public function login($id = null)
{
$user = $this->user;
$this->data['user']['name'] = $user->data()->user;
Config::set('html.title', 'Авторизация');
Config::set('html.description.val', 'На этой странице можно залогиниться');
//$user = new User();
$salt = uniqid();
if (!Session::exists(Config::get('session.token_name'))) {
Token::generate();
}
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$validate = new VALIDATE();
$validation = $validate->check($_POST, array('user' => array('required' => true), 'password' => array('required' => true)));
if ($validate->passed()) {
$remember = Input::get('remember') === 'on' ? true : false;
$login = $user->login(Input::get('user'), Input::get('password'), null);
if ($login) {
Redirect::to('/');
} else {
echo '<p>Sorry, logging in failed</p>';
}
} else {
foreach ($validation->errors() as $error) {
//echo $error, '<br/>';
$this->data['validate_errors'][] = $error;
}
}
}
}
//$this->data['id']=$id;
//$this->data['name']=Input::get('name');
$this->view('user/login');
}
Add the JavaScript validation into the display page using the class
//-----------------------------------*/
// Allow users to reset their password while logged in
if (!empty($LoggedUser['ID']) && $_REQUEST['act'] != 'recover') {
header('Location: index.php');
die;
}
if (BLOCK_OPERA_MINI && isset($_SERVER['HTTP_X_OPERAMINI_PHONE'])) {
error('Opera Mini is banned. Please use another browser.');
}
// Check if IP is banned
if (Tools::site_ban_ip($_SERVER['REMOTE_ADDR'])) {
error('Your IP address has been banned.');
}
require SERVER_ROOT . '/classes/validate.class.php';
$Validate = new VALIDATE();
if (array_key_exists('action', $_GET) && $_GET['action'] == 'disabled') {
require 'disabled.php';
die;
}
if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') {
// Recover password
if (!empty($_REQUEST['key'])) {
// User has entered a new password, use step 2
$DB->query("\n\t\t\tSELECT\n\t\t\t\tm.ID,\n\t\t\t\tm.Email,\n\t\t\t\tm.ipcc,\n\t\t\t\ti.ResetExpires\n\t\t\tFROM users_main as m\n\t\t\t\tINNER JOIN users_info AS i ON i.UserID = m.ID\n\t\t\tWHERE i.ResetKey = '" . db_string($_REQUEST['key']) . "'\n\t\t\t\tAND i.ResetKey != ''\n\t\t\t\tAND m.Enabled = '1'");
list($UserID, $Email, $Country, $Expires) = $DB->next_record();
if ($UserID && strtotime($Expires) > time()) {
// If the user has requested a password change, and his key has not expired
$Validate->SetFields('password', '1', 'regex', 'You entered an invalid password. A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/'));
$Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password'));
if (!empty($_REQUEST['password'])) {
<?
include(SERVER_ROOT.'/classes/class_validate.php');
$Val=NEW VALIDATE;
if(!empty($_REQUEST['confirm'])) {
// Confirm registration
$DB->query("SELECT ID FROM users_main WHERE torrent_pass='******'confirm'])."' AND Enabled='0'");
list($UserID)=$DB->next_record();
if($UserID) {
$DB->query("UPDATE users_main SET Enabled='1' WHERE ID='$UserID'");
$Cache->increment('stats_user_count');
include('step2.php');
}
} elseif(OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {
$Val->SetFields('username',true,'regex','You did not enter a valid username.',array('regex'=>'/^[a-z0-9_?]{1,20}$/iD'));
$Val->SetFields('email',true,'email','You did not enter a valid email address.');
$Val->SetFields('password',true,'string','You did not enter a valid password (6 - 40 characters).',array('minlength'=>6,'maxlength'=>40));
$Val->SetFields('confirm_password',true,'compare','Your passwords do not match.',array('comparefield'=>'password'));
$Val->SetFields('readrules',true,'checkbox','You did not check the box that says you will read the rules.');
$Val->SetFields('readwiki',true,'checkbox','You did not check the box that says you will read the wiki.');
$Val->SetFields('agereq',true,'checkbox','You did not check the box that says you are 13 or older.');
//$Val->SetFields('captcha',true,'string','You did not enter a captcha code.',array('minlength'=>6,'maxlength'=>6));
if(!empty($_REQUEST['submit'])) {
// User has submitted registration form
$Err=$Val->ValidateForm($_REQUEST);
/*
if(!$Err && strtolower($_SESSION['captcha'])!=strtolower($_REQUEST['captcha'])) {
$Err="You did not enter the correct captcha code.";
<?php
authorize();
include SERVER_ROOT . '/classes/validate.class.php';
$Val = new VALIDATE();
$P = array();
$P = db_array($_POST);
if ($P['category'] > 0 || check_perms('site_collages_renamepersonal')) {
$Val->SetFields('name', '1', 'string', 'The name must be between 3 and 100 characters', array('maxlength' => 100, 'minlength' => 3));
} else {
// Get a collage name and make sure it's unique
$name = $LoggedUser['Username'] . "'s personal collage";
$P['name'] = db_string($name);
$DB->query("\n\t\tSELECT ID\n\t\tFROM collages\n\t\tWHERE Name = '" . $P['name'] . "'");
$i = 2;
while ($DB->has_results()) {
$P['name'] = db_string("{$name} no. {$i}");
$DB->query("\n\t\t\tSELECT ID\n\t\t\tFROM collages\n\t\t\tWHERE Name = '" . $P['name'] . "'");
$i++;
}
}
$Val->SetFields('description', '1', 'string', 'The description must be between 10 and 65535 characters', array('maxlength' => 65535, 'minlength' => 10));
$Err = $Val->ValidateForm($_POST);
if (!$Err && $P['category'] === '0') {
$DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM collages\n\t\tWHERE UserID = '{$LoggedUser['ID']}'\n\t\t\tAND CategoryID = '0'\n\t\t\tAND Deleted = '0'");
list($CollageCount) = $DB->next_record();
if ($CollageCount >= $LoggedUser['Permissions']['MaxCollages'] || !check_perms('site_collages_personal')) {
$Err = 'You may not create a personal collage.';
} elseif (check_perms('site_collages_renamepersonal') && !stristr($P['name'], $LoggedUser['Username'])) {
$Err = 'Your personal collage\'s title must include your username.';
}
<?
//******************************************************************************//
//--------------- Take edit ----------------------------------------------------//
// This pages handles the backend of the 'edit torrent' function. It checks //
// the data, and if it all validates, it edits the values in the database //
// that correspond to the torrent in question. //
//******************************************************************************//
enforce_login();
require(SERVER_ROOT.'/classes/class_validate.php');
$Validate = new VALIDATE;
//******************************************************************************//
//--------------- Set $Properties array ----------------------------------------//
// This is used if the form doesn't validate, and when the time comes to enter //
// it into the database. //
$Properties=array();
$TypeID = (int)$_POST['type'];
$Type = $Categories[$TypeID-1];
$TorrentID = (int)$_POST['torrentid'];
$Properties['Remastered'] = (isset($_POST['remaster']))? 1 : 0;
if($Properties['Remastered']) {
$Properties['UnknownRelease'] = (isset($_POST['unknown'])) ? 1 : 0;
$Properties['RemasterYear'] = $_POST['remaster_year'];
$Properties['RemasterTitle'] = $_POST['remaster_title'];
$Properties['RemasterRecordLabel'] = $_POST['remaster_record_label'];
$Properties['RemasterCatalogueNumber'] = $_POST['remaster_catalogue_number'];
}
if(!$Properties['Remastered'] || $Properties['UnknownRelease']) {
}
}
if(!isset($_REQUEST['action'])) {
include(SERVER_ROOT.'/sections/tools/tools.php');
die();
}
if (substr($_REQUEST['action'],0,7) == 'sandbox' && !isset($argv[1])) {
if (!check_perms('site_debug') || !check_perms('admin_access_log')) {
error(403);
}
}
include(SERVER_ROOT."/classes/class_validate.php");
$Val=NEW VALIDATE;
include(SERVER_ROOT.'/classes/class_feed.php');
$Feed = new FEED;
switch ($_REQUEST['action']){
//Services
case 'get_host':
include('services/get_host.php');
break;
//Managers
case 'forum':
include('managers/forum_list.php');
break;
case 'forum_alter':
/*-- TODO ---------------------------//
Add the javascript validation into the display page using the class
//-----------------------------------*/
if (!empty($LoggedUser['ID'])) {
header('Location: index.php');
die;
}
if (BLOCK_OPERA_MINI && isset($_SERVER['HTTP_X_OPERAMINI_PHONE'])) {
error('Opera Mini is banned, please use another browser.');
}
// Check if IP is banned
if (site_ban_ip($_SERVER['REMOTE_ADDR'])) {
error('Your IP has been banned.');
}
require ASSETS . "/class_validate.php";
$Validate = new VALIDATE();
if (array_key_exists('action', $_GET) && $_GET['action'] == 'disabled') {
require 'disabled.php';
die;
}
if (isset($_REQUEST['act']) && $_REQUEST['act'] == "recover") {
// Recover password
if (!empty($_REQUEST['key'])) {
// User has entered a new password, use step 2
$DB->query("SELECT \n\t\t\tm.ID,\n\t\t\tm.Email,\n\t\t\ti.ResetExpires \n\t\t\tFROM users_main AS m \n\t\t\tINNER JOIN users_info AS i ON i.UserID=m.ID \n\t\t\tWHERE i.ResetKey='" . db_string($_REQUEST['key']) . "' \n\t\t\tAND i.ResetKey<>'' \n\t\t\tAND m.Enabled='1'");
list($UserID, $Email, $Expires) = $DB->next_record();
if ($UserID && strtotime($Expires) > time()) {
// If the user has requested a password change, and his key has not expired
$Validate->SetFields('password', '1', 'string', 'You entered an invalid password.', array('maxlength' => '40', 'minlength' => '6'));
$Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password'));
if (!empty($_REQUEST['password'])) {
<?
$P=array();
$P=db_array($_POST);
include(SERVER_ROOT.'/classes/class_validate.php');
$Val = new VALIDATE;
$Val->SetFields('title', '1','string','The title must be between 3 and 100 characters',array('maxlength'=>100, 'minlength'=>3));
//$Val->SetFields('alias', '1','string','Please include at least 1 alias, the entire string should be between 2 and 100 characters.',array('maxlength'=>100, 'minlength'=>2));
$Err = $Val->ValidateForm($_POST);
if(!$Err) {
$DB->query("SELECT ID FROM wiki_articles WHERE Title='$P[title]'");
if($DB->record_count()>0) {
list($ID) = $DB->next_record();
$Err = 'An article with that name already exists <a href="wiki.php?action=article&id='.$ID.'">here</a>.';
}
}
if($Err) {
$_SESSION['error_message'] = $Err;
header('Location: wiki.php?action=create');
die();
}
if(check_perms('admin_manage_wiki')){
$Read=$_POST['minclassread'];
$Edit=$_POST['minclassedit'];
if(!is_number($Read)) { error(0); } //int?
if(!is_number($Edit)) { error(0); }
if($Edit > $LoggedUser['Class']){ error('You can\'t restrict articles above your own level'); }
// the data, and if it all validates, it builds the torrent file, then writes //
// the data to the database and the torrent to the disk. //
//******************************************************************************//
// Maximum allowed size for uploaded files.
// http://php.net/upload-max-filesize
ini_set('upload_max_filesize', 2097152);
// 2 Mibibytes
ini_set('max_file_uploads', 100);
define(MAX_FILENAME_LENGTH, 180);
include SERVER_ROOT . '/classes/validate.class.php';
include SERVER_ROOT . '/classes/feed.class.php';
include SERVER_ROOT . '/sections/torrents/functions.php';
include SERVER_ROOT . '/classes/file_checker.class.php';
enforce_login();
authorize();
$Validate = new VALIDATE();
$Feed = new FEED();
define('QUERY_EXCEPTION', true);
// Shut up debugging
//******************************************************************************//
//--------------- Set $Properties array ----------------------------------------//
// This is used if the form doesn't validate, and when the time comes to enter //
// it into the database. //
$Properties = array();
$Type = $Categories[(int) $_POST['type']];
$TypeID = $_POST['type'] + 1;
$Properties['CategoryName'] = $Type;
$Properties['Title'] = $_POST['title'];
$Properties['Remastered'] = isset($_POST['remaster']) ? 1 : 0;
if ($Properties['Remastered'] || isset($_POST['unknown'])) {
$Properties['UnknownRelease'] = isset($_POST['unknown']) ? 1 : 0;
<?php
//NumTorrents is actually the number of things in the collage, the name just isn't generic.
authorize();
include SERVER_ROOT . '/classes/validate.class.php';
$Val = new VALIDATE();
function add_artist($CollageID, $ArtistID)
{
global $Cache, $LoggedUser, $DB;
$DB->query("\n\t\tSELECT MAX(Sort)\n\t\tFROM collages_artists\n\t\tWHERE CollageID = '{$CollageID}'");
list($Sort) = $DB->next_record();
$Sort += 10;
$DB->query("\n\t\tSELECT ArtistID\n\t\tFROM collages_artists\n\t\tWHERE CollageID = '{$CollageID}'\n\t\t\tAND ArtistID = '{$ArtistID}'");
if (!$DB->has_results()) {
$DB->query("\n\t\t\tINSERT IGNORE INTO collages_artists\n\t\t\t\t(CollageID, ArtistID, UserID, Sort, AddedOn)\n\t\t\tVALUES\n\t\t\t\t('{$CollageID}', '{$ArtistID}', '{$LoggedUser['ID']}', '{$Sort}', '" . sqltime() . "')");
$DB->query("\n\t\t\tUPDATE collages\n\t\t\tSET NumTorrents = NumTorrents + 1, Updated = '" . sqltime() . "'\n\t\t\tWHERE ID = '{$CollageID}'");
$Cache->delete_value("collage_{$CollageID}");
$Cache->delete_value("artists_collages_{$ArtistID}");
$Cache->delete_value("artists_collages_personal_{$ArtistID}");
$DB->query("\n\t\t\tSELECT UserID\n\t\t\tFROM users_collage_subs\n\t\t\tWHERE CollageID = {$CollageID}");
while (list($CacheUserID) = $DB->next_record()) {
$Cache->delete_value("collage_subs_user_new_{$CacheUserID}");
}
}
}
$CollageID = $_POST['collageid'];
if (!is_number($CollageID)) {
error(404);
}
$DB->query("\n\tSELECT UserID, CategoryID, Locked, NumTorrents, MaxGroups, MaxGroupsPerUser\n\tFROM collages\n\tWHERE ID = '{$CollageID}'");
list($UserID, $CategoryID, $Locked, $NumTorrents, $MaxGroups, $MaxGroupsPerUser) = $DB->next_record();
<?php
/*
if (isset($LoggedUser)) {
//Silly user, what are you doing here!
header('Location: index.php');
die();
}
*/
include SERVER_ROOT . '/classes/validate.class.php';
$Val = new VALIDATE();
if (!empty($_REQUEST['confirm'])) {
// Confirm registration
$DB->query("\n\t\tSELECT ID\n\t\tFROM users_main\n\t\tWHERE torrent_pass = '******'confirm']) . "'\n\t\t\tAND Enabled = '0'");
list($UserID) = $DB->next_record();
if ($UserID) {
$DB->query("\n\t\t\tUPDATE users_main\n\t\t\tSET Enabled = '1'\n\t\t\tWHERE ID = '{$UserID}'");
$Cache->increment('stats_user_count');
include 'step2.php';
}
} elseif (OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {
$Val->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX));
$Val->SetFields('email', true, 'email', 'You did not enter a valid email address.');
$Val->SetFields('password', true, 'regex', 'A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/'));
$Val->SetFields('confirm_password', true, 'compare', 'Your passwords do not match.', array('comparefield' => 'password'));
$Val->SetFields('readrules', true, 'checkbox', 'You did not select the box that says you will read the rules.');
$Val->SetFields('readwiki', true, 'checkbox', 'You did not select the box that says you will read the wiki.');
$Val->SetFields('agereq', true, 'checkbox', 'You did not select the box that says you are 13 years of age or older.');
//$Val->SetFields('captcha', true, 'string', 'You did not enter a captcha code.', array('minlength' => 6, 'maxlength' => 6));
if (!empty($_POST['submit'])) {
<?
//******************************************************************************//
//--------------- Take edit request --------------------------------------------//
include(SERVER_ROOT.'/classes/class_validate.php');
$Validate = new VALIDATE;
$RequestID = $_POST['requestid'];
if(!is_number($RequestID)) { error(0); }
$P = db_array($_POST);
//----- Validate
$Validate->SetFields('artist',
'0','string','The artist name must be between 2 and 100 characters.',array('maxlength'=>100, 'minlength'=>2));
$Validate->SetFields('name',
'0','string','The title must be between 2 and 255 characters.',array('maxlength'=>255, 'minlength'=>2));
$Validate->SetFields('description',
'1','string','You must enter a description.',array('maxlength'=>10000, 'minlength'=>2));
$Validate->SetFields('tags',
'1','string','You must enter at least one tag.',array('maxlength'=>255, 'minlength'=>2));
$Err=$Validate->ValidateForm($_POST); // Validate the form
if($Err) {
$_SESSION['Error'] = $Err;
$_SESSION['data'] = $_POST;
header('Location: '.$_SERVER['HTTP_REFERER']);
die();
} else {
$DB->query("SELECT UserID, TimeAdded FROM requests WHERE ID='$RequestID'");
<?php
authorize();
include SERVER_ROOT . '/classes/validate.class.php';
$Val = new VALIDATE();
function add_torrent($CollageID, $GroupID)
{
global $Cache, $LoggedUser, $DB;
$DB->query("\n\t\tSELECT MAX(Sort)\n\t\tFROM collages_torrents\n\t\tWHERE CollageID = '{$CollageID}'");
list($Sort) = $DB->next_record();
$Sort += 10;
$DB->query("\n\t\tSELECT GroupID\n\t\tFROM collages_torrents\n\t\tWHERE CollageID = '{$CollageID}'\n\t\t\tAND GroupID = '{$GroupID}'");
if (!$DB->has_results()) {
$DB->query("\n\t\t\tINSERT IGNORE INTO collages_torrents\n\t\t\t\t(CollageID, GroupID, UserID, Sort, AddedOn)\n\t\t\tVALUES\n\t\t\t\t('{$CollageID}', '{$GroupID}', '{$LoggedUser['ID']}', '{$Sort}', '" . sqltime() . "')");
$DB->query("\n\t\t\tUPDATE collages\n\t\t\tSET NumTorrents = NumTorrents + 1, Updated = '" . sqltime() . "'\n\t\t\tWHERE ID = '{$CollageID}'");
$Cache->delete_value("collage_{$CollageID}");
$Cache->delete_value("torrents_details_{$GroupID}");
$Cache->delete_value("torrent_collages_{$GroupID}");
$Cache->delete_value("torrent_collages_personal_{$GroupID}");
$DB->query("\n\t\t\tSELECT UserID\n\t\t\tFROM users_collage_subs\n\t\t\tWHERE CollageID = {$CollageID}");
while (list($CacheUserID) = $DB->next_record()) {
$Cache->delete_value("collage_subs_user_new_{$CacheUserID}");
}
}
}
$CollageID = $_POST['collageid'];
if (!is_number($CollageID)) {
error(404);
}
$DB->query("\n\tSELECT UserID, CategoryID, Locked, NumTorrents, MaxGroups, MaxGroupsPerUser\n\tFROM collages\n\tWHERE ID = '{$CollageID}'");
list($UserID, $CategoryID, $Locked, $NumTorrents, $MaxGroups, $MaxGroupsPerUser) = $DB->next_record();
<?php
//******************************************************************************//
//--------------- Take mass PM -------------------------------------------------//
// This pages handles the backend of the 'Send Mass PM' function. It checks //
// the data, and if it all validates, it sends a PM to everyone who snatched //
// the torrent. //
//******************************************************************************//
authorize();
enforce_login();
require SERVER_ROOT . '/classes/validate.class.php';
$Validate = new VALIDATE();
$TorrentID = (int) $_POST['torrentid'];
$GroupID = (int) $_POST['groupid'];
$Subject = $_POST['subject'];
$Message = $_POST['message'];
//******************************************************************************//
//--------------- Validate data in edit form -----------------------------------//
// FIXME: Still need a better perm name
if (!check_perms('site_moderate_requests')) {
error(403);
}
$Validate->SetFields('torrentid', '1', 'number', 'Invalid torrent ID.', array('maxlength' => 1000000000, 'minlength' => 1));
// we shouldn't have torrent IDs higher than a billion
$Validate->SetFields('groupid', '1', 'number', 'Invalid group ID.', array('maxlength' => 1000000000, 'minlength' => 1));
// we shouldn't have group IDs higher than a billion either
$Validate->SetFields('subject', '0', 'string', 'Invalid subject.', array('maxlength' => 1000, 'minlength' => 1));
$Validate->SetFields('message', '0', 'string', 'Invalid message.', array('maxlength' => 10000, 'minlength' => 1));
$Err = $Validate->ValidateForm($_POST);
// Validate the form
if ($Err) {
<?
//******************************************************************************//
//--------------- Fill a request -----------------------------------------------//
$RequestID = $_POST['requestid'];
if(!is_number($RequestID)) { error(0); }
$URL = trim($_POST['url']);
include(SERVER_ROOT.'/classes/class_validate.php');
$Validate = new VALIDATE;
// Make sure the URL they entered is on our site, and is a link to a torrent
$URLRegex = '/^https?:\/\/(www\.|ssl\.)?'.NONSSL_SITE_URL.'\/torrents\.php\?id=([0-9]+)/i';
$Validate->SetFields('url', '1','regex','The URL must be a link to a torrent on the site.',array('regex'=>$URLRegex));
$Err=$Validate->ValidateForm($_POST); // Validate the form
if($Err) { // if something didn't validate
$_SESSION['Error'] = $Err;
header('Location: requests.php?action=viewrequest&id='.$RequestID);
exit;
}
// Get torrent ID
$URLRegex = '/torrents\.php\?id=([0-9]+)/i';
preg_match($URLRegex, $URL, $Matches);
$TorrentID=$Matches[1];
if(!$TorrentID || (int)$TorrentID == 0){ error(404); }
$DB->query("SELECT ID, Time FROM torrents_group WHERE ID='$TorrentID'");
list($GroupID, $FillTime) = $DB->next_record();
