Jump to content
Kombajn

Po edycji usera zeruje dane.

Recommended Posts

Ten plik o którym rozmawialiśmy Spanner. Usunięcie tamtego nie pomogło, więc...

 

Jak znajdziesz chwilkę to looknij okiem.

 

 

 

 

<?
require "include/bittorrent.php";
dbconn(false);
loggedinorreturn();
noaccess("edituser.php", UC_UPLOADER);
function puke($text = "w00t") {
stderr("w00t", $text);
}
function barf($text = "User Account Delete")
{
stderr("Operation Complete", $text);
}
if ($_POST["action"] == "edituser") {

if (isset($_POST['userid']))
  $userid = $_POST['userid'];
else
  die();

$title = $_POST["title"];
$avatar = $_POST["avatar"];
$enabled = $_POST["enabled"];
          $test_up = $_POST["test_up"];
$vip_added = $_POST["vip_added"];
$warned = $_POST["warned"];
$vip_until = $_POST["vip_until"];
$warneduntil = $_POST["warneduntil"];
//$blockcomm = $_POST["blockcomm"];
$uploaded = 0 + $_POST["uploaded"];
$downloaded = 0 + $_POST["downloaded"];
          $ultype = $_POST["ultype"];
          $ulvalue = $_POST["ulvalue"];
          $ulunit = $_POST["ulunit"];
          $dltype = $_POST["dltype"];
          $dlvalue = $_POST["dlvalue"];
          $dlunit = $_POST["dlunit"];
  $isdeejay = $_POST["isdeejay"];
$donor = $_POST["donor"];
$pwsent = $_POST["pwsent"];
          $limit = $_POST["limit"];
          $sbsent = $_POST["sbsent"];
          $downtorr = $_POST["downtorr"];
          $abonamente = $_POST["abonamente"];
          $abonament = $_POST["abonament"];
          $komsent = $_POST["komsent"];
          $postsent = $_POST["postsent"];
          $support = $_POST["support"];
          $supportfor = $_POST["supportfor"];
$donated = $_POST["donated"];
$viplength = 0 + $_POST["viplength"];
$warnlength = 0 + $_POST["warnlength"];
//$blockcommlength = 0 + $_POST["blockcommlength"];
$email = $_POST["email"];
        $trackerstaff = $_POST["trackerstaff"];
$username = $_POST["username"];
$warnpm = $_POST["warnpm"];
//$blockcommpm = $_POST["blockcommpm"];
$info = $_POST["info"];
$pin = $_POST["pin"];
$reset = $_POST["reset"];
          //$limit = $_POST["limit"];
$modcomment = $_POST["modcomment"];
$invites = 0 + $_POST["invites"];
          //$bonuscomment=$_POST["bonuscomment"];
          $signature=$_POST["signature"];
$class = 0 + $_POST["class"];
$deluser = $_POST["deluser"];
$seedpkt = 0 + $_POST["seedpkt"];
          

if (!is_valid_id($userid) || !is_valid_user_class($class))
  stderr("Error", "Bad user ID or class ID.");
// check target user class
$res = mysql_query("SELECT * FROM users WHERE id=$userid") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res) or sqlerr(__FILE__, __LINE__);

/* modtask log */
$changed='';
 
foreach (get_defined_constants() AS $id=>$val) {
  if (substr($id,0,3) != 'UC_')
   continue;
  $classes[$val]=strtolower(substr($id,3));
}
foreach($arr AS $id=>$val) {
  if (isset($_POST[$id]) && $arr[$id]!=$_POST[$id] && $id!='modcomment') {
   if ($id=='class')
        $changed.='<b>'.strtoupper($id).' :</b> <b>[</b>'.$classes[$arr[$id]].'<b>]</b> => <b>[</b>'.$classes[$_POST[$id]]."<b>]</b>\r\n";
   else
        $changed.='<b>'.strtoupper($id).' :</b> <b>[</b>'.htmlspecialchars($arr[$id]).'<b>]</b> => <b>[</b>'.htmlspecialchars($_POST[$id])."<b>]</b>\r\n";
  }
}
if ($changed)
  mysql_query('INSERT INTO modlog (date, userid,ch_userid,comment) VALUES ('.time().','.$CURUSER['id'].','.(int)$_POST['userid'].',"'.$changed.'")') or sqlerr(__FILE__, __LINE__);
/* eo modtask log */
$curenabled = $arr["enabled"];
$curclass = $arr["class"];
$curwtime = $arr["wtime"];
$curwarned = $arr["warned"];
$curvip_added = $arr["vip_added"];
// User may not edit someone with same or higher class than himself!
if ($curclass > get_user_class())
  puke();
// Notify user if class has changed
if ($curclass != $class) {
   $what = ($class > $curclass ? "promoted" : "demoted");
if ($what == 'zdegradowany' && $_POST['degrreas'] != '')
$msg = sqlesc("ZŁE WIADOMOŚCI !!\n\n\n Właśnie zostałeś(aś) $what do '" . get_user_class_name($class) . "' przez $CURUSER[username] z powodu: ".htmlspecialchars($_POST['degrreas']));
else
$msg = sqlesc("Gratulacje !!\n\n\n Właśnie zostałeś $what do rangi '" . get_user_class_name($class) . "' przez ".$CURUSER['username']);
  $added = sqlesc(get_date_time());
  mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
 
  $updateset[] = "class = $class";
 
  $what = ($class > $curclass ? "promoted" : "demoted");
  $modcomment = gmdate("Y-m-d") . " - $what do '" . get_user_class_name($class) . "' przez $CURUSER[username].\n". $modcomment;

}
//Blokowanie komantarzy $$ h3R
/*  if ($blockcomm && $curblockcomm != $blockcomm) {
  $updateset[] = "blockcomm = " . sqlesc($blockcomm);
  $updateset[] = "blockcommuntil = '0000-00-00 00:00:00'";

  if ($warned == 'no') {
   $modcomment = gmdate("Y-m-d") . " - Warning removed by " . $CURUSER['username'] . ".\n". $modcomment;
   $msg = sqlesc("Informacja(Information)\n\nYour warning has been removed by " . $CURUSER['username'] . "\n\nTwoje ostrzeżenie zostało zdjęte przez " . $CURUSER['username'] . ".");
   $added = sqlesc(get_date_time());
   mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
  }
}

if ($blockcommlength) {
  if ($blockcommlength == 255) {
   $modcomment = gmdate("Y-m-d") . " - Warned by ".$CURUSER['username'].".\nReason: $blockcommpm\n" . $modcomment;
   $msg = sqlesc("Informacja(Information)\n\nYou have received a warning from ".$CURUSER[username]."\n\nWłaśnie otrzymałeś dożywotnie od ".$CURUSER[username].($blockcommpm ? "\n\nReason: $blockcommpm" : ""));
   $updateset[] = "warneduntil = '0000-00-00 00:00:00'";
  }
  else {
   $blockcommuntil = get_date_time(gmtime() + $blockcommlength * 604800);
   $dur = $blockcommlength . " week" . ($blockcommlength > 1 ? "" : "");
   $msg = sqlesc("Informacja(Information)\n\nYou have received a $dur warning from ".$CURUSER['username']."\n\nWłaśnie otrzymałeś $dur od " . $CURUSER['username'].($blockcommpm ? "\n\nReason: $blockcommpm" : ""));
   $modcomment = gmdate("Y-m-d") . " - Warned for $dur by ".$CURUSER['username'].".\nReason: $blockcommpm\n" . $modcomment;
   $updateset[] = "blockcommuntil = '$blockcommuntil'";
  }
   $added = sqlesc(get_date_time());
  mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
  $updateset[] = "blockcomm = 'yes'";
}
                   */
/////// VIP na czas określony //////////
if ($vip_added && $curvip_added != $vip_added) {
  $updateset[] = "vip_added = " . sqlesc($vip_added);
  $updateset[] = "vip_until = '0000-00-00 00:00:00'";

  if ($vip_added == 'no') {
   $modcomment = gmdate("Y-m-d") . " - Zdjęcie rangi VIP na czas określony przez " . $CURUSER['username'] . ".\n". $modcomment;
   $msg = sqlesc("Informacja !\n\n Ranga [b]VIP[/b] na czas określony została zdjęta przez " . $CURUSER['username'] . ".:(");
   $added = sqlesc(get_date_time());
   mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
          $updateset[] = "class = ". UC_USER;
  }
}

if ($viplength) {
  if ($viplength == 255) {
   $modcomment = gmdate("Y-m-d") . " - Dożywotnia ranga VIP nadana przez ".$CURUSER['username']. ".\n" . $modcomment;
   $msg = sqlesc("Gratulacje !\n\n Właśnie otrzymałeś dożywotnią rangę [b]VIP[/b] od ".$CURUSER[username]. ".:)");
   $updateset[] = "vip_until = '0000-00-00 00:00:00'";
   $updateset[] = "class = ". UC_VIP;
  }
  else {
   $vip_until = get_date_time(gmtime() + $viplength * 86400); // przelicznik dzienny
   $dur = $viplength . " dni " . ($viplength > 1 ? "" : "");
   $msg = sqlesc("Gratulacje !\n\n Właśnie otrzymałeś czasową rangę [b]VIP[/b] na okres [b]$dur [/b] od " . $CURUSER['username']. ".:)");
   $modcomment = gmdate("Y-m-d") . " - Czasowa ranga VIP na okres $dur nadana przez ".$CURUSER['username']. ".\n" . $modcomment;
   $updateset[] = "vip_until = '$vip_until'";
  }
   $added = sqlesc(get_date_time());
  mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
  $updateset[] = "vip_added = 'yes'";
        $updateset[] = "class = ". UC_VIP;
}
///////////
if ($warned && $curwarned != $warned) {
  $updateset[] = "warned = " . sqlesc($warned);
  $updateset[] = "warneduntil = '0000-00-00 00:00:00'";

  if ($warned == 'no') {
   $modcomment = gmdate("Y-m-d") . " - Warning removed by " . $CURUSER['username'] . ".\n". $modcomment;
   $msg = sqlesc("Informacja(Information)\n\nYour warning has been removed by " . $CURUSER['username'] . "\n\nTwoje ostrzeżenie zostało zdjęte przez " . $CURUSER['username'] . ".");
   $added = sqlesc(get_date_time());
   mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
  }
}

if ($warnlength) {
  if ($warnlength == 255) {
   $modcomment = gmdate("Y-m-d") . " - Warned by ".$CURUSER['username'].".\nReason: $warnpm\n" . $modcomment;
   $msg = sqlesc("Informacja(Information)\n\nYou have received a warning from ".$CURUSER[username]."\n\nWłaśnie otrzymałeś dożywotnie od ".$CURUSER[username].($warnpm ? "\n\nReason: $warnpm" : ""));
   $updateset[] = "warneduntil = '0000-00-00 00:00:00'";
  }
  else {
   $warneduntil = get_date_time(gmtime() + $warnlength * 604800);
   $dur = $warnlength . " week" . ($warnlength > 1 ? "" : "");
   $msg = sqlesc("Informacja(Information)\n\nYou have received a $dur warning from ".$CURUSER['username']."\n\nWłaśnie otrzymałeś $dur od " . $CURUSER['username'].($warnpm ? "\n\nReason: $warnpm" : ""));
   $modcomment = gmdate("Y-m-d") . " - Warned for $dur by ".$CURUSER['username'].".\nReason: $warnpm\n" . $modcomment;
   $updateset[] = "warneduntil = '$warneduntil'";
  }
   $added = sqlesc(get_date_time());
  mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES (0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__);
  $updateset[] = "warned = 'yes'";
}
if ($enabled != $curenabled) {
  if ($enabled == 'yes')
   $modcomment = gmdate("Y-m-d") . " - Enabled by " . $CURUSER['username'] . ".\n" . $modcomment;
  else
   $modcomment = gmdate("Y-m-d") . " - Disabled by " . $CURUSER['username'] . ".\n" . $modcomment;
  
  $updateset[] = "enabled = " . sqlesc($enabled);
}
if ($reset == 'yes')
$modcomment = gmdate("Y-m-d") . " - Resetowanie czasu seedowania by " . $CURUSER['username'] . ".\n" . $modcomment;

if ($_POST['resetpasskey'])
  $updateset[] = "passkey=''";
$chpassword = $_POST["chpassword"];
$passagain = $_POST["passagain"];
if ($chpassword != "") {
  if (strlen($chpassword) > 40)
   stderr("Przepraszamy, hasło jest za długie (max 40 znaków)");
  if ($chpassword != $passagain)
   stderr("Niepoprawnie wpisałeś hasło. Spróbuj ponownie.");
  $passhash = md5($chpassword);
  $updateset[] = "passhash = " . sqlesc($passhash);
}
if (get_user_class() >= $_PERM['EDIT_USERNAME_MAIL_DONATE']) {
  $updateset[] = "username = " . sqlesc($username);
  $updateset[] = "email = " . sqlesc($email);
                $updateset[] = "trackerstaff = " . sqlesc($trackerstaff);
  $updateset[] = "isdeejay = " . sqlesc($isdeejay);
  $updateset[] = "donor = " . sqlesc($donor);
  $updateset[] = "donated = " . sqlesc($donated);
$updateset[] = "abonamente = " . sqlesc($abonamente);
          $updateset[] = "abonament = " . sqlesc($abonament);
}
//nowy system ostrzezen by kuba1530
$warns = $_POST["warns"];
$updateset[] = "warns = ".sqlesc($warns);
if ($warns == '100%')
          {
          $updateset[] = "enabled = 'no'";
          }
   else
          {
          $updateset[] = "enabled = 'yes'";
          }
if (get_user_class() >= $_PERM['EDIT_UP_DOWN']) {
  $updateset[] = "uploaded = " . sqlesc($uploaded);
  $updateset[] = "downloaded = " . sqlesc($downloaded);
  if ($ulvalue != "") {
         if ($ulunit == "b")
                $uload = $ulvalue;
         if ($ulunit == "kb")
                $uload = $ulvalue * 1024;
         if ($ulunit == "mb")
                $uload = $ulvalue * 1024 * 1024;
         if ($ulunit == "gb")
                $uload = $ulvalue * 1024 * 1024 * 1024;
         if ($ulunit == "tb")
                $uload = $ulvalue * 1024 * 1024 * 1024 * 1024;
         if ($ultype == "plus")
                $updateset[] = "uploaded = uploaded + $uload";
         if ($ultype == "minus")
                $updateset[] = "uploaded = uploaded - $uload";
         if ($ultype == "eq")
                $updateset[] = "uploaded = $uload";
  }
  if ($dlvalue != "") {
         if ($dlunit == "b")
                $dload = $dlvalue;
         if ($dlunit == "kb")
                $dload = $dlvalue * 1024;
         if ($dlunit == "mb")
                $dload = $dlvalue * 1024 * 1024;
         if ($dlunit == "gb")
                $dload = $dlvalue * 1024 * 1024 * 1024;
         if ($dlunit == "tb")
                $dload = $dlvalue * 1024 * 1024 * 1024 * 1024;
         if ($dltype == "plus")
                $updateset[] = "downloaded = downloaded + $dload";
         if ($dltype == "minus")
                $updateset[] = "downloaded = downloaded - $dload";
         if ($dltype == "eq")
                $updateset[] = "downloaded = $dload";
  }
}
if (get_user_class() >= $_PERM['EDIT_INVITES']) {
  $updateset[] = "invites = " . sqlesc($invites);

}

$updateset[] = "info = " . sqlesc($info);
$updateset[] = "avatar = " . sqlesc($avatar);
$updateset[] = "title = " . sqlesc($title);
          //$updateset[] = "limit = " . sqlesc($limit);
          $updateset[] = "modcomment = " . sqlesc($modcomment);
$updateset[] = "signature = " . sqlesc($signature);
$updateset[] = "pwsent = " . sqlesc($pwsent);
$updateset[] = "sbsent = " . sqlesc($sbsent);
          $updateset[] = "test_up = " . sqlesc($test_up);
$updateset[] = "komsent = " . sqlesc($komsent);
$updateset[] = "postsent = " . sqlesc($postsent);
$updateset[] = "vip_added = " . sqlesc($vip_added);
$updateset[] = "warned = " . sqlesc($warned);
$updateset[] = "isdeejay = " . sqlesc($isdeejay);
$updateset[] = "vip_until = " . sqlesc($vip_until);
$updateset[] = "warneduntil = " . sqlesc($warneduntil);
$updateset[] = "pin = " . sqlesc($pin);
$updateset[] = "reset = " . sqlesc($reset);
$updateset[] = "seedbonus =" . sqlesc($seedpkt);
/*if($_POST["warned"] == 'yes'){
$updateset[] = "timeswarned = timeswarned+1";
} */
/*if($_POST["warned"] == 'no' && $CURUSER["timeswarned"] == '0'){
$updateset[] = "timeswarned = timeswarned-1";
}*/
$updateset[] = "downtorr = " . sqlesc($downtorr);
  $updateset[] = "support = " . sqlesc($support);
$updateset[] = "supportfor = " . sqlesc($supportfor);
//$updateset[] = "limit = " . sqlesc($limit);
          //$updateset[] = "bonuscomment = " . sqlesc($bonuscomment);
mysql_query("UPDATE users SET  " . implode(", ", $updateset) . " WHERE id=$userid") or sqlerr(__FILE__, __LINE__);
/*if ($_POST["abonamente"] == 'yes'){
mysql_query("UPDATE users SET limit=5 WHERE id=$userid") or sqlerr(__FILE__, __LINE__);
}  */

if (!empty($_POST["deluser"])){
  $res=@mysql_query("SELECT * FROM users WHERE id = $userid") or sqlerr(__FILE__, __LINE__);
  $user = mysql_fetch_array($res);
  $username = $user["username"];
  $email=$user["email"];
  mysql_query("DELETE FROM users WHERE id = $userid") or sqlerr(__FILE__, __LINE__);
  $deluserid=$CURUSER["username"];
  write_log("User account $username was deleted by $deluserid");
        barf();
}
else{

$returnto = $_POST["returnto"];
header("Location: $BASEURL/$returnto");
die;
}
}
puke();
?>

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

W celu świadczenie usług przez nasz Serwis na najwyższym poziomie, w ramach Serwisu wykorzystujemy pliki Cookies (tzw. ciasteczka). Korzystając ze stron Serwisu IPSBEYOND.PL bez zmiany ustawień przeglądarki będą one zapisane w pamięci urządzenia. Jeżeli nie dokonacie Państwo zmiany ustawień przeglądarki internetowej to wyrażacie zgodę na zapisywanie plików Cookies.