Browse Source

Use prepared queries for subscriptions, collages, and some tools; fix minor bugs

biotorrents 4 years ago
parent
commit
881b17cd1e

+ 2
- 2
sections/collages/torrent_collage.php View File

@@ -8,12 +8,12 @@ function compare($X, $Y)
8 8
 
9 9
 // Build the data for the collage and the torrent list
10 10
 // todo: Cache this
11
-$DB->query("
11
+$DB->prepared_query("
12 12
 SELECT
13 13
   ct.`GroupID`,
14 14
   ct.`UserID`
15 15
 FROM `collages_torrents` AS ct
16
-  JOIN `torrents_group` AS tg ON tg.`ID` = ct.`GroupID`
16
+  JOIN `torrents_group` AS tg ON tg.`id` = ct.`GroupID`
17 17
 WHERE ct.`CollageID` = '$CollageID'
18 18
 ORDER BY ct.`Sort`
19 19
 ");

+ 9
- 5
sections/tools/data/database_specifics.php View File

@@ -5,14 +5,14 @@ $ENV = ENV::go();
5 5
 
6 6
 // View schemas
7 7
 if (!empty($_GET['table'])) {
8
-    $DB->query('SHOW TABLES');
8
+    $DB->prepared_query('SHOW TABLES');
9 9
     $Tables =$DB->collect('Tables_in_'.$ENV->getPriv('SQLDB'));
10 10
 
11 11
     if (!in_array($_GET['table'], $Tables)) {
12 12
         error(0);
13 13
     }
14 14
 
15
-    $DB->query('SHOW CREATE TABLE '.db_string($_GET['table']));
15
+    $DB->prepared_query('SHOW CREATE TABLE '.db_string($_GET['table']));
16 16
     list(, $Schema) = $DB->next_record(MYSQLI_NUM, false);
17 17
     header('Content-type: text/plain');
18 18
     error($Schema);
@@ -20,7 +20,7 @@ if (!empty($_GET['table'])) {
20 20
 
21 21
 // Cache the tables for 4 hours, makes sorting faster
22 22
 if (!$Tables = $Cache->get_value('database_table_stats')) {
23
-    $DB->query('SHOW TABLE STATUS');
23
+    $DB->prepared_query('SHOW TABLE STATUS');
24 24
     $Tables =$DB->to_array();
25 25
     $Cache->cache_value('database_table_stats', $Tables, 3600 * 4);
26 26
 }
@@ -146,9 +146,11 @@ if (check_perms('site_debug')) { ?>
146 146
           Size
147 147
       </td>
148 148
 
149
+      <!--
149 150
       <td>
150 151
         Tools
151 152
       </td>
153
+      -->
152 154
     </tr>
153 155
 
154 156
     <?php
@@ -191,10 +193,12 @@ foreach ($Tables as $Table) {
191 193
         <?=Format::get_size($DataSize + $IndexSize)?>
192 194
       </td>
193 195
 
196
+      <!--
194 197
       <td>
195
-        <a href="tools.php?action=database_specifics&table=<?=display_str($Name)?>"
196
-          class="brackets">Schema</a>
198
+        <a href="tools.php?action=database_specifics&table=<?=null#display_str($Name)?>"
199
+      class="brackets">Schema</a>
197 200
       </td>
201
+      -->
198 202
     </tr>
199 203
     <?php
200 204
 }

+ 8
- 8
sections/tools/data/economic_stats.php View File

@@ -43,42 +43,42 @@ if (!check_perms('site_view_flow')) {
43 43
 View::show_header('Economy');
44 44
 
45 45
 if (!$EconomicStats = $Cache->get_value('new_economic_stats')) {
46
-    $DB->query("
46
+    $DB->prepared_query("
47 47
       SELECT SUM(Uploaded), SUM(Downloaded), COUNT(ID)
48 48
       FROM users_main
49 49
       WHERE Enabled = '1'");
50 50
     list($TotalUpload, $TotalDownload, $NumUsers) = $DB->next_record();
51 51
 
52
-    $DB->query("
52
+    $DB->prepared_query("
53 53
       SELECT SUM(Bounty)
54 54
       FROM requests_votes");
55 55
     list($TotalBounty) = $DB->next_record();
56 56
 
57
-    $DB->query("
57
+    $DB->prepared_query("
58 58
       SELECT SUM(rv.Bounty)
59 59
       FROM requests_votes AS rv
60 60
         JOIN requests AS r ON r.ID = rv.RequestID
61 61
       WHERE TorrentID > 0");
62 62
     list($AvailableBounty) = $DB->next_record();
63 63
 
64
-    $DB->query("
64
+    $DB->prepared_query("
65 65
       SELECT SUM(Snatched), COUNT(ID)
66 66
       FROM torrents");
67 67
     list($TotalSnatches, $TotalTorrents) = $DB->next_record(); // This is the total number of snatches for torrents that still exist
68 68
 
69
-    $DB->query("
69
+    $DB->prepared_query("
70 70
       SELECT COUNT(uid)
71 71
       FROM xbt_snatched");
72 72
     list($TotalOverallSnatches) = $DB->next_record();
73 73
 
74 74
     if (($PeerStats = $Cache->get_value('stats_peers')) === false) {
75
-        $DB->query("
75
+        $DB->prepared_query("
76 76
           SELECT COUNT(fid)
77 77
           FROM xbt_files_users
78 78
           WHERE remaining = 0");
79 79
         list($TotalSeeders) = $DB->next_record();
80 80
 
81
-        $DB->query("
81
+        $DB->prepared_query("
82 82
           SELECT COUNT(fid)
83 83
           FROM xbt_files_users
84 84
           WHERE remaining > 0");
@@ -88,7 +88,7 @@ if (!$EconomicStats = $Cache->get_value('new_economic_stats')) {
88 88
     }
89 89
 
90 90
     $TotalPeers = $TotalLeechers + $TotalSeeders;
91
-    $DB->query("
91
+    $DB->prepared_query("
92 92
       SELECT COUNT(ID)
93 93
       FROM users_main
94 94
       WHERE (

+ 5
- 5
sections/tools/data/torrent_stats.php View File

@@ -8,24 +8,24 @@ if (!check_perms('site_view_flow')) {
8 8
 View::show_header('Torrents');
9 9
 
10 10
 if (!$TorrentStats = $Cache->get_value('new_torrent_stats')) {
11
-    $DB->query("
11
+    $DB->prepared_query("
12 12
     SELECT COUNT(ID), SUM(Size), SUM(FileCount)
13 13
     FROM torrents");
14 14
     list($TorrentCount, $TotalSize, $TotalFiles) = $DB->next_record();
15 15
 
16
-    $DB->query("
16
+    $DB->prepared_query("
17 17
     SELECT COUNT(ID)
18 18
     FROM users_main
19 19
     WHERE Enabled = '1'");
20 20
     list($NumUsers) = $DB->next_record();
21 21
 
22
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 1 DAY)");
22
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 1 DAY)");
23 23
     list($DayNum, $DaySize, $DayFiles) = $DB->next_record();
24 24
 
25
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 7 DAY)");
25
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 7 DAY)");
26 26
     list($WeekNum, $WeekSize, $WeekFiles) = $DB->next_record();
27 27
 
28
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 30 DAY)");
28
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 30 DAY)");
29 29
     list($MonthNum, $MonthSize, $MonthFiles) = $DB->next_record();
30 30
   
31 31
     $Cache->cache_value('new_torrent_stats', array($TorrentCount, $TotalSize, $TotalFiles,

+ 17
- 17
sections/tools/development/misc_values.php View File

@@ -7,17 +7,17 @@ if (!check_perms('admin_manage_permissions') && !check_perms('users_mod')) {
7 7
 
8 8
 if (!check_perms('admin_manage_permissions')) {
9 9
     View::show_header('Site Options');
10
-    $DB->query("SELECT Name, First, Second FROM misc"); ?>
10
+    $DB->prepared_query("SELECT Name, First, Second FROM misc"); ?>
11 11
 
12 12
 <div class="header">
13 13
   <h1>Miscellaneous Values</h1>
14 14
 </div>
15 15
 
16
-<table width="100%">
17
-  <tr class="colhead">
18
-    <td>Name</td>
19
-    <td>First</td>
20
-    <td>Second</td>
16
+<table class="skeleton-fix">
17
+  <tr>
18
+    <th>Name</th>
19
+    <th>First</th>
20
+    <th>Second</th>
21 21
   </tr>
22 22
 
23 23
   <?php
@@ -50,7 +50,7 @@ if (isset($_POST['submit'])) {
50 50
 
51 51
     if ($_POST['submit'] === 'Delete') {
52 52
         $Name = db_string($_POST['name']);
53
-        $DB->query("DELETE FROM misc WHERE Name = '" . $Name . "'");
53
+        $DB->prepared_query("DELETE FROM misc WHERE Name = '" . $Name . "'");
54 54
     } else {
55 55
         $Val->SetFields('name', '1', 'regex', 'The name must be separated by underscores. No spaces are allowed.', array('regex' => '/^[a-z][:_a-z0-9]{0,63}$/i'));
56 56
         $Val->SetFields('first', '1', 'string', 'You must specify the first value.');
@@ -66,10 +66,10 @@ if (isset($_POST['submit'])) {
66 66
         $Second = db_string($_POST['second']);
67 67
 
68 68
         if ($_POST['submit'] === 'Edit') {
69
-            $DB->query("SELECT Name FROM misc WHERE ID = '" . db_string($_POST['id']) . "'");
69
+            $DB->prepared_query("SELECT Name FROM misc WHERE ID = '" . db_string($_POST['id']) . "'");
70 70
             list($OldName) = $DB->next_record();
71 71
 
72
-            $DB->query("
72
+            $DB->prepared_query("
73 73
               UPDATE misc
74 74
               SET
75 75
                 Name = '$Name',
@@ -78,7 +78,7 @@ if (isset($_POST['submit'])) {
78 78
               WHERE ID = '" . db_string($_POST['id']) . "'
79 79
             ");
80 80
         } else {
81
-            $DB->query("
81
+            $DB->prepared_query("
82 82
               INSERT INTO misc (Name, First, Second)
83 83
               VALUES ('$Name', '$First', '$Second')
84 84
             ");
@@ -86,7 +86,7 @@ if (isset($_POST['submit'])) {
86 86
     }
87 87
 }
88 88
 
89
-$DB->query("
89
+$DB->prepared_query("
90 90
   SELECT
91 91
     ID,
92 92
     Name,
@@ -125,15 +125,15 @@ View::show_header('Miscellaneous Values');
125 125
         </td>
126 126
 
127 127
         <td>
128
-          <input type="text" size="60" name="first" />
128
+          <input type="text" size="50" name="first" />
129 129
         </td>
130 130
 
131 131
         <td>
132
-          <input type="text" size="60" name="second" />
132
+          <input type="text" size="50" name="second" />
133 133
         </td>
134 134
 
135 135
         <td>
136
-          <input type="submit" name="submit" value="Create" />
136
+          <input type="submit" name="submit" class="button-primary" value="Create" />
137 137
         </td>
138 138
       </form>
139 139
     </tr>
@@ -154,17 +154,17 @@ while (list($ID, $Name, $First, $Second) = $DB->next_record()) {
154 154
         </td>
155 155
 
156 156
         <td>
157
-          <input type="text" size="60" name="first"
157
+          <input type="text" size="50" name="first"
158 158
             value="<?=$First?>" />
159 159
         </td>
160 160
 
161 161
         <td>
162
-          <input type="text" size="60" name="second"
162
+          <input type="text" size="50" name="second"
163 163
             value="<?=$Second?>" />
164 164
         </td>
165 165
 
166 166
         <td>
167
-          <input type="submit" name="submit" value="Edit" />
167
+          <input type="submit" name="submit" class="button-primary" value="Edit" />
168 168
           <input type="submit" name="submit" value="Delete" />
169 169
         </td>
170 170
       </form>

+ 4
- 0
sections/tools/development/render_build_preview.js View File

@@ -14,6 +14,7 @@ if (!fs.isDirectory(rootPath) || !fs.isDirectory(rootPath + '/' + staticPath) ||
14 14
   console.log(JSON.stringify(returnStatus));
15 15
   phantom.exit();
16 16
 }
17
+
17 18
 fs.changeWorkingDirectory(toolsMiscPath);
18 19
 if (!fs.exists('render_base.html')) {
19 20
   // Rendering base doesn't exist, who broke things?
@@ -28,6 +29,7 @@ page.open('render_base.html', function () {
28 29
     width: 1200,
29 30
     height: 1000
30 31
   };
32
+
31 33
   // Switch to specific stylesheet subdirectory
32 34
   fs.changeWorkingDirectory(rootPath + '/' + staticPath + 'styles/' + system.args[3] + '/');
33 35
   if (!fs.isWritable(fs.workingDirectory)) {
@@ -36,6 +38,7 @@ page.open('render_base.html', function () {
36 38
     console.log(JSON.stringify(returnStatus));
37 39
     phantom.exit();
38 40
   }
41
+
39 42
   fs.write('preview.html', page.content, 'w');
40 43
   if (!fs.isFile('preview.html')) {
41 44
     // Failed to store specific preview file.
@@ -43,6 +46,7 @@ page.open('render_base.html', function () {
43 46
     console.log(JSON.stringify(returnStatus));
44 47
     phantom.exit();
45 48
   }
49
+
46 50
   page.close();
47 51
   returnStatus.status = 0;
48 52
   console.log(JSON.stringify(returnStatus));

+ 36
- 27
sections/tools/development/rerender_gallery.php View File

@@ -1,12 +1,15 @@
1
-<?
2
-/*
1
+<?php
2
+#declare(strict_types=1);
3
+
4
+/**
3 5
  * This page creates previews of all supported stylesheets
4 6
  * SERVER_ROOT . '/' . STATIC_SERVER . 'styles/preview' must exist and be writable
5 7
  * Dependencies are PhantomJS (http://phantomjs.org/) and
6 8
  * ImageMagick (http://www.imagemagick.org/script/index.php)
7 9
  */
10
+
8 11
 View::show_header('Rerender stylesheet gallery images');
9
-$DB->query('
12
+$DB->prepared_query('
10 13
   SELECT
11 14
     ID,
12 15
     LOWER(REPLACE(Name," ","_")) AS Name,
@@ -21,11 +24,16 @@ $ImagePath = SERVER_ROOT . '/' . STATIC_SERVER . 'styles/preview';
21 24
     <div class="box box_info">
22 25
       <div class="head colhead_dark">Rendering parameters</div>
23 26
       <ul class="stats nobullet">
24
-        <li>Server root: <?= var_dump(SERVER_ROOT); ?></li>
25
-        <li>Static server: <?= var_dump(STATIC_SERVER); ?></li>
26
-        <li>Whoami: <? echo(shell_exec('whoami')); ?></li>
27
-        <li>Path: <? echo dirname(__FILE__); ?></li>
28
-        <li>Phantomjs ver: <? echo (shell_exec('/usr/bin/phantomjs -v;')); ?></li>
27
+        <li>Server root: <?= var_dump(SERVER_ROOT); ?>
28
+        </li>
29
+        <li>Static server: <?= var_dump(STATIC_SERVER); ?>
30
+        </li>
31
+        <li>Whoami: <?php echo(shell_exec('whoami')); ?>
32
+        </li>
33
+        <li>Path: <?php echo dirname(__FILE__); ?>
34
+        </li>
35
+        <li>Phantomjs ver: <?php echo(shell_exec('/usr/bin/phantomjs -v')); ?>
36
+        </li>
29 37
       </ul>
30 38
     </div>
31 39
   </div>
@@ -40,17 +48,18 @@ $ImagePath = SERVER_ROOT . '/' . STATIC_SERVER . 'styles/preview';
40 48
     <div class="box">
41 49
       <div class="head">Rendering status</div>
42 50
       <div class="pad">
43
-<?
51
+        <?php
44 52
 //set_time_limit(0);
45 53
 foreach ($Styles as $Style) {
46
-?>
54
+    ?>
47 55
         <div class="box">
48
-          <h6><?= $Style['Name'] ?></h6>
56
+          <h6><?= $Style['Name'] ?>
57
+          </h6>
49 58
           <p>Build preview:
50
-<?
59
+            <?php
51 60
   $CmdLine = '/usr/bin/phantomjs "' . dirname(__FILE__) . '/render_build_preview.js" "' . SERVER_ROOT . '" "' . STATIC_SERVER . '" "' . $Style['Name'] . '" "' . dirname(__FILE__) . '"';
52
-  $BuildResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
53
-  switch ($BuildResult['status']) {
61
+    $BuildResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
62
+    switch ($BuildResult['status']) {
54 63
     case 0:
55 64
       echo 'Success.';
56 65
       break;
@@ -68,24 +77,23 @@ foreach ($Styles as $Style) {
68 77
       break;
69 78
     default:
70 79
       echo 'Err: Unknown error returned';
71
-  }
72
-?>
80
+  } ?>
73 81
           </p>
74
-<?
82
+          <?php
75 83
   //If build was successful, snap a preview.
76 84
   if ($BuildResult['status'] === 0) {
77
-?>
85
+      ?>
78 86
           <p>Snap preview:
79
-<?
87
+            <?php
80 88
     $CmdLine = '/usr/bin/phantomjs "' . dirname(__FILE__) . '/render_snap_preview.js" "' . SERVER_ROOT . '" "' . STATIC_SERVER . '" "' . $Style['Name'] . '" "' . dirname(__FILE__) . '"';
81
-    $SnapResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
82
-    switch ($SnapResult['status']) {
89
+      $SnapResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
90
+      switch ($SnapResult['status']) {
83 91
       case 0:
84 92
         echo 'Success.';
85 93
         $CmdLine = '/usr/bin/convert "' . $ImagePath . '/full_' . $Style['Name'] . '.png" -filter Box -resize 40% -quality 94 "' . $ImagePath . '/thumb_' . $Style['Name'] . '.png"';
86 94
         $ResizeResult = shell_exec(escapeshellcmd($CmdLine));
87 95
         if ($ResizeResult !== null) {
88
-          echo ' But failed to resize image';
96
+            echo ' But failed to resize image';
89 97
         }
90 98
         break;
91 99
       case -1:
@@ -108,15 +116,16 @@ foreach ($Styles as $Style) {
108 116
         break;
109 117
       default:
110 118
         echo 'Err: Unknown error returned.';
111
-    }
112
-?>
119
+    } ?>
113 120
           </p>
114
-<?php } ?>
121
+          <?php
122
+  } ?>
115 123
         </div>
116
-<? } ?>
124
+        <?php
125
+} ?>
117 126
       </div>
118 127
     </div>
119 128
   </div>
120 129
 </div>
121
-<?
130
+<?php
122 131
 View::show_footer();

+ 1
- 1
sections/tools/development/service_stats.php View File

@@ -10,7 +10,7 @@ if (isset($_POST['global_flush'])) {
10 10
     $Cache->flush();
11 11
 }
12 12
 
13
-$DB->query('SHOW GLOBAL STATUS');
13
+$DB->prepared_query('SHOW GLOBAL STATUS');
14 14
 $DBStats = $DB->to_array('Variable_name');
15 15
 $MemStats = $Cache->getStats();
16 16
 

+ 13
- 13
sections/tools/index.php View File

@@ -125,7 +125,7 @@ switch ($_REQUEST['action']) {
125 125
     }
126 126
 
127 127
     if (is_number($_POST['newsid'])) {
128
-        $DB->query("
128
+        $DB->prepared_query("
129 129
           UPDATE news
130 130
           SET Title = '".db_string($_POST['title'])."',
131 131
             Body = '".db_string($_POST['body'])."'
@@ -144,7 +144,7 @@ switch ($_REQUEST['action']) {
144 144
 
145 145
     if (is_number($_GET['id'])) {
146 146
         authorize();
147
-        $DB->query("
147
+        $DB->prepared_query("
148 148
           DELETE FROM news
149 149
           WHERE ID = '".db_string($_GET['id'])."'");
150 150
 
@@ -166,7 +166,7 @@ switch ($_REQUEST['action']) {
166 166
         error(403);
167 167
     }
168 168
 
169
-    $DB->query("
169
+    $DB->prepared_query("
170 170
       INSERT INTO news (UserID, Title, Body, Time)
171 171
       VALUES ('$LoggedUser[ID]', '".db_string($_POST['title'])."', '".db_string($_POST['body'])."', NOW())");
172 172
 
@@ -225,7 +225,7 @@ switch ($_REQUEST['action']) {
225 225
         //$Val->SetFields('test', true, 'number', 'You did not enter a valid level for this permission set.');
226 226
 
227 227
         if (is_numeric($_REQUEST['id'])) {
228
-            $DB->query("
228
+            $DB->prepared_query("
229 229
               SELECT p.ID, p.Name, p.Abbreviation, p.Level, p.Secondary, p.PermittedForums, p.Values, p.DisplayStaff, COUNT(u.ID)
230 230
               FROM permissions AS p
231 231
                 LEFT JOIN users_main AS u ON u.PermissionID = p.ID
@@ -244,7 +244,7 @@ switch ($_REQUEST['action']) {
244 244
             $Err = $Val->ValidateForm($_POST);
245 245
 
246 246
             if (!is_numeric($_REQUEST['id'])) {
247
-                $DB->query("
247
+                $DB->prepared_query("
248 248
                   SELECT ID
249 249
                   FROM permissions
250 250
                   WHERE Level = '".db_string($_REQUEST['level'])."'");
@@ -272,7 +272,7 @@ switch ($_REQUEST['action']) {
272 272
 
273 273
             if (!$Err) {
274 274
                 if (!is_numeric($_REQUEST['id'])) {
275
-                    $DB->query("
275
+                    $DB->prepared_query("
276 276
                       INSERT INTO permissions (Level, Name, Abbreviation, Secondary, PermittedForums, `Values`, DisplayStaff)
277 277
                       VALUES ('".db_string($Level)."',
278 278
                         '".db_string($Name)."',
@@ -282,7 +282,7 @@ switch ($_REQUEST['action']) {
282 282
                         '".db_string(serialize($Values))."',
283 283
                         '".db_string($DisplayStaff)."')");
284 284
                 } else {
285
-                    $DB->query("
285
+                    $DB->prepared_query("
286 286
                       UPDATE permissions
287 287
                       SET Level = '".db_string($Level)."',
288 288
                         Name = '".db_string($Name)."',
@@ -295,7 +295,7 @@ switch ($_REQUEST['action']) {
295 295
 
296 296
                     $Cache->delete_value('perm_'.$_REQUEST['id']);
297 297
                     if ($Secondary) {
298
-                        $DB->query("
298
+                        $DB->prepared_query("
299 299
                           SELECT DISTINCT UserID
300 300
                           FROM users_levels
301 301
                           WHERE PermissionID = ".db_string($_REQUEST['id']));
@@ -314,11 +314,11 @@ switch ($_REQUEST['action']) {
314 314
         include SERVER_ROOT.'/sections/tools/managers/permissions_alter.php';
315 315
     } else {
316 316
         if (!empty($_REQUEST['removeid'])) {
317
-            $DB->query("
317
+            $DB->prepared_query("
318 318
               DELETE FROM permissions
319 319
               WHERE ID = '".db_string($_REQUEST['removeid'])."'");
320 320
 
321
-            $DB->query("
321
+            $DB->prepared_query("
322 322
               SELECT UserID
323 323
               FROM users_levels
324 324
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
@@ -327,11 +327,11 @@ switch ($_REQUEST['action']) {
327 327
                 $Cache->delete_value("user_info_$UserID");
328 328
                 $Cache->delete_value("user_info_heavy_$UserID");
329 329
             }
330
-            $DB->query("
330
+            $DB->prepared_query("
331 331
               DELETE FROM users_levels
332 332
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
333 333
 
334
-            $DB->query("
334
+            $DB->prepared_query("
335 335
               SELECT ID
336 336
               FROM users_main
337 337
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
@@ -341,7 +341,7 @@ switch ($_REQUEST['action']) {
341 341
                 $Cache->delete_value("user_info_heavy_$UserID");
342 342
             }
343 343
 
344
-            $DB->query("
344
+            $DB->prepared_query("
345 345
               UPDATE users_main
346 346
               SET PermissionID = '".USER."'
347 347
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");

+ 3
- 3
sections/tools/managers/news.php View File

@@ -21,7 +21,7 @@ switch ($_GET['action']) {
21 21
     if (is_number($_POST['newsid'])) {
22 22
         authorize();
23 23
 
24
-        $DB->query("
24
+        $DB->prepared_query("
25 25
         UPDATE news
26 26
         SET Title = '".db_string($_POST['title'])."', Body = '".db_string($_POST['body'])."'
27 27
         WHERE ID = '".db_string($_POST['newsid'])."'");
@@ -36,7 +36,7 @@ switch ($_GET['action']) {
36 36
   case 'editnews':
37 37
     if (is_number($_GET['id'])) {
38 38
         $NewsID = $_GET['id'];
39
-        $DB->query("
39
+        $DB->prepared_query("
40 40
         SELECT Title, Body
41 41
         FROM news
42 42
         WHERE ID = $NewsID");
@@ -86,7 +86,7 @@ $Textarea = new TEXTAREA_PREVIEW(
86 86
 
87 87
   <h2>News archive</h2>
88 88
   <?php
89
-$DB->query('
89
+$DB->prepared_query('
90 90
   SELECT
91 91
     ID,
92 92
     Title,

+ 1
- 1
sections/tools/managers/permissions_list.php View File

@@ -18,7 +18,7 @@ function confirmDelete(id) {
18 18
     </div>
19 19
   </div>
20 20
 <?
21
-$DB->query("
21
+$DB->prepared_query("
22 22
   SELECT
23 23
     p.ID,
24 24
     p.Name,

+ 126
- 103
sections/tools/managers/sitewide_freeleech.php View File

@@ -1,114 +1,137 @@
1
-<?
1
+<?php
2
+declare(strict_types=1);
3
+
2 4
 if (isset($_POST['type'])) {
3
-  if ($_POST['type'] == 'tag') {
4
-    authorize();
5
-    if (!isset($_POST['tag'])) {
6
-      error("You didn't enter a tag, dipshit.");
7
-    }
8
-    $Tag = db_string($_POST['tag']);
9
-    $DB->query("
10
-      SELECT ID
11
-      FROM tags
12
-      WHERE
13
-        Name = '" . $Tag . "'");
14
-    if ($DB->has_results()) {
15
-      $Tag = str_replace('.', '_', $Tag);
16
-      $DB->query("
17
-        SELECT t.ID
18
-        FROM torrents AS t
19
-          JOIN torrents_group AS tg ON t.GroupID = tg.ID
20
-        WHERE t.FreeTorrent != '2'
21
-          AND (t.FreeLeechType = '0' OR t.FreeLeechType = '3')
22
-          AND tg.TagList LIKE '%" . $Tag . "%'");
23
-      if ($DB->has_results()) {
24
-        $IDs = $DB->collect('ID');
25
-        $Duration = db_string($_POST['duration']);
26
-        $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
27
-        foreach ($IDs as $ID) {
28
-          $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
5
+    if ($_POST['type'] === 'tag') {
6
+        authorize();
7
+
8
+        if (!isset($_POST['tag'])) {
9
+            error("You didn't enter a tag, dipshit.");
29 10
         }
30
-        $Query = substr($Query, 0, strlen($Query) - 2);
31
-        $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
32
-        $DB->query($Query);
33 11
 
12
+        $Tag = db_string($_POST['tag']);
34 13
         $DB->query("
35
-          INSERT INTO misc
36
-            (Name, First, Second)
37
-          VALUES
38
-            ('" . $Tag . "', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
39
-          ON DUPLICATE KEY UPDATE
40
-            First = CONVERT(First, UNSIGNED INTEGER) + " . (60 * 60 * $Duration));
41
-        Torrents::freeleech_torrents($IDs, 1, 3, false);
42
-        echo("Success! Now run the indexer.");
43
-      } else {
44
-        error('No torrents with that tag exist.');
45
-      }
46
-    } else {
47
-      error("That tag doesn't exist.");
48
-    }
49
-  } elseif ($_POST['type'] == 'global') {
50
-    authorize();
51
-    $DB->query("
52
-      SELECT t.ID
53
-      FROM torrents AS t
54
-        JOIN torrents_group AS tg ON t.GroupID = tg.ID
55
-      WHERE t.FreeTorrent != '2'
56
-        AND (t.FreeLeechType = '0' OR t.FreeLeechType = '3')");
57
-    if ($DB->has_results()) {
58
-      $IDs = $DB->collect('ID');
59
-      $Duration = db_string($_POST['duration']);
60
-      $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
61
-      foreach ($IDs as $ID) {
62
-        $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
63
-      }
64
-      $Query = substr($Query, 0, strlen($Query) - 2);
65
-      $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
66
-      $DB->query($Query);
67
-      $DB->query("
68
-        INSERT INTO misc
69
-          (Name, First, Second)
14
+        SELECT `ID`
15
+        FROM `tags`
16
+        WHERE `Name` = '$Tag'
17
+        ");
18
+
19
+        if ($DB->has_results()) {
20
+            $Tag = str_replace('.', '_', $Tag);
21
+            $DB->query("
22
+            SELECT t.`ID`
23
+            FROM `torrents` AS t
24
+            JOIN `torrents_group` AS tg ON t.`GroupID` = tg.`id`
25
+            WHERE t.`FreeTorrent` != '2'
26
+            AND (t.`FreeLeechType` = '0' OR t.`FreeLeechType` = '3')
27
+            AND tg.`tag_list` LIKE '%$Tag%'
28
+            ");
29
+
30
+            if ($DB->has_results()) {
31
+                $IDs = $DB->collect('ID');
32
+                $Duration = db_string($_POST['duration']);
33
+                $Query = "INSERT IGNORE INTO `shop_freeleeches` (TorrentID, ExpiryTime) VALUES ";
34
+
35
+                foreach ($IDs as $ID) {
36
+                    $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
37
+                }
38
+
39
+                $Query = substr($Query, 0, strlen($Query) - 2);
40
+                $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
41
+                $DB->query($Query);
42
+
43
+                $DB->query(
44
+                    "
45
+                INSERT INTO `misc`
46
+                  (Name, First, Second)
47
+                VALUES
48
+                  ('$Tag', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
49
+                ON DUPLICATE KEY UPDATE
50
+                  `First` = CONVERT(`First`, UNSIGNED INTEGER) + " . (60 * 60 * $Duration)
51
+                );
52
+
53
+                Torrents::freeleech_torrents($IDs, 1, 3, false);
54
+                echo("Success! Now run the indexer.");
55
+            } else {
56
+                error('No torrents with that tag exist.');
57
+            }
58
+        } else {
59
+            error("That tag doesn't exist.");
60
+        }
61
+    } elseif ($_POST['type'] === 'global') {
62
+        authorize();
63
+
64
+        $DB->query("
65
+        SELECT t.`ID`
66
+        FROM `torrents` AS t
67
+        JOIN `torrents_group` AS tg ON t.`GroupID` = tg.`id`
68
+        WHERE t.`FreeTorrent` != '2'
69
+        AND (t.`FreeLeechType` = '0' OR t.`FreeLeechType` = '3')
70
+        ");
71
+
72
+        if ($DB->has_results()) {
73
+            $IDs = $DB->collect('ID');
74
+            $Duration = db_string($_POST['duration']);
75
+            $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
76
+
77
+            foreach ($IDs as $ID) {
78
+                $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
79
+            }
80
+
81
+            $Query = substr($Query, 0, strlen($Query) - 2);
82
+            $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
83
+            $DB->query($Query);
84
+
85
+            $DB->query(
86
+                "
87
+        INSERT INTO `misc`
88
+          (`Name`, `First`, `Second`)
70 89
         VALUES
71 90
           ('global', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
72 91
         ON DUPLICATE KEY UPDATE
73
-          First = CONVERT(First, UNSIGNED INTEGER) + " . (60 * 60 * $Duration));
74
-      Torrents::freeleech_torrents($IDs, 1, 3, false);
75
-      echo("Success! Now run the indexer.");
76
-    } else {
77
-      error("RIP Oppaitime");
92
+          `First` = CONVERT(`First`, UNSIGNED INTEGER) + " . (60 * 60 * $Duration)
93
+            );
94
+        
95
+            Torrents::freeleech_torrents($IDs, 1, 3, false);
96
+            echo("Success! Now run the indexer.");
97
+        } else {
98
+            error("RIP Oppaitime");
99
+        }
78 100
     }
79
-  }
80 101
 } else {
81
-  View::show_header('Site-Wide Freeleech'); ?>
82
-  <div>
83
-    <div class="box text-align: center;">
84
-      <strong>Make sure you run the indexer after using either of these tools, or torrents may disappear from search until the indexer runs.</strong>
85
-    </div>
86
-    <div class="box text-align: center;">
87
-      <form action="tools.php" method="POST">
88
-        <input type="hidden" name="action" value="freeleech" />
89
-        <input type="hidden" name="type" value="tag">
90
-        <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
91
-        <strong>Single Tag Freeleech</strong>
92
-        <br />
93
-        <input id="tag_name" type="text" name="tag" placeholder="Tag" value="" />
94
-        <br />
95
-        <input id="tag_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
96
-        <br />
97
-        <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
98
-      </form>
99
-    </div>
100
-    <div class="box text-align: center;">
101
-      <form action="tools.php" method="POST">
102
-        <input type="hidden" name="action" value="freeleech" />
103
-        <input type="hidden" name="type" value="global" />
104
-        <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
105
-        <strong>Global Freeleech</strong>
106
-        <br />
107
-        <input id="global_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
108
-        <br />
109
-        <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
110
-    </div>
102
+    View::show_header('Site-Wide Freeleech'); ?>
103
+<div>
104
+  <div class="box text-align: center;">
105
+    <strong>Make sure you run the indexer after using either of these tools, or torrents may disappear from search until
106
+      the indexer runs.</strong>
107
+  </div>
108
+  <div class="box text-align: center;">
109
+    <form action="tools.php" method="POST">
110
+      <input type="hidden" name="action" value="freeleech" />
111
+      <input type="hidden" name="type" value="tag">
112
+      <input type="hidden" name="auth"
113
+        value="<?=$LoggedUser['AuthKey']?>" />
114
+      <strong>Single Tag Freeleech</strong>
115
+      <br />
116
+      <input id="tag_name" type="text" name="tag" placeholder="Tag" value="" />
117
+      <br />
118
+      <input id="tag_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
119
+      <br />
120
+      <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
121
+    </form>
122
+  </div>
123
+  <div class="box text-align: center;">
124
+    <form action="tools.php" method="POST">
125
+      <input type="hidden" name="action" value="freeleech" />
126
+      <input type="hidden" name="type" value="global" />
127
+      <input type="hidden" name="auth"
128
+        value="<?=$LoggedUser['AuthKey']?>" />
129
+      <strong>Global Freeleech</strong>
130
+      <br />
131
+      <input id="global_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
132
+      <br />
133
+      <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
111 134
   </div>
112
-  <? View::show_footer();
135
+</div>
136
+<?php View::show_footer();
113 137
 }
114
-?>

+ 3
- 5
sections/torrents/download.php View File

@@ -40,10 +40,8 @@ if (!isset($_REQUEST['authkey']) || !isset($_REQUEST['torrent_pass'])) {
40 40
     }
41 41
 }
42 42
 
43
-$TorrentID = $_REQUEST['id'];
44
-if (!is_number($TorrentID)) {
45
-    error(0);
46
-}
43
+$TorrentID = (int) $_REQUEST['id'];
44
+Security::checkInt($TorrentID);
47 45
 
48 46
 /*
49 47
   uTorrent Remote and various scripts redownload .torrent files periodically.
@@ -108,7 +106,7 @@ $Artists = $Info['Artists'];
108 106
 if ($_REQUEST['usetoken'] && $FreeTorrent === '0') {
109 107
     if (isset($LoggedUser)) {
110 108
         $FLTokens = $LoggedUser['FLTokens'];
111
-        if ($LoggedUser['CanLeech'] !== '1') {
109
+        if ($LoggedUser['CanLeech'] !== 1) {
112 110
             error('You cannot use tokens while leech disabled.');
113 111
         }
114 112
     } else {

+ 3
- 3
sections/userhistory/collage_subscribe.php View File

@@ -9,7 +9,7 @@ if (!is_number($_GET['collageid'])) {
9 9
 $CollageID = (int)$_GET['collageid'];
10 10
 
11 11
 if (!$UserSubscriptions = $Cache->get_value('collage_subs_user_'.$LoggedUser['ID'])) {
12
-  $DB->query('
12
+  $DB->prepared_query('
13 13
     SELECT CollageID
14 14
     FROM users_collage_subs
15 15
     WHERE UserID = '.db_string($LoggedUser['ID']));
@@ -18,14 +18,14 @@ if (!$UserSubscriptions = $Cache->get_value('collage_subs_user_'.$LoggedUser['ID
18 18
 }
19 19
 
20 20
 if (($Key = array_search($CollageID, $UserSubscriptions)) !== false) {
21
-  $DB->query('
21
+  $DB->prepared_query('
22 22
     DELETE FROM users_collage_subs
23 23
     WHERE UserID = '.db_string($LoggedUser['ID'])."
24 24
       AND CollageID = $CollageID");
25 25
   unset($UserSubscriptions[$Key]);
26 26
   Collages::decrease_subscriptions($CollageID);
27 27
 } else {
28
-  $DB->query("
28
+  $DB->prepared_query("
29 29
     INSERT IGNORE INTO users_collage_subs
30 30
       (UserID, CollageID, LastVisit)
31 31
     VALUES

+ 2
- 2
sections/userhistory/subscribed_collages.php View File

@@ -39,7 +39,7 @@ if (!$ShowAll) {
39 39
     GROUP BY c.ID";
40 40
 }
41 41
 
42
-$DB->query($sql);
42
+$DB->prepared_query($sql);
43 43
 $NumResults = $DB->record_count();
44 44
 $CollageSubs = $DB->to_array();
45 45
 ?>
@@ -85,7 +85,7 @@ if (!$NumResults) {
85 85
             $TorrentTable = '';
86 86
 
87 87
             list($CollageID, $CollageName, $CollageSize, $LastVisit) = $Collage;
88
-            $RS = $DB->query("
88
+            $RS = $DB->prepared_query("
89 89
       SELECT GroupID
90 90
       FROM collages_torrents
91 91
       WHERE CollageID = $CollageID

+ 2
- 2
sections/userhistory/subscriptions.php View File

@@ -35,7 +35,7 @@ $ShowCollapsed = (!isset($_GET['collapse']) && !isset($HeavyInfo['SubscriptionsC
35 35
  * LastReadAvatar
36 36
  * LastReadEditedUserID
37 37
  */
38
-$DB->query("
38
+$DB->prepared_query("
39 39
   (SELECT
40 40
     SQL_CALC_FOUND_ROWS
41 41
     s.`Page`,
@@ -89,7 +89,7 @@ $DB->query("
89 89
   LIMIT $Limit");
90 90
 
91 91
 $Results = $DB->to_array(false, MYSQLI_ASSOC, false);
92
-$DB->query('SELECT FOUND_ROWS()');
92
+$DB->prepared_query('SELECT FOUND_ROWS()');
93 93
 list($NumResults) = $DB->next_record();
94 94
 
95 95
 $Debug->log_var($Results, 'Results');

+ 1
- 1
sections/userhistory/thread_subscribe.php View File

@@ -12,7 +12,7 @@ if (!is_number($_GET['topicid'])) {
12 12
 
13 13
 $TopicID = (int)$_GET['topicid'];
14 14
 
15
-$DB->query("
15
+$DB->prepared_query("
16 16
   SELECT f.ID
17 17
   FROM forums_topics AS t
18 18
     JOIN forums AS f ON f.ID = t.ForumID

+ 8
- 6
sections/userhistory/token_history.php View File

@@ -12,9 +12,9 @@ declare(strict_types=1);
12 12
 
13 13
 # Validate user ID
14 14
 if (isset($_GET['userid'])) {
15
-    $UserID = $_GET['userid'];
15
+    $UserID = (int) $_GET['userid'];
16 16
 } else {
17
-    $UserID = $LoggedUser['ID'];
17
+    $UserID = (int) $LoggedUser['ID'];
18 18
 }
19 19
 
20 20
 Security::checkInt($UserID);
@@ -36,8 +36,8 @@ if (isset($_GET['expire'])) {
36 36
         error(403);
37 37
     }
38 38
 
39
-    $UserID = $_GET['userid'];
40
-    $TorrentID = $_GET['torrentid'];
39
+    $UserID = (int) $_GET['userid'];
40
+    $TorrentID = (int) $_GET['torrentid'];
41 41
     Security::checkInt($UserID, $TorrentID);
42 42
 
43 43
     $DB->prepare_query("
@@ -101,7 +101,7 @@ LIMIT $Limit
101 101
 $DB->exec_prepared_query();
102 102
 
103 103
 $Tokens = $DB->to_array();
104
-$DB->query('SELECT FOUND_ROWS()');
104
+$DB->prepared_query('SELECT FOUND_ROWS()');
105 105
 list($NumResults) = $DB->next_record();
106 106
 $Pages = Format::get_pages($Page, $NumResults, 25);
107 107
 ?>
@@ -144,10 +144,12 @@ foreach ($Tokens as $Token) {
144 144
         $Name = "(<i>Deleted torrent <a href='log.php?search=Torrent+$TorrentID'>$TorrentID</a></i>)";
145 145
     }
146 146
 
147
+    /*
147 148
     $ArtistName = Artists::display_artists($Artists[$GroupID]);
148 149
     if ($ArtistName) {
149 150
         $Name = $ArtistName.$Name;
150
-    } ?>
151
+    }
152
+    */ ?>
151 153
 
152 154
   <tr class="row">
153 155
     <td>

+ 1
- 0
static/styles/global/scss/skeleton-fixes.scss View File

@@ -90,6 +90,7 @@ legend {
90 90
 /* edit collage */ table.collage_edit,
91 91
 /* forum lists */ table.forum_index,
92 92
 /* notif filters */ form[name="notification"],
93
+/* service stats */ div.permission_container,
93 94
 /* GENERIC */ table.skeleton-fix {
94 95
     td {
95 96
         border-bottom: 0 !important;

Loading…
Cancel
Save