Empty commit

classes/class_paranoia.php

@@ -45,6 +45,9 @@ function check_paranoia($Property, $Paranoia, $UserClass, $UserID = false) {
 	if(check_perms('users_override_paranoia', $UserClass)) {
 		return true;
 	}
+	if ($Property == false) {
+		return false;
+	}
 	if(!is_array($Paranoia)) {
 		$Paranoia = unserialize($Paranoia);
 	}

gazelle.sql

@@ -1268,7 +1268,8 @@ CREATE TABLE `users_sessions` (
   PRIMARY KEY (`UserID`,`SessionID`),
   KEY `UserID` (`UserID`),
   KEY `LastUpdate` (`LastUpdate`),
-  KEY `Active` (`Active`)
+  KEY `Active` (`Active`),
+  KEY `ActiveAgeKeep` (`Active`,`LastUpdate`,`KeepLogged`)
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
 
 CREATE TABLE `users_subscriptions` (

sections/schedule/index.php

@@ -263,7 +263,7 @@ function next_hour() {
 	sleep(3);
 	
 	$AgoDays = time_minus(3600*24*30);	
-	$DB->query("SELECT UserID, SessionID FROM users_sessions WHERE LastUpdate<'$AgoDays' AND KeepLogged='1'");
+	$DB->query("SELECT UserID, SessionID FROM users_sessions WHERE Active = 1 AND LastUpdate<'$AgoDays' AND KeepLogged='1'");
 	while(list($UserID,$SessionID) = $DB->next_record()) {
 		$Cache->begin_transaction('users_sessions_'.$UserID);
 		$Cache->delete_row($SessionID);
@@ -275,7 +275,7 @@ function next_hour() {
 	
 	
 	$AgoMins = time_minus(60*30);
-	$DB->query("SELECT UserID, SessionID FROM users_sessions WHERE LastUpdate<'$AgoMins' AND KeepLogged='0'");
+	$DB->query("SELECT UserID, SessionID FROM users_sessions WHERE Active = 1 AND LastUpdate<'$AgoMins' AND KeepLogged='0'");
 	while(list($UserID,$SessionID) = $DB->next_record()) {
 		$Cache->begin_transaction('users_sessions_'.$UserID);
 		$Cache->delete_row($SessionID);

sections/torrents/notify.php

@@ -120,7 +120,7 @@
 				$Data['PersonalFL'] = 1;
 			}
 			
-			$DisplayName.= "<a href='torrents.php?id=$GroupID&amp;torrentid=$TorrentID#torrentID$TorrentID'  title='View Torrent'>".$GroupName."</a>";
+			$DisplayName.= "<a href='torrents.php?id=$GroupID&amp;torrentid=$TorrentID#torrent$TorrentID'  title='View Torrent'>".$GroupName."</a>";
 	
 			if($GroupCategoryID==1 && $GroupYear>0) {
 				$DisplayName.= " [$GroupYear]";

sections/user/user.php

@@ -221,7 +221,7 @@ function check_paranoia_here($Setting) {
 <? if (check_paranoia_here('requiredratio') && isset($RequiredRatio)) { ?>
 				<li>Required ratio: <?=number_format((double)$RequiredRatio, 2)?></li>
 <? } ?>
-<? if ($OwnProfile || check_perms('users_mod')) { ?>
+<? if ($OwnProfile || check_paranoia_here(false)) { //if ($OwnProfile || check_perms('users_mod')) { ?>
 				<li><a href="userhistory.php?action=token_history&userid=<?=$UserID?>">Tokens</a>: <?=number_format($FLTokens)?></li>
 <? } ?>
 			</ul>

sections/userhistory/token_history.php

@@ -9,18 +9,19 @@
 ************************************************************************/
 
 if (isset($_GET['userid'])) {
-	if (($_GET['userid'] == $LoggedUser['ID']) || check_perms('users_mod')) {
-		$UserID = $_GET['userid'];
-	} else {
-		error(403);
-	}
+	$UserID = $_GET['userid'];
 } else {
 	$UserID = $LoggedUser['ID'];
 }
-
 if (!is_number($UserID)) { error(404); }
 
 $UserInfo = user_info($UserID);
+$Perms = get_permissions($UserInfo['PermissionID']);
+$UserClass = $Perms['Class'];
+
+if($LoggedUser['ID'] != $UserID && !check_paranoia(false, $User['Paranoia'], $UserClass, $UserID)) {
+	error(403);
+}
 
 if (isset($_GET['expire'])) {
 	if (!check_perms('users_mod')) { error(403); }