include(SERVER_ROOT.'/classes/class_validate.php'); $Val=NEW VALIDATE; if(!empty($_REQUEST['confirm'])) { // Confirm registration $DB->query("SELECT ID FROM users_main WHERE torrent_pass='******'confirm'])."' AND Enabled='0'"); list($UserID)=$DB->next_record(); if($UserID) { $DB->query("UPDATE users_main SET Enabled='1' WHERE ID='$UserID'"); $Cache->increment('stats_user_count'); include('step2.php'); } } elseif(OPEN_REGISTRATION || !empty($_REQUEST['invite'])) { $Val->SetFields('username',true,'regex','You did not enter a valid username.',array('regex'=>'/^[a-z0-9_?]{1,20}$/iD')); $Val->SetFields('email',true,'email','You did not enter a valid email address.'); $Val->SetFields('password',true,'string','You did not enter a valid password (6 - 40 characters).',array('minlength'=>6,'maxlength'=>40)); $Val->SetFields('confirm_password',true,'compare','Your passwords do not match.',array('comparefield'=>'password')); $Val->SetFields('readrules',true,'checkbox','You did not check the box that says you will read the rules.'); $Val->SetFields('readwiki',true,'checkbox','You did not check the box that says you will read the wiki.'); $Val->SetFields('agereq',true,'checkbox','You did not check the box that says you are 13 or older.'); //$Val->SetFields('captcha',true,'string','You did not enter a captcha code.',array('minlength'=>6,'maxlength'=>6)); if(!empty($_REQUEST['submit'])) { // User has submitted registration form $Err=$Val->ValidateForm($_REQUEST); /* if(!$Err && strtolower($_SESSION['captcha'])!=strtolower($_REQUEST['captcha'])) { $Err="You did not enter the correct captcha code."; }
} require SERVER_ROOT . '/classes/validate.class.php'; $Validate = new VALIDATE(); if (array_key_exists('action', $_GET) && $_GET['action'] == 'disabled') { require 'disabled.php'; die; } if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') { // Recover password if (!empty($_REQUEST['key'])) { // User has entered a new password, use step 2 $DB->query("\n\t\t\tSELECT\n\t\t\t\tm.ID,\n\t\t\t\tm.Email,\n\t\t\t\tm.ipcc,\n\t\t\t\ti.ResetExpires\n\t\t\tFROM users_main as m\n\t\t\t\tINNER JOIN users_info AS i ON i.UserID = m.ID\n\t\t\tWHERE i.ResetKey = '" . db_string($_REQUEST['key']) . "'\n\t\t\t\tAND i.ResetKey != ''\n\t\t\t\tAND m.Enabled = '1'"); list($UserID, $Email, $Country, $Expires) = $DB->next_record(); if ($UserID && strtotime($Expires) > time()) { // If the user has requested a password change, and his key has not expired $Validate->SetFields('password', '1', 'regex', 'You entered an invalid password. A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/')); $Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password')); if (!empty($_REQUEST['password'])) { // If the user has entered a password. // If the user has not entered a password, $Reset is not set to 1, and the success message is not shown $Err = $Validate->ValidateForm($_REQUEST); if ($Err == '') { // Form validates without error, set new secret and password. $DB->query("\n\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\tusers_main AS m,\n\t\t\t\t\t\t\tusers_info AS i\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\tm.PassHash = '" . db_string(Users::make_crypt_hash($_REQUEST['password'])) . "',\n\t\t\t\t\t\t\ti.ResetKey = '',\n\t\t\t\t\t\t\ti.ResetExpires = '0000-00-00 00:00:00'\n\t\t\t\t\t\tWHERE m.ID = '{$UserID}'\n\t\t\t\t\t\t\tAND i.UserID = m.ID"); $DB->query("\n\t\t\t\t\t\tINSERT INTO users_history_passwords\n\t\t\t\t\t\t\t(UserID, ChangerIP, ChangeTime)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t('{$UserID}', '{$_SERVER['REMOTE_ADDR']}', '" . sqltime() . "')"); $Reset = true; // Past tense form of "to reset", meaning that password has now been reset G::$LoggedUser['ID'] = $UserID; // Set $LoggedUser['ID'] for logout_all_sessions() to work logout_all_sessions(); }
break; case 'takenewnews': if(!check_perms('admin_manage_news')){ error(403); } $DB->query("INSERT INTO news (UserID, Title, Body, Time) VALUES ('$LoggedUser[ID]', '".db_string($_POST['title'])."', '".db_string($_POST['body'])."', '".sqltime()."')"); $Cache->delete_value('news'); header('Location: index.php'); break; case 'permissions': if (!check_perms('admin_manage_permissions')) { error(403); } if (!empty($_REQUEST['id'])) { $Val->SetFields('name',true,'string','You did not enter a valid name for this permission set.'); $Val->SetFields('level',true,'number','You did not enter a valid level for this permission set.'); //$Val->SetFields('test',true,'number','You did not enter a valid level for this permission set.'); $Values=array(); if (is_numeric($_REQUEST['id'])) { $DB->query("SELECT p.ID,p.Name,p.Level,p.Values,p.DisplayStaff,COUNT(u.ID) FROM permissions AS p LEFT JOIN users_main AS u ON u.PermissionID=p.ID WHERE p.ID='".db_string($_REQUEST['id'])."' GROUP BY p.ID"); list($ID,$Name,$Level,$Values,$DisplayStaff,$UserCount)=$DB->next_record(MYSQLI_NUM, array(3)); $Values=unserialize($Values); } if (!empty($_POST['submit'])) { $Err = $Val->ValidateForm($_POST); if (!is_numeric($_REQUEST['id'])) {
<?php authorize(); include SERVER_ROOT . '/classes/validate.class.php'; $Val = new VALIDATE(); $P = array(); $P = db_array($_POST); if ($P['category'] > 0 || check_perms('site_collages_renamepersonal')) { $Val->SetFields('name', '1', 'string', 'The name must be between 3 and 100 characters', array('maxlength' => 100, 'minlength' => 3)); } else { // Get a collage name and make sure it's unique $name = $LoggedUser['Username'] . "'s personal collage"; $P['name'] = db_string($name); $DB->query("\n\t\tSELECT ID\n\t\tFROM collages\n\t\tWHERE Name = '" . $P['name'] . "'"); $i = 2; while ($DB->has_results()) { $P['name'] = db_string("{$name} no. {$i}"); $DB->query("\n\t\t\tSELECT ID\n\t\t\tFROM collages\n\t\t\tWHERE Name = '" . $P['name'] . "'"); $i++; } } $Val->SetFields('description', '1', 'string', 'The description must be between 10 and 65535 characters', array('maxlength' => 65535, 'minlength' => 10)); $Err = $Val->ValidateForm($_POST); if (!$Err && $P['category'] === '0') { $DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM collages\n\t\tWHERE UserID = '{$LoggedUser['ID']}'\n\t\t\tAND CategoryID = '0'\n\t\t\tAND Deleted = '0'"); list($CollageCount) = $DB->next_record(); if ($CollageCount >= $LoggedUser['Permissions']['MaxCollages'] || !check_perms('site_collages_personal')) { $Err = 'You may not create a personal collage.'; } elseif (check_perms('site_collages_renamepersonal') && !stristr($P['name'], $LoggedUser['Username'])) { $Err = 'Your personal collage\'s title must include your username.'; }
break; case 'change_log': include SERVER_ROOT . '/sections/tools/managers/change_log.php'; break; case 'global_notification': include SERVER_ROOT . '/sections/tools/managers/global_notification.php'; break; case 'take_global_notification': include SERVER_ROOT . '/sections/tools/managers/take_global_notification.php'; break; case 'permissions': if (!check_perms('admin_manage_permissions')) { error(403); } if (!empty($_REQUEST['id'])) { $Val->SetFields('name', true, 'string', 'You did not enter a valid name for this permission set.'); $Val->SetFields('level', true, 'number', 'You did not enter a valid level for this permission set.'); $Val->SetFields('maxcollages', true, 'number', 'You did not enter a valid number of personal collages.'); //$Val->SetFields('test', true, 'number', 'You did not enter a valid level for this permission set.'); if (is_numeric($_REQUEST['id'])) { $DB->query("\n\t\t\t\t\tSELECT p.ID, p.Name, p.Level, p.Secondary, p.PermittedForums, p.Values, p.DisplayStaff, COUNT(u.ID)\n\t\t\t\t\tFROM permissions AS p\n\t\t\t\t\t\tLEFT JOIN users_main AS u ON u.PermissionID = p.ID\n\t\t\t\t\tWHERE p.ID = '" . db_string($_REQUEST['id']) . "'\n\t\t\t\t\tGROUP BY p.ID"); list($ID, $Name, $Level, $Secondary, $Forums, $Values, $DisplayStaff, $UserCount) = $DB->next_record(MYSQLI_NUM, array(5)); if ($Level > $LoggedUser['EffectiveClass'] || $_REQUEST['level'] > $LoggedUser['EffectiveClass']) { error(403); } $Values = unserialize($Values); } if (!empty($_POST['submit'])) { $Err = $Val->ValidateForm($_POST); if (!is_numeric($_REQUEST['id'])) { $DB->query("\n\t\t\t\t\t\tSELECT ID\n\t\t\t\t\t\tFROM permissions\n\t\t\t\t\t\tWHERE Level = '" . db_string($_REQUEST['level']) . "'");
} if(check_perms('torrents_freeleech')) { $Properties['FreeLeech'] = (isset($_POST['freeleech'])) ? 1 : 0; } //******************************************************************************// //--------------- Validate data in edit form -----------------------------------// $DB->query('SELECT UserID FROM torrents WHERE ID='.$TorrentID); list($UserID) = $DB->next_record(); if($LoggedUser['ID']!=$UserID && !check_perms('torrents_edit')) { error(403); } $Validate->SetFields('type','1','number','Not a valid type.',array('maxlength'=>count($Categories), 'minlength'=>1)); $Validate->SetFields('type','1','number','Invalid torrent ID.',array('maxlength'=>1000000000, 'minlength'=>1)); // we shouldn't have torrent IDs higher than a billion switch ($Type) { case 'Music': if(!empty($Properties['Remastered']) && !empty($Properties['UnknownRelease'])){ $Validate->SetFields('remaster_year', '1', 'number', 'Year of remaster/re-issue must be entered.'); } else { $Validate->SetFields('remaster_year', '0','number', 'Invalid remaster year.'); } $Validate->SetFields('remaster_title', '0','string','Remaster title must be between 2 and 50 characters.',array('maxlength'=>50, 'minlength'=>2)); $Validate->SetFields('remaster_record_label', '0','string','Remaster record label must be between 2 and 40 characters.',array('maxlength'=>40, 'minlength'=>2));
} require ASSETS . "/class_validate.php"; $Validate = new VALIDATE(); if (array_key_exists('action', $_GET) && $_GET['action'] == 'disabled') { require 'disabled.php'; die; } if (isset($_REQUEST['act']) && $_REQUEST['act'] == "recover") { // Recover password if (!empty($_REQUEST['key'])) { // User has entered a new password, use step 2 $DB->query("SELECT \n\t\t\tm.ID,\n\t\t\tm.Email,\n\t\t\ti.ResetExpires \n\t\t\tFROM users_main AS m \n\t\t\tINNER JOIN users_info AS i ON i.UserID=m.ID \n\t\t\tWHERE i.ResetKey='" . db_string($_REQUEST['key']) . "' \n\t\t\tAND i.ResetKey<>'' \n\t\t\tAND m.Enabled='1'"); list($UserID, $Email, $Expires) = $DB->next_record(); if ($UserID && strtotime($Expires) > time()) { // If the user has requested a password change, and his key has not expired $Validate->SetFields('password', '1', 'string', 'You entered an invalid password.', array('maxlength' => '40', 'minlength' => '6')); $Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password')); if (!empty($_REQUEST['password'])) { // If the user has entered a password. // If the user has not entered a password, $Reset is not set to 1, and the success message is not shown $Err = $Validate->ValidateForm($_REQUEST); if ($Err == '') { // Form validates without error, set new secret and password. $Secret = make_secret(); $DB->query("UPDATE \n\t\t\t\t\t\tusers_main AS m,\n\t\t\t\t\t\tusers_info AS i \n\t\t\t\t\t\tSET m.PassHash='" . db_string(make_hash($_REQUEST['password'], $Secret)) . "',\n\t\t\t\t\t\tm.Secret='" . db_string($Secret) . "',\n\t\t\t\t\t\ti.ResetKey='',\n\t\t\t\t\t\ti.ResetExpires='0000-00-00 00:00:00' \n\t\t\t\t\t\tWHERE m.ID='" . db_string($UserID) . "' \n\t\t\t\t\t\tAND i.UserID=m.ID"); $Reset = true; // Past tense form of "to reset", meaning that password has now been reset } } // Either a form asking for them to enter the password // Or a success message if $Reset is 1
<? $P=array(); $P=db_array($_POST); include(SERVER_ROOT.'/classes/class_validate.php'); $Val = new VALIDATE; $Val->SetFields('title', '1','string','The title must be between 3 and 100 characters',array('maxlength'=>100, 'minlength'=>3)); //$Val->SetFields('alias', '1','string','Please include at least 1 alias, the entire string should be between 2 and 100 characters.',array('maxlength'=>100, 'minlength'=>2)); $Err = $Val->ValidateForm($_POST); if(!$Err) { $DB->query("SELECT ID FROM wiki_articles WHERE Title='$P[title]'"); if($DB->record_count()>0) { list($ID) = $DB->next_record(); $Err = 'An article with that name already exists <a href="wiki.php?action=article&id='.$ID.'">here</a>.'; } } if($Err) { $_SESSION['error_message'] = $Err; header('Location: wiki.php?action=create'); die(); } if(check_perms('admin_manage_wiki')){ $Read=$_POST['minclassread']; $Edit=$_POST['minclassedit']; if(!is_number($Read)) { error(0); } //int? if(!is_number($Edit)) { error(0); } if($Edit > $LoggedUser['Class']){ error('You can\'t restrict articles above your own level'); }
$Properties['GroupDescription'] = trim($_POST['desc']); } $Properties['GroupID'] = $_POST['groupid']; if (empty($_POST['artists'])) { $Err = "You didn't enter any artists"; } else { $Artists = $_POST['artists']; $Importance = $_POST['importance']; } if (!empty($_POST['requestid'])) { $RequestID = $_POST['requestid']; $Properties['RequestID'] = $RequestID; } //******************************************************************************// //--------------- Validate data in upload form ---------------------------------// $Validate->SetFields('type', '1', 'inarray', 'Please select a valid type.', array('inarray' => array_keys($Categories))); switch ($Type) { case 'Music': if (!$_POST['groupid']) { $Validate->SetFields('title', '1', 'string', 'Title must be between 1 and 200 characters.', array('maxlength' => 200, 'minlength' => 1)); $Validate->SetFields('year', '1', 'number', 'The year of the original release must be entered.', array('length' => 40)); $Validate->SetFields('releasetype', '1', 'inarray', 'Please select a valid release type.', array('inarray' => array_keys($ReleaseTypes))); $Validate->SetFields('tags', '1', 'string', 'You must enter at least one tag. Maximum length is 200 characters.', array('maxlength' => 200, 'minlength' => 2)); $Validate->SetFields('record_label', '0', 'string', 'Record label must be between 2 and 80 characters.', array('maxlength' => 80, 'minlength' => 2)); $Validate->SetFields('catalogue_number', '0', 'string', 'Catalogue Number must be between 2 and 80 characters.', array('maxlength' => 80, 'minlength' => 2)); $Validate->SetFields('album_desc', '1', 'string', 'The album description has a minimum length of 10 characters.', array('maxlength' => 1000000, 'minlength' => 10)); if ($Properties['Media'] == 'CD' && !$Properties['Remastered']) { $Validate->SetFields('year', '1', 'number', 'You have selected a year for an album that predates the media you say it was created on.', array('minlength' => 1982)); } } if ($Properties['Remastered'] && !$Properties['UnknownRelease']) {
if ($MaxGroups > 0 && $NumTorrents >= $MaxGroups) { $Err = 'This collage already holds its maximum allowed number of artists.'; } if (isset($Err)) { error($Err); } } if ($MaxGroupsPerUser > 0) { $DB->query("\n\t\tSELECT COUNT(*)\n\t\tFROM collages_artists\n\t\tWHERE CollageID = '{$CollageID}'\n\t\t\tAND UserID = '{$LoggedUser['ID']}'"); list($GroupsForUser) = $DB->next_record(); if (!check_perms('site_collages_delete') && $GroupsForUser >= $MaxGroupsPerUser) { error(403); } } if ($_REQUEST['action'] == 'add_artist') { $Val->SetFields('url', '1', 'regex', 'The URL must be a link to a artist on the site.', array('regex' => '/^' . ARTIST_REGEX . '/i')); $Err = $Val->ValidateForm($_POST); if ($Err) { error($Err); } $URL = $_POST['url']; // Get artist ID preg_match('/^' . ARTIST_REGEX . '/i', $URL, $Matches); $ArtistID = $Matches[4]; if (!$ArtistID || (int) $ArtistID === 0) { error(404); } $DB->query("\n\t\tSELECT ArtistID\n\t\tFROM artists_group\n\t\tWHERE ArtistID = '{$ArtistID}'"); list($ArtistID) = $DB->next_record(); if (!$ArtistID) { error('The artist was not found in the database.');
die(); } */ include SERVER_ROOT . '/classes/validate.class.php'; $Val = new VALIDATE(); if (!empty($_REQUEST['confirm'])) { // Confirm registration $DB->query("\n\t\tSELECT ID\n\t\tFROM users_main\n\t\tWHERE torrent_pass = '******'confirm']) . "'\n\t\t\tAND Enabled = '0'"); list($UserID) = $DB->next_record(); if ($UserID) { $DB->query("\n\t\t\tUPDATE users_main\n\t\t\tSET Enabled = '1'\n\t\t\tWHERE ID = '{$UserID}'"); $Cache->increment('stats_user_count'); include 'step2.php'; } } elseif (OPEN_REGISTRATION || !empty($_REQUEST['invite'])) { $Val->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX)); $Val->SetFields('email', true, 'email', 'You did not enter a valid email address.'); $Val->SetFields('password', true, 'regex', 'A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/')); $Val->SetFields('confirm_password', true, 'compare', 'Your passwords do not match.', array('comparefield' => 'password')); $Val->SetFields('readrules', true, 'checkbox', 'You did not select the box that says you will read the rules.'); $Val->SetFields('readwiki', true, 'checkbox', 'You did not select the box that says you will read the wiki.'); $Val->SetFields('agereq', true, 'checkbox', 'You did not select the box that says you are 13 years of age or older.'); //$Val->SetFields('captcha', true, 'string', 'You did not enter a captcha code.', array('minlength' => 6, 'maxlength' => 6)); if (!empty($_POST['submit'])) { // User has submitted registration form $Err = $Val->ValidateForm($_REQUEST); /* if (!$Err && strtolower($_SESSION['captcha']) != strtolower($_REQUEST['captcha'])) { $Err = 'You did not enter the correct captcha code.'; } */
<? //******************************************************************************// //--------------- Take edit request --------------------------------------------// include(SERVER_ROOT.'/classes/class_validate.php'); $Validate = new VALIDATE; $RequestID = $_POST['requestid']; if(!is_number($RequestID)) { error(0); } $P = db_array($_POST); //----- Validate $Validate->SetFields('artist', '0','string','The artist name must be between 2 and 100 characters.',array('maxlength'=>100, 'minlength'=>2)); $Validate->SetFields('name', '0','string','The title must be between 2 and 255 characters.',array('maxlength'=>255, 'minlength'=>2)); $Validate->SetFields('description', '1','string','You must enter a description.',array('maxlength'=>10000, 'minlength'=>2)); $Validate->SetFields('tags', '1','string','You must enter at least one tag.',array('maxlength'=>255, 'minlength'=>2)); $Err=$Validate->ValidateForm($_POST); // Validate the form if($Err) { $_SESSION['Error'] = $Err; $_SESSION['data'] = $_POST; header('Location: '.$_SERVER['HTTP_REFERER']); die(); } else { $DB->query("SELECT UserID, TimeAdded FROM requests WHERE ID='$RequestID'");
if ($MaxGroups > 0 && $NumTorrents >= $MaxGroups) { $Err = 'This collage already holds its maximum allowed number of torrents.'; } if (isset($Err)) { error($Err); } } if ($MaxGroupsPerUser > 0) { $DB->query("\n\t\tSELECT COUNT(*)\n\t\tFROM collages_torrents\n\t\tWHERE CollageID = '{$CollageID}'\n\t\t\tAND UserID = '{$LoggedUser['ID']}'"); list($GroupsForUser) = $DB->next_record(); if (!check_perms('site_collages_delete') && $GroupsForUser >= $MaxGroupsPerUser) { error(403); } } if ($_REQUEST['action'] == 'add_torrent') { $Val->SetFields('url', '1', 'regex', 'The URL must be a link to a torrent on the site.', array('regex' => '/^' . TORRENT_GROUP_REGEX . '/i')); $Err = $Val->ValidateForm($_POST); if ($Err) { error($Err); } $URL = $_POST['url']; // Get torrent ID preg_match('/^' . TORRENT_GROUP_REGEX . '/i', $URL, $Matches); $TorrentID = $Matches[4]; if (!$TorrentID || (int) $TorrentID == 0) { error(404); } $DB->query("\n\t\tSELECT ID\n\t\tFROM torrents_group\n\t\tWHERE ID = '{$TorrentID}'"); list($GroupID) = $DB->next_record(); if (!$GroupID) { error('The torrent was not found in the database.');
//******************************************************************************// authorize(); enforce_login(); require SERVER_ROOT . '/classes/validate.class.php'; $Validate = new VALIDATE(); $TorrentID = (int) $_POST['torrentid']; $GroupID = (int) $_POST['groupid']; $Subject = $_POST['subject']; $Message = $_POST['message']; //******************************************************************************// //--------------- Validate data in edit form -----------------------------------// // FIXME: Still need a better perm name if (!check_perms('site_moderate_requests')) { error(403); } $Validate->SetFields('torrentid', '1', 'number', 'Invalid torrent ID.', array('maxlength' => 1000000000, 'minlength' => 1)); // we shouldn't have torrent IDs higher than a billion $Validate->SetFields('groupid', '1', 'number', 'Invalid group ID.', array('maxlength' => 1000000000, 'minlength' => 1)); // we shouldn't have group IDs higher than a billion either $Validate->SetFields('subject', '0', 'string', 'Invalid subject.', array('maxlength' => 1000, 'minlength' => 1)); $Validate->SetFields('message', '0', 'string', 'Invalid message.', array('maxlength' => 10000, 'minlength' => 1)); $Err = $Validate->ValidateForm($_POST); // Validate the form if ($Err) { error($Err); header('Location: ' . $_SERVER['HTTP_REFERER']); die; } //******************************************************************************// //--------------- Send PMs to users --------------------------------------------// $DB->query("\n\tSELECT uid\n\tFROM xbt_snatched\n\tWHERE fid = {$TorrentID}");
<? //******************************************************************************// //--------------- Fill a request -----------------------------------------------// $RequestID = $_POST['requestid']; if(!is_number($RequestID)) { error(0); } $URL = trim($_POST['url']); include(SERVER_ROOT.'/classes/class_validate.php'); $Validate = new VALIDATE; // Make sure the URL they entered is on our site, and is a link to a torrent $URLRegex = '/^https?:\/\/(www\.|ssl\.)?'.NONSSL_SITE_URL.'\/torrents\.php\?id=([0-9]+)/i'; $Validate->SetFields('url', '1','regex','The URL must be a link to a torrent on the site.',array('regex'=>$URLRegex)); $Err=$Validate->ValidateForm($_POST); // Validate the form if($Err) { // if something didn't validate $_SESSION['Error'] = $Err; header('Location: requests.php?action=viewrequest&id='.$RequestID); exit; } // Get torrent ID $URLRegex = '/torrents\.php\?id=([0-9]+)/i'; preg_match($URLRegex, $URL, $Matches); $TorrentID=$Matches[1]; if(!$TorrentID || (int)$TorrentID == 0){ error(404); } $DB->query("SELECT ID, Time FROM torrents_group WHERE ID='$TorrentID'"); list($GroupID, $FillTime) = $DB->next_record();