1:

 $poster = strip_tags($_POST['poster']);

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:

<?
/*
		Project : T-Xore    version      0.0.3      released     on 03/2006   By  Bogaa 
		This piece of software is free to use by anyone and may be redistributed
		and modified by anyone in any way. We   can't be held   liable for damage
		or copyright infringement claims. Read the documentation!
		
		Bogaa's Homepage : http://www.meganova.org
		Project Homepage  : http://www.devnova.org
*/


require_once "config.php";
connect ($dbhost, $dbuser, $dbpass, $database);


// Check if a comment was posted
if ($_POST['submitted'] == '')
{

// The details query
$res = mysql_query("SELECT poster FROM torrents WHERE torrents.id ='".strip_tags(trim($_GET['id']))."'") 
    or sqlerr();
$row = mysql_fetch_array($res);
$result = mysql_query("SELECT * FROM torrents LEFT JOIN categories ON torrents.subcat = categories.subid WHERE torrents.id ='".strip_tags(trim($_GET['id']))."'") or die (mysql_error());
$count = mysql_num_rows($result);
if ($count == 0)
{
stheader('Torrent Not Found');
echo '<div id="page-error" class="fade-FFBFBF" style="padding:.2em"><h1>Torrent not found!</div>';
footer();
die;
}


// extract data from sql
while ($row = mysql_fetch_array($result))
{
extract($row);

stheader('Torrent Details for: '.htmlentities($torrentname));

?>
<script type="text/javascript">
function expandcontract(tbodyid,dis) {
  document.getElementById(tbodyid).style.display = dis;
}
</script>
<?
$tracker = parse_url($tracker);

// Display upload description
if ($description == 1)
{

$result_desc = mysql_query("SELECT descr FROM description where id = '".strip_tags(trim($_GET['id']))."' LIMIT 1");
while ($row = mysql_fetch_array($result_desc))
{
extract($row);
$description = '<tr><td colspan="2"><center><br /><h1>Description</h1><div id="desc" class="fade-E5ECF9" style="padding:.2em">'.nl2br(str_replace('  ','&nbsp;&nbsp;',$descr)).'</div></center><br /></td></tr>';
}
}
else
{
$description = '';
}
$result_desc1 = mysql_query("SELECT poster FROM torrents WHERE torrents.id ='".strip_tags(trim($_GET['id']))."'");
$row1 = mysql_fetch_array($result_desc1);
echo '<div class="location"><a href="index.php">Home</a> :: <a href="cat.php?id='.$maincat.'">'.$name.'</a> :: <a href="subcat.php?id='.$subid.'">'.$subname.'</a> :: <a href="details.php?id='.$id.'">'.htmlentities($torrentname).'</a></div>';
// Display torrent details
echo '<h1>'.htmlentities($torrentname).'</h1>';
echo '<table class="det" cellpadding="0" cellspacing="0" border="0">';
echo '<tr><td width="15%">Download</td><td> <a href="download.php?id='.htmlentities($hash).'">'.htmlentities($torrentname).'</a> &raquo; (<a href="magnet:?xt=urn:btih:'. strtoupper(base32_encode(pack("H*", $hash))).'">Magnet Link</a>)</td></tr>';
if($row1['poster']) {
echo ("<tr><td>Poster</td><td><center><a href=\"".$row1['poster']."\" target=\"_blank\"><img src=\"".$row1['poster']."\" border=\"0\"></a></center></td></tr>");
}
else
{
echo ("<tr><td>Poster</td><td><center><img src=\"poster.jpg\" border=\"0\"></center></td></tr>");
}
echo '<tr><td>Category</td><td> <a href="cat.php?id='.$maincat.'">'.$name.'</a> &raquo; <a href="subcat.php?id='.$subid.'">'.$subname.'</a></td></tr>';
echo '<tr><td>Size</td><td> '.torsize($size).'</td></tr>';
echo '<tr><td>Seeds</td><td> '.getpeer($seeds).'</td></tr>';
echo '<tr><td>Peers</td><td> '.getpeer($peers).'</td></tr>';
echo '<tr><td>Tracker</td><td> http://'.htmlentities($tracker['host']).' ('.detreg($registration).')</td></tr>';
echo '<tr><td>Added</td><td> '.$added.'</td></tr>';
echo '<tr><td>Updated</td><td> '.$updated.'</td></tr>';
echo '<tr><td>Hash</td><td> '.htmlentities($hash).'</td></tr>';
echo '<tr><td>Alternative</td><td> The file <em>'.htmlentities($torrentname).'</em>  might also be available on UseNeXT <strong><a href="http://www.usenext.de/index.cfm?TD=377528">Click here to download the UseneXT client</strong></a></td></tr>'.$description;
echo '</table>';




// Display toggle files link
echo '<br /><a href="#det" onclick="javascript:fadetoggle.fade(\'files\');">View Included Files</a><br /><br />';


// Display internal files
echo '<a name="det"></a>';
echo '<div id="files" style="display:none"><table class="det">';

@showfiles($hash);
echo '</table></div>';

// Fetch comments from sql
$result = mysql_query("SELECT * FROM comments WHERE id ='".strip_tags(trim($_GET['id']))."'");
$comment_count = mysql_num_rows($result);

// div colors
$color1 = 'class="light"';
$color2 = 'class="dark"';
$row_count = 0; 

echo '<br /><h1>Comments ('.$comment_count.')</h1>';
if (!$comment_count == 0)
{
echo '<div class="commentwrapper">';
while ($row = mysql_fetch_array($result))

{
extract($row);
$row_color = ($row_count % 2) ? $color1 : $color2; 
echo '<div '.$row_color.'><strong>'.htmlentities($name).'</strong> On <strong>'.$date.'</strong><br /><br />'.nl2br(htmlentities($post)).'</div><br /><br />';
$row_count++;
}
}


$result = mysql_query("SELECT * FROM ban WHERE ip = '$REMOTE_ADDR'");
if (mysql_num_rows($result) == 1)
{
echo '<br /><h1>You cant add any comments!</h1>You cant add any comments because you where banned for some reason.';
footer();
die;
}
echo '<br /><form id="comment" action="/details.php?id='.strip_tags(trim($_GET['id'])).'" method="post">';
echo '<input name="user" value="name" onclick=\'value=""\' /><br /><br />';
echo '<textarea name="comment" cols="50" rows="7"></textarea><br />';
echo '<input type="submit" name="submitted" value="submit" /></form></div>';
}


footer();
}


// Handle posted comment
else
{
$result = mysql_query("SELECT * FROM ban WHERE ip = '$REMOTE_ADDR'");
if (mysql_num_rows($result) == 1)
{
stheader('You have been banned from this section!');
echo '<div id="commeror" class="fade-FFBFBF" style="padding:.2em"><h1>Banned!</h1>You have been banned from this section of the site for a very very very good reason, if you think a mistake has been made feel free to contact one of the admins</div>';
footer();
die;
}


$commentid = strip_tags(trim($_GET['id']));
$name = trim($_POST['user']);
$comment = trim($_POST['comment']);
$ip= $REMOTE_ADDR;
$date = date('YmdHis');
if ($comment == '' || $name == '')
{
stheader('Comment failed!');
echo '<div id="commeror" class="fade-FFBFBF" style="padding:.2em"><h1>Please fill out the entire form!</h1></div>';
footer();
die;
}
stheader('Comment submitted');
mysql_query("INSERT INTO comments (id,ip,date,name,post) VALUES ('$commentid','$ip','$date','$name','$comment')");
echo '<div id="commplete" class="fade-DAFF9F" style="padding:.2em"><h1>Comment posted! Thanks.</h1><a href="details.php?id='.strip_tags($_GET['id']).'">Click here to view your posting</a></div>';
footer();
}
?>