Gazelle/sections/reportsv2/takereport.php

140 lines
3.7 KiB
PHP
Raw Normal View History

2011-03-28 14:21:28 +00:00
<?
/*
* This page handles the backend from when a user submits a report.
* It checks for (in order):
2013-02-22 08:00:24 +00:00
* 1. The usual POST injections, then checks that things.
* 2. Things that are required by the report type are filled
2011-03-28 14:21:28 +00:00
* ('1' in the report_fields array).
* 3. Things that are filled are filled with correct things.
* 4. That the torrent you're reporting still exists.
2013-02-22 08:00:24 +00:00
*
2011-03-28 14:21:28 +00:00
* Then it just inserts the report to the DB and increments the counter.
*/
authorize();
2013-04-19 08:00:55 +00:00
if (!is_number($_POST['torrentid'])) {
2011-03-28 14:21:28 +00:00
error(404);
} else {
$TorrentID = $_POST['torrentid'];
}
2013-04-19 08:00:55 +00:00
if (!is_number($_POST['categoryid'])) {
2011-03-28 14:21:28 +00:00
error(404);
} else {
$CategoryID = $_POST['categoryid'];
}
2013-04-19 08:00:55 +00:00
if (!isset($_POST['type'])) {
2011-03-28 14:21:28 +00:00
error(404);
} else if (array_key_exists($_POST['type'], $Types[$CategoryID])) {
$Type = $_POST['type'];
$ReportType = $Types[$CategoryID][$Type];
2013-04-19 08:00:55 +00:00
} else if (array_key_exists($_POST['type'],$Types['master'])) {
2011-03-28 14:21:28 +00:00
$Type = $_POST['type'];
$ReportType = $Types['master'][$Type];
} else {
//There was a type but it wasn't an option!
error(403);
}
2013-04-19 08:00:55 +00:00
foreach ($ReportType['report_fields'] as $Field => $Value) {
if ($Value == '1') {
if (empty($_POST[$Field])) {
2013-07-10 00:08:53 +00:00
$Err = "You are missing a required field ($Field) for a ".$ReportType['title'].' report.';
2011-03-28 14:21:28 +00:00
}
}
}
2013-04-19 08:00:55 +00:00
if (!empty($_POST['sitelink'])) {
2013-06-11 08:01:24 +00:00
if (preg_match_all('/'.TORRENT_REGEX.'/i', $_POST['sitelink'], $Matches)) {
$ExtraIDs = implode(' ', $Matches[4]);
if (in_array($TorrentID, $Matches[4])) {
2011-03-28 14:21:28 +00:00
$Err = "The extra permalinks you gave included the link to the torrent you're reporting!";
}
} else {
2013-07-10 00:08:53 +00:00
$Err = 'The permalink was incorrect. It should look like https://'.SSL_SITE_URL.'/torrents.php?torrentid=12345';
2011-03-28 14:21:28 +00:00
}
} else {
2013-04-19 08:00:55 +00:00
$ExtraIDs = '';
2011-03-28 14:21:28 +00:00
}
2013-04-19 08:00:55 +00:00
if (!empty($_POST['link'])) {
2011-03-28 14:21:28 +00:00
//resource_type://domain:port/filepathname?query_string#anchor
// http:// www .foo.com /bar
2013-06-11 08:01:24 +00:00
if (preg_match_all('/'.URL_REGEX.'/is', $_POST['link'], $Matches)) {
2011-03-28 14:21:28 +00:00
$Links = implode(' ', $Matches[0]);
} else {
$Err = "The extra links you provided weren't links...";
}
} else {
2013-04-19 08:00:55 +00:00
$Links = '';
2011-03-28 14:21:28 +00:00
}
2013-04-19 08:00:55 +00:00
if (!empty($_POST['image'])) {
if (preg_match("/^(".IMAGE_REGEX.")( ".IMAGE_REGEX.")*$/is", trim($_POST['image']), $Matches)) {
2011-03-28 14:21:28 +00:00
$Images = $Matches[0];
} else {
$Err = "The extra image links you provided weren't links to images...";
}
} else {
2013-04-19 08:00:55 +00:00
$Images = '';
2011-03-28 14:21:28 +00:00
}
2013-04-19 08:00:55 +00:00
if (!empty($_POST['track'])) {
if (preg_match('/([0-9]+( [0-9]+)*)|All/is', $_POST['track'], $Matches)) {
2011-03-28 14:21:28 +00:00
$Tracks = $Matches[0];
} else {
2013-07-10 00:08:53 +00:00
$Err = 'Tracks should be given in a space-separated list of numbers with no other characters.';
2011-03-28 14:21:28 +00:00
}
} else {
2013-04-19 08:00:55 +00:00
$Tracks = '';
2011-03-28 14:21:28 +00:00
}
2013-04-19 08:00:55 +00:00
if (!empty($_POST['extra'])) {
2011-03-28 14:21:28 +00:00
$Extra = db_string($_POST['extra']);
} else {
2013-04-19 08:00:55 +00:00
$Err = 'As useful as blank reports are, could you be a tiny bit more helpful? (Leave a comment)';
2011-03-28 14:21:28 +00:00
}
2013-07-10 00:08:53 +00:00
$DB->query("
SELECT ID
FROM torrents
WHERE ID = $TorrentID");
if (!$DB->has_results()) {
2011-03-28 14:21:28 +00:00
$Err = "A torrent with that ID doesn't exist!";
}
2013-04-19 08:00:55 +00:00
if (!empty($Err)) {
2011-03-28 14:21:28 +00:00
error($Err);
include(SERVER_ROOT.'/sections/reportsv2/report.php');
die();
}
2013-07-10 00:08:53 +00:00
$DB->query("
SELECT ID
FROM reportsv2
WHERE TorrentID = $TorrentID
AND ReporterID = ".db_string($LoggedUser['ID'])."
AND ReportedTime > '".time_minus(3)."'");
if ($DB->has_results()) {
header("Location: torrents.php?torrentid=$TorrentID");
2011-03-28 14:21:28 +00:00
die();
}
2013-07-10 00:08:53 +00:00
$DB->query("
INSERT INTO reportsv2
(ReporterID, TorrentID, Type, UserComment, Status, ReportedTime, Track, Image, ExtraID, Link)
VALUES
(".db_string($LoggedUser['ID']).", $TorrentID, '".db_string($Type)."', '$Extra', 'New', '".sqltime()."', '".db_string($Tracks)."', '".db_string($Images)."', '".db_string($ExtraIDs)."', '".db_string($Links)."')");
2011-03-28 14:21:28 +00:00
$ReportID = $DB->inserted_id();
2013-07-10 00:08:53 +00:00
$Cache->delete_value("reports_torrent_$TorrentID");
2011-03-28 14:21:28 +00:00
$Cache->increment('num_torrent_reportsv2');
2013-07-10 00:08:53 +00:00
header("Location: torrents.php?torrentid=$TorrentID");
2011-03-28 14:21:28 +00:00
?>