include(SERVER_ROOT.'/classes/class_validate.php');
$Val=NEW VALIDATE;
if(!empty($_REQUEST['confirm'])) {
// Confirm registration
$DB->query("SELECT ID FROM users_main WHERE torrent_pass='******'confirm'])."' AND Enabled='0'");
list($UserID)=$DB->next_record();
if($UserID) {
$DB->query("UPDATE users_main SET Enabled='1' WHERE ID='$UserID'");
$Cache->increment('stats_user_count');
include('step2.php');
}
} elseif(OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {
$Val->SetFields('username',true,'regex','You did not enter a valid username.',array('regex'=>'/^[a-z0-9_?]{1,20}$/iD'));
$Val->SetFields('email',true,'email','You did not enter a valid email address.');
$Val->SetFields('password',true,'string','You did not enter a valid password (6 - 40 characters).',array('minlength'=>6,'maxlength'=>40));
$Val->SetFields('confirm_password',true,'compare','Your passwords do not match.',array('comparefield'=>'password'));
$Val->SetFields('readrules',true,'checkbox','You did not check the box that says you will read the rules.');
$Val->SetFields('readwiki',true,'checkbox','You did not check the box that says you will read the wiki.');
$Val->SetFields('agereq',true,'checkbox','You did not check the box that says you are 13 or older.');
//$Val->SetFields('captcha',true,'string','You did not enter a captcha code.',array('minlength'=>6,'maxlength'=>6));
if(!empty($_REQUEST['submit'])) {
// User has submitted registration form
$Err=$Val->ValidateForm($_REQUEST);
/*
if(!$Err && strtolower($_SESSION['captcha'])!=strtolower($_REQUEST['captcha'])) {
$Err="You did not enter the correct captcha code.";
}
}
require SERVER_ROOT . '/classes/validate.class.php';
$Validate = new VALIDATE();
if (array_key_exists('action', $_GET) && $_GET['action'] == 'disabled') {
require 'disabled.php';
die;
}
if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') {
// Recover password
if (!empty($_REQUEST['key'])) {
// User has entered a new password, use step 2
$DB->query("\n\t\t\tSELECT\n\t\t\t\tm.ID,\n\t\t\t\tm.Email,\n\t\t\t\tm.ipcc,\n\t\t\t\ti.ResetExpires\n\t\t\tFROM users_main as m\n\t\t\t\tINNER JOIN users_info AS i ON i.UserID = m.ID\n\t\t\tWHERE i.ResetKey = '" . db_string($_REQUEST['key']) . "'\n\t\t\t\tAND i.ResetKey != ''\n\t\t\t\tAND m.Enabled = '1'");
list($UserID, $Email, $Country, $Expires) = $DB->next_record();
if ($UserID && strtotime($Expires) > time()) {
// If the user has requested a password change, and his key has not expired
$Validate->SetFields('password', '1', 'regex', 'You entered an invalid password. A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/'));
$Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password'));
if (!empty($_REQUEST['password'])) {
// If the user has entered a password.
// If the user has not entered a password, $Reset is not set to 1, and the success message is not shown
$Err = $Validate->ValidateForm($_REQUEST);
if ($Err == '') {
// Form validates without error, set new secret and password.
$DB->query("\n\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\tusers_main AS m,\n\t\t\t\t\t\t\tusers_info AS i\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\tm.PassHash = '" . db_string(Users::make_crypt_hash($_REQUEST['password'])) . "',\n\t\t\t\t\t\t\ti.ResetKey = '',\n\t\t\t\t\t\t\ti.ResetExpires = '0000-00-00 00:00:00'\n\t\t\t\t\t\tWHERE m.ID = '{$UserID}'\n\t\t\t\t\t\t\tAND i.UserID = m.ID");
$DB->query("\n\t\t\t\t\t\tINSERT INTO users_history_passwords\n\t\t\t\t\t\t\t(UserID, ChangerIP, ChangeTime)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t('{$UserID}', '{$_SERVER['REMOTE_ADDR']}', '" . sqltime() . "')");
$Reset = true;
// Past tense form of "to reset", meaning that password has now been reset
G::$LoggedUser['ID'] = $UserID;
// Set $LoggedUser['ID'] for logout_all_sessions() to work
logout_all_sessions();
}
break;
case 'takenewnews':
if(!check_perms('admin_manage_news')){ error(403); }
$DB->query("INSERT INTO news (UserID, Title, Body, Time) VALUES ('$LoggedUser[ID]', '".db_string($_POST['title'])."', '".db_string($_POST['body'])."', '".sqltime()."')");
$Cache->delete_value('news');
header('Location: index.php');
break;
case 'permissions':
if (!check_perms('admin_manage_permissions')) { error(403); }
if (!empty($_REQUEST['id'])) {
$Val->SetFields('name',true,'string','You did not enter a valid name for this permission set.');
$Val->SetFields('level',true,'number','You did not enter a valid level for this permission set.');
//$Val->SetFields('test',true,'number','You did not enter a valid level for this permission set.');
$Values=array();
if (is_numeric($_REQUEST['id'])) {
$DB->query("SELECT p.ID,p.Name,p.Level,p.Values,p.DisplayStaff,COUNT(u.ID) FROM permissions AS p LEFT JOIN users_main AS u ON u.PermissionID=p.ID WHERE p.ID='".db_string($_REQUEST['id'])."' GROUP BY p.ID");
list($ID,$Name,$Level,$Values,$DisplayStaff,$UserCount)=$DB->next_record(MYSQLI_NUM, array(3));
$Values=unserialize($Values);
}
if (!empty($_POST['submit'])) {
$Err = $Val->ValidateForm($_POST);
if (!is_numeric($_REQUEST['id'])) {
<?php
authorize();
include SERVER_ROOT . '/classes/validate.class.php';
$Val = new VALIDATE();
$P = array();
$P = db_array($_POST);
if ($P['category'] > 0 || check_perms('site_collages_renamepersonal')) {
$Val->SetFields('name', '1', 'string', 'The name must be between 3 and 100 characters', array('maxlength' => 100, 'minlength' => 3));
} else {
// Get a collage name and make sure it's unique
$name = $LoggedUser['Username'] . "'s personal collage";
$P['name'] = db_string($name);
$DB->query("\n\t\tSELECT ID\n\t\tFROM collages\n\t\tWHERE Name = '" . $P['name'] . "'");
$i = 2;
while ($DB->has_results()) {
$P['name'] = db_string("{$name} no. {$i}");
$DB->query("\n\t\t\tSELECT ID\n\t\t\tFROM collages\n\t\t\tWHERE Name = '" . $P['name'] . "'");
$i++;
}
}
$Val->SetFields('description', '1', 'string', 'The description must be between 10 and 65535 characters', array('maxlength' => 65535, 'minlength' => 10));
$Err = $Val->ValidateForm($_POST);
if (!$Err && $P['category'] === '0') {
$DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM collages\n\t\tWHERE UserID = '{$LoggedUser['ID']}'\n\t\t\tAND CategoryID = '0'\n\t\t\tAND Deleted = '0'");
list($CollageCount) = $DB->next_record();
if ($CollageCount >= $LoggedUser['Permissions']['MaxCollages'] || !check_perms('site_collages_personal')) {
$Err = 'You may not create a personal collage.';
} elseif (check_perms('site_collages_renamepersonal') && !stristr($P['name'], $LoggedUser['Username'])) {
$Err = 'Your personal collage\'s title must include your username.';
}
break;
case 'change_log':
include SERVER_ROOT . '/sections/tools/managers/change_log.php';
break;
case 'global_notification':
include SERVER_ROOT . '/sections/tools/managers/global_notification.php';
break;
case 'take_global_notification':
include SERVER_ROOT . '/sections/tools/managers/take_global_notification.php';
break;
case 'permissions':
if (!check_perms('admin_manage_permissions')) {
error(403);
}
if (!empty($_REQUEST['id'])) {
$Val->SetFields('name', true, 'string', 'You did not enter a valid name for this permission set.');
$Val->SetFields('level', true, 'number', 'You did not enter a valid level for this permission set.');
$Val->SetFields('maxcollages', true, 'number', 'You did not enter a valid number of personal collages.');
//$Val->SetFields('test', true, 'number', 'You did not enter a valid level for this permission set.');
if (is_numeric($_REQUEST['id'])) {
$DB->query("\n\t\t\t\t\tSELECT p.ID, p.Name, p.Level, p.Secondary, p.PermittedForums, p.Values, p.DisplayStaff, COUNT(u.ID)\n\t\t\t\t\tFROM permissions AS p\n\t\t\t\t\t\tLEFT JOIN users_main AS u ON u.PermissionID = p.ID\n\t\t\t\t\tWHERE p.ID = '" . db_string($_REQUEST['id']) . "'\n\t\t\t\t\tGROUP BY p.ID");
list($ID, $Name, $Level, $Secondary, $Forums, $Values, $DisplayStaff, $UserCount) = $DB->next_record(MYSQLI_NUM, array(5));
if ($Level > $LoggedUser['EffectiveClass'] || $_REQUEST['level'] > $LoggedUser['EffectiveClass']) {
error(403);
}
$Values = unserialize($Values);
}
if (!empty($_POST['submit'])) {
$Err = $Val->ValidateForm($_POST);
if (!is_numeric($_REQUEST['id'])) {
$DB->query("\n\t\t\t\t\t\tSELECT ID\n\t\t\t\t\t\tFROM permissions\n\t\t\t\t\t\tWHERE Level = '" . db_string($_REQUEST['level']) . "'");
}
if(check_perms('torrents_freeleech')) {
$Properties['FreeLeech'] = (isset($_POST['freeleech'])) ? 1 : 0;
}
//******************************************************************************//
//--------------- Validate data in edit form -----------------------------------//
$DB->query('SELECT UserID FROM torrents WHERE ID='.$TorrentID);
list($UserID) = $DB->next_record();
if($LoggedUser['ID']!=$UserID && !check_perms('torrents_edit')) {
error(403);
}
$Validate->SetFields('type','1','number','Not a valid type.',array('maxlength'=>count($Categories), 'minlength'=>1));
$Validate->SetFields('type','1','number','Invalid torrent ID.',array('maxlength'=>1000000000, 'minlength'=>1)); // we shouldn't have torrent IDs higher than a billion
switch ($Type) {
case 'Music':
if(!empty($Properties['Remastered']) && !empty($Properties['UnknownRelease'])){
$Validate->SetFields('remaster_year', '1', 'number', 'Year of remaster/re-issue must be entered.');
} else {
$Validate->SetFields('remaster_year', '0','number', 'Invalid remaster year.');
}
$Validate->SetFields('remaster_title',
'0','string','Remaster title must be between 2 and 50 characters.',array('maxlength'=>50, 'minlength'=>2));
$Validate->SetFields('remaster_record_label',
'0','string','Remaster record label must be between 2 and 40 characters.',array('maxlength'=>40, 'minlength'=>2));
}
require ASSETS . "/class_validate.php";
$Validate = new VALIDATE();
if (array_key_exists('action', $_GET) && $_GET['action'] == 'disabled') {
require 'disabled.php';
die;
}
if (isset($_REQUEST['act']) && $_REQUEST['act'] == "recover") {
// Recover password
if (!empty($_REQUEST['key'])) {
// User has entered a new password, use step 2
$DB->query("SELECT \n\t\t\tm.ID,\n\t\t\tm.Email,\n\t\t\ti.ResetExpires \n\t\t\tFROM users_main AS m \n\t\t\tINNER JOIN users_info AS i ON i.UserID=m.ID \n\t\t\tWHERE i.ResetKey='" . db_string($_REQUEST['key']) . "' \n\t\t\tAND i.ResetKey<>'' \n\t\t\tAND m.Enabled='1'");
list($UserID, $Email, $Expires) = $DB->next_record();
if ($UserID && strtotime($Expires) > time()) {
// If the user has requested a password change, and his key has not expired
$Validate->SetFields('password', '1', 'string', 'You entered an invalid password.', array('maxlength' => '40', 'minlength' => '6'));
$Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password'));
if (!empty($_REQUEST['password'])) {
// If the user has entered a password.
// If the user has not entered a password, $Reset is not set to 1, and the success message is not shown
$Err = $Validate->ValidateForm($_REQUEST);
if ($Err == '') {
// Form validates without error, set new secret and password.
$Secret = make_secret();
$DB->query("UPDATE \n\t\t\t\t\t\tusers_main AS m,\n\t\t\t\t\t\tusers_info AS i \n\t\t\t\t\t\tSET m.PassHash='" . db_string(make_hash($_REQUEST['password'], $Secret)) . "',\n\t\t\t\t\t\tm.Secret='" . db_string($Secret) . "',\n\t\t\t\t\t\ti.ResetKey='',\n\t\t\t\t\t\ti.ResetExpires='0000-00-00 00:00:00' \n\t\t\t\t\t\tWHERE m.ID='" . db_string($UserID) . "' \n\t\t\t\t\t\tAND i.UserID=m.ID");
$Reset = true;
// Past tense form of "to reset", meaning that password has now been reset
}
}
// Either a form asking for them to enter the password
// Or a success message if $Reset is 1
<?
$P=array();
$P=db_array($_POST);
include(SERVER_ROOT.'/classes/class_validate.php');
$Val = new VALIDATE;
$Val->SetFields('title', '1','string','The title must be between 3 and 100 characters',array('maxlength'=>100, 'minlength'=>3));
//$Val->SetFields('alias', '1','string','Please include at least 1 alias, the entire string should be between 2 and 100 characters.',array('maxlength'=>100, 'minlength'=>2));
$Err = $Val->ValidateForm($_POST);
if(!$Err) {
$DB->query("SELECT ID FROM wiki_articles WHERE Title='$P[title]'");
if($DB->record_count()>0) {
list($ID) = $DB->next_record();
$Err = 'An article with that name already exists <a href="wiki.php?action=article&id='.$ID.'">here</a>.';
}
}
if($Err) {
$_SESSION['error_message'] = $Err;
header('Location: wiki.php?action=create');
die();
}
if(check_perms('admin_manage_wiki')){
$Read=$_POST['minclassread'];
$Edit=$_POST['minclassedit'];
if(!is_number($Read)) { error(0); } //int?
if(!is_number($Edit)) { error(0); }
if($Edit > $LoggedUser['Class']){ error('You can\'t restrict articles above your own level'); }
$Properties['GroupDescription'] = trim($_POST['desc']);
}
$Properties['GroupID'] = $_POST['groupid'];
if (empty($_POST['artists'])) {
$Err = "You didn't enter any artists";
} else {
$Artists = $_POST['artists'];
$Importance = $_POST['importance'];
}
if (!empty($_POST['requestid'])) {
$RequestID = $_POST['requestid'];
$Properties['RequestID'] = $RequestID;
}
//******************************************************************************//
//--------------- Validate data in upload form ---------------------------------//
$Validate->SetFields('type', '1', 'inarray', 'Please select a valid type.', array('inarray' => array_keys($Categories)));
switch ($Type) {
case 'Music':
if (!$_POST['groupid']) {
$Validate->SetFields('title', '1', 'string', 'Title must be between 1 and 200 characters.', array('maxlength' => 200, 'minlength' => 1));
$Validate->SetFields('year', '1', 'number', 'The year of the original release must be entered.', array('length' => 40));
$Validate->SetFields('releasetype', '1', 'inarray', 'Please select a valid release type.', array('inarray' => array_keys($ReleaseTypes)));
$Validate->SetFields('tags', '1', 'string', 'You must enter at least one tag. Maximum length is 200 characters.', array('maxlength' => 200, 'minlength' => 2));
$Validate->SetFields('record_label', '0', 'string', 'Record label must be between 2 and 80 characters.', array('maxlength' => 80, 'minlength' => 2));
$Validate->SetFields('catalogue_number', '0', 'string', 'Catalogue Number must be between 2 and 80 characters.', array('maxlength' => 80, 'minlength' => 2));
$Validate->SetFields('album_desc', '1', 'string', 'The album description has a minimum length of 10 characters.', array('maxlength' => 1000000, 'minlength' => 10));
if ($Properties['Media'] == 'CD' && !$Properties['Remastered']) {
$Validate->SetFields('year', '1', 'number', 'You have selected a year for an album that predates the media you say it was created on.', array('minlength' => 1982));
}
}
if ($Properties['Remastered'] && !$Properties['UnknownRelease']) {
if ($MaxGroups > 0 && $NumTorrents >= $MaxGroups) {
$Err = 'This collage already holds its maximum allowed number of artists.';
}
if (isset($Err)) {
error($Err);
}
}
if ($MaxGroupsPerUser > 0) {
$DB->query("\n\t\tSELECT COUNT(*)\n\t\tFROM collages_artists\n\t\tWHERE CollageID = '{$CollageID}'\n\t\t\tAND UserID = '{$LoggedUser['ID']}'");
list($GroupsForUser) = $DB->next_record();
if (!check_perms('site_collages_delete') && $GroupsForUser >= $MaxGroupsPerUser) {
error(403);
}
}
if ($_REQUEST['action'] == 'add_artist') {
$Val->SetFields('url', '1', 'regex', 'The URL must be a link to a artist on the site.', array('regex' => '/^' . ARTIST_REGEX . '/i'));
$Err = $Val->ValidateForm($_POST);
if ($Err) {
error($Err);
}
$URL = $_POST['url'];
// Get artist ID
preg_match('/^' . ARTIST_REGEX . '/i', $URL, $Matches);
$ArtistID = $Matches[4];
if (!$ArtistID || (int) $ArtistID === 0) {
error(404);
}
$DB->query("\n\t\tSELECT ArtistID\n\t\tFROM artists_group\n\t\tWHERE ArtistID = '{$ArtistID}'");
list($ArtistID) = $DB->next_record();
if (!$ArtistID) {
error('The artist was not found in the database.');
die();
}
*/
include SERVER_ROOT . '/classes/validate.class.php';
$Val = new VALIDATE();
if (!empty($_REQUEST['confirm'])) {
// Confirm registration
$DB->query("\n\t\tSELECT ID\n\t\tFROM users_main\n\t\tWHERE torrent_pass = '******'confirm']) . "'\n\t\t\tAND Enabled = '0'");
list($UserID) = $DB->next_record();
if ($UserID) {
$DB->query("\n\t\t\tUPDATE users_main\n\t\t\tSET Enabled = '1'\n\t\t\tWHERE ID = '{$UserID}'");
$Cache->increment('stats_user_count');
include 'step2.php';
}
} elseif (OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {
$Val->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX));
$Val->SetFields('email', true, 'email', 'You did not enter a valid email address.');
$Val->SetFields('password', true, 'regex', 'A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/'));
$Val->SetFields('confirm_password', true, 'compare', 'Your passwords do not match.', array('comparefield' => 'password'));
$Val->SetFields('readrules', true, 'checkbox', 'You did not select the box that says you will read the rules.');
$Val->SetFields('readwiki', true, 'checkbox', 'You did not select the box that says you will read the wiki.');
$Val->SetFields('agereq', true, 'checkbox', 'You did not select the box that says you are 13 years of age or older.');
//$Val->SetFields('captcha', true, 'string', 'You did not enter a captcha code.', array('minlength' => 6, 'maxlength' => 6));
if (!empty($_POST['submit'])) {
// User has submitted registration form
$Err = $Val->ValidateForm($_REQUEST);
/*
if (!$Err && strtolower($_SESSION['captcha']) != strtolower($_REQUEST['captcha'])) {
$Err = 'You did not enter the correct captcha code.';
}
*/
<?
//******************************************************************************//
//--------------- Take edit request --------------------------------------------//
include(SERVER_ROOT.'/classes/class_validate.php');
$Validate = new VALIDATE;
$RequestID = $_POST['requestid'];
if(!is_number($RequestID)) { error(0); }
$P = db_array($_POST);
//----- Validate
$Validate->SetFields('artist',
'0','string','The artist name must be between 2 and 100 characters.',array('maxlength'=>100, 'minlength'=>2));
$Validate->SetFields('name',
'0','string','The title must be between 2 and 255 characters.',array('maxlength'=>255, 'minlength'=>2));
$Validate->SetFields('description',
'1','string','You must enter a description.',array('maxlength'=>10000, 'minlength'=>2));
$Validate->SetFields('tags',
'1','string','You must enter at least one tag.',array('maxlength'=>255, 'minlength'=>2));
$Err=$Validate->ValidateForm($_POST); // Validate the form
if($Err) {
$_SESSION['Error'] = $Err;
$_SESSION['data'] = $_POST;
header('Location: '.$_SERVER['HTTP_REFERER']);
die();
} else {
$DB->query("SELECT UserID, TimeAdded FROM requests WHERE ID='$RequestID'");
if ($MaxGroups > 0 && $NumTorrents >= $MaxGroups) {
$Err = 'This collage already holds its maximum allowed number of torrents.';
}
if (isset($Err)) {
error($Err);
}
}
if ($MaxGroupsPerUser > 0) {
$DB->query("\n\t\tSELECT COUNT(*)\n\t\tFROM collages_torrents\n\t\tWHERE CollageID = '{$CollageID}'\n\t\t\tAND UserID = '{$LoggedUser['ID']}'");
list($GroupsForUser) = $DB->next_record();
if (!check_perms('site_collages_delete') && $GroupsForUser >= $MaxGroupsPerUser) {
error(403);
}
}
if ($_REQUEST['action'] == 'add_torrent') {
$Val->SetFields('url', '1', 'regex', 'The URL must be a link to a torrent on the site.', array('regex' => '/^' . TORRENT_GROUP_REGEX . '/i'));
$Err = $Val->ValidateForm($_POST);
if ($Err) {
error($Err);
}
$URL = $_POST['url'];
// Get torrent ID
preg_match('/^' . TORRENT_GROUP_REGEX . '/i', $URL, $Matches);
$TorrentID = $Matches[4];
if (!$TorrentID || (int) $TorrentID == 0) {
error(404);
}
$DB->query("\n\t\tSELECT ID\n\t\tFROM torrents_group\n\t\tWHERE ID = '{$TorrentID}'");
list($GroupID) = $DB->next_record();
if (!$GroupID) {
error('The torrent was not found in the database.');
//******************************************************************************//
authorize();
enforce_login();
require SERVER_ROOT . '/classes/validate.class.php';
$Validate = new VALIDATE();
$TorrentID = (int) $_POST['torrentid'];
$GroupID = (int) $_POST['groupid'];
$Subject = $_POST['subject'];
$Message = $_POST['message'];
//******************************************************************************//
//--------------- Validate data in edit form -----------------------------------//
// FIXME: Still need a better perm name
if (!check_perms('site_moderate_requests')) {
error(403);
}
$Validate->SetFields('torrentid', '1', 'number', 'Invalid torrent ID.', array('maxlength' => 1000000000, 'minlength' => 1));
// we shouldn't have torrent IDs higher than a billion
$Validate->SetFields('groupid', '1', 'number', 'Invalid group ID.', array('maxlength' => 1000000000, 'minlength' => 1));
// we shouldn't have group IDs higher than a billion either
$Validate->SetFields('subject', '0', 'string', 'Invalid subject.', array('maxlength' => 1000, 'minlength' => 1));
$Validate->SetFields('message', '0', 'string', 'Invalid message.', array('maxlength' => 10000, 'minlength' => 1));
$Err = $Validate->ValidateForm($_POST);
// Validate the form
if ($Err) {
error($Err);
header('Location: ' . $_SERVER['HTTP_REFERER']);
die;
}
//******************************************************************************//
//--------------- Send PMs to users --------------------------------------------//
$DB->query("\n\tSELECT uid\n\tFROM xbt_snatched\n\tWHERE fid = {$TorrentID}");
<?
//******************************************************************************//
//--------------- Fill a request -----------------------------------------------//
$RequestID = $_POST['requestid'];
if(!is_number($RequestID)) { error(0); }
$URL = trim($_POST['url']);
include(SERVER_ROOT.'/classes/class_validate.php');
$Validate = new VALIDATE;
// Make sure the URL they entered is on our site, and is a link to a torrent
$URLRegex = '/^https?:\/\/(www\.|ssl\.)?'.NONSSL_SITE_URL.'\/torrents\.php\?id=([0-9]+)/i';
$Validate->SetFields('url', '1','regex','The URL must be a link to a torrent on the site.',array('regex'=>$URLRegex));
$Err=$Validate->ValidateForm($_POST); // Validate the form
if($Err) { // if something didn't validate
$_SESSION['Error'] = $Err;
header('Location: requests.php?action=viewrequest&id='.$RequestID);
exit;
}
// Get torrent ID
$URLRegex = '/torrents\.php\?id=([0-9]+)/i';
preg_match($URLRegex, $URL, $Matches);
$TorrentID=$Matches[1];
if(!$TorrentID || (int)$TorrentID == 0){ error(404); }
$DB->query("SELECT ID, Time FROM torrents_group WHERE ID='$TorrentID'");
list($GroupID, $FillTime) = $DB->next_record();
