Gazelle/sections/reportsv2/ajax_create_report.php

<?
/*
 * This page is for creating a report using AJAX.
 * It should have the following posted fields:
 * 	[auth] => AUTH_KEY
 *	[torrentid] => TORRENT_ID
 *	[type] => TYPE
 *	[otherid] => OTHER_ID
 *
 * It should not be used on site as is, except in its current use (Switch) as it is lacking for any purpose but this.
 */

if (!check_perms('admin_reports')) {
	error(403);
}

authorize();

if (!is_number($_POST['torrentid'])) {
	echo 'No Torrent ID';
	die();
} else {
	$TorrentID = $_POST['torrentid'];
}

$DB->query("
	SELECT tg.CategoryID
	FROM torrents_group AS tg
		JOIN torrents AS t ON t.GroupID=tg.ID
	WHERE t.ID = ".$TorrentID);
if (!$DB->has_results()) {
	$Err = 'No torrent with that ID exists!';
} else {
	list($CategoryID) = $DB->next_record();
}

if (!isset($_POST['type'])) {
	echo 'Missing Type';
	die();
} else if (array_key_exists($_POST['type'], $Types[$CategoryID])) {
	$Type = $_POST['type'];
	$ReportType = $Types[$CategoryID][$Type];
} else if (array_key_exists($_POST['type'],$Types['master'])) {
	$Type = $_POST['type'];
	$ReportType = $Types['master'][$Type];
} else {
	//There was a type but it wasn't an option!
	echo 'Wrong type';
	die();
}


$ExtraID = $_POST['otherid'];

if (!empty($_POST['extra'])) {
	$Extra = db_string($_POST['extra']);
} else {
	$Extra = '';
}

if (!empty($Err)) {
	echo $Err;
	die();
}

$DB->query("
	SELECT ID
	FROM reportsv2
	WHERE TorrentID=$TorrentID
		AND ReporterID=".db_string($LoggedUser['ID'])."
		AND ReportedTime > '".time_minus(3)."'");
if ($DB->has_results()) {
	die();
}

$DB->query("
	INSERT INTO reportsv2
		(ReporterID, TorrentID, Type, UserComment, Status, ReportedTime, ExtraID)
	VALUES
		(".db_string($LoggedUser['ID']).", $TorrentID, '$Type', '$Extra', 'New', '".sqltime()."', '$ExtraID')");

$ReportID = $DB->inserted_id();

$Cache->delete_value('reports_torrent_'.$TorrentID);
$Cache->increment('num_torrent_reportsv2');

echo $ReportID;
?>