Empty commit

classes/class_file_checker.php

@@ -0,0 +1,86 @@
+<?php
+
+$music_extensions = array("mp3","flac","mp4","m4a","m3u","m4b","pls","m3u8","log","txt",
+			  "cue","jpg","jpeg","png","gif","dts","ac3","nfo",
+		          "sfv","md5","accurip","ffp","pdf");
+
+$ebooks_extensions = array("pdf", "nfo", "sfv", "mobi", "epub", "txt", "htm", "html", "lit",
+			   "chm", "rtf", "doc", "jpg","jpeg","png","gif");
+
+$comics_extensions = array("cbr", "cbz", "pdf", "jpg","jpeg","png","gif");
+
+$keywords = array("scc.nfo", "torrentday", "demonoid.com", "demonoid.me", "djtunes.com", "mixesdb.com",
+		  "housexclusive.net", "plixid.com", "h33t", "reggaeme.com" ,"ThePirateBay.org",
+		  "Limetorrents.com", "AhaShare.com", "MixFiend.blogstop", "MixtapeTorrent.blogspot");
+
+function check_file($Type, $Name) {
+	check_name(strtolower($Name));
+	check_extensions($Type, $Name);
+}
+
+function check_name($Name) {
+	global $keywords;
+	foreach ($keywords as &$value) { 
+		if(preg_match('/'.$value.'/i', $Name)) {
+			forbidden_error($Name);
+       		}
+	}
+        if(preg_match('/INCOMPLETE~\*/i', $Name)) {
+		forbidden_error($Name);
+        }
+        if(preg_match('/\?/i', $Name)) {
+        	character_error();
+	}
+        if(preg_match('/\:/i', $Name)) {
+        	character_error();
+	}
+
+}
+
+function check_extensions($Type, $Name) {
+
+global $music_extensions, $ebooks_extensions, $comics_extensions;
+
+if($Type == 'Music' || $Type == 'Audiobooks' || $Type == 'Comedy') {
+                if(!in_array(get_file_extension($Name), $music_extensions)) {
+			invalid_error($Name);
+                }
+        }
+
+if($Type == 'E-Books') {
+                if(!in_array(get_file_extension($Name), $ebooks_extensions)) {
+			invalid_error($Name);
+                }
+        }
+
+if($Type == 'Comics') {
+                if(!in_array(get_file_extension($Name), $comics_extensions)) {
+			invalid_error($Name);
+                }
+        }
+
+}
+
+function get_file_extension($file_name) {
+	return substr(strrchr($file_name,'.'),1);
+}
+
+function invalid_error($Name) {
+	global $Err;
+	$Err = 'The torrent contained one or more invalid files ('.$Name.')';
+
+}
+
+function forbidden_error($Name) {
+	global $Err;
+	$Err = 'The torrent contained one or more forbidden files ('.$Name.')';
+}
+
+function character_error() {
+        global $Err;
+	$Err = 'The torrent contains one or more files with a ?, which is a forbidden character. Please rename the files as necessary and recreate the torrent';
+}
+
+
+
+?>

classes/class_image_tools.php

@@ -0,0 +1,56 @@
+<?
+/**
+ * This class determines the thumbnail equivalent of an image's url after being passed the original 
+ *
+**/
+
+
+function to_thumbnail($url) {
+        $thumb = $url;
+        $extension = pathinfo($url, PATHINFO_EXTENSION);
+        if(contains('whatimg', $url)) {
+                if($extension == 'jpeg' || $extension == 'jpg') {
+                        $thumb = replace_extension($url, '_thumb.jpg');
+                }
+                if($extension == 'png') {
+                        $thumb = replace_extension($url, '_thumb.png');
+                }
+                if($extension == 'gif') {
+                        $thumb = replace_extension($url, '_thumb.gif');
+                }
+        }
+        elseif(contains('imgur', $url)) {
+                if($extension == 'jpeg') {
+                        $thumb = replace_extension($url, 'm.jpeg');
+                }
+                if($extension == 'jpg') {
+                        $thumb = replace_extension($url, 'm.jpg');
+                }
+                if($extension == 'png') {
+                        $thumb = replace_extension($url, 'm.png');
+                }
+                if($extension == 'gif') {
+                        $thumb = replace_extension($url, 'm.gif');
+                }
+        }
+        return $thumb;
+}
+
+
+function replace_extension($string, $extension) {
+        $string =  preg_replace('/\.[^.]*$/', '', $string);
+        $string = $string . $extension;
+        return $string;
+}
+
+function contains($substring, $string) {
+        $pos = strpos($string, $substring);
+        if($pos === false) {
+                return false;
+        }
+        else {
+                return true;
+        }
+
+}
+?>

classes/script_start.php

@@ -1669,14 +1669,12 @@ function create_thread($ForumID, $AuthorID, $Title, $PostBody) {
 				'ID' => $TopicID,
 				'Title' => $Title,
 				'AuthorID' => $AuthorID,
-				'AuthorUsername' => $AuthorName,
 				'IsLocked' => $IsLocked,
 				'IsSticky' => $IsSticky,
 				'NumPosts' => $NumPosts,
 				'LastPostID' => $PostID,
 				'LastPostTime' => sqltime(),
 				'LastPostAuthorID' => $AuthorID,
-				'LastPostUsername' => $AuthorName
 				)
 			); //Bumped thread
 		$Part3 = array_slice($Forum,$Stickies,TOPICS_PER_PAGE,true); //Rest of page
@@ -1697,9 +1695,9 @@ function create_thread($ForumID, $AuthorID, $Title, $PostBody) {
 	$Cache->begin_transaction('forums_list');
 	$UpdateArray = array(
 		'NumPosts'=>'+1',
+		'NumTopics'=>'+1',
 		'LastPostID'=>$PostID,
 		'LastPostAuthorID'=>$AuthorID,
-		'Username'=>$AuthorName,
 		'LastPostTopicID'=>$TopicID,
 		'LastPostTime'=>sqltime(),
 		'Title'=>$Title,

sections/artist/artist.php

@@ -16,6 +16,8 @@ function compare($X, $Y){
 include(SERVER_ROOT.'/classes/class_artist.php');
 include(SERVER_ROOT.'/classes/class_artists_similar.php');
 
+include(SERVER_ROOT.'/classes/class_image_tools.php');
+
 $ArtistID = $_GET['id'];
 if(!is_number($ArtistID)) { error(0); }
 

sections/bookmarks/torrents.php

@@ -1,5 +1,7 @@
 <?
+include(SERVER_ROOT.'/classes/class_image_tools.php'); 
 set_time_limit(0);
+
 //~~~~~~~~~~~ Main bookmarks page ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
 
 function compare($X, $Y){

sections/collages/collage.php

@@ -7,6 +7,8 @@ function compare($X, $Y){
 
 include(SERVER_ROOT.'/sections/bookmarks/functions.php'); // has_bookmarked()
 include(SERVER_ROOT.'/classes/class_text.php'); // Text formatting class
+include(SERVER_ROOT.'/classes/class_image_tools.php'); 
+
 $Text = new TEXT;
 
 $CollageID = $_GET['id'];

sections/login/index.php

@@ -43,7 +43,7 @@
 
 		if ($UserID && strtotime($Expires)>time()) {
 			// If the user has requested a password change, and his key has not expired
-			$Validate->SetFields('password','1','string','You entered an invalid password.',array('maxlength'=>'40','minlength'=>'6'));
+			$Validate->SetFields('password','1','string','You entered an invalid password.',array('minlength'=>'8','maxlength'=>'150'));
 			$Validate->SetFields('verifypassword','1','compare','Your passwords did not match.',array('comparefield'=>'password'));
 
 			if (!empty($_REQUEST['password'])) {
@@ -164,7 +164,7 @@
 // Normal login
 else {
 	$Validate->SetFields('username',true,'regex','You did not enter a valid username.',array('regex'=>'/^[a-z0-9_?]{1,20}$/i'));
-	$Validate->SetFields('password','1','string','You entered an invalid password.',array('maxlength'=>'40','minlength'=>'6'));
+	$Validate->SetFields('password','1','string','You entered an invalid password.',array('minlength'=>'6','maxlength'=>'150'));
 
 	$DB->query("SELECT ID, Attempts, Bans, BannedUntil FROM login_attempts WHERE IP='".db_string($_SERVER['REMOTE_ADDR'])."'");
 	list($AttemptID,$Attempts,$Bans,$BannedUntil)=$DB->next_record();

sections/login/recover_step2.php

@@ -2,9 +2,11 @@
 show_header('Recover Password','validate');
 echo $Validate->GenerateJS('recoverform');
 ?>
+<script src="<?=STATIC_SERVER?>functions/jquery.js" type="text/javascript"></script>
+<script src="<?=STATIC_SERVER?>functions/password_validate.js" type="text/javascript"></script>
 <form name="recoverform" id="recoverform" method="post" action="" onsubmit="return formVal();">
 	<input type="hidden" name="key" value="<?=display_str($_REQUEST['key'])?>" />
-	<div style="width:320px;">
+	<div style="width:500px;">
 		<font class="titletext">Reset your password - Final Step</font><br /><br />
 <?
 if(empty($Reset)) {
@@ -13,14 +15,14 @@
 		<font color="red"><strong><?=display_str($Err)?></strong></font><br /><br />
 <?	} ?>
 		Please choose a password between 8 and 40 characters long<br /><br />
-		<table cellpadding="2" cellspacing="1" border="0" align="center">
+		<table cellpadding="2" cellspacing="1" border="0" align="center" width="100%">
 			<tr valign="top">
-				<td align="right">Password&nbsp;</td>
-				<td align="left"><input type="password" name="password" id="password" class="inputtext" /></td>
+				<td align="right" style="width:100px;">Password&nbsp;</td>
+				<td align="left"><input type="password" name="password" id="new_pass_1" class="inputtext" /> <b id="pass_strength"/></td>
 			</tr>
 			<tr valign="top">
 				<td align="right">Confirm Password&nbsp;</td>
-				<td align="left"><input type="password" name="verifypassword" id="verifypassword" class="inputtext" /></td>
+				<td align="left"><input type="password" name="verifypassword" id="new_pass_2" class="inputtext" /> <b id="pass_match"/></td>
 			</tr>
 			<tr>
 				<td colspan="2" align="right"><input type="submit" name="reset" value="Reset!" class="submit" /></td>

sections/register/index.php

@@ -25,7 +25,7 @@
 } elseif(OPEN_REGISTRATION || !empty($_REQUEST['invite'])) {
 	$Val->SetFields('username',true,'regex', 'You did not enter a valid username.',array('regex'=>'/^[a-z0-9_?]{1,20}$/iD'));
 	$Val->SetFields('email',true,'email', 'You did not enter a valid email address.');
-	$Val->SetFields('password',true,'string', 'You did not enter a valid password (6 - 40 characters).',array('minlength'=>6,'maxlength'=>40));
+	$Val->SetFields('password',true,'string', 'You did not enter a valid password, must be at least 8 characters long.',array('minlength'=>8,'maxlength'=>150));
 	$Val->SetFields('confirm_password',true,'compare', 'Your passwords do not match.',array('comparefield'=>'password'));
 	$Val->SetFields('readrules',true,'checkbox', 'You did not check the box that says you will read the rules.');
 	$Val->SetFields('readwiki',true,'checkbox', 'You did not check the box that says you will read the wiki.');

sections/tools/managers/login_watch.php

@@ -6,6 +6,8 @@
 	$DB->query('DELETE FROM login_attempts WHERE ID='.$_POST['id']);
 }
 
+show_header('Login Watch');
+
 $DB->query('SELECT 
 	l.ID,
 	l.IP,
@@ -17,9 +19,6 @@
 	FROM login_attempts AS l
 	WHERE l.BannedUntil > "'.sqltime().'"
 	ORDER BY l.BannedUntil ASC');
-
-
-show_header('Login Watch');
 ?>
 <div class="thin">
 <h2>Login Watch Management</h2>

sections/torrents/details.php

@@ -8,6 +8,8 @@ function compare($X, $Y){
 
 include(SERVER_ROOT.'/sections/bookmarks/functions.php'); // has_bookmarked()
 include(SERVER_ROOT.'/classes/class_text.php');
+include(SERVER_ROOT.'/classes/class_image_tools.php');
+
 $Text = NEW TEXT;
 
 $GroupID=ceil($_GET['id']);

sections/upload/upload_handle.php

@@ -15,6 +15,8 @@
 include(SERVER_ROOT.'/classes/class_text.php');
 include(SERVER_ROOT.'/sections/torrents/functions.php');
 
+include(SERVER_ROOT.'/classes/class_file_checker.php');
+
 enforce_login();
 authorize();
 
@@ -372,22 +374,9 @@
 		$HasCue = "'1'";
 	}
 
-	// Forbidden files
-	if($Type == 'Music' && preg_match('/\.(mov|avi|mpg|exe|zip|rar|mkv|bat|iso|dat|torrent|!ut|nzb|wav)$/i', $Name)) {
-		$Err = 'The torrent contained one or more invalid files ('.$Name.').';
-	}
-	if($Type == 'Music' && preg_match('/demonoid.*\.txt$/i', $Name)) {
-		$Err = 'The torrent contained one or more forbidden files ('.$Name.').';
-	}
-	if(preg_match('/INCOMPLETE~\*/i', $Name)) {
-		$Err = 'The torrent contained one or more forbidden files ('.$Name.').';
-	}
-	if(preg_match('/\?/i', $Name)) {
-		$Err = 'The torrent contains one or more files with a ?, which is a forbidden character. Please rename the files as necessary and recreate the .torrent file.';
-	}
-	if(preg_match('/\:/i', $Name)) {
-		$Err = 'The torrent contains one or more files with a :, which is a forbidden character. Please rename the files as necessary and recreate the .torrent file.';
-	}
+	check_file($Type, $Name);
+
+
 	// Make sure the filename is not too long
 	if(mb_strlen($Name, 'UTF-8') + mb_strlen($DirName, 'UTF-8') + 1 > MAX_FILENAME_LENGTH) {
 		$Err = 'The torrent contained one or more files with too long a name ('.$Name.')';

sections/user/takeedit.php

@@ -31,8 +31,8 @@
 $Val->SetFields('avatar',0,"regex","You did not enter a valid avatar url.",array('regex'=>"/^".IMAGE_REGEX."$/i"));
 $Val->SetFields('email',1,"email","You did not enter a valid email address.");
 $Val->SetFields('irckey',0,"string","You did not enter a valid IRCKey, must be between 6 and 32 characters long.",array('minlength'=>6,'maxlength'=>32));
-$Val->SetFields('cur_pass',0,"string","You did not enter a valid password, must be between 6 and 40 characters long.",array('minlength'=>6,'maxlength'=>40));
-$Val->SetFields('new_pass_1',0,"string","You did not enter a valid password, must be between 6 and 40 characters long.",array('minlength'=>6,'maxlength'=>40));
+$Val->SetFields('cur_pass',0,"string","You did not enter a valid password, must be at least 6 characters long.",array('minlength'=>6,'maxlength'=>150));
+$Val->SetFields('new_pass_1',0,"string","You did not enter a valid password, must be at least 8 characters long.",array('minlength'=>8,'maxlength'=>150));
 $Val->SetFields('new_pass_2',1,"compare","Your passwords do not match.",array('comparefield'=>'new_pass_1'));
 if (check_perms('site_advanced_search')) {
 	$Val->SetFields('searchtype',1,"number","You forgot to select your default search preference.",array('minlength'=>0,'maxlength'=>1));

sections/user/user.php

@@ -4,6 +4,7 @@
 $Text = new TEXT;
 
 include(SERVER_ROOT.'/sections/requests/functions.php');
+include(SERVER_ROOT.'/classes/class_image_tools.php');
 
 if (empty($_GET['id']) || !is_numeric($_GET['id'])) { error(0); }
 $UserID = $_GET['id'];

sections/wiki/search.php

@@ -49,9 +49,9 @@
 $RS = $DB->query($SQL);
 $DB->query("SELECT FOUND_ROWS()");
 list($NumResults) = $DB->next_record();
-$DB->set_query_id($RS);
 
 show_header('Search articles');
+$DB->set_query_id($RS);
 ?>
 <div class="thin">
 	<h2>Search articles</h2>

static/functions/global.js

@@ -10,6 +10,11 @@ function toggleChecks(formElem,masterElem) {
 //Lightbox stuff
 var lightbox = {
 	init: function (image, size) {
+		if(typeof(image)=='string') {
+                        var src = image;
+                        image = new Image();
+                        image.src = src;
+                }
 		if (image.naturalWidth === undefined) {
 			var tmp = document.createElement('img');
 			tmp.style.visibility = 'hidden';
@@ -18,11 +23,15 @@ var lightbox = {
 			delete tmp;
 		}
 		if (image.naturalWidth > size) {
-			lightbox.box(image);
+			lightbox.box(image);			
 		}
 	},
 	box: function (image) {
-		if(image.parentNode.tagName.toUpperCase() != 'A') {
+		var hasA = false;
+		if(image.parentNode != null && image.parentNode.tagName.toUpperCase() == 'A') {
+			hasA = true;
+		}
+		if(!hasA) {
 			$('#lightbox').show().listen('click',lightbox.unbox).raw().innerHTML = '<img src="' + image.src + '" />';
 			$('#curtain').show().listen('click',lightbox.unbox);
 		}

static/functions/password_validate.js

@@ -93,7 +93,7 @@ function calculateComplexity(password) {
 		username = $(".username").text();
 	}
 	else {
-		username = $("#username").val();
+		username = $("#username").val() || '';
 	}
 
 	var irckey;