Browse Source

Fix all torrent editing except publications (needs DB surgery)

biotorrents 4 years ago
parent
commit
092c7ef811

+ 7
- 7
classes/artists.class.php View File

@@ -196,7 +196,7 @@ class Artists
196 196
             FROM
197 197
               `requests`
198 198
             WHERE
199
-              `ID` = $RequestID
199
+              `ID` = '$RequestID'
200 200
             ");
201 201
 
202 202
             G::$DB->query("
@@ -204,7 +204,7 @@ class Artists
204 204
             FROM
205 205
               `requests_votes`
206 206
             WHERE
207
-              `RequestID` = $RequestID
207
+              `RequestID` = '$RequestID'
208 208
             ");
209 209
 
210 210
             G::$DB->query("
@@ -212,7 +212,7 @@ class Artists
212 212
             FROM
213 213
               `requests_tags`
214 214
             WHERE
215
-              `RequestID` = $RequestID
215
+              `RequestID` = '$RequestID'
216 216
             ");
217 217
 
218 218
             G::$DB->query("
@@ -220,7 +220,7 @@ class Artists
220 220
             FROM
221 221
               `requests_artists`
222 222
             WHERE
223
-              `RequestID` = $RequestID
223
+              `RequestID` = '$RequestID'
224 224
             ");
225 225
         }
226 226
 
@@ -230,7 +230,7 @@ class Artists
230 230
         FROM
231 231
           `artists_group`
232 232
         WHERE
233
-          `ArtistID` = $ArtistID
233
+          `ArtistID` = '$ArtistID'
234 234
         ");
235 235
         G::$Cache->decrement('stats_artist_count');
236 236
 
@@ -240,7 +240,7 @@ class Artists
240 240
         FROM
241 241
           `wiki_artists`
242 242
         WHERE
243
-          `PageID` = $ArtistID
243
+          `PageID` = '$ArtistID'
244 244
         ");
245 245
 
246 246
         // Delete tags
@@ -249,7 +249,7 @@ class Artists
249 249
         FROM
250 250
           `artists_tags`
251 251
         WHERE
252
-          `ArtistID` = $ ArtistID
252
+          `ArtistID` = '$ArtistID'
253 253
         ");
254 254
 
255 255
         // Delete artist comments, subscriptions and quote notifications

+ 18
- 0
classes/security.class.php View File

@@ -10,6 +10,24 @@ declare(strict_types = 1);
10 10
 
11 11
 class Security
12 12
 {
13
+    /**
14
+     * ID check
15
+     *
16
+     * Makes sure a number ID is valid,
17
+     * e.g., a page ID requested by GET.
18
+     * Optionally call authorize().
19
+     */
20
+    public function idCheck($id, $auth)
21
+    {
22
+        if (!$id || !is_int($id)) {
23
+            error(400);
24
+        }
25
+        
26
+        if ($auth) {
27
+            authorize();
28
+        }
29
+    }
30
+
13 31
     /**
14 32
      * Setup pitfalls
15 33
      *

+ 20
- 19
sections/torrents/details.php View File

@@ -477,7 +477,7 @@ foreach ($TorrentList as $Torrent) {
477 477
         </td>
478 478
       </tr>';
479 479
         }
480
-        $ReportInfo .= "\n\t\t</table>";
480
+        $ReportInfo .= "</table>";
481 481
     }
482 482
 
483 483
     $CanEdit = (check_perms('torrents_edit') || (($UserID == $LoggedUser['ID'] && !$LoggedUser['DisableWiki']) && !($Remastered && !$RemasterYear)));
@@ -516,39 +516,40 @@ foreach ($TorrentList as $Torrent) {
516 516
   </table>';
517 517
 
518 518
     $ExtraInfo = ''; // String that contains information on the torrent (e.g., format and encoding)
519
-    $AddExtra = '&thinsp;|&thinsp;'; // Separator between torrent properties
519
+    $AddExtra = '&Tab;|&Tab;'; // Separator between torrent properties
520 520
 
521 521
   // Similar to Torrents::torrent_info()
522 522
     if ($Media) {
523
-        $ExtraInfo .= display_str($Media);
523
+        $ExtraInfo .= '<x style="tooltip" title="Platform">'.display_str($Media).'</x>';
524 524
     }
525 525
 
526 526
     if ($Container) {
527
-        $ExtraInfo .= $AddExtra . display_str($Container);
527
+        $ExtraInfo .= $AddExtra.'<x style="tooltip" title="Format">'.display_str($Container).'</x>';
528 528
     }
529 529
 
530 530
     if ($Archive) {
531
-        $ExtraInfo .= $AddExtra . display_str($Archive);
531
+        $ExtraInfo .= $AddExtra.'<x style="tooltip" title="Archive">'.display_str($Archive).'</x>';
532 532
     }
533 533
 
534 534
     if ($Codec) {
535
-        $ExtraInfo .= $AddExtra . display_str($Codec);
535
+        $ExtraInfo .= $AddExtra.'<x style="tooltip" title="License">'.display_str($Codec).'</x>';
536 536
     }
537 537
 
538 538
     if ($Resolution) {
539
-        $ExtraInfo .= $AddExtra . display_str($Resolution);
539
+        $ExtraInfo .= $AddExtra.'<x style="tooltip" title="Scope">'.display_str($Resolution).'</x>';
540 540
     }
541 541
 
542 542
     /*
543 543
     if ($AudioFormat) {
544 544
         $ExtraInfo.=$AddExtra.display_str($AudioFormat);
545
+        $ExtraInfo .= $AddExtra.'<x style="tooltip" title="Accession Number">'.display_str($AudioFormat).'</x>';
545 546
     }
546 547
     */
547 548
 
548 549
     if ($Censored) {
549
-        $ExtraInfo .= $AddExtra . display_str('Aligned');
550
+        $ExtraInfo .= $AddExtra.'<x style="tooltip" title="Aligned/Annotated">Yes</x>';
550 551
     } else {
551
-        $ExtraInfo .= $AddExtra . display_str('Not Aligned');
552
+        $ExtraInfo .= $AddExtra.'<x style="tooltip" title="Aligned/Annotated">No</x>';
552 553
     }
553 554
 
554 555
     if (!$ExtraInfo) {
@@ -556,19 +557,19 @@ foreach ($TorrentList as $Torrent) {
556 557
     }
557 558
 
558 559
     if ($IsLeeching) {
559
-        $ExtraInfo .= $AddExtra . Format::torrent_label('Leeching', 'important_text_semi');
560
+        $ExtraInfo .= $AddExtra.Format::torrent_label('Leeching', 'important_text_semi');
560 561
     } elseif ($IsSeeding) {
561
-        $ExtraInfo .= $AddExtra . Format::torrent_label('Seeding', 'important_text_alt');
562
+        $ExtraInfo .= $AddExtra.Format::torrent_label('Seeding', 'important_text_alt');
562 563
     } elseif ($IsSnatched) {
563
-        $ExtraInfo .= $AddExtra . Format::torrent_label('Snatched', 'bold');
564
+        $ExtraInfo .= $AddExtra.Format::torrent_label('Snatched', 'bold');
564 565
     }
565 566
 
566 567
     if ($FreeTorrent === '1') {
567
-        $ExtraInfo .= $AddExtra . Format::torrent_label('Freeleech', 'important_text_alt');
568
+        $ExtraInfo .= $AddExtra.Format::torrent_label('Freeleech', 'important_text_alt');
568 569
     }
569 570
 
570 571
     if ($FreeTorrent === '2') {
571
-        $ExtraInfo .= $AddExtra . Format::torrent_label('Neutral Leech', 'bold');
572
+        $ExtraInfo .= $AddExtra.Format::torrent_label('Neutral Leech', 'bold');
572 573
     }
573 574
 
574 575
     // Freleechizer
@@ -585,25 +586,25 @@ foreach ($TorrentList as $Torrent) {
585 586
     }
586 587
 
587 588
     if ($PersonalFL) {
588
-        $ExtraInfo .= $AddExtra . Format::torrent_label('Personal Freeleech', 'important_text_alt');
589
+        $ExtraInfo .= $AddExtra.Format::torrent_label('Personal Freeleech', 'important_text_alt');
589 590
     }
590 591
 
591 592
     if ($Reported) {
592 593
         $HtmlReportType = ucfirst($Reports[0]['Type']);
593 594
         $HtmlReportComment = htmlentities(htmlentities($Reports[0]['UserComment']));
594
-        $ExtraInfo .= $AddExtra . "<strong class='torrent_label tl_reported tooltip' title='Type: $HtmlReportType<br>Comment: $HtmlReportComment'>".Format::torrent_label('Reported', 'important_text')."</strong>";
595
+        $ExtraInfo .= $AddExtra."<strong class='torrent_label tl_reported tooltip' title='Type: $HtmlReportType<br>Comment: $HtmlReportComment'>".Format::torrent_label('Reported', 'important_text')."</strong>";
595 596
     }
596 597
 
597 598
     if (!empty($BadTags)) {
598
-        $ExtraInfo .= $AddExtra . Format::torrent_label('Bad Tags', 'important_text');
599
+        $ExtraInfo .= $AddExtra.Format::torrent_label('Bad Tags', 'important_text');
599 600
     }
600 601
 
601 602
     if (!empty($BadFolders)) {
602
-        $ExtraInfo .= $AddExtra . Format::torrent_label('Bad Folders', 'important_text');
603
+        $ExtraInfo .= $AddExtra.Format::torrent_label('Bad Folders', 'important_text');
603 604
     }
604 605
 
605 606
     if (!empty($BadFiles)) {
606
-        $ExtraInfo .= $AddExtra . Format::torrent_label('Bad File Names', 'important_text');
607
+        $ExtraInfo .= $AddExtra.Format::torrent_label('Bad File Names', 'important_text');
607 608
     }
608 609
 
609 610
     $TorrentDL = "torrents.php?action=download&amp;id=".$TorrentID."&amp;authkey=".$LoggedUser['AuthKey']."&amp;torrent_pass=".$LoggedUser['torrent_pass'];

+ 19
- 13
sections/torrents/editgroup.php View File

@@ -58,7 +58,7 @@ SELECT
58 58
 FROM
59 59
   `torrents_screenshots`
60 60
 WHERE
61
-  TorrentID = '".db_string($TorrentID)."'
61
+  `GroupID` = '$GroupID'
62 62
 ");
63 63
 
64 64
 if ($DB->has_results()) {
@@ -79,10 +79,8 @@ View::show_header(
79 79
     'Edit torrent group',
80 80
     'upload,bbcode,vendor/easymde.min',
81 81
     'vendor/easymde.min'
82
-);
82
+); ?>
83 83
 
84
-// Start printing form
85
-?>
86 84
 <h2 class="header">
87 85
   Edit
88 86
   <a href="torrents.php?id=<?=$GroupID?>"><?=($Name ? $Name : ($Title2 ? $Title2 : $NameJP))?></a>
@@ -101,7 +99,7 @@ View::show_header(
101 99
       Picture
102 100
     </h3>
103 101
 
104
-    <input type="text" name="image" size="92" value="<?=$Image?>" />
102
+    <input type="text" name="image" size="80" value="<?=$Image?>" />
105 103
     <br /><br />
106 104
 
107 105
     <h3>
@@ -130,7 +128,7 @@ new TEXTAREA_PREVIEW(
130 128
       Edit Summary
131 129
     </h3>
132 130
 
133
-    <input type="text" name="summary" size="92" />
131
+    <input type="text" name="summary" size="80" />
134 132
     <br />
135 133
 
136 134
     <div class="center pad">
@@ -264,11 +262,17 @@ new TEXTAREA_PREVIEW(
264 262
         </td>
265 263
 
266 264
         <td>
267
-          <input type="checkbox" id="unfreeleech" name="unfreeleech" /><label for="unfreeleech"> Reset</label>
268
-          <input type="checkbox" id="freeleech" name="freeleech" /><label for="freeleech"> Freeleech</label>
269
-          <input type="checkbox" id="neutralleech" name="neutralleech" /><label for="neutralleech"> Neutral
270
-            Leech</label>
265
+          <input type="checkbox" id="unfreeleech" name="unfreeleech" />
266
+          <label for="unfreeleech"> Reset</label>
267
+
268
+          <input type="checkbox" id="freeleech" name="freeleech" />
269
+          <label for="freeleech"> Freeleech</label>
270
+
271
+          <input type="checkbox" id="neutralleech" name="neutralleech" />
272
+          <label for="neutralleech"> Neutral Leech</label>
273
+
271 274
           because
275
+
272 276
           <select name="freeleechtype">
273 277
             <?php $FL = array('N/A', 'Staff Pick', 'Perma-FL', 'Freeleechizer', 'Site-Wide FL');
274 278
     foreach ($FL as $Key => $FLType) { ?>
@@ -282,7 +286,7 @@ new TEXTAREA_PREVIEW(
282 286
     </table>
283 287
 
284 288
     <div class="center pad">
285
-    <input type="submit" value="Edit" />
289
+      <input type="submit" value="Edit" />
286 290
     </div>
287 291
   </form>
288 292
 </div>
@@ -370,5 +374,7 @@ new TEXTAREA_PREVIEW(
370 374
     </div>
371 375
   </form>
372 376
 </div>
373
-<?php } ?>
374
-<?php View::show_footer();
377
+<?php
378
+}
379
+
380
+View::show_footer();

+ 1
- 1
sections/torrents/functions.php View File

@@ -84,7 +84,7 @@ function get_group_info($GroupID, $Return = true, $RevisionID = 0, $PersonalProp
84 84
         FROM
85 85
           `torrents_mirrors`
86 86
         WHERE
87
-          TorrentID = '$TorrentID'
87
+          `GroupID` = '$GroupID'
88 88
         ");
89 89
   
90 90
         if ($DB->has_results()) {

+ 123
- 66
sections/torrents/nonwikiedit.php View File

@@ -1,27 +1,29 @@
1 1
 <?php
2
-#declare(strict_types=1);
2
+declare(strict_types=1);
3 3
 
4
-authorize();
4
+$GroupID = (int) $_POST['groupid'];
5
+Security::idCheck($GroupID, true);
5 6
 
6
-//Set by system
7
-if (!$_POST['groupid'] || !is_number($_POST['groupid'])) {
8
-    error(404);
9
-}
10
-$GroupID = $_POST['groupid'];
11
-
12
-//Usual perm checks
7
+// Usual perm checks
13 8
 if (!check_perms('torrents_edit')) {
14 9
     $DB->query("
15
-    SELECT UserID
16
-    FROM torrents
17
-    WHERE GroupID = $GroupID");
10
+    SELECT
11
+      `UserID`
12
+    FROM
13
+      `torrents`
14
+    WHERE
15
+      `GroupID` = '$GroupID'
16
+    ");
17
+
18 18
     if (!in_array($LoggedUser['ID'], $DB->collect('UserID'))) {
19 19
         error(403);
20 20
     }
21 21
 }
22 22
 
23
-
24
-if (check_perms('torrents_freeleech') && (isset($_POST['freeleech']) xor isset($_POST['neutralleech']) xor isset($_POST['unfreeleech']))) {
23
+if (check_perms('torrents_freeleech')
24
+  && (isset($_POST['freeleech'])
25
+  xor isset($_POST['neutralleech'])
26
+  xor isset($_POST['unfreeleech']))) {
25 27
     if (isset($_POST['freeleech'])) {
26 28
         $Free = 1;
27 29
     } elseif (isset($_POST['neutralleech'])) {
@@ -30,7 +32,7 @@ if (check_perms('torrents_freeleech') && (isset($_POST['freeleech']) xor isset($
30 32
         $Free = 0;
31 33
     }
32 34
 
33
-    if (isset($_POST['freeleechtype']) && in_array($_POST['freeleechtype'], array(0, 1, 2, 3))) {
35
+    if (isset($_POST['freeleechtype']) && in_array($_POST['freeleechtype'], [0, 1, 2, 3])) {
34 36
         $FreeType = $_POST['freeleechtype'];
35 37
     } else {
36 38
         error(404);
@@ -41,7 +43,7 @@ if (check_perms('torrents_freeleech') && (isset($_POST['freeleech']) xor isset($
41 43
 
42 44
 $Artists = $_POST['idols'];
43 45
 
44
-//Escape fields
46
+// Escape fields
45 47
 $Studio = db_string($_POST['studio']);
46 48
 $Series = db_string($_POST['series']);
47 49
 $Year = db_string((int)$_POST['year']);
@@ -49,33 +51,51 @@ $CatalogueNumber = db_string($_POST['catalogue']);
49 51
 
50 52
 // Get some info for the group log
51 53
 $DB->query("
52
-  SELECT Year
53
-  FROM torrents_group
54
-  WHERE ID = $GroupID");
54
+SELECT
55
+  `Year`
56
+FROM
57
+  `torrents_group`
58
+WHERE
59
+  `ID` = '$GroupID'
60
+");
55 61
 list($OldYear) = $DB->next_record();
56 62
 
57
-
58
-
59 63
 $DB->query("
60
-  UPDATE torrents_group
61
-  SET
62
-    Year = '$Year',
63
-    CatalogueNumber = '".$CatalogueNumber."',
64
-    Studio = '$Studio',
65
-    Series = '$Series',
66
-  WHERE ID = $GroupID");
67
-
68
-if ($OldYear != $Year) {
64
+UPDATE
65
+  `torrents_group`
66
+SET
67
+  `Year` = '$Year',
68
+  `CatalogueNumber` = '$CatalogueNumber',
69
+  `Studio` = '$Studio',
70
+  `Series` = '$Series'
71
+WHERE
72
+  `ID` = '$GroupID'
73
+");
74
+
75
+if ($OldYear !== $Year) {
76
+    $Message = db_string("Year changed from $OldYear to $Year");
69 77
     $DB->query("
70
-    INSERT INTO group_log (GroupID, UserID, Time, Info)
71
-    VALUES ('$GroupID', ".$LoggedUser['ID'].", NOW(), '".db_string("Year changed from $OldYear to $Year")."')");
78
+    INSERT INTO `group_log`
79
+      (`GroupID`, `UserID`, `Time`, `Info`)
80
+    VALUES(
81
+      '$GroupID',
82
+      ".$LoggedUser['ID'].",
83
+      NOW(),
84
+      '$Message')
85
+    ");
72 86
 }
73 87
 
74 88
 $DB->query("
75
-  SELECT ag.Name
76
-  FROM artists_group AS ag
77
-    JOIN torrents_artists AS ta ON ag.ArtistID = ta.ArtistID
78
-  WHERE ta.GroupID = ".$GroupID);
89
+SELECT
90
+  ag.`Name`
91
+FROM
92
+  `artists_group` AS ag
93
+JOIN `torrents_artists` AS ta
94
+ON
95
+  ag.`ArtistID` = ta.`ArtistID`
96
+WHERE
97
+  ta.`GroupID` = '$GroupID'
98
+");
79 99
 
80 100
 while ($r = $DB->next_record(MYSQLI_ASSOC, true)) {
81 101
     $CurrArtists[] = $r['Name'];
@@ -83,57 +103,89 @@ while ($r = $DB->next_record(MYSQLI_ASSOC, true)) {
83 103
 
84 104
 foreach ($Artists as $Artist) {
85 105
     if (!in_array($Artist, $CurrArtists)) {
106
+        $Artist = db_string($Artist);
86 107
         $DB->query("
87
-      SELECT ArtistID
88
-      FROM artists_group
89
-      WHERE Name = '".db_string($Artist)."'");
108
+        SELECT
109
+          `ArtistID`
110
+        FROM
111
+          `artists_group`
112
+        WHERE
113
+          `Name` = '$Artist'
114
+        ");
115
+
90 116
         if ($DB->has_results()) {
91 117
             list($ArtistID) = $DB->next_record();
92 118
         } else {
93 119
             $DB->query("
94
-        INSERT INTO artists_group
95
-        (Name)
96
-        VALUES
97
-        ('".db_string($Artist)."')");
120
+            INSERT INTO `artists_group`(`Name`)
121
+            VALUES('$Artist')
122
+            ");
98 123
             $ArtistID = $DB->inserted_id();
99 124
         }
100
-        $DB->query("
101
-      INSERT INTO torrents_artists
102
-      (GroupID, ArtistID, UserID)
103
-      VALUES
104
-      (".$GroupID.", ".$ArtistID.", ".$LoggedUser['ID'].")
105
-      ON DUPLICATE KEY UPDATE UserID=".$LoggedUser['ID']); // Why does this even happen
125
+
126
+        $DB->query(
127
+            "
128
+        INSERT INTO `torrents_artists`(`GroupID`, `ArtistID`, `UserID`)
129
+        VALUES(
130
+          '$GroupID',
131
+          '$ArtistID',
132
+          ".$LoggedUser['ID']."
133
+        )
134
+        ON DUPLICATE KEY
135
+        UPDATE
136
+          `UserID` = ".$LoggedUser['ID']
137
+        ); // Why does this even happen
106 138
         $Cache->delete_value('artist_groups_'.$ArtistID);
107 139
     }
108 140
 }
109 141
 
110 142
 foreach ($CurrArtists as $CurrArtist) {
111 143
     if (!in_array($CurrArtist, $Artists)) {
144
+        $CurrArtist = db_string($CurrArtist);
145
+
112 146
         $DB->query("
113
-      SELECT ArtistID
114
-      FROM artists_group
115
-      WHERE Name = '".db_string($CurrArtist)."'");
147
+        SELECT
148
+          `ArtistID`
149
+        FROM
150
+          `artists_group`
151
+        WHERE
152
+          `Name` = '$CurrArtist'
153
+        ");
154
+
116 155
         if ($DB->has_results()) {
117 156
             list($ArtistID) = $DB->next_record();
118 157
 
119 158
             $DB->query("
120
-        DELETE FROM torrents_artists
121
-        WHERE ArtistID = ".$ArtistID."
122
-          AND GroupID = ".$GroupID);
159
+            DELETE
160
+            FROM
161
+              `torrents_artists`
162
+            WHERE
163
+              `ArtistID` = '$ArtistID'
164
+              AND `GroupID` = '$GroupID'
165
+            ");
123 166
 
124 167
             $DB->query("
125
-        SELECT GroupID
126
-        FROM torrents_artists
127
-        WHERE ArtistID = ".$ArtistID);
168
+            SELECT
169
+              `GroupID`
170
+            FROM
171
+              `torrents_artists`
172
+            WHERE
173
+              `ArtistID` = '$ArtistID'
174
+            ");
128 175
 
129 176
             $Cache->delete_value('artist_groups_'.$ArtistID);
130 177
 
131 178
             if (!$DB->has_results()) {
132 179
                 $DB->query("
133
-          SELECT RequestID
134
-          FROM requests_artists
135
-          WHERE ArtistID = ".$ArtistID."
136
-            AND ArtistID != 0");
180
+                SELECT
181
+                  `RequestID`
182
+                FROM
183
+                  `requests_artists`
184
+                WHERE
185
+                  `ArtistID` = '$ArtistID'
186
+                  AND `ArtistID` != 0
187
+                ");
188
+
137 189
                 if (!$DB->has_results()) {
138 190
                     Artists::delete_artist($ArtistID);
139 191
                 }
@@ -143,13 +195,18 @@ foreach ($CurrArtists as $CurrArtist) {
143 195
 }
144 196
 
145 197
 $DB->query("
146
-  SELECT ID
147
-  FROM torrents
148
-  WHERE GroupID = '$GroupID'");
198
+SELECT
199
+  `ID`
200
+FROM
201
+  `torrents`
202
+WHERE
203
+  `GroupID` = '$GroupID'
204
+");
205
+
149 206
 while (list($TorrentID) = $DB->next_record()) {
150 207
     $Cache->delete_value("torrent_download_$TorrentID");
151 208
 }
209
+
152 210
 Torrents::update_hash($GroupID);
153 211
 $Cache->delete_value("torrents_details_$GroupID");
154
-
155 212
 header("Location: torrents.php?id=$GroupID");

+ 78
- 56
sections/torrents/screenshotedit.php View File

@@ -1,99 +1,121 @@
1
-<?
1
+<?php
2
+declare(strict_types=1);
2 3
 
3 4
 authorize();
4 5
 
5
-if (!$_POST['groupid'] || !is_number($_POST['groupid'])) {
6
-  error(404);
7
-}
8 6
 $GroupID = $_POST['groupid'];
7
+if (!$GroupID || !is_number($GroupID)) {
8
+    error(404);
9
+}
9 10
 
10 11
 if (!check_perms('torrents_edit') && !check_perms('screenshots_add') && !check_perms('screenshots_delete')) {
11
-  $DB->query("
12
-    SELECT UserID
13
-    FROM torrents
14
-    WHERE GroupID = ?", $GroupID);
15
-  if (!in_array($LoggedUser['ID'], $DB->collect('UserID'))) {
16
-    error(403);
17
-  }
12
+    $DB->query("
13
+    SELECT
14
+      `UserID`
15
+    FROM
16
+      `torrents`
17
+    WHERE
18
+      `GroupID` = '$GroupID'
19
+    ")
20
+    ;
21
+    if (!in_array($LoggedUser['ID'], $DB->collect('UserID'))) {
22
+        error(403);
23
+    }
18 24
 }
19 25
 
20 26
 $Screenshots = $_POST['screenshots'] ?? [];
21 27
 $Screenshots = array_map("trim", $Screenshots);
22
-$Screenshots = array_filter($Screenshots, function($s) {
23
-  return preg_match('/^'.IMAGE_REGEX.'$/i', $s);
28
+$Screenshots = array_filter($Screenshots, function ($s) {
29
+    return preg_match('/^'.DOI_REGEX.'$/i', $s);
24 30
 });
25 31
 $Screenshots = array_unique($Screenshots);
26 32
 
27 33
 if (count($Screenshots) > 10) {
28
-  error("You cannot add more than 10 screenshots to a group");
34
+    error("You cannot add more than 10 publications to a group");
29 35
 }
30 36
 
31 37
 $DB->query("
32
-  SELECT UserID, Image
33
-  FROM torrents_screenshots
34
-  WHERE GroupID = ?", $GroupID);
38
+SELECT
39
+  `UserID`,
40
+  `URI`
41
+FROM
42
+  `torrents_screenshots`
43
+WHERE
44
+  `GroupID` = '$GroupID'
45
+");
35 46
 
36 47
 // $Old is an array of the form URL => UserID where UserID is the ID of the User who originally uploaded that image.
37 48
 $Old = [];
38 49
 if ($DB->has_results()) {
39
-  while($S = $DB->next_record(MYSQLI_ASSOC)) {
40
-    $Old[$S['Image']] = $S['UserID'];
41
-  }
50
+    while ($S = $DB->next_record(MYSQLI_ASSOC)) {
51
+        $Old[$S['Image']] = $S['UserID'];
52
+    }
42 53
 }
43 54
 
44 55
 if (!empty($Old)) {
45
-  $New = array_diff($Screenshots, array_keys($Old));
46
-  $Deleted = array_diff(array_keys($Old), $Screenshots);
56
+    $New = array_diff($Screenshots, array_keys($Old));
57
+    $Deleted = array_diff(array_keys($Old), $Screenshots);
47 58
 } else {
48
-  $New = $Screenshots;
59
+    $New = $Screenshots;
49 60
 }
50 61
 
51 62
 // Deletion
52 63
 if (!empty($Deleted)) {
53
-  if (check_perms('screenshots_delete') || check_perms('torrents_edit')) {
54
-    $DeleteList = $Deleted;
55
-  } else {
56
-    $DeleteList = [];
57
-    foreach ($Deleted as $S) {
58
-      // If the user who submitted this request uploaded the image, add the image to the list.
59
-      if ($Old[$S] == $LoggedUser['ID']) {
60
-        $DeleteList[] = $S;
61
-      } else {
62
-        error(403);
63
-      }
64
-    }
65
-  }
64
+    if (check_perms('screenshots_delete') || check_perms('torrents_edit')) {
65
+        $DeleteList = $Deleted;
66
+    } else {
67
+        $DeleteList = [];
68
+        foreach ($Deleted as $S) {
66 69
 
67
-  if (!empty($DeleteList)) {
68
-    $ScreenDel = '';
69
-    $DB->prepare_query("DELETE FROM torrents_screenshots WHERE Image = ?", $ScreenDel);
70
-    foreach ($DeleteList as $ScreenDel) {
71
-      $DB->exec_prepared_query();
70
+            // If the user who submitted this request uploaded the image, add the image to the list.
71
+            if ($Old[$S] === $LoggedUser['ID']) {
72
+                $DeleteList[] = $S;
73
+            } else {
74
+                error(403);
75
+            }
76
+        }
72 77
     }
73 78
 
74
-    Torrents::write_group_log($GroupID, 0, $LoggedUser['ID'], "Deleted screenshot(s) ".implode(' , ', $DeleteList), 0);
75
-    Misc::write_log("Screenshots ( ".implode(' , ', $DeleteList)." ) deleted from Torrent Group ".$GroupID." by ".$LoggedUser['Username']);
76
-  }
79
+    if (!empty($DeleteList)) {
80
+        $ScreenDel = '';
81
+        $DB->prepare_query("
82
+        DELETE
83
+        FROM
84
+          `torrents_screenshots`
85
+        WHERE
86
+          `URI` = '$ScreenDel'
87
+        ");
88
+
89
+        foreach ($DeleteList as $ScreenDel) {
90
+            $DB->exec_prepared_query();
91
+        }
92
+
93
+        Torrents::write_group_log($GroupID, 0, $LoggedUser['ID'], "Deleted screenshot(s) ".implode(' , ', $DeleteList), 0);
94
+        Misc::write_log("Screenshots ( ".implode(' , ', $DeleteList)." ) deleted from Torrent Group ".$GroupID." by ".$LoggedUser['Username']);
95
+    }
77 96
 }
78 97
 
79 98
 // New screenshots
80 99
 if (!empty($New)) {
81
-  $Screenshot = '';
82
-  $DB->prepare_query("
83
-    INSERT INTO torrents_screenshots
84
-      (GroupID, UserID, Time, Image)
100
+    $Screenshot = '';
101
+    $DB->prepare_query(
102
+        "
103
+    INSERT INTO `torrents_screenshots`
104
+      (`GroupID`, `UserID`, `Time`, `URI`)
85 105
     VALUES
86 106
       (?, ?, NOW(), ?)",
87
-    $GroupID, $LoggedUser['ID'], $Screenshot);
88
-  foreach ($New as $Screenshot) {
89
-    $DB->exec_prepared_query();
90
-  }
107
+        $GroupID,
108
+        $LoggedUser['ID'],
109
+        $Screenshot
110
+    );
91 111
 
92
-  Torrents::write_group_log($GroupID, 0, $LoggedUser['ID'], "Added screenshot(s) ".implode(' , ', $New), 0);
93
-  Misc::write_log("Screenshots ( ".implode(' , ', $New)." ) added to Torrent Group ".$GroupID." by ".$LoggedUser['Username']);
112
+    foreach ($New as $Screenshot) {
113
+        $DB->exec_prepared_query();
114
+    }
115
+
116
+    Torrents::write_group_log($GroupID, 0, $LoggedUser['ID'], "Added screenshot(s) ".implode(' , ', $New), 0);
117
+    Misc::write_log("Screenshots ( ".implode(' , ', $New)." ) added to Torrent Group ".$GroupID." by ".$LoggedUser['Username']);
94 118
 }
95 119
 
96 120
 $Cache->delete_value("torrents_details_".$GroupID);
97 121
 header("Location: torrents.php?id=$GroupID");
98
-
99
-?>

Loading…
Cancel
Save