Invites mod

Started by rickandmary, August 03, 2012, 10:01:59 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

ndbj

Could it be this?

<?
require "include/bittorrent.php";

dbconn(false);

loggedinorreturn();

function bark($msg)
{
  stdhead();
  stdmsg("Error", $msg);
  stdfoot();
  exit;
}

function how_many_days_left($iy,$im,$id,$dy,$dm,$dd) {
$init_date = mktime(12,0,0,$im,$id,$iy);
$dst_date = mktime(12,0,0,$dm,$dd,$dy);
$offset = $dst_date-$init_date;
$days = floor($offset/60/60/24);
return $days;
}


function mkage($birthdate) {
$curyear = date("Y");
$curmonth = date("m");
$curday = date("d");
$bdexpl = explode("-",$birthdate);
$byear = $bdexpl[0];
$bmonth = $bdexpl[1];
$bday = $bdexpl[2];
$udate = date("U");


$inforeturn = array();

if (($curmonth == $bmonth) and ($curday == $bday)) {
$dudesage = $curyear - $byear;
$inforeturn["age"] = $dudesage;
$inforeturn["birthday"] = "now";
}
else {

if ($bmonth < $curmonth) {
$agetype = 1; // birthday is already gone for this year
}
if (($bmonth == $curmonth) and ($bday < $curday)) {
$agetype = 1;
}
if (($bmonth == $curmonth) and ($bday > $curday)) {
$agetype = 2; // birthday is yet to come
}
if ($bmonth > $curmonth) {
$agetype = 2;
}
if ($agetype == 1) {
$dudesage = $curyear - $byear;
$days = how_many_days_left($curyear,$curmonth,$curday,$curyear+1,$bmonth,$bday);
}
elseif ($agetype == 2) {
$dudesage = $curyear - $byear - 1;
$days = how_many_days_left($curyear,$curmonth,$curday,$curyear,$bmonth,$bday);
}
$inforeturn["birthday"] = $days;
$inforeturn["currentage"] = $dudesage;
$inforeturn["become"]= $dudesage+1;
}
return $inforeturn;
}


$id = 0 + $_GET["id"];

if (!is_valid_id($id))
  bark("Bad ID $id.");

$r = @mysql_query("SELECT * FROM users WHERE id=$id") or sqlerr();
$user = mysql_fetch_array($r) or bark("No user with ID $id.");

if ($user["ip"] && (get_user_class() >= UC_MODERATOR || $user["id"] == $CURUSER["id"]))
{
  $ip = $user["ip"];
  /* if (get_user_class() == UC_SYSOP)
  $dom = @gethostbyaddr($user["ip"]); */
 
  if ($dom == $user["ip"] || @gethostbyname($dom) != $user["ip"])
    $addr = $ip;
  else
  {
    $domparts = explode(".", $dom);
    $domain = $domparts[count($domparts) - 2];
    if ($domain == "COM" || $domain == "CO" || $domain == "NET" || $domain == "NE" || $domain == "ORG" || $domain == "OR" )
      $l = 2;
    else
      $l = 1;
    $addr = "$ip ($dom)";
  }
}
if ($user[added] == "0000-00-00 00:00:00")
  $joindate = 'N/A';
else
  $joindate = "$user[added] (" . get_elapsed_time(sql_timestamp_to_unix_timestamp($user["added"])) . " ago)";

$res = mysql_query("SELECT name,flagpic FROM countries WHERE id=$user[country] LIMIT 1") or sqlerr();
if (mysql_num_rows($res) == 1)
{
  $arr = mysql_fetch_assoc($res);
  $country = "<img src=/pic/flag/$arr[flagpic] alt=\"$arr[name]\" style='margin-left: 8pt'>";
}

/*$res = mysql_query("SELECT name FROM clients WHERE id=$user[client] LIMIT 1") or sqlerr();
if (mysql_num_rows($res) == 1)
{
  $arr = mysql_fetch_assoc($res);
$client = "<td align=left>" . ($arr["name"]) . "</td>";
}*/
$client = "<td align=left>" . $user["client"] . "</td>";

stdhead("Details for " . $user["username"]);

/*$res = mysql_query("SELECT image FROM contacts WHERE id=$user[contacttype] LIMIT 1") or sqlerr();
if (mysql_num_rows($res) == 1)
{
$arr = mysql_fetch_assoc($res);
$contacttype = "<img src=pic/$arr[image]>";
}*/
$contacttype = "<img src=pic/apps.jpg>";

if ($user["invited_by"] > 0){
$blah = mysql_query("SELECT id, username FROM users WHERE id = $user[invited_by]") or sqlerr();
$invite = mysql_fetch_assoc($blah);
}

  if ($user["status"] == 'confirmed')
      $status = "<a href=userdetails.php?id=$user[id]><font color=#1f7309>Confirmed</font></a>";
      else
      $status = "<font color=#ca0226>Pending</font>";


begin_main_frame();
print("<table width=100% class=main border=1 cellspacing=0 cellpadding=2>".
"<tr class=tabletitle><td class=embedded><p align=center>$user[username]" . get_user_icons($user, true) . "&nbsp;$country</p></tr></table>\n"); ?>
<table width=100% border=1 cellspacing=0 cellpadding=5>
<?
if ($user[invited_by] > 0)
print("<tr class=tableb><td width=15%>Invited By</td><td align=left><a href=userdetails.php?id=$invite[id]>$invite[username]</a></td></tr>\n");
print("<tr class=tableb><td width=15%>Status</td><td align=left width=99%>$status</td></tr>\n");
print("<tr class=tableb><td width=15%>" . JOINDATE . "</td><td align=left width=99%>$joindate</td></tr>\n");
if (get_user_class() >= UC_MODERATOR)
  print("<tr class=tableb><td>" . EMAIL . "</td><td align=left><a href=mailto:$user[email]>$user[email]</a></td></tr>\n");
if ($addr)
  print("<tr class=tableb><td>" . IPADDRESS . "</td><td align=left>$addr</td></tr>\n");

//////// admins and curuser only ///////

if (get_user_class() >= UC_ADMINISTRATOR || $user["id"] == $CURUSER["id"]){
print("<tr class=tableb><td>Max. Torrents</td><td align=left>$user[maxtorrents]</td></tr>\n");
}



if ($user['donated'] > 0 && (get_user_class() >= UC_MODERATOR || $CURUSER["id"] == $user["id"]))
print("<tr class=tableb><td>" . DONATED . "</td><td align=left>€ $user[donated]</td></tr>\n");




if ($user[avatar] == '')
$avatar = "<img src=pic/default_avatar.gif width=150>";
elseif ($user[avatar] == $user[id].".jpg")
$avatar = "<img src=Avatars/Gallery/users/$user[avatar] width=150>";
elseif ($user[gallery] == '1')
$avatar = "<img src=Avatars/Gallery/$user[avatar] width=150>";
else
$avatar = "<img src=$user[avatar] width=150>";
print("<tr class=tableb><td>" . AVATAR . "</td><td align=left>$avatar</td></tr>\n");





print("<tr class=tableb><td>" . GENDER . "</td><td align=left>$user[gender]</td></tr>\n");



       
     /// BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY
       
       
if ($user["birthdate"]) {
        $bdoutput = mkage($user[birthdate]);
        if ($bdoutput["birthday"] == "now") {
        print("<tr class=tableb><td>Birthday</td><td align=left>$user[username] celebrates ");
        if ($user[gender] == "Female") echo "her "; else echo "his ";
        $lastdigit = strrev($bdoutput["age"]);
        if ($lastdigit{0} == 1) { $bdayending = "st"; }
        elseif ($lastdigit{0} == 2) { $bdayending = "nd"; }
        elseif ($lastdigit{0} == 3) { $bdayending = "rd"; }
        else { $bdayending = "th"; }
        print $bdoutput["age"];
        print "$bdayending ";
        print ("birthday today! Congratulations!</td></tr>\n");

}
else {
        print("<tr class=tableb><td>Birthday</td><td align=left>$user[username] is currently $bdoutput[currentage]. But ");
        if ($user[gender] == "Female") echo "she "; else echo "he ";
        print ("will become $bdoutput[become] in $bdoutput[birthday] days!</td></tr>\n");
        }

       



}
else {
print ("<tr class=tableb><td>Birthday</td><td align=left>No birthdate is set for this user. Too bad...</td></tr>\n");
}

     /// BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY BIRTHDAY





if ($user["client"] > 0)
print("<tr class=tableb><td>" . BTCLIENT . "</td>$client</tr>\n");

if ($user["website"])
        print("<tr class=tableb><td>" . WEBSITE . "</td><td align=left><a href=$user[website] target=_blank>$user[website]</a></td></tr>\n");
print("<tr class=tableb><td>Class</td><td align=left>" . get_user_class_name($user["class"]) . "</td></tr>\n");
if ($CURUSER[id] == $user[id] || get_user_class() >= UC_ADMINISTRATOR)
print("<tr class=tableb><td>Invitations</td><td align=left><a href=invite.php?id=$user[id]>$user[invites]</a></td></tr>\n");
else
print("<tr class=tableb><td>Invitations</td><td align=left>$user[invites]</td></tr>\n");
if ($user["contacts"])
print("<tr class=tableb><td>Contact</td><td align=left>$contacttype&nbsp;$user[contacts]</td></tr>\n");
if ($user["title"])
     print("<tr class=tableb><td>" . TITLE . "</td><td align=left>" . format_comment($user[title]) . "</td></tr>\n");
if ($user["info"])
print("<tr valign=top class=tableb><td align=left colspan=2 class=text>" . format_comment($user["info"]) . "</td></tr>\n");
print("</table>\n");


end_main_frame();
stdfoot();
?>

ndbj

Cheers!
Where can I find a checkuser.php file, needed to this mod?

Thanks in advance.

rickandmary

#1
CREATE TABLE `invites` (
  `id` int(10) unsigned NOT NULL auto_increment,
  `inviter` int(10) unsigned NOT NULL default '0',
  `inviteid` int(10) NOT NULL default '0',
  `invite` varchar(32) NOT NULL default '',
  `time_invited` datetime NOT NULL default '0000-00-00 00:00:00',
  `confirmed` char(3) NOT NULL default 'no',
  PRIMARY KEY  (`id`),
  KEY `inviter` (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=39;


ALTER TABLE users ADD `invites` int(10) unsigned NOT NULL default '1'; 

save and upload the following files to root

invite.php
<?
require "include/bittorrent.php";

dbconn();

loggedinorreturn();

$id = 0 + $_GET["id"];
$type = unesc($_GET["type"]);
$invite = $_GET["invite"];

stdhead("Invites");
function bark($msg) {
//  stdhead();
    stdmsg("Invite Error", $msg);
  stdfoot();
  exit;
}
if ($id == 0){
  $id = $CURUSER["id"];
}

$res = mysql_query("SELECT invites FROM users WHERE id = $id") or sqlerr();
$inv = mysql_fetch_assoc($res);

if ($inv["invites"] != 1){
$_s = "s";
} else {
$_s = "";
}

if ($type == 'new'){
print("<form method=post action=takeinvite.php?id=$id>".
"<table border=1 width=750 cellspacing=0 cellpadding=5>".
"<tr class=tabletitle><td colspan=2><b>Create a new invite code ($inv[invites] invitation$_s left)</b></td></tr>".
"<tr class=tableb><td align=center colspan=2><input type=submit value=Create style='height: 20px'></td></tr>".
"</form></table>");
}
else if ($type == 'del'){
    $ret = mysql_query("SELECT * FROM invites WHERE invite = '$invite'") or sqlerr();
    $num = mysql_fetch_assoc($ret); 
    if ($num[inviter]==$id){
  print("You are allowed to delete $num[invitee]\n\n");
  mysql_query("DELETE FROM invites WHERE invite = '$invite'")or sqlerr();
  print("<table width=\"200\" border=\"0\"><tr><td align=center><b>Invite deleted</b></td></tr>");
  mysql_query("UPDATE users SET invites = ($CURUSER[invites]+1) WHERE id = $CURUSER[id]") or sqlerr();
  print("<tr><td align=center><b>Your number of invites has been updated</b></td></tr></table>");
    } else
  print("You are not allowed to delete this invite or this invite does not exist");
}
else {
    if (get_user_class() <= UC_UPLOADER && !($id == $CURUSER["id"]))
    {
    bark("You have no right to view that users Invites! !");
    }


$rel = mysql_query("SELECT COUNT(*) FROM users WHERE invitedby = $id") or sqlerr();
$arro = mysql_fetch_row($rel);
$number = $arro[0];


$ret = mysql_query("SELECT id, username, email, uploaded, downloaded, status, warned, enabled, donor, email FROM users WHERE invitedby = $id") or sqlerr();
$num = mysql_num_rows($ret);

print("<form method=post action=takeconfirm.php?id=$id><table border=1 width=750 cellspacing=0 cellpadding=5>".
"<tr class=tabletitle><td colspan=7><b>Current status of invitees</b> ($number)</td></tr>");

if(!$num){
print("<tr class=tableb><td colspan=7>No invitees yet.</tr>");
} else {


print("<tr class=tableb><td><b>Username</b></td><td><b>Email</b></td><td><b>Uploaded</b></td><td><b>Downloaded</b></td><td><b>Ratio</b></td><td><b>Status</b></td>");
if ($CURUSER[id] == $id || get_user_class() >= UC_SYSOP)
print("<td align=center><b>Confirm</b></td>");

print("</tr>");
for ($i = 0; $i < $num; ++$i)
{
  $arr = mysql_fetch_assoc($ret);
  if ($arr[status] == 'pending')
  $user = "<td align=left><a href=checkuser.php?id=$arr[id]>$arr[username]</a></td>";
  else
  $user = "<td align=left><a href=userdetails.php?id=$arr[id]>$arr[username]</a>" .($arr["warned"]  == "yes" ? "&nbsp;<img src=pic/warned.gif border=0 alt='Warned'>" : "")."&nbsp;" .($arr["enabled"]  == "no" ? "&nbsp;<img src=pic/disabled.gif border=0 alt='Disabled'>" : "")."&nbsp;" .($arr["donor"]  == "yes" ? "<img src=pic/star.gif border=0 alt='Donor'>" : "")."</td>";

  if ($arr["downloaded"] > 0) {
      $ratio = number_format($arr["uploaded"] / $arr["downloaded"], 3);
      $ratio = "<font color=" . get_ratio_color($ratio) . ">$ratio</font>";
      } else {
      if ($arr["uploaded"] > 0) {
      $ratio = "Inf.";
      }
      else {
      $ratio = "---";
      }
   }
  if ($arr["status"] == 'confirmed')
      $status = "<a href=userdetails.php?id=$arr[id]><font color=#1f7309>Confirmed</font></a>";
      else
      $status = "<a href=checkuser.php?id=$arr[id]><font color=#ca0226>Pending</font></a>";       
   
print("<tr class=tableb>$user<td>$arr[email]</td><td>" . mksize($arr[uploaded]) . "</td><td>" . mksize($arr[downloaded]) . "</td><td>$ratio</td><td>$status</td>");
if ($CURUSER[id] == $id || get_user_class() >= UC_SYSOP){
print("<td align=center>");
if ($arr[status] == 'pending')
print("<input type=\"checkbox\" name=\"conusr[]\" value=\"" . $arr[id] . "\" />");
print("</td>");
}

print("</tr>");     
}
}
if ($CURUSER[id] == $id || get_user_class() >= UC_SYSOP){ 
print("<input type=hidden name=email value=$arr[email]>");
print("<tr class=tableb><td colspan=7 align=right><input type=submit value='Confirm Users' style='height: 20px'></form></td></tr>");
}
print("</table><br>");

$rul = mysql_query("SELECT COUNT(*) FROM invites WHERE inviter = $id") or sqlerr();
$arre = mysql_fetch_row($rul);
$number1 = $arre[0];

$rer = mysql_query("SELECT inviteid, invite, time_invited FROM invites WHERE inviter = $id AND confirmed='no'") or sqlerr();
$num1 = mysql_num_rows($rer);
print("<table border=1 width=750 cellspacing=0 cellpadding=5>".
"<tr class=tabletitle><td colspan=6><b>Current status of created codes</b> ($number1)</td></tr>");

if(!$num1){
print("<tr class=tableb><td colspan=6>No invitation codes created at the moment.</tr>");
} else {

print("<tr class=tableb><td><b>Invite Code</b></td><td><b>Created Date</b></td><td></td></tr>");
for ($i = 0; $i < $num1; ++$i)
{
  $arr1 = mysql_fetch_assoc($rer);
  print("<tr class=tableb><td>$arr1[invite]</td><td>$arr1[time_invited]</td>");
//  print("<td><input type=\"checkbox\" name=\"conusr[]\" value=\"" . $arr[id] . "\" /></td></tr>");
  print ("<td><a href=\"invite.php?invite=$arr1[invite]&type=del\">Delete Invitecode</a></td></tr>");
}
}
print("<tr class=tableb><td colspan=7 align=center><form method=post action=invite.php?id=$id&type=new><input type=submit value='Create Invite Code' style='height: 20px'></form></td></tr>");
print("</table>");

}

stdfoot();

die;

?>


takeinvite.php
<?

require_once("include/bittorrent.php");

hit_start();

dbconn();

function bark($msg) {
  stdhead();
    stdmsg("Invitation failed!", $msg);
  stdfoot();
  exit;
}

$id = 0 + $_GET["id"];

if ($id == 0){
  $id = $CURUSER["id"];
}
if (get_user_class() <= UC_MODERATOR)
    $id = $CURUSER["id"];


$re = mysql_query("SELECT invites FROM users WHERE id = $id") or sqlerr();
$tes = mysql_fetch_assoc($re);
if ($tes[invites] <= 0)
  bark("You have no signups left!");
 
 
 
 

$ret = mysql_query("SELECT username FROM users WHERE id = $id") or sqlerr();
$arr = mysql_fetch_assoc($ret);
 
 
$hash  = md5(mt_rand(1,1000000));

mysql_query("INSERT INTO invites (inviter, invite, time_invited) VALUES ('$id', '$hash', '" . get_date_time() . "')");
mysql_query("UPDATE users SET invites = invites - 1 WHERE id = $id") or sqlerr(__FILE__, __LINE__);

header("Refresh: 0; url=invite.php?id=$id");

hit_end();

?>


replace your signup.php with this
signup.php
<?

require_once("include/bittorrent.php");
dbconn();

$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $maxusers)
    stderr("Sorry", "The current user account limit (" . number_format($maxusers) . ") has been reached. Inactive accounts are pruned all the time, please check back again later...");


stdhead("Signup");

?>
<!--
<table width=500 border=1 cellspacing=0 cellpadding=10><tr><td align=left>
<h2 align=center>Proxy check</h2>
<b><font color=red>Important - please read:</font></b> We do not accept users connecting through public proxies. When you
submit the form below we will check whether any commonly used proxy ports on your computer is open. If you have a firewall it may alert of you of port
scanning activity originating from <b>69.10.142.42</b> (torrentbits.org). This is only our proxy-detector in action.
<b>The check takes up to 30 seconds to complete, please be patient.</b> The IP address we will test is <b><?= $HTTP_SERVER_VARS["REMOTE_ADDR"]; ?></b>.
By proceeding with submitting the form below you grant us permission to scan certain ports on this computer.
</td></tr></table>
<p>
-->
Note: You need cookies enabled to sign up or log in.
<p>
<form method="post" action="takesignup.php">
<table border="1" cellspacing=0 cellpadding="10">
<tr><td align="right" class="heading">Desired username:</td><td align=left><input type="text" size="40" name="wantusername" /></td></tr>
<tr><td align="right" class="heading">Pick a password:</td><td align=left><input type="password" size="40" name="wantpassword" /></td></tr>
<tr><td align="right" class="heading">Enter password again:</td><td align=left><input type="password" size="40" name="passagain" /></td></tr>
<tr><td align="right" class="heading">Enter invite-code:<br><small>(Provided by your inviter)</small></td><td align=left><input type="text" size="40" name="invite" /></td></tr>
<tr valign=top><td align="right" class="heading">Email address:</td><td align=left><input type="text" size="40" name="email" />
<table width=250 border=0 cellspacing=0 cellpadding=0><tr><td class=embedded><font class=small>The email address must be valid.
You will receive a confirmation email which you need to respond to. The email address won't be publicly shown anywhere.</td></tr>
</font></td></tr></table>
</td></tr>
</td></tr>
<tr><td align="right" class="heading"></td><td align=left><input type=checkbox name=rulesverify value=yes> I have read the site rules page.<br>
<input type=checkbox name=faqverify value=yes> I agree to read the FAQ before asking questions.<br>
<input type=checkbox name=ageverify value=yes> I am at least 13 years old.</td></tr>
<tr><td colspan="2" align="center"><input type=submit value="Sign up! (PRESS ONLY ONCE)" style='height: 25px'></td></tr>
</table>
</form>
<?

stdfoot();

?>


takesignup.php
<?

require_once("include/bittorrent.php");

hit_start();

dbconn();

$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $maxusers)
    stderr("Error", "Sorry, user limit reached. Please try again later.");

if (!mkglobal("wantusername:wantpassword:passagain:invite:email"))
    die();

function bark($msg) {
  stdhead();
    stdmsg("Signup failed!", $msg);
  stdfoot();
  exit;
}

function validusername($username)
{
    if ($username == "")
   return false;

    // The following characters are allowed in user names
    $allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

    for ($i = 0; $i < strlen($username); ++$i)
   if (strpos($allowedchars, $username[$i]) === false)
     return false;

    return true;
}

function isportopen($port)
{
    global $HTTP_SERVER_VARS;
    $sd = @fsockopen($HTTP_SERVER_VARS["REMOTE_ADDR"], $port, $errno, $errstr, 1);
    if ($sd)
    {
  fclose($sd);
  return true;
    }
    else
  return false;
}
/*
function isproxy()
{
    $ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);
    for ($i = 0; $i < count($ports); ++$i)
  if (isportopen($ports[$i])) return true;
    return false;
}
*/

if (empty($wantusername) || empty($wantpassword) || empty($email))
    bark("Don't leave any fields blank.");

if (strlen($wantusername) > 12)
    bark("Sorry, username is too long (max is 12 chars)");

if ($wantpassword != $passagain)
    bark("The passwords didn't match! Must've typoed. Try again.");

if (strlen($wantpassword) < 6)
    bark("Sorry, password is too short (min is 6 chars)");

if (strlen($wantpassword) > 40)
    bark("Sorry, password is too long (max is 40 chars)");

if ($wantpassword == $wantusername)
    bark("Sorry, password cannot be same as user name.");

if (!validemail($email))
    bark("That doesn't look like a valid email address.");

if (!validusername($wantusername))
    bark("Invalid username.");

// make sure user agrees to everything...
if ($HTTP_POST_VARS["rulesverify"] != "yes" || $HTTP_POST_VARS["faqverify"] != "yes" || $HTTP_POST_VARS["ageverify"] != "yes")
    stderr("Signup failed", "Sorry, you're not qualified to become a member of this site.");

// check if email addy is already in use
$a = (@mysql_fetch_row(@mysql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
if ($a[0] != 0)
  bark("The e-mail address $email is already in use.");

/*
// do simple proxy check
if (isproxy())
    bark("You appear to be connecting through a proxy server. Your organization or ISP may use a transparent caching HTTP proxy. Please try and access the site on <a href=http://torrentbits.org:81/signup.php>port 81</a> (this should bypass the proxy server). <p><b>Note:</b> if you run an Internet-accessible web server on the local machine you need to shut it down until the sign-up is complete.");
*/
hit_count();

$secret = mksecret();
$wantpasshash = md5($secret . $wantpassword . $secret);
$editsecret = (!$arr[0]?"":mksecret());

$r = mysql_query("SELECT inviter, inviteid, confirmed FROM invites WHERE invite='$invite'");

if (mysql_num_rows($r) == 0)
    bark ("Invite $invite not found.\nPlease retry signup or request a new one.");

$a = mysql_fetch_assoc($r);

if ($a["inviteid"]!=0)
    bark ("Invite $invite already taken.\nPlease request a new one with your inviter.");

$ret = mysql_query("INSERT INTO users (username, passhash, secret, editsecret, invitedby, email, ". (!$arr[0]?"class, ":"") ."added) VALUES (" .
  implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $a['inviter'], $email))).
  ", ". (!$arr[0]?UC_SYSOP.", ":""). "'". get_date_time() ."')");

if (!$ret) {
    if (mysql_errno() == 1062)
  bark("Username already exists!");
    bark("borked");
}

$id = mysql_insert_id();

//write_log("User account $id ($wantusername) was created");

$psecret = md5($editsecret);

$ret = mysql_query("UPDATE invites SET inviteid=$id, confirmed='yes' WHERE invite='$invite'");

if($arr[0])
$id = mysql_insert_id();

$dt = sqlesc(get_date_time());
$msg = sqlesc("Congratulations $wantusername,\nYou Are Now A Member of $SITENAME,\nWe Would Like To Take This Opportunity To Say Hello And Welcome To $SITENAME!\nPlease Be Sure To Read The Rules And Be Sure To Stop By The Forums And Say Hello!Please don't use cheat mods, or RatioFucker/RatioMaker. We have scripts embedded within the tracker that can highlight anomilies, and alert staff. So far, most of our cheaters have received warnings, and have their upload reset to ZERO. We are constantly refining the scripts to spot the new mods appearing, and we have trained administrators who can recognise when someone is cheating. This practice is unneccessary, as we have the three day rule, so ratio cheating serves no purposes anyway. Not one member has been disabled for a poor ratio. We have only disabled members for Hit & Running, and Cheating.We expect members to seed to 1.00 on every torrent, or until 3 people complete it, whichever comes first.Please also note that we don't allow duplicate IP accounts. If you need a duplicate IP account, such as a family member/friend using the same PC for their account, please speak to the staff first, explaining why you need a dupliacte account. Any duplicate accounts created without the knowledge of the staff will be disabled.\nEnjoy Your Stay.\nRegards\nThe Staff of $SITENAME ");
mysql_query("INSERT INTO messages (sender, receiver, added, msg, poster) VALUES(0, $id, $dt, $msg, 0)") or sqlerr(__FILE__, __LINE__);

//write_log("User account $id ($wantusername) was created");

$psecret = md5($editsecret);

$body = "Signup successfull! Your inviter needs to confirm your account now. Then you can login.";

//mail($email, "$SITENAME user registration confirmation", $body, "From: $SITEEMAIL", "-f$SITEEMAIL");

stdhead();
print($body);
stdfoot();

hit_end();

?>


inviteadd.php
<?
require "include/bittorrent.php";
dbconn();
loggedinorreturn();
if (get_user_class() < UC_SYSOP)
stderr("Error", "Access denied.");
if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST")
{
if ($HTTP_POST_VARS["username"] == "" || $HTTP_POST_VARS["invites"] == "" || $HTTP_POST_VARS["invites"] == "")
stderr("Error", "Missing form data.");
$username = sqlesc($HTTP_POST_VARS["username"]);
$invites = sqlesc($HTTP_POST_VARS["invites"]);

mysql_query("UPDATE users SET invites=$invites WHERE username=$username") or sqlerr(__FILE__, __LINE__);
$res = mysql_query("SELECT id FROM users WHERE username=$username");
$arr = mysql_fetch_row($res);
if (!$arr)
stderr("Error", "Unable to update account.");
header("Location: $BASEURL/userdetails.php?id=$arr[0]");
die;
}
stdhead("Update Users Invite Amounts");
?>
<h1>Update Users Invite Amounts</h1>
<form method=post action=inviteadd.php>
<table border=1 cellspacing=0 cellpadding=5>
<tr><td class=rowhead>User name</td><td><input type=text name=username size=40></td></tr>
<tr><td class=rowhead>Invites</td><td><input type=uploaded name=invites size=5></td></tr>
<tr><td colspan=2 align=center><input type=submit value="Okay" class=btn></td></tr>
</table>
</form>
<? stdfoot(); ?>


in bittorrent.php if you have a statusbar, replace
Welcome back, <b><a href="userdetails.php?id=<?=$CURUSER['id']?>"><?=$CURUSER['username']?></a></b><?=$medaldon?><?=$warn?>&nbsp; [<a href="logout.php">logout</a>]<br/>

with
Welcome Back, <b><a href="userdetails.php?id=<?=$CURUSER['id']?>"><?=$CURUSER['username']?></a></b><?=$medaldon?><?=$warn?>&nbsp;<a href="logout.php">logout</a> | <a href="invite.php">Invite</a>
  <br>


in userdetails.php add
print("<tr><td class=rowhead>Invited by</td><td align=left>$invby</a></td></tr>\n");
print("<tr><td class=rowhead>Invites</td><td align=left><a href=/invite.php>$user[invites]</a></td></tr>\n"); 


add to bittorrent.php and modify to suit your needs
//invite time
$invite_timeout = 86400 * 3;
$invites = 50000;