Gazelle/sections/requests/index.php

<?
enforce_login();

$RequestTax = 0.1;

// Minimum and default amount of upload to remove from the user when they vote.
// Also change in static/functions/requests.js
$MinimumVote = 20 * 1024 * 1024;

if (!empty($LoggedUser['DisableRequests'])) {
	error('Your request privileges have been removed.');
}

if (!isset($_REQUEST['action'])) {
	include(SERVER_ROOT.'/sections/requests/requests.php');
} else {
	switch ($_REQUEST['action']) {
		case 'new':
		case 'edit':
			include(SERVER_ROOT.'/sections/requests/new_edit.php');
			break;
		case 'takevote':
			include(SERVER_ROOT.'/sections/requests/takevote.php');
			break;
		case 'takefill':
			include(SERVER_ROOT.'/sections/requests/takefill.php');
			break;
		case 'takenew':
		case 'takeedit':
			include(SERVER_ROOT.'/sections/requests/takenew_edit.php');
			break;
		case 'delete':
		case 'unfill':
			include(SERVER_ROOT.'/sections/requests/interim.php');
			break;
		case 'takeunfill':
			include(SERVER_ROOT.'/sections/requests/takeunfill.php');
			break;
		case 'takedelete':
			include(SERVER_ROOT.'/sections/requests/takedelete.php');
			break;
		case 'view':
		case 'viewrequest':
			include(SERVER_ROOT.'/sections/requests/request.php');
			break;
		case 'reply':
			authorize();

			enforce_login();
			if (!isset($_POST['requestid']) || !is_number($_POST['requestid']) || $_POST['body'] === '' || !isset($_POST['body'])) {
				error(0);
			}
			if ($LoggedUser['DisablePosting']) {
				error('Your posting privileges have been removed.');
			}

			$RequestID = $_POST['requestid'];
			if (!$RequestID) {
				error(404);
			}

			$DB->query("
				SELECT
					CEIL((
						SELECT COUNT(ID)+1
						FROM requests_comments AS rc
						WHERE rc.RequestID='".$RequestID."'
						)/".TORRENT_COMMENTS_PER_PAGE."
					) AS Pages");
			list($Pages) = $DB->next_record();

			$DB->query("
				INSERT INTO requests_comments (RequestID,AuthorID,AddedTime,Body)
				VALUES ('$RequestID', '".db_string($LoggedUser['ID'])."','".sqltime()."','".db_string($_POST['body'])."')");
			$PostID = $DB->inserted_id();

			$CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $Pages - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
			$Cache->begin_transaction('request_comments_'.$RequestID.'_catalogue_'.$CatalogueID);
			$Post = array(
				'ID'=>$PostID,
				'AuthorID'=>$LoggedUser['ID'],
				'AddedTime'=>sqltime(),
				'Body'=>$_POST['body'],
				'EditedUserID'=>0,
				'EditedTime'=>'0000-00-00 00:00:00',
				'Username'=>''
				);
			$Cache->insert('', $Post);
			$Cache->commit_transaction(0);
			$Cache->increment('request_comments_'.$RequestID);

			header('Location: requests.php?action=view&id='.$RequestID.'&page='.$Pages);
		break;

		case 'get_post':
			enforce_login();
			if (!$_GET['post'] || !is_number($_GET['post'])) {
				error(0);
			}
			$DB->query("SELECT Body FROM requests_comments WHERE ID='".db_string($_GET['post'])."'");
			list($Body) = $DB->next_record(MYSQLI_NUM);

			echo trim($Body);
			break;

		case 'takeedit_comment':
			enforce_login();
			authorize();

			include(SERVER_ROOT.'/classes/text.class.php'); // Text formatting class
			$Text = new TEXT;

			// Quick SQL injection check
			if (!$_POST['post'] || !is_number($_POST['post'])) {
				error(0);
			}

			// Mainly
			$DB->query("
				SELECT
					rc.Body,
					rc.AuthorID,
					rc.RequestID,
					rc.AddedTime
				FROM requests_comments AS rc
				WHERE rc.ID='".db_string($_POST['post'])."'");
			list($OldBody, $AuthorID,$RequestID,$AddedTime)=$DB->next_record();

			$DB->query("
				SELECT ceil(COUNT(ID) / ".POSTS_PER_PAGE.") AS Page
				FROM requests_comments
				WHERE RequestID = $RequestID
					AND ID <= $_POST[post]");
			list($Page) = $DB->next_record();

			if ($LoggedUser['ID'] != $AuthorID && !check_perms('site_moderate_forums')) {
				error(404);
			}
			if ($DB->record_count() == 0) {
				error(404);
			}

			// Perform the update
			$DB->query("
				UPDATE requests_comments
				SET
					Body = '".db_string($_POST['body'])."',
					EditedUserID = '".db_string($LoggedUser['ID'])."',
					EditedTime = '".sqltime()."'
				WHERE ID='".db_string($_POST['post'])."'");

			// Update the cache
			$CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE*$Page-TORRENT_COMMENTS_PER_PAGE)/THREAD_CATALOGUE);
			$Cache->begin_transaction('request_comments_'.$RequestID.'_catalogue_'.$CatalogueID);

			$Cache->update_row($_POST['key'], array(
				'ID'=>$_POST['post'],
				'AuthorID'=>$AuthorID,
				'AddedTime'=>$AddedTime,
				'Body'=>$_POST['body'],
				'EditedUserID'=>db_string($LoggedUser['ID']),
				'EditedTime'=>sqltime(),
				'Username'=>$LoggedUser['Username']
			));
			$Cache->commit_transaction(0);

			$DB->query("
				INSERT INTO comments_edits (Page, PostID, EditUser, EditTime, Body)
				VALUES ('requests', ".db_string($_POST['post']).", ".db_string($LoggedUser['ID']).", '".sqltime()."', '".db_string($OldBody)."')");

			// This gets sent to the browser, which echoes it in place of the old body
			echo $Text->full_format($_POST['body']);
			break;

		case 'delete_comment':
			enforce_login();
			authorize();

			// Quick SQL injection check
			if (!$_GET['postid'] || !is_number($_GET['postid'])) {
				error(0);
			}

			// Make sure they are moderators
			if (!check_perms('site_moderate_forums')) {
				error(403);
			}

			// Get topicid, forumid, number of pages
			$DB->query("
				SELECT DISTINCT
					RequestID,
					CEIL(COUNT(rc.ID)/".TORRENT_COMMENTS_PER_PAGE.") AS Pages,
					CEIL(SUM(IF(rc.ID<=".$_GET['postid'].",1,0))/".TORRENT_COMMENTS_PER_PAGE.") AS Page
				FROM requests_comments AS rc
				WHERE rc.RequestID=(
						SELECT RequestID
						FROM requests_comments
						WHERE ID='".db_string($_GET['postid'])."'
						)");
			list($RequestID,$Pages,$Page) = $DB->next_record();

			// $Pages = number of pages in the thread
			// $Page = which page the post is on
			// These are set for cache clearing.

			$DB->query("DELETE FROM requests_comments WHERE ID='".db_string($_GET['postid'])."'");

			//We need to clear all subsequential catalogues as they've all been bumped with the absence of this post
			$ThisCatalogue = floor((TORRENT_COMMENTS_PER_PAGE * $Page - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
			$LastCatalogue = floor((TORRENT_COMMENTS_PER_PAGE * $Pages - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
			for ($i = $ThisCatalogue; $i <= $LastCatalogue; $i++) {
				$Cache->delete('request_comments_'.$RequestID.'_catalogue_'.$i);
			}

			// Delete thread info cache (eg. number of pages)
			$Cache->delete('request_comments_'.$GroupID);
		break;
		case 'warn' :
			include(SERVER_ROOT.'/sections/requests/warn.php');
			break;
		case 'take_warn' :
			include(SERVER_ROOT.'/sections/requests/take_warn.php');
			break;
		default:
			error(0);
	}
}
?>
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<?`
			`enforce_login();`

7 changes from Mon Aug 22 02:37:20 2011 +0200 to Mon Aug 22 03:16:48 2011 +0000 empty fix relative date display fixes http://what.cd/forums.php?action=viewthread&threadid=138447 2011-08-22 08:00:05 +00:00			`$RequestTax = 0.1;`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00
[BBCode] add [sa] tag for sarky prevent somebody from using a single valid account to guess passwords unlimited times indentation 2011-06-27 08:00:06 +00:00			`// Minimum and default amount of upload to remove from the user when they vote.`
			`// Also change in static/functions/requests.js`
Empty commit 2013-04-30 18:18:07 +00:00			`$MinimumVote = 20 * 1024 * 1024;`
[BBCode] add [sa] tag for sarky prevent somebody from using a single valid account to guess passwords unlimited times indentation 2011-06-27 08:00:06 +00:00
Empty commit 2013-04-30 18:18:07 +00:00			`if (!empty($LoggedUser['DisableRequests'])) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`error('Your request privileges have been removed.');`
			`}`

Empty commit 2013-04-30 18:18:07 +00:00			`if (!isset($_REQUEST['action'])) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`include(SERVER_ROOT.'/sections/requests/requests.php');`
			`} else {`
Empty commit 2013-05-01 08:00:16 +00:00			`switch ($_REQUEST['action']) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`case 'new':`
			`case 'edit':`
			`include(SERVER_ROOT.'/sections/requests/new_edit.php');`
			`break;`
			`case 'takevote':`
			`include(SERVER_ROOT.'/sections/requests/takevote.php');`
			`break;`
			`case 'takefill':`
			`include(SERVER_ROOT.'/sections/requests/takefill.php');`
			`break;`
			`case 'takenew':`
			`case 'takeedit':`
			`include(SERVER_ROOT.'/sections/requests/takenew_edit.php');`
			`break;`
			`case 'delete':`
			`case 'unfill':`
			`include(SERVER_ROOT.'/sections/requests/interim.php');`
			`break;`
			`case 'takeunfill':`
			`include(SERVER_ROOT.'/sections/requests/takeunfill.php');`
			`break;`
			`case 'takedelete':`
			`include(SERVER_ROOT.'/sections/requests/takedelete.php');`
			`break;`
			`case 'view':`
			`case 'viewrequest':`
			`include(SERVER_ROOT.'/sections/requests/request.php');`
			`break;`
			`case 'reply':`
			`authorize();`

			`enforce_login();`
Empty commit 2013-04-30 18:18:07 +00:00			`if (!isset($_POST['requestid']) \|\| !is_number($_POST['requestid']) \|\| $_POST['body'] === '' \|\| !isset($_POST['body'])) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`error(0);`
			`}`
Empty commit 2013-04-30 18:18:07 +00:00			`if ($LoggedUser['DisablePosting']) {`
Empty commit 2013-05-05 08:00:31 +00:00			`error('Your posting privileges have been removed.');`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`}`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$RequestID = $_POST['requestid'];`
Empty commit 2013-04-30 18:18:07 +00:00			`if (!$RequestID) {`
			`error(404);`
			`}`
Empty commit 2013-02-22 08:00:24 +00:00
Empty commit 2013-05-05 08:00:31 +00:00			`$DB->query("`
			`SELECT`
			`CEIL((`
			`SELECT COUNT(ID)+1`
			`FROM requests_comments AS rc`
			`WHERE rc.RequestID='".$RequestID."'`
			`)/".TORRENT_COMMENTS_PER_PAGE."`
			`) AS Pages");`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`list($Pages) = $DB->next_record();`
Empty commit 2013-02-22 08:00:24 +00:00
Empty commit 2013-05-05 08:00:31 +00:00			`$DB->query("`
			`INSERT INTO requests_comments (RequestID,AuthorID,AddedTime,Body)`
			`VALUES ('$RequestID', '".db_string($LoggedUser['ID'])."','".sqltime()."','".db_string($_POST['body'])."')");`
			`$PostID = $DB->inserted_id();`
Empty commit 2013-02-22 08:00:24 +00:00
Empty commit 2013-05-05 08:00:31 +00:00			`$CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $Pages - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$Cache->begin_transaction('request_comments_'.$RequestID.'_catalogue_'.$CatalogueID);`
			`$Post = array(`
			`'ID'=>$PostID,`
			`'AuthorID'=>$LoggedUser['ID'],`
			`'AddedTime'=>sqltime(),`
			`'Body'=>$_POST['body'],`
			`'EditedUserID'=>0,`
			`'EditedTime'=>'0000-00-00 00:00:00',`
			`'Username'=>''`
			`);`
			`$Cache->insert('', $Post);`
			`$Cache->commit_transaction(0);`
			`$Cache->increment('request_comments_'.$RequestID);`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`header('Location: requests.php?action=view&id='.$RequestID.'&page='.$Pages);`
			`break;`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`case 'get_post':`
			`enforce_login();`
Empty commit 2013-04-30 18:18:07 +00:00			`if (!$_GET['post'] \|\| !is_number($_GET['post'])) {`
			`error(0);`
			`}`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$DB->query("SELECT Body FROM requests_comments WHERE ID='".db_string($_GET['post'])."'");`
			`list($Body) = $DB->next_record(MYSQLI_NUM);`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`echo trim($Body);`
			`break;`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`case 'takeedit_comment':`
			`enforce_login();`
			`authorize();`

Empty commit 2013-05-27 08:00:58 +00:00			`include(SERVER_ROOT.'/classes/text.class.php'); // Text formatting class`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$Text = new TEXT;`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`// Quick SQL injection check`
Empty commit 2013-04-30 18:18:07 +00:00			`if (!$_POST['post'] \|\| !is_number($_POST['post'])) {`
			`error(0);`
			`}`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`// Mainly`
Empty commit 2013-05-05 08:00:31 +00:00			`$DB->query("`
			`SELECT`
			`rc.Body,`
			`rc.AuthorID,`
			`rc.RequestID,`
			`rc.AddedTime`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`FROM requests_comments AS rc`
			`WHERE rc.ID='".db_string($_POST['post'])."'");`
			`list($OldBody, $AuthorID,$RequestID,$AddedTime)=$DB->next_record();`
Empty commit 2013-02-22 08:00:24 +00:00
Empty commit 2013-05-05 08:00:31 +00:00			`$DB->query("`
			`SELECT ceil(COUNT(ID) / ".POSTS_PER_PAGE.") AS Page`
			`FROM requests_comments`
			`WHERE RequestID = $RequestID`
			`AND ID <= $_POST[post]");`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`list($Page) = $DB->next_record();`
Empty commit 2013-02-22 08:00:24 +00:00
Empty commit 2013-04-30 18:18:07 +00:00			`if ($LoggedUser['ID'] != $AuthorID && !check_perms('site_moderate_forums')) {`
			`error(404);`
			`}`
			`if ($DB->record_count() == 0) {`
			`error(404);`
			`}`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`// Perform the update`
Empty commit 2013-05-05 08:00:31 +00:00			`$DB->query("`
			`UPDATE requests_comments`
			`SET`
			`Body = '".db_string($_POST['body'])."',`
			`EditedUserID = '".db_string($LoggedUser['ID'])."',`
			`EditedTime = '".sqltime()."'`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`WHERE ID='".db_string($_POST['post'])."'");`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`// Update the cache`
			`$CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE*$Page-TORRENT_COMMENTS_PER_PAGE)/THREAD_CATALOGUE);`
			`$Cache->begin_transaction('request_comments_'.$RequestID.'_catalogue_'.$CatalogueID);`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$Cache->update_row($_POST['key'], array(`
			`'ID'=>$_POST['post'],`
			`'AuthorID'=>$AuthorID,`
			`'AddedTime'=>$AddedTime,`
			`'Body'=>$_POST['body'],`
			`'EditedUserID'=>db_string($LoggedUser['ID']),`
			`'EditedTime'=>sqltime(),`
			`'Username'=>$LoggedUser['Username']`
			`));`
			`$Cache->commit_transaction(0);`
Empty commit 2013-02-22 08:00:24 +00:00
Empty commit 2013-05-05 08:00:31 +00:00			`$DB->query("`
			`INSERT INTO comments_edits (Page, PostID, EditUser, EditTime, Body)`
			`VALUES ('requests', ".db_string($_POST['post']).", ".db_string($LoggedUser['ID']).", '".sqltime()."', '".db_string($OldBody)."')");`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`// This gets sent to the browser, which echoes it in place of the old body`
			`echo $Text->full_format($_POST['body']);`
			`break;`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`case 'delete_comment':`
			`enforce_login();`
			`authorize();`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`// Quick SQL injection check`
Empty commit 2013-04-30 18:18:07 +00:00			`if (!$_GET['postid'] \|\| !is_number($_GET['postid'])) {`
			`error(0);`
			`}`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`// Make sure they are moderators`
Empty commit 2013-04-30 18:18:07 +00:00			`if (!check_perms('site_moderate_forums')) {`
			`error(403);`
			`}`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`// Get topicid, forumid, number of pages`
Empty commit 2013-05-05 08:00:31 +00:00			`$DB->query("`
			`SELECT DISTINCT`
			`RequestID,`
			`CEIL(COUNT(rc.ID)/".TORRENT_COMMENTS_PER_PAGE.") AS Pages,`
			`CEIL(SUM(IF(rc.ID<=".$_GET['postid'].",1,0))/".TORRENT_COMMENTS_PER_PAGE.") AS Page`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`FROM requests_comments AS rc`
Empty commit 2013-05-05 08:00:31 +00:00			`WHERE rc.RequestID=(`
			`SELECT RequestID`
			`FROM requests_comments`
			`WHERE ID='".db_string($_GET['postid'])."'`
			`)");`
			`list($RequestID,$Pages,$Page) = $DB->next_record();`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`// $Pages = number of pages in the thread`
			`// $Page = which page the post is on`
			`// These are set for cache clearing.`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$DB->query("DELETE FROM requests_comments WHERE ID='".db_string($_GET['postid'])."'");`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`//We need to clear all subsequential catalogues as they've all been bumped with the absence of this post`
Empty commit 2013-05-01 08:00:16 +00:00			`$ThisCatalogue = floor((TORRENT_COMMENTS_PER_PAGE * $Page - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);`
			`$LastCatalogue = floor((TORRENT_COMMENTS_PER_PAGE * $Pages - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);`
			`for ($i = $ThisCatalogue; $i <= $LastCatalogue; $i++) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$Cache->delete('request_comments_'.$RequestID.'_catalogue_'.$i);`
			`}`
Empty commit 2013-02-22 08:00:24 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`// Delete thread info cache (eg. number of pages)`
			`$Cache->delete('request_comments_'.$GroupID);`
			`break;`
Empty commit 2013-02-25 08:00:45 +00:00			`case 'warn' :`
			`include(SERVER_ROOT.'/sections/requests/warn.php');`
			`break;`
			`case 'take_warn' :`
			`include(SERVER_ROOT.'/sections/requests/take_warn.php');`
			`break;`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`default:`
			`error(0);`
			`}`
			`}`
			`?>`