request mod for tbv 08
hello im looking for a request mod any one help with this as ive made a 08 site and need a request mod to complate the code will post the fully mod to blist when done it as it is nearly fully mod:drink:
rabtb
27th November 2012 22:41
think i got it all anything missing lemme know
SQL
Code:
CREATE TABLE IF NOT EXISTS `requests` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`userid` int(10) unsigned NOT NULL DEFAULT '0',
`request` varchar(225) DEFAULT NULL,
`descr` text NOT NULL,
`added` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`hits` int(10) unsigned NOT NULL DEFAULT '0',
`cat` int(10) unsigned NOT NULL DEFAULT '0',
`filledby` int(10) unsigned NOT NULL DEFAULT '0',
`filledurl` varchar(70) DEFAULT NULL,
`filled` enum('yes','no') NOT NULL DEFAULT 'no',
PRIMARY KEY (`id`),
KEY `userid` (`userid`),
KEY `id_added` (`id`,`added`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1461 ;
viewrequests.php
Code:
require_once("include/bittorrent.php");
dbconn(false);
loggedinorreturn();
parked(); //=== uncomment if you use the parked mod
function bark($msg) {
stdhead("Requests Error");
stdmsg("Error!", $msg);
stdfoot();
exit;
}
if ($_GET["category"]){
$categ = isset($_GET['category']) ? (int)$_GET['category'] : 0;
if(!is_valid_id($categ))
stderr("Error", "I smell a rat!");
}
if ($_GET["requestorid"]){
$requestorid = 0 + htmlentities($_GET["requestorid"]);
if (ereg("^[0-9]+$", !$requestorid))
stderr("Error", "I smell a rat!");
}
if ($_GET["id"]){
$id = 0 + htmlentities($_GET["id"]);
if (ereg("^[0-9]+$", !$id))
stderr("Error", "I smell a rat!");
}
//==== add request
if ($_GET["add_request"]){
$add_request = 0 + $_GET["add_request"];
if($add_request != '1')
stderr("Error", "I smell a rat!");
stdhead("Requests Page");
if (get_user_class() < UC_LIGHT_WEIGHT) //=== requests for VIP and above
{
begin_frame("Sorry",true);
print("
Oups!
You must be VIP or above AND have a ratio above 1.0 to make a request. Please see the ".
"FAQ for more information on different user classes and what they can do.
" .$SITENAME." staff");
die();
}
//=== only allow users with a ratio of at least .5 who have uploaded at least 10 gigs or VIP and above
if ($CURUSER)
{
// ratio as a string
function format_ratio($up,$down, $color = True)
{
if ($down > 0)
{
$r = number_format($up / $down, 2);
if ($color)
$r = "$r";
}
else
if ($up > 0)
$r = "'Inf.'";
else
$r = "'---'";
return $r;
}
if ($CURUSER["class"] < UC_LIGHT_WEIGHT)
{
$gigsdowned = ($CURUSER["downloaded"]);
if ($gigsdowned >= 10737418240){
$gigs = $CURUSER["uploaded"] / (1024*1024*1024);
$ratio = (($CURUSER["downloaded"] > 0) ? ($CURUSER["uploaded"] / $CURUSER["downloaded"]) : 0);
}
}
//=== use this if you are using the Karma point system
/*begin_frame("Request Rules",true);
print("To make a request you must have a ratio of at least 1.0 AND have uploaded at least 10 GB.".
" A request will also cost you 5 Karma Points.... In your particular case ".
"" . $CURUSER['username'] . ", ");
*/
//=== use this if you are NOT using the Karma point system
begin_frame("Request Rules",true);
print("To make a request you must have a ratio of at least 1.0 AND have uploaded at least 10 GB. ".
"In your particular case " . $CURUSER['username'] . ", ");
//===karma //=== uncomment this bit if you are using the karma system
/*
if ($CURUSER["seedbonus"] <5.0)
print("you do not have enough Karma Points ...".
" you can not make requests.
\n");
//===end
*/
//=== if you are using the karma mod change this next line too
//elseif ($gigsupped < 10737418240)
if ($gigsupped < 10737418240)
print("you have not yet uploaded 10 GB... you can not make requests.
//=== added edit request
if ($_GET["edit_request"]) {
$edit_request = 0 + $_GET["edit_request"];
if($edit_request != '1')
stderr("Error", "I smell a rat!");
$id = 0+$_GET["id"];
$res = mysql_query("SELECT *,UNIX_TIMESTAMP(added) as utadded FROM requests WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);
//$timezone = display_date_time($num["utadded"] , $CURUSER[tzoffset] ); //=== use this line if you have timezone mod
$timezone = get_date_time($num["utadded"]);
$s = $num["request"];
$id2 = $num["cat"];
if ($CURUSER["id"] != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error!", "This is not your Request to edit.");
$request = sqlesc($s);
$body = htmlspecialchars(unesc($num["descr"]));
$res2 = mysql_query("SELECT name FROM categories WHERE id=$id2")or sqlerr(__FILE__, __LINE__);
$num2 = mysql_fetch_array($res2);
$name = $num2["name"];
$s2 = "\n";
stdhead("Edit Request");
print("
".
"
Edit Request ".
" $s
Title:
".
"
Type: $s2
".
"
Image:
".
"(Direct link to image. NO TAG NEEDED! Will be shown in description)".
"
$request = htmlentities($_POST["requesttitle"]);
if (!empty($_POST['picture'])){
$picture = unesc($_POST["picture"]);
if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture))
stderr("Error", "Image MUST be in jpg, gif or png format.");
$pic = "[img]".$picture."[/img]\n";
}
$descr = "$pic";
$descr .= unesc($_POST["body"]);
if (!$descr)
bark("You must enter a description!");
$cat = (0 + $_POST["category"]);
if (!is_valid_id($cat))
bark("You must select a category to put the request in!");
$request = sqlesc($request);
$descr = sqlesc($descr);
$cat = sqlesc($cat);
$filledby = htmlentities( 0 + $_POST["filledby"]);
$filled = $_POST["filled"];
if ($filled)
{
if (!is_valid_id($filledby))
bark("Not a valid id!");
$res = mysql_query("SELECT id FROM users WHERE id=".$filledby."");
if (mysql_num_rows($res) == 0)
bark("ID doesn't match any users, try again");
$filledurl = htmlentities($_POST['filledurl']);
if(!preg_match("#^".preg_quote("$BASEURL/details.php?id=")."([0-9]{1,6})$#", $filledurl))
stderr("Error", "Something is wrong with that url. URL must be: $BASEURL/details.php?id=(torrent id)");
if (!$filledurl)
bark("No torrent url");
mysql_query("UPDATE requests SET cat=$cat, request=$request, descr=$descr, filledby=$filledby, filled ='yes', filledurl='$filledurl' WHERE id = $id") or sqlerr(__FILE__,__LINE__);
}
else
mysql_query("UPDATE requests SET cat=$cat, filledby = 0, request=$request, descr=$descr, filled = 'no' WHERE id = $id") or sqlerr(__FILE__,__LINE__);
header("Refresh: 0; url=viewrequests.php?id=$id&req_details=1");
}
//=== end take req edit
//=== request filled
if ($_GET["req_filled"]){
$req_filled = 0 + $_GET["req_filled"];
if($req_filled != '1')
stderr("Error", "I smell a rat!");
if ($_GET["requestid"]){
$requestid = 0 + htmlentities($_GET["requestid"]);
if (ereg("^[0-9]+$", !$requestid))
stderr("Error", "I smell a rat!");
}
$filledurl = htmlentities($_POST['filledurl']);
if(!preg_match("#^".preg_quote("$BASEURL/details.php?id=")."([0-9]{1,6})$#", $filledurl))
stderr("Error", "Something is wrong with that url. URL must be: $BASEURL/details.php?id=(torrent id)");
stdhead("Request Filled");
begin_main_frame();
$res = mysql_query("SELECT users.username, requests.userid, requests.filled, requests.request FROM requests inner join users on requests.userid = users.id where requests.id = $requestid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
$res2 = mysql_query("SELECT username FROM users where id =" . $CURUSER[id]) or sqlerr(__FILE__, __LINE__);
$arr2 = mysql_fetch_assoc($res2);
if ($arr['filled']==no){
$msg = "Your request, " . $arr[request] . " has been filled by " . $arr2[username] . ". You can download your request from " . $filledurl. ". Please do not forget to leave thanks where due. If for some reason this is not what you requested, please reset your request so someone else can fill it by following this link. Do NOT follow this link unless you are sure that this does not match your request.";
mysql_query ("UPDATE requests SET filled = 'Yes', filledurl = '$filledurl', filledby = $CURUSER[id] WHERE id = $requestid") or sqlerr(__FILE__, __LINE__);
//=== remove the next query if you DON'T have subject in your PM system and use the other one
mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg, subject, location) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ", 'Request Filled', 1)") or sqlerr(__FILE__, __LINE__);
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg, location) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ", 1)") or sqlerr(__FILE__, __LINE__); //=== use this line if you don't have subject in your PM system
//===add karma uncomment if you have the karma system
//mysql_query("UPDATE users SET seedbonus = seedbonus+10.0 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);
//===end
//===notify people who voted on request thanks CoLdFuSiOn :)
//$res = mysql_query("SELECT `userid` FROM `addedrequests` WHERE `requestid` = $requestid AND userid != $arr[userid]") or sqlerr(__FILE__, __LINE__);
//$pn_msg = "The Request you voted for " . $arr[request] . " has been filled by " . $arr2[username] . ". You can download your request from " . $filledurl. ". Please do not forget to leave thanks where due.";
//$some_variable = '';
//while($row = mysql_fetch_assoc($res)) {
//=== use this if you DO have subject in your PMs
//$some_variable .= "(0, 0, 'Request " . $arr[request] . " was just uploaded', $row[userid], '" . get_date_time() . "', " . sqlesc($pn_msg) . ")";
//=== use this if you DO NOT have subject in your PMs
//$some_variable = "(0, 0, $row[userid], '" . get_date_time() . "', " . sqlesc($pn_msg) . ")";
//}
//=== use this if you DO have subject in your PMs
//mysql_query("INSERT INTO messages (poster, sender, subject, receiver, added, msg) VALUES ".$some_variable."") or sqlerr(__FILE__, __LINE__);
//=== use this if you do NOT have subject in your PMs
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES ".$some_variable."") or sqlerr(__FILE__, __LINE__);
//===end
print("
Succex!
".
"Request $requestid successfully filled with $filledurl. ".
"User $arr[username] automatically PMd. ".
"If you have made a mistake in filling in the URL or have realised that your torrent does not actually satisfy this request".
", please reset the request so someone else can fill it by clicking HERE".
" Do NOT follow this link unless you are sure there is a problem.
");
}
else
{
print("
Succex!
".
"Request $requestid successfully filled with $filledurl. User ".
"$arr[username] automatically PMed. ".
"If you have made a mistake in filling in the URL or have realised that your torrent does not actually satisfy this request".
", please reset the request so someone else can fill it by clicking HERE".
" Do NOT follow this link unless you are sure there is a problem.
$res = mysql_query("SELECT userid, filledby,filled FROM requests WHERE id =$requestid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
if (($CURUSER[id] == $arr[userid]) || (get_user_class() >= UC_MODERATOR) || ($CURUSER[id] == $arr[filledby]))
{
//===remove karma remove if not using karma system
if ($arr['filled']=='yes')
mysql_query("UPDATE users SET seedbonus = seedbonus-10.0 WHERE id = $arr[filledby]") or sqlerr(__FILE__, __LINE__);
//===end
@mysql_query("UPDATE requests SET filled='no', filledurl='', filledby='0' WHERE id =$requestid") or sqlerr(__FILE__, __LINE__);
print("
Succex!
".
"
Request $requestid successfully reset.
");
}
else{
print("
Error!
".
"Sorry, cannot reset a request when you are not the owner, staff or person filling it.
$req_vote = 0 + $_GET["req_vote"];
if($req_vote != '1')
stderr("Error", "I smell a rat!");
$requestid = 0 + $_GET["id"];
$userid = 0 + $CURUSER["id"];
if (!is_valid_id($userid))
stderr("Error", "I smell a rat!");
stdhead("Vote");
$res = mysql_query("SELECT * FROM addedrequests WHERE requestid=$requestid and userid = $userid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);
$voted = $arr;
if ($voted) {
print("
You've Already Voted
".
"
You've already voted for this request, only 1 vote for each request is allowed
");
}
else
{
mysql_query("UPDATE requests SET hits = hits + 1 WHERE id=$requestid") or sqlerr(__FILE__,__LINE__);
@mysql_query("INSERT INTO addedrequests VALUES(0, $requestid, $userid)") or sqlerr(__FILE__,__LINE__);
print("
$res = mysql_query("select users.id as userid,users.username, users.downloaded,users.uploaded, requests.id as requestid, requests.request from addedrequests inner join users on addedrequests.userid = users.id inner join requests on addedrequests.requestid = requests.id WHERE addedrequests.requestid =$requestid $limit") or sqlerr();
stdhead("Voters");
$res2 = mysql_query("select request from requests where id=$requestid");
$arr2 = mysql_fetch_assoc($res2);
//=== delete request user / staff
if ($_GET["del_req"]){
$del_req = 0 + $_GET["del_req"];
if($del_req != '1')
stderr("Error", "I smell a rat!");
$requestid = 0 + $_GET["id"];
$userid = 0 + $CURUSER["id"];
if (!is_valid_id($userid))
stderr("Error", "I smell a rat!");
$res = mysql_query("SELECT * FROM requests WHERE id = $requestid") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);
if ($userid != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error", "This is not your Request to delete!");
$sure = 0 + $_GET["sure"];
if ($sure == 0)
stderr("Delete Request", "You`re about to delete this request. Click\n here, if you`re sure.");
elseif ($sure == 1){
mysql_query("DELETE FROM requests WHERE id=$requestid") or sqlerr(__FILE__,__LINE__);
mysql_query("DELETE FROM addedrequests WHERE requestid = $requestid") or sqlerr(__FILE__,__LINE__);
mysql_query("DELETE FROM comments WHERE request=$requestid") or sqlerr(__FILE__,__LINE__);
write_log("Request: $request ($num[request]) was deleted from the Request section by $CURUSER[username]");
header("Refresh: 0; url=viewrequests.php");
}
else
stderr("Error", "I smell a rat!");
}
//===end delete request user / staff
//=== delete multi requests for staff
if ($_GET["staff_delete"]){
$staff_delete = 0 + $_GET["staff_delete"];
if($staff_delete != '1')
stderr("Error", "I smell a rat!");
if (get_user_class() >= UC_MODERATOR)
{
if (empty($_POST["delreq"]))
bark("Don't leave any fields blank.");
$do="DELETE FROM requests WHERE id IN (" . implode(", ", $_POST[delreq]) . ")";
$do2="DELETE FROM addedrequests WHERE requestid IN (" . implode(", ", $_POST[delreq]) . ")";
$do3="DELETE FROM comments WHERE request IN (" . implode(", ", $_POST[delreq]) . ")";
$res=mysql_query($do);
$res2=mysql_query($do2);
$res3=mysql_query($do3);
}
else
{
bark("You're not staff, bugger off");}
header("Refresh: 0; url=viewrequests.php");
}
// end delete multi requests
//=== prolly not needed, but what the hell... basically stopping the page getting screwed up
if ($_GET["sort"]){
$sort = $_GET["sort"];
if($sort == 'votes' || $sort == 'cat' || $sort == 'request' || $sort == 'added')
$sort = $_GET["sort"];
else
stderr("Error", "I smell a rat!");
}
if ($_GET["filter"]){
$filter = $_GET["filter"];
if($filter == 'true' || $filter == 'false')
$filter = $_GET["filter"];
else
stderr("Error", "I smell a rat!");
}
//=== end of prolly not needed, but what the hell :P
//==== for mods only to make deleting filled requests simple... yeah, I'm lazy :P
if (get_user_class() >= UC_MODERATOR)
print(" - Only Filled");
print("
Look in the Offers Section before you make a Request
");
$search = htmlspecialchars ($_GET["search"]);
$search = " AND requests.request like ".sqlesc('%'.$search.'%');
if ($sort == "votes")
$sort = " ORDER BY hits DESC";
elseif ($sort == "cat")
$sort = " ORDER BY cat ";
else if ($sort == "request")
$sort = " ORDER BY request ";
else if ($sort == "added")
$sort = " ORDER BY added ASC";
else
$sort = " ORDER BY added DESC";
if ($filter == "true")
$filter = " AND requests.filledby = '0' ";
elseif ($filter == "false")
$filter = " AND requests.filled = 'yes' ";
else
$filter = "";
$new_offer = 0 + $_GET["new_offer"];
if($new_offer != '1')
stderr("Error", "I smell a rat!");
$userid = 0 + $CURUSER["id"];
if (ereg("^[0-9]+$", !$userid))
stderr("Error", "I smell a rat!");
$name = htmlentities($_POST["name"]);
if ($name == "")
bark("You must enter a name!");
$cat = (0 + $_POST["type"]);
if (!is_valid_id($cat))
bark("You must select a category to put the offer in!");
$descrmain = unesc($_POST["body"]);
if (!$descrmain)
bark("You must enter a description!");
if (!empty($_POST['picture'])){
$picture = unesc($_POST["picture"]);
if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture))
stderr("Error", "Image MUST be in jpg, gif or png format.");
$pic = "[img]".$picture."[/img]\n";
}
$descr = "$pic";
$descr .= "$descrmain";
$res = mysql_query("SELECT name FROM offers WHERE name =".sqlesc($_POST[name])) or sqlerr();
$arr = mysql_fetch_assoc($res);
if (!$arr['name']){
//===add karma //=== uncomment if you use the mod
//mysql_query("UPDATE users SET seedbonus = seedbonus+10.0 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);
//===end
//=== if you want to have a pending thing for uploaders use this next bit
if (get_user_class() >= UC_MODERATOR && $num["allowed"] == "pending")
print("
".
"
".
"
");
//if pending
if ($num["allowed"] == "pending"){
print("
");
}
*/
$zres = mysql_query("SELECT COUNT(*) from offervotes where vote='yeah' and offerid=$id");
$arr = mysql_fetch_row($zres);
$za = $arr[0];
$pres = mysql_query("SELECT COUNT(*) from offervotes where vote='against' and offerid=$id");
$arr2 = mysql_fetch_row($pres);
$protiv = $arr2[0];
//=== in the following section, there is a line to report comment... either remove the link or change it to work with your report script :)
/*
print("
$subres = mysql_query("SELECT comments.id, text, user, comments.added, editedby, editedat, avatar, warned, ".
"username, title, class, donor FROM comments LEFT JOIN users ON comments.user = users.id WHERE offer = " .
"$id ORDER BY comments.id $limit") or sqlerr(__FILE__, __LINE__);
$allrows = array();
while ($subrow = mysql_fetch_array($subres))
$allrows[] = $subrow;
print($commentbar);
print($pagertop);
offcommenttable($allrows);
print($pagerbottom);
}
print($commentbar);
stdfoot();
die;
}
//=== end offer details
//=== allow offer by staff
if ($_GET["allow_offer"]) {
if (get_user_class() < UC_MODERATOR)
stderr("Access denied!", "this is a mans job!");
$allow_offer = 0 + $_GET["allow_offer"];
if($allow_offer != '1')
stderr("Error", "I smell a rat!");
//=== to allow the offer credit to S4NE for this next bit :)
//if ($_POST["offerid"]){
$offid = 0 + $_POST["offerid"];
if(!is_valid_id($offid))
stderr("Error", "I smell a rat!");
$res = mysql_query("SELECT users.username, offers.userid, offers.name FROM offers inner join users on offers.userid = users.id where offers.id = $offid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);
$msg = "$CURUSER[username] has allowed you to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b]. You will find a new option on the upload page.";
mysql_query ("UPDATE offers SET allowed = 'allowed' WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
//===use this line if you DO HAVE subject in your PM system
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg, subject) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ", 'Your Offer has been allowed')") or sqlerr(__FILE__, __LINE__);
//===use this line if you DO NOT have subject in your PM system
mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
write_log("$CURUSER[username] allowed offer $arr[name]");
header("Refresh: 0; url=$BASEURL/viewoffers.php?id=$offid&off_details=1");
}
//=== end allow the offer
//=== allow offer by vote
if ($_GET["finish_offer"]) {
if (get_user_class() < UC_MODERATOR)
stderr("Access denied!", "this is a mans job!");
$finish_offer = 0 + $_GET["finish_offer"];
if($finish_offer != '1')
stderr("Error", "I smell a rat!");
$offid = 0 + $_POST["finish"];
if(!is_valid_id($offid))
stderr("Error", "I smell a rat!");
$res = mysql_query("SELECT users.username, offers.userid, offers.name FROM offers inner join users on offers.userid = users.id where offers.id = $offid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);
$voteresyes = mysql_query("SELECT COUNT(*) from offervotes where vote='yeah' and offerid=$offid");
$arryes = mysql_fetch_row($voteresyes);
$yes = $arryes[0];
$voteresno = mysql_query("SELECT COUNT(*) from offervotes where vote='against' and offerid=$offid");
$arrno = mysql_fetch_row($voteresno);
$no = $arrno[0];
if($yes == '0' && $no == '0')
stderr("Sorry", "No votes yet... Back to Offer details");
if ($yes >= $no){
$msg = "Your Offer has been voted on. you are allowed to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b]. You will find a new option on the upload page.";
mysql_query ("UPDATE offers SET allowed = 'allowed' WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
}
else{
$msg = "Your Offer has been voted on. You are not allowed to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b].. Your offer will be deleted.";
mysql_query ("UPDATE offers SET allowed = 'denied' WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
}
//===use this line if you DO HAVE subject in your PM system
//mysql_query("INSERT INTO messages (poster, sender, subject, receiver, added, msg) VALUES(0, 0, 'Your offer $arr[name] has been voted on', $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
//===use this line if you DO NOT subject in your PM system
mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
write_log("$CURUSER[username] closed poll $arr[name]");
header("Refresh: 0; url=$BASEURL/viewoffers.php?id=$offid&off_details=1");
die;
}
//===end allow offer by vote
//=== edit offer
if ($_GET["edit_offer"]) {
$edit_offer = 0 + $_GET["edit_offer"];
if($edit_offer != '1')
stderr("Error", "I smell a rat!");
$id = 0 + $_GET["id"];
$res = mysql_query("SELECT *,UNIX_TIMESTAMP(added) as utadded FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);
//$timezone = display_date_time($num["utadded"] , $CURUSER[tzoffset] ); //=== use this line if you have timezone mod
$timezone = get_date_time($num["utadded"]);
$s = $num["name"];
$id2 = $num["category"];
if ($CURUSER["id"] != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error!", "This is not your Offer to edit.");
$offer = sqlesc($s);
$body = htmlspecialchars(unesc($num["descr"]));
$res2 = mysql_query("SELECT name FROM categories WHERE id=$id2")or sqlerr(__FILE__, __LINE__);
$num2 = mysql_fetch_array($res2);
$name = $num2["name"];
$s2 = "\n";
stdhead("Edit Offer");
print("
".
"
Edit Offer ".
" $s
Title:
".
"
Type: $s2
".
"
Image:
".
"(Direct link to image. NO TAG NEEDED! Will be shown in description)".
"
if (!empty($_POST['picture'])){
$picture = unesc($_POST["picture"]);
if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture))
stderr("Error", "Image MUST be in jpg, gif or png format.");
$pic = "[img]".$picture."[/img]\n";
}
$descr = "$pic";
$descr .= unesc($_POST["body"]);
if (!$descr)
bark("You must enter a description!");
$cat = (0 + $_POST["category"]);
if (!is_valid_id($cat))
bark("You must select a category to put the Offer in!");
$res = mysql_query("select users.id as userid,users.username, users.downloaded,users.uploaded, offers.id as offerid, offers.name from offervotes inner join users on offervotes.userid = users.id inner join offers on offervotes.offerid = offers.id WHERE offervotes.offerid =$offerid $limit") or sqlerr(__FILE__, __LINE__);
");
else
{
mysql_query("UPDATE offers SET $vote = $vote + 1 WHERE id=$offerid") or sqlerr(__FILE__,__LINE__);
mysql_query("INSERT INTO offervotes (offerid, userid, vote) VALUES($offerid, $userid, '$vote')") or sqlerr(__FILE__,__LINE__);
stdhead("Vote For Offer");
print("
");
stdfoot();
die;
}
}
else
stderr("Error", "I smell a rat!");
}
//=== end offer votes
//=== delete offer
if ($_GET["del_offer"]){
$del_offer = 0 + $_GET["del_offer"];
if($del_offer != '1')
stderr("Error", "I smell a rat!");
$offer = 0 + $_GET["id"];
$userid = 0 + $CURUSER["id"];
if (!is_valid_id($userid))
stderr("Error", "I smell a rat!");
$res = mysql_query("SELECT * FROM offers WHERE id = $offer") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);
$name = $num["name"];
if ($userid != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error", "This is not your Offer to delete!");
if ($_GET["sure"]){
$sure = $_GET["sure"];
if($sure == '0' || $sure == '1')
$sure = 0 + $_GET["sure"];
else
stderr("Error", "I smell a rat!");
}
if ($sure == 0)
stderr("Delete Offer", "You`re about to delete this offer. Click\n here, if you`re sure.");
elseif ($sure == 1){
mysql_query("DELETE FROM offers WHERE id=$offer");
mysql_query("DELETE FROM offervotes WHERE offerid=$offer");
mysql_query("DELETE FROM comments WHERE offer=$offer");
//===add karma //=== use this if you use the karma mod
//mysql_query("UPDATE users SET seedbonus = seedbonus-10.0 WHERE id = $num[userid]") or sqlerr(__FILE__, __LINE__);
//===end
if ($CURUSER["id"] != $num["userid"]){
$added = sqlesc(get_date_time());
$userid = $num["userid"];
$msg = sqlesc("Your offer $num[name] was deleted by $CURUSER[username] on $added....");
//=== if you do NOT have subject in your PMs use the next part
mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
//=== if you HAVE have subject in your PMs use the next part
/*$subject = sqlesc("$num[name] was deleted.");
mysql_query("INSERT INTO messages (sender, receiver, msg, added, subject) VALUES(0, $userid, $msg, $added, $subject)") or sqlerr(__FILE__, __LINE__);
*/write_log("Offer: $offer ($num[name]) was deleted by $CURUSER[username]");
header("Refresh: 0; url=viewoffers.php");
die;
}
else
{
write_log("Offer: $offer ($name) was deleted by $CURUSER[username]");
header("Refresh: 0; url=viewoffers.php");
die;
}
}
else
stderr("Error", "I smell a rat!");
}
//== end delete offer
//=== prolly not needed, but what the hell... basically stopping the page getting screwed up
if ($_GET["sort"]){
$sort = $_GET["sort"];
if($sort == 'cat' || $sort == 'name' || $sort == 'added' || $sort == 'comments' || $sort == 'yeah' || $sort == 'against')
$sort = $_GET["sort"];
else
stderr("Error", "I smell a rat!");
}
//=== end of prolly not needed, but what the hell :P
$categ = 0 + $_GET["category"];
if ($_GET["offerorid"]){
$offerorid = 0 + htmlentities($_GET["offerorid"]);
if (ereg("^[0-9]+$", !$offerorid))
stderr("Error", "I smell a rat!");
}
$search = htmlspecialchars ($_GET["search"]);
$search = " AND offers.name like ".sqlesc('%'.$search.'%');
if ($sort == "cat")
$sort = " ORDER BY cat ";
else if ($sort == "name")
$sort = " ORDER BY name";
else if ($sort == "added")
$sort = " ORDER BY added ASC";
else if ($sort == "comments")
$sort = " ORDER BY comments DESC";
else if ($sort == "yeah")
$sort = " ORDER BY yeah DESC";
else if ($sort == "against")
$sort = " ORDER BY against DESC";
else
$sort = " ORDER BY added DESC";
";
$rez = mysql_query("select comments from offers where id=$arr[id]");
$comm = mysql_fetch_array($rez);
if ($comm[comments] == 0)
$comment = "0";
else
$comment = "$comm[comments]";
//==== if you want allow deny for offers use this next bit
if ($arr["allowed"] == 'allowed')
$allowed = "[ Allowed ]";
elseif ($arr["allowed"] == 'denied')
$allowed = "[ Denied ]";
else
$allowed = "[ Pending ]";
//===end
require_once("include/bittorrent.php");
$action = $_GET["action"];
dbconn(false);
loggedinorreturn();
parked(); //=== uncomment if you use the parked mod
if ($action == "add")
{
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$reqid = 0 + $_POST["tid"];
if (!is_valid_id($reqid))
stderr("Error", "Wrong ID.");
$res = mysql_query("SELECT request FROM requests WHERE id = $reqid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "No request with that ID.");
$text = trim($_POST["body"]);
if (!$text)
stderr("Error", "Don't leave any fields blank!");
$reqid = 0 + $_GET["tid"];
if (!is_valid_id($reqid))
stderr("Error", "Wrong ID.");
$res = mysql_query("SELECT request FROM requests WHERE id = $reqid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Wrong ID.");
stdhead("Add comment to \"" . $arr["request"] . "\"");
print("
".
"
".
"Comment on Request: " . htmlspecialchars($arr["request"]) . "
$res = mysql_query("SELECT comments.id, text, UNIX_TIMESTAMP(comments.added) as utadded, UNIX_TIMESTAMP(editedat) as uteditedat, comments.added, username, users.id as user, users.class, users.avatar FROM comments LEFT JOIN users ON comments.user = users.id WHERE request = $reqid ORDER BY comments.id DESC LIMIT 5");
$allrows = array();
while ($row = mysql_fetch_array($res))
$allrows[] = $row;
$res = mysql_query("SELECT * FROM comments WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Wrong ID.");
if (!is_valid_id($commentid))
stderr("Error", "Invalid ID.");
$sure = $_GET["sure"];
if (!$sure)
{
$referer = $_SERVER["HTTP_REFERER"];
stderr("Delete comment", "You`re about to delete this comment. Click\n" .
"
($referer ? "&returnto=" . urlencode($referer) : "") .
">here, if you`re sure.");
}
$res = mysql_query("SELECT request FROM comments WHERE id=$commentid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if ($arr)
$reqid = $arr["request"];
mysql_query("DELETE FROM comments WHERE id=$commentid") or sqlerr(__FILE__,__LINE__);
if ($reqid && mysql_affected_rows() > 0)
mysql_query("UPDATE requests SET comments = comments - 1 WHERE id = $reqid");
$returnto = htmlentities($_GET["returnto"]);
if ($returnto)
header("Location: $returnto");
else
header("Location: $BASEURL/");
if (!is_valid_id($commentid))
stderr("Error", "Invalid ID.");
$res = mysql_query("SELECT c.*, t.name FROM comments AS c JOIN requests AS t ON c.request = t.id WHERE c.id=$commentid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Invalid ID.");
$res = mysql_query("SELECT * FROM comments WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Invalid ID.");
if ($text == "")
stderr("Error", "Comment body cannot be empty!");
$text = sqlesc($text);
$editedat = sqlesc(get_date_time());
mysql_query("UPDATE comments SET text=$text, editedat=$editedat, editedby=$CURUSER[id] WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);
if ($returnto)
header("Location: $returnto");
}
}
else
stderr("Error", "Unknown action");
die;
?>
ndbj
28th December 2012 08:52
Thanks a lot.
i think this is the last thing missing, sql for table offervotes, please.
wMan
28th December 2012 13:21
nice one
rabtb
28th December 2012 16:44
Code:
CREATE TABLE IF NOT EXISTS `offervotes` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`offerid` int(10) unsigned NOT NULL DEFAULT '0',
`userid` int(10) unsigned NOT NULL DEFAULT '0',
`vote` enum('yeah','against') NOT NULL DEFAULT 'yeah',
PRIMARY KEY (`id`),
KEY `userid` (`userid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;
ndbj
29th December 2012 07:55
Thanks a lot.
Seems to be all working good.
although, found one bug here, when open viewrequest details:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/vhosts/revanime.net/subdomains/tracker/httpdocs/viewrequests.php on line 412
any ideia of what's causing this error?
Bump: oops...
also offcomment.php is missing.
rabtb
3rd January 2013 21:17
offcomment.php
Code:
require_once("include/bittorrent.php");
$action = $_GET["action"];
dbconn(false);
loggedinorreturn();
parked(); //=== uncomment if you use the parked mod
if ($action == "add")
{
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$offid = 0 + $_POST["tid"];
if (!is_valid_id($offid))
stderr("Error", "Wrong ID");
$res = mysql_query("SELECT name FROM offers WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "No offer with that ID");
$text = trim($_POST["body"]);
if (!$text)
stderr("Error", "Don't leave any fields blank!");
$offid = 0 + $_GET["tid"];
if (!is_valid_id($offid))
stderr("Error", "Wrong ID.");
$res = mysql_query("SELECT name FROM offers WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Wrong ID.");
stdhead("Add comment to \"" . $arr["name"] . "\"");
print("
".
"
Comment on Offer: ".
"" . htmlspecialchars($arr["name"]) . "
$res = mysql_query("SELECT comments.id, text, UNIX_TIMESTAMP(comments.added) as utadded, UNIX_TIMESTAMP(editedat) as uteditedat, comments.added, username, users.id as user, users.class, users.avatar FROM comments LEFT JOIN users ON comments.user = users.id WHERE offer = $offid ORDER BY comments.id DESC LIMIT 5");
$allrows = array();
while ($row = mysql_fetch_array($res))
$allrows[] = $row;
$res = mysql_query("SELECT * FROM comments WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Wrong ID");
if ($arr["user"] != $CURUSER["id"] && get_user_class() < UC_MODERATOR)
stderr("Error", "this is not your comment to edit.");
$commentid = 0 + $_GET["cid"];
if (!is_valid_id($commentid))
stderr("Error", "Invalid ID");
$sure = $_GET["sure"];
if (!$sure)
{
$referer = $_SERVER["HTTP_REFERER"];
stderr("Delete comment", "You`re about to delete this comment. Click\n" .
"
($referer ? "&returnto=" . urlencode($referer) : "") .
">here, if you`re sure.");
}
$res = mysql_query("SELECT offer FROM comments WHERE id=$commentid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if ($arr)
$offid = $arr["offer"];
mysql_query("DELETE FROM comments WHERE id=$commentid") or sqlerr(__FILE__,__LINE__);
if ($offid && mysql_affected_rows() > 0)
mysql_query("UPDATE offers SET comments = comments - 1 WHERE id = $offid");
if (!is_valid_id($commentid))
stderr("Error", "Invalid ID");
$res = mysql_query("SELECT c.*, t.name FROM comments AS c JOIN offers AS t ON c.offer = t.id WHERE c.id=$commentid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Invalid ID");
die;
?>
not sure about error will look over code and see if can figure out
ndbj
4th January 2013 03:52
Thanks for the offcomment.php
and nevermind the error i posted before, i managed to debug the script and correct it.
Bump: @ rabtb: cheers!
Does the torrenttable in your browse.php have the same way to sort like your viewrequests.php, with this code? if ($sort == "votes") $sort = " ORDER BY hits DESC"; elseif ($sort == "cat") $sort = " ORDER BY cat "; else if ($sort == "request") $sort = " ORDER BY request "; else if ($sort == "added") $sort = " ORDER BY added ASC"; else $sort = " ORDER BY added DESC"; list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] ."?" . "category=" . $_GET[category] . "&sort=" . $_GET["sort"] . "&" ); print("
"); $res = mysql_query("SELECT users.downloaded, users.uploaded, users.username, requests.filled, requests.filledby, requests.id, requests.userid, requests.request, requests.added, requests.hits, requests.filledurl, categories.image, categories.name as cat FROM requests inner join categories on requests.cat = categories.id inner join users on requests.userid = users.id $categ $filter $search $sort $limit") or sqlerr(__FILE__, __LINE__); $num = mysql_num_rows($res); print("