Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > TBDev > Mods & Themes
Reply
  #1  
Old 22nd November 2012, 02:53
wMan's Avatar
wMan wMan is offline
Banned
 
Join Date: Feb 2008
P2P
Posts: 1,433
Thumbs up request mod for tbv 08
request mod for tbv 08
hello im looking for a request mod any one help with this as ive made a 08 site and need a request mod to complate the code will post the fully mod to blist when done it as it is nearly fully mod
Reply With Quote
  #2  
Old 27th November 2012, 22:41
rabtb's Avatar
rabtb rabtb is offline
Senior Member
 
Join Date: Aug 2008
Posts: 39
Default
think i got it all anything missing lemme know

SQL
Code:
CREATE TABLE IF NOT EXISTS `requests` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `userid` int(10) unsigned NOT NULL DEFAULT '0',
  `request` varchar(225) DEFAULT NULL,
  `descr` text NOT NULL,
  `added` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  `hits` int(10) unsigned NOT NULL DEFAULT '0',
  `cat` int(10) unsigned NOT NULL DEFAULT '0',
  `filledby` int(10) unsigned NOT NULL DEFAULT '0',
  `filledurl` varchar(70) DEFAULT NULL,
  `filled` enum('yes','no') NOT NULL DEFAULT 'no',
  PRIMARY KEY (`id`),
  KEY `userid` (`userid`),
  KEY `id_added` (`id`,`added`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1461 ;
viewrequests.php

Code:
<?php

require_once("include/bittorrent.php");

dbconn(false);

loggedinorreturn();

parked();                 //=== uncomment if you use the parked mod

function bark($msg) {
stdhead("Requests Error");
stdmsg("Error!", $msg);
 stdfoot();
 exit;
}

if ($_GET["category"]){
$categ = isset($_GET['category']) ? (int)$_GET['category'] : 0;
if(!is_valid_id($categ))
stderr("Error", "I smell a rat!");
}

if ($_GET["requestorid"]){
$requestorid = 0 + htmlentities($_GET["requestorid"]);
if (ereg("^[0-9]+$", !$requestorid))
stderr("Error", "I smell a rat!");
}

if ($_GET["id"]){
$id = 0 + htmlentities($_GET["id"]);
if (ereg("^[0-9]+$", !$id))
stderr("Error", "I smell a rat!");
}

//==== add request
if ($_GET["add_request"]){

$add_request = 0 + $_GET["add_request"];
if($add_request != '1')
stderr("Error", "I smell a rat!");

stdhead("Requests Page");

if (get_user_class() < UC_LIGHT_WEIGHT)         //=== requests for VIP and above
{
begin_frame("Sorry",true);
 print("<h1>Oups!</h1><p>You must be VIP or above <b>AND</b> have a ratio above <b>1.0</b> to make a request.<br><br> Please see the ".
 "<a href=faq.php><b>FAQ</b></a> for more information on different user classes and what they can do.<br><br><b></p>" .$SITENAME." staff</b>");
die();
}

//=== only allow users with a ratio of at least .5 who have uploaded at least 10 gigs or VIP and above
if ($CURUSER)
{
  // ratio as a string
        function format_ratio($up,$down, $color = True)
        {
                if ($down > 0)
                {
                        $r = number_format($up / $down, 2);
            if ($color)
                                $r = "<font color=".get_ratio_color($r).">$r</font>";
                }
                else
                        if ($up > 0)
                          $r = "'Inf.'";
                  else
                          $r = "'---'";
                return $r;
        }

        if ($CURUSER["class"] < UC_LIGHT_WEIGHT)
        {
        $gigsdowned = ($CURUSER["downloaded"]);
        if ($gigsdowned >= 10737418240){
          $gigs = $CURUSER["uploaded"] / (1024*1024*1024);
          $ratio = (($CURUSER["downloaded"] > 0) ? ($CURUSER["uploaded"] / $CURUSER["downloaded"]) : 0);
          }
        }
//=== use this if you are using the Karma point system
/*begin_frame("Request Rules",true);
         print("To make a request you must have a ratio of at least<b> 1.0</b> AND have uploaded at least <b>10 GB</b>.<br>".
        " A request will also cost you <b><a class=altlink href=mybonus.php>5 Karma Points</a></b>....<br><br> In your particular case ".
        "<a class=altlink href=userdetails.php?id=" . $CURUSER['id'] . ">" . $CURUSER['username'] . "</a>, ");
*/
//=== use this if you are NOT using the Karma point system
begin_frame("Request Rules",true);
         print("To make a request you must have a ratio of at least<b> 1.0</b> AND have uploaded at least <b>10 GB</b>.<br><br> ".
        "In your particular case <a class=altlink href=userdetails.php?id=" . $CURUSER['id'] . ">" . $CURUSER['username'] . "</a>, ");

$gigsupped = ($CURUSER["uploaded"]);
$ratio = (($CURUSER["downloaded"] > 0) ? ($CURUSER["uploaded"] / $CURUSER["downloaded"]) : 0);

//===karma          //=== uncomment this bit if you are using the karma system
/*
if ($CURUSER["seedbonus"] <5.0)
          print("you do not have enough <a class=altlink href=mybonus.php>Karma Points</a> ...".
          " you can not make requests.<p>To view all requests, click <a class=altlink href=viewrequests.php><b>here</b></a></p>\n<br><br>");
//===end
*/
//=== if you are using the karma mod change this next line too
//elseif ($gigsupped < 10737418240)
if ($gigsupped < 10737418240)
          print("you have <b>not</b> yet uploaded <b>10 GB</b>... you can not make requests.<p>".
          "To view all requests, click <a class=altlink href=viewrequests.php><b>here</b></a></p>\n<br><br>");
elseif ($ratio < 1.0){
        $byboth = $byratio && $byul;
            print(
              ($byboth ? "both " : "") .
              ($byratio ? "your ratio of <b>" . format_ratio($CURUSER["uploaded"],$CURUSER["downloaded"]) : "</b>") .
              ($byboth ? " and " : "") .
              ($byul ? "your total uploaded of<b> " . round($gigs,2) . " GB</b>" : "") . "" .
              ($byboth ? "" : "") . " We see that you have <b>not</b> met the minimum requirements." .
              ($byboth ? "" : " (because your " . ($byratio ? "total uploaded is " . round($gigs,2) . " GB" : "ratio is <b>" . format_ratio($CURUSER["uploaded"],$CURUSER["downloaded"])) . "</b>.)<br><br><p>To view all requests, click <a href=viewrequests.php><b>here</b></a></p>\n<br><br>"));
        }
else
        {
print("you <b>can</b> make requests.<p>To view all requests, click <a class=altlink href=viewrequests.php>here</a></p>\n");

//===end check

print("<table border=1 width=800 cellspacing=0 cellpadding=5><tr><td class=colhead align=left>".
"Please search torrents before adding a request! And make sure the file is on nforce as a release</td></tr><tr><td align=left class=clearalt6><form method=get action=browse.php>".
"<input type=text name=search size=40 value=\"".htmlspecialchars($searchstr)."\" />in <select name=cat> <option value=0>(all types)</option>");

$cats = genrelist();
$catdropdown = "";
foreach ($cats as $cat) {
   $catdropdown .= "<option value=\"" . $cat["id"] . "\"";
   if ($cat["id"] == $_GET["cat"])
   $catdropdown .= " selected=\"selected\"";
   $catdropdown .= ">" . htmlspecialchars($cat["name"]) . "</option>\n";
}

$deadchkbox = "<input type=\"checkbox\" name=\"incldead\" value=\"1\"";
if ($_GET["incldead"])
$deadchkbox .= " checked=\"checked\"";
$deadchkbox .= " /> including dead torrents\n";
print(" ".$catdropdown." </select> ".$deadchkbox." <input type=submit value=Search! class=button /></form></td></tr></table><br>\n");

print("<form method=post name=compose action=". $_SERVER[PHP_SELF] ."?new_request=1><a name=add id=add></a>".
"<table border=1 width=800 cellspacing=0 cellpadding=5><tr><td class=colhead align=left colspan=2>".
"Requests are for Users with a good ratio who have uploaded at least 10 gigs Only... Share and you shall recieve!</td></tr>".
"<tr><td align=right class=clearalt6><b>Title:</b></td><td align=left class=clearalt6><input type=text size=40 name=requesttitle>".
"<select name=category><option value=0>(Select a Category)</option>\n");

$res2 = mysql_query("SELECT id, name FROM categories  order by name");
$num = mysql_num_rows($res2);
$catdropdown2 = "";
for ($i = 0; $i < $num; ++$i)
   {
 $cats2 = mysql_fetch_assoc($res2);
 $catdropdown2 .= "<option value=\"" . $cats2["id"] . "\"";
 $catdropdown2 .= ">" . htmlspecialchars($cats2["name"]) . "</option>\n";
   }

print("".$catdropdown2." </select><br><tr><td align=right class=clearalt6 valign=top><b>Image:</b></td><td align=left class=clearalt6>".
"<input type=text name=picture size=80><br>(Direct link to image, NO TAGS NEEDED! Will be shown in description)</td></tr>".
"<tr><td align=right class=clearalt6><b>Description:</b></td><td align=left class=clearalt6>\n");
textbbcode("compose","body","$body");
print("</td></tr><tr><td align=center  class=clearalt6 colspan=2><input type=submit value='Okay' class=button></td></tr></form><br><br></table><br>\n");
}
}

$res = mysql_query("SELECT users.username, requests.id, requests.userid, requests.request, requests.added, uploaded, downloaded, categories.image, categories.name as cat FROM requests inner join categories on requests.cat = categories.id inner join users on requests.userid = users.id order by requests.id desc LIMIT 10") or sqlerr();
$num = mysql_num_rows($res);

print("<table border=1 width=800 cellspacing=0 cellpadding=5><tr><td class=colhead align=left width=50>Category</td>".
"<td class=colhead align=left width=425>Request</td><td class=colhead align=center>Added</td>".
"<td class=colhead align=center width=125>Requested By</td></tr>\n");
for ($i = 0; $i < $num; ++$i)
{
//=======change colors
                if($count == 0)
{
$count = $count+1;
$class = "clearalt6";
}
else
{
$count = 0;
$class = "clearalt7";
}
                //=======end
 $arr = mysql_fetch_assoc($res);
 {
$addedby = "<td style='padding: 0px' align=center class=$class><b><a href=userdetails.php?id=$arr[userid]>$arr[username]</a></b></td>";
 }

 print("<tr><td align=center class=$class><img src=$imgdir/$arr[image]></td><td align=left class=$class><a href=viewrequests.php?id=$arr[id]&req_details=1><b>$arr[request]</b></a></td>" .
 "<td align=center class=$class>$arr[added]</td>".
   "$addedby</tr>\n");
}
print("<tr><td align=center colspan=4 class=clearalt6><form method=\"get\" action=viewrequests.php>".
"<input type=\"submit\" value=\"Show All\" class=button /></form></td></tr></table>\n");

stdfoot();
die;
}
//=== end requests

//=== take new request
if ($_GET["new_request"]){

$new_request = 0 + $_GET["new_request"];
if($new_request != '1')
stderr("Error", "I smell a rat!");

$userid = 0 + $CURUSER["id"];
if (ereg("^[0-9]+$", !$userid))
stderr("Error", "I smell a rat!");

$request = htmlentities($_POST["requesttitle"]);
if ($request == "")
 bark("You must enter a title!");

$cat = (0 + $_POST["category"]);
if (!is_valid_id($cat))
 bark("You must select a category to put the request in!");

$descrmain = unesc($_POST["body"]);
if (!$descrmain)
 bark("You must enter a description!");

if (!empty($_POST['picture'])){
$picture = unesc($_POST["picture"]);
if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture))
stderr("Error", "Image MUST be in jpg, gif or png format.");
$pic = "[img]".$picture."[/img]\n";
}
$descr = "$pic";
$descr .= "$descrmain";

$userid = sqlesc($userid);
$request2 = sqlesc($request);
$descr = sqlesc($descr);
$cat = sqlesc($cat);

mysql_query("INSERT INTO requests (hits,userid, cat, request, descr, added) VALUES(1,$CURUSER[id], $cat, $request2, $descr, '" . get_date_time() . "')") or sqlerr(__FILE__,__LINE__);
$id = mysql_insert_id();
@mysql_query("INSERT INTO addedrequests VALUES(0, $id, $CURUSER[id])") or sqlerr();

//===add karma          //===  uncomment using karma mod
//mysql_query("UPDATE users SET seedbonus = seedbonus-5.0 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);
//===end

write_log("Request ($request) was added to the Request section by $CURUSER[username]");

header("Refresh: 0; url=viewrequests.php?id=$id&req_details=1");
}
//===end take new request

//=== request details
if ($_GET["req_details"]){

$req_details = 0 + $_GET["req_details"];
if($req_details != '1')
stderr("Error", "I smell a rat!");

$id = 0+$_GET["id"];

stdhead("Request Details");

$res = mysql_query("SELECT *,UNIX_TIMESTAMP(added) as utadded FROM requests WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

//$timezone = display_date_time($num["utadded"] , $CURUSER[tzoffset] );         //=== use this line if you have the timezone mod
$timezone = get_date_time($num["utadded"]);

$s = $num["request"];

begin_frame("Details Of Request: $s",true);
print("<table width=\"80%\" border=\"1\" cellspacing=\"0\" cellpadding=\"5\"><tr><td align=center colspan=2 class=colhead>".
"<font size=\"+2\"><b>$s</b></font></td></tr>");
if ($num["descr"]){
$req_bb = format_comment($num["descr"]);
print("<tr><td align=left colspan=2 class=clearalt7 valign=top>$req_bb</td></tr>");
}
print("<tr><td align=right class=clearalt6><b>Added:</b></td><td align=left class=clearalt6>$timezone</td></tr>");

$cres = mysql_query("SELECT username FROM users WHERE id=$num[userid]");
   if (mysql_num_rows($cres) == 1)
   {
     $carr = mysql_fetch_assoc($cres);
     $username = "$carr[username]";
   }

if ($CURUSER[id] == $num[userid] || get_user_class() >= UC_MODERATOR){
$edit = "[ <a class=altlink href=". $_SERVER[PHP_SELF] ."?id=$id&edit_request=1>Edit Request</a> ]";
$delete = "[ <a class=altlink href=". $_SERVER[PHP_SELF] ."?id=$id&del_req=1&sure=0>Delete Request</a> ]";
if ($num["filled"] == yes)
$reset = "[ <a class=altlink href=". $_SERVER[PHP_SELF] ."?id=$id&req_reset=1>Re-set Request</a> ]";
}

//=== chances are you have some sort of "report" function in your site...
//=== if so, use the below bit and adjust it to work with your report script...

/*print("<tr><td align=right class=clearalt6><b>Requested&nbsp;By:</b></td><td align=left class=clearalt6>".
"<a class=altlink href=userdetails.php?id=$num[userid]>$username</a>  $edit  $delete </td></tr><tr><td align=right class=clearalt6>".
"<b>Vote for this request:</b></td><td align=left class=clearalt6><a href=". $_SERVER[PHP_SELF] ."?id=$id&req_vote=1><b>Vote</b></a>".
"</td></tr><tr><td align=right class=clearalt6><b>Report Request:</b></td><td align=left class=clearalt6>".
"<form action=report.php?reportrequestid=$id method=\"post\"> for breaking the rules ".
"<input class=button type=submit name=submit value=\"Report Request\"></form></td></tr>");
*/

//=== use this if you have no report function
print("<tr><td align=right class=clearalt6><b>Requested&nbsp;By:</b></td><td align=left class=clearalt6>".
"<a class=altlink href=userdetails.php?id=$num[userid]>$username</a>  $edit  $delete $reset</td></tr><tr><td align=right class=clearalt6>".
"<b>Vote for this request:</b></td><td align=left class=clearalt6><a href=". $_SERVER[PHP_SELF] ."?id=$id&req_vote=1><b>Vote</b></a>".
"</td></tr>");


if ($num["filled"] == no)
{
print("<form method=post action=". $_SERVER[PHP_SELF] ."?requestid=$id&req_filled=1><tr><td align=right class=clearalt6 valign=top><b>Fill This Request:</b></td>".
"<td class=clearalt6><input type=text size=80 name=filledurl value=''><br>".
"Enter the <b>full</b> URL of the torrent i.e. <b>$BASEURL/details.php?id=</b> <br>[ just copy/paste from another window/tab or modify the existing URL to have the correct ID number ]</td>".
"</tr></table><input type=submit value=\"Fill Request\" class=button></form>\n");
}
if ($num["filled"] == yes)
print("<tr><td align=right class=clearalt6 valign=top><b>This Request was filled:</b></td><td class=clearalt6><a class=altlink href=$num[filledurl]><b>$num[filledurl]</b></a></td></tr></table>");

//--- added comments
function reqcommenttable($rows)
{
       global $CURUSER, $HTTP_SERVER_VARS;
       begin_main_frame();
       begin_frame();
       $count = 0;

       foreach ($rows as $row)
       {
//=======change colors
                if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}
print("<br>");
                begin_table(true);
                print("<tr><td class=colhead colspan=2><p class=sub><a name=comment_" . $row["id"] . ">#" . $row["id"] . "</a> by: ");
   if (isset($row["username"]))
 {
 $username = $row["username"];
 $ratres = mysql_query("SELECT uploaded, downloaded from users where username='$username'");
       $rat = mysql_fetch_array($ratres);
 if ($rat["downloaded"] > 0)
{
$ratio = $rat['uploaded'] / $rat['downloaded'];
$ratio = number_format($ratio, 3);
$color = get_ratio_color($ratio);
if ($color)
$ratio = "<font color=$color>$ratio</font>";
}
else
if ($rat["uploaded"] > 0)
    $ratio = "Inf.";
else
$ratio = "---";

         $title = $row["title"];
         if ($title == "")
   $title = get_user_class_name($row["class"]);
         else
   $title = htmlspecialchars($title);
       print("<a name=comm". $row["id"] .
               " href=userdetails.php?id=" . $row["user"] . "><b>" .
               htmlspecialchars($row["username"]) . "</b></a>" . ($row["donor"] == "yes" ? "<img src=$imgdir/pic/star.gif alt='Donor'>" : "") . ($row["warned"] == "yes" ? "<img src=".
             "$imgdir/pic/warned.gif alt=\"Warned\">" : "") . "<font size=\"-3\"> ($title) (ratio: $ratio)\n");
 }
 else
 print("<a name=\"comm" . $row["id"] . "\"><i>(orphaned)</i></a>\n");

 //=== if using report mod uncomment the next bit and change to your report system

 print(" at " . $row["added"] . " GMT</font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;" .
         ($row["user"] == $CURUSER["id"] || get_user_class() >= UC_MODERATOR ? "[ <a href=reqcomment.php?action=edit&amp;cid=$row[id]>Edit</a> ]" : "") .
         (get_user_class() >= UC_MODERATOR ? "  [ <a href=reqcomment.php?action=delete&amp;cid=$row[id]>Delete</a> ] " : "") .
         ($row["editedby"] && get_user_class() >= UC_MODERATOR ? "" : "") . " [ <a href=userdetails.php?id=" . $row["user"] . ">Profile</a> ] [ <a href=sendmessage.php?receiver=" . $row["user"] . ">PM</a> ] [ <a href=report.php?reqcommentid=$row[id]>Report</a> ]</p>\n");
 /*
 //=== if not using report use this instead
 print(" at " . $row["added"] . " GMT</font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;" .
         ($row["user"] == $CURUSER["id"] || get_user_class() >= UC_MODERATOR ? "[ <a href=reqcomment.php?action=edit&amp;cid=$row[id]>Edit</a> ]" : "") .
         (get_user_class() >= UC_MODERATOR ? "  [ <a href=reqcomment.php?action=delete&amp;cid=$row[id]>Delete</a> ] " : "") .
         ($row["editedby"] && get_user_class() >= UC_MODERATOR ? "" : "") . " [ <a href=userdetails.php?id=" . $row["user"] . ">Profile</a> ] [ <a href=sendmessage.php?receiver=" . $row["user"] . ">PM</a> ]</p>\n");
  */
 $avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($row["avatar"]) : "");
 if (!$avatar)
         $avatar = "$imgdir/pic/default_avatar.gif";

 $text = format_comment($row["text"]);
   if ($row["editedby"])
$text .= "<p><font size=1 class=small>Edited by <a href=userdetails.php?id=$row[editedby]><b>$row[username]</b></a>  $row[editedat] GMT</font></p>\n";
print("</td></tr><tr valign=top><td align=center width=150 class=$class><img width=150 src=$avatar></td><td class=$class>$text</td></tr>\n");
end_table();
}
end_frame();
end_main_frame();
}
//=== end request comment

print("<tr><td class=embedded colspan=2><p><a name=startcomments></a></p>\n");

       $commentbar = "<p align=center><a class=index href=reqcomment.php?action=add&amp;tid=$id>Add Comment</a></p>\n";
       $subres = mysql_query("SELECT COUNT(*) FROM comments WHERE request = $id");
       $subrow = mysql_fetch_array($subres);
       $count = $subrow[0];
print("</td></tr></table>");

if (!$count)
print("<h2>No comments</h2>\n");
else {
 list($pagertop, $pagerbottom, $limit) = pager(20, $count, "viewrequests.php?id=$id&req_details=1&", array(lastpagedefault => 1));
$subres = mysql_query("SELECT comments.id, text, user, comments.added, editedby, editedat, avatar, warned, ".
                 "username, title, class, donor FROM comments LEFT JOIN users ON comments.user = users.id WHERE request = " .
                 "$id ORDER BY comments.id $limit") or sqlerr(__FILE__, __LINE__);

 $allrows = array();
 while ($subrow = mysql_fetch_array($subres))
         $allrows[] = $subrow;

 print($commentbar);
 print($pagertop);
 reqcommenttable($allrows);
 print($pagerbottom);
}
 print($commentbar);

end_frame();
die;
}
//=== end request details

//=== added edit request
if ($_GET["edit_request"]) {

$edit_request = 0 + $_GET["edit_request"];
if($edit_request != '1')
stderr("Error", "I smell a rat!");

$id = 0+$_GET["id"];

$res = mysql_query("SELECT *,UNIX_TIMESTAMP(added) as utadded FROM requests WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

//$timezone = display_date_time($num["utadded"] , $CURUSER[tzoffset] );         //=== use this line if you have timezone mod
$timezone = get_date_time($num["utadded"]);

$s = $num["request"];
$id2 = $num["cat"];

if ($CURUSER["id"] != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error!", "This is not your Request to edit.");

$request = sqlesc($s);
$body = htmlspecialchars(unesc($num["descr"]));
$res2 = mysql_query("SELECT name FROM categories WHERE id=$id2")or sqlerr(__FILE__, __LINE__);
$num2 = mysql_fetch_array($res2);
$name = $num2["name"];
$s2 = "<select name=\"category\"><option value=$id2> $name </option>\n";

$cats = genrelist();

foreach ($cats as $row)
$s2 .= "<option value=\"" . $row["id"] . "\">" . htmlspecialchars($row["name"]) . "</option>\n";
$s2 .= "</select>\n";

stdhead("Edit Request");

print("<form method=post name=compose action=". $_SERVER[PHP_SELF] ."?id=$id&take_req_edit=1><a name=add id=add></a>".
"<table border=1 width=800 cellspacing=0 cellpadding=5><tr><td class=colhead align=left colspan=2><h1>Edit Request ".
"<img src=$imgdir/arrow_next.gif alt=\":\"> $s</h1></td><tr><tr><td align=right class=clearalt6><b>Title:</b></td>".
"<td align=left class=clearalt6><input type=text size=40 name=requesttitle value=$request><b> Type:</b> $s2<br><tr>".
"<td align=right class=clearalt6 valign=top><b>Image:</b></td><td align=left class=clearalt6>".
"<input type=text name=picture size=80 value=''><br>(Direct link to image. NO TAG NEEDED! Will be shown in description)".
"<tr><td align=right class=clearalt6><b>Description:</b></td><td align=left class=clearalt6>\n");
textbbcode("compose","body","$body");
print("</td></tr>\n");
//=== if staff
if (get_user_class() >= UC_MODERATOR){
print("<tr><td class=colhead align=left colspan=2>Staff only:</td></tr><tr><td align=right class=clearalt6><b>Filled:</b>".
"</td><td class=clearalt6><input type=checkbox name=filled" . ($num[filled]  == "yes" ? " checked" : "") . "></td></tr><tr>".
"<td align=right class=clearalt6><b>Filled by id:</b></td><td class=clearalt6>".
"<input type=text size=40 value=$num[filledby] name=filledby></td></tr><tr><td align=right class=clearalt6>".
"<b>Torrent url:</b></td><td class=clearalt6><input type=text size=80 name=filledurl value=$num[filledurl]></td></tr>");
}
//===end  if staff
print("<tr><td align=center  class=clearalt6 colspan=2><input type=submit value='Edit Request' class=button></td></tr></form><br><br></table><br>\n");

stdfoot();
die;
}
//===end added edit request

//==== take req edit
if ($_GET["take_req_edit"]){

$take_req_edit = 0 + $_GET["take_req_edit"];
if($take_req_edit != '1')
stderr("Error", "I smell a rat!");

$id = 0 + $_GET["id"];

$res = mysql_query("SELECT userid FROM requests WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

if ($CURUSER["id"] != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error", "Access denied.");

$request = htmlentities($_POST["requesttitle"]);
if (!empty($_POST['picture'])){
$picture = unesc($_POST["picture"]);
if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture))
stderr("Error", "Image MUST be in jpg, gif or png format.");
$pic = "[img]".$picture."[/img]\n";
}
$descr = "$pic";
$descr .= unesc($_POST["body"]);
if (!$descr)
  bark("You must enter a description!");
$cat = (0 + $_POST["category"]);
if (!is_valid_id($cat))
        bark("You must select a category to put the request in!");

$request = sqlesc($request);
$descr = sqlesc($descr);
$cat = sqlesc($cat);
$filledby = htmlentities( 0 + $_POST["filledby"]);
$filled = $_POST["filled"];
if ($filled)
{
if (!is_valid_id($filledby))
        bark("Not a valid id!");
$res = mysql_query("SELECT id FROM users WHERE id=".$filledby."");
if (mysql_num_rows($res) == 0)
       bark("ID doesn't match any users, try again");

$filledurl = htmlentities($_POST['filledurl']);
if(!preg_match("#^".preg_quote("$BASEURL/details.php?id=")."([0-9]{1,6})$#", $filledurl))
stderr("Error", "Something is wrong with that url.<br> URL <u>must</u> be: <b>$BASEURL/details.php?id=(torrent id)</b>");

if (!$filledurl)
        bark("No torrent url");
mysql_query("UPDATE requests SET cat=$cat, request=$request, descr=$descr, filledby=$filledby, filled ='yes', filledurl='$filledurl' WHERE id = $id") or sqlerr(__FILE__,__LINE__);
}
else
mysql_query("UPDATE requests SET cat=$cat, filledby = 0, request=$request, descr=$descr, filled = 'no' WHERE id = $id") or sqlerr(__FILE__,__LINE__);

header("Refresh: 0; url=viewrequests.php?id=$id&req_details=1");
}
//=== end take req edit

//=== request filled
if ($_GET["req_filled"]){

$req_filled = 0 + $_GET["req_filled"];
if($req_filled != '1')
stderr("Error", "I smell a rat!");

if ($_GET["requestid"]){
$requestid = 0 + htmlentities($_GET["requestid"]);
if (ereg("^[0-9]+$", !$requestid))
stderr("Error", "I smell a rat!");
}

$filledurl = htmlentities($_POST['filledurl']);
if(!preg_match("#^".preg_quote("$BASEURL/details.php?id=")."([0-9]{1,6})$#", $filledurl))
stderr("Error", "Something is wrong with that url.<br> URL <u>must</u> be: <b>$BASEURL/details.php?id=(torrent id)</b>");

stdhead("Request Filled");

begin_main_frame();

$res = mysql_query("SELECT users.username, requests.userid, requests.filled, requests.request FROM requests inner join users on requests.userid = users.id where requests.id = $requestid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);

$res2 = mysql_query("SELECT username FROM users where id =" . $CURUSER[id]) or sqlerr(__FILE__, __LINE__);
$arr2 = mysql_fetch_assoc($res2);

if ($arr['filled']==no){
$msg = "Your request, " . $arr[request] . " has been filled by " . $arr2[username] . ". You can download your request from " . $filledurl. ".  Please do not forget to leave thanks where due.  If for some reason this is not what you requested, please reset your request so someone else can fill it by following this link.  Do NOT follow this link unless you are sure that this does not match your request.";

mysql_query ("UPDATE requests SET filled = 'Yes', filledurl = '$filledurl', filledby = $CURUSER[id] WHERE id = $requestid") or sqlerr(__FILE__, __LINE__);

//=== remove the next query if you DON'T have subject in your PM system and use the other one
mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg, subject, location) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ", 'Request Filled', 1)") or sqlerr(__FILE__, __LINE__);
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg, location) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ", 1)") or sqlerr(__FILE__, __LINE__); //=== use this line if you don't have subject in your PM system

//===add karma        uncomment if you have the karma system
//mysql_query("UPDATE users SET seedbonus = seedbonus+10.0 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);
//===end

//===notify people who voted on request thanks CoLdFuSiOn :)
//$res = mysql_query("SELECT `userid` FROM `addedrequests` WHERE `requestid` = $requestid AND userid != $arr[userid]") or sqlerr(__FILE__, __LINE__);
//$pn_msg = "The Request you voted for " . $arr[request] . " has been filled by " . $arr2[username] . ". You can download your request from " . $filledurl. ".  Please do not forget to leave thanks where due.";
//$some_variable = '';
//while($row = mysql_fetch_assoc($res)) {
//=== use this if you DO have subject in your PMs
//$some_variable .= "(0, 0, 'Request " . $arr[request] . " was just uploaded', $row[userid], '" . get_date_time() . "', " . sqlesc($pn_msg) . ")";
//=== use this if you DO NOT have subject in your PMs
//$some_variable = "(0, 0, $row[userid], '" . get_date_time() . "', " . sqlesc($pn_msg) . ")";
//}
//=== use this if you DO have subject in your PMs
//mysql_query("INSERT INTO messages (poster, sender, subject, receiver, added, msg) VALUES ".$some_variable."") or sqlerr(__FILE__, __LINE__);
//=== use this if you do NOT have subject in your PMs
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES ".$some_variable."") or sqlerr(__FILE__, __LINE__);
//===end

print("<table width=600><tr><td class=colhead align=left><h1>Succex!</h1></td></tr><tr><td class=clearalt6 align=left>".
"Request $requestid successfully filled with <a class=altlink href=$filledurl>$filledurl</a>.  <br><br>".
"User <a class=altlink href=userdetails.php?id=$arr[userid]><b>$arr[username]</b></a> automatically PMd.  <br><br>".
"If you have made a mistake in filling in the URL or have realised that your torrent does not actually satisfy this request".
", please reset the request so someone else can fill it by clicking <a class=altlink href=". $_SERVER[PHP_SELF] ."?id=$requestid&req_reset=1>HERE</a>".
"  <br><br>Do <b>NOT</b> follow this link unless you are sure there is a problem.<br><br></td></tr></table>");
}
else
{
print("<table width=600><tr><td class=colhead align=left><h1>Succex!</h1></td></tr><tr><td class=clearalt6 align=left>".
"Request $requestid successfully filled with <a class=altlink href=$filledurl>$filledurl</a>.  <br><br>User ".
"<a class=altlink href=userdetails.php?id=$arr[userid]><b>$arr[username]</b></a> automatically PMed.  <br><br>".
"If you have made a mistake in filling in the URL or have realised that your torrent does not actually satisfy this request".
", please reset the request so someone else can fill it by clicking <a class=altlink href=". $_SERVER[PHP_SELF] ."?id=$requestid&req_reset=1>HERE</a>".
"  <br><br>Do <b>NOT</b> follow this link unless you are sure there is a problem.<br><br></td></tr></table>");
}

end_main_frame();
stdfoot();
die;
}
//===end req filled

//=== request reset
if ($_GET["req_reset"]){

$req_reset = 0 + $_GET["req_reset"];
if($req_reset != '1')
stderr("Error", "I smell a rat!");

$requestid = htmlentities($_GET["id"]);
$requestid = 0 + $requestid;

stdhead("Reset Request");

begin_main_frame();

$res = mysql_query("SELECT userid, filledby,filled FROM requests WHERE id =$requestid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);

if (($CURUSER[id] == $arr[userid]) || (get_user_class() >= UC_MODERATOR) || ($CURUSER[id] == $arr[filledby]))
{
//===remove karma remove if not using karma system
 if ($arr['filled']=='yes')
 mysql_query("UPDATE users SET seedbonus = seedbonus-10.0 WHERE id = $arr[filledby]") or sqlerr(__FILE__, __LINE__);
 //===end
 @mysql_query("UPDATE requests SET filled='no', filledurl='', filledby='0' WHERE id =$requestid") or sqlerr(__FILE__, __LINE__);

print("<table width=600><tr><td class=colhead align=left><h1>Succex!</h1></td></tr>".
"<tr><td class=clearalt6 align=left>Request $requestid successfully reset.<br><br></td></tr></table>");
}
else{
print("<table width=600><tr><td class=colhead align=left><h1>Error!</h1></td></tr><tr><td class=clearalt6 align=left>".
"Sorry, cannot reset a request when you are not the owner, staff or person filling it.<br><br></td></tr></table>");
}

end_main_frame();
stdfoot();
die;
}
//===end request reset

//=== vote for request
if ($_GET["req_vote"]){

$req_vote = 0 + $_GET["req_vote"];
if($req_vote != '1')
stderr("Error", "I smell a rat!");

$requestid = 0 + $_GET["id"];

$userid = 0 + $CURUSER["id"];
if (!is_valid_id($userid))
stderr("Error", "I smell a rat!");

stdhead("Vote");

$res = mysql_query("SELECT * FROM addedrequests WHERE requestid=$requestid and userid = $userid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);
$voted = $arr;

if ($voted) {
print("<table width=600><tr><td class=colhead align=left><h1>You've Already Voted</h1></td></tr><tr><td class=clearalt6 align=left>".
"<p>You've already voted for this request, only 1 vote for each request is allowed</p>".
"<p>Back to <a class=altlink href=viewrequests.php?id=$requestid&req_details=1><b>request details</b></a></p><br><br></td></tr></table>");
}
else
{
mysql_query("UPDATE requests SET hits = hits + 1 WHERE id=$requestid") or sqlerr(__FILE__,__LINE__);
@mysql_query("INSERT INTO addedrequests VALUES(0, $requestid, $userid)") or sqlerr(__FILE__,__LINE__);
print("<table width=600><tr><td class=colhead align=left><h1>Vote accepted</h1></td></tr><tr><td class=clearalt6 align=left>".
"<p>Successfully voted for request $requestid</p><p>Back to <a class=altlink href=viewrequests.php?id=$requestid&req_details=1>".
"<b>request details</b></a></p><br><br></td></tr></table>");
}
stdfoot();
die;
}
//=== end vote for request

//===  votes_view
if ($_GET["votes_view"]){

$votes_view = 0 + $_GET["votes_view"];
if($votes_view != '1')
stderr("Error", "I smell a rat!");

$requestid = 0 + $_GET["requestid"];
if (!is_valid_id($requestid))
stderr("Error", "I smell a rat!");

$res2 = mysql_query("select count(addedrequests.id) from addedrequests inner join users on addedrequests.userid = users.id inner join requests on addedrequests.requestid = requests.id WHERE addedrequests.requestid =$requestid") or die(mysql_error());
$row = mysql_fetch_array($res2);
$count = $row[0];


$perpage = 25;

 list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] ."?" );

$res = mysql_query("select users.id as userid,users.username, users.downloaded,users.uploaded, requests.id as requestid, requests.request from addedrequests inner join users on addedrequests.userid = users.id inner join requests on addedrequests.requestid = requests.id WHERE addedrequests.requestid =$requestid $limit") or sqlerr();

stdhead("Voters");

$res2 = mysql_query("select request from requests where id=$requestid");
$arr2 = mysql_fetch_assoc($res2);

print("<h1>Voters for <a class=altlink href=viewrequests.php?id=$requestid&req_details=1><b>$arr2[request]</b></a></h1>");
print("<p>Vote for this <a class=altlink href=viewrequests.php?id=$requestid&req_vote=1><b>request</b></a></p>");

echo $pagertop;

if (mysql_num_rows($res) == 0)
 print("<p align=center><b>Nothing found</b></p>\n");
else
{
 print("<table border=1 cellspacing=0 cellpadding=5>\n");
 print("<tr><td class=colhead>Username</td><td class=colhead align=left>Uploaded</td><td class=colhead align=left>Downloaded</td>".
   "<td class=colhead align=left>Share Ratio</td>\n");

 while ($arr = mysql_fetch_assoc($res))
 {
//=======change colors
                if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}
if ($arr["downloaded"] > 0)
{
       $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 3);
       $ratio = "<font color=" . get_ratio_color($ratio) . ">$ratio</font>";
    }
    else
       if ($arr["uploaded"] > 0)
         $ratio = "Inf.";
 else
  $ratio = "---";
$uploaded =mksize($arr["uploaded"]);
$joindate = "$arr[added] (" . get_elapsed_time(sql_timestamp_to_unix_timestamp($arr["added"])) . " ago)";
$downloaded = mksize($arr["downloaded"]);
if ($arr["enabled"] == 'no')
 $enabled = "<font color = red>No</font>";
else
 $enabled = "<font color = green>Yes</font>";

 print("<tr><td class=$class><a href=userdetails.php?id=$arr[userid]><b>$arr[username]</b></a></td><td align=left class=$class>$uploaded</td><td align=left class=$class>$downloaded</td><td align=left class=$class>$ratio</td></tr>\n");
 }
 print("</table>\n");
}

echo $pagerbottom;

stdfoot();
die;
}
//===end votes_view

//=== delete request user / staff
if ($_GET["del_req"]){

$del_req = 0 + $_GET["del_req"];
if($del_req != '1')
stderr("Error", "I smell a rat!");

$requestid = 0 + $_GET["id"];

$userid = 0 + $CURUSER["id"];
if (!is_valid_id($userid))
stderr("Error", "I smell a rat!");

$res = mysql_query("SELECT * FROM requests WHERE id = $requestid") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

if ($userid != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error", "This is not your Request to delete!");

$sure = 0 + $_GET["sure"];

 if ($sure == 0)
 stderr("Delete Request", "You`re about to delete this request. Click\n <a class=altlink href=". $_SERVER[PHP_SELF] ."?id=$requestid&del_req=1&sure=1>here</a>, if you`re sure.");
elseif ($sure == 1){
mysql_query("DELETE FROM requests WHERE id=$requestid") or sqlerr(__FILE__,__LINE__);
mysql_query("DELETE FROM addedrequests WHERE requestid = $requestid") or sqlerr(__FILE__,__LINE__);
mysql_query("DELETE FROM comments WHERE request=$requestid") or sqlerr(__FILE__,__LINE__);
write_log("Request: $request ($num[request]) was deleted from the Request section by $CURUSER[username]");
header("Refresh: 0; url=viewrequests.php");
}
else
stderr("Error", "I smell a rat!");
}
//===end delete request user / staff

//=== delete multi requests for staff
if ($_GET["staff_delete"]){

$staff_delete = 0 + $_GET["staff_delete"];
if($staff_delete != '1')
stderr("Error", "I smell a rat!");

if (get_user_class() >= UC_MODERATOR)
{
if (empty($_POST["delreq"]))
   bark("Don't leave any fields blank.");

$do="DELETE FROM requests WHERE id IN (" . implode(", ", $_POST[delreq]) . ")";
$do2="DELETE FROM addedrequests WHERE requestid IN (" . implode(", ", $_POST[delreq]) . ")";
$do3="DELETE FROM comments WHERE request IN (" . implode(", ", $_POST[delreq]) . ")";
$res=mysql_query($do);
$res2=mysql_query($do2);
$res3=mysql_query($do3);
}
else
{
bark("You're not staff, bugger off");}
header("Refresh: 0; url=viewrequests.php");
}
// end delete multi requests

//=== prolly not needed, but what the hell... basically stopping the page getting screwed up
if ($_GET["sort"]){
$sort = $_GET["sort"];
if($sort == 'votes' || $sort == 'cat' || $sort == 'request' || $sort == 'added')
$sort = $_GET["sort"];
else
stderr("Error", "I smell a rat!");
}
if ($_GET["filter"]){
$filter = $_GET["filter"];
if($filter == 'true' || $filter == 'false')
$filter = $_GET["filter"];
else
stderr("Error", "I smell a rat!");  
}
//=== end of prolly not needed, but what the hell :P

stdhead("Requests Page");

begin_main_frame();

print("<div align=center><table border=1 width=600 cellspacing=0 cellpadding=5><tr><td class=colhead align=center><h1>Requests Section</h1>\n</td></tr>".
"<tr><td align=center class=clearalt6><p><a class=altlink href=". $_SERVER[PHP_SELF] ."?add_request=1>Make a request</a>&nbsp;&nbsp;<a class=altlink href=viewrequests.php?requestorid=$CURUSER[id]>View my requests</a></p>".
"<p><a class=altlink href=". $_SERVER[PHP_SELF] ."?category=" . (int)$_GET[category] . "&sort=" . $_GET[sort] . "&filter=true>Hide Filled</a>");

//==== for mods only to make deleting filled requests simple... yeah, I'm lazy :P
if (get_user_class() >= UC_MODERATOR)
print(" - <a class=altlink href=". $_SERVER[PHP_SELF] ."?category=" . (int)$_GET[category] . "&sort=" . $_GET[sort] . "&filter=false>Only Filled</a>");
print("</p><p>Look in the <a class=altlink href=viewoffers.php><b>Offers</b></a> Section before you make a Request</p>");

$search = htmlspecialchars ($_GET["search"]);
$search = " AND requests.request like ".sqlesc('%'.$search.'%');

if ($sort == "votes")
$sort = " ORDER BY hits DESC";
elseif ($sort == "cat")
$sort = " ORDER BY cat ";
else if ($sort == "request")
$sort = " ORDER BY request ";
else if ($sort == "added")
$sort = " ORDER BY added ASC";
else
$sort = " ORDER BY added DESC";

if ($filter == "true")
$filter = " AND requests.filledby = '0' ";
elseif ($filter == "false")
$filter = " AND requests.filled = 'yes' ";
else
$filter = "";

if ($requestorid <> NULL)
       {
       if (($categ <> NULL) && ($categ <> 0))
 $categ = "WHERE requests.cat = " . $categ . " AND requests.userid = " . $requestorid;
       else
 $categ = "WHERE requests.userid = " . $requestorid;
       }

else if ($categ == 0)
       $categ = '';
else
       $categ = "WHERE requests.cat = " . $categ;

$res = mysql_query("SELECT count(requests.id) FROM requests inner join categories on requests.cat = categories.id inner join users on requests.userid = users.id  $categ $filter $search") or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_array($res);
$count = $row[0];

$perpage = 25;

list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] ."?" . "category=" . $_GET[category] . "&sort=" . $_GET["sort"] . "&" );
print("<center>");

$res = mysql_query("SELECT users.downloaded, users.uploaded, users.username, requests.filled, requests.filledby, requests.id, requests.userid, requests.request, requests.added, requests.hits, requests.filledurl, categories.image, categories.name as cat FROM requests inner join categories on requests.cat = categories.id inner join users on requests.userid = users.id  $categ $filter $search $sort $limit") or sqlerr(__FILE__, __LINE__);
$num = mysql_num_rows($res);

print("<div align=center><form method=get action=viewrequests.php><select name=category><option value=0>(Show All)</option>");

$cats = genrelist();
$catdropdown = "";
foreach ($cats as $cat) {
   $catdropdown .= "<option value=\"" . $cat["id"] . "\"";
   $catdropdown .= ">" . htmlspecialchars($cat["name"]) . "</option>\n";
}
print("$catdropdown</select><input type=submit align=center value=\"view only selected\" class=button>\n");
print("</form><br><form method=get action=viewrequests.php><b>Search Requests: </b><input type=text size=40 name=search>".
"<input class=button type=submit align=center value=Search></form></td></tr></table><br /><br>");

echo $pagertop;
?>
<script language = "Javascript">
<!--

var form='viewreq'

function SetChecked(val,chkName) {
dml=document.forms[form];
len = dml.elements.length;
var i=0;
for( i=0 ; i<len ; i++) {
if (dml.elements[i].name==chkName) {
dml.elements[i].checked=val;
}
}
}

// -->
</script>
<?
print("<form method=post name=viewreq action=viewrequests.php?staff_delete=1 onSubmit=\"return ValidateForm(this,'delreq')\">".
"<table border=1 width=100% cellspacing=0 cellpadding=5><tr><td class=colhead align=left width=50><a class=altlink href=". $_SERVER[PHP_SELF] ."?category=" . (int)$_GET[category] . "&filter=" . $_GET[filter] . "&sort=cat>Type</a></td>".
"<td class=colhead align=center><a class=altlink href=". $_SERVER[PHP_SELF] ."?category=" . (int)$_GET[category] . "&filter=" . $_GET[filter] . "&sort=request>Name</a></td>".
"<td class=colhead align=center width=150><a class=altlink href=" . $_SERVER[PHP_SELF] ."?category=" . (int)$_GET[category] . "&filter=" . $_GET[filter] . "&sort=added>Added</a></td>".
"<td class=colhead align=center>Requested by</td><td class=colhead align=center>Filled?</td><td class=colhead align=center>Filled By</td>".
"<td class=colhead align=center><a class=altlink href=" . $_SERVER[PHP_SELF] . "?category=" . (int)$_GET[category] . "&filter=" . $_GET[filter] . "&sort=votes>Votes</a></td>");
if (get_user_class() >= UC_MODERATOR)
print("<td class=colhead align=center>Del</td>");

print("</tr>\n");
for ($i = 0; $i < $num; ++$i)
{
//=======change colors
                if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}

$arr = mysql_fetch_assoc($res);

if ($arr["downloaded"] > 0)
   {
     $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 2);
     $ratio = "<font color=" . get_ratio_color($ratio) . "><b>$ratio</b></font>";
   }
   else if ($arr["uploaded"] > 0)
       $ratio = "Inf.";
   else
       $ratio = "---";

$res2 = mysql_query("SELECT username from users where id=" . $arr[filledby]);
$arr2 = mysql_fetch_assoc($res2);
if ($arr2[username])
       $filledby = $arr2[username];
else
       $filledby = " ";
$addedby = "<td  class=$class align=center><a href=userdetails.php?id=$arr[userid]><b>$arr[username] ($ratio)</b></a></td>";
$filled = $arr[filled];
if ($filled =="yes")
       $filled = "<a href=$arr[filledurl]><font color=green><b>Yes</b></font></a>";
else
       $filled = "<a href=viewrequests.php?id=$arr[id]&req_details=1><font color=red><b>No</b></font></a>";
 print("<tr><td align=center class=$class><img src=$imgdir/$arr[image]></td>" .
 "<td align=left class=$class><a href=". $_SERVER[PHP_SELF] ."?id=$arr[id]&req_details=1><b>$arr[request]</b></a></td>".
 "<td align=center class=$class>$arr[added]</td>$addedby<td class=$class>$filled</td>".
 "<td class=$class><a href=userdetails.php?id=$arr[filledby]><b>$arr2[username]</b></a></td>".
 "<td class=$class><a href=viewrequests.php?requestid=$arr[id]&votes_view=1><b>$arr[hits]</b></a></td>");
 if (get_user_class() >= UC_MODERATOR)
 print("<td class=$class><input type=checkbox name=\"delreq[]\" value=\"" . $arr[id] . "\" /></td>");
 print("</tr>\n");
}

if (get_user_class() >= UC_MODERATOR)
print("<tr><td class=colhead colspan=8 align=right><a class=altlink href=\"javascript:SetChecked(1,'delreq[]')\">".
"select all</a> - <a class=altlink href=\"javascript:SetChecked(0,'delreq[]')\">un-select all</a>".
" <input type=submit value=\"Delete Selected\" class=button></td></tr>");

print("</table>\n");

echo $pagerbottom;

print("</center>");

end_main_frame();
stdfoot();
die;
?>

Last edited by rabtb; 27th November 2012 at 23:14.
Reply With Quote
  #3  
Old 28th December 2012, 03:16
ndbj's Avatar
ndbj ndbj is offline
Senior Member
 
Join Date: Dec 2012
Portugal
Posts: 35
Default
missing sql for table addedrequests
Reply With Quote
  #4  
Old 28th December 2012, 03:47
rabtb's Avatar
rabtb rabtb is offline
Senior Member
 
Join Date: Aug 2008
Posts: 39
Default
Code:
CREATE TABLE IF NOT EXISTS `addedrequests` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `requestid` int(10) unsigned NOT NULL DEFAULT '0',
  `userid` int(10) unsigned NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`),
  KEY `pollid` (`id`),
  KEY `userid` (`userid`),
  KEY `requestid_userid` (`requestid`,`userid`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2031 ;
Reply With Quote
  #5  
Old 28th December 2012, 03:52
ndbj's Avatar
ndbj ndbj is offline
Senior Member
 
Join Date: Dec 2012
Portugal
Posts: 35
Default
thanks

what about sql to tables offers and the viewoffers.php file?
and maybe also a reqcomment.php?
Reply With Quote
  #6  
Old 28th December 2012, 04:31
rabtb's Avatar
rabtb rabtb is offline
Senior Member
 
Join Date: Aug 2008
Posts: 39
Default
Code:
CREATE TABLE IF NOT EXISTS `offers` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `userid` int(10) unsigned NOT NULL DEFAULT '0',
  `name` varchar(225) DEFAULT NULL,
  `descr` text NOT NULL,
  `added` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  `yeah` int(10) unsigned NOT NULL DEFAULT '0',
  `against` int(10) unsigned NOT NULL DEFAULT '0',
  `category` int(11) NOT NULL DEFAULT '0',
  `comments` int(11) NOT NULL DEFAULT '0',
  `allowed` enum('allowed','pending','denied') NOT NULL DEFAULT 'pending',
  PRIMARY KEY (`id`),
  KEY `userid` (`userid`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=6 ;
viewoffers.php
Code:
<?php

require_once("include/bittorrent.php");

dbconn(false);

loggedinorreturn();

parked();                 //=== uncomment if you use the parked mod

function offcommenttable($rows)
{
       global $CURUSER, $HTTP_SERVER_VARS;
       begin_main_frame();
       begin_frame();
       $count = 0;

       foreach ($rows as $row)
       {
           //=======change colors
if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}
print("<br>");
                begin_table(true);
                print("<tr><td class=colhead colspan=2><p class=sub><a name=comment_" . $row["id"] . ">#" . $row["id"] . "</a> by: ");
   if (isset($row["username"]))
 {
 $username = $row["username"];
 $ratres = mysql_query("SELECT uploaded, downloaded from users where username='$username'");
       $rat = mysql_fetch_array($ratres);
 if ($rat["downloaded"] > 0)
{
$ratio = $rat['uploaded'] / $rat['downloaded'];
$ratio = number_format($ratio, 3);
$color = get_ratio_color($ratio);
if ($color)
$ratio = "<font color=$color>$ratio</font>";
}
else
if ($rat["uploaded"] > 0)
$ratio = "Inf.";
else
$ratio = "---";

   $title = $row["title"];
         if ($title == "")
   $title = get_user_class_name($row["class"]);
         else
   $title = htmlspecialchars($title);
       print("<a name=comm". $row["id"] .
               " href=userdetails.php?id=" . $row["user"] . "><b>" .
               htmlspecialchars($row["username"]) . "</b></a>" . ($row["donor"] == "yes" ? "<img src=$imgdir/pic/star.gif alt='Donor'>" : "") . ($row["warned"] == "yes" ? "<img src=".
             "$imgdir/pic/warned.gif alt=\"Warned\">" : "") . " ($title) (ratio: $ratio)\n");
 }
 else
print("<a name=\"comm" . $row["id"] . "\"><i>(orphaned)</i></a>\n");

 print(" at " . $row["added"] . " GMT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;" .
         ($row["user"] == $CURUSER["id"] || get_user_class() >= UC_MODERATOR ? "[ <a href=offcomment.php?action=edit&amp;cid=$row[id]>Edit</a> ] " : "") .
         (get_user_class() >= UC_MODERATOR ? "[ <a href=offcomment.php?action=delete&amp;cid=$row[id]>Delete</a> ]" : "") .
         ($row["editedby"] && get_user_class() >= UC_MODERATOR ? "" : "") . "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;[ <a href=userdetails.php?id=" . $row["user"] . ">Profile</a> ] [ <a href=sendmessage.php?receiver=" . $row["user"] . ">PM</a> ]</p>\n");
 $avatar = ($CURUSER["avatars"] == "yes" ? htmlspecialchars($row["avatar"]) : "");
 if (!$avatar)
 $avatar = "$imgdir/pic/default_avatar.gif";

 $text = format_comment($row["text"]);
   if ($row["editedby"])
$text .= "<p><font size=1 class=small>Edited by <a href=userdetails.php?id=$row[editedby]><b>$row[username]</b></a>  $row[editedat] GMT</font></p>\n";
print("</td></tr><tr valign=top><td align=center width=150 class=$class><img width=150 src=$avatar></td><td class=$class>$text</td></tr>\n");
end_table();
}
end_frame();
end_main_frame();
}

function bark($msg) {
stdhead("Offer Error");
stdmsg("Error!", $msg);
 stdfoot();
 exit;
}

if ($_GET["category"]){
$categ = isset($_GET['category']) ? (int)$_GET['category'] : 0;
if(!is_valid_id($categ))
stderr("Error", "I smell a rat!");
}

if ($_GET["id"]){
$id = 0 + htmlentities($_GET["id"]);
if (ereg("^[0-9]+$", !$id))
stderr("Error", "I smell a rat!");
}

//==== add offer
if ($_GET["add_offer"]){

$add_offer = 0 + $_GET["add_offer"];
if($add_offer != '1')
stderr("Error", "I smell a rat!");

stdhead("Offer");

print("<table border=1 width=800 cellspacing=0 cellpadding=5><tr><td class=colhead align=left>".
"Please search torrents before adding an Offer!</td></tr><tr><td align=left class=clearalt6><form method=get action=browse.php>".
"<input type=text name=search size=40 value=\"".htmlspecialchars($searchstr)."\" />in <select name=cat> <option value=0>(all types)</option>");

$cats = genrelist();
$catdropdown = "";
foreach ($cats as $cat) {
   $catdropdown .= "<option value=\"" . $cat["id"] . "\"";
   if ($cat["id"] == $_GET["cat"])
   $catdropdown .= " selected=\"selected\"";
   $catdropdown .= ">" . htmlspecialchars($cat["name"]) . "</option>\n";
}

$deadchkbox = "<input type=\"checkbox\" name=\"incldead\" value=\"1\"";
if ($_GET["incldead"])
$deadchkbox .= " checked=\"checked\"";
$deadchkbox .= " /> including dead torrents\n";
print(" ".$catdropdown." </select> ".$deadchkbox." <input type=submit value=Search! class=button /></form></td></tr></table><br>\n");


print("<div align=Center><form action=". $_SERVER[PHP_SELF] ."?new_offer=1  name=compose method=post><br><br>".
"<table border=1 cellspacing=0 cellpadding=10><tr><td class=colhead align=center colspan=2>Offers are open to all users... a great ratio boost!</td><tr>\n");

$s = "<select name=type>\n<option value=0>(Select)</option>\n";
$cats = genrelist();
foreach ($cats as $row)
$s .= "<option value=".$row["id"].">" . htmlspecialchars($row["name"]) . "</option>\n";
$s .= "</select>\n";
print("<tr><td align=right class=clearalt6><b>Type:</b></td><td align=left class=clearalt6> $s</td></tr>".
"<tr><td align=right class=clearalt6><b>Title Offered:</b></td><td align=left class=clearalt6><input type=text name=name size=80 />".
"</td></tr><tr><td align=right class=clearalt6><b>Image or Photo:</b></td><td align=left class=clearalt6>".
"<input type=text name=picture size=80><br>(Link to the picture. Will be shown in description)</td></tr>".
"<tr><td align=right class=clearalt6><b>Description:</b></td><td align=left class=clearalt6>\n");
textbbcode("compose","body","$body");
print("</td></tr><tr><td align=center colspan=2 class=clearalt6><input type=submit class=button value=\"Add Offer!\" /></td></tr></table></form><br><br>\n");

//===list other offers
$res = mysql_query("SELECT users.username, offers.id, offers.userid, offers.name, offers.added, uploaded, downloaded, categories.image, categories.name as cat FROM offers inner join categories on offers.category = categories.id inner join users on offers.userid = users.id order by offers.id desc LIMIT 10") or sqlerr();
$num = mysql_num_rows($res);

print("<table border=1 width=800 cellspacing=0 cellpadding=5><tr><td class=colhead align=left width=50>Category</td>".
"<td class=colhead align=left width=425>Offer</td><td class=colhead align=center>Added</td>".
"<td class=colhead align=center width=125>Offered By</td></tr>\n");
for ($i = 0; $i < $num; ++$i)
{
//=======change colors
                if($count == 0)
{
$count = $count+1;
$class = "clearalt6";
}
else
{
$count = 0;
$class = "clearalt7";
}
                //=======end
 $arr = mysql_fetch_assoc($res);
 {
$addedby = "<td style='padding: 0px' align=center class=$class><b><a href=userdetails.php?id=$arr[userid]>$arr[username]</a></b></td>";
 }

 print("<tr><td align=center class=$class><img src=$imgdir/$arr[image]></td><td align=left class=$class><a href=viewoffers.php?id=$arr[id]&off_details=1><b>$arr[name]</b></a></td>" .
 "<td align=center class=$class>$arr[added]</td>".
   "$addedby</tr>\n");
}
print("<tr><td align=center colspan=4 class=clearalt8><form method=\"get\" action=viewoffers.php>".
"<input type=\"submit\" value=\"Show All\" class=button /></form></td></tr></table>\n");

stdfoot();
die;
}
//=== end add offer

//=== take new offer
if ($_GET["new_offer"]){

$new_offer = 0 + $_GET["new_offer"];
if($new_offer != '1')
stderr("Error", "I smell a rat!");

$userid = 0 + $CURUSER["id"];
if (ereg("^[0-9]+$", !$userid))
stderr("Error", "I smell a rat!");

$name = htmlentities($_POST["name"]);
if ($name == "")
 bark("You must enter a name!");

$cat = (0 + $_POST["type"]);
if (!is_valid_id($cat))
 bark("You must select a category to put the offer in!");

$descrmain = unesc($_POST["body"]);
if (!$descrmain)
 bark("You must enter a description!");

if (!empty($_POST['picture'])){
$picture = unesc($_POST["picture"]);
if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture))
stderr("Error", "Image MUST be in jpg, gif or png format.");
$pic = "[img]".$picture."[/img]\n";
}

$descr = "$pic";
$descr .= "$descrmain";

$res = mysql_query("SELECT name FROM offers WHERE name =".sqlesc($_POST[name])) or sqlerr();
$arr = mysql_fetch_assoc($res);
if (!$arr['name']){
 //===add karma //=== uncomment if you use the mod
//mysql_query("UPDATE users SET seedbonus = seedbonus+10.0 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__);
//===end

$ret = mysql_query("INSERT INTO offers (userid, name, descr, category, added) VALUES (" .
implode(",", array_map("sqlesc", array($CURUSER["id"], $name, $descr, 0 + $_POST["type"]))) .
", '" . get_date_time() . "')");
if (!$ret) {
       if (mysql_errno() == 1062)
 bark("!!!");
       bark("mysql puked: ".mysql_error());
}
$id = mysql_insert_id();

write_log("offer $name was added by ".$CURUSER[username]);

header("Refresh: 0; url=viewoffers.php?id=$id&off_details=1");

stdhead("Success!");
}
else{
stdhead("Error!");
print("<table width=600><tr><td class=colhead align=left><h1>Error!</h1></td></tr><tr><td class=clearalt6 align=left>".
"Offer allready exists! <br><br><a class=altlink href=viewoffers.php>View all offers</a><br><br></td></tr></table>");
}
stdfoot();
die;
}
//==end take new offer

//=== offer details
if ($_GET["off_details"]){

$off_details = 0 + $_GET["off_details"];
if($off_details != '1')
stderr("Error", "I smell a rat!");

$id = 0+$_GET["id"];

$res = mysql_query("SELECT * FROM offers WHERE id = $id") or sqlerr();
$num = mysql_fetch_array($res);

$s = $num["name"];

stdhead("Offer Details for \"$s\"");

begin_frame("Details for Offer:$s",true);
print("<table width=80% border=1 cellspacing=0 cellpadding=5><tr><td align=center colspan=2 class=colhead>".
"<font size=\"+2\"><b>$s</b></font></td></tr>");
if ($num["descr"]){
$off_bb = format_comment($num["descr"]);
print("<tr><td align=left colspan=2 class=clearalt7 valign=top>$off_bb</td></tr>");
}
print("<tr><td align=right class=clearalt6><b>Added:</b></td><td align=left class=clearalt6>$num[added]</td></tr>");
if ($num["allowed"] == "pending")
print("<tr><td align=right class=clearalt6><b>Status:</b></td><td align=left class=clearalt6><b><font color=red>Pending</font></b></td></tr>");
elseif ($num["allowed"] == "allowed")
print("<tr><td align=right class=clearalt6><b>Status:</b></td><td align=left class=clearalt6><b><font color=green>Allowed</font></b></td></tr>");
else
print("<tr><td align=right class=clearalt6><b>Status:</b></td><td align=left class=clearalt6><b><font color=red>Denied</font></b></td></tr>");

$cres = mysql_query("SELECT username FROM users WHERE id=$num[userid]");
  if (mysql_num_rows($cres) == 1)
  {
    $carr = mysql_fetch_assoc($cres);
    $username = "$carr[username]";
  }

if ($CURUSER[id] == $num[userid] || get_user_class() >= UC_MODERATOR){
$edit = "[ <a class=altlink href=". $_SERVER[PHP_SELF] ."?id=$id&edit_offer=1>Edit Offer</a> ]";
$delete = "[ <a class=altlink href=". $_SERVER[PHP_SELF] ."?id=$id&del_offer=1&sure=0>Delete Offer</a> ]";
}

print("<tr><td align=right class=clearalt6><b>Offered by:</b></td><td align=left class=clearalt6>".
"<a class=altlink href=userdetails.php?id=$num[userid]>$username</a> $edit $delete</td></tr>");

//=== if you want to have a pending thing for uploaders use this next bit
if (get_user_class() >= UC_MODERATOR && $num["allowed"] == "pending")
print("<form method=post action=viewoffers.php?allow_offer=1><tr><td align=center class=clearalt6 colspan=2><table><tr><td align=center class=clearalt6><input type=hidden value=$id name=offerid>".
"<input class=button type=submit value=Allow></td></form><td align=center class=clearalt6><form method=post action=viewoffers.php?id=$id&finish_offer=1>".
"<input type=hidden value=$id name=finish><input class=button type=submit value=\"Let votes decide\"></form></td></tr></table></td></tr>");

//if pending
if ($num["allowed"] == "pending"){
print("<tr><td align=right class=clearalt6><b>Vote:</b></td><td align=left class=clearalt6><b>".
"<a href=viewoffers.php?id=$id&vote=yeah><font color=green>For</font></a></b> - <b><a href=viewoffers.php?id=$id&vote=against>".
"<font color=red>Against</font></a></b></td></tr>");
}
//===upload torrent message
if ($num["allowed"] == "allowed" && $CURUSER["id"] != $num["userid"])
print("<tr><td align=right class=clearalt6><b>Offer Allowed:</b></td><td align=left class=clearalt6>".
"If you voted for this offer, you will be PMed when it is upped!</td></tr>");
if ($num["allowed"] == "allowed" && $CURUSER["id"] == $num["userid"]){
print("<tr><td align=right class=clearalt6><b>Offer Allowed:</b></td><td align=left class=clearalt6>".
"This offer has been allowed! Please upload it as soon as possible.</td></tr>");
}
//=== if you DON'T want to have a pending thing for uploaders use this next bit        instead
/*
if ($CURUSER["id"] != $num["userid"]){
print("<tr><td align=right class=clearalt6><b>Vote:</b></td><td align=left class=clearalt6><b>".
"<a href=viewoffers.php?id=$id&vote=yeah><font color=green>For</font></a></b> - <b><a href=viewoffers.php?id=$id&vote=against>".
"<font color=red>Against</font></a></b></td></tr>");
}
*/
$zres = mysql_query("SELECT COUNT(*) from offervotes where vote='yeah' and offerid=$id");
$arr = mysql_fetch_row($zres);
$za = $arr[0];
$pres = mysql_query("SELECT COUNT(*) from offervotes where vote='against' and offerid=$id");
$arr2 = mysql_fetch_row($pres);
$protiv = $arr2[0];
 //=== in the following section, there is a line to report comment... either remove the link or change it to work with your report script :)
/*
print("<tr><td align=right class=clearalt6><b><a class=altlink href=viewoffers.php?id=$id&offer_vote=1>Votes</a></b></td><td align=left class=clearalt6>".
"<b>For:</b> $za  <b>Against:</b> $protiv</td><tr><td align=right class=clearalt6 valign=top><b>Report Offer:</b></td>".
"<td align=left class=clearalt6><form action=report.php?reportofferid=$id method=\"post\">".
" for breaking the rules <input class=button type=submit name=submit value=\"Report Offer\"></form>".
"<br><br></td></tr><tr><td class=embedded colspan=2><br><p><a name=startcomments></a></p>\n");
*/
       $commentbar = "<p align=center><a class=index href=offcomment.php?action=add&amp;tid=$id>Add Comment</a></p>\n";
       $subres = mysql_query("SELECT COUNT(*) FROM comments WHERE offer = $id");
       $subrow = mysql_fetch_array($subres);
       $count = $subrow[0];
print("</td></tr></table>");
       if (!$count) {
print("<h2>No comments</h2>\n");
       }
else {
 list($pagertop, $pagerbottom, $limit) = pager(20, $count, "viewoffers.php?id=$id&off_details=1&", array(lastpagedefault => 1));

 $subres = mysql_query("SELECT comments.id, text, user, comments.added, editedby, editedat, avatar, warned, ".
                 "username, title, class, donor FROM comments LEFT JOIN users ON comments.user = users.id WHERE offer = " .
                 "$id ORDER BY comments.id $limit") or sqlerr(__FILE__, __LINE__);
 $allrows = array();
 while ($subrow = mysql_fetch_array($subres))
         $allrows[] = $subrow;

 print($commentbar);
 print($pagertop);

 offcommenttable($allrows);

 print($pagerbottom);
       }

print($commentbar);

stdfoot();
die;
}
//=== end offer details

//=== allow offer by staff
if ($_GET["allow_offer"]) {

if (get_user_class() < UC_MODERATOR)
stderr("Access denied!", "this is a mans job!");

$allow_offer = 0 + $_GET["allow_offer"];
if($allow_offer != '1')
stderr("Error", "I smell a rat!");

//=== to allow the offer  credit to S4NE for this next bit :)
//if ($_POST["offerid"]){
$offid = 0 + $_POST["offerid"];
if(!is_valid_id($offid))
stderr("Error", "I smell a rat!");

$res = mysql_query("SELECT users.username, offers.userid, offers.name FROM offers inner join users on offers.userid = users.id where offers.id = $offid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);

$msg = "$CURUSER[username] has allowed you to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b]. You will find a new option on the upload page.";

mysql_query ("UPDATE offers SET allowed = 'allowed' WHERE id = $offid") or sqlerr(__FILE__,__LINE__);

//===use this line if you DO HAVE subject in your PM system
//mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg, subject) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ", 'Your Offer has been allowed')") or sqlerr(__FILE__, __LINE__);
//===use this line if you DO NOT have subject in your PM system
mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);

write_log("$CURUSER[username] allowed offer $arr[name]");
header("Refresh: 0; url=$BASEURL/viewoffers.php?id=$offid&off_details=1");
}
//=== end allow the offer

//=== allow offer by vote
if ($_GET["finish_offer"]) {

if (get_user_class() < UC_MODERATOR)
stderr("Access denied!", "this is a mans job!");

$finish_offer = 0 + $_GET["finish_offer"];
if($finish_offer != '1')
stderr("Error", "I smell a rat!");

$offid = 0 + $_POST["finish"];
if(!is_valid_id($offid))
stderr("Error", "I smell a rat!");

$res = mysql_query("SELECT users.username, offers.userid, offers.name FROM offers inner join users on offers.userid = users.id where offers.id = $offid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);

$voteresyes = mysql_query("SELECT COUNT(*) from offervotes where vote='yeah' and offerid=$offid");
$arryes = mysql_fetch_row($voteresyes);
$yes = $arryes[0];
$voteresno = mysql_query("SELECT COUNT(*) from offervotes where vote='against' and offerid=$offid");
$arrno = mysql_fetch_row($voteresno);
$no = $arrno[0];

if($yes == '0' && $no == '0')
stderr("Sorry", "No votes yet... <a class=altlink href=viewoffers.php?id=$offid&off_details=1>Back to Offer details</a>");

if ($yes >= $no){
$msg = "Your Offer has been voted on. you are allowed to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b]. You will find a new option on the upload page.";
mysql_query ("UPDATE offers SET allowed = 'allowed' WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
}
else{
$msg = "Your Offer has been voted on. You are not allowed to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b].. Your offer will be deleted.";
mysql_query ("UPDATE offers SET allowed = 'denied' WHERE id = $offid") or sqlerr(__FILE__,__LINE__);
}
//===use this line if you DO HAVE subject in your PM system
//mysql_query("INSERT INTO messages (poster, sender, subject, receiver, added, msg) VALUES(0, 0, 'Your offer $arr[name] has been voted on', $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
//===use this line if you DO NOT subject in your PM system
mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__);
write_log("$CURUSER[username] closed poll $arr[name]");

header("Refresh: 0; url=$BASEURL/viewoffers.php?id=$offid&off_details=1");
die;
}
//===end allow offer by vote

//=== edit offer

if ($_GET["edit_offer"]) {

$edit_offer = 0 + $_GET["edit_offer"];
if($edit_offer != '1')
stderr("Error", "I smell a rat!");

$id = 0 + $_GET["id"];

$res = mysql_query("SELECT *,UNIX_TIMESTAMP(added) as utadded FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

//$timezone = display_date_time($num["utadded"] , $CURUSER[tzoffset] );         //=== use this line if you have timezone mod
$timezone = get_date_time($num["utadded"]);

$s = $num["name"];
$id2 = $num["category"];

if ($CURUSER["id"] != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error!", "This is not your Offer to edit.");

$offer = sqlesc($s);
$body = htmlspecialchars(unesc($num["descr"]));
$res2 = mysql_query("SELECT name FROM categories WHERE id=$id2")or sqlerr(__FILE__, __LINE__);
$num2 = mysql_fetch_array($res2);
$name = $num2["name"];
$s2 = "<select name=\"category\"><option value=$id2> $name </option>\n";

$cats = genrelist();

foreach ($cats as $row)
$s2 .= "<option value=\"" . $row["id"] . "\">" . htmlspecialchars($row["name"]) . "</option>\n";
$s2 .= "</select>\n";

stdhead("Edit Offer");

print("<form method=post name=compose action=". $_SERVER[PHP_SELF] ."?id=$id&take_off_edit=1>".
"<table border=1 width=800 cellspacing=0 cellpadding=5><tr><td class=colhead align=left colspan=2><h1>Edit Offer ".
"<img src=$imgdir/arrow_next.gif alt=\":\"> $s</h1></td><tr><tr><td align=right class=clearalt6><b>Title:</b></td>".
"<td align=left class=clearalt6><input type=text size=40 name=name value=$offer><b> Type:</b> $s2<br><tr>".
"<td align=right class=clearalt6 valign=top><b>Image:</b></td><td align=left class=clearalt6>".
"<input type=text name=picture size=80 value=''><br>(Direct link to image. NO TAG NEEDED! Will be shown in description)".
"<tr><td align=right class=clearalt6><b>Description:</b></td><td align=left class=clearalt6>\n");
textbbcode("compose","body","$body");
print("</td></tr><tr><td align=center  class=clearalt6 colspan=2><input type=submit value='Edit Offer' class=button></td></tr></form><br><br></table><br>\n");

stdfoot();
die;
}
//=== end edit offer

//==== take offer edit
if ($_GET["take_off_edit"]){

$take_off_edit = 0 + $_GET["take_off_edit"];
if($take_off_edit != '1')
stderr("Error", "I smell a rat!");

$id = 0 + $_GET["id"];

$res = mysql_query("SELECT userid FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

if ($CURUSER[id] != $num[userid] && get_user_class() < UC_MODERATOR)
        stderr("Error", "Access denied.");

$name = htmlentities($_POST["name"]);

if (!empty($_POST['picture'])){
$picture = unesc($_POST["picture"]);
if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture))
stderr("Error", "Image MUST be in jpg, gif or png format.");
$pic = "[img]".$picture."[/img]\n";
}
$descr = "$pic";
$descr .= unesc($_POST["body"]);
if (!$descr)
  bark("You must enter a description!");
$cat = (0 + $_POST["category"]);
if (!is_valid_id($cat))
        bark("You must select a category to put the Offer in!");

$name = sqlesc($name);
$descr = sqlesc($descr);
$cat = sqlesc($cat);

mysql_query("UPDATE offers SET category=$cat, name=$name, descr=$descr where id=$id");

header("Refresh: 0; url=viewoffers.php?id=$id&off_details=1");
}
//======end take offer edit

//=== offer votes list
if ($_GET["offer_vote"]){

$offer_vote = 0 + $_GET["offer_vote"];
if($offer_vote != '1')
stderr("Error", "I smell a rat!");

$offerid = 0 + htmlentities($_GET[id]);

$res2 = mysql_query("select count(offervotes.offerid) from offervotes inner join users on offervotes.userid = users.id inner join offers on offervotes.offerid = offers.id WHERE offervotes.offerid =$offerid") or sqlerr(__FILE__, __LINE__);
$row = mysql_fetch_array($res2);
$count = $row[0];

stdhead("Voters");

$res2 = mysql_query("select name from offers where id=$offerid");
$arr2 = mysql_fetch_assoc($res2);

print("<h2>Offer Vote Results <a class=altlink href=viewoffers.php?id=$offerid&off_details=1><b>$arr2[name]</b></a></h2>");

$res = mysql_query("select users.id as userid,users.username, users.downloaded,users.uploaded, offers.id as offerid, offers.name from offervotes inner join users on offervotes.userid = users.id inner join offers on offervotes.offerid = offers.id WHERE offervotes.offerid =$offerid $limit") or sqlerr(__FILE__, __LINE__);

if (mysql_num_rows($res) == 0)
print("<p align=center><b>No votes yet</b></p>\n");
else
{
$perpage = 25;

list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] ."?" );
echo $pagertop;
print("<table border=1 cellspacing=0 cellpadding=5><tr><td class=colhead>User</td><td class=colhead align=left>Uploaded</td>".
"<td class=colhead align=left>Downloaded</td><td class=colhead align=left>Ratio</td><td class=colhead align=left>Vote</td>\n");

while ($arr = mysql_fetch_assoc($res))
 {
//=======change colors
                if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}

$vres = mysql_query("select vote from offervotes where offerid=$offerid and userid=$arr[userid]") or sqlerr(__FILE__, __LINE__);
$vrow = mysql_fetch_array($vres);
if ($vrow[vote] == 'yeah') $vote = "<b><font color=green>yeah</font></b>";
elseif ($vrow[vote] == 'against') $vote = "<b><font color=red>Against</font></b>";

if ($arr["downloaded"] > 0)
{
       $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 3);
       $ratio = "<font color=" . get_ratio_color($ratio) . ">$ratio</font>";
    }
else
if ($arr["uploaded"] > 0)
$ratio = "Inf.";
else
$ratio = "---";
$uploaded =mksize($arr["uploaded"]);
$joindate = "$arr[added] (" . get_elapsed_time(sql_timestamp_to_unix_timestamp($arr["added"])) . " ago)";
$downloaded = mksize($arr["downloaded"]);
if ($arr["enabled"] == 'no')
 $enabled = "<font color = red>No</font>";
else
 $enabled = "<font color = green>Yes</font>";

 print("<tr><td class=$class><a class=altlink href=userdetails.php?id=$arr[userid]><b>$arr[username]</b></a></td>".
 "<td align=left class=$class>$uploaded</td><td align=left class=$class>$downloaded</td>".
 "<td align=left class=$class>$ratio</td><td align=left class=$class>$vote</td></tr>\n");
 }
 print("</table>\n");
}

echo $pagerbottom;

stdfoot();
die;
}
//=== end offer votes list

//=== offer votes
if ($_GET["vote"]){

$offerid = 0 + htmlentities($_GET["id"]);

$vote = htmlentities($_GET["vote"]);
if ($vote =='yeah' || $vote =='against')
{
$userid = 0+$CURUSER["id"];
$res = mysql_query("SELECT * FROM offervotes WHERE offerid=$offerid and userid=$userid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_assoc($res);
$voted = $arr;

if ($voted)
stderr("You've already voted", "<p>You've already voted, max 1 vote per offer</p><p>Back to the <a class=altlink href=viewoffers.php?id=$offerid&off_details=1><b>offer details</b></a></p>");
else
{
mysql_query("UPDATE offers SET $vote = $vote + 1 WHERE id=$offerid") or sqlerr(__FILE__,__LINE__);
mysql_query("INSERT INTO offervotes (offerid, userid, vote) VALUES($offerid, $userid, '$vote')") or sqlerr(__FILE__,__LINE__);
stdhead("Vote For Offer");
print("<h2>Vote accepted</h2>");
print("<p>Your vote have been accepted</p><p>Back to the <a class=altlink href=viewoffers.php?id=$offerid&off_details=1><b>offer details</b></a></p>");
stdfoot();
die;
}
}
else
stderr("Error", "I smell a rat!");
}
//=== end offer votes

//=== delete offer
if ($_GET["del_offer"]){

$del_offer = 0 + $_GET["del_offer"];
if($del_offer != '1')
stderr("Error", "I smell a rat!");

$offer = 0 + $_GET["id"];

$userid = 0 + $CURUSER["id"];
if (!is_valid_id($userid))
stderr("Error", "I smell a rat!");

$res = mysql_query("SELECT * FROM offers WHERE id = $offer") or sqlerr(__FILE__, __LINE__);
$num = mysql_fetch_array($res);

$name = $num["name"];

if ($userid != $num["userid"] && get_user_class() < UC_MODERATOR)
stderr("Error", "This is not your Offer to delete!");

if ($_GET["sure"]){
$sure = $_GET["sure"];
if($sure == '0' || $sure == '1')
$sure = 0 + $_GET["sure"];
else
stderr("Error", "I smell a rat!");
}

if ($sure == 0)
stderr("Delete Offer", "You`re about to delete this offer. Click\n <a class=altlink href=viewoffers.php?id=$offer&del_offer=1&sure=1>here</a>, if you`re sure.");
elseif ($sure == 1){
mysql_query("DELETE FROM offers WHERE id=$offer");
mysql_query("DELETE FROM offervotes WHERE offerid=$offer");
mysql_query("DELETE FROM comments WHERE offer=$offer");

//===add karma        //=== use this if you use the karma mod
 //mysql_query("UPDATE users SET seedbonus = seedbonus-10.0 WHERE id = $num[userid]") or sqlerr(__FILE__, __LINE__);
//===end

if ($CURUSER["id"] != $num["userid"]){
  $added = sqlesc(get_date_time());
  $userid = $num["userid"];
  $msg = sqlesc("Your offer $num[name] was deleted by $CURUSER[username] on $added....");
  //=== if you do NOT have subject in your PMs use the next part
  mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
  //=== if you HAVE have subject in your PMs use the next part
  /*$subject = sqlesc("$num[name] was deleted.");
  mysql_query("INSERT INTO messages (sender, receiver, msg, added, subject) VALUES(0, $userid, $msg, $added, $subject)") or sqlerr(__FILE__, __LINE__);
  */write_log("Offer: $offer ($num[name]) was deleted by $CURUSER[username]");
   header("Refresh: 0; url=viewoffers.php");
   die;
  }
else
{
write_log("Offer: $offer ($name) was deleted by $CURUSER[username]");
header("Refresh: 0; url=viewoffers.php");
die;
}
}
else
stderr("Error", "I smell a rat!");
}
//== end  delete offer

//=== prolly not needed, but what the hell... basically stopping the page getting screwed up
if ($_GET["sort"]){
$sort = $_GET["sort"];
if($sort == 'cat' || $sort == 'name' || $sort == 'added' || $sort == 'comments' || $sort == 'yeah' || $sort == 'against')
$sort = $_GET["sort"];
else
stderr("Error", "I smell a rat!");
}
//=== end of prolly not needed, but what the hell :P

$categ = 0 + $_GET["category"];

if ($_GET["offerorid"]){
$offerorid = 0 + htmlentities($_GET["offerorid"]);
if (ereg("^[0-9]+$", !$offerorid))
stderr("Error", "I smell a rat!");
}

$search = htmlspecialchars ($_GET["search"]);
$search = " AND offers.name like ".sqlesc('%'.$search.'%');

if ($sort == "cat")
$sort = " ORDER BY cat ";
else if ($sort == "name")
$sort = " ORDER BY name";
else if ($sort == "added")
$sort = " ORDER BY added ASC";
else if ($sort == "comments")
$sort = " ORDER BY comments DESC";
else if ($sort == "yeah")
$sort = " ORDER BY yeah DESC";
else if ($sort == "against")
$sort = " ORDER BY against DESC";
else
$sort = " ORDER BY added DESC";

if ($offerorid <> NULL)
{
if (($categ <> NULL) && ($categ <> 0))
$categ = "WHERE offers.category = " . $categ . " AND offers.userid = " . $offerorid;
else
$categ = "WHERE offers.userid = " . $offerorid;
}

else if ($categ == 0)
$categ = '';
else
$categ = "WHERE offers.category = " . $categ;

$res = mysql_query("SELECT count(offers.id) FROM offers inner join categories on offers.category = categories.id inner join users on offers.userid = users.id  $categ $search") or die(mysql_error());
$row = mysql_fetch_array($res);
$count = $row[0];

$perpage = 25;

list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] ."?" . "category=" . $_GET["category"] . "&sort=" . $_GET["sort"] . "&" );

$res = mysql_query("SELECT users.downloaded, users.uploaded, users.username, offers.id, offers.userid, offers.name, offers.added, offers.yeah, offers.against, offers.allowed, categories.image, categories.name as cat FROM offers inner join categories on offers.category = categories.id inner join users on offers.userid = users.id  $categ $search $sort $limit") or sqlerr();
$num = mysql_num_rows($res);

stdhead("Offers");

begin_main_frame();

print("<div align=center><table border=1 width=600 cellspacing=0 cellpadding=5><tr><td class=colhead align=center><h1>".
"Offers Section</h1>\n</td></tr><tr><td class=clearalt6 align=center><a class=altlink href=". $_SERVER[PHP_SELF] ."?add_offer=1>".
"Add offer</a> - <a class=altlink href=viewrequests.php>View Requests</a><br><br></div><center>");

print("<div align=center><form method=get action=viewoffers.php><select name=category><option value=0>(Show All)</option>");

$cats = genrelist();
$catdropdown = "";
foreach ($cats as $cat) {
   $catdropdown .= "<option value=\"" . $cat["id"] . "\"";
   $catdropdown .= ">" . htmlspecialchars($cat["name"]) . "</option>\n";
}
print("$catdropdown</select><input type=submit align=center value=\"view only selected\" class=button>".
"</form><br><form method=get action=viewoffers.php><b>Search offers: </b><input type=text size=40 name=search>".
"<input class=button type=submit align=center value=Search></form></td></tr></table><br /><br>");

echo $pagertop;

print("<table border=1 width=100% cellspacing=0 cellpadding=5>\n");
print("<tr><td class=colhead align=center><a class=altlink href=". $_SERVER[PHP_SELF] ."?category=" . (int)$_GET[category] . "&sort=cat>Type</a></td>".
"<td class=colhead align=left><a class=altlink href=". $_SERVER[PHP_SELF] ."?category=" . (int)$_GET[category] . "&sort=name>Title</a></td>".
"<td class=colhead align=center width=150><a class=altlink href=" . $_SERVER[PHP_SELF] ."?category=" . (int)$_GET[category] . "&sort=added>Added</a></td>".
"<td class=colhead align=center><a class=altlink href=" . $_SERVER[PHP_SELF] ."?category=" . (int)$_GET[category] . "&sort=comments>Comm.</a></td>".
"<td class=colhead align=center>Added by</td><td class=colhead align=center><a class=altlink href=" . $_SERVER[PHP_SELF] ."?category=" . (int)$_GET[category] . "&sort=yeah>For</a></td>".
"<td class=colhead align=center><a class=altlink href=" . $_SERVER[PHP_SELF] ."?category=" . (int)$_GET[category] . "&sort=against>Against</a></td></tr>\n");
for ($i = 0; $i < $num; ++$i)
{
//=======change colors
                if($count2 == 0)
{
$count2 = $count2+1;
$class = "clearalt6";
}
else
{
$count2 = 0;
$class = "clearalt7";
}
$arr = mysql_fetch_assoc($res);
if ($arr["downloaded"] > 0)
  {
    $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 2);
    $ratio = "<font color=" . get_ratio_color($ratio) . "><b>$ratio</b></font>";
  }
  else if ($arr["uploaded"] > 0)
      $ratio = "Inf.";
  else
      $ratio = "---";

$addedby = "<td class=$class align=center><a class=altlink href=userdetails.php?id=$arr[userid]><b>$arr[username]</a></b> ($ratio)</td>";
$rez = mysql_query("select comments from offers where id=$arr[id]");
$comm = mysql_fetch_array($rez);
if ($comm[comments] == 0)
$comment = "0";
else
$comment = "<a href=viewoffers.php?id=$arr[id]&off_details=1#startcomments><b>$comm[comments]</b></a>";


//==== if you want allow deny for offers use this next bit
if ($arr["allowed"] == 'allowed')
$allowed = "<br>[ <b><font color=green>Allowed</font></b> ]";
elseif ($arr["allowed"] == 'denied')
$allowed = "<br>[ <b><font color=red>Denied</font></b> ]";
else
$allowed = "<br>[ <b><font color=orange>Pending</font></b> ]";
//===end

if ($arr["yeah"] == 0) $zvote = "$arr[yeah]"; else $zvote = "<b><a href=viewoffers.php?id=$arr[id]&offer_vote=1>$arr[yeah]</a></b>";
if ($arr["against"] == 0) $pvote = "$arr[against]"; else $pvote = "<b><a href=viewoffers.php?id=$arr[id]&offer_vote=1>$arr[against]</a></b>";
print("<tr><td align=center class=$class><img src=$imgdir/$arr[image]></td><td align=left class=$class><a class=altlink href=". $_SERVER[PHP_SELF] ."?id=$arr[id]&off_details=1><b>$arr[name]</b></a>$allowed</td>" .
"<td align=center class=$class>$arr[added]</td><td align=center class=$class>$comment</td>$addedby<td align=center class=$class>$zvote</td><td align=center class=$class>$pvote</td></tr>\n");
}

print("</table>\n");
echo $pagerbottom;
print("</center>\n");
end_main_frame();
stdfoot();
die;
?>
reqcomment.php
Code:
<?
require_once("include/bittorrent.php");
$action = $_GET["action"];
dbconn(false);
loggedinorreturn();
parked(); //=== uncomment if you use the parked mod

if ($action == "add")
{
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$reqid = 0 + $_POST["tid"];
if (!is_valid_id($reqid))
stderr("Error", "Wrong ID.");

$res = mysql_query("SELECT request FROM requests WHERE id = $reqid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "No request with that ID.");

$text = trim($_POST["body"]);
if (!$text)
stderr("Error", "Don't leave any fields blank!");

mysql_query("INSERT INTO comments (user, request, added, text, ori_text) VALUES (" .
$CURUSER["id"] . ",$reqid, '" . get_date_time() . "', " . sqlesc($text) .
"," . sqlesc($text) . ")");

$newid = mysql_insert_id();

mysql_query("UPDATE requests SET comments = comments + 1 WHERE id = $reqid");

header("Refresh: 0; url=viewrequests.php?id=$reqid&req_details=1&$newid#comm$newid");

die;
}

$reqid = 0 + $_GET["tid"];
if (!is_valid_id($reqid))
stderr("Error", "Wrong ID.");

$res = mysql_query("SELECT request FROM requests WHERE id = $reqid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Wrong ID.");

stdhead("Add comment to \"" . $arr["request"] . "\"");

print("<p><form method=post name=compose action=reqcomment.php?action=add><input type=hidden name=tid value=$reqid/>".
"<table border=1 cellspacing=0 cellpadding=10><tr><td class=colhead align=center colspan=2><b>".
"Comment on Request: " . htmlspecialchars($arr["request"]) . "</b></td><tr><tr><td align=right class=clearalt6><b>comment:</b>".
"</td><td align=left class=clearalt6>\n");
textbbcode("compose","body","$body");
print("</td></tr><tr><td align=center colspan=2 class=clearalt6><input type=submit value='".Okay."' class=button></td></tr><br><br><br>\n");

$res = mysql_query("SELECT comments.id, text, UNIX_TIMESTAMP(comments.added) as utadded, UNIX_TIMESTAMP(editedat) as uteditedat, comments.added, username, users.id as user, users.class, users.avatar FROM comments LEFT JOIN users ON comments.user = users.id WHERE request = $reqid ORDER BY comments.id DESC LIMIT 5");
$allrows = array();
while ($row = mysql_fetch_array($res))
$allrows[] = $row;

if (count($allrows)) {
commenttable($allrows);
}
end_frame();
stdfoot();
die;
}
elseif ($action == "edit")
{
$commentid = 0 + $_GET["cid"];
if (!is_valid_id($commentid))
stderr("Error", "Wrong ID.");

$res = mysql_query("SELECT * FROM comments WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Wrong ID.");

if ($arr["user"] != $CURUSER["id"] && get_user_class() < UC_MODERATOR)
stderr("Error", "Access denied.");

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$text = $_POST["body"];

if ($text == "")
stderr("Error", "Don't leave any fields blank!");

$text = sqlesc($text);

$editedat = sqlesc(get_date_time());

mysql_query("UPDATE comments SET text=$text, editedat=$editedat, editedby=$CURUSER[id] WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);
$reqid = $arr["request"];
header("Refresh: 0; url=viewrequests.php?id=$reqid&req_details=1");

die;
}

//===edit request comment

stdhead("Edit comment");
print("<h1>Edit comment</h1><form method=post name=compose action=reqcomment.php?action=edit&cid=$commentid>".
"<input type=hidden name=returnto value=\"" . $_SERVER["HTTP_REFERER"] . "\" /><input type=hidden name=cid value=$commentid />".
"<p align=center><table border=1 cellspacing=1><tr><td align=center>\n");
$body = $arr['text'];
textbbcode("compose","body",htmlspecialchars(unesc($body)));
print("</td></tr><tr><td align=center colspan=2><p><input type=\"submit\" class=button value=\"Edit!\" /></p></form></td></tr><br></table>\n");
//stdfoot();
die;
}
elseif ($action == "delete")
{
if (get_user_class() < UC_MODERATOR)
stderr("Error", "Access denied.");

$commentid = 0 + $_GET["cid"];

if (!is_valid_id($commentid))
stderr("Error", "Invalid ID.");

$sure = $_GET["sure"];

if (!$sure)
{
$referer = $_SERVER["HTTP_REFERER"];
stderr("Delete comment", "You`re about to delete this comment. Click\n" .
"<a href=?action=delete&cid=$commentid&sure=1" .
($referer ? "&returnto=" . urlencode($referer) : "") .
">here</a>, if you`re sure.");
}


$res = mysql_query("SELECT request FROM comments WHERE id=$commentid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if ($arr)
$reqid = $arr["request"];

mysql_query("DELETE FROM comments WHERE id=$commentid") or sqlerr(__FILE__,__LINE__);
if ($reqid && mysql_affected_rows() > 0)
mysql_query("UPDATE requests SET comments = comments - 1 WHERE id = $reqid");

$returnto = htmlentities($_GET["returnto"]);

if ($returnto)
header("Location: $returnto");
else
header("Location: $BASEURL/");

die;
}
elseif ($action == "vieworiginal")
{
if (get_user_class() < UC_MODERATOR)
stderr("Error", "Access denied.");

$commentid = 0 + $_GET["cid"];

if (!is_valid_id($commentid))
stderr("Error", "Invalid ID.");

$res = mysql_query("SELECT c.*, t.name FROM comments AS c JOIN requests AS t ON c.request = t.id WHERE c.id=$commentid") or sqlerr(__FILE__,__LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Invalid ID.");

stdhead("Original");
print("<h1>Original content of comment #$commentid</h1><p>\n");
print("<table width=500 border=1 cellspacing=0 cellpadding=5>");
print("<tr><td class=comment>\n");
echo htmlspecialchars($arr["ori_text"]);
print("</td></tr></table>\n");

$returnto = $_SERVER["HTTP_REFERER"];

if ($returnto)
print("<p><font size=small>(<a href=$returnto>Back</a>)</font></p>\n");

stdfoot();
die;
}
elseif ($action == "edit")
{
$commentid = 0 + $_GET["cid"];
if (!is_valid_id($commentid))
stderr("Error", "Invalid ID.");

$res = mysql_query("SELECT * FROM comments WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_array($res);
if (!$arr)
stderr("Error", "Invalid ID.");

if ($arr["user"] != $CURUSER["id"] && get_user_class() < UC_MODERATOR)
stderr("Error", "Permission denied.");

if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$text = $_POST["text"];
$returnto = htmlentities($_POST["returnto"]);

if ($text == "")
stderr("Error", "Comment body cannot be empty!");

$text = sqlesc($text);

$editedat = sqlesc(get_date_time());

mysql_query("UPDATE comments SET text=$text, editedat=$editedat, editedby=$CURUSER[id] WHERE id=$commentid") or sqlerr(__FILE__, __LINE__);

if ($returnto)
header("Location: $returnto");
}
}
else
stderr("Error", "Unknown action");

die;
?>
Reply With Quote
  #7  
Old 28th December 2012, 08:52
ndbj's Avatar
ndbj ndbj is offline
Senior Member
 
Join Date: Dec 2012
Portugal
Posts: 35
Default
Thanks a lot.

i think this is the last thing missing, sql for table offervotes, please.

Last edited by ndbj; 28th December 2012 at 09:03.
Reply With Quote
  #8  
Old 28th December 2012, 13:21
wMan's Avatar
wMan wMan is offline
Banned
 
Join Date: Feb 2008
P2P
Posts: 1,433
Default
nice one
Reply With Quote
  #9  
Old 28th December 2012, 16:44
rabtb's Avatar
rabtb rabtb is offline
Senior Member
 
Join Date: Aug 2008
Posts: 39
Default
Code:
CREATE TABLE IF NOT EXISTS `offervotes` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `offerid` int(10) unsigned NOT NULL DEFAULT '0',
  `userid` int(10) unsigned NOT NULL DEFAULT '0',
  `vote` enum('yeah','against') NOT NULL DEFAULT 'yeah',
  PRIMARY KEY (`id`),
  KEY `userid` (`userid`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;
Reply With Quote
  #10  
Old 29th December 2012, 07:55
ndbj's Avatar
ndbj ndbj is offline
Senior Member
 
Join Date: Dec 2012
Portugal
Posts: 35
Default
Thanks a lot.
Seems to be all working good.

although, found one bug here, when open viewrequest details:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /var/www/vhosts/revanime.net/subdomains/tracker/httpdocs/viewrequests.php on line 412

any ideia of what's causing this error?


Bump: oops...

also offcomment.php is missing.
Reply With Quote
Reply

Tags
08 , mod , request , tbv

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 22:39. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2021, vBulletin Solutions Inc.