Mirror/Gazelle
1
0
Fork 0
mirror of https://github.com/WhatCD/Gazelle.git synced 2024-12-13 02:46:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Empty commit

Browse Source
This commit is contained in:
Git 2013-05-01 08:00:16 +00:00
parent b055e9c6f1
commit 1ad3d86466
75 changed files with 619 additions and 552 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
classes/class_image_tools.php
View File

@ -162,7 +162,6 @@ public static function proxy_url($Url) {
* @return string
*/
public static function process($Url, $Thumb = false) {
global $LoggedUser;
if (empty($Url)) {
return '';
}
@ -182,20 +181,11 @@ public static function process($Url, $Thumb = false) {
}
}
if (isset($LoggedUser['Permissions'])) {
/*
* We only want to apply the proxy and store the processed URL if the
* permissions were loaded before. This is necessary because self::process
* is used in Users::user_info which is called in script_start.php before
* the permissions are loaded, causing the own avatar to always load without
* proxy later on.
*/
if (check_perms('site_proxy_images')) {
$ProcessedUrl = self::proxy_url($ProcessedUrl);
}
self::store($Url . ($Thumb ? '_thumb' : ''), $ProcessedUrl);
}
return $ProcessedUrl;
}

4
classes/class_sphinxqlquery.php
View File

@ -209,7 +209,7 @@ private function build_options() {
foreach ($this->Options as $Option => $Value) {
$Options[] = "$Option = $Value";
}
return implode(", ", $Options);
return implode(', ', $Options);
}
/**
@ -221,7 +221,7 @@ private function build_query() {
}
$this->QueryString = "SELECT $this->Select\nFROM $this->Indexes";
if (!empty($this->Expressions)) {
$this->Filters['expr'] = "MATCH('".implode(" ", $this->Expressions)."')";
$this->Filters['expr'] = "MATCH('".implode(' ', $this->Expressions)."')";
}
if (!empty($this->Filters)) {
$this->QueryString .= "\nWHERE ".implode("\n\tAND ", $this->Filters);

3
classes/class_torrents.php
View File

@ -466,7 +466,8 @@ public static function update_hash($GroupID) {
*/
public static function regenerate_filelist($TorrentID) {
global $DB, $Cache;
$DB->query("SELECT tg.ID,
$DB->query("
SELECT tg.ID,
tf.File
FROM torrents_files AS tf
JOIN torrents AS t ON t.ID=tf.TorrentID

3
classes/class_users.php
View File

@ -103,8 +103,6 @@ public static function user_info($UserID) {
$Cache->cache_value('user_info_'.$UserID, $UserInfo, 2592000);
}
// Image proxy
$UserInfo['Avatar'] = ImageTools::process($UserInfo['Avatar']);
return $UserInfo;
}
@ -542,6 +540,7 @@ public static function get_bookmarks ($UserID)
*/
public static function show_avatar($Avatar, $Username, $Setting, $Size=150, $ReturnHTML = True) {
global $LoggedUser;
$Avatar = ImageTools::process($Avatar);
// case 1 is avatars disabled
switch ($Setting) {
case 0:

14
sections/ajax/requests.php
View File

@ -233,25 +233,25 @@
switch ($CurrentOrder) {
case 'votes' :
$OrderBy = "Votes";
$OrderBy = 'Votes';
break;
case 'bounty' :
$OrderBy = "Bounty";
$OrderBy = 'Bounty';
break;
case 'created' :
$OrderBy = "TimeAdded";
$OrderBy = 'TimeAdded';
break;
case 'lastvote' :
$OrderBy = "LastVote";
$OrderBy = 'LastVote';
break;
case 'filled' :
$OrderBy = "TimeFilled";
$OrderBy = 'TimeFilled';
break;
case 'year' :
$OrderBy = "Year";
$OrderBy = 'Year';
break;
default :
$OrderBy = "TimeAdded";
$OrderBy = 'TimeAdded';
break;
}
//print($Way); print($OrderBy); die();

12
sections/bookmarks/index.php
View File

@ -5,7 +5,9 @@
// Number of users per page
define('BOOKMARKS_PER_PAGE', '20');
if (empty($_REQUEST['action'])) { $_REQUEST['action'] = 'view'; }
if (empty($_REQUEST['action'])) {
$_REQUEST['action'] = 'view';
}
switch ($_REQUEST['action']) {
case 'add':
require(SERVER_ROOT.'/sections/bookmarks/add.php');
@ -31,7 +33,9 @@
break;
case 'edit':
if (empty($_REQUEST['type'])) { $_REQUEST['type'] = false; }
if (empty($_REQUEST['type'])) {
$_REQUEST['type'] = false;
}
switch ($_REQUEST['type']) {
case 'torrents':
require(SERVER_ROOT.'/sections/bookmarks/edit_torrents.php');
@ -42,7 +46,9 @@
case 'view':
if (empty($_REQUEST['type'])) { $_REQUEST['type'] = 'torrents'; }
if (empty($_REQUEST['type'])) {
$_REQUEST['type'] = 'torrents';
}
switch ($_REQUEST['type']) {
case 'torrents':
require(SERVER_ROOT.'/sections/bookmarks/torrents.php');

6
sections/comments/index.php
View File

@ -8,16 +8,18 @@
require(SERVER_ROOT.'/sections/comments/post.php'); // Post formatting function.
$action = '';
if(!empty($_REQUEST['action']))
if (!empty($_REQUEST['action'])) {
$action = $_REQUEST['action'];
}
/**
* Getting a userid if applicable
*/
if (isset($_GET['id'])) {
$UserID = $_GET['id'];
if(!is_number($UserID))
if (!is_number($UserID)) {
error(404);
}
$UserInfo = Users::user_info($UserID);

12
sections/comments/post.php
View File

@ -21,26 +21,22 @@ function comment_body($UserID, $PostID, $postheader, $permalink, $Body, $EditorI
?>
<table class="forum_post box vertical_margin<?=$noavatar ? ' noavatar' : '' ?>" id="post<?=$PostID?>">
<colgroup>
<? if (empty($UserInfo['DisableAvatars'])) { ?>
<? if (Users::has_avatars_enabled()) { ?>
<col class="col_avatar" />
<? } ?>
<col class="col_post_body" />
</colgroup>
<tr class="colhead_dark">
<td colspan="<?=empty($UserInfo['DisableAvatars']) ? 2 : 1 ?>">
<td colspan="<?=Users::has_avatars_enabled() ? 2 : 1 ?>">
<span style="float: left;"><a href="<?=$permalink ?>">#<?=$PostID?></a>
<?=$postheader ?>
</span>
</td>
</tr>
<tr>
<? if (empty($HeavyInfo['DisableAvatars'])) { ?>
<? if (Users::has_avatars_enabled()) { ?>
<td class="avatar" valign="top">
<? if ($UserInfo['Avatar']) { ?>
<img src="<?=$UserInfo['Avatar']?>" width="150" alt="<?=$UserInfo['Username']?>'s avatar" />
<? } else { ?>
<img src="<?=STATIC_SERVER?>common/avatars/default.png" width="150" alt="Default avatar" />
<? } ?>
<?=Users::show_avatar($UserInfo['Avatar'], $UserInfo['Username'], $HeavyInfo['DisableAvatars'])?>
</td>
<? } ?>
<td class="body" valign="top">

2
sections/donate/index.php
View File

@ -6,7 +6,7 @@
include(SERVER_ROOT.'/sections/donate/donate.php');
} else {
switch ($_REQUEST['action']) {
case 'ipn': // Paypal hits this page when a donation is received
case 'ipn': // PayPal hits this page when a donation is received
include(SERVER_ROOT.'/sections/donate/ipn.php');
break;

12
sections/forums/newthread.php
View File

@ -46,13 +46,13 @@
<? } ?>
<table class="forum_post box vertical_margin" style="text-align: left;">
<colgroup>
<? if (empty($HeavyInfo['DisableAvatars'])) { ?>
<? if (Users::has_avatars_enabled()) { ?>
<col class="col_avatar" />
<? } ?>
<col class="col_post_body" />
</colgroup>
<tr class="colhead_dark">
<td colspan="<?=empty($HeavyInfo['DisableAvatars']) ? 2 : 1 ?>">
<td colspan="<?=Users::has_avatars_enabled() ? 2 : 1 ?>">
<span style="float: left;"><a href="#newthreadpreview">#XXXXXX</a>
by <strong><?=Users::format_username($LoggedUser['ID'], true, true, true, true, true)?></strong>
Just now
@ -65,13 +65,11 @@
</td>
</tr>
<tr>
<? if (Users::has_avatars_enabled()) { ?>
<td class="avatar" valign="top">
<? if (!empty($LoggedUser['Avatar'])) { ?>
<img src="<?=$LoggedUser['Avatar']?>" width="150" alt="<?=$LoggedUser['Username']?>'s avatar" />
<? } else { ?>
<img src="<?=STATIC_SERVER?>common/avatars/default.png" width="150" alt="Default avatar" />
<? } ?>
<?=Users::show_avatar($LoggedUser['Avatar'], $LoggedUser['Username'], $HeavyInfo['DisableAvatars'])?>
</td>
<? } ?>
<td class="body" valign="top">
<div id="contentpreview" style="text-align: left;"></div>
</td>

17
sections/friends/friends.php
View File

@ -72,7 +72,7 @@
<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
<table class="friends_table vertical_margin">
<tr class="colhead">
<td colspan="3">
<td colspan="<?=Users::has_avatars_enabled() ? 3 : 2?>">
<span style="float: left;"><?=Users::format_username($FriendID, true, true, true, true)?>
<? if (check_paranoia('ratio', $Paranoia, $Class, $FriendID)) { ?>
&nbsp;Ratio: <strong><?=Format::get_ratio_html($Uploaded, $Downloaded)?></strong>
@ -90,20 +90,15 @@
</td>
</tr>
<tr>
<td width="50px" valign="top">
<?
if (empty($HeavyInfo['DisableAvatars'])) {
if (!empty($Avatar)) { ?>
<img src="<?=ImageTools::process($Avatar)?>" alt="<?=$Username?>'s avatar" width="50px" />
<? } else { ?>
<img src="<?=STATIC_SERVER?>common/avatars/default.png" width="50px" alt="Default avatar" />
<? }
} ?>
<? if (Users::has_avatars_enabled()) { ?>
<td class="col_avatar avatar" valign="top">
<?=Users::show_avatar($Avatar, $Username, $HeavyInfo['DisableAvatars'])?>
</td>
<? }?>
<td valign="top">
<input type="hidden" name="friendid" value="<?=$FriendID?>" />
<textarea name="comment" rows="4" cols="80"><?=$Comment?></textarea>
<textarea name="comment" rows="4" cols="65"><?=$Comment?></textarea>
</td>
<td class="left" valign="top">
<input type="submit" name="action" value="Update" /><br />

11
sections/inbox/index.php
View File

@ -1,9 +1,10 @@
<?
enforce_login();
$StaffIDs = $Cache->get_value("staff_ids");
$StaffIDs = $Cache->get_value('staff_ids');
if (!is_array($StaffIDs)) {
$DB->query("SELECT m.ID, m.Username
$DB->query("
SELECT m.ID, m.Username
FROM users_main AS m
JOIN permissions AS p ON p.ID=m.PermissionID
WHERE p.DisplayStaff='1'");
@ -11,10 +12,12 @@
$StaffIDs[$StaffID] = $StaffName;
}
uasort($StaffIDs, 'strcasecmp');
$Cache->cache_value("staff_ids", $StaffIDs);
$Cache->cache_value('staff_ids', $StaffIDs);
}
if(!isset($_REQUEST['action'])) { $_REQUEST['action'] = ''; }
if (!isset($_REQUEST['action'])) {
$_REQUEST['action'] = '';
}
switch ($_REQUEST['action']) {
case 'takecompose':
require('takecompose.php');

8
sections/reports/takecompose.php
View File

@ -2,7 +2,9 @@
authorize();
if(empty($_POST['toid'])) { error(404); }
if (empty($_POST['toid'])) {
error(404);
}
if (!empty($LoggedUser['DisablePM']) && !isset($StaffIDs[$_POST['toid']])) {
error(403);
@ -15,7 +17,7 @@
$ToID = explode(',', $_POST['toid']);
foreach ($ToID as $TID) {
if (!is_number($TID)) {
$Err = "A recipient does not exist.";
$Err = 'A recipient does not exist.';
}
}
$DB->query("SELECT UserID FROM pm_conversations_users WHERE UserID='$LoggedUser[ID]' AND ConvID='$ConvID'");
@ -25,7 +27,7 @@
} else {
$ConvID = '';
if (!is_number($_POST['toid'])) {
$Err = "This recipient does not exist.";
$Err = 'This recipient does not exist.';
} else {
$ToID = $_POST['toid'];
}

2
sections/reports/takereport.php
View File

@ -1,7 +1,7 @@
<?
authorize();
if(empty($_POST['id']) || !is_number($_POST['id']) || empty($_POST['type']) || ($_POST['type'] != "request_update" && empty($_POST['reason']))) {
if (empty($_POST['id']) || !is_number($_POST['id']) || empty($_POST['type']) || ($_POST['type'] != 'request_update' && empty($_POST['reason']))) {
error(404);
}

14
sections/requests/requests.php
View File

@ -304,25 +304,25 @@
switch ($CurrentOrder) {
case 'votes' :
$OrderBy = "Votes";
$OrderBy = 'Votes';
break;
case 'bounty' :
$OrderBy = "Bounty";
$OrderBy = 'Bounty';
break;
case 'created' :
$OrderBy = "TimeAdded";
$OrderBy = 'TimeAdded';
break;
case 'lastvote' :
$OrderBy = "LastVote";
$OrderBy = 'LastVote';
break;
case 'filled' :
$OrderBy = "TimeFilled";
$OrderBy = 'TimeFilled';
break;
case 'year' :
$OrderBy = "Year";
$OrderBy = 'Year';
break;
default :
$OrderBy = "TimeAdded";
$OrderBy = 'TimeAdded';
break;
}
//print($Way); print($OrderBy); die();

3
sections/staffpm/index.php
View File

@ -1,8 +1,9 @@
<?
enforce_login();
if(!isset($_REQUEST['action']))
if (!isset($_REQUEST['action'])) {
$_REQUEST['action'] = '';
}
// Get user level
$DB->query("

11
sections/tools/managers/login_watch.php
View File

@ -1,5 +1,7 @@
<?
if(!check_perms('admin_login_watch')) { error(403); }
if (!check_perms('admin_login_watch')) {
error(403);
}
if (isset($_POST['submit']) && isset($_POST['id']) && $_POST['submit'] == 'Unban' && is_number($_POST['id'])) {
authorize();
@ -8,7 +10,8 @@
View::show_header('Login Watch');
$DB->query('SELECT
$DB->query('
SELECT
l.ID,
l.IP,
l.UserID,
@ -31,7 +34,9 @@
<td>Bans</td>
<td>Remaining</td>
<td>Submit</td>
<? if(check_perms('admin_manage_ipbans')) { ?> <td>Submit</td><? } ?>
<? if (check_perms('admin_manage_ipbans')) { ?>
<td>Submit</td>
<? } ?>
</tr>
<?
$Row = 'b';

9
sections/top10/tags.php
View File

@ -31,7 +31,8 @@
if ($Details == 'all' || $Details == 'ut') {
if (!$TopUsedTags = $Cache->get_value('topusedtag_'.$Limit)) {
$DB->query("SELECT
$DB->query("
SELECT
t.ID,
t.Name,
COUNT(tt.GroupID) AS Uses,
@ -51,7 +52,8 @@
if ($Details == 'all' || $Details == 'ur') {
if (!$TopRequestTags = $Cache->get_value('toprequesttag_'.$Limit)) {
$DB->query("SELECT
$DB->query("
SELECT
t.ID,
t.Name,
COUNT(r.RequestID) AS Uses,
@ -70,7 +72,8 @@
if ($Details == 'all' || $Details == 'v') {
if (!$TopVotedTags = $Cache->get_value('topvotedtag_'.$Limit)) {
$DB->query("SELECT
$DB->query("
SELECT
t.ID,
t.Name,
COUNT(tt.GroupID) AS Uses,

3
sections/top10/users.php
View File

@ -28,7 +28,8 @@
$Limit = isset($_GET['limit']) ? intval($_GET['limit']) : 10;
$Limit = in_array($Limit, array(10,100,250)) ? $Limit : 10;
$BaseQuery = "SELECT
$BaseQuery = "
SELECT
u.ID,
ui.JoinDate,
u.Uploaded,

1
sections/torrents/add_tag.php
View File

@ -33,7 +33,6 @@
}
$DB->query("INSERT INTO torrents_tags
(TagID, GroupID, PositiveVotes, UserID) VALUES
('$TagID', '$GroupID', '3', '$UserID')

12
sections/torrents/editgroup.php
View File

@ -14,7 +14,9 @@
************************************************************************/
$GroupID = $_GET['groupid'];
if(!is_number($GroupID) || !$GroupID) { error(0); }
if (!is_number($GroupID) || !$GroupID) {
error(0);
}
// Get the artist name and the body of the last revision
$DB->query("SELECT
@ -32,10 +34,14 @@
FROM torrents_group AS tg
LEFT JOIN wiki_torrents AS wt ON wt.RevisionID=tg.RevisionID
WHERE tg.ID='$GroupID'");
if($DB->record_count() == 0) { error(404); }
if ($DB->record_count() == 0) {
error(404);
}
list($Name, $Image, $Body, $WikiImage, $WikiBody, $Year, $RecordLabel, $CatalogueNumber, $ReleaseType, $CategoryID, $VanityHouse) = $DB->next_record();
if(!$Body) { $Body = $WikiBody; $Image = $WikiImage; }
if (!$Body) {
$Body = $WikiBody; $Image = $WikiImage;
}
View::show_header('Edit torrent group');

4
sections/torrents/editgroupid.php
View File

@ -5,7 +5,9 @@
* torrent.
****************************************************************/
if(!check_perms('torrents_edit')) { error(403); }
if (!check_perms('torrents_edit')) {
error(403);
}
$OldGroupID = $_POST['oldgroupid'];
$GroupID = $_POST['groupid'];

11
sections/torrents/history.php
View File

@ -11,11 +11,10 @@
************************************************************************/
$GroupID = $_GET['groupid'];
if(!is_number($GroupID) || !$GroupID) { error(0); }
if (!is_number($GroupID) || !$GroupID) {
error(0);
}
include(SERVER_ROOT.'/classes/class_wiki.php'); // Wiki class
$Wiki = new WIKI('wiki_torrents', $GroupID, "/torrents.php?id=$GroupID");
@ -24,7 +23,9 @@
$DB->query("SELECT Name FROM torrents_group WHERE ID='$GroupID'");
list($Name) = $DB->next_record();
if(!$Name) { error(404); }
if (!$Name) {
error(404);
}
View::show_header("Revision history for $Name"); // Set title

6
sections/torrents/manage_artists.php
View File

@ -35,10 +35,12 @@
$DB->query("DELETE FROM torrents_artists WHERE GroupID = '$GroupID' AND ArtistID = '$ArtistID' AND Importance = '$Importance'");
$Cache->delete_value('artist_groups_'.$ArtistID);
}
$DB->query("SELECT ArtistID
$DB->query("
SELECT ArtistID
FROM requests_artists
WHERE ArtistID IN (".$ArtistsString.")
UNION SELECT ArtistID
UNION
SELECT ArtistID
FROM torrents_artists
WHERE ArtistID IN (".$ArtistsString.")");
$Items = $DB->collect('ArtistID');

11
sections/torrents/masspm.php
View File

@ -1,9 +1,12 @@
<?
if(!isset($_GET['id']) || !is_number($_GET['id']) || !isset($_GET['torrentid']) || !is_number($_GET['torrentid'])) { error(0); }
if (!isset($_GET['id']) || !is_number($_GET['id']) || !isset($_GET['torrentid']) || !is_number($_GET['torrentid'])) {
error(0);
}
$GroupID = $_GET['id'];
$TorrentID = $_GET['torrentid'];
$DB->query("SELECT
$DB->query("
SELECT
t.Media,
t.Format,
t.Encoding AS Bitrate,
@ -30,7 +33,9 @@
list($Properties) = $DB->to_array(false,MYSQLI_BOTH);
if(!$Properties) { error(404); }
if (!$Properties) {
error(404);
}
View::show_header('Edit torrent', 'upload');

12
sections/torrents/merge.php
View File

@ -1,12 +1,18 @@
<?
if(!check_perms('torrents_edit')) { error(403); }
if (!check_perms('torrents_edit')) {
error(403);
}
$GroupID = $_POST['groupid'];
$OldGroupID = $GroupID;
$NewGroupID = db_string($_POST['targetgroupid']);
if(!$GroupID || !is_number($GroupID)) { error(404); }
if(!$NewGroupID || !is_number($NewGroupID)) { error(404); }
if (!$GroupID || !is_number($GroupID)) {
error(404);
}
if (!$NewGroupID || !is_number($NewGroupID)) {
error(404);
}
if ($NewGroupID == $GroupID) {
error('Old group ID is the same as new group ID!');
}

11
sections/torrents/peerlist.php
View File

@ -1,5 +1,7 @@
<?
if(!isset($_GET['torrentid']) || !is_number($_GET['torrentid'])) { error(404); }
if (!isset($_GET['torrentid']) || !is_number($_GET['torrentid'])) {
error(404);
}
$TorrentID = $_GET['torrentid'];
if (!empty($_GET['page']) && is_number($_GET['page'])) {
@ -10,7 +12,8 @@
$Limit = 100;
}
$Result = $DB->query("SELECT SQL_CALC_FOUND_ROWS
$Result = $DB->query("
SELECT SQL_CALC_FOUND_ROWS
xu.uid,
t.Size,
xu.active,
@ -49,8 +52,8 @@
?>
<tr>
<td><?=Users::format_username($PeerUserID, false, false, false)?></td>
<td><?= ($Active) ? '<span style="color:green">Yes</span>' : '<span style="color:red">No</span>' ?></td>
<td><?= ($Connectable) ? '<span style="color:green">Yes</span>' : '<span style="color:red">No</span>' ?></td>
<td><?= ($Active) ? '<span style="color: green;">Yes</span>' : '<span style="color: red;">No</span>' ?></td>
<td><?= ($Connectable) ? '<span style="color: green;">Yes</span>' : '<span style="color: red;">No</span>' ?></td>
<td><?=Format::get_size($Uploaded) ?></td>
<td><?=number_format(($Size - $Remaining) / $Size * 100, 2)?></td>
<td><?=display_str($UserAgent)?></td>

14
sections/torrents/rename.php
View File

@ -5,13 +5,17 @@
$OldGroupID = $GroupID;
$NewName = $_POST['name'];
if(!$GroupID || !is_number($GroupID)) { error(404); }
if(empty($NewName)) {
error("Albums can't have no name");
if (!$GroupID || !is_number($GroupID)) {
error(404);
}
if(!check_perms('torrents_edit')) { error(403); }
if (empty($NewName)) {
error('Albums must have a name');
}
if (!check_perms('torrents_edit')) {
error(403);
}
$DB->query("SELECT Name FROM torrents_group WHERE ID = ".$GroupID);
list($OldName) = $DB->next_record(MYSQLI_NUM, false);

7
sections/torrents/snatchlist.php
View File

@ -1,5 +1,7 @@
<?
if(!isset($_GET['torrentid']) || !is_number($_GET['torrentid']) || !check_perms('site_view_torrent_snatchlist')) { error(404); }
if (!isset($_GET['torrentid']) || !is_number($_GET['torrentid']) || !check_perms('site_view_torrent_snatchlist')) {
error(404);
}
$TorrentID = $_GET['torrentid'];
if (!empty($_GET['page']) && is_number($_GET['page'])) {
@ -10,7 +12,8 @@
$Limit = 100;
}
$Result = $DB->query("SELECT SQL_CALC_FOUND_ROWS
$Result = $DB->query("
SELECT SQL_CALC_FOUND_ROWS
xs.uid,
xs.tstamp
FROM xbt_snatched AS xs

4
sections/torrents/takedelete.php
View File

@ -2,7 +2,9 @@
authorize();
$TorrentID = $_POST['torrentid'];
if(!$TorrentID || !is_number($TorrentID)) { error(404); }
if (!$TorrentID || !is_number($TorrentID)) {
error(404);
}
$DB->query("SELECT
t.UserID,

16
sections/torrents/takegroupedit.php
View File

@ -11,7 +11,9 @@
}
// End injection check
if(!check_perms('site_edit_wiki')) { error(403); }
if (!check_perms('site_edit_wiki')) {
error(403);
}
// Variables for database input
$UserID = $LoggedUser['ID'];
@ -25,7 +27,9 @@
if (!empty($_GET['action']) && $_GET['action'] == 'revert') { // if we're reverting to a previous revision
$RevisionID=$_GET['revisionid'];
if(!is_number($RevisionID)) { error(0); }
if (!is_number($RevisionID)) {
error(0);
}
// to cite from merge: "Everything is legit, let's just confim they're not retarded"
if (empty($_GET['confirm'])) {
@ -90,7 +94,9 @@
else { // revert
$DB->query("SELECT PageID,Body,Image FROM wiki_torrents WHERE RevisionID='$RevisionID'");
list($PossibleGroupID, $Body, $Image) = $DB->next_record();
if($PossibleGroupID != $GroupID) { error(404); }
if ($PossibleGroupID != $GroupID) {
error(404);
}
$DB->query("INSERT INTO wiki_torrents (PageID, Body, Image, UserID, Summary, Time)
SELECT '$GroupID', Body, Image, '$UserID', 'Reverted to revision $RevisionID', '".sqltime()."'
@ -105,7 +111,7 @@
// Update torrents table (technically, we don't need the RevisionID column, but we can use it for a join which is nice and fast)
$DB->query("UPDATE torrents_group SET
RevisionID='$RevisionID',
".((isset($VanityHouse)) ? "VanityHouse='$VanityHouse'," : "")."
".((isset($VanityHouse)) ? "VanityHouse='$VanityHouse'," : '')."
WikiBody='$Body',
WikiImage='$Image'
WHERE ID='$GroupID'");
@ -150,7 +156,7 @@
$DB->query("SELECT ID FROM torrents WHERE GroupID = ".$GroupID);
if ($DB->record_count()) {
$TorrentIDs = implode(",", $DB->collect('ID'));
$TorrentIDs = implode(',', $DB->collect('ID'));
$DB->query("SELECT DISTINCT uid FROM xbt_snatched WHERE fid IN (".$TorrentIDs.")");
$Snatchers = $DB->collect('uid');
foreach ($Snatchers as $UserID) {

4
sections/torrents/takenewgroup.php
View File

@ -6,7 +6,9 @@
authorize();
if(!check_perms('torrents_edit')) { error(403); }
if (!check_perms('torrents_edit')) {
error(403);
}
$OldGroupID = $_POST['oldgroupid'];
$TorrentID = $_POST['torrentid'];

10
sections/torrents/warn.php
View File

@ -1,5 +1,7 @@
<?php
if (!check_perms('users_warn')) { error(404);}
if (!check_perms('users_warn')) {
error(404);
}
Misc::assert_isset_request($_POST, array('groupid', 'postid', 'userid', 'key'));
$GroupID = (int) $_POST['groupid'];
@ -43,19 +45,19 @@
<option value="1">1 week</option>
<option value="2">2 weeks</option>
<option value="4">4 weeks</option>
<? if(check_perms("users_mod")) { ?>
<? if (check_perms('users_mod')) { ?>
<option value="8">8 weeks</option>
<? } ?>
</select></td>
</tr>
<tr>
<td class="label">Private Message:</td>
<td class="label">Private message:</td>
<td>
<textarea id="message" style="width: 95%;" tabindex="1" onkeyup="resize('message');" name="privatemessage" cols="90" rows="4"></textarea>
</td>
</tr>
<tr>
<td class="label">Edit Post:</td>
<td class="label">Edit post:</td>
<td>
<textarea id="body" style="width: 95%;" tabindex="1" onkeyup="resize('body');" name="body" cols="90" rows="8"><?=$PostBody?></textarea>
<br />

18
sections/user/connchecker.php
View File

@ -14,14 +14,26 @@
$Octets[2] > 255 ||
$Octets[3] < 0 ||
$Octets[3] > 255 ||
/*
* Per RFC 1918, the following CIDR blocks should never be found on the public Internet.
* 10.0.0.0/8
* 172.16.0.0/12
* 192.168.0.0/16
*
* Per RFC 3330, the block 127.0.0.0/8 should never appear on any network.
*
*/
$Octets[0] == 127 ||
$Octets[0] == 192
$Octets[0] == 10 ||
($Octets[0] == 172 && ((16 <= $Octets[1]) && ($Octets[1] <= 31))) ||
($Octets[0] == 192 && $Octets[1] == 168)
) {
die('Invalid IP');
die('Invalid IPv4 address');
}
// Valid port numbers are defined in RFC 1700
if (empty($_GET['port']) || !is_number($_GET['port']) || $_GET['port'] < 1 || $_GET['port'] > 65535) {
die('Invalid Port');
die('Invalid port');
}
// Error suppression, ugh.

6
sections/user/subscribe.php
View File

@ -1,12 +1,12 @@
<?php
ini_set('display_errors', '1');authorize();
ini_set('display_errors', '1');
authorize();
$UserID = db_string($_GET['userid']);
if ($_GET['perform'] == 'add') {
$DB->query("INSERT IGNORE INTO subscribed_users (UserID, SubscriberID) VALUES ('$UserID', '$LoggedUser[ID]')");
}
elseif($_GET['perform'] == 'remove') {
} elseif ($_GET['perform'] == 'remove') {
$DB->query("DELETE FROM subscribed_users WHERE UserID = '$UserID' AND SubscriberID = '$LoggedUser[ID]'");
}
header('Location: user.php?id=' . $UserID);

15
sections/user/takemoderate.php
View File

@ -94,7 +94,8 @@
$DB->query("SELECT
$DB->query("
SELECT
m.Username,
m.IP,
m.Email,
@ -157,7 +158,7 @@
// If we're deleting the user, we can ignore all the other crap
if ($_POST['UserStatus'] == "delete" && check_perms('users_delete_users')) {
if ($_POST['UserStatus'] == 'delete' && check_perms('users_delete_users')) {
Misc::write_log("User account ".$UserID." (".$Cur['Username'].") was deleted by ".$LoggedUser['Username']);
$DB->query("DELETE FROM users_main WHERE id=".$UserID);
$DB->query("DELETE FROM users_info WHERE UserID=".$UserID);
@ -722,11 +723,11 @@
function translateUserStatus($status) {
switch ($status) {
case 0:
return "Unconfirmed";
return 'Unconfirmed';
case 1:
return "Enabled";
return 'Enabled';
case 2:
return "Disabled";
return 'Disabled';
default:
return $status;
}
@ -735,9 +736,9 @@ function translateUserStatus($status) {
function translateLeechStatus($status) {
switch ($status) {
case 0:
return "Disabled";
return 'Disabled';
case 1:
return "Enabled";
return 'Enabled';
default:
return $status;
}

1
sections/user/user.php
View File

@ -209,6 +209,7 @@ function check_paranoia_here($Setting) {
<div class="sidebar">
<?
if ($Avatar && Users::has_avatars_enabled()) {
// TODO: use Users::show_avatar; why display_str in line 301??
if (check_perms('site_proxy_images') && !empty($Avatar)) {
$Avatar = 'http'.($SSL?'s':'').'://'.SITE_URL.'/image.php?c=1&amp;avatar='.$UserID.'&amp;i='.urlencode($Avatar);
}

13
sections/userhistory/email_history2.php
View File

@ -11,9 +11,18 @@
************************************************************************/
$UserID = $_GET['userid'];
if (!is_number($UserID)) { error(404); }
if (!is_number($UserID)) {
error(404);
}
$DB->query("SELECT ui.JoinDate, p.Level AS Class FROM users_main AS um JOIN users_info AS ui ON um.ID=ui.UserID JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = $UserID");
$DB->query("
SELECT
ui.JoinDate,
p.Level AS Class
FROM users_main AS um
JOIN users_info AS ui ON um.ID=ui.UserID
JOIN permissions AS p ON p.ID=um.PermissionID
WHERE um.ID = $UserID");
list($Joined, $Class) = $DB->next_record();
if (!check_perms('users_view_email', $Class)) {

17
sections/userhistory/ip_tracker_history.php
View File

@ -12,12 +12,21 @@
define('IPS_PER_PAGE', 25);
if(!check_perms('users_mod')) { error(403); }
if (!check_perms('users_mod')) {
error(403);
}
$UserID = $_GET['userid'];
if (!is_number($UserID)) { error(404); }
if (!is_number($UserID)) {
error(404);
}
$DB->query("SELECT um.Username, p.Level AS Class FROM users_main AS um LEFT JOIN permissions AS p ON p.ID=um.PermissionID WHERE um.ID = ".$UserID);
$DB->query("
SELECT um.Username,
p.Level AS Class
FROM users_main AS um
LEFT JOIN permissions AS p ON p.ID=um.PermissionID
WHERE um.ID = ".$UserID);
list($Username, $Class) = $DB->next_record();
if (!check_perms('users_view_ips', $Class)) {
@ -68,7 +77,7 @@ function ShowIPs(rowname) {
<a href="http://whatismyipaddress.com/ip/<?=display_str($IP)?>" class="brackets" title="Search WIMIA.com">WI</a>
</td>
<td><a href="torrents.php?torrentid=<?=$TorrentID?>"><?=$TorrentID?></a></td>
<td><?=date("Y-m-d g:i:s", $Time)?></td>
<td><?=date('Y-m-d g:i:s', $Time)?></td>
</tr>
<?
}

22
sections/userhistory/post_history.php
View File

@ -251,15 +251,15 @@
<?
while (list($PostID, $AddedTime, $Body, $EditedUserID, $EditedTime, $EditedUsername, $TopicID, $ThreadTitle, $LastPostID, $LastRead, $Locked, $Sticky) = $DB->next_record()) {
?>
<table class="forum_post vertical_margin<?=$HeavyInfo['DisableAvatars'] ? ' noavatar' : '' ?>" id="post<?=$PostID ?>">
<table class="forum_post vertical_margin<?=!Users::has_avatars_enabled() ? ' noavatar' : '' ?>" id="post<?=$PostID ?>">
<colgroup>
<? if (empty($HeavyInfo['DisableAvatars'])) { ?>
<? if (Users::has_avatars_enabled()) { ?>
<col class="col_avatar" />
<? } ?>
<col class="col_post_body" />
</colgroup>
<tr class="colhead_dark">
<td colspan="<?=empty($HeavyInfo['DisableAvatars']) ? 2 : 1 ?>">
<td colspan="<?=Users::has_avatars_enabled() ? 2 : 1 ?>">
<span style="float: left;">
<?=time_diff($AddedTime) ?>
in <a href="forums.php?action=viewthread&amp;threadid=<?=$TopicID?>&amp;postid=<?=$PostID?>#post<?=$PostID?>" title="<?=display_str($ThreadTitle)?>"><?=Format::cut_string($ThreadTitle, 75)?></a>
@ -294,21 +294,11 @@
if (!$ShowGrouped) {
?>
<tr>
<?
if (empty($HeavyInfo['DisableAvatars'])) {
?>
<? if (Users::has_avatars_enabled()) { ?>
<td class="avatar" valign="top">
<?
if ($Avatar) {
?>
<img src="<?=ImageTools::process($Avatar)?>" width="150" style="max-height:400px;" alt="<?=$Username?>'s avatar" />
<?
}
?>
<?=Users::show_avatar($Avatar, $Username, $HeavyInfo['DisableAvatars'])?>
</td>
<?
}
?>
<? } ?>
<td class="body" valign="top">
<div id="content<?=$PostID?>">
<?=$Text->full_format($Body)?>

16
sections/userhistory/subscribed_collages.php
View File

@ -14,7 +14,9 @@
$ShowAll = !empty($_GET['showall']);
if (!$ShowAll) {
$sql = "SELECT c.ID,
$sql = "
SELECT
c.ID,
c.Name,
c.NumTorrents,
s.LastVisit
@ -25,7 +27,9 @@
AND ct.AddedOn>s.LastVisit
GROUP BY c.ID";
} else {
$sql = "SELECT c.ID,
$sql = "
SELECT
c.ID,
c.Name,
c.NumTorrents,
s.LastVisit
@ -70,8 +74,8 @@
<?
} else {
$HideGroup = '';
$ActionTitle="Hide";
$ActionURL="hide";
$ActionTitle = 'Hide';
$ActionURL = 'hide';
$ShowGroups = 0;
foreach ($CollageSubs as $Collage) {
@ -239,8 +243,8 @@
$TorrentTable.=ob_get_clean();
} ?>
<!-- I hate that proton is making me do it like this -->
<!--<div class="head colhead_dark" style="margin-top: 8px">-->
<table style="margin-top: 8px" class="subscribed_collages_table">
<!--<div class="head colhead_dark" style="margin-top: 8px;">-->
<table style="margin-top: 8px;" class="subscribed_collages_table">
<tr class="colhead_dark">
<td>
<span style="float: left;">

14
sections/userhistory/subscriptions.php
View File

@ -139,15 +139,15 @@
<?
while (list($ForumID, $ForumName, $TopicID, $ThreadTitle, $Body, $LastPostID, $Locked, $Sticky, $PostID, $AuthorID, $AuthorName, $AuthorAvatar, $EditedUserID, $EditedTime, $EditedUsername) = $DB->next_record()) {
?>
<table class="forum_post box vertical_margin<?=$HeavyInfo['DisableAvatars'] ? ' noavatar' : '' ?>">
<table class="forum_post box vertical_margin<?=!Users::has_avatars_enabled() ? ' noavatar' : '' ?>">
<colgroup>
<? if (empty($HeavyInfo['DisableAvatars'])) { ?>
<? if (Users::has_avatars_enabled()) { ?>
<col class="col_avatar" />
<? } ?>
<col class="col_post_body" />
</colgroup>
<tr class="colhead_dark">
<td colspan="<?=empty($HeavyInfo['DisableAvatars']) ? 2 : 1 ?>">
<td colspan="<?=Users::has_avatars_enabled() ? 2 : 1 ?>">
<span style="float:left;">
<a href="forums.php?action=viewforum&amp;forumid=<?=$ForumID?>"><?=$ForumName?></a> &gt;
<a href="forums.php?action=viewthread&amp;threadid=<?=$TopicID?>" title="<?=display_str($ThreadTitle)?>"><?=Format::cut_string($ThreadTitle, 75)?></a>
@ -166,13 +166,9 @@
</td>
</tr>
<tr class="row<?=$ShowCollapsed ? ' hidden' : '' ?>">
<? if (empty($HeavyInfo['DisableAvatars'])) { ?>
<? if (Users::has_avatars_enabled()) { ?>
<td class="avatar" valign="top">
<? if ($AuthorAvatar) { ?>
<img src="<?=ImageTools::process($AuthorAvatar)?>" width="150" style="max-height: 400px;" alt="<?=$AuthorName?>'s avatar" />
<? } else { ?>
<img src="<?=STATIC_SERVER.'common/avatars/default.png'?>" width="150" style="max-height: 400px;" alt="Default avatar" />
<? } ?>
<?=Users::show_avatar($AuthorAvatar, $AuthorName, $HeavyInfo['DisableAvatars'])?>
</td>
<? } ?>
<td class="body" valign="top">