Gazelle/sections/requests/index.php

239 lines
6.7 KiB
PHP
Raw Normal View History

2011-03-28 14:21:28 +00:00
<?
enforce_login();
$RequestTax = 0.1;
2011-03-28 14:21:28 +00:00
// Minimum and default amount of upload to remove from the user when they vote.
// Also change in static/functions/requests.js
2013-04-30 18:18:07 +00:00
$MinimumVote = 20 * 1024 * 1024;
2013-04-30 18:18:07 +00:00
if (!empty($LoggedUser['DisableRequests'])) {
2011-03-28 14:21:28 +00:00
error('Your request privileges have been removed.');
}
2013-04-30 18:18:07 +00:00
if (!isset($_REQUEST['action'])) {
2011-03-28 14:21:28 +00:00
include(SERVER_ROOT.'/sections/requests/requests.php');
} else {
2013-05-01 08:00:16 +00:00
switch ($_REQUEST['action']) {
2011-03-28 14:21:28 +00:00
case 'new':
case 'edit':
include(SERVER_ROOT.'/sections/requests/new_edit.php');
break;
case 'takevote':
include(SERVER_ROOT.'/sections/requests/takevote.php');
break;
case 'takefill':
include(SERVER_ROOT.'/sections/requests/takefill.php');
break;
case 'takenew':
case 'takeedit':
include(SERVER_ROOT.'/sections/requests/takenew_edit.php');
break;
case 'delete':
case 'unfill':
include(SERVER_ROOT.'/sections/requests/interim.php');
break;
case 'takeunfill':
include(SERVER_ROOT.'/sections/requests/takeunfill.php');
break;
case 'takedelete':
include(SERVER_ROOT.'/sections/requests/takedelete.php');
break;
case 'view':
case 'viewrequest':
include(SERVER_ROOT.'/sections/requests/request.php');
break;
case 'reply':
authorize();
enforce_login();
2013-04-30 18:18:07 +00:00
if (!isset($_POST['requestid']) || !is_number($_POST['requestid']) || $_POST['body'] === '' || !isset($_POST['body'])) {
2011-03-28 14:21:28 +00:00
error(0);
}
2013-04-30 18:18:07 +00:00
if ($LoggedUser['DisablePosting']) {
2013-05-05 08:00:31 +00:00
error('Your posting privileges have been removed.');
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
$RequestID = $_POST['requestid'];
2013-04-30 18:18:07 +00:00
if (!$RequestID) {
error(404);
}
2013-02-22 08:00:24 +00:00
2013-05-05 08:00:31 +00:00
$DB->query("
SELECT
CEIL((
2013-07-10 00:08:53 +00:00
SELECT COUNT(ID) + 1
2013-05-05 08:00:31 +00:00
FROM requests_comments AS rc
2013-07-10 00:08:53 +00:00
WHERE rc.RequestID = '$RequestID'
) / ".TORRENT_COMMENTS_PER_PAGE."
2013-05-05 08:00:31 +00:00
) AS Pages");
2011-03-28 14:21:28 +00:00
list($Pages) = $DB->next_record();
2013-02-22 08:00:24 +00:00
2013-05-05 08:00:31 +00:00
$DB->query("
2013-07-10 00:08:53 +00:00
INSERT INTO requests_comments
(RequestID, AuthorID, AddedTime, Body)
VALUES
('$RequestID', '".db_string($LoggedUser['ID'])."', '".sqltime()."', '".db_string($_POST['body'])."')");
2013-05-05 08:00:31 +00:00
$PostID = $DB->inserted_id();
2013-02-22 08:00:24 +00:00
2013-05-05 08:00:31 +00:00
$CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $Pages - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
2013-07-10 00:08:53 +00:00
$Cache->begin_transaction("request_comments_$RequestID"."_catalogue_$CatalogueID");
2011-03-28 14:21:28 +00:00
$Post = array(
'ID'=>$PostID,
'AuthorID'=>$LoggedUser['ID'],
'AddedTime'=>sqltime(),
'Body'=>$_POST['body'],
'EditedUserID'=>0,
'EditedTime'=>'0000-00-00 00:00:00',
'Username'=>''
);
$Cache->insert('', $Post);
$Cache->commit_transaction(0);
2013-07-10 00:08:53 +00:00
$Cache->increment("request_comments_$RequestID");
2013-02-22 08:00:24 +00:00
2013-07-10 00:08:53 +00:00
header("Location: requests.php?action=view&id=$RequestID&page=$Pages");
2011-03-28 14:21:28 +00:00
break;
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
case 'get_post':
enforce_login();
2013-04-30 18:18:07 +00:00
if (!$_GET['post'] || !is_number($_GET['post'])) {
error(0);
}
2013-07-10 00:08:53 +00:00
$DB->query("
SELECT Body
FROM requests_comments
WHERE ID = '".db_string($_GET['post'])."'");
2011-03-28 14:21:28 +00:00
list($Body) = $DB->next_record(MYSQLI_NUM);
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
echo trim($Body);
break;
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
case 'takeedit_comment':
enforce_login();
authorize();
2013-05-27 08:00:58 +00:00
include(SERVER_ROOT.'/classes/text.class.php'); // Text formatting class
2011-03-28 14:21:28 +00:00
$Text = new TEXT;
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
// Quick SQL injection check
2013-04-30 18:18:07 +00:00
if (!$_POST['post'] || !is_number($_POST['post'])) {
error(0);
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
// Mainly
2013-05-05 08:00:31 +00:00
$DB->query("
SELECT
rc.Body,
rc.AuthorID,
rc.RequestID,
rc.AddedTime
2011-03-28 14:21:28 +00:00
FROM requests_comments AS rc
2013-07-10 00:08:53 +00:00
WHERE rc.ID = '".db_string($_POST['post'])."'");
list($OldBody, $AuthorID, $RequestID, $AddedTime) = $DB->next_record();
2013-02-22 08:00:24 +00:00
2013-05-05 08:00:31 +00:00
$DB->query("
SELECT ceil(COUNT(ID) / ".POSTS_PER_PAGE.") AS Page
FROM requests_comments
WHERE RequestID = $RequestID
AND ID <= $_POST[post]");
2011-03-28 14:21:28 +00:00
list($Page) = $DB->next_record();
2013-02-22 08:00:24 +00:00
2013-04-30 18:18:07 +00:00
if ($LoggedUser['ID'] != $AuthorID && !check_perms('site_moderate_forums')) {
error(404);
}
2013-07-10 00:08:53 +00:00
if (!$DB->has_results()) {
2013-04-30 18:18:07 +00:00
error(404);
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
// Perform the update
2013-05-05 08:00:31 +00:00
$DB->query("
UPDATE requests_comments
SET
Body = '".db_string($_POST['body'])."',
EditedUserID = '".db_string($LoggedUser['ID'])."',
EditedTime = '".sqltime()."'
2013-07-10 00:08:53 +00:00
WHERE ID = '".db_string($_POST['post'])."'");
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
// Update the cache
2013-07-10 00:08:53 +00:00
$CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $Page - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
$Cache->begin_transaction("request_comments_$RequestID"."_catalogue_$CatalogueID");
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
$Cache->update_row($_POST['key'], array(
'ID'=>$_POST['post'],
'AuthorID'=>$AuthorID,
'AddedTime'=>$AddedTime,
'Body'=>$_POST['body'],
'EditedUserID'=>db_string($LoggedUser['ID']),
'EditedTime'=>sqltime(),
'Username'=>$LoggedUser['Username']
));
$Cache->commit_transaction(0);
2013-02-22 08:00:24 +00:00
2013-05-05 08:00:31 +00:00
$DB->query("
2013-07-10 00:08:53 +00:00
INSERT INTO comments_edits
(Page, PostID, EditUser, EditTime, Body)
VALUES
('requests', ".db_string($_POST['post']).", ".db_string($LoggedUser['ID']).", '".sqltime()."', '".db_string($OldBody)."')");
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
// This gets sent to the browser, which echoes it in place of the old body
echo $Text->full_format($_POST['body']);
break;
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
case 'delete_comment':
enforce_login();
authorize();
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
// Quick SQL injection check
2013-04-30 18:18:07 +00:00
if (!$_GET['postid'] || !is_number($_GET['postid'])) {
error(0);
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
// Make sure they are moderators
2013-04-30 18:18:07 +00:00
if (!check_perms('site_moderate_forums')) {
error(403);
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
// Get topicid, forumid, number of pages
2013-05-05 08:00:31 +00:00
$DB->query("
SELECT DISTINCT
RequestID,
2013-07-10 00:08:53 +00:00
CEIL(COUNT(rc.ID) / ".TORRENT_COMMENTS_PER_PAGE.") AS Pages,
CEIL(SUM(IF(rc.ID <= ".$_GET['postid'].", 1, 0)) / ".TORRENT_COMMENTS_PER_PAGE.") AS Page
2011-03-28 14:21:28 +00:00
FROM requests_comments AS rc
2013-07-10 00:08:53 +00:00
WHERE rc.RequestID = (
2013-05-05 08:00:31 +00:00
SELECT RequestID
FROM requests_comments
2013-07-10 00:08:53 +00:00
WHERE ID = '".db_string($_GET['postid'])."'
2013-05-05 08:00:31 +00:00
)");
2013-07-10 00:08:53 +00:00
list($RequestID, $Pages, $Page) = $DB->next_record();
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
// $Pages = number of pages in the thread
// $Page = which page the post is on
// These are set for cache clearing.
2013-02-22 08:00:24 +00:00
2013-07-10 00:08:53 +00:00
$DB->query("
DELETE FROM requests_comments
WHERE ID = '".db_string($_GET['postid'])."'");
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
//We need to clear all subsequential catalogues as they've all been bumped with the absence of this post
2013-05-01 08:00:16 +00:00
$ThisCatalogue = floor((TORRENT_COMMENTS_PER_PAGE * $Page - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
$LastCatalogue = floor((TORRENT_COMMENTS_PER_PAGE * $Pages - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
for ($i = $ThisCatalogue; $i <= $LastCatalogue; $i++) {
2013-07-10 00:08:53 +00:00
$Cache->delete_value("request_comments_$RequestID" . "_catalogue_$i");
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
// Delete thread info cache (eg. number of pages)
2013-07-10 00:08:53 +00:00
$Cache->delete_value("request_comments_$GroupID");
2011-03-28 14:21:28 +00:00
break;
2013-07-10 00:08:53 +00:00
case 'warn':
2013-02-25 08:00:45 +00:00
include(SERVER_ROOT.'/sections/requests/warn.php');
break;
2013-07-10 00:08:53 +00:00
case 'take_warn':
2013-02-25 08:00:45 +00:00
include(SERVER_ROOT.'/sections/requests/take_warn.php');
break;
2011-03-28 14:21:28 +00:00
default:
error(0);
}
}
?>