>>>>>>>>>>>>>>>>>>>>>>>>>> User search <<<<<<<<<<<<<<<<<<<<<<<<<<<<* * Best viewed with a wide screen monitor * **********************************************************************/ if (!empty($_GET['search'])) { if (preg_match("/^".IP_REGEX."$/", $_GET['search'])) { $_GET['ip'] = $_GET['search']; } elseif (preg_match("/^".EMAIL_REGEX."$/i", $_GET['search'])) { $_GET['email'] = $_GET['search']; } elseif (preg_match('/^[a-z0-9_?]{1,20}$/iD',$_GET['search'])) { $DB->query("SELECT ID FROM users_main WHERE Username='".db_string($_GET['search'])."'"); if (list($ID) = $DB->next_record()) { header('Location: user.php?id='.$ID); die(); } $_GET['username'] = $_GET['search']; } else { $_GET['comment'] = $_GET['search']; } } define('USERS_PER_PAGE', 30); function wrap($String, $ForceMatch = '', $IPSearch = false){ if(!$ForceMatch){ global $Match; } else { $Match = $ForceMatch; } if($Match == ' REGEXP '){ if(strpos($String, '\'') || preg_match('/^.*\\\\$/i', $String)){ error('Regex contains illegal characters.'); } } else { $String = db_string($String); } if($Match == ' LIKE '){ // Fuzzy search // Stick in wildcards at beginning and end of string unless string starts or ends with | if (($String[0] != '|') && !$IPSearch) { $String = '%'.$String; } elseif ($String[0] == '|') { $String = substr($String, 1, strlen($String)); } if(substr($String, -1, 1) != '|'){ $String = $String.'%'; } else { $String = substr($String, 0, -1); } } $String="'$String'"; return $String; } function date_compare($Field, $Operand, $Date1, $Date2 = ''){ $Date1 = db_string($Date1); $Date2 = db_string($Date2); $Return = array(); switch($Operand){ case 'on': $Return []= " $Field>='$Date1 00:00:00' "; $Return []= " $Field<='$Date1 23:59:59' "; break; case 'before': $Return []= " $Field<'$Date1 00:00:00' "; break; case 'after': $Return []= " $Field>'$Date1 23:59:59' "; break; case 'between': $Return []= " $Field>='$Date1 00:00:00' "; $Return []= " $Field<='$Date2 00:00:00' "; break; } return $Return; } function num_compare($Field, $Operand, $Num1, $Num2 = ''){ if($Num1!=0){ $Num1 = db_string($Num1); } if($Num2!=0){ $Num2 = db_string($Num2); } $Return = array(); switch($Operand){ case 'equal': $Return []= " $Field='$Num1' "; break; case 'above': $Return []= " $Field>'$Num1' "; break; case 'below': $Return []= " $Field<'$Num1' "; break; case 'between': $Return []= " $Field>'$Num1' "; $Return []= " $Field<'$Num2' "; break; default: print_r($Return); die(); } return $Return; } // Arrays, regexes, and all that fun stuff we can use for validation, form generation, etc $DateChoices = array('inarray'=>array('on', 'before', 'after', 'between')); $SingleDateChoices = array('inarray'=>array('on', 'before', 'after')); $NumberChoices = array('inarray'=>array('equal', 'above', 'below', 'between', 'buffer')); $YesNo = array('inarray'=>array('any', 'yes', 'no')); $OrderVals = array('inarray'=>array('Username', 'Ratio', 'IP', 'Email', 'Joined', 'Last Seen', 'Uploaded', 'Downloaded', 'Invites', 'Snatches')); $WayVals = array('inarray'=>array('Ascending', 'Descending')); if(count($_GET)){ $DateRegex = array('regex'=>'/\d{4}-\d{2}-\d{2}/'); $ClassIDs = array(); foreach ($Classes as $ClassID => $Value) { $ClassIDs[]=$ClassID; } $Val->SetFields('comment','0','string','Comment is too long.', array('maxlength'=>512)); $Val->SetFields('disabled_invites', '0', 'inarray', 'Invalid disabled_invites field', $YesNo); $Val->SetFields('joined', '0', 'inarray', 'Invalid joined field', $DateChoices); $Val->SetFields('join1', '0', 'regex', 'Invalid join1 field', $DateRegex); $Val->SetFields('join2', '0', 'regex', 'Invalid join2 field', $DateRegex); $Val->SetFields('lastactive', '0', 'inarray', 'Invalid lastactive field', $DateChoices); $Val->SetFields('lastactive1', '0', 'regex', 'Invalid lastactive1 field', $DateRegex); $Val->SetFields('lastactive2', '0', 'regex', 'Invalid lastactive2 field', $DateRegex); $Val->SetFields('ratio', '0', 'inarray', 'Invalid ratio field', $NumberChoices); $Val->SetFields('uploaded', '0', 'inarray', 'Invalid uploaded field', $NumberChoices); $Val->SetFields('downloaded', '0', 'inarray', 'Invalid downloaded field', $NumberChoices); //$Val->SetFields('snatched', '0', 'inarray', 'Invalid snatched field', $NumberChoices); $Val->SetFields('matchtype', '0', 'inarray', 'Invalid matchtype field', array('inarray'=>array('strict', 'fuzzy', 'regex'))); $Val->SetFields('enabled', '0', 'inarray', 'Invalid enabled field', array('inarray'=>array('', 0, 1, 2))); $Val->SetFields('class', '0', 'inarray', 'Invalid class', array('inarray'=>$ClassIDs)); $Val->SetFields('donor', '0', 'inarray', 'Invalid donor field', $YesNo); $Val->SetFields('warned', '0', 'inarray', 'Invalid warned field', $YesNo); $Val->SetFields('disabled_uploads', '0', 'inarray', 'Invalid disabled_uploads field', $YesNo); $Val->SetFields('order', '0', 'inarray', 'Invalid ordering', $OrderVals); $Val->SetFields('way', '0', 'inarray', 'Invalid way', $WayVals); $Val->SetFields('passkey', '0', 'string', 'Invalid passkey', array('maxlength'=>32)); $Val->SetFields('avatar', '0', 'string', 'Avatar URL too long', array('maxlength'=>512)); $Val->SetFields('stylesheet', '0', 'inarray', 'Invalid stylesheet', array_unique(array_keys($Stylesheets))); $Val->SetFields('cc', '0', 'inarray', 'Invalid Country Code', array('maxlength'=>2)); $Err = $Val->ValidateForm($_GET); if(!$Err){ // Passed validation. Let's rock. $RunQuery = false; // if we should run the search if(isset($_GET['matchtype']) && $_GET['matchtype'] == 'strict'){ $Match = ' = '; } elseif(isset($_GET['matchtype']) && $_GET['matchtype'] == 'regex') { $Match = ' REGEXP '; } else { $Match = ' LIKE '; } $OrderTable = array('Username'=>'um1.Username', 'Joined'=>'ui1.JoinDate', 'Email'=>'um1.Email', 'IP'=>'um1.IP', 'Last Seen'=>'um1.LastAccess', 'Uploaded'=>'um1.Uploaded', 'Downloaded'=>'um1.Downloaded', 'Ratio'=>'(um1.Uploaded/um1.Downloaded)', 'Invites'=>'um1.Invites', 'Snatches'=>'Snatches'); $WayTable = array('Ascending'=>'ASC', 'Descending'=>'DESC'); $Where = array(); $Having = array(); $Join = array(); $Group = array(); $Distinct = ''; $Order = ''; $SQL = 'SQL_CALC_FOUND_ROWS um1.ID, um1.Username, um1.Uploaded, um1.Downloaded,'; if ($_GET['snatched'] == "off") { $SQL .= "'X' AS Snatches,"; } else { $SQL .= "(SELECT COUNT(uid) FROM xbt_snatched AS xs WHERE xs.uid=um1.ID) AS Snatches,"; } $SQL .= 'um1.PermissionID, um1.Email, um1.Enabled, um1.IP, um1.Invites, ui1.DisableInvites, ui1.Warned, ui1.Donor, ui1.JoinDate, um1.LastAccess FROM users_main AS um1 JOIN users_info AS ui1 ON ui1.UserID=um1.ID '; if(!empty($_GET['username'])){ $Where[]='um1.Username'.$Match.wrap($_GET['username']); } if(!empty($_GET['email'])){ if(isset($_GET['email_history'])){ $Distinct = 'DISTINCT '; $Join['he']=' JOIN users_history_emails AS he ON he.UserID=um1.ID '; $Where[]= ' he.Email '.$Match.wrap($_GET['email']); } else { $Where[]='um1.Email'.$Match.wrap($_GET['email']); } } if (!empty($_GET['email_cnt'])) { $Query = "SELECT UserID FROM users_history_emails GROUP BY UserID HAVING COUNT(DISTINCT Email) "; if ($_GET['emails_opt'] === 'equal') { $operator = '='; } if ($_GET['emails_opt'] === 'above') { $operator = '>'; } if ($_GET['emails_opt'] === 'below') { $operator = '<'; } $Query .= $operator." ".$_GET['email_cnt']; $DB->query($Query); $Users = implode(',', $DB->collect('UserID')); if (!empty($Users)) { $Where[] = "um1.ID IN (".$Users.")"; } } if(!empty($_GET['ip'])){ if(isset($_GET['ip_history'])){ $Distinct = 'DISTINCT '; $Join['hi']=' JOIN users_history_ips AS hi ON hi.UserID=um1.ID '; $Where[]= ' hi.IP '.$Match.wrap($_GET['ip'], '', true); } else { $Where[]='um1.IP'.$Match.wrap($_GET['ip'], '', true); } } if (!empty($_GET['cc'])) { if ($_GET['cc_op'] == "equal") { $Where[]="um1.ipcc = '".$_GET['cc']."'"; } else { $Where[]="um1.ipcc != '".$_GET['cc']."'"; } } if(!empty($_GET['tracker_ip'])){ $Distinct = 'DISTINCT '; $Join['xfu']=' JOIN xbt_files_users AS xfu ON um1.ID=xfu.uid '; $Where[]= ' xfu.ip '.$Match.wrap($_GET['tracker_ip'], '', true); } // if(!empty($_GET['tracker_ip'])){ // $Distinct = 'DISTINCT '; // $Join['xs']=' JOIN xbt_snatched AS xs ON um1.ID=xs.uid '; // $Where[]= ' xs.IP '.$Match.wrap($_GET['ip']); // } if(!empty($_GET['comment'])){ $Where[]='ui1.AdminComment'.$Match.wrap($_GET['comment']); } if(strlen($_GET['invites1'])){ $Invites1 = round($_GET['invites1']); $Invites2 = round($_GET['invites2']); $Where[]=implode(' AND ', num_compare('Invites', $_GET['invites'], $Invites1, $Invites2)); } if($_GET['disabled_invites'] == 'yes'){ $Where[]='ui1.DisableInvites=\'1\''; } elseif($_GET['disabled_invites'] == 'no'){ $Where[]='ui1.DisableInvites=\'0\''; } if($_GET['disabled_uploads'] == 'yes'){ $Where[]='ui1.DisableUpload=\'1\''; } elseif($_GET['disabled_uploads'] == 'no'){ $Where[]='ui1.DisableUpload=\'0\''; } if($_GET['join1']){ $Where[]=implode(' AND ', date_compare('ui1.JoinDate', $_GET['joined'], $_GET['join1'], $_GET['join2'])); } if($_GET['lastactive1']){ $Where[]=implode(' AND ', date_compare('um1.LastAccess', $_GET['lastactive'], $_GET['lastactive1'], $_GET['lastactive2'])); } if($_GET['ratio1']){ $Decimals = strlen(array_pop(explode('.', $_GET['ratio1']))); if(!$Decimals){ $Decimals = 0; } $Where[]=implode(' AND ', num_compare("ROUND(Uploaded/Downloaded,$Decimals)", $_GET['ratio'], $_GET['ratio1'], $_GET['ratio2'])); } if(strlen($_GET['uploaded1'])){ $Upload1 = round($_GET['uploaded1']); $Upload2 = round($_GET['uploaded2']); if($_GET['uploaded']!='buffer'){ $Where[]=implode(' AND ', num_compare('ROUND(Uploaded/1024/1024/1024)', $_GET['uploaded'], $Upload1, $Upload2)); } else { $Where[]=implode(' AND ', num_compare('ROUND((Uploaded/1024/1024/1024)-(Downloaded/1024/1024/1023))', 'between', $Upload1*0.9, $Upload1*1.1)); } } if(strlen($_GET['downloaded1'])){ $Download1 = round($_GET['downloaded1']); $Download2 = round($_GET['downloaded2']); $Where[]=implode(' AND ', num_compare('ROUND(Downloaded/1024/1024/1024)', $_GET['downloaded'], $Download1, $Download2)); } if(strlen($_GET['snatched1'])){ $Snatched1 = round($_GET['snatched1']); $Snatched2 = round($_GET['snatched2']); $Having[]=implode(' AND ', num_compare('Snatches', $_GET['snatched'], $Snatched1, $Snatched2)); } if($_GET['enabled']!=''){ $Where[]='um1.Enabled='.wrap($_GET['enabled'], '='); } if($_GET['class']!=''){ $Where[]='um1.PermissionID='.wrap($_GET['class'], '='); } if($_GET['donor'] == 'yes'){ $Where[]='ui1.Donor=\'1\''; } elseif($_GET['donor'] == 'no'){ $Where[]='ui1.Donor=\'0\''; } if($_GET['warned'] == 'yes'){ $Where[]='ui1.Warned!=\'0000-00-00 00:00:00\''; } elseif($_GET['warned'] == 'no'){ $Where[]='ui1.Warned=\'0000-00-00 00:00:00\''; } if($_GET['disabled_ip']){ $Distinct = 'DISTINCT '; if($_GET['ip_history']){ if(!isset($Join['hi'])){ $Join['hi']=' JOIN users_history_ips AS hi ON hi.UserID=um1.ID '; } $Join['hi2']=' JOIN users_history_ips AS hi2 ON hi2.IP=hi.IP '; $Join['um2']=' JOIN users_main AS um2 ON um2.ID=hi2.UserID AND um2.Enabled=\'2\' '; } else { $Join['um2']=' JOIN users_main AS um2 ON um2.IP=um1.IP AND um2.Enabled=\'2\' '; } } if(!empty($_GET['passkey'])){ $Where[]='um1.torrent_pass'.$Match.wrap($_GET['passkey']); } if(!empty($_GET['avatar'])){ $Where[]='ui1.Avatar'.$Match.wrap($_GET['avatar']); } if($_GET['stylesheet']!=''){ $Where[]='ui1.StyleID='.wrap($_GET['stylesheet'], '='); } if($OrderTable[$_GET['order']] && $WayTable[$_GET['way']]){ $Order = ' ORDER BY '.$OrderTable[$_GET['order']].' '.$WayTable[$_GET['way']].' '; } //---------- Finish generating the search string $SQL = 'SELECT '.$Distinct.$SQL; $SQL .= implode(' ', $Join); if(count($Where)){ $SQL .= ' WHERE '.implode(' AND ', $Where); } if(count($Having)){ $SQL .= ' HAVING '.implode(' AND ', $Having); } $SQL .= $Order; if(count($Where)>0 || count($Join)>0 || count($Having)>0){ $RunQuery = true; } list($Page,$Limit) = page_limit(USERS_PER_PAGE); $SQL.=" LIMIT $Limit"; } else { error($Err); } } show_header('User search'); ?>
Username: Joined: Enabled:
Email: Last active: Class:
IP: Ratio: Donor:
Comment: Uploaded: Warned:
Invites: Downloaded: Disabled IP: />
Disabled invites Snatched: Disabled uploads
Passkey: Tracker IP: Extra /> />
Avatar: Stylesheet: Country Code:
Type Strict /> | Fuzzy /> | Regex /> Order: # Of Emails:
query($SQL); $DB->query('SELECT FOUND_ROWS();'); list($NumResults) = $DB->next_record(); $DB->set_query_id($Results); } ?>
next_record()){ ?> query("SELECT COUNT(ud.UserID) FROM users_downloads AS ud JOIN torrents AS t ON t.ID = ud.TorrentID WHERE ud.UserID = ".$UserID); list($Downloads) = $DB->next_record(); $DB->set_query_id($Results); ?>
Username Ratio IP Email Joined Last Seen Upload Download Downloads Snatched Invites