Home Explore Help
Register Sign In
Lucas_
/
Gazelle
forked from Oppaitime/Gazelle
Watch 1
Star 0
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
Oppaitime's version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
Tree: 3d9458b3d0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3d9458b3d0'
${ noResults }
Gazelle/classes/autoenable.class.php

autoenable.class.php 14KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361 
  1. <?

  2. 

  3. class AutoEnable {

  4. 

  5.     // Constants for database values

  6.     const APPROVED = 1;

  7.     const DENIED = 2;

  8.     const DISCARDED = 3;

  9. 

  10.     // Cache key to store the number of enable requests

  11.     const CACHE_KEY_NAME = 'num_enable_requests';

  12. 

  13.     // The default request rejected message

  14.     const REJECTED_MESSAGE = "Your request to re-enable your account has been rejected.<br />This may be because a request is already pending for your username, or because a recent request was denied.<br /><br />You are encouraged to discuss this with staff by visiting %s on %s";

  15. 

  16.     // The default request received message

  17.     const RECEIVED_MESSAGE = "Your request to re-enable your account has been received. You can expect a reply message in your email within 48 hours.<br />If you do not receive an email after 48 hours have passed, please visit us on IRC for assistance.";

  18. 

  19.     /**

  20.      * Handle a new enable request

  21.      *

  22.      * @param string $Username The user's username

  23.      * @param string $Email The user's email address

  24.      * @return string The output

  25.      */

  26.     public static function new_request($Username, $Email) {

  27.         if (empty($Username)) {

  28.             header("Location: login.php");

  29.             die();

  30.         }

  31. 

  32.         // Get the user's ID

  33.         G::$DB->query("

  34.                 SELECT um.ID

  35.                 FROM users_main AS um

  36.                 JOIN users_info ui ON ui.UserID = um.ID

  37.                 WHERE um.Username = '$Username'

  38.                   AND um.Enabled = '2'");

  39. 

  40.         if (G::$DB->has_results()) {

  41.             // Make sure the user can make another request

  42.             list($UserID) = G::$DB->next_record();

  43.             G::$DB->query("

  44.             SELECT 1 FROM users_enable_requests

  45.             WHERE UserID = '$UserID'

  46.               AND (

  47.                     (

  48.                       Timestamp > NOW() - INTERVAL 1 WEEK

  49.                         AND HandledTimestamp IS NULL

  50.                     )

  51.                     OR

  52.                     (

  53.                       Timestamp > NOW() - INTERVAL 2 MONTH

  54.                         AND

  55.                           (Outcome = '".self::DENIED."'

  56.                              OR Outcome = '".self::DISCARDED."')

  57.                     )

  58.                   )");

  59.         }

  60. 

  61.         $IP = $_SERVER['REMOTE_ADDR'];

  62. 

  63.         if (G::$DB->has_results() || !isset($UserID)) {

  64.             // User already has/had a pending activation request or username is invalid

  65.             $Output = sprintf(self::REJECTED_MESSAGE, BOT_DISABLED_CHAN, BOT_SERVER);

  66.             if (isset($UserID)) {

  67.                 Tools::update_user_notes($UserID, sqltime() . " - Enable request rejected from $IP\n\n");

  68.             }

  69.         } else {

  70.             // New disable activation request

  71.             $UserAgent = db_string($_SERVER['HTTP_USER_AGENT']);

  72. 

  73.             G::$DB->query("

  74.                 INSERT INTO users_enable_requests

  75.                 (UserID, Email, IP, UserAgent, Timestamp)

  76.                 VALUES ('$UserID', '".DBCrypt::encrypt($Email)."', '".DBCrypt::encrypt($IP)."', '$UserAgent', '".sqltime()."')");

  77. 

  78.             // Cache the number of requests for the modbar

  79.             G::$Cache->increment_value(self::CACHE_KEY_NAME);

  80.             setcookie('username', '', time() - 60 * 60, '/', '', false);

  81.             $Output = self::RECEIVED_MESSAGE;

  82.             Tools::update_user_notes($UserID, sqltime() . " - Enable request " . G::$DB->inserted_id() . " received from $IP\n\n");

  83.         }

  84. 

  85.         return $Output;

  86.     }

  87. 

  88.     /*

  89.      * Handle requests

  90.      *

  91.      * @param int|int[] $IDs An array of IDs, or a single ID

  92.      * @param int $Status The status to mark the requests as

  93.      * @param string $Comment The staff member comment

  94.      */

  95.     public static function handle_requests($IDs, $Status, $Comment) {

  96.         if ($Status != self::APPROVED && $Status != self::DENIED && $Status != self::DISCARDED) {

  97.             error(404);

  98.         }

  99. 

  100.         $UserInfo = array();

  101.         $IDs = (!is_array($IDs)) ? [$IDs] : $IDs;

  102. 

  103.         if (count($IDs) == 0) {

  104.             error(404);

  105.         }

  106. 

  107.         foreach ($IDs as $ID) {

  108.             if (!is_number($ID)) {

  109.                 error(404);

  110.             }

  111.         }

  112. 

  113.         G::$DB->query("SELECT Email, ID, UserID

  114.                 FROM users_enable_requests

  115.                 WHERE ID IN (".implode(',', $IDs).")

  116.                     AND Outcome IS NULL");

  117.         $Results = G::$DB->to_array(false, MYSQLI_NUM);

  118. 

  119.         if ($Status != self::DISCARDED) {

  120.             // Prepare email

  121.             require(SERVER_ROOT . '/classes/templates.class.php');

  122.             $TPL = NEW TEMPLATE;

  123.             if ($Status == self::APPROVED) {

  124.                 $TPL->open(SERVER_ROOT . '/templates/enable_request_accepted.tpl');

  125.                 $TPL->set('SITE_URL', NONSSL_SITE_URL);

  126.             } else {

  127.                 $TPL->open(SERVER_ROOT . '/templates/enable_request_denied.tpl');

  128.             }

  129. 

  130.             $TPL->set('SITE_NAME', SITE_NAME);

  131. 

  132.             foreach ($Results as $Result) {

  133.                 list($Email, $ID, $UserID) = $Result;

  134.                 $Email = DBCrypt::decrypt($Email);

  135.                 $UserInfo[] = array($ID, $UserID);

  136. 

  137.                 if ($Status == self::APPROVED) {

  138.                     // Generate token

  139.                     $Token = db_string(Users::make_secret());

  140.                     G::$DB->query("

  141.                         UPDATE users_enable_requests

  142.                         SET Token = '$Token'

  143.                         WHERE ID = '$ID'");

  144.                     $TPL->set('TOKEN', $Token);

  145.                 }

  146. 

  147.                 // Send email

  148.                 $Subject = "Your enable request for " . SITE_NAME . " has been ";

  149.                 $Subject .= ($Status == self::APPROVED) ? 'approved' : 'denied';

  150. 

  151.                 Misc::send_email($Email, $Subject, $TPL->get(), 'noreply');

  152.             }

  153.         } else {

  154.             foreach ($Results as $Result) {

  155.                 list(, $ID, $UserID) = $Result;

  156.                 $UserInfo[] = array($ID, $UserID);

  157.             }

  158.         }

  159. 

  160.         // User notes stuff

  161.         G::$DB->query("

  162.             SELECT Username

  163.             FROM users_main

  164.             WHERE ID = '" . G::$LoggedUser['ID'] . "'");

  165.         list($StaffUser) = G::$DB->next_record();

  166. 

  167.         foreach ($UserInfo as $User) {

  168.             list($ID, $UserID) = $User;

  169.             $BaseComment = sqltime() . " - Enable request $ID " . strtolower(self::get_outcome_string($Status)) . ' by [user]'.$StaffUser.'[/user]';

  170.             $BaseComment .= (!empty($Comment)) ? "\nReason: $Comment\n\n" : "\n\n";

  171.             Tools::update_user_notes($UserID, $BaseComment);

  172.         }

  173. 

  174.         // Update database values and decrement cache

  175.         G::$DB->query("

  176.                 UPDATE users_enable_requests

  177.                 SET HandledTimestamp = '".sqltime()."',

  178.                     CheckedBy = '".G::$LoggedUser['ID']."',

  179.                     Outcome = '$Status'

  180.                 WHERE ID IN (".implode(',', $IDs).")");

  181.         G::$Cache->decrement_value(self::CACHE_KEY_NAME, count($IDs));

  182.     }

  183. 

  184.     /**

  185.      * Unresolve a discarded request

  186.      *

  187.      * @param int $ID The request ID

  188.      */

  189.     public static function unresolve_request($ID) {

  190.         $ID = (int) $ID;

  191. 

  192.         if (empty($ID)) {

  193.             error(404);

  194.         }

  195. 

  196.         G::$DB->query("

  197.             SELECT UserID

  198.             FROM users_enable_requests

  199.             WHERE Outcome = '" . self::DISCARDED . "'

  200.               AND ID = '$ID'");

  201. 

  202.         if (!G::$DB->has_results()) {

  203.             error(404);

  204.         } else {

  205.             list($UserID) = G::$DB->next_record();

  206.         }

  207. 

  208.         G::$DB->query("

  209.             SELECT Username

  210.             FROM users_main

  211.             WHERE ID = '" . G::$LoggedUser['ID'] . "'");

  212.         list($StaffUser) = G::$DB->next_record();

  213. 

  214.         Tools::update_user_notes($UserID, sqltime() . " - Enable request $ID unresolved by [user]" . $StaffUser . '[/user]' . "\n\n");

  215.         G::$DB->query("

  216.             UPDATE users_enable_requests

  217.             SET Outcome = NULL, HandledTimestamp = NULL, CheckedBy = NULL

  218.             WHERE ID = '$ID'");

  219.         G::$Cache->increment_value(self::CACHE_KEY_NAME);

  220.     }

  221. 

  222.     /**

  223.      * Get the corresponding outcome string for a numerical value

  224.      *

  225.      * @param int $Outcome The outcome integer

  226.      * @return string The formatted output string

  227.      */

  228.     public static function get_outcome_string($Outcome) {

  229.         if ($Outcome == self::APPROVED) {

  230.             $String = "Approved";

  231.         } else if ($Outcome == self::DENIED) {

  232.             $String = "Rejected";

  233.         } else if ($Outcome == self::DISCARDED) {

  234.             $String = "Discarded";

  235.         } else {

  236.             $String = "---";

  237.         }

  238. 

  239.         return $String;

  240.     }

  241. 

  242.     /**

  243.      * Handle a user's request to enable an account

  244.      *

  245.      * @param string $Token The token

  246.      * @return string The error output, or an empty string

  247.      */

  248.     public static function handle_token($Token) {

  249.         $Token = db_string($Token);

  250.         G::$DB->query("

  251.             SELECT uer.UserID, uer.HandledTimestamp, um.torrent_pass, um.Visible, um.IP

  252.             FROM users_enable_requests AS uer

  253.             LEFT JOIN users_main AS um ON uer.UserID = um.ID

  254.             WHERE Token = '$Token'");

  255. 

  256.         if (G::$DB->has_results()) {

  257.             list($UserID, $Timestamp, $TorrentPass, $Visible, $IP) = G::$DB->next_record();

  258.             G::$DB->query("UPDATE users_enable_requests SET Token = NULL WHERE Token = '$Token'");

  259.             if ($Timestamp < time_minus(3600 * 48)) {

  260.                 // Old request

  261.                 Tools::update_user_notes($UserID, sqltime() . " - Tried to use an expired enable token from ".$_SERVER['REMOTE_ADDR']."\n\n");

  262.                 $Err = "Token has expired. Please visit ".BOT_DISABLED_CHAN." on ".BOT_SERVER." to discuss this with staff.";

  263.             } else {

  264.                 // Good request, decrement cache value and enable account

  265.                 G::$Cache->decrement_value(AutoEnable::CACHE_KEY_NAME);

  266.                 $VisibleTrIP = ($Visible && DBCrypt::decrypt($IP) != '127.0.0.1') ? '1' : '0';

  267.                 Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $TorrentPass, 'visible' => $VisibleTrIP));

  268.                 G::$DB->query("UPDATE users_main SET Enabled = '1', can_leech = '1' WHERE ID = '$UserID'");

  269.                 G::$DB->query("UPDATE users_info SET BanReason = '0' WHERE UserID = '$UserID'");

  270.                 G::$Cache->delete_value('user_info_'.$UserID);

  271.                 $Err = "Your account has been enabled. You may now log in.";

  272.             }

  273.         } else {

  274.             $Err = "Invalid token.";

  275.         }

  276. 

  277.         return $Err;

  278.     }

  279. 

  280.     /**

  281.      * Build the search query, from the searchbox inputs

  282.      *

  283.      * @param int $UserID The user ID

  284.      * @param string $IP The IP

  285.      * @param string $SubmittedTimestamp The timestamp representing when the request was submitted

  286.      * @param int $HandledUserID The ID of the user that handled the request

  287.      * @param string $HandledTimestamp The timestamp representing when the request was handled

  288.      * @param int $OutcomeSearch The outcome of the request

  289.      * @param boolean $Checked Should checked requests be included?

  290.      * @return array The WHERE conditions for the query

  291.      */

  292.     public static function build_search_query($Username, $IP, $SubmittedBetween, $SubmittedTimestamp1, $SubmittedTimestamp2, $HandledUsername, $HandledBetween, $HandledTimestamp1, $HandledTimestamp2, $OutcomeSearch, $Checked) {

  293.         $Where = array();

  294. 

  295.         if (!empty($Username)) {

  296.             $Where[] = "um1.Username = '$Username'";

  297.         }

  298. 

  299.         if (!empty($IP)) {

  300.             // TODO: make this work with encrypted IPs

  301.             $Where[] = "uer.IP = '$IP'";

  302.         }

  303. 

  304.         if (!empty($SubmittedTimestamp1)) {

  305.             switch($SubmittedBetween) {

  306.                 case 'on':

  307.                     $Where[] = "DATE(uer.Timestamp) = DATE('$SubmittedTimestamp1')";

  308.                     break;

  309.                 case 'before':

  310.                     $Where[] = "DATE(uer.Timestamp) < DATE('$SubmittedTimestamp1')";

  311.                     break;

  312.                 case 'after':

  313.                     $Where[] = "DATE(uer.Timestamp) > DATE('$SubmittedTimestamp1')";

  314.                     break;

  315.                 case 'between':

  316.                     if (!empty($SubmittedTimestamp2)) {

  317.                         $Where[] = "DATE(uer.Timestamp) BETWEEN DATE('$SubmittedTimestamp1') AND DATE('$SubmittedTimestamp2')";

  318.                     }

  319.                     break;

  320.                 default:

  321.                     break;

  322.             }

  323.         }

  324. 

  325.         if (!empty($HandledTimestamp1)) {

  326.             switch($HandledBetween) {

  327.                 case 'on':

  328.                     $Where[] = "DATE(uer.HandledTimestamp) = DATE('$HandledTimestamp1')";

  329.                     break;

  330.                 case 'before':

  331.                     $Where[] = "DATE(uer.HandledTimestamp) < DATE('$HandledTimestamp1')";

  332.                     break;

  333.                 case 'after':

  334.                     $Where[] = "DATE(uer.HandledTimestamp) > DATE('$HandledTimestamp1')";

  335.                     break;

  336.                 case 'between':

  337.                     if (!empty($HandledTimestamp2)) {

  338.                         $Where[] = "DATE(uer.HandledTimestamp) BETWEEN DATE('$HandledTimestamp1') AND DATE('$HandledTimestamp2')";

  339.                     }

  340.                     break;

  341.                 default:

  342.                     break;

  343.             }

  344.         }

  345. 

  346.         if (!empty($HandledUsername)) {

  347.             $Where[] = "um2.Username = '$HandledUsername'";

  348.         }

  349. 

  350.         if (!empty($OutcomeSearch)) {

  351.             $Where[] = "uer.Outcome = '$OutcomeSearch'";

  352.         }

  353. 

  354.         if ($Checked) {

  355.             // This is to skip the if statement in enable_requests.php

  356.             $Where[] = "(uer.Outcome IS NULL OR uer.Outcome IS NOT NULL)";

  357.         }

  358. 

  359.         return $Where;

  360.     }

  361. }