Btittracker V.1.1 Fixed Version

[Lupin]

UPGRADE TO V.1.1 IS RECOMMENDED TO ALL WEBMASTER

- account.php:
   + fixed: fatal error if gd library not set
- usercp.php:
   + fixed: hack sql injection code on avatar url
- functions.php:
   + fixed: makesize function with negative parameters
- upload.php:
   + fixed: malicious code in torrent filename/info.

Download link:
http://www.btiteam.org/index.php?ind=downl...ry_view&iden=44 (http://www.btiteam.org/index.php?ind=downloads&op=entry_view&iden=44)

[Lupin]

as soon as i get time to post it, I'll post the change to fix your tracker manualy, so anyome with customized site could fix himself.

[seaman]

First sorry for my bad english

are is this upgrade for Btit v.1 Pleasuredome edition too?

thanks and nice job

[dodge]

Hi guys, just installed this version but i still can´t manage to create a new member, surely because of the gd library not being enabled by my host in php.ini. The numbers are not showing, and i don´t even get a "submit" button.
Is there a way to disable image activation in account.php? Sorry if i should have placed this question anywhere else.
Thanks for any help spared, and congratulations for the great tracker, u guys did a hell of a job

[Lupin]

gd library detection should be automatic into account.php... did you get some errors?

[Lupin]

First sorry for my bad english

are is this upgrade for Btit v.1 Pleasuredome edition too?

thanks and nice job

I think it's not OK for pleasuredome edition, asap I'll post the exact corrections to upgrade by hand.

[Lupin]

HowTo upgrading manualy your tracker

account.php
search for

Code:

// -----------------------------
// Captcha hack
// -----------------------------
   $p=new ocr_captcha();

   print("<tr>\n\t<td align=left class=\"header\">".IMAGE_CODE.":</td>");
   print("\n\t<td align=left class=\"lista\"><input type=text name=private_key value='' maxlength=6 size=6>\n");
   print($p->display_captcha(true));
   $private=$p->generate_private();
   print("</td>\n</tr>");
// -----------------------------
// Captcha hack
// -----------------------------
}

Replace with

Code:

// -----------------------------
// Captcha hack
// -----------------------------
if (extension_loaded('gd'))
  {
   $p=new ocr_captcha();

   print("<tr>\n\t<td align=left class=\"header\">".IMAGE_CODE.":</td>");
   print("\n\t<td align=left class=\"lista\"><input type=text name=private_key value='' maxlength=6 size=6>\n");
   print($p->display_captcha(true));
   $private=$p->generate_private();
   print("</td>\n</tr>");
  }
// -----------------------------
// Captcha hack
// -----------------------------
}

search for

$public=$_POST['public_key'];
$private=$_POST['private_key'];

$p=new ocr_captcha();

    if ($p->check_captcha($public,$private) != true)
       {
        print(ERROR." ".ERR_IMAGE_CODE."<br>");
        print("<a href=account.php>".BACK."</a>");
        block_end();
        exit;
    }

replace with

Code:

if (extension_loaded('gd'))
  {
  $public=$_POST['public_key'];
  $private=$_POST['private_key'];

    $p=new ocr_captcha();

    if ($p->check_captcha($public,$private) != true)
        {
        print(ERROR." ".ERR_IMAGE_CODE."<br>");
        print("<a href=account.php>".BACK."</a>");
        block_end();
        exit;
    }
  }

usercp.php
search for

Code:

    elseif ($do=="user" && $action=="post")
        {
        if ($_POST["confirm"]==FRM_CONFIRM)
           {
           $idlangue=0+$_POST["language"];
           $idstyle=0+$_POST["style"];
           $email=$_POST["email"];
           $avatar=$_POST["avatar"];
           $idflag=0+$_POST["flag"];

replace with

Code:

    elseif ($do=="user" && $action=="post")
        {
        if ($_POST["confirm"]==FRM_CONFIRM)
           {
           $idlangue=0+$_POST["language"];
           $idstyle=0+$_POST["style"];
           $email=AddSlashes($_POST["email"]);
           $avatar=AddSlashes($_POST["avatar"]);
           $idflag=0+$_POST["flag"];

functions.php
search for

Code:

function makesize($bytes) {
  if ($bytes < 1000 * 1024)
    return number_format($bytes / 1024, 2) . " KB";
  if ($bytes < 1000 * 1048576)
    return number_format($bytes / 1048576, 2) . " MB";
  if ($bytes < 1000 * 1073741824)
    return number_format($bytes / 1073741824, 2) . " GB";
  return number_format($bytes / 1099511627776, 2) . " TB";
}

replace with

Code:

function makesize($bytes) {
  if (abs($bytes) < 1000 * 1024)
    return number_format($bytes / 1024, 2) . " KB";
  if (abs($bytes) < 1000 * 1048576)
    return number_format($bytes / 1048576, 2) . " MB";
  if (abs($bytes) < 1000 * 1073741824)
    return number_format($bytes / 1073741824, 2) . " GB";
  return number_format($bytes / 1099511627776, 2) . " TB";
}

upload.php
search for

Code:

if (isset($_POST["filename"]))
   $filename=$_POST["filename"];
else
    $filename = StripSlashes($_FILES["torrent"]["name"]);

if (isset($hash) && $hash) $url = $TORRENTSDIR . "/" . $hash . ".btf";
else $url = 0;

if (isset($_POST["info"]))
   $comment = addslashes($_POST["info"]);
else
    $comment = "";

replace with

Code:

if (isset($_POST["filename"]))
   $filename=htmlentities($_POST["filename"]);
else
    $filename = StripSlashes($_FILES["torrent"]["name"]);

if (isset($hash) && $hash) $url = $TORRENTSDIR . "/" . $hash . ".btf";
else $url = 0;

if (isset($_POST["info"]))
   $comment = htmlentities(addslashes($_POST["info"]));
else
    $comment = "";

That's all.

[dodge]

gd library detection should be automatic into account.php... did you get some errors?

Just the usual:

Fatal error: Call to undefined function: imagettftext() in /.../.../public_html/tracker/include/functions.php on line 1713.

After the image code input field i get nothing else, just the error.

Is it possible to enable gd library via htaccess?

[seaman]

Thank you Lupin
I try to upgrade now

Best regards

[thewarlock]

Just install it and no problemo, works fine, thanks master Lupin.

[Lupin]

gd library detection should be automatic into account.php... did you get some errors?

Just the usual:

Fatal error: Call to undefined function: imagettftext() in /.../.../public_html/tracker/include/functions.php on line 1713.

After the image code input field i get nothing else, just the error.

Is it possible to enable gd library via htaccess?

seems that gd library is enable, but freetype library (also required) is not. try to find a turn around, sorry...
in account serch for

Code:

if (extension_loaded('gd'))
  {
   $p=new ocr_captcha();

   print("<tr>\n\t<td align=left class=\"header\">".IMAGE_CODE.":</td>");
   print("\n\t<td align=left class=\"lista\"><input type=text name=private_key value='' maxlength=6 size=6>\n");
   print($p->display_captcha(true));
   $private=$p->generate_private();
   print("</td>\n</tr>");
  }

replace with

Code:

if (extension_loaded('gd'))
  {
  $arr = gd_info();
  if ($arr['FreeType Support']==1)
  {
   $p=new ocr_captcha();

   print("<tr>\n\t<td align=left class=\"header\">".IMAGE_CODE.":</td>");
   print("\n\t<td align=left class=\"lista\"><input type=text name=private_key value='' maxlength=6 size=6>\n");
   print($p->display_captcha(true));
   $private=$p->generate_private();
   print("</td>\n</tr>");
  }
}

not tested, let me know if it work.

[dodge]

Thanks master Lupin
I´ll give it a try and return with some feedback later.


--edit---

Sweet! It works.
The condition to check wether freetype support is enabled solved the problem.
Thanks again Lupin, you´re the man

[dodge]

Talked too early. Got a error message whenever someone try to register...
Everything works fine until they press the "Confirm" button. Then, this appears:

Code:

Error: Image Code dont match

Image code function is still working somehow. Can´t i just erase this function?
Or maybe a mod to just deactivate this all function in admincp?

[Lupin]

Sorry, in account.php

find:

Code:

if (extension_loaded('gd'))
 {
 $public=$_POST['public_key'];
 $private=$_POST['private_key'];

   $p=new ocr_captcha();

   if ($p->check_captcha($public,$private) != true)
       {
       print(ERROR." ".ERR_IMAGE_CODE."<br>");
       print("<a href=account.php>".BACK."</a>");
       block_end();
       exit;
   }
 }

replace with

Code:

if (extension_loaded('gd'))
 {
 $arr = gd_info();
 if ($arr['FreeType Support']==1)
   {
 $public=$_POST['public_key'];
 $private=$_POST['private_key'];

   $p=new ocr_captcha();

   if ($p->check_captcha($public,$private) != true)
       {
       print(ERROR." ".ERR_IMAGE_CODE."<br>");
       print("<a href=account.php>".BACK."</a>");
       block_end();
       exit;
   }
  }
 }

 

[dodge]

I´m the one who's sorry Lupin, for all the trouble.
Tryed the above code but it seems that ImageTTFText is also not enabled in my server.

Code:

Fatal error: Call to undefined function: imagettftext() in /home/kronos/public_html/tracker/include/functions.php on line 1999

(in the registration table).

I commented out all references (3) in functions.php to ImageTTFText, and the error goes away, i get the "confirm" and "cancel" buttons, and the registration is working although i get also this after registration:

Code:

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/kronos/public_html/tracker/account.php on line 118


Account Created

Congratulations your account is now valid!
Now you can login on the site using your account.

It´s working, but with errors.

I´m also trying to integrate ipb 2.0.3 with btit, i´ve managed to create account in both tables by registering only in the tracker, including ibf_member_extra, where vdirs and avatar info goes.
My next step will be to display in the forum uploaded/downloaded info beneath members avatar. Has anyone tryed that already?
If so, which is the file to edit?