API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 17th, 2018
174
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.92 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /**
  4. ***************************************
  5. ** FreeTSP Version: 2.0 Multilingual **
  6. ***************************************
  7. ** http://www.freetsp.com
  8. ** Licence Info: GPL
  9. ** Copyright (C) 2017 FreeTSP v2.0 Multilingual
  10. ** A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
  11. ** Full Respects & Credits To Mindless & All The Team @ U232
  12. ** Project Leaders. Fireknight & Rushed.
  13. ** Project Founder: Krypto.
  14. **/
  15.  
  16. //***********************************************//
  17. //** Start Turn Off Incidental Error Warnings **//
  18. //** **//
  19. //** If You Cannot Access php.ini **//
  20. //***********************************************//
  21. error_reporting(E_ALL);
  22. //----- To Turn Off Change The 1 To 0 -----//
  23. ini_set("display_errors", 1);
  24. //************************************************//
  25. //** Finish Turn Off Incidental Error Warnings **//
  26. //************************************************//
  27.  
  28. //----- Start Execution Time -----//
  29.  
  30. $qtme['start'] = microtime(true);
  31.  
  32. //----- Finish Execution Time -----//
  33.  
  34. //----- Start Server Time -----//
  35.  
  36. global $FTSP_V2;
  37.  
  38. $servertime = date('D, M j, Y, H:i:s', $FTSP_V2['$time_offset']); //----- 24 HR Clock 16:00:00 -----//
  39. //$servertime = date('D, M j, Y, g:i a ', $FTSP_V2['$time_offset']); //----- Anolog Clock 4:00PM -----//
  40.  
  41. //----- Finish Server Time -----//
  42.  
  43. //----- Strip Slashes By System -----//
  44.  
  45. function cleanquotes(&$in)
  46. {
  47. if (is_array($in))
  48. {
  49. return array_walk($in, 'cleanquotes');
  50. }
  51. return $in = stripslashes($in);
  52. }
  53.  
  54. if (get_magic_quotes_gpc())
  55. {
  56. array_walk($_GET, 'cleanquotes');
  57. array_walk($_POST, 'cleanquotes');
  58. array_walk($_COOKIE, 'cleanquotes');
  59. array_walk($_REQUEST, 'cleanquotes');
  60. }
  61.  
  62. function local_user()
  63. {
  64. return $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR'];
  65. }
  66.  
  67. function illegal_access($page, $class)
  68. {
  69. global $CURUSER, $lang;
  70.  
  71. $page = $_SERVER['PHP_SELF'];
  72.  
  73. if (get_user_class() < $class)
  74. {
  75. $added = sqlesc(get_date_time());
  76. $subject = sqlesc("{$lang['gbl_msg_sub_illegal_access']}");
  77. $username = $CURUSER['username'];
  78. $userid = $CURUSER['id'];
  79. $msg = sqlesc("{$lang['gbl_msg_illegal_access1']}\n\n{$lang['gbl_msg_illegal_access2']}\n\n{$lang['gbl_msg_illegal_access3']}");
  80.  
  81. sql_query("INSERT INTO messages (sender, receiver, added, subject, msg)
  82. VALUES (0, $userid, $added, $subject, $msg)") or sqlerr(__FILE__, __LINE__);
  83.  
  84. write_stafflog ("<strong><a href='{$FTSP_V2['$site_url']}/userdetails.php?id=$userid'>$username.</a></strong> -- {$lang['gbl_stafflog_illegal_access']}$page");
  85.  
  86. error_message_center("error",
  87. "{$lang['gbl_error']}",
  88. "<strong>$username</strong>{$lang['gbl_illegal_access']}");
  89. }
  90. }
  91.  
  92. require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'function_config.php');
  93. require_once(FUNC_DIR . 'function_cleanup.php');
  94. require_once(FUNC_DIR . 'function_staffconfig.php');
  95.  
  96. //----- Do Not Modify -- Versioning System -----//
  97. //----- This Will Help Identify Code For Support Issues At freetsp.info -----//
  98.  
  99. function copyright()
  100. {
  101. global $FTSP_V2, $lang;
  102.  
  103. echo("{$lang['gbl_text_powered_by']} <a href='http://www.freetsp.com'>" . FTSP . "{$lang['gbl_text_version']}{$FTSP_V2['$curversion']}</a> &copy; <a href='http://www.freetsp.com'>" . FTSP . "</a> " . (date("Y") > 2010 ? "2010-" : "") . date("Y"));
  104. }
  105.  
  106. //----- validip/getip Curtesy Of Manolete <manolete@myway.com> -----//
  107. //----- IP Validation -----//
  108.  
  109. function validip($ip)
  110. {
  111. if (!empty($ip) && $ip == long2ip(ip2long($ip)))
  112. {
  113. //----- Reserved IANA IPv4 Addresses -----//
  114. //----- http://www.iana.org/assignments/ipv4-address-space -----//
  115.  
  116. $reserved_ips = array(array('0.0.0.0',
  117. '0.255.255.255'),
  118. array('10.0.0.0',
  119. '10.255.255.255'),
  120. array('127.0.0.0',
  121. '127.255.255.255'),
  122. array('169.254.0.0',
  123. '169.254.255.255'),
  124. array('172.16.0.0',
  125. '172.31.255.255'),
  126. array('192.0.2.0',
  127. '192.0.2.255'),
  128. array('192.168.0.0',
  129. '192.168.255.255'),
  130. array('255.255.255.0',
  131. '255.255.255.255'));
  132.  
  133. foreach ($reserved_ips
  134. AS
  135. $r)
  136. {
  137. $min = ip2long($r[0]);
  138. $max = ip2long($r[1]);
  139. if ((ip2long($ip) >= $min) && (ip2long($ip) <= $max))
  140. {
  141. return false;
  142. }
  143. }
  144. return true;
  145. }
  146.  
  147. else
  148. {
  149. return false;
  150. }
  151. }
  152.  
  153. //----- Patched Function To Detect Real IP Address If It's Valid -----//
  154.  
  155. function getip()
  156. {
  157. if (isset($_SERVER))
  158. {
  159. if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && validip($_SERVER['HTTP_X_FORWARDED_FOR']))
  160. {
  161. $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
  162. }
  163.  
  164. elseif (isset($_SERVER['HTTP_CLIENT_IP']) && validip($_SERVER['HTTP_CLIENT_IP']))
  165. {
  166. $ip = $_SERVER['HTTP_CLIENT_IP'];
  167. }
  168.  
  169. else
  170. {
  171. $ip = $_SERVER['REMOTE_ADDR'];
  172. }
  173. }
  174.  
  175. else
  176. {
  177. if (getenv('HTTP_X_FORWARDED_FOR') && validip(getenv('HTTP_X_FORWARDED_FOR')))
  178. {
  179. $ip = getenv('HTTP_X_FORWARDED_FOR');
  180. }
  181.  
  182. elseif (getenv('HTTP_CLIENT_IP') && validip(getenv('HTTP_CLIENT_IP')))
  183. {
  184. $ip = getenv('HTTP_CLIENT_IP');
  185. }
  186.  
  187. else
  188. {
  189. $ip = getenv('REMOTE_ADDR');
  190. }
  191. }
  192.  
  193. return $ip;
  194. }
  195.  
  196. function db_connect ($autoclean = false)
  197. {
  198. global $FTSP_V2, $staff_pin_code;
  199.  
  200. if (!@($GLOBALS["___mysqli_ston"] = mysqli_connect($FTSP_V2['mysqli_host'], $FTSP_V2['mysqli_user'], $FTSP_V2['mysqli_pass'], $FTSP_V2['mysqli_db'])))
  201. {
  202. switch (((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)))
  203. {
  204. case 1040:
  205. case 2002:
  206.  
  207. if ($_SERVER['REQUEST_METHOD'] == "GET")
  208. {
  209. die("<html>
  210. <head><meta http-equiv='refresh' content='5 {$_SERVER['REQUEST_URI']}'></head>
  211. <body>
  212. <table width='100%' height='100%' border='0'>
  213. <tr>
  214. <td>
  215. <h3 align='center'>The Server Load is Very High at the moment. Retrying, please wait...</h3>
  216. </td>
  217. </tr>
  218. </table>
  219. </body>
  220. </html>");
  221. }
  222.  
  223. else
  224. {
  225. die("Too many users. Please press the Refresh button in your Browser to retry.");
  226. }
  227.  
  228. default:
  229.  
  230. die('Unable to connect to the database [' . mysqli_connect_error() . ']');
  231. }
  232. }
  233.  
  234. (mysqli_query($GLOBALS["___mysqli_ston"], "USE {$FTSP_V2['mysqli_db']}")) or die('db_connect: mysqli_select_db: ' + mysqli_connect_error());
  235.  
  236. userlogin();
  237.  
  238. if($FTSP_V2['$staff_pin_code'] == 'true')
  239. {
  240. update_staffcode();
  241. }
  242.  
  243. if ($autoclean)
  244. {
  245. register_shutdown_function("autoclean");
  246. }
  247. }
  248.  
  249. function userlogin()
  250. {
  251. global $FTSP_V2, $lang;
  252.  
  253. unset($GLOBALS['CURUSER']);
  254.  
  255. $dt = get_date_time();
  256.  
  257. $ip = getip();
  258. $nip = ip2long($ip);
  259.  
  260. $res = sql_query("SELECT *
  261. FROM bans
  262. WHERE '$nip' >= first
  263. AND '$nip' <= last") or sqlerr(__FILE__, __LINE__);
  264.  
  265. if (mysqli_num_rows($res) > 0)
  266. {
  267. header("{$lang['gbl_forbidden']}");
  268. print("<html><body><h1>{$lang['gbl_403']}</h1>{$lang['gbl_unauth_ip']}</body></html>\n");
  269. die;
  270. }
  271.  
  272. if (!$FTSP_V2['$site_online'] || empty($_COOKIE['uid']) || empty($_COOKIE['pass']))
  273. {
  274. return;
  275. }
  276.  
  277. $id = isset($_COOKIE['uid']) ? intval($_COOKIE['uid']) : 0;
  278.  
  279. if (!$id || strlen($_COOKIE['pass']) != 32)
  280. {
  281. return;
  282. }
  283.  
  284. $res = sql_query("SELECT u.*, ann_main.subject AS curr_ann_subject, ann_main.body AS curr_ann_body, ann_main.expires AS curr_ann_expires
  285. FROM users AS u
  286. LEFT JOIN announcement_main AS ann_main ON ann_main.main_id = u.curr_ann_id
  287. WHERE u.id = $id AND u.enabled = 'yes' AND u.status = 'confirmed'") or sqlerr(__FILE__, __LINE__);
  288.  
  289. $row = mysqli_fetch_array($res);
  290.  
  291. if (!$row)
  292. {
  293. return;
  294. }
  295.  
  296. $sec = hash_pad($row['secret']);
  297.  
  298. if ($_COOKIE['pass'] !== $row['passhash'])
  299. {
  300. return;
  301. }
  302.  
  303. //----- If curr_ann_id > 0 But curr_ann_body IS NULL, Then Force A Refresh -----//
  304.  
  305. if (($row['curr_ann_id'] > 0) AND ($row['curr_ann_body'] == NULL))
  306. {
  307. $row['curr_ann_id'] = 0;
  308. $row['curr_ann_last_check'] = "0";
  309. }
  310.  
  311. // If Elapsed > 10 Minutes, Force An Announcement Refresh. -----//
  312.  
  313. if (($row['curr_ann_last_check'] != "0") AND ($row['curr_ann_last_check']) < (time($dt) - 600))
  314. {
  315. $row['curr_ann_last_check'] = "0";
  316. }
  317.  
  318. if (($row['curr_ann_id'] == 0) AND ($row['curr_ann_last_check'] == "0"))
  319.  
  320. { //----- Force An Immediate Check... -----//
  321.  
  322. $query = sprintf("SELECT m.*, p.process_id FROM announcement_main AS m
  323. LEFT JOIN announcement_process AS p ON m.main_id = p.main_id
  324. AND p.user_id = %s
  325. WHERE p.process_id IS NULL
  326. OR p.status = 0
  327. ORDER BY m.main_id ASC
  328. LIMIT 1",
  329.  
  330. sqlesc($row['id']));
  331.  
  332. $result = sql_query($query);
  333.  
  334. if (mysqli_num_rows($result))
  335. {
  336. //----- Main Result Set Exists -----//
  337.  
  338. $ann_row = mysqli_fetch_assoc($result);
  339.  
  340. $query = $ann_row['sql_query'];
  341.  
  342. //----- Ensure It Only Selects... -----//
  343.  
  344. if (!preg_match("/\\ASELECT.+?FROM.+?WHERE.+?\\z/", $query)) die();
  345.  
  346. //----- The Following Line Modifies The Query To Only Return The Current User -----//
  347. //----- Row If The Existing Query Matches Any Attributes. -----//
  348.  
  349. $query .= " AND u.id = " . sqlesc($row['id']) . " LIMIT 1";
  350.  
  351. $result = sql_query($query);
  352.  
  353. if (mysqli_num_rows($result))
  354. {
  355. //----- Announcement Valid For Member -----//
  356.  
  357. $row['curr_ann_id'] = $ann_row['main_id'];
  358.  
  359. //----- Create Three Row Elements To Hold Announcement Subject, Body And Expiry Date. -----//
  360.  
  361. $row['curr_ann_subject'] = $ann_row['subject'];
  362. $row['curr_ann_body'] = $ann_row['body'];
  363. $row['curr_ann_expires'] = $ann_row['expires'];
  364.  
  365. //----- Create Additional Set For Main UPDATE Query. -----//
  366.  
  367. $add_set = ", curr_ann_id = " . sqlesc($ann_row['main_id']);
  368. $status = 2;
  369. }
  370.  
  371. else
  372. //----- Announcement Not Valid For Member... -----//
  373.  
  374. {
  375. $add_set = ", curr_ann_last_check = " . sqlesc($dt);
  376. $status = 1;
  377. }
  378.  
  379. //----- Create Or Set Status Of Process -----//
  380.  
  381. if ($ann_row['process_id'] === NULL)
  382. {
  383. //----- Insert Process Result Set Status = 1 (Ignore) -----//
  384.  
  385. $query = sprintf("INSERT INTO announcement_process (main_id, user_id, status)
  386. VALUES (%s, %s, %s)", sqlesc($ann_row['main_id']), sqlesc($row['id']), sqlesc($status));
  387. }
  388.  
  389. else
  390. //----- Update Process Result Set Status = 2 (Read) -----//
  391.  
  392. {
  393. $query = sprintf("UPDATE announcement_process
  394. SET status = %s
  395. WHERE process_id = %s", sqlesc($status), sqlesc($ann_row['process_id']));
  396. }
  397.  
  398. sql_query($query);
  399. }
  400.  
  401. else
  402. //----- No Main Result Set. Set Last Update To Now... -----//
  403.  
  404. {
  405. $add_set = ", curr_ann_last_check = " . sqlesc($dt);
  406. }
  407.  
  408. unset($result);
  409. unset($ann_row);
  410. }
  411.  
  412. $time = time();
  413.  
  414. if ($time - $row['last_access_numb'] < 300)
  415. {
  416. $onlinetime = time() - $row['last_access_numb'];
  417. $userupdate[] = "onlinetime = onlinetime + " . sqlesc($onlinetime);
  418. }
  419.  
  420. //----- Start Hide Staff IP Address by Fireknight -----//
  421.  
  422. if ($row['class'] >= UC_MODERATOR)
  423. {
  424. $ip = '127.0.0.1';
  425. }
  426.  
  427. //----- End Hide Staff IP Address by Fireknight -----//
  428.  
  429. $add_set = (isset($add_set))?$add_set:'';
  430.  
  431. $userupdate[] = "last_access_numb = " . sqlesc($time);
  432. $userupdate[] = "last_access = " . sqlesc($dt);
  433. $userupdate[] = "ip = " . sqlesc($ip) . $add_set;
  434.  
  435. sql_query("UPDATE users
  436. SET " . implode(", ", $userupdate) . "
  437. WHERE id = {$row['id']}");
  438.  
  439. $row['ip'] = $ip;
  440.  
  441. //----- Start Temp Demote By Retro 1 of 3 -----//
  442.  
  443. if ($row['override_class'] < $row['class'])
  444. {
  445. $row['class'] = $row['override_class']; //----- Override Class And Save In Global Array Below. -----//
  446. }
  447.  
  448. //----- Finish Temp Demote By Retro 1 of 3 -----//
  449.  
  450. $GLOBALS['CURUSER'] = $row;
  451. }
  452.  
  453.  
  454. function update_staffcode()
  455. {
  456. global $FTSP_V2;
  457.  
  458. $now = time();
  459.  
  460. $res = sql_query("SELECT value_u
  461. FROM avps
  462. WHERE arg = 'lastcleantime'");
  463.  
  464. $row = mysqli_fetch_array($res);
  465.  
  466. $update = $row[0];
  467.  
  468. if ($update + $FTSP_V2['$autoclean_interval'] > $now)
  469. {
  470. //----- Do Nothing -----//
  471. }
  472.  
  473. else
  474. {
  475. staffcode(true);
  476. }
  477. }
  478.  
  479. function autoclean()
  480. {
  481. global $FTSP_V2;
  482.  
  483. $now = time();
  484. $docleanup = 0;
  485.  
  486. $res = sql_query("SELECT value_u
  487. FROM avps
  488. WHERE arg = 'lastcleantime'");
  489.  
  490. $row = mysqli_fetch_array($res);
  491.  
  492. if (!$row)
  493. {
  494. sql_query("INSERT INTO avps (arg, value_u)
  495. VALUES ('lastcleantime', $now)");
  496. return;
  497. }
  498.  
  499. $ts = $row[0];
  500.  
  501. if ($ts + $FTSP_V2['$autoclean_interval'] > $now)
  502. {
  503. return;
  504. }
  505.  
  506. sql_query("UPDATE avps
  507. SET value_u = $now
  508. WHERE arg = 'lastcleantime'
  509. AND value_u = $ts");
  510.  
  511. if (mysqli_affected_rows($GLOBALS["___mysqli_ston"]))
  512. {
  513. return;
  514. }
  515.  
  516. docleanup(true);
  517. }
  518.  
  519. function unesc($x)
  520. {
  521. if (get_magic_quotes_gpc())
  522. {
  523. return stripslashes($x);
  524. }
  525.  
  526. return $x;
  527. }
  528.  
  529. function mksize($bytes)
  530. {
  531. $bytes = max(0, $bytes);
  532.  
  533. //----- Kilobytes 1024^1 -----//
  534. if ($bytes < 1024000)
  535. {
  536. return number_format($bytes / 1024, 2) . ' KB';
  537. }
  538.  
  539. //----- Megabytes 1024^2 -----//
  540. elseif ($bytes < 1048576000)
  541. {
  542. return number_format($bytes / 1048576, 2) . ' MB';
  543. }
  544.  
  545. //----- Gigebytes 1024^3 -----//
  546. elseif ($bytes < 1073741824000)
  547. {
  548. return number_format($bytes / 1073741824, 2) . ' GB';
  549. }
  550.  
  551. //----- Terabytes 1024^4 -----//
  552. elseif ($bytes < 1099511627776000)
  553. {
  554. return number_format($bytes / 1099511627776, 3) . ' TB';
  555. }
  556.  
  557. //----- Petabytes 1024^5 -----//
  558. elseif ($bytes < 1125899906842624000)
  559. {
  560. return number_format($bytes / 1125899906842624, 3) . ' PB';
  561. }
  562.  
  563. //----- Exabytes 1024^6 -----//
  564. elseif ($bytes < 1152921504606846976000)
  565. {
  566. return number_format($bytes / 1152921504606846976, 3) . ' EB';
  567. }
  568.  
  569. //----- Zettabyres 1024^7 -----//
  570. elseif ($bytes < 1180591620717411303424000)
  571. {
  572. return number_format($bytes / 1180591620717411303424, 3) . ' ZB';
  573. }
  574.  
  575. //----- Yottabytes 1024^8 -----//
  576. else
  577. {
  578. return number_format($bytes / 1208925819614629174706176, 3) . ' YB';
  579. }
  580. }
  581.  
  582. function mksizeint($bytes)
  583. {
  584. $bytes = max(0, $bytes);
  585.  
  586. if ($bytes < 1000)
  587. {
  588. return floor($bytes) . " B";
  589. }
  590.  
  591. elseif ($bytes < 1000 * 1024)
  592. {
  593. return floor($bytes / 1024) . " kB";
  594. }
  595.  
  596. elseif ($bytes < 1000 * 1048576)
  597. {
  598. return floor($bytes / 1048576) . " MB";
  599. }
  600.  
  601. elseif ($bytes < 1000 * 1073741824)
  602. {
  603. return floor($bytes / 1073741824) . " GB";
  604. }
  605.  
  606. else
  607. {
  608. return floor($bytes / 1099511627776) . " TB";
  609. }
  610. }
  611.  
  612. function deadtime()
  613. {
  614. global $FTSP_V2;
  615.  
  616. return time() - floor($FTSP_V2['$announce_interval'] * 1.3);
  617. }
  618.  
  619. function mkprettytime($s)
  620. {
  621. if ($s < 0)
  622. {
  623. $s = 0;
  624. }
  625.  
  626. $t = array();
  627.  
  628. foreach (array("60:sec",
  629. "60:min",
  630. "24:hour",
  631. "0:day")
  632. AS
  633. $x)
  634. {
  635. $y = explode(":", $x);
  636.  
  637. if ($y[0] > 1)
  638. {
  639. $v = $s % $y[0];
  640. $s = floor($s / $y[0]);
  641. }
  642.  
  643. else
  644. {
  645. $v = $s;
  646. }
  647.  
  648. $t[$y[1]] = $v;
  649. }
  650.  
  651. if ($t['day'])
  652. {
  653. return $t['day'] . "d " . sprintf("%02d:%02d:%02d", $t['hour'], $t['min'], $t['sec']);
  654. }
  655.  
  656. if ($t['hour'])
  657. {
  658. return sprintf("%d:%02d:%02d", $t['hour'], $t['min'], $t['sec']);
  659. }
  660.  
  661. return sprintf("%d:%02d", $t['min'], $t['sec']);
  662. }
  663.  
  664. function mkglobal($vars)
  665. {
  666. if (!is_array($vars))
  667. {
  668. $vars = explode(":", $vars);
  669. }
  670.  
  671. foreach ($vars
  672. AS
  673. $v)
  674. {
  675. if (isset($_GET[$v]))
  676. {
  677. $GLOBALS[$v] = unesc($_GET[$v]);
  678. }
  679.  
  680. elseif (isset($_POST[$v]))
  681. {
  682. $GLOBALS[$v] = unesc($_POST[$v]);
  683. }
  684.  
  685. else
  686. {
  687. return 0;
  688. }
  689. }
  690.  
  691. return 1;
  692. }
  693.  
  694. function validfilename($name)
  695. {
  696. return preg_match('/^[^\0-\x1f:\\\\\/?*\xff#<>|]+$/si', $name);
  697. }
  698.  
  699. function validemail($email)
  700. {
  701. return preg_match('/^[\w.-]+@([\w.-]+\.)+[a-z]{2,6}$/is', $email);
  702. }
  703.  
  704. function sqlesc($x)
  705. {
  706. return "'" . ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $x) : ((trigger_error("[Err", E_USER_ERROR)) ? "" : "")) . "'";
  707. }
  708.  
  709. function sqlwildcardesc ($x)
  710. {
  711. return str_replace(array("%",
  712. "_"), array("\\%",
  713. "\\_"), ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $x) : ((trigger_error("", E_USER_ERROR)) ? "" : "")));
  714. }
  715.  
  716. function urlparse($m)
  717. {
  718. $t = $m[0];
  719.  
  720. if (preg_match(',^\w+://,', $t))
  721. {
  722. return "<a href='$t'>$t</a>";
  723. }
  724.  
  725. return "<a href='http://$t'>$t</a>";
  726. }
  727.  
  728. function parsedescr($d, $html)
  729. {
  730. if (!$html)
  731. {
  732. $d = htmlspecialchars($d);
  733. $d = str_replace("\n", "\n<br />", $d);
  734. }
  735.  
  736. return $d;
  737. }
  738.  
  739. function site_header ($title = "", $msgalert = true)
  740. {
  741. global $FTSP_V2, $CURUSER, $FREETSP;
  742.  
  743. $ss_uri = "";
  744.  
  745. $lang = load_language('func_main');
  746.  
  747. if (!$FTSP_V2['$site_online'])
  748. {
  749. die("{$lang['err_site_down']}<br />");
  750. }
  751.  
  752. if ($title == "")
  753. {
  754. $title = $FTSP_V2['$site_name'] . (isset($_GET['ftsp']) ? " (" . FTSP . " $curversion)" : '');
  755. }
  756.  
  757. else
  758. {
  759. $title = $FTSP_V2['$site_name'] . (isset($_GET['ftsp']) ? " (" . FTSP . " $curversion)" : '') . " :: " . htmlspecialchars($title);
  760. }
  761.  
  762. if ($CURUSER)
  763. {
  764. $ss_a = @mysqli_fetch_array(sql_query("SELECT uri
  765. FROM stylesheets
  766. WHERE id = {$CURUSER['stylesheet']}
  767. AND active = 'yes'"));
  768.  
  769. if ($ss_a)
  770. {
  771. $ss_uri = $ss_a['uri'];
  772. }
  773. }
  774.  
  775. if (!$ss_uri)
  776. {
  777. ($r = sql_query("SELECT uri
  778. FROM stylesheets
  779. WHERE id = 1")) or die(mysqli_error());
  780.  
  781. ($a = mysqli_fetch_array($r)) or die(mysqli_error());
  782.  
  783. $ss_uri = $a['uri'];
  784. }
  785.  
  786. if (!stripos($_SERVER['REQUEST_URI'], 'setpin.php') && !stripos($_SERVER['REQUEST_URI'], 'helpdesk.php') && !stripos($_SERVER['REQUEST_URI'], 'takelogin.php')){
  787. notset();}
  788.  
  789. if (!stripos($_SERVER['REQUEST_URI'], 'helpdesk.php')&& !stripos($_SERVER['REQUEST_URI'], 'messages.php')){
  790. locked();}
  791.  
  792.  
  793. if ($msgalert && $CURUSER)
  794. {
  795. $res = sql_query("SELECT COUNT(id)
  796. FROM messages
  797. WHERE receiver = {$CURUSER['id']} && unread = 'yes'") or die("{$lang['err_oops']}");
  798.  
  799. $arr = mysqli_fetch_row($res);
  800.  
  801. $unread = $arr[0];
  802.  
  803.  
  804. }
  805.  
  806. if ($CURUSER)
  807. {
  808. $FREETSP['language'] = isset($CURUSER['language']) ? "{$CURUSER['language']}" : $FREETSP['language'];
  809. }
  810.  
  811. require_once(STYLES_DIR . $ss_uri . DIRECTORY_SEPARATOR . 'theme_function.php');
  812. require_once(STYLES_DIR . $ss_uri . DIRECTORY_SEPARATOR . 'site_header.php');
  813.  
  814. global $lang;
  815.  
  816. //----- Start Temp Demote By Retro 2 of 3 -----//
  817.  
  818. if ($CURUSER['override_class'] != 255 && $CURUSER) //----- Second Condition Needed So That This Box Is Not Displayed For Non Members/logged Out Members -----//
  819. {
  820. //-- To Display 'HERE' As A Buton --//
  821.  
  822. temp_demote_message("warn",
  823. "{$lang['gbl_warning']}",
  824. "{$lang['gbl_text_run_low']}<a class='btn' href='{$FTSP_V2['$site_url']}/restoreclass.php'><strong>{$lang['gbl_text_here']}</strong></a>
  825. {$lang['gbl_text_restore']}");
  826.  
  827. //----- To Display 'HERE' As A Link -----//
  828.  
  829. /*
  830. temp_demote_message("warn",
  831. "{$lang['gbl_warning']}",
  832. "{$lang['gbl_text_run_low']}<a class='altlink_notice' href='{$FTSP_V2['$site_url']}/restoreclass.php'><strong>{$lang['gbl_text_here']}</strong></a>
  833. {$lang['gbl_text_restore']}");
  834. */
  835.  
  836. }
  837.  
  838. //----- Finish Temp Demote By Retro 2 of 3 -----//
  839.  
  840. if (isset($unread) && !empty($unread))
  841. {
  842. //-- Uncomment To Use The Old Style PM Notification --//
  843.  
  844. /*
  845. print("<table border='0' cellspacing='0' cellpadding='10'>
  846. <tr>
  847. <td class='old_pm_bg'>\n
  848. <a href='{$FTSP_V2['$site_url']}/messages.php'>
  849. <span class='old_pm_text'>{$lang['gbl_text_you_have']}$unread{$lang['gbl_text_msg']}" . ($unread > 1 ? "{$lang['gbl_text_msg_1']}" : "") . "!
  850. </span>
  851. </a>
  852. </td>
  853. </tr>
  854. </table>\n");
  855. */
  856.  
  857. //-- Comment Out To Use The Old Style PM Notification --//
  858.  
  859. //----- To Change the Color of class='emphasis' in css/notifications.css -----//
  860.  
  861. print("<div align='center'>
  862. <div class='silver mail round small inset'>
  863. <p>
  864. <strong>{$lang['gbl_text_mail']}</strong><br />
  865. <a href='{$FTSP_V2['$site_url']}/messages.php'>&nbsp;&nbsp;&nbsp;&nbsp;<span class='emphasis'>{$lang['gbl_text_you_have']}$unread{$lang['gbl_text_msg']}" . ($unread > 1 ? "{$lang['gbl_text_msg_1']}" : "") . "</span>
  866. </a>
  867. </p>
  868.  
  869. <div class='shadow-out'></div>
  870. </div>
  871. </div><br />");
  872. }
  873.  
  874. //----- Start Announcement Message Display -----//
  875.  
  876. $res = sql_query("SELECT created
  877. FROM announcement_main
  878. WHERE 1 = 1");
  879.  
  880. while ($arr = mysqli_fetch_assoc($res))
  881.  
  882. if ($arr['created'] >= $CURUSER['added'])
  883. {
  884. $ann_subject = trim($CURUSER['curr_ann_subject']);
  885. $ann_body = trim($CURUSER['curr_ann_body']);
  886. $ann_expires = trim($CURUSER['curr_ann_expires']);
  887.  
  888. if ((!empty($ann_subject)) AND (!empty($ann_body)))
  889. {
  890. //----- Uncomment To Use Basic Square Announcement Box -----//
  891. /*
  892. print("<table border='1' width='600' cellspacing='0' cellpadding='5'>
  893. <tr>
  894. <td class='colhead' align='center'>
  895. <span class='announcement'>{$lang['gbl_table_announcement']} :-
  896. $ann_subject
  897. </span>
  898. </td>
  899. </tr>
  900.  
  901. <tr>
  902. <td class='rowhead'>" . format_comment($ann_body) . "
  903. <br /><hr />
  904. {$lang['gbl_table_expire']}:-&nbsp;$ann_expires :-&nbsp;
  905. (" . mkprettytime(strtotime($ann_expires) - gmtime()) . "{$lang['gbl_table_to_go']})
  906. <br /><hr />
  907.  
  908. {$lang['gbl_table_click']}
  909. <a href='{$FTSP_V2['$site_url']}/clear_announcement.php'><strong>{$lang['gbl_table_here']}</strong></a>{$lang['gbl_table_clear']}
  910. </td>
  911. </tr>
  912. </table>");
  913. */
  914.  
  915. //----- Comment Out To Use A Different Announcement Box -----//
  916.  
  917. print("<div align='center'>
  918. <div class='silver box tip inset'>
  919. <p><strong>
  920. <span class='olive round inset'>{$lang['gbl_table_announcement']} :- $ann_subject</span>
  921. </strong>
  922. <br /><strong>" . format_comment($ann_body) . "</strong>
  923. </p><hr />
  924.  
  925. <span class='emphasis'>{$lang['gbl_table_expire']}:-&nbsp;$ann_expires :-&nbsp;
  926. (" . mkprettytime(strtotime($ann_expires) - gmtime()) . "{$lang['gbl_table_to_go']})</span>
  927. <br /><hr />
  928.  
  929. <div class='medium'>
  930. <a class='btn' href='{$FTSP_V2['$site_url']}/clear_announcement.php'>{$lang['gbl_table_click']}{$lang['gbl_table_here']}{$lang['gbl_table_clear']}</a>
  931. </div>
  932.  
  933. <div class='shadow-out'></div>
  934. </div>
  935. </div><br />");
  936.  
  937. //----- Uncomment To Use New Square Announcement Box -----//
  938. /*
  939. print("<div align='center'>
  940. <div class='silver box inset'>
  941. <div align='center'>
  942. <img src='css/icons/tip.png' width='48' height='48' border='0' alt='' title='' />
  943. </div>
  944.  
  945. <p><strong>
  946. <span class='olive round inset'>{$lang['gbl_table_announcement']} :- $ann_subject</span></strong>
  947. <br /><strong>" . format_comment($ann_body) . "</strong>
  948. </p><hr />
  949.  
  950. <span class='emphasis'>{$lang['gbl_table_expire']}:-&nbsp;$ann_expires :-&nbsp;
  951. (" . mkprettytime(strtotime($ann_expires) - gmtime()) . "{$lang['gbl_table_to_go']})</span>
  952. <br /><hr />
  953.  
  954. <div class='medium'>
  955. <a class='btn' href='{$FTSP_V2['$site_url']}/clear_announcement.php'>{$lang['gbl_table_click']}{$lang['gbl_table_here']}{$lang['gbl_table_clear']}</a>
  956. </div>
  957.  
  958. <div class='shadow-out'></div>
  959. </div>
  960. </div><br />");
  961. */
  962.  
  963. site_footer();
  964. die();
  965. }
  966. }
  967.  
  968. //----- Finish Announcement Message Display -----//
  969. }
  970.  
  971. function site_footer()
  972. {
  973. global $FTSP_V2, $CURUSER, $FREETSP;
  974.  
  975. $ss_uri="";
  976.  
  977. if ($CURUSER)
  978. {
  979. $ss_a = @mysqli_fetch_array(sql_query("SELECT uri
  980. FROM stylesheets
  981. WHERE id = {$CURUSER['stylesheet']}"));
  982.  
  983. if ($ss_a)
  984. {
  985. $ss_uri = $ss_a['uri'];
  986. }
  987. }
  988.  
  989. if (!$ss_uri)
  990. {
  991. ($r = sql_query("SELECT uri
  992. FROM stylesheets
  993. WHERE id = 1")) or die(mysqli_error());
  994.  
  995. ($a = mysqli_fetch_array($r)) or die(mysqli_error());
  996.  
  997. $ss_uri = $a['uri'];
  998. }
  999.  
  1000. require_once(STYLES_DIR . $ss_uri . DIRECTORY_SEPARATOR . 'theme_function.php');
  1001. require_once(STYLES_DIR . $ss_uri . DIRECTORY_SEPARATOR . 'site_footer.php');
  1002. }
  1003.  
  1004. /*function mksecret($len = 20)
  1005. {
  1006. $ret = "";
  1007.  
  1008. for ($i = 0;
  1009. $i < $len;
  1010. $i++)
  1011. {
  1012. $ret .= chr(mt_rand(0, 255));
  1013. }
  1014.  
  1015. return $ret;
  1016. }*/
  1017.  
  1018. function mksecret($len = 20)
  1019. {
  1020.  
  1021. $ret = "";
  1022.  
  1023. $chars = 'qwertyuiopasdfghjklzxcvbnm0123456789QWERTYUIOPASDFGHJKLZXCVBNM';
  1024. $num = strlen($chars);
  1025.  
  1026. for ($i = 0;
  1027. $i < $len;
  1028. $i++)
  1029. {
  1030. $char = mt_rand(0, $num - 1);
  1031. $ret .= $chars[$char];
  1032. }
  1033.  
  1034. return $ret;
  1035. }
  1036.  
  1037.  
  1038. function httperr($code = 404)
  1039. {
  1040. global $lang;
  1041.  
  1042. header("{$lang['gbl_404']}");
  1043.  
  1044. print("<h1>{$lang['gbl_not_found']}</h1>\n");
  1045. print("<p>{$lang['gbl_sorry']}</p>\n");
  1046.  
  1047. exit();
  1048. }
  1049.  
  1050. function gmtime()
  1051. {
  1052. return strtotime(get_date_time());
  1053. }
  1054.  
  1055. function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff)
  1056. {
  1057. setcookie("uid", $id, $expires, "/");
  1058. setcookie("pass", $passhash, $expires, "/");
  1059.  
  1060. if ($updatedb)
  1061. {
  1062. sql_query("UPDATE users
  1063. SET last_login = NOW()
  1064. WHERE id = $id");
  1065. }
  1066. }
  1067.  
  1068. function logoutcookie()
  1069. {
  1070. setcookie("uid", "", 0x7fffffff, "/");
  1071. setcookie("pass", "", 0x7fffffff, "/");
  1072. }
  1073.  
  1074. function logged_in()
  1075. {
  1076. global $CURUSER, $FTSP_V2;
  1077.  
  1078. if (!$CURUSER)
  1079. {
  1080. header("Location: {$FTSP_V2['$site_url']}/login.php?returnto=" . urlencode($_SERVER['REQUEST_URI']));
  1081.  
  1082. exit();
  1083. }
  1084. }
  1085.  
  1086. function status_change($id)
  1087. {
  1088. sql_query("UPDATE announcement_process
  1089. SET status = 0
  1090. WHERE user_id = " . sqlesc($id) . "
  1091. AND status = 1");
  1092. }
  1093.  
  1094. function hashit($var, $addtext = "")
  1095. {
  1096. //----- I Would Suggest That You Change The Literal Text To Something That Only You Know (unique For Each Community Installing This Function). -----//
  1097. return md5("This Text " . $addtext . $var . $addtext . " is added to muddy the water...");
  1098. }
  1099.  
  1100. //----- Returns The Current Time In GMT In MySQL Compatible Format. -----//
  1101.  
  1102. function get_date_time($timestamp = 0)
  1103. {
  1104. if ($timestamp)
  1105. {
  1106. return date("Y-m-d H:i:s", $timestamp);
  1107. }
  1108.  
  1109. else
  1110. {
  1111. return gmdate("Y-m-d H:i:s");
  1112. }
  1113. }
  1114.  
  1115. function sqlerr($file = '', $line = '')
  1116. {
  1117.  
  1118. global $lang;
  1119. error_message("error",
  1120. "{$lang['gbl_sql_error']}",
  1121. "" . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . ($file != '' && $line != '' ? "in $file, line $line" : "") . "");
  1122. }
  1123.  
  1124. /*function charset()
  1125. {
  1126. global $CURUSER, $FREETSP;
  1127.  
  1128. $lang_charset = $CURUSER['language'];
  1129.  
  1130. switch ($lang_charset)
  1131. {
  1132. case ($lang_charset == 2):
  1133. return "ISO-8859-1";
  1134.  
  1135. case ($lang_charset == 3):
  1136. return "ISO-8859-15";
  1137.  
  1138. default:
  1139. return "UTF-8";
  1140. }
  1141. }*/
  1142.  
  1143. function load_language($file = '')
  1144. {
  1145. $lang="";
  1146.  
  1147. global $CURUSER, $FREETSP;
  1148. if (!isset($GLOBALS['CURUSER']) OR empty($GLOBALS['CURUSER']['language']))
  1149. {
  1150. if (!file_exists(LANG_DIR . "{$FREETSP['language']}/lang_{$file}.php"))
  1151. {
  1152. error_message_center("error",
  1153. "Error",
  1154. "Can\'t Find Language Files");
  1155. }
  1156.  
  1157. require_once (LANG_DIR . "{$FREETSP['language']}/lang_{$file}.php");
  1158.  
  1159. return $lang;
  1160. }
  1161.  
  1162. if (!file_exists(LANG_DIR . "{$CURUSER['language']}/lang_{$file}.php"))
  1163. {
  1164. error_message_center("error",
  1165. "Error",
  1166. "Can\'t Find Language Files");
  1167. }
  1168.  
  1169. else
  1170. {
  1171. require_once LANG_DIR . "{$CURUSER['language']}/lang_{$file}.php";
  1172. }
  1173.  
  1174. return $lang;
  1175. }
  1176.  
  1177.  
  1178.  
  1179. //----- Coldfusion Tbdev -----//
  1180.  
  1181. function htmlsafechars($txt = '')
  1182. {
  1183. $txt = preg_replace("/&(?!#[0-9]+;)(?:amp;)?/s", '&amp;', $txt);
  1184. $txt = str_replace(array("<",
  1185. ">",
  1186. '"',
  1187. "'"
  1188. ) , array("&lt;",
  1189. "&gt;",
  1190. "&quot;",
  1191. '&#039;'
  1192. ) ,
  1193. $txt);
  1194. return $txt;
  1195. }
  1196.  
  1197. //----- SQL Query Count -----//
  1198.  
  1199. $qtme['querytime'] = 0;
  1200.  
  1201. function sql_query($querytme)
  1202. {
  1203. global $queries, $qtme, $querytime, $query_stat;
  1204.  
  1205. $qtme = isset($qtme) && is_array($qtme) ? $qtme : array();
  1206. $qtme['query_stat'] = isset($qtme['query_stat']) && is_array($qtme['query_stat']) ? $qtme['query_stat'] : array();
  1207.  
  1208. $queries++;
  1209. $query_start_time = microtime(true); //----- Start Time -----//
  1210. $result = mysqli_query($GLOBALS["___mysqli_ston"], $querytme);
  1211. $query_end_time = microtime(true); //----- End Time -----//
  1212. $query_time = ($query_end_time - $query_start_time);
  1213. $querytime = $querytime + $query_time;
  1214. $qtme['querytime'] = (isset($qtme['querytime']) ? $qtme['querytime'] : 0) + $query_time;
  1215. $query_time = substr($query_time, 0, 8);
  1216. $qtme['query_stat'][] = array('seconds' => $query_time,
  1217. 'query' => $querytme);
  1218. return $result;
  1219. }
  1220.  
  1221. if (file_exists(ROOT_DIR . "install/index.php")) {
  1222. echo("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
  1223. \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
  1224. <html xmlns='http://www.w3.org/1999/xhtml'>
  1225. <head>
  1226. <title>Warning</title>
  1227. </head>
  1228. <body>
  1229. <div style='font-size : 33px; color : white; background-color : red; text-align : center;'>Even Though The Intaller Is Locked<br />For Your Sites Security Please - Delete Or Rename The Install Directory, <br />Then Refresh Your Browser.</div>
  1230. </body>
  1231. </html>");
  1232. exit();
  1233. }
  1234.  
  1235. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!