2011-03-28 14:21:28 +00:00
< ?
/*
* This page handles the backend from when a user submits a report .
* It checks for ( in order ) :
2013-02-22 08:00:24 +00:00
* 1. The usual POST injections , then checks that things .
* 2. Things that are required by the report type are filled
2011-03-28 14:21:28 +00:00
* ( '1' in the report_fields array ) .
* 3. Things that are filled are filled with correct things .
* 4. That the torrent you ' re reporting still exists .
2013-02-22 08:00:24 +00:00
*
2011-03-28 14:21:28 +00:00
* Then it just inserts the report to the DB and increments the counter .
*/
authorize ();
2013-04-19 08:00:55 +00:00
if ( ! is_number ( $_POST [ 'torrentid' ])) {
2011-03-28 14:21:28 +00:00
error ( 404 );
} else {
$TorrentID = $_POST [ 'torrentid' ];
}
2013-04-19 08:00:55 +00:00
if ( ! is_number ( $_POST [ 'categoryid' ])) {
2011-03-28 14:21:28 +00:00
error ( 404 );
} else {
$CategoryID = $_POST [ 'categoryid' ];
}
2013-04-19 08:00:55 +00:00
if ( ! isset ( $_POST [ 'type' ])) {
2011-03-28 14:21:28 +00:00
error ( 404 );
} else if ( array_key_exists ( $_POST [ 'type' ], $Types [ $CategoryID ])) {
$Type = $_POST [ 'type' ];
$ReportType = $Types [ $CategoryID ][ $Type ];
2013-04-19 08:00:55 +00:00
} else if ( array_key_exists ( $_POST [ 'type' ], $Types [ 'master' ])) {
2011-03-28 14:21:28 +00:00
$Type = $_POST [ 'type' ];
$ReportType = $Types [ 'master' ][ $Type ];
} else {
//There was a type but it wasn't an option!
error ( 403 );
}
2013-04-19 08:00:55 +00:00
foreach ( $ReportType [ 'report_fields' ] as $Field => $Value ) {
if ( $Value == '1' ) {
if ( empty ( $_POST [ $Field ])) {
2011-03-28 14:21:28 +00:00
$Err = " You are missing a required field ( " . $Field . " ) for a " . $ReportType [ 'title' ] . " report. " ;
}
}
}
2013-04-19 08:00:55 +00:00
if ( ! empty ( $_POST [ 'sitelink' ])) {
if ( preg_match_all ( '/((https?:\/\/)?([a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)*\.)?' . SSL_SITE_URL . '\/torrents.php\?(id=[0-9]+\&)?torrentid=([0-9]+))/is' , $_POST [ 'sitelink' ], $Matches )) {
2011-03-28 14:21:28 +00:00
$ExtraIDs = implode ( ' ' , $Matches [ 6 ]);
2013-04-19 08:00:55 +00:00
if ( in_array ( $TorrentID , $Matches [ 6 ])) {
2011-03-28 14:21:28 +00:00
$Err = " The extra permalinks you gave included the link to the torrent you're reporting! " ;
}
} else {
2013-04-19 08:00:55 +00:00
$Err = " The permalink was incorrect. It should look like https:// " . SSL_SITE_URL . " /torrents.php?torrentid=12345 " ;
2011-03-28 14:21:28 +00:00
}
} else {
2013-04-19 08:00:55 +00:00
$ExtraIDs = '' ;
2011-03-28 14:21:28 +00:00
}
2013-04-19 08:00:55 +00:00
if ( ! empty ( $_POST [ 'link' ])) {
2011-03-28 14:21:28 +00:00
//resource_type://domain:port/filepathname?query_string#anchor
// http:// www .foo.com /bar
2013-04-19 08:00:55 +00:00
if ( preg_match_all ( '/(https?:\/\/)?[a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)*(:[0-9]{2,5})?(\/(\S)+)?/is' , $_POST [ 'link' ], $Matches )) {
2011-03-28 14:21:28 +00:00
$Links = implode ( ' ' , $Matches [ 0 ]);
} else {
$Err = " The extra links you provided weren't links... " ;
}
} else {
2013-04-19 08:00:55 +00:00
$Links = '' ;
2011-03-28 14:21:28 +00:00
}
2013-04-19 08:00:55 +00:00
if ( ! empty ( $_POST [ 'image' ])) {
if ( preg_match ( " /^( " . IMAGE_REGEX . " )( " . IMAGE_REGEX . " )* $ /is " , trim ( $_POST [ 'image' ]), $Matches )) {
2011-03-28 14:21:28 +00:00
$Images = $Matches [ 0 ];
} else {
$Err = " The extra image links you provided weren't links to images... " ;
}
} else {
2013-04-19 08:00:55 +00:00
$Images = '' ;
2011-03-28 14:21:28 +00:00
}
2013-04-19 08:00:55 +00:00
if ( ! empty ( $_POST [ 'track' ])) {
if ( preg_match ( '/([0-9]+( [0-9]+)*)|All/is' , $_POST [ 'track' ], $Matches )) {
2011-03-28 14:21:28 +00:00
$Tracks = $Matches [ 0 ];
} else {
2013-04-19 08:00:55 +00:00
$Err = 'Tracks should be given in a space separated list of numbers (no other characters)' ;
2011-03-28 14:21:28 +00:00
}
} else {
2013-04-19 08:00:55 +00:00
$Tracks = '' ;
2011-03-28 14:21:28 +00:00
}
2013-04-19 08:00:55 +00:00
if ( ! empty ( $_POST [ 'extra' ])) {
2011-03-28 14:21:28 +00:00
$Extra = db_string ( $_POST [ 'extra' ]);
} else {
2013-04-19 08:00:55 +00:00
$Err = 'As useful as blank reports are, could you be a tiny bit more helpful? (Leave a comment)' ;
2011-03-28 14:21:28 +00:00
}
$DB -> query ( " SELECT ID FROM torrents WHERE ID= " . $TorrentID );
2013-04-19 08:00:55 +00:00
if ( $DB -> record_count () < 1 ) {
2011-03-28 14:21:28 +00:00
$Err = " A torrent with that ID doesn't exist! " ;
}
2013-04-19 08:00:55 +00:00
if ( ! empty ( $Err )) {
2011-03-28 14:21:28 +00:00
error ( $Err );
include ( SERVER_ROOT . '/sections/reportsv2/report.php' );
die ();
}
$DB -> query ( " SELECT ID FROM reportsv2 WHERE TorrentID= " . $TorrentID . " AND ReporterID= " . db_string ( $LoggedUser [ 'ID' ]) . " AND ReportedTime > ' " . time_minus ( 3 ) . " ' " );
2013-04-19 08:00:55 +00:00
if ( $DB -> record_count () > 0 ) {
2011-03-28 14:21:28 +00:00
header ( 'Location: torrents.php?torrentid=' . $TorrentID );
die ();
}
$DB -> query ( " INSERT INTO reportsv2
( ReporterID , TorrentID , Type , UserComment , Status , ReportedTime , Track , Image , ExtraID , Link )
VALUES
( " .db_string( $LoggedUser['ID'] ). " , $TorrentID , '".db_string($Type)."' , '$Extra' , 'New' , '".sqltime()."' , '".db_string($Tracks)."' , '".db_string($Images)."' , '".db_string($ExtraIDs)."' , '".db_string($Links)."' ) " );
$ReportID = $DB -> inserted_id ();
$Cache -> delete_value ( 'reports_torrent_' . $TorrentID );
$Cache -> increment ( 'num_torrent_reportsv2' );
header ( 'Location: torrents.php?torrentid=' . $TorrentID );
?>