Merge pull request #8 from biotorrents/development

Merge recent updates from development into production

.gitignore

@@ -1,9 +1,36 @@
-classes/config.php
-_packages/**/.git/**
+# https://github.com/OPSnet/Gazelle/blob/master/.gitignore
 
-static/styles/*.css
-static/styles/assets/fonts/**
-static/common/badges/**
+# backup files
+*.bak
+*.sw*
+*~
 
+# home folder
 .DS_Store
-*.sw*
+.bash_history
+.cache/
+.config/
+.histfile
+.lesshst
+.local/
+.npm-global/
+.npm/
+.npmrc
+.php_history
+.pki/
+.profile
+.wget-hsts
+.zsh*
+__MACOSX/
+
+# app files
+/cache
+/classes/config.php
+/node_modules
+/vendor
+
+# heavy assets
+/static/common/badges/**
+/static/styles/**/*.css
+/static/styles/assets/fonts/**
+fonts.tgz

classes/artists.class.php

@@ -47,7 +47,7 @@ class Artists
             }
 
             $QueryID = G::$DB->get_query_id();
-            G::$DB->query("
+            G::$DB->prepared_query("
             SELECT
               ta.`GroupID`,
               ta.`ArtistID`,
@@ -169,7 +169,7 @@ class Artists
     public static function delete_artist($ArtistID)
     {
         $QueryID = G::$DB->get_query_id();
-        G::$DB->query("
+        G::$DB->prepared_query("
         SELECT
           `NAME`
         FROM
@@ -180,7 +180,7 @@ class Artists
         list($Name) = G::$DB->next_record(MYSQLI_NUM, false);
 
         // Delete requests
-        G::$DB->query("
+        G::$DB->prepared_query("
         SELECT
           `RequestID`
         FROM
@@ -192,7 +192,7 @@ class Artists
         $Requests = G::$DB->to_array();
         foreach ($Requests as $Request) {
             list($RequestID) = $Request;
-            G::$DB->query("
+            G::$DB->prepared_query("
             DELETE
             FROM
               `requests`
@@ -200,7 +200,7 @@ class Artists
               `ID` = '$RequestID'
             ");
 
-            G::$DB->query("
+            G::$DB->prepared_query("
             DELETE
             FROM
               `requests_votes`
@@ -208,7 +208,7 @@ class Artists
               `RequestID` = '$RequestID'
             ");
 
-            G::$DB->query("
+            G::$DB->prepared_query("
             DELETE
             FROM
               `requests_tags`
@@ -216,7 +216,7 @@ class Artists
               `RequestID` = '$RequestID'
             ");
 
-            G::$DB->query("
+            G::$DB->prepared_query("
             DELETE
             FROM
               `requests_artists`
@@ -226,7 +226,7 @@ class Artists
         }
 
         // Delete artist
-        G::$DB->query("
+        G::$DB->prepared_query("
         DELETE
         FROM
           `artists_group`
@@ -236,7 +236,7 @@ class Artists
         G::$Cache->decrement('stats_artist_count');
 
         // Delete wiki revisions
-        G::$DB->query("
+        G::$DB->prepared_query("
         DELETE
         FROM
           `wiki_artists`
@@ -245,7 +245,7 @@ class Artists
         ");
 
         // Delete tags
-        G::$DB->query("
+        G::$DB->prepared_query("
         DELETE
         FROM
           `artists_tags`

classes/autoload.php

@@ -11,8 +11,10 @@ declare(strict_types=1);
  * @see https://www.php.net/manual/en/language.oop5.autoload.php
  */
 spl_autoload_register(function ($ClassName) {
-    $FilePath = SERVER_ROOT . '/classes/' . strtolower($ClassName) . '.class.php';
-    #$FilePath = $_SERVER['DOCUMENT_ROOT'] . '/classes/' . strtolower($ClassName) . '.class.php';
+  $ENV = ENV::go();
+
+  $classname = strtolower($ClassName);
+    $FilePath = "$ENV->SERVER_ROOT/classes/$classname.class.php";
 
     if (!file_exists($FilePath)) {
         // todo: Rename the following classes to conform with the code guidelines
@@ -43,24 +45,11 @@ spl_autoload_register(function ($ClassName) {
           $FileName = 'env.class';
           break;
 
-        case 'Parsedown':
-          $FileName = 'vendor/Parsedown';
-          break;
-
-        case 'ParsedownExtra':
-          $FileName = 'vendor/ParsedownExtra';
-          break;
-
-        case 'TwitterAPIExchange':
-          $FileName = 'vendor/TwitterAPIExchange';
-          break;
-
         default:
           error("Couldn't import class $ClassName");
     }
 
-        $FilePath = SERVER_ROOT . "/classes/$FileName.php";
-        #$FilePath = $_SERVER['DOCUMENT_ROOT'] . "/classes/$FileName.php";
+        $FilePath = "$ENV->SERVER_ROOT/classes/$FileName.php";
     }
 
     require_once $FilePath;

classes/badges.class.php

@@ -28,7 +28,7 @@ class Badges
             return false;
         } else {
             $QueryID = G::$DB->get_query_id();
-            G::$DB->query("
+            G::$DB->prepared_query("
             INSERT INTO `users_badges`(`UserID`, `BadgeID`)
             VALUES($UserID, $BadgeID)
             ");
@@ -126,7 +126,7 @@ class Badges
     {
         $QueryID = G::$DB->get_query_id();
 
-        G::$DB->query("
+        G::$DB->prepared_query("
         SELECT
           `ID`,
           `Icon`,

classes/bookmarks.class.php

@@ -97,7 +97,7 @@ class Bookmarks
             list($Table, $Col) = self::bookmark_schema($Type);
             $QueryID = G::$DB->get_query_id();
 
-            G::$DB->query("
+            G::$DB->prepared_query("
             SELECT `$Col`
             FROM `$Table`
               WHERE UserID = '$UserID'");

classes/charts.class.php

@@ -168,66 +168,3 @@ class PIE_CHART extends GOOGLE_CHARTS
         $this->URL .= "&chl=".implode('|', $Labels).'&chd=e:'.implode('', $Data);
     }
 }
-
-/*
-class LOG_BAR_GRAPH extends GOOGLE_CHARTS
-{
-    // todo: Finish
-    public function __construct($Base, $Width, $Height, $Options = [])
-    {
-        parent::__construct('lc', $Width, $Height, $Options);
-    }
-
-    public function color($Color)
-    {
-        $this->URL .= '&chco='.$Color.'&chm=B,'.$Color.'50,0,0,0';
-    }
-
-    public function generate()
-    {
-        $Max = max($this->Data);
-        $Min = ((isset($this->Options['Break'])) ? $Min = min($this->Data) : 0);
-        $Data = [];
-
-        foreach ($this->Data as $Value) {
-            $Data[] = $this->encode((($Value - $Min) / ($Max - $Min)) * 4095);
-        }
-        $this->URL .= "&chxt=y,x&chxs=0,h&chxl=1:|".implode('|', $this->Labels).'&chxr=0,'.$Min.','.($Max-$Min).'&chd=e:'.implode('', $Data);
-    }
-}
-*/
-
-/*
-class POLL_GRAPH extends GOOGLE_CHARTS
-{
-    public function __construct()
-    {
-        $this->URL .= '?cht=bhg';
-    }
-
-    public function add($Label, $Data)
-    {
-        if ($Label !== false) {
-            $this->Labels[] = Format::cut_string($Label, 35);
-        }
-        $this->Data[] = $Data;
-    }
-
-    public function generate()
-    {
-        $Count = count($this->Data);
-        $Height = (30 * $Count) + 20;
-        $Max = max($this->Data);
-        $Sum = array_sum($this->Data);
-        $Increment = ($Max / $Sum) * 25; // * 100% / 4divisions
-        $Data = [];
-        $Labels = [];
-
-        foreach ($this->Data as $Key => $Value) {
-            $Data[] = $this->encode(($Value / $Max) * 4095);
-            $Labels[] = '@t'.str_replace(array(' ', ','), array('+', '\,'), $this->Labels[$Key]).',000000,1,'.round((($Key + 1) / $Count) - (12 / $Height), 2).':0,12';
-        }
-        $this->URL .= "&chbh=25,0,5&chs=214x$Height&chl=0%|".round($Increment, 1)."%|".round($Increment * 2, 1)."%|".round($Increment * 3, 1)."%|".round($Increment * 4, 1)."%&chm=".implode('|', $Labels).'&chd=e:'.implode('', $Data);
-    }
-}
-*/

classes/collages.class.php

@@ -6,7 +6,7 @@ class Collages
     public static function increase_subscriptions($CollageID)
     {
         $QueryID = G::$DB->get_query_id();
-        G::$DB->query("
+        G::$DB->prepared_query("
         UPDATE
           `collages`
         SET
@@ -20,7 +20,7 @@ class Collages
     public static function decrease_subscriptions($CollageID)
     {
         $QueryID = G::$DB->get_query_id();
-        G::$DB->query("
+        G::$DB->prepared_query("
         UPDATE
           `collages`
         SET
@@ -37,7 +37,7 @@ class Collages
 
     public static function create_personal_collage()
     {
-        G::$DB->query("
+        G::$DB->prepared_query("
         SELECT
           COUNT(`ID`)
         FROM
@@ -57,7 +57,7 @@ class Collages
         $NameStr = db_string(G::$LoggedUser['Username']."'s personal collage".($CollageCount > 0 ? ' no. '.($CollageCount + 1) : ''));
         $Description = db_string('Personal collage for '.G::$LoggedUser['Username'].'. The first 5 albums will appear on his or her [url='.site_url().'user.php?id= '.G::$LoggedUser['ID'].']profile[/url].');
 
-        G::$DB->query("
+        G::$DB->prepared_query("
         INSERT INTO `collages`(
           `Name`,
           `Description`,

classes/donations.class.php

@@ -1,13 +1,14 @@
 <?php
 declare(strict_types=1);
 
-define('BTC_API_URL', 'https://api.bitcoinaverage.com/ticker/global/EUR/');
-define('USD_API_URL', 'http://www.google.com/ig/calculator?hl=en&q=1USD=?EUR');
-
 class Donations
 {
     private static $IsSchedule = false;
 
+
+    /**
+     * regular_donate
+     */
     public static function regular_donate($UserID, $DonationAmount, $Source, $Reason, $Currency = 'USD')
     {
         self::donate(
@@ -23,6 +24,10 @@ class Donations
         );
     }
 
+
+    /**
+     * donate
+     */
     public static function donate($UserID, $Args)
     {
         $UserID = (int) $UserID;
@@ -220,6 +225,10 @@ class Donations
         G::$DB->set_query_id($QueryID);
     }
 
+
+    /**
+     * calculate_special_rank
+     */
     private static function calculate_special_rank($UserID)
     {
         $UserID = (int) $UserID;
@@ -272,6 +281,10 @@ class Donations
         G::$DB->set_query_id($QueryID);
     }
 
+
+    /**
+     * expire_ranks
+     */
     public static function expire_ranks()
     {
         $QueryID = G::$DB->get_query_id();
@@ -309,11 +322,19 @@ class Donations
         G::$DB->set_query_id($QueryID);
     }
 
+
+    /**
+     * calculate_rank
+     */
     private static function calculate_rank($Amount)
     {
         return floor($Amount / 5);
     }
 
+
+    /**
+     * update_rank
+     */
     public static function update_rank($UserID, $Rank, $TotalRank, $Reason)
     {
         $Rank = (int) $Rank;
@@ -332,6 +353,10 @@ class Donations
         );
     }
 
+
+    /**
+     * hide_stats
+     */
     public static function hide_stats($UserID)
     {
         $QueryID = G::$DB->get_query_id();
@@ -345,6 +370,10 @@ class Donations
         G::$DB->set_query_id($QueryID);
     }
 
+
+    /**
+     * show_stats
+     */
     public static function show_stats($UserID)
     {
         $QueryID = G::$DB->get_query_id();
@@ -358,6 +387,10 @@ class Donations
         G::$DB->set_query_id($QueryID);
     }
 
+
+    /**
+     * is_visible
+     */
     public static function is_visible($UserID)
     {
         $QueryID = G::$DB->get_query_id();
@@ -375,12 +408,17 @@ class Donations
         return $HasResults;
     }
 
+
+    /**
+     * has_donor_forum
+     */
     public static function has_donor_forum($UserID)
     {
         $ENV = ENV::go();
         return self::get_rank($UserID) >= $ENV->DONOR_FORUM_RANK || self::get_special_rank($UserID) >= MAX_SPECIAL_RANK;
     }
 
+
     /**
      * Put all the common donor info in the same cache key to save some cache calls
      */
@@ -452,26 +490,46 @@ class Donations
         return $DonorInfo;
     }
 
+
+    /**
+     * get_rank
+     */
     public static function get_rank($UserID)
     {
         return self::get_donor_info($UserID)['Rank'];
     }
 
+
+    /**
+     * get_special_rank
+     */
     public static function get_special_rank($UserID)
     {
         return self::get_donor_info($UserID)['SRank'];
     }
 
+
+    /**
+     * get_total_rank
+     */
     public static function get_total_rank($UserID)
     {
         return self::get_donor_info($UserID)['TotRank'];
     }
 
+
+    /**
+     * get_donation_time
+     */
     public static function get_donation_time($UserID)
     {
         return self::get_donor_info($UserID)['Time'];
     }
 
+
+    /**
+     * get_personal_collages
+     */
     public static function get_personal_collages($UserID)
     {
         $DonorInfo = self::get_donor_info($UserID);
@@ -483,30 +541,10 @@ class Donations
         return $Collages;
     }
 
-    public static function get_titles($UserID)
-    {
-        $Results = G::$Cache->get_value("donor_title_$UserID");
-        if ($Results === false) {
-            $QueryID = G::$DB->get_query_id();
-
-            G::$DB->query("
-            SELECT
-              `Prefix`,
-              `Suffix`,
-              `UseComma`
-            FROM
-              `donor_forum_usernames`
-            WHERE
-              `UserID` = '$UserID'
-            ");
-
-            $Results = G::$DB->next_record();
-            G::$DB->set_query_id($QueryID);
-            G::$Cache->cache_value("donor_title_$UserID", $Results, 0);
-        }
-        return $Results;
-    }
 
+    /**
+     * get_enabled_rewards
+     */
     public static function get_enabled_rewards($UserID)
     {
         $Rewards = [];
@@ -553,11 +591,19 @@ class Donations
         return $Rewards;
     }
 
+
+    /**
+     * get_rewards
+     */
     public static function get_rewards($UserID)
     {
         return self::get_donor_info($UserID)['Rewards'];
     }
 
+
+    /**
+     * get_profile_rewards
+     */
     public static function get_profile_rewards($UserID)
     {
         $Results = G::$Cache->get_value("donor_profile_rewards_$UserID");
@@ -587,6 +633,10 @@ class Donations
         return $Results;
     }
 
+
+    /**
+     * add_profile_info_reward
+     */
     private static function add_profile_info_reward($Counter, &$Insert, &$Values, &$Update)
     {
         if (isset($_POST["profile_title_" . $Counter]) && isset($_POST["profile_info_" . $Counter])) {
@@ -603,6 +653,10 @@ class Donations
         }
     }
 
+
+    /**
+     * update_rewards
+     */
     public static function update_rewards($UserID)
     {
         $Rank = self::get_rank($UserID);
@@ -663,7 +717,6 @@ class Donations
                 $Values[] = "'$CustomIcon'";
                 $Update[] = "CustomIcon = '$CustomIcon'";
             }
-            self::update_titles($UserID, $_POST['donor_title_prefix'], $_POST['donor_title_suffix'], $_POST['donor_title_comma']);
             $Counter++;
         }
 
@@ -705,37 +758,10 @@ class Donations
         G::$Cache->delete_value("donor_info_$UserID");
     }
 
-    public static function update_titles($UserID, $Prefix, $Suffix, $UseComma)
-    {
-        $QueryID = G::$DB->get_query_id();
-        $Prefix = trim(db_string($Prefix));
-        $Suffix = trim(db_string($Suffix));
-        $UseComma = empty($UseComma);
-
-        G::$DB->query("
-        INSERT INTO `donor_forum_usernames`(
-          `UserID`,
-          `Prefix`,
-          `Suffix`,
-          `UseComma`
-        )
-        VALUES(
-          '$UserID',
-          '$Prefix',
-          '$Suffix',
-          '$UseComma'
-        )
-        ON DUPLICATE KEY
-        UPDATE
-          `Prefix` = '$Prefix',
-          `Suffix` = '$Suffix',
-          `UseComma` = '$UseComma'
-        ");
-
-        G::$Cache->delete_value("donor_title_$UserID");
-        G::$DB->set_query_id($QueryID);
-    }
 
+    /**
+     * get_donation_history
+     */
     public static function get_donation_history($UserID)
     {
         $UserID = (int) $UserID;
@@ -743,7 +769,6 @@ class Donations
             error(404);
         }
 
-        # todo: Investigate Rank in donations table
         $QueryID = G::$DB->get_query_id();
         G::$DB->query("
         SELECT
@@ -770,6 +795,10 @@ class Donations
         return $DonationHistory;
     }
 
+
+    /**
+     * get_rank_expiration
+     */
     public static function get_rank_expiration($UserID)
     {
         $DonorInfo = self::get_donor_info($UserID);
@@ -789,6 +818,10 @@ class Donations
         return $Return;
     }
 
+
+    /**
+     * get_leaderboard_position
+     */
     public static function get_leaderboard_position($UserID)
     {
         $UserID = (int) $UserID;
@@ -823,11 +856,19 @@ class Donations
         return $Position;
     }
 
+
+    /**
+     * is_donor
+     */
     public static function is_donor($UserID)
     {
         return self::get_rank($UserID) > 0;
     }
 
+
+    /**
+     * currency_exchange
+     */
     public static function currency_exchange($Amount, $Currency)
     {
         if (!self::is_valid_currency($Currency)) {
@@ -849,11 +890,19 @@ class Donations
         return round($Amount, 2);
     }
 
+
+    /**
+     * is_valid_currency
+     */
     public static function is_valid_currency($Currency)
     {
         return $Currency === 'EUR' || $Currency === 'BTC' || $Currency === 'USD';
     }
 
+
+    /**
+     * btc_to_euro
+     */
     public static function btc_to_euro($Amount)
     {
         $Rate = G::$Cache->get_value('btc_rate');
@@ -863,6 +912,10 @@ class Donations
         return $Rate * $Amount;
     }
 
+
+    /**
+     * usd_to_euro
+     */
     public static function usd_to_euro($Amount)
     {
         $Rate = G::$Cache->get_value('usd_rate');

classes/donationsview.class.php

@@ -6,7 +6,7 @@ class DonationsView
     public static function render_mod_donations($UserID)
     {
         ?>
-<table class="layout box" id="donation_box">
+<table class="box skeleton-fix" id="donation_box">
   <tr class="colhead">
     <td colspan="2">
       Donor System (add points)
@@ -34,7 +34,7 @@ class DonationsView
   </tr>
 </table>
 
-<table class="layout box" id="donor_points_box">
+<table class="box skeleton-fix" id="donor_points_box">
   <tr class="colhead">
     <td colspan="3" class="tooltip"
       title='Use this tool only when manually correcting values. If crediting donations normally, use the "Donor System (add points)" tool'>

classes/env.class.php

@@ -29,7 +29,7 @@ class ENV
 
 
     /**
-     * __functions()
+     * __functions
      */
 
     # Prevents outside construction
@@ -43,10 +43,13 @@ class ENV
     # Prevents multiple instances
     public function __clone()
     {
-        return trigger_error(
-            'clone() not allowed',
-            E_USER_ERROR
-        );
+        return error('clone() not allowed.');
+    }
+
+    # Prevents unserializing
+    public function __wakeup()
+    {
+        return error('wakeup() not allowed.');
     }
 
     # $this->key returns public->key
@@ -103,8 +106,39 @@ class ENV
     }
 
 
+    /**
+     * convert
+     *
+     * Take a mixed input and returns a RecursiveArrayObject.
+     * This function is the sausage grinder, so to speak.
+     */
+    public function convert($obj)
+    {
+        switch (gettype($obj)) {
+            case 'string':
+                $out = json_decode($obj, true);
+                return (json_last_error() === JSON_ERROR_NONE)
+                    ? new RecursiveArrayObject($out)
+                    : error('json_last_error_msg(): ' . json_last_error_msg());
+                break;
+            
+            case 'array':
+            case 'object':
+                return new RecursiveArrayObject($obj);
+            
+            default:
+                return error('$ENV->convert() expects a JSON string, array, or object.');
+                break;
+        }
+    }
+
+
     /**
      * toArray
+     *
+     * Takes an object and returns an array.
+     * @param object|string $obj Thing to turn into an array
+     * @return $new New recursive array with $obj contents
      * @see https://ben.lobaugh.net/blog/567/php-recursively-convert-an-object-to-an-array
      */
     public function toArray($obj)
@@ -127,41 +161,54 @@ class ENV
 
 
     /**
-     * fromJson
+     * dedupe
      *
-     * @param string $JSON Valid JavaScript object string
-     * @return RecursiveArrayObject Not stdClass as in json_decode()
+     * Takes a collection (usually an array) of various jumbled $ENV slices.
+     * Returns a once-deduplicated RecursiveArrayObject with original nesting intact.
+     * Simple and handy if you need to populate a form with arbitrary collections of metadata.
      */
-
-    public function fromJson($str)
+    public function dedupe($obj)
     {
-        if (!is_string($str) || is_empty($str)) {
-            error('$ENV->fromJson() expects a string.');
+        if (is_object($obj)) {
+            $obj = (array) $obj;
         }
 
-        # Decode to array and construct RAO
-        return $RAO = new RecursiveArrayObject(
-            json_decode($str, true)
+        return new RecursiveArrayObject(
+            array_unique($this->toArray($obj))
         );
     }
 
 
     /**
-     * dedupe
+     * flatten
      *
-     * Takes a collection (usually an array) of various jumbled $ENV slices.
-     * Returns a once-deduplicated RecursiveArrayObject with original nesting intact.
-     * Simple and handy if you need to populate a form with arbitrary collections of metadata.
+     * Takes an $ENV node or array of them
+     * and flattens out the multi-dimensionality.
+     * It returns a flat array with keys intact.
      */
-    public function dedupe($obj)
+    public function flatten($arr, int $lvl = null)
     {
-        if (is_object($obj)) {
-            $obj = (array) $obj;
+        if (!is_array($arr) && !is_object($arr)) {
+            return error('$ENV->flatten() expects an array or object, got ' . gettype($arr));
         }
 
-        return $RAO = new RecursiveArrayObject(
-            array_unique($this->toArray($obj))
-        );
+        $new = array();
+
+        foreach ($arr as $k => $v) {
+            /*
+             if (is_object($v)) {
+                $v = $this->toArray($v);
+            }
+            */
+    
+            if (is_array($v)) {
+                $new = array_merge($new, $this->flatten($v));
+            } else {
+                $new[$k] = $v;
+            }
+        }
+
+        return $new;
     }
 
 
@@ -172,7 +219,7 @@ class ENV
      * Maps a callback (or default) to an object.
      *
      * Example output:
-     * $Hashes = $ENV->map('md5', $ENV->CATS->SEQ);
+     * $Hashes = $ENV->map('md5', $ENV->CATS->{6});
      *
      * var_dump($Hashes);
      * object(RecursiveArrayObject)#324 (1) {
@@ -197,10 +244,10 @@ class ENV
      * string(32) "52963afccc006d2bce3c890ad9e8f73a"
      *
      * @param string $fn Callback function
-     * @param object $obj Object to operate on
+     * @param object|string $obj Object or property to operate on
      * @return object $RAO Mapped RecursiveArrayObject
      */
-    public function map($fn = '', $obj = null)
+    public function map(string $fn = '', $obj = null)
     {
         # Set a default function if desired
         if (empty($fn) && !is_object($fn)) {
@@ -227,7 +274,7 @@ class ENV
 
         # Map the sanitized function name
         # to a mapped array conversion
-        return $RAO = new RecursiveArrayObject(
+        return new RecursiveArrayObject(
             array_map(
                 $fn,
                 array_map(
@@ -259,6 +306,7 @@ class RecursiveArrayObject extends \ArrayObject
         return $this;
     }
 
+
     /**
      * __set
      */
@@ -271,6 +319,7 @@ class RecursiveArrayObject extends \ArrayObject
         }
     }
 
+
     /**
      * __get
      */
@@ -285,6 +334,7 @@ class RecursiveArrayObject extends \ArrayObject
         }
     }
 
+
     /**
      * __isset
      */
@@ -293,6 +343,7 @@ class RecursiveArrayObject extends \ArrayObject
         return array_key_exists($name, $this);
     }
 
+    
     /**
      * __unset
      */

classes/json.class.php

@@ -4,8 +4,6 @@ declare(strict_types = 1);
 /**
  * Adapted from
  * https://github.com/OPSnet/Gazelle/blob/master/app/Json.php
- *
- * Unused as of 2020-12-12
  */
 
 abstract class Json
@@ -14,6 +12,7 @@ abstract class Json
     protected $source;
     protected $mode;
 
+
     /**
      * __construct
      */
@@ -25,6 +24,7 @@ abstract class Json
         $this->version = 1;
     }
 
+
     /**
      * The payload of a valid JSON response, implemented in the child class.
      * @return array Payload to be passed to json_encode()
@@ -32,6 +32,7 @@ abstract class Json
      */
     abstract public function payload(): ?array;
 
+
     /**
      * Configure JSON printing (any of the json_encode  JSON_* constants)
      *
@@ -43,6 +44,7 @@ abstract class Json
         return $this;
     }
 
+
     /**
      * set the version of the Json payload. Increment the
      * value when there is significant change in the payload.
@@ -56,6 +58,7 @@ abstract class Json
         return $this;
     }
 
+
     /**
      * General failure routine for when bad things happen.
      *
@@ -77,6 +80,7 @@ abstract class Json
         );
     }
 
+
     /**
      * emit
      */
@@ -99,6 +103,7 @@ abstract class Json
         );
     }
 
+
     /**
      * debug
      */
@@ -116,6 +121,7 @@ abstract class Json
         ];
     }
 
+
     /**
      * info
      */
@@ -128,4 +134,48 @@ abstract class Json
             ]
         ];
     }
+
+
+    /**
+     * fetch
+     *
+     * Get resources over the API to populate Gazelle display.
+     * Instead of copy-pasting the same SQL queries in many places.
+     *
+     * Takes a query string, e.g., "action=torrentgroup&id=1."
+     * Requires an API key for the user ID 0 (minor database surgery).
+     */
+    public function fetch($Action, $Params = [])
+    {
+        $ENV = ENV::go();
+
+        $Token = $ENV->getPriv('SELF_API');
+        $Params = implode('&', $Params);
+
+        $ch = curl_init();
+
+        # todo: Make this use localhost and not HTTPS
+        curl_setopt($ch, CURLOPT_URL, "https://$ENV->SITE_DOMAIN/api.php?action=$Action&$Params");
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+
+        # https://docs.biotorrents.de
+        curl_setopt(
+            $ch,
+            CURLOPT_HTTPHEADER,
+            [
+                'Accept: application/json',
+                "Authorization: Bearer $Token",
+            ]
+        );
+
+        $Data = curl_exec($ch);
+        curl_close($ch);
+
+        # Error out on bad query
+        if (!$Data) {
+            return error();
+        } else {
+            return json_decode($Data);
+        }
+    }
 }

classes/loginwatch.class.php

@@ -68,44 +68,6 @@ class LoginWatch
         return ($this->watchId = G::$DB->inserted_id());
     }
 
-    /**
-     * Record another failure attempt on this watch. If the user has not
-     * logged in recently from this IP address then subsequent logins
-     * will be blocked for increasingly longer times, otherwise 1 minute.
-     *
-     * @param int $userId The ID of the user
-     * @param string $ipaddr The IP the user is coming from
-     * @param string $capture The username captured on the form
-     * @return int 1 if the watch was updated
-     */
-    public function increment(int $userId, string $ipaddr, ?string $capture): int
-    {
-        $seen = G::$DB->query("
-        SELECT
-          1
-        FROM
-          `users_history_ips`
-        WHERE
-          (
-            `EndTime` IS NULL
-            OR `EndTime` > NOW() - INTERVAL 1 WEEK
-          )
-          AND `UserID` = '$userId'
-          AND `IP` = '$ipaddr'
-        ");
-
-        $delay = $seen ? 60 : LOGIN_ATTEMPT_BACKOFF[min($this->nrAttempts(), count(LOGIN_ATTEMPT_BACKOFF)-1)];
-        G::$DB->prepare_query("
-            UPDATE `login_attempts` SET
-                `Attempts` = `Attempts` + 1,
-                `LastAttempt` = now(),
-                `BannedUntil` = now() + INTERVAL '$delay' SECOND,
-                `UserID` = '$userId',
-                `Capture` ='$capture' 
-            WHERE `ID` = '$this->watchId' 
-            ");
-        return G::$DB->affected_rows();
-    }
 
     /**
      * Ban subsequent attempts to login from this watched IP address for 6 hours

classes/mysql.class.php

@@ -22,7 +22,7 @@ $DB = NEW DB_MYSQL;
 
 * Making a query
 
-$DB->query("
+$DB->prepared_query("
   SELECT *
   FROM table...");
 
@@ -92,14 +92,14 @@ set_query_id($ResultSet)
   This class can only hold one result set at a time. Using set_query_id allows
   you to set the result set that the class is using to the result set in
   $ResultSet. This result set should have been obtained earlier by using
-  $DB->query().
+  $DB->prepared_query().
 
   Example:
 
-  $FoodRS = $DB->query("
+  $FoodRS = $DB->prepared_query("
       SELECT *
       FROM food");
-  $DB->query("
+  $DB->prepared_query("
     SELECT *
     FROM drink");
   $Drinks = $DB->next_record();
@@ -111,14 +111,11 @@ set_query_id($ResultSet)
 -------------------------------------------------------------------------------------
 *///---------------------------------------------------------------------------------
 
-if (!extension_loaded('mysqli')) {
-    error('Mysqli Extension not loaded.');
-}
-
 
 /**
  * db_string
- * Handles escaping
+ *
+ * Handles escaping.
  */
 function db_string($String, $DisableWildcards = false)
 {
@@ -269,6 +266,7 @@ class DB_MYSQL
                 $this->Database,
                 $this->Port,
                 $this->Socket,
+                # Needed for self-signed certs
                 MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
             );
 
@@ -283,13 +281,31 @@ class DB_MYSQL
 
 
     /**
-     * prepare_query
+     * Prepare and execute a prepared query returning the result set.
+     *
+     * Utility function that wraps DB_MYSQL::prepare and DB_MYSQL::execute
+     * as most times, the query is going to be one-off and this will save
+     * on keystrokes. If you do plan to be executing a prepared query
+     * multiple times with different bound parameters, you'll want to call
+     * the two functions separately instead of this function.
+     *
+     * @param $Query
+     * @param mixed ...$Parameters
+     * @return bool|mysqli_result
      */
-    public function prepare_query($Query, &...$BindVars)
+    public function prepared_query($Query, ...$Parameters) {
+        $this->prepare($Query);
+        return $this->execute(...$Parameters);
+    }
+
+    /**
+     * prepare
+     */
+    public function prepare($Query, &...$BindVars)
     {
         $this->connect();
-
         $this->StatementID = mysqli_prepare($this->LinkID, $Query);
+
         if (!empty($BindVars)) {
             $Types = '';
             $TypeMap = ['string'=>'s', 'double'=>'d', 'integer'=>'i', 'boolean'=>'i'];
@@ -304,11 +320,17 @@ class DB_MYSQL
         return $this->StatementID;
     }
 
+    # Compatibility function for the old name
+    public function prepare_query($Query, &...$BindVars)
+    {
+        return $this->prepare($Query, $BindVars);
+    }
+
 
     /**
-     * exec_prepared_query
+     * execute
      */
-    public function exec_prepared_query()
+    public function execute()
     {
         $QueryStartTime = microtime(true);
         mysqli_stmt_execute($this->StatementID);
@@ -318,6 +340,12 @@ class DB_MYSQL
         $this->Time += $QueryRunTime;
     }
 
+    # Compatibility function for the old name
+    public function exec_prepared_query()
+    {
+        return $this->execute();
+    }
+
 
     /**
      * Runs a raw query assuming pre-sanitized input. However, attempting to self sanitize (such

classes/permissions_form.php

@@ -1,12 +1,13 @@
 <?php
 declare(strict_types=1);
 
-/********************************************************************************
- ************ Permissions form ********************** user.php and tools.php ****
- ********************************************************************************
- ** This function is used to create both the class permissions form, and the   **
- ** user custom permissions form.                                              **
- ********************************************************************************/
+/**
+ * Permissions form
+ * user.php and tools.php
+ *
+ * This function is used to create both the class permissions form,
+ * and the user custom permissions form.
+ */
 
 $PermissionsArray = array(
   'site_leech' => 'Can leech (Does this work?).',
@@ -38,7 +39,6 @@ $PermissionsArray = array(
   'site_recommend_own' => 'Can recommend own torrents.',
   'site_manage_recommendations' => 'Recommendations management access.',
   'site_delete_tag' => 'Can delete tags.',
-  'site_disable_ip_history' => 'Disable IP history.',
   'zip_downloader' => 'Download multiple torrents at once.',
   'site_debug' => 'Developer access.',
   'site_proxy_images' => 'Image proxy & anti-canary.',
@@ -112,16 +112,17 @@ $PermissionsArray = array(
 
 function permissions_form()
 {
-    ?>
-<div class="permissions">
-  <div class="permission_container">
-    <table>
-      <tr class="colhead">
-        <td>Site</td>
-      </tr>
-      <tr>
-        <td>
-          <?php
+    echo <<<HTML
+    <div class="permission_container">
+      <table>
+        <tr class="colhead">
+          <th>Site</th>
+        </tr>
+        
+        <tr>
+          <td>
+HTML;
+
     display_perm('site_leech', 'Can leech.');
     display_perm('site_upload', 'Can upload.');
     display_perm('site_vote', 'Can vote on requests.');
@@ -152,7 +153,6 @@ function permissions_form()
     display_perm('site_recommend_own', 'Can add own torrents to recommendations list.');
     display_perm('site_manage_recommendations', 'Can edit recommendations list.');
     display_perm('site_delete_tag', 'Can delete tags.');
-    display_perm('site_disable_ip_history', 'Disable IP history.');
     display_perm('zip_downloader', 'Download multiple torrents at once.');
     display_perm('site_debug', 'View site debug tables.');
     display_perm('site_proxy_images', 'Proxy images through the server.');
@@ -161,20 +161,24 @@ function permissions_form()
     display_perm('site_forums_double_post', 'Can double post in the forums.');
     display_perm('project_team', 'Part of the project team.');
     display_perm('site_tag_aliases_read', 'Can view the list of tag aliases.');
-    display_perm('site_ratio_watch_immunity', 'Immune from being put on ratio watch.'); ?>
-        </td>
-      </tr>
-    </table>
-  </div>
+    display_perm('site_ratio_watch_immunity', 'Immune from being put on ratio watch.');
+
+    echo <<<HTML
+          </td>
+        </tr>
+      </table>
+    </div>
+    
+    <div class="permission_container">
+      <table>
+        <tr class="colhead">
+          <th>Users</th>
+        </tr>
+        
+        <tr>
+          <td>
+HTML;
 
-  <div class="permission_container">
-    <table>
-      <tr class="colhead">
-        <td>Users</td>
-      </tr>
-      <tr>
-        <td>
-          <?php
     display_perm('users_edit_usernames', 'Can edit usernames.');
     display_perm('users_edit_ratio', 'Can edit anyone\'s upload/download amounts.');
     display_perm('users_edit_own_ratio', 'Can edit own upload/download amounts.');
@@ -206,21 +210,27 @@ function permissions_form()
     display_perm('users_override_paranoia', 'Can override paranoia');
     display_perm('users_make_invisible', 'Can make users invisible');
     display_perm('users_logout', 'Can log users out');
-    display_perm('users_mod', 'Can access basic moderator tools (Admin comment)'); ?>
-          * Everything is only applicable to users with the same or lower class level
-        </td>
-      </tr>
-    </table>
-  </div>
+    display_perm('users_mod', 'Can access basic moderator tools (Admin comment)');
+
+    echo <<<HTML
+            <strong class="important_text">
+              Everything is only applicable to users with the same or lower class level
+            </strong>
+          </td>
+        </tr>
+      </table>
+    </div>
+    
+    <div class="permission_container">
+      <table>
+        <tr class="colhead">
+          <th>Torrents</th>
+        </tr>
+        
+        <tr>
+          <td>
+HTML;
 
-  <div class="permission_container">
-    <table>
-      <tr class="colhead">
-        <td>Torrents</td>
-      </tr>
-      <tr>
-        <td>
-          <?php
     display_perm('torrents_edit', 'Can edit any torrent');
     display_perm('torrents_delete', 'Can delete torrents');
     display_perm('torrents_delete_fast', 'Can delete more than 3 torrents at a time.');
@@ -232,20 +242,24 @@ function permissions_form()
     display_perm('artist_edit_vanityhouse', 'Can mark artists as part of Vanity House.');
     display_perm('torrents_fix_ghosts', 'Can fix ghost groups on artist pages.');
     display_perm('screenshots_add', 'Can add screenshots to any torrent and delete their own screenshots.');
-    display_perm('screenshots_delete', 'Can delete any screenshot from any torrent.'); ?>
-        </td>
-      </tr>
-    </table>
-  </div>
+    display_perm('screenshots_delete', 'Can delete any screenshot from any torrent.');
+
+    echo <<<HTML
+          </td>
+        </tr>
+      </table>
+    </div>
+    
+    <div class="permission_container">
+      <table>
+        <tr class="colhead">
+          <th>Administrative</th>
+        </tr>
+        
+        <tr>
+          <td>
+HTML;
 
-  <div class="permission_container">
-    <table>
-      <tr class="colhead">
-        <td>Administrative</td>
-      </tr>
-      <tr>
-        <td>
-          <?php
     display_perm('admin_manage_news', 'Can manage site news');
     display_perm('admin_manage_blog', 'Can manage the site blog');
     display_perm('admin_manage_polls', 'Can manage polls');
@@ -261,13 +275,16 @@ function permissions_form()
     display_perm('admin_manage_permissions', 'Can edit permission classes/user permissions.');
     display_perm('admin_schedule', 'Can run the site schedule.');
     display_perm('admin_login_watch', 'Can manage login watch.');
-    display_perm('admin_manage_wiki', 'Can manage wiki access.'); ?>
-        </td>
-      </tr>
-    </table>
-  </div>
+    display_perm('admin_manage_wiki', 'Can manage wiki access.');
 
-  <div class="submit_container"><input type="submit" name="submit" value="Save Permission Class" /></div>
-</div>
-<?php
+    echo <<<HTML
+          </td>
+        </tr>
+      </table>
+    </div>
+    
+    <div class="submit_container">
+      <input type="submit" name="submit" class ="button-primary" value="Save Permission Class" />
+    </div>
+HTML;
 }

classes/script_start.php

@@ -1,11 +1,10 @@
 <?php
 #declare(strict_types=1);
 
-# https://www.php.net/manual/en/language.oop5.autoload.php
+# Initialize
 require_once 'config.php';
 require_once 'security.class.php';
 
-# Initialize
 $ENV = ENV::go();
 $Security = new Security();
 $Security->SetupPitfalls();
@@ -57,12 +56,12 @@ if (!defined('PHP_WINDOWS_VERSION_MAJOR')) {
 }
 ob_start(); // Start a buffer, mainly in case there is a mysql error
 
-require SERVER_ROOT.'/classes/debug.class.php'; // Require the debug class
-require SERVER_ROOT.'/classes/mysql.class.php'; // Require the database wrapper
-require SERVER_ROOT.'/classes/cache.class.php'; // Require the caching class
-require SERVER_ROOT.'/classes/time.class.php'; // Require the time class
-require SERVER_ROOT.'/classes/paranoia.class.php'; // Require the paranoia check_paranoia function
-require SERVER_ROOT.'/classes/util.php';
+require_once SERVER_ROOT.'/classes/debug.class.php'; // Require the debug class
+require_once SERVER_ROOT.'/classes/mysql.class.php'; // Require the database wrapper
+require_once SERVER_ROOT.'/classes/cache.class.php'; // Require the caching class
+require_once SERVER_ROOT.'/classes/time.class.php'; // Require the time class
+require_once SERVER_ROOT.'/classes/paranoia.class.php'; // Require the paranoia check_paranoia function
+require_once SERVER_ROOT.'/classes/util.php';
 
 $Debug = new DEBUG;
 $Debug->handle_errors();
@@ -72,7 +71,8 @@ $DB = new DB_MYSQL;
 $Cache = new Cache($ENV->getPriv('MEMCACHED_SERVERS'));
 
 // Autoload classes.
-require SERVER_ROOT.'/classes/autoload.php';
+require_once SERVER_ROOT.'/vendor/autoload.php';
+#require_once SERVER_ROOT.'/classes/autoload.php';
 
 // Note: G::initialize is called twice.
 // This is necessary as the code inbetween (initialization of $LoggedUser) makes use of G::$DB and G::$Cache.
@@ -225,7 +225,7 @@ if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {
 
     $UserSessions = $Cache->get_value("users_sessions_$UserID");
     if (!is_array($UserSessions)) {
-        $DB->query(
+        $DB->prepared_query(
             "
         SELECT
           SessionID,
@@ -250,7 +250,7 @@ if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {
     // Check if user is enabled
     $Enabled = $Cache->get_value('enabled_'.$LoggedUser['ID']);
     if ($Enabled === false) {
-        $DB->query("
+        $DB->prepared_query("
         SELECT Enabled
           FROM users_main
           WHERE ID = '$LoggedUser[ID]'");
@@ -267,7 +267,7 @@ if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {
     // Up/Down stats
     $UserStats = $Cache->get_value('user_stats_'.$LoggedUser['ID']);
     if (!is_array($UserStats)) {
-        $DB->query("
+        $DB->prepared_query("
         SELECT Uploaded AS BytesUploaded, Downloaded AS BytesDownloaded, RequiredRatio
         FROM users_main
           WHERE ID = '$LoggedUser[ID]'");
@@ -319,14 +319,9 @@ if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {
     // Change necessary triggers in external components
     $Cache->CanClear = check_perms('admin_clear_cache');
 
-    // Because we <3 our staff
-    if (check_perms('site_disable_ip_history')) {
-        $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
-    }
-
     // Update LastUpdate every 10 minutes
     if (strtotime($UserSessions[$SessionID]['LastUpdate']) + 600 < time()) {
-        $DB->query("
+        $DB->prepared_query("
         UPDATE users_main
         SET LastAccess = NOW()
         WHERE ID = '$LoggedUser[ID]'
@@ -348,7 +343,7 @@ if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {
         WHERE UserID = '$LoggedUser[ID]'
         AND SessionID = '".db_string($SessionID)."'";
 
-        $DB->query($SessionQuery);
+        $DB->prepared_query($SessionQuery);
         $Cache->begin_transaction("users_sessions_$UserID");
         $Cache->delete_row($SessionID);
 
@@ -367,7 +362,7 @@ if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {
     if (isset($LoggedUser['Permissions']['site_torrents_notify'])) {
         $LoggedUser['Notify'] = $Cache->get_value('notify_filters_'.$LoggedUser['ID']);
         if (!is_array($LoggedUser['Notify'])) {
-            $DB->query("
+            $DB->prepared_query("
             SELECT ID, Label
             FROM users_notify_filters
               WHERE UserID = '$LoggedUser[ID]'");
@@ -383,39 +378,13 @@ if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {
     }
 
     // IP changed
-    if (apcu_exists('DBKEY') && Crypto::decrypt($LoggedUser['IP']) != $_SERVER['REMOTE_ADDR'] && !check_perms('site_disable_ip_history')) {
+    if (apcu_exists('DBKEY') && Crypto::decrypt($LoggedUser['IP']) != $_SERVER['REMOTE_ADDR']) {
         if (Tools::site_ban_ip($_SERVER['REMOTE_ADDR'])) {
             error('Your IP address has been banned.');
         }
 
         $CurIP = db_string($LoggedUser['IP']);
         $NewIP = db_string($_SERVER['REMOTE_ADDR']);
-        $DB->query("
-        SELECT IP
-        FROM users_history_ips
-          WHERE EndTime IS NULL
-          AND UserID = '$LoggedUser[ID]'");
-
-        while (list($EncIP) = $DB->next_record()) {
-            if (Crypto::decrypt($EncIP) == $CurIP) {
-                $CurIP = $EncIP;
-                // CurIP is now the encrypted IP that was already in the database (for matching)
-                break;
-            }
-        }
-
-        $DB->query("
-        UPDATE users_history_ips
-        SET EndTime = NOW()
-          WHERE EndTime IS NULL
-          AND UserID = '$LoggedUser[ID]'
-          AND IP = '$CurIP'");
-
-        $DB->query("
-        INSERT IGNORE INTO users_history_ips
-          (UserID, IP, StartTime)
-        VALUES
-          ('$LoggedUser[ID]', '".Crypto::encrypt($NewIP)."', NOW())");
 
         $Cache->begin_transaction('user_info_heavy_'.$LoggedUser['ID']);
         $Cache->update_row(false, array('IP' => Crypto::encrypt($_SERVER['REMOTE_ADDR'])));
@@ -425,7 +394,7 @@ if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {
     // Get stylesheets
     $Stylesheets = $Cache->get_value('stylesheets');
     if (!is_array($Stylesheets)) {
-        $DB->query('
+        $DB->prepared_query('
         SELECT
           ID,
           LOWER(REPLACE(Name, " ", "_")) AS Name,
@@ -460,7 +429,7 @@ function logout()
     setcookie('keeplogged', '', time() - 60 * 60 * 24 * 365, '/', '', false);
 
     if ($SessionID) {
-        G::$DB->query("
+        G::$DB->prepared_query("
         DELETE FROM users_sessions
           WHERE UserID = '" . G::$LoggedUser['ID'] . "'
           AND SessionID = '".db_string($SessionID)."'");
@@ -482,7 +451,7 @@ function logout_all_sessions()
 {
     $UserID = G::$LoggedUser['ID'];
 
-    G::$DB->query("
+    G::$DB->prepared_query("
     DELETE FROM users_sessions
       WHERE UserID = '$UserID'");
 
@@ -547,16 +516,6 @@ if (isset(G::$LoggedUser['LockedAccount']) && !in_array($Document, $AllowedPages
 
 $Debug->set_flag('completed module execution');
 
-/* Required in the absence of session_start() for providing that pages will change
-upon hit rather than being browser cached for changing content.
-
-Old versions of Internet Explorer choke when downloading binary files over HTTPS with disabled cache.
-Define the following constant in files that handle file downloads */
-if (!defined('SKIP_NO_CACHE_HEADERS')) {
-    header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
-    header('Pragma: no-cache');
-}
-
 // Flush to user
 ob_end_flush();
 

classes/security.class.php

@@ -6,50 +6,77 @@ declare(strict_types = 1);
  *
  * Designed to hold common authentication functions from various sources:
  *  - classes/script_start.php
+ *  - "Quick SQL injection check"
  */
 
 class Security
 {
     /**
-     * Check ID
+     * Check integer
      *
      * Makes sure a number ID is valid,
      * e.g., a page ID requested by GET.
      */
-    public function CheckID($ID)
+    public function checkInt(...$IDs)
     {
-        # Temporary failsafe
-        # (int) 'dingus' = 0
-        # (int) 3.14 = 3
-        $ID = (int) $ID;
-
-        if (!is_int($ID) || $ID < 1) {
-            error(400);
+        foreach ($IDs as $ID) {
+            if (!ID || !is_int($ID) || $ID < 1) {
+                return "Expected an integer > 1, got $ID in Security::checkInt.";
+                #error("Expected an integer > 1, got $ID in Security::checkInt.");
+            }
         }
 
         return;
     }
 
+
     /**
      * Setup pitfalls
      *
      * A series of quick sanity checks during app init.
      * Previously in classes/script_start.php.
      */
-    public function SetupPitfalls()
+    public function setupPitfalls()
     {
+        $ENV = ENV::go();
+
+        # Bad PHP version
+        if (version_compare(PHP_VERSION, $ENV->PHP_MIN, '<')) {
+            error("Gazelle requires PHP > $ENV->PHP_MIN.");
+        }
+
         # short_open_tag
         if (!ini_get('short_open_tag')) {
-            error('short_open_tag != On in php.ini');
+            error('short_open_tag != On in php.ini.');
         }
 
         # apcu
         if (!extension_loaded('apcu')) {
-            error('APCu extension not loaded');
+            error('APCu extension php-apcu not loaded.');
+        }
+
+        # mbstring
+        if (!extension_loaded('mbstring')) {
+            error('Multibyte string extension php-mbstring not loaded.');
+        }
+
+        # memcache
+        if (!extension_loaded('memcache')) {
+            error('memcached extension php-memcache not loaded.');
+        }
+
+        # mysqli
+        if (!extension_loaded('mysqli')) {
+            error('mysqli extension php-mysql not loaded.');
+        }
+        
+        # blake3
+        if ($ENV->FEATURE_BIOPHP && !extension_loaded('blake3')) {
+            error('Please install and enable the php-blake3 extension.');
         }
 
         # Deal with dumbasses
-        if (isset($_REQUEST['info_hash']) && isset($_REQUEST['peer_id'])) {
+        if (isset($_REQUEST['info_hash']) || isset($_REQUEST['peer_id'])) {
             error(
                 'd14:failure reason40:Invalid .torrent, try downloading again.e',
                 $NoHTML = true,
@@ -60,6 +87,7 @@ class Security
         return;
     }
 
+
     /**
      * UserID checks
      *

classes/slaves.class.php

@@ -1,17 +0,0 @@
-<?php
-#declare(strict_types=1);
-
-class Slaves
-{
-    public static function get_level($SlaveID)
-    {
-        G::$DB->query("
-        SELECT u.Uploaded, u.Downloaded, u.BonusPoints, COUNT(t.UserID)
-        FROM users_main AS u
-          LEFT JOIN torrents AS t ON u.ID=t.UserID
-          WHERE u.ID = $SlaveID");
-          
-        list($Upload, $Download, $Points, $Uploads) = G::$DB->next_record();
-        return intval(((($Uploads**0.35)*1.5)+1) * max(($Upload+($Points*1000000)-$Download)/(1024**3), 1));
-    }
-};

classes/text.class.php

@@ -14,8 +14,6 @@ class Text
       's' => 0,
       '*' => 0,
       '#' => 0,
-      #'ch' => 0,
-      #'uch' => 0,
       'artist' => 0,
       'user' => 0,
       'n' => 0,
@@ -128,7 +126,41 @@ class Text
      */
     public static $TOC = false;
 
+
+    /**
+     * Fix the links
+     * 
+     * Make it so that internal links are in the form "/section?p=foo"
+     * and that external links are secure and look like Wikipedia.
+     * Takes an already-parsed input, to hit Markdown and BBcode.
+     */
+    public function fix_links($Parsed) {
+            # Replace links to $ENV->SITE_DOMAIN
+            $Parsed = preg_replace(
+                "/<a href=\"$ENV->RESOURCE_REGEX($ENV->SITE_DOMAIN|$ENV->OLD_SITE_DOMAIN)\//",
+                '<a href="/',
+                $Parsed
+            );
+                
+            # Replace external links and add Wikipedia-style CSS class
+            $RelTags = 'external nofollow noopener noreferrer';
+
+            $Parsed = preg_replace(
+                '/<a href="https?:\/\//',
+                '<a class="external" rel="'.$RelTags.'" target="_blank" href="https://',
+                $Parsed
+            );
+
+            $Parsed = preg_replace(
+                '/<a href="ftps?:\/\//',
+                '<a class="external" rel="'.$RelTags.'" target="_blank" href="ftps://',
+                $Parsed
+            );
+
+            return $Parsed;       
+    }
     
+
     /**
      * Output BBCode as XHTML
      *
@@ -152,8 +184,18 @@ class Text
         )) {
             $Parsedown = new ParsedownExtra();
             $Parsedown->setSafeMode(true);
+
+            # Prepare clean escapes
             $Str = html_entity_decode($Str, ENT_QUOTES | ENT_HTML5, 'UTF-8');
 
+            # Parse early and post-process
+            $Parsed = $Parsedown->text($Str);
+            
+            # Replace links to $ENV->SITE_DOMAIN
+            $Parsed = self::fix_links($Parsed);
+
+            return $Parsed;
+
             # Markdown ToC not happening yet
             # Shouldn't parse_toc() output HTML
             /*
@@ -174,8 +216,6 @@ class Text
             }
             */
 
-            return $P = $Parsedown->text($Str);
-
         /*
         return $P =
             ((self::$TOC && $OutputTOC)
@@ -183,37 +223,24 @@ class Text
                 : null)
             . $Parsedown->text($Str);
         */
-        } else {
+        }
+        
+        /**
+         * BBcode formatting
+         */
+        else {
             global $Debug;
             $Debug->set_flag('BBCode start');
 
             self::$Headlines = [];
             $Str = display_str($Str);
 
-            # Checkboxes: broken and stupid
-            /*
-            $Str = preg_replace('/\[\\[(ch|uch)]\]/i', '', $Str);
-            $Str = preg_replace('/\[ch\]/i', '[ch][/ch]', $Str);
-            $Str = preg_replace('/\[uch\]/i', '[uch][/uch]', $Str);
-            */
-
             // Inline links
             $URLPrefix = '(\[url\]|\[url\=|\[img\=|\[img\])';
             $Str = preg_replace('/'.$URLPrefix.'\s+/i', '$1', $Str);
             $Str = preg_replace('/(?<!'.$URLPrefix.')http(s)?:\/\//i', '$1[inlineurl]http$2://', $Str);
             $Str = preg_replace('/\[embed\]\[inlineurl\]/', '[embed]', $Str);
 
-            // For anonym.to and archive.org links, remove any [inlineurl] in the middle of the link
-            /*
-            $Str = preg_replace_callback(
-                '/(?<=\[inlineurl\]|'.$URLPrefix.')(\S*\[inlineurl\]\S*)/m',
-                function ($matches) {
-                    return str_replace("[inlineurl]", "", $matches[0]);
-                },
-                $Str
-            );
-            */
-
             if (self::$TOC) {
                 $Str = preg_replace('/(\={5})([^=].*)\1/i', '[headline=4]$2[/headline]', $Str);
                 $Str = preg_replace('/(\={4})([^=].*)\1/i', '[headline=3]$2[/headline]', $Str);
@@ -233,6 +260,9 @@ class Text
                 $HTML = self::parse_toc($Min) . $HTML;
             }
 
+            # Rewrite the URLs
+            $HTML = self::fix_links($HTML);
+
             $Debug->set_flag('BBCode end');
             return $HTML;
         }
@@ -871,20 +901,6 @@ class Text
                   break;
 
 
-                /*
-                case 'ch':
-                  $Str .= '<input type="checkbox" checked="checked" disabled="disabled">';
-                  break;
-                */
-
-
-                /*
-                case 'uch':
-                  $Str .= '<input type="checkbox" disabled="disabled">';
-                  break;
-                */
-
-
                 case 'list':
                   $Str .= "<$Block[ListType] class=\"postlist\">";
                   foreach ($Block['Val'] as $Line) {
@@ -1051,7 +1067,8 @@ class Text
                       if ($LocalURL) {
                           $Str .= '<a href="'.$LocalURL.'">'.substr($LocalURL, 1).'</a>';
                       } else {
-                          $Str .= '<a rel="noreferrer" target="_blank" href="'.$Block['Attr'].'">'.$Block['Attr'].'</a>';
+                          $Str .= '<a href="'.$Block['Attr'].'">'.$Block['Attr'].'</a>';
+                          #$Str .= '<a rel="noreferrer" target="_blank" href="'.$Block['Attr'].'">'.$Block['Attr'].'</a>';
                       }
                   }
                   break;

classes/tools.class.php

@@ -122,18 +122,7 @@ class Tools
         return trim($Output[4]);
     }
 
-    /**
-     * Format an IP address with links to IP history.
-     *
-     * @param string IP
-     * @return string The HTML
-     */
-    public static function display_ip($IP)
-    {
-        return $Line = '<a href="user.php?action=search&amp;ip_history=on&amp;ip='.display_str($IP).'&amp;matchtype=strict" title="Search" class="brackets tooltip">S</a>';
-    }
-
-
+    
     /**
      * Disable an array of users.
      *

classes/torrent_form.class.php

@@ -14,16 +14,6 @@ class TorrentForm
      * recursively copying parts to arrays in place as needed.
      */
     
-    # Platforms
-    # See classes/config.php
-    public $SeqPlatforms = [];
-    public $GraphPlatforms = [];
-    public $ImgPlatforms = [];
-    public $DocPlatforms = [];
-    public $RawPlatforms = [];
-    #public $Media = [];
-    #public $MediaManga = [];
-
     # Formats
     # See classes/config.php
     public $SeqFormats = [];
@@ -36,22 +26,8 @@ class TorrentForm
     public $BinDocFormats = [];
     public $CpuGenFormats = [];
     public $PlainFormats = [];
-    #public $Containers = [];
-    #public $ContainersGames = [];
-    #public $ContainersProt = [];
-    #public $ContainersExtra = [];
-
-    # Misc
-    public $Codecs = [];
-    public $Archives = [];
     public $Resolutions = [];
 
-    # Deprecated
-    #public $Formats = [];
-    #public $Versions = [];
-    #public $Bitrates = [];
-    #public $Platform = [];
-
     # Gazelle
     public $NewTorrent = false;
     public $Torrent = [];
@@ -63,7 +39,8 @@ class TorrentForm
     public function __construct($Torrent = false, $Error = false, $NewTorrent = true)
     {
         # See classes/config.php
-        global $UploadForm, $Categories, $TorrentID, $SeqPlatforms, $GraphPlatforms, $ImgPlatforms, $DocPlatforms, $RawPlatforms, $SeqFormats, $ProtFormats, $GraphXmlFormats, $GraphTxtFormats, $ImgFormats, $MapVectorFormats, $MapRasterFormats, $BinDocFormats, $CpuGenFormats, $PlainFormats, $Codecs, $Archives, $Resolutions;
+        global $UploadForm, $Categories, $TorrentID, $SeqFormats, $ProtFormats, $GraphXmlFormats, $GraphTxtFormats, $ImgFormats, $MapVectorFormats, $MapRasterFormats, $BinDocFormats, $CpuGenFormats, $PlainFormats, $Resolutions;
+        #global $UploadForm, $Categories, $TorrentID, $SeqPlatforms, $GraphPlatforms, $ImgPlatforms, $DocPlatforms, $RawPlatforms, $SeqFormats, $ProtFormats, $GraphXmlFormats, $GraphTxtFormats, $ImgFormats, $MapVectorFormats, $MapRasterFormats, $BinDocFormats, $CpuGenFormats, $PlainFormats, $Codecs, $Archives, $Resolutions;
         #global $UploadForm, $Categories, $Formats, $Bitrates, $Media, $MediaManga, $TorrentID, $Containers, $ContainersGames, $Codecs, $Resolutions, $Platform, $Archives, $ArchivesManga;
 
         # Gazelle
@@ -75,14 +52,6 @@ class TorrentForm
         $this->Categories = $Categories;
         $this->TorrentID = $TorrentID;
 
-        # Platforms
-        # See classes/config.php
-        $this->SeqPlatforms = $SeqPlatforms;
-        $this->GraphPlatforms = $GraphPlatforms;
-        $this->ImgPlatforms = $ImgPlatforms;
-        $this->DocPlatforms = $DocPlatforms;
-        $this->RawPlatforms = $RawPlatforms;
-       
         # Formats
         # See classes/config.php
         $this->SeqFormats = $SeqFormats;
@@ -95,10 +64,6 @@ class TorrentForm
         $this->BinDocFormats = $BinDocFormats;
         $this->CpuGenFormats = $CpuGenFormats;
         $this->PlainFormats = $PlainFormats;
-        
-        # Misc
-        $this->Codecs = $Codecs;
-        $this->Archives = $Archives;
         $this->Resolutions = $Resolutions;
 
         # Quick constructor test
@@ -110,127 +75,91 @@ class TorrentForm
 
 
     /**
-     * ========================
-     * = New functional class =
-     * ========================
-     *
-     * Contains functions that output discreet torrent form fields.
-     * Useful for <?= echoing in skeleton tables in the sections.
-     */
+     * ====================
+     * = Twig-based class =
+     * ====================
+    */
 
 
     /**
-     * Upload notice
+     * render
      *
-     * Broken into multiple NewTorrent tests for sanity.
-     * Each if statement should contain one discreet content block.
+     * TorrentForm Twig wrapper.
+     * Hopefully more pleasant.
      */
-    public function uploadNotice()
+    public function render()
     {
-        if ($this->NewTorrent) {
-            $HTML = <<<HTML
-            <aside class="upload_notice">
-              <p>
-                Please consult the
-                <a href="/rules.php?p=upload">Upload Rules</a>
-                and the
-                <a href="/wiki.php?action=article&name=categories">Categories Wiki</a>
-                to help fill out the upload form correctly.
-              </p>
-
-              <p>
-                The site adds the Announce and Source automatically.
-                Just download and seed the new torrent after uploading it.
-
-              <!--
-              <strong>
-                If you never have before, be sure to read this list of
-                <a href="wiki.php?action=article&name=uploadingpitfalls">uploading pitfalls</a>.
-              </strong>
-              -->
-              </p>
-            </aside>
-HTML;
-        } # fi NewTorrent
-        return $HTML;
-    }
-
+        $ENV = ENV::go();
+        $Twig  = Twig::go();
 
-    /**
-     * Announce URLs
-     *
-     * Announce URLs displayed on the form.
-     * They're added to torrents in torrentsdl.class.php.
-     * Bio Gazelle supports tiered swarms, T1 private and T2 public.
-     */
-    public function announceSource()
-    {
+        /**
+         * Upload notice
+         */
         if ($this->NewTorrent) {
-            $HTML = '<aside class="announce_source">';
+            echo $Twig->render('torrent_form/notice.html');
+        }
 
+        /**
+         * Announce and source
+         */
+        if ($this->NewTorrent) {
             $Announces = ANNOUNCE_URLS[0];
             #$Announces = call_user_func_array('array_merge', ANNOUNCE_URLS);
+
             $TorrentPass = G::$LoggedUser['torrent_pass'];
+            $TorrentSource = Users::get_upload_sources()[0];
 
-            foreach ($Announces as $Announce) {
-                $HTML .= <<<HTML
-                <p>
-                  <strong>Announce</strong>
-                  <input type="text"
-                    value="$Announce/$TorrentPass/announce"
-                    size="60" readonly="readonly"
-                    onclick="this.select();" />
-                </p>
-HTML;
-            }
+            echo $Twig->render(
+                'torrent_form/announce_source.html',
+                [
+                  'announces' => $Announces,
+                  'torrent_pass' => $TorrentPass,
+                  'torrent_source' => $TorrentSource,
+                ]
+            );
+        }
 
-            /**
-             * Source (randomize infohash)
-             */
-            $TorrentSource = Users::get_upload_sources()[0];
-            $HTML .= <<<HTML
-            <p>
-              <strong>Source</strong>
-              <input type="text"
-                value="$TorrentSource"
-                size="30" readonly="readonly"
-                onclick="this.select();" />
-            </p>
+        /**
+         * Errors
+         * (Twig unjustified)
+         */
+        if ($this->Error) {
+            echo <<<HTML
+              <aside class="upload_error">
+                <p>$this->Error</p>
+              </aside>
 HTML;
+        }
 
-            $HTML .= '</aside>';
-        } # fi NewTorrent
-        return $HTML;
-    }
+        /**
+         * head
+         * IMPORTANT!
+         */
+        echo $this->head();
 
+        /**
+         * upload_form
+         * Where the fields are.
+         */
+        echo $this->upload_form();
 
-    /**
-     * Display torrent upload errors
-     */
-    public function error()
-    {
-        if ($this->NewTorrent) {
-            if ($this->Error) {
-                echo <<<HTML
-                <aside class="upload_error">
-                  <p>$this->Error</p>
-                </aside>
-HTML;
-            }
-        } # fi NewTorrent
-    }
+        /**
+         * foot
+         */
+        echo $this->foot();
+    } # End render()
 
 
     /**
      * head
      *
-     * Everything until the catalogue number field.
-     * Server-side torrent scrubbing admonishment.
+     * Everything up to the main form tag open:
+     * <div id="dynamic_form">
+     * Kept as an HTML function because it's simpler.
      */
-    public function head()
+    private function head()
     {
         $ENV = ENV::go();
-
         G::$DB->query(
             "
         SELECT
@@ -288,19 +217,13 @@ HTML;
          * Start printing the torrent form
          */
         $HTML .= '<table class="torrent_form">';
-        return $HTML;
-    }
-
 
-    /**
-     * New torrent options: file
-     */
-    public function basicInfo()
-    {
-        $ENV = ENV::go();
-      
+        /**
+         * New torrent options:
+         * file and category
+         */
         if ($this->NewTorrent) {
-            $HTML =  '<h2 class="header">Basic Info</h2>';
+            $HTML .=  '<h2 class="header">Basic Info</h2>';
             $HTML .= <<<HTML
             <tr>
               <td>
@@ -319,14 +242,8 @@ HTML;
               </td>
             </tr>
 HTML;
-        } # fi NewTorrent
 
-        /**
-         * New torrent options: category
-         */
-        if ($this->NewTorrent) {
             $DisabledFlag = ($this->DisabledFlag) ? ' disabled="disabled"' : '';
-
             $HTML .= <<<HTML
               <tr>
                 <td>
@@ -375,7 +292,7 @@ HTML;
      *
      * Make the endmatter.
      */
-    public function foot()
+    private function foot()
     {
         $Torrent = $this->Torrent;
         echo '<table class="torrent_form>';
@@ -471,8 +388,8 @@ HTML;
 
         echo <<<HTML
               <tr>
-                <td>
-                  <input id="post" type="submit" value="$Value" />
+                <td class="center">
+                  <input id="post" type="submit" value="$Value" class="button-primary" />
                 </td>
               </tr>
             </table> <!-- torrent_form -->
@@ -486,206 +403,75 @@ HTML;
      * upload_form
      *
      * Finally the "real" upload form.
-     * Contains all the field you'd expect.
+     * Contains all the fields you'd expect.
      *
      * This is currently one enormous function.
      * It has sub-functions, variables, and everything.
      * It continues to the end of the class.
      */
-    public function upload_form()
+    private function upload_form()
     {
         $ENV = ENV::go();
+        $Twig = Twig::go();
 
         $QueryID = G::$DB->get_query_id();
         $Torrent = $this->Torrent;
 
-        # Moved to their own functions
-        #echo $this->head();
-        #echo $this->basicInfo();
-
         # Start printing the form
         echo '<h2 class="header">Torrent Form</h2>';
-        echo '<table class="torrent_form">';
+        echo '<table class="torrent_form skeleton-fix">';
 
         
         /**
          * Accession Number
-         *
-         * The headings below refer to a new generic input schema.
-         * The HTML labels and various user-visible text should come from $ENV.
-         *
-         * RecursiveArrayObject->toArray() returns arrays from, e.g., $ENV->A->B->C.
-         * This makes it easy to get and program with any subset of config objects.
          */
         $CatalogueNumber = display_str($Torrent['CatalogueNumber']);
         $Disabled = $this->Disabled;
-
-        # DOI
-        echo <<<HTML
-        <tr id="javdb_tr">
-          <td>
-            <label for="catalogue">
-              Accession Number
-            </label>
-          </td>
-
-          <td>
-            <input type="text"
-              id="catalogue" name="catalogue" size="30"
-              placeholder="RefSeq and UniProt preferred"
-              value="$CatalogueNumber" />
-
-            <input type="button" autofill="jav" value="Autofill"
-              style="pointer-events: none; opacity: 0.5;">
-            </input>
-          </td>
-        </tr>
-HTML;
-
-        # RefSeq
-        $DisabledFlagInput = (!$this->DisabledFlag)
-            ? '<input type="button" autofill="anime" value="Autofill" />'
-            : null;
-
-        echo <<<HTML
-        <tr id="anidb_tr" class="hidden">
-          <td>
-            <label for="anidb">
-              AniDB Autofill (optional)
-            </label>
-          </td>
-          
-          <td>
-            <input type="text" id="anidb" size="10" $Disabled />
-            $DisabledFlagInput
-          </td>
-        </tr>
-HTML;
         
-        # UniProt
-        $DisabledFlagInput = (!$this->DisabledFlag)
-            ? '<input type="button" autofill="anime" value="Autofill" />'
-            : null;
-
-        echo <<<HTML
-        <tr id="anidb_tr" class="hidden">
-          <td>
-            <label for="douj">
-              e-hentai URL (optional)
-            </label>
-          </td>
-          
-          <td>
-            <input type="text" id="douj" size="10" $Disabled />
-            $DisabledFlagInput
-          </td>
-        </tr>
-HTML;
+        echo $Twig->render(
+            'torrent_form/identifier.html',
+            [
+                'db' => $ENV->DB->identifier,
+                'identifier' => $CatalogueNumber,
+            ]
+        );
 
 
         /**
-         * Semantic Version
+         * Version
          */
         
         $Version = display_str($Torrent['Version']);
-        echo <<<HTML
-        <tr id="audio_tr">
-          <td>
-            <label for="version">
-              Version
-            </label>
-          </td>
 
-          <td>
-            <input type="text"
-              id="version" name="version"
-              size="12" pattern="\d+\.*\d*\.*\d*"
-              placeholder="Start with 0.1.0"
-              value="$Version" />
-            
-            <p>
-              Please see
-              <a href="https://semver.org target=" _blank">Semantic Versioning</a>
-            </p>
-          </td>
-        </tr>
-HTML;
+        echo $Twig->render(
+            'torrent_form/version.html',
+            [
+              'db' => $ENV->DB->version,
+              'version' => $Version,
+          ]
+        );
 
 
         /**
-         * Title fields
-         *
-         * Gazelle has three title fields available, regrettably hardcoded.
-         * Ideally we could rank them in importance in the site ontology,
-         * then update one config file to apply custom metadata across the board.
+         * Title Fields
          */
 
         # New torrent upload
         if ($this->NewTorrent) {
-            $Disabled = $this->Disabled;
-
-
-            /**
-             * Title 1
-             */
             $Title1 = display_str($Torrent['Title']);
-            echo <<<HTML
-              <tr id="title_tr">
-                <td>
-                  <label for="title" class="required">
-                    Torrent Title
-                  </label>
-                </td>
-              
-                <td>
-                  <input type="text" id="title" name="title" size="60"
-                    placeholder="Definition line, e.g., Alcohol dehydrogenase ADH1"
-                    value="$Title1" $Disabled />
-                </td>
-              </tr>
-HTML;
-
-
-            /**
-             * Title 2
-             */
             $Title2 = display_str($Torrent['Title2']);
-            echo <<<HTML
-              <tr id="title_rj_tr">
-                <td>
-                  <label for="title_rj">
-                  Organism
-                  </label>
-                </td>
-              
-              <td>
-                <input type="text" id="title_rj" name="title_rj" size="60"
-                  placeholder="Organism line binomial, e.g., Saccharomyces cerevisiae"
-                  value="$Title2" $Disabled />
-              </td>
-            </tr>
-HTML;
-
-
-            /**
-             * Title 3
-             */
             $Title3 = display_str($Torrent['TitleJP']);
-            echo <<<HTML
-            <tr id="title_jp_tr">
-              <td>
-                <label for="title_jp">
-                Strain/Variety
-                </label>
-              </td>
-              
-              <td>
-                <input type="text" id="title_jp" name="title_jp" size="60"
-                  placeholder="Organism line if any, e.g., S288C"
-                  value="$Title3" $Disabled />
-              </td>
-            </tr>
-HTML;
+            #$Disabled = $this->Disabled;
+
+            echo $Twig->render(
+                'torrent_form/titles.html',
+                [
+                  'db' => $ENV->DB,
+                  'title' => $Title1,
+                  'subject' => $Title2,
+                  'object' => $Title3,
+                ]
+            );
         } # fi NewTorrent
         
         
@@ -748,29 +534,18 @@ HTML;
 
 
         /**
-         * Affiliation
-         *
-         * The company, studio, lab, etc., that did the work.
-         * todo: Add creator affiliation and pick a predetermined one
-         * (in our case, last author's institution).
+         * Workgroup
          */
         if ($this->NewTorrent) {
             $Affiliation = display_str($Torrent['Studio']);
-            echo <<<HTML
-            <tr id="studio_tr">
-              <td>
-                <label for="studio" class="required">
-                  Department/Lab
-                </label>
-              </td>
-              
-              <td>
-                <input type="text" id="studio" name="studio" size="60"
-                  placeholder="Last author's institution, e.g., Lawrence Berkeley Laboratory"
-                  value="$Affiliation" $Disabled />
-              </td>
-            </tr>
-HTML;
+
+            echo $Twig->render(
+                'torrent_form/workgroup.html',
+                [
+                  'db' => $ENV->DB->workgroup,
+                  'workgroup' => $Affiliation,
+                ]
+            );
         }
 
 
@@ -782,22 +557,14 @@ HTML;
          */
         if ($this->NewTorrent) {
             $TorrentLocation = display_str($Torrent['Series']);
-            echo <<<HTML
-            <tr id="series_tr">
-              <td>
-                <label for="series">
-                  Location
-                </label>
-              </td>
-            
-              <td>
-                <input type="text" id="series" name="series" size="60"
-                  placeholder="Physical location, e.g., Berkeley, CA 94720"
-                  value="$TorrentLocation" $Disabled />
-              </td>
-            </tr>
-HTML;
-        } # fi NewTorrent
+            echo $Twig->render(
+                'torrent_form/location.html',
+                [
+                  'db' => $ENV->DB->location,
+                  'location' => $TorrentLocation,
+                ]
+            );
+        }
 
 
         /**
@@ -811,21 +578,14 @@ HTML;
          * Year
          */
         $TorrentYear = display_str($Torrent['Year']);
-        echo <<<HTML
-        <tr id="year_tr">
-          <td>
-            <label for="year" class="required">
-              Year
-            </label>
-          </td>
-          
-          <td>
-            <input type="text" id="year" name="year"
-              maxlength="4" size="15" placeholder="Publication year"
-              value="$TorrentYear" />
-          </td>
-        </tr>
-HTML;
+
+        echo $Twig->render(
+            'torrent_form/year.html',
+            [
+            'db' => $ENV->DB->year,
+            'year' => $TorrentYear,
+          ]
+        );
 
 
         /**
@@ -850,14 +610,14 @@ HTML;
               <option>---</option>
 HTML;
 
-        foreach ($this->Codecs as $Codec) {
-            echo "<option value='$Codec'";
+        foreach ($ENV->META->Licenses as $License) {
+            echo "<option value='$License'";
 
-            if ($Codec === ($Torrent['Codec'] ?? false)) {
+            if ($License === ($Torrent['Codec'] ?? false)) {
                 echo " selected";
             }
             
-            echo ">$Codec</option>\n";
+            echo ">$License</option>\n";
         }
 
         echo <<<HTML
@@ -939,7 +699,7 @@ HTML;
                 $trID = 'media_tr',
                 $Label = 'Platform',
                 $Torrent = $Torrent,
-                $Media = $this->SeqPlatforms
+                $Media = $ENV->CATS->{1}->Platforms
             );
             
 
@@ -950,7 +710,7 @@ HTML;
                 $trID = 'media_graphs_tr',
                 $Label = 'Platform',
                 $Torrent = $Torrent,
-                $Media = array_merge($this->GraphPlatforms, $this->SeqPlatforms)
+                $Media = $ENV->CATS->{2}->Platforms
             );
             
 
@@ -961,18 +721,18 @@ HTML;
                 $trID = 'media_scalars_vectors_tr',
                 $Label = 'Platform',
                 $Torrent = $Torrent,
-                $Media = array_merge($this->GraphPlatforms, $this->ImgPlatforms)
+                $Media = $ENV->CATS->{5}->Platforms
             );
 
 
             /**
-             * Platform: Scalars/Vectors
+             * Platform: Images
              */
             mediaSelect(
                 $trID = 'media_images_tr',
                 $Label = 'Platform',
                 $Torrent = $Torrent,
-                $Media = $this->ImgPlatforms
+                $Media = $ENV->CATS->{8}->Platforms
             );
 
 
@@ -983,7 +743,7 @@ HTML;
                 $trID = 'media_documents_tr',
                 $Label = 'Platform',
                 $Torrent = $Torrent,
-                $Media = $this->DocPlatforms
+                $Media = $ENV->CATS->{11}->Platforms
             );
 
 
@@ -994,7 +754,7 @@ HTML;
                 $trID = 'media_machine_data_tr',
                 $Label = 'Platform',
                 $Torrent = $Torrent,
-                $Media = $this->RawPlatforms
+                $Media = $ENV->CATS->{12}->Platforms
             );
         } # fi NewTorrent
         else {
@@ -1014,6 +774,7 @@ HTML;
          */
         function formatSelect($trID = '', $Label = '', $Torrent = [], $FileTypes = [])
         {
+            #var_dump($FileTypes);
             echo <<<HTML
             <tr id="$trID">
               <td>
@@ -1021,21 +782,24 @@ HTML;
                   $Label
                 <label>
               </td>
-              
+
               <td>
                 <select id="container" name="container">
                   <option value="Autofill">Autofill</option>
 HTML;
 
-            foreach ($FileTypes as $Type => $Extensions) {
-                echo "<option value='$Type'";
+            foreach ($FileTypes as $FileType) {
+                foreach ($FileType as $Type => $Extensions) {
+                    echo "<option value='$Type'";
 
-                if ($Type === ($Torrent['Container'] ?? false)) {
-                    echo ' selected';
-                }
+                    if ($Type === ($Torrent['Container'] ?? false)) {
+                        echo ' selected';
+                    }
 
-                echo ">$Type</option>\n";
+                    echo ">$Type</option>\n";
+                }
             }
+        
 
             echo <<<HTML
                 </select>
@@ -1060,7 +824,7 @@ HTML;
             $trID = 'container_tr',
             $Label = 'Format',
             $Torrent = $Torrent,
-            $FileTypes = array_merge($this->SeqFormats, $this->ProtFormats, $this->PlainFormats)
+            $FileTypes = $ENV->CATS->{1}->Formats
         );
         
 
@@ -1071,7 +835,8 @@ HTML;
             $trID = 'container_graphs_tr',
             $Label = 'Format',
             $Torrent = $Torrent,
-            $FileTypes = array_merge($this->GraphXmlFormats, $this->GraphTxtFormats, $this->SeqFormats, $this->ProtFormats, $this->PlainFormats)
+            #$FileTypes = array_column($ENV->META, $Formats)
+            $FileTypes = $ENV->CATS->{2}->Formats
         );
 
 
@@ -1082,7 +847,8 @@ HTML;
             $trID = 'container_scalars_vectors_tr',
             $Label = 'Format',
             $Torrent = $Torrent,
-            $FileTypes = array_merge($this->ImgFormats, $this->SeqFormats, $this->ProtFormats, $this->PlainFormats)
+            #$FileTypes = $ENV->flatten($ENV->CATS->{5}->Formats)
+            $FileTypes = $ENV->CATS->{5}->Formats
         );
 
 
@@ -1093,7 +859,8 @@ HTML;
             $trID = 'container_images_tr',
             $Label = 'Format',
             $Torrent = $Torrent,
-            $FileTypes = array_merge($this->ImgFormats, $this->PlainFormats)
+            #$FileTypes = array_merge($this->ImgFormats)
+            $FileTypes = $ENV->CATS->{8}->Formats
         );
 
 
@@ -1104,7 +871,8 @@ HTML;
             $trID = 'container_spatial_tr',
             $Label = 'Format',
             $Torrent = $Torrent,
-            $FileTypes = array_merge($this->MapVectorFormats, $this->MapRasterFormats, $this->ImgFormats, $this->PlainFormats)
+            #$FileTypes = array_merge($this->MapVectorFormats, $this->MapRasterFormats, $this->ImgFormats, $this->PlainFormats)
+            $FileTypes = $ENV->CATS->{9}->Formats
         );
 
 
@@ -1115,7 +883,8 @@ HTML;
             $trID = 'container_documents_tr',
             $Label = 'Format',
             $Torrent = $Torrent,
-            $FileTypes = array_merge($this->BinDocFormats, $this->CpuGenFormats, $this->PlainFormats)
+            #$FileTypes = array_merge($this->BinDocFormats, $this->CpuGenFormats, $this->PlainFormats)
+            $FileTypes = $ENV->CATS->{11}->Formats
         );
 
 
@@ -1126,7 +895,8 @@ HTML;
             $trID = 'archive_tr',
             $Label = 'Archive',
             $Torrent = $Torrent,
-            $FileTypes = $this->Archives
+            # $ENV->Archives nests -1 deep
+            $FileTypes = [$ENV->META->Formats->Archives]
         );
 
 
@@ -1264,47 +1034,31 @@ HTML;
             $TorrentImage = display_str($Torrent['Image']);
             $Disabled = $this->Disabled;
 
-            echo <<<HTML
-            <tr id="cover_tr">
-            <td>
-              <label for="image">
-                Picture
-              </label>
-            </td>
-            
-            <td>
-              <input type="text" id="image" name="image" size="60"
-                placeholder="A meaningful picture, e.g., the specimen or a thumbnail"
-                value="$TorrentImage" $Disabled? />
-            </td>
-          </tr>
-HTML;
+            echo $Twig->render(
+                'torrent_form/picture.html',
+                [
+                    'db' => $ENV->DB->picture,
+                    'picture' => $TorrentImage,
+                ]
+            );
         }
 
 
         /**
          * Mirrors
          *
-         * This should be in the `torrents` table not `torrents_group`.
+         * This should be in the `torrents` table not `torrents_group.`
          * The intended use is for web seeds, Dat mirrors, etc.
          */
         if (!$this->DisabledFlag && $this->NewTorrent) {
             $TorrentMirrors = display_str($Torrent['Mirrors']);
-            echo <<<HTML
-            <tr id="mirrors_tr">
-              <td>
-                <label for="mirrors">
-                  Mirrors
-                </label>
-              </td>
-              
-              <td>
-                <!-- Needs to be all on one line -->
-                <textarea rows="2" name="mirrors" id="mirrors"
-                  placeholder="Up to two FTP/HTTP addresses that either point directly to a file, or for multi-file torrents, to the enclosing folder">$TorrentMirrors</textarea>
-              </td>
-            </tr>
-HTML;
+            echo $Twig->render(
+                'torrent_form/mirrors.html',
+                [
+                  'db' => $ENV->DB->mirrors,
+                  'mirrors' => $TorrentMirrors,
+              ]
+            );
         }
 
 
@@ -1337,6 +1091,22 @@ HTML;
         }
 
 
+        /**
+         * Seqhash
+         */
+
+        if ($ENV->FEATURE_BIOPHP && !$this->DisabledFlag && $this->NewTorrent) {
+            $TorrentSeqhash = display_str($Torrent['Seqhash']);
+            echo $Twig->render(
+                'torrent_form/seqhash.html',
+                [
+                    'db' => $ENV->DB->seqhash,
+                    'seqhash' => $TorrentSeqhash,
+                ]
+            );
+        }
+
+
         /**
          * Torrent group description
          *
@@ -1455,7 +1225,6 @@ HTML;
         echo '</table>';
 
         # Drink a stiff one
-        $this->foot();
         G::$DB->set_query_id($QueryID);
     } # End upload_form()
 } # End TorrentForm()

classes/torrents.class.php

@@ -60,54 +60,98 @@ class Torrents
                 unset($GroupIDs[$i], $Found[$GroupID], $NotFound[$GroupID]);
                 continue;
             }
+
             $Data = G::$Cache->get_value($Key . $GroupID, true);
             if (!empty($Data) && is_array($Data) && $Data['ver'] === Cache::GROUP_VERSION) {
                 unset($NotFound[$GroupID]);
                 $Found[$GroupID] = $Data['d'];
             }
         }
+
         // Make sure there's something in $GroupIDs, otherwise the SQL will break
         if (count($GroupIDs) === 0) {
             return [];
         }
 
-        /*
-        Changing any of these attributes returned will cause very large, very dramatic site-wide chaos.
-        Do not change what is returned or the order thereof without updating:
-          torrents, artists, collages, bookmarks, better, the front page,
-        and anywhere else the get_groups function is used.
-        Update self::array_group(), too
-        */
+        /**
+         * Changing any of these attributes returned will cause very large, very dramatic site-wide chaos.
+         * Do not change what is returned or the order thereof without updating:
+         * torrents, artists, collages, bookmarks, better, the front page,
+         * and anywhere else the get_groups function is used.
+         * Update self::array_group(), too.
+         */
 
         if (count($NotFound) > 0) {
             $IDs = implode(',', array_keys($NotFound));
             $NotFound = [];
             $QueryID = G::$DB->get_query_id();
-            G::$DB->query("
+
+            G::$DB->prepare_query("
             SELECT
-              ID, Name, Title2, NameJP, Year, CatalogueNumber, Studio, Series, TagList, WikiImage, CategoryID
-            FROM torrents_group
-              WHERE ID IN ($IDs)");
+              `id`,
+              `title`,
+              `subject`,
+              `object`,
+              `year`,
+              `identifier`,
+              `workgroup`,
+              `location`,
+              `tag_list`,
+              `picture`,
+              `category_id`
+            FROM
+              `torrents_group`
+            WHERE
+              `id` IN($IDs)
+            ");
+            G::$DB->exec_prepared_query();
 
             while ($Group = G::$DB->next_record(MYSQLI_ASSOC, true)) {
-                $NotFound[$Group['ID']] = $Group;
-                $NotFound[$Group['ID']]['Torrents'] = [];
-                $NotFound[$Group['ID']]['Artists'] = [];
+                $NotFound[$Group['id']] = $Group;
+                $NotFound[$Group['id']]['Torrents'] = [];
+                $NotFound[$Group['id']]['Artists'] = [];
             }
             G::$DB->set_query_id($QueryID);
 
             if ($Torrents) {
                 $QueryID = G::$DB->get_query_id();
+
                 G::$DB->query("
-                  SELECT
-                  ID, GroupID, Media, Container, Codec, Resolution, Version,
-                    Censored, Archive, FileCount, FreeTorrent,
-                    Size, Leechers, Seeders, Snatched, Time, f.ExpiryTime, ID AS HasFile,
-                    FreeLeechType, hex(info_hash) as info_hash
-                  FROM torrents
-                    LEFT JOIN shop_freeleeches AS f ON f.TorrentID=ID
-                    WHERE GroupID IN ($IDs)
-                  ORDER BY GroupID, Media, Container, Codec, ID");
+                SELECT
+                  `ID`,
+                  `GroupID`,
+                  `Media`,
+                  `Container`,
+                  `Codec`,
+                  `Resolution`,
+                  `Version`,
+                  `Censored`,
+                  `Archive`,
+                  `FileCount`,
+                  `FreeTorrent`,
+                  `Size`,
+                  `Leechers`,
+                  `Seeders`,
+                  `Snatched`,
+                  `Time`,
+                  f.`ExpiryTime`,
+                  `ID` AS `HasFile`,
+                  `FreeLeechType`,
+                  HEX(`info_hash`) AS `info_hash`
+                FROM
+                  `torrents`
+                LEFT JOIN `shop_freeleeches` AS f
+                ON
+                  f.`TorrentID` = `ID`
+                WHERE
+                  `GroupID` IN($IDs)
+                ORDER BY
+                  `GroupID`,
+                  `Media`,
+                  `Container`,
+                  `Codec`,
+                  `ID`
+                ");
                   
                 while ($Torrent = G::$DB->next_record(MYSQLI_ASSOC, true)) {
                     $NotFound[$Torrent['GroupID']]['Torrents'][$Torrent['ID']] = $Torrent;
@@ -138,6 +182,7 @@ class Torrents
                 }
                 $Found[$GroupID]['Artists'] = $Data;
             }
+
             // Fetch all user specific torrent properties
             if ($Torrents) {
                 foreach ($Found as &$Group) {
@@ -166,18 +211,18 @@ class Torrents
     public static function array_group(array &$Group)
     {
         return array(
-          'GroupID' => $Group['ID'],
-          'GroupName' => $Group['Name'],
-          'GroupTitle2' => $Group['Title2'],
-          'GroupNameJP' => $Group['NameJP'],
-          'GroupYear' => $Group['Year'],
-          'GroupCategoryID' => $Group['CategoryID'],
-          'GroupCatalogueNumber' => $Group['CatalogueNumber'],
-          'GroupStudio' => $Group['Studio'],
-          'GroupSeries' => $Group['Series'],
+          'id' => $Group['id'],
+          'title' => $Group['title'],
+          'subject' => $Group['subject'],
+          'object' => $Group['object'],
+          'published' => $Group['published'],
+          'category_id' => $Group['category_id'],
+          'identifier' => $Group['identifier'],
+          'workgroup' => $Group['workgroup'],
+          'location' => $Group['location'],
           'GroupFlags' => ($Group['Flags'] ?? ''),
-          'TagList' => $Group['TagList'],
-          'WikiImage' => $Group['WikiImage'],
+          'tag_list' => $Group['tag_list'],
+          'picture' => $Group['picture'],
           'Torrents' => $Group['Torrents'],
           'Artists' => $Group['Artists']
         );
@@ -231,18 +276,24 @@ class Torrents
     {
         global $Time;
         $QueryID = G::$DB->get_query_id();
-        G::$DB->query(
-            "
-        INSERT INTO group_log
-          (GroupID, TorrentID, UserID, Info, Time, Hidden)
-        VALUES
-          (?, ?, ?, ?, NOW(), ?)",
-            $GroupID,
-            $TorrentID,
-            $UserID,
-            $Message,
-            $Hidden
-        );
+        G::$DB->query("
+        INSERT INTO `group_log`(
+          `GroupID`,
+          `TorrentID`,
+          `UserID`,
+          `Info`,
+          `Time`,
+          `Hidden`
+        )
+        VALUES(
+          '$GroupID',
+          '$TorrentID',
+          '$UserID',
+          '$Message',
+          NOW(),
+          '$Hidden'
+        )
+        ");
         G::$DB->set_query_id($QueryID);
     }
 
@@ -371,12 +422,19 @@ class Torrents
 
         Misc::write_log("Group $GroupID automatically deleted (No torrents have this group).");
 
-        G::$DB->query("
-        SELECT CategoryID
-        FROM torrents_group
-          WHERE ID = ?", $GroupID);
+        G::$DB->prepare_query("
+        SELECT
+          `category_id`
+        FROM
+          `torrents_group`
+        WHERE
+          `id` = '$GroupID'
+        ");
+        G::$DB->exec_prepared_query();
         list($Category) = G::$DB->next_record();
-        if ($Category == 1) {
+
+        # todo: Check strict equality here
+        if ($Category === 1) {
             G::$Cache->decrement('stats_album_count');
         }
         G::$Cache->decrement('stats_group_count');
@@ -459,18 +517,41 @@ class Torrents
         // Comments
         Comments::delete_page('torrents', $GroupID);
 
-        G::$DB->query("
-        DELETE FROM torrents_group
-          WHERE ID = ?", $GroupID);
-        G::$DB->query("
-        DELETE FROM torrents_tags
-          WHERE GroupID = ?", $GroupID);
-        G::$DB->query("
-        DELETE FROM bookmarks_torrents
-          WHERE GroupID = ?", $GroupID);
-        G::$DB->query("
-        DELETE FROM wiki_torrents
-          WHERE PageID = ?", $GroupID);
+        G::$DB->prepare_query("
+        DELETE
+        FROM
+          `torrents_group`
+        WHERE
+          `id` = '$GroupID'
+        ");
+        G::$DB->exec_prepared_query();
+
+        G::$DB->prepare_query("
+        DELETE
+        FROM
+          `torrents_tags`
+        WHERE
+          `GroupID` = '$GroupID'
+        ");
+        G::$DB->exec_prepared_query();
+
+        G::$DB->prepare_query("
+        DELETE
+        FROM
+          `bookmarks_torrents`
+        WHERE
+          `GroupID` = '$GroupID'
+        ");
+        G::$DB->exec_prepared_query();
+
+        G::$DB->prepare_query("
+        DELETE
+        FROM
+          `wiki_torrents`
+        WHERE
+          `PageID` = '$GroupID'
+        ");
+        G::$DB->exec_prepared_query();
 
         G::$Cache->delete_value("torrents_details_$GroupID");
         G::$Cache->delete_value("torrent_group_$GroupID");
@@ -483,55 +564,129 @@ class Torrents
      *
      * @param int $GroupID
      */
-    public static function update_hash($GroupID)
+    public static function update_hash(int $GroupID)
     {
         $QueryID = G::$DB->get_query_id();
 
-        G::$DB->query("
-        UPDATE torrents_group
-        SET TagList = (
-          SELECT REPLACE(GROUP_CONCAT(tags.Name SEPARATOR ' '), '.', '_')
-          FROM torrents_tags AS t
-            INNER JOIN tags ON tags.ID = t.TagID
-          WHERE t.GroupID = ?
-          GROUP BY t.GroupID
+        G::$DB->prepare_query("
+        UPDATE
+          `torrents_group`
+        SET
+          `tag_list` =(
+          SELECT
+          REPLACE
+            (
+              GROUP_CONCAT(tags.Name SEPARATOR ' '),
+              '.',
+              '_'
+            )
+          FROM
+            `torrents_tags` AS t
+          INNER JOIN `tags` ON tags.`ID` = t.`TagID`
+          WHERE
+            t.`GroupID` = '$GroupID'
+          GROUP BY
+            t.`GroupID`
         )
-          WHERE ID = ?", $GroupID, $GroupID);
+        WHERE
+          `ID` = '$GroupID'
+        ");
+        G::$DB->exec_prepared_query();
 
         // Fetch album artists
-        G::$DB->query("
-        SELECT GROUP_CONCAT(ag.Name separator ' ')
-        FROM torrents_artists AS ta
-          JOIN artists_group AS ag ON ag.ArtistID = ta.ArtistID
-          WHERE ta.GroupID = ?
-        GROUP BY ta.GroupID", $GroupID);
+        G::$DB->prepare_query("
+        SELECT GROUP_CONCAT(ag.`Name` separator ' ')
+        FROM `torrents_artists` AS `ta`
+          JOIN `artists_group` AS ag ON ag.`ArtistID` = ta.`ArtistID`
+          WHERE ta.`GroupID` = '$GroupID'
+        GROUP BY ta.`GroupID`
+        ");
+        G::$DB->exec_prepared_query();
+
         if (G::$DB->has_results()) {
             list($ArtistName) = G::$DB->next_record(MYSQLI_NUM, false);
         } else {
             $ArtistName = '';
         }
 
-        G::$DB->query("
-        REPLACE INTO sphinx_delta
-          (ID, GroupID, GroupName, GroupTitle2, GroupNameJP, TagList, Year, CatalogueNumber, CategoryID, Time,
-          Size, Snatched, Seeders, Leechers, Censored, Studio, Series,
-          FreeTorrent, Media, Container, Codec, Resolution, Version, Description,
-          FileList, ArtistName)
+        G::$DB->prepare_query("
+        REPLACE
+        INTO sphinx_delta(
+          `ID`,
+          `GroupID`,
+          `GroupName`,
+          `GroupTitle2`,
+          `GroupNameJP`,
+          `TagList`,
+          `Year`,
+          `CatalogueNumber`,
+          `CategoryID`,
+          `Time`,
+          `Size`,
+          `Snatched`,
+          `Seeders`,
+          `Leechers`,
+          `Censored`,
+          `Studio`,
+          `Series`,
+          `FreeTorrent`,
+          `Media`,
+          `Container`,
+          `Codec`,
+          `Resolution`,
+          `Version`,
+          `Description`,
+          `FileList`,
+          `ArtistName`
+        )
         SELECT
-          t.ID, g.ID, Name, Title2, NameJP, TagList, Year, CatalogueNumber, CategoryID, UNIX_TIMESTAMP(t.Time),
-          Size, Snatched, Seeders, Leechers, Censored, Studio, Series,
-          CAST(FreeTorrent AS CHAR), Media, Container, Codec, Resolution, Version, Description,
-          REPLACE(REPLACE(FileList, '_', ' '), '/', ' ') AS FileList, ?
-        FROM torrents AS t
-          JOIN torrents_group AS g ON g.ID = t.GroupID
-          WHERE g.ID = ?", $ArtistName, $GroupID);
+          t.`ID`,
+          g.`id`,
+          g.`title`,
+          g.`subject`,
+          g.`object`,
+          g.`tag_list`,
+          g.`year`,
+          g.`identifier`,
+          g.`category_id`,
+          UNIX_TIMESTAMP(t.`Time`),
+          t.`Size`,
+          t.`Snatched`,
+          t.`Seeders`,
+          t.`Leechers`,
+          t.`Censored`,
+          g.`workgroup`,
+          g.`location`,
+          CAST(`FreeTorrent` AS CHAR),
+          t.`Media`,
+          t.`Container`,
+          t.`Codec`,
+          t.`Resolution`,
+          t.`Version`,
+          t.`Description`,
+        REPLACE
+          (
+        REPLACE
+          (`FileList`, '_', ' '),
+          '/',
+          ' '
+        ) AS FileList,
+        '$ArtistName'
+        FROM
+          `torrents` AS t
+        JOIN `torrents_group` AS g
+        ON
+          g.`id` = t.`GroupID`
+        WHERE
+          g.`id` = '$GroupID'
+        ");
+        G::$DB->exec_prepared_query();
 
         G::$Cache->delete_value("torrents_details_$GroupID");
         G::$Cache->delete_value("torrent_group_$GroupID");
         G::$Cache->delete_value("torrent_group_light_$GroupID");
 
         $ArtistInfo = Artists::get_artist($GroupID);
-
         G::$Cache->delete_value("groups_artists_$GroupID");
         G::$DB->set_query_id($QueryID);
     }

classes/twig.class.php

@@ -0,0 +1,277 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * Twig class
+ *
+ * Converted to a singleton class like $ENV.
+ * One instance should only ever exist,
+ * because of its separate disk cache system.
+ *
+ * Based on OPS's useful rule set:
+ * https://github.com/OPSnet/Gazelle/blob/master/app/Util/Twig.php
+ */
+
+class Twig
+{
+    /**
+     * __functions
+     */
+
+    private static $Twig = null;
+
+    private function __construct()
+    {
+        return;
+    }
+
+    public function __clone()
+    {
+        return trigger_error(
+            'clone() not allowed',
+            E_USER_ERROR
+        );
+    }
+
+    public function __wakeup()
+    {
+        return trigger_error(
+            'wakeup() not allowed',
+            E_USER_ERROR
+        );
+    }
+
+
+    /**
+     * go
+     */
+    public static function go()
+    {
+        return (self::$Twig === null)
+            ? self::$Twig = Twig::factory()
+            : self::$Twig;
+    }
+
+
+    /**
+     * factory
+     */
+
+    private static function factory(): \Twig\Environment
+    {
+        $ENV = ENV::go();
+
+        # https://twig.symfony.com/doc/3.x/api.html
+        $Twig = new \Twig\Environment(
+            new \Twig\Loader\FilesystemLoader("$ENV->SERVER_ROOT/templates"),
+            [
+                'auto_reload' => true,
+                'autoescape' => 'name',
+                'cache' => "$ENV->WEB_ROOT/cache/twig",
+                'debug' => $ENV->DEV,
+                'strict_variables' => true,
+        ]
+        );
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'article',
+            function ($word) {
+                return preg_match('/^[aeiou]/i', $word) ? 'an' : 'a';
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'b64',
+            function (string $binary) {
+                return base64_encode($binary);
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'bb_format',
+            function ($text) {
+                return new \Twig\Markup(\Text::full_format($text), 'UTF-8');
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'checked',
+            function ($isChecked) {
+                return $isChecked ? ' checked="checked"' : '';
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'image',
+            function ($i) {
+                return new \Twig\Markup(\ImageTools::process($i, true), 'UTF-8');
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'ipaddr',
+            function ($ipaddr) {
+                return new \Twig\Markup(\Tools::display_ip($ipaddr), 'UTF-8');
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'octet_size',
+            function ($size, array $option = []) {
+                return \Format::get_size($size, empty($option) ? 2 : $option[0]);
+            },
+            ['is_variadic' => true]
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'plural',
+            function ($number) {
+                return plural($number);
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'selected',
+            function ($isSelected) {
+                return $isSelected ? ' selected="selected"' : '';
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'shorten',
+            function (string $text, int $length) {
+                return shortenString($text, $length);
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'time_diff',
+            function ($time) {
+                return new \Twig\Markup(time_diff($time), 'UTF-8');
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'ucfirst',
+            function ($text) {
+                return ucfirst($text);
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'ucfirstall',
+            function ($text) {
+                return implode(' ', array_map(function ($w) {
+                    return ucfirst($w);
+                }, explode(' ', $text)));
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'user_url',
+            function ($userId) {
+                return new \Twig\Markup(\Users::format_username($userId, false, false, false), 'UTF-8');
+            }
+        ));
+
+        $Twig->addFilter(new \Twig\TwigFilter(
+            'user_full',
+            function ($userId) {
+                return new \Twig\Markup(\Users::format_username($userId, true, true, true, true), 'UTF-8');
+            }
+        ));
+
+        $Twig->addFunction(new \Twig\TwigFunction('donor_icon', function ($icon, $userId) {
+            return new \Twig\Markup(
+                \ImageTools::process($icon, false, 'donoricon', $userId),
+                'UTF-8'
+            );
+        }));
+
+        $Twig->addFunction(new \Twig\TwigFunction('privilege', function ($default, $config, $key) {
+            return new \Twig\Markup(
+                (
+                    $default
+                    ? sprintf(
+                        '<input id="%s" type="checkbox" disabled="disabled"%s />&nbsp;',
+                        "default_$key",
+                        (isset($default[$key]) && $default[$key] ? ' checked="checked"' : '')
+                    )
+                    : ''
+                )
+                . sprintf(
+                    '<input type="checkbox" name="%s" id="%s" value="1"%s />&nbsp;<label title="%s" for="%s">%s</label><br />',
+                    "perm_$key",
+                    $key,
+                    (empty($config[$key]) ? '' : ' checked="checked"'),
+                    $key,
+                    $key,
+                    \Permissions::list()[$key] ?? "!unknown($key)!"
+                ),
+                'UTF-8'
+            );
+        }));
+
+        $Twig->addFunction(new \Twig\TwigFunction('ratio', function ($up, $down) {
+            return new \Twig\Markup(
+                \Format::get_ratio_html($up, $down),
+                'UTF-8'
+            );
+        }));
+
+        $Twig->addFunction(new \Twig\TwigFunction('resolveCountryIpv4', function ($addr) {
+            return new \Twig\Markup(
+                (function ($ip) {
+                    static $cache = [];
+                    if (!isset($cache[$ip])) {
+                        $Class = strtr($ip, '.', '-');
+                        $cache[$ip] = '<span class="cc_'.$Class.'">Resolving CC...'
+                            . '<script type="text/javascript">'
+                                . '$(document).ready(function() {'
+                                    . '$.get(\'tools.php?action=get_cc&ip='.$ip.'\', function(cc) {'
+                                        . '$(\'.cc_'.$Class.'\').html(cc);'
+                                    . '});'
+                                . '});'
+                            . '</script></span>';
+                    }
+                    return $cache[$ip];
+                })($addr),
+                'UTF-8'
+            );
+        }));
+
+        $Twig->addFunction(new \Twig\TwigFunction('resolveIpv4', function ($addr) {
+            return new \Twig\Markup(
+                (function ($ip) {
+                    if (!$ip) {
+                        $ip = '127.0.0.1';
+                    }
+                    static $cache = [];
+                    if (!isset($cache[$ip])) {
+                        $class = strtr($ip, '.', '-');
+                        $cache[$ip] = '<span class="host_' . $class
+                            . '">Resolving host' . "\xE2\x80\xA6" . '<script type="text/javascript">$(document).ready(function() {'
+                            .  "\$.get('tools.php?action=get_host&ip=$ip', function(host) {\$('.host_$class').html(host)})})</script></span>";
+                    }
+                    return $cache[$ip];
+                })($addr),
+                'UTF-8'
+            );
+        }));
+
+        $Twig->addFunction(new \Twig\TwigFunction('shorten', function ($text, $length) {
+            return new \Twig\Markup(
+                shortenString($text, $length),
+                'UTF-8'
+            );
+        }));
+
+        $Twig->addTest(
+            new \Twig\TwigTest('numeric', function ($value) {
+                return is_numeric($value);
+            })
+        );
+
+        return $Twig;
+    }
+}

classes/userrank.class.php

@@ -1,133 +1,216 @@
 <?php
-#declare(strict_types=1);
+declare(strict_types=1);
 
 class UserRank
 {
-    const PREFIX = 'percentiles_'; // Prefix for memcache keys, to make life easier
+    # Prefix for memcache keys, to make life easier
+    const PREFIX = 'percentiles_';
 
-    // Returns a 101 row array (101 percentiles - 0 - 100), with the minimum value for that percentile as the value for each row
-    // BTW - ingenious
+
+    /**
+     * Returns a 101 row array (101 percentiles: 0-100),
+     * with the minimum value for that percentile as the value for each row.
+     *
+     * BTW - ingenious
+     */
     private static function build_table($MemKey, $Query)
     {
         $QueryID = G::$DB->get_query_id();
 
-        G::$DB->query("
-        DROP TEMPORARY TABLE IF EXISTS temp_stats");
+        G::$DB->prepare_query("
+        DROP TEMPORARY TABLE IF EXISTS
+          `temp_stats`
+        ");
+        G::$DB->exec_prepared_query();
 
-        G::$DB->query("
-        CREATE TEMPORARY TABLE temp_stats (
-          ID int(10) NOT NULL PRIMARY KEY AUTO_INCREMENT,
-          Val bigint(20) NOT NULL
-        );");
+        G::$DB->prepare_query("
+        CREATE TEMPORARY TABLE `temp_stats`(
+          `id` INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
+          `value` BIGINT NOT NULL
+        );
+        ");
+        G::$DB->exec_prepared_query();
 
-        G::$DB->query("
-        INSERT INTO temp_stats (Val) ".
-        $Query);
+        G::$DB->prepare_query("
+        INSERT INTO `temp_stats`(`value`) "
+        . $Query
+        );
+        G::$DB->exec_prepared_query();
 
-        G::$DB->query("
-        SELECT COUNT(ID)
-        FROM temp_stats");
+        G::$DB->prepare_query("
+        SELECT
+          COUNT(`id`)
+        FROM
+          `temp_stats`
+        ");
+        G::$DB->exec_prepared_query();
         list($UserCount) = G::$DB->next_record();
 
+        $UserCount = (int) $UserCount;
         G::$DB->query("
-        SELECT MIN(Val)
-        FROM temp_stats
-          GROUP BY CEIL(ID / (".(int)$UserCount." / 100));");
+        SELECT
+          MIN(`value`)
+        FROM
+          `temp_stats`
+        GROUP BY
+          CEIL(`id` /($UserCount / 100));
+        ");
+        G::$DB->exec_prepared_query();
 
         $Table = G::$DB->to_array();
         G::$DB->set_query_id($QueryID);
 
-        // Give a little variation to the cache length, so all the tables don't expire at the same time
+        # Give a little variation to the cache length, so all the tables don't expire at the same time
         G::$Cache->cache_value($MemKey, $Table, 3600 * 24 * rand(800, 1000) * 0.001);
 
         return $Table;
     }
 
+
+    /**
+     * table_query
+     */
     private static function table_query($TableName)
     {
         switch ($TableName) {
-        case 'uploaded':
-          $Query =  "
-          SELECT Uploaded
-          FROM users_main
-          WHERE Enabled = '1'
-            AND Uploaded > 0
-          ORDER BY Uploaded;";
-          break;
-
-        case 'downloaded':
-          $Query =  "
-          SELECT Downloaded
-          FROM users_main
-          WHERE Enabled = '1'
-            AND Downloaded > 0
-          ORDER BY Downloaded;";
-          break;
-
-        case 'uploads':
-          $Query = "
-          SELECT COUNT(t.ID) AS Uploads
-          FROM users_main AS um
-            JOIN torrents AS t ON t.UserID = um.ID
-          WHERE um.Enabled = '1'
-          GROUP BY um.ID
-          ORDER BY Uploads;";
-          break;
-
-        case 'requests':
-          $Query = "
-          SELECT COUNT(r.ID) AS Requests
-          FROM users_main AS um
-            JOIN requests AS r ON r.FillerID = um.ID
-          WHERE um.Enabled = '1'
-          GROUP BY um.ID
-          ORDER BY Requests;";
-          break;
-
-        case 'posts':
-          $Query = "
-          SELECT COUNT(p.ID) AS Posts
-          FROM users_main AS um
-            JOIN forums_posts AS p ON p.AuthorID = um.ID
-          WHERE um.Enabled = '1'
-          GROUP BY um.ID
-          ORDER BY Posts;";
-          break;
-
-        case 'bounty':
-          $Query = "
-          SELECT SUM(rv.Bounty) AS Bounty
-          FROM users_main AS um
-            JOIN requests_votes AS rv ON rv.UserID = um.ID
-          WHERE um.Enabled = '1' " .
-          "GROUP BY um.ID
-          ORDER BY Bounty;";
-          break;
-
-        case 'artists':
-          $Query = "
-          SELECT COUNT(ta.ArtistID) AS Artists
-          FROM torrents_artists AS ta
-            JOIN torrents_group AS tg ON tg.ID = ta.GroupID
-            JOIN torrents AS t ON t.GroupID = tg.ID
-          WHERE t.UserID != ta.UserID
-          GROUP BY tg.ID
-          ORDER BY Artists ASC";
-          break;
+            case 'uploaded':
+            $Query =  "
+            SELECT
+              `Uploaded`
+            FROM
+              `users_main`
+            WHERE
+              `Enabled` = '1' AND `Uploaded` > 0
+            ORDER BY
+              `Uploaded`;
+            ";
+            break;
+
+            case 'downloaded':
+            $Query =  "
+            SELECT
+              `Downloaded`
+            FROM
+              `users_main`
+            WHERE
+              `Enabled` = '1' AND `Downloaded` > 0
+            ORDER BY
+              `Downloaded`;
+            ";
+            break;
+
+            case 'uploads':
+            $Query = "
+            SELECT
+              COUNT(t.`ID`) AS `Uploads`
+            FROM
+              `users_main` AS um
+            JOIN `torrents` AS t
+            ON
+              t.`UserID` = um.`ID`
+            WHERE
+              um.`Enabled` = '1'
+            GROUP BY
+              um.`ID`
+            ORDER BY
+              `Uploads`;
+            ";
+            break;
+
+            case 'requests':
+            $Query = "
+            SELECT
+              COUNT(r.`ID`) AS `Requests`
+            FROM
+              `users_main` AS um
+            JOIN `requests` AS r
+            ON
+              r.`FillerID` = um.`ID`
+            WHERE
+              um.`Enabled` = '1'
+            GROUP BY
+              um.`ID`
+            ORDER BY
+              `Requests`;
+            ";
+            break;
+
+            case 'posts':
+            $Query = "
+            SELECT
+              COUNT(p.`ID`) AS `Posts`
+            FROM
+              `users_main` AS um
+            JOIN `forums_posts` AS p
+            ON
+              p.`AuthorID` = um.`ID`
+            WHERE
+              um.`Enabled` = '1'
+            GROUP BY
+              um.`ID`
+            ORDER BY
+              `Posts`;
+            ";
+            break;
+
+            case 'bounty':
+            $Query = "
+            SELECT
+              SUM(rv.`Bounty`) AS `Bounty`
+            FROM
+              `users_main` AS um
+            JOIN `requests_votes` AS rv
+            ON
+              rv.`UserID` = um.`ID`
+            WHERE
+              um.`Enabled` = '1'
+            GROUP BY
+              um.`ID`
+            ORDER BY
+              `Bounty`;
+            ";
+            break;
+
+            case 'artists':
+            $Query = "
+            SELECT
+              COUNT(ta.`ArtistID`) AS `Artists`
+            FROM
+              `torrents_artists` AS ta
+            JOIN `torrents_group` AS tg
+            ON
+              tg.`id` = ta.`GroupID`
+            JOIN `torrents` AS t
+            ON
+              t.`GroupID` = tg.`id`
+            WHERE
+              t.`UserID` != ta.`UserID`
+            GROUP BY
+              tg.`id`
+            ORDER BY
+              `Artists` ASC
+            ";
+            break;
         }
+
         return $Query;
     }
 
+
+    /**
+     * get_rank
+     */
     public static function get_rank($TableName, $Value)
     {
-        if ($Value == 0) {
+        if ($Value === 0) {
             return 0;
         }
 
         $Table = G::$Cache->get_value(self::PREFIX.$TableName);
         if (!$Table) {
-            //Cache lock!
+            # Cache lock!
             $Lock = G::$Cache->get_value(self::PREFIX.$TableName.'_lock');
+
             if ($Lock) {
                 return false;
             } else {
@@ -140,17 +223,25 @@ class UserRank
         $LastPercentile = 0;
         foreach ($Table as $Row) {
             list($CurValue) = $Row;
+
             if ($CurValue >= $Value) {
                 return $LastPercentile;
             }
+
             $LastPercentile++;
         }
-        return 100; // 100th percentile
+
+        # 100th percentile
+        return 100;
     }
 
+
+    /**
+     * overall_score
+     */
     public static function overall_score($Uploaded, $Downloaded, $Uploads, $Requests, $Posts, $Bounty, $Artists, $Ratio)
     {
-        // We can do this all in 1 line, but it's easier to read this way
+        # We can do this all in 1 line, but it's easier to read this way
         if ($Ratio > 1) {
             $Ratio = 1;
         }
@@ -169,6 +260,7 @@ class UserRank
         $TotalScore += $Artists;
         $TotalScore /= (15 + 8 + 25 + 2 + 1 + 1 + 1);
         $TotalScore *= $Ratio;
+        
         return $TotalScore;
     }
 }

classes/users.class.php

@@ -457,10 +457,9 @@ class Users
      * @param boolean $IsEnabled
      * @param boolean $Class whether or not to show the class
      * @param boolean $Title whether or not to show the title
-     * @param boolean $IsDonorForum for displaying donor forum honorific prefixes and suffixes
      * @return HTML formatted username
      */
-    public static function format_username($UserID, $Badges = false, $IsWarned = true, $IsEnabled = true, $Class = false, $Title = false, $IsDonorForum = false)
+    public static function format_username($UserID, $Badges = false, $IsWarned = true, $IsEnabled = true, $Class = false, $Title = false)
     {
         global $Classes;
 
@@ -490,11 +489,6 @@ class Users
         # Show donor icon?
         $ShowDonorIcon = (!in_array('hide_donor_heart', $Paranoia) || $OverrideParanoia);
 
-        if ($IsDonorForum) {
-            list($Prefix, $Suffix, $HasComma) = Donations::get_titles($UserID);
-            $Username = "$Prefix $Username" . ($HasComma ? ', ' : ' ') . "$Suffix ";
-        }
-
         if ($Title) {
             $Str .= "<strong><a href='user.php?id=$UserID'>$Username</a></strong>";
         } else {

classes/util.php

@@ -383,14 +383,14 @@ function error($Error = 1, $NoHTML = false, $Log = false, $Debug = true) # , $JS
      * Append $Log
      * Formerly in sections/error/index.php
      */
-    if ($Log ?? false) {
+    if ($Log) {
         $Message .= " <a href='log.php?search=$Title'>Search Log</a>";
     }
 
     /**
      * Append $Debug
      */
-    if ($Debug ?? false) {
+    if ($Debug) {
         $DateTime = strftime('%c', $_SERVER['REQUEST_TIME']);
         $BackTrace = debug_string_backtrace();
 
@@ -508,7 +508,12 @@ function json_print($Status, $Message)
         $response = ['status' => $Status, 'response' => []];
     }
 
-    print(json_encode(add_json_info($response)));
+    print(
+        json_encode(
+            add_json_info($response),
+            JSON_UNESCAPED_SLASHES
+        )
+    );
 }
 
 /**
@@ -516,7 +521,15 @@ function json_print($Status, $Message)
  */
 function json_error($Code)
 {
-    echo json_encode(add_json_info(['status' => 'failure', 'error' => $Code, 'response' => []]));
+    echo json_encode(
+        add_json_info(
+            [
+                'status' => 'failure',
+                'error' => $Code,
+                'response' => []
+            ]
+        )
+    );
     die();
 }
 

classes/validate.class.php

@@ -46,6 +46,34 @@
 
 class Validate
 {
+    /**
+     * mirrors
+     *
+     * @param string $String The raw textarea, e.g., from torrent_form.class.php
+     * @param string $Regex  The regex to test against, e.g., from $ENV
+     * @return array An array of unique values that match the regex
+     */
+    public function textarea2array(string $String, string $Regex)
+    {
+        $ENV = ENV::go();
+
+        $String = array_map(
+            'trim',
+            explode(
+                "\n",
+                $String
+            )
+        );
+        
+        return array_unique(
+            preg_grep(
+                "/^$Regex$/i",
+                $String
+            )
+        );
+    }
+
+    
     /**
      * title
      *
@@ -190,7 +218,7 @@ class Validate
      * Extension Parser
      *
      * Takes an associative array of file types and extension, e.g.,
-     * $Archives = [
+     * $ENV->META->Archives = [
      *   '7z'     => ['7z'],
      *   'bzip2'  => ['bz2', 'bzip2'],
      *   'gzip'   => ['gz', 'gzip', 'tgz', 'tpz'],
@@ -245,58 +273,6 @@ class Validate
     }
 
 
-    /**
-     * Make input
-     * https://www.w3schools.com/html/html_form_input_types.asp
-     *
-     * Generate a secure HTML input element.
-     * Takes $Type, $Name (also used for id), and $Classes.
-     * Outputs a hardened input with the requested attributes.
-     *
-     * todo: See if this could work, one ugly switch for all forms in sections/
-     */
-
-    public function MakeInput($Type = 'text', $Name = '', $Classes = [])
-    {
-        if (!is_str($Type) || !is_str($Name)) {
-            error('$Type and $Name must be strings');
-        }
-
-        # Intentionally double quoted PHP constructing $HTML
-        # <input type='text' id='title_jp' name='title_jp' class='one two'
-        $HTML  = "";
-        $HTML .= "<input type='$Type' id='$Name' name='$Name'";
-        $HTML .= (!empty($Classes)) ? " class='" . implode(' ', $Classes) . "'" : "";
-
-        /*
-        'button'
-        'checkbox'
-        'color'
-        'date'
-        'datetime-local'
-        'email'
-        'file'
-        'hidden'
-        'image'
-        'month'
-        'number'
-        'password'
-        'radio'
-        'range'
-        'reset'
-        'search'
-        'submit'
-        'tel'
-        'text'
-        'time'
-        'url'
-        'week'
-        */
-                
-        return;
-    }
-    
-
     /**
      * Legacy class
      */

classes/vendor/ParsedownExtra.php

@@ -1,687 +0,0 @@
-<?php
-#declare(strict_types=1);
-
-#
-#
-# Parsedown Extra
-# https://github.com/erusev/parsedown-extra
-#
-# (c) Emanuil Rusev
-# http://erusev.com
-#
-# For the full license information, view the LICENSE file that was distributed
-# with this source code.
-#
-#
-
-class ParsedownExtra extends Parsedown
-{
-    # ~
-
-    const version = '0.8.0';
-
-    # ~
-
-    function __construct()
-    {
-        if (version_compare(parent::version, '1.7.1') < 0)
-        {
-            throw new Exception('ParsedownExtra requires a later version of Parsedown');
-        }
-
-        $this->BlockTypes[':'] []= 'DefinitionList';
-        $this->BlockTypes['*'] []= 'Abbreviation';
-
-        # identify footnote definitions before reference definitions
-        array_unshift($this->BlockTypes['['], 'Footnote');
-
-        # identify footnote markers before before links
-        array_unshift($this->InlineTypes['['], 'FootnoteMarker');
-    }
-
-    #
-    # ~
-
-    function text($text)
-    {
-        $Elements = $this->textElements($text);
-
-        # convert to markup
-        $markup = $this->elements($Elements);
-
-        # trim line breaks
-        $markup = trim($markup, "\n");
-
-        # merge consecutive dl elements
-
-        $markup = preg_replace('/<\/dl>\s+<dl>\s+/', '', $markup);
-
-        # add footnotes
-
-        if (isset($this->DefinitionData['Footnote']))
-        {
-            $Element = $this->buildFootnoteElement();
-
-            $markup .= "\n" . $this->element($Element);
-        }
-
-        return $markup;
-    }
-
-    #
-    # Blocks
-    #
-
-    #
-    # Abbreviation
-
-    protected function blockAbbreviation($Line)
-    {
-        if (preg_match('/^\*\[(.+?)\]:[ ]*(.+?)[ ]*$/', $Line['text'], $matches))
-        {
-            $this->DefinitionData['Abbreviation'][$matches[1]] = $matches[2];
-
-            $Block = array(
-                'hidden' => true,
-            );
-
-            return $Block;
-        }
-    }
-
-    #
-    # Footnote
-
-    protected function blockFootnote($Line)
-    {
-        if (preg_match('/^\[\^(.+?)\]:[ ]?(.*)$/', $Line['text'], $matches))
-        {
-            $Block = array(
-                'label' => $matches[1],
-                'text' => $matches[2],
-                'hidden' => true,
-            );
-
-            return $Block;
-        }
-    }
-
-    protected function blockFootnoteContinue($Line, $Block)
-    {
-        if ($Line['text'][0] === '[' and preg_match('/^\[\^(.+?)\]:/', $Line['text']))
-        {
-            return;
-        }
-
-        if (isset($Block['interrupted']))
-        {
-            if ($Line['indent'] >= 4)
-            {
-                $Block['text'] .= "\n\n" . $Line['text'];
-
-                return $Block;
-            }
-        }
-        else
-        {
-            $Block['text'] .= "\n" . $Line['text'];
-
-            return $Block;
-        }
-    }
-
-    protected function blockFootnoteComplete($Block)
-    {
-        $this->DefinitionData['Footnote'][$Block['label']] = array(
-            'text' => $Block['text'],
-            'count' => null,
-            'number' => null,
-        );
-
-        return $Block;
-    }
-
-    #
-    # Definition List
-
-    protected function blockDefinitionList($Line, $Block)
-    {
-        if ( ! isset($Block) or $Block['type'] !== 'Paragraph')
-        {
-            return;
-        }
-
-        $Element = array(
-            'name' => 'dl',
-            'elements' => array(),
-        );
-
-        $terms = explode("\n", $Block['element']['handler']['argument']);
-
-        foreach ($terms as $term)
-        {
-            $Element['elements'] []= array(
-                'name' => 'dt',
-                'handler' => array(
-                    'function' => 'lineElements',
-                    'argument' => $term,
-                    'destination' => 'elements'
-                ),
-            );
-        }
-
-        $Block['element'] = $Element;
-
-        $Block = $this->addDdElement($Line, $Block);
-
-        return $Block;
-    }
-
-    protected function blockDefinitionListContinue($Line, array $Block)
-    {
-        if ($Line['text'][0] === ':')
-        {
-            $Block = $this->addDdElement($Line, $Block);
-
-            return $Block;
-        }
-        else
-        {
-            if (isset($Block['interrupted']) and $Line['indent'] === 0)
-            {
-                return;
-            }
-
-            if (isset($Block['interrupted']))
-            {
-                $Block['dd']['handler']['function'] = 'textElements';
-                $Block['dd']['handler']['argument'] .= "\n\n";
-
-                $Block['dd']['handler']['destination'] = 'elements';
-
-                unset($Block['interrupted']);
-            }
-
-            $text = substr($Line['body'], min($Line['indent'], 4));
-
-            $Block['dd']['handler']['argument'] .= "\n" . $text;
-
-            return $Block;
-        }
-    }
-
-    #
-    # Header
-
-    protected function blockHeader($Line)
-    {
-        $Block = parent::blockHeader($Line);
-
-        if ($Block !== null && preg_match('/[ #]*{('.$this->regexAttribute.'+)}[ ]*$/', $Block['element']['handler']['argument'], $matches, PREG_OFFSET_CAPTURE))
-        {
-            $attributeString = $matches[1][0];
-
-            $Block['element']['attributes'] = $this->parseAttributeData($attributeString);
-
-            $Block['element']['handler']['argument'] = substr($Block['element']['handler']['argument'], 0, $matches[0][1]);
-        }
-
-        return $Block;
-    }
-
-    #
-    # Markup
-
-    protected function blockMarkup($Line)
-    {
-        if ($this->markupEscaped or $this->safeMode)
-        {
-            return;
-        }
-
-        if (preg_match('/^<(\w[\w-]*)(?:[ ]*'.$this->regexHtmlAttribute.')*[ ]*(\/)?>/', $Line['text'], $matches))
-        {
-            $element = strtolower($matches[1]);
-
-            if (in_array($element, $this->textLevelElements))
-            {
-                return;
-            }
-
-            $Block = array(
-                'name' => $matches[1],
-                'depth' => 0,
-                'element' => array(
-                    'rawHtml' => $Line['text'],
-                    'autobreak' => true,
-                ),
-            );
-
-            $length = strlen($matches[0]);
-            $remainder = substr($Line['text'], $length);
-
-            if (trim($remainder) === '')
-            {
-                if (isset($matches[2]) or in_array($matches[1], $this->voidElements))
-                {
-                    $Block['closed'] = true;
-                    $Block['void'] = true;
-                }
-            }
-            else
-            {
-                if (isset($matches[2]) or in_array($matches[1], $this->voidElements))
-                {
-                    return;
-                }
-                if (preg_match('/<\/'.$matches[1].'>[ ]*$/i', $remainder))
-                {
-                    $Block['closed'] = true;
-                }
-            }
-
-            return $Block;
-        }
-    }
-
-    protected function blockMarkupContinue($Line, array $Block)
-    {
-        if (isset($Block['closed']))
-        {
-            return;
-        }
-
-        if (preg_match('/^<'.$Block['name'].'(?:[ ]*'.$this->regexHtmlAttribute.')*[ ]*>/i', $Line['text'])) # open
-        {
-            $Block['depth'] ++;
-        }
-
-        if (preg_match('/(.*?)<\/'.$Block['name'].'>[ ]*$/i', $Line['text'], $matches)) # close
-        {
-            if ($Block['depth'] > 0)
-            {
-                $Block['depth'] --;
-            }
-            else
-            {
-                $Block['closed'] = true;
-            }
-        }
-
-        if (isset($Block['interrupted']))
-        {
-            $Block['element']['rawHtml'] .= "\n";
-            unset($Block['interrupted']);
-        }
-
-        $Block['element']['rawHtml'] .= "\n".$Line['body'];
-
-        return $Block;
-    }
-
-    protected function blockMarkupComplete($Block)
-    {
-        if ( ! isset($Block['void']))
-        {
-            $Block['element']['rawHtml'] = $this->processTag($Block['element']['rawHtml']);
-        }
-
-        return $Block;
-    }
-
-    #
-    # Setext
-
-    protected function blockSetextHeader($Line, array $Block = null)
-    {
-        $Block = parent::blockSetextHeader($Line, $Block);
-
-        if ($Block !== null && preg_match('/[ ]*{('.$this->regexAttribute.'+)}[ ]*$/', $Block['element']['handler']['argument'], $matches, PREG_OFFSET_CAPTURE))
-        {
-            $attributeString = $matches[1][0];
-
-            $Block['element']['attributes'] = $this->parseAttributeData($attributeString);
-
-            $Block['element']['handler']['argument'] = substr($Block['element']['handler']['argument'], 0, $matches[0][1]);
-        }
-
-        return $Block;
-    }
-
-    #
-    # Inline Elements
-    #
-
-    #
-    # Footnote Marker
-
-    protected function inlineFootnoteMarker($Excerpt)
-    {
-        if (preg_match('/^\[\^(.+?)\]/', $Excerpt['text'], $matches))
-        {
-            $name = $matches[1];
-
-            if ( ! isset($this->DefinitionData['Footnote'][$name]))
-            {
-                return;
-            }
-
-            $this->DefinitionData['Footnote'][$name]['count'] ++;
-
-            if ( ! isset($this->DefinitionData['Footnote'][$name]['number']))
-            {
-                $this->DefinitionData['Footnote'][$name]['number'] = ++ $this->footnoteCount; # &raquo; &
-            }
-
-            $Element = array(
-                'name' => 'sup',
-                'attributes' => array('id' => 'fnref'.$this->DefinitionData['Footnote'][$name]['count'].':'.$name),
-                'element' => array(
-                    'name' => 'a',
-                    'attributes' => array('href' => '#fn:'.$name, 'class' => 'footnote-ref'),
-                    'text' => $this->DefinitionData['Footnote'][$name]['number'],
-                ),
-            );
-
-            return array(
-                'extent' => strlen($matches[0]),
-                'element' => $Element,
-            );
-        }
-    }
-
-    private $footnoteCount = 0;
-
-    #
-    # Link
-
-    protected function inlineLink($Excerpt)
-    {
-        $Link = parent::inlineLink($Excerpt);
-
-        $remainder = $Link !== null ? substr($Excerpt['text'], $Link['extent']) : '';
-
-        if (preg_match('/^[ ]*{('.$this->regexAttribute.'+)}/', $remainder, $matches))
-        {
-            $Link['element']['attributes'] += $this->parseAttributeData($matches[1]);
-
-            $Link['extent'] += strlen($matches[0]);
-        }
-
-        return $Link;
-    }
-
-    #
-    # ~
-    #
-
-    private $currentAbreviation;
-    private $currentMeaning;
-
-    protected function insertAbreviation(array $Element)
-    {
-        if (isset($Element['text']))
-        {
-            $Element['elements'] = self::pregReplaceElements(
-                '/\b'.preg_quote($this->currentAbreviation, '/').'\b/',
-                array(
-                    array(
-                        'name' => 'abbr',
-                        'attributes' => array(
-                            'title' => $this->currentMeaning,
-                        ),
-                        'text' => $this->currentAbreviation,
-                    )
-                ),
-                $Element['text']
-            );
-
-            unset($Element['text']);
-        }
-
-        return $Element;
-    }
-
-    protected function inlineText($text)
-    {
-        $Inline = parent::inlineText($text);
-
-        if (isset($this->DefinitionData['Abbreviation']))
-        {
-            foreach ($this->DefinitionData['Abbreviation'] as $abbreviation => $meaning)
-            {
-                $this->currentAbreviation = $abbreviation;
-                $this->currentMeaning = $meaning;
-
-                $Inline['element'] = $this->elementApplyRecursiveDepthFirst(
-                    array($this, 'insertAbreviation'),
-                    $Inline['element']
-                );
-            }
-        }
-
-        return $Inline;
-    }
-
-    #
-    # Util Methods
-    #
-
-    protected function addDdElement(array $Line, array $Block)
-    {
-        $text = substr($Line['text'], 1);
-        $text = trim($text);
-
-        unset($Block['dd']);
-
-        $Block['dd'] = array(
-            'name' => 'dd',
-            'handler' => array(
-                'function' => 'lineElements',
-                'argument' => $text,
-                'destination' => 'elements'
-            ),
-        );
-
-        if (isset($Block['interrupted']))
-        {
-            $Block['dd']['handler']['function'] = 'textElements';
-
-            unset($Block['interrupted']);
-        }
-
-        $Block['element']['elements'] []= & $Block['dd'];
-
-        return $Block;
-    }
-
-    protected function buildFootnoteElement()
-    {
-        $Element = array(
-            'name' => 'div',
-            'attributes' => array('class' => 'footnotes'),
-            'elements' => array(
-                array('name' => 'hr'),
-                array(
-                    'name' => 'ol',
-                    'elements' => array(),
-                ),
-            ),
-        );
-
-        uasort($this->DefinitionData['Footnote'], 'self::sortFootnotes');
-
-        foreach ($this->DefinitionData['Footnote'] as $definitionId => $DefinitionData)
-        {
-            if ( ! isset($DefinitionData['number']))
-            {
-                continue;
-            }
-
-            $text = $DefinitionData['text'];
-
-            $textElements = parent::textElements($text);
-
-            $numbers = range(1, $DefinitionData['count']);
-
-            $backLinkElements = array();
-
-            foreach ($numbers as $number)
-            {
-                $backLinkElements[] = array('text' => ' ');
-                $backLinkElements[] = array(
-                    'name' => 'a',
-                    'attributes' => array(
-                        'href' => "#fnref$number:$definitionId",
-                        'rev' => 'footnote',
-                        'class' => 'footnote-backref',
-                    ),
-                    'rawHtml' => '&#8617;',
-                    'allowRawHtmlInSafeMode' => true,
-                    'autobreak' => false,
-                );
-            }
-
-            unset($backLinkElements[0]);
-
-            $n = count($textElements) -1;
-
-            if ($textElements[$n]['name'] === 'p')
-            {
-                $backLinkElements = array_merge(
-                    array(
-                        array(
-                            'rawHtml' => '&#160;',
-                            'allowRawHtmlInSafeMode' => true,
-                        ),
-                    ),
-                    $backLinkElements
-                );
-
-                unset($textElements[$n]['name']);
-
-                $textElements[$n] = array(
-                    'name' => 'p',
-                    'elements' => array_merge(
-                        array($textElements[$n]),
-                        $backLinkElements
-                    ),
-                );
-            }
-            else
-            {
-                $textElements[] = array(
-                    'name' => 'p',
-                    'elements' => $backLinkElements
-                );
-            }
-
-            $Element['elements'][1]['elements'] []= array(
-                'name' => 'li',
-                'attributes' => array('id' => 'fn:'.$definitionId),
-                'elements' => array_merge(
-                    $textElements
-                ),
-            );
-        }
-
-        return $Element;
-    }
-
-    # ~
-
-    protected function parseAttributeData($attributeString)
-    {
-        $Data = array();
-
-        $attributes = preg_split('/[ ]+/', $attributeString, - 1, PREG_SPLIT_NO_EMPTY);
-
-        foreach ($attributes as $attribute)
-        {
-            if ($attribute[0] === '#')
-            {
-                $Data['id'] = substr($attribute, 1);
-            }
-            else # "."
-            {
-                $classes []= substr($attribute, 1);
-            }
-        }
-
-        if (isset($classes))
-        {
-            $Data['class'] = implode(' ', $classes);
-        }
-
-        return $Data;
-    }
-
-    # ~
-
-    protected function processTag($elementMarkup) # recursive
-    {
-        # http://stackoverflow.com/q/1148928/200145
-        libxml_use_internal_errors(true);
-
-        $DOMDocument = new DOMDocument;
-
-        # http://stackoverflow.com/q/11309194/200145
-        $elementMarkup = mb_convert_encoding($elementMarkup, 'HTML-ENTITIES', 'UTF-8');
-
-        # http://stackoverflow.com/q/4879946/200145
-        $DOMDocument->loadHTML($elementMarkup);
-        $DOMDocument->removeChild($DOMDocument->doctype);
-        $DOMDocument->replaceChild($DOMDocument->firstChild->firstChild->firstChild, $DOMDocument->firstChild);
-
-        $elementText = '';
-
-        if ($DOMDocument->documentElement->getAttribute('markdown') === '1')
-        {
-            foreach ($DOMDocument->documentElement->childNodes as $Node)
-            {
-                $elementText .= $DOMDocument->saveHTML($Node);
-            }
-
-            $DOMDocument->documentElement->removeAttribute('markdown');
-
-            $elementText = "\n".$this->text($elementText)."\n";
-        }
-        else
-        {
-            foreach ($DOMDocument->documentElement->childNodes as $Node)
-            {
-                $nodeMarkup = $DOMDocument->saveHTML($Node);
-
-                if ($Node instanceof DOMElement and ! in_array($Node->nodeName, $this->textLevelElements))
-                {
-                    $elementText .= $this->processTag($nodeMarkup);
-                }
-                else
-                {
-                    $elementText .= $nodeMarkup;
-                }
-            }
-        }
-
-        # because we don't want for markup to get encoded
-        $DOMDocument->documentElement->nodeValue = 'placeholder\x1A';
-
-        $markup = $DOMDocument->saveHTML($DOMDocument->documentElement);
-        $markup = str_replace('placeholder\x1A', $elementText, $markup);
-
-        return $markup;
-    }
-
-    # ~
-
-    protected function sortFootnotes($A, $B) # callback
-    {
-        return $A['number'] - $B['number'];
-    }
-
-    #
-    # Fields
-    #
-
-    protected $regexAttribute = '(?:[#.][-\w]+[ ]*)';
-}

classes/vendor/TwitterAPIExchange.php

@@ -1,411 +0,0 @@
-<?php
-#declare(strict_types=1);
-
-/**
- * Twitter-API-PHP : Simple PHP wrapper for the v1.1 API
- *
- * PHP version 5.3.10
- *
- * @category Awesomeness
- * @package  Twitter-API-PHP
- * @author   James Mallison <me@j7mbo.co.uk>
- * @license  MIT License
- * @version  1.0.4
- * @link     http://github.com/j7mbo/twitter-api-php
- */
-class TwitterAPIExchange
-{
-    /**
-     * @var string
-     */
-    private $oauth_access_token;
-
-    /**
-     * @var string
-     */
-    private $oauth_access_token_secret;
-
-    /**
-     * @var string
-     */
-    private $consumer_key;
-
-    /**
-     * @var string
-     */
-    private $consumer_secret;
-
-    /**
-     * @var array
-     */
-    private $postfields;
-
-    /**
-     * @var string
-     */
-    private $getfield;
-
-    /**
-     * @var mixed
-     */
-    protected $oauth;
-
-    /**
-     * @var string
-     */
-    public $url;
-
-    /**
-     * @var string
-     */
-    public $requestMethod;
-
-    /**
-     * The HTTP status code from the previous request
-     *
-     * @var int
-     */
-    protected $httpStatusCode;
-
-    /**
-     * Create the API access object. Requires an array of settings::
-     * oauth access token, oauth access token secret, consumer key, consumer secret
-     * These are all available by creating your own application on dev.twitter.com
-     * Requires the cURL library
-     *
-     * @throws \RuntimeException When cURL isn't loaded
-     * @throws \InvalidArgumentException When incomplete settings parameters are provided
-     *
-     * @param array $settings
-     */
-    public function __construct(array $settings)
-    {
-        if (!function_exists('curl_init'))
-        {
-            throw new RuntimeException('TwitterAPIExchange requires cURL extension to be loaded, see: http://curl.haxx.se/docs/install.html');
-        }
-
-        if (!isset($settings['oauth_access_token'])
-            || !isset($settings['oauth_access_token_secret'])
-            || !isset($settings['consumer_key'])
-            || !isset($settings['consumer_secret']))
-        {
-            throw new InvalidArgumentException('Incomplete settings passed to TwitterAPIExchange');
-        }
-
-        $this->oauth_access_token = $settings['oauth_access_token'];
-        $this->oauth_access_token_secret = $settings['oauth_access_token_secret'];
-        $this->consumer_key = $settings['consumer_key'];
-        $this->consumer_secret = $settings['consumer_secret'];
-    }
-
-    /**
-     * Set postfields array, example: array('screen_name' => 'J7mbo')
-     *
-     * @param array $array Array of parameters to send to API
-     *
-     * @throws \Exception When you are trying to set both get and post fields
-     *
-     * @return TwitterAPIExchange Instance of self for method chaining
-     */
-    public function setPostfields(array $array)
-    {
-        if (!is_null($this->getGetfield()))
-        {
-            throw new Exception('You can only choose get OR post fields (post fields include put).');
-        }
-
-        if (isset($array['status']) && substr($array['status'], 0, 1) === '@')
-        {
-            $array['status'] = sprintf("\0%s", $array['status']);
-        }
-
-        foreach ($array as $key => &$value)
-        {
-            if (is_bool($value))
-            {
-                $value = ($value === true) ? 'true' : 'false';
-            }
-        }
-
-        $this->postfields = $array;
-
-        // rebuild oAuth
-        if (isset($this->oauth['oauth_signature']))
-        {
-            $this->buildOauth($this->url, $this->requestMethod);
-        }
-
-        return $this;
-    }
-
-    /**
-     * Set getfield string, example: '?screen_name=J7mbo'
-     *
-     * @param string $string Get key and value pairs as string
-     *
-     * @throws \Exception
-     *
-     * @return \TwitterAPIExchange Instance of self for method chaining
-     */
-    public function setGetfield($string)
-    {
-        if (!is_null($this->getPostfields()))
-        {
-            throw new Exception('You can only choose get OR post / post fields.');
-        }
-
-        $getfields = preg_replace('/^\?/', '', explode('&', $string));
-        $params = array();
-
-        foreach ($getfields as $field)
-        {
-            if ($field !== '')
-            {
-                list($key, $value) = explode('=', $field);
-                $params[$key] = $value;
-            }
-        }
-
-        $this->getfield = '?' . http_build_query($params, '', '&');
-
-        return $this;
-    }
-
-    /**
-     * Get getfield string (simple getter)
-     *
-     * @return string $this->getfields
-     */
-    public function getGetfield()
-    {
-        return $this->getfield;
-    }
-
-    /**
-     * Get postfields array (simple getter)
-     *
-     * @return array $this->postfields
-     */
-    public function getPostfields()
-    {
-        return $this->postfields;
-    }
-
-    /**
-     * Build the Oauth object using params set in construct and additionals
-     * passed to this method. For v1.1, see: https://dev.twitter.com/docs/api/1.1
-     *
-     * @param string $url           The API url to use. Example: https://api.twitter.com/1.1/search/tweets.json
-     * @param string $requestMethod Either POST or GET
-     *
-     * @throws \Exception
-     *
-     * @return \TwitterAPIExchange Instance of self for method chaining
-     */
-    public function buildOauth($url, $requestMethod)
-    {
-        if (!in_array(strtolower($requestMethod), array('post', 'get', 'put', 'delete')))
-        {
-            throw new Exception('Request method must be either POST, GET or PUT or DELETE');
-        }
-
-        $consumer_key              = $this->consumer_key;
-        $consumer_secret           = $this->consumer_secret;
-        $oauth_access_token        = $this->oauth_access_token;
-        $oauth_access_token_secret = $this->oauth_access_token_secret;
-
-        $oauth = array(
-            'oauth_consumer_key' => $consumer_key,
-            'oauth_nonce' => time(),
-            'oauth_signature_method' => 'HMAC-SHA1',
-            'oauth_token' => $oauth_access_token,
-            'oauth_timestamp' => time(),
-            'oauth_version' => '1.0'
-        );
-
-        $getfield = $this->getGetfield();
-
-        if (!is_null($getfield))
-        {
-            $getfields = str_replace('?', '', explode('&', $getfield));
-
-            foreach ($getfields as $g)
-            {
-                $split = explode('=', $g);
-
-                /** In case a null is passed through **/
-                if (isset($split[1]))
-                {
-                    $oauth[$split[0]] = urldecode($split[1]);
-                }
-            }
-        }
-
-        $postfields = $this->getPostfields();
-
-        if (!is_null($postfields)) {
-            foreach ($postfields as $key => $value) {
-                $oauth[$key] = $value;
-            }
-        }
-
-        $base_info = $this->buildBaseString($url, $requestMethod, $oauth);
-        $composite_key = rawurlencode($consumer_secret) . '&' . rawurlencode($oauth_access_token_secret);
-        $oauth_signature = base64_encode(hash_hmac('sha1', $base_info, $composite_key, true));
-        $oauth['oauth_signature'] = $oauth_signature;
-
-        $this->url           = $url;
-        $this->requestMethod = $requestMethod;
-        $this->oauth         = $oauth;
-
-        return $this;
-    }
-
-    /**
-     * Perform the actual data retrieval from the API
-     *
-     * @param boolean $return      If true, returns data. This is left in for backward compatibility reasons
-     * @param array   $curlOptions Additional Curl options for this request
-     *
-     * @throws \Exception
-     *
-     * @return string json If $return param is true, returns json data.
-     */
-    public function performRequest($return = true, $curlOptions = array())
-    {
-        if (!is_bool($return))
-        {
-            throw new Exception('performRequest parameter must be true or false');
-        }
-
-        $header =  array($this->buildAuthorizationHeader($this->oauth), 'Expect:');
-
-        $getfield = $this->getGetfield();
-        $postfields = $this->getPostfields();
-
-        if (in_array(strtolower($this->requestMethod), array('put', 'delete')))
-        {
-            $curlOptions[CURLOPT_CUSTOMREQUEST] = $this->requestMethod;
-        }
-
-        $options = $curlOptions + array(
-            CURLOPT_HTTPHEADER => $header,
-            CURLOPT_HEADER => false,
-            CURLOPT_URL => $this->url,
-            CURLOPT_RETURNTRANSFER => true,
-            CURLOPT_TIMEOUT => 10,
-        );
-
-        if (!is_null($postfields))
-        {
-            $options[CURLOPT_POSTFIELDS] = http_build_query($postfields, '', '&');
-        }
-        else
-        {
-            if ($getfield !== '')
-            {
-                $options[CURLOPT_URL] .= $getfield;
-            }
-        }
-
-        $feed = curl_init();
-        curl_setopt_array($feed, $options);
-        $json = curl_exec($feed);
-
-        $this->httpStatusCode = curl_getinfo($feed, CURLINFO_HTTP_CODE);
-
-        if (($error = curl_error($feed)) !== '')
-        {
-            curl_close($feed);
-
-            throw new \Exception($error);
-        }
-
-        curl_close($feed);
-
-        return $json;
-    }
-
-    /**
-     * Private method to generate the base string used by cURL
-     *
-     * @param string $baseURI
-     * @param string $method
-     * @param array  $params
-     *
-     * @return string Built base string
-     */
-    private function buildBaseString($baseURI, $method, $params)
-    {
-        $return = array();
-        ksort($params);
-
-        foreach($params as $key => $value)
-        {
-            $return[] = rawurlencode($key) . '=' . rawurlencode($value);
-        }
-
-        return $method . "&" . rawurlencode($baseURI) . '&' . rawurlencode(implode('&', $return));
-    }
-
-    /**
-     * Private method to generate authorization header used by cURL
-     *
-     * @param array $oauth Array of oauth data generated by buildOauth()
-     *
-     * @return string $return Header used by cURL for request
-     */
-    private function buildAuthorizationHeader(array $oauth)
-    {
-        $return = 'Authorization: OAuth ';
-        $values = array();
-
-        foreach($oauth as $key => $value)
-        {
-            if (in_array($key, array('oauth_consumer_key', 'oauth_nonce', 'oauth_signature',
-                'oauth_signature_method', 'oauth_timestamp', 'oauth_token', 'oauth_version'))) {
-                $values[] = "$key=\"" . rawurlencode($value) . "\"";
-            }
-        }
-
-        $return .= implode(', ', $values);
-        return $return;
-    }
-
-    /**
-     * Helper method to perform our request
-     *
-     * @param string $url
-     * @param string $method
-     * @param string $data
-     * @param array  $curlOptions
-     *
-     * @throws \Exception
-     *
-     * @return string The json response from the server
-     */
-    public function request($url, $method = 'get', $data = null, $curlOptions = array())
-    {
-        if (strtolower($method) === 'get')
-        {
-            $this->setGetfield($data);
-        }
-        else
-        {
-            $this->setPostfields($data);
-        }
-
-        return $this->buildOauth($url, $method)->performRequest(true, $curlOptions);
-    }
-
-    /**
-     * Get the HTTP status code for the previous request
-     *
-     * @return integer
-     */
-    public function getHttpStatusCode()
-    {
-        return $this->httpStatusCode;
-    }
-}

classes/wiki.class.php

@@ -22,7 +22,7 @@ class Wiki
         $Aliases = G::$Cache->get_value('wiki_aliases');
         if (!$Aliases) {
             $QueryID = G::$DB->get_query_id();
-            G::$DB->query("
+            G::$DB->prepared_query("
             SELECT Alias, ArticleID
             FROM wiki_aliases");
             $Aliases = G::$DB->to_pair('Alias', 'ArticleID');
@@ -67,7 +67,7 @@ class Wiki
         $Contents = G::$Cache->get_value('wiki_article_'.$ArticleID);
         if (!$Contents) {
             $QueryID = G::$DB->get_query_id();
-            G::$DB->query("
+            G::$DB->prepared_query("
             SELECT
               w.Revision,
               w.Title,

composer.json

@@ -0,0 +1,54 @@
+{
+  "name": "biotorrents/gazelle",
+  "description": "Web framework for private BitTorrent trackers using Ocelot",
+  "type": "project",
+  "license": "Unlicense",
+  "authors": [
+    {
+      "name": "What.cd"
+    },
+    {
+      "name": "Oppaitime"
+    },
+    {
+      "name": "BioTorrents.de"
+    }
+  ],
+  "autoload": {
+    "classmap": [
+      "classes/"
+    ],
+    "files": [
+      "classes/autoload.php"
+    ]
+  },
+  "config": {
+    "sort-packages": true
+  },
+  "require": {
+    "php": ">=7.4",
+    "ext-apcu": "*",
+    "ext-curl": "*",
+    "ext-json": "*",
+    "ext-mbstring": "*",
+    "ext-memcache": "*",
+    "ext-mysqli": "*",
+    "biotorrents/biophp": "dev-master",
+    "erusev/parsedown": "^1.8.0-beta-7",
+    "erusev/parsedown-extra": "^0.8.1",
+    "j7mbo/twitter-api-php": "^1.0.6",
+    "orpheusnet/bencode-torrent": "^1.1.1",
+    "robmorgan/phinx": "^0.12.7",
+    "twig/twig": "^3.3.2"
+  },
+  "require-dev": {
+    "d11wtq/boris": "^1.0.10",
+    "phpstan/phpstan": "^0.12.92",
+    "phpunit/phpunit": "^9.5.6",
+    "squizlabs/php_codesniffer": "^3.6.0"
+  },
+  "scripts": {
+    "phpstan": "phpstan analyse",
+    "test": "phpunit"
+  }
+}

delete.php

@@ -1,4 +0,0 @@
-<?php
-declare(strict_types=1);
-
-require_once 'classes/script_start.php';

design/privatefooter.php

@@ -6,7 +6,7 @@ $Sep = ' ';
 
 # End <div#content>, begin <footer>
 # This needs to be <main>, in each page
-echo $HTML = '</div></main><footer class="halfwide">';
+echo $HTML = '</div></main><footer>';
 
 # Disclaimer
 #if (!empty($Options['disclaimer'])) {

design/privateheader.php

@@ -49,6 +49,8 @@ $Styles = array_filter(
     array_merge(
         [
           'vendor/jquery-ui.min',
+          'vendor/normalize',
+          'vendor/skeleton',
           #'assets/fonts/fa/css/all.min',
           'global'
         ],
@@ -250,8 +252,7 @@ if ($NotificationsManager->is_skipped(NotificationsManager::SUBSCRIPTIONS)) {
           <li id="nav_irc" <?=
             Format::add_class($PageID, ['chat'], 'active', true)?>>
             <a href="https://join.slack.com/t/biotorrents/shared_invite/<?=$ENV->SLACK_INVITE?>"
-              target="_blank">Slack
-              <img src="/static/common/symbols/external.png" style="height: 0.75em; vertical-align: center;" /></a>
+              target="_blank">Slack</a>
           </li>
 
           <li id="nav_top10" <?=
@@ -332,11 +333,13 @@ if (isset(G::$LoggedUser['SearchType']) && G::$LoggedUser['SearchType']) { // Ad
             size="17">
         </form>
 
+        <!--
         <form class="search_form" name="artists" action="artist.php" method="get">
-          <input id="artistsearch" <?=Users::has_autocomplete_enabled('search')?>
+          <input id="artistsearch" <?=null#Users::has_autocomplete_enabled('search')?>
           aria-label="Search authors" accesskey="a" spellcheck="false" autocomplete="off" placeholder="Authors"
           type="text" name="artistname" size="17">
         </form>
+          -->
 
         <form class="search_form" name="requests" action="requests.php" method="get">
           <input id="requestssearch" aria-label="Search requests" spellcheck="false" autocomplete="off"
@@ -607,19 +610,6 @@ if (check_perms('admin_reports')) {
     }
 }
 
-if (check_perms('users_mod')) {
-    $NumDeleteRequests = G::$Cache->get_value('num_deletion_requests');
-    if ($NumDeleteRequests === false) {
-        G::$DB->query("SELECT COUNT(*) FROM deletion_requests");
-        list($NumDeleteRequests) = G::$DB->next_record();
-        G::$Cache->cache_value('num_deletion_requests', $NumDeleteRequests);
-    }
-
-    if ($NumDeleteRequests > 0) {
-        $ModBar[] = '<a href="tools.php?action=expunge_requests">' . $NumDeleteRequests . " Expunge request".($NumDeleteRequests > 1 ? 's' : '')."</a>";
-    }
-}
-
 if (check_perms('users_mod') && FEATURE_EMAIL_REENABLE) {
     $NumEnableRequests = G::$Cache->get_value(AutoEnable::CACHE_KEY_NAME);
     if ($NumEnableRequests === false) {
@@ -636,7 +626,7 @@ if (check_perms('users_mod') && FEATURE_EMAIL_REENABLE) {
 if (!empty($Alerts) || !empty($ModBar)) { ?>
     <div id="alerts">
       <?php foreach ($Alerts as $Alert) { ?>
-      <div class="alertbar">
+      <div class="alertbar warning">
         <?=$Alert?>
       </div>
       <?php

design/publicfooter.php

@@ -7,9 +7,10 @@ echo <<<HTML
 </main>
 
 <footer>
-  <a href="https://github.com/biotorrents/gazelle" target="_blank">GitHub</a>
   <a href="/legal.php?p=privacy">Privacy</a>
   <a href="/legal.php?p=dmca">DMCA</a>
+  <a class="external" href="https://github.com/biotorrents" target="_blank">GitHub</a>
+  <a class="external" href="https://patreon.com/biotorrents" target="_blank">Patreon</a>
 </footer>
 
 <script src="$ENV->STATIC_SERVER/functions/vendor/instantpage.js" type="module"></script>

design/publicheader.php

@@ -41,7 +41,7 @@ foreach ($Scripts as $Script) {
 }
 
 # Load CSS
-$Styles = ['global', 'public'];
+$Styles = ['vendor/normalize', 'vendor/skeleton', 'global', 'public'];
 foreach ($Styles as $Style) {
     echo View::pushAsset(
         "$ENV->STATIC_SERVER/styles/$Style.css",
@@ -52,7 +52,7 @@ foreach ($Styles as $Style) {
 # Fonts
 echo View::pushAsset(
 # Only Noto Sans available on public pages
-"$ENV->STATIC_SERVER/styles/assets/fonts/noto/woff2/NotoSans-SemiCondensed.woff2",
+"$ENV->STATIC_SERVER/styles/assets/fonts/noto/NotoSans-SemiCondensed.woff2",
     'font'
 );
 
@@ -68,12 +68,9 @@ if ($ENV->OPEN_REGISTRATION) {
     echo '<a href="register.php">Register</a>';
 }
 
-$Email = $ENV->HELP->Email;
-$Subject = $ENV->HELP->Subject;
-$Body = $ENV->HELP->Body;
-echo "<a href='mailto:$Email?subject=$Subject&body=$Body'>Support</a>";
-
 echo <<<HTML
+    <a href="/legal.php?p=about">About</a>
+    <a class="external" href="https://docs.torrents.bio" target="_blank">Docs</a>
   </header>
 
 <main>

design/views/generic/reply/quickreply.php

@@ -200,7 +200,7 @@ if (!isset($InputTitle)) {
           class="hidden button_preview_<?=$ReplyText->getID()?>"
           tabindex="1" />
 
-        <input type="submit" value="Post" id="submit_button" tabindex="1" />
+        <input type="submit" class="button-primary" value="Post" id="submit_button" tabindex="1" />
       </div>
     </form>
   </div>

design/views/generic/reply/staffpm.php

@@ -32,7 +32,7 @@ $TextPrev = new TEXTAREA_PREVIEW(
 
     <input type="button" value="Preview"
       class="hidden button_preview_<?=$TextPrev->getID()?>" />
-    <input type="submit" value="Send message" />
+    <input type="submit" class="button-primary" value="Send message" />
     <input type="button" value="Hide" data-toggle-target="#compose" />
   </form>
 </div>

feeds.php

@@ -1,42 +1,58 @@
 <?php
 declare(strict_types = 1);
 
-/*-- Feed Start Class ----------------------------------*/
-/*------------------------------------------------------*/
-/* Simplified version of script_start, used for the     */
-/* sitewide RSS system.                                 */
-/*------------------------------------------------------*/
-/********************************************************/
-
-// Let's prevent people from clearing feeds
+/**
+ * Feed start class
+ *
+ * Simplified version of script_start,
+ * used for the sitewide RSS system.
+ */
+
+# Let's prevent people from clearing feeds
 if (isset($_GET['clearcache'])) {
     unset($_GET['clearcache']);
 }
 
 require_once 'classes/config.php';
-require_once SERVER_ROOT.'/classes/misc.class.php';
-require_once SERVER_ROOT.'/classes/cache.class.php';
-require_once SERVER_ROOT.'/classes/feed.class.php';
-
 $ENV = ENV::go();
-$Cache = new Cache($ENV->getPriv('MEMCACHED_SERVERS')); // Load the caching class
-$Feed = new Feed; // Load the time class
 
+require_once "$ENV->SERVER_ROOT/classes/misc.class.php";
+require_once "$ENV->SERVER_ROOT/classes/cache.class.php";
+require_once "$ENV->SERVER_ROOT/classes/feed.class.php";
+
+# Load the caching class
+$Cache = new Cache($ENV->getPriv('MEMCACHED_SERVERS'));
+
+# Load the time class
+$Feed = new Feed;
+
+
+/**
+ * check_perms
+ */
 function check_perms()
 {
     return false;
 }
 
+
+/**
+ * is_number
+ */
 function is_number($Str)
 {
     if ($Str < 0) {
         return false;
     }
 
-    // We're converting input to an int, then string, and comparing to the original
+    # We're converting input to an int, then string, and comparing to the original
     return ($Str === strval(intval($Str)));
 }
 
+
+/**
+ * display_str
+ */
 function display_str($Str)
 {
     if ($Str !== '') {
@@ -62,21 +78,29 @@ function display_str($Str)
 
         $Str = str_replace($Replace, $With, $Str);
     }
+
     return $Str;
 }
 
+
+/**
+ * make_utf8
+ */
 function make_utf8($Str)
 {
     if ($Str !== '') {
         if (is_utf8($Str)) {
             $Encoding = 'UTF-8';
         }
+
         if (empty($Encoding)) {
             $Encoding = mb_detect_encoding($Str, 'UTF-8, ISO-8859-1');
         }
+
         if (empty($Encoding)) {
             $Encoding = 'ISO-8859-1';
         }
+
         if ($Encoding === 'UTF-8') {
             return $Str;
         } else {
@@ -85,6 +109,10 @@ function make_utf8($Str)
     }
 }
 
+
+/**
+ * is_utf8
+ */
 function is_utf8($Str)
 {
     return preg_match(
@@ -102,6 +130,10 @@ function is_utf8($Str)
     );
 }
 
+
+/**
+ * display_array
+ */
 function display_array($Array, $Escape = [])
 {
     foreach ($Array as $Key => $Val) {
@@ -109,20 +141,29 @@ function display_array($Array, $Escape = [])
             $Array[$Key] = display_str($Val);
         }
     }
+
     return $Array;
 }
 
+
 /**
- * Print the site's URL including the appropriate URI scheme, including the trailing slash
+ * site_url
+ *
+ * Print the site's URL and appropriate URI scheme,
+ * including the trailing slash.
  */
 function site_url()
 {
-    return 'https://' . SITE_DOMAIN . '/';
+    $ENV = ENV::go();
+    return "https://$ENV->SITE_DOMAIN/";
 }
 
+
+# Set the headers
 header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
 header('Pragma:');
 header('Expires: '.date('D, d M Y H:i:s', time() + (2 * 60 * 60)).' GMT');
 header('Last-Modified: '.date('D, d M Y H:i:s').' GMT');
 
-require_once SERVER_ROOT.'/sections/feeds/index.php';
+# Load the feeds section
+require_once "$ENV->SERVER_ROOT/sections/feeds/index.php";

image.php

@@ -1,7 +1,7 @@
 <?php
 declare(strict_types=1);
 
-// Functions and headers needed by the image proxy
+# Functions and headers needed by the image proxy
 error_reporting(E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR);
 
 if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
@@ -9,108 +9,146 @@ if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
     error();
 }
 
-header('Expires: '.date('D, d-M-Y H:i:s \U\T\C', time() + 3600 * 24 * 120)); // 120 days
+header('Expires: '.date('D, d-M-Y H:i:s \U\T\C', time() + 3600 * 24 * 120)); # 120 days
 header('Last-Modified: '.date('D, d-M-Y H:i:s \U\T\C', time()));
 
 if (!extension_loaded('gd')) {
-    error('nogd');
+    error('Please install and enable the GD Graphics Library.');
 }
 
+
+/**
+ * img_error
+ */
 function img_error($Type)
 {
+    $ENV = ENV::go();
+
     header('Content-type: image/gif');
-    error(file_get_contents(SERVER_ROOT.'/sections/image/err_imgs/'.$Type.'.png'));
+    error(file_get_contents("$ENV->SERVER_ROOT/sections/image/err_imgs/$Type.png"));
 }
 
+
+/**
+ * invisible
+ */
 function invisible($Image)
 {
     $Count = imagecolorstotal($Image);
     if ($Count === 0) {
         return false;
     }
+
     $TotalAlpha = 0;
     for ($i = 0; $i < $Count; ++$i) {
         $Color = imagecolorsforindex($Image, $i);
         $TotalAlpha += $Color['alpha'];
     }
+
     return (($TotalAlpha / $Count) === 127);
 }
 
+
+/**
+ * verysmall
+ */
 function verysmall($Image)
 {
     return ((imagesx($Image) * imagesy($Image)) < 25);
 }
 
+
+/**
+ * image_type
+ */
 function image_type($Data)
 {
     if (!strncmp($Data, 'GIF', 3)) {
         return 'gif';
     }
+
     if (!strncmp($Data, pack('H*', '89504E47'), 4)) {
         return 'png';
     }
+
     if (!strncmp($Data, pack('H*', 'FFD8'), 2)) {
         return 'jpeg';
     }
+
     if (!strncmp($Data, 'BM', 2)) {
         return 'bmp';
     }
+
     if (!strncmp($Data, 'II', 2) || !strncmp($Data, 'MM', 2)) {
         return 'tiff';
     }
+
     if (!substr_compare($Data, 'webm', 31, 4)) {
         return 'webm';
     }
 }
 
+
+/**
+ * image_height
+ */
 function image_height($Type, $Data)
 {
-    $Length = strlen($Data);
     global $URL, $_GET;
+    $Length = strlen($Data);
 
     switch ($Type) {
-    case 'jpeg':
-      // See http://www.obrador.com/essentialjpeg/headerinfo.htm
-      $i = 4;
-      $Data = (substr($Data, $i));
-      $Block = unpack('nLength', $Data);
-      $Data = substr($Data, $Block['Length']);
-      $i += $Block['Length'];
-      $Str []= 'Started 4, + '.$Block['Length'];
-
-      while ($Data !== '') { // Iterate through the blocks until we find the start of frame marker (FFC0)
-        $Block = unpack('CBlock/CType/nLength', $Data); // Get info about the block
-        if ($Block['Block'] !== '255') { // We should be at the start of a new block
-          break;
-        }
-
-          if ($Block['Type'] !== '192') { // C0
-          $Data = substr($Data, $Block['Length'] + 2); // Next block
-          $Str []= 'Started $i, + '.($Block['Length'] + 2);
-              $i += ($Block['Length'] + 2);
-          } else { // We're at the FFC0 block
-          $Data = substr($Data, 5); // Skip FF C0 Length(2) precision(1)
-          $i += 5;
-              $Height = unpack('nHeight', $Data);
-              return $Height['Height'];
-          }
-      }
-      break;
-
-    case 'gif':
-      $Data = substr($Data, 8);
-      $Height = unpack('vHeight', $Data);
-      return $Height['Height'];
-
-    case 'png':
-      $Data = substr($Data, 20);
-      $Height = unpack('NHeight', $Data);
-      return $Height['Height'];
-      
-    default:
-      return 0;
-  }
+        case 'jpeg':
+            # https://www.geocities.ws/crestwoodsdd/JPEG.htm
+            $i = 4;
+            $Data = (substr($Data, $i));
+            $Block = unpack('nLength', $Data);
+            $Data = substr($Data, $Block['Length']);
+            $i += $Block['Length'];
+            $Str []= 'Started 4, + '.$Block['Length'];
+
+            # Iterate through the blocks until we find the start of frame marker (FFC0)
+            while ($Data !== '') {
+                # Get info about the block
+                $Block = unpack('CBlock/CType/nLength', $Data);
+
+                # We should be at the start of a new block
+                if ($Block['Block'] !== '255') {
+                    break;
+                }
+
+                if ($Block['Type'] !== '192') { # C0
+                    $Data = substr($Data, $Block['Length'] + 2); # Next block
+                    $Str []= 'Started $i, + '.($Block['Length'] + 2);
+                    $i += ($Block['Length'] + 2);
+                }
+                
+                # We're at the FFC0 block
+                else {
+                    # Skip FF C0 Length(2) precision(1)
+                    $Data = substr($Data, 5);
+                    $i += 5;
+                    $Height = unpack('nHeight', $Data);
+                    return $Height['Height'];
+                }
+            }
+            break;
+            
+        case 'gif':
+            $Data = substr($Data, 8);
+            $Height = unpack('vHeight', $Data);
+            return $Height['Height'];
+        
+        case 'png':
+            $Data = substr($Data, 20);
+            $Height = unpack('NHeight', $Data);
+            return $Height['Height'];
+            
+        default:
+            return 0;
+    }
 }
 
-define('SKIP_NO_CACHE_HEADERS', 1);
-require_once 'classes/script_start.php'; // script_start.php contains all we need and includes sections/image/index.php
+
+# script_start.php contains all we need and includes sections/image/index.php
+require_once 'classes/script_start.php';

manifest.php

@@ -31,7 +31,7 @@ JSON;
 
     # Print header and $manifest for remote addresses
     # Return JSON for localhost (API manifest endpoint):
-    #   ajax.php?action=manifest
+    #   api.php?action=manifest
     if ($_SERVER['REMOTE_ADDR'] !== "127.0.0.1") {
         header('Content-type: application/json; charset=utf-8');
         echo $manifest;

readme.md

@@ -1,71 +1,138 @@
-This is BioTorrents.de's version of Gazelle
+# BioTorrents.de Gazelle
 
-Below are some lists of differences between this version of Gazelle and What.cd's. Please note that these lists are far from complete.
+This software is twice removed from the original
+[What.cd Gazelle](https://github.com/WhatCD/Gazelle).
+It's based on the security hardened PHP7 fork
+[Oppaitime Gazelle](https://git.oppaiti.me/Oppaitime/Gazelle).
+It shares several features with
+[Orpheus Gazelle](https://github.com/OPSnet/Gazelle).
+The goal is to organize a functional database with pleasant interfaces,
+and render insightful views using data from robust external sources.
 
-## Major Changes
+# Changelog: OT → Bio
 
-#### Integrated Database Encryption
+## Bearer token authorization
 
-Using a database key [provided by staff](sections/tools/misc/database_key.php) and only ever stored as a hash in memory (via APCu), the [integrated database encryption](classes/crypto.class.php) is used to encrypt sensitive user data like IP addresses, emails, and private messages regardless of the underlying system gazelle is running on.
+[API Docs](https://docs.biotorrents.de).
+API tokens can be generated in the
+[user security settings](sections/user/token.php)
+and used with the JSON API.
 
-The rest of gazelle must be aware that some of the data it fetches from the DB is encrypted, and must have a fallback if that data is unavailable (the key is not in memory). You will see plenty of `if (!apcu_exists('DBKEY')) {` in this codebase.
+## Good typography
+
+BioTorrents.de supports an array of
+[unobtrusive fonts](static/styles/assets/scss/fonts.scss)
+with the appropriate bold/italic glyphs and monospace.
+These options are available to every theme.
+Font Awesome 5 is also universally available.
+[Download the fonts](https://torrents.bio/fonts.tgz).
+
+## Markdown support
+
+[SimpleMDE markdown editor](https://simplemde.com)
+with extended custom editor interface.
+All the Markdown Extra features supported by
+[Parsedown Extra](https://github.com/erusev/parsedown-extra)
+are documented and the useful ones exposed in the editor interface.
+Support for the default Gazelle recursive regex BBcode parser.
+
+## $ENV recursive singleton
+
+[The site configuration](classes/config.template.php)
+is being migrated to a format govered by the
+[ENV special class](classes/env.class.php)
+for modified recursive ArrayObjects.
+
+## Twig template system
+
+Similar to ENV, the
+[Twig interface](classes/twig.class.php)
+operates as a singleton because it's an external module with its own cache.
+Twig provides a security benefit by escaping rendered output,
+and a secondary benefit of clarifying the PHP running the site sections.
+Several custom filters are available from OPS.
+
+## Active data minimization
+
+BioTorrents.de has
+[real lawyer-vetted policies](templates/legal).
+In the process of matching the tech to the legal word,
+we dropped support for a number of compromising features:
 
-#### Authorized Login Locations
+- Bitcoin, PayPal, and currency exchange API and system calls;
+- Bitcoin addresses, user donation history, and similar metadata; and
+- IP address and geolocation, email address, passphrase, and passkey history.
 
-Whenever a login occurs from a location (determined by ASN) that hasn't logged into that account before, an email is sent to the account owner requesting that they authorize that location before the login will go through.
+Besides that, BioTorrents has several passive developments in progress:
 
-This prevents most attacks that would be otherwise successful, as it requires an attacker to access the site from the same locations the actual user uses to login.
+- prepare all queries with parameterized statements;
+- declare strict mode at the top of every PHP and JS file;
+- check strict equality and strong typing, including function arguments;
+- run all files through generic formatters such as PHP-CS-Fixer; and
+- move all external libraries to uncomplicated package management.
 
-#### Two-Factor Authentication
+## Minor changes
+
+- Database crypto bumped up to AES-256
+- Good subresource integrity support
+- Configurable HTTP status code errors
+- Integrated diceware passphrase generator
+- TLS database connections
+- Semantic HTML5 themes (WIP)
+
+# Changelog: WCD → OT
+
+## Integrated Database Encryption
+
+Using a database key [provided by staff](sections/tools/misc/database_key.php) and only ever stored as a hash in memory (via APCu), the [integrated database encryption](classes/crypto.class.php) is used to encrypt sensitive user data like IP addresses, emails, and private messages regardless of the underlying system gazelle is running on.
+
+The rest of gazelle must be aware that some of the data it fetches from the DB is encrypted, and must have a fallback if that data is unavailable (the key is not in memory). You will see plenty of `if (!apcu_exists('DBKEY')) {` in this codebase.
+
+## Two-Factor Authentication
 
 Despite our other (less intrusive) methods of protecting user accounts being more than sufficient for virtually all feasible attacks, we also ship optional 2FA should users feel the need to enable it.
 
-#### Universal 2nd Factor
+## Universal 2nd Factor
 
 Support for physical U2F tokens has also been added as an optional alternative to normal 2FA. U2F allows users to protect their account with something less likely to be lost or erased than 2FA keys stored on a phone.
 
-#### Unique Infohashes
+## Unique Infohashes
 
 Upon upload, torrent files are modified to contain a "source" field in the info dict containing the concatination of the site name and some generated junk data (unique per-torrent). This prevents infohash collisions with torrents cross-seeded from other sites in the same client, and also helps protect against some not particularly likely peer-leaking attacks.
 
-#### Expunge Requests
-
-Users are able to view the data kept on them and [issue requests for the deletion of old information](sections/delete) to staff through a simple interface.
-
-#### Resource Proxying
+## Resource Proxying
 
 All external resources that may appear on a page are fetched and served by the server running gazelle. This prevents the leak of user information to third parties hosting content that has been included on a page through an image tag or similar.
 
-#### Scheduler
+## Scheduler
 
 The [scheduler](sections/schedule) has been broken up into more manageable parts and has additional selective runtime features for manual execution.
 
-#### Bonus Points
+## Bonus Points
 
 Like most gazelle forks, we've added a [bonus point system](sections/schedule/hourly/bonus_points.php) and [store](sections/store).
 
-#### Modern password hashing
+## Modern password hashing
 
 We use modern PHP password hashing features that automatically rehash your password when a better hashing algorithm is made available and employ prehashing to allow you to use a secure password of any length. Original gazelle would effectively truncate your password after around 72 characters (if the tracker even allowed you to use a password that long). This codebase does not have the same problem, and allows passwords of virtually unlimited length (over 30,000 characters by default) that remain useful after a few tens of characters.
 
 ## Minor Changes
 
-* When a torrent is trumped, the new torrent is made freeleech to users who snatched the old torrent for a few days.
-* Sends headers to tell cloudflare to use HTTP/2 Server Push for most resources.
-* ~~BTN-style magnet link support.~~
-* Support for optional per-user stylesheet additions and tweaks
-* This codebase expects to run over https only.
+- When a torrent is trumped, the new torrent is made freeleech to users who snatched the old torrent for a few days.
+- Sends headers to tell cloudflare to use HTTP/2 Server Push for most resources.
+- Support for optional per-user stylesheet additions and tweaks
+- This codebase expects to run over https only.
 
-## Mascot
+# Mascot
 
-<img align="left" alt="Gracie Gazelle" src="https://git.oppaiti.me/Oppaitime/Gazelle/raw/branch/master/static/common/mascot.png">
+![Gracie Gazelle](static/common/mascot.png)
 
 **Gracie Gazelle**
 
 Gracie is a veteran pirate of the Digital Ocean. On land, predators form companies to hunt down prey. But in the lawless water, prey attack the predators' transports. Gracies steals resources from the rich and shares them with the poor and isolated people. Her great eyesight sees through the darkest corners of the Internet for her next target. Her charisma attracts countless salty goats to join her fleet. She proudly puts the forbidden share symbols on her hat and belt, and is now one of the most wanted women in the world.
 
-<small>High resolution downloads [here](https://git.oppaiti.me/Oppaitime/Gazelle/issues/34#issuecomment-99)</small>
+High resolution downloads [here](https://git.oppaiti.me/Oppaitime/Gazelle/issues/34#issuecomment-99)
 
-<small>Character design and bio by Tyson Tan, who offers mascot design services for free and open source software, free of charge, under a free license.</small>
+Character design and bio by Tyson Tan, who offers mascot design services for free and open source software, free of charge, under a free license.
 
-<small>Contact: [tysontan.com](https://tysontan.com) / <tysontan@mail.com></small>
+Contact: [tysontan.com](https://tysontan.com) / <tysontan@mail.com>

rules.php

@@ -1,4 +1,4 @@
 <?php
 declare(strict_types=1);
 
-require 'classes/script_start.php';
+require_once 'classes/script_start.php';

sections/ajax/autofill/anime.php

@@ -1,60 +0,0 @@
-<?php
-#declare(strict_types=1);
-
-if (empty($_GET['aid'])) {
-  json_die();
-}
-
-$aid = $_GET['aid'];
-
-if ($Cache->get_value('anime_fill_json_'.$aid)) {
-  json_die("success", $Cache->get_value('anime_fill_json_'.$aid));
-} else {
-
-  $anidb_url = 'http://api.anidb.net:9001/httpapi?request=anime&client='.API_KEYS['ANIDB'].'&clientver=1&protover=1&aid='.$aid;
-
-  $crl = curl_init();
-  curl_setopt($crl, CURLOPT_URL, $anidb_url);
-  curl_setopt($crl, CURLOPT_RETURNTRANSFER, 1);
-  curl_setopt($crl, CURLOPT_CONNEECTTIMEOUT, 5);
-  $ret = curl_exec($crl);
-  curl_close($curl);
-
-  $anidb_xml = new SimpleXMLElement(zlib_decode($ret));
-
-  if ($anidb_xml->xpath('/error')) {
-    json_die("failure", $anidb_xml->xpath('/error')[0]."");
-  }
-
-  $title = $anidb_xml->xpath('//titles/title[@xml:lang = "en" and @type = "official"]')[0].'';
-  $title = (empty($title))?$anidb_xml->xpath('//titles/title[@xml:lang = "en"]')[0].'':$title;
-  $title = (empty($title))?$anidb_xml->xpath('//titles/title[@type = "main"]')[0].'':$title;
-
-  $title_rj = $anidb_xml->xpath('//titles/title[@xml:lang = "x-jat" and @type = "official"]')[0].'';
-  $title_rj = (empty($title_rj))?$anidb_xml->xpath('//titles/title[@xml:lang = "x-jat"]')[0].'':$title_rj;
-
-  $title_jp = $anidb_xml->xpath('//titles/title[@xml:lang = "ja" and @type = "official"]')[0].'';
-  $title_jp = (empty($title_jp))?$anidb_xml->xpath('//titles/title[@xml:lang = "ja"]')[0].'':$title_jp;
-
-  $artist = $anidb_xml->xpath('//creators/name[@type = "Animation Work"]')[0].'';
-
-  $year = substr($anidb_xml->startdate, 0, 4);
-
-  $desc = preg_replace('/http:\/\/anidb.net\S+ \[(.*?)\]/', '$1', ($anidb_xml->description).'');
-
-  $json_str = array(
-    'id' => $aid,
-    'title' => $title,
-    'title_rj' => $title_rj,
-    'title_jp' => $title_jp,
-    'artist' => $artist,
-    'year' => $year,
-    'description' => $desc
-  );
-
-  $Cache->cache_value('anime_fill_json_'.$aid, $json_str, 86400);
-
-  json_die("success", $json_str);
-}
-
-?>

sections/ajax/autofill/jav.php

@@ -1,234 +0,0 @@
-<?php
-#declare(strict_types=1);
-
-# Headers, cache, etc.
-$debug = false;
-
-if (empty($_GET['cn'])) {
-  json_die();
-}
-
-$cn = strtoupper($_GET['cn']);
-
-if (!strpos($cn, '-')) {
-  preg_match('/\d/', $cn, $m, PREG_OFFSET_CAPTURE);
-  if ($m) { $cn = substr_replace($cn, '-', $m[0][1], 0); }
-}
-
-if (!$debug && $Cache->get_value('jav_fill_json_'.$cn)) {
-  json_die('success', $Cache->get_value('jav_fill_json_'.$cn));
-} else {
-
-  # Query the API
-  # todo: Validate to change $db
-
-/* todo
- * switch $category:
- *   case 'DNA' || 'RNA':
- *     if $number = refseq_regex:
- *        $db = 'refseq';
- *     break;
- *   case 'Protein':
- *     if $number = uniprot_regex:
- *        $db = 'uniprot';
- *     break;
- *   default:
- *     error 'invalid number';
- *     break;
- */
-$id = 'NM_001183340.1';
-
-# Assemble the esearch URL
-$base = 'https://eutils.ncbi.nlm.nih.gov/entrez/eutils/';
-$url = $base . "esummary.fcgi?db=$db&id=$id&version=2.0";
-
-# Post the esearch URL
-$output = file_get_contents($url);
-
-# Parse WebEnv and QueryKey
-#$web = $1 if ($output =~ /<WebEnv>(\S+)<\/WebEnv>/);
-#$key = $1 if ($output =~ /<QueryKey>(\d+)<\/QueryKey>/);
-
-### Include this code for ESearch-ESummary
-# Assemble the esummary URL
-$url = $base . "esummary.fcgi?db=$db&query_key=$key&WebEnv=$web";
-
-# Post the esummary URL
-$docsums = file_get_contents($url);
-echo "$docsums";
-
-### Include this code for ESearch-EFetch
-# Assemble the efetch URL
-$url = $base . "efetch.fcgi?db=$db&query_key=$key&WebEnv=$web";
-$url .= "&rettype=abstract&retmode=text";
-
-# Post the efetch URL
-$data = file_get_contents($url);
-echo "$data";
-
-  /*
-  $jlib_jp_url = ('http://www.javlibrary.com/ja/vl_searchbyid.php?keyword='.$cn);
-  $jlib_en_url = ('http://www.javlibrary.com/en/vl_searchbyid.php?keyword='.$cn);
-  $jdb_url     = ('http://javdatabase.com/movies/'.$cn.'/');
-
-  $jlib_page_jp = file_get_contents($jlib_jp_url);
-  $jlib_page_en = file_get_contents($jlib_en_url);
-  $jdb_page     = file_get_contents($jdb_url);
-
-  if ($jlib_page_en) {
-    $jlib_dom_en = new DOMDocument();
-    $jlib_dom_en->loadHTML($jlib_page_en);
-    $jlib_en = new DOMXPath($jlib_dom_en);
-
-    // Check if we're still on the search page and fix it if so
-    if($jlib_en->query("//a[starts-with(@title, \"$cn\")]")->item(0)) {
-      $href = substr($jlib_en->query("//a[starts-with(@title, \"$cn\")]")->item(0)->getAttribute('href'),1);
-      $jlib_page_en = file_get_contents('http://www.javlibrary.com/en/'.$href);
-      $jlib_page_jp = file_get_contents('http://www.javlibrary.com/ja/'.$href);
-      $jlib_dom_en->loadHTML($jlib_page_en);
-      $jlib_en = new DOMXPath($jlib_dom_en);
-      // If the provided CN was so bad that search provided a different match, die
-      if(strtoupper($jlib_en->query('//*[@id="video_id"]/table/tr/td[2]')->item(0)->nodeValue) != $cn) {
-        json_die('failure', 'Movie not found');
-      }
-    }
-  }
-  if ($jlib_page_jp) {
-    $jlib_dom_jp = new DOMDocument();
-    $jlib_dom_jp->loadHTML($jlib_page_jp);
-    $jlib_jp = new DOMXPath($jlib_dom_jp);
-  }
-  if ($jdb_page) {
-    $jdb_dom = new DOMDocument();
-    $jdb_dom->loadHTML($jdb_page);
-    $jdb = new DOMXPath($jdb_dom);
-  }
-
-  list($idols, $genres, $screens, $title, $title_jp, $year, $studio, $label, $desc, $image) = array([],[],[],'','','','','','','');
-
-  if (!$jdb_page && !$jlib_page_jp && !$jlib_page_en) {
-    json_die('failure', 'Movie not found');
-  }
-
-  $degraded = false;
-
-  if ($jlib_page_jp && $jlib_jp->query('//*[@id="video_title"]')['length']) {
-    $title_jp = $jlib_jp->query('//*[@id="video_title"]/h3/a')->item(0)->nodeValue;
-    $title_jp = substr($title_jp, strlen($cn) + 1);
-  } else {
-    $degraded = true;
-  }
-  if ($jlib_page_en && $jlib_en->query('//*[@id="video_title"]')['length']) {
-    $title = $jlib_en->query('//*[@id="video_title"]/h3/a')->item(0)->nodeValue;
-    $title = substr($title, strlen($cn) + 1);
-    $idols = [];
-    foreach ($jlib_en->query('//*[starts-with(@id, "cast")]/span[1]/a') as $idol) {
-      $idols[] = $idol->nodeValue;
-    }
-    $year = $jlib_en->query('//*[@id="video_date"]/table/tr/td[2]')->item(0)->nodeValue;
-    $year = explode('-', $year)[0];
-    $studio = $jlib_en->query('//*[starts-with(@id, "maker")]/a')->item(0)->nodeValue;
-    $label = $jlib_en->query('//*[starts-with(@id, "label")]/a')->item(0)->nodeValue;
-    $image = $jlib_en->query('//*[@id="video_jacket_img"]')->item(0)->getAttribute('src');
-    $comments = "";
-    foreach ($jlib_en->query('//*[@class="comment"]//*[@class="t"]//textarea') as $comment) {
-      $comments .= ($comment->nodeValue).' ';
-    }
-    preg_match_all("/\[img\b[^\]]*\]([^\[]*?)\[\/img\](?!\[\/url)/is", $comments, $screens_t);
-    if (isset($screens_t[1])) {
-      $screens = $screens_t[1];
-      function f($s) { return !(preg_match('/(rapidgator)|(uploaded)|(javsecret)|(\.gif)|(google)|(thumb)|(imgur)|(fileboom)|(openload)/', $s)); }
-      $screens = array_values(array_filter($screens, f));
-    }
-    if (preg_match('/http:\/\/imagetwist.com\/\S*jpg.html/', $comments, $twist)) {
-      $twist_t = file_get_contents($twist[0]);
-      $twist = new DOMDocument();
-      $twist->loadHTML($twist_t);
-      $twist = new DOMXPath($twist);
-      if ($twist->query('//img[@class="pic"]')->item(0)) {
-        $screens[] =  $twist->query('//img[@class="pic"]')->item(0)->getAttribute('src');
-      }
-    }
-    $desc = '';
-    $genres = [];
-    foreach ($jlib_en->query('//*[starts-with(@id, "genre")]/a') as $genre) {
-      $genres[] =  str_replace(' ', '.', strtolower($genre->nodeValue));
-    }
-  } else {
-    $degraded = true;
-  }
-  if ($jdb_page) {
-    if (!$title) {
-      $title = trim(substr($jdb->query("//h1[contains(@class, 'entry-title')]")[0]->nodeValue, strlen($cn) + 3));
-    }
-    if (!$studio) {
-      $studio = $jdb->query("//b[contains(., 'Studio:')]")[0]->nextSibling->nodeValue;
-    }
-    if (!$label) {
-      $label = $jdb->query("//b[contains(., 'Label:')]")[0]->nextSibling->nodeValue;
-    }
-    if (!$idols) {
-      $idols_raw = $jdb->query("//b[contains(., 'Idol(s): ')]")[0]->nextSibling;
-
-      for ($i = 0; $i < 10; $i++) {
-        if ($idols_raw->tagName == "a") {
-          $idol_name = $idols_raw->nodeValue;
-          $idol_lower = strtolower(str_replace(' ', '-', $idol_name));
-          // ensure it's actually an idol name
-          if (strpos($idols_raw->attributes->item(0)->nodeValue, '.com/idols/' . $idol_lower) !== false) {
-            $idols[] = $idols_raw->nodeValue;
-          }
-        }
-        $idols_raw = $idols_raw->nextSibling;
-      }
-    }
-    if (!$year) {
-      $year = substr($jdb->query("//b[contains(., 'Release Date:')]")[0]->nextSibling->nodeValue, 1, 4);
-    }
-    if (!$image) {
-      $image = $jdb->query("//img[contains(@alt, ' download or stream.')]")->item(0)->getAttribute('src');
-    }
-    if (substr($image, 0, 2) == '//') {
-      $image = 'https:'.$image;
-    }
-    if (!$desc) {
-      // Shit neither of the sites have descriptions
-      $desc = '';
-    }
-  }
-
-  if (!($title || $idols || $year || $studio || $label || $genres)) {
-    json_die('failure', 'Movie not found');
-  }
-
-  // Only show "genres" we have tags for
-  if (!$Cache->get_value('genre_tags')) {
-    $DB->query('
-      SELECT Name
-      FROM tags
-      WHERE TagType = \'genre\'
-      ORDER BY Name');
-    $Cache->cache_value('genre_tags', $DB->collect('Name'), 3600 * 6);
-  }
-  $genres = array_values(array_intersect(array_values($Cache->get_value('genre_tags')), str_replace('_','.',array_values(Tags::remove_aliases(array('include' => str_replace('.','_',$genres)))['include']))));
-
-  $json = array(
-    'cn'          => $cn,
-    'title'       => ($title ? $title : ''),
-    'title_jp'    => ($title_jp ? $title_jp : ''),
-    'idols'       => ($idols ? $idols : []),
-    'year'        => ($year ? $year : ''),
-    'studio'      => ($studio ? $studio : ''),
-    'label'       => ($label ? $label : ''),
-    'image'       => ($image ? $image : ''),
-    'description' => ($desc ? $desc : ''),
-    'tags'        => ($genres ? $genres : []),
-    'screens'     => ($screens ? $screens : []),
-    'degraded'    => $degraded
-  );
-
-  $Cache->cache_value('jav_fill_json_'.$cn, $json, 86400);
-
-  json_die('success', $json);
-*/
-}

sections/ajax/autofill/manga.php

@@ -1,106 +0,0 @@
-<?php
-#declare(strict_types=1);
-
-if (empty($_GET['url'])) {
-    json_die();
-}
-
-$url = str_replace('exhentai', 'e-hentai', $_GET['url']);
-
-$matches = [];
-preg_match('/^https?:\/\/g?\.?e.hentai\.org\/g\/(\d+)\/([\w\d]+)\/?$/', $url, $matches);
-
-$gid = $matches[1] ?? '';
-$token = $matches[2] ?? '';
-
-if (empty($gid) || empty($token)) {
-    json_die("failure", "Invalid URL");
-}
-
-if ($Cache->get_value('manga_fill_json_'.$gid)) {
-    json_die("success", $Cache->get_value('manga_fill_json_'.$gid));
-} else {
-    $data = json_encode(["method" => "gdata", "gidlist" => [[$gid, $token]], "namespace" => 1]);
-    $curl = curl_init('http://api.e-hentai.org/api.php');
-    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "POST");
-    curl_setopt($curl, CURLOPT_TIMEOUT, 10);
-    curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
-    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
-    curl_setopt($curl, CURLOPT_HTTPHEADER, ['Content-Type: application/json', 'Content-Length: '.strlen($data)]);
-
-    $json = curl_exec($curl);
-
-    if (empty($json)) {
-        json_die("failure", "Could not get page");
-    }
-
-    $json = json_decode($json, true)["gmetadata"][0];
-
-    $artists = [];
-    $tags = [];
-    $lang = null;
-    $circle = null;
-    $censored = true;
-    foreach ($json["tags"] as $tag) {
-        if (strpos($tag, ':') !== false) {
-            list($namespace, $tag) = explode(':', $tag);
-        } else {
-            $namespace = '';
-        }
-
-        if ($namespace == "artist") {
-            array_push($artists, ucwords($tag));
-        } elseif ($namespace == "group") {
-            $circle = empty($circle) ? ucfirst($tag) : $circle;
-        } elseif ($tag == "uncensored") {
-            $censored = false;
-        } else {
-            if ($namespace) {
-                $tag = $tag.':'.$namespace;
-            }
-            array_push($tags, str_replace(' ', '.', $tag));
-        }
-    }
-
-    // get the cover for ants
-    $cover = $json['thumb'];
-    // and let's see if we can replace it with something better
-    $gallery_page = file_get_contents($url);
-    $re = '/'.preg_quote('-0px 0 no-repeat"><a href="').'(.*)'.preg_quote('"><img alt="01"').'/';
-    preg_match($re, $gallery_page, $galmatch);
-    // were we able to find the first page of the gallery?
-    if ($galmatch[1]) {
-        $image_page = file_get_contents($galmatch[1]);
-        $re = '/'.preg_quote('"><img id="img" src="').'([^<]*)'.preg_quote('" style=').'/';
-        preg_match($re, $image_page, $imgmatch);
-        // were we able to find the image url?
-        if ($imgmatch[1]) {
-            $cover = $imgmatch[1];
-        }
-    }
-
-    $title = html_entity_decode($json['title'], ENT_QUOTES);
-    $title = preg_replace("/\(([^()]*+|(?R))*\)/", "", $title);
-    $title = trim(preg_replace("/\[([^\[\]]*+|(?R))*\]/", "", $title));
-    $title_jp = html_entity_decode($json['title_jpn'], ENT_QUOTES);
-    $title_jp = preg_replace("/\(([^()]*+|(?R))*\)/", "", $title_jp);
-    $title_jp = trim(preg_replace("/\[([^\[\]]*+|(?R))*\]/", "", $title_jp));
-
-    $json_str = [
-    'id'          => $gid,
-    'title'       => $title,
-    'title_jp'    => $title_jp,
-    'artists'     => $artists,
-    'circle'      => $circle,
-    'censored'    => $censored,
-    'year'        => null,
-    'tags'        => $tags,
-    'lang'        => $lang ?? 'Japanese',
-    'description' => '',
-    'cover'       => $cover
-  ];
-
-    $Cache->cache_value('manga_fill_json_'.$gid, $json_str, 86400);
-
-    json_die("success", $json_str);
-}

sections/ajax/index.php

@@ -1,292 +0,0 @@
-<?php
-declare(strict_types = 1);
-
-/**
- * AJAX Switch Center
- *
- * This page acts as an AJAX "switch" - it's called by scripts, and it includes the required pages.
- * The required page is determined by $_GET['action'].
- */
-
-# $_POST login cookie
-if (!isset($FullToken)) {
-    enforce_login();
-}
-
-/*
-# I wish...
-else {
-  authorize(true);
-}
-*/
-
-
-/**
- * These users aren't rate limited.
- * This array should contain user IDs.
- */
-
-# Get people with Donor permissions
-$Donors = $DB->query("
-SELECT
-  `ID`
-FROM
-  `users_main`
-WHERE
-  `PermissionID` = 20
-");
-
-# Add Donors to $UserExceptions or define manually
-if ($DB->record_count()) {
-    $UserExceptions = array_unique($DB->collect('ID'));
-} else {
-    $UserExceptions = array(
-      # 1, 2, 3, etc.
-    );
-}
-
-# System and admin fix
-array_push($UserExceptions, 0, 1);
-
-
-/**
- * AJAX_LIMIT = array($x, $y) = $x requests every $y seconds,
- * e.g., array(5, 10) = 5 requests every 10 seconds.
- */
-$AJAX_LIMIT = array(1, 6);
-$UserID = $LoggedUser['ID'];
-
-# Set proper headers for JSON output
-# https://github.com/OPSnet/Gazelle/blob/master/sections/ajax/index.php
-if (!empty($_SERVER['CONTENT_TYPE']) && substr($_SERVER['CONTENT_TYPE'], 0, 16) === 'application/json') {
-    $_POST = json_decode(file_get_contents('php://input'), true);
-}
-header('Content-Type: application/json; charset=utf-8');
-
-//  Enforce rate limiting everywhere except info.php
-if (!in_array($UserID, $UserExceptions) && isset($_GET['action'])) {
-    if (!$UserRequests = $Cache->get_value("ajax_requests_$UserID")) {
-        $UserRequests = 0;
-        $Cache->cache_value("ajax_requests_$UserID", '0', $AJAX_LIMIT[1]);
-    }
-
-    if ($UserRequests > $AJAX_LIMIT[0]) {
-        json_die('failure', 'rate limit exceeded');
-    } else {
-        $Cache->increment_value("ajax_requests_$UserID");
-    }
-}
-
-
-/**
- * Actions
- */
-switch ($_GET['action']) {
-  /**
-   * Torrents
-   */
-  case 'torrent':
-    require 'torrent.php';
-    break;
-
-  case 'torrentgroup':
-    require 'torrentgroup.php';
-    break;
-
-  // So the album art script can function without breaking the rate limit
-  case 'torrentgroupalbumart':
-    require SERVER_ROOT.'/sections/ajax/torrentgroupalbumart.php';
-    break;
-
-  case 'browse':
-    require SERVER_ROOT.'/sections/ajax/browse.php';
-    break;
-  
-   case 'tcomments':
-    require SERVER_ROOT.'/sections/ajax/tcomments.php';
-    break;
-
-  /**
-   * Features
-   */
-  case 'collage':
-    require SERVER_ROOT.'/sections/ajax/collage.php';
-    break;
-  
-  case 'artist':
-    require SERVER_ROOT.'/sections/ajax/artist.php';
-    break;
-
-  case 'request':
-    require SERVER_ROOT.'/sections/ajax/request.php';
-    break;
-
-  case 'requests':
-    require SERVER_ROOT.'/sections/ajax/requests.php';
-    break;
-
-  case 'top10':
-    require SERVER_ROOT.'/sections/ajax/top10/index.php';
-    break;
-
-  /**
-   * Users
-   */
-  case 'user':
-    require SERVER_ROOT.'/sections/ajax/user.php';
-    break;
-
-  case 'usersearch':
-    require SERVER_ROOT.'/sections/ajax/usersearch.php';
-    break;
-  
-  case 'community_stats':
-    require SERVER_ROOT.'/sections/ajax/community_stats.php';
-    break;
-
-  case 'user_recents':
-    require SERVER_ROOT.'/sections/ajax/user_recents.php';
-    break;
-
-  case 'userhistory':
-    require SERVER_ROOT.'/sections/ajax/userhistory/index.php';
-    break;
-
-  /**
-   * Account
-   */
-  case 'inbox':
-    require SERVER_ROOT.'/sections/ajax/inbox/index.php';
-    break;
-
-  case 'bookmarks':
-    require SERVER_ROOT.'/sections/ajax/bookmarks/index.php';
-    break;
-
-  case 'notifications':
-    require SERVER_ROOT.'/sections/ajax/notifications.php';
-    break;
-
-  case 'get_user_notifications':
-    require SERVER_ROOT.'/sections/ajax/get_user_notifications.php';
-    break;
-
-  case 'clear_user_notification':
-    require SERVER_ROOT.'/sections/ajax/clear_user_notification.php';
-    break;
-
-  /**
-   * Forums
-   */
-  case 'forum':
-    require SERVER_ROOT.'/sections/ajax/forum/index.php';
-    break;
-
-
-  case 'subscriptions':
-    require SERVER_ROOT.'/sections/ajax/subscriptions.php';
-    break;
-
-  case 'raw_bbcode':
-    require SERVER_ROOT.'/sections/ajax/raw_bbcode.php';
-    break;
-
-  /**
-   * Meta
-   */
-  case 'index':
-    require SERVER_ROOT.'/sections/ajax/info.php';
-    break;
-
-  case 'manifest':
-    require SERVER_ROOT.'/manifest.php';
-    json_die('success', manifest());
-    break;
-
-  case 'stats':
-    require SERVER_ROOT.'/sections/ajax/stats.php';
-    break;
-
-  case 'loadavg':
-    require SERVER_ROOT.'/sections/ajax/loadavg.php';
-    break;
-
-  case 'announcements':
-    require SERVER_ROOT.'/sections/ajax/announcements.php';
-    break;
-
-  case 'wiki':
-    require SERVER_ROOT.'/sections/ajax/wiki.php';
-    break;
-  
-  case 'ontology':
-    require SERVER_ROOT.'/sections/ajax/ontology.php';
-    break;
-  
-  /**
-   * Under construction
-   */
-  case 'preview':
-    require 'preview.php';
-    break;
-
-  case 'better':
-    require SERVER_ROOT.'/sections/ajax/better/index.php';
-    break;
-
-  case 'get_friends':
-    require SERVER_ROOT.'/sections/ajax/get_friends.php';
-    break;
-
-  case 'news_ajax':
-    require SERVER_ROOT.'/sections/ajax/news_ajax.php';
-    break;
-
-  case 'send_recommendation':
-    require SERVER_ROOT.'/sections/ajax/send_recommendation.php';
-    break;
-
-  /*
-  case 'similar_artists':
-    require SERVER_ROOT.'/sections/ajax/similar_artists.php';
-    break;
-  */
-
-  /*
-  case 'votefavorite':
-    require SERVER_ROOT.'/sections/ajax/takevote.php';
-    break;
-  */
-
-  /*
-  case 'torrent_info':
-    require 'torrent_info.php';
-    break;
-  */
-
-  /*
-  case 'checkprivate':
-    include 'checkprivate.php';
-    break;
-  */
-
-  case 'autofill':
-    /*
-    if ($_GET['cat'] === 'anime') {
-        require SERVER_ROOT.'/sections/ajax/autofill/anime.php';
-    }
-
-    if ($_GET['cat'] === 'jav') {
-        require SERVER_ROOT.'/sections/ajax/autofill/jav.php';
-    }
-
-    if ($_GET['cat'] === 'manga') {
-        require SERVER_ROOT.'/sections/ajax/autofill/manga.php';
-    }
-    */
-    break;
-
-  default:
-    // If they're screwing around with the query string
-    json_die('failure');
-}

sections/ajax/torrentgroup.php

@@ -1,101 +0,0 @@
-<?php
-#declare(strict_types=1);
-
-require SERVER_ROOT.'/sections/torrents/functions.php';
-
-$GroupID = (int) $_GET['id'];
-$TorrentHash = (string) $_GET['hash'];
-
-if ($GroupID && $TorrentHash) {
-    json_die('failure', 'bad parameters');
-}
-
-if ($TorrentHash) {
-    if (!is_valid_torrenthash($TorrentHash)) {
-        json_die('failure', 'bad hash parameter');
-    } else {
-        $GroupID = (int) torrenthash_to_groupid($TorrentHash);
-        if (!$GroupID) {
-            json_die('failure', 'bad hash parameter');
-        }
-    }
-}
-
-if ($GroupID <= 0) {
-    json_die('failure', 'bad id parameter');
-}
-
-$TorrentCache = get_group_info($GroupID, true, 0, true, true);
-if (!$TorrentCache) {
-    json_die('failure', 'bad id parameter');
-}
-
-list($TorrentDetails, $TorrentList) = $TorrentCache;
-$Artists = Artists::get_artist($GroupID);
-
-if ($TorrentDetails['CategoryID'] === 0) {
-    $CategoryName = 'Unknown';
-} else {
-    $CategoryName = $Categories[$TorrentDetails['CategoryID'] - 1];
-}
-
-$TagList = explode('|', $TorrentDetails['GROUP_CONCAT(DISTINCT tags.Name SEPARATOR \'|\')']);
-
-$JsonTorrentDetails = [
-  'description'  => Text::full_format($TorrentDetails['WikiBody']),
-  'picture'      => $TorrentDetails['WikiImage'],
-  'id'           => (int) $TorrentDetails['ID'],
-  'name'         => $TorrentDetails['Name'],
-  'organism'     => $TorrentDetails['Title2'],
-  'strain'       => $TorrentDetails['NameJP'],
-  'authors'      => $Artists,
-  'year'         => (int) $TorrentDetails['Year'],
-  'accession'    => $TorrentDetails['CatalogueNumber'],
-  'categoryId'   => (int) $TorrentDetails['CategoryID'],
-  'categoryName' => $CategoryName,
-  'time'         => $TorrentDetails['Time'],
-  'isBookmarked' => Bookmarks::has_bookmarked('torrent', $GroupID),
-  'tags'         => $TagList
-];
-
-$JsonTorrentList = [];
-foreach ($TorrentList as $Torrent) {
-    // Convert file list back to the old format
-    $FileList = explode("\n", $Torrent['FileList']);
-    foreach ($FileList as &$File) {
-        $File = Torrents::filelist_old_format($File);
-    }
-
-    unset($File);
-    $FileList = implode('|||', $FileList);
-    $Userinfo = Users::user_info($Torrent['UserID']);
-
-    $Reports = Torrents::get_reports($Torrent['ID']);
-    $Torrent['Reported'] = count($Reports) > 0;
-
-    $JsonTorrentList[] = [
-      'id'          => (int) $Torrent['ID'],
-      'infoHash'    => $Torrent['InfoHash'],
-      'platform'    => $Torrent['Media'],
-      'format'      => $Torrent['Container'],
-      'license'     => $Torrent['Codec'],
-      'scope'       => $Torrent['Resolution'],
-      'annotated'   => (bool) $Torrent['Censored'],
-      'archive'     => $Torrent['Archive'],
-      'fileCount'   => (int) $Torrent['FileCount'],
-      'size'        => (int) $Torrent['Size'],
-      'seeders'     => (int) $Torrent['Seeders'],
-      'leechers'    => (int) $Torrent['Leechers'],
-      'snatched'    => (int) $Torrent['Snatched'],
-      'freeTorrent' => ($Torrent['FreeTorrent'] == 1),
-      'reported'    => (bool) $Torrent['Reported'],
-      'time'        => $Torrent['Time'],
-      'description' => $Torrent['Description'],
-      'fileList'    => $FileList,
-      'filePath'    => $Torrent['FilePath'],
-      'userId'      => (int) ($Torrent['Anonymous'] ? 0 : $Torrent['UserID']),
-      'username'    => ($Torrent['Anonymous'] ? 'Anonymous' : $Userinfo['Username'])
-    ];
-}
-
-json_die('success', ['group' => $JsonTorrentDetails, 'torrents' => $JsonTorrentList]);

sections/ajax/artist.php → sections/api/artist.php

@@ -134,22 +134,24 @@ if (empty($LoggedUser['DisableRequests'])) {
 $NumRequests = count($Requests);
 
 if (($Importances = $Cache->get_value("artist_groups_$ArtistID")) === false) {
-    /*
     $DB->query("
-      SELECT
-        DISTINCTROW ta.GroupID, ta.Importance, tg.VanityHouse, tg.Year
-      FROM torrents_artists AS ta
-        JOIN torrents_group AS tg ON tg.ID = ta.GroupID
-      WHERE ta.ArtistID = '$ArtistID'
-      ORDER BY tg.Year DESC, tg.Name DESC");
-    */
-    $DB->query("
-    SELECT
-      DISTINCTROW ta.GroupID, ta.Importance, tg.Year
-    FROM torrents_artists AS ta
-      JOIN torrents_group AS tg ON tg.ID = ta.GroupID
-    WHERE ta.ArtistID = '$ArtistID'
-    ORDER BY tg.Year DESC, tg.Name DESC");
+    SELECT DISTINCTROW
+      ta.`GroupID`,
+      ta.`Importance`,
+      tg.`year`
+    FROM
+      `torrents_artists` AS ta
+    JOIN `torrents_group` AS tg
+    ON
+      tg.`id` = ta.`GroupID`
+    WHERE
+      ta.`ArtistID` = '$ArtistID'
+    ORDER BY
+      tg.`year`,
+      tg.`Name`
+    DESC
+    ");
+    
     $GroupIDs = $DB->collect('GroupID');
     $Importances = $DB->to_array(false, MYSQLI_BOTH, false);
     $Cache->cache_value("artist_groups_$ArtistID", $Importances, 0);

sections/api/autofill/doi.php

@@ -0,0 +1,32 @@
+<?php
+declare(strict_types=1);
+
+$ENV = ENV::go();
+
+if (!$_GET['doi']) {
+    json_error('expected doi param');
+} elseif (!preg_match("/$ENV->DOI_REGEX/", strtoupper($_GET['doi']))) {
+    json_error('expected valid doi');
+} else {
+    $DOI = $_GET['doi'];
+}
+
+# https://weichie.com/blog/curl-api-calls-with-php/
+$curl = curl_init();
+curl_setopt($curl, CURLOPT_URL, "$ENV->SS/$DOI");
+curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
+$output = curl_exec($curl);
+curl_close($curl);
+
+# I don't like this nested json_*code() business
+# It's slow and unnecesary since SS already outputs JSON
+# todo: At least cache the response, then refactor
+print
+    json_encode(
+        [
+            'status' => 'success',
+            'response' => json_decode($output, true),
+        ],
+        JSON_UNESCAPED_SLASHES
+    );

sections/ajax/forum/thread.php → sections/api/forum/thread.php

@@ -28,7 +28,7 @@ if (!isset($_GET['threadid']) || !is_number($_GET['threadid'])) {
 
         if ($ThreadID) {
             // Redirect postid to threadid when necessary
-            header("Location: ajax.php?action=forum&type=viewthread&threadid=$ThreadID&postid=$_GET[postid]");
+            header("Location: api.php?action=forum&type=viewthread&threadid=$ThreadID&postid=$_GET[postid]");
             error();
         } else {
             echo json_encode(array('status' => 'failure'));

sections/api/index.php

@@ -0,0 +1,288 @@
+<?php
+declare(strict_types = 1);
+
+/**
+ * AJAX switch center
+ *
+ * This page acts as an AJAX "switch" - it's called by scripts, and it includes the required pages.
+ * The required page is determined by $_GET['action'].
+ */
+
+$ENV = ENV::go();
+
+# $_POST login cookie
+if (!isset($FullToken)) {
+    enforce_login();
+}
+
+
+/**
+ * These users aren't rate limited.
+ * This array should contain user IDs.
+ */
+
+# Get people with Donor permissions
+$Donors = $DB->query("
+SELECT
+  `ID`
+FROM
+  `users_main`
+WHERE
+  `PermissionID` = 20
+");
+
+# Add Donors to $UserExceptions or define manually
+if ($DB->record_count()) {
+    $UserExceptions = array_unique($DB->collect('ID'));
+} else {
+    $UserExceptions = array(
+      # 1, 2, 3, etc.
+    );
+}
+
+# System and admin fix
+array_push($UserExceptions, 0, 1);
+
+
+/**
+ * $AjaxLimit = array($x, $y) = $x requests every $y seconds,
+ * e.g., array(5, 10) = 5 requests every 10 seconds.
+ */
+$AjaxLimit = array(1, 6);
+$UserID = $LoggedUser['ID'];
+
+# Set proper headers for JSON output
+# https://github.com/OPSnet/Gazelle/blob/master/sections/api/index.php
+if (!empty($_SERVER['CONTENT_TYPE']) && substr($_SERVER['CONTENT_TYPE'], 0, 16) === 'application/json') {
+    $_POST = json_decode(file_get_contents('php://input'), true);
+}
+header('Content-Type: application/json; charset=utf-8');
+
+# Enforce rate limiting everywhere
+if (!in_array($UserID, $UserExceptions) && isset($_GET['action'])) {
+    if (!$UserRequests = $Cache->get_value("ajax_requests_$UserID")) {
+        $UserRequests = 0;
+        $Cache->cache_value("ajax_requests_$UserID", '0', $AjaxLimit[1]);
+    }
+
+    if ($UserRequests > $AjaxLimit[0]) {
+        json_die('failure', 'rate limit exceeded');
+    } else {
+        $Cache->increment_value("ajax_requests_$UserID");
+    }
+}
+
+
+/**
+ * Actions
+ */
+
+switch ($_GET['action']) {
+    /**
+     * Torrents
+     */
+    case 'torrent':
+      require_once "$ENV->SERVER_ROOT/sections/api/torrents/torrent.php";
+      break;
+
+    case 'group':
+      require_once "$ENV->SERVER_ROOT/sections/api/torrents/group.php";
+      break;
+
+  // So the album art script can function without breaking the rate limit
+  case 'torrentgroupalbumart':
+    require_once "$ENV->SERVER_ROOT/sections/api/torrentgroupalbumart.php";
+    break;
+
+  case 'browse':
+    require_once "$ENV->SERVER_ROOT/sections/api/browse.php";
+    break;
+  
+   case 'tcomments':
+    require_once "$ENV->SERVER_ROOT/sections/api/tcomments.php";
+    break;
+
+  /**
+   * Features
+   */
+  case 'collage':
+    require_once "$ENV->SERVER_ROOT/sections/api/collage.php";
+    break;
+  
+  case 'artist':
+    require_once "$ENV->SERVER_ROOT/sections/api/artist.php";
+    break;
+
+  case 'request':
+    require_once "$ENV->SERVER_ROOT/sections/api/request.php";
+    break;
+
+  case 'requests':
+    require_once "$ENV->SERVER_ROOT/sections/api/requests.php";
+    break;
+
+  case 'top10':
+    require_once "$ENV->SERVER_ROOT/sections/api/top10/index.php";
+    break;
+
+  /**
+   * Users
+   */
+  case 'user':
+    require_once "$ENV->SERVER_ROOT/sections/api/user.php";
+    break;
+
+  case 'usersearch':
+    require_once "$ENV->SERVER_ROOT/sections/api/usersearch.php";
+    break;
+  
+  case 'community_stats':
+    require_once "$ENV->SERVER_ROOT/sections/api/community_stats.php";
+    break;
+
+  case 'user_recents':
+    require_once "$ENV->SERVER_ROOT/sections/api/user_recents.php";
+    break;
+
+  case 'userhistory':
+    require_once "$ENV->SERVER_ROOT/sections/api/userhistory/index.php";
+    break;
+
+  /**
+   * Account
+   */
+  case 'inbox':
+    require_once "$ENV->SERVER_ROOT/sections/api/inbox/index.php";
+    break;
+
+  case 'bookmarks':
+    require_once "$ENV->SERVER_ROOT/sections/api/bookmarks/index.php";
+    break;
+
+  case 'notifications':
+    require_once "$ENV->SERVER_ROOT/sections/api/notifications.php";
+    break;
+
+  case 'get_user_notifications':
+    require_once "$ENV->SERVER_ROOT/sections/api/get_user_notifications.php";
+    break;
+
+  case 'clear_user_notification':
+    require_once "$ENV->SERVER_ROOT/sections/api/clear_user_notification.php";
+    break;
+
+  /**
+   * Forums
+   */
+  case 'forum':
+    require_once "$ENV->SERVER_ROOT/sections/api/forum/index.php";
+    break;
+
+  case 'subscriptions':
+    require_once "$ENV->SERVER_ROOT/sections/api/subscriptions.php";
+    break;
+
+  case 'raw_bbcode':
+    require_once "$ENV->SERVER_ROOT/sections/api/raw_bbcode.php";
+    break;
+
+  /**
+   * Meta
+   */
+  case 'index':
+    require_once "$ENV->SERVER_ROOT/sections/api/info.php";
+    break;
+
+  case 'manifest':
+    require_once "$ENV->SERVER_ROOT/manifest.php";
+    json_die('success', manifest());
+    break;
+
+  case 'stats':
+    require_once "$ENV->SERVER_ROOT/sections/api/stats.php";
+    break;
+
+  case 'loadavg':
+    require_once "$ENV->SERVER_ROOT/sections/api/loadavg.php";
+    break;
+
+  case 'announcements':
+    require_once "$ENV->SERVER_ROOT/sections/api/announcements.php";
+    break;
+
+  case 'wiki':
+    require_once "$ENV->SERVER_ROOT/sections/api/wiki.php";
+    break;
+  
+  case 'ontology':
+    require_once "$ENV->SERVER_ROOT/sections/api/ontology.php";
+    break;
+  
+  /**
+   * Under construction
+   */
+  case 'preview':
+    require_once "$ENV->SERVER_ROOT/sections/api/preview.php";
+    break;
+
+  case 'better':
+    require_once "$ENV->SERVER_ROOT/sections/api/better/index.php";
+    break;
+
+  case 'get_friends':
+    require_once "$ENV->SERVER_ROOT/sections/api/get_friends.php";
+    break;
+
+  case 'news_ajax':
+    require_once "$ENV->SERVER_ROOT/sections/api/news_ajax.php";
+    break;
+
+  case 'send_recommendation':
+    require_once "$ENV->SERVER_ROOT/sections/api/send_recommendation.php";
+    break;
+
+  /*
+  case 'similar_artists':
+    require_once "$ENV->SERVER_ROOT/sections/api/similar_artists.php";
+    break;
+  */
+
+  /*
+  case 'votefavorite':
+    require_once "$ENV->SERVER_ROOT/sections/api/takevote.php";
+    break;
+  */
+
+  /*
+  case 'torrent_info':
+    require_once "$ENV->SERVER_ROOT/sections/api/torrent_info.php";
+    break;
+  */
+
+  /*
+  case 'checkprivate':
+    include "$ENV->SERVER_ROOT/sections/api/checkprivate.php";
+    break;
+  */
+
+  case 'autofill':
+    require_once "$ENV->SERVER_ROOT/sections/api/autofill/doi.php";
+    /*
+    if ($_GET['cat'] === 'anime') {
+        require_once "$ENV->SERVER_ROOT/sections/api/autofill/anime.php";
+    }
+
+    if ($_GET['cat'] === 'jav') {
+        require_once "$ENV->SERVER_ROOT/sections/api/autofill/jav.php";
+    }
+
+    if ($_GET['cat'] === 'manga') {
+        require_once "$ENV->SERVER_ROOT/sections/api/autofill/manga.php";
+    }
+    */
+    break;
+
+  default:
+    // If they're screwing around with the query string
+    json_die('failure');
+}

sections/ajax/loadavg.php → sections/api/loadavg.php

@@ -1,5 +1,5 @@
 <?php
-#declare(strict_types=1);
+declare(strict_types=1);
 
 #authorize();
 

sections/ajax/send_recommendation.php → sections/api/send_recommendation.php

@@ -1,25 +1,33 @@
 <?php
-#declare(strict_types=1);
+declare(strict_types=1);
 
-$FriendID = (int)$_POST['friend'];
+$FriendID = (int) $_POST['friend'];
 $Type = $_POST['type'];
-$ID = (int)$_POST['id'];
+$ID = (int) $_POST['id'];
 $Note = $_POST['note'];
 
 if (empty($FriendID) || empty($Type) || empty($ID)) {
     echo json_encode(array('status' => 'error', 'response' => 'Error.'));
     error();
 }
+
 // Make sure the recipient is on your friends list and not some random dude.
-$DB->query("
-  SELECT f.FriendID, u.Username
-  FROM friends AS f
-    RIGHT JOIN users_enable_recommendations AS r
-      ON r.ID = f.FriendID AND r.Enable = 1
-    RIGHT JOIN users_main AS u
-      ON u.ID = f.FriendID
-  WHERE f.UserID = '$LoggedUser[ID]'
-    AND f.FriendID = '$FriendID'");
+$DB->prepare_query("
+SELECT
+  f.`FriendID`,
+  u.`Username`
+FROM
+  `friends` AS f
+RIGHT JOIN `users_enable_recommendations` AS r
+ON
+  r.`ID` = f.`FriendID` AND r.`Enable` = 1
+RIGHT JOIN `users_main` AS u
+ON
+  u.`ID` = f.`FriendID`
+WHERE
+  f.`UserID` = '$LoggedUser[ID]' AND f.`FriendID` = '$FriendID'
+");
+$DB->exec_prepared_query();
 
 if (!$DB->has_results()) {
     echo json_encode(array('status' => 'error', 'response' => 'Not on friend list.'));
@@ -32,32 +40,51 @@ $Link = '';
 // https://en.wikipedia.org/wiki/English_articles#Distinction_between_a_and_an
 $Article = 'a';
 switch ($Type) {
-  case 'torrent':
+    case 'torrent':
     $Link = "torrents.php?id=$ID";
     $DB->query("
-      SELECT Name
-      FROM torrents_group
-      WHERE ID = '$ID'");
+    SELECT
+      `title`
+    FROM
+      `torrents_group`
+    WHERE
+      `id` = '$ID'
+    ");
     break;
-  case 'artist':
+
+    case 'artist':
     $Article = 'an';
     $Link = "artist.php?id=$ID";
     $DB->query("
-      SELECT Name
-      FROM artists_group
-      WHERE ArtistID = '$ID'");
+    SELECT
+      `Name`
+    FROM
+      `artists_group`
+    WHERE
+      `ArtistID` = '$ID'
+    ");
     break;
-  case 'collage':
+
+    case 'collage':
     $Link = "collages.php?id=$ID";
     $DB->query("
-      SELECT Name
-      FROM collages
-      WHERE ID = '$ID'");
+    SELECT
+      `Name`
+    FROM
+      `collages`
+    WHERE
+      `ID` = '$ID'
+    ");
+    break;
+
+    default:
     break;
 }
+
 list($Name) = $DB->next_record();
 $Subject = $LoggedUser['Username'] . " recommended you $Article $Type!";
 $Body = $LoggedUser['Username'] . " recommended you the $Type [url=".site_url()."$Link]$Name".'[/url].';
+
 if (!empty($Note)) {
     $Body = "$Body\n\n$Note";
 }

sections/ajax/stats.php → sections/api/stats.php

@@ -1,5 +1,5 @@
 <?php
-#declare(strict_types=1);
+declare(strict_types=1);
 
 // Begin user stats
 if (($UserCount = $Cache->get_value('stats_user_count')) === false) {
@@ -67,12 +67,13 @@ if (($TorrentCount = $Cache->get_value('stats_torrent_count')) === false) {
 if (($AlbumCount = $Cache->get_value('stats_album_count')) === false) {
     $DB->query("
     SELECT
-      COUNT(`ID`)
+      COUNT(`id`)
     FROM
       `torrents_group`
     WHERE
-      `CategoryID` = '1'
+      `category_id` = '1'
     ");
+
     list($AlbumCount) = $DB->next_record();
     $Cache->cache_value('stats_album_count', $AlbumCount, 604830); // staggered 1 week cache
 }
@@ -84,6 +85,7 @@ if (($ArtistCount = $Cache->get_value('stats_artist_count')) === false) {
     FROM
       `artists_group`
     ");
+    
     list($ArtistCount) = $DB->next_record();
     $Cache->cache_value('stats_artist_count', $ArtistCount, 604860); // staggered 1 week cache
 }

sections/ajax/top10/torrents.php → sections/api/top10/torrents.php

@@ -18,23 +18,29 @@ $Limit = isset($_GET['limit']) ? intval($_GET['limit']) : 10;
 $Limit = in_array($Limit, array(10, 100, 250)) ? $Limit : 10;
 
 $WhereSum = (empty($Where)) ? '' : md5($Where);
-$BaseQuery = '
-  SELECT
-    t.ID,
-    g.ID,
-    g.Name,
-    g.CategoryID,
-    g.WikiImage,
-    g.TagList,
-    t.Media,
-    g.Year,
-    t.Snatched,
-    t.Seeders,
-    t.Leechers,
-    ((t.Size * t.Snatched) + (t.Size * 0.5 * t.Leechers)) AS Data,
-    t.Size
-  FROM torrents AS t
-    LEFT JOIN torrents_group AS g ON g.ID = t.GroupID';
+$BaseQuery = "
+SELECT
+  t.`ID`,
+  g.`id`,
+  g.`title`,
+  g.`category_id`,
+  g.`picture`,
+  g.`tag_list`,
+  t.`Media`,
+  g.`year`,
+  t.`Snatched`,
+  t.`Seeders`,
+  t.`Leechers`,
+  (
+    (t.`Size` * t.`Snatched`) +(t.`Size` * 0.5 * t.`Leechers`)
+  ) AS `Data`,
+  t.`Size`
+FROM
+  `torrents` AS t
+LEFT JOIN `torrents_group` AS g
+ON
+  g.`id` = t.`GroupID`
+";
 
 $OuterResults = [];
 

sections/api/torrents/group.php

@@ -0,0 +1,166 @@
+<?php
+#declare(strict_types=1);
+
+$ENV = ENV::go();
+require_once "$ENV->SERVER_ROOT/sections/torrents/functions.php";
+
+# Either id or hash
+$GroupID = (int) $_GET['id'];
+$TorrentHash = (string) $_GET['hash'];
+
+# Error if both supplied
+if ($GroupID && $TorrentHash) {
+    json_die('failure', 'bad parameters');
+}
+
+# Get id from hash
+if ($TorrentHash) {
+    if (!is_valid_torrenthash($TorrentHash)) {
+        json_die('failure', 'bad hash parameter');
+    } else {
+        $GroupID = (int) torrenthash_to_groupid($TorrentHash);
+        if (!$GroupID) {
+            json_die('failure', 'bad hash parameter');
+        }
+    }
+}
+
+# Error if bad id
+if ($GroupID <= 0) {
+    json_die('failure', 'bad id parameter');
+}
+
+$TorrentCache = get_group_info($GroupID, true, 0, true, true);
+if (!$TorrentCache) {
+    json_die('failure', 'bad id parameter');
+}
+
+# Get torrent details (group, torrents, artists)
+list($TorrentDetails, $TorrentList) = $TorrentCache;
+$Artists = Artists::get_artist($GroupID);
+
+# Get category name if possible
+if ($TorrentDetails['category_id'] === 0) {
+    $CategoryName = 'Unknown';
+} else {
+    $CategoryName = $Categories[$TorrentDetails['category_id'] - 1];
+}
+
+# Get tag list (name and id)
+$TagIDs = explode('|', $TorrentDetails["GROUP_CONCAT(DISTINCT tags.`ID` SEPARATOR '|')"]);
+$TagNames= explode('|', $TorrentDetails["GROUP_CONCAT(DISTINCT tags.`Name` SEPARATOR '|')"]);
+
+$TagList = [];
+foreach ($TagIDs as $Key => $ID) {
+    array_push(
+        $TagList,
+        [
+            'id'   => $ID,
+            'name' => $TagNames[$Key],
+        ]
+    );
+}
+
+# Get citation list (doi and id)
+# todo: Update DB schema
+$Citations = [];
+foreach ($TorrentDetails['Screenshots'] as $Citation) {
+    array_push(
+        $Citations,
+        [
+            'id'        => $Citation['ID'],
+            'doi'       => $Citation['URI'],
+           #'timestamp' => $Citation['Time'],
+        ]
+    );
+}
+
+# Torrent group response
+# todo: Add seeding, leeching, snatched
+$JsonTorrentDetails = [
+    'id'            => (int) $TorrentDetails['id'],
+    'identifier'    => $TorrentDetails['identifier'],
+
+    'categoryId'   => (int) $TorrentDetails['category_id'],
+    'categoryName' => $CategoryName,
+
+    'title'         => $TorrentDetails['title'],
+    'subject'       => $TorrentDetails['subject'],
+    'object'        => $TorrentDetails['object'],
+
+    'authors'       => $Artists,
+    'year'          => (int) $TorrentDetails['year'],
+    'workgroup'     => $TorrentDetails['workgroup'],
+    'location'      => $TorrentDetails['location'],
+
+    'citations'     => $Citations,
+    'mirrors'       => ($TorrentDetails['Mirrors']) ?: false,
+  
+    'description'   => $TorrentDetails['description'],
+   #'description'   => Text::full_format($TorrentDetails['description']),
+    'picture'       => $TorrentDetails['picture'],
+    'tagList'      => $TagList,
+
+    'bookmarked'    => Bookmarks::has_bookmarked('torrent', $GroupID),
+    'timestamp'     => $TorrentDetails['timestamp'],
+];
+
+# Torrents in group
+$JsonTorrentList = [];
+foreach ($TorrentList as $Torrent) {
+    # Convert file list back to the old format
+    $FileList = explode("\n", $Torrent['FileList']);
+
+    foreach ($FileList as &$File) {
+        $File = Torrents::filelist_old_format($File);
+    }
+
+    # todo: Make a nested object
+    # todo: Limit to 100 files
+    unset($File);
+    $FileList = implode('|||', $FileList);
+    $Userinfo = Users::user_info($Torrent['UserID']);
+
+    $Reports = Torrents::get_reports($Torrent['ID']);
+    $Torrent['Reported'] = count($Reports) > 0;
+
+    # Torrent details response
+    # todo: Update DB schema
+    $JsonTorrentList[] = [
+        'id'           => (int) $Torrent['ID'],
+        'infoHash'    => $Torrent['InfoHash'],
+        'description'  => $Torrent['Description'],
+
+        'platform'     => $Torrent['Media'],
+        'format'       => $Torrent['Container'],
+        'scope'        => $Torrent['Resolution'],
+        'annotated'    => (bool) $Torrent['Censored'],
+        'license'      => $Torrent['Codec'],
+
+        'size'         => (int) $Torrent['Size'],
+        'archive'      => $Torrent['Archive'],
+        'fileCount'   => (int) $Torrent['FileCount'],
+        'filePath'    => $Torrent['FilePath'],
+        'fileList'    => $FileList,
+
+        'seeders'      => (int) $Torrent['Seeders'],
+        'leechers'     => (int) $Torrent['Leechers'],
+        'snatched'     => (int) $Torrent['Snatched'],
+        'freeTorrent' => ($Torrent['FreeTorrent'] === 1),
+
+        'reported'     => (bool) $Torrent['Reported'],
+        'time'         => $Torrent['Time'],
+
+        'userId'      => (int) ($Torrent['Anonymous'] ? 0 : $Torrent['UserID']),
+        'username'     => ($Torrent['Anonymous'] ? 'Anonymous' : $Userinfo['Username']),
+    ];
+}
+
+# Print response
+json_die(
+    'success',
+    [
+        'group' => $JsonTorrentDetails,
+        'torrents' => $JsonTorrentList,
+    ]
+);

sections/ajax/torrent.php → sections/api/torrents/torrent.php

@@ -1,7 +1,7 @@
 <?php
 #declare(strict_types=1);
 
-require SERVER_ROOT.'/sections/torrents/functions.php';
+require_once SERVER_ROOT.'/sections/torrents/functions.php';
 
 $TorrentID = (int) $_GET['id'];
 $TorrentHash = (string) $_GET['hash'];
@@ -38,29 +38,29 @@ if (!isset($TorrentList[$TorrentID])) {
 $GroupID = $TorrentDetails['ID'];
 $Artists = Artists::get_artist($GroupID);
 
-if ($TorrentDetails['CategoryID'] === 0) {
+if ($TorrentDetails['category_id'] === 0) {
     $CategoryName = 'Unknown';
 } else {
-    $CategoryName = $Categories[$TorrentDetails['CategoryID'] - 1];
+    $CategoryName = $Categories[$TorrentDetails['category_id'] - 1];
 }
 
 $TagList = explode('|', $TorrentDetails['GROUP_CONCAT(DISTINCT tags.Name SEPARATOR \'|\')']);
 
 $JsonTorrentDetails = [
-  'description'  => Text::full_format($TorrentDetails['WikiBody']),
-  'picture'      => $TorrentDetails['WikiImage'],
-  'id'           => (int) $TorrentDetails['ID'],
-  'name'         => $TorrentDetails['Name'],
-  'organism'     => $TorrentDetails['Title2'],
-  'strain'       => $TorrentDetails['NameJP'],
+  'description'  => Text::full_format($TorrentDetails['description']),
+  'picture'      => $TorrentDetails['picture'],
+  'id'           => (int) $TorrentDetails['id'],
+  'title'         => $TorrentDetails['title'],
+  'subject'     => $TorrentDetails['subject'],
+  'object'       => $TorrentDetails['object'],
   'authors'      => $Artists,
-  'year'         => (int) $TorrentDetails['Year'],
-  'accession'    => $TorrentDetails['CatalogueNumber'],
-  'categoryId'   => (int) $TorrentDetails['CategoryID'],
-  'categoryName' => $CategoryName,
-  'time'         => $TorrentDetails['Time'],
-  'isBookmarked' => Bookmarks::has_bookmarked('torrent', $GroupID),
-  'tags'         => $TagList
+  'year'         => (int) $TorrentDetails['published'],
+  'identifier'    => $TorrentDetails['identifier'],
+  'categoryId'   => (int) $TorrentDetails['category_id'],
+  'icategoryName' => $CategoryName,
+  'timestamp'         => $TorrentDetails['timestamp'],
+  'bookmarked' => Bookmarks::has_bookmarked('torrent', $GroupID),
+  'tagList'         => $TagList
 ];
 
 $Torrent = $TorrentList[$TorrentID];

sections/ajax/torrentgroupalbumart.php → sections/api/torrents/torrentgroupalbumart.php

@@ -1,7 +1,7 @@
 <?php
 declare(strict_types=1);
 
-require SERVER_ROOT.'/sections/torrents/functions.php';
+require_once SERVER_ROOT.'/sections/torrents/functions.php';
 
 $GroupID = (int) $_GET['id'];
 if ($GroupID === 0) {

sections/ajax/user_recents.php → sections/api/user_recents.php

@@ -17,18 +17,26 @@ $Results = [];
 if (check_paranoia_here('snatched')) {
     $DB->query("
     SELECT
-      g.ID,
-      g.Name,
-      g.WikiImage
-    FROM xbt_snatched AS s
-      INNER JOIN torrents AS t ON t.ID = s.fid
-      INNER JOIN torrents_group AS g ON t.GroupID = g.ID
-    WHERE s.uid = '$UserID'
-      AND g.CategoryID = '1'
-      AND g.WikiImage != ''
-    GROUP BY g.ID
-    ORDER BY s.tstamp DESC
-    LIMIT $Limit");
+      g.`id`,
+      g.`title`,
+      g.`picture`
+    FROM
+      `xbt_snatched` AS s
+    INNER JOIN `torrents` AS t
+    ON
+      t.`ID` = s.`fid`
+    INNER JOIN `torrents_group` AS g
+    ON
+      t.`GroupID` = g.`id`
+    WHERE
+      s.`uid` = '$UserID' AND g.`category_id` = '1' AND g.`picture` != ''
+    GROUP BY
+      g.`id`
+    ORDER BY
+      s.`tstamp`
+    DESC
+    LIMIT $Limit
+    ");
 
     $RecentSnatches = $DB->to_array(false, MYSQLI_ASSOC);
     $Artists = Artists::get_artists($DB->collect('ID'));
@@ -45,17 +53,23 @@ if (check_paranoia_here('snatched')) {
 if (check_paranoia_here('uploads')) {
     $DB->query("
     SELECT
-      g.ID,
-      g.Name,
-      g.WikiImage
-    FROM torrents_group AS g
-      INNER JOIN torrents AS t ON t.GroupID = g.ID
-    WHERE t.UserID = '$UserID'
-      AND g.CategoryID = '1'
-      AND g.WikiImage != ''
-    GROUP BY g.ID
-    ORDER BY t.Time DESC
-    LIMIT $Limit");
+      g.`id`,
+      g.`title`,
+      g.`picture`
+    FROM
+      `torrents_group` AS g
+    INNER JOIN `torrents` AS t
+    ON
+      t.`GroupID` = g.`id`
+    WHERE
+      t.`UserID` = '$UserID' AND g.`category_id` = '1' AND g.`picture` != ''
+    GROUP BY
+      g.`id`
+    ORDER BY
+      t.`Time`
+    DESC
+    LIMIT $Limit
+    ");
 
     $RecentUploads = $DB->to_array(false, MYSQLI_ASSOC);
     $Artists = Artists::get_artists($DB->collect('ID'));