Thread: Yuna Scatari v2.0 PRE7 RC0 & RC1
View Single Post
  #73  
Old 22nd March 2008, 09:24
Nilsons Nilsons is offline
Senior Member
  
Join Date: Dec 2007
Latvia
Posts: 40
Post Re: Yuna Scatari v2.0 PRE7 RC0
[code]<?

/*
// +--------------------------------------------------------------------------+
// | Project: TBDevYSE - TBDev Yuna Scatari Edition |
// +--------------------------------------------------------------------------+
// | This file is part of TBDevYSE. TBDevYSE is based on TBDev, |
// | originally by RedBeard of TorrentBits, extensively modified by |
// | Gartenzwerg. |
// | |
// | TBDevYSE is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation; either version 2 of the License, or |
// | (at your option) any later version. |
// | |
// | TBDevYSE is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with TBDevYSE; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
// +--------------------------------------------------------------------------+
// | Do not remove above lines! |
// +--------------------------------------------------------------------------+
*/

require "include/bittorrent.php";

dbconn(false);

loggedinorreturn();

if ($_SERVER['REQUEST_METHOD'] == 'POST')
$action = $_POST["action"];
else
$action = $_GET["action"];

/ / get the post removal offer
if ($_POST["deloffer"])
{
if (get_user_class() < UC_MODERATOR)
stderr($tracker_lang['error'],"You have no rights to delete");
if (isset($_POST["deloffer"]))
{
sql_query("DELETE FROM ".TABLE_OFFERS." WHERE id = ".sqlesc($_POST["deloffer"])) or sqlerr(__FILE__, __LINE__);
sql_query("DELETE FROM ".TABLE_OFFERVOTES." WHERE offerid = ".sqlesc($_POST["deloffer"])) or sqlerr(__FILE__, __LINE__);
sql_query("DELETE FROM ".TABLE_COMMENTS." WHERE offer = ".sqlesc($_POST["deloffer"])) or sqlerr(__FILE__, __LINE__);
sql_query("DELETE FROM ".TABLE_CHECKCOMM." WHERE checkid =".sqlesc($_POST["deloffer"])." AND offer = 1") or sqlerr(__FILE__, __LINE__);
stderr($tracker_lang['success'],"Deleted!

Return to<a href=viewoffers.php>offers</a></p>");
}
else
stderr($tracker_lang['error'],"Unable to delete

Return to <a href=viewoffers.php>offers</a></p>");
}

/ / edit offer
if ($action == 'edit') {
if ($_SERVER['REQUEST_METHOD']=='POST') {
$id = 0 + $_POST["id"];
$name = htmlspecialchars($_POST["offertitle"]);
$descr = $_POST["msg"];
$cat = 0 + $_POST["category"];
$name = sqlesc($name);
$descr = sqlesc($descr);
$cat = sqlesc($cat);
sql_query("UPDATE ".TABLE_OFFERS." SET category=$cat, name=$name, descr=$descr WHERE id=$id");
header("Location: offers.php?id=$id");
}
$id = 0 + $_GET["id"];
if (!$id)
die();
$res = sql_query("SELECT * FROM ".TABLE_OFFERS." WHERE id = $id");
$row = mysql_fetch_array($res);
if ($CURUSER["id"] != $row["userid"]){
if (get_user_class() < UC_MODERATOR)
stderr("Error!", "You are not authorized to edit this");
}
stdhead("Edit offer \"" . $row["name"] . "\"");
if (!$row)
die();
print("<form method=post name=form action=offers.php>\n");
print("<table border=1 width=560 cellspacing=0 cellpadding=5>\n");
print("<tr><td class=colhead align=left colspan=2>Edit Offer\"" . $row["name"] . "\"</td><tr>\n");
print("<tr><td align=left>?Name:
<input type=text size=80 name=offertitle value=\"" . $row["name"] . "\"></td>");
$s = "<select name=\"category\">\n";
$cats = genrelist();
foreach ($cats as $subrow) {
$s .= "<option value=\"" . $subrow["id"] . "\"";
if ($subrow["id"] == $row["category"])
$s .= " selected=\"selected\"";
$s .= ">" . htmlspecialchars($subrow["name"]) . "</option>\n";
}
$s .= "</select>\n";
print("<td align=right>Category:
$s</tr></td>
\n<tr><td align=center colspan=2>

Description:
");
textbbcode("form","msg",unesc(htmlspecialchars($ro w["descr"])));
print("<input type=\"hidden\" name=\"id\" value=\"$id\">\n");
print("<tr><td align=center colspan=2><input type=submit value=\"Edit!\">\n");
print ("<input type=hidden name=action value=edit>");
print("</form>\n");
//delete
print("<form method=post action=offers.php><input type=hidden name=deloffer value=$id><input type=submit value=Delete></form>");
print("</table>\n");
stdfoot();
die;
}

/ / browse voted for the offer
if ($action == 'vote')
{
$offerid = 0 + $_GET["voteid"];
$userid = $CURUSER["id"];
$res = sql_query("SELECT * FROM offervotes WHERE offerid=$offerid and userid=$userid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
$voted = $arr;
stdhead("Vote");
if ($voted)
{
stdmsg($tracker_lang['error'], "

you have already voted for the offer, you can vote only once for one offer</p>

Back to the <a href=viewoffers.php>Offers</a></p>");
stdfoot();
die;
}
else
{
sql_query("UPDATE ".TABLE_OFFERS." SET `votes` = `votes` + 1 WHERE id=$offerid") or sqlerr(__FILE__, __LINE__);
@sql_query("INSERT INTO ".TABLE_OFFERVOTES." (offerid, userid) VALUES($offerid, $userid)") or sqlerr(__FILE__, __LINE__);
stdmsg("Your vote was added", "

Your vote was added</p>

Back to <a href=viewoffers.php>Offers</a></p>");
stdfoot();
die;
}
}


/ / create a new offer
if ($action == 'new') {
if ($_SERVER['REQUEST_METHOD']=='POST') {
if (get_user_class() < UC_UPLOADER)
die;
$name = htmlspecialchars($_POST["name"]);
$descrmain = unesc($_POST["msg"]);
$descr = "$descrmain";
$catid = (0 + $_POST["type"]);
if (!is_valid_id($catid))
stderr($tracker_lang['error'],"You have not chosen a category!");
if (!$name)
stderr($tracker_lang['error'],"You have not chosen a name!");
if (!$descr)
stderr($tracker_lang['error'],You did not enter a description!");
// Replace punctuation characters with spaces
$ret = sql_query("INSERT INTO ".TABLE_OFFERS." (userid, name, descr, category, added) VALUES (" .
implode(",", array_map("sqlesc", array($CURUSER["id"], $name, $descr, 0 + $_POST["type"]))) .
", '" . TIMENOW . "')");
if (!$ret) {
if (mysql_errno() == 1062)
stderr($tracker_lang['error'],"!!!");
stderr($tracker_lang['error'],"mysql puked: ".mysql_error());
}
$id = mysql_insert_id();
header("Location: offers.php?id=$id");
}

stdhead("Offer");
if (get_user_class() < UC_UPLOADER)
{
stdmsg($tracker_lang['error'], "You can not create offers.", 'error');
stdfoot();
exit;
}
echo ("<form action=\"offers.php\" name=\"form\" method=\"post\">");
echo ("<table border=\"1\" cellspacing=\"0\" cellpadding=\"5\" width=560>");
echo ("<tr><td class=colhead align=left colspan=2>Offer</td><tr>\n");
echo ("<tr><td align=left>Name:
<input type=\"text\" name=\"name\" size=\"80\" /></td>");
$s = "<select name=\"type\">\n<option value=\"0\">(Select)</option>\n";
$cats = genrelist();
foreach ($cats as $row)
$s .= "<option value=\"" . $row["id"] . "\">" . htmlspecialchars($row["name"]) . "</option>\n";
$s .= "</select>\n";
echo ("<td align=right>Category:
$s</tr></td>\n<tr><td align=center colspan=2>

Description:
");
textbbcode("form","msg",htmlspecialchars(unesc($ar r["texxt"])));
echo ("</td></tr>");
echo ("<input type=hidden name=action value=new>");
echo ("<tr><td align=\"center\" colspan=\"2\"><input type=\"submit\" class=btn value=\"Create\"></td></tr>");
echo ("</table>");
echo ("</form>");
stdfoot();
die;
}


/ / body, viewing suggestions
$id = 0 + $_GET["id"];

$res = sql_query("SELECT * FROM `".TABLE_OFFERS."` WHERE `id` = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);
if (mysql_num_rows($res) == 0)
stderr ($tracker_lang['error'],"Invalid Offer ID");

$s = $num["votes"];

stdhead("Offer Details\"" . $num["name"] . "\"");

print("<table width=\"500\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\">\n");
print("<tr><td class=\"colhead\" colspan=\"2\">Offer details \"$num[name]\"</td></tr>");
print("<tr><td align=left>Name</td><td width=90% align=left >$num[name]</td></tr>");
if ($num["descr"])
?><tr><td align=left>Description</td><td width=90% align=left colspan=2><?=format_comment($num["descr"])?></td></tr><?

print("<tr><td align=left>Added</td><td width=90% align=left >$num[added]</td></tr>");

$cres = sql_query("SELECT username FROM ".TABLE_USERS." WHERE id=" . $num["userid"]);
if (mysql_num_rows($cres) == 1)
{
$carr = mysql_fetch_assoc($cres);
$username = $carr["username"];
}

$url = "offers.php?action=edit&id=$id";
if (isset($_GET["returnto"]))
{
$addthis = "&returnto=" . urlencode($_GET["returnto"]);
$url .= $addthis;
$keepget .= $addthis;
}
$editlink = "a href=\"$url\" class=\"sublink\"";
print("<tr><td align=left>Offers</td><td width=90% align=left> <a href=\"userdetails.php?id=".$num["userid"]."\">$username</a>
The Following User Says Thank You to Nilsons For This Useful Post:
x517530 (1st January 2009)