function num_compare($Field, $Operand, $Num1, $Num2 = '')
{
if ($Num1 != 0) {
$Num1 = db_string($Num1);
}
if ($Num2 != 0) {
$Num2 = db_string($Num2);
}
$Return = array();
switch ($Operand) {
case 'equal':
$Return[] = " {$Field} = '{$Num1}' ";
break;
case 'above':
$Return[] = " {$Field} > '{$Num1}' ";
break;
case 'below':
$Return[] = " {$Field} < '{$Num1}' ";
break;
case 'between':
$Return[] = " {$Field} > '{$Num1}' ";
$Return[] = " {$Field} < '{$Num2}' ";
break;
default:
print_r($Return);
die;
}
return $Return;
}
function send()
{
global $keystring, $login, $email;
$hash = md5('#RANDOM_PREFIX#' . mtime() . '#RANDOM_SEPARATOR#' . $login . '#WITH#' . $email . '#RANDOM_SUFFIX#');
if ($_SESSION['CAPTCHA_Keystring'] == '' || strtolower($keystring) != $_SESSION['CAPTCHA_Keystring']) {
add_info('Вы не прошли тест Тьюринга на подтверждение того, что вы не бот.');
return false;
}
$r = db_row_value('user', "(`login` =\"{$login}\") AND (`email`=\"{$email}\") AND (`authorized`=1)");
if ($r['id'] == '') {
add_info('Неверное сочетание login <-> email');
return false;
}
$s = unserialize($r['settings']);
if ($s['restore_timestamp'] && time() - $s['restore_timestamp'] < config_get('restore-timeout')) {
add_info('Вы не можете просить восстановку пароля так часто');
return false;
}
$s['restore_hash'] = $hash;
$s['restore_timestamp'] = time();
db_update('user', array('settings' => db_string(serialize($s))), '`id`=' . $r['id']);
$link = config_get('http-document-root') . '/login/restore/confirm/?id=' . $r['id'] . '&hash=' . $hash;
sendmail_tpl(stripslashes($email), 'Восстановление пароля в системе ' . config_get('site-name'), 'restore', array('login' => stripslashes($login), 'email' => stripslashes($email), 'link' => $link));
return true;
}
/**
* Edit a comment
* @param int $PostID
* @param string $NewBody
* @param bool $SendPM If true, send a PM to the author of the comment informing him about the edit
* @todo move permission check out of here/remove hardcoded error(404)
*/
public static function edit($PostID, $NewBody, $SendPM = false)
{
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\tSELECT\n\t\t\t\tBody,\n\t\t\t\tAuthorID,\n\t\t\t\tPage,\n\t\t\t\tPageID,\n\t\t\t\tAddedTime\n\t\t\tFROM comments\n\t\t\tWHERE ID = {$PostID}");
if (!G::$DB->has_results()) {
return false;
}
list($OldBody, $AuthorID, $Page, $PageID, $AddedTime) = G::$DB->next_record();
if (G::$LoggedUser['ID'] != $AuthorID && !check_perms('site_moderate_forums')) {
return false;
}
G::$DB->query("\n\t\t\tSELECT CEIL(COUNT(ID) / " . TORRENT_COMMENTS_PER_PAGE . ") AS Page\n\t\t\tFROM comments\n\t\t\tWHERE Page = '{$Page}'\n\t\t\t\tAND PageID = {$PageID}\n\t\t\t\tAND ID <= {$PostID}");
list($CommPage) = G::$DB->next_record();
// Perform the update
G::$DB->query("\n\t\t\tUPDATE comments\n\t\t\tSET\n\t\t\t\tBody = '" . db_string($NewBody) . "',\n\t\t\t\tEditedUserID = " . G::$LoggedUser['ID'] . ",\n\t\t\t\tEditedTime = '" . sqltime() . "'\n\t\t\tWHERE ID = {$PostID}");
// Update the cache
$CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $CommPage - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
G::$Cache->delete_value($Page . '_comments_' . $PageID . '_catalogue_' . $CatalogueID);
if ($Page == 'collages') {
// On collages, we also need to clear the collage key (collage_$CollageID), because it has the comments in it... (why??)
G::$Cache->delete_value('collage_' . $PageID);
}
G::$DB->query("\n\t\t\tINSERT INTO comments_edits (Page, PostID, EditUser, EditTime, Body)\n\t\t\tVALUES ('{$Page}', {$PostID}, " . G::$LoggedUser['ID'] . ", '" . sqltime() . "', '" . db_string($OldBody) . "')");
G::$DB->set_query_id($QueryID);
if ($SendPM && G::$LoggedUser['ID'] != $AuthorID) {
// Send a PM to the user to notify them of the edit
$PMSubject = "Your comment #{$PostID} has been edited";
$PMurl = site_url() . "comments.php?action=jump&postid={$PostID}";
$ProfLink = '[url=' . site_url() . 'user.php?id=' . G::$LoggedUser['ID'] . ']' . G::$LoggedUser['Username'] . '[/url]';
$PMBody = "One of your comments has been edited by {$ProfLink}: [url]{$PMurl}[/url]";
Misc::send_pm($AuthorID, 0, $PMSubject, $PMBody);
}
return true;
// TODO: this should reflect whether or not the update was actually successful, e.g. by checking G::$DB->affected_rows after the UPDATE query
}
/**
* Update the sphinx requests delta table for a request.
*
* @param $RequestID
*/
public static function update_sphinx_requests($RequestID)
{
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\tSELECT REPLACE(t.Name, '.', '_')\n\t\t\tFROM tags AS t\n\t\t\t\tJOIN requests_tags AS rt ON t.ID = rt.TagID\n\t\t\tWHERE rt.RequestID = {$RequestID}");
$TagList = G::$DB->collect(0, false);
$TagList = db_string(implode(' ', $TagList));
G::$DB->query("\n\t\t\tREPLACE INTO sphinx_requests_delta (\n\t\t\t\tID, UserID, TimeAdded, LastVote, CategoryID, Title, TagList,\n\t\t\t\tYear, ReleaseType, CatalogueNumber, RecordLabel, BitrateList,\n\t\t\t\tFormatList, MediaList, LogCue, FillerID, TorrentID,\n\t\t\t\tTimeFilled, Visible, Votes, Bounty)\n\t\t\tSELECT\n\t\t\t\tID, r.UserID, UNIX_TIMESTAMP(TimeAdded) AS TimeAdded,\n\t\t\t\tUNIX_TIMESTAMP(LastVote) AS LastVote, CategoryID, Title, '{$TagList}',\n\t\t\t\tYear, ReleaseType, CatalogueNumber, RecordLabel, BitrateList,\n\t\t\t\tFormatList, MediaList, LogCue, FillerID, TorrentID,\n\t\t\t\tUNIX_TIMESTAMP(TimeFilled) AS TimeFilled, Visible,\n\t\t\t\tCOUNT(rv.UserID) AS Votes, SUM(rv.Bounty) >> 10 AS Bounty\n\t\t\tFROM requests AS r\n\t\t\t\tLEFT JOIN requests_votes AS rv ON rv.RequestID = r.ID\n\t\t\tWHERE ID = {$RequestID}\n\t\t\tGROUP BY r.ID");
G::$DB->query("\n\t\t\tUPDATE sphinx_requests_delta\n\t\t\tSET ArtistList = (\n\t\t\t\t\tSELECT GROUP_CONCAT(aa.Name SEPARATOR ' ')\n\t\t\t\t\tFROM requests_artists AS ra\n\t\t\t\t\t\tJOIN artists_alias AS aa ON aa.AliasID = ra.AliasID\n\t\t\t\t\tWHERE ra.RequestID = {$RequestID}\n\t\t\t\t\tGROUP BY NULL\n\t\t\t\t\t)\n\t\t\tWHERE ID = {$RequestID}");
G::$DB->set_query_id($QueryID);
G::$Cache->delete_value("request_{$RequestID}");
}
/**
* Get a site option
*
* @param string $Name The option name
* @param string $DefaultValue The value to default to if the name can't be found in the cache
*/
public static function getSiteOption($Name, $DefaultValue)
{
$Value = G::$Cache->get_value('site_option_' . $Name);
if ($Value === false) {
G::$DB->query("SELECT Value FROM site_options WHERE Name = '" . db_string($Name) . "'");
if (G::$DB->has_results()) {
list($Value) = G::$DB->next_record();
G::$Cache->cache_value('site_option_' . $Name, $Value);
}
}
return $Value === false ? $DefaultValue : $Value;
}
/**
* Unlock an account
*
* @param int $UserID The ID of the user to unlock
* @param int $Type The lock type, should be a constant value. Used for database verification
* to avoid deleting the wrong lock type
* @param string $Reason The reason for unlock
* @param int $UnlockedByUserID The ID of the staff member unlocking $UserID's account. 0 for system
*/
public static function unlock_account($UserID, $Type, $Message, $Reason, $UnlockedByUserID)
{
if ($UnlockedByUserID == 0) {
$Username = "******";
} else {
G::$DB->query("SELECT Username FROM users_main WHERE ID = '" . $UnlockedByUserID . "'");
list($Username) = G::$DB->next_record();
}
G::$DB->query("DELETE FROM locked_accounts WHERE UserID = '{$UserID}' AND Type = '" . $Type . "'");
if (G::$DB->affected_rows() == 1) {
G::$Cache->delete_value("user_info_" . $UserID);
Tools::update_user_notes($UserID, sqltime() . " - " . db_string($Message) . " by {$Username}\nReason: " . db_string($Reason) . "\n\n");
}
}
function WT_PutChecker()
{
global $id, $err, $desc;
if (!WT_IPC_CheckLogin()) {
return;
}
if ($id == '') {
print 'Void filename for WT_PutChecker()';
return;
}
$data = db_row_value('tester_checkers', "`id`={$id}");
$s = unserialize($data['settings']);
$s['ERR'] = $err;
$s['DESC'] = $desc;
db_update('tester_checkers', array('uploaded' => 'TRUE', 'settings' => db_string(serialize($s))), "`id`={$id}");
}
function build_search($SearchStr,$Field,$Exact=false,$SQLWhere='',$FullText=0,&$FilterString='') {
if($SQLWhere!='') { $AddWhere=false; } else { $AddWhere=true; }
if(!$Exact) {
if ($FullText && preg_match('/[^a-zA-Z0-9 ]/i',$SearchStr)) { $FullText=0; }
$SearchLength=strlen(trim($SearchStr));
$SearchStr=preg_replace('/\s\s+/',' ',trim($SearchStr));
$SearchStr=preg_replace_callback('/"(([^"])*)"/','quotes',$SearchStr);
$SearchStr=explode(" ",$SearchStr);
$FilterString="(.+?)";
foreach($SearchStr as $SearchVal) {
if(trim($SearchVal)!='') {
$SearchVal=trim($SearchVal);
$SearchVal=str_replace("{{SPACE}}"," ",$SearchVal);
// Choose between fulltext or LIKE based off length of the string
if ($FullText && strlen($SearchVal)>2) {
if($SQLWhere!='') { $SQLWhere.=" AND "; }
if (substr($SearchVal,0,1)=='-') {
$SQLWhere.="MATCH (".$Field.") AGAINST ('".db_string($SearchVal)."' IN BOOLEAN MODE)";
} else {
$SQLWhere.="MATCH (".$Field.") AGAINST ('".db_string($SearchVal)."')";
}
} else {
if($SQLWhere!='') { $SQLWhere.=" AND "; }
if (substr($SearchVal,0,1)=="-") {
$SQLWhere.=$Field." NOT LIKE '%".db_string(substr($SearchVal,1))."%'";
} else {
$SQLWhere.=$Field." LIKE '%".db_string($SearchVal)."%'";
}
}
$FilterString.="(".$SearchVal.")(.+?)";
}
}
} else {
if($SQLWhere!='') { $SQLWhere.=" AND "; }
$SQLWhere.=$Field." LIKE '".db_string($SearchStr)."'";
$FilterString.="(.+?)(".$SearchStr.")(.+?)";
}
$Search = 1;
$FilterString="/".$FilterString."/si";
if($SQLWhere!='' && $AddWhere) { $SQLWhere="WHERE ".$SQLWhere; }
return $SQLWhere;
}
public static function create_personal_collage()
{
G::$DB->query("\n\t\t\tSELECT\n\t\t\t\tCOUNT(ID)\n\t\t\tFROM collages\n\t\t\tWHERE UserID = '" . G::$LoggedUser['ID'] . "'\n\t\t\t\tAND CategoryID = '0'\n\t\t\t\tAND Deleted = '0'");
list($CollageCount) = G::$DB->next_record();
if ($CollageCount >= G::$LoggedUser['Permissions']['MaxCollages']) {
// TODO: fix this, the query was for COUNT(ID), so I highly doubt that this works... - Y
list($CollageID) = G::$DB->next_record();
header('Location: collage.php?id=' . $CollageID);
die;
}
$NameStr = db_string(G::$LoggedUser['Username'] . "'s personal collage" . ($CollageCount > 0 ? ' no. ' . ($CollageCount + 1) : ''));
$Description = db_string('Personal collage for ' . G::$LoggedUser['Username'] . '. The first 5 albums will appear on his or her [url=' . site_url() . 'user.php?id= ' . G::$LoggedUser['ID'] . ']profile[/url].');
G::$DB->query("\n\t\t\tINSERT INTO collages\n\t\t\t\t(Name, Description, CategoryID, UserID)\n\t\t\tVALUES\n\t\t\t\t('{$NameStr}', '{$Description}', '0', " . G::$LoggedUser['ID'] . ")");
$CollageID = G::$DB->inserted_id();
header('Location: collage.php?id=' . $CollageID);
die;
}
public static function update_event($ID, $Title, $Body, $Category, $Importance, $Team, $StartDate, $EndDate = null)
{
if (!is_number($ID) || empty($Title) || empty($Body) || !is_number($Category) || !is_number($Importance) || !is_number($Team) || empty($StartDate)) {
error("Error updating event");
}
$ID = (int) $ID;
$Title = db_string($Title);
$Body = db_string($Body);
$Category = (int) $Category;
$Importance = (int) $Importance;
$Team = (int) $Team;
$StartDate = db_string($StartDate);
$EndDate = db_string($EndDate);
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\t\t\t\tUPDATE calendar\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\tTitle = '{$Title}',\n\t\t\t\t\t\t\tBody = '{$Body}',\n\t\t\t\t\t\t\tCategory = '{$Category}',\n\t\t\t\t\t\t\tImportance = '{$Importance}',\n\t\t\t\t\t\t\tTeam = '{$Team}',\n\t\t\t\t\t\t\tStartDate = '{$StartDate}',\n\t\t\t\t\t\t\tEndDate = '{$EndDate}'\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tID = '{$ID}'");
G::$DB->set_query_id($QueryID);
}
function btc_address($UserID, $GenAddress = false)
{
global $DB;
$UserID = (int) $UserID;
$DB->query("\n\t\tSELECT BitcoinAddress\n\t\tFROM users_info\n\t\tWHERE UserID = '{$UserID}'");
list($Addr) = $DB->next_record();
if (!empty($Addr)) {
return $Addr;
} elseif ($GenAddress) {
if (empty($NewAddr)) {
error(0);
}
$DB->query("\n\t\t\tUPDATE users_info\n\t\t\tSET BitcoinAddress = '" . db_string($NewAddr) . "'\n\t\t\tWHERE UserID = '{$UserID}'\n\t\t\t\tAND BitcoinAddress IS NULL");
return $NewAddr;
} else {
return false;
}
}
function WT_PutSolution()
{
global $id, $lid, $ERRORS, $POINTS, $XPFS;
$optional_params = array('REPORT');
$update_params = array('COMPILER_MESSAGES', 'TESTS');
if (!WT_IPC_CheckLogin()) {
return;
}
if (!isset($id) || !isset($lid)) {
print 'Void filename for WT_PutSOlution';
return;
}
$r = db_row_value('tester_solutions', "`id`={$id} AND `lid`={$lid}");
$p = unserialize($r['parameters']);
for ($i = 0; $i < count($update_params); $i++) {
if (isset($_POST[$update_params[$i]])) {
$p[$update_params[$i]] = stripslashes($_POST[$update_params[$i]]);
}
}
if ($POINTS == '') {
$POINTS = 0;
}
$n = count($optional_params);
for ($i = 0; $i < $n; $i++) {
$p[$optional_params[$i]] = stripslashes($GLOBALS[$optional_params[$i]]);
}
unset($p['force_status']);
$data = array();
if (isset($_POST['SOLUTION_OUTPUT'])) {
$data['outputs'] = stripslashes($_POST['SOLUTION_OUTPUT']);
}
if (isset($_POST['CHECKER_OUTPUT'])) {
$data['checker_outputs'] = stripslashes($_POST['CHECKER_OUTPUT']);
}
if (count($data) > 0) {
$path = '/tester/testing/';
$XPFS->CreateDirWithParents($path);
$XPFS->removeItem($path . '/' . $id);
$XPFS->createFile($path, $id, 0, db_pack($data));
}
db_update('tester_solutions', array('status' => 2, 'points' => $POINTS, 'errors' => db_string($ERRORS), 'parameters' => db_string(serialize($p))), "`id`={$id} AND `lid`={$lid}");
}
function WT_PutProblem()
{
global $id, $lid, $err, $desc;
if (!WT_IPC_CheckLogin()) {
return;
}
if ($id == '') {
print 'Void filename for WT_PutProblem()';
return;
}
if ($lid == '') {
print 'Void library identifier for WT_PutProblem()';
return;
}
$data = db_row_value('tester_problems', "(`id`={$id}) AND (`lid`={$lid})");
$s = unserialize($data['settings']);
$s['ERR'] = $err;
$s['DESC'] = $desc;
unset($s['filename']);
db_update('tester_problems', array('uploaded' => $err != 'OK' ? 1 : 2, 'settings' => db_string(serialize($s))), "(`id`={$id}) AND (`lid`={$lid})");
}
function reset_image($UserID, $Type, $AdminComment, $PrivMessage)
{
if ($Type === 'avatar') {
$CacheKey = "user_info_{$UserID}";
$DBTable = 'users_info';
$DBColumn = 'Avatar';
$PMSubject = 'Your avatar has been automatically reset';
} elseif ($Type === 'avatar2') {
$CacheKey = "donor_info_{$UserID}";
$DBTable = 'donor_rewards';
$DBColumn = 'SecondAvatar';
$PMSubject = 'Your second avatar has been automatically reset';
} elseif ($Type === 'donoricon') {
$CacheKey = "donor_info_{$UserID}";
$DBTable = 'donor_rewards';
$DBColumn = 'CustomIcon';
$PMSubject = 'Your donor icon has been automatically reset';
}
$UserInfo = G::$Cache->get_value($CacheKey, true);
if ($UserInfo !== false) {
if ($UserInfo[$DBColumn] === '') {
// This image has already been reset
return;
}
$UserInfo[$DBColumn] = '';
G::$Cache->cache_value($CacheKey, $UserInfo, 2592000);
// cache for 30 days
}
// reset the avatar or donor icon URL
G::$DB->query("\n\t\tUPDATE {$DBTable}\n\t\tSET {$DBColumn} = ''\n\t\tWHERE UserID = '{$UserID}'");
// write comment to staff notes
G::$DB->query("\n\t\tUPDATE users_info\n\t\tSET AdminComment = CONCAT('" . sqltime() . ' - ' . db_string($AdminComment) . "\n\n', AdminComment)\n\t\tWHERE UserID = '{$UserID}'");
// clear cache keys
G::$Cache->delete_value($CacheKey);
Misc::send_pm($UserID, 0, $PMSubject, $PrivMessage);
}
/**
* Get a user's existing bitcoin address or generate a new one
*
* @param int $UserID
* @param bool $GenAddress whether to create a new address if it doesn't exist
* @return false if no address exists and $GenAddress is false
* string bitcoin address otherwise
*/
public static function get_address($UserID, $GenAddress = false)
{
$UserID = (int) $UserID;
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\tSELECT BitcoinAddress\n\t\t\tFROM users_info\n\t\t\tWHERE UserID = '{$UserID}'");
list($Addr) = G::$DB->next_record();
G::$DB->set_query_id($QueryID);
if (!empty($Addr)) {
return $Addr;
} elseif ($GenAddress) {
if (defined('BITCOIN_RPC_URL')) {
$NewAddr = BitcoinRpc::getnewaddress();
}
if (empty($NewAddr)) {
error(0);
}
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\t\tUPDATE users_info\n\t\t\t\tSET BitcoinAddress = '" . db_string($NewAddr) . "'\n\t\t\t\tWHERE UserID = '{$UserID}'\n\t\t\t\t\tAND BitcoinAddress IS NULL");
G::$DB->set_query_id($QueryID);
return $NewAddr;
} else {
return false;
}
}
function log_attempt($UserID)
{
global $DB, $Cache, $AttemptID, $Attempts, $Bans, $BannedUntil;
$IPStr = $_SERVER['REMOTE_ADDR'];
$IPA = substr($IPStr, 0, strcspn($IPStr, '.'));
$IP = Tools::ip_to_unsigned($IPStr);
if ($AttemptID) {
// User has attempted to log in recently
$Attempts++;
if ($Attempts > 5) {
// Only 6 allowed login attempts, ban user's IP
$BannedUntil = time_plus(60 * 60 * 6);
$DB->query("\n\t\t\t\t\tUPDATE login_attempts\n\t\t\t\t\tSET\n\t\t\t\t\t\tLastAttempt = '" . sqltime() . "',\n\t\t\t\t\t\tAttempts = '" . db_string($Attempts) . "',\n\t\t\t\t\t\tBannedUntil = '" . db_string($BannedUntil) . "',\n\t\t\t\t\t\tBans = Bans + 1\n\t\t\t\t\tWHERE ID = '" . db_string($AttemptID) . "'");
if ($Bans > 9) {
// Automated bruteforce prevention
$DB->query("\n\t\t\t\t\t\tSELECT Reason\n\t\t\t\t\t\tFROM ip_bans\n\t\t\t\t\t\tWHERE {$IP} BETWEEN FromIP AND ToIP");
if ($DB->has_results()) {
//Ban exists already, only add new entry if not for same reason
list($Reason) = $DB->next_record(MYSQLI_BOTH, false);
if ($Reason != 'Automated ban per >60 failed login attempts') {
$DB->query("\n\t\t\t\t\t\t\t\tUPDATE ip_bans\n\t\t\t\t\t\t\t\tSET Reason = CONCAT('Automated ban per >60 failed login attempts AND ', Reason)\n\t\t\t\t\t\t\t\tWHERE FromIP = {$IP}\n\t\t\t\t\t\t\t\t\tAND ToIP = {$IP}");
}
} else {
//No ban
$DB->query("\n\t\t\t\t\t\t\tINSERT IGNORE INTO ip_bans\n\t\t\t\t\t\t\t\t(FromIP, ToIP, Reason)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t('{$IP}','{$IP}', 'Automated ban per >60 failed login attempts')");
$Cache->delete_value("ip_bans_{$IPA}");
}
}
} else {
// User has attempted fewer than 6 logins
$DB->query("\n\t\t\t\t\tUPDATE login_attempts\n\t\t\t\t\tSET\n\t\t\t\t\t\tLastAttempt = '" . sqltime() . "',\n\t\t\t\t\t\tAttempts = '" . db_string($Attempts) . "',\n\t\t\t\t\t\tBannedUntil = '0000-00-00 00:00:00'\n\t\t\t\t\tWHERE ID = '" . db_string($AttemptID) . "'");
}
} else {
// User has not attempted to log in recently
$Attempts = 1;
$DB->query("\n\t\t\t\tINSERT INTO login_attempts\n\t\t\t\t\t(UserID, IP, LastAttempt, Attempts)\n\t\t\t\tVALUES\n\t\t\t\t\t('" . db_string($UserID) . "', '" . db_string($IPStr) . "', '" . sqltime() . "', 1)");
}
}
include(SERVER_ROOT.'/classes/class_templates.php');
$TPL=NEW TEMPLATE;
$TPL->open(SERVER_ROOT.'/templates/new_registration.tpl');
$TPL->set('Username',$_REQUEST['username']);
$TPL->set('TorrentKey',$torrent_pass);
$TPL->set('SITE_NAME',SITE_NAME);
$TPL->set('SITE_URL',SITE_URL);
send_email($_REQUEST['email'],'New account confirmation at '.SITE_NAME,$TPL->get(),'noreply');
$Sent=1;
}
} elseif($_GET['invite']) {
// If they haven't submitted the form, check to see if their invite is good
$DB->query("SELECT InviteKey FROM invites WHERE InviteKey='".db_string($_GET['invite'])."'");
if($DB->record_count() == 0){
error('Invite not found!');
}
}
include('step1.php');
} elseif(!OPEN_REGISTRATION) {
if (isset($_GET['welcome'])) {
include('code.php');
} else {
include('closed.php');
}
}
?>
authorize();
include SERVER_ROOT . '/classes/validate.class.php';
$Val = new VALIDATE();
$P = array();
$P = db_array($_POST);
if ($P['category'] > 0 || check_perms('site_collages_renamepersonal')) {
$Val->SetFields('name', '1', 'string', 'The name must be between 3 and 100 characters', array('maxlength' => 100, 'minlength' => 3));
} else {
// Get a collage name and make sure it's unique
$name = $LoggedUser['Username'] . "'s personal collage";
$P['name'] = db_string($name);
$DB->query("\n\t\tSELECT ID\n\t\tFROM collages\n\t\tWHERE Name = '" . $P['name'] . "'");
$i = 2;
while ($DB->has_results()) {
$P['name'] = db_string("{$name} no. {$i}");
$DB->query("\n\t\t\tSELECT ID\n\t\t\tFROM collages\n\t\t\tWHERE Name = '" . $P['name'] . "'");
$i++;
}
}
$Val->SetFields('description', '1', 'string', 'The description must be between 10 and 65535 characters', array('maxlength' => 65535, 'minlength' => 10));
$Err = $Val->ValidateForm($_POST);
if (!$Err && $P['category'] === '0') {
$DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM collages\n\t\tWHERE UserID = '{$LoggedUser['ID']}'\n\t\t\tAND CategoryID = '0'\n\t\t\tAND Deleted = '0'");
list($CollageCount) = $DB->next_record();
if ($CollageCount >= $LoggedUser['Permissions']['MaxCollages'] || !check_perms('site_collages_personal')) {
$Err = 'You may not create a personal collage.';
} elseif (check_perms('site_collages_renamepersonal') && !stristr($P['name'], $LoggedUser['Username'])) {
$Err = 'Your personal collage\'s title must include your username.';
}
}
enforce_login();
// Get user level
$DB->query('
SELECT
i.SupportFor,
p.DisplayStaff
FROM users_info AS i
JOIN users_main AS m ON m.ID = i.UserID
JOIN permissions AS p ON p.ID = m.PermissionID
WHERE i.UserID = ' . $LoggedUser['ID']);
list($SupportFor, $DisplayStaff) = $DB->next_record();
if (!($SupportFor != '' || $DisplayStaff == '1')) {
// Logged in user is not FLS or Staff
error(403);
}
if (($Message = db_string($_POST['message'])) && ($Name = db_string($_POST['name']))) {
$ID = (int) $_POST['id'];
if (is_numeric($ID)) {
if ($ID == 0) {
// Create new response
$DB->query("\n\t\t\t\tINSERT INTO staff_pm_responses (Message, Name)\n\t\t\t\tVALUES ('{$Message}', '{$Name}')");
echo '1';
} else {
$DB->query("\n\t\t\t\tSELECT *\n\t\t\t\tFROM staff_pm_responses\n\t\t\t\tWHERE ID = {$ID}");
if ($DB->has_results()) {
// Edit response
$DB->query("\n\t\t\t\t\tUPDATE staff_pm_responses\n\t\t\t\t\tSET Message = '{$Message}', Name = '{$Name}'\n\t\t\t\t\tWHERE ID = {$ID}");
echo '2';
} else {
// Create new response
$DB->query("\n\t\t\t\t\tINSERT INTO staff_pm_responses (Message, Name)\n\t\t\t\t\tVALUES ('{$Message}', '{$Name}')");
}
$UserID = $LoggedUser['ID'];
$GroupID = db_string($_POST['groupid']);
$Summaries = $_POST['summary'];
$Images = $_POST['image'];
$Time = sqltime();
if (!is_number($GroupID) || !$GroupID) {
error(0);
}
if (count($Images) != count($Summaries)) {
error('Missing an image or a summary');
}
$Changed = false;
for ($i = 0; $i < count($Images); $i++) {
$Image = $Images[$i];
$Summary = $Summaries[$i];
if (ImageTools::blacklisted($Image, true) || !preg_match("/^" . IMAGE_REGEX . "\$/i", $Image)) {
continue;
}
// sanitize inputs
$Image = db_string($Image);
$Summary = db_string($Summary);
$DB->query("\n\t\tINSERT IGNORE INTO cover_art\n\t\t\t(GroupID, Image, Summary, UserID, Time)\n\t\tVALUES\n\t\t\t('{$GroupID}', '{$Image}', '{$Summary}', '{$UserID}', '{$Time}')");
if ($DB->affected_rows()) {
$Changed = true;
}
}
if ($Changed) {
$Cache->delete_value("torrents_cover_art_{$GroupID}");
}
header('Location: ' . $_SERVER['HTTP_REFERER']);
/**********************************************************************
*>>>>>>>>>>>>>>>>>>>>>>>>>>> User search <<<<<<<<<<<<<<<<<<<<<<<<<<<<*
**********************************************************************/
if (!empty($_GET['search'])) {
$_GET['username'] = $_GET['search'];
}
define('USERS_PER_PAGE', 30);
if (isset($_GET['username'])) {
$_GET['username'] = trim($_GET['username']);
// form submitted
$Val->SetFields('username', '1', 'username', 'Please enter a username.');
$Err = $Val->ValidateForm($_GET);
if (!$Err) {
// Passed validation. Let's rock.
list($Page, $Limit) = page_limit(USERS_PER_PAGE);
$DB->query("SELECT SQL_CALC_FOUND_ROWS\n\t\t\tID,\n\t\t\tUsername,\n\t\t\tEnabled,\n\t\t\tPermissionID,\n\t\t\tDonor,\n\t\t\tWarned\n\t\t\tFROM users_main AS um\n\t\t\tJOIN users_info AS ui ON ui.UserID=um.ID\n\t\t\tWHERE Username LIKE '%" . db_string($_GET['username']) . "%'\n\t\t\tORDER BY Username\n\t\t\tLIMIT {$Limit}");
$Results = $DB->to_array();
$DB->query('SELECT FOUND_ROWS();');
list($NumResults) = $DB->next_record();
}
}
show_header('User search');
?>
<div class="thin">
<h3>Search results</h3>
<div class="linkbox">
<?php
$Pages = get_pages($Page, $NumResults, USERS_PER_PAGE, 9);
echo $Pages;
?>
</div>
<?php
// perform the back end of updating a report comment
authorize();
if (!check_perms('admin_reports')) {
error(403);
}
if (empty($_POST['reportid']) || !is_number($_POST['reportid'])) {
echo 'HAX ATTEMPT!' . $_GET['reportid'];
die;
}
$ReportID = $_POST['reportid'];
$Message = db_string($_POST['comment']);
//Message can be blank!
$DB->query("\n\tSELECT ModComment\n\tFROM reportsv2\n\tWHERE ID = {$ReportID}");
list($ModComment) = $DB->next_record();
if (isset($ModComment)) {
$DB->query("\n\t\tUPDATE reportsv2\n\t\tSET ModComment = '{$Message}'\n\t\tWHERE ID = {$ReportID}");
}
$Defaults = unserialize($Defaults);
$Delta=array();
if (isset($_POST['action'])) {
foreach ($PermissionsArray as $Perm => $Explaination) {
$Setting = (isset($_POST['perm_'.$Perm]))?1:0;
$Default = (isset($Defaults[$Perm]))?1:0;
if ($Setting != $Default) {
$Delta[$Perm] = $Setting;
}
}
$Cache->begin_transaction('user_info_heavy_'.$UserID);
$Cache->update_row(false, array('CustomPermissions' => $Delta));
$Cache->commit_transaction(0);
$DB->query("UPDATE users_main SET CustomPermissions='".db_string(serialize($Delta))."' WHERE ID='$UserID'");
} elseif (!empty($Customs)) {
$Delta = unserialize($Customs);
}
$Permissions = array_merge($Defaults,$Delta);
function display_perm($Key,$Title) {
global $Defaults, $Permissions;
$Perm='<input id="default_'.$Key.'" type="checkbox" disabled';
if (isset($Defaults[$Key]) && $Defaults[$Key]) { $Perm.=' checked'; }
$Perm.=' /><input type="checkbox" name="perm_'.$Key.'" id="'.$Key.'" value="1"';
if (isset($Permissions[$Key]) && $Permissions[$Key]) { $Perm.=' checked'; }
$Perm.=' /> <label for="'.$Key.'">'.$Title.'</label><br />';
echo $Perm;
}
Please visit us soon so we can help you resolve this matter.', 'noreply');
}
if ($MergeStatsFrom && check_perms('users_edit_ratio')) {
$DB->query("\n\t\tSELECT ID, Uploaded, Downloaded\n\t\tFROM users_main\n\t\tWHERE Username LIKE '{$MergeStatsFrom}'");
if ($DB->has_results()) {
list($MergeID, $MergeUploaded, $MergeDownloaded) = $DB->next_record();
$DB->query("\n\t\t\tUPDATE users_main AS um\n\t\t\t\tJOIN users_info AS ui ON um.ID = ui.UserID\n\t\t\tSET\n\t\t\t\tum.Uploaded = 0,\n\t\t\t\tum.Downloaded = 0,\n\t\t\t\tui.AdminComment = CONCAT('" . sqltime() . ' - Stats (Uploaded: ' . Format::get_size($MergeUploaded) . ', Downloaded: ' . Format::get_size($MergeDownloaded) . ', Ratio: ' . Format::get_ratio($MergeUploaded, $MergeDownloaded) . ') merged into ' . site_url() . "user.php?id={$UserID} (" . $Cur['Username'] . ') by ' . $LoggedUser['Username'] . "\n\n', ui.AdminComment)\n\t\t\tWHERE ID = {$MergeID}");
$UpdateSet[] = "Uploaded = Uploaded + '{$MergeUploaded}'";
$UpdateSet[] = "Downloaded = Downloaded + '{$MergeDownloaded}'";
$EditSummary[] = 'stats merged from ' . site_url() . "user.php?id={$MergeID} ({$MergeStatsFrom}) (previous stats: Uploaded: " . Format::get_size($Cur['Uploaded']) . ', Downloaded: ' . Format::get_size($Cur['Downloaded']) . ', Ratio: ' . Format::get_ratio($Cur['Uploaded'], $Cur['Downloaded']) . ')';
$Cache->delete_value("user_stats_{$UserID}");
$Cache->delete_value("user_stats_{$MergeID}");
}
}
if ($Pass && check_perms('users_edit_password')) {
$UpdateSet[] = "PassHash = '" . db_string(Users::make_crypt_hash($Pass)) . "'";
$EditSummary[] = 'password reset';
$Cache->delete_value("user_info_{$UserID}");
$Cache->delete_value("user_info_heavy_{$UserID}");
$Cache->delete_value("user_stats_{$UserID}");
$Cache->delete_value("enabled_{$UserID}");
$DB->query("\n\t\tSELECT SessionID\n\t\tFROM users_sessions\n\t\tWHERE UserID = '{$UserID}'");
while (list($SessionID) = $DB->next_record()) {
$Cache->delete_value("session_{$UserID}_{$SessionID}");
}
$Cache->delete_value("users_sessions_{$UserID}");
$DB->query("\n\t\tDELETE FROM users_sessions\n\t\tWHERE UserID = '{$UserID}'");
}
if (empty($UpdateSet) && empty($EditSummary)) {
if (!$Reason) {
if (str_replace("\r", '', $Cur['AdminComment']) != str_replace("\r", '', $AdminComment) && check_perms('users_disable_any')) {
$DB->query("UPDATE torrents SET PointBonus='" . $Bonus . "' WHERE GroupID = " . db_string($GroupID));
if ($Length) {
$f = mktime() + $Length * 60 * 60;
$m = date('i', mktime());
if ($m == 0 || $m > 45) {
$Expires = gmdate('Y-m-d H:00:00', $f);
} elseif ($m <= 15) {
$Expires = gmdate('Y-m-d H:15:00', $f);
} elseif ($m <= 30) {
$Expires = gmdate('Y-m-d H:30:00', $f);
} elseif ($m <= 45) {
$Expires = gmdate('Y-m-d H:45:00', $f);
}
$DB->query("UPDATE torrents_recommended SET Expires='" . $Expires . "' WHERE GroupID = " . db_string($GroupID));
}
$DB->query("UPDATE torrents_recommended SET Active='1', DisplayHomePage='1' WHERE GroupID = " . db_string($GroupID));
$Cache->delete_value('detail_' . $GroupID . '_');
$Cache->delete_value('collage_' . $Staffcollectionid);
$Cache->delete_value('recommend');
$Cache->delete_value('recommend_artists');
$Cache->cache_value('recommended_' . $GroupID, $Expires, 0);
}
// Remove old staff picks from freeleech
$t = gmdate('Y-m-d H:i:s', time());
$DB->query("SELECT tr.GroupID\nFROM torrents_recommended AS tr\nWHERE tr.Expires < '{$t}' AND tr.Active='1'");
while (list($GroupID, $UserID) = $DB->next_record()) {
$DB->query("DELETE FROM torrents_recommended WHERE GroupID='{$GroupID}'");
$Cache->delete_value('detail_' . $GroupID . '_');
// Wtf is this z?
$Cache->delete_value('recommended_' . $GroupID);
$Cache->delete_value('torrent_group_' . $GroupID);
<?
if(!check_perms('torrents_edit')) { error(403); }
$GroupID = $_POST['groupid'];
$OldGroupID = $GroupID;
$NewGroupID = db_string($_POST['targetgroupid']);
if(!$GroupID || !is_number($GroupID)) { error(404); }
if(!$NewGroupID || !is_number($NewGroupID)) { error(404); }
if($NewGroupID == $GroupID) {
error('Old group ID is the same as new group ID!');
}
$DB->query("SELECT ID FROM torrents_group WHERE ID='$NewGroupID'");
if($DB->record_count()==0) {
error('Target group does not exist.');
}
//Everything is legit, let's just confim they're not retarded
if(empty($_POST['confirm'])) {
$DB->query("SELECT Name FROM torrents_group WHERE ID = ".$GroupID);
list($Name) = $DB->next_record();
$DB->query("SELECT Name FROM torrents_group WHERE ID = ".$NewGroupID);
list($NewName) = $DB->next_record();
$Artists = get_artists(array($GroupID, $NewGroupID));
show_header();
?>
<div class="center thin">
<h2>Merge Confirm!</h2>
<div class="box pad">
$Title = db_string($_POST['title']);
$Body = db_string($_POST['body']);
$ThreadID = $_POST['thread'];
if ($ThreadID && is_number($ThreadID)) {
$DB->query("\n\t\t\t\t\t\tSELECT ForumID\n\t\t\t\t\t\tFROM forums_topics\n\t\t\t\t\t\tWHERE ID = {$ThreadID}");
if (!$DB->has_results()) {
error('No such thread exists!');
header('Location: blog.php');
}
} else {
$ThreadID = Misc::create_thread(ANNOUNCEMENT_FORUM_ID, $LoggedUser[ID], $Title, $Body);
if ($ThreadID < 1) {
error(0);
}
}
$DB->query("\n\t\t\t\t\tINSERT INTO blog\n\t\t\t\t\t\t(UserID, Title, Body, Time, ThreadID, Important)\n\t\t\t\t\tVALUES\n\t\t\t\t\t\t('" . $LoggedUser['ID'] . "',\n\t\t\t\t\t\t'" . db_string($_POST['title']) . "',\n\t\t\t\t\t\t'" . db_string($_POST['body']) . "',\n\t\t\t\t\t\t'" . sqltime() . "',\n\t\t\t\t\t\t{$ThreadID},\n\t\t\t\t\t\t'" . ($_POST['important'] == '1' ? '1' : '0') . "')");
$Cache->delete_value('blog');
if ($_POST['important'] == '1') {
$Cache->delete_value('blog_latest_id');
}
if (isset($_POST['subscribe'])) {
$DB->query("\n\t\t\t\t\t\tINSERT IGNORE INTO users_subscriptions\n\t\t\t\t\t\tVALUES ('{$LoggedUser['ID']}', {$ThreadID})");
$Cache->delete_value('subscriptions_user_' . $LoggedUser['ID']);
}
NotificationsManager::send_push(NotificationsManager::get_push_enabled_users(), $_POST['title'], $_POST['body'], site_url() . 'index.php', NotificationsManager::BLOG);
header('Location: blog.php');
break;
}
}
?>
<div class="box thin">
function torrentid_to_groupid($TorrentID)
{
global $Cache, $DB;
$DB->query("\n\t\tSELECT GroupID\n\t\tFROM torrents\n\t\tWHERE ID = '" . db_string($TorrentID) . "'");
$GroupID = (int) array_pop($DB->next_record(MYSQLI_ASSOC));
if ($GroupID) {
return $GroupID;
}
return null;
}
}
if (!$TorrentID || !is_number($TorrentID)) {
error(404);
}
}
//Torrent exists, check it's applicable
$DB->query("\n\tSELECT\n\t\tt.UserID,\n\t\tt.Time,\n\t\ttg.ReleaseType,\n\t\tt.Encoding,\n\t\tt.Format,\n\t\tt.Media,\n\t\tt.HasLog,\n\t\tt.HasCue,\n\t\tt.LogScore,\n\t\ttg.CategoryID,\n\t\tIF(t.Remastered = '1', t.RemasterCatalogueNumber, tg.CatalogueNumber)\n\tFROM torrents AS t\n\t\tLEFT JOIN torrents_group AS tg ON t.GroupID = tg.ID\n\tWHERE t.ID = {$TorrentID}\n\tLIMIT 1");
if (!$DB->has_results()) {
error(404);
}
list($UploaderID, $UploadTime, $TorrentReleaseType, $Bitrate, $Format, $Media, $HasLog, $HasCue, $LogScore, $TorrentCategoryID, $TorrentCatalogueNumber) = $DB->next_record();
$FillerID = $LoggedUser['ID'];
$FillerUsername = $LoggedUser['Username'];
if (!empty($_POST['user']) && check_perms('site_moderate_requests')) {
$FillerUsername = $_POST['user'];
$DB->query("\n\t\tSELECT ID\n\t\tFROM users_main\n\t\tWHERE Username LIKE '" . db_string($FillerUsername) . "'");
if (!$DB->has_results()) {
$Err = 'No such user to fill for!';
} else {
list($FillerID) = $DB->next_record();
}
}
if (time_ago($UploadTime) < 3600 && $UploaderID !== $FillerID && !check_perms('site_moderate_requests')) {
$Err = 'There is a one hour grace period for new uploads to allow the torrent\'s uploader to fill the request.';
}
$DB->query("\n\tSELECT\n\t\tTitle,\n\t\tUserID,\n\t\tTorrentID,\n\t\tCategoryID,\n\t\tReleaseType,\n\t\tCatalogueNumber,\n\t\tBitrateList,\n\t\tFormatList,\n\t\tMediaList,\n\t\tLogCue\n\tFROM requests\n\tWHERE ID = {$RequestID}");
list($Title, $RequesterID, $OldTorrentID, $RequestCategoryID, $RequestReleaseType, $RequestCatalogueNumber, $BitrateList, $FormatList, $MediaList, $LogCue) = $DB->next_record();
if (!empty($OldTorrentID)) {
$Err = 'This request has already been filled.';
}
if ($RequestCategoryID !== '0' && $TorrentCategoryID !== $RequestCategoryID) {
/**
* Regenerate a torrent's file list from its meta data,
* update the database record and clear relevant cache keys
*
* @param int $TorrentID
*/
public static function regenerate_filelist($TorrentID)
{
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\tSELECT tg.ID,\n\t\t\t\ttf.File\n\t\t\tFROM torrents_files AS tf\n\t\t\t\tJOIN torrents AS t ON t.ID = tf.TorrentID\n\t\t\t\tJOIN torrents_group AS tg ON tg.ID = t.GroupID\n\t\t\tWHERE tf.TorrentID = {$TorrentID}");
if (G::$DB->has_results()) {
list($GroupID, $Contents) = G::$DB->next_record(MYSQLI_NUM, false);
if (Misc::is_new_torrent($Contents)) {
$Tor = new BencodeTorrent($Contents);
$FilePath = isset($Tor->Dec['info']['files']) ? Format::make_utf8($Tor->get_name()) : '';
} else {
$Tor = new TORRENT(unserialize(base64_decode($Contents)), true);
$FilePath = isset($Tor->Val['info']->Val['files']) ? Format::make_utf8($Tor->get_name()) : '';
}
list($TotalSize, $FileList) = $Tor->file_list();
foreach ($FileList as $File) {
$TmpFileList[] = self::filelist_format_file($File);
}
$FileString = implode("\n", $TmpFileList);
G::$DB->query("\n\t\t\t\tUPDATE torrents\n\t\t\t\tSET Size = {$TotalSize}, FilePath = '" . db_string($FilePath) . "', FileList = '" . db_string($FileString) . "'\n\t\t\t\tWHERE ID = {$TorrentID}");
G::$Cache->delete_value("torrents_details_{$GroupID}");
}
G::$DB->set_query_id($QueryID);
}
