public function analysis($Message, $Report = '', $Time = 43200)
{
global $Cache, $Document;
if (empty($Report)) {
$Report = $Message;
}
$Identifier = make_secret(5);
$Cache->cache_value('analysis_' . $Identifier, array('url' => $_SERVER['REQUEST_URI'], 'message' => $Report, 'errors' => $this->get_errors(true), 'queries' => $this->get_queries(), 'flags' => $this->get_flags(), 'includes' => $this->get_includes(), 'cache' => $this->get_cache_keys(), 'vars' => $this->get_logged_vars()), $Time);
send_irc('PRIVMSG ' . LAB_CHAN . ' :' . $Message . ' ' . $Document . ' ' . ' http://' . NONSSL_SITE_URL . '/tools.php?action=analysis&case=' . $Identifier . ' http://' . NONSSL_SITE_URL . $_SERVER['REQUEST_URI']);
}
public function analysis($Message, $Report = '', $Time = 43200)
{
global $Document;
if (empty($Report)) {
$Report = $Message;
}
$Identifier = Users::make_secret(5);
G::$Cache->cache_value('analysis_' . $Identifier, array('url' => $_SERVER['REQUEST_URI'], 'message' => $Report, 'errors' => $this->get_errors(true), 'queries' => $this->get_queries(), 'flags' => $this->get_flags(), 'includes' => $this->get_includes(), 'cache' => $this->get_cache_keys(), 'vars' => $this->get_logged_vars(), 'perf' => $this->get_perf(), 'ocelot' => $this->get_ocelot_requests()), $Time);
$RequestURI = !empty($_SERVER['REQUEST_URI']) ? substr($_SERVER['REQUEST_URI'], 1) : '';
send_irc('PRIVMSG ' . LAB_CHAN . " :{$Message} {$Document} " . site_url() . "tools.php?action=analysis&case={$Identifier} " . site_url() . $RequestURI);
}
/**
* Send an email.
*
* We can do this one of two ways - either using MailGun or with PHP's mail function.
* Checks for EMAIL_DELIVERY_TYPE and then proceeds as directed to send e-mail.
*
* @param string $To the email address to send it to.
* @param string $Subject
* @param string $Body
* @param string $From The user part of the user@NONSSL_SITE_URL email address.
* @param string $ContentType text/plain or text/html
*/
public static function send_email($To, $Subject, $Body, $From, $ContentType) {
switch (EMAIL_DELIVERY_TYPE) {
case 'local':
// remove the next line if you want to send HTML email from some places...
$ContentType='text/plain';
$Headers = 'MIME-Version: 1.0'."\r\n";
$Headers .= 'Content-type: '.$ContentType.'; charset=iso-8859-1'."\r\n";
$Headers .= 'From: '.SITE_NAME.' <'.$From.'@'.NONSSL_SITE_URL.'>'."\r\n";
$Headers .= 'Reply-To: '.$From.'@'.NONSSL_SITE_URL."\r\n";
$Headers .= 'X-Mailer: Project Gazelle'."\r\n";
$Headers .= 'Message-Id: <'.Users::make_secret().'@'.NONSSL_SITE_URL.">\r\n";
$Headers .= 'X-Priority: 3'."\r\n";
mail($To, $Subject, $Body, $Headers, "-f $From@".NONSSL_SITE_URL);
break;
case 'mailgun':
// set up our message first
$From .= '@'.NONSSL_SITE_URL;
$OutgoingEmail = array(
'from' => $From,
'to' => $To,
'h:Reply-To' => $From,
'subject' => $Subject,
'text' => $Body);
// now let's POST it to mailgun
$Curl = curl_init();
curl_setopt($Curl, CURLOPT_URL, MAILGUN_API_URL);
curl_setopt($Curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($Curl, CURLOPT_USERPWD, 'api:'.MAILGUN_API_KEY);
curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($Curl, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($Curl, CURLOPT_POST, true);
curl_setopt($Curl, CURLOPT_POSTFIELDS, $OutgoingEmail);
$RequestResult = curl_exec($Curl);
$RequestStatusCode = curl_getinfo($Curl, CURLINFO_HTTP_CODE);
curl_close($Curl);
// alert on failed emails
if ($RequestStatusCode != 200) {
send_irc('PRIVMSG '.STATUS_CHAN." !dev email failed to $To with error message $RequestResult");
}
break;
default:
die('You have either not configured an email delivery method in config.php or your value is incorrect.');
break;
}
}
public static function create_event($Title, $Body, $Category, $Importance, $Team, $UserID, $StartDate, $EndDate = null)
{
if (empty($Title) || empty($Body) || !is_number($Category) || !is_number($Importance) || !is_number($Team) || empty($StartDate)) {
error("Error adding event");
}
$Title = db_string($Title);
$Body = db_string($Body);
$Category = (int) $Category;
$Importance = (int) $Importance;
$UserID = (int) $UserID;
$Team = (int) $Team;
$StartDate = db_string($StartDate);
$EndDate = db_string($EndDate);
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\t\t\t\tINSERT INTO calendar\n\t\t\t\t\t\t\t(Title, Body, Category, Importance, Team, StartDate, EndDate, AddedBy)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t('{$Title}', '{$Body}', '{$Category}', '{$Importance}', '{$Team}', '{$StartDate}', '{$EndDate}', '{$UserID}')");
G::$DB->set_query_id($QueryID);
send_irc("PRIVMSG " . ADMIN_CHAN . " :!mod New calendar event created! Event: {$Title}; Starts: {$StartDate}; Ends: {$EndDate}.");
}
/**
* Send a GET request over a socket directly to the tracker
* For example, Tracker::update_tracker('change_passkey', array('oldpasskey' => OLD_PASSKEY, 'newpasskey' => NEW_PASSKEY)) will send the request:
* GET /tracker_32_char_secret_code/update?action=change_passkey&oldpasskey=OLD_PASSKEY&newpasskey=NEW_PASSKEY HTTP/1.1
*
* @param string $Action The action to send
* @param array $Updates An associative array of key->value pairs to send to the tracker
* @param boolean $ToIRC Sends a message to the channel #tracker with the GET URL.
*/
public static function update_tracker($Action, $Updates, $ToIRC = false)
{
// Build request
$Get = TRACKER_SECRET . "/update?action={$Action}";
foreach ($Updates as $Key => $Value) {
$Get .= "&{$Key}={$Value}";
}
$MaxAttempts = 3;
$Err = false;
if (self::send_request($Get, $MaxAttempts, $Err) === false) {
send_irc("PRIVMSG #tracker :{$MaxAttempts} {$Err} {$Get}");
if (G::$Cache->get_value('ocelot_error_reported') === false) {
send_irc('PRIVMSG ' . ADMIN_CHAN . " :Failed to update ocelot: {$Err} : {$Get}");
G::$Cache->cache_value('ocelot_error_reported', true, 3600);
}
return false;
}
return true;
}
VALUES
(".$TagID.", ".$RequestID.")");
}
if($NewRequest) {
//Remove the bounty and create the vote
$DB->query("INSERT INTO requests_votes
(RequestID, UserID, Bounty)
VALUES
(".$RequestID.", ".$LoggedUser['ID'].", ".($Bytes / 2).")");
$DB->query("UPDATE users_main SET Uploaded = (Uploaded - ".$Bytes.") WHERE ID = ".$LoggedUser['ID']);
$Cache->delete_value('user_stats_'.$LoggedUser['ID']);
if($CategoryName == "Music") {
$Announce = "'".$Title."' - ".display_artists($ArtistForm, false, false)." http://".NONSSL_SITE_URL."/requests.php?action=view&id=".$RequestID." - ".implode(" ", $Tags);
} else {
$Announce = "'".$Title."' - http://".NONSSL_SITE_URL."/requests.php?action=view&id=".$RequestID." - ".implode(" ", $Tags);
}
send_irc('PRIVMSG #'.NONSSL_SITE_URL.'-requests :'.$Announce);
} else {
$Cache->delete_value('request_'.$RequestID);
$Cache->delete_value('request_artists_'.$RequestID);
}
update_sphinx_requests($RequestID);
header('Location: requests.php?action=view&id='.$RequestID);
?>
$SummaryPre .= "\nReason: " . $Reason;
}
$Summary = $SummaryPre . "\n\n" . $AdminComment;
} elseif (empty($UpdateSet) && empty($EditSummary) && $Cur['AdminComment'] == $_POST['AdminComment']) {
$Summary = sqltime() . ' - ' . 'Comment added by ' . $LoggedUser['Username'] . ': ' . $Reason . "\n\n";
}
if (!$Username) {
$DB->query("SELECT username from users_main where id=" . $UserID);
list($Username) = $DB->next_record();
}
if (!empty($Summary)) {
$UpdateSet[] = "AdminComment='{$Summary}'";
send_irc(sprintf("PRIVMSG #staff :%sEdit%s %s changed %s: %s", chr(2), chr(2), $LoggedUser['Username'], $Username, $SummaryPre));
} else {
$UpdateSet[] = "AdminComment='{$AdminComment}'";
send_irc(sprintf("PRIVMSG #staff :%sEdit%s %s changed %s: %s", chr(2), chr(2), $LoggedUser['Username'], $Username, $AdminComment));
}
// Update cache
// Build query
$SET = implode(', ', $UpdateSet);
$sql = "UPDATE users_main AS m JOIN users_info AS i ON m.ID=i.UserID SET {$SET} WHERE m.ID='{$UserID}'";
// Perform update
//die($sql);
$DB->query($sql);
if (isset($ClearStaffIDCache)) {
$Cache->delete_value('staff_ids');
}
// redirect to user page
header("location: user.php?id={$UserID}");
function translateUserStatus($status)
{
//Tags
if (!$NewRequest) {
$DB->query("\n\t\tDELETE FROM requests_tags\n\t\tWHERE RequestID = {$RequestID}");
}
$Tags = array_unique(explode(',', $Tags));
foreach ($Tags as $Index => $Tag) {
$Tag = Misc::sanitize_tag($Tag);
$Tag = Misc::get_alias_tag($Tag);
$Tags[$Index] = $Tag;
//For announce
$DB->query("\n\t\tINSERT INTO tags\n\t\t\t(Name, UserID)\n\t\tVALUES\n\t\t\t('{$Tag}', " . $LoggedUser['ID'] . ")\n\t\tON DUPLICATE KEY UPDATE\n\t\t\tUses = Uses + 1");
$TagID = $DB->inserted_id();
$DB->query("\n\t\tINSERT IGNORE INTO requests_tags\n\t\t\t(TagID, RequestID)\n\t\tVALUES\n\t\t\t({$TagID}, {$RequestID})");
}
if ($NewRequest) {
//Remove the bounty and create the vote
$DB->query("\n\t\tINSERT INTO requests_votes\n\t\t\t(RequestID, UserID, Bounty)\n\t\tVALUES\n\t\t\t({$RequestID}, " . $LoggedUser['ID'] . ', ' . $Bytes * (1 - $RequestTax) . ')');
$DB->query("\n\t\tUPDATE users_main\n\t\tSET Uploaded = (Uploaded - {$Bytes})\n\t\tWHERE ID = " . $LoggedUser['ID']);
$Cache->delete_value('user_stats_' . $LoggedUser['ID']);
if ($CategoryName === 'Music') {
$Announce = "\"{$Title}\" - " . Artists::display_artists($ArtistForm, false, false) . ' ' . site_url() . "requests.php?action=view&id={$RequestID} - " . implode(' ', $Tags);
} else {
$Announce = "\"{$Title}\" - " . site_url() . "requests.php?action=view&id={$RequestID} - " . implode(' ', $Tags);
}
send_irc('PRIVMSG #' . SSL_SITE_URL . "-requests :{$Announce}");
} else {
$Cache->delete_value("request_{$RequestID}");
$Cache->delete_value("request_artists_{$RequestID}");
}
Requests::update_sphinx_requests($RequestID);
header("Location: requests.php?action=view&id={$RequestID}");
$ReportID = (int) $_POST['reportid'];
$DB->query("\n\tSELECT Type\n\tFROM reports\n\tWHERE ID = {$ReportID}");
list($Type) = $DB->next_record();
if (!check_perms('admin_reports')) {
if (check_perms('site_moderate_forums')) {
if (!in_array($Type, array('comment', 'post', 'thread'))) {
error($Type);
}
} elseif (check_perms('project_team')) {
if ($Type != 'request_update') {
error(403);
}
}
}
$DB->query("\n\tUPDATE reports\n\tSET Status = 'Resolved',\n\t\tResolvedTime = '" . sqltime() . "',\n\t\tResolverID = '" . $LoggedUser['ID'] . "'\n\tWHERE ID = '" . db_string($ReportID) . "'");
$Channels = array();
if ($Type == 'request_update') {
$Channels[] = '#requestedits';
$Cache->decrement('num_update_reports');
}
if (in_array($Type, array('comment', 'post', 'thread'))) {
$Channels[] = '#forumreports';
$Cache->decrement('num_forum_reports');
}
$DB->query("\n\tSELECT COUNT(ID)\n\tFROM reports\n\tWHERE Status = 'New'");
list($Remaining) = $DB->next_record();
foreach ($Channels as $Channel) {
send_irc("PRIVMSG {$Channel} :Report {$ReportID} resolved by " . preg_replace('/^(.{2})/', '$1·', $LoggedUser['Username']) . ' on site (' . (int) $Remaining . ' remaining).');
}
$Cache->delete_value('num_other_reports');
header('Location: reports.php');
/**
* Make sure $_GET['auth'] is the same as the user's authorization key
* Should be used for any user action that relies solely on GET.
*
* @param Are we using ajax?
* @return authorisation status. Prints an error message to LAB_CHAN on IRC on failure.
*/
function authorize($Ajax = false)
{
if (empty($_REQUEST['auth']) || $_REQUEST['auth'] != G::$LoggedUser['AuthKey']) {
send_irc("PRIVMSG " . LAB_CHAN . " :" . G::$LoggedUser['Username'] . " just failed authorize on " . $_SERVER['REQUEST_URI'] . " coming from " . $_SERVER['HTTP_REFERER']);
error('Invalid authorization key. Go back, refresh, and try again.', $Ajax);
return false;
}
return true;
}
$Cache->delete_value('staff_blog');
$Cache->delete_value('staff_feed_blog');
}
header('Location: staffblog.php');
break;
case 'takenewblog':
authorize();
if (empty($_POST['title'])) {
error("Please enter a title.");
}
$Title = db_string($_POST['title']);
$Body = db_string($_POST['body']);
$DB->query("\n\t\t\t\t\tINSERT INTO staff_blog\n\t\t\t\t\t\t(UserID, Title, Body, Time)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('{$LoggedUser['ID']}', '" . db_string($_POST['title']) . "', '" . db_string($_POST['body']) . "', NOW())");
$Cache->delete_value('staff_blog');
$Cache->delete_value('staff_blog_latest_time');
send_irc("PRIVMSG " . ADMIN_CHAN . " :!blog " . $_POST['title']);
header('Location: staffblog.php');
break;
}
}
View::show_header('Staff Blog', 'bbcode');
?>
<div class="box box2 thin">
<div class="head">
<?php
echo empty($_GET['action']) ? 'Create a staff blog post' : 'Edit staff blog post';
?>
<span style="float: right;">
<a href="#" onclick="$('#postform').gtoggle(); this.innerHTML = (this.innerHTML == 'Hide' ? 'Show' : 'Hide'); return false;" class="brackets"><?php
echo $_REQUEST['action'] != 'editblog' ? 'Show' : 'Hide';
?>
<?php
authorize();
$UserID = $_REQUEST['userid'];
if (!is_number($UserID)) {
error(404);
}
//if($LoggedUser['ID']==1) die($_POST['countrySelect']);
//For the entire of this page we should in general be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[]
$U = user_info($UserID);
if (!$U) {
error(404);
}
$Permissions = get_permissions($U['PermissionID']);
if ($UserID != $LoggedUser['ID'] && !check_perms('users_edit_profiles', $Permissions['Class'])) {
send_irc("PRIVMSG " . ADMIN_CHAN . " :User " . $LoggedUser['Username'] . " (http://" . NONSSL_SITE_URL . "/user.php?id=" . $LoggedUser['ID'] . ") just tried to edit the profile of http://" . NONSSL_SITE_URL . "/user.php?id=" . $_REQUEST['userid']);
error(403);
}
$Val->SetFields('stylesheet', 1, "number", "You forgot to select a stylesheet.");
$Val->SetFields('styleurl', 0, "regex", "You did not enter a valid stylesheet url.", array('regex' => '/^https?:\\/\\/(localhost(:[0-9]{2,5})?|[0-9]{1,3}(\\.[0-9]{1,3}){3}|([a-zA-Z0-9\\-\\_]+\\.)+([a-zA-Z]{1,5}[^\\.]))(:[0-9]{2,5})?(\\/[^<>]+)+\\.css$/i'));
$Val->SetFields('disablegrouping', 1, "number", "You forgot to select your torrent grouping option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('torrentgrouping', 1, "number", "You forgot to select your torrent grouping option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('discogview', 1, "number", "You forgot to select your discography view option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('postsperpage', 1, "number", "You forgot to select your posts per page option.", array('inarray' => array(25, 50, 100)));
$Val->SetFields('hidecollage', 1, "number", "You forgot to select your collage option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('showtags', 1, "number", "You forgot to select your show tags option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar url.", array('regex' => "/^" . IMAGE_REGEX . "\$/i"));
$Val->SetFields('email', 1, "email", "You did not enter a valid email address.");
$Val->SetFields('irckey', 0, "string", "You did not enter a valid IRCKey, must be between 6 and 32 characters long.", array('minlength' => 6, 'maxlength' => 32));
$Val->SetFields('cur_pass', 0, "string", "You did not enter a valid password, must be between 6 and 40 characters long.", array('minlength' => 6, 'maxlength' => 40));
$Val->SetFields('new_pass_1', 0, "string", "You did not enter a valid password, must be between 6 and 40 characters long.", array('minlength' => 6, 'maxlength' => 40));
case 'thread':
$Link = "forums.php?action=viewthread&threadid={$ID}";
break;
case 'post':
$DB->query("\n\t\t\tSELECT\n\t\t\t\tp.ID,\n\t\t\t\tp.TopicID,\n\t\t\t\t(\n\t\t\t\t\tSELECT COUNT(p2.ID)\n\t\t\t\t\tFROM forums_posts AS p2\n\t\t\t\t\tWHERE p2.TopicID = p.TopicID\n\t\t\t\t\t\tAND p2.ID <= p.ID\n\t\t\t\t) AS PostNum\n\t\t\tFROM forums_posts AS p\n\t\t\tWHERE p.ID = {$ID}");
list($PostID, $TopicID, $PostNum) = $DB->next_record();
$Link = "forums.php?action=viewthread&threadid={$TopicID}&post={$PostNum}#post{$PostID}";
break;
case 'comment':
$Link = "comments.php?action=jump&postid={$ID}";
break;
}
$DB->query('
INSERT INTO reports
(UserID, ThingID, Type, ReportedTime, Reason)
VALUES
(' . db_string($LoggedUser['ID']) . ", {$ID}, '{$Short}', '" . sqltime() . "', '" . db_string($Reason) . "')");
$ReportID = $DB->inserted_id();
$Channels = array();
if ($Short === 'request_update') {
$Channels[] = '#requestedits';
$Cache->increment('num_update_reports');
}
if (in_array($Short, array('comment', 'post', 'thread'))) {
$Channels[] = '#forumreports';
}
foreach ($Channels as $Channel) {
send_irc("PRIVMSG {$Channel} :{$ReportID} - " . $LoggedUser['Username'] . " just reported a {$Short}: " . site_url() . "{$Link} : " . strtr($Reason, "\n", ' '));
}
$Cache->delete_value('num_other_reports');
header("Location: {$Link}");
} else {
$NewInvites = 0;
$Message .= " They had already used at least one of their donation gained invites.";
}
$DB->query("UPDATE users_main SET Invites = ".$NewInvites." WHERE ID='".$_POST['custom']."'");
$DB->query('UPDATE users_info SET Donor = \'0\' WHERE UserID=\''.$_POST['custom'].'\'');
$Cache->begin_transaction('user_info_'.$_POST['custom']);
$Cache->update_row(false, array('Donor' => 0));
$Cache->commit_transaction(0);
$Cache->begin_transaction('user_info_heavy_'.$_POST['custom']);
$Cache->update_row(false, array('Invites' => $Invites));
$Cache->commit_transaction(0);
send_pm($_POST['custom'],0,db_string('Notice of donation failure'),db_string('PapPal has just notified us that the donation you sent from '.$_POST['payer_email'].' of '.$TotalDonated.' '.PAYPAL_CURRENCY.' at '.$DonationTime.' UTC has been revoked. Because of this your special privileges have been revoked, and your invites removed.'),'');
send_irc("PRIVMSG ".BOT_REPORT_CHAN." :".$Message);
}
}
}
$DB->query("UPDATE users_info
SET
AdminComment=CONCAT('".sqltime()." - User donated ".db_string($_POST['mc_gross'])." ".db_string(PAYPAL_CURRENCY)." from ".db_string($_POST['payer_email']).".\n',AdminComment)
WHERE UserID='".$_POST['custom']."'");
$DB->query("INSERT INTO donations
(UserID, Amount, Email, Time) VALUES
('".$_POST['custom']."', '".db_string($_POST['mc_gross'])."', '".db_string($_POST['payer_email'])."', '".sqltime()."')");
} else {
$DB->query("INSERT INTO ip_bans
(FromIP, ToIP, Reason) VALUES
('".ip2long($_SERVER['REMOTE_ADDR'])."','".ip2long($_SERVER['REMOTE_ADDR'])."', 'Attempted to exploit donation system.')");
}
function search($Query='', $CachePrefix='', $CacheLength=0, $ReturnData=array(), $SQL = '', $IDColumn='ID') {
global $Cache, $DB;
$QueryStartTime=microtime(true);
$Result = $this->Query($Query, $this->Index);
$QueryEndTime=microtime(true);
$this->Queries[]=array('Params: '.$Query.' Indicies: '.$this->Index,($QueryEndTime-$QueryStartTime)*1000);
$this->Time+=($QueryEndTime-$QueryStartTime)*1000;
if($Result === false) {
send_irc('PRIVMSG '.LAB_CHAN.' :Search for "'.$Query.'" ('.str_replace("\n",'',print_r($this->Filters, true)).') failed: '.$this->GetLastError());
}
$this->TotalResults = $Result['total'];
$this->SearchTime = $Result['time'];
if(empty($Result['matches'])) {
return false;
}
$Matches = $Result['matches'];
$MatchIDs = array_keys($Matches);
$NotFound = array();
$Skip = array();
if(!empty($ReturnData)) {
$AllFields = false;
} else {
$AllFields = true;
}
foreach($MatchIDs as $Match) {
$Matches[$Match] = $Matches[$Match]['attrs'];
if(!empty($CachePrefix)) {
$Data = $Cache->get_value($CachePrefix.'_'.$Match);
if($Data == false) {
$NotFound[]=$Match;
continue;
}
} else {
$NotFound[]=$Match;
}
if(!$AllFields) {
// Populate list of fields to unset (faster than picking out the ones we need). Should only be run once, on the first cache key
if(empty($Skip)) {
foreach(array_keys($Data) as $Key) {
if(!in_array($Key, $ReturnData)) {
$Skip[]=$Key;
}
}
if(empty($Skip)) {
$AllFields = true;
}
}
foreach($Skip as $Key) {
unset($Data[$Key]);
}
reset($Skip);
}
if(!empty($Data)) {
$Matches[$Match] = array_merge($Matches[$Match], $Data);
}
}
if($SQL!='') {
if(!empty($NotFound)) {
$DB->query(str_replace('%ids', implode(',',$NotFound), $SQL));
while($Data = $DB->next_record(MYSQLI_ASSOC)) {
$Matches[$Data[$IDColumn]] = array_merge($Matches[$Data[$IDColumn]], $Data);
$Cache->cache_value($CachePrefix.'_'.$Data[$IDColumn], $Data, $CacheLength);
}
}
} else {
$Matches = array('matches'=>$Matches,'notfound'=>$NotFound);
}
return $Matches;
}
$UserID = $_REQUEST['userid'];
if (!is_number($UserID)) {
error(404);
}
//For this entire page, we should generally be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[]
$U = Users::user_info($UserID);
if (!$U) {
error(404);
}
$Permissions = Permissions::get_permissions($U['PermissionID']);
if ($UserID != $LoggedUser['ID'] && !check_perms('users_edit_profiles', $Permissions['Class'])) {
send_irc('PRIVMSG '.ADMIN_CHAN.' :User '.$LoggedUser['Username'].' ('.site_url().'user.php?id='.$LoggedUser['ID'].') just tried to edit the profile of '.site_url().'user.php?id='.$_REQUEST['userid']);
error(403);
}
$Val->SetFields('stylesheet', 1, "number", "You forgot to select a stylesheet.");
$Val->SetFields('styleurl', 0, "regex", "You did not enter a valid stylesheet URL.", array('regex' => '/^'.CSS_REGEX.'$/i'));
// The next two are commented out because the drop-down menus were replaced with a check box and radio buttons
//$Val->SetFields('disablegrouping', 0, "number", "You forgot to select your torrent grouping option.");
//$Val->SetFields('torrentgrouping', 0, "number", "You forgot to select your torrent grouping option.");
$Val->SetFields('discogview', 1, "number", "You forgot to select your discography view option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('postsperpage', 1, "number", "You forgot to select your posts per page option.", array('inarray' => array(25, 50, 100)));
//$Val->SetFields('hidecollage', 1, "number", "You forgot to select your collage option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('collagecovers', 1, "number", "You forgot to select your collage option.");
$Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar URL.", array('regex' => "/^".IMAGE_REGEX."$/i"));
$Val->SetFields('email', 1, "email", "You did not enter a valid email address.");
$Val->SetFields('irckey', 0, "string", "You did not enter a valid IRC key. An IRC key must be between 6 and 32 characters long.", array('minlength' => 6, 'maxlength' => 32));
function halt($Msg)
{
global $LoggedUser, $Cache, $argv;
$DBError = 'MySQL: ' . strval($Msg) . ' SQL error: ' . strval($this->Errno) . ' (' . strval($this->Error) . ')';
if ($this->Errno == 1194) {
send_irc('PRIVMSG ' . ADMIN_CHAN . ' :' . $this->Error);
}
/*if ($this->Errno == 1194) {
preg_match("Table '(\S+)' is marked as crashed and should be repaired", $this->Error, $Matches);
if($Matches
send_irc('PRIVMSG '.ADMIN_CHAN.' :'.$this->Error); } */
$this->analysis('!dev DB Error', $DBError, 3600 * 24);
if (DEBUG_MODE || check_perms('site_debug') || $argv[1] == SCHEDULE_KEY) {
echo '<pre>' . $DBError . '</pre>';
print_r($this->Queries);
die;
} else {
die('-1');
}
}
$Announce .= ' / ' . trim($Properties['Media']);
if ($Properties['Scene'] == '1') {
$Announce .= ' / Scene';
}
if ($T['FreeLeech'] == '1') {
$Announce .= ' / Freeleech!';
}
}
$Title = $Announce;
$AnnounceSSL = "{$Announce} - " . site_url() . "torrents.php?id={$GroupID} / " . site_url() . "torrents.php?action=download&id={$TorrentID}";
$Announce .= " - " . site_url() . "torrents.php?id={$GroupID} / " . site_url() . "torrents.php?action=download&id={$TorrentID}";
$AnnounceSSL .= ' - ' . trim($Properties['TagList']);
$Announce .= ' - ' . trim($Properties['TagList']);
// ENT_QUOTES is needed to decode single quotes/apostrophes
send_irc('PRIVMSG #' . NONSSL_SITE_URL . '-announce :' . html_entity_decode($Announce, ENT_QUOTES));
send_irc('PRIVMSG #' . NONSSL_SITE_URL . '-announce-ssl :' . html_entity_decode($AnnounceSSL, ENT_QUOTES));
$Debug->set_flag('upload: announced on irc');
// Manage notifications
$UsedFormatBitrates = array();
if (!$IsNewGroup) {
// maybe there are torrents in the same release as the new torrent. Let's find out (for notifications)
$GroupInfo = get_group_info($GroupID, true, 0, false);
$ThisMedia = display_str($Properties['Media']);
$ThisRemastered = display_str($Properties['Remastered']);
$ThisRemasterYear = display_str($Properties['RemasterYear']);
$ThisRemasterTitle = display_str($Properties['RemasterTitle']);
$ThisRemasterRecordLabel = display_str($Properties['RemasterRecordLabel']);
$ThisRemasterCatalogueNumber = display_str($Properties['RemasterCatalogueNumber']);
foreach ($GroupInfo[1] as $TorrentInfo) {
if ($TorrentInfo['Media'] == $ThisMedia && $TorrentInfo['Remastered'] == $ThisRemastered && $TorrentInfo['RemasterYear'] == (int) $ThisRemasterYear && $TorrentInfo['RemasterTitle'] == $ThisRemasterTitle && $TorrentInfo['RemasterRecordLabel'] == $ThisRemasterRecordLabel && $TorrentInfo['RemasterCatalogueNumber'] == $ThisRemasterCatalogueNumber && $TorrentInfo['ID'] != $TorrentID) {
$UsedFormatBitrates[] = array('format' => $TorrentInfo['Format'], 'bitrate' => $TorrentInfo['Encoding']);
function halt($Msg)
{
global $Debug, $argv;
$DBError = 'MySQL: ' . strval($Msg) . ' SQL error: ' . strval($this->Errno) . ' (' . strval($this->Error) . ')';
if ($this->Errno == 1194) {
send_irc('PRIVMSG ' . ADMIN_CHAN . ' :' . $this->Error);
}
/*if ($this->Errno == 1194) {
preg_match("Table '(\S+)' is marked as crashed and should be repaired", $this->Error, $Matches);
} */
$Debug->analysis('!dev DB Error', $DBError, 3600 * 24);
if (DEBUG_MODE || check_perms('site_debug') || isset($argv[1])) {
echo '<pre>' . display_str($DBError) . '</pre>';
if (DEBUG_MODE || check_perms('site_debug')) {
print_r($this->Queries);
}
die;
} else {
error('-1');
}
}
$Cache->delete_value('staff_blog');
$Cache->delete_value('staff_feed_blog');
}
header('Location: staffblog.php');
break;
case 'takenewblog':
authorize();
if (empty($_POST['title'])) {
error("Please enter a title.");
}
$Title = db_string($_POST['title']);
$Body = db_string($_POST['body']);
$DB->query("\n\t\t\t\t\tINSERT INTO staff_blog\n\t\t\t\t\t\t(UserID, Title, Body, Time)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('{$LoggedUser['ID']}', '" . db_string($_POST['title']) . "', '" . db_string($_POST['body']) . "', NOW())");
$Cache->delete_value('staff_blog');
$Cache->delete_value('staff_blog_latest_time');
send_irc("PRIVMSG " . ADMIN_CHAN . " :!mod New staff blog: " . $_POST['title'] . " - https://" . SSL_SITE_URL . "/staffblog.php#blog" . $DB->inserted_id());
header('Location: staffblog.php');
break;
}
}
View::show_header('Staff Blog', 'bbcode');
?>
<div class="box box2 thin">
<div class="head">
<?php
echo empty($_GET['action']) ? 'Create a staff blog post' : 'Edit staff blog post';
?>
<span style="float: right;">
<a href="#" onclick="$('#postform').gtoggle(); this.innerHTML = (this.innerHTML == 'Hide' ? 'Show' : 'Hide'); return false;" class="brackets"><?php
echo $_REQUEST['action'] != 'editblog' ? 'Show' : 'Hide';
?>
$NewInvites = $Invites - DONOR_INVITES;
} else {
$NewInvites = 0;
$Message .= ' They had already used at least one of their donation gained invites.';
}
$DB->query("\n\t\t\t\t\tUPDATE users_main\n\t\t\t\t\tSET Invites = {$NewInvites}\n\t\t\t\t\tWHERE ID = '" . $_POST['custom'] . "'");
$DB->query('
UPDATE users_info
SET Donor = \'0\'
WHERE UserID = \'' . $_POST['custom'] . '\'');
$Cache->begin_transaction('user_info_' . $_POST['custom']);
$Cache->update_row(false, array('Donor' => 0));
$Cache->commit_transaction(0);
$Cache->begin_transaction('user_info_heavy_' . $_POST['custom']);
$Cache->update_row(false, array('Invites' => $Invites));
$Cache->commit_transaction(0);
Misc::send_pm($_POST['custom'], 0, 'Notice of donation failure', 'PapPal has just notified us that the donation you sent from ' . $_POST['payer_email'] . ' of ' . $TotalDonated . ' ' . PAYPAL_CURRENCY . ' at ' . $DonationTime . ' UTC has been revoked. Because of this your special privileges have been revoked, and your invites removed.');
send_irc("PRIVMSG " . BOT_REPORT_CHAN . " :{$Message}");
}
}
}
$DB->query("\n\t\tUPDATE users_info\n\t\tSET AdminComment = CONCAT('" . sqltime() . " - User donated " . db_string($_POST['mc_gross']) . " " . db_string(PAYPAL_CURRENCY) . " from " . db_string($_POST['payer_email']) . ".\n',AdminComment)\n\t\tWHERE UserID = '" . $_POST['custom'] . "'");
$DB->query("\n\t\tINSERT INTO donations\n\t\t\t(UserID, Amount, Email, Time)\n\t\tVALUES\n\t\t\t('" . $_POST['custom'] . "', '" . db_string($_POST['mc_gross']) . "', '" . db_string($_POST['payer_email']) . "', '" . sqltime() . "')");
} else {
$DB->query("\n\t\tINSERT INTO ip_bans\n\t\t\t(FromIP, ToIP, Reason)\n\t\tVALUES\n\t\t\t('" . Tools::ip_to_unsigned($_SERVER['REMOTE_ADDR']) . "', '" . ip2long($_SERVER['REMOTE_ADDR']) . "', 'Attempted to exploit donation system.')");
}
fclose($Socket);
if (check_perms('site_debug')) {
include SERVER_ROOT . '/sections/donate/donate.php';
}
$Cache->cache_value('debug_donate', array($Result, $_POST), 0);
/**
* Find and process new donations since the last time this function was called.
*/
public static function find_new_donations()
{
global $Debug;
if (($OldAmount = G::$Cache->get_value('btc_total_received')) === false) {
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\t\tSELECT IFNULL(SUM(Amount), 0)\n\t\t\t\tFROM donations_bitcoin");
list($OldAmount) = G::$DB->next_record(MYSQLI_NUM, false);
G::$DB->set_query_id($QueryID);
}
$NewAmount = self::get_total_received();
if ($NewAmount < $OldAmount) {
// This shouldn't happen. Perhaps bitcoind was restarted recently
// or the block index was removed. Either way, try again later
send_irc('PRIVMSG ' . LAB_CHAN . " :Bad bitcoin donation data (is {$NewAmount}, was {$OldAmount}). If this persists, something is probably wrong");
return false;
}
if ($NewAmount > $OldAmount) {
// I really wish we didn't have to do it like this
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\t\tSELECT BitcoinAddress, SUM(Amount)\n\t\t\t\tFROM donations_bitcoin\n\t\t\t\tGROUP BY BitcoinAddress");
$OldDonations = G::$DB->to_pair(0, 1, false);
G::$DB->set_query_id($QueryID);
$NewDonations = self::get_received();
foreach ($NewDonations as $Address => &$Amount) {
if (isset($OldDonations[$Address])) {
if ($Amount == $OldDonations[$Address]) {
// Direct comparison should be fine as everything comes from bitcoind
unset($NewDonations[$Address]);
continue;
}
$Debug->log_var(array('old' => $OldDonations[$Address], 'new' => $Amount), "New donations from {$Address}");
// PHP doesn't do fixed-point math, and json_decode has already botched the precision
// so let's just round this off to satoshis and pray that we're on a 64 bit system
$Amount = round($Amount - $OldDonations[$Address], 8);
}
$NewDonations[$Address] = $Amount;
}
$Debug->log_var($NewDonations, '$NewDonations');
foreach (self::get_userids(array_keys($NewDonations)) as $Address => $UserID) {
Donations::regular_donate($UserID, $NewDonations[$Address], 'Bitcoin Parser', '', 'BTC');
self::store_donation($Address, $NewDonations[$Address]);
}
G::$Cache->cache_value('btc_total_received', $NewAmount, 0);
}
}
function notify ($Channel, $Message) {
global $LoggedUser;
send_irc("PRIVMSG ".$Channel." :".$Message." error by ".(!empty($LoggedUser['ID']) ? "http://".NONSSL_SITE_URL."/user.php?id=".$LoggedUser['ID'] ." (".$LoggedUser['Username'].")" : $_SERVER['REMOTE_ADDR']." (".geoip($_SERVER['REMOTE_ADDR']).")")." accessing http://".NONSSL_SITE_URL."".$_SERVER['REQUEST_URI'].(!empty($_SERVER['HTTP_REFERER'])? " from ".$_SERVER['HTTP_REFERER'] : ''));
}
}
$DB->query("\n\tINSERT INTO forums_topics\n\t\t(Title, AuthorID, ForumID, LastPostTime, LastPostAuthorID, CreatedTime)\n\tValues\n\t\t('" . db_string($Title) . "', '" . $LoggedUser['ID'] . "', '{$ForumID}', '" . sqltime() . "', '" . $LoggedUser['ID'] . "', '" . sqltime() . "')");
$TopicID = $DB->inserted_id();
$DB->query("\n\tINSERT INTO forums_posts\n\t\t(TopicID, AuthorID, AddedTime, Body)\n\tVALUES\n\t\t('{$TopicID}', '" . $LoggedUser['ID'] . "', '" . sqltime() . "', '" . db_string($Body) . "')");
$PostID = $DB->inserted_id();
$DB->query("\n\tUPDATE forums\n\tSET\n\t\tNumPosts = NumPosts + 1,\n\t\tNumTopics = NumTopics + 1,\n\t\tLastPostID = '{$PostID}',\n\t\tLastPostAuthorID = '" . $LoggedUser['ID'] . "',\n\t\tLastPostTopicID = '{$TopicID}',\n\t\tLastPostTime = '" . sqltime() . "'\n\tWHERE ID = '{$ForumID}'");
$DB->query("\n\tUPDATE forums_topics\n\tSET\n\t\tNumPosts = NumPosts + 1,\n\t\tLastPostID = '{$PostID}',\n\t\tLastPostAuthorID = '" . $LoggedUser['ID'] . "',\n\t\tLastPostTime = '" . sqltime() . "'\n\tWHERE ID = '{$TopicID}'");
if (isset($_POST['subscribe'])) {
Subscriptions::subscribe($TopicID);
}
if (!$NoPoll) {
// god, I hate double negatives...
$DB->query("\n\t\tINSERT INTO forums_polls\n\t\t\t(TopicID, Question, Answers)\n\t\tVALUES\n\t\t\t('{$TopicID}', '" . db_string($Question) . "', '" . db_string(serialize($Answers)) . "')");
$Cache->cache_value("polls_{$TopicID}", array($Question, $Answers, $Votes, '0000-00-00 00:00:00', '0'), 0);
if ($ForumID == STAFF_FORUM) {
send_irc('PRIVMSG ' . ADMIN_CHAN . ' :!mod Poll created by ' . $LoggedUser['Username'] . ": \"{$Question}\" " . site_url() . "forums.php?action=viewthread&threadid={$TopicID}");
}
}
// if cache exists modify it, if not, then it will be correct when selected next, and we can skip this block
if ($Forum = $Cache->get_value("forums_{$ForumID}")) {
list($Forum, , , $Stickies) = $Forum;
// Remove the last thread from the index
if (count($Forum) == TOPICS_PER_PAGE && $Stickies < TOPICS_PER_PAGE) {
array_pop($Forum);
}
if ($Stickies > 0) {
$Part1 = array_slice($Forum, 0, $Stickies, true);
// Stickies
$Part3 = array_slice($Forum, $Stickies, TOPICS_PER_PAGE - $Stickies - 1, true);
// Rest of page
} else {
