line if you DO NOT subject in your PM system
mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
write_log("$CURUSER[username] closed poll $arr[name]");

header("Refresh: 0; url=$BASEURL/viewoffers.php?id=$offid&off_details=1");
die;
}
//===end allow offer by vote

//=== edit offer

if ($_GET["edit_offer"]) {

$edit_offer = 0 + $_GET["edit_offer"];
if($edit_offer != '1')
stderr("Error", "I smell a rat!");

$id = 0 + $_GET["id"];

$res = mysql_query("SELECT *,UNIX_TIMESTAMP(added) as utadded FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

//$timezone = display_date_time($num["utadded"] , $CURUSER[tzoffset] );        //=== use this line if you have timezone mod
$timezone = get_date_time($num["utadded"]);

$s = $num["name"];
$id2 = $num["category"];

if ($CURUSER["id"] != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error!", "This is not your Offer to edit.");

$offer = sqlesc($s);
$body = htmlspecialchars(unesc($num["descr"]));
$res2 = mysql_query("SELECT name FROM categories WHERE id=$id2")or sqlerr(__FILE__, __LINE__);
$num2 = mysql_fetch_array($res2);
$name = $num2["name"];
$s2 = "\n";

stdhead("Edit Offer");

print("
".
"".
"".
"

Edit Offer ".
"\":\" $s

Title: Type: $s2
Image:".
"(Direct link to image. NO TAG NEEDED! Will be shown in description)".
"
Description:\n");
textbbcode("compose","body","$body");
print("
\n");

stdfoot();
die;
}
//=== end edit offer

//==== take offer edit
if ($_GET["take_off_edit"]){

$take_off_edit = 0 + $_GET["take_off_edit"];
if($take_off_edit != '1')
stderr("Error", "I smell a rat!");

$id = 0 + $_GET["id"];

$res = mysql_query("SELECT userid FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

if ($CURUSER[id] != $num[userid] && get_user_class() < UC_MODERATOR)
        stderr("Error", "Access denied.");

$name = htmlentities($_POST["name"]);

if (!empty($_POST['picture'])){
$picture = unesc($_POST["picture"]);
if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture))
stderr("Error", "Image MUST be in jpg, gif or png format.");
$pic = "[img]".$picture."[/img]\n";
}
$descr = "$pic";
$descr .= unesc($_POST["body"]);
if (!$descr)
  bark("You must enter a description!");
$cat = (0 + $_POST["category"]);
if (!is_valid_id($cat))
        bark("You must select a category to put the Offer in!");

$name = sqlesc($name);
$descr = sqlesc($descr);
$cat = sqlesc($cat);

mysql_query("UPDATE offers SET category=$cat, name=$name, descr=$descr where id=$id");

header("Refresh: 0; url=viewoffers.php?id=$id&off_details=1");
}
//======end take offer edit

//=== offer votes list
if ($_GET["offer_vote"]){

$offer_vote = 0 + $_GET["offer_vote"];
if($offer_vote != '1')
stderr("Error", "I smell a rat!");

$offerid = 0 + htmlentities($_GET[id]);

$res2 = mysql_query("select count(offervotes.offerid) from offervotes inner join users on offervotes.userid = users.id inner join offers on offervotes.offerid = offers.id WHERE offervotes.offerid =$offerid") or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_array($res2);
$count = $row[0];

stdhead("Voters");

$res2 = mysql_query("select name from offers where id=$offerid");
$arr2 = mysql_fetch_assoc($res2);

print("

Offer Vote Results $arr2[name]

");

$res = mysql_query("select users.id as userid,users.username, users.downloaded,users.uploaded, offers.id as offerid, offers.name from offervotes inner join users on offervotes.userid = users.id inner join offers on offervotes.offerid = offers.id WHERE offervotes.offerid =$offerid $limit") or sqlerr(__FILE__, __LINE__);

if (mysql_num_rows($res) == 0)
print("

No votes yet

\n");
else
{
$perpage = 25;

list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] ."?" );
echo $pagertop;
print("".
"\n");

while ($arr = mysql_fetch_assoc($res))
 {
//=======change colors
                if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}

$vres = mysql_query("select vote from offervotes where offerid=$offerid and userid=$arr[userid]") or sqlerr(__FILE__, __LINE__);
$vrow = mysql_fetch_array($vres);
if ($vrow[vote] == 'yeah') $vote = "yeah";
elseif ($vrow[vote] == 'against') $vote = "Against";

if ($arr["downloaded"] > 0)
{
      $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 3);
      $ratio = "$ratio";
    }
else
if ($arr["uploaded"] > 0)
$ratio = "Inf.";
else
$ratio = "---";
$uploaded =mksize($arr["uploaded"]);
$joindate = "$arr[added] (" . get_elapsed_time(sql_timestamp_to_unix_timestamp($arr["added"])) . " ago)";
$downloaded = mksize($arr["downloaded"]);
if ($arr["enabled"] == 'no')
 $enabled = "No";
else
 $enabled = "Yes";

 print("".
 "".
 "\n");
 }
 print("
UserUploadedDownloadedRatioVote
$arr[username]$uploaded$downloaded$ratio$vote
\n");
}

echo $pagerbottom;

stdfoot();
die;
}
//=== end offer votes list

//=== offer votes
if ($_GET["vote"]){

$offerid = 0 + htmlentities($_GET["id"]);

$vote = htmlentities($_GET["vote"]);
if ($vote =='yeah' || $vote =='against')
{
$userid = 0+$CURUSER["id"];
$res = mysql_query("SELECT * FROM offervotes WHERE offerid=$offerid and userid=$userid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);
$voted = $arr;

if ($voted)
stderr("You've already voted", "

You've already voted, max 1 vote per offer

Back to the offer details

");
else
{
mysql_query("UPDATE offers SET $vote = $vote + 1 WHERE id=$offerid") or sqlerr(__FILE__,__LINE__);
mysql_query("INSERT INTO offervotes (offerid, userid, vote) VALUES($offerid, $userid, '$vote')") or sqlerr(__FILE__,__LINE__);
stdhead("Vote For Offer");
print("

Vote accepted

");
print("

Your vote have been accepted

Back to the offer details

");
stdfoot();
die;
}
}
else
stderr("Error", "I smell a rat!");
}
//=== end offer votes

//=== delete offer
if ($_GET["del_offer"]){

$del_offer = 0 + $_GET["del_offer"];
if($del_offer != '1')
stderr("Error", "I smell a rat!");

$offer = 0 + $_GET["id"];

$userid = 0 + $CURUSER["id"];
if (!is_valid_id($userid))
stderr("Error", "I smell a rat!");

$res = mysql_query("SELECT * FROM offers WHERE id = $offer") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

$name = $num["name"];

if ($userid != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error", "This is not your Offer to delete!");

if ($_GET["sure"]){
$sure = $_GET["sure"];
if($sure == '0' || $sure == '1')
$sure = 0 + $_GET["sure"];
else
stderr("Error", "I smell a rat!");
}

if ($sure == 0)
stderr("Delete Offer", "You`re about to delete this offer. Click\n here, if you`re sure.");
elseif ($sure == 1){
mysql_query("DELETE FROM offers WHERE id=$offer");
mysql_query("DELETE FROM offervotes WHERE offerid=$offer");
mysql_query("DELETE FROM comments WHERE offer=$offer");

//===add karma        //=== use this if you use the karma mod
 //mysql_query("UPDATE users SET seedbonus = seedbonus-10.0 WHERE id = $num[userid]") or sqlerr(__FILE__, __LINE__);
//===end

if ($CURUSER["id"] != $num["userid"]){
  $added = sqlesc(get_date_time());
  $userid = $num["userid"];
  $msg = sqlesc("Your offer $num[name] was deleted by $CURUSER[username] on $added....");
  //=== if you do NOT have subject in your PMs use the next part
  mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
  //=== if you HAVE have subject in your PMs use the next part
  /*$subject = sqlesc("$num[name] was deleted.");
  mysql_query("INSERT INTO messages (sender, receiver, msg, added, subject) VALUES(0, $userid, $msg, $added, $subject)") or sqlerr(__FILE__, __LINE__);
  */write_log("Offer: $offer ($num[name]) was deleted by $CURUSER[username]");
  header("Refresh: 0; url=viewoffers.php");
  die;
  }
else
{
write_log("Offer: $offer ($name) was deleted by $CURUSER[username]");
header("Refresh: 0; url=viewoffers.php");
die;
}
}
else
stderr("Error", "I smell a rat!");
}
//== end  delete offer

//=== prolly not needed, but what the hell... basically stopping the page getting screwed up
if ($_GET["sort"]){
$sort = $_GET["sort"];
if($sort == 'cat' || $sort == 'name' || $sort == 'added' || $sort == 'comments' || $sort == 'yeah' || $sort == 'against')
$sort = $_GET["sort"];
else
stderr("Error", "I smell a rat!");
}
//=== end of prolly not needed, but what the hell :P

$categ = 0 + $_GET["category"];

if ($_GET["offerorid"]){
$offerorid = 0 + htmlentities($_GET["offerorid"]);
if (ereg("^[0-9]+$", !$offerorid))
stderr("Error", "I smell a rat!");
}

$search = htmlspecialchars ($_GET["search"]);
$search = " AND offers.name like ".sqlesc('%'.$search.'%');

if ($sort == "cat")
$sort = " ORDER BY cat ";
else if ($sort == "name")
$sort = " ORDER BY name";
else if ($sort == "added")
$sort = " ORDER BY added ASC";
else if ($sort == "comments")
$sort = " ORDER BY comments DESC";
else if ($sort == "yeah")
$sort = " ORDER BY yeah DESC";
else if ($sort == "against")
$sort = " ORDER BY against DESC";
else
$sort = " ORDER BY added DESC";

if ($offerorid <> NULL)
{
if (($categ <> NULL) && ($categ <> 0))
$categ = "WHERE offers.category = " . $categ . " AND offers.userid = " . $offerorid;
else
$categ = "WHERE offers.userid = " . $offerorid;
}

else if ($categ == 0)
$categ = '';
else
$categ = "WHERE offers.category = " . $categ;

$res = mysql_query("SELECT count(offers.id) FROM offers inner join categories on offers.category = categories.id inner join users on offers.userid = users.id  $categ $search") or die(mysql_error());
$row = mysql_fetch_array($res);
$count = $row[0];

$perpage = 25;

list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] ."?" . "category=" . $_GET["category"] . "&sort=" . $_GET["sort"] . "&" );

$res = mysql_query("SELECT users.downloaded, users.uploaded, users.username, offers.id, offers.userid, offers.name, offers.added, offers.yeah, offers.against, offers.allowed, categories.image, categories.name as cat FROM offers inner join categories on offers.category = categories.id inner join users on offers.userid = users.id  $categ $search $sort $limit") or sqlerr();
$num = mysql_num_rows($res);

stdhead("Offers");

begin_main_frame();

print("

".
"Offers Section

\n
".
"Add offer
- View Requests
");

print("
".
"
Search offers: ".
"
");

echo $pagertop;

print("\n");
print("".
"".
"".
"".
"".
"\n");
for ($i = 0; $i < $num; ++$i)
{
//=======change colors
                if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}
$arr = mysql_fetch_assoc($res);
if ($arr["downloaded"] > 0)
  {
    $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 2);
    $ratio = "$ratio";
  }
  else if ($arr["uploaded"] > 0)
      $ratio = "Inf.";
  else
      $ratio = "---";

$addedby = "";
$rez = mysql_query("select comments from offers where id=$arr[id]");
$comm = mysql_fetch_array($rez);
if ($comm[comments] == 0)
$comment = "0";
else
$comment = "$comm[comments]";


//==== if you want allow deny for offers use this next bit
if ($arr["allowed"] == 'allowed')
$allowed = "[ Allowed ]";
elseif ($arr["allowed"] == 'denied')
$allowed = "[ Denied ]";
else
$allowed = "[ Pending ]";
//===end

if ($arr["yeah"] == 0) $zvote = "$arr[yeah]"; else $zvote = "$arr[yeah]";
if ($arr["against"] == 0) $pvote = "$arr[against]"; else $pvote = "$arr[against]";
print("" .
"$addedby\n");
}

print("
TypeTitleAddedComm.Added byForAgainst
$arr[username] ($ratio)
$arr[name]$allowed$arr[added]$comment$zvote$pvote
\n");
echo $pagerbottom;
print("\n");
end_main_frame();
stdfoot();
die;
?>
reqcomment.php
Code:

require_once("include/bittorrent.php");
$action = $_GET["action"];
dbconn(false);
loggedinorreturn();
parked(); //=== uncomment if you use the parked mod

if ($action == "add")
{
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$reqid = 0 + $_POST["tid"];
if (!is_valid_id($reqid))
stderr("Error", "Wrong ID.");

$res = mysql_query("SELECT request FROM requests WHERE id = $reqid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "No request with that ID.");

$text = trim($_POST["body"]);
if (!$text)
stderr("Error", "Don't leave any fields blank!");

mysql_query("INSERT INTO comments (user, request, added, text, ori_text) VALUES (" .
$CURUSER["id"] . ",$reqid, '" . get_date_time() . "', " . sqlesc($text) .
"," . sqlesc($text) . ")");

$newid = mysql_insert_id();

mysql_query("UPDATE requests SET comments = comments + 1 WHERE id = $reqid");

header("Refresh: 0; url=viewrequests.php?id=$reqid&req_details=1&$newid#comm$newid");

die;
}

$reqid = 0 + $_GET["tid"];
if (!is_valid_id($reqid))
stderr("Error", "Wrong ID.");

$res = mysql_query("SELECT request FROM requests WHERE id = $reqid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Wrong ID.");

stdhead("Add comment to \"" . $arr["request"] . "\"");

print("

".
"\n");

$res = mysql_query("SELECT comments.id, text, UNIX_TIMESTAMP(comments.added) as utadded, UNIX_TIMESTAMP(editedat) as uteditedat, comments.added, username, users.id as user, users.class, users.avatar FROM comments LEFT JOIN users ON comments.user = users.id WHERE request = $reqid ORDER BY comments.id DESC LIMIT 5");
$allrows = array();
while ($row = mysql_fetch_array($res))
$allrows[] = $row;

if (count($allrows)) {
commenttable($allrows);
}
end_frame();
stdfoot();
die;
}
elseif ($action == "edit")
{
$commentid = 0 + $_GET["cid"];
if (!is_valid_id($commentid))
stderr("Error", "Wrong ID.");

$res = mysql_query("SELECT * FROM comments WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Wrong ID.");

if ($arr["user"] != $CURUSER["id"] && get_user_class() < UC_MODERATOR)
stderr("Error", "Access denied.");

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$text = $_POST["body"];

if ($text == "")
stderr("Error", "Don't leave any fields blank!");

$text = sqlesc($text);

$editedat = sqlesc(get_date_time());

mysql_query("UPDATE comments SET text=$text, editedat=$editedat, editedby=$CURUSER[id] WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);
$reqid = $arr["request"];
header("Refresh: 0; url=viewrequests.php?id=$reqid&req_details=1");

die;
}

//===edit request comment

stdhead("Edit comment");
print("

Edit comment

".
"".
"

".
"Comment on Request: " . htmlspecialchars($arr["request"]) . "
comment:".
"
\n");
textbbcode("compose","body","$body");
print("
\n");
$body = $arr['text'];
textbbcode("compose","body",htmlspecialchars(unesc($body)));
print("

\n");
//stdfoot();
die;
}
elseif ($action == "delete")
{
if (get_user_class() < UC_MODERATOR)
stderr("Error", "Access denied.");

$commentid = 0 + $_GET["cid"];

if (!is_valid_id($commentid))
stderr("Error", "Invalid ID.");

$sure = $_GET["sure"];

if (!$sure)
{
$referer = $_SERVER["HTTP_REFERER"];
stderr("Delete comment", "You`re about to delete this comment. Click\n" .
" ($referer ? "&returnto=" . urlencode($referer) : "") .
">here
, if you`re sure.");
}


$res = mysql_query("SELECT request FROM comments WHERE id=$commentid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if ($arr)
$reqid = $arr["request"];

mysql_query("DELETE FROM comments WHERE id=$commentid") or sqlerr(__FILE__,__LINE__);
if ($reqid && mysql_affected_rows() > 0)
mysql_query("UPDATE requests SET comments = comments - 1 WHERE id = $reqid");

$returnto = htmlentities($_GET["returnto"]);

if ($returnto)
header("Location: $returnto");
else
header("Location: $BASEURL/");

die;
}
elseif ($action == "vieworiginal")
{
if (get_user_class() < UC_MODERATOR)
stderr("Error", "Access denied.");

$commentid = 0 + $_GET["cid"];

if (!is_valid_id($commentid))
stderr("Error", "Invalid ID.");

$res = mysql_query("SELECT c.*, t.name FROM comments AS c JOIN requests AS t ON c.request = t.id WHERE c.id=$commentid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Invalid ID.");

stdhead("Original");
print("

Original content of comment #$commentid

\n");
print("

");
print("
\n");
echo htmlspecialchars($arr["ori_text"]);
print("
\n");

$returnto = $_SERVER["HTTP_REFERER"];

if ($returnto)
print("

(Back)

\n");

stdfoot();
die;
}
elseif ($action == "edit")
{
$commentid = 0 + $_GET["cid"];
if (!is_valid_id($commentid))
stderr("Error", "Invalid ID.");

$res = mysql_query("SELECT * FROM comments WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Invalid ID.");

if ($arr["user"] != $CURUSER["id"] && get_user_class() < UC_MODERATOR)
stderr("Error", "Permission denied.");

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$text = $_POST["text"];
$returnto = htmlentities($_POST["returnto"]);

if ($text == "")
stderr("Error", "Comment body cannot be empty!");

$text = sqlesc($text);

$editedat = sqlesc(get_date_time());

mysql_query("UPDATE comments SET text=$text, editedat=$editedat, editedby=$CURUSER[id] WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);

if ($returnto)
header("Location: $returnto");
}
}
else
stderr("Error", "Unknown action");

die;
?>


ndbj 28th December 2012 08:52

Thanks a lot.

i think this is the last thing missing, sql for table offervotes, please.

wMan 28th December 2012 13:21

nice one

rabtb 28th December 2012 16:44

Code:

CREATE TABLE IF NOT EXISTS `offervotes` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `offerid` int(10) unsigned NOT NULL DEFAULT '0',
  `userid` int(10) unsigned NOT NULL DEFAULT '0',
  `vote` enum('yeah','against') NOT NULL DEFAULT 'yeah',
  PRIMARY KEY (`id`),
  KEY `userid` (`userid`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;


ndbj 29th December 2012 07:55

Thanks a lot.
Seems to be all working good.

although, found one bug here, when open viewrequest details:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/vhosts/revanime.net/subdomains/tracker/httpdocs/viewrequests.php on line 412

any ideia of what's causing this error?


Bump: oops...

also offcomment.php is missing.


All times are GMT +2. The time now is 01:19.

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2022, vBulletin Solutions Inc.