}
$UserID = $LoggedUser['ID'];
$GroupID = db_string($_POST['groupid']);
$Summaries = $_POST['summary'];
$Images = $_POST['image'];
$Time = sqltime();
if (!is_number($GroupID) || !$GroupID) {
error(0);
}
if (count($Images) != count($Summaries)) {
error('Missing an image or a summary');
}
$Changed = false;
for ($i = 0; $i < count($Images); $i++) {
$Image = $Images[$i];
$Summary = $Summaries[$i];
if (ImageTools::blacklisted($Image, true) || !preg_match("/^" . IMAGE_REGEX . "\$/i", $Image)) {
continue;
}
// sanitize inputs
$Image = db_string($Image);
$Summary = db_string($Summary);
$DB->query("\n\t\tINSERT IGNORE INTO cover_art\n\t\t\t(GroupID, Image, Summary, UserID, Time)\n\t\tVALUES\n\t\t\t('{$GroupID}', '{$Image}', '{$Summary}', '{$UserID}', '{$Time}')");
if ($DB->affected_rows()) {
$Changed = true;
}
}
if ($Changed) {
$Cache->delete_value("torrents_cover_art_{$GroupID}");
}
header('Location: ' . $_SERVER['HTTP_REFERER']);
if (check_perms('artist_edit_vanityhouse')) {
$VanityHouse = isset($_POST['vanity_house']) ? 1 : 0;
}
if ($_GET['action'] === 'revert') {
// if we're reverting to a previous revision
authorize();
$RevisionID = $_GET['revisionid'];
if (!is_number($RevisionID)) {
error(0);
}
} else {
// with edit, the variables are passed with POST
$Body = db_string($_POST['body']);
$Summary = db_string($_POST['summary']);
$Image = db_string($_POST['image']);
ImageTools::blacklisted($Image);
// Trickery
if (!preg_match("/^" . IMAGE_REGEX . "\$/i", $Image)) {
$Image = '';
}
}
// Insert revision
if (!$RevisionID) {
// edit
$DB->query("\n\t\tINSERT INTO wiki_artists\n\t\t\t(PageID, Body, Image, UserID, Summary, Time)\n\t\tVALUES\n\t\t\t('{$ArtistID}', '{$Body}', '{$Image}', '{$UserID}', '{$Summary}', '" . sqltime() . "')");
} else {
// revert
$DB->query("\n\t\tINSERT INTO wiki_artists (PageID, Body, Image, UserID, Summary, Time)\n\t\tSELECT '{$ArtistID}', Body, Image, '{$UserID}', 'Reverted to revision {$RevisionID}', '" . sqltime() . "'\n\t\tFROM wiki_artists\n\t\tWHERE RevisionID = '{$RevisionID}'");
}
$RevisionID = $DB->inserted_id();
// Update artists table (technically, we don't need the RevisionID column, but we can use it for a join which is nice and fast)
// Validate the form
if ($Properties['Remastered'] && !$Properties['RemasterYear']) {
//Unknown Edit!
if ($LoggedUser['ID'] == $UserID || check_perms('edit_unknowns')) {
//Fine!
} else {
$Err = "You may not edit someone else's upload to unknown release.";
}
}
// Strip out Amazon's padding
$AmazonReg = '/(http:\\/\\/ecx.images-amazon.com\\/images\\/.+)(\\._.*_\\.jpg)/i';
$Matches = array();
if (preg_match($RegX, $Properties['Image'], $Matches)) {
$Properties['Image'] = $Matches[1] . '.jpg';
}
ImageTools::blacklisted($Properties['Image']);
if ($Err) {
// Show the upload form, with the data the user entered
if (check_perms('site_debug')) {
die($Err);
}
error($Err);
}
//******************************************************************************//
//--------------- Make variables ready for database input ----------------------//
// Shorten and escape $Properties for database input
$T = array();
foreach ($Properties as $Key => $Value) {
$T[$Key] = "'" . db_string(trim($Value)) . "'";
if (!$T[$Key]) {
$T[$Key] = null;
$Err = 'You forgot to enter any bounty!';
} else {
$Bounty = trim($_POST['amount']);
if (!is_number($Bounty)) {
$Err = 'Your entered bounty is not a number';
} elseif ($Bounty < 100 * 1024 * 1024) {
$Err = 'Minimum bounty is 100 MB.';
}
$Bytes = $Bounty;
//From MB to B
}
}
if (empty($_POST['image'])) {
$Image = '';
} else {
ImageTools::blacklisted($_POST['image']);
if (preg_match('/' . IMAGE_REGEX . '/', trim($_POST['image'])) > 0) {
$Image = trim($_POST['image']);
} else {
$Err = display_str($_POST['image']) . ' does not appear to be a valid link to an image.';
}
}
if (empty($_POST['description'])) {
$Err = 'You forgot to enter a description.';
} else {
$Description = trim($_POST['description']);
}
if ($CategoryName === 'Music') {
if (empty($_POST['artists'])) {
$Err = 'You did not enter any artists.';
} else {
