Gazelle/sections/reportsv2/ajax_take_pm.php

<?
/*
 * This is the AJAX backend for the SendNow() function.
 */

authorize();

if (!check_perms('admin_reports')) {
	echo 'HAX on premissions!';
	die();
}

$Recipient = $_POST['pm_type'];
$TorrentID = $_POST['torrentid'];

if (isset($_POST['uploader_pm']) && $_POST['uploader_pm'] != '') {
	$Message = $_POST['uploader_pm'];
} else {
	//No message given
	die();
}

if (!is_number($_POST['categoryid']) || !is_number($TorrentID)) {
	echo 'HAX on categoryid!';
	die();
} else {
	$CategoryID = $_POST['categoryid'];
}

if (array_key_exists($_POST['type'], $Types[$CategoryID])) {
	$ReportType = $Types[$CategoryID][$_POST['type']];
} else if (array_key_exists($_POST['type'], $Types['master'])) {
	$ReportType = $Types['master'][$_POST['type']];
} else {
	//There was a type but it wasn't an option!
	echo 'HAX on section type';
	die();
}

if (!isset($_POST['from_delete'])) {
	$Report = true;
} else if (!is_number($_POST['from_delete'])) {
	echo 'Hax occured in from_delete';
}

if ($Recipient == 'Uploader') {
	$ToID = $_POST['uploaderid'];
	if ($Report) {
		$Message = "You uploaded [url=https://".SSL_SITE_URL."/torrents.php?torrentid=$TorrentID]the above torrent[/url]. It has been reported for the reason: ".$ReportType['title']."\n\n$Message";
	} else {
		$Message = "I am PMing you as you are the uploader of [url=https://".SSL_SITE_URL."/torrents.php?torrentid=$TorrentID]the above torrent[/url].\n\n$Message";
	}
} else if ($Recipient == 'Reporter') {
	$ToID = $_POST['reporterid'];
	$Message = "You reported [url=https://".SSL_SITE_URL."/torrents.php?torrentid=$TorrentID]the above torrent[/url] for the reason ".$ReportType['title'].":\n[quote]".$_POST['report_reason']."[/quote]\n$Message";
} else {
	$Err = "Something went horribly wrong";
}

$Subject = $_POST['raw_name'];

if (!is_number($ToID)) {
	$Err = "Haxx occuring, non number present";
}

if ($ToID == $LoggedUser['ID']) {
	$Err = "That's you!";
}

if (isset($Err)) {
	echo $Err;
} else {
	Misc::send_pm($ToID, $LoggedUser['ID'], $Subject, $Message);
}
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<?`
			`/*`
			`* This is the AJAX backend for the SendNow() function.`
			`*/`

			`authorize();`

Empty commit 2013-05-04 08:00:48 +00:00			`if (!check_perms('admin_reports')) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`echo 'HAX on premissions!';`
			`die();`
			`}`

			`$Recipient = $_POST['pm_type'];`
			`$TorrentID = $_POST['torrentid'];`

Empty commit 2013-05-04 08:00:48 +00:00			`if (isset($_POST['uploader_pm']) && $_POST['uploader_pm'] != '') {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$Message = $_POST['uploader_pm'];`
			`} else {`
			`//No message given`
			`die();`
			`}`

Empty commit 2013-05-04 08:00:48 +00:00			`if (!is_number($_POST['categoryid']) \|\| !is_number($TorrentID)) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`echo 'HAX on categoryid!';`
			`die();`
			`} else {`
			`$CategoryID = $_POST['categoryid'];`
			`}`

			`if (array_key_exists($_POST['type'], $Types[$CategoryID])) {`
			`$ReportType = $Types[$CategoryID][$_POST['type']];`
Empty commit 2013-07-10 00:08:53 +00:00			`} else if (array_key_exists($_POST['type'], $Types['master'])) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$ReportType = $Types['master'][$_POST['type']];`
			`} else {`
			`//There was a type but it wasn't an option!`
			`echo 'HAX on section type';`
			`die();`
			`}`

Empty commit 2013-05-04 08:00:48 +00:00			`if (!isset($_POST['from_delete'])) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$Report = true;`
Empty commit 2013-05-04 08:00:48 +00:00			`} else if (!is_number($_POST['from_delete'])) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`echo 'Hax occured in from_delete';`
			`}`

Empty commit 2013-05-04 08:00:48 +00:00			`if ($Recipient == 'Uploader') {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$ToID = $_POST['uploaderid'];`
Empty commit 2013-05-04 08:00:48 +00:00			`if ($Report) {`
Empty commit 2013-07-10 00:08:53 +00:00			`$Message = "You uploaded [url=https://".SSL_SITE_URL."/torrents.php?torrentid=$TorrentID]the above torrent[/url]. It has been reported for the reason: ".$ReportType['title']."\n\n$Message";`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`} else {`
Empty commit 2013-07-10 00:08:53 +00:00			`$Message = "I am PMing you as you are the uploader of [url=https://".SSL_SITE_URL."/torrents.php?torrentid=$TorrentID]the above torrent[/url].\n\n$Message";`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`}`
Empty commit 2013-05-04 08:00:48 +00:00			`} else if ($Recipient == 'Reporter') {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$ToID = $_POST['reporterid'];`
Empty commit 2013-07-10 00:08:53 +00:00			`$Message = "You reported [url=https://".SSL_SITE_URL."/torrents.php?torrentid=$TorrentID]the above torrent[/url] for the reason ".$ReportType['title'].":\n[quote]".$_POST['report_reason']."[/quote]\n$Message";`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`} else {`
			`$Err = "Something went horribly wrong";`
			`}`

			`$Subject = $_POST['raw_name'];`

Empty commit 2013-05-04 08:00:48 +00:00			`if (!is_number($ToID)) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$Err = "Haxx occuring, non number present";`
			`}`

Empty commit 2013-05-04 08:00:48 +00:00			`if ($ToID == $LoggedUser['ID']) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$Err = "That's you!";`
			`}`

Empty commit 2013-05-04 08:00:48 +00:00			`if (isset($Err)) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`echo $Err;`
			`} else {`
Empty commit 2013-03-10 08:00:41 +00:00			`Misc::send_pm($ToID, $LoggedUser['ID'], $Subject, $Message);`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`}`