Codice PHP:
<?
ob_start();
require_once("backend/functions.php");
hit_start();
dbconn();
hit_count();
loggedinorreturn();
ini_set("upload_max_filesize",$max_torrent_size);
if($MAX_FILE_SIZE) {
require_once("backend/benc.php");
foreach(explode(":","descr:type:name") as $v) {
if (!isset($_POST[$v]))
$message = "Missing form data";
}
if (!isset($_FILES["file"]))
$message = "Missing form data";
$f = $_FILES["file"];
$fname = unesc($f["name"]);
if (empty($fname))
$message = "Empty filename!";
if ($_FILES['nfo']['size'] != 0) {
$nfofile = $_FILES['nfo'];
if ($nfofile['name'] == '')
$message = "No NFO!";
if ($nfofile['size'] == 0)
$message = "0-byte NFO";
if ($nfofile['size'] > 65535)
$message = "NFO is too big! Max 65,535 bytes.";
$nfofilename = $nfofile['tmp_name'];
if (@!is_uploaded_file($nfofilename))
$message = "NFO upload failed";
}
$descr = unesc($_POST["descr"]);
if (!$descr)
$message = "Devi scrivere almeno una lingua";
$catid = (0 + $_POST["type"]);
if (!is_valid_id($catid))
$message = "Devi selezionare una categoria";
if (!validfilename($fname))
$message = "Invalid filename!";
if (!preg_match('/^(.+)\.torrent$/si', $fname, $matches))
$message = "Invalid filename (not a .torrent).";
$shortfname = $torrent = $matches[1];
if (!empty($_POST["name"]))
$torrent = unesc($_POST["name"]);
$tmpname = $f["tmp_name"];
if (!is_uploaded_file($tmpname))
$message = "The file was uploaded, but wasn't found on the temp directoy.";
$dict = bdec_file($tmpname, $max_torrent_size);
if (!isset($dict))
$message = "What the hell did you upload? This is not a bencoded file!";
function dict_get($d, $k, $t) {
if ($d["type"] != "dictionary")
$message = "This isn't a dictionary.";
$dd = $d["value"];
if (!isset($dd[$k]))
return;
$v = $dd[$k];
if ($v["type"] != $t)
$message = "invalid dictionary entry type";
return $v["value"];
}
list($ann, $info) = dict_check($dict, "announce(string):info");
$external='no';
list($ann, $info) = dict_check($dict, "announce(string):info");
$url_ann = array();
$a=0;
$announcelist = dict_get($dict, "announce-list","list");
if (isset($announcelist) && count($announcelist))
{
foreach ($announcelist as $fn) {
$hi = $fn["value"];
for ($i=0;$i < count($hi);$i++ )
{
$url_ann[] = $hi[$i]["value"];
}
}
for ($j=0;$j<count($announce_urls);$j++)
{
for ($k=0;$k<count($url_ann);$k++)
{
//echo "
".$url_ann[$k]; // debug purposes only
if ($announce_urls[$j]==$url_ann[$k]) $a+=1;
}
}
if ($a<1)
$external = 'yes';
}
else
{
if (!in_array($ann, $announce_urls, 1))
$external='yes';
}
list($dname, $plen, $pieces) = dict_check($info, "name(string):piece length(integer):pieces(string)");
if (strlen($pieces) % 20 != 0)
$message = "Invalid pieces!";
$filelist = array();
$totallen = dict_get($info, "length", "integer");
if (isset($totallen)) {
$filelist[] = array($dname, $totallen);
$type = "single";
}
else {
$flist = dict_get($info, "files", "list");
if (!isset($flist))
$message = "Missing both length and files";
if (!count($flist))
$message = "Nessun file selezionato";
$totallen = 0;
foreach ($flist as $fn) {
list($ll, $ff) = dict_check($fn, "length(integer):path(list)");
$totallen += $ll;
$ffa = array();
foreach ($ff as $ffe) {
if ($ffe["type"] != "string")
$message = "Filename error";
$ffa[] = $ffe["value"];
}
if (!count($ffa))
$message = "Filename error";
$ffe = implode("/", $ffa);
$filelist[] = array($ffe, $ll);
}
$type = "multi";
}
$dict["value"]["info"]["value"]["private"]["type"] = "integer";
$dict["value"]["info"]["value"]["private"]["value"] = 1;
$tmp_dict=benc($dict);
$dict=bdec($tmp_dict);
$tmphex = sha1($dict["value"]["info"]["string"]);
$hexhash = strtolower($tmphex);
if (strlen($hexhash) != 40)
{
$message = "Error: Info hash must be exactly 40 hex bytes. Contact an admin to fix this";
}
if(!$message) {
$torrent = str_replace("_", " ", $torrent);
$nfo = sqlesc(str_replace("\x0d\x0d\x0a", "\x0d\x0a", @file_get_contents($nfofilename)));
$ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action, nfo,announce,external) VALUES (" .
implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "yes", $hexhash, $torrent, $totallen, count($filelist), $type, $descr, $descr, 0 + $_POST["type"], $dname))) .
", '" . get_date_time() . "', '" . get_date_time() . "', $nfo,'".$ann."','".$external."')");
if (!$ret) {
$message = "Mysql Error: ".mysql_error();
if (mysql_errno() == 1062)
$message = "Torrent already uploaded!";
}
$id = mysql_insert_id();
move_uploaded_file($tmpname, "$torrent_dir/$id.torrent");
$dict = bdec_file("$torrent_dir/$id.torrent", filesize("$torrent_dir/$id.torrent"));
$dict["value"]["info"]["value"]["private"]["type"] = "integer";
$dict["value"]["info"]["value"]["private"]["value"] = 1;
$fn = benc($dict);
$save = @fopen("$torrent_dir/$id.torrent", 'w+');
@flock($save, LOCK_EX);
@ftruncate($save, 0);
if (@fwrite($save, $fn))
{
@flock($save, LOCK_UN);
@fclose($save);
}
@mysql_query("DELETE FROM files WHERE torrent = $id");
foreach ($filelist as $file) {
@mysql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")");
}
if (isset($_FILES['nfo'])) {
move_uploaded_file($nfofilename, "$nfo_dir/$id.nfo");
}
$foldername = "uploads/";
if (isset($_FILES['img'])) {
move_uploaded_file($_FILES['img']['tmp_name'], $foldername. $_FILES['img']['name']);
}
////////////////////////////////////////////////////////////////////////////////////////////////////
// SOTTO SOTTO SOTTO SOTTO SOTTO SOTTO SOTTO SOTTO SOTTO SOTTO SOTTO //
////////////////////////////////////////////////////////////////////////////////////////////////////
if ($_FILES['img']['name'] !=''){
$updateset[] = "img = " . sqlesc($_FILES['img']['name']);
mysql_query("UPDATE torrents SET " . join(",", $updateset) . " WHERE id = $id");
}
////////////////////////////////////////////////////////////////////////////////////////////////////
// SOPRA SOPRA SOPRA SOPRA SOPRA SOPRA SOPRA SOPRA SOPRA SOPRA SOPRA SOPRA //
////////////////////////////////////////////////////////////////////////////////////////////////////
if ($external=='yes')
{
$msg = "
<div align=justify><center>Tracker esterno caricato nel database :[b] ".$ann."</center>[/b]
";
if (url_validate($ann))
$status = "online";
else $status = "offline";
$ret = mysql_query("INSERT INTO announce (`announce_url`, `force`, `status`) VALUES ('".$ann."','no','".$status."')");
if (!$ret)
{ // we can't insert, because it already exists ! then we update !
// echo "
2)Mysql Error: ".mysql_errno(). "-".mysql_error();
if (mysql_errno() == 1062) { mysql_query("UPDATE announce SET status='".$status."' WHERE announce_url=".$ann." AND force='no' "); }
else {
$id = mysql_insert_id();
$msg.="This is the first time one torrent is coming from this tracker. Please allow some time for the site to scrape this tracker !</div>
";
}
}
}
write_log("Torrent $id ($torrent) was uploaded by " . $CURUSER["username"]);
$res = mysql_query("SELECT name FROM categories WHERE id=$catid") or sqlerr();
$arr = mysql_fetch_assoc($res);
$cat = $arr["name"];
$res = mysql_query("SELECT email FROM users WHERE enabled='yes' AND notifs LIKE '%[cat$catid]%'") or sqlerr();
$uploader = $CURUSER['username'];
$size = mksize($totallen);
$description = ($html ? strip_tags($descr) : $descr);
$body = <<<EOD
Has been uploaded.
Name: $torrent
Size: $size
Category: $cat
Uploaded by: $uploader
Description:
-------------------------------------------------------------------------------
$description
-------------------------------------------------------------------------------
You can use the URL (you may have to login).
$SITEURL/details.php?id=$id&hit=1
--
$SITENAME
EOD;
$to = "";
$nmax = 100; // Max recipients per message
$nthis = 0;
$ntotal = 0;
$total = mysql_num_rows($res);
while ($arr = mysql_fetch_row($res)) {
if ($nthis == 0)
$to = $arr[0];
else
$to .= "," . $arr[0];
++$nthis;
++$ntotal;
if ($nthis == $nmax || $ntotal == $total) {
if (!mail("Multiple recipients <$SITEEMAIL>", "New torrent - $torrent", $body,
"From: $SITEEMAIL\r\nBcc: $to", "-f$SITEEMAIL"))
stderr("Error", "Your torrent has been been uploaded. DO NOT RELOAD THE PAGE!\n" .
"There was however a problem delivering the e-mail notifcations.\n" .
"Please let an administrator know about this error!\n");
$nthis = 0;
}
}
bark("Caricamento completato", "caricato con successo".$msg, Success);
}
}
stdhead("Upload");
begin_frame("" . UPLOAD_RULES . "");
?>
[list=1][/list]
<?
end_frame();
begin_frame("" . UPLOAD . "");
if ($message != "")
bark2("Caricamento fallito", $message);
?>
<form enctype="multipart/form-data" action="torrents-upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="<?=$max_torrent_size?>" />
<table border="0" cellspacing="0" cellpadding="6" align="center">
<?
tr("" , "Se si vuole creare un torrent l'announce interno di questo tracker è:", 1);
tr("" , "[b]$announce_urls[0][/b]", 1);
tr("File Torrent", "<input type=file name=file size=50 value=" . $_FILES['file']['name'] . ">
Seleziona il torrent da caricare \n", 1);
//tr("NFO file", "<input type=file name=nfo size=50 value=" . $_FILES['nfo']['name'] . ">
" . MAX_SIZE_N . "\n", 1);
tr("Copertina", "<input type=file name=img size=50 value=" . $_FILES['img']['name'] . ">
Caricare la copertina del gioco \n", 1);
//tr("Screenshot", "<input type=file name=image size=50 value=" . $_FILES['image']['name'] . ">
" . MAX_SIZE_I . "\n", 1);
tr("Nome del Torrent", "<input type=text name=name size=60 value=" . $_POST['name'] . ">\n
Scrivere il nome del torrent con la lettera iniziale in maiuscolo", 1);
tr("Lingue", "<textarea name=descr rows=5 cols=45>$descr</textarea>" .
"
Scrivere le diverse lingue del gioco una per riga", 1);
$s = "<select name=\"type\">\n<option value=\"0\">Scegli la categoria</option>\n";
$cats = genrelist();
foreach ($cats as $row)
$s .= "<option value=\"" . $row["id"] . "\">" . htmlspecialchars($row["name"]) . "</option>\n";
$s .= "</select>\n";
tr("Categoria", $s, 1);
?>
<tr><td></td><td><input type="submit" value="Carica Torrent" /></td></tr>
</table>
</form>
<?
end_frame();
stdfoot();
hit_end();
?>
Rispondi quotando
