Home Explore Help
Register Sign In
Oppaitime
/
Gazelle
Watch 9
Star 11
Fork 18
Code Issues 21 Pull Requests 7 Releases 0 Wiki Activity
Oppaitime's version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
489 Commits
1 Branch
Tree: 46a904d950
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '46a904d950'
${ noResults }
Gazelle/classes/autoenable.class.php

autoenable.class.php 14KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371 
  1. <?

  2. 

  3. class AutoEnable {

  4. 

  5.     // Constants for database values

  6.     const APPROVED = 1;

  7.     const DENIED = 2;

  8.     const DISCARDED = 3;

  9. 

  10.     // Cache key to store the number of enable requests

  11.     const CACHE_KEY_NAME = 'num_enable_requests';

  12. 

  13.     // The default request rejected message

  14.     const REJECTED_MESSAGE = "Your request to re-enable your account has been rejected.<br>This may be because a request is already pending for your username, or because a recent request was denied.<br><br>You are encouraged to discuss this with staff by visiting %s on %s";

  15. 

  16.     // The default request received message

  17.     const RECEIVED_MESSAGE = "Your request to re-enable your account has been received. Most requests are responded to within minutes. Remember to check your spam.<br>If you do not receive an email after 48 hours have passed, please visit us on IRC for assistance.";

  18. 

  19.     /**

  20.      * Handle a new enable request

  21.      *

  22.      * @param string $Username The user's username

  23.      * @param string $Email The user's email address

  24.      * @return string The output

  25.      */

  26.     public static function new_request($Username, $Email) {

  27.         if (empty($Username)) {

  28.             header("Location: login.php");

  29.             die();

  30.         }

  31. 

  32.         // Get the user's ID

  33.         G::$DB->query("

  34.                 SELECT um.ID, ui.BanReason

  35.                 FROM users_main AS um

  36.                 JOIN users_info ui ON ui.UserID = um.ID

  37.                 WHERE um.Username = '$Username'

  38.                   AND um.Enabled = '2'");

  39. 

  40.         if (G::$DB->has_results()) {

  41.             // Make sure the user can make another request

  42.             list($UserID, $BanReason) = G::$DB->next_record();

  43.             G::$DB->query("

  44.             SELECT 1 FROM users_enable_requests

  45.             WHERE UserID = '$UserID'

  46.               AND (

  47.                     (

  48.                       Timestamp > NOW() - INTERVAL 1 WEEK

  49.                         AND HandledTimestamp IS NULL

  50.                     )

  51.                     OR

  52.                     (

  53.                       Timestamp > NOW() - INTERVAL 2 MONTH

  54.                       AND

  55.                       Outcome = '".self::DENIED."'

  56.                     )

  57.                   )");

  58.         }

  59. 

  60.         $IP = $_SERVER['REMOTE_ADDR'];

  61. 

  62.         if (G::$DB->has_results() || !isset($UserID)) {

  63.             // User already has/had a pending activation request or username is invalid

  64.             $Output = sprintf(self::REJECTED_MESSAGE, BOT_DISABLED_CHAN, BOT_SERVER);

  65.             if (isset($UserID)) {

  66.                 Tools::update_user_notes($UserID, sqltime() . " - Enable request rejected from $IP\n\n");

  67.             }

  68.         } else {

  69.             // New disable activation request

  70.             $UserAgent = db_string($_SERVER['HTTP_USER_AGENT']);

  71. 

  72.             G::$DB->query("

  73.                 INSERT INTO users_enable_requests

  74.                 (UserID, Email, IP, UserAgent, Timestamp)

  75.                 VALUES (?, ?, ?, ?, NOW())",

  76.                 $UserID, Crypto::encrypt($Email), Crypto::encrypt($IP), $UserAgent);

  77.             $RequestID = G::$DB->inserted_id();

  78. 

  79.             // Cache the number of requests for the modbar

  80.             G::$Cache->increment_value(self::CACHE_KEY_NAME);

  81.             setcookie('username', '', time() - 60 * 60, '/', '', false);

  82.             $Output = self::RECEIVED_MESSAGE;

  83.             Tools::update_user_notes($UserID, sqltime() . " - Enable request " . G::$DB->inserted_id() . " received from $IP\n\n");

  84.             if ($BanReason == 3) {

  85.               //self::handle_requests([$RequestID], self::APPROVED, "Automatically approved (inactivity)");

  86.             }

  87.         }

  88. 

  89.         return $Output;

  90.     }

  91. 

  92.     /*

  93.      * Handle requests

  94.      *

  95.      * @param int|int[] $IDs An array of IDs, or a single ID

  96.      * @param int $Status The status to mark the requests as

  97.      * @param string $Comment The staff member comment

  98.      */

  99.     public static function handle_requests($IDs, $Status, $Comment) {

  100.         if ($Status != self::APPROVED && $Status != self::DENIED && $Status != self::DISCARDED) {

  101.             error(404);

  102.         }

  103. 

  104.         $UserInfo = [];

  105.         $IDs = (!is_array($IDs)) ? [$IDs] : $IDs;

  106. 

  107.         if (count($IDs) == 0) {

  108.             error(404);

  109.         }

  110. 

  111.         foreach ($IDs as $ID) {

  112.             if (!is_number($ID)) {

  113.                 error(404);

  114.             }

  115.         }

  116. 

  117.         G::$DB->query("SELECT Email, ID, UserID

  118.                 FROM users_enable_requests

  119.                 WHERE ID IN (".implode(',', $IDs).")

  120.                     AND Outcome IS NULL");

  121.         $Results = G::$DB->to_array(false, MYSQLI_NUM);

  122. 

  123.         if ($Status != self::DISCARDED) {

  124.             // Prepare email

  125.             require_once(SERVER_ROOT . '/classes/templates.class.php');

  126.             $TPL = NEW TEMPLATE;

  127.             if ($Status == self::APPROVED) {

  128.                 $TPL->open(SERVER_ROOT . '/templates/enable_request_accepted.tpl');

  129.                 $TPL->set('SITE_DOMAIN', SITE_DOMAIN);

  130.             } else {

  131.                 $TPL->open(SERVER_ROOT . '/templates/enable_request_denied.tpl');

  132.             }

  133. 

  134.             $TPL->set('SITE_NAME', SITE_NAME);

  135. 

  136.             foreach ($Results as $Result) {

  137.                 list($Email, $ID, $UserID) = $Result;

  138.                 $Email = Crypto::decrypt($Email);

  139.                 $UserInfo[] = array($ID, $UserID);

  140. 

  141.                 if ($Status == self::APPROVED) {

  142.                     // Generate token

  143.                     $Token = db_string(Users::make_secret());

  144.                     G::$DB->query("

  145.                         UPDATE users_enable_requests

  146.                         SET Token = ?

  147.                         WHERE ID = ?", $Token, $ID);

  148.                     $TPL->set('TOKEN', $Token);

  149.                 }

  150. 

  151.                 // Send email

  152.                 $Subject = "Your enable request for " . SITE_NAME . " has been ";

  153.                 $Subject .= ($Status == self::APPROVED) ? 'approved' : 'denied';

  154. 

  155.                 Misc::send_email($Email, $Subject, $TPL->get(), 'noreply');

  156.             }

  157.         } else {

  158.             foreach ($Results as $Result) {

  159.                 list(, $ID, $UserID) = $Result;

  160.                 $UserInfo[] = array($ID, $UserID);

  161.             }

  162.         }

  163. 

  164.         // User notes stuff

  165.         $StaffID = G::$LoggedUser['ID'] ?? 0;

  166.         G::$DB->query("

  167.             SELECT Username

  168.             FROM users_main

  169.             WHERE ID = ?", $StaffID);

  170.         if (G::$DB->has_results()) {

  171.           list($StaffUser) = G::$DB->next_record();

  172.         } else {

  173.           $StaffUser = "System";

  174.           $StaffID = 0;

  175.         }

  176. 

  177.         foreach ($UserInfo as $User) {

  178.             list($ID, $UserID) = $User;

  179.             $BaseComment = sqltime() . " - Enable request $ID " . strtolower(self::get_outcome_string($Status)) . ' by [user]'.$StaffUser.'[/user]';

  180.             $BaseComment .= (!empty($Comment)) ? "\nReason: $Comment\n\n" : "\n\n";

  181.             Tools::update_user_notes($UserID, $BaseComment);

  182.         }

  183. 

  184.         // Update database values and decrement cache

  185.         G::$DB->query("

  186.                 UPDATE users_enable_requests

  187.                 SET HandledTimestamp = NOW(),

  188.                     CheckedBy = ?,

  189.                     Outcome = ?

  190.                 WHERE ID IN (".implode(',', $IDs).")", $StaffID, $Status);

  191.         G::$Cache->decrement_value(self::CACHE_KEY_NAME, count($IDs));

  192.     }

  193. 

  194.     /**

  195.      * Unresolve a discarded request

  196.      *

  197.      * @param int $ID The request ID

  198.      */

  199.     public static function unresolve_request($ID) {

  200.         $ID = (int) $ID;

  201. 

  202.         if (empty($ID)) {

  203.             error(404);

  204.         }

  205. 

  206.         G::$DB->query("

  207.             SELECT UserID

  208.             FROM users_enable_requests

  209.             WHERE Outcome = '" . self::DISCARDED . "'

  210.               AND ID = '$ID'");

  211. 

  212.         if (!G::$DB->has_results()) {

  213.             error(404);

  214.         } else {

  215.             list($UserID) = G::$DB->next_record();

  216.         }

  217. 

  218.         G::$DB->query("

  219.             SELECT Username

  220.             FROM users_main

  221.             WHERE ID = '" . G::$LoggedUser['ID'] . "'");

  222.         list($StaffUser) = G::$DB->next_record();

  223. 

  224.         Tools::update_user_notes($UserID, sqltime() . " - Enable request $ID unresolved by [user]" . $StaffUser . '[/user]' . "\n\n");

  225.         G::$DB->query("

  226.             UPDATE users_enable_requests

  227.             SET Outcome = NULL, HandledTimestamp = NULL, CheckedBy = NULL

  228.             WHERE ID = '$ID'");

  229.         G::$Cache->increment_value(self::CACHE_KEY_NAME);

  230.     }

  231. 

  232.     /**

  233.      * Get the corresponding outcome string for a numerical value

  234.      *

  235.      * @param int $Outcome The outcome integer

  236.      * @return string The formatted output string

  237.      */

  238.     public static function get_outcome_string($Outcome) {

  239.         if ($Outcome == self::APPROVED) {

  240.             $String = "Approved";

  241.         } else if ($Outcome == self::DENIED) {

  242.             $String = "Rejected";

  243.         } else if ($Outcome == self::DISCARDED) {

  244.             $String = "Discarded";

  245.         } else {

  246.             $String = "---";

  247.         }

  248. 

  249.         return $String;

  250.     }

  251. 

  252.     /**

  253.      * Handle a user's request to enable an account

  254.      *

  255.      * @param string $Token The token

  256.      * @return string The error output, or an empty string

  257.      */

  258.     public static function handle_token($Token) {

  259.         $Token = db_string($Token);

  260.         G::$DB->query("

  261.             SELECT uer.UserID, uer.HandledTimestamp, um.torrent_pass, um.Visible, um.IP

  262.             FROM users_enable_requests AS uer

  263.             LEFT JOIN users_main AS um ON uer.UserID = um.ID

  264.             WHERE Token = '$Token'");

  265. 

  266.         if (G::$DB->has_results()) {

  267.             list($UserID, $Timestamp, $TorrentPass, $Visible, $IP) = G::$DB->next_record();

  268.             G::$DB->query("UPDATE users_enable_requests SET Token = NULL WHERE Token = '$Token'");

  269.             if ($Timestamp < time_minus(3600 * 48)) {

  270.                 // Old request

  271.                 Tools::update_user_notes($UserID, sqltime() . " - Tried to use an expired enable token from ".$_SERVER['REMOTE_ADDR']."\n\n");

  272.                 $Err = "Token has expired. Please visit ".BOT_DISABLED_CHAN." on ".BOT_SERVER." to discuss this with staff.";

  273.             } else {

  274.                 // Good request, decrement cache value and enable account

  275.                 G::$Cache->decrement_value(AutoEnable::CACHE_KEY_NAME);

  276.                 $VisibleTrIP = ($Visible && Crypto::decrypt($IP) != '127.0.0.1') ? '1' : '0';

  277.                 Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $TorrentPass, 'visible' => $VisibleTrIP));

  278.                 G::$DB->query("UPDATE users_main SET Enabled = '1', can_leech = '1' WHERE ID = '$UserID'");

  279.                 G::$DB->query("UPDATE users_info SET BanReason = '0' WHERE UserID = '$UserID'");

  280.                 G::$Cache->delete_value('user_info_'.$UserID);

  281.                 $Err = "Your account has been enabled. You may now log in.";

  282.             }

  283.         } else {

  284.             $Err = "Invalid token.";

  285.         }

  286. 

  287.         return $Err;

  288.     }

  289. 

  290.     /**

  291.      * Build the search query, from the searchbox inputs

  292.      *

  293.      * @param int $UserID The user ID

  294.      * @param string $IP The IP

  295.      * @param string $SubmittedTimestamp The timestamp representing when the request was submitted

  296.      * @param int $HandledUserID The ID of the user that handled the request

  297.      * @param string $HandledTimestamp The timestamp representing when the request was handled

  298.      * @param int $OutcomeSearch The outcome of the request

  299.      * @param boolean $Checked Should checked requests be included?

  300.      * @return array The WHERE conditions for the query

  301.      */

  302.     public static function build_search_query($Username, $IP, $SubmittedBetween, $SubmittedTimestamp1, $SubmittedTimestamp2, $HandledUsername, $HandledBetween, $HandledTimestamp1, $HandledTimestamp2, $OutcomeSearch, $Checked) {

  303.         $Where = [];

  304. 

  305.         if (!empty($Username)) {

  306.             $Where[] = "um1.Username = '$Username'";

  307.         }

  308. 

  309.         if (!empty($IP)) {

  310.             // TODO: make this work with encrypted IPs

  311.             $Where[] = "uer.IP = '$IP'";

  312.         }

  313. 

  314.         if (!empty($SubmittedTimestamp1)) {

  315.             switch($SubmittedBetween) {

  316.                 case 'on':

  317.                     $Where[] = "DATE(uer.Timestamp) = DATE('$SubmittedTimestamp1')";

  318.                     break;

  319.                 case 'before':

  320.                     $Where[] = "DATE(uer.Timestamp) < DATE('$SubmittedTimestamp1')";

  321.                     break;

  322.                 case 'after':

  323.                     $Where[] = "DATE(uer.Timestamp) > DATE('$SubmittedTimestamp1')";

  324.                     break;

  325.                 case 'between':

  326.                     if (!empty($SubmittedTimestamp2)) {

  327.                         $Where[] = "DATE(uer.Timestamp) BETWEEN DATE('$SubmittedTimestamp1') AND DATE('$SubmittedTimestamp2')";

  328.                     }

  329.                     break;

  330.                 default:

  331.                     break;

  332.             }

  333.         }

  334. 

  335.         if (!empty($HandledTimestamp1)) {

  336.             switch($HandledBetween) {

  337.                 case 'on':

  338.                     $Where[] = "DATE(uer.HandledTimestamp) = DATE('$HandledTimestamp1')";

  339.                     break;

  340.                 case 'before':

  341.                     $Where[] = "DATE(uer.HandledTimestamp) < DATE('$HandledTimestamp1')";

  342.                     break;

  343.                 case 'after':

  344.                     $Where[] = "DATE(uer.HandledTimestamp) > DATE('$HandledTimestamp1')";

  345.                     break;

  346.                 case 'between':

  347.                     if (!empty($HandledTimestamp2)) {

  348.                         $Where[] = "DATE(uer.HandledTimestamp) BETWEEN DATE('$HandledTimestamp1') AND DATE('$HandledTimestamp2')";

  349.                     }

  350.                     break;

  351.                 default:

  352.                     break;

  353.             }

  354.         }

  355. 

  356.         if (!empty($HandledUsername)) {

  357.             $Where[] = "um2.Username = '$HandledUsername'";

  358.         }

  359. 

  360.         if (!empty($OutcomeSearch)) {

  361.             $Where[] = "uer.Outcome = '$OutcomeSearch'";

  362.         }

  363. 

  364.         if ($Checked) {

  365.             // This is to skip the if statement in enable_requests.php

  366.             $Where[] = "(uer.Outcome IS NULL OR uer.Outcome IS NOT NULL)";

  367.         }

  368. 

  369.         return $Where;

  370.     }

  371. }