PHP Code:
<?
require_once("include/benc.php");
require_once("include/bittorrent.php");
ini_set("upload_max_filesize",$max_torrent_size);
function bark($msg) {
genbark($msg, "Upload failed!");
}
dbconn();
security_staff();
if ($CURUSER["class"] > 15)
{
stdhead();
stdmsg("FUCK OFF...", "STOP CHEATING MOTHER FUCKER");
stdfoot();
exit;
}
loggedinorreturn();
maxsysop();
parked();
if (get_user_class() < UC_VIP) {
$uploadpos = $CURUSER['uploadpos'];
} else {
$uploadpos = "yes";
}
if ($uploadpos == 'no' && get_user_class() < UC_VIP)
die;
foreach(explode(":","descr:type:name") as $v) {
if (!isset($_POST[$v]))
bark("missing form data");
}
if (!empty($_POST['poster']))
$poster = unesc($_POST['poster']);
if (!empty($_POST['url']))
$url = unesc($_POST['url']);
if (!isset($_FILES["file"]))
bark("missing form data");
$f = $_FILES["file"];
$fname = unesc($f["name"]);
if (empty($fname))
bark("Empty filename!");
$nfofile = $_FILES['nfo'];
if ($nfofile['name'] == '')
bark("No NFO!");
if ($nfofile['size'] == 0)
bark("0-byte NFO");
if ($nfofile['size'] > 565535)
bark("NFO is too big! Max 65,535 bytes.");
$nfofilename = $nfofile['tmp_name'];
if (@!is_uploaded_file($nfofilename))
bark("NFO upload failed");
$descr = unesc($_POST["descr"]);
if (!$descr)
bark("You must enter a description!");
if($_POST['strip'] == 'strip')
{
include 'include/strip.php';
$descr = preg_replace("/[^\\x20-\\x7e\\x0a\\x0d]/", " ", $descr);
strip($descr);
}
if (!empty($_POST['x2']))
$x2 = unesc($_POST['x2']);
if (!empty($_POST['free']))
$free = unesc($_POST['free']);
if (!empty($_POST['extern']))
$extern = unesc($_POST['extern']);
if (!empty($_POST['seedb']))
$seedb = unesc($_POST['seedb']);
if (!empty($_POST['sticky']))
$sticky = unesc($_POST['sticky']);
$request = ($_POST["request"] != "no" ? "yes" : "no");
$catid = (0 + $_POST["type"]);
if (!is_valid_id($catid))
bark("You must select a category to put the torrent in!");
if (!validfilename($fname))
bark("Invalid filename!");
if (!preg_match('/^(.+)\.torrent$/si', $fname, $matches))
bark("Invalid filename (not a .torrent).");
$shortfname = $torrent = $matches[1];
if (!empty($_POST["name"]))
$torrent = unesc($_POST["name"]);
$tmpname = $f["tmp_name"];
if (!is_uploaded_file($tmpname))
bark("eek");
if (!filesize($tmpname))
bark("Empty file!");
$dict = bdec_file($tmpname, $max_torrent_size);
if (!isset($dict))
bark("What the hell did you upload? This is not a bencoded file!");
function dict_check($d, $s) {
if ($d["type"] != "dictionary")
bark("not a dictionary");
$a = explode(":", $s);
$dd = $d["value"];
$ret = array();
foreach ($a as $k) {
unset($t);
if (preg_match('/^(.*)\((.*)\)$/', $k, $m)) {
$k = $m[1];
$t = $m[2];
}
if (!isset($dd[$k]))
bark("dictionary is missing key(s)");
if (isset($t)) {
if ($dd[$k]["type"] != $t)
bark("invalid entry in dictionary");
$ret[] = $dd[$k]["value"];
}
else
$ret[] = $dd[$k];
}
return $ret;
}
function dict_get($d, $k, $t) {
if ($d["type"] != "dictionary")
bark("not a dictionary");
$dd = $d["value"];
if (!isset($dd[$k]))
return;
$v = $dd[$k];
if ($v["type"] != $t)
bark("invalid dictionary entry type");
return $v["value"];
}
list($ann, $info) = dict_check($dict, "announce(string):info");
list($dname, $plen, $pieces) = dict_check($info, "name(string):piece length(integer):pieces(string)");
//$passkey=$announce_urls[0].'?passkey='.$CURUSER['passkey'];
//if ($passkey != $ann)
//bark("invalid announce url! must be <b>" . $passkey . "</b>");
$external=!in_array($ann, $announce_urls, 1);
if (strlen($pieces) % 20 != 0)
bark("invalid pieces");
$filelist = array();
$totallen = dict_get($info, "length", "integer");
if (isset($totallen)) {
$filelist[] = array($dname, $totallen);
$type = "single";
}
else {
$flist = dict_get($info, "files", "list");
if (!isset($flist))
bark("missing both length and files");
if (!count($flist))
bark("no files");
$totallen = 0;
foreach ($flist as $fn) {
list($ll, $ff) = dict_check($fn, "length(integer):path(list)");
$totallen += $ll;
$ffa = array();
foreach ($ff as $ffe) {
if ($ffe["type"] != "string")
bark("filename error");
$ffa[] = $ffe["value"];
}
if (!count($ffa))
bark("filename error");
$ffe = implode("/", $ffa);
$filelist[] = array($ffe, $ll);
if ($ffe == 'Thumbs.db')
{
stderr("Error","The torrent can't contain files named Thumbs.db!");
die;
}
}
$type = "multi";
}
//$dict['value']['announce']=bdec(benc_str( $announce_urls[0])); // change announce url to local
//$dict['value']['info']['value']['private']=bdec('i1e'); // add private tracker flag
//$dict['value']['info']['value']['source']=bdec(benc_str( "[$DEFAULTBASEURL] $SITENAME")); // add link for bitcomet users
unset($dict['value']['announce-list']); // remove multi-tracker capability
unset($dict['value']['nodes']); // remove cached peers (Bitcomet & Azareus)
unset($dict['value']['info']['value']['crc32']); // remove crc32
unset($dict['value']['info']['value']['ed2k']); // remove ed2k
unset($dict['value']['info']['value']['md5sum']); // remove md5sum
unset($dict['value']['info']['value']['sha1']); // remove sha1
unset($dict['value']['info']['value']['tiger']); // remove tiger
unset($dict['value']['azureus_properties']); // remove azureus properties
$dict=bdec(benc($dict)); // double up on the becoding solves the occassional misgenerated infohash
$dict['value']['comment']=bdec(benc_str( "Torrent created for '$SITENAME' tracker")); // change torrent comment
$dict['value']['created by']=bdec(benc_str( "$CURUSER[username]")); // change created by
$dict['value']['publisher']=bdec(benc_str( "$CURUSER[username]")); // change publisher
$dict['value']['publisher.utf-8']=bdec(benc_str( "$CURUSER[username]")); // change publisher.utf-8
$dict['value']['publisher-url']=bdec(benc_str( "$DEFAULTBASEURL/userdetails.php?id=$CURUSER[id]")); // change publisher-url
$dict['value']['publisher-url.utf-8']=bdec(benc_str( "$DEFAULTBASEURL/userdetails.php?id=$CURUSER[id]")); // change publisher-url.utf-8
list($ann, $info) = dict_check($dict, "announce(string):info");
$infohash = pack("H*", sha1($info["string"]));
//------------------------------------------------DHT TORRENTS by Axxel--------------------------------------------------
if($external && $extorr == "yes")
bark("$takeupld_r");
$external =($external!=null) ? sqlesc(substr($ann,0,strrpos($ann,'announce')). 'scrape'. substr($ann,strrpos($ann,'announce')+9) .'?info_hash=' . urlencode($infohash)):null;
if(preg_match('/passkey/',$external))
$external =($external!=null) ? sqlesc(substr($ann,0,strrpos($ann,'announce')). 'scrape.'. substr($ann,strrpos($ann,'announce')+9) .'&info_hash=' . urlencode($infohash)):'';
elseif(preg_match('/php/',$external))
$external =($external!=null) ? sqlesc(substr($ann,0,strrpos($ann,'announce')). 'scrape.'. substr($ann,strrpos($ann,'announce')+9) .'?info_hash=' . urlencode($infohash)):'';
elseif(!$external)
$external = false;
else
$external =($external!=null) ? sqlesc(substr($ann,0,strrpos($ann,'announce')). 'scrape'. substr($ann,strrpos($ann,'announce')+9) .'?info_hash=' . urlencode($infohash)):'';
// Replace punctuation characters with spaces
// $fname = str_replace(".torrent", "", $fname);
// $fname = $fname."-[PeerSpy].torrent";
//------------------------------------------------DHT TORRENTS end-------------------------------------------------------
// Replace punctuation characters with spaces
$torrent = str_replace("_", " ", $torrent);
$torrent = str_replace(" ", ".", $torrent);
$torrent = str_replace(".-", "-", $torrent);
$torrent = str_replace("-.", "-", $torrent);
$torrent = str_replace(".-.", "-", $torrent);
$torrent = str_replace("--", "-", $torrent);
$torrent = str_replace(":", ".", $torrent);
$torrent = str_replace(":.", ".", $torrent);
$torrent = str_replace(".:", ".", $torrent);
$torrent = str_replace(".:.", ".", $torrent);
$torrent = str_replace("..", ".", $torrent);
// Replace .torrent .rar .avi .exe .zip ... characters with spaces
$torrent = str_replace(".torrent", " ", $torrent);
$torrent = str_replace(".rar", " ", $torrent);
$torrent = str_replace(".avi", " ", $torrent);
$torrent = str_replace(".mpeg", " ", $torrent);
$torrent = str_replace(".exe", " ", $torrent);
$torrent = str_replace(".zip", " ", $torrent);
$torrent = str_replace(".wmv", " ", $torrent);
$torrent = str_replace(".iso", " ", $torrent);
$torrent = str_replace(".bin", " ", $torrent);
$torrent = str_replace(".txt", " ", $torrent);
$torrent = str_replace(".nfo", " ", $torrent);
$torrent = str_replace(".7z", " ", $torrent);
$torrent = str_replace(".mp3", " ", $torrent);
$nfo = sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", @file_get_contents($nfofilename)));
$smalldescr = $_POST["description"];
if($extern)
$ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, request, info_hash, name, size, numfiles, type, url, descr, x2, extern, seedb, free, ori_descr, description, category, save_as, added, last_action, external, nfo, poster) VALUES (" .
implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "no", $request, $infohash, $torrent, $totallen, count($filelist), $type, $url, $descr, $x2, $extern, $seedb, $free, $descr, $smalldescr, 0 + $_POST["type"], $dname))) .
", '" . get_date_time() . "', '" . get_date_time() . "', $external, $nfo, '".$poster."')");
else
$ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, request, info_hash, name, size, numfiles, type, url, descr, x2, extern, seedb, sticky, free, ori_descr, description, category, save_as, added, last_action, nfo, poster) VALUES (" .
implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "no", $request, $infohash, $torrent, $totallen, count($filelist), $type, $url, $descr, $x2, $extern, $seedb, $sticky, $free, $descr, $smalldescr, 0 + $_POST["type"], $dname))) .
", '" . get_date_time() . "', '" . get_date_time() . "', $nfo, '".$poster."')");
if (!$ret) {
if (mysql_errno() == 1062)
bark("torrent already uploaded!");
bark("mysql puked: ".mysql_error());
}
$id = mysql_insert_id();
@mysql_query("DELETE FROM files WHERE torrent = $id");
foreach ($filelist as $file) {
@mysql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")");
}
$fp = fopen("$torrent_dir/$id.torrent", "w");
if ($fp)
{
@fwrite($fp, benc($dict), strlen(benc($dict)));
fclose($fp);
}
//write_log("Torrent $id ($torrent) was uploaded by " . $CURUSER["username"]);
write_log("Torrent: <b>$torrent</b> | ID: <b>$id</b> | Was <b>uploaded</b>. by $CURUSER[username].");
/* RSS feeds */
/*
if (($fd1 = @fopen("rss.xml", "w")) && ($fd2 = fopen("rssdd.xml", "w")))
{
$cats = "";
$res = mysql_query("SELECT id, name FROM categories");
while ($arr = mysql_fetch_assoc($res))
$cats[$arr["id"]] = $arr["name"];
$s = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n<rss version=\"2.0\">\n<channel>\n" .
"<title>$DEFAULTBASEURL</title>\n<description>Newest tracker torrents</description>\n<link>$DEFAULTBASEURL/</link>\n";
@fwrite($fd1, $s);
@fwrite($fd2, $s);
$r = mysql_query("SELECT id,name,descr,filename,category FROM torrents ORDER BY added DESC LIMIT 15") or sqlerr(__FILE__, __LINE__);
while ($a = mysql_fetch_assoc($r))
{
$cat = $cats[$a["category"]];
$s = "<item>\n<title>" . htmlspecialchars($a["name"] . " ($cat)") . "</title>\n" .
"<description>" . htmlspecialchars($a["descr"]) . "</description>\n";
@fwrite($fd1, $s);
@fwrite($fd2, $s);
@fwrite($fd1, "<link>$DEFAULTBASEURL/details.php?id=$a[id]&hit=1</link>\n</item>\n");
$filename = htmlspecialchars($a["filename"]);
@fwrite($fd2, "<link>$DEFAULTBASEURL/download.php/$a[id]/$filename</link>\n</item>\n");
}
$s = "</channel>\n</rss>\n";
@fwrite($fd1, $s);
@fwrite($fd2, $s);
@fclose($fd1);
@fclose($fd2);
}
*/
/* Email notifs */
/*******************
$res = mysql_query("SELECT name FROM categories WHERE id=$catid") or sqlerr();
$arr = mysql_fetch_assoc($res);
$cat = $arr["name"];
$res = mysql_query("SELECT email FROM users WHERE enabled='yes' AND notifs LIKE '%[cat$catid]%'") or sqlerr();
$uploader = $CURUSER['username'];
$size = mksize($totallen);
$description = ($html ? strip_tags($descr) : $descr);
$body = <<<EOD
A new torrent has been uploaded.
Name: $torrent
Size: $size
Category: $cat
Uploaded by: $uploader
Description
-------------------------------------------------------------------------------
$description
-------------------------------------------------------------------------------
You can use the URL below to download the torrent (you may have to login).
$DEFAULTBASEURL/details.php?id=$id&hit=1
--
$SITENAME
EOD;
$to = "";
$nmax = 100; // Max recipients per message
$nthis = 0;
$ntotal = 0;
$total = mysql_num_rows($res);
while ($arr = mysql_fetch_row($res))
{
if ($nthis == 0)
$to = $arr[0];
else
$to .= "," . $arr[0];
++$nthis;
++$ntotal;
if ($nthis == $nmax || $ntotal == $total)
{
if (!mail("Multiple recipients <$SITEEMAIL>", "New torrent - $torrent", $body,
"From: $SITEEMAIL\r\nBcc: $to", "-f$SITEEMAIL"))
stderr("Error", "Your torrent has been been uploaded. DO NOT RELOAD THE PAGE!\n" .
"There was however a problem delivering the e-mail notifcations.\n" .
"Please let an administrator know about this error!\n");
$nthis = 0;
}
}
*******************/
$text = "[b]New torrent![/b] [url=$BASEURL/details.php?id=$id]".htmlspecialchars($torrent)."[/url] [color=lime][b]was just uploaded by[/b] [/color][url=$BASEURL/userdetails.php?id=". $CURUSER['id'] ."] " .$CURUSER['username']."[/URL]";
$userid = "10001";
$date=time();
mysql_query("INSERT INTO shoutbox (id, userid, date, text) VALUES ('id'," . sqlesc($userid) . ", $date, " . sqlesc($text) . ")") or sqlerr(__FILE__, __LINE__);
header("Location: $BASEURL/details.php?id=$id&uploaded=1");