Gazelle/sections/reportsv2/takeresolve.php

344 lines
9.8 KiB
PHP
Raw Normal View History

2011-03-28 14:21:28 +00:00
<?
/*
2013-02-22 08:00:24 +00:00
* This is the backend of the AJAXy reports resolve (When you press the shiny submit button).
2013-07-10 00:08:53 +00:00
* This page shouldn't output anything except in error. If you do want output, it will be put
2011-03-28 14:21:28 +00:00
* straight into the table where the report used to be. Currently output is only given when
* a collision occurs or a POST attack is detected.
*/
2013-05-04 08:00:48 +00:00
if (!check_perms('admin_reports')) {
2011-03-28 14:21:28 +00:00
error(403);
}
authorize();
//Don't escape: Log message, Admin message
2013-07-10 00:08:53 +00:00
$Escaped = db_array($_POST, array('log_message', 'admin_message', 'raw_name'));
2011-03-28 14:21:28 +00:00
//If we're here from the delete torrent page instead of the reports page.
2013-05-04 08:00:48 +00:00
if (!isset($Escaped['from_delete'])) {
2011-03-28 14:21:28 +00:00
$Report = true;
2013-05-04 08:00:48 +00:00
} elseif (!is_number($Escaped['from_delete'])) {
2013-11-01 08:01:02 +00:00
echo 'Hax occurred in from_delete';
2011-03-28 14:21:28 +00:00
} else {
$Report = false;
}
$PMMessage = $_POST['uploader_pm'];
2013-05-04 08:00:48 +00:00
if (is_number($Escaped['reportid'])) {
2011-03-28 14:21:28 +00:00
$ReportID = $Escaped['reportid'];
} else {
2013-11-01 08:01:02 +00:00
echo 'Hax occurred in the reportid';
2011-03-28 14:21:28 +00:00
die();
}
2013-05-04 08:00:48 +00:00
if ($Escaped['pm_type'] != 'Uploader') {
2011-03-28 14:21:28 +00:00
$Escaped['uploader_pm'] = '';
}
$UploaderID = (int)$Escaped['uploaderid'];
2013-05-04 08:00:48 +00:00
if (!is_number($UploaderID)) {
2013-11-01 08:01:02 +00:00
echo 'Hax occurring on the uploaderid';
2011-03-28 14:21:28 +00:00
die();
}
$Warning = (int)$Escaped['warning'];
2013-05-04 08:00:48 +00:00
if (!is_number($Warning)) {
2013-11-01 08:01:02 +00:00
echo 'Hax occurring on the warning';
2011-03-28 14:21:28 +00:00
die();
}
$CategoryID = $Escaped['categoryid'];
2013-05-04 08:00:48 +00:00
if (!isset($CategoryID)) {
2013-11-01 08:01:02 +00:00
echo 'Hax occurring on the categoryid';
2011-03-28 14:21:28 +00:00
die();
}
$TorrentID = $Escaped['torrentid'];
$RawName = $Escaped['raw_name'];
2013-07-10 00:08:53 +00:00
if (isset($Escaped['delete']) && $Cache->get_value("torrent_$TorrentID".'_lock')) {
echo "You requested to delete the torrent $TorrentID, but this is currently not possible because the upload process is still running. Please try again later.";
2013-06-27 08:01:06 +00:00
die();
}
2013-07-10 00:08:53 +00:00
if (($Escaped['resolve_type'] == 'manual' || $Escaped['resolve_type'] == 'dismiss') && $Report) {
2013-05-04 08:00:48 +00:00
if ($Escaped['comment']) {
2011-03-28 14:21:28 +00:00
$Comment = $Escaped['comment'];
} else {
2013-07-10 00:08:53 +00:00
if ($Escaped['resolve_type'] == 'manual') {
$Comment = 'Report was resolved manually.';
} elseif ($Escaped['resolve_type'] == 'dismiss') {
$Comment = 'Report was dismissed as invalid.';
2011-03-28 14:21:28 +00:00
}
}
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
$DB->query("
UPDATE reportsv2
SET
2013-07-10 00:08:53 +00:00
Status = 'Resolved',
LastChangeTime = '".sqltime()."',
2013-05-27 08:00:58 +00:00
ModComment = '$Comment',
2013-07-10 00:08:53 +00:00
ResolverID = '".$LoggedUser['ID']."'
WHERE ID = '$ReportID'
2013-05-27 08:00:58 +00:00
AND Status != 'Resolved'");
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ($DB->affected_rows() > 0) {
2011-03-28 14:21:28 +00:00
$Cache->delete_value('num_torrent_reportsv2');
2013-07-10 00:08:53 +00:00
$Cache->delete_value("reports_torrent_$TorrentID");
2011-03-28 14:21:28 +00:00
} else {
//Someone beat us to it. Inform the staffer.
?>
2012-09-01 08:00:24 +00:00
<table class="layout" cellpadding="5">
2011-03-28 14:21:28 +00:00
<tr>
<td>
<a href="reportsv2.php?view=report&amp;id=<?=$ReportID?>">Somebody has already resolved this report</a>
<input type="button" value="Clear" onclick="ClearReport(<?=$ReportID?>);" />
</td>
</tr>
</table>
<?
}
die();
}
2013-05-04 08:00:48 +00:00
if (!isset($Escaped['resolve_type'])) {
2011-03-28 14:21:28 +00:00
echo 'No resolve type';
die();
2013-05-04 08:00:48 +00:00
} elseif (array_key_exists($_POST['resolve_type'], $Types[$CategoryID])) {
2011-03-28 14:21:28 +00:00
$ResolveType = $Types[$CategoryID][$_POST['resolve_type']];
2013-07-10 00:08:53 +00:00
} elseif (array_key_exists($_POST['resolve_type'], $Types['master'])) {
2011-03-28 14:21:28 +00:00
$ResolveType = $Types['master'][$_POST['resolve_type']];
} else {
//There was a type but it wasn't an option!
echo 'HAX (Invalid Resolve Type)';
die();
}
2013-07-10 00:08:53 +00:00
$DB->query("
SELECT ID
FROM torrents
WHERE ID = $TorrentID");
$TorrentExists = ($DB->has_results());
2013-05-04 08:00:48 +00:00
if (!$TorrentExists) {
$DB->query("
UPDATE reportsv2
2013-07-10 00:08:53 +00:00
SET Status = 'Resolved',
LastChangeTime = '".sqltime()."',
ResolverID = '".$LoggedUser['ID']."',
ModComment = 'Report already dealt with (torrent deleted).'
WHERE ID = $ReportID");
2011-03-28 14:21:28 +00:00
$Cache->decrement('num_torrent_reportsv2');
}
2013-05-04 08:00:48 +00:00
if ($Report) {
2011-03-28 14:21:28 +00:00
//Resolve with a parallel check
2013-05-04 08:00:48 +00:00
$DB->query("
UPDATE reportsv2
2013-07-10 00:08:53 +00:00
SET Status = 'Resolved',
LastChangeTime = '".sqltime()."',
ResolverID = '".$LoggedUser['ID']."'
WHERE ID = $ReportID
2013-05-27 08:00:58 +00:00
AND Status != 'Resolved'");
2011-03-28 14:21:28 +00:00
}
//See if it we managed to resolve
2013-05-04 08:00:48 +00:00
if ($DB->affected_rows() > 0 || !$Report) {
2011-03-28 14:21:28 +00:00
//We did, lets do all our shit
2013-05-04 08:00:48 +00:00
if ($Report) {
$Cache->decrement('num_torrent_reportsv2');
}
2011-03-28 14:21:28 +00:00
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if (isset($Escaped['upload'])) {
2011-03-28 14:21:28 +00:00
$Upload = true;
} else {
$Upload = false;
}
2013-07-10 00:08:53 +00:00
if ($_POST['resolve_type'] == 'tags_lots') {
$DB->query("
INSERT IGNORE INTO torrents_bad_tags
(TorrentID, UserID, TimeAdded)
VALUES
($TorrentID, ".$LoggedUser['ID']." , '".sqltime()."')");
$DB->query("
SELECT GroupID
FROM torrents
WHERE ID = $TorrentID");
2011-03-28 14:21:28 +00:00
list($GroupID) = $DB->next_record();
2013-07-10 00:08:53 +00:00
$Cache->delete_value("torrents_details_$GroupID");
2011-03-28 14:21:28 +00:00
$SendPM = true;
}
2013-07-10 00:08:53 +00:00
if ($_POST['resolve_type'] == 'folders_bad') {
$DB->query("
INSERT IGNORE INTO torrents_bad_folders
(TorrentID, UserID, TimeAdded)
VALUES
($TorrentID, ".$LoggedUser['ID'].", '".sqltime()."')");
$DB->query("
SELECT GroupID
FROM torrents
WHERE ID = $TorrentID");
2011-03-28 14:21:28 +00:00
list($GroupID) = $DB->next_record();
2013-07-10 00:08:53 +00:00
$Cache->delete_value("torrents_details_$GroupID");
2011-03-28 14:21:28 +00:00
$SendPM = true;
}
2013-07-10 00:08:53 +00:00
if ($_POST['resolve_type'] == 'filename') {
$DB->query("
INSERT IGNORE INTO torrents_bad_files
(TorrentID, UserID, TimeAdded)
VALUES
($TorrentID, ".$LoggedUser['ID'].", '".sqltime()."')");
$DB->query("
SELECT GroupID
FROM torrents
WHERE ID = $TorrentID");
2011-03-28 14:21:28 +00:00
list($GroupID) = $DB->next_record();
2013-07-10 00:08:53 +00:00
$Cache->delete_value("torrents_details_$GroupID");
2011-03-28 14:21:28 +00:00
$SendPM = true;
}
2013-02-22 08:00:24 +00:00
2016-01-09 08:00:28 +00:00
if ($_POST['resolve_type'] == 'lossyapproval') {
$DB->query("
INSERT INTO torrents_lossymaster_approved
VALUES ($TorrentID, ".$LoggedUser['ID'].", '".sqltime()."')");
$DB->query("
SELECT GroupID
FROM torrents
WHERE ID = $TorrentID");
list($GroupID) = $DB->next_record();
$Cache->delete_value("torrents_details_$GroupID");
}
2011-03-28 14:21:28 +00:00
//Log and delete
2013-05-04 08:00:48 +00:00
if (isset($Escaped['delete']) && check_perms('users_mod')) {
2013-07-10 00:08:53 +00:00
$DB->query("
SELECT Username
FROM users_main
WHERE ID = $UploaderID");
2011-03-28 14:21:28 +00:00
list($UpUsername) = $DB->next_record();
2013-07-10 00:08:53 +00:00
$Log = "Torrent $TorrentID ($RawName) uploaded by $UpUsername was deleted by ".$LoggedUser['Username'];
$Log .= ($Escaped['resolve_type'] == 'custom' ? '' : ' for the reason: '.$ResolveType['title'].".");
if (isset($Escaped['log_message']) && $Escaped['log_message'] != '') {
$Log .= ' ( '.$Escaped['log_message'].' )';
2011-03-28 14:21:28 +00:00
}
2013-07-10 00:08:53 +00:00
$DB->query("
SELECT GroupID, hex(info_hash)
FROM torrents
WHERE ID = $TorrentID");
2012-08-03 08:00:17 +00:00
list($GroupID, $InfoHash) = $DB->next_record();
2012-10-11 08:00:15 +00:00
Torrents::delete_torrent($TorrentID, 0, $ResolveType['reason']);
2013-02-22 08:00:24 +00:00
2012-08-03 08:00:17 +00:00
//$InfoHash = unpack("H*", $InfoHash);
2013-07-10 00:08:53 +00:00
$Log .= ' ('.strtoupper($InfoHash).')';
2012-10-11 08:00:15 +00:00
Misc::write_log($Log);
2013-07-10 00:08:53 +00:00
$Log = 'deleted torrent for the reason: '.$ResolveType['title'].'. ( '.$Escaped['log_message'].' )';
2012-10-11 08:00:15 +00:00
Torrents::write_group_log($GroupID, $TorrentID, $LoggedUser['ID'], $Log, 0);
2011-03-28 14:21:28 +00:00
} else {
2013-07-10 00:08:53 +00:00
$Log = "No log message (torrent wasn't deleted).";
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
//Warnings / remove upload
2013-05-04 08:00:48 +00:00
if ($Upload) {
2013-07-10 00:08:53 +00:00
$Cache->begin_transaction("user_info_heavy_$UploaderID");
2011-03-28 14:21:28 +00:00
$Cache->update_row(false, array('DisableUpload' => '1'));
$Cache->commit_transaction(0);
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
$DB->query("
UPDATE users_info
2013-07-10 00:08:53 +00:00
SET DisableUpload = '1'
WHERE UserID = $UploaderID");
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ($Warning > 0) {
$WarnLength = $Warning * (7 * 24 * 60 * 60);
2013-07-10 00:08:53 +00:00
$Reason = "Uploader of torrent ($TorrentID) $RawName which was resolved with the preset: ".$ResolveType['title'].'.';
2013-05-04 08:00:48 +00:00
if ($Escaped['admin_message']) {
2013-07-10 00:08:53 +00:00
$Reason .= ' ('.$Escaped['admin_message'].').';
2011-03-28 14:21:28 +00:00
}
2013-05-04 08:00:48 +00:00
if ($Upload) {
2013-07-10 00:08:53 +00:00
$Reason .= ' (Upload privileges removed).';
2011-03-28 14:21:28 +00:00
}
2012-10-11 08:00:15 +00:00
Tools::warn_user($UploaderID, $WarnLength, $Reason);
2011-03-28 14:21:28 +00:00
} else {
//This is a bitch for people that don't warn but do other things, it makes me sad.
2013-04-19 08:00:55 +00:00
$AdminComment = '';
2013-05-04 08:00:48 +00:00
if ($Upload) {
2011-03-28 14:21:28 +00:00
//They removed upload
2013-07-10 00:08:53 +00:00
$AdminComment .= 'Upload privileges removed by '.$LoggedUser['Username'];
$AdminComment .= "\nReason: Uploader of torrent ($TorrentID) ".db_string($RawName).' which was resolved with the preset: '.$ResolveType['title'].". (Report ID: $ReportID)";
2011-03-28 14:21:28 +00:00
}
2013-05-04 08:00:48 +00:00
if ($Escaped['admin_message']) {
2011-03-28 14:21:28 +00:00
//They did nothing of note, but still want to mark it (Or upload and mark)
2013-07-10 00:08:53 +00:00
$AdminComment .= ' ('.$Escaped['admin_message'].')';
2011-03-28 14:21:28 +00:00
}
2013-05-04 08:00:48 +00:00
if ($AdminComment) {
2013-07-10 00:08:53 +00:00
$AdminComment = date('Y-m-d') . " - $AdminComment\n\n";
2013-02-22 08:00:24 +00:00
2013-07-10 00:08:53 +00:00
$DB->query("
UPDATE users_info
SET AdminComment = CONCAT('".db_string($AdminComment)."', AdminComment)
WHERE UserID = '".db_string($UploaderID)."'");
2011-03-28 14:21:28 +00:00
}
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
//PM
2013-05-04 08:00:48 +00:00
if ($Escaped['uploader_pm'] || $Warning > 0 || isset($Escaped['delete']) || $SendPM) {
if (isset($Escaped['delete'])) {
2013-11-05 08:01:12 +00:00
$PM = '[url='.site_url()."torrents.php?torrentid=$TorrentID]Your above torrent[/url] was reported and has been deleted.\n\n";
2011-03-28 14:21:28 +00:00
} else {
2013-11-05 08:01:12 +00:00
$PM = '[url='.site_url()."torrents.php?torrentid=$TorrentID]Your above torrent[/url] was reported but not deleted.\n\n";
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2011-03-28 14:21:28 +00:00
$Preset = $ResolveType['resolve_options']['pm'];
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ($Preset != '') {
2013-11-01 08:01:02 +00:00
$PM .= "Reason: $Preset\n\n";
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ($Warning > 0) {
2013-11-05 08:01:12 +00:00
$PM .= "This has resulted in a [url=".site_url()."wiki.php?action=article&amp;id=218]$Warning week warning.[/url]\n\n";
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ($Upload) {
2013-11-01 08:01:02 +00:00
$PM .= 'This has '.($Warning > 0 ? 'also ' : '')."resulted in the loss of your upload privileges.\n\n";
2011-03-28 14:21:28 +00:00
}
2013-05-04 08:00:48 +00:00
if ($Log) {
2013-11-01 08:01:02 +00:00
$PM .= "Log Message: $Log\n\n";
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2013-05-04 08:00:48 +00:00
if ($Escaped['uploader_pm']) {
2013-11-01 08:01:02 +00:00
$PM .= "Message from ".$LoggedUser['Username'].": $PMMessage\n\n";
2011-03-28 14:21:28 +00:00
}
2013-02-22 08:00:24 +00:00
2013-11-01 08:01:02 +00:00
$PM .= "Report was handled by [user]".$LoggedUser['Username'].'[/user].';
2013-02-22 08:00:24 +00:00
2013-03-10 08:00:41 +00:00
Misc::send_pm($UploaderID, 0, $Escaped['raw_name'], $PM);
2011-03-28 14:21:28 +00:00
}
2013-07-10 00:08:53 +00:00
$Cache->delete_value("reports_torrent_$TorrentID");
2013-02-22 08:00:24 +00:00
2013-10-10 08:01:46 +00:00
// Now we've done everything, update the DB with values
2013-05-04 08:00:48 +00:00
if ($Report) {
2013-07-10 00:08:53 +00:00
$DB->query("
UPDATE reportsv2
SET
Type = '".$Escaped['resolve_type']."',
LogMessage = '".db_string($Log)."',
ModComment = '".$Escaped['comment']."'
WHERE ID = $ReportID");
2011-03-28 14:21:28 +00:00
}
} else {
2013-10-10 08:01:46 +00:00
// Someone beat us to it. Inform the staffer.
2011-03-28 14:21:28 +00:00
?>
2013-10-10 08:01:46 +00:00
<a href="reportsv2.php?view=report&amp;id=<?=$ReportID?>">Somebody has already resolved this report</a>
<input type="button" value="Clear" onclick="ClearReport(<?=$ReportID?>);" />
2011-03-28 14:21:28 +00:00
<?
}