forked from mlangill/biotorrents
/
takeedit.php
72 lines (53 loc) · 1.89 KB
/
takeedit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
require_once("include/bittorrent.php");
function bark($msg) {
genbark($msg, "Edit failed!");
}
if (!mkglobal("id:name:descr:type:lic"))
bark("missing form data");
$id = 0 + $id;
if (!$id)
die();
dbconn();
loggedinorreturn();
$res = mysql_query("SELECT owner, filename, save_as FROM torrents WHERE id = $id");
$row = mysql_fetch_assoc($res);
if (!$row)
die();
if ($CURUSER["id"] != $row["owner"] && $CURUSER['class'] < UC_MODERATOR)
bark("You're not the owner! How did that happen?\n");
$updateset = array();
$fname = $row["filename"];
preg_match('/^(.+)\.torrent$/si', $fname, $matches);
$shortfname = $matches[1];
$dname = $row["save_as"];
$version_action = $_POST['version_action'];
if ($version_action == 'update'){
$version_id = get_version_id_for_torrent($_POST['version'], $id);
$updateset[] = "version = ". $version_id;
}else
if ($version_action == 'remove')
$updateset[] = 'version = 0';
$updateset[] = "name = " . sqlesc($name);
$updateset[] = "search_text = " . sqlesc(searchfield("$shortfname $dname $name"));
$updateset[] = "descr = " . sqlesc($descr);
$updateset[] = "ori_descr = " . sqlesc($descr);
$updateset[] = "category = " . (0 + $type);
$updateset[] = "license = " . (0 + $lic);
//if ($CURUSER["admin"] == "yes") {
if ($CURUSER['class'] > UC_MODERATOR) {
if ( isset($_POST["banned"]) ) {
$updateset[] = "banned = 'yes'";
$_POST["visible"] = 0;
}
else
$updateset[] = "banned = 'no'";
}
$updateset[] = "visible = '" . ( isset($_POST["visible"]) ? "yes" : "no") . "'";
mysql_query("UPDATE torrents SET " . join(",", $updateset) . " WHERE id = $id");
write_log("Torrent $id ($name) was edited by $CURUSER[username]");
$returl = "details.php?id=$id&edited=1";
if (isset($_POST["returnto"]))
$returl .= "&returnto=" . urlencode($_POST["returnto"]);
header("Refresh: 0; url=$returl");
?>