=1 and finish = 'no'"; break; } default: { $limit = "finish = 'no'"; break; } } //if (!in_array($finished, $allowed_finished)){$limit = "finish = 'no'";(get_user_class() >= UC_UPLOADER?$limitorder="Totalreq DESC ,":"");} //else $limit = ( $finished=="all" ? "1" : ( $finished=="all" ? "1" : "finish ='".$finished."'")); if (!empty($_POST['query'])) $limit = $limit . " and (request like " . sqlesc("%" . $_POST['query'] . "%") . " or descr like " . sqlesc("%" . $_POST['query'] . "%") . ")"; $rows = sql_query("SELECT requests.* FROM requests WHERE " . $limit . " ORDER BY id DESC") or sqlerr(__FILE__, __LINE__); list($pagertop, $pagerbottom, $limit2) = pager(20, mysql_num_rows($rows), "?$finishedlimit"); //if (mysql_num_rows($rows) == 0) stderr( "没有求种" , "没有符合条件的求种项目,点击这里增加新求种",0); //else { stdhead($lang_viewrequests['page_title']); $rows = sql_query("SELECT requests.* ,(SELECT count(DISTINCT torrentid) FROM resreq where reqid=requests.id ) as Totalreq FROM requests WHERE " . $limit . " ORDER BY $limitorder id DESC $limit2") or sqlerr(__FILE__, __LINE__); print("

{$lang_viewrequests['page_title']}

"); print("
{$lang_viewrequests['add_request']} | {$lang_viewrequests['view_request_all']} | {$lang_viewrequests['view_request_resolved']} | {$lang_viewrequests['view_request_unresolved']} | {$lang_viewrequests['view_request_resolving']} | {$lang_viewrequests['view_request_my']}

\n"); print("\n"); if (mysql_num_rows($rows) == 0) { print("\n"); } else { print("\n"); while ($row = mysql_fetch_array($rows)) { print("\n"); } } print("
Nothing
{$lang_viewrequests['thead_name']}{$lang_viewrequests['thead_price_newest']}{$lang_viewrequests['thead_price_original']}{$lang_viewrequests['thead_comment_count']}{$lang_viewrequests['thead_on_request_count']}{$lang_viewrequests['thead_request_user']}{$lang_viewrequests['thead_created_at']}{$lang_viewrequests['thead_status']}
" . $row["request"] . " " . $row['amount'] . " " . $row['ori_amount'] . " " . ($row['comments']) . "" . ($row['Totalreq']) . " " . get_username($row['userid']) . " " . gettime($row['added'], true, false) . " " . ($row['finish'] == "yes" ? $lang_viewrequests['request_status_resolved'] : ($row['userid'] == $CURUSER['id'] ? $lang_viewrequests['request_status_resolving'] : "{$lang_viewrequests['request_status_resolving']}")) . "
\n"); print($pagerbottom); //print("
添加 查看所有 查看已解决 查看未解决\n"); print("\n"); print("
\n"); print("\n"); print(""); print(""); print("
\n"); print("

\n"); stdfoot(); } die; break; } case "view": { if (is_numeric($_GET["id"])) { $id = $_GET["id"]; $res = sql_query("SELECT * FROM requests WHERE id ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_functions['std_target_not_exists']); else $arr = mysql_fetch_assoc($res); stdhead($lang_viewrequests['page_title']); print("

{$lang_viewrequests['request']}-" . htmlspecialchars($arr["request"]) . "

\n"); print("\n"); $res = sql_query("SELECT * FROM resreq WHERE reqid ='" . $_GET["id"] . "'" . $limit) or sqlerr(__FILE__, __LINE__); tr($lang_viewrequests['basic_info'], get_username($arr['userid']) . $lang_viewrequests['created_at'] . gettime($arr["added"], true, false) . "\n", 1); tr($lang_viewrequests['reward'], $lang_viewrequests['newest_bidding'] . $arr['amount'] . " {$lang_viewrequests['original_bidding']}" . $arr["ori_amount"] . "\n", 1); tr($lang_functions['std_action'], "{$lang_functions['std_report']}" . (($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) && $arr["finish"] == "no" ? " | {$lang_functions['title_edit']}" : "") . "\n" . ($arr['userid'] == $CURUSER['id'] || $arr["finish"] == "yes" ? "" : " | {$lang_viewrequests['on_request']}\n") . ((get_user_class() >= UC_UPLOADER || $arr['userid'] == $CURUSER['id']) && $arr['finish'] == "no" ? " | {$lang_functions['title_delete']}" : "title='{$lang_viewrequests['recycle_title']}'>{$lang_viewrequests['recycle']}") . "" : "") . "\n" , 1); if ($arr["finish"] == "no") tr($lang_viewrequests['add_reward'], " {$lang_viewrequests['add_reward_desc']}", 1); tr($lang_functions['std_desc'], format_comment(unesc($arr["descr"])), 1); $limit = ($arr['finish'] == "no" ? "" : " AND chosen = 'yes' "); $ress = ""; if (mysql_num_rows($res) == 0) $ress = $lang_viewrequests['no_request_yet']; else { if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) $ress .= "\n\n"; while ($row = mysql_fetch_array($res)) { $each = mysql_fetch_assoc(sql_query("SELECT * FROM torrents WHERE id = '" . $row["torrentid"] . "'")); if (mysql_num_rows(sql_query("SELECT * FROM torrents WHERE id = '" . $row["torrentid"] . "'")) == 1) $ress .= (($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) && $arr['finish'] == "no" ? "" : "") . "" . $each["name"] . " " . ($arr['finish'] == "no" ? "" : "by " . get_username($each[owner])) . "
\n"; } $ress .= ""; if (($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) && $arr['finish'] == "no") $ress .= "\n"; $ress .= "\n"; } tr($lang_viewrequests['request'], $ress, 1); print("


\n"); $count = get_row_count("comments", "WHERE request=" . sqlesc($_GET["id"])); if ($count) { print("

"); print("

{$lang_functions['std_comment']}

\n"); list($pagertop, $pagerbottom, $limit) = pager(10, $count, "viewrequests.php?action=view&id=" . $_GET["id"] . "&", array('lastpagedefault' => 1), "page"); $subres = sql_query("SELECT * FROM comments WHERE request=" . sqlesc($_GET["id"]) . " ORDER BY id $limit") or sqlerr(__FILE__, __LINE__); $allrows = array(); while ($subrow = mysql_fetch_array($subres)) { $allrows[] = $subrow; } print($pagertop); commenttable($allrows, 'request', $_GET["id"]); print($pagerbottom); } print ("
" . $lang_details['text_quick_comment'] . "


"); quickreply('comment', 'body', $lang_functions['std_quick_comment']); print("
"); print (" {$lang_functions['title_add_comments']}"); stdfoot(); } else stderr($lang_functions['std_error'], $lang_functions['std_target_not_exists']); die; break; } case "edit": { if (!is_numeric($_GET["id"])) stderr($lang_functions['std_error'], $lang_functions['std_target_not_exists']); $res = sql_query("SELECT * FROM requests WHERE id ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_functions['std_target_not_exists']); $arr = mysql_fetch_assoc($res); if ($arr["finish"] == "yes") stderr($lang_functions['std_error'], $lang_viewrequests['request_already_resolved']); if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) { stdhead($lang_functions['title_edit'] . $lang_viewrequests['request']); print( "
\n "); print(""); tr("{$lang_functions['col_name']}:", "
", 1); print(""); print("
{$lang_functions['title_edit']}{$lang_viewrequests['request']}
{$lang_functions['std_desc']}:"); textbbcode("edit", "descr", $arr["descr"]); print("

\n"); stdfoot(); die; } else stderr($lang_functions['std_error'], "{$lang_functioins['std_permission_denied']}{$lang_functions['std_click_here_to_goback']}", 0); } case "new": { if (get_user_class() >= 1) { stdhead($lang_viewrequests['add_request']); print( "
\n\n"); print("\n"); tr("{$lang_functions['col_name']}:", "
", 1); tr("{$lang_viewrequests['reward']}:", "{$lang_viewrequests['add_request_desc']}
", 1); print(""); print("
{$lang_viewrequests['add_request']}
{$lang_functions['std_desc']}:"); textbbcode("edit", "descr", $arr["descr"]); print("

\n"); stdfoot(); die; } else stderr($lang_functions['std_error'], "{$lang_functions['std_permission_denied']}{$lang_functions['std_click_here_to_goback']}", 0); } case "newmessage": { { stdhead($lang_functions['text_reply']); //
"); //quickreply('reply', 'message', "我要留言"); //print(""); $ruserid = 0 + $_GET["userid"]; print( "
\n\n"); print("\n"); print(""); print("
"); if ($ruserid) { textbbcode("reply", "message", "[b]{$lang_functions['text_reply']}:" . get_plain_username($ruserid) . "[/b]\n"); print(""); } else textbbcode("reply", "message"); print("

\n"); stdfoot(); die; } } case "search": { { stdhead($lang_functions['text_search']); print("\n"); print("\n"); print("
{$lang_functions['text_search']}
\n"); print("\n"); print(""); print("
\n"); print("

\n"); stdfoot(); die; } } case "takeadded": { if (!$_POST["descr"]) stderr($lang_functions['std_error'], "{$lang_viewrequests['description_required']}{$lang_functions['std_click_here_to_goback']}", 0); if (!$_POST["request"]) stderr($lang_functions['std_error'], "{$lang_viewrequests['name_required']}{$lang_functions['std_click_here_to_goback']}", 0); if (!$_POST["amount"]) stderr($lang_functions['std_error'], "{$lang_viewrequests['amount_required']}{$lang_functions['std_click_here_to_goback']}", 0); if (!is_numeric($_POST["amount"])) stderr($lang_functions['std_error'], "{$lang_viewrequests['amount_must_be_numeric']}{$lang_functions['std_click_here_to_goback']}", 0); $amount = $_POST["amount"]; if ($amount < 100) stderr($lang_functions['std_error'], "{$lang_viewrequests['add_request_amount_minimum']}{$lang_functions['std_click_here_to_goback']}", 0); if ($amount > 10000) stderr($lang_functions['std_error'], "{$lang_viewrequests['add_request_amount_maximum']}{$lang_functions['std_click_here_to_goback']}", 0); $amount += 100; if ($amount + 100 > $CURUSER['seedbonus']) stderr($lang_functions['std_error'], "{$lang_viewrequests['bouns_not_enough']}{$lang_functions['std_click_here_to_goback']}", 0); if (get_user_class() >= 1) { sql_query("UPDATE users SET seedbonus = seedbonus - " . $amount . " WHERE id = " . sqlesc($CURUSER['id'])); sql_query("INSERT requests ( request , descr, ori_descr ,amount , ori_amount , userid ,added ) VALUES ( " . sqlesc($_POST["request"]) . " , " . sqlesc($_POST["descr"]) . " , " . sqlesc($_POST["descr"]) . " , " . sqlesc($_POST["amount"]) . " , " . sqlesc($_POST["amount"]) . " , " . sqlesc($CURUSER['id']) . " , '" . date("Y-m-d H:i:s") . "' )") or sqlerr(__FILE__, __LINE__); // shoutbox_into('[rid' . ($id = mysql_insert_id()) . ']'); $id = mysql_insert_id(); stderr($lang_functions['std_success'], "{$lang_viewrequests['add_request_success']},{$lang_functions['std_click_here_to_goback']}", 0); } else stderr($lang_functions['std_error'], "{$lang_functions['std_permission_denied']}{$lang_functions['std_click_here_to_goback']}", 0); die; break; } case "takeedit": { if (!is_numeric($_POST["reqid"])) stderr($lang_functions['std_error'], "{$lang_viewrequests['request_id_must_be_numeric']}{$lang_functions['std_click_here_to_goback']}", 0); $res = sql_query("SELECT * FROM requests WHERE id ='" . sqlesc( $_POST["reqid"]) . "'") or sqlerr(__FILE__, __LINE__); if (!$_POST["descr"]) stderr($lang_functions['std_error'], "{$lang_viewrequests['description_required']}{$lang_functions['std_click_here_to_goback']}", 0); if (!$_POST["request"]) stderr($lang_functions['std_error'], "{$lang_viewrequests['name_required']}{$lang_functions['std_click_here_to_goback']}", 0); if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], "{$lang_viewrequests['request_deleted']}{$lang_functions['std_click_here_to_goback']}", 0); $arr = mysql_fetch_assoc($res); if ($arr["finish"] == "yes") stderr($lang_functions['std_error'], "{$lang_viewrequests['request_already_resolved']}{$lang_functions['std_click_here_to_goback']}", 0); if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) { sql_query("UPDATE requests SET descr = " . sqlesc($_POST["descr"]) . " , request = " . sqlesc($_POST["request"]) . " WHERE id ='" . sqlesc($_POST["reqid"]) . "'") or sqlerr(__FILE__, __LINE__); stderr($lang_functions['std_success'], "{$lang_viewrequests['edit_request_success']},{$lang_functions['std_click_here_to_goback']}", 0); } else stderr($lang_functions['std_error'], "{$lang_functions['std_permission_denied']}{$lang_functions['std_click_here_to_goback']}", 0); die; break; } case "res": { stdhead($lang_viewrequests['request']); stdmsg($lang_viewrequests['do_request'], "
{$lang_viewrequests['type_in_torrent_id']}:" . getSchemeAndHttpHost() . "/details.php?id=
{$lang_functions['std_click_here_to_goback']}", 0); stdfoot(); die; break; } case "takeres": { if (!is_numeric($_POST["reqid"])) stderr($lang_functions['std_error'], $lang_viewrequests['request_id_must_be_numeric']); $res = sql_query("SELECT * FROM requests WHERE id ='" . $_POST["reqid"] . "'") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], "{$lang_viewrequests['request_deleted']}{$lang_functions['std_click_here_to_goback']}", 0); $arr = mysql_fetch_assoc($res); if ($arr["finish"] == "yes") stderr($lang_functions['std_error'], "{$lang_viewrequests['request_already_resolved']}{$lang_functions['std_click_here_to_goback']}", 0); if (!is_numeric($_POST["torrentid"])) stderr($lang_functions['std_error'], "{$lang_viewrequests['request_id_must_be_numeric']}{$lang_functions['std_click_here_to_goback']}", 0); $res = sql_query("SELECT * FROM torrents WHERE id ='" . $_POST["torrentid"] . "'") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], "{$lang_functions['std_target_not_exists']}{$lang_functions['std_click_here_to_goback']}", 0); $tor = mysql_fetch_assoc($res); if ($tor['last_seed'] == "0000-00-00 00:00:00" || is_null(($tor['last_seed']))) stderr($lang_functions['std_error'], "{$lang_viewrequests['torrent_not_release_yet']}{$lang_functions['std_click_here_to_goback']}", 0); if (get_row_count('resreq', "where reqid ='" . $_POST["reqid"] . "' and torrentid='" . $_POST["torrentid"] . "'")) stderr($lang_functions['std_error'], "{$lang_viewrequests['supply_already_exists']}{$lang_functions['std_click_here_to_goback']}", 0); sql_query("INSERT resreq (reqid , torrentid) VALUES ( '" . $_POST["reqid"] . "' , '" . $_POST["torrentid"] . "')"); $added = sqlesc(date("Y-m-d H:i:s")); $subject = sqlesc($lang_viewrequests['message_please_confirm_supply']); $notifs = sqlesc("{$lang_viewrequests['request_name']}:[url=viewrequests.php?id=$arr[id]] " . $arr['request'] . "[/url],{$lang_viewrequests['please_confirm_supply']}."); sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, " . $arr['userid'] . ", $subject, $notifs, $added)") or sqlerr(__FILE__, __LINE__); stderr($lang_functions['std_success'], "{$lang_viewrequests['supply_success']},{$lang_functions['std_click_here_to_goback']}", 0); die; break; } case "addamount": { if (!is_numeric($_POST["reqid"])) stderr($lang_functions['std_error'], $lang_viewrequests['request_id_must_be_numeric']); $res = sql_query("SELECT * FROM requests WHERE id ='" . $_POST["reqid"] . "'") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_viewrequests['request_deleted']); $arr = mysql_fetch_assoc($res); if ($arr["finish"] == "yes") stderr($lang_functions['std_error'], $lang_viewrequests['request_already_resolved']); if (!is_numeric($_POST["amount"])) stderr($lang_functions['std_error'], $lang_viewrequests['amount_must_be_numeric']); $amount = $_POST["amount"]; if ($amount < 100) stderr($lang_functions['std_error'], $lang_viewrequests['add_reward_amount_minimum']); if ($amount > 5000) stderr($lang_functions['std_error'], $lang_viewrequests['add_reward_amount_maximum']); $amount += 25; if ($amount > $CURUSER['seedbonus']) stderr($lang_functions['std_error'], $lang_viewrequests['bouns_not_enough']); sql_query("UPDATE users SET seedbonus = seedbonus - " . $amount . " WHERE id = " . $CURUSER['id']); sql_query("UPDATE requests SET amount = amount + " . $_POST["amount"] . " WHERE id = " . $_POST["reqid"]); stderr($lang_functions['std_success'], "{$lang_viewrequests['add_reward_success']},{$lang_functions['std_click_here_to_goback']}", 0); die; break; } case "delete": { if (!is_numeric($_GET["id"])) stderr($lang_functions['std_error'], $lang_viewrequests['request_id_must_be_numeric']); $res = sql_query("SELECT * FROM requests WHERE id ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_viewrequests['request_deleted']); $arr = mysql_fetch_assoc($res); if (get_user_class() >= UC_UPLOADER || $arr['userid'] == $CURUSER["id"] && $arr['finish'] == 'no') { if (!get_row_count("resreq", "WHERE reqid=" . sqlesc($_GET["id"]))) { KPS("+", $arr['amount'] * 8 / 10, $arr['userid']); } sql_query("DELETE FROM requests WHERE id ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__); sql_query("DELETE FROM resreq WHERE reqid ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__); sql_query("DELETE FROM comments WHERE request ='" . $_GET["id"] . "'") or sqlerr(__FILE__, __LINE__); stderr($lang_functions['std_success'], "{$lang_viewrequests['delete_request_success']},{$lang_functions['std_click_here_to_goback']}", 0); } else stderr($lang_functions['std_error'], "{$lang_functions['std_permission_denied']}"); die; break; } case "confirm": { if (!is_numeric($_POST["id"])) stderr($lang_functions['std_error'], $lang_viewrequests['request_id_must_be_numeric']); $res = sql_query("SELECT * FROM requests WHERE id ='" . $_POST["id"] . "'") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_viewrequests['request_deleted']); $arr = mysql_fetch_assoc($res); if (empty($_POST["torrentid"])) stderr($lang_functions['std_error'], $lang_functions['std_target_not_exists']); else $torrentid = $_POST["torrentid"]; if ($arr['userid'] == $CURUSER['id'] || get_user_class() >= UC_UPLOADER) { $amount = $arr["amount"] / count($torrentid); sql_query("UPDATE requests SET finish = 'yes' WHERE id = " . $_POST["id"]); sql_query("UPDATE resreq SET chosen = 'yes' WHERE reqid = " . $_POST["id"] . " AND ( torrentid = '" . join("' OR torrentid = '", $torrentid) . "' )") or sqlerr(__FILE__, __LINE__); sql_query("DELETE FROM resreq WHERE reqid ='" . $_POST["id"] . "' AND chosen = 'no'") or sqlerr(__FILE__, __LINE__); $res = sql_query("SELECT owner FROM torrents WHERE ( id = '" . join("' OR id = '", $torrentid) . "' ) ") or sqlerr(__FILE__, __LINE__); while ($row = mysql_fetch_array($res)) { $owner[] = $row[0]; $added = sqlesc(date("Y-m-d H:i:s")); $subject = sqlesc($lang_viewrequests['torrent_is_picked_for_request']); $notifs = sqlesc("{$lang_viewrequests['request_name']}:[url=viewrequests.php?id=$arr[id]] " . $arr['request'] . "[/url].{$lang_functions['std_you_will_get']}: $amount {$lang_functions['text_bonus']}"); sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, " . $row[0] . ", $subject, $notifs, $added)") or sqlerr(__FILE__, __LINE__); } sql_query("UPDATE users SET seedbonus = seedbonus + $amount WHERE id = '" . join("' OR id = '", $owner) . "'") or sqlerr(__FILE__, __LINE__); stderr($lang_functions['std_success'], "{$lang_viewrequests['confirm_request_success']},{$lang_functions['std_click_here_to_goback']}", 0); } } case "message": { if (!is_numeric($_POST["id"])) stderr($lang_functions['std_error'], $lang_viewrequests['request_id_must_be_numeric']); $res = sql_query("SELECT * FROM requests WHERE id ='" . $_POST["id"] . "'") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) == 0) stderr($lang_functions['std_error'], $lang_viewrequests['request_deleted']); if (!$_POST["message"]) stderr($lang_functions['std_error'], $lang_viewrequests['message_required']); $arr = mysql_fetch_assoc($res); $message = $arr["message"]; $message .= "{$lang_functions['std_by']}" . $CURUSER["username"] . $lang_viewrequests['request_created_at']. date("Y-m-d H:i:s") . "" . $_POST["message"] . ""; //sql_query("UPDATE requests SET message = '".$message."' WHERE id = ".$_POST["id"])or sqlerr(__FILE__, __LINE__); //sql_query("INSERT reqcommen (user , added ,text ,reqid) VALUES ( '".$CURUSER["id"]."' , ".sqlesc(date("Y-m-d H:i:s"))." , ".sqlesc($_POST["message"])." , '".$_POST["id"]."' )"); sql_query("INSERT INTO comments (user, request, added, text, ori_text) VALUES (" . $CURUSER["id"] . ",{$_POST['id']}, '" . date("Y-m-d H:i:s") . "', " . sqlesc($_POST["message"]) . "," . sqlesc($_POST["message"]) . ")"); if ($CURUSER["id"] <> $arr['userid']) sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, " . $arr['userid'] . ", '{$lang_viewrequests['request_get_new_reply']}', " . sqlesc(" [url=viewrequests.php?action=view&id={$_POST['id']}] " . $arr['request'] . "[/url].") . ", " . sqlesc(date("Y-m-d H:i:s")) . ")") or sqlerr(__FILE__, __LINE__); $ruserid = 0 + $_POST["ruserid"]; if ($ruserid <> $CURUSER["id"] && $ruserid <> $arr['userid']) sql_query("INSERT INTO messages (sender, receiver, subject, msg, added) VALUES(0, " . $ruserid . ", '{$lang_viewrequests['request_comment_get_new_reply']}', " . sqlesc(" [url=viewrequests.php?action=view&id={$_POST['id']}] " . $arr['request'] . "[/url].") . ", " . sqlesc(date("Y-m-d H:i:s")) . ")") or sqlerr(__FILE__, __LINE__); header("Location: viewrequests.php?action=view&id=" . $_POST['id']); } } } die; ?>