if (!empty($_GET['search'])) { if (preg_match('/^'.IP_REGEX.'$/', $_GET['search'])) { $_GET['ip'] = $_GET['search']; } elseif (preg_match('/^'.EMAIL_REGEX.'$/i', $_GET['search'])) { $_GET['email'] = $_GET['search']; } elseif (preg_match(USERNAME_REGEX,$_GET['search'])) { $DB->query(" SELECT ID FROM users_main WHERE Username = '".db_string($_GET['search'])."'"); if (list($ID) = $DB->next_record()) { header("Location: user.php?id=$ID"); die(); } $_GET['username'] = $_GET['search']; } else { $_GET['comment'] = $_GET['search']; } } define('USERS_PER_PAGE', 30); function wrap($String, $ForceMatch = '', $IPSearch = false) { if (!$ForceMatch) { global $Match; } else { $Match = $ForceMatch; } if ($Match == ' REGEXP ') { if (strpos($String, '\'') !== false || preg_match('/^.*\\\\$/i', $String)) { error('Regex contains illegal characters.'); } } else { $String = db_string($String); } if ($Match == ' LIKE ') { // Fuzzy search // Stick in wildcards at beginning and end of string unless string starts or ends with | if (($String[0] != '|') && !$IPSearch) { $String = "%$String"; } elseif ($String[0] == '|') { $String = substr($String, 1, strlen($String)); } if (substr($String, -1, 1) != '|') { $String = "$String%"; } else { $String = substr($String, 0, -1); } } $String = "'$String'"; return $String; } function date_compare($Field, $Operand, $Date1, $Date2 = '') { $Date1 = db_string($Date1); $Date2 = db_string($Date2); $Return = array(); switch ($Operand) { case 'on': $Return [] = " $Field >= '$Date1 00:00:00' "; $Return [] = " $Field <= '$Date1 23:59:59' "; break; case 'before': $Return [] = " $Field < '$Date1 00:00:00' "; break; case 'after': $Return [] = " $Field > '$Date1 23:59:59' "; break; case 'between': $Return [] = " $Field >= '$Date1 00:00:00' "; $Return [] = " $Field <= '$Date2 00:00:00' "; break; } return $Return; } function num_compare($Field, $Operand, $Num1, $Num2 = '') { if ($Num1 != 0) { $Num1 = db_string($Num1); } if ($Num2 != 0) { $Num2 = db_string($Num2); } $Return = array(); switch ($Operand) { case 'equal': $Return [] = " $Field = '$Num1' "; break; case 'above': $Return [] = " $Field > '$Num1' "; break; case 'below': $Return [] = " $Field < '$Num1' "; break; case 'between': $Return [] = " $Field > '$Num1' "; $Return [] = " $Field < '$Num2' "; break; default: print_r($Return); die(); } return $Return; } // Arrays, regexes, and all that fun stuff we can use for validation, form generation, etc $DateChoices = array('inarray'=>array('on', 'before', 'after', 'between')); $SingleDateChoices = array('inarray'=>array('on', 'before', 'after')); $NumberChoices = array('inarray'=>array('equal', 'above', 'below', 'between', 'buffer')); $YesNo = array('inarray'=>array('any', 'yes', 'no')); $OrderVals = array('inarray'=>array('Username', 'Ratio', 'IP', 'Email', 'Joined', 'Last Seen', 'Uploaded', 'Downloaded', 'Invites', 'Snatches')); $WayVals = array('inarray'=>array('Ascending', 'Descending')); if (count($_GET)) { $DateRegex = array('regex' => '/\d{4}-\d{2}-\d{2}/'); $ClassIDs = array(); $SecClassIDs = array(); foreach ($Classes as $ClassID => $Value) { if ($Value['Secondary']) { $SecClassIDs[] = $ClassID; } else { $ClassIDs[] = $ClassID; } } $Val->SetFields('comment', '0', 'string', 'Comment is too long.', array('maxlength' => 512)); $Val->SetFields('disabled_invites', '0', 'inarray', 'Invalid disabled_invites field', $YesNo); $Val->SetFields('joined', '0', 'inarray', 'Invalid joined field', $DateChoices); $Val->SetFields('join1', '0', 'regex', 'Invalid join1 field', $DateRegex); $Val->SetFields('join2', '0', 'regex', 'Invalid join2 field', $DateRegex); $Val->SetFields('lastactive', '0', 'inarray', 'Invalid lastactive field', $DateChoices); $Val->SetFields('lastactive1', '0', 'regex', 'Invalid lastactive1 field', $DateRegex); $Val->SetFields('lastactive2', '0', 'regex', 'Invalid lastactive2 field', $DateRegex); $Val->SetFields('ratio', '0', 'inarray', 'Invalid ratio field', $NumberChoices); $Val->SetFields('uploaded', '0', 'inarray', 'Invalid uploaded field', $NumberChoices); $Val->SetFields('downloaded', '0', 'inarray', 'Invalid downloaded field', $NumberChoices); //$Val->SetFields('snatched', '0', 'inarray', 'Invalid snatched field', $NumberChoices); $Val->SetFields('matchtype', '0', 'inarray', 'Invalid matchtype field', array('inarray' => array('strict', 'fuzzy', 'regex'))); $Val->SetFields('enabled', '0', 'inarray', 'Invalid enabled field', array('inarray' => array('', 0, 1, 2))); $Val->SetFields('class', '0', 'inarray', 'Invalid class', array('inarray' => $ClassIDs)); $Val->SetFields('secclass', '0', 'inarray', 'Invalid class', array('inarray' => $SecClassIDs)); $Val->SetFields('donor', '0', 'inarray', 'Invalid donor field', $YesNo); $Val->SetFields('warned', '0', 'inarray', 'Invalid warned field', $YesNo); $Val->SetFields('disabled_uploads', '0', 'inarray', 'Invalid disabled_uploads field', $YesNo); $Val->SetFields('order', '0', 'inarray', 'Invalid ordering', $OrderVals); $Val->SetFields('way', '0', 'inarray', 'Invalid way', $WayVals); $Val->SetFields('passkey', '0', 'string', 'Invalid passkey', array('maxlength' => 32)); $Val->SetFields('avatar', '0', 'string', 'Avatar URL too long', array('maxlength' => 512)); $Val->SetFields('stylesheet', '0', 'inarray', 'Invalid stylesheet', array_unique(array_keys($Stylesheets))); $Val->SetFields('cc', '0', 'inarray', 'Invalid Country Code', array('maxlength' => 2)); $Err = $Val->ValidateForm($_GET); if (!$Err) { // Passed validation. Let's rock. $RunQuery = false; // if we should run the search if (isset($_GET['matchtype']) && $_GET['matchtype'] == 'strict') { $Match = ' = '; } elseif (isset($_GET['matchtype']) && $_GET['matchtype'] == 'regex') { $Match = ' REGEXP '; } else { $Match = ' LIKE '; } $OrderTable = array( 'Username' => 'um1.Username', 'Joined' => 'ui1.JoinDate', 'Email' => 'um1.Email', 'IP' => 'um1.IP', 'Last Seen' => 'um1.LastAccess', 'Uploaded' => 'um1.Uploaded', 'Downloaded' => 'um1.Downloaded', 'Ratio' => '(um1.Uploaded / um1.Downloaded)', 'Invites' => 'um1.Invites', 'Snatches' => 'Snatches'); $WayTable = array('Ascending'=>'ASC', 'Descending'=>'DESC'); $Where = array(); $Having = array(); $Join = array(); $Group = array(); $Distinct = ''; $Order = ''; $SQL = ' SQL_CALC_FOUND_ROWS um1.ID, um1.Username, um1.Uploaded, um1.Downloaded,'; if ($_GET['snatched'] == 'off') { $SQL .= "'X' AS Snatches,"; } else { $SQL .= " ( SELECT COUNT(xs.uid) FROM xbt_snatched AS xs WHERE xs.uid = um1.ID ) AS Snatches,"; } $SQL .= ' um1.PermissionID, um1.Email, um1.Enabled, um1.IP, um1.Invites, ui1.DisableInvites, ui1.Warned, ui1.Donor, ui1.JoinDate, um1.LastAccess FROM users_main AS um1 JOIN users_info AS ui1 ON ui1.UserID = um1.ID '; if (!empty($_GET['username'])) { $Where[] = 'um1.Username'.$Match.wrap($_GET['username']); } if (!empty($_GET['email'])) { if (isset($_GET['email_history'])) { $Distinct = 'DISTINCT '; $Join['he'] = ' JOIN users_history_emails AS he ON he.UserID = um1.ID '; $Where[] = ' he.Email '.$Match.wrap($_GET['email']); } else { $Where[] = 'um1.Email'.$Match.wrap($_GET['email']); } } if (!empty($_GET['email_cnt']) && is_number($_GET['email_cnt'])) { $Query = " SELECT UserID FROM users_history_emails GROUP BY UserID HAVING COUNT(DISTINCT Email) "; if ($_GET['emails_opt'] === 'equal') { $operator = '='; } if ($_GET['emails_opt'] === 'above') { $operator = '>'; } if ($_GET['emails_opt'] === 'below') { $operator = '<'; } $Query .= $operator.' '.$_GET['email_cnt']; $DB->query($Query); $Users = implode(',', $DB->collect('UserID')); if (!empty($Users)) { $Where[] = "um1.ID IN ($Users)"; } } if (!empty($_GET['ip'])) { if (isset($_GET['ip_history'])) { $Distinct = 'DISTINCT '; $Join['hi'] = ' JOIN users_history_ips AS hi ON hi.UserID = um1.ID '; $Where[] = ' hi.IP '.$Match.wrap($_GET['ip'], '', true); } else { $Where[] = 'um1.IP'.$Match.wrap($_GET['ip'], '', true); } } if (!empty($_GET['cc'])) { if ($_GET['cc_op'] == 'equal') { $Where[] = "um1.ipcc = '".db_string($_GET['cc'])."'"; } else { $Where[] = "um1.ipcc != '".db_string($_GET['cc'])."'"; } } if (!empty($_GET['tracker_ip'])) { $Distinct = 'DISTINCT '; $Join['xfu'] = ' JOIN xbt_files_users AS xfu ON um1.ID = xfu.uid '; $Where[] = ' xfu.ip '.$Match.wrap($_GET['tracker_ip'], '', true); } // if (!empty($_GET['tracker_ip'])) { // $Distinct = 'DISTINCT '; // $Join['xs'] = ' JOIN xbt_snatched AS xs ON um1.ID = xs.uid '; // $Where[] = ' xs.IP '.$Match.wrap($_GET['ip']); // } if (!empty($_GET['comment'])) { $Where[] = 'ui1.AdminComment'.$Match.wrap($_GET['comment']); } if (!empty($_GET['lastfm'])) { $Distinct = 'DISTINCT '; $Join['lastfm'] = ' JOIN lastfm_users AS lfm ON lfm.ID = um1.ID '; $Where[] = ' lfm.Username'.$Match.wrap($_GET['lastfm']); } if (strlen($_GET['invites1'])) { $Invites1 = round($_GET['invites1']); $Invites2 = round($_GET['invites2']); $Where[] = implode(' AND ', num_compare('Invites', $_GET['invites'], $Invites1, $Invites2)); } if ($_GET['disabled_invites'] == 'yes') { $Where[] = 'ui1.DisableInvites = \'1\''; } elseif ($_GET['disabled_invites'] == 'no') { $Where[] = 'ui1.DisableInvites = \'0\''; } if ($_GET['disabled_uploads'] == 'yes') { $Where[] = 'ui1.DisableUpload = \'1\''; } elseif ($_GET['disabled_uploads'] == 'no') { $Where[] = 'ui1.DisableUpload = \'0\''; } if ($_GET['join1']) { $Where[] = implode(' AND ', date_compare('ui1.JoinDate', $_GET['joined'], $_GET['join1'], $_GET['join2'])); } if ($_GET['lastactive1']) { $Where[] = implode(' AND ', date_compare('um1.LastAccess', $_GET['lastactive'], $_GET['lastactive1'], $_GET['lastactive2'])); } if ($_GET['ratio1']) { $Decimals = strlen(array_pop(explode('.', $_GET['ratio1']))); if (!$Decimals) { $Decimals = 0; } $Where[] = implode(' AND ', num_compare("ROUND(Uploaded/Downloaded,$Decimals)", $_GET['ratio'], $_GET['ratio1'], $_GET['ratio2'])); } if (strlen($_GET['uploaded1'])) { $Upload1 = round($_GET['uploaded1']); $Upload2 = round($_GET['uploaded2']); if ($_GET['uploaded'] != 'buffer') { $Where[] = implode(' AND ', num_compare('ROUND(Uploaded / 1024 / 1024 / 1024)', $_GET['uploaded'], $Upload1, $Upload2)); } else { $Where[] = implode(' AND ', num_compare('ROUND((Uploaded / 1024 / 1024 / 1024) - (Downloaded / 1024 / 1024 / 1023))', 'between', $Upload1 * 0.9, $Upload1 * 1.1)); } } if (strlen($_GET['downloaded1'])) { $Download1 = round($_GET['downloaded1']); $Download2 = round($_GET['downloaded2']); $Where[] = implode(' AND ', num_compare('ROUND(Downloaded / 1024 / 1024 / 1024)', $_GET['downloaded'], $Download1, $Download2)); } if (strlen($_GET['snatched1'])) { $Snatched1 = round($_GET['snatched1']); $Snatched2 = round($_GET['snatched2']); $Having[] = implode(' AND ', num_compare('Snatches', $_GET['snatched'], $Snatched1, $Snatched2)); } if ($_GET['enabled'] != '') { $Where[] = 'um1.Enabled = '.wrap($_GET['enabled'], '='); } if ($_GET['class'] != '') { $Where[] = 'um1.PermissionID = '.wrap($_GET['class'], '='); } if ($_GET['secclass'] != '') { $Join['ul'] = ' JOIN users_levels AS ul ON um1.ID = ul.UserID '; $Where[] = 'ul.PermissionID = '.wrap($_GET['secclass'], '='); } if ($_GET['donor'] == 'yes') { $Where[] = 'ui1.Donor = \'1\''; } elseif ($_GET['donor'] == 'no') { $Where[] = 'ui1.Donor = \'0\''; } if ($_GET['warned'] == 'yes') { $Where[] = 'ui1.Warned != \'0000-00-00 00:00:00\''; } elseif ($_GET['warned'] == 'no') { $Where[] = 'ui1.Warned = \'0000-00-00 00:00:00\''; } if ($_GET['disabled_ip']) { $Distinct = 'DISTINCT '; if ($_GET['ip_history']) { if (!isset($Join['hi'])) { $Join['hi'] = ' JOIN users_history_ips AS hi ON hi.UserID = um1.ID '; } $Join['hi2'] = ' JOIN users_history_ips AS hi2 ON hi2.IP = hi.IP '; $Join['um2'] = ' JOIN users_main AS um2 ON um2.ID = hi2.UserID AND um2.Enabled = \'2\' '; } else { $Join['um2'] = ' JOIN users_main AS um2 ON um2.IP = um1.IP AND um2.Enabled = \'2\' '; } } if (!empty($_GET['passkey'])) { $Where[] = 'um1.torrent_pass'.$Match.wrap($_GET['passkey']); } if (!empty($_GET['avatar'])) { $Where[] = 'ui1.Avatar'.$Match.wrap($_GET['avatar']); } if ($_GET['stylesheet'] != '') { $Where[] = 'ui1.StyleID = '.wrap($_GET['stylesheet'], '='); } if ($OrderTable[$_GET['order']] && $WayTable[$_GET['way']]) { $Order = ' ORDER BY '.$OrderTable[$_GET['order']].' '.$WayTable[$_GET['way']].' '; } //---------- Finish generating the search string $SQL = 'SELECT '.$Distinct.$SQL; $SQL .= implode(' ', $Join); if (count($Where)) { $SQL .= ' WHERE '.implode(' AND ', $Where); } if (count($Having)) { $SQL .= ' HAVING '.implode(' AND ', $Having); } $SQL .= $Order; if (count($Where) > 0 || count($Join) > 0 || count($Having) > 0) { $RunQuery = true; } list($Page, $Limit) = Format::page_limit(USERS_PER_PAGE); $SQL .= " LIMIT $Limit"; } else { error($Err); } } View::show_header('User search'); ?>
Username | Ratio | IP address | Joined | Last seen | Upload | Download | Downloads | Snatched | Invites | |
=Users::format_username($UserID, true, true, true, true)?> | =Format::get_ratio_html($Uploaded, $Downloaded)?> | =display_str($IP)?> (=Tools::get_country_code_by_ajax($IP)?>) | =display_str($Email)?> | =time_diff($JoinDate)?> | =time_diff($LastAccess)?> | =Format::get_size($Uploaded)?> | =Format::get_size($Downloaded)?> | $DB->query(" SELECT COUNT(ud.UserID) FROM users_downloads AS ud JOIN torrents AS t ON t.ID = ud.TorrentID WHERE ud.UserID = $UserID"); list($Downloads) = $DB->next_record(); $DB->set_query_id($Results); ?>=number_format((int)$Downloads)?> | =(is_numeric($Snatched) ? number_format($Snatched) : display_str($Snatched))?> | if ($DisableInvites) { echo 'X'; } else { echo number_format($Invites); } ?> |