2011-03-28 14:21:28 +00:00
< ?
/*
2013-02-22 08:00:24 +00:00
* This is the backend of the AJAXy reports resolve ( When you press the shiny submit button ) .
2013-07-10 00:08:53 +00:00
* This page shouldn ' t output anything except in error . If you do want output , it will be put
2011-03-28 14:21:28 +00:00
* straight into the table where the report used to be . Currently output is only given when
* a collision occurs or a POST attack is detected .
*/
2013-05-04 08:00:48 +00:00
if ( ! check_perms ( 'admin_reports' )) {
2011-03-28 14:21:28 +00:00
error ( 403 );
}
authorize ();
//Don't escape: Log message, Admin message
2013-07-10 00:08:53 +00:00
$Escaped = db_array ( $_POST , array ( 'log_message' , 'admin_message' , 'raw_name' ));
2011-03-28 14:21:28 +00:00
//If we're here from the delete torrent page instead of the reports page.
2013-05-04 08:00:48 +00:00
if ( ! isset ( $Escaped [ 'from_delete' ])) {
2011-03-28 14:21:28 +00:00
$Report = true ;
2013-05-04 08:00:48 +00:00
} elseif ( ! is_number ( $Escaped [ 'from_delete' ])) {
2013-11-01 08:01:02 +00:00
echo 'Hax occurred in from_delete' ;
2011-03-28 14:21:28 +00:00
} else {
$Report = false ;
}
$PMMessage = $_POST [ 'uploader_pm' ];
2013-05-04 08:00:48 +00:00
if ( is_number ( $Escaped [ 'reportid' ])) {
2011-03-28 14:21:28 +00:00
$ReportID = $Escaped [ 'reportid' ];
} else {
2013-11-01 08:01:02 +00:00
echo 'Hax occurred in the reportid' ;
2011-03-28 14:21:28 +00:00
die ();
}
2013-05-04 08:00:48 +00:00
if ( $Escaped [ 'pm_type' ] != 'Uploader' ) {
2011-03-28 14:21:28 +00:00
$Escaped [ 'uploader_pm' ] = '' ;
}
$UploaderID = ( int ) $Escaped [ 'uploaderid' ];
2013-05-04 08:00:48 +00:00
if ( ! is_number ( $UploaderID )) {
2013-11-01 08:01:02 +00:00
echo 'Hax occurring on the uploaderid' ;
2011-03-28 14:21:28 +00:00
die ();
}
$Warning = ( int ) $Escaped [ 'warning' ];
2013-05-04 08:00:48 +00:00
if ( ! is_number ( $Warning )) {
2013-11-01 08:01:02 +00:00
echo 'Hax occurring on the warning' ;
2011-03-28 14:21:28 +00:00
die ();
}
$CategoryID = $Escaped [ 'categoryid' ];
2013-05-04 08:00:48 +00:00
if ( ! isset ( $CategoryID )) {
2013-11-01 08:01:02 +00:00
echo 'Hax occurring on the categoryid' ;
2011-03-28 14:21:28 +00:00
die ();
}
$TorrentID = $Escaped [ 'torrentid' ];
$RawName = $Escaped [ 'raw_name' ];
2013-07-10 00:08:53 +00:00
if ( isset ( $Escaped [ 'delete' ]) && $Cache -> get_value ( " torrent_ $TorrentID " . '_lock' )) {
echo " You requested to delete the torrent $TorrentID , but this is currently not possible because the upload process is still running. Please try again later. " ;
2013-06-27 08:01:06 +00:00
die ();
}
2013-07-10 00:08:53 +00:00
if (( $Escaped [ 'resolve_type' ] == 'manual' || $Escaped [ 'resolve_type' ] == 'dismiss' ) && $Report ) {
2013-05-04 08:00:48 +00:00
if ( $Escaped [ 'comment' ]) {
2011-03-28 14:21:28 +00:00
$Comment = $Escaped [ 'comment' ];
} else {
2013-07-10 00:08:53 +00:00
if ( $Escaped [ 'resolve_type' ] == 'manual' ) {
$Comment = 'Report was resolved manually.' ;
} elseif ( $Escaped [ 'resolve_type' ] == 'dismiss' ) {
$Comment = 'Report was dismissed as invalid.' ;
2011-03-28 14:21:28 +00:00
}
}
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
$DB -> query ( "
UPDATE reportsv2
SET
2013-07-10 00:08:53 +00:00
Status = 'Resolved' ,
LastChangeTime = '".sqltime()."' ,
2013-05-27 08:00:58 +00:00
ModComment = '$Comment' ,
2013-07-10 00:08:53 +00:00
ResolverID = '".$LoggedUser[' ID ']."'
WHERE ID = '$ReportID'
2013-05-27 08:00:58 +00:00
AND Status != 'Resolved' " );
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ( $DB -> affected_rows () > 0 ) {
2011-03-28 14:21:28 +00:00
$Cache -> delete_value ( 'num_torrent_reportsv2' );
2013-07-10 00:08:53 +00:00
$Cache -> delete_value ( " reports_torrent_ $TorrentID " );
2011-03-28 14:21:28 +00:00
} else {
//Someone beat us to it. Inform the staffer.
?>
2012-09-01 08:00:24 +00:00
< table class = " layout " cellpadding = " 5 " >
2011-03-28 14:21:28 +00:00
< tr >
< td >
< a href = " reportsv2.php?view=report&id=<?= $ReportID ?> " > Somebody has already resolved this report </ a >
< input type = " button " value = " Clear " onclick = " ClearReport(<?= $ReportID ?>); " />
</ td >
</ tr >
</ table >
< ?
}
die ();
}
2013-05-04 08:00:48 +00:00
if ( ! isset ( $Escaped [ 'resolve_type' ])) {
2011-03-28 14:21:28 +00:00
echo 'No resolve type' ;
die ();
2013-05-04 08:00:48 +00:00
} elseif ( array_key_exists ( $_POST [ 'resolve_type' ], $Types [ $CategoryID ])) {
2011-03-28 14:21:28 +00:00
$ResolveType = $Types [ $CategoryID ][ $_POST [ 'resolve_type' ]];
2013-07-10 00:08:53 +00:00
} elseif ( array_key_exists ( $_POST [ 'resolve_type' ], $Types [ 'master' ])) {
2011-03-28 14:21:28 +00:00
$ResolveType = $Types [ 'master' ][ $_POST [ 'resolve_type' ]];
} else {
//There was a type but it wasn't an option!
echo 'HAX (Invalid Resolve Type)' ;
die ();
}
2013-07-10 00:08:53 +00:00
$DB -> query ( "
SELECT ID
FROM torrents
WHERE ID = $TorrentID " );
$TorrentExists = ( $DB -> has_results ());
2013-05-04 08:00:48 +00:00
if ( ! $TorrentExists ) {
$DB -> query ( "
UPDATE reportsv2
2013-07-10 00:08:53 +00:00
SET Status = 'Resolved' ,
LastChangeTime = '".sqltime()."' ,
ResolverID = '".$LoggedUser[' ID ']."' ,
ModComment = 'Report already dealt with (torrent deleted).'
WHERE ID = $ReportID " );
2011-03-28 14:21:28 +00:00
$Cache -> decrement ( 'num_torrent_reportsv2' );
}
2013-05-04 08:00:48 +00:00
if ( $Report ) {
2011-03-28 14:21:28 +00:00
//Resolve with a parallel check
2013-05-04 08:00:48 +00:00
$DB -> query ( "
UPDATE reportsv2
2013-07-10 00:08:53 +00:00
SET Status = 'Resolved' ,
LastChangeTime = '".sqltime()."' ,
ResolverID = '".$LoggedUser[' ID ']."'
WHERE ID = $ReportID
2013-05-27 08:00:58 +00:00
AND Status != 'Resolved' " );
2011-03-28 14:21:28 +00:00
}
//See if it we managed to resolve
2013-05-04 08:00:48 +00:00
if ( $DB -> affected_rows () > 0 || ! $Report ) {
2011-03-28 14:21:28 +00:00
//We did, lets do all our shit
2013-05-04 08:00:48 +00:00
if ( $Report ) {
$Cache -> decrement ( 'num_torrent_reportsv2' );
}
2011-03-28 14:21:28 +00:00
2013-05-04 08:00:48 +00:00
if ( isset ( $Escaped [ 'upload' ])) {
2011-03-28 14:21:28 +00:00
$Upload = true ;
} else {
$Upload = false ;
}
2016-10-28 08:00:28 +00:00
if ( $_POST [ 'resolve_type' ] === 'tags_lots' ) {
2013-07-10 00:08:53 +00:00
$DB -> query ( "
INSERT IGNORE INTO torrents_bad_tags
( TorrentID , UserID , TimeAdded )
VALUES
( $TorrentID , " . $LoggedUser['ID'] . " , '".sqltime()."' ) " );
$DB -> query ( "
SELECT GroupID
FROM torrents
WHERE ID = $TorrentID " );
2011-03-28 14:21:28 +00:00
list ( $GroupID ) = $DB -> next_record ();
2013-07-10 00:08:53 +00:00
$Cache -> delete_value ( " torrents_details_ $GroupID " );
2011-03-28 14:21:28 +00:00
$SendPM = true ;
}
2016-10-28 08:00:28 +00:00
elseif ( $_POST [ 'resolve_type' ] === 'folders_bad' ) {
2013-07-10 00:08:53 +00:00
$DB -> query ( "
INSERT IGNORE INTO torrents_bad_folders
( TorrentID , UserID , TimeAdded )
VALUES
( $TorrentID , " . $LoggedUser['ID'] . " , '".sqltime()."' ) " );
$DB -> query ( "
SELECT GroupID
FROM torrents
WHERE ID = $TorrentID " );
2011-03-28 14:21:28 +00:00
list ( $GroupID ) = $DB -> next_record ();
2013-07-10 00:08:53 +00:00
$Cache -> delete_value ( " torrents_details_ $GroupID " );
2011-03-28 14:21:28 +00:00
$SendPM = true ;
}
2016-10-28 08:00:28 +00:00
elseif ( $_POST [ 'resolve_type' ] === 'filename' ) {
2013-07-10 00:08:53 +00:00
$DB -> query ( "
INSERT IGNORE INTO torrents_bad_files
( TorrentID , UserID , TimeAdded )
VALUES
( $TorrentID , " . $LoggedUser['ID'] . " , '".sqltime()."' ) " );
$DB -> query ( "
SELECT GroupID
FROM torrents
WHERE ID = $TorrentID " );
2011-03-28 14:21:28 +00:00
list ( $GroupID ) = $DB -> next_record ();
2013-07-10 00:08:53 +00:00
$Cache -> delete_value ( " torrents_details_ $GroupID " );
2011-03-28 14:21:28 +00:00
$SendPM = true ;
}
2016-10-28 08:00:28 +00:00
elseif ( $_POST [ 'resolve_type' ] === 'lossyapproval' ) {
2016-01-09 08:00:28 +00:00
$DB -> query ( "
INSERT INTO torrents_lossymaster_approved
VALUES ( $TorrentID , " . $LoggedUser['ID'] . " , '".sqltime()."' ) " );
$DB -> query ( "
SELECT GroupID
FROM torrents
WHERE ID = $TorrentID " );
list ( $GroupID ) = $DB -> next_record ();
$Cache -> delete_value ( " torrents_details_ $GroupID " );
}
2016-10-28 08:00:28 +00:00
elseif ( $_POST [ 'resolve_type' ] === 'upload_contest' ) {
$DB -> query ( "
INSERT INTO upload_contest
VALUES ( $TorrentID , $UploaderID ) " );
}
2016-01-09 08:00:28 +00:00
2011-03-28 14:21:28 +00:00
//Log and delete
2013-05-04 08:00:48 +00:00
if ( isset ( $Escaped [ 'delete' ]) && check_perms ( 'users_mod' )) {
2013-07-10 00:08:53 +00:00
$DB -> query ( "
SELECT Username
FROM users_main
WHERE ID = $UploaderID " );
2011-03-28 14:21:28 +00:00
list ( $UpUsername ) = $DB -> next_record ();
2013-07-10 00:08:53 +00:00
$Log = " Torrent $TorrentID ( $RawName ) uploaded by $UpUsername was deleted by " . $LoggedUser [ 'Username' ];
$Log .= ( $Escaped [ 'resolve_type' ] == 'custom' ? '' : ' for the reason: ' . $ResolveType [ 'title' ] . " . " );
if ( isset ( $Escaped [ 'log_message' ]) && $Escaped [ 'log_message' ] != '' ) {
$Log .= ' ( ' . $Escaped [ 'log_message' ] . ' )' ;
2011-03-28 14:21:28 +00:00
}
2013-07-10 00:08:53 +00:00
$DB -> query ( "
SELECT GroupID , hex ( info_hash )
FROM torrents
WHERE ID = $TorrentID " );
2012-08-03 08:00:17 +00:00
list ( $GroupID , $InfoHash ) = $DB -> next_record ();
2012-10-11 08:00:15 +00:00
Torrents :: delete_torrent ( $TorrentID , 0 , $ResolveType [ 'reason' ]);
2013-02-22 08:00:24 +00:00
2012-08-03 08:00:17 +00:00
//$InfoHash = unpack("H*", $InfoHash);
2013-07-10 00:08:53 +00:00
$Log .= ' (' . strtoupper ( $InfoHash ) . ')' ;
2012-10-11 08:00:15 +00:00
Misc :: write_log ( $Log );
2013-07-10 00:08:53 +00:00
$Log = 'deleted torrent for the reason: ' . $ResolveType [ 'title' ] . '. ( ' . $Escaped [ 'log_message' ] . ' )' ;
2012-10-11 08:00:15 +00:00
Torrents :: write_group_log ( $GroupID , $TorrentID , $LoggedUser [ 'ID' ], $Log , 0 );
2011-03-28 14:21:28 +00:00
} else {
2013-07-10 00:08:53 +00:00
$Log = " No log message (torrent wasn't deleted). " ;
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
//Warnings / remove upload
2013-05-04 08:00:48 +00:00
if ( $Upload ) {
2013-07-10 00:08:53 +00:00
$Cache -> begin_transaction ( " user_info_heavy_ $UploaderID " );
2011-03-28 14:21:28 +00:00
$Cache -> update_row ( false , array ( 'DisableUpload' => '1' ));
$Cache -> commit_transaction ( 0 );
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
$DB -> query ( "
UPDATE users_info
2013-07-10 00:08:53 +00:00
SET DisableUpload = '1'
WHERE UserID = $UploaderID " );
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ( $Warning > 0 ) {
$WarnLength = $Warning * ( 7 * 24 * 60 * 60 );
2013-07-10 00:08:53 +00:00
$Reason = " Uploader of torrent ( $TorrentID ) $RawName which was resolved with the preset: " . $ResolveType [ 'title' ] . '.' ;
2013-05-04 08:00:48 +00:00
if ( $Escaped [ 'admin_message' ]) {
2013-07-10 00:08:53 +00:00
$Reason .= ' (' . $Escaped [ 'admin_message' ] . ').' ;
2011-03-28 14:21:28 +00:00
}
2013-05-04 08:00:48 +00:00
if ( $Upload ) {
2013-07-10 00:08:53 +00:00
$Reason .= ' (Upload privileges removed).' ;
2011-03-28 14:21:28 +00:00
}
2012-10-11 08:00:15 +00:00
Tools :: warn_user ( $UploaderID , $WarnLength , $Reason );
2011-03-28 14:21:28 +00:00
} else {
//This is a bitch for people that don't warn but do other things, it makes me sad.
2013-04-19 08:00:55 +00:00
$AdminComment = '' ;
2013-05-04 08:00:48 +00:00
if ( $Upload ) {
2011-03-28 14:21:28 +00:00
//They removed upload
2013-07-10 00:08:53 +00:00
$AdminComment .= 'Upload privileges removed by ' . $LoggedUser [ 'Username' ];
$AdminComment .= " \n Reason: Uploader of torrent ( $TorrentID ) " . db_string ( $RawName ) . ' which was resolved with the preset: ' . $ResolveType [ 'title' ] . " . (Report ID: $ReportID ) " ;
2011-03-28 14:21:28 +00:00
}
2013-05-04 08:00:48 +00:00
if ( $Escaped [ 'admin_message' ]) {
2011-03-28 14:21:28 +00:00
//They did nothing of note, but still want to mark it (Or upload and mark)
2013-07-10 00:08:53 +00:00
$AdminComment .= ' (' . $Escaped [ 'admin_message' ] . ')' ;
2011-03-28 14:21:28 +00:00
}
2013-05-04 08:00:48 +00:00
if ( $AdminComment ) {
2013-07-10 00:08:53 +00:00
$AdminComment = date ( 'Y-m-d' ) . " - $AdminComment\n\n " ;
2013-02-22 08:00:24 +00:00
2013-07-10 00:08:53 +00:00
$DB -> query ( "
UPDATE users_info
SET AdminComment = CONCAT ( '".db_string($AdminComment)."' , AdminComment )
WHERE UserID = '".db_string($UploaderID)."' " );
2011-03-28 14:21:28 +00:00
}
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
//PM
2013-05-04 08:00:48 +00:00
if ( $Escaped [ 'uploader_pm' ] || $Warning > 0 || isset ( $Escaped [ 'delete' ]) || $SendPM ) {
if ( isset ( $Escaped [ 'delete' ])) {
2013-11-05 08:01:12 +00:00
$PM = '[url=' . site_url () . " torrents.php?torrentid= $TorrentID ]Your above torrent[/url] was reported and has been deleted. \n \n " ;
2011-03-28 14:21:28 +00:00
} else {
2013-11-05 08:01:12 +00:00
$PM = '[url=' . site_url () . " torrents.php?torrentid= $TorrentID ]Your above torrent[/url] was reported but not deleted. \n \n " ;
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
$Preset = $ResolveType [ 'resolve_options' ][ 'pm' ];
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ( $Preset != '' ) {
2013-11-01 08:01:02 +00:00
$PM .= " Reason: $Preset\n\n " ;
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ( $Warning > 0 ) {
2013-11-05 08:01:12 +00:00
$PM .= " This has resulted in a [url= " . site_url () . " wiki.php?action=article&id=218] $Warning week warning.[/url] \n \n " ;
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ( $Upload ) {
2013-11-01 08:01:02 +00:00
$PM .= 'This has ' . ( $Warning > 0 ? 'also ' : '' ) . " resulted in the loss of your upload privileges. \n \n " ;
2011-03-28 14:21:28 +00:00
}
2013-05-04 08:00:48 +00:00
if ( $Log ) {
2013-11-01 08:01:02 +00:00
$PM .= " Log Message: $Log\n\n " ;
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ( $Escaped [ 'uploader_pm' ]) {
2013-11-01 08:01:02 +00:00
$PM .= " Message from " . $LoggedUser [ 'Username' ] . " : $PMMessage\n\n " ;
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2013-11-01 08:01:02 +00:00
$PM .= " Report was handled by [user] " . $LoggedUser [ 'Username' ] . '[/user].' ;
2013-02-22 08:00:24 +00:00
2013-03-10 08:00:41 +00:00
Misc :: send_pm ( $UploaderID , 0 , $Escaped [ 'raw_name' ], $PM );
2011-03-28 14:21:28 +00:00
}
2013-07-10 00:08:53 +00:00
$Cache -> delete_value ( " reports_torrent_ $TorrentID " );
2013-02-22 08:00:24 +00:00
2013-10-10 08:01:46 +00:00
// Now we've done everything, update the DB with values
2013-05-04 08:00:48 +00:00
if ( $Report ) {
2013-07-10 00:08:53 +00:00
$DB -> query ( "
UPDATE reportsv2
SET
Type = '".$Escaped[' resolve_type ']."' ,
LogMessage = '".db_string($Log)."' ,
ModComment = '".$Escaped[' comment ']."'
WHERE ID = $ReportID " );
2011-03-28 14:21:28 +00:00
}
} else {
2013-10-10 08:01:46 +00:00
// Someone beat us to it. Inform the staffer.
2011-03-28 14:21:28 +00:00
?>
2013-10-10 08:01:46 +00:00
< a href = " reportsv2.php?view=report&id=<?= $ReportID ?> " > Somebody has already resolved this report </ a >
< input type = " button " value = " Clear " onclick = " ClearReport(<?= $ReportID ?>); " />
2011-03-28 14:21:28 +00:00
< ?
}