PHP Code:
<?
require "include/bittorrent.php";
dbconn(false);
loggedinorreturn();
function puke($text = "You have forgotten here someting?") {
global $tracker_lang;
newerr($tracker_lang['error'], $text);
}
function barf($text = "User removed") {
global $tracker_lang;
newerr($tracker_lang['success'], $text);
}
if (get_user_class() < UC_MODERATOR)
puke($tracker_lang['access_denied']);
$action = $_POST["action"];
if ($action == "edituser") {
$userid = $_POST["userid"];
$title = $_POST["title"];
$avatar = $_POST["avatar"];
// Check remote avatar size
if ($avatar) {
if (!preg_match('#^((http)|(ftp):\/\/[a-zA-Z0-9\-]+?\.([a-zA-Z0-9\-]+\.)+[a-zA-Z]+(:[0-9]+)*\/.*?\.(gif|jpg|jpeg|png)$)#is', $avatar))
newerr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']);
if(!(list($width, $height) = getimagesize($avatar)))
newerr($tracker_lang['error'], $tracker_lang['avatar_adress_invalid']);
if ($width > $avatar_max_width || $height > $avatar_max_height)
newerr($tracker_lang['error'], sprintf($tracker_lang['avatar_is_too_big'], $avatar_max_width, $avatar_max_height));
}
// Check remote avatar size
$resetb = $_POST["resetb"];
$birthday = ($resetb=='yes'?", birthday = '0000-00-00'":"");
$enabled = $_POST["enabled"];
$warned = $_POST["warned"];
$warnlength = 0 + $_POST["warnlength"];
$warnpm = $_POST["warnpm"];
$donor = $_POST["donor"];
$uploadtoadd = $_POST["amountup"];
$downloadtoadd= $_POST["amountdown"];
$formatup = $_POST["formatup"];
$formatdown = $_POST["formatdown"];
$mpup = $_POST["upchange"];
$mpdown = $_POST["downchange"];
$support = $_POST["support"];
$supportfor = htmlspecialchars($_POST["supportfor"]);
$modcomm = htmlspecialchars($_POST["modcomm"]);
$deluser = $_POST["deluser"];
$class = 0 + $_POST["class"];
if (!is_valid_id($userid) || !is_valid_user_class($class))
newerr($tracker_lang['error'], "Invalid user ID or class.");
// check target user class
$res = sql_query("SELECT warned, warnedtimes, enabled, username, class, modcomment, uploaded, downloaded FROM ".TABLE_USERS." WHERE id = $userid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or puke("Error MySQL: " . mysql_error());
$curenabled = $arr["enabled"];
$curclass = $arr["class"];
$curwarned = $arr["warned"];
$warnedtimes = $arr["warnedtimes"];
if (get_user_class() == UC_SYSOP)
$modcomment = $_POST["modcomment"];
else
$modcomment = $arr["modcomment"];
$chatpost = $_POST["chatpost"];
$updateset[] = "chatpost = " . sqlesc($chatpost);
// User may not edit someone with same or higher class than himself!
if ($curclass >= get_user_class() || $class >= get_user_class())
puke('You cant not edit somewith higher class then yourself!... [Logged]');
if($uploadtoadd > 0) {
if ($mpup == "plus")
$newupload = $arr["uploaded"] + ($formatup == mb ? ($uploadtoadd * 1048576) : ($uploadtoadd * 1073741824));
else
$newupload = $arr["uploaded"] - ($formatup == mb ? ($uploadtoadd * 1048576) : ($uploadtoadd * 1073741824));
if ($newupload < 0)
newerr($tracker_lang['error'], "You want to take away the users upload ammount more than he has!");
$updateset[] = "uploaded = $newupload";
$modcomment = date("Y-m-d") . " - User $CURUSER[username] ".($mpup == "plus" ? "added " : "subtracted ").$uploadtoadd.($formatup == mb ? " MB" : " GB")." to deal.\n". $modcomment;
}
if($downloadtoadd > 0) {
if ($mpdown == "plus")
$newdownload = $arr["downloaded"] + ($formatdown == mb ? ($downloadtoadd * 1048576) : ($downloadtoadd * 1073741824));
else
$newdownload = $arr["downloaded"] - ($formatdown == mb ? ($downloadtoadd * 1048576) : ($downloadtoadd * 1073741824));
if ($newdownload < 0)
newerr($tracker_lang['error'], "You want to take away the users download ammount more than he has!");
$updateset[] = "downloaded = $newdownload";
$modcomment = date("Y-m-d") . " - User $CURUSER[username] ".($mpdown == "plus" ? "added " : "subtracted ").$downloadtoadd.($formatdown == mb ? " MB" : " GB")." to deal.\n". $modcomment;
}
if ($curclass != $class) {
// Notify user
$what = ($class > $curclass ? "promoted" : "demoted");
$msg = sqlesc("what you were up to \"" . get_user_class_name($class) . "\" user $CURUSER[username].");
$added = TIMENOW;
$subject = sqlesc("what you were");
sql_query("INSERT INTO messages (sender, receiver, msg, added, subject) VALUES(0, $userid, $msg, $added, $subject)") or sqlerr(__FILE__, __LINE__);
$updateset[] = "class = $class";
$what = ($class > $curclass ? "Promoted" : "Demoted");
$modcomment = date("Y-m-d") . " - $what to class \"" . get_user_class_name($class) . "\" user $CURUSER[username].\n". $modcomment;
}
if ($warned && $curwarned != $warned) {
$updateset[] = "warned = " . sqlesc($warned);
$updateset[] = "warneduntil = '0'";
$subject = sqlesc("Your warning shot");
if ($warned == 'no')
{
$modcomment = date("Y-m-d") . " - Withdrew user warning " . $CURUSER['username'] . ".\n". $modcomment;
$msg = sqlesc("You widthrew users warning " . $CURUSER['username'] . ".");
}
$added = TIMENOW;
sql_query("INSERT INTO ".TABLE_MESSAGES." (sender, receiver, msg, added, subject) VALUES (0, $userid, $msg, $added, $subject)") or sqlerr(__FILE__, __LINE__);
} elseif ($warnlength) {
if (strlen($warnpm) == 0)
newerr($tracker_lang['error'], "You need to specify the reason to give a warning!");
if ($warnlength == 255) {
$modcomment = date("Y-m-d") . " - Warned User " . $CURUSER['username'] . ".\Reason: $warnpm\n" . $modcomment;
$msg = sqlesc("You have been Warning by $CURUSER[username]" . ($warnpm ? "\n\Reason: $warnpm" : ""));
$updateset[] = "warneduntil = '0'";
} else {
$warneduntil = get_date_time(gmtime() + $warnlength * 604800);
$dur = $warnlength . " week" . ($warnlength > 1 ? "s" : "");
$msg = sqlesc("You have been warned for $dur by " . $CURUSER['username'] . "." . ($warnpm ? "\n\nReason: $warnpm" : ""));
$modcomment = gmdate("Y-m-d") . " - Warned for $dur by " . $CURUSER['username'] . ".\nReason: $warnpm.\n". $modcomment;
$updateset[] = "warneduntil = '$warneduntil'";
}
$added = TIMENOW;
$subject = sqlesc("You got a warning");
sql_query("INSERT INTO ".TABLE_MESSAGES." (sender, receiver, msg, added, subject) VALUES (0, $userid, $msg, $added, $subject)") or sqlerr(__FILE__, __LINE__);
$updateset[] = "warned = 'yes'";
$updateset[] = "warnedtimes = warnedtimes + 1";
$to_ban = ( $warnedtimes >= $maxwarns ? 1 : 0 );
}
if ($enabled != $curenabled) {
$modifier = (int) $CURUSER['id'];
if ($enabled == 'yes') {
$nowdate = TIMENOW;
if (!isset($_POST["enareason"]) || empty($_POST["enareason"]))
puke("Enter the reason why you enabled the user!");
$enareason = htmlspecialchars($_POST["enareason"]);
$modcomment = date("Y-m-d") . " - Enabled By " . $CURUSER['username'] . ".\Reason: $enareason\n" . $modcomment;
} else {
$date = TIMENOW;
$dateline = TIMENOW;
if (!isset($_POST["disreason"]) || empty($_POST["disreason"]))
puke("Enter the reason why you disabled the user!");
$disreason = htmlspecialchars($_POST["disreason"]);
$modcomment = date("Y-m-d") . " - Disabled by " . $CURUSER['username'] . ".\Reason: $disreason\n" . $modcomment;
}
}
}
$updateset[] = "enabled = " . sqlesc($enabled);
if ($to_ban) {
$updateset[] = "enabled = 'no'";
$modcomment = date("Y-m-d") . " - Disabled by System because achieving maximum warnings..\n" . $modcomment;
}
$updateset[] = "donor = " . sqlesc($donor);
$updateset[] = "supportfor = " . sqlesc($supportfor);
$updateset[] = "support = " . sqlesc($support);
$updateset[] = "avatar = " . sqlesc($avatar);
$updateset[] = "title = " . sqlesc($title);
if (!empty($modcomm))
$modcomment = date("Y-m-d") . " - A note from $CURUSER[username]: $modcomm\n" . $modcomment;
$updateset[] = "modcomment = " . sqlesc($modcomment);
if ($_POST['resetkey']) {
$passkey = md5($CURUSER['username'].TIMENOW.$CURUSER['passhash']);
$updateset[] = "passkey = " . sqlesc($passkey);
}
sql_query("UPDATE users SET " . implode(", ", $updateset) . " $birthday WHERE id = $userid") or sqlerr(__FILE__, __LINE__);
if (!empty($_POST["deluser"])) {
$res=@sql_query("SELECT * FROM users WHERE id = $userid") or sqlerr(__FILE__, __LINE__);
$user = mysql_fetch_array($res);
$username = $user["username"];
$email=$user["email"];
sql_query("DELETE FROM ".TABLE_USERS." WHERE id = $userid") or sqlerr(__FILE__, __LINE__);
sql_query("DELETE FROM ".TABLE_MESSAGES." WHERE receiver = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_FRIENDS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_FRIENDS." WHERE friendid = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_BLOCKS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_BLOCKS." WHERE blockid = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_BOOKMARKS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_INVITES." WHERE inviter = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_PEERS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_READTORRENTS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_SIMPATY." WHERE fromuserid = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_ADDEDREQUESTS." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_CHECKCOMM." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_OFFERVOTES." WHERE userid = $userid") or sqlerr(__FILE__,__LINE__);
sql_query("DELETE FROM ".TABLE_SESSIONS." WHERE uid = $userid") or sqlerr(__FILE__,__LINE__);
$deluserid=$CURUSER["username"];
write_log("User $username has been removed $deluserid");
barf();
} else {
$returnto = htmlentities($_POST["returnto"]);
header("Refresh: 0; url=$DEFAULTBASEURL/$returnto");
die;
}
} elseif ($action == "confirmuser") {
$userid = $_POST["userid"];
$confirm = $_POST["confirm"];
if (!is_valid_id($userid))
newerr($tracker_lang['error'], $tracker_lang['invalid_id']);
$updateset[] = "status = " . sqlesc($confirm);
$updateset[] = "last_login = ".TIMENOW;
$updateset[] = "last_access = ".TIMENOW;
//print("UPDATE users SET " . implode(", ", $updateset) . " WHERE id=$userid");
sql_query("UPDATE users SET " . implode(", ", $updateset) . " WHERE id = $userid") or sqlerr(__FILE__, __LINE__);
$returnto = htmlentities($_POST["returnto"]);
header("Location: $DEFAULTBASEURL/$returnto");
} elseif ($_GET["action"] == "warn") {
$id = 0 + $_GET["id"];
if ($CURUSER["id"] == $id)
newerr($tracker_lang['error'], $tracker_lang['invalid_id']);
$user = mysql_fetch_array(sql_query("SELECT warnedtimes FROM ".TABLE_USERS." WHERE id = $id"));
if (!is_valid_id($id) || !$user)
newerr($tracker_lang['error'], $tracker_lang['invalid_id']);
$updateset = array();
$warn_type = ($_GET['warn'] == 'plus' ? 1 : 0);
if ($warn_type)
newerr($tracker_lang['error'], 'Please use lower panel for issuing warnings to the user.');
if ($user["warnedtimes"] == 0)
newerr($tracker_lang['error'],"This user has no warnings!");
$modcomment = sqlesc(date("Y-m-d") . " - 1 warning removed from {$CURUSER["username"]}.\n");
$updateset[] = "modcomment = CONCAT($modcomment, modcomment)";
$updateset[] = "warned = 'no'";
$updateset[] = "warneduntil = '0'";
$updateset[] = "warnedtimes = warnedtimes - 1";
sql_query("UPDATE ".TABLE_USERS." SET ".implode(", ", $updateset)." WHERE id = $id") or sqlerr(__FILE__,__LINE__);
header("Refresh: 1; userdetails.php?id=$id");
stdhead("Success");
stdmsg("Success", "One warning was successfully removed.");
stdfoot();
die;
}
puke();
?>