public function analysis($Message, $Report = '', $Time = 43200) { global $Cache, $Document; if (empty($Report)) { $Report = $Message; } $Identifier = make_secret(5); $Cache->cache_value('analysis_' . $Identifier, array('url' => $_SERVER['REQUEST_URI'], 'message' => $Report, 'errors' => $this->get_errors(true), 'queries' => $this->get_queries(), 'flags' => $this->get_flags(), 'includes' => $this->get_includes(), 'cache' => $this->get_cache_keys(), 'vars' => $this->get_logged_vars()), $Time); send_irc('PRIVMSG ' . LAB_CHAN . ' :' . $Message . ' ' . $Document . ' ' . ' http://' . NONSSL_SITE_URL . '/tools.php?action=analysis&case=' . $Identifier . ' http://' . NONSSL_SITE_URL . $_SERVER['REQUEST_URI']); }
public function analysis($Message, $Report = '', $Time = 43200) { global $Document; if (empty($Report)) { $Report = $Message; } $Identifier = Users::make_secret(5); G::$Cache->cache_value('analysis_' . $Identifier, array('url' => $_SERVER['REQUEST_URI'], 'message' => $Report, 'errors' => $this->get_errors(true), 'queries' => $this->get_queries(), 'flags' => $this->get_flags(), 'includes' => $this->get_includes(), 'cache' => $this->get_cache_keys(), 'vars' => $this->get_logged_vars(), 'perf' => $this->get_perf(), 'ocelot' => $this->get_ocelot_requests()), $Time); $RequestURI = !empty($_SERVER['REQUEST_URI']) ? substr($_SERVER['REQUEST_URI'], 1) : ''; send_irc('PRIVMSG ' . LAB_CHAN . " :{$Message} {$Document} " . site_url() . "tools.php?action=analysis&case={$Identifier} " . site_url() . $RequestURI); }
/** * Send an email. * * We can do this one of two ways - either using MailGun or with PHP's mail function. * Checks for EMAIL_DELIVERY_TYPE and then proceeds as directed to send e-mail. * * @param string $To the email address to send it to. * @param string $Subject * @param string $Body * @param string $From The user part of the user@NONSSL_SITE_URL email address. * @param string $ContentType text/plain or text/html */ public static function send_email($To, $Subject, $Body, $From, $ContentType) { switch (EMAIL_DELIVERY_TYPE) { case 'local': // remove the next line if you want to send HTML email from some places... $ContentType='text/plain'; $Headers = 'MIME-Version: 1.0'."\r\n"; $Headers .= 'Content-type: '.$ContentType.'; charset=iso-8859-1'."\r\n"; $Headers .= 'From: '.SITE_NAME.' <'.$From.'@'.NONSSL_SITE_URL.'>'."\r\n"; $Headers .= 'Reply-To: '.$From.'@'.NONSSL_SITE_URL."\r\n"; $Headers .= 'X-Mailer: Project Gazelle'."\r\n"; $Headers .= 'Message-Id: <'.Users::make_secret().'@'.NONSSL_SITE_URL.">\r\n"; $Headers .= 'X-Priority: 3'."\r\n"; mail($To, $Subject, $Body, $Headers, "-f $From@".NONSSL_SITE_URL); break; case 'mailgun': // set up our message first $From .= '@'.NONSSL_SITE_URL; $OutgoingEmail = array( 'from' => $From, 'to' => $To, 'h:Reply-To' => $From, 'subject' => $Subject, 'text' => $Body); // now let's POST it to mailgun $Curl = curl_init(); curl_setopt($Curl, CURLOPT_URL, MAILGUN_API_URL); curl_setopt($Curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($Curl, CURLOPT_USERPWD, 'api:'.MAILGUN_API_KEY); curl_setopt($Curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($Curl, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($Curl, CURLOPT_POST, true); curl_setopt($Curl, CURLOPT_POSTFIELDS, $OutgoingEmail); $RequestResult = curl_exec($Curl); $RequestStatusCode = curl_getinfo($Curl, CURLINFO_HTTP_CODE); curl_close($Curl); // alert on failed emails if ($RequestStatusCode != 200) { send_irc('PRIVMSG '.STATUS_CHAN." !dev email failed to $To with error message $RequestResult"); } break; default: die('You have either not configured an email delivery method in config.php or your value is incorrect.'); break; } }
public static function create_event($Title, $Body, $Category, $Importance, $Team, $UserID, $StartDate, $EndDate = null) { if (empty($Title) || empty($Body) || !is_number($Category) || !is_number($Importance) || !is_number($Team) || empty($StartDate)) { error("Error adding event"); } $Title = db_string($Title); $Body = db_string($Body); $Category = (int) $Category; $Importance = (int) $Importance; $UserID = (int) $UserID; $Team = (int) $Team; $StartDate = db_string($StartDate); $EndDate = db_string($EndDate); $QueryID = G::$DB->get_query_id(); G::$DB->query("\n\t\t\t\t\t\tINSERT INTO calendar\n\t\t\t\t\t\t\t(Title, Body, Category, Importance, Team, StartDate, EndDate, AddedBy)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t('{$Title}', '{$Body}', '{$Category}', '{$Importance}', '{$Team}', '{$StartDate}', '{$EndDate}', '{$UserID}')"); G::$DB->set_query_id($QueryID); send_irc("PRIVMSG " . ADMIN_CHAN . " :!mod New calendar event created! Event: {$Title}; Starts: {$StartDate}; Ends: {$EndDate}."); }
/** * Send a GET request over a socket directly to the tracker * For example, Tracker::update_tracker('change_passkey', array('oldpasskey' => OLD_PASSKEY, 'newpasskey' => NEW_PASSKEY)) will send the request: * GET /tracker_32_char_secret_code/update?action=change_passkey&oldpasskey=OLD_PASSKEY&newpasskey=NEW_PASSKEY HTTP/1.1 * * @param string $Action The action to send * @param array $Updates An associative array of key->value pairs to send to the tracker * @param boolean $ToIRC Sends a message to the channel #tracker with the GET URL. */ public static function update_tracker($Action, $Updates, $ToIRC = false) { // Build request $Get = TRACKER_SECRET . "/update?action={$Action}"; foreach ($Updates as $Key => $Value) { $Get .= "&{$Key}={$Value}"; } $MaxAttempts = 3; $Err = false; if (self::send_request($Get, $MaxAttempts, $Err) === false) { send_irc("PRIVMSG #tracker :{$MaxAttempts} {$Err} {$Get}"); if (G::$Cache->get_value('ocelot_error_reported') === false) { send_irc('PRIVMSG ' . ADMIN_CHAN . " :Failed to update ocelot: {$Err} : {$Get}"); G::$Cache->cache_value('ocelot_error_reported', true, 3600); } return false; } return true; }
VALUES (".$TagID.", ".$RequestID.")"); } if($NewRequest) { //Remove the bounty and create the vote $DB->query("INSERT INTO requests_votes (RequestID, UserID, Bounty) VALUES (".$RequestID.", ".$LoggedUser['ID'].", ".($Bytes / 2).")"); $DB->query("UPDATE users_main SET Uploaded = (Uploaded - ".$Bytes.") WHERE ID = ".$LoggedUser['ID']); $Cache->delete_value('user_stats_'.$LoggedUser['ID']); if($CategoryName == "Music") { $Announce = "'".$Title."' - ".display_artists($ArtistForm, false, false)." http://".NONSSL_SITE_URL."/requests.php?action=view&id=".$RequestID." - ".implode(" ", $Tags); } else { $Announce = "'".$Title."' - http://".NONSSL_SITE_URL."/requests.php?action=view&id=".$RequestID." - ".implode(" ", $Tags); } send_irc('PRIVMSG #'.NONSSL_SITE_URL.'-requests :'.$Announce); } else { $Cache->delete_value('request_'.$RequestID); $Cache->delete_value('request_artists_'.$RequestID); } update_sphinx_requests($RequestID); header('Location: requests.php?action=view&id='.$RequestID); ?>
$SummaryPre .= "\nReason: " . $Reason; } $Summary = $SummaryPre . "\n\n" . $AdminComment; } elseif (empty($UpdateSet) && empty($EditSummary) && $Cur['AdminComment'] == $_POST['AdminComment']) { $Summary = sqltime() . ' - ' . 'Comment added by ' . $LoggedUser['Username'] . ': ' . $Reason . "\n\n"; } if (!$Username) { $DB->query("SELECT username from users_main where id=" . $UserID); list($Username) = $DB->next_record(); } if (!empty($Summary)) { $UpdateSet[] = "AdminComment='{$Summary}'"; send_irc(sprintf("PRIVMSG #staff :%sEdit%s %s changed %s: %s", chr(2), chr(2), $LoggedUser['Username'], $Username, $SummaryPre)); } else { $UpdateSet[] = "AdminComment='{$AdminComment}'"; send_irc(sprintf("PRIVMSG #staff :%sEdit%s %s changed %s: %s", chr(2), chr(2), $LoggedUser['Username'], $Username, $AdminComment)); } // Update cache // Build query $SET = implode(', ', $UpdateSet); $sql = "UPDATE users_main AS m JOIN users_info AS i ON m.ID=i.UserID SET {$SET} WHERE m.ID='{$UserID}'"; // Perform update //die($sql); $DB->query($sql); if (isset($ClearStaffIDCache)) { $Cache->delete_value('staff_ids'); } // redirect to user page header("location: user.php?id={$UserID}"); function translateUserStatus($status) {
//Tags if (!$NewRequest) { $DB->query("\n\t\tDELETE FROM requests_tags\n\t\tWHERE RequestID = {$RequestID}"); } $Tags = array_unique(explode(',', $Tags)); foreach ($Tags as $Index => $Tag) { $Tag = Misc::sanitize_tag($Tag); $Tag = Misc::get_alias_tag($Tag); $Tags[$Index] = $Tag; //For announce $DB->query("\n\t\tINSERT INTO tags\n\t\t\t(Name, UserID)\n\t\tVALUES\n\t\t\t('{$Tag}', " . $LoggedUser['ID'] . ")\n\t\tON DUPLICATE KEY UPDATE\n\t\t\tUses = Uses + 1"); $TagID = $DB->inserted_id(); $DB->query("\n\t\tINSERT IGNORE INTO requests_tags\n\t\t\t(TagID, RequestID)\n\t\tVALUES\n\t\t\t({$TagID}, {$RequestID})"); } if ($NewRequest) { //Remove the bounty and create the vote $DB->query("\n\t\tINSERT INTO requests_votes\n\t\t\t(RequestID, UserID, Bounty)\n\t\tVALUES\n\t\t\t({$RequestID}, " . $LoggedUser['ID'] . ', ' . $Bytes * (1 - $RequestTax) . ')'); $DB->query("\n\t\tUPDATE users_main\n\t\tSET Uploaded = (Uploaded - {$Bytes})\n\t\tWHERE ID = " . $LoggedUser['ID']); $Cache->delete_value('user_stats_' . $LoggedUser['ID']); if ($CategoryName === 'Music') { $Announce = "\"{$Title}\" - " . Artists::display_artists($ArtistForm, false, false) . ' ' . site_url() . "requests.php?action=view&id={$RequestID} - " . implode(' ', $Tags); } else { $Announce = "\"{$Title}\" - " . site_url() . "requests.php?action=view&id={$RequestID} - " . implode(' ', $Tags); } send_irc('PRIVMSG #' . SSL_SITE_URL . "-requests :{$Announce}"); } else { $Cache->delete_value("request_{$RequestID}"); $Cache->delete_value("request_artists_{$RequestID}"); } Requests::update_sphinx_requests($RequestID); header("Location: requests.php?action=view&id={$RequestID}");
$ReportID = (int) $_POST['reportid']; $DB->query("\n\tSELECT Type\n\tFROM reports\n\tWHERE ID = {$ReportID}"); list($Type) = $DB->next_record(); if (!check_perms('admin_reports')) { if (check_perms('site_moderate_forums')) { if (!in_array($Type, array('comment', 'post', 'thread'))) { error($Type); } } elseif (check_perms('project_team')) { if ($Type != 'request_update') { error(403); } } } $DB->query("\n\tUPDATE reports\n\tSET Status = 'Resolved',\n\t\tResolvedTime = '" . sqltime() . "',\n\t\tResolverID = '" . $LoggedUser['ID'] . "'\n\tWHERE ID = '" . db_string($ReportID) . "'"); $Channels = array(); if ($Type == 'request_update') { $Channels[] = '#requestedits'; $Cache->decrement('num_update_reports'); } if (in_array($Type, array('comment', 'post', 'thread'))) { $Channels[] = '#forumreports'; $Cache->decrement('num_forum_reports'); } $DB->query("\n\tSELECT COUNT(ID)\n\tFROM reports\n\tWHERE Status = 'New'"); list($Remaining) = $DB->next_record(); foreach ($Channels as $Channel) { send_irc("PRIVMSG {$Channel} :Report {$ReportID} resolved by " . preg_replace('/^(.{2})/', '$1·', $LoggedUser['Username']) . ' on site (' . (int) $Remaining . ' remaining).'); } $Cache->delete_value('num_other_reports'); header('Location: reports.php');
/** * Make sure $_GET['auth'] is the same as the user's authorization key * Should be used for any user action that relies solely on GET. * * @param Are we using ajax? * @return authorisation status. Prints an error message to LAB_CHAN on IRC on failure. */ function authorize($Ajax = false) { if (empty($_REQUEST['auth']) || $_REQUEST['auth'] != G::$LoggedUser['AuthKey']) { send_irc("PRIVMSG " . LAB_CHAN . " :" . G::$LoggedUser['Username'] . " just failed authorize on " . $_SERVER['REQUEST_URI'] . " coming from " . $_SERVER['HTTP_REFERER']); error('Invalid authorization key. Go back, refresh, and try again.', $Ajax); return false; } return true; }
$Cache->delete_value('staff_blog'); $Cache->delete_value('staff_feed_blog'); } header('Location: staffblog.php'); break; case 'takenewblog': authorize(); if (empty($_POST['title'])) { error("Please enter a title."); } $Title = db_string($_POST['title']); $Body = db_string($_POST['body']); $DB->query("\n\t\t\t\t\tINSERT INTO staff_blog\n\t\t\t\t\t\t(UserID, Title, Body, Time)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('{$LoggedUser['ID']}', '" . db_string($_POST['title']) . "', '" . db_string($_POST['body']) . "', NOW())"); $Cache->delete_value('staff_blog'); $Cache->delete_value('staff_blog_latest_time'); send_irc("PRIVMSG " . ADMIN_CHAN . " :!blog " . $_POST['title']); header('Location: staffblog.php'); break; } } View::show_header('Staff Blog', 'bbcode'); ?> <div class="box box2 thin"> <div class="head"> <?php echo empty($_GET['action']) ? 'Create a staff blog post' : 'Edit staff blog post'; ?> <span style="float: right;"> <a href="#" onclick="$('#postform').gtoggle(); this.innerHTML = (this.innerHTML == 'Hide' ? 'Show' : 'Hide'); return false;" class="brackets"><?php echo $_REQUEST['action'] != 'editblog' ? 'Show' : 'Hide'; ?>
<?php authorize(); $UserID = $_REQUEST['userid']; if (!is_number($UserID)) { error(404); } //if($LoggedUser['ID']==1) die($_POST['countrySelect']); //For the entire of this page we should in general be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[] $U = user_info($UserID); if (!$U) { error(404); } $Permissions = get_permissions($U['PermissionID']); if ($UserID != $LoggedUser['ID'] && !check_perms('users_edit_profiles', $Permissions['Class'])) { send_irc("PRIVMSG " . ADMIN_CHAN . " :User " . $LoggedUser['Username'] . " (http://" . NONSSL_SITE_URL . "/user.php?id=" . $LoggedUser['ID'] . ") just tried to edit the profile of http://" . NONSSL_SITE_URL . "/user.php?id=" . $_REQUEST['userid']); error(403); } $Val->SetFields('stylesheet', 1, "number", "You forgot to select a stylesheet."); $Val->SetFields('styleurl', 0, "regex", "You did not enter a valid stylesheet url.", array('regex' => '/^https?:\\/\\/(localhost(:[0-9]{2,5})?|[0-9]{1,3}(\\.[0-9]{1,3}){3}|([a-zA-Z0-9\\-\\_]+\\.)+([a-zA-Z]{1,5}[^\\.]))(:[0-9]{2,5})?(\\/[^<>]+)+\\.css$/i')); $Val->SetFields('disablegrouping', 1, "number", "You forgot to select your torrent grouping option.", array('minlength' => 0, 'maxlength' => 1)); $Val->SetFields('torrentgrouping', 1, "number", "You forgot to select your torrent grouping option.", array('minlength' => 0, 'maxlength' => 1)); $Val->SetFields('discogview', 1, "number", "You forgot to select your discography view option.", array('minlength' => 0, 'maxlength' => 1)); $Val->SetFields('postsperpage', 1, "number", "You forgot to select your posts per page option.", array('inarray' => array(25, 50, 100))); $Val->SetFields('hidecollage', 1, "number", "You forgot to select your collage option.", array('minlength' => 0, 'maxlength' => 1)); $Val->SetFields('showtags', 1, "number", "You forgot to select your show tags option.", array('minlength' => 0, 'maxlength' => 1)); $Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar url.", array('regex' => "/^" . IMAGE_REGEX . "\$/i")); $Val->SetFields('email', 1, "email", "You did not enter a valid email address."); $Val->SetFields('irckey', 0, "string", "You did not enter a valid IRCKey, must be between 6 and 32 characters long.", array('minlength' => 6, 'maxlength' => 32)); $Val->SetFields('cur_pass', 0, "string", "You did not enter a valid password, must be between 6 and 40 characters long.", array('minlength' => 6, 'maxlength' => 40)); $Val->SetFields('new_pass_1', 0, "string", "You did not enter a valid password, must be between 6 and 40 characters long.", array('minlength' => 6, 'maxlength' => 40));
case 'thread': $Link = "forums.php?action=viewthread&threadid={$ID}"; break; case 'post': $DB->query("\n\t\t\tSELECT\n\t\t\t\tp.ID,\n\t\t\t\tp.TopicID,\n\t\t\t\t(\n\t\t\t\t\tSELECT COUNT(p2.ID)\n\t\t\t\t\tFROM forums_posts AS p2\n\t\t\t\t\tWHERE p2.TopicID = p.TopicID\n\t\t\t\t\t\tAND p2.ID <= p.ID\n\t\t\t\t) AS PostNum\n\t\t\tFROM forums_posts AS p\n\t\t\tWHERE p.ID = {$ID}"); list($PostID, $TopicID, $PostNum) = $DB->next_record(); $Link = "forums.php?action=viewthread&threadid={$TopicID}&post={$PostNum}#post{$PostID}"; break; case 'comment': $Link = "comments.php?action=jump&postid={$ID}"; break; } $DB->query(' INSERT INTO reports (UserID, ThingID, Type, ReportedTime, Reason) VALUES (' . db_string($LoggedUser['ID']) . ", {$ID}, '{$Short}', '" . sqltime() . "', '" . db_string($Reason) . "')"); $ReportID = $DB->inserted_id(); $Channels = array(); if ($Short === 'request_update') { $Channels[] = '#requestedits'; $Cache->increment('num_update_reports'); } if (in_array($Short, array('comment', 'post', 'thread'))) { $Channels[] = '#forumreports'; } foreach ($Channels as $Channel) { send_irc("PRIVMSG {$Channel} :{$ReportID} - " . $LoggedUser['Username'] . " just reported a {$Short}: " . site_url() . "{$Link} : " . strtr($Reason, "\n", ' ')); } $Cache->delete_value('num_other_reports'); header("Location: {$Link}");
} else { $NewInvites = 0; $Message .= " They had already used at least one of their donation gained invites."; } $DB->query("UPDATE users_main SET Invites = ".$NewInvites." WHERE ID='".$_POST['custom']."'"); $DB->query('UPDATE users_info SET Donor = \'0\' WHERE UserID=\''.$_POST['custom'].'\''); $Cache->begin_transaction('user_info_'.$_POST['custom']); $Cache->update_row(false, array('Donor' => 0)); $Cache->commit_transaction(0); $Cache->begin_transaction('user_info_heavy_'.$_POST['custom']); $Cache->update_row(false, array('Invites' => $Invites)); $Cache->commit_transaction(0); send_pm($_POST['custom'],0,db_string('Notice of donation failure'),db_string('PapPal has just notified us that the donation you sent from '.$_POST['payer_email'].' of '.$TotalDonated.' '.PAYPAL_CURRENCY.' at '.$DonationTime.' UTC has been revoked. Because of this your special privileges have been revoked, and your invites removed.'),''); send_irc("PRIVMSG ".BOT_REPORT_CHAN." :".$Message); } } } $DB->query("UPDATE users_info SET AdminComment=CONCAT('".sqltime()." - User donated ".db_string($_POST['mc_gross'])." ".db_string(PAYPAL_CURRENCY)." from ".db_string($_POST['payer_email']).".\n',AdminComment) WHERE UserID='".$_POST['custom']."'"); $DB->query("INSERT INTO donations (UserID, Amount, Email, Time) VALUES ('".$_POST['custom']."', '".db_string($_POST['mc_gross'])."', '".db_string($_POST['payer_email'])."', '".sqltime()."')"); } else { $DB->query("INSERT INTO ip_bans (FromIP, ToIP, Reason) VALUES ('".ip2long($_SERVER['REMOTE_ADDR'])."','".ip2long($_SERVER['REMOTE_ADDR'])."', 'Attempted to exploit donation system.')"); }
function search($Query='', $CachePrefix='', $CacheLength=0, $ReturnData=array(), $SQL = '', $IDColumn='ID') { global $Cache, $DB; $QueryStartTime=microtime(true); $Result = $this->Query($Query, $this->Index); $QueryEndTime=microtime(true); $this->Queries[]=array('Params: '.$Query.' Indicies: '.$this->Index,($QueryEndTime-$QueryStartTime)*1000); $this->Time+=($QueryEndTime-$QueryStartTime)*1000; if($Result === false) { send_irc('PRIVMSG '.LAB_CHAN.' :Search for "'.$Query.'" ('.str_replace("\n",'',print_r($this->Filters, true)).') failed: '.$this->GetLastError()); } $this->TotalResults = $Result['total']; $this->SearchTime = $Result['time']; if(empty($Result['matches'])) { return false; } $Matches = $Result['matches']; $MatchIDs = array_keys($Matches); $NotFound = array(); $Skip = array(); if(!empty($ReturnData)) { $AllFields = false; } else { $AllFields = true; } foreach($MatchIDs as $Match) { $Matches[$Match] = $Matches[$Match]['attrs']; if(!empty($CachePrefix)) { $Data = $Cache->get_value($CachePrefix.'_'.$Match); if($Data == false) { $NotFound[]=$Match; continue; } } else { $NotFound[]=$Match; } if(!$AllFields) { // Populate list of fields to unset (faster than picking out the ones we need). Should only be run once, on the first cache key if(empty($Skip)) { foreach(array_keys($Data) as $Key) { if(!in_array($Key, $ReturnData)) { $Skip[]=$Key; } } if(empty($Skip)) { $AllFields = true; } } foreach($Skip as $Key) { unset($Data[$Key]); } reset($Skip); } if(!empty($Data)) { $Matches[$Match] = array_merge($Matches[$Match], $Data); } } if($SQL!='') { if(!empty($NotFound)) { $DB->query(str_replace('%ids', implode(',',$NotFound), $SQL)); while($Data = $DB->next_record(MYSQLI_ASSOC)) { $Matches[$Data[$IDColumn]] = array_merge($Matches[$Data[$IDColumn]], $Data); $Cache->cache_value($CachePrefix.'_'.$Data[$IDColumn], $Data, $CacheLength); } } } else { $Matches = array('matches'=>$Matches,'notfound'=>$NotFound); } return $Matches; }
$UserID = $_REQUEST['userid']; if (!is_number($UserID)) { error(404); } //For this entire page, we should generally be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[] $U = Users::user_info($UserID); if (!$U) { error(404); } $Permissions = Permissions::get_permissions($U['PermissionID']); if ($UserID != $LoggedUser['ID'] && !check_perms('users_edit_profiles', $Permissions['Class'])) { send_irc('PRIVMSG '.ADMIN_CHAN.' :User '.$LoggedUser['Username'].' ('.site_url().'user.php?id='.$LoggedUser['ID'].') just tried to edit the profile of '.site_url().'user.php?id='.$_REQUEST['userid']); error(403); } $Val->SetFields('stylesheet', 1, "number", "You forgot to select a stylesheet."); $Val->SetFields('styleurl', 0, "regex", "You did not enter a valid stylesheet URL.", array('regex' => '/^'.CSS_REGEX.'$/i')); // The next two are commented out because the drop-down menus were replaced with a check box and radio buttons //$Val->SetFields('disablegrouping', 0, "number", "You forgot to select your torrent grouping option."); //$Val->SetFields('torrentgrouping', 0, "number", "You forgot to select your torrent grouping option."); $Val->SetFields('discogview', 1, "number", "You forgot to select your discography view option.", array('minlength' => 0, 'maxlength' => 1)); $Val->SetFields('postsperpage', 1, "number", "You forgot to select your posts per page option.", array('inarray' => array(25, 50, 100))); //$Val->SetFields('hidecollage', 1, "number", "You forgot to select your collage option.", array('minlength' => 0, 'maxlength' => 1)); $Val->SetFields('collagecovers', 1, "number", "You forgot to select your collage option."); $Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar URL.", array('regex' => "/^".IMAGE_REGEX."$/i")); $Val->SetFields('email', 1, "email", "You did not enter a valid email address."); $Val->SetFields('irckey', 0, "string", "You did not enter a valid IRC key. An IRC key must be between 6 and 32 characters long.", array('minlength' => 6, 'maxlength' => 32));
function halt($Msg) { global $LoggedUser, $Cache, $argv; $DBError = 'MySQL: ' . strval($Msg) . ' SQL error: ' . strval($this->Errno) . ' (' . strval($this->Error) . ')'; if ($this->Errno == 1194) { send_irc('PRIVMSG ' . ADMIN_CHAN . ' :' . $this->Error); } /*if ($this->Errno == 1194) { preg_match("Table '(\S+)' is marked as crashed and should be repaired", $this->Error, $Matches); if($Matches send_irc('PRIVMSG '.ADMIN_CHAN.' :'.$this->Error); } */ $this->analysis('!dev DB Error', $DBError, 3600 * 24); if (DEBUG_MODE || check_perms('site_debug') || $argv[1] == SCHEDULE_KEY) { echo '<pre>' . $DBError . '</pre>'; print_r($this->Queries); die; } else { die('-1'); } }
$Announce .= ' / ' . trim($Properties['Media']); if ($Properties['Scene'] == '1') { $Announce .= ' / Scene'; } if ($T['FreeLeech'] == '1') { $Announce .= ' / Freeleech!'; } } $Title = $Announce; $AnnounceSSL = "{$Announce} - " . site_url() . "torrents.php?id={$GroupID} / " . site_url() . "torrents.php?action=download&id={$TorrentID}"; $Announce .= " - " . site_url() . "torrents.php?id={$GroupID} / " . site_url() . "torrents.php?action=download&id={$TorrentID}"; $AnnounceSSL .= ' - ' . trim($Properties['TagList']); $Announce .= ' - ' . trim($Properties['TagList']); // ENT_QUOTES is needed to decode single quotes/apostrophes send_irc('PRIVMSG #' . NONSSL_SITE_URL . '-announce :' . html_entity_decode($Announce, ENT_QUOTES)); send_irc('PRIVMSG #' . NONSSL_SITE_URL . '-announce-ssl :' . html_entity_decode($AnnounceSSL, ENT_QUOTES)); $Debug->set_flag('upload: announced on irc'); // Manage notifications $UsedFormatBitrates = array(); if (!$IsNewGroup) { // maybe there are torrents in the same release as the new torrent. Let's find out (for notifications) $GroupInfo = get_group_info($GroupID, true, 0, false); $ThisMedia = display_str($Properties['Media']); $ThisRemastered = display_str($Properties['Remastered']); $ThisRemasterYear = display_str($Properties['RemasterYear']); $ThisRemasterTitle = display_str($Properties['RemasterTitle']); $ThisRemasterRecordLabel = display_str($Properties['RemasterRecordLabel']); $ThisRemasterCatalogueNumber = display_str($Properties['RemasterCatalogueNumber']); foreach ($GroupInfo[1] as $TorrentInfo) { if ($TorrentInfo['Media'] == $ThisMedia && $TorrentInfo['Remastered'] == $ThisRemastered && $TorrentInfo['RemasterYear'] == (int) $ThisRemasterYear && $TorrentInfo['RemasterTitle'] == $ThisRemasterTitle && $TorrentInfo['RemasterRecordLabel'] == $ThisRemasterRecordLabel && $TorrentInfo['RemasterCatalogueNumber'] == $ThisRemasterCatalogueNumber && $TorrentInfo['ID'] != $TorrentID) { $UsedFormatBitrates[] = array('format' => $TorrentInfo['Format'], 'bitrate' => $TorrentInfo['Encoding']);
function halt($Msg) { global $Debug, $argv; $DBError = 'MySQL: ' . strval($Msg) . ' SQL error: ' . strval($this->Errno) . ' (' . strval($this->Error) . ')'; if ($this->Errno == 1194) { send_irc('PRIVMSG ' . ADMIN_CHAN . ' :' . $this->Error); } /*if ($this->Errno == 1194) { preg_match("Table '(\S+)' is marked as crashed and should be repaired", $this->Error, $Matches); } */ $Debug->analysis('!dev DB Error', $DBError, 3600 * 24); if (DEBUG_MODE || check_perms('site_debug') || isset($argv[1])) { echo '<pre>' . display_str($DBError) . '</pre>'; if (DEBUG_MODE || check_perms('site_debug')) { print_r($this->Queries); } die; } else { error('-1'); } }
$Cache->delete_value('staff_blog'); $Cache->delete_value('staff_feed_blog'); } header('Location: staffblog.php'); break; case 'takenewblog': authorize(); if (empty($_POST['title'])) { error("Please enter a title."); } $Title = db_string($_POST['title']); $Body = db_string($_POST['body']); $DB->query("\n\t\t\t\t\tINSERT INTO staff_blog\n\t\t\t\t\t\t(UserID, Title, Body, Time)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('{$LoggedUser['ID']}', '" . db_string($_POST['title']) . "', '" . db_string($_POST['body']) . "', NOW())"); $Cache->delete_value('staff_blog'); $Cache->delete_value('staff_blog_latest_time'); send_irc("PRIVMSG " . ADMIN_CHAN . " :!mod New staff blog: " . $_POST['title'] . " - https://" . SSL_SITE_URL . "/staffblog.php#blog" . $DB->inserted_id()); header('Location: staffblog.php'); break; } } View::show_header('Staff Blog', 'bbcode'); ?> <div class="box box2 thin"> <div class="head"> <?php echo empty($_GET['action']) ? 'Create a staff blog post' : 'Edit staff blog post'; ?> <span style="float: right;"> <a href="#" onclick="$('#postform').gtoggle(); this.innerHTML = (this.innerHTML == 'Hide' ? 'Show' : 'Hide'); return false;" class="brackets"><?php echo $_REQUEST['action'] != 'editblog' ? 'Show' : 'Hide'; ?>
$NewInvites = $Invites - DONOR_INVITES; } else { $NewInvites = 0; $Message .= ' They had already used at least one of their donation gained invites.'; } $DB->query("\n\t\t\t\t\tUPDATE users_main\n\t\t\t\t\tSET Invites = {$NewInvites}\n\t\t\t\t\tWHERE ID = '" . $_POST['custom'] . "'"); $DB->query(' UPDATE users_info SET Donor = \'0\' WHERE UserID = \'' . $_POST['custom'] . '\''); $Cache->begin_transaction('user_info_' . $_POST['custom']); $Cache->update_row(false, array('Donor' => 0)); $Cache->commit_transaction(0); $Cache->begin_transaction('user_info_heavy_' . $_POST['custom']); $Cache->update_row(false, array('Invites' => $Invites)); $Cache->commit_transaction(0); Misc::send_pm($_POST['custom'], 0, 'Notice of donation failure', 'PapPal has just notified us that the donation you sent from ' . $_POST['payer_email'] . ' of ' . $TotalDonated . ' ' . PAYPAL_CURRENCY . ' at ' . $DonationTime . ' UTC has been revoked. Because of this your special privileges have been revoked, and your invites removed.'); send_irc("PRIVMSG " . BOT_REPORT_CHAN . " :{$Message}"); } } } $DB->query("\n\t\tUPDATE users_info\n\t\tSET AdminComment = CONCAT('" . sqltime() . " - User donated " . db_string($_POST['mc_gross']) . " " . db_string(PAYPAL_CURRENCY) . " from " . db_string($_POST['payer_email']) . ".\n',AdminComment)\n\t\tWHERE UserID = '" . $_POST['custom'] . "'"); $DB->query("\n\t\tINSERT INTO donations\n\t\t\t(UserID, Amount, Email, Time)\n\t\tVALUES\n\t\t\t('" . $_POST['custom'] . "', '" . db_string($_POST['mc_gross']) . "', '" . db_string($_POST['payer_email']) . "', '" . sqltime() . "')"); } else { $DB->query("\n\t\tINSERT INTO ip_bans\n\t\t\t(FromIP, ToIP, Reason)\n\t\tVALUES\n\t\t\t('" . Tools::ip_to_unsigned($_SERVER['REMOTE_ADDR']) . "', '" . ip2long($_SERVER['REMOTE_ADDR']) . "', 'Attempted to exploit donation system.')"); } fclose($Socket); if (check_perms('site_debug')) { include SERVER_ROOT . '/sections/donate/donate.php'; } $Cache->cache_value('debug_donate', array($Result, $_POST), 0);
/** * Find and process new donations since the last time this function was called. */ public static function find_new_donations() { global $Debug; if (($OldAmount = G::$Cache->get_value('btc_total_received')) === false) { $QueryID = G::$DB->get_query_id(); G::$DB->query("\n\t\t\t\tSELECT IFNULL(SUM(Amount), 0)\n\t\t\t\tFROM donations_bitcoin"); list($OldAmount) = G::$DB->next_record(MYSQLI_NUM, false); G::$DB->set_query_id($QueryID); } $NewAmount = self::get_total_received(); if ($NewAmount < $OldAmount) { // This shouldn't happen. Perhaps bitcoind was restarted recently // or the block index was removed. Either way, try again later send_irc('PRIVMSG ' . LAB_CHAN . " :Bad bitcoin donation data (is {$NewAmount}, was {$OldAmount}). If this persists, something is probably wrong"); return false; } if ($NewAmount > $OldAmount) { // I really wish we didn't have to do it like this $QueryID = G::$DB->get_query_id(); G::$DB->query("\n\t\t\t\tSELECT BitcoinAddress, SUM(Amount)\n\t\t\t\tFROM donations_bitcoin\n\t\t\t\tGROUP BY BitcoinAddress"); $OldDonations = G::$DB->to_pair(0, 1, false); G::$DB->set_query_id($QueryID); $NewDonations = self::get_received(); foreach ($NewDonations as $Address => &$Amount) { if (isset($OldDonations[$Address])) { if ($Amount == $OldDonations[$Address]) { // Direct comparison should be fine as everything comes from bitcoind unset($NewDonations[$Address]); continue; } $Debug->log_var(array('old' => $OldDonations[$Address], 'new' => $Amount), "New donations from {$Address}"); // PHP doesn't do fixed-point math, and json_decode has already botched the precision // so let's just round this off to satoshis and pray that we're on a 64 bit system $Amount = round($Amount - $OldDonations[$Address], 8); } $NewDonations[$Address] = $Amount; } $Debug->log_var($NewDonations, '$NewDonations'); foreach (self::get_userids(array_keys($NewDonations)) as $Address => $UserID) { Donations::regular_donate($UserID, $NewDonations[$Address], 'Bitcoin Parser', '', 'BTC'); self::store_donation($Address, $NewDonations[$Address]); } G::$Cache->cache_value('btc_total_received', $NewAmount, 0); } }
function notify ($Channel, $Message) { global $LoggedUser; send_irc("PRIVMSG ".$Channel." :".$Message." error by ".(!empty($LoggedUser['ID']) ? "http://".NONSSL_SITE_URL."/user.php?id=".$LoggedUser['ID'] ." (".$LoggedUser['Username'].")" : $_SERVER['REMOTE_ADDR']." (".geoip($_SERVER['REMOTE_ADDR']).")")." accessing http://".NONSSL_SITE_URL."".$_SERVER['REQUEST_URI'].(!empty($_SERVER['HTTP_REFERER'])? " from ".$_SERVER['HTTP_REFERER'] : '')); }
} $DB->query("\n\tINSERT INTO forums_topics\n\t\t(Title, AuthorID, ForumID, LastPostTime, LastPostAuthorID, CreatedTime)\n\tValues\n\t\t('" . db_string($Title) . "', '" . $LoggedUser['ID'] . "', '{$ForumID}', '" . sqltime() . "', '" . $LoggedUser['ID'] . "', '" . sqltime() . "')"); $TopicID = $DB->inserted_id(); $DB->query("\n\tINSERT INTO forums_posts\n\t\t(TopicID, AuthorID, AddedTime, Body)\n\tVALUES\n\t\t('{$TopicID}', '" . $LoggedUser['ID'] . "', '" . sqltime() . "', '" . db_string($Body) . "')"); $PostID = $DB->inserted_id(); $DB->query("\n\tUPDATE forums\n\tSET\n\t\tNumPosts = NumPosts + 1,\n\t\tNumTopics = NumTopics + 1,\n\t\tLastPostID = '{$PostID}',\n\t\tLastPostAuthorID = '" . $LoggedUser['ID'] . "',\n\t\tLastPostTopicID = '{$TopicID}',\n\t\tLastPostTime = '" . sqltime() . "'\n\tWHERE ID = '{$ForumID}'"); $DB->query("\n\tUPDATE forums_topics\n\tSET\n\t\tNumPosts = NumPosts + 1,\n\t\tLastPostID = '{$PostID}',\n\t\tLastPostAuthorID = '" . $LoggedUser['ID'] . "',\n\t\tLastPostTime = '" . sqltime() . "'\n\tWHERE ID = '{$TopicID}'"); if (isset($_POST['subscribe'])) { Subscriptions::subscribe($TopicID); } if (!$NoPoll) { // god, I hate double negatives... $DB->query("\n\t\tINSERT INTO forums_polls\n\t\t\t(TopicID, Question, Answers)\n\t\tVALUES\n\t\t\t('{$TopicID}', '" . db_string($Question) . "', '" . db_string(serialize($Answers)) . "')"); $Cache->cache_value("polls_{$TopicID}", array($Question, $Answers, $Votes, '0000-00-00 00:00:00', '0'), 0); if ($ForumID == STAFF_FORUM) { send_irc('PRIVMSG ' . ADMIN_CHAN . ' :!mod Poll created by ' . $LoggedUser['Username'] . ": \"{$Question}\" " . site_url() . "forums.php?action=viewthread&threadid={$TopicID}"); } } // if cache exists modify it, if not, then it will be correct when selected next, and we can skip this block if ($Forum = $Cache->get_value("forums_{$ForumID}")) { list($Forum, , , $Stickies) = $Forum; // Remove the last thread from the index if (count($Forum) == TOPICS_PER_PAGE && $Stickies < TOPICS_PER_PAGE) { array_pop($Forum); } if ($Stickies > 0) { $Part1 = array_slice($Forum, 0, $Stickies, true); // Stickies $Part3 = array_slice($Forum, $Stickies, TOPICS_PER_PAGE - $Stickies - 1, true); // Rest of page } else {