". "\n"); $s = "\n(Select)\n"; $cats = genrelist(); foreach ($cats as $row) $s .= "" . htmlspecialchars($row["name"]) . "\n"; $s .= "\n"; print("". "". "

Offers are open to all users... a great ratio boost!
Type:	$s
Title Offered:	". "
Image or Photo:	". " (Link to the picture. Will be shown in description)
	\n"); textbbcode("compose","body","$body"); print("

\n"); //===list other offers $res = mysql_query("SELECT users.username, offers.id, offers.userid, offers.name, offers.added, uploaded, downloaded, categories.image, categories.name as cat FROM offers inner join categories on offers.category = categories.id inner join users on offers.userid = users.id order by offers.id desc LIMIT 10") or sqlerr(__FILE__,__LINE__); $num = mysql_num_rows($res); print("". "". "\n"); for ($i = 0; $i < $num; ++$i) { //=======change colors if($count == 0) { $count = $count+1; $class = "clearalt6"; } else { $count = 0; $class = "clearalt7"; } //=======end $arr = mysql_fetch_assoc($res); { $addedby = ""; } print("" . "". "$addedby\n"); } print("

Category	Offer	Added	Offered By
$arr[username]
	$arr[name]	$arr[added]
". "

\n"); stdfoot(); die; } //=== end add offer //=== take new offer if ($_GET["new_offer"]){ $new_offer = 0 + $_GET["new_offer"]; if($new_offer != '1') stderr("Error", "I smell a rat!"); $userid = 0 + $CURUSER["id"]; if (ereg("^[0-9]+$", !$userid)) stderr("Error", "I smell a rat!"); $name = htmlentities($_POST["name"]); if ($name == "") bark("You must enter a name!"); $cat = (0 + $_POST["type"]); if (!is_valid_id($cat)) bark("You must select a category to put the offer in!"); $descrmain = unesc($_POST["body"]); if (!$descrmain) bark("You must enter a description!"); if (!empty($_POST['picture'])){ $picture = unesc($_POST["picture"]); if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture)) stderr("Error", "Image MUST be in jpg, gif or png format."); $pic = "[img]".$picture."[/img]\n"; } $descr = "$pic"; $descr .= "$descrmain"; $res = mysql_query("SELECT name FROM offers WHERE name =".sqlesc($_POST[name])) or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_assoc($res); if (!$arr['name']){ //===add karma //=== uncomment if you use the mod //mysql_query("UPDATE users SET seedbonus = seedbonus+10.0 WHERE id = $CURUSER[id]") or sqlerr(__FILE__, __LINE__); //===end $ret = mysql_query("INSERT INTO offers (userid, name, descr, category, added) VALUES (" . implode(",", array_map("sqlesc", array($CURUSER["id"], $name, $descr, 0 + $_POST["type"]))) . ", '" . get_date_time() . "')"); if (!$ret) { if (mysql_errno() == 1062) bark("!!!"); bark("mysql puked: ".mysql_error()); } $id = mysql_insert_id(); write_log("offer $name was added by ".$CURUSER[username]); header("Refresh: 0; url=viewoffers.php?id=$id&off_details=1"); stdhead("Success!"); } else{ stdhead("Error!"); print("

Error!

". "Offer allready exists! View all offers

"); } stdfoot(); die; } //==end take new offer //=== offer details if ($_GET["off_details"]){ $off_details = 0 + $_GET["off_details"]; if($off_details != '1') stderr("Error", "I smell a rat!"); $id = 0+$_GET["id"]; $res = mysql_query("SELECT * FROM offers WHERE id = $id") or sqlerr(__FILE__,__LINE__); $num = mysql_fetch_array($res); $s = $num["name"]; stdhead("Offer Details for \"$s\""); begin_frame("Details for Offer:$s",true,'10','100%'); print(""); if ($num["descr"]){ $off_bb = format_comment($num["descr"]); print(""); } print(""); if ($num["allowed"] == "pending") print(""); elseif ($num["allowed"] == "allowed") print(""); else print(""); $cres = mysql_query("SELECT username FROM users WHERE id=$num[userid]"); if (mysql_num_rows($cres) == 1) { $carr = mysql_fetch_assoc($cres); $username = "$carr[username]"; } if ($CURUSER[id] == $num[userid] || get_user_class() >= UC_MODERATOR){ $edit = "[ Edit Offer ]"; $delete = "[ Delete Offer ]"; } print(""); //=== if you want to have a pending thing for uploaders use this next bit if (get_user_class() >= UC_MODERATOR && $num["allowed"] == "pending") print(""); //if pending if ($num["allowed"] == "pending"){ print(""); } //===upload torrent message if ($num["allowed"] == "allowed" && $CURUSER["id"] != $num["userid"]) print(""); if ($num["allowed"] == "allowed" && $CURUSER["id"] == $num["userid"]){ print(""); } //=== if you DON'T want to have a pending thing for uploaders use this next bit instead /* if ($CURUSER["id"] != $num["userid"]){ print(""); } */ $zres = mysql_query("SELECT COUNT(*) from offervotes where vote='yeah' and offerid=$id"); $arr = mysql_fetch_row($zres); $za = $arr[0]; $pres = mysql_query("SELECT COUNT(*) from offervotes where vote='against' and offerid=$id"); $arr2 = mysql_fetch_row($pres); $protiv = $arr2[0]; //=== in the following section, there is a line to report comment... either remove the link or change it to work with your report script :) print("". "

". "$s
$off_bb
Added:	$num[added]
Status:	Pending
Status:	Allowed
Status:	Denied
Offered by:	". "$username $edit $delete
". " ". "
Vote:	". "For - ". "Against
Offer Allowed:	". "If you voted for this offer, you will be PMed when it is upped!
Offer Allowed:	". "This offer has been allowed! Please upload it as soon as possible.
Vote:	". "For - ". "Against
Votes	". "For: $za Against: $protiv
Report Offer:	". " for breaking the rules ". "
\n"); $commentbar = " Add Comment \n"; $subres = mysql_query("SELECT COUNT(*) FROM comments WHERE offer = $id"); $subrow = mysql_fetch_array($subres); $count = $subrow[0]; print("

"); if (!$count) { print("

No comments

\n"); } else { list($pagertop, $pagerbottom, $limit) = pager(20, $count, "viewoffers.php?id=$id&off_details=1&", array(lastpagedefault => 1)); $subres = mysql_query("SELECT comments.id, text, user, comments.added, editedby, editedat, avatar, warned, ". "username, title, class, donor FROM comments LEFT JOIN users ON comments.user = users.id WHERE offer = " . "$id ORDER BY comments.id $limit") or sqlerr(__FILE__, __LINE__); $allrows = array(); while ($subrow = mysql_fetch_array($subres)) $allrows[] = $subrow; print($commentbar); print($pagertop); offcommenttable($allrows); print($pagerbottom); } print($commentbar); echo ''; stdfoot(); die; } //=== end offer details //=== allow offer by staff if ($_GET["allow_offer"]) { if (get_user_class() < UC_MODERATOR) stderr("Access denied!", "this is a mans job!"); $allow_offer = 0 + $_GET["allow_offer"]; if($allow_offer != '1') stderr("Error", "I smell a rat!"); //=== to allow the offer credit to S4NE for this next bit :) //if ($_POST["offerid"]){ $offid = 0 + $_POST["offerid"]; if(!is_valid_id($offid)) stderr("Error", "I smell a rat!"); $res = mysql_query("SELECT users.username, offers.userid, offers.name FROM offers inner join users on offers.userid = users.id where offers.id = $offid") or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_assoc($res); $msg = "$CURUSER[username] has allowed you to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b]. You will find a new option on the upload page."; mysql_query ("UPDATE offers SET allowed = 'allowed' WHERE id = $offid") or sqlerr(__FILE__,__LINE__); //===use this line if you DO HAVE subject in your PM system mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg, subject) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ", 'Your Offer has been allowed')") or sqlerr(__FILE__, __LINE__); //===use this line if you DO NOT have subject in your PM system //mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__); write_log("$CURUSER[username] allowed offer $arr[name]"); header("Refresh: 0; url=$BASEURL/viewoffers.php?id=$offid&off_details=1"); } //=== end allow the offer //=== allow offer by vote if ($_GET["finish_offer"]) { if (get_user_class() < UC_MODERATOR) stderr("Access denied!", "this is a mans job!"); $finish_offer = 0 + $_GET["finish_offer"]; if($finish_offer != '1') stderr("Error", "I smell a rat!"); $offid = 0 + $_POST["finish"]; if(!is_valid_id($offid)) stderr("Error", "I smell a rat!"); $res = mysql_query("SELECT users.username, offers.userid, offers.name FROM offers inner join users on offers.userid = users.id where offers.id = $offid") or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_assoc($res); $voteresyes = mysql_query("SELECT COUNT(*) from offervotes where vote='yeah' and offerid=$offid"); $arryes = mysql_fetch_row($voteresyes); $yes = $arryes[0]; $voteresno = mysql_query("SELECT COUNT(*) from offervotes where vote='against' and offerid=$offid"); $arrno = mysql_fetch_row($voteresno); $no = $arrno[0]; if($yes == '0' && $no == '0') stderr("Sorry", "No votes yet... Back to Offer details",false); if ($yes >= $no){ $msg = "Your Offer has been voted on. you are allowed to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b]. You will find a new option on the upload page."; mysql_query ("UPDATE offers SET allowed = 'allowed' WHERE id = $offid") or sqlerr(__FILE__,__LINE__); } else{ $msg = "Your Offer has been voted on. You are not allowed to upload [b][url=".$BASEURL."/viewoffers.php?id=$offid&off_details=1]" . $arr[name] . "[/url][/b].. Your offer will be deleted."; mysql_query ("UPDATE offers SET allowed = 'denied' WHERE id = $offid") or sqlerr(__FILE__,__LINE__); } //===use this line if you DO HAVE subject in your PM system mysql_query("INSERT INTO messages (poster, sender, subject, receiver, added, msg) VALUES(0, 0, 'Your offer $arr[name] has been voted on', $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__); //===use this line if you DO NOT subject in your PM system //mysql_query("INSERT INTO messages (poster, sender, receiver, added, msg) VALUES(0, 0, $arr[userid], '" . get_date_time() . "', " . sqlesc($msg) . ")") or sqlerr(__FILE__, __LINE__); write_log("$CURUSER[username] closed poll $arr[name]"); header("Refresh: 0; url=$BASEURL/viewoffers.php?id=$offid&off_details=1"); die; } //===end allow offer by vote //=== edit offer if ($_GET["edit_offer"]) { $edit_offer = 0 + $_GET["edit_offer"]; if($edit_offer != '1') stderr("Error", "I smell a rat!"); $id = 0 + $_GET["id"]; $res = mysql_query("SELECT * FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__); $num = mysql_fetch_array($res); //$timezone = display_date_time($num["utadded"] , $CURUSER[tzoffset] ); //=== use this line if you have timezone mod $timezone = $num["added"]; $s = $num["name"]; $id2 = $num["category"]; if ($CURUSER["id"] != $num["userid"] && get_user_class() < UC_MODERATOR) stderr("Error!", "This is not your Offer to edit."); $offer = sqlesc($s); $body = htmlspecialchars(unesc($num["descr"])); $res2 = mysql_query("SELECT name FROM categories WHERE id=$id2")or sqlerr(__FILE__, __LINE__); $num2 = mysql_fetch_array($res2); $name = $num2["name"]; $s2 = " $name \n"; $cats = genrelist(); foreach ($cats as $row) $s2 .= "" . htmlspecialchars($row["name"]) . "\n"; $s2 .= "\n"; stdhead("Edit Offer"); print("

". "". "". "

Edit Offer ". " $s
Title:	Type: $s2
Image:	". " (Direct link to image. NO TAG NEEDED! Will be shown in description)". "
Description:	\n"); textbbcode("compose","body","$body"); print("

\n"); stdfoot(); die; } //=== end edit offer //==== take offer edit if ($_GET["take_off_edit"]){ $take_off_edit = 0 + $_GET["take_off_edit"]; if($take_off_edit != '1') stderr("Error", "I smell a rat!"); $id = 0 + $_GET["id"]; $res = mysql_query("SELECT userid FROM offers WHERE id = $id") or sqlerr(__FILE__, __LINE__); $num = mysql_fetch_array($res); if ($CURUSER[id] != $num[userid] && get_user_class() < UC_MODERATOR) stderr("Error", "Access denied."); $name = htmlentities($_POST["name"]); if (!empty($_POST['picture'])){ $picture = unesc($_POST["picture"]); if(!preg_match("/^http:\/\/[^\s'\"<>]+\.(jpg|gif|png)$/i", $picture)) stderr("Error", "Image MUST be in jpg, gif or png format."); $pic = "[img]".$picture."[/img]\n"; } $descr = "$pic"; $descr .= unesc($_POST["body"]); if (!$descr) bark("You must enter a description!"); $cat = (0 + $_POST["category"]); if (!is_valid_id($cat)) bark("You must select a category to put the Offer in!"); $name = sqlesc($name); $descr = sqlesc($descr); $cat = sqlesc($cat); mysql_query("UPDATE offers SET category=$cat, name=$name, descr=$descr where id=$id"); header("Refresh: 0; url=viewoffers.php?id=$id&off_details=1"); } //======end take offer edit //=== offer votes list if ($_GET["offer_vote"]){ $offer_vote = 0 + $_GET["offer_vote"]; if($offer_vote != '1') stderr("Error", "I smell a rat!"); $offerid = 0 + htmlentities($_GET[id]); $res2 = mysql_query("select count(offervotes.offerid) from offervotes inner join users on offervotes.userid = users.id inner join offers on offervotes.offerid = offers.id WHERE offervotes.offerid =$offerid") or sqlerr(__FILE__, __LINE__); $row = mysql_fetch_array($res2); $count = $row[0]; stdhead("Voters"); $res2 = mysql_query("select name from offers where id=$offerid"); $arr2 = mysql_fetch_assoc($res2); print("

Offer Vote Results $arr2[name]

"); $res = mysql_query("select users.id as userid,users.username, users.downloaded,users.uploaded, offers.id as offerid, offers.name from offervotes inner join users on offervotes.userid = users.id inner join offers on offervotes.offerid = offers.id WHERE offervotes.offerid =$offerid $limit") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) print("

No votes yet

\n"); else { $perpage = 25; list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] ."?" ); echo $pagertop; print("". "\n"); while ($arr = mysql_fetch_assoc($res)) { //=======change colors if($count2 == 0) { $count2 = $count2+1; $class = "clearalt6"; } else { $count2 = 0; $class = "clearalt7"; } $vres = mysql_query("select vote from offervotes where offerid=$offerid and userid=$arr[userid]") or sqlerr(__FILE__, __LINE__); $vrow = mysql_fetch_array($vres); if ($vrow[vote] == 'yeah') $vote = "yeah"; elseif ($vrow[vote] == 'against') $vote = "Against"; if ($arr["downloaded"] > 0) { $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 3); $ratio = "$ratio"; } else if ($arr["uploaded"] > 0) $ratio = "Inf."; else $ratio = "---"; $uploaded =mksize($arr["uploaded"]); $joindate = "$arr[added] (" . get_elapsed_time(sql_timestamp_to_unix_timestamp($arr["added"])) . " )"; $downloaded = mksize($arr["downloaded"]); if ($arr["enabled"] == 'no') $enabled = "No"; else $enabled = "Yes"; print("". "". "\n"); } print("

User	Uploaded	Downloaded	Ratio	Vote
$arr[username]	$uploaded	$downloaded	$ratio	$vote

\n"); } echo $pagerbottom; stdfoot(); die; } //=== end offer votes list //=== offer votes if ($_GET["vote"]){ $offerid = 0 + htmlentities($_GET["id"]); $vote = htmlentities($_GET["vote"]); if ($vote =='yeah' || $vote =='against') { $userid = 0+$CURUSER["id"]; $res = mysql_query("SELECT * FROM offervotes WHERE offerid=$offerid and userid=$userid") or sqlerr(__FILE__,__LINE__); $arr = mysql_fetch_assoc($res); $voted = $arr; if ($voted) stderr("You've already voted", "

You've already voted, max 1 vote per offer

Back to the offer details

",false); else { mysql_query("UPDATE offers SET $vote = $vote + 1 WHERE id=$offerid") or sqlerr(__FILE__,__LINE__); mysql_query("INSERT INTO offervotes (offerid, userid, vote) VALUES($offerid, $userid, '$vote')") or sqlerr(__FILE__,__LINE__); stdhead("Vote For Offer"); print("

Vote accepted

"); print("

Your vote have been accepted

Back to the offer details

"); stdfoot(); die; } } else stderr("Error", "I smell a rat!"); } //=== end offer votes //=== delete offer if ($_GET["del_offer"]){ $del_offer = 0 + $_GET["del_offer"]; if($del_offer != '1') stderr("Error", "I smell a rat!"); $offer = 0 + $_GET["id"]; $userid = 0 + $CURUSER["id"]; if (!is_valid_id($userid)) stderr("Error", "I smell a rat!"); $res = mysql_query("SELECT * FROM offers WHERE id = $offer") or sqlerr(__FILE__, __LINE__); $num = mysql_fetch_array($res); $name = $num["name"]; if ($userid != $num["userid"] && get_user_class() < UC_MODERATOR) stderr("Error", "This is not your Offer to delete!"); if ($_GET["sure"]){ $sure = $_GET["sure"]; if($sure == '0' || $sure == '1') $sure = 0 + $_GET["sure"]; else stderr("Error", "I smell a rat!"); } if ($sure == 0) stderr("Delete Offer", "You`re about to delete this offer. Click\n here, if you`re sure.",false); elseif ($sure == 1){ mysql_query("DELETE FROM offers WHERE id=$offer"); mysql_query("DELETE FROM offervotes WHERE offerid=$offer"); mysql_query("DELETE FROM comments WHERE offer=$offer"); //===add karma //=== use this if you use the karma mod //mysql_query("UPDATE users SET seedbonus = seedbonus-10.0 WHERE id = $num[userid]") or sqlerr(__FILE__, __LINE__); //===end if ($CURUSER["id"] != $num["userid"]){ $added = sqlesc(get_date_time()); $userid = $num["userid"]; $msg = sqlesc("Your offer [b]$num[name][/b] was deleted by[b] $CURUSER[username][/b] on $added...."); //=== if you do NOT have subject in your PMs use the next part // mysql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, $userid, $msg, $added)") or sqlerr(__FILE__, __LINE__); //=== if you HAVE have subject in your PMs use the next part $subject = sqlesc("$num[name] was deleted."); mysql_query("INSERT INTO messages (sender, receiver, msg, added, subject) VALUES(0, $userid, $msg, $added, $subject)") or sqlerr(__FILE__, __LINE__); write_log("Offer: $offer ($num[name]) was deleted by $CURUSER[username]"); header("Refresh: 0; url=viewoffers.php"); die; } else { write_log("Offer: $offer ($name) was deleted by $CURUSER[username]"); header("Refresh: 0; url=viewoffers.php"); die; } } else stderr("Error", "I smell a rat!"); } //== end delete offer //=== prolly not needed, but what the hell... basically stopping the page getting screwed up if ($_GET["sort"]){ $sort = $_GET["sort"]; if($sort == 'cat' || $sort == 'name' || $sort == 'added' || $sort == 'comments' || $sort == 'yeah' || $sort == 'against') $sort = $_GET["sort"]; else stderr("Error", "I smell a rat!"); } //=== end of prolly not needed, but what the hell :P $categ = 0 + $_GET["category"]; if ($_GET["offerorid"]){ $offerorid = 0 + htmlentities($_GET["offerorid"]); if (ereg("^[0-9]+$", !$offerorid)) stderr("Error", "I smell a rat!"); } $search = $_GET["search"]; $search = " AND offers.name like '%$search%' "; if ($sort == "cat") $sort = " ORDER BY cat "; else if ($sort == "name") $sort = " ORDER BY name"; else if ($sort == "added") $sort = " ORDER BY added ASC"; else if ($sort == "comments") $sort = " ORDER BY comments DESC"; else if ($sort == "yeah") $sort = " ORDER BY yeah DESC"; else if ($sort == "against") $sort = " ORDER BY against DESC"; else $sort = " ORDER BY added DESC"; if ($offerorid <> NULL) { if (($categ <> NULL) && ($categ <> 0)) $categ = "WHERE offers.category = " . $categ . " AND offers.userid = " . $offerorid; else $categ = "WHERE offers.userid = " . $offerorid; } else if ($categ == 0) $categ = ''; else $categ = "WHERE offers.category = " . $categ; $res = mysql_query("SELECT count(offers.id) FROM offers inner join categories on offers.category = categories.id inner join users on offers.userid = users.id $categ $search") or sqlerr(__FILE__, __LINE__); $row = mysql_fetch_array($res); $count = $row[0]; $perpage = 25; list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] ."?" . "category=" . $_GET["category"] . "&sort=" . $_GET["sort"] . "&" ); $res = mysql_query("SELECT users.downloaded, users.uploaded, users.username, offers.id, offers.userid, offers.name, offers.added, offers.yeah, offers.against, offers.allowed, categories.image, categories.name as cat FROM offers inner join categories on offers.category = categories.id inner join users on offers.userid = users.id $categ $search $sort $limit") or sqlerr(__FILE__,__LINE__); $num = mysql_num_rows($res); stdhead("Offers"); begin_main_frame('100%'); print("

". "Offers Section\n

". "Add offer - View Requests "); print(" (Show All)"); $cats = genrelist(); $catdropdown = ""; foreach ($cats as $cat) { $catdropdown .= "\n"; } print("$catdropdown". " Search offers: ". "

"); print("\n"); print("". "". "". "". "". "\n"); if (!$num) echo ''; for ($i = 0; $i < $num; ++$i) { //=======change colors if($count2 == 0) { $count2 = $count2+1; $class = "clearalt6"; } else { $count2 = 0; $class = "clearalt7"; } $arr = mysql_fetch_assoc($res); if ($arr["downloaded"] > 0) { $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 2); $ratio = "$ratio"; } else if ($arr["uploaded"] > 0) $ratio = "Inf."; else $ratio = "---"; $addedby = ""; $rez = mysql_query("select comments from offers where id=$arr[id]"); $comm = mysql_fetch_array($rez); if ($comm[comments] == 0) $comment = "0"; else $comment = "$comm[comments]"; //==== if you want allow deny for offers use this next bit if ($arr["allowed"] == 'allowed') $allowed = "
[ Allowed ]"; elseif ($arr["allowed"] == 'denied') $allowed = "
[ Denied ]"; else $allowed = "
[ Pending ]"; //===end if ($arr["yeah"] == 0) $zvote = "$arr[yeah]"; else $zvote = "$arr[yeah]"; if ($arr["against"] == 0) $pvote = "$arr[against]"; else $pvote = "$arr[against]"; print("" . "$addedby\n"); } print("

Type	Title	Added	Comm.	Added by	For	Against
Nothing Found!
$arr[username] ($ratio)
	$arr[name]$allowed	$arr[added]	$comment	$zvote	$pvote

\n"); echo $pagerbottom; print("\n"); end_main_frame(); stdfoot(); die; ?>