Btit Tracker v.1.3.2 -------------------- CHANGES: - fixed all security holes founded all over the script - fixed a lot of cosmetics things (thanks gAnDo) - minor bug fixes LIST OF CHANGED FILES: ---------------------- account.php account_change.php admincp.php allshout.php announce.php changelog.txt comment.php delete.php details.php download.php extra-stats.php forum.php login.php moresmiles.php news.php peers.php recover.php rss_torrents.php + NEW searchusers.php torrent_history.php torrents.php upload.php usercp.php userdetails.php include\functions.php include\prune_users.php include\masspm.php blocks\seedwanted_block.php blocks\lasttorrents_block.php blocks\toptorrents_block.php blocks\paypal_block.php + NEW ************************************************************************************************************************************** Btit Tracker v.1.3.1 -------------------- CHANGES: - security fixes in account.php and account_change.php LIST OF CHANGED FILES: ---------------------- account.php account_change.php ************************************************************************************************************************************** Btit Tracker v.1.3 ------------------ CHANGES: - All peers are now stored in unique table (peers) instead of lot xinfohash tables (maybe some hacks will not work anymore) - IP in users table is now registred as string, no more as long (should avoid some problem with high IP) - Better BBCode editor - Image Code (secure signup with image code) is now optional (default is true=use image code), can be changed in admincp - Fixed minor bugs - getscrape.php has been changed a lot (use fsockopen instead of fopen, should be more efficient), and now get multiscrape from tracker which support this feature (5 torrents each time) NEW: - Live stats (default disabled), can be enable from Admincp the live stats record, can give high server load - Private flag (default enabled) inserted "on fly" on new uploaded torrents, can be disabled from admincp - Basic Log site activity (users/torrents), default is disabled, can be enabled from admincp (based on liroy hack) - Basic History (users/torrents), default is disabled, can be enabled from admincp - Added "searchdiff" hack in admincp (baterist's hack) - Added GZIP support (not for compact mode in announce), default is OFF, can be enabled in admincp - Added Basic debug informations (optional in footer), default is ON, can be disabled in admincp - support for multi-scrape (scrape result for more than 1 torrent at a time) - added announce urls as array, default is at least one which is $BASEURL/announce.php now you can add more than one announce url as "internal announce". LIST OF CHANGED FILES: ---------------------- account.php admincp.php announce.php changelog.txt delete.php details.php edit.php forum.php login.php new_upload.php - REMOVED peers.php readme.txt scrape.php torrent_history.php + NEW torrents.php tracker.php - REMOVED upload.php usercp.php userdetails.php blocks\lastmember_block.php blocks\lasttorrents_block.php blocks\seedwanted_block.php blocks\toptorrents_block.php include\functions.php include\getscrape.php include\sanity.php include\searchdiff.php + NEW include\sitelog.php + NEW sql\database.sql upgrade\12_to_13.sql + NEW ************************************************************************************************************************************** Btit Tracker v.1.2 --------------- FIXES: - All known and found security hole CHANGES: - shoutbox: compact shoutbox (by brainphreak) - peers: better client recognition - torrents: sorting by different fields ascending/descending - users: sorting by different fields ascending/descending - torrents: modified Torrent.ext.int.display.v1-nwfr by hoha (show (EXT) if external near the torrent name) NEW: - block: seedwanted - userdetails: active torrents by petr1fied - torrent's details: files in torrents - torrent's details: basic comments moderation (delete) - account: valid email check on signup - by vibes - admincp: masspm by vibes - admincp: prune dead torrents/inactive users - usercp: delete PM with checkboxes - by gAnDo - sanity: *.png files (created by image code) are delete each sanity call - admincp: New option, use popup or not (default is true) List of changed/new files: .\account.php .\account_change.php .\admincp.php .\announce.php .\changelog.txt .\comment.php .\details.php .\download.php .\edit.php .\extra-stats.php .\forum.php .\index.php .\news.php .\peers.php .\recover.php .\searchusers.php .\torrents.php .\upload.php .\usercp.php .\userdetails.php .\blocks\forum_block.php .\blocks\lastmember_block.php .\blocks\lasttorrents_block.php .\blocks\mainmenu_block.php .\blocks\maintrackertoolbar_block.php .\blocks\news_block.php .\blocks\online_block.php .\blocks\seedwanted_block.php (NEW) .\blocks\shoutbox_block.php .\blocks\toptorrents_block.php .\blocks\trackerinfo_block.php .\include\blocks.php .\include\config.php .\include\functions.php .\include\getscrape.php .\include\masspm.php (NEW) .\include\prune_torrents.php (NEW) .\include\prune_users.php (NEW) .\include\sanity.php ************************************************************************************************************************************** Btit Tracker v.1.1 --------------- - account.php: + fixed: fatal error if gd library non set - usercp.php: + fixed: hack sql injection code on avatar url - functions.php: + fixed: makesize function with negative parameters - upload.php: + fixed: malicious code in torrent filename/info. ************************************************************************************************************************************** Btit Tracker v.1 ------------- - Release.