Gazelle/classes/users.class.php

<?
class Users {
  /**
   * Get $Classes (list of classes keyed by ID) and $ClassLevels
   *    (list of classes keyed by level)
   * @return array ($Classes, $ClassLevels)
   */
  public static function get_classes() {
    global $Debug;
    // Get permissions
    list($Classes, $ClassLevels) = G::$Cache->get_value('classes');
    if (!$Classes || !$ClassLevels) {
      $QueryID = G::$DB->get_query_id();
      G::$DB->query('
        SELECT ID, Name, Abbreviation, Level, Secondary
        FROM permissions
        ORDER BY Level');
      $Classes = G::$DB->to_array('ID');
      $ClassLevels = G::$DB->to_array('Level');
      G::$DB->set_query_id($QueryID);
      G::$Cache->cache_value('classes', [$Classes, $ClassLevels], 0);
    }
    $Debug->set_flag('Loaded permissions');

    return [$Classes, $ClassLevels];
  }


  /**
   * Get user info, is used for the current user and usernames all over the site.
   *
   * @param $UserID int   The UserID to get info for
   * @return array with the following keys:
   *  int     ID
   *  string  Username
   *  int     PermissionID
   *  array   Paranoia - $Paranoia array sent to paranoia.class
   *  boolean Artist
   *  boolean Donor
   *  string  Warned - When their warning expires in international time format
   *  string  Avatar - URL
   *  boolean Enabled
   *  string  Title
   *  string  CatchupTime - When they last caught up on forums
   *  boolean Visible - If false, they don't show up on peer lists
   *  array   ExtraClasses - Secondary classes.
   *  int     EffectiveClass - the highest level of their main and secondary classes
   */
  public static function user_info($UserID) {
    global $Classes;
    $UserInfo = G::$Cache->get_value("user_info_$UserID");
    // the !isset($UserInfo['Paranoia']) can be removed after a transition period
    if (empty($UserInfo) || empty($UserInfo['ID']) || !isset($UserInfo['Paranoia']) || empty($UserInfo['Class'])) {
      $OldQueryID = G::$DB->get_query_id();

      G::$DB->query("
        SELECT
          m.ID,
          m.Username,
          m.PermissionID,
          m.Paranoia,
          i.Artist,
          i.Donor,
          i.Warned,
          i.Avatar,
          m.Enabled,
          m.Title,
          i.CatchupTime,
          m.Visible,
          la.Type AS LockedAccount,
          GROUP_CONCAT(ul.PermissionID SEPARATOR ',') AS Levels
        FROM users_main AS m
          INNER JOIN users_info AS i ON i.UserID = m.ID
          LEFT JOIN locked_accounts AS la ON la.UserID = m.ID
          LEFT JOIN users_levels AS ul ON ul.UserID = m.ID
        WHERE m.ID = '$UserID'
        GROUP BY m.ID");

      if (!G::$DB->has_results()) { // Deleted user, maybe?
        $UserInfo = [
          'ID'           => $UserID,
          'Username'     => '',
          'PermissionID' => 0,
          'Paranoia'     => [],
          'Artist'       => false,
          'Donor'        => false,
          'Warned'       => NULL,
          'Avatar'       => '',
          'Enabled'      => 0,
          'Title'        => '',
          'CatchupTime'  => 0,
          'Visible'      => '1',
          'Levels'       => '',
          'Class'        => 0
        ];
      } else {
        $UserInfo = G::$DB->next_record(MYSQLI_ASSOC, ['Paranoia', 'Title']);
        $UserInfo['CatchupTime'] = strtotime($UserInfo['CatchupTime']);
        if (!is_array($UserInfo['Paranoia'])) {
          $UserInfo['Paranoia'] = json_decode($UserInfo['Paranoia'], true);
        }
        if (!$UserInfo['Paranoia']) {
          $UserInfo['Paranoia'] = [];
        }
        $UserInfo['Class'] = $Classes[$UserInfo['PermissionID']]['Level'];
      }

      if (isset($UserInfo['LockedAccount']) && $UserInfo['LockedAccount'] == "") {
        unset($UserInfo['LockedAccount']);
      }

      if (!empty($UserInfo['Levels'])) {
        $UserInfo['ExtraClasses'] = array_fill_keys(explode(',', $UserInfo['Levels']), 1);
      } else {
        $UserInfo['ExtraClasses'] = [];
      }
      unset($UserInfo['Levels']);
      $EffectiveClass = $UserInfo['Class'];
      foreach ($UserInfo['ExtraClasses'] as $Class => $Val) {
        $EffectiveClass = max($EffectiveClass, $Classes[$Class]['Level']);
      }
      $UserInfo['EffectiveClass'] = $EffectiveClass;

      G::$Cache->cache_value("user_info_$UserID", $UserInfo, 2592000);
      G::$DB->set_query_id($OldQueryID);
    }
    if (strtotime($UserInfo['Warned']) < time()) {
      $UserInfo['Warned'] = NULL;
      G::$Cache->cache_value("user_info_$UserID", $UserInfo, 2592000);
    }

    return $UserInfo;
  }

  /**
   * Gets the heavy user info
   * Only used for current user
   *
   * @param $UserID The userid to get the information for
   * @return fetched heavy info.
   *    Just read the goddamn code, I don't have time to comment this shit.
   */
  public static function user_heavy_info($UserID) {

    $HeavyInfo = G::$Cache->get_value("user_info_heavy_$UserID");
    if (empty($HeavyInfo)) {

      $QueryID = G::$DB->get_query_id();
      G::$DB->query("
        SELECT
          m.Invites,
          m.torrent_pass,
          m.IP,
          m.CustomPermissions,
          m.can_leech AS CanLeech,
          i.AuthKey,
          i.RatioWatchEnds,
          i.RatioWatchDownload,
          i.StyleID,
          i.StyleURL,
          i.DisableInvites,
          i.DisablePosting,
          i.DisableUpload,
          i.DisableWiki,
          i.DisableAvatar,
          i.DisablePM,
          i.DisablePoints,
          i.DisablePromotion,
          i.DisableRequests,
          i.DisableForums,
          i.DisableTagging,
          i.SiteOptions,
          i.LastReadNews,
          i.LastReadBlog,
          i.RestrictedForums,
          i.PermittedForums,
          m.FLTokens,
          m.BonusPoints,
          m.HnR,
          m.PermissionID
        FROM users_main AS m
          INNER JOIN users_info AS i ON i.UserID = m.ID
        WHERE m.ID = '$UserID'");
      $HeavyInfo = G::$DB->next_record(MYSQLI_ASSOC, ['CustomPermissions', 'SiteOptions']);

      $HeavyInfo['CustomPermissions'] = [];
      if (!empty($HeavyInfo['CustomPermissions'])) {
        $HeavyInfo['CustomPermissions'] = json_decode($HeavyInfo['CustomPermissions'], true);
      }

      $RestrictedForums = [];
      if (!empty($HeavyInfo['RestrictedForums'])) {
        $RestrictedForums = array_map('trim', explode(',', $HeavyInfo['RestrictedForums']));
      }
      unset($HeavyInfo['RestrictedForums']);

      $PermittedForums = [];
      if (!empty($HeavyInfo['PermittedForums'])) {
        $PermittedForums = array_map('trim', explode(',', $HeavyInfo['PermittedForums']));
      }
      unset($HeavyInfo['PermittedForums']);

      G::$DB->query("
        SELECT PermissionID
        FROM users_levels
        WHERE UserID = $UserID");
      $PermIDs = G::$DB->collect('PermissionID');
      foreach ($PermIDs AS $PermID) {
        $Perms = Permissions::get_permissions($PermID);
        if (!empty($Perms['PermittedForums'])) {
          $PermittedForums = array_merge($PermittedForums, array_map('trim', explode(',', $Perms['PermittedForums'])));
        }
      }
      $Perms = Permissions::get_permissions($HeavyInfo['PermissionID']);
      unset($HeavyInfo['PermissionID']);
      if (!empty($Perms['PermittedForums'])) {
        $PermittedForums = array_merge($PermittedForums, array_map('trim', explode(',', $Perms['PermittedForums'])));
      }

      $HeavyInfo['CustomForums'] = null;
      if (!empty($PermittedForums) || !empty($RestrictedForums)) {
        $HeavyInfo['CustomForums'] = [];
        foreach ($RestrictedForums as $ForumID) {
          $HeavyInfo['CustomForums'][$ForumID] = 0;
        }
        foreach ($PermittedForums as $ForumID) {
          $HeavyInfo['CustomForums'][$ForumID] = 1;
        }
      }
      if (isset($HeavyInfo['CustomForums'][''])) {
        unset($HeavyInfo['CustomForums']['']);
      }

      $HeavyInfo['SiteOptions'] = json_decode($HeavyInfo['SiteOptions'], true);
      if (!empty($HeavyInfo['SiteOptions'])) {
        $HeavyInfo = array_merge($HeavyInfo, $HeavyInfo['SiteOptions']);
      }
      unset($HeavyInfo['SiteOptions']);

      G::$DB->set_query_id($QueryID);

      G::$Cache->cache_value("user_info_heavy_$UserID", $HeavyInfo, 0);
    }
    return $HeavyInfo;
  }

  /**
   * Updates the site options in the database
   *
   * @param int $UserID the UserID to set the options for
   * @param array $NewOptions the new options to set
   * @return false if $NewOptions is empty, true otherwise
   */
  public static function update_site_options($UserID, $NewOptions) {
    if (!is_number($UserID)) {
      error(0);
    }
    if (empty($NewOptions)) {
      return false;
    }

    $QueryID = G::$DB->get_query_id();

    // Get SiteOptions
    G::$DB->query("
      SELECT SiteOptions
      FROM users_info
      WHERE UserID = $UserID");
    list($SiteOptions) = G::$DB->next_record(MYSQLI_NUM, false);
    $SiteOptions = json_decode($SiteOptions, true);

    // Get HeavyInfo
    $HeavyInfo = Users::user_heavy_info($UserID);

    // Insert new/replace old options
    $SiteOptions = array_merge($SiteOptions, $NewOptions);
    $HeavyInfo = array_merge($HeavyInfo, $NewOptions);

    // Update DB
    G::$DB->query("
      UPDATE users_info
      SET SiteOptions = '".db_string(json_encode($SiteOptions, true))."'
      WHERE UserID = $UserID");
    G::$DB->set_query_id($QueryID);

    // Update cache
    G::$Cache->cache_value("user_info_heavy_$UserID", $HeavyInfo, 0);

    // Update G::$LoggedUser if the options are changed for the current
    if (G::$LoggedUser['ID'] == $UserID) {
      G::$LoggedUser = array_merge(G::$LoggedUser, $NewOptions);
      G::$LoggedUser['ID'] = $UserID; // We don't want to allow userid switching
    }
    return true;
  }

  /**
   * Generate a random string
   *
   * @param Length
   * @return random alphanumeric string
   */
  public static function make_secret($Length = 32) {
    $Secret = '';
    $Chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    for ($i = 0; $i < $Length; $i++) {
      $Secret .= $Chars[random_int(0, strlen($Chars)-1)];
    }
    return str_shuffle($Secret);
  }

  /**
   * Verify a password against a password hash
   *
   * @param $Password password
   * @param $Hash password hash
   * @return true on correct password
   */
  public static function check_password($Password, $Hash) {
    if (!$Password || !$Hash) { return false; }
    return password_verify(str_replace("\0","",hash("sha512", $Password, true)), $Hash);
  }

  /**
   * Create salted hash for a given string
   *
   * @param $Str string to hash
   * @return salted hash
   */
  public static function make_sec_hash($Str) {
    return password_hash(str_replace("\0","",hash("sha512", $Str, true)), PASSWORD_DEFAULT);
  }

  /**
   * Returns a username string for display
   *
   * @param int $UserID
   * @param boolean $Badges whether or not badges (donor, warned, enabled) should be shown
   * @param boolean $IsWarned
   * @param boolean $IsEnabled
   * @param boolean $Class whether or not to show the class
   * @param boolean $Title whether or not to show the title
   * @param boolean $IsDonorForum for displaying donor forum honorific prefixes and suffixes
   * @return HTML formatted username
   */
  public static function format_username($UserID, $Badges = false, $IsWarned = true, $IsEnabled = true, $Class = false, $Title = false, $IsDonorForum = false) {
    global $Classes;

    if ($UserID == 0) {
      return 'System';
    }

    $UserInfo = self::user_info($UserID);
    if ($UserInfo['Username'] == '') {
      return "Unknown [$UserID]";
    }

    $Str = '';

    $Username = $UserInfo['Username'];
    $Paranoia = $UserInfo['Paranoia'];

    if ($UserInfo['Class'] < $Classes[MOD]['Level']) {
      $OverrideParanoia = check_perms('users_override_paranoia', $UserInfo['Class']);
    } else {
      // Don't override paranoia for mods who don't want to show their donor heart
      $OverrideParanoia = false;
    }
    $ShowDonorIcon = (!in_array('hide_donor_heart', $Paranoia) || $OverrideParanoia);

    if ($IsDonorForum) {
      list($Prefix, $Suffix, $HasComma) = Donations::get_titles($UserID);
      $Username = "$Prefix $Username" . ($HasComma ? ', ' : ' ') . "$Suffix ";
    }

    if ($Title) {
      $Str .= "<strong><a href=\"user.php?id=$UserID\">$Username</a></strong>";
    } else {
      $Str .= "<a href=\"user.php?id=$UserID\">$Username</a>";
    }
    if ($Badges) {
      $DonorRank = Donations::get_rank($UserID);
      if ($DonorRank == 0 && $UserInfo['Donor'] == 1) {
        $DonorRank = 1;
      }
      if ($ShowDonorIcon && $DonorRank > 0) {
        $IconLink = 'donate.php';
        $IconImage = 'donor.png';
        $IconText = 'Donor';
        $DonorHeart = $DonorRank;
        $SpecialRank = Donations::get_special_rank($UserID);
        $EnabledRewards = Donations::get_enabled_rewards($UserID);
        $DonorRewards = Donations::get_rewards($UserID);
        if ($EnabledRewards['HasDonorIconMouseOverText'] && !empty($DonorRewards['IconMouseOverText'])) {
          $IconText = display_str($DonorRewards['IconMouseOverText']);
        }
        if ($EnabledRewards['HasDonorIconLink'] && !empty($DonorRewards['CustomIconLink'])) {
          $IconLink = display_str($DonorRewards['CustomIconLink']);
        }
        if ($EnabledRewards['HasCustomDonorIcon'] && !empty($DonorRewards['CustomIcon'])) {
          $IconImage = ImageTools::process($DonorRewards['CustomIcon'], false, 'donoricon', $UserID);
        } else {
          if ($SpecialRank === MAX_SPECIAL_RANK) {
            $DonorHeart = 6;
          } elseif ($DonorRank === 5) {
            $DonorHeart = 4; // Two points between rank 4 and 5
          } elseif ($DonorRank >= MAX_RANK) {
            $DonorHeart = 5;
          }
          if ($DonorHeart === 1) {
            $IconImage = STATIC_SERVER . 'common/symbols/donor.png';
          } else {
            $IconImage = STATIC_SERVER . "common/symbols/donor_{$DonorHeart}.png";
          }
        }
        $Str .= "<a target=\"_blank\" href=\"$IconLink\"><img class=\"donor_icon tooltip\" src=\"$IconImage\" alt=\"$IconText\" title=\"$IconText\" /></a>";
      }
      $Str .= Badges::display_badges(Badges::get_displayed_badges($UserID), true);
    }

    $Str .= ($IsWarned && $UserInfo['Warned']) ? '<a href="wiki.php?action=article&amp;id=218"'
          . '><img src="'.STATIC_SERVER.'common/symbols/warned.png" alt="Warned" title="Warned'
          . (G::$LoggedUser['ID'] === $UserID ? ' - Expires ' . date('Y-m-d H:i', strtotime($UserInfo['Warned'])) : '')
          . '" class="tooltip" /></a>' : '';
    $Str .= ($IsEnabled && $UserInfo['Enabled'] == 2) ? '<a href="rules.php"><img src="'.STATIC_SERVER.'common/symbols/disabled.png" alt="Banned" title="Disabled" class="tooltip" /></a>' : '';

    if ($Class) {
      foreach (array_keys($UserInfo['ExtraClasses']) as $ExtraClass) {
        $Str .= ' ['.Users::make_class_abbrev_string($ExtraClass).']';
      }
      if ($Title) {
        $Str .= ' <strong>('.Users::make_class_string($UserInfo['PermissionID']).')</strong>';
      } else {
        $Str .= ' ('.Users::make_class_string($UserInfo['PermissionID']).')';
      }
    }

    if ($Title) {
      // Image proxy CTs
      if (check_perms('site_proxy_images') && !empty($UserInfo['Title'])) {
        $UserInfo['Title'] = preg_replace_callback('~src=("?)(http.+?)(["\s>])~',
          function($Matches) {
            return 'src=' . $Matches[1] . ImageTools::process($Matches[2]) . $Matches[3];
          },
          $UserInfo['Title']);
      }

      if ($UserInfo['Title']) {
        $Str .= ' <span class="user_title">('.$UserInfo['Title'].')</span>';
      }
    }
    return $Str;
  }

  /**
   * Given a class ID, return its name.
   *
   * @param int $ClassID
   * @return string name
   */
  public static function make_class_string($ClassID) {
    global $Classes;
    return $Classes[$ClassID]['Name'];
  }

  public static function make_class_abbrev_string($ClassID) {
    global $Classes;
    return '<abbr title="'.$Classes[$ClassID]['Name'].'">'.$Classes[$ClassID]['Abbreviation'].'</abbr>';
  }

  /**
   * Returns an array with User Bookmark data: group IDs, collage data, torrent data
   * @param string|int $UserID
   * @return array Group IDs, Bookmark Data, Torrent List
   */
  public static function get_bookmarks($UserID) {
    $UserID = (int)$UserID;

    if (($Data = G::$Cache->get_value("bookmarks_group_ids_$UserID"))) {
      list($GroupIDs, $BookmarkData) = $Data;
    } else {
      $QueryID = G::$DB->get_query_id();
      G::$DB->query("
        SELECT GroupID, Sort, `Time`
        FROM bookmarks_torrents
        WHERE UserID = $UserID
        ORDER BY Sort, `Time` ASC");
      $GroupIDs = G::$DB->collect('GroupID');
      $BookmarkData = G::$DB->to_array('GroupID', MYSQLI_ASSOC);
      G::$DB->set_query_id($QueryID);
      G::$Cache->cache_value("bookmarks_group_ids_$UserID", [$GroupIDs, $BookmarkData], 3600);
    }

    $TorrentList = Torrents::get_groups($GroupIDs);

    return [$GroupIDs, $BookmarkData, $TorrentList];
  }

  /**
   * Generate HTML for a user's avatar or just return the avatar URL
   * @param unknown $Avatar
   * @param unknown $UserID
   * @param unknown $Username
   * @param unknown $Setting
   * @param number $Size
   * @param string $ReturnHTML
   * @return string
   */
  public static function show_avatar($Avatar, $UserID, $Username, $Setting, $Size = 150, $ReturnHTML = true) {
    $Avatar = ImageTools::process($Avatar, false, 'avatar', $UserID);
    $Style = 'style="max-height: 400px;"';
    $AvatarMouseOverText = '';
    $SecondAvatar = '';
    $Class = 'class="double_avatar"';
    $EnabledRewards = Donations::get_enabled_rewards($UserID);

    if ($EnabledRewards['HasAvatarMouseOverText']) {
      $Rewards = Donations::get_rewards($UserID);
      $AvatarMouseOverText = $Rewards['AvatarMouseOverText'];
    }
    if (!empty($AvatarMouseOverText)) {
      $AvatarMouseOverText =  "title=\"$AvatarMouseOverText\" alt=\"$AvatarMouseOverText\"";
    } else {
      $AvatarMouseOverText = "alt=\"$Username's avatar\"";
    }
    if ($EnabledRewards['HasSecondAvatar'] && !empty($Rewards['SecondAvatar'])) {
      $SecondAvatar = ' data-gazelle-second-avatar="' . ImageTools::process($Rewards['SecondAvatar'], false, 'avatar2', $UserID) . '"';
    }
    // case 1 is avatars disabled
    switch ($Setting) {
      case 0:
        if (!empty($Avatar)) {
          $ToReturn = ($ReturnHTML ? "<a href=\"user.php?id=$UserID\"><img src=\"$Avatar\" ".($Size?"width=\"$Size\" ":"")."$Style $AvatarMouseOverText$SecondAvatar $Class /></a>" : $Avatar);
        } else {
          $URL = STATIC_SERVER.'common/avatars/default.png';
          $ToReturn = ($ReturnHTML ? "<img src=\"$URL\" width=\"$Size\" $Style $AvatarMouseOverText$SecondAvatar />" : $URL);
        }
        break;
      case 2:
        $ShowAvatar = true;
      case 3:
        switch (G::$LoggedUser['Identicons']) {
          case 0:
            $Type = 'identicon';
            break;
          case 1:
            $Type = 'monsterid';
            break;
          case 2:
            $Type = 'wavatar';
            break;
          case 3:
            $Type = 'retro';
            break;
          case 4:
            $Type = '1';
            $Robot = true;
            break;
          case 5:
            $Type = '2';
            $Robot = true;
            break;
          case 6:
            $Type = '3';
            $Robot = true;
            break;
          default:
            $Type = 'identicon';
        }
        $Rating = 'pg';
        if (!isset($Robot) || !$Robot) {
          $URL = 'https://secure.gravatar.com/avatar/'.md5(strtolower(trim($Username)))."?s=$Size&amp;d=$Type&amp;r=$Rating";
        } else {
          $URL = 'https://robohash.org/'.md5($Username)."?set=set$Type&amp;size={$Size}x$Size";
        }
        if ($ShowAvatar == true && !empty($Avatar)) {
          $ToReturn = ($ReturnHTML ? "<img src=\"$Avatar\" width=\"$Size\" $Style $AvatarMouseOverText$SecondAvatar $Class />" : $Avatar);
        } else {
          $ToReturn = ($ReturnHTML ? "<img src=\"$URL\" width=\"$Size\" $Style $AvatarMouseOverText $Class />" : $URL);
        }
        break;
      default:
        $URL = STATIC_SERVER.'common/avatars/default.png';
        $ToReturn = ($ReturnHTML ? "<img src=\"$URL\" width=\"$Size\" $Style $AvatarMouseOverText$SecondAvatar $Class/>" : $URL);
    }
    return $ToReturn;
  }

  public static function has_avatars_enabled() {
    global $HeavyInfo;
    return isset($HeavyInfo['DisableAvatars']) && ($HeavyInfo['DisableAvatars'] != 1);
  }

  /**
   * Checks whether user has autocomplete enabled
   *
   * 0 - Enabled everywhere (default), 1 - Disabled, 2 - Searches only
   *
   * @param string $Type the type of the input.
   * @param boolean $Output echo out HTML
   * @return boolean
   */
  public static function has_autocomplete_enabled($Type, $Output = true) {
    $Enabled = false;
    if (empty(G::$LoggedUser['AutoComplete'])) {
      $Enabled = true;
    } elseif (G::$LoggedUser['AutoComplete'] !== 1) {
      switch ($Type) {
        case 'search':
          if (G::$LoggedUser['AutoComplete'] == 2) {
            $Enabled = true;
          }
          break;
        case 'other':
          if (G::$LoggedUser['AutoComplete'] != 2) {
            $Enabled = true;
          }
          break;
      }
    }
    if ($Enabled && $Output) {
      echo ' data-gazelle-autocomplete="true"';
    }
    if (!$Output) {
      // don't return a boolean if you're echoing HTML
      return $Enabled;
    }
  }

  /*
   * Initiate a password reset
   *
   * @param int $UserID The user ID
   * @param string $Username The username
   * @param string $Email The email address
   */
  public static function reset_password($UserID, $Username, $Email) {
    $ResetKey = Users::make_secret();
    G::$DB->query("
      UPDATE users_info
      SET
        ResetKey = '" . db_string($ResetKey) . "',
        ResetExpires = '" . time_plus(60 * 60) . "'
      WHERE UserID = '$UserID'");
    require(SERVER_ROOT . '/classes/templates.class.php');
    $TPL = NEW TEMPLATE;
    $TPL->open(SERVER_ROOT . '/templates/password_reset.tpl'); // Password reset template
    $TPL->set('Username', $Username);
    $TPL->set('ResetKey', $ResetKey);
    $TPL->set('IP', $_SERVER['REMOTE_ADDR']);
    $TPL->set('SITE_NAME', SITE_NAME);
    $TPL->set('SITE_DOMAIN', SITE_DOMAIN);

    Misc::send_email($Email, 'Password reset information for ' . SITE_NAME, $TPL->get(), 'noreply');
  }


  /*
   * Authorize a new location
   *
   * @param int $UserID The user ID
   * @param string $Username The username
   * @param int $ASN The ASN
   * @param string $Email The email address
   */
  public static function auth_location($UserID, $Username, $ASN, $Email) {
    $AuthKey = Users::make_secret();
    G::$Cache->cache_value('new_location_'.$AuthKey, ['UserID'=>$UserID, 'ASN'=>$ASN], 3600*2);
    require(SERVER_ROOT . '/classes/templates.class.php');
    $TPL = NEW TEMPLATE;
    $TPL->open(SERVER_ROOT . '/templates/new_location.tpl');
    $TPL->set('Username', $Username);
    $TPL->set('AuthKey', $AuthKey);
    $TPL->set('IP', $_SERVER['REMOTE_ADDR']);
    $TPL->set('SITE_NAME', SITE_NAME);
    $TPL->set('SITE_DOMAIN', SITE_DOMAIN);

    Misc::send_email($Email, 'Login from new location for '.SITE_NAME, $TPL->get(), 'noreply');
  }
  /*
   * @return array of strings that can be added to next source flag ( [current, old] )
   */
  public static function get_upload_sources() {
    if (!($SourceKey = G::$Cache->get_value('source_key_new'))) {
      G::$Cache->cache_value('source_key_new', $SourceKey = [Users::make_secret(), time()]);
    }
    $SourceKeyOld = G::$Cache->get_value('source_key_old');
    if ($SourceKey[1]-time() > 3600) {
      G::$Cache->cache_value('source_key_old', $SourceKeyOld = $SourceKey);
      G::$Cache->cache_value('source_key_new', $SourceKey = [Users::make_secret(), time()]);
    }
    G::$DB->query("
      SELECT
        COUNT(ID)
      FROM torrents
      WHERE UserID = ".G::$LoggedUser['ID']);
    list($Uploads) = G::$DB->next_record();
    $Source[0] = SITE_NAME.'-'.substr(hash('sha256', $SourceKey[0].G::$LoggedUser['ID'].$Uploads),0,10);
    $Source[1] = $SourceKeyOld ? SITE_NAME.'-'.substr(hash('sha256', $SourceKeyOld[0].G::$LoggedUser['ID'].$Uploads),0,10) : $Source[0];
    return $Source;
  }
}