Gazelle/sections/torrents/nonwikiedit.php

<?

authorize();

//Set by system
if (!$_POST['groupid'] || !is_number($_POST['groupid'])) {
	error(404);
}
$GroupID = $_POST['groupid'];

//Usual perm checks
if (!check_perms('torrents_edit')) {
	$DB->query("
		SELECT UserID
		FROM torrents
		WHERE GroupID = $GroupID");
	if (!in_array($LoggedUser['ID'], $DB->collect('UserID'))) {
		error(403);
	}
}


if (check_perms('torrents_freeleech') && (isset($_POST['freeleech']) xor isset($_POST['neutralleech']) xor isset($_POST['unfreeleech']))) {
	if (isset($_POST['freeleech'])) {
		$Free = 1;
	} elseif (isset($_POST['neutralleech'])) {
		$Free = 2;
	} else {
		$Free = 0;
	}

	if (isset($_POST['freeleechtype']) && in_array($_POST['freeleechtype'], array(0, 1, 2, 3))) {
		$FreeType = $_POST['freeleechtype'];
	} else {
		error(404);
	}

	Torrents::freeleech_groups($GroupID, $Free, $FreeType);
}

//Escape fields
$Year = db_string((int)$_POST['year']);
$RecordLabel = db_string($_POST['record_label']);
$CatalogueNumber = db_string($_POST['catalogue_number']);

// Get some info for the group log
$DB->query("
	SELECT Year
	FROM torrents_group
	WHERE ID = $GroupID");
list($OldYear) = $DB->next_record();



$DB->query("
	UPDATE torrents_group
	SET
		Year = '$Year',
		RecordLabel = '".$RecordLabel."',
		CatalogueNumber = '".$CatalogueNumber."'
	WHERE ID = $GroupID");

if ($OldYear != $Year) {
	$DB->query("
		INSERT INTO group_log (GroupID, UserID, Time, Info)
		VALUES ('$GroupID', ".$LoggedUser['ID'].", '".sqltime()."', '".db_string("Year changed from $OldYear to $Year")."')");
}

$DB->query("
	SELECT ID
	FROM torrents
	WHERE GroupID = '$GroupID'");
while (list($TorrentID) = $DB->next_record()) {
	$Cache->delete_value("torrent_download_$TorrentID");
}
Torrents::update_hash($GroupID);
$Cache->delete_value("torrents_details_$GroupID");

header("Location: torrents.php?id=$GroupID");
?>