Draft the About page and use prepared queries on reportsv2

design/publicfooter.php

 <footer>
   <a href="/legal.php?p=privacy">Privacy</a>
   <a href="/legal.php?p=dmca">DMCA</a>
-  <a class="external" href="https://github.com/biotorrents/gazelle" target="_blank">GitHub</a>
+  <a class="external" href="https://github.com/biotorrents" target="_blank">GitHub</a>
   <a class="external" href="https://patreon.com/biotorrents" target="_blank">Patreon</a>
 </footer>
 

sections/reportsv2/ajax_create_report.php

   $TorrentID = $_POST['torrentid'];
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT tg.CategoryID
   FROM torrents_group AS tg
     JOIN torrents AS t ON t.GroupID = tg.ID
   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT ID
   FROM reportsv2
   WHERE TorrentID = $TorrentID
   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   INSERT INTO reportsv2
     (ReporterID, TorrentID, Type, UserComment, Status, ReportedTime, ExtraID)
   VALUES

sections/reportsv2/ajax_giveback_report.php

   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT Status
   FROM reportsv2
   WHERE ID = ".$_GET['id']);
 list($Status) = $DB->next_record();
 if (isset($Status)) {
-  $DB->query("
+  $DB->prepared_query("
     UPDATE reportsv2
     SET Status = 'New', ResolverID = 0
     WHERE ID = ".$_GET['id']);

sections/reportsv2/ajax_grab_report.php

   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   UPDATE reportsv2
   SET Status = 'InProgress',
     ResolverID = " . $LoggedUser['ID'] . "

sections/reportsv2/ajax_new_report.php

 }
 
 
-$DB->query("
+$DB->prepared_query("
   SELECT
     r.ID,
     r.ReporterID,
 
     if (!$GroupID) {
       //Torrent already deleted
-      $DB->query("
+      $DB->prepared_query("
         UPDATE reportsv2
         SET
           Status = 'Resolved',
 <?
       error();
     }
-    $DB->query("
+    $DB->prepared_query("
       UPDATE reportsv2
       SET Status = 'InProgress',
         ResolverID = ".$LoggedUser['ID']."
               uploaded by <a href="user.php?id=<?=$UploaderID?>"><?=$UploaderName?></a> <?=time_diff($Time)?>
               <br />
               <div style="text-align: right;">was reported by <a href="user.php?id=<?=$ReporterID?>"><?=$ReporterName?></a> <?=time_diff($ReportedTime)?> for the reason: <strong><?=$ReportType['title']?></strong></div>
-<?php $DB->query("
+<?php $DB->prepared_query("
             SELECT r.ID
             FROM reportsv2 AS r
               LEFT JOIN torrents AS t ON t.ID = r.TorrentID
               <div style="text-align: right;">
                 <a href="reportsv2.php?view=group&amp;id=<?=$GroupID?>">There <?=(($GroupOthers > 1) ? "are $GroupOthers other reports" : "is 1 other report")?> for torrents in this group</a>
               </div>
-<?php $DB->query("
+<?php $DB->prepared_query("
             SELECT t.UserID
             FROM reportsv2 AS r
               JOIN torrents AS t ON t.ID = r.TorrentID
               </div>
 <?php }
 
-        $DB->query("
+        $DB->prepared_query("
             SELECT DISTINCT req.ID,
               req.FillerID,
               um.Username,
         $First = true;
         $Extras = explode(' ', $ExtraIDs);
         foreach ($Extras as $ExtraID) {
-            $DB->query("
+            $DB->prepared_query("
                 SELECT
                   tg.Name,
                   tg.ID,

sections/reportsv2/ajax_update_comment.php

 $Message = db_string($_POST['comment']);
 //Message can be blank!
 
-$DB->query("
+$DB->prepared_query("
   SELECT ModComment
   FROM reportsv2
   WHERE ID = $ReportID");
 list($ModComment) = $DB->next_record();
 if (isset($ModComment)) {
-  $DB->query("
+  $DB->prepared_query("
     UPDATE reportsv2
     SET ModComment = '$Message'
     WHERE ID = $ReportID");

sections/reportsv2/ajax_update_resolve.php

   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   UPDATE reportsv2
   SET Type = '$NewType'
   WHERE ID = $ReportID");

sections/reportsv2/report.php

     }
 } else {
     $TorrentID = $_GET['id'];
-    $DB->query("
+    $DB->prepared_query("
     SELECT tg.`category_id`, t.`GroupID`, u.`Username`
     FROM `torrents_group` AS tg
       LEFT JOIN `torrents` AS t ON t.`GroupID` = tg.`id`

sections/reportsv2/static.php

 } else {
     switch ($View) {
     case 'staff':
-      $DB->query("
+      $DB->prepared_query("
         SELECT `Username`
         FROM `users_main`
         WHERE `ID` = $ID");
       break;
 
     case 'resolver':
-      $DB->query("
+      $DB->prepared_query("
         SELECT `Username`
         FROM `users_main`
         WHERE `ID` = $ID");
       break;
 
     case 'reporter':
-      $DB->query("
+      $DB->prepared_query("
         SELECT `Username`
         FROM `users_main`
         WHERE `ID` = $ID");
       break;
 
     case 'uploader':
-      $DB->query("
+      $DB->prepared_query("
         SELECT `Username`
         FROM `users_main`
         WHERE `ID` = $ID");
 /**
  * The large query
  */
-$DB->query("
+$DB->prepared_query("
   SELECT
     SQL_CALC_FOUND_ROWS
     r.`ID`,
 
 $Reports = $DB->to_array();
 
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($Results) = $DB->next_record();
 $PageLinks = Format::get_pages($Page, $Results, REPORTS_PER_PAGE, 11);
 
 
           if (!$GroupID && $Status != 'Resolved') {
               //Torrent already deleted
-              $DB->query("
+              $DB->prepared_query("
         UPDATE `reportsv2`
         SET
           `Status` = 'Resolved',
 } ?>
             <div style="text-align: right;">was reported by <a href="user.php?id=<?=$ReporterID?>"><?=$ReporterName?></a> <?=time_diff($ReportedTime)?> for the reason: <strong><?=$ReportType['title']?></strong></div>
 <?php if ($Status != 'Resolved') {
-    $DB->query("
+    $DB->prepared_query("
             SELECT r.`ID`
             FROM `reportsv2` AS r
               LEFT JOIN `torrents` AS t ON t.`ID` = r.`TorrentID`
             </div>
 <?php }
 
-    $DB->query("
+    $DB->prepared_query("
             SELECT t.`UserID`
             FROM `reportsv2` AS r
               JOIN `torrents` AS t ON t.`ID` = r.`TorrentID`
             </div>
 <?php }
 
-    $DB->query("
+    $DB->prepared_query("
             SELECT DISTINCT req.`ID`,
               req.`FillerID`,
               um.`Username`,
         $First = true;
         $Extras = explode(' ', $ExtraIDs);
         foreach ($Extras as $ExtraID) {
-            $DB->query("
+            $DB->prepared_query("
             SELECT
               COALESCE(NULLIF(tg.`title`, ''), NULLIF(tg.`subject`, ''), tg.`object`) AS Name,
               tg.`id`,

sections/reportsv2/takereport.php

     $Err = 'As useful as blank reports are, could you be a tiny bit more helpful? (Leave a comment)';
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT `GroupID`
   FROM `torrents`
   WHERE `ID` = '$TorrentID'
     error();
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT `ID`
   FROM `reportsv2`
   WHERE `TorrentID` = '$TorrentID'
     error();
 }
 
-$DB->query("
+$DB->prepared_query("
   INSERT INTO `reportsv2`
     (`ReporterID`, `TorrentID`, `Type`, `UserComment`, `Status`, `ReportedTime`, `Track`, `Image`, `ExtraID`, `Link`)
   VALUES
 
 $ReportID = $DB->inserted_id();
 
-$DB->query("
+$DB->prepared_query("
   SELECT `UserID`
   FROM `torrents`
   WHERE `ID` = $TorrentID");
 list($UploaderID) = $DB->next_record();
-$DB->query("
+$DB->prepared_query("
   SELECT `title`, `subject`, `object`
   FROM `torrents_group`
   WHERE `id` = '$GroupID'

sections/reportsv2/takeresolve.php

     }
   }
 
-  $DB->query("
+  $DB->prepared_query("
     UPDATE reportsv2
     SET
       Status = 'Resolved',
   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT ID
   FROM torrents
   WHERE ID = $TorrentID");
 $TorrentExists = ($DB->has_results());
 if (!$TorrentExists) {
-  $DB->query("
+  $DB->prepared_query("
     UPDATE reportsv2
     SET Status = 'Resolved',
       LastChangeTime = NOW(),
 
 if ($Report) {
   //Resolve with a parallel check
-  $DB->query("
+  $DB->prepared_query("
     UPDATE reportsv2
     SET Status = 'Resolved',
       LastChangeTime = NOW(),
   }
 
   if ($_POST['resolve_type'] == 'tags_lots') {
-    $DB->query("
+    $DB->prepared_query("
       INSERT IGNORE INTO torrents_bad_tags
         (TorrentID, UserID, TimeAdded)
       VALUES
         ($TorrentID, ".$LoggedUser['ID']." , NOW())");
-    $DB->query("
+    $DB->prepared_query("
       SELECT GroupID
       FROM torrents
       WHERE ID = $TorrentID");
   }
 
   if ($_POST['resolve_type'] == 'folders_bad') {
-    $DB->query("
+    $DB->prepared_query("
       INSERT IGNORE INTO torrents_bad_folders
         (TorrentID, UserID, TimeAdded)
       VALUES
         ($TorrentID, ".$LoggedUser['ID'].", NOW())");
-    $DB->query("
+    $DB->prepared_query("
       SELECT GroupID
       FROM torrents
       WHERE ID = $TorrentID");
     $SendPM = true;
   }
   if ($_POST['resolve_type'] == 'filename') {
-    $DB->query("
+    $DB->prepared_query("
       INSERT IGNORE INTO torrents_bad_files
         (TorrentID, UserID, TimeAdded)
       VALUES
         ($TorrentID, ".$LoggedUser['ID'].", NOW())");
-    $DB->query("
+    $DB->prepared_query("
       SELECT GroupID
       FROM torrents
       WHERE ID = $TorrentID");
     $SendPM = true;
   }
   if ($_POST['resolve_type'] == 'trump') {
-    $DB->query("
+    $DB->prepared_query("
       SELECT
         r.ExtraID,
         HEX(t.info_hash)
       $ExtraID = explode(' ', $ExtraID)[0];
 
       $AffectedUsers = [];
-      $DB->query("
+      $DB->prepared_query("
         SELECT UserID
         FROM torrents
         WHERE ID = $TorrentID");
       if ($DB->has_results()) {
         list($AffectedUsers[]) = $DB->next_record();
       }
-      $DB->query("
+      $DB->prepared_query("
         SELECT uid
         FROM xbt_snatched
         WHERE fid = $TorrentID");
       $AffectedUsers = array_unique($AffectedUsers);
       foreach ($AffectedUsers as $UserID) {
         Tracker::update_tracker('add_token', ['info_hash' => substr('%'.chunk_split($InfoHash,2,'%'),0,-1), 'userid' => $UserID]);
-        $DB->query("
+        $DB->prepared_query("
           INSERT INTO users_freeleeches (UserID, TorrentID, Time, Uses)
           VALUES ($UserID, $ExtraID, NOW(), 0)
           ON DUPLICATE KEY UPDATE
 
   //Log and delete
   if (isset($Escaped['delete']) && check_perms('torrents_delete')) {
-    $DB->query("
+    $DB->prepared_query("
       SELECT Username
       FROM users_main
       WHERE ID = $UploaderID");
     if (isset($Escaped['log_message']) && $Escaped['log_message'] != '') {
       $Log .= ' ( '.$Escaped['log_message'].' )';
     }
-    $DB->query("
+    $DB->prepared_query("
       SELECT GroupID, hex(info_hash)
       FROM torrents
       WHERE ID = $TorrentID");
     $Cache->update_row(false, array('DisableUpload' => '1'));
     $Cache->commit_transaction(0);
 
-    $DB->query("
+    $DB->prepared_query("
       UPDATE users_info
       SET DisableUpload = '1'
       WHERE UserID = $UploaderID");
     if ($AdminComment) {
       $AdminComment = date('Y-m-d') . " - $AdminComment\n\n";
 
-      $DB->query("
+      $DB->prepared_query("
         UPDATE users_info
         SET AdminComment = CONCAT('".db_string($AdminComment)."', AdminComment)
         WHERE UserID = '".db_string($UploaderID)."'");
 
   // Now we've done everything, update the DB with values
   if ($Report) {
-    $DB->query("
+    $DB->prepared_query("
       UPDATE reportsv2
       SET
         Type = '".$Escaped['resolve_type']."',

sections/reportsv2/views.php

 
 
 //Grab owner's ID, just for examples
-$DB->query("
+$DB->prepared_query("
   SELECT ID, Username
   FROM users_main
   ORDER BY ID ASC
 <div class="float_clear">
   <div class="two_columns pad">
 <?
-$DB->query("
+$DB->prepared_query("
   SELECT
     um.ID,
     um.Username,
 ?>
     </table>
 <?
-$DB->query("
+$DB->prepared_query("
   SELECT
     um.ID,
     um.Username,
 ?>
     </table>
 <?
-$DB->query("
+$DB->prepared_query("
   SELECT
     um.ID,
     um.Username,
 ?>
     </table>
 <?
-$DB->query("
+$DB->prepared_query("
   SELECT
     um.ID,
     um.Username,
   </div>
   <div class="two_columns pad">
 <?
-  $DB->query("
+  $DB->prepared_query("
     SELECT
       r.ResolverID,
       um.Username,
     </table>
     <h3>Different view modes by report type</h3>
 <?
-  $DB->query("
+  $DB->prepared_query("
     SELECT
       Type,
       COUNT(ID) AS Count

static/styles/public/scss/public.scss

 
 /* Legal */
 .tldr {
-    max-width: 1000%;
+    width: 200%;
     height: 500px;
-    margin: auto;
+    margin-left: -50%;
     overflow-y: scroll;
 }

templates/legal/about.html

 
 <section class="tldr">
   <p>
-    BioTorrents.de is a functional experiment in convenient data distribution.
+    BioTorrents.de is a functional experiment in comfy data distribution.
   </p>
 
   <p>
-    <strong> Email </strong>
+    It indexes a wide variety of biology data and serves it on a fast BitTorrent network.
+    The semantic website promotes organic content discovery and community annotations.
+    Other interfaces include a JSON API, RSS feeds, and IRC channels.
+  </p>
+
+  <p>
+    BioTorrents.de provides an open platform for disadvantaged researchers to host their data.
+    More importantly, it provides the necessary tools for others to find and cite it later.
+    It's a place for the Google Drives, FTP folders, and network shares that may not be accepted elsewhere.
+  </p>
+
+  <p>
+    A mature software product and draft publication are expected by Easter 2023.
+    Thank you for your curiosity, patience, and support as we grow the service.
+  </p>
+
+  <p>
+    <strong>
+      Email
+    </strong>
     <br />
     help at biotorrents dot de
   </p>