i think takeedit.php is the problem, but i can't see the error
Code:
<?
require_once("include/bittorrent.php");
function bark($msg) {
genbark($msg, "Edit failed!");
}
if (!mkglobal("id:name:descr:type"))
bark("missing form data");
$id = 0 + $id;
if (!$id)
die();
dbconn();
security_staff();
if ($CURUSER["class"] > 15)
{
stdhead();
stdmsg("FUCK OFF...", "STOP CHEATING MOTHER FUCKER");
stdfoot();
exit;
}
loggedinorreturn();
maxsysop();
$res = mysql_query("SELECT owner, filename, save_as FROM torrents WHERE id = $id");
$row = mysql_fetch_array($res);
if (!$row)
die();
if ($CURUSER["id"] != $row["owner"] && get_user_class() < UC_MODERATOR)
bark("You're not the owner! How did that happen?\n");
$updateset = array();
$fname = $row["filename"];
preg_match('/^(.+)\.torrent$/si', $fname, $matches);
$shortfname = $matches[1];
$smalldescr = $_POST["description"];
$dname = $row["save_as"];
if (!empty($_POST['url']))
$url = $_POST['url'];
if (!empty($_POST['poster']))
$poster = unesc($_POST['poster']);
$nuked = $_POST["nuked"];
$nfoaction = $_POST['nfoaction'];
if ($nfoaction == "update")
{
$nfofile = $_FILES['nfo'];
if (!$nfofile) die("No data " . var_dump($_FILES));
if ($nfofile['size'] > 65535)
bark("NFO is too big! Max 65,535 bytes.");
$nfofilename = $nfofile['tmp_name'];
if (@is_uploaded_file($nfofilename) && @filesize($nfofilename) > 0)
$updateset[] = "nfo = " . sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", file_get_contents($nfofilename)));
}
else
if ($nfoaction == "remove")
$updateset[] = "nfo = ''";
$updateset[] = "name = " . sqlesc($name);
$updateset[] = "description = " . sqlesc($smalldescr);
$updateset[] = "request = '" . ($_POST["request"] == "no" ? "no" : "yes") . "'";
$updateset[] = "search_text = " . sqlesc(searchfield("$shortfname $dname $torrent"));
$updateset[] = "descr = " . sqlesc($descr);
$updateset[] = "url = " . sqlesc($url);
$updateset[] = "ori_descr = " . sqlesc($descr);
$updateset[] = "category = " . (0 + $type);
if (get_user_class()>= UC_ADMINISTRATOR) {
if ($_POST["banned"]) {
$updateset[] = "banned = 'yes'";
$_POST["visible"] = 0;
}
else
$updateset[] = "banned = 'no'";
}
if ((isset($_POST['allow_comments'])) && (($allow_comments = $_POST['allow_comments']) != $row['allow_comments'])) {
if (get_user_class()>= UC_ADMINISTRATOR)
$updateset[] = "allow_comments = " . sqlesc($allow_comments);
} else
$updateset[] = "allow_comments = 'yes'";
if ($_POST['seedb'] == "yes")
$updateset[] = "seedb = 'yes'";
else
$updateset[] = "seedb = 'no'";
if (get_user_class()>= UC_MASTER_MODERATOR)
$updateset[] = "sticky = '" . ($_POST["sticky"] ? "yes" : "no") . "'";
$updateset[] = "visible = '" . ($_POST["visible"] ? "yes" : "no") . "'";
if (get_user_class()>= UC_ADMINISTRATOR)
$updateset[] = "free = '" . ($_POST["free"] ? "yes" : "no") . "'";
$updateset[] = "x2 = '" . ($_POST["x2"] ? "yes" : "no") . "'";
//$updateset[] = "free = '".($_POST["free"]==1 ? 'yes' : 'no')."'";
$updateset[] = "poster = " . sqlesc($poster);
$updateset[] = "nuked = " . sqlesc($nuked);
mysql_query("UPDATE torrents SET " . join(",", $updateset) . " WHERE id = $id");
//write_log("Torrent $id ($name) was edited by $CURUSER[username]");
write_log("Torrent: <b>$name</b> | ID: <b>$id</b> | Was <b>edited</b>. by $CURUSER[username].");
$returl = "details.php?id=$id&edited=1";
if (isset($_POST["returnto"]))
$returl .= "&returnto=" . urlencode($_POST["returnto"]);
header("Refresh: 0; url=$returl");
?>