10) bark("Format too long!"); $bitrate = (int) $_POST["bitrate"]; if (!$_POST["bitrate"]) bark("You must enter the bitrate!"); if($bitrate < 160) bark("Bitrate must be greater than 160 kbps!"); if(!is_valid_ids($bitrate)) bark("Bitrate must be numeric"); if(strlen($bitrate) > 10) bark("Bitrate too long!"); $filename = $artist."-".$album."[".$year."/".$format."/".$bitrate."]"; if (!validfilename($fname)) bark("Invalid filename!"); if (!preg_match('/^(.+)\.torrent$/si', $fname, $matches)) bark("Invalid filename (not a .torrent)."); $shortfname = $torrent = $matches[1]; $torrent = unesc($filename); $nfofile = $_FILES['nfo2']; if ($nfofile['name'] == '') bark("No NFO!"); if ($nfofile['size'] == 0) bark("0-byte NFO"); if ($nfofile['size'] > 65535) bark("NFO is too big! Max 65,535 bytes."); $nfofilename = $nfofile['tmp_name']; if (@!is_uploaded_file($nfofilename)) bark("NFO upload failed"); } elseif ($ft == 2) { $nfofile = $_FILES['nfo']; if ($nfofile['size'] > 65535) bark("NFO is too big! Max 65,535 bytes."); $nfofilename = $nfofile['tmp_name']; if (!validfilename($fname)) bark("Invalid filename!"); if (!preg_match('/^(.+)\.torrent$/si', $fname, $matches)) bark("Invalid filename (not a .torrent)."); $shortfname = $torrent = $matches[1]; if (!empty($_POST["name"])) $torrent = unesc($_POST["name"]); } else bark("Select filetype"); $descr = unesc($_POST["descr"]); if (!$descr) bark("You must enter a description!"); $catid = (int) $_POST["type"]; if (!is_valid_id($catid)) bark("You must select a category to put the torrent in!"); $tmpname = $f["tmp_name"]; if (!is_uploaded_file($tmpname)) bark("eek"); if (!filesize($tmpname)) bark("Empty file!"); $dict = bdec_file($tmpname, $max_torrent_size); if (!isset($dict)) bark("What the hell did you upload? This is not a bencoded file!"); function dict_check($d, $s) { if ($d["type"] != "dictionary") bark("not a dictionary"); $a = explode(":", $s); $dd = $d["value"]; $ret = array(); foreach ($a as $k) { unset($t); if (preg_match('/^(.*)\((.*)\)$/', $k, $m)) { $k = $m[1]; $t = $m[2]; } if (!isset($dd[$k])) bark("dictionary is missing key(s)"); if (isset($t)) { if ($dd[$k]["type"] != $t) bark("invalid entry in dictionary"); $ret[] = $dd[$k]["value"]; } else $ret[] = $dd[$k]; } return $ret; } function dict_get($d, $k, $t) { if ($d["type"] != "dictionary") bark("not a dictionary"); $dd = $d["value"]; if (!isset($dd[$k])) return; $v = $dd[$k]; if ($v["type"] != $t) bark("invalid dictionary entry type"); return $v["value"]; } list($ann, $info) = dict_check($dict, "announce(string):info"); list($dname, $plen, $pieces) = dict_check($info, "name(string):piece length(integer):pieces(string)"); $passkey=$announce_urls[0].'?passkey='.$CURUSER['passkey']; //if ($passkey != $ann) //bark("invalid announce url! must be " . $passkey . ""); if (strlen($pieces) % 20 != 0) bark("invalid pieces"); $filelist = array(); $totallen = dict_get($info, "length", "integer"); if (isset($totallen)) { $filelist[] = array($dname, $totallen); $type = "single"; } else { $flist = dict_get($info, "files", "list"); if (!isset($flist)) bark("missing both length and files"); if (!count($flist)) bark("no files"); $totallen = 0; foreach ($flist as $fn) { list($ll, $ff) = dict_check($fn, "length(integer):path(list)"); $totallen += $ll; $ffa = array(); foreach ($ff as $ffe) { if ($ffe["type"] != "string") bark("filename error"); $ffa[] = $ffe["value"]; } if (!count($ffa)) bark("filename error"); $ffe = implode("/", $ffa); $filelist[] = array($ffe, $ll); } $type = "multi"; } $info['value']['source']['type'] = "string"; $info['value']['source']['value'] = $SITENAME; $info['value']['source']['strlen'] = strlen($info['value']['source']['value']); $info['value']['private']['type'] = "integer"; $info['value']['private']['value'] = 1; $dict['value']['info'] = $info; $dict = benc($dict); $dict = bdec($dict); list($ann, $info) = dict_check($dict, "announce(string):info"); $infohash = pack("H*", sha1($info["string"])); // Replace punctuation characters with spaces $torrent = str_replace("_", " ", $torrent); /* subcategory test Completely working, but people can turn this on if they want ;) $subcats = implode_type_check(',', $_POST['subcats'], 'int'); $sql_subcats = sprintf('SELECT name FROM categories WHERE id IN(%s)', $subcats); $sql_subcats_run = do_mysql_query($sql_subcats); $subcat_str = ''; while($inf = mysql_fetch_assoc($sql_subcats_run)) { $subcat_str .= $inf['name'].', '; } end test */ $nfo = str_replace("\x0d\x0d\x0a", "\x0d\x0a", @file_get_contents($nfofilename)); //used smalldescr for test for a while ;) $smalldescr = mysql_escape_string( strip_tags($_POST["description"]) ); //Uncomment this if you rather use the 'subcategory' mod //$smalldescr = substr($subcat_str, 0, -2); $descr_parsed = format_comment($descr); $torrent_insert_sql = sprintf("INSERT INTO torrents (search_text, filename, owner, visible, info_hash, name, size, numfiles, type, descr, ori_descr, description, descr_parsed, category, save_as, added, last_action, nfo, inverted_timestamp) VALUES ('%s', '%s', %u, '%s', '%s', '%s', %u, %u, '%s', '%s', '%s', '%s', '%s', %u, '%s', NOW(), NOW(), '%s', 4294967295-UNIX_TIMESTAMP(NOW()) ) ", mysql_escape_string( searchfield($shortfname." ".$dname." ".$torrent) ), mysql_escape_string( $fname ), $CURUSER['id'], 'no', mysql_escape_string($infohash), mysql_escape_string($torrent), $totallen, count($filelist), $type, mysql_escape_string(strip_tags($descr)), mysql_escape_string(strip_tags($descr)), mysql_escape_string($smalldescr), mysql_escape_string($descr_parsed), (int) $_POST['type'], mysql_escape_string($dname), mysql_escape_string($nfo) ); $ret = mysql_query($torrent_insert_sql); if (!$ret) { if (mysql_errno() == 1062) bark("torrent already uploaded!"); bark("mysql puked: ".mysql_error()); } $id = mysql_insert_id(); @do_mysql_query("DELETE FROM files WHERE torrent = $id"); foreach ($filelist as $file) { @do_mysql_query("INSERT DELAYED INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")"); } move_uploaded_file($tmpname, "$torrent_dir/$id.torrent"); write_log("Torrent $id ($torrent) was uploaded by " . (($CURUSER['anonymous'] == 'yes') ? 'Anonymous' : $CURUSER["username"]) ); $res = do_mysql_query("SELECT name FROM categories WHERE id=$catid") or sqlerr(); $arr = mysql_fetch_assoc($res); $cat = $arr["name"]; $res = do_mysql_query("SELECT email FROM users WHERE enabled='yes' AND notifs LIKE '%[cat$catid]%' AND notifs LIKE '%[email]%'") or sqlerr(); $uploader = $CURUSER['username']; $size = mksize($totallen); $description = ($html ? strip_tags($descr) : $descr); $body = <<", "New torrent - $torrent", $body, "From: $SITEEMAIL\r\nBcc: $to", "-f$SITEEMAIL")) stderr( _("Error"), "Your torrent has been been uploaded. DO NOT RELOAD THE PAGE!\n" . "There was however a problem delivering the e-mail notifcations.\n" . "Please let an administrator know about this error!\n"); $nthis = 0; } } $fp = fopen("$torrent_dir/$id.torrent", "w"); if ($fp) { @fwrite($fp, benc($dict), strlen(benc($dict))); fclose($fp); } header("Location: details.php?id=$id&uploaded=1"); ?>