ob_start("ob_gzhandler"); require "include/bittorrent.php"; // 0 - No debug; 1 - Show and run SQL query; 2 - Show SQL query only $DEBUG_MODE = 0; dbconn(); loggedinorreturn(); if (get_user_class() < UC_MODERATOR) stderr( _("Error"), _("Permission denied.")); stdhead( _("Administrative User Search") ); echo "
";
echo _("Fields left blank will be ignored;\n
Wildcards * and ? may be used in Name, Email and Comments, as well as multiple values\n
separated by spaces (e.g. 'wyz Max*' in Name will list both users named\n
'wyz' and those whose names start by 'Max'. Similarly '~' can be used for\n
negation, e.g. '~alfiest' in comments will restrict the search to users\n
that do not have 'alfiest' in their comments). \n The Ratio field accepts 'Inf' and '---' besides the usual numeric values. \n The subnet mask may be entered either in dotted decimal or CIDR notation\n (e.g. 255.255.255.0 is the same as /24). \n Uploaded and Downloaded should be entered in GB. \n For search parameters with multiple text fields the second will be\n ignored unless relevant for the type of search chosen. \n 'Active only' restricts the search to users currently leeching or seeding,\n 'Disabled IPs' to those whose IPs also show up in disabled accounts. \n The 'p' columns in the results show partial stats, that is, those\n of the torrents in progress. \n The History column lists the number of forum posts and torrent comments,\n respectively, as well as linking to the history page.\n"); echo " |
(". _('Instructions'). ")"; echo " - (". _('Reset'). ")
\n"; } $highlight = " bgcolor=#BBAF9B"; ?> // Validates date in the form [yy]yy-mm-dd; // Returns date if valid, 0 otherwise. function mkdate($date){ if (strpos($date,'-')) $a = explode('-', $date); elseif (strpos($date,'/')) $a = explode('/', $date); else return 0; for ($i=0;$i<3;$i++) if (!is_numeric($a[$i])) return 0; if (checkdate($a[1], $a[2], $a[0])) return date ("Y-m-d", mktime (0,0,0,$a[1],$a[2],$a[0])); else return 0; } // ratio as a string function ratios($up,$down, $color = True) { if ($down > 0) { $r = number_format($up / $down, 2); if ($color) $r = "$r"; } else if ($up > 0) $r = "Inf."; else $r = "---"; return $r; } // checks for the usual wildcards *, ? plus mySQL ones function haswildcard($text){ if (strpos($text,'*') === False && strpos($text,'?') === False && strpos($text,'%') === False && strpos($text,'_') === False) return False; else return True; } /////////////////////////////////////////////////////////////////////////////// if (count($_GET) > 0 && !$_GET['h']) { // name $names = explode(' ',trim($_GET['n'])); if ($names[0] !== "") { foreach($names as $name) { if (substr($name,0,1) == '~') { if ($name == '~') continue; $names_exc[] = substr($name,1); } else $names_inc[] = $name; } if (is_array($names_inc)) { $where_is .= isset($where_is)?" AND (":"("; foreach($names_inc as $name) { if (!haswildcard($name)) $name_is .= (isset($name_is)?" OR ":"")."u.username = ".sqlesc($name); else { $name = str_replace(array('?','*'), array('_','%'), $name); $name_is .= (isset($name_is)?" OR ":"")."u.username LIKE ".sqlesc($name); } } $where_is .= $name_is.")"; unset($name_is); } if (is_array($names_exc)) { $where_is .= isset($where_is)?" AND NOT (":" NOT ("; foreach($names_exc as $name) { if (!haswildcard($name)) $name_is .= (isset($name_is)?" OR ":"")."u.username = ".sqlesc($name); else { $name = str_replace(array('?','*'), array('_','%'), $name); $name_is .= (isset($name_is)?" OR ":"")."u.username LIKE ".sqlesc($name); } } $where_is .= $name_is.")"; } $q .= ($q ? "&" : "") . "n=".urlencode(trim($_GET['n'])); } // email $emaila = explode(' ', trim($_GET['em'])); if ($emaila[0] !== "") { $where_is .= isset($where_is)?" AND (":"("; foreach($emaila as $email) { if (strpos($email,'*') === False && strpos($email,'?') === False && strpos($email,'%') === False) { if (validemail($email) !== 1) { stdmsg("Error", "Bad email."); stdfoot(); die(); } $email_is .= (isset($email_is)?" OR ":"")."u.email =".sqlesc($email); } else { $sql_email = str_replace(array('?','*'), array('_','%'), $email); $email_is .= (isset($email_is)?" OR ":"")."u.email LIKE ".sqlesc($sql_email); } } $where_is .= $email_is.")"; $q .= ($q ? "&" : "") . "em=".urlencode(trim($_GET['em'])); } // passkey $pass = explode(' ', trim($_GET['pass'])); if ($pass[0] !== "") { $where_is .= isset($where_is)?" AND (":"("; foreach($pass as $passkey) { if (strpos($passkey,'*') === False && strpos($passkey,'?') === False && strpos($passkey,'%') === False) { if (strlen($passkey) > 32) { stdmsg("Error", "Bad email."); stdfoot(); die(); } $passkey_is .= (isset($passkey_is)?" OR ":"")."u.passkey =".sqlesc($passkey); } else { $sql_passkey = str_replace(array('?','*'), array('_','%'), $passkey); $passkey_is .= (isset($passkey_is)?" OR ":"")."u.oldpasskey LIKE ".sqlesc($sql_passkey); $passkey_is .= (isset($passkey_is)?" OR ":"")."u.passkey LIKE ".sqlesc($sql_passkey); } } $where_is .= $passkey_is.")"; $q .= ($q ? "&" : "") . "em=".urlencode(trim($_GET['pass'])); } $class = (int) $_GET['c']; if (is_valid_id($class)) { $where_is .= (isset($where_is)?" AND ":"")."u.class=$class"; $q .= ($q ? "&" : "") . "c=".($class); } // IP $ip = trim($_GET['ip']); if ($ip) { $regex = "/^(((1?\d{1,2})|(2[0-4]\d)|(25[0-5]))(\.\b|$)){4}$/"; if (!preg_match($regex, $ip)) { stdmsg("Error", "Bad IP."); stdfoot(); die(); } $mask = trim($_GET['ma']); if ($mask == "" || $mask == "255.255.255.255") $where_is .= (isset($where_is)?" AND ":"")."u.ip = '$ip'"; else { if (substr($mask,0,1) == "/") { $n = substr($mask, 1, strlen($mask) - 1); if (!is_numeric($n) or $n < 0 or $n > 32) { stdmsg("Error", "Bad subnet mask."); stdfoot(); die(); } else $mask = long2ip(pow(2,32) - pow(2,32-$n)); } elseif (!preg_match($regex, $mask)) { stdmsg("Error", "Bad subnet mask."); stdfoot(); die(); } $where_is .= (isset($where_is)?" AND ":"")."INET_ATON(u.ip) & INET_ATON('$mask') = INET_ATON('$ip') & INET_ATON('$mask')"; $q .= ($q ? "&" : "") . "ma=$mask"; } $q .= ($q ? "&" : "") . "ip=$ip"; } // ratio $ratio = trim($_GET['r']); if ($ratio) { if ($ratio == '---') { $ratio2 = ""; $where_is .= isset($where_is)?" AND ":""; $where_is .= " u.uploaded = 0 and u.downloaded = 0"; } elseif (strtolower(substr($ratio,0,3)) == 'inf') { $ratio2 = ""; $where_is .= isset($where_is)?" AND ":""; $where_is .= " u.uploaded > 0 and u.downloaded = 0"; } else { if (!is_numeric($ratio) || $ratio < 0) { stdmsg("Error", "Bad ratio."); stdfoot(); die(); } $where_is .= isset($where_is)?" AND ":""; $where_is .= " (u.uploaded/u.downloaded)"; $ratiotype = $_GET['rt']; $q .= ($q ? "&" : "") . "rt=$ratiotype"; if ($ratiotype == "3") { $ratio2 = trim($_GET['r2']); if(!$ratio2) { stdmsg("Error", "Two ratios needed for this type of search."); stdfoot(); die(); } if (!is_numeric($ratio2) or $ratio2 < $ratio) { stdmsg("Error", "Bad second ratio."); stdfoot(); die(); } $where_is .= " BETWEEN $ratio and $ratio2"; $q .= ($q ? "&" : "") . "r2=$ratio2"; } elseif ($ratiotype == "2") $where_is .= " < $ratio"; elseif ($ratiotype == "1") $where_is .= " > $ratio"; else $where_is .= " BETWEEN ($ratio - 0.004) and ($ratio + 0.004)"; } $q .= ($q ? "&" : "") . "r=$ratio"; } // comment $comments = explode(' ',trim($_GET['co'])); if ($comments[0] !== "") { foreach($comments as $comment) { if (substr($comment,0,1) == '~') { if ($comment == '~') continue; $comments_exc[] = substr($comment,1); } else $comments_inc[] = $comment; } if (is_array($comments_inc)) { $where_is .= isset($where_is)?" AND (":"("; foreach($comments_inc as $comment) { if (!haswildcard($comment)) $comment_is .= (isset($comment_is)?" OR ":"")."u.modcomment LIKE ".sqlesc("%".$comment."%"); else { $comment = str_replace(array('?','*'), array('_','%'), $comment); $comment_is .= (isset($comment_is)?" OR ":"")."u.modcomment LIKE ".sqlesc($comment); } } $where_is .= $comment_is.")"; unset($comment_is); } if (is_array($comments_exc)) { $where_is .= isset($where_is)?" AND NOT (":" NOT ("; foreach($comments_exc as $comment) { if (!haswildcard($comment)) $comment_is .= (isset($comment_is)?" OR ":"")."u.modcomment LIKE ".sqlesc("%".$comment."%"); else { $comment = str_replace(array('?','*'), array('_','%'), $comment); $comment_is .= (isset($comment_is)?" OR ":"")."u.modcomment LIKE ".sqlesc($comment); } } $where_is .= $comment_is.")"; } $q .= ($q ? "&" : "") . "co=".urlencode(trim($_GET['co'])); } $unit = 1073741824; // 1GB // uploaded $ul = trim($_GET['ul']); if ($ul) { if (!is_numeric($ul) || $ul < 0) { stdmsg("Error", "Bad uploaded amount."); stdfoot(); die(); } $where_is .= isset($where_is)?" AND ":""; $where_is .= " u.uploaded "; $ultype = $_GET['ult']; $q .= ($q ? "&" : "") . "ult=$ultype"; if ($ultype == "3") { $ul2 = trim($_GET['ul2']); if(!$ul2) { stdmsg("Error", "Two uploaded amounts needed for this type of search."); stdfoot(); die(); } if (!is_numeric($ul2) or $ul2 < $ul) { stdmsg("Error", "Bad second uploaded amount."); stdfoot(); die(); } $where_is .= " BETWEEN ".$ul*$unit." and ".$ul2*$unit; $q .= ($q ? "&" : "") . "ul2=$ul2"; } elseif ($ultype == "2") $where_is .= " < ".$ul*$unit; elseif ($ultype == "1") $where_is .= " >". $ul*$unit; else $where_is .= " BETWEEN ".($ul - 0.004)*$unit." and ".($ul + 0.004)*$unit; $q .= ($q ? "&" : "") . "ul=$ul"; } // downloaded $dl = trim($_GET['dl']); if ($dl) { if (!is_numeric($dl) || $dl < 0) { stdmsg("Error", "Bad downloaded amount."); stdfoot(); die(); } $where_is .= isset($where_is)?" AND ":""; $where_is .= " u.downloaded "; $dltype = $_GET['dlt']; $q .= ($q ? "&" : "") . "dlt=$dltype"; if ($dltype == "3") { $dl2 = trim($_GET['dl2']); if(!$dl2) { stdmsg("Error", "Two downloaded amounts needed for this type of search."); stdfoot(); die(); } if (!is_numeric($dl2) or $dl2 < $dl) { stdmsg("Error", "Bad second downloaded amount."); stdfoot(); die(); } $where_is .= " BETWEEN ".$dl*$unit." and ".$dl2*$unit; $q .= ($q ? "&" : "") . "dl2=$dl2"; } elseif ($dltype == "2") $where_is .= " < ".$dl*$unit; elseif ($dltype == "1") $where_is .= " > ".$dl*$unit; else $where_is .= " BETWEEN ".($dl - 0.004)*$unit." and ".($dl + 0.004)*$unit; $q .= ($q ? "&" : "") . "dl=$dl"; } // date joined $date = trim($_GET['d']); if ($date) { if (!$date = mkdate($date)) { stdmsg("Error", "Invalid date."); stdfoot(); die(); } $q .= ($q ? "&" : "") . "d=$date"; $datetype = $_GET['dt']; $q .= ($q ? "&" : "") . "dt=$datetype"; if ($datetype == "0") // For mySQL 4.1.1 or above use instead // $where_is .= (isset($where_is)?" AND ":"")."DATE(added) = DATE('$date')"; $where_is .= (isset($where_is)?" AND ":""). "(UNIX_TIMESTAMP(added) - UNIX_TIMESTAMP('$date')) BETWEEN 0 and 86400"; else { $where_is .= (isset($where_is)?" AND ":"")."u.added "; if ($datetype == "3") { $date2 = mkdate(trim($_GET['d2'])); if ($date2) { if (!$date = mkdate($date)) { stdmsg("Error", "Invalid date."); stdfoot(); die(); } $q .= ($q ? "&" : "") . "d2=$date2"; $where_is .= " BETWEEN '$date' and '$date2'"; } else { stdmsg("Error", "Two dates needed for this type of search."); stdfoot(); die(); } } elseif ($datetype == "1") $where_is .= "< '$date'"; elseif ($datetype == "2") $where_is .= "> '$date'"; } } // date last seen $last = trim($_GET['ls']); if ($last) { if (!$last = mkdate($last)) { stdmsg("Error", "Invalid date."); stdfoot(); die(); } $q .= ($q ? "&" : "") . "ls=$last"; $lasttype = $_GET['lst']; $q .= ($q ? "&" : "") . "lst=$lasttype"; if ($lasttype == "0") // For mySQL 4.1.1 or above use instead // $where_is .= (isset($where_is)?" AND ":"")."DATE(added) = DATE('$date')"; $where_is .= (isset($where_is)?" AND ":""). "(UNIX_TIMESTAMP(last_access) - UNIX_TIMESTAMP('$last')) BETWEEN 0 and 86400"; else { $where_is .= (isset($where_is)?" AND ":"")."u.last_access "; if ($lasttype == "3") { $last2 = mkdate(trim($_GET['ls2'])); if ($last2) { $where_is .= " BETWEEN '$last' and '$last2'"; $q .= ($q ? "&" : "") . "ls2=$last2"; } else { stdmsg("Error", "The second date is not valid."); stdfoot(); die(); } } elseif ($lasttype == "1") $where_is .= "< '$last'"; elseif ($lasttype == "2") $where_is .= "> '$last'"; } } // status $status = $_GET['st']; if ($status) { $where_is .= ((isset($where_is))?" AND ":""); if ($status == "1") $where_is .= "u.status = 'confirmed'"; else $where_is .= "u.status = 'pending'"; $q .= ($q ? "&" : "") . "st=$status"; } // account status $accountstatus = $_GET['as']; if ($accountstatus) { $where_is .= (isset($where_is))?" AND ":""; if ($accountstatus == "1") $where_is .= " u.enabled = 'yes'"; else $where_is .= " u.enabled = 'no'"; $q .= ($q ? "&" : "") . "as=$accountstatus"; } //donor $donor = $_GET['do']; if ($donor) { $where_is .= (isset($where_is))?" AND ":""; if ($donor == 1) $where_is .= " u.donor = 'yes'"; else $where_is .= " u.donor = 'no'"; $q .= ($q ? "&" : "") . "do=$donor"; } //warned $warned = $_GET['w']; if ($warned) { $where_is .= (isset($where_is))?" AND ":""; if ($warned == 1) $where_is .= " u.warned = 'yes'"; else $where_is .= " u.warned = 'no'"; $q .= ($q ? "&" : "") . "w=$warned"; } // disabled IP $disabled = $_GET['dip']; if ($disabled) { $distinct = "DISTINCT "; $join_is .= " LEFT JOIN users AS u2 ON u.ip = u2.ip"; $where_is .= ((isset($where_is))?" AND ":"")."u2.enabled = 'no'"; $q .= ($q ? "&" : "") . "dip=$disabled"; } // active $active = $_GET['ac']; if ($active == "1") { $distinct = "DISTINCT "; $join_is .= " LEFT JOIN peers AS p ON u.id = p.userid"; $q .= ($q ? "&" : "") . "ac=$active"; } $from_is = "users AS u".$join_is; $distinct = isset($distinct)?$distinct:""; $queryc = "SELECT COUNT(".$distinct."u.id) FROM ".$from_is. (($where_is == "")?"":" WHERE $where_is "); $querypm = "FROM ".$from_is.(($where_is == "")?" ":" WHERE $where_is "); $select_is = "u.id, u.username, u.email, u.status, u.added, u.last_access, u.ip, u.class, u.uploaded, u.downloaded, u.donor, u.modcomment, u.enabled, u.warned, u.passkey, u.oldpasskey"; $query = "SELECT ".$distinct." ".$select_is." ".$querypm; //$pagemenu
$browsemenu