function num_compare($Field, $Operand, $Num1, $Num2 = '') { if ($Num1 != 0) { $Num1 = db_string($Num1); } if ($Num2 != 0) { $Num2 = db_string($Num2); } $Return = array(); switch ($Operand) { case 'equal': $Return[] = " {$Field} = '{$Num1}' "; break; case 'above': $Return[] = " {$Field} > '{$Num1}' "; break; case 'below': $Return[] = " {$Field} < '{$Num1}' "; break; case 'between': $Return[] = " {$Field} > '{$Num1}' "; $Return[] = " {$Field} < '{$Num2}' "; break; default: print_r($Return); die; } return $Return; }
function send() { global $keystring, $login, $email; $hash = md5('#RANDOM_PREFIX#' . mtime() . '#RANDOM_SEPARATOR#' . $login . '#WITH#' . $email . '#RANDOM_SUFFIX#'); if ($_SESSION['CAPTCHA_Keystring'] == '' || strtolower($keystring) != $_SESSION['CAPTCHA_Keystring']) { add_info('Вы не прошли тест Тьюринга на подтверждение того, что вы не бот.'); return false; } $r = db_row_value('user', "(`login` =\"{$login}\") AND (`email`=\"{$email}\") AND (`authorized`=1)"); if ($r['id'] == '') { add_info('Неверное сочетание login <-> email'); return false; } $s = unserialize($r['settings']); if ($s['restore_timestamp'] && time() - $s['restore_timestamp'] < config_get('restore-timeout')) { add_info('Вы не можете просить восстановку пароля так часто'); return false; } $s['restore_hash'] = $hash; $s['restore_timestamp'] = time(); db_update('user', array('settings' => db_string(serialize($s))), '`id`=' . $r['id']); $link = config_get('http-document-root') . '/login/restore/confirm/?id=' . $r['id'] . '&hash=' . $hash; sendmail_tpl(stripslashes($email), 'Восстановление пароля в системе ' . config_get('site-name'), 'restore', array('login' => stripslashes($login), 'email' => stripslashes($email), 'link' => $link)); return true; }
/** * Edit a comment * @param int $PostID * @param string $NewBody * @param bool $SendPM If true, send a PM to the author of the comment informing him about the edit * @todo move permission check out of here/remove hardcoded error(404) */ public static function edit($PostID, $NewBody, $SendPM = false) { $QueryID = G::$DB->get_query_id(); G::$DB->query("\n\t\t\tSELECT\n\t\t\t\tBody,\n\t\t\t\tAuthorID,\n\t\t\t\tPage,\n\t\t\t\tPageID,\n\t\t\t\tAddedTime\n\t\t\tFROM comments\n\t\t\tWHERE ID = {$PostID}"); if (!G::$DB->has_results()) { return false; } list($OldBody, $AuthorID, $Page, $PageID, $AddedTime) = G::$DB->next_record(); if (G::$LoggedUser['ID'] != $AuthorID && !check_perms('site_moderate_forums')) { return false; } G::$DB->query("\n\t\t\tSELECT CEIL(COUNT(ID) / " . TORRENT_COMMENTS_PER_PAGE . ") AS Page\n\t\t\tFROM comments\n\t\t\tWHERE Page = '{$Page}'\n\t\t\t\tAND PageID = {$PageID}\n\t\t\t\tAND ID <= {$PostID}"); list($CommPage) = G::$DB->next_record(); // Perform the update G::$DB->query("\n\t\t\tUPDATE comments\n\t\t\tSET\n\t\t\t\tBody = '" . db_string($NewBody) . "',\n\t\t\t\tEditedUserID = " . G::$LoggedUser['ID'] . ",\n\t\t\t\tEditedTime = '" . sqltime() . "'\n\t\t\tWHERE ID = {$PostID}"); // Update the cache $CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $CommPage - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE); G::$Cache->delete_value($Page . '_comments_' . $PageID . '_catalogue_' . $CatalogueID); if ($Page == 'collages') { // On collages, we also need to clear the collage key (collage_$CollageID), because it has the comments in it... (why??) G::$Cache->delete_value('collage_' . $PageID); } G::$DB->query("\n\t\t\tINSERT INTO comments_edits (Page, PostID, EditUser, EditTime, Body)\n\t\t\tVALUES ('{$Page}', {$PostID}, " . G::$LoggedUser['ID'] . ", '" . sqltime() . "', '" . db_string($OldBody) . "')"); G::$DB->set_query_id($QueryID); if ($SendPM && G::$LoggedUser['ID'] != $AuthorID) { // Send a PM to the user to notify them of the edit $PMSubject = "Your comment #{$PostID} has been edited"; $PMurl = site_url() . "comments.php?action=jump&postid={$PostID}"; $ProfLink = '[url=' . site_url() . 'user.php?id=' . G::$LoggedUser['ID'] . ']' . G::$LoggedUser['Username'] . '[/url]'; $PMBody = "One of your comments has been edited by {$ProfLink}: [url]{$PMurl}[/url]"; Misc::send_pm($AuthorID, 0, $PMSubject, $PMBody); } return true; // TODO: this should reflect whether or not the update was actually successful, e.g. by checking G::$DB->affected_rows after the UPDATE query }
/** * Update the sphinx requests delta table for a request. * * @param $RequestID */ public static function update_sphinx_requests($RequestID) { $QueryID = G::$DB->get_query_id(); G::$DB->query("\n\t\t\tSELECT REPLACE(t.Name, '.', '_')\n\t\t\tFROM tags AS t\n\t\t\t\tJOIN requests_tags AS rt ON t.ID = rt.TagID\n\t\t\tWHERE rt.RequestID = {$RequestID}"); $TagList = G::$DB->collect(0, false); $TagList = db_string(implode(' ', $TagList)); G::$DB->query("\n\t\t\tREPLACE INTO sphinx_requests_delta (\n\t\t\t\tID, UserID, TimeAdded, LastVote, CategoryID, Title, TagList,\n\t\t\t\tYear, ReleaseType, CatalogueNumber, RecordLabel, BitrateList,\n\t\t\t\tFormatList, MediaList, LogCue, FillerID, TorrentID,\n\t\t\t\tTimeFilled, Visible, Votes, Bounty)\n\t\t\tSELECT\n\t\t\t\tID, r.UserID, UNIX_TIMESTAMP(TimeAdded) AS TimeAdded,\n\t\t\t\tUNIX_TIMESTAMP(LastVote) AS LastVote, CategoryID, Title, '{$TagList}',\n\t\t\t\tYear, ReleaseType, CatalogueNumber, RecordLabel, BitrateList,\n\t\t\t\tFormatList, MediaList, LogCue, FillerID, TorrentID,\n\t\t\t\tUNIX_TIMESTAMP(TimeFilled) AS TimeFilled, Visible,\n\t\t\t\tCOUNT(rv.UserID) AS Votes, SUM(rv.Bounty) >> 10 AS Bounty\n\t\t\tFROM requests AS r\n\t\t\t\tLEFT JOIN requests_votes AS rv ON rv.RequestID = r.ID\n\t\t\tWHERE ID = {$RequestID}\n\t\t\tGROUP BY r.ID"); G::$DB->query("\n\t\t\tUPDATE sphinx_requests_delta\n\t\t\tSET ArtistList = (\n\t\t\t\t\tSELECT GROUP_CONCAT(aa.Name SEPARATOR ' ')\n\t\t\t\t\tFROM requests_artists AS ra\n\t\t\t\t\t\tJOIN artists_alias AS aa ON aa.AliasID = ra.AliasID\n\t\t\t\t\tWHERE ra.RequestID = {$RequestID}\n\t\t\t\t\tGROUP BY NULL\n\t\t\t\t\t)\n\t\t\tWHERE ID = {$RequestID}"); G::$DB->set_query_id($QueryID); G::$Cache->delete_value("request_{$RequestID}"); }
/** * Get a site option * * @param string $Name The option name * @param string $DefaultValue The value to default to if the name can't be found in the cache */ public static function getSiteOption($Name, $DefaultValue) { $Value = G::$Cache->get_value('site_option_' . $Name); if ($Value === false) { G::$DB->query("SELECT Value FROM site_options WHERE Name = '" . db_string($Name) . "'"); if (G::$DB->has_results()) { list($Value) = G::$DB->next_record(); G::$Cache->cache_value('site_option_' . $Name, $Value); } } return $Value === false ? $DefaultValue : $Value; }
/** * Unlock an account * * @param int $UserID The ID of the user to unlock * @param int $Type The lock type, should be a constant value. Used for database verification * to avoid deleting the wrong lock type * @param string $Reason The reason for unlock * @param int $UnlockedByUserID The ID of the staff member unlocking $UserID's account. 0 for system */ public static function unlock_account($UserID, $Type, $Message, $Reason, $UnlockedByUserID) { if ($UnlockedByUserID == 0) { $Username = "******"; } else { G::$DB->query("SELECT Username FROM users_main WHERE ID = '" . $UnlockedByUserID . "'"); list($Username) = G::$DB->next_record(); } G::$DB->query("DELETE FROM locked_accounts WHERE UserID = '{$UserID}' AND Type = '" . $Type . "'"); if (G::$DB->affected_rows() == 1) { G::$Cache->delete_value("user_info_" . $UserID); Tools::update_user_notes($UserID, sqltime() . " - " . db_string($Message) . " by {$Username}\nReason: " . db_string($Reason) . "\n\n"); } }
function WT_PutChecker() { global $id, $err, $desc; if (!WT_IPC_CheckLogin()) { return; } if ($id == '') { print 'Void filename for WT_PutChecker()'; return; } $data = db_row_value('tester_checkers', "`id`={$id}"); $s = unserialize($data['settings']); $s['ERR'] = $err; $s['DESC'] = $desc; db_update('tester_checkers', array('uploaded' => 'TRUE', 'settings' => db_string(serialize($s))), "`id`={$id}"); }
function build_search($SearchStr,$Field,$Exact=false,$SQLWhere='',$FullText=0,&$FilterString='') { if($SQLWhere!='') { $AddWhere=false; } else { $AddWhere=true; } if(!$Exact) { if ($FullText && preg_match('/[^a-zA-Z0-9 ]/i',$SearchStr)) { $FullText=0; } $SearchLength=strlen(trim($SearchStr)); $SearchStr=preg_replace('/\s\s+/',' ',trim($SearchStr)); $SearchStr=preg_replace_callback('/"(([^"])*)"/','quotes',$SearchStr); $SearchStr=explode(" ",$SearchStr); $FilterString="(.+?)"; foreach($SearchStr as $SearchVal) { if(trim($SearchVal)!='') { $SearchVal=trim($SearchVal); $SearchVal=str_replace("{{SPACE}}"," ",$SearchVal); // Choose between fulltext or LIKE based off length of the string if ($FullText && strlen($SearchVal)>2) { if($SQLWhere!='') { $SQLWhere.=" AND "; } if (substr($SearchVal,0,1)=='-') { $SQLWhere.="MATCH (".$Field.") AGAINST ('".db_string($SearchVal)."' IN BOOLEAN MODE)"; } else { $SQLWhere.="MATCH (".$Field.") AGAINST ('".db_string($SearchVal)."')"; } } else { if($SQLWhere!='') { $SQLWhere.=" AND "; } if (substr($SearchVal,0,1)=="-") { $SQLWhere.=$Field." NOT LIKE '%".db_string(substr($SearchVal,1))."%'"; } else { $SQLWhere.=$Field." LIKE '%".db_string($SearchVal)."%'"; } } $FilterString.="(".$SearchVal.")(.+?)"; } } } else { if($SQLWhere!='') { $SQLWhere.=" AND "; } $SQLWhere.=$Field." LIKE '".db_string($SearchStr)."'"; $FilterString.="(.+?)(".$SearchStr.")(.+?)"; } $Search = 1; $FilterString="/".$FilterString."/si"; if($SQLWhere!='' && $AddWhere) { $SQLWhere="WHERE ".$SQLWhere; } return $SQLWhere; }
public static function create_personal_collage() { G::$DB->query("\n\t\t\tSELECT\n\t\t\t\tCOUNT(ID)\n\t\t\tFROM collages\n\t\t\tWHERE UserID = '" . G::$LoggedUser['ID'] . "'\n\t\t\t\tAND CategoryID = '0'\n\t\t\t\tAND Deleted = '0'"); list($CollageCount) = G::$DB->next_record(); if ($CollageCount >= G::$LoggedUser['Permissions']['MaxCollages']) { // TODO: fix this, the query was for COUNT(ID), so I highly doubt that this works... - Y list($CollageID) = G::$DB->next_record(); header('Location: collage.php?id=' . $CollageID); die; } $NameStr = db_string(G::$LoggedUser['Username'] . "'s personal collage" . ($CollageCount > 0 ? ' no. ' . ($CollageCount + 1) : '')); $Description = db_string('Personal collage for ' . G::$LoggedUser['Username'] . '. The first 5 albums will appear on his or her [url=' . site_url() . 'user.php?id= ' . G::$LoggedUser['ID'] . ']profile[/url].'); G::$DB->query("\n\t\t\tINSERT INTO collages\n\t\t\t\t(Name, Description, CategoryID, UserID)\n\t\t\tVALUES\n\t\t\t\t('{$NameStr}', '{$Description}', '0', " . G::$LoggedUser['ID'] . ")"); $CollageID = G::$DB->inserted_id(); header('Location: collage.php?id=' . $CollageID); die; }
public static function update_event($ID, $Title, $Body, $Category, $Importance, $Team, $StartDate, $EndDate = null) { if (!is_number($ID) || empty($Title) || empty($Body) || !is_number($Category) || !is_number($Importance) || !is_number($Team) || empty($StartDate)) { error("Error updating event"); } $ID = (int) $ID; $Title = db_string($Title); $Body = db_string($Body); $Category = (int) $Category; $Importance = (int) $Importance; $Team = (int) $Team; $StartDate = db_string($StartDate); $EndDate = db_string($EndDate); $QueryID = G::$DB->get_query_id(); G::$DB->query("\n\t\t\t\t\t\tUPDATE calendar\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\tTitle = '{$Title}',\n\t\t\t\t\t\t\tBody = '{$Body}',\n\t\t\t\t\t\t\tCategory = '{$Category}',\n\t\t\t\t\t\t\tImportance = '{$Importance}',\n\t\t\t\t\t\t\tTeam = '{$Team}',\n\t\t\t\t\t\t\tStartDate = '{$StartDate}',\n\t\t\t\t\t\t\tEndDate = '{$EndDate}'\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tID = '{$ID}'"); G::$DB->set_query_id($QueryID); }
function btc_address($UserID, $GenAddress = false) { global $DB; $UserID = (int) $UserID; $DB->query("\n\t\tSELECT BitcoinAddress\n\t\tFROM users_info\n\t\tWHERE UserID = '{$UserID}'"); list($Addr) = $DB->next_record(); if (!empty($Addr)) { return $Addr; } elseif ($GenAddress) { if (empty($NewAddr)) { error(0); } $DB->query("\n\t\t\tUPDATE users_info\n\t\t\tSET BitcoinAddress = '" . db_string($NewAddr) . "'\n\t\t\tWHERE UserID = '{$UserID}'\n\t\t\t\tAND BitcoinAddress IS NULL"); return $NewAddr; } else { return false; } }
function WT_PutSolution() { global $id, $lid, $ERRORS, $POINTS, $XPFS; $optional_params = array('REPORT'); $update_params = array('COMPILER_MESSAGES', 'TESTS'); if (!WT_IPC_CheckLogin()) { return; } if (!isset($id) || !isset($lid)) { print 'Void filename for WT_PutSOlution'; return; } $r = db_row_value('tester_solutions', "`id`={$id} AND `lid`={$lid}"); $p = unserialize($r['parameters']); for ($i = 0; $i < count($update_params); $i++) { if (isset($_POST[$update_params[$i]])) { $p[$update_params[$i]] = stripslashes($_POST[$update_params[$i]]); } } if ($POINTS == '') { $POINTS = 0; } $n = count($optional_params); for ($i = 0; $i < $n; $i++) { $p[$optional_params[$i]] = stripslashes($GLOBALS[$optional_params[$i]]); } unset($p['force_status']); $data = array(); if (isset($_POST['SOLUTION_OUTPUT'])) { $data['outputs'] = stripslashes($_POST['SOLUTION_OUTPUT']); } if (isset($_POST['CHECKER_OUTPUT'])) { $data['checker_outputs'] = stripslashes($_POST['CHECKER_OUTPUT']); } if (count($data) > 0) { $path = '/tester/testing/'; $XPFS->CreateDirWithParents($path); $XPFS->removeItem($path . '/' . $id); $XPFS->createFile($path, $id, 0, db_pack($data)); } db_update('tester_solutions', array('status' => 2, 'points' => $POINTS, 'errors' => db_string($ERRORS), 'parameters' => db_string(serialize($p))), "`id`={$id} AND `lid`={$lid}"); }
function WT_PutProblem() { global $id, $lid, $err, $desc; if (!WT_IPC_CheckLogin()) { return; } if ($id == '') { print 'Void filename for WT_PutProblem()'; return; } if ($lid == '') { print 'Void library identifier for WT_PutProblem()'; return; } $data = db_row_value('tester_problems', "(`id`={$id}) AND (`lid`={$lid})"); $s = unserialize($data['settings']); $s['ERR'] = $err; $s['DESC'] = $desc; unset($s['filename']); db_update('tester_problems', array('uploaded' => $err != 'OK' ? 1 : 2, 'settings' => db_string(serialize($s))), "(`id`={$id}) AND (`lid`={$lid})"); }
function reset_image($UserID, $Type, $AdminComment, $PrivMessage) { if ($Type === 'avatar') { $CacheKey = "user_info_{$UserID}"; $DBTable = 'users_info'; $DBColumn = 'Avatar'; $PMSubject = 'Your avatar has been automatically reset'; } elseif ($Type === 'avatar2') { $CacheKey = "donor_info_{$UserID}"; $DBTable = 'donor_rewards'; $DBColumn = 'SecondAvatar'; $PMSubject = 'Your second avatar has been automatically reset'; } elseif ($Type === 'donoricon') { $CacheKey = "donor_info_{$UserID}"; $DBTable = 'donor_rewards'; $DBColumn = 'CustomIcon'; $PMSubject = 'Your donor icon has been automatically reset'; } $UserInfo = G::$Cache->get_value($CacheKey, true); if ($UserInfo !== false) { if ($UserInfo[$DBColumn] === '') { // This image has already been reset return; } $UserInfo[$DBColumn] = ''; G::$Cache->cache_value($CacheKey, $UserInfo, 2592000); // cache for 30 days } // reset the avatar or donor icon URL G::$DB->query("\n\t\tUPDATE {$DBTable}\n\t\tSET {$DBColumn} = ''\n\t\tWHERE UserID = '{$UserID}'"); // write comment to staff notes G::$DB->query("\n\t\tUPDATE users_info\n\t\tSET AdminComment = CONCAT('" . sqltime() . ' - ' . db_string($AdminComment) . "\n\n', AdminComment)\n\t\tWHERE UserID = '{$UserID}'"); // clear cache keys G::$Cache->delete_value($CacheKey); Misc::send_pm($UserID, 0, $PMSubject, $PrivMessage); }
/** * Get a user's existing bitcoin address or generate a new one * * @param int $UserID * @param bool $GenAddress whether to create a new address if it doesn't exist * @return false if no address exists and $GenAddress is false * string bitcoin address otherwise */ public static function get_address($UserID, $GenAddress = false) { $UserID = (int) $UserID; $QueryID = G::$DB->get_query_id(); G::$DB->query("\n\t\t\tSELECT BitcoinAddress\n\t\t\tFROM users_info\n\t\t\tWHERE UserID = '{$UserID}'"); list($Addr) = G::$DB->next_record(); G::$DB->set_query_id($QueryID); if (!empty($Addr)) { return $Addr; } elseif ($GenAddress) { if (defined('BITCOIN_RPC_URL')) { $NewAddr = BitcoinRpc::getnewaddress(); } if (empty($NewAddr)) { error(0); } $QueryID = G::$DB->get_query_id(); G::$DB->query("\n\t\t\t\tUPDATE users_info\n\t\t\t\tSET BitcoinAddress = '" . db_string($NewAddr) . "'\n\t\t\t\tWHERE UserID = '{$UserID}'\n\t\t\t\t\tAND BitcoinAddress IS NULL"); G::$DB->set_query_id($QueryID); return $NewAddr; } else { return false; } }
function log_attempt($UserID) { global $DB, $Cache, $AttemptID, $Attempts, $Bans, $BannedUntil; $IPStr = $_SERVER['REMOTE_ADDR']; $IPA = substr($IPStr, 0, strcspn($IPStr, '.')); $IP = Tools::ip_to_unsigned($IPStr); if ($AttemptID) { // User has attempted to log in recently $Attempts++; if ($Attempts > 5) { // Only 6 allowed login attempts, ban user's IP $BannedUntil = time_plus(60 * 60 * 6); $DB->query("\n\t\t\t\t\tUPDATE login_attempts\n\t\t\t\t\tSET\n\t\t\t\t\t\tLastAttempt = '" . sqltime() . "',\n\t\t\t\t\t\tAttempts = '" . db_string($Attempts) . "',\n\t\t\t\t\t\tBannedUntil = '" . db_string($BannedUntil) . "',\n\t\t\t\t\t\tBans = Bans + 1\n\t\t\t\t\tWHERE ID = '" . db_string($AttemptID) . "'"); if ($Bans > 9) { // Automated bruteforce prevention $DB->query("\n\t\t\t\t\t\tSELECT Reason\n\t\t\t\t\t\tFROM ip_bans\n\t\t\t\t\t\tWHERE {$IP} BETWEEN FromIP AND ToIP"); if ($DB->has_results()) { //Ban exists already, only add new entry if not for same reason list($Reason) = $DB->next_record(MYSQLI_BOTH, false); if ($Reason != 'Automated ban per >60 failed login attempts') { $DB->query("\n\t\t\t\t\t\t\t\tUPDATE ip_bans\n\t\t\t\t\t\t\t\tSET Reason = CONCAT('Automated ban per >60 failed login attempts AND ', Reason)\n\t\t\t\t\t\t\t\tWHERE FromIP = {$IP}\n\t\t\t\t\t\t\t\t\tAND ToIP = {$IP}"); } } else { //No ban $DB->query("\n\t\t\t\t\t\t\tINSERT IGNORE INTO ip_bans\n\t\t\t\t\t\t\t\t(FromIP, ToIP, Reason)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t('{$IP}','{$IP}', 'Automated ban per >60 failed login attempts')"); $Cache->delete_value("ip_bans_{$IPA}"); } } } else { // User has attempted fewer than 6 logins $DB->query("\n\t\t\t\t\tUPDATE login_attempts\n\t\t\t\t\tSET\n\t\t\t\t\t\tLastAttempt = '" . sqltime() . "',\n\t\t\t\t\t\tAttempts = '" . db_string($Attempts) . "',\n\t\t\t\t\t\tBannedUntil = '0000-00-00 00:00:00'\n\t\t\t\t\tWHERE ID = '" . db_string($AttemptID) . "'"); } } else { // User has not attempted to log in recently $Attempts = 1; $DB->query("\n\t\t\t\tINSERT INTO login_attempts\n\t\t\t\t\t(UserID, IP, LastAttempt, Attempts)\n\t\t\t\tVALUES\n\t\t\t\t\t('" . db_string($UserID) . "', '" . db_string($IPStr) . "', '" . sqltime() . "', 1)"); } }
include(SERVER_ROOT.'/classes/class_templates.php'); $TPL=NEW TEMPLATE; $TPL->open(SERVER_ROOT.'/templates/new_registration.tpl'); $TPL->set('Username',$_REQUEST['username']); $TPL->set('TorrentKey',$torrent_pass); $TPL->set('SITE_NAME',SITE_NAME); $TPL->set('SITE_URL',SITE_URL); send_email($_REQUEST['email'],'New account confirmation at '.SITE_NAME,$TPL->get(),'noreply'); $Sent=1; } } elseif($_GET['invite']) { // If they haven't submitted the form, check to see if their invite is good $DB->query("SELECT InviteKey FROM invites WHERE InviteKey='".db_string($_GET['invite'])."'"); if($DB->record_count() == 0){ error('Invite not found!'); } } include('step1.php'); } elseif(!OPEN_REGISTRATION) { if (isset($_GET['welcome'])) { include('code.php'); } else { include('closed.php'); } } ?>
authorize(); include SERVER_ROOT . '/classes/validate.class.php'; $Val = new VALIDATE(); $P = array(); $P = db_array($_POST); if ($P['category'] > 0 || check_perms('site_collages_renamepersonal')) { $Val->SetFields('name', '1', 'string', 'The name must be between 3 and 100 characters', array('maxlength' => 100, 'minlength' => 3)); } else { // Get a collage name and make sure it's unique $name = $LoggedUser['Username'] . "'s personal collage"; $P['name'] = db_string($name); $DB->query("\n\t\tSELECT ID\n\t\tFROM collages\n\t\tWHERE Name = '" . $P['name'] . "'"); $i = 2; while ($DB->has_results()) { $P['name'] = db_string("{$name} no. {$i}"); $DB->query("\n\t\t\tSELECT ID\n\t\t\tFROM collages\n\t\t\tWHERE Name = '" . $P['name'] . "'"); $i++; } } $Val->SetFields('description', '1', 'string', 'The description must be between 10 and 65535 characters', array('maxlength' => 65535, 'minlength' => 10)); $Err = $Val->ValidateForm($_POST); if (!$Err && $P['category'] === '0') { $DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM collages\n\t\tWHERE UserID = '{$LoggedUser['ID']}'\n\t\t\tAND CategoryID = '0'\n\t\t\tAND Deleted = '0'"); list($CollageCount) = $DB->next_record(); if ($CollageCount >= $LoggedUser['Permissions']['MaxCollages'] || !check_perms('site_collages_personal')) { $Err = 'You may not create a personal collage.'; } elseif (check_perms('site_collages_renamepersonal') && !stristr($P['name'], $LoggedUser['Username'])) { $Err = 'Your personal collage\'s title must include your username.'; } }
enforce_login(); // Get user level $DB->query(' SELECT i.SupportFor, p.DisplayStaff FROM users_info AS i JOIN users_main AS m ON m.ID = i.UserID JOIN permissions AS p ON p.ID = m.PermissionID WHERE i.UserID = ' . $LoggedUser['ID']); list($SupportFor, $DisplayStaff) = $DB->next_record(); if (!($SupportFor != '' || $DisplayStaff == '1')) { // Logged in user is not FLS or Staff error(403); } if (($Message = db_string($_POST['message'])) && ($Name = db_string($_POST['name']))) { $ID = (int) $_POST['id']; if (is_numeric($ID)) { if ($ID == 0) { // Create new response $DB->query("\n\t\t\t\tINSERT INTO staff_pm_responses (Message, Name)\n\t\t\t\tVALUES ('{$Message}', '{$Name}')"); echo '1'; } else { $DB->query("\n\t\t\t\tSELECT *\n\t\t\t\tFROM staff_pm_responses\n\t\t\t\tWHERE ID = {$ID}"); if ($DB->has_results()) { // Edit response $DB->query("\n\t\t\t\t\tUPDATE staff_pm_responses\n\t\t\t\t\tSET Message = '{$Message}', Name = '{$Name}'\n\t\t\t\t\tWHERE ID = {$ID}"); echo '2'; } else { // Create new response $DB->query("\n\t\t\t\t\tINSERT INTO staff_pm_responses (Message, Name)\n\t\t\t\t\tVALUES ('{$Message}', '{$Name}')");
} $UserID = $LoggedUser['ID']; $GroupID = db_string($_POST['groupid']); $Summaries = $_POST['summary']; $Images = $_POST['image']; $Time = sqltime(); if (!is_number($GroupID) || !$GroupID) { error(0); } if (count($Images) != count($Summaries)) { error('Missing an image or a summary'); } $Changed = false; for ($i = 0; $i < count($Images); $i++) { $Image = $Images[$i]; $Summary = $Summaries[$i]; if (ImageTools::blacklisted($Image, true) || !preg_match("/^" . IMAGE_REGEX . "\$/i", $Image)) { continue; } // sanitize inputs $Image = db_string($Image); $Summary = db_string($Summary); $DB->query("\n\t\tINSERT IGNORE INTO cover_art\n\t\t\t(GroupID, Image, Summary, UserID, Time)\n\t\tVALUES\n\t\t\t('{$GroupID}', '{$Image}', '{$Summary}', '{$UserID}', '{$Time}')"); if ($DB->affected_rows()) { $Changed = true; } } if ($Changed) { $Cache->delete_value("torrents_cover_art_{$GroupID}"); } header('Location: ' . $_SERVER['HTTP_REFERER']);
/********************************************************************** *>>>>>>>>>>>>>>>>>>>>>>>>>>> User search <<<<<<<<<<<<<<<<<<<<<<<<<<<<* **********************************************************************/ if (!empty($_GET['search'])) { $_GET['username'] = $_GET['search']; } define('USERS_PER_PAGE', 30); if (isset($_GET['username'])) { $_GET['username'] = trim($_GET['username']); // form submitted $Val->SetFields('username', '1', 'username', 'Please enter a username.'); $Err = $Val->ValidateForm($_GET); if (!$Err) { // Passed validation. Let's rock. list($Page, $Limit) = page_limit(USERS_PER_PAGE); $DB->query("SELECT SQL_CALC_FOUND_ROWS\n\t\t\tID,\n\t\t\tUsername,\n\t\t\tEnabled,\n\t\t\tPermissionID,\n\t\t\tDonor,\n\t\t\tWarned\n\t\t\tFROM users_main AS um\n\t\t\tJOIN users_info AS ui ON ui.UserID=um.ID\n\t\t\tWHERE Username LIKE '%" . db_string($_GET['username']) . "%'\n\t\t\tORDER BY Username\n\t\t\tLIMIT {$Limit}"); $Results = $DB->to_array(); $DB->query('SELECT FOUND_ROWS();'); list($NumResults) = $DB->next_record(); } } show_header('User search'); ?> <div class="thin"> <h3>Search results</h3> <div class="linkbox"> <?php $Pages = get_pages($Page, $NumResults, USERS_PER_PAGE, 9); echo $Pages; ?> </div>
<?php // perform the back end of updating a report comment authorize(); if (!check_perms('admin_reports')) { error(403); } if (empty($_POST['reportid']) || !is_number($_POST['reportid'])) { echo 'HAX ATTEMPT!' . $_GET['reportid']; die; } $ReportID = $_POST['reportid']; $Message = db_string($_POST['comment']); //Message can be blank! $DB->query("\n\tSELECT ModComment\n\tFROM reportsv2\n\tWHERE ID = {$ReportID}"); list($ModComment) = $DB->next_record(); if (isset($ModComment)) { $DB->query("\n\t\tUPDATE reportsv2\n\t\tSET ModComment = '{$Message}'\n\t\tWHERE ID = {$ReportID}"); }
$Defaults = unserialize($Defaults); $Delta=array(); if (isset($_POST['action'])) { foreach ($PermissionsArray as $Perm => $Explaination) { $Setting = (isset($_POST['perm_'.$Perm]))?1:0; $Default = (isset($Defaults[$Perm]))?1:0; if ($Setting != $Default) { $Delta[$Perm] = $Setting; } } $Cache->begin_transaction('user_info_heavy_'.$UserID); $Cache->update_row(false, array('CustomPermissions' => $Delta)); $Cache->commit_transaction(0); $DB->query("UPDATE users_main SET CustomPermissions='".db_string(serialize($Delta))."' WHERE ID='$UserID'"); } elseif (!empty($Customs)) { $Delta = unserialize($Customs); } $Permissions = array_merge($Defaults,$Delta); function display_perm($Key,$Title) { global $Defaults, $Permissions; $Perm='<input id="default_'.$Key.'" type="checkbox" disabled'; if (isset($Defaults[$Key]) && $Defaults[$Key]) { $Perm.=' checked'; } $Perm.=' /><input type="checkbox" name="perm_'.$Key.'" id="'.$Key.'" value="1"'; if (isset($Permissions[$Key]) && $Permissions[$Key]) { $Perm.=' checked'; } $Perm.=' /> <label for="'.$Key.'">'.$Title.'</label><br />'; echo $Perm; }
Please visit us soon so we can help you resolve this matter.', 'noreply'); } if ($MergeStatsFrom && check_perms('users_edit_ratio')) { $DB->query("\n\t\tSELECT ID, Uploaded, Downloaded\n\t\tFROM users_main\n\t\tWHERE Username LIKE '{$MergeStatsFrom}'"); if ($DB->has_results()) { list($MergeID, $MergeUploaded, $MergeDownloaded) = $DB->next_record(); $DB->query("\n\t\t\tUPDATE users_main AS um\n\t\t\t\tJOIN users_info AS ui ON um.ID = ui.UserID\n\t\t\tSET\n\t\t\t\tum.Uploaded = 0,\n\t\t\t\tum.Downloaded = 0,\n\t\t\t\tui.AdminComment = CONCAT('" . sqltime() . ' - Stats (Uploaded: ' . Format::get_size($MergeUploaded) . ', Downloaded: ' . Format::get_size($MergeDownloaded) . ', Ratio: ' . Format::get_ratio($MergeUploaded, $MergeDownloaded) . ') merged into ' . site_url() . "user.php?id={$UserID} (" . $Cur['Username'] . ') by ' . $LoggedUser['Username'] . "\n\n', ui.AdminComment)\n\t\t\tWHERE ID = {$MergeID}"); $UpdateSet[] = "Uploaded = Uploaded + '{$MergeUploaded}'"; $UpdateSet[] = "Downloaded = Downloaded + '{$MergeDownloaded}'"; $EditSummary[] = 'stats merged from ' . site_url() . "user.php?id={$MergeID} ({$MergeStatsFrom}) (previous stats: Uploaded: " . Format::get_size($Cur['Uploaded']) . ', Downloaded: ' . Format::get_size($Cur['Downloaded']) . ', Ratio: ' . Format::get_ratio($Cur['Uploaded'], $Cur['Downloaded']) . ')'; $Cache->delete_value("user_stats_{$UserID}"); $Cache->delete_value("user_stats_{$MergeID}"); } } if ($Pass && check_perms('users_edit_password')) { $UpdateSet[] = "PassHash = '" . db_string(Users::make_crypt_hash($Pass)) . "'"; $EditSummary[] = 'password reset'; $Cache->delete_value("user_info_{$UserID}"); $Cache->delete_value("user_info_heavy_{$UserID}"); $Cache->delete_value("user_stats_{$UserID}"); $Cache->delete_value("enabled_{$UserID}"); $DB->query("\n\t\tSELECT SessionID\n\t\tFROM users_sessions\n\t\tWHERE UserID = '{$UserID}'"); while (list($SessionID) = $DB->next_record()) { $Cache->delete_value("session_{$UserID}_{$SessionID}"); } $Cache->delete_value("users_sessions_{$UserID}"); $DB->query("\n\t\tDELETE FROM users_sessions\n\t\tWHERE UserID = '{$UserID}'"); } if (empty($UpdateSet) && empty($EditSummary)) { if (!$Reason) { if (str_replace("\r", '', $Cur['AdminComment']) != str_replace("\r", '', $AdminComment) && check_perms('users_disable_any')) {
$DB->query("UPDATE torrents SET PointBonus='" . $Bonus . "' WHERE GroupID = " . db_string($GroupID)); if ($Length) { $f = mktime() + $Length * 60 * 60; $m = date('i', mktime()); if ($m == 0 || $m > 45) { $Expires = gmdate('Y-m-d H:00:00', $f); } elseif ($m <= 15) { $Expires = gmdate('Y-m-d H:15:00', $f); } elseif ($m <= 30) { $Expires = gmdate('Y-m-d H:30:00', $f); } elseif ($m <= 45) { $Expires = gmdate('Y-m-d H:45:00', $f); } $DB->query("UPDATE torrents_recommended SET Expires='" . $Expires . "' WHERE GroupID = " . db_string($GroupID)); } $DB->query("UPDATE torrents_recommended SET Active='1', DisplayHomePage='1' WHERE GroupID = " . db_string($GroupID)); $Cache->delete_value('detail_' . $GroupID . '_'); $Cache->delete_value('collage_' . $Staffcollectionid); $Cache->delete_value('recommend'); $Cache->delete_value('recommend_artists'); $Cache->cache_value('recommended_' . $GroupID, $Expires, 0); } // Remove old staff picks from freeleech $t = gmdate('Y-m-d H:i:s', time()); $DB->query("SELECT tr.GroupID\nFROM torrents_recommended AS tr\nWHERE tr.Expires < '{$t}' AND tr.Active='1'"); while (list($GroupID, $UserID) = $DB->next_record()) { $DB->query("DELETE FROM torrents_recommended WHERE GroupID='{$GroupID}'"); $Cache->delete_value('detail_' . $GroupID . '_'); // Wtf is this z? $Cache->delete_value('recommended_' . $GroupID); $Cache->delete_value('torrent_group_' . $GroupID);
<? if(!check_perms('torrents_edit')) { error(403); } $GroupID = $_POST['groupid']; $OldGroupID = $GroupID; $NewGroupID = db_string($_POST['targetgroupid']); if(!$GroupID || !is_number($GroupID)) { error(404); } if(!$NewGroupID || !is_number($NewGroupID)) { error(404); } if($NewGroupID == $GroupID) { error('Old group ID is the same as new group ID!'); } $DB->query("SELECT ID FROM torrents_group WHERE ID='$NewGroupID'"); if($DB->record_count()==0) { error('Target group does not exist.'); } //Everything is legit, let's just confim they're not retarded if(empty($_POST['confirm'])) { $DB->query("SELECT Name FROM torrents_group WHERE ID = ".$GroupID); list($Name) = $DB->next_record(); $DB->query("SELECT Name FROM torrents_group WHERE ID = ".$NewGroupID); list($NewName) = $DB->next_record(); $Artists = get_artists(array($GroupID, $NewGroupID)); show_header(); ?> <div class="center thin"> <h2>Merge Confirm!</h2> <div class="box pad">
$Title = db_string($_POST['title']); $Body = db_string($_POST['body']); $ThreadID = $_POST['thread']; if ($ThreadID && is_number($ThreadID)) { $DB->query("\n\t\t\t\t\t\tSELECT ForumID\n\t\t\t\t\t\tFROM forums_topics\n\t\t\t\t\t\tWHERE ID = {$ThreadID}"); if (!$DB->has_results()) { error('No such thread exists!'); header('Location: blog.php'); } } else { $ThreadID = Misc::create_thread(ANNOUNCEMENT_FORUM_ID, $LoggedUser[ID], $Title, $Body); if ($ThreadID < 1) { error(0); } } $DB->query("\n\t\t\t\t\tINSERT INTO blog\n\t\t\t\t\t\t(UserID, Title, Body, Time, ThreadID, Important)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('" . $LoggedUser['ID'] . "',\n\t\t\t\t\t\t'" . db_string($_POST['title']) . "',\n\t\t\t\t\t\t'" . db_string($_POST['body']) . "',\n\t\t\t\t\t\t'" . sqltime() . "',\n\t\t\t\t\t\t{$ThreadID},\n\t\t\t\t\t\t'" . ($_POST['important'] == '1' ? '1' : '0') . "')"); $Cache->delete_value('blog'); if ($_POST['important'] == '1') { $Cache->delete_value('blog_latest_id'); } if (isset($_POST['subscribe'])) { $DB->query("\n\t\t\t\t\t\tINSERT IGNORE INTO users_subscriptions\n\t\t\t\t\t\tVALUES ('{$LoggedUser['ID']}', {$ThreadID})"); $Cache->delete_value('subscriptions_user_' . $LoggedUser['ID']); } NotificationsManager::send_push(NotificationsManager::get_push_enabled_users(), $_POST['title'], $_POST['body'], site_url() . 'index.php', NotificationsManager::BLOG); header('Location: blog.php'); break; } } ?> <div class="box thin">
function torrentid_to_groupid($TorrentID) { global $Cache, $DB; $DB->query("\n\t\tSELECT GroupID\n\t\tFROM torrents\n\t\tWHERE ID = '" . db_string($TorrentID) . "'"); $GroupID = (int) array_pop($DB->next_record(MYSQLI_ASSOC)); if ($GroupID) { return $GroupID; } return null; }
} if (!$TorrentID || !is_number($TorrentID)) { error(404); } } //Torrent exists, check it's applicable $DB->query("\n\tSELECT\n\t\tt.UserID,\n\t\tt.Time,\n\t\ttg.ReleaseType,\n\t\tt.Encoding,\n\t\tt.Format,\n\t\tt.Media,\n\t\tt.HasLog,\n\t\tt.HasCue,\n\t\tt.LogScore,\n\t\ttg.CategoryID,\n\t\tIF(t.Remastered = '1', t.RemasterCatalogueNumber, tg.CatalogueNumber)\n\tFROM torrents AS t\n\t\tLEFT JOIN torrents_group AS tg ON t.GroupID = tg.ID\n\tWHERE t.ID = {$TorrentID}\n\tLIMIT 1"); if (!$DB->has_results()) { error(404); } list($UploaderID, $UploadTime, $TorrentReleaseType, $Bitrate, $Format, $Media, $HasLog, $HasCue, $LogScore, $TorrentCategoryID, $TorrentCatalogueNumber) = $DB->next_record(); $FillerID = $LoggedUser['ID']; $FillerUsername = $LoggedUser['Username']; if (!empty($_POST['user']) && check_perms('site_moderate_requests')) { $FillerUsername = $_POST['user']; $DB->query("\n\t\tSELECT ID\n\t\tFROM users_main\n\t\tWHERE Username LIKE '" . db_string($FillerUsername) . "'"); if (!$DB->has_results()) { $Err = 'No such user to fill for!'; } else { list($FillerID) = $DB->next_record(); } } if (time_ago($UploadTime) < 3600 && $UploaderID !== $FillerID && !check_perms('site_moderate_requests')) { $Err = 'There is a one hour grace period for new uploads to allow the torrent\'s uploader to fill the request.'; } $DB->query("\n\tSELECT\n\t\tTitle,\n\t\tUserID,\n\t\tTorrentID,\n\t\tCategoryID,\n\t\tReleaseType,\n\t\tCatalogueNumber,\n\t\tBitrateList,\n\t\tFormatList,\n\t\tMediaList,\n\t\tLogCue\n\tFROM requests\n\tWHERE ID = {$RequestID}"); list($Title, $RequesterID, $OldTorrentID, $RequestCategoryID, $RequestReleaseType, $RequestCatalogueNumber, $BitrateList, $FormatList, $MediaList, $LogCue) = $DB->next_record(); if (!empty($OldTorrentID)) { $Err = 'This request has already been filled.'; } if ($RequestCategoryID !== '0' && $TorrentCategoryID !== $RequestCategoryID) {
/** * Regenerate a torrent's file list from its meta data, * update the database record and clear relevant cache keys * * @param int $TorrentID */ public static function regenerate_filelist($TorrentID) { $QueryID = G::$DB->get_query_id(); G::$DB->query("\n\t\t\tSELECT tg.ID,\n\t\t\t\ttf.File\n\t\t\tFROM torrents_files AS tf\n\t\t\t\tJOIN torrents AS t ON t.ID = tf.TorrentID\n\t\t\t\tJOIN torrents_group AS tg ON tg.ID = t.GroupID\n\t\t\tWHERE tf.TorrentID = {$TorrentID}"); if (G::$DB->has_results()) { list($GroupID, $Contents) = G::$DB->next_record(MYSQLI_NUM, false); if (Misc::is_new_torrent($Contents)) { $Tor = new BencodeTorrent($Contents); $FilePath = isset($Tor->Dec['info']['files']) ? Format::make_utf8($Tor->get_name()) : ''; } else { $Tor = new TORRENT(unserialize(base64_decode($Contents)), true); $FilePath = isset($Tor->Val['info']->Val['files']) ? Format::make_utf8($Tor->get_name()) : ''; } list($TotalSize, $FileList) = $Tor->file_list(); foreach ($FileList as $File) { $TmpFileList[] = self::filelist_format_file($File); } $FileString = implode("\n", $TmpFileList); G::$DB->query("\n\t\t\t\tUPDATE torrents\n\t\t\t\tSET Size = {$TotalSize}, FilePath = '" . db_string($FilePath) . "', FileList = '" . db_string($FileString) . "'\n\t\t\t\tWHERE ID = {$TorrentID}"); G::$Cache->delete_value("torrents_details_{$GroupID}"); } G::$DB->set_query_id($QueryID); }