/**
* Edit a comment
* @param int $PostID
* @param string $NewBody
* @param bool $SendPM If true, send a PM to the author of the comment informing him about the edit
* @todo move permission check out of here/remove hardcoded error(404)
*/
public static function edit($PostID, $NewBody, $SendPM = false)
{
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\tSELECT\n\t\t\t\tBody,\n\t\t\t\tAuthorID,\n\t\t\t\tPage,\n\t\t\t\tPageID,\n\t\t\t\tAddedTime\n\t\t\tFROM comments\n\t\t\tWHERE ID = {$PostID}");
if (!G::$DB->has_results()) {
return false;
}
list($OldBody, $AuthorID, $Page, $PageID, $AddedTime) = G::$DB->next_record();
if (G::$LoggedUser['ID'] != $AuthorID && !check_perms('site_moderate_forums')) {
return false;
}
G::$DB->query("\n\t\t\tSELECT CEIL(COUNT(ID) / " . TORRENT_COMMENTS_PER_PAGE . ") AS Page\n\t\t\tFROM comments\n\t\t\tWHERE Page = '{$Page}'\n\t\t\t\tAND PageID = {$PageID}\n\t\t\t\tAND ID <= {$PostID}");
list($CommPage) = G::$DB->next_record();
// Perform the update
G::$DB->query("\n\t\t\tUPDATE comments\n\t\t\tSET\n\t\t\t\tBody = '" . db_string($NewBody) . "',\n\t\t\t\tEditedUserID = " . G::$LoggedUser['ID'] . ",\n\t\t\t\tEditedTime = '" . sqltime() . "'\n\t\t\tWHERE ID = {$PostID}");
// Update the cache
$CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $CommPage - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
G::$Cache->delete_value($Page . '_comments_' . $PageID . '_catalogue_' . $CatalogueID);
if ($Page == 'collages') {
// On collages, we also need to clear the collage key (collage_$CollageID), because it has the comments in it... (why??)
G::$Cache->delete_value('collage_' . $PageID);
}
G::$DB->query("\n\t\t\tINSERT INTO comments_edits (Page, PostID, EditUser, EditTime, Body)\n\t\t\tVALUES ('{$Page}', {$PostID}, " . G::$LoggedUser['ID'] . ", '" . sqltime() . "', '" . db_string($OldBody) . "')");
G::$DB->set_query_id($QueryID);
if ($SendPM && G::$LoggedUser['ID'] != $AuthorID) {
// Send a PM to the user to notify them of the edit
$PMSubject = "Your comment #{$PostID} has been edited";
$PMurl = site_url() . "comments.php?action=jump&postid={$PostID}";
$ProfLink = '[url=' . site_url() . 'user.php?id=' . G::$LoggedUser['ID'] . ']' . G::$LoggedUser['Username'] . '[/url]';
$PMBody = "One of your comments has been edited by {$ProfLink}: [url]{$PMurl}[/url]";
Misc::send_pm($AuthorID, 0, $PMSubject, $PMBody);
}
return true;
// TODO: this should reflect whether or not the update was actually successful, e.g. by checking G::$DB->affected_rows after the UPDATE query
}
/**
* Unlock an account
*
* @param int $UserID The ID of the user to unlock
* @param int $Type The lock type, should be a constant value. Used for database verification
* to avoid deleting the wrong lock type
* @param string $Reason The reason for unlock
* @param int $UnlockedByUserID The ID of the staff member unlocking $UserID's account. 0 for system
*/
public static function unlock_account($UserID, $Type, $Message, $Reason, $UnlockedByUserID)
{
if ($UnlockedByUserID == 0) {
$Username = "******";
} else {
G::$DB->query("SELECT Username FROM users_main WHERE ID = '" . $UnlockedByUserID . "'");
list($Username) = G::$DB->next_record();
}
G::$DB->query("DELETE FROM locked_accounts WHERE UserID = '{$UserID}' AND Type = '" . $Type . "'");
if (G::$DB->affected_rows() == 1) {
G::$Cache->delete_value("user_info_" . $UserID);
Tools::update_user_notes($UserID, sqltime() . " - " . db_string($Message) . " by {$Username}\nReason: " . db_string($Reason) . "\n\n");
}
}
/**
* Parse a post/comment body for quotes and notify all quoted users that have quote notifications enabled.
* @param string $Body
* @param int $PostID
* @param string $Page
* @param int $PageID
*/
public static function quote_notify($Body, $PostID, $Page, $PageID)
{
$QueryID = G::$DB->get_query_id();
/*
* Explanation of the parameters PageID and Page: Page contains where
* this quote comes from and can be forums, artist, collages, requests
* or torrents. The PageID contains the additional value that is
* necessary for the users_notify_quoted table. The PageIDs for the
* different Page are: forums: TopicID artist: ArtistID collages:
* CollageID requests: RequestID torrents: GroupID
*/
$Matches = array();
preg_match_all('/\\[quote(?:=(.*)(?:\\|.*)?)?]|\\[\\/quote]/iU', $Body, $Matches, PREG_SET_ORDER);
if (count($Matches)) {
$Usernames = array();
$Level = 0;
foreach ($Matches as $M) {
if ($M[0] != '[/quote]') {
if ($Level == 0 && isset($M[1]) && strlen($M[1]) > 0 && preg_match(USERNAME_REGEX, $M[1])) {
$Usernames[] = preg_replace('/(^[.,]*)|([.,]*$)/', '', $M[1]);
// wut?
}
++$Level;
} else {
--$Level;
}
}
}
// remove any dupes in the array (the fast way)
$Usernames = array_flip(array_flip($Usernames));
G::$DB->query("\n\t\t\tSELECT m.ID\n\t\t\tFROM users_main AS m\n\t\t\t\tLEFT JOIN users_info AS i ON i.UserID = m.ID\n\t\t\tWHERE m.Username IN ('" . implode("', '", $Usernames) . "')\n\t\t\t\tAND i.NotifyOnQuote = '1'\n\t\t\t\tAND i.UserID != " . G::$LoggedUser['ID']);
$Results = G::$DB->to_array();
foreach ($Results as $Result) {
$UserID = db_string($Result['ID']);
$QuoterID = db_string(G::$LoggedUser['ID']);
$Page = db_string($Page);
$PageID = db_string($PageID);
$PostID = db_string($PostID);
G::$DB->query("\n\t\t\t\tINSERT IGNORE INTO users_notify_quoted\n\t\t\t\t\t(UserID, QuoterID, Page, PageID, PostID, Date)\n\t\t\t\tVALUES\n\t\t\t\t\t('{$UserID}', '{$QuoterID}', '{$Page}', '{$PageID}', '{$PostID}', '" . sqltime() . "')");
G::$Cache->delete_value("notify_quoted_{$UserID}");
if ($Page == 'forums') {
$URL = site_url() . "forums.php?action=viewthread&postid={$PostID}";
} else {
$URL = site_url() . "comments.php?action=jump&postid={$PostID}";
}
NotificationsManager::send_push($UserID, 'New Quote!', 'Quoted by ' . G::$LoggedUser['Username'] . " {$URL}", $URL, NotificationsManager::QUOTES);
}
G::$DB->set_query_id($QueryID);
}
function add_artist($CollageID, $ArtistID)
{
global $Cache, $LoggedUser, $DB;
$DB->query("\n\t\tSELECT MAX(Sort)\n\t\tFROM collages_artists\n\t\tWHERE CollageID = '{$CollageID}'");
list($Sort) = $DB->next_record();
$Sort += 10;
$DB->query("\n\t\tSELECT ArtistID\n\t\tFROM collages_artists\n\t\tWHERE CollageID = '{$CollageID}'\n\t\t\tAND ArtistID = '{$ArtistID}'");
if (!$DB->has_results()) {
$DB->query("\n\t\t\tINSERT IGNORE INTO collages_artists\n\t\t\t\t(CollageID, ArtistID, UserID, Sort, AddedOn)\n\t\t\tVALUES\n\t\t\t\t('{$CollageID}', '{$ArtistID}', '{$LoggedUser['ID']}', '{$Sort}', '" . sqltime() . "')");
$DB->query("\n\t\t\tUPDATE collages\n\t\t\tSET NumTorrents = NumTorrents + 1, Updated = '" . sqltime() . "'\n\t\t\tWHERE ID = '{$CollageID}'");
$Cache->delete_value("collage_{$CollageID}");
$Cache->delete_value("artists_collages_{$ArtistID}");
$Cache->delete_value("artists_collages_personal_{$ArtistID}");
$DB->query("\n\t\t\tSELECT UserID\n\t\t\tFROM users_collage_subs\n\t\t\tWHERE CollageID = {$CollageID}");
while (list($CacheUserID) = $DB->next_record()) {
$Cache->delete_value("collage_subs_user_new_{$CacheUserID}");
}
}
}
function reset_image($UserID, $Type, $AdminComment, $PrivMessage)
{
if ($Type === 'avatar') {
$CacheKey = "user_info_{$UserID}";
$DBTable = 'users_info';
$DBColumn = 'Avatar';
$PMSubject = 'Your avatar has been automatically reset';
} elseif ($Type === 'avatar2') {
$CacheKey = "donor_info_{$UserID}";
$DBTable = 'donor_rewards';
$DBColumn = 'SecondAvatar';
$PMSubject = 'Your second avatar has been automatically reset';
} elseif ($Type === 'donoricon') {
$CacheKey = "donor_info_{$UserID}";
$DBTable = 'donor_rewards';
$DBColumn = 'CustomIcon';
$PMSubject = 'Your donor icon has been automatically reset';
}
$UserInfo = G::$Cache->get_value($CacheKey, true);
if ($UserInfo !== false) {
if ($UserInfo[$DBColumn] === '') {
// This image has already been reset
return;
}
$UserInfo[$DBColumn] = '';
G::$Cache->cache_value($CacheKey, $UserInfo, 2592000);
// cache for 30 days
}
// reset the avatar or donor icon URL
G::$DB->query("\n\t\tUPDATE {$DBTable}\n\t\tSET {$DBColumn} = ''\n\t\tWHERE UserID = '{$UserID}'");
// write comment to staff notes
G::$DB->query("\n\t\tUPDATE users_info\n\t\tSET AdminComment = CONCAT('" . sqltime() . ' - ' . db_string($AdminComment) . "\n\n', AdminComment)\n\t\tWHERE UserID = '{$UserID}'");
// clear cache keys
G::$Cache->delete_value($CacheKey);
Misc::send_pm($UserID, 0, $PMSubject, $PrivMessage);
}
/*
* This is the AJAX page that gets called from the JavaScript
* function NewReport(), any changes here should probably be
* replicated on static.php.
*/
if (!check_perms('admin_reports')) {
error(403);
}
$DB->query("\n\tSELECT\n\t\tr.ID,\n\t\tr.ReporterID,\n\t\treporter.Username,\n\t\tr.TorrentID,\n\t\tr.Type,\n\t\tr.UserComment,\n\t\tr.ResolverID,\n\t\tresolver.Username,\n\t\tr.Status,\n\t\tr.ReportedTime,\n\t\tr.LastChangeTime,\n\t\tr.ModComment,\n\t\tr.Track,\n\t\tr.Image,\n\t\tr.ExtraID,\n\t\tr.Link,\n\t\tr.LogMessage,\n\t\ttg.Name,\n\t\ttg.ID,\n\t\tCASE COUNT(ta.GroupID)\n\t\t\tWHEN 1 THEN aa.ArtistID\n\t\t\tWHEN 0 THEN '0'\n\t\t\tELSE '0'\n\t\tEND AS ArtistID,\n\t\tCASE COUNT(ta.GroupID)\n\t\t\tWHEN 1 THEN aa.Name\n\t\t\tWHEN 0 THEN ''\n\t\t\tELSE 'Various Artists'\n\t\tEND AS ArtistName,\n\t\ttg.Year,\n\t\ttg.CategoryID,\n\t\tt.Time,\n\t\tt.Remastered,\n\t\tt.RemasterTitle,\n\t\tt.RemasterYear,\n\t\tt.Media,\n\t\tt.Format,\n\t\tt.Encoding,\n\t\tt.Size,\n\t\tt.HasCue,\n\t\tt.HasLog,\n\t\tt.LogScore,\n\t\tt.UserID AS UploaderID,\n\t\tuploader.Username\n\tFROM reportsv2 AS r\n\t\tLEFT JOIN torrents AS t ON t.ID = r.TorrentID\n\t\tLEFT JOIN torrents_group AS tg ON tg.ID = t.GroupID\n\t\tLEFT JOIN torrents_artists AS ta ON ta.GroupID = tg.ID AND ta.Importance = '1'\n\t\tLEFT JOIN artists_alias AS aa ON aa.AliasID = ta.AliasID\n\t\tLEFT JOIN users_main AS resolver ON resolver.ID = r.ResolverID\n\t\tLEFT JOIN users_main AS reporter ON reporter.ID = r.ReporterID\n\t\tLEFT JOIN users_main AS uploader ON uploader.ID = t.UserID\n\tWHERE r.Status = 'New'\n\tGROUP BY r.ID\n\tORDER BY ReportedTime ASC\n\tLIMIT 1");
if (!$DB->has_results()) {
die;
}
list($ReportID, $ReporterID, $ReporterName, $TorrentID, $Type, $UserComment, $ResolverID, $ResolverName, $Status, $ReportedTime, $LastChangeTime, $ModComment, $Tracks, $Images, $ExtraIDs, $Links, $LogMessage, $GroupName, $GroupID, $ArtistID, $ArtistName, $Year, $CategoryID, $Time, $Remastered, $RemasterTitle, $RemasterYear, $Media, $Format, $Encoding, $Size, $HasCue, $HasLog, $LogScore, $UploaderID, $UploaderName) = $DB->next_record(MYSQLI_BOTH, array("ModComment"));
if (!$GroupID) {
//Torrent already deleted
$DB->query("\n\t\t\t\tUPDATE reportsv2\n\t\t\t\tSET\n\t\t\t\t\tStatus = 'Resolved',\n\t\t\t\t\tLastChangeTime = '" . sqltime() . "',\n\t\t\t\t\tModComment = 'Report already dealt with (torrent deleted)'\n\t\t\t\tWHERE ID = {$ReportID}");
$Cache->decrement('num_torrent_reportsv2');
?>
<div id="report<?php
echo $ReportID;
?>
" class="report box pad center" data-reportid="<?php
echo $ReportID;
?>
">
<a href="reportsv2.php?view=report&id=<?php
echo $ReportID;
?>
">Report <?php
echo $ReportID;
?>
function log_attempt($UserID)
{
global $DB, $Cache, $AttemptID, $Attempts, $Bans, $BannedUntil;
$IPStr = $_SERVER['REMOTE_ADDR'];
$IPA = substr($IPStr, 0, strcspn($IPStr, '.'));
$IP = Tools::ip_to_unsigned($IPStr);
if ($AttemptID) {
// User has attempted to log in recently
$Attempts++;
if ($Attempts > 5) {
// Only 6 allowed login attempts, ban user's IP
$BannedUntil = time_plus(60 * 60 * 6);
$DB->query("\n\t\t\t\t\tUPDATE login_attempts\n\t\t\t\t\tSET\n\t\t\t\t\t\tLastAttempt = '" . sqltime() . "',\n\t\t\t\t\t\tAttempts = '" . db_string($Attempts) . "',\n\t\t\t\t\t\tBannedUntil = '" . db_string($BannedUntil) . "',\n\t\t\t\t\t\tBans = Bans + 1\n\t\t\t\t\tWHERE ID = '" . db_string($AttemptID) . "'");
if ($Bans > 9) {
// Automated bruteforce prevention
$DB->query("\n\t\t\t\t\t\tSELECT Reason\n\t\t\t\t\t\tFROM ip_bans\n\t\t\t\t\t\tWHERE {$IP} BETWEEN FromIP AND ToIP");
if ($DB->has_results()) {
//Ban exists already, only add new entry if not for same reason
list($Reason) = $DB->next_record(MYSQLI_BOTH, false);
if ($Reason != 'Automated ban per >60 failed login attempts') {
$DB->query("\n\t\t\t\t\t\t\t\tUPDATE ip_bans\n\t\t\t\t\t\t\t\tSET Reason = CONCAT('Automated ban per >60 failed login attempts AND ', Reason)\n\t\t\t\t\t\t\t\tWHERE FromIP = {$IP}\n\t\t\t\t\t\t\t\t\tAND ToIP = {$IP}");
}
} else {
//No ban
$DB->query("\n\t\t\t\t\t\t\tINSERT IGNORE INTO ip_bans\n\t\t\t\t\t\t\t\t(FromIP, ToIP, Reason)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t('{$IP}','{$IP}', 'Automated ban per >60 failed login attempts')");
$Cache->delete_value("ip_bans_{$IPA}");
}
}
} else {
// User has attempted fewer than 6 logins
$DB->query("\n\t\t\t\t\tUPDATE login_attempts\n\t\t\t\t\tSET\n\t\t\t\t\t\tLastAttempt = '" . sqltime() . "',\n\t\t\t\t\t\tAttempts = '" . db_string($Attempts) . "',\n\t\t\t\t\t\tBannedUntil = '0000-00-00 00:00:00'\n\t\t\t\t\tWHERE ID = '" . db_string($AttemptID) . "'");
}
} else {
// User has not attempted to log in recently
$Attempts = 1;
$DB->query("\n\t\t\t\tINSERT INTO login_attempts\n\t\t\t\t\t(UserID, IP, LastAttempt, Attempts)\n\t\t\t\tVALUES\n\t\t\t\t\t('" . db_string($UserID) . "', '" . db_string($IPStr) . "', '" . sqltime() . "', 1)");
}
}
<?php
authorize();
if (!check_perms('site_edit_wiki')) {
error(403);
}
$UserID = $LoggedUser['ID'];
$GroupID = db_string($_POST['groupid']);
$Summaries = $_POST['summary'];
$Images = $_POST['image'];
$Time = sqltime();
if (!is_number($GroupID) || !$GroupID) {
error(0);
}
if (count($Images) != count($Summaries)) {
error('Missing an image or a summary');
}
$Changed = false;
for ($i = 0; $i < count($Images); $i++) {
$Image = $Images[$i];
$Summary = $Summaries[$i];
if (ImageTools::blacklisted($Image, true) || !preg_match("/^" . IMAGE_REGEX . "\$/i", $Image)) {
continue;
}
// sanitize inputs
$Image = db_string($Image);
$Summary = db_string($Summary);
$DB->query("\n\t\tINSERT IGNORE INTO cover_art\n\t\t\t(GroupID, Image, Summary, UserID, Time)\n\t\tVALUES\n\t\t\t('{$GroupID}', '{$Image}', '{$Summary}', '{$UserID}', '{$Time}')");
if ($DB->affected_rows()) {
$Changed = true;
}
/**
* Delete a torrent.
*
* @param int $ID The ID of the torrent to delete.
* @param int $GroupID Set it if you have it handy, to save a query. Otherwise, it will be found.
* @param string $OcelotReason The deletion reason for ocelot to report to users.
*/
public static function delete_torrent($ID, $GroupID = 0, $OcelotReason = -1)
{
$QueryID = G::$DB->get_query_id();
if (!$GroupID) {
G::$DB->query("\n\t\t\t\tSELECT GroupID, UserID\n\t\t\t\tFROM torrents\n\t\t\t\tWHERE ID = '{$ID}'");
list($GroupID, $UploaderID) = G::$DB->next_record();
}
if (empty($UserID)) {
G::$DB->query("\n\t\t\t\tSELECT UserID\n\t\t\t\tFROM torrents\n\t\t\t\tWHERE ID = '{$ID}'");
list($UserID) = G::$DB->next_record();
}
$RecentUploads = G::$Cache->get_value("recent_uploads_{$UserID}");
if (is_array($RecentUploads)) {
foreach ($RecentUploads as $Key => $Recent) {
if ($Recent['ID'] == $GroupID) {
G::$Cache->delete_value("recent_uploads_{$UserID}");
}
}
}
G::$DB->query("\n\t\t\tSELECT info_hash\n\t\t\tFROM torrents\n\t\t\tWHERE ID = {$ID}");
list($InfoHash) = G::$DB->next_record(MYSQLI_BOTH, false);
G::$DB->query("\n\t\t\tDELETE FROM torrents\n\t\t\tWHERE ID = {$ID}");
Tracker::update_tracker('delete_torrent', array('info_hash' => rawurlencode($InfoHash), 'id' => $ID, 'reason' => $OcelotReason));
G::$Cache->decrement('stats_torrent_count');
G::$DB->query("\n\t\t\tSELECT COUNT(ID)\n\t\t\tFROM torrents\n\t\t\tWHERE GroupID = '{$GroupID}'");
list($Count) = G::$DB->next_record();
if ($Count == 0) {
Torrents::delete_group($GroupID);
} else {
Torrents::update_hash($GroupID);
}
// Torrent notifications
G::$DB->query("\n\t\t\tSELECT UserID\n\t\t\tFROM users_notify_torrents\n\t\t\tWHERE TorrentID = '{$ID}'");
while (list($UserID) = G::$DB->next_record()) {
G::$Cache->delete_value("notifications_new_{$UserID}");
}
G::$DB->query("\n\t\t\tDELETE FROM users_notify_torrents\n\t\t\tWHERE TorrentID = '{$ID}'");
G::$DB->query("\n\t\t\tUPDATE reportsv2\n\t\t\tSET\n\t\t\t\tStatus = 'Resolved',\n\t\t\t\tLastChangeTime = '" . sqltime() . "',\n\t\t\t\tModComment = 'Report already dealt with (torrent deleted)'\n\t\t\tWHERE TorrentID = {$ID}\n\t\t\t\tAND Status != 'Resolved'");
$Reports = G::$DB->affected_rows();
if ($Reports) {
G::$Cache->decrement('num_torrent_reportsv2', $Reports);
}
G::$DB->query("\n\t\t\tDELETE FROM torrents_files\n\t\t\tWHERE TorrentID = '{$ID}'");
G::$DB->query("\n\t\t\tDELETE FROM torrents_bad_tags\n\t\t\tWHERE TorrentID = {$ID}");
G::$DB->query("\n\t\t\tDELETE FROM torrents_bad_folders\n\t\t\tWHERE TorrentID = {$ID}");
G::$DB->query("\n\t\t\tDELETE FROM torrents_bad_files\n\t\t\tWHERE TorrentID = {$ID}");
G::$DB->query("\n\t\t\tDELETE FROM torrents_cassette_approved\n\t\t\tWHERE TorrentID = {$ID}");
G::$DB->query("\n\t\t\tDELETE FROM torrents_lossymaster_approved\n\t\t\tWHERE TorrentID = {$ID}");
G::$DB->query("\n\t\t\tDELETE FROM torrents_lossyweb_approved\n\t\t\tWHERE TorrentID = {$ID}");
// Tells Sphinx that the group is removed
G::$DB->query("\n\t\t\tREPLACE INTO sphinx_delta (ID, Time)\n\t\t\tVALUES ({$ID}, UNIX_TIMESTAMP())");
G::$Cache->delete_value("torrent_download_{$ID}");
G::$Cache->delete_value("torrent_group_{$GroupID}");
G::$Cache->delete_value("torrents_details_{$GroupID}");
G::$DB->set_query_id($QueryID);
}
Misc::send_pm($UserID, 0, 'You have been demoted to ' . Users::make_class_string(MEMBER), "You now only meet the requirements for the \"" . Users::make_class_string(MEMBER) . "\" user class.\n\nTo read more about " . SITE_NAME . "'s user classes, read [url=" . site_url() . "wiki.php?action=article&name=userclasses]this wiki article[/url].");
}
echo "demoted 2\n";
// Demote to User when the ratio drops below 0.65
$DemoteClasses = [MEMBER, POWER, ELITE, TORRENT_MASTER, POWER_TM, ELITE_TM];
$Query = $DB->query('
SELECT ID
FROM users_main
WHERE PermissionID IN(' . implode(', ', $DemoteClasses) . ')
AND Uploaded / Downloaded < 0.65');
echo "demoted 3\n";
$DB->query('
UPDATE users_info AS ui
JOIN users_main AS um ON um.ID = ui.UserID
SET
um.PermissionID = ' . USER . ",\n\t\t\tui.AdminComment = CONCAT('" . sqltime() . ' - Class changed to ' . Users::make_class_string(USER) . " by System\n\n', ui.AdminComment)\n\t\tWHERE um.PermissionID IN (" . implode(', ', $DemoteClasses) . ')
AND um.Uploaded / um.Downloaded < 0.65');
$DB->set_query_id($Query);
while (list($UserID) = $DB->next_record()) {
/*$Cache->begin_transaction("user_info_$UserID");
$Cache->update_row(false, array('PermissionID' => USER));
$Cache->commit_transaction(2592000);*/
$Cache->delete_value("user_info_{$UserID}");
$Cache->delete_value("user_info_heavy_{$UserID}");
Misc::send_pm($UserID, 0, 'You have been demoted to ' . Users::make_class_string(USER), "You now only meet the requirements for the \"" . Users::make_class_string(USER) . "\" user class.\n\nTo read more about " . SITE_NAME . "'s user classes, read [url=" . site_url() . "wiki.php?action=article&name=userclasses]this wiki article[/url].");
}
echo "demoted 4\n";
//------------- Lock old threads ----------------------------------------//
sleep(10);
$DB->query("\n\t\tSELECT t.ID, t.ForumID\n\t\tFROM forums_topics AS t\n\t\t\tJOIN forums AS f ON t.ForumID = f.ID\n\t\tWHERE t.IsLocked = '0'\n\t\t\tAND t.IsSticky = '0'\n\t\t\tAND DATEDIFF(CURDATE(), DATE(t.LastPostTime)) / 7 > f.AutoLockWeeks\n\t\t\tAND f.AutoLock = '1'");
$IDs = $DB->collect('ID');
$Class = USER;
$Enabled = '0';
}
$ipcc = geoip($_SERVER['REMOTE_ADDR']);
$DB->query("INSERT INTO users_main \n\t\t\t\t(Username,Email,PassHash,Secret,IP,PermissionID,Enabled,Invites,ipcc) VALUES\n\t\t\t\t('" . db_string(trim($_POST['username'])) . "','" . db_string($_POST['email']) . "','" . db_string(make_hash($_POST['password'], $Secret)) . "','" . db_string($Secret) . "','" . db_string($_SERVER['REMOTE_ADDR']) . "','" . $Class . "','" . $Enabled . "','" . STARTING_INVITES . "', '{$ipcc}')");
$UserID = $DB->inserted_id();
//User created, delete invite. If things break after this point then it's better to have a broken account to fix, or a 'free' invite floating around that can be reused
$DB->query("DELETE FROM invites WHERE InviteKey='" . db_string($_REQUEST['invite']) . "'");
$DB->query("SELECT ID FROM stylesheets WHERE `Default`='1'");
list($StyleID) = $DB->next_record();
$AuthKey = make_secret();
$DB->query("INSERT INTO users_info (UserID, StyleID,AuthKey, Inviter, JoinDate) VALUES ('{$UserID}','{$StyleID}','" . db_string($AuthKey) . "', '{$InviterID}', '" . sqltime() . "')");
$DB->query("INSERT INTO users_history_ips\n\t\t\t\t\t(UserID, IP, StartTime) VALUES\n\t\t\t\t\t('{$UserID}', '" . db_string($_SERVER['REMOTE_ADDR']) . "', '" . sqltime() . "')");
$DB->query("INSERT INTO users_history_emails\n\t\t\t\t(UserID, Email, Time, IP) VALUES \n\t\t\t\t('{$UserID}', '" . db_string($_REQUEST['email']) . "', '0000-00-00 00:00:00', '" . db_string($_SERVER['REMOTE_ADDR']) . "')");
if ($_REQUEST['email'] != $InviteEmail) {
$DB->query("INSERT INTO users_history_emails\n\t\t\t\t\t(UserID, Email, Time, IP) VALUES \n\t\t\t\t\t('{$UserID}', '{$InviteEmail}', '" . sqltime() . "', '" . db_string($_SERVER['REMOTE_ADDR']) . "')");
}
// Manage invite trees, delete invite
if ($InviterID !== NULL) {
$DB->query("SELECT \n\t\t\t\t\tTreePosition, TreeID, TreeLevel \n\t\t\t\t\tFROM invite_tree WHERE UserID='{$InviterID}'");
list($InviterTreePosition, $TreeID, $TreeLevel) = $DB->next_record();
// If the inviter doesn't have an invite tree
// Note - this should never happen unless you've transfered from another db, like we have
if ($DB->record_count() == 0) {
$DB->query("SELECT MAX(TreeID)+1 FROM invite_tree");
list($TreeID) = $DB->next_record();
$DB->query("INSERT INTO invite_tree\n\t\t\t\t\t\t(UserID, InviterID, TreePosition, TreeID, TreeLevel)\n\t\t\t\t\t\tVALUES ('{$InviterID}', '0', '1', '{$TreeID}', '1')");
$TreePosition = 2;
$TreeLevel = 2;
} else {
$DB->query("SELECT \n\t\t\t\t\t\tTreePosition \n\t\t\t\t\t\tFROM invite_tree \n\t\t\t\t\t\tWHERE TreePosition>'{$InviterTreePosition}'\n\t\t\t\t\t\tAND TreeLevel<='{$TreeLevel}' \n\t\t\t\t\t\tAND TreeID='{$TreeID}'\n\t\t\t\t\t\tORDER BY TreePosition \n\t\t\t\t\t\tLIMIT 1");
/**
* Disable an array of users.
*
* @param array $UserIDs (You can also send it one ID as an int, because f**k types)
* @param BanReason 0 - Unknown, 1 - Manual, 2 - Ratio, 3 - Inactive, 4 - Unused.
*/
public static function disable_users($UserIDs, $AdminComment, $BanReason = 1)
{
$QueryID = G::$DB->get_query_id();
if (!is_array($UserIDs)) {
$UserIDs = array($UserIDs);
}
G::$DB->query("\n\t\t\tUPDATE users_info AS i\n\t\t\t\tJOIN users_main AS m ON m.ID = i.UserID\n\t\t\tSET m.Enabled = '2',\n\t\t\t\tm.can_leech = '0',\n\t\t\t\ti.AdminComment = CONCAT('" . sqltime() . " - " . ($AdminComment ? $AdminComment : 'Disabled by system') . "\n\n', i.AdminComment),\n\t\t\t\ti.BanDate = '" . sqltime() . "',\n\t\t\t\ti.BanReason = '{$BanReason}',\n\t\t\t\ti.RatioWatchDownload = " . ($BanReason == 2 ? 'm.Downloaded' : "'0'") . "\n\t\t\tWHERE m.ID IN(" . implode(',', $UserIDs) . ') ');
G::$Cache->decrement('stats_user_count', G::$DB->affected_rows());
foreach ($UserIDs as $UserID) {
G::$Cache->delete_value("enabled_{$UserID}");
G::$Cache->delete_value("user_info_{$UserID}");
G::$Cache->delete_value("user_info_heavy_{$UserID}");
G::$Cache->delete_value("user_stats_{$UserID}");
G::$DB->query("\n\t\t\t\tSELECT SessionID\n\t\t\t\tFROM users_sessions\n\t\t\t\tWHERE UserID = '{$UserID}'\n\t\t\t\t\tAND Active = 1");
while (list($SessionID) = G::$DB->next_record()) {
G::$Cache->delete_value("session_{$UserID}" . "_{$SessionID}");
}
G::$Cache->delete_value("users_sessions_{$UserID}");
G::$DB->query("\n\t\t\t\tDELETE FROM users_sessions\n\t\t\t\tWHERE UserID = '{$UserID}'");
}
// Remove the users from the tracker.
G::$DB->query('
SELECT torrent_pass
FROM users_main
WHERE ID in (' . implode(', ', $UserIDs) . ')');
$PassKeys = G::$DB->collect('torrent_pass');
$Concat = '';
foreach ($PassKeys as $PassKey) {
if (strlen($Concat) > 3950) {
// Ocelot's read buffer is 4 KiB and anything exceeding it is truncated
Tracker::update_tracker('remove_users', array('passkeys' => $Concat));
$Concat = $PassKey;
} else {
$Concat .= $PassKey;
}
}
Tracker::update_tracker('remove_users', array('passkeys' => $Concat));
G::$DB->set_query_id($QueryID);
}
GROUP BY r.ID
ORDER BY ReportedTime ASC
LIMIT 1");
if($DB->record_count() < 1) {
die();
}
list($ReportID, $ReporterID, $ReporterName, $TorrentID, $Type, $UserComment, $ResolverID, $ResolverName, $Status, $ReportedTime, $LastChangeTime,
$ModComment, $Tracks, $Images, $ExtraIDs, $Links, $LogMessage, $GroupName, $GroupID, $ArtistID, $ArtistName, $Year, $CategoryID, $Time, $Remastered, $RemasterTitle,
$RemasterYear, $Media, $Format, $Encoding, $Size, $HasCue, $HasLog, $LogScore, $UploaderID, $UploaderName) = $DB->next_record();
if(!$GroupID) {
//Torrent already deleted
$DB->query("UPDATE reportsv2 SET
Status='Resolved',
LastChangeTime='".sqltime()."',
ModComment='Report already dealt with (Torrent deleted)'
WHERE ID=".$ReportID);
?>
<div>
<table>
<tr>
<td class='center'>
<a href="reportsv2.php?view=report&id=<?php
echo $ReportID;
?>
">Report <?php
echo $ReportID;
?>
</a> for torrent <?php
echo $TorrentID;
if($_POST['submit'] == 'Delete'){ //Delete
if(!is_number($_POST['id']) || $_POST['id'] == ''){ error(0); }
$DB->query('DELETE FROM do_not_upload WHERE ID='.$_POST['id']);
} else { //Edit & Create, Shared Validation
$Val->SetFields('name', '1','string','The name must be set, and has a max length of 40 characters', array('maxlength'=>40, 'minlength'=>1));
$Val->SetFields('comment', '0','string','The description has a max length of 255 characters', array('maxlength'=>255));
$Err=$Val->ValidateForm($_POST); // Validate the form
if($Err){ error($Err); }
$P=array();
$P=db_array($_POST); // Sanitize the form
if($_POST['submit'] == 'Edit'){ //Edit
if(!is_number($_POST['id']) || $_POST['id'] == ''){ error(0); }
$DB->query("UPDATE do_not_upload SET
Name='$P[name]',
Comment='$P[comment]',
UserID='$LoggedUser[ID]',
Time='".sqltime()."'
WHERE ID='$P[id]'");
} else { //Create
$DB->query("INSERT INTO do_not_upload
(Name, Comment, UserID, Time) VALUES
('$P[name]','$P[comment]','$LoggedUser[ID]','".sqltime."')");
}
}
// Go back
header('Location: tools.php?action=dnu')
?>
public static function update_event($ID, $Date, $Title, $Link, $Category, $SubCategory, $Tags, $Body, $UserID)
{
if (empty($Date)) {
$Date = sqltime();
} else {
$Date = db_string($Date);
list($Y, $M, $D) = explode('-', $Date);
if (!checkdate($M, $D, $Y)) {
error("Error");
}
}
$ID = (int) $ID;
$Title = db_string($Title);
$Link = db_string($Link);
$Category = (int) $Category;
$SubCategory = (int) $SubCategory;
$Tags = db_string(strtolower(preg_replace('/\\s+/', '', $Tags)));
$ExplodedTags = explode(",", $Tags);
foreach ($ExplodedTags as $Tag) {
if (!in_array($Tag, self::get_tags())) {
error("Invalid tag");
}
}
$Body = db_string($Body);
$UserID = (int) $UserID;
if (empty($ID) || empty($Title) || empty($Category) || empty($SubCategory)) {
error("Error");
}
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\t\tUPDATE site_history\n\t\t\t\tSET\n\t\t\t\t\tTitle = '{$Title}',\n\t\t\t\t\tUrl = '{$Link}',\n\t\t\t\t\tCategory = '{$Category}',\n\t\t\t\t\tSubCategory = '{$SubCategory}',\n\t\t\t\t\tTags = '{$Tags}',\n\t\t\t\t\tBody = '{$Body}',\n\t\t\t\t\tAddedBy = '{$UserID}',\n\t\t\t\t\tDate = '{$Date}'\n\t\t\t\tWHERE ID = '{$ID}'");
G::$DB->set_query_id($QueryID);
G::$Cache->delete_value("site_history_months");
}
case 'deletenews':
if(!check_perms('admin_manage_news')){ error(403); }
if(is_number($_GET['id'])){
authorize();
$DB->query("DELETE FROM news WHERE ID='".db_string($_GET['id'])."'");
$Cache->delete_value('news');
$Cache->delete_value('feed_news');
}
header('Location: index.php');
break;
case 'takenewnews':
if(!check_perms('admin_manage_news')){ error(403); }
$DB->query("INSERT INTO news (UserID, Title, Body, Time) VALUES ('$LoggedUser[ID]', '".db_string($_POST['title'])."', '".db_string($_POST['body'])."', '".sqltime()."')");
$Cache->delete_value('news');
header('Location: index.php');
break;
case 'permissions':
if (!check_perms('admin_manage_permissions')) { error(403); }
if (!empty($_REQUEST['id'])) {
$Val->SetFields('name',true,'string','You did not enter a valid name for this permission set.');
$Val->SetFields('level',true,'number','You did not enter a valid level for this permission set.');
//$Val->SetFields('test',true,'number','You did not enter a valid level for this permission set.');
$Values=array();
if (is_numeric($_REQUEST['id'])) {
$ThreadID = $_POST['thread'];
if($ThreadID && is_number($ThreadID)) {
$DB->query("SELECT ForumID FROM forums_topics WHERE ID=".$ThreadID);
if($DB->record_count() < 1) {
error_message("No such thread exists!");
header('Location: blog.php');
}
} else {
$ThreadID = create_thread(ANNOUNCEMENT_FORUM_ID, $LoggedUser[ID], $Title, $Body);
if($ThreadID < 1) {
error(0);
}
save_message("Thread ".$ThreadID." created");
}
$DB->query("INSERT INTO blog (UserID, Title, Body, Time, ThreadID) VALUES ('$LoggedUser[ID]', '".db_string($_POST['title'])."', '".db_string($_POST['body'])."', '".sqltime()."', ".$ThreadID.")");
$Cache->delete_value('blog');
header('Location: blog.php');
break;
}
}
?>
<div class="box thin">
<div class="head">
<?php
echo empty($_GET['action']) ? 'Create a blog post' : 'Edit blog post';
?>
</div>
<form action="blog.php" method="post">
{
if (empty($_REQUEST['auth']) || $_REQUEST['auth'] != G::$LoggedUser['AuthKey']) {
send_irc("PRIVMSG " . LAB_CHAN . " :" . G::$LoggedUser['Username'] . " just failed authorize on " . $_SERVER['REQUEST_URI'] . " coming from " . $_SERVER['HTTP_REFERER']);
error('Invalid authorization key. Go back, refresh, and try again.', $Ajax);
return false;
}
return true;
}
$Debug->set_flag('ending function definitions');
//Include /sections/*/index.php
$Document = basename(parse_url($_SERVER['SCRIPT_FILENAME'], PHP_URL_PATH), '.php');
if (!preg_match('/^[a-z0-9]+$/i', $Document)) {
error(404);
}
$StripPostKeys = array_fill_keys(array('password', 'cur_pass', 'new_pass_1', 'new_pass_2', 'verifypassword', 'confirm_password', 'ChangePassword', 'Password'), true);
$Cache->cache_value('php_' . getmypid(), array('start' => sqltime(), 'document' => $Document, 'query' => $_SERVER['QUERY_STRING'], 'get' => $_GET, 'post' => array_diff_key($_POST, $StripPostKeys)), 600);
require SERVER_ROOT . '/sections/' . $Document . '/index.php';
$Debug->set_flag('completed module execution');
/* Required in the absence of session_start() for providing that pages will change
upon hit rather than being browser cached for changing content.
Old versions of Internet Explorer choke when downloading binary files over HTTPS with disabled cache.
Define the following constant in files that handle file downloads */
if (!defined('SKIP_NO_CACHE_HEADERS')) {
header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
header('Pragma: no-cache');
}
//Flush to user
ob_end_flush();
$Debug->set_flag('set headers and send to user');
//Attribute profiling
$DB->query('
DELETE FROM login_attempts
WHERE ID = ' . $_POST['id']);
}
View::show_header('Login Watch');
$DB->query('
SELECT
ID,
IP,
UserID,
LastAttempt,
Attempts,
BannedUntil,
Bans
FROM login_attempts
WHERE BannedUntil > "' . sqltime() . '"
ORDER BY BannedUntil ASC');
?>
<div class="thin">
<div class="header">
<h2>Login Watch Management</h2>
</div>
<table width="100%">
<tr class="colhead">
<td>IP</td>
<td>User</td>
<td>Bans</td>
<td>Remaining</td>
<td>Submit</td>
<?php
if (check_perms('admin_manage_ipbans')) {
list($OldBody, $AuthorID, $CollageID, $PostNum) = $DB->next_record();
// Make sure they aren't trying to edit posts they shouldn't
// We use die() here instead of error() because whatever we spit out is displayed to the user in the box where his forum post is
if($UserID!=$AuthorID && !check_perms('site_moderate_forums')) {
die('Permission denied');
}
if($DB->record_count()==0) {
die('Post not found!');
}
// Perform the update
$DB->query("UPDATE collages_comments SET
Body = '$Body'
WHERE ID='$PostID'");
$Cache->delete_value('collage_'.$CollageID);
$PageNum = ceil($PostNum / TORRENT_COMMENTS_PER_PAGE);
$CatalogueID = floor((POSTS_PER_PAGE*$PageNum-POSTS_PER_PAGE)/THREAD_CATALOGUE);
$Cache->delete_value('collage_'.$CollageID.'_catalogue_'.$CatalogueID);
$DB->query("INSERT INTO comments_edits (Page, PostID, EditUser, EditTime, Body)
VALUES ('collages', ".$PostID.", ".$UserID.", '".sqltime()."', '".db_string($OldBody)."')");
// This gets sent to the browser, which echoes it in place of the old body
echo $Text->full_format($_POST['body']);
?>
if ($_POST['submit'] == 'Delete') {
//Delete
if (!is_number($_POST['id']) || $_POST['id'] == '') {
error(0);
}
$DB->query('DELETE FROM email_blacklist WHERE ID=' . $_POST['id']);
} else {
//Edit & Create, Shared Validation
$Val->SetFields('email', '1', 'string', 'The email must be set', array('minlength' => 1));
$Val->SetFields('comment', '0', 'string', 'The description has a max length of 255 characters', array('maxlength' => 255));
$Err = $Val->ValidateForm($_POST);
// Validate the form
if ($Err) {
error($Err);
}
$P = array();
$P = db_array($_POST);
// Sanitize the form
if ($_POST['submit'] == 'Edit') {
//Edit
if (!is_number($_POST['id']) || $_POST['id'] == '') {
error(0);
}
$DB->query("UPDATE email_blacklist SET\n\t\t\tEmail='{$P['email']}',\n\t\t\tComment='{$P['comment']}',\n\t\t\tUserID='{$LoggedUser['ID']}',\n\t\t\tTime='" . sqltime() . "'\n\t\t\tWHERE ID='{$P['id']}'");
} else {
//Create
$DB->query("INSERT INTO email_blacklist \n\t\t\t(Email, Comment, UserID, Time) VALUES\n\t\t\t('{$P['email']}','{$P['comment']}','{$LoggedUser['ID']}','" . sqltime() . "')");
}
}
// Go back
header('Location: tools.php?action=email_blacklist');
include(SERVER_ROOT.'/sections/reports/array.php');
if(!array_key_exists($_POST['type'], $Types)) {
error(403);
}
$Short = $_POST['type'];
$Type = $Types[$Short];
$ID = $_POST['id'];
$Reason = $_POST['reason'];
show_header('Reported '.$Type['title']);
$DB->query("INSERT INTO reports
(UserID, ThingID, Type, ReportedTime, Reason)
VALUES
(".db_string($LoggedUser['ID']).", ".$ID." , '".$Short."', '".sqltime()."', '".db_string($Reason)."')");
$Cache->delete_value('num_other_reports');
save_message($Type['title']." reported!");
switch($Short) {
case "request" :
header('Location: requests.php?action=view&id='.$ID);
break;
case "user" :
header('Location: user.php?id='.$ID);
break;
case "collage" :
header('Location: collages.php?id='.$ID);
break;
$Cache->commit_transaction(0);
$Cache->begin_transaction("user_info_heavy_{$UserID}");
$Cache->update_row(false, $HeavyUpdates);
$Cache->commit_transaction(0);
}
$Summary = '';
// Create edit summary
if ($EditSummary) {
$Summary = implode(', ', $EditSummary) . ' by ' . $LoggedUser['Username'];
$Summary = sqltime() . ' - ' . ucfirst($Summary);
if ($Reason) {
$Summary .= "\nReason: {$Reason}";
}
$Summary .= "\n\n{$AdminComment}";
} elseif (empty($UpdateSet) && empty($EditSummary) && $Cur['AdminComment'] == $_POST['AdminComment']) {
$Summary = sqltime() . ' - Comment added by ' . $LoggedUser['Username'] . ': ' . "{$Reason}\n\n";
}
if (!empty($Summary)) {
$UpdateSet[] = "AdminComment = '{$Summary}'";
} else {
$UpdateSet[] = "AdminComment = '{$AdminComment}'";
}
// Update cache
// Build query
$SET = implode(', ', $UpdateSet);
$SQL = "\n\tUPDATE users_main AS m\n\t\tJOIN users_info AS i ON m.ID = i.UserID\n\tSET {$SET}\n\tWHERE m.ID = '{$UserID}'";
// Perform update
//die($SQL);
$DB->query($SQL);
if (isset($ClearStaffIDCache)) {
$Cache->delete_value('staff_ids');
function dupe_comments($GroupID, $Comments)
{
global $DB, $LoggedUser;
authorize();
if (!check_perms('users_mod')) {
error(403);
}
if (!is_number($GroupID)) {
error(403);
}
$DB->query("\n\t\tSELECT SHA1(Comments) AS CommentHash\n\t\tFROM dupe_groups\n\t\tWHERE ID = {$GroupID}");
list($OldCommentHash) = $DB->next_record();
if ($OldCommentHash != sha1($Comments)) {
$AdminComment = sqltime() . " - Linked accounts updated: Comments updated by " . $LoggedUser['Username'];
if ($_POST['form_comment_hash'] == $OldCommentHash) {
$DB->query("\n\t\t\t\tUPDATE dupe_groups\n\t\t\t\tSET Comments = '" . db_string($Comments) . "'\n\t\t\t\tWHERE ID = '{$GroupID}'");
} else {
$DB->query("\n\t\t\t\tUPDATE dupe_groups\n\t\t\t\tSET Comments = CONCAT('" . db_string($Comments) . "\n\n',Comments)\n\t\t\t\tWHERE ID = '{$GroupID}'");
}
$DB->query("\n\t\t\tUPDATE users_info AS i\n\t\t\t\tJOIN users_dupes AS d ON d.UserID = i.UserID\n\t\t\tSET i.AdminComment = CONCAT('" . db_string($AdminComment) . "\n\n', i.AdminComment)\n\t\t\tWHERE d.GroupID = {$GroupID}");
}
}
$DB->query("INSERT INTO users_history_ips
(UserID, IP, StartTime) VALUES
('$UserID', '".db_string($_SERVER['REMOTE_ADDR'])."', '".sqltime()."')");
$DB->query("INSERT INTO users_history_emails
(UserID, Email, Time, IP) VALUES
('$UserID', '".db_string($_REQUEST['email'])."', '0000-00-00 00:00:00', '".db_string($_SERVER['REMOTE_ADDR'])."')");
if ($_REQUEST['email'] != $InviteEmail) {
$DB->query("INSERT INTO users_history_emails
(UserID, Email, Time, IP) VALUES
('$UserID', '$InviteEmail', '".sqltime()."', '".db_string($_SERVER['REMOTE_ADDR'])."')");
}
// Manage invite trees, delete invite
if($InviterID) {
$DB->query("DELETE FROM invites WHERE InviteKey='".db_string($_REQUEST['invite'])."'");
$DB->query("SELECT
TreePosition, TreeID, TreeLevel
FROM invite_tree WHERE UserID='$InviterID'");
list($InviterTreePosition, $TreeID, $TreeLevel) = $DB->next_record();
// If the inviter doesn't have an invite tree
$NewInvites = $Invites - DONOR_INVITES;
} else {
$NewInvites = 0;
$Message .= ' They had already used at least one of their donation gained invites.';
}
$DB->query("\n\t\t\t\t\tUPDATE users_main\n\t\t\t\t\tSET Invites = {$NewInvites}\n\t\t\t\t\tWHERE ID = '" . $_POST['custom'] . "'");
$DB->query('
UPDATE users_info
SET Donor = \'0\'
WHERE UserID = \'' . $_POST['custom'] . '\'');
$Cache->begin_transaction('user_info_' . $_POST['custom']);
$Cache->update_row(false, array('Donor' => 0));
$Cache->commit_transaction(0);
$Cache->begin_transaction('user_info_heavy_' . $_POST['custom']);
$Cache->update_row(false, array('Invites' => $Invites));
$Cache->commit_transaction(0);
Misc::send_pm($_POST['custom'], 0, 'Notice of donation failure', 'PapPal has just notified us that the donation you sent from ' . $_POST['payer_email'] . ' of ' . $TotalDonated . ' ' . PAYPAL_CURRENCY . ' at ' . $DonationTime . ' UTC has been revoked. Because of this your special privileges have been revoked, and your invites removed.');
send_irc("PRIVMSG " . BOT_REPORT_CHAN . " :{$Message}");
}
}
}
$DB->query("\n\t\tUPDATE users_info\n\t\tSET AdminComment = CONCAT('" . sqltime() . " - User donated " . db_string($_POST['mc_gross']) . " " . db_string(PAYPAL_CURRENCY) . " from " . db_string($_POST['payer_email']) . ".\n',AdminComment)\n\t\tWHERE UserID = '" . $_POST['custom'] . "'");
$DB->query("\n\t\tINSERT INTO donations\n\t\t\t(UserID, Amount, Email, Time)\n\t\tVALUES\n\t\t\t('" . $_POST['custom'] . "', '" . db_string($_POST['mc_gross']) . "', '" . db_string($_POST['payer_email']) . "', '" . sqltime() . "')");
} else {
$DB->query("\n\t\tINSERT INTO ip_bans\n\t\t\t(FromIP, ToIP, Reason)\n\t\tVALUES\n\t\t\t('" . Tools::ip_to_unsigned($_SERVER['REMOTE_ADDR']) . "', '" . ip2long($_SERVER['REMOTE_ADDR']) . "', 'Attempted to exploit donation system.')");
}
fclose($Socket);
if (check_perms('site_debug')) {
include SERVER_ROOT . '/sections/donate/donate.php';
}
$Cache->cache_value('debug_donate', array($Result, $_POST), 0);
$Title = db_string($_POST['title']);
$Body = db_string($_POST['body']);
$ThreadID = $_POST['thread'];
if ($ThreadID && is_number($ThreadID)) {
$DB->query("\n\t\t\t\t\t\tSELECT ForumID\n\t\t\t\t\t\tFROM forums_topics\n\t\t\t\t\t\tWHERE ID = {$ThreadID}");
if (!$DB->has_results()) {
error('No such thread exists!');
header('Location: blog.php');
}
} else {
$ThreadID = Misc::create_thread(ANNOUNCEMENT_FORUM_ID, $LoggedUser[ID], $Title, $Body);
if ($ThreadID < 1) {
error(0);
}
}
$DB->query("\n\t\t\t\t\tINSERT INTO blog\n\t\t\t\t\t\t(UserID, Title, Body, Time, ThreadID, Important)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('" . $LoggedUser['ID'] . "',\n\t\t\t\t\t\t'" . db_string($_POST['title']) . "',\n\t\t\t\t\t\t'" . db_string($_POST['body']) . "',\n\t\t\t\t\t\t'" . sqltime() . "',\n\t\t\t\t\t\t{$ThreadID},\n\t\t\t\t\t\t'" . ($_POST['important'] == '1' ? '1' : '0') . "')");
$Cache->delete_value('blog');
if ($_POST['important'] == '1') {
$Cache->delete_value('blog_latest_id');
}
if (isset($_POST['subscribe'])) {
$DB->query("\n\t\t\t\t\t\tINSERT IGNORE INTO users_subscriptions\n\t\t\t\t\t\tVALUES ('{$LoggedUser['ID']}', {$ThreadID})");
$Cache->delete_value('subscriptions_user_' . $LoggedUser['ID']);
}
NotificationsManager::send_push(NotificationsManager::get_push_enabled_users(), $_POST['title'], $_POST['body'], site_url() . 'index.php', NotificationsManager::BLOG);
header('Location: blog.php');
break;
}
}
?>
<div class="box thin">
}
$ReportID = (int) $_POST['reportid'];
$DB->query("\n\tSELECT Type\n\tFROM reports\n\tWHERE ID = {$ReportID}");
list($Type) = $DB->next_record();
if (!check_perms('admin_reports')) {
if (check_perms('site_moderate_forums')) {
if (!in_array($Type, array('comment', 'post', 'thread'))) {
error($Type);
}
} elseif (check_perms('project_team')) {
if ($Type != 'request_update') {
error(403);
}
}
}
$DB->query("\n\tUPDATE reports\n\tSET Status = 'Resolved',\n\t\tResolvedTime = '" . sqltime() . "',\n\t\tResolverID = '" . $LoggedUser['ID'] . "'\n\tWHERE ID = '" . db_string($ReportID) . "'");
$Channels = array();
if ($Type == 'request_update') {
$Channels[] = '#requestedits';
$Cache->decrement('num_update_reports');
}
if (in_array($Type, array('comment', 'post', 'thread'))) {
$Channels[] = '#forumreports';
$Cache->decrement('num_forum_reports');
}
$DB->query("\n\tSELECT COUNT(ID)\n\tFROM reports\n\tWHERE Status = 'New'");
list($Remaining) = $DB->next_record();
foreach ($Channels as $Channel) {
send_irc("PRIVMSG {$Channel} :Report {$ReportID} resolved by " . preg_replace('/^(.{2})/', '$1ยท', $LoggedUser['Username']) . ' on site (' . (int) $Remaining . ' remaining).');
}
$Cache->delete_value('num_other_reports');
} elseif ($BitrateList && $BitrateList != 'Any' && !Misc::search_joined_string($BitrateList, $Bitrate)) {
$Err = "{$Bitrate} is not an allowed bitrate for this request.";
}
if ($FormatList && $FormatList != 'Any' && !Misc::search_joined_string($FormatList, $Format)) {
$Err = "{$Format} is not an allowed format for this request.";
}
if ($MediaList && $MediaList != 'Any' && !Misc::search_joined_string($MediaList, $Media)) {
$Err = "{$Media} is not allowed media for this request.";
}
}
// Fill request
if (!empty($Err)) {
error($Err);
}
//We're all good! Fill!
$DB->query("\n\tUPDATE requests\n\tSET FillerID = {$FillerID},\n\t\tTorrentID = {$TorrentID},\n\t\tTimeFilled = '" . sqltime() . "'\n\tWHERE ID = {$RequestID}");
if ($CategoryName === 'Music') {
$ArtistForm = Requests::get_artists($RequestID);
$ArtistName = Artists::display_artists($ArtistForm, false, true);
$FullName = $ArtistName . $Title;
} else {
$FullName = $Title;
}
$DB->query("\n\tSELECT UserID\n\tFROM requests_votes\n\tWHERE RequestID = {$RequestID}");
$UserIDs = $DB->to_array();
foreach ($UserIDs as $User) {
list($VoterID) = $User;
Misc::send_pm($VoterID, 0, "The request \"{$FullName}\" has been filled", 'One of your requests — [url=' . site_url() . "requests.php?action=view&id={$RequestID}]{$FullName}" . '[/url] — has been filled. You can view it here: [url]' . site_url() . "torrents.php?torrentid={$TorrentID}" . '[/url]');
}
$RequestVotes = Requests::get_votes_array($RequestID);
Misc::write_log("Request {$RequestID} ({$FullName}) was filled by user {$FillerID} ({$FillerUsername}) with the torrent {$TorrentID} for a " . Format::get_size($RequestVotes['TotalBounty']) . ' bounty.');
if (isset($_POST['undo'])) {
$Cache->delete_value("deleted_tags_{$GroupID}" . '_' . $LoggedUser['ID']);
}
$Tags = explode(',', $_POST['tagname']);
foreach ($Tags as $TagName) {
$TagName = Misc::sanitize_tag($TagName);
if (!empty($TagName)) {
$TagName = Misc::get_alias_tag($TagName);
// Check DB for tag matching name
$DB->query("\n\t\t\tSELECT ID\n\t\t\tFROM tags\n\t\t\tWHERE Name LIKE '{$TagName}'");
list($TagID) = $DB->next_record();
if (!$TagID) {
// Tag doesn't exist yet - create tag
$DB->query("\n\t\t\t\tINSERT INTO tags (Name, UserID)\n\t\t\t\tVALUES ('{$TagName}', {$UserID})");
$TagID = $DB->inserted_id();
} else {
$DB->query("\n\t\t\t\tSELECT TagID\n\t\t\t\tFROM torrents_tags_votes\n\t\t\t\tWHERE GroupID = '{$GroupID}'\n\t\t\t\t\tAND TagID = '{$TagID}'\n\t\t\t\t\tAND UserID = '{$UserID}'");
if ($DB->has_results()) {
// User has already voted on this tag, and is trying hax to make the rating go up
header('Location: ' . $_SERVER['HTTP_REFERER']);
die;
}
}
$DB->query("\n\t\t\tINSERT INTO torrents_tags\n\t\t\t\t(TagID, GroupID, PositiveVotes, UserID)\n\t\t\tVALUES\n\t\t\t\t('{$TagID}', '{$GroupID}', '3', '{$UserID}')\n\t\t\tON DUPLICATE KEY UPDATE\n\t\t\t\tPositiveVotes = PositiveVotes + 2");
$DB->query("\n\t\t\tINSERT INTO torrents_tags_votes\n\t\t\t\t(GroupID, TagID, UserID, Way)\n\t\t\tVALUES\n\t\t\t\t('{$GroupID}', '{$TagID}', '{$UserID}', 'up')");
$DB->query("\n\t\t\tINSERT INTO group_log\n\t\t\t\t(GroupID, UserID, Time, Info)\n\t\t\tVALUES\n\t\t\t\t('{$GroupID}', " . $LoggedUser['ID'] . ", '" . sqltime() . "', '" . db_string("Tag \"{$TagName}\" added to group") . "')");
}
}
Torrents::update_hash($GroupID);
// Delete torrent group cache
header('Location: ' . $_SERVER['HTTP_REFERER']);
