Use prepared queries for subscriptions, collages, and some tools; fix minor bugs

sections/collages/torrent_collage.php

@@ -8,12 +8,12 @@ function compare($X, $Y)
 
 // Build the data for the collage and the torrent list
 // todo: Cache this
-$DB->query("
+$DB->prepared_query("
 SELECT
   ct.`GroupID`,
   ct.`UserID`
 FROM `collages_torrents` AS ct
-  JOIN `torrents_group` AS tg ON tg.`ID` = ct.`GroupID`
+  JOIN `torrents_group` AS tg ON tg.`id` = ct.`GroupID`
 WHERE ct.`CollageID` = '$CollageID'
 ORDER BY ct.`Sort`
 ");

sections/tools/data/database_specifics.php

@@ -5,14 +5,14 @@ $ENV = ENV::go();
 
 // View schemas
 if (!empty($_GET['table'])) {
-    $DB->query('SHOW TABLES');
+    $DB->prepared_query('SHOW TABLES');
     $Tables =$DB->collect('Tables_in_'.$ENV->getPriv('SQLDB'));
 
     if (!in_array($_GET['table'], $Tables)) {
         error(0);
     }
 
-    $DB->query('SHOW CREATE TABLE '.db_string($_GET['table']));
+    $DB->prepared_query('SHOW CREATE TABLE '.db_string($_GET['table']));
     list(, $Schema) = $DB->next_record(MYSQLI_NUM, false);
     header('Content-type: text/plain');
     error($Schema);
@@ -20,7 +20,7 @@ if (!empty($_GET['table'])) {
 
 // Cache the tables for 4 hours, makes sorting faster
 if (!$Tables = $Cache->get_value('database_table_stats')) {
-    $DB->query('SHOW TABLE STATUS');
+    $DB->prepared_query('SHOW TABLE STATUS');
     $Tables =$DB->to_array();
     $Cache->cache_value('database_table_stats', $Tables, 3600 * 4);
 }
@@ -146,9 +146,11 @@ if (check_perms('site_debug')) { ?>
           Size
       </td>
 
+      <!--
       <td>
         Tools
       </td>
+      -->
     </tr>
 
     <?php
@@ -191,10 +193,12 @@ foreach ($Tables as $Table) {
         <?=Format::get_size($DataSize + $IndexSize)?>
       </td>
 
+      <!--
       <td>
-        <a href="tools.php?action=database_specifics&table=<?=display_str($Name)?>"
-          class="brackets">Schema</a>
+        <a href="tools.php?action=database_specifics&table=<?=null#display_str($Name)?>"
+      class="brackets">Schema</a>
       </td>
+      -->
     </tr>
     <?php
 }

sections/tools/data/economic_stats.php

@@ -43,42 +43,42 @@ if (!check_perms('site_view_flow')) {
 View::show_header('Economy');
 
 if (!$EconomicStats = $Cache->get_value('new_economic_stats')) {
-    $DB->query("
+    $DB->prepared_query("
       SELECT SUM(Uploaded), SUM(Downloaded), COUNT(ID)
       FROM users_main
       WHERE Enabled = '1'");
     list($TotalUpload, $TotalDownload, $NumUsers) = $DB->next_record();
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT SUM(Bounty)
       FROM requests_votes");
     list($TotalBounty) = $DB->next_record();
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT SUM(rv.Bounty)
       FROM requests_votes AS rv
         JOIN requests AS r ON r.ID = rv.RequestID
       WHERE TorrentID > 0");
     list($AvailableBounty) = $DB->next_record();
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT SUM(Snatched), COUNT(ID)
       FROM torrents");
     list($TotalSnatches, $TotalTorrents) = $DB->next_record(); // This is the total number of snatches for torrents that still exist
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT COUNT(uid)
       FROM xbt_snatched");
     list($TotalOverallSnatches) = $DB->next_record();
 
     if (($PeerStats = $Cache->get_value('stats_peers')) === false) {
-        $DB->query("
+        $DB->prepared_query("
           SELECT COUNT(fid)
           FROM xbt_files_users
           WHERE remaining = 0");
         list($TotalSeeders) = $DB->next_record();
 
-        $DB->query("
+        $DB->prepared_query("
           SELECT COUNT(fid)
           FROM xbt_files_users
           WHERE remaining > 0");
@@ -88,7 +88,7 @@ if (!$EconomicStats = $Cache->get_value('new_economic_stats')) {
     }
 
     $TotalPeers = $TotalLeechers + $TotalSeeders;
-    $DB->query("
+    $DB->prepared_query("
       SELECT COUNT(ID)
       FROM users_main
       WHERE (

sections/tools/data/torrent_stats.php

@@ -8,24 +8,24 @@ if (!check_perms('site_view_flow')) {
 View::show_header('Torrents');
 
 if (!$TorrentStats = $Cache->get_value('new_torrent_stats')) {
-    $DB->query("
+    $DB->prepared_query("
     SELECT COUNT(ID), SUM(Size), SUM(FileCount)
     FROM torrents");
     list($TorrentCount, $TotalSize, $TotalFiles) = $DB->next_record();
 
-    $DB->query("
+    $DB->prepared_query("
     SELECT COUNT(ID)
     FROM users_main
     WHERE Enabled = '1'");
     list($NumUsers) = $DB->next_record();
 
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 1 DAY)");
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 1 DAY)");
     list($DayNum, $DaySize, $DayFiles) = $DB->next_record();
 
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 7 DAY)");
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 7 DAY)");
     list($WeekNum, $WeekSize, $WeekFiles) = $DB->next_record();
 
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 30 DAY)");
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 30 DAY)");
     list($MonthNum, $MonthSize, $MonthFiles) = $DB->next_record();
   
     $Cache->cache_value('new_torrent_stats', array($TorrentCount, $TotalSize, $TotalFiles,

sections/tools/development/misc_values.php

@@ -7,17 +7,17 @@ if (!check_perms('admin_manage_permissions') && !check_perms('users_mod')) {
 
 if (!check_perms('admin_manage_permissions')) {
     View::show_header('Site Options');
-    $DB->query("SELECT Name, First, Second FROM misc"); ?>
+    $DB->prepared_query("SELECT Name, First, Second FROM misc"); ?>
 
 <div class="header">
   <h1>Miscellaneous Values</h1>
 </div>
 
-<table width="100%">
-  <tr class="colhead">
-    <td>Name</td>
-    <td>First</td>
-    <td>Second</td>
+<table class="skeleton-fix">
+  <tr>
+    <th>Name</th>
+    <th>First</th>
+    <th>Second</th>
   </tr>
 
   <?php
@@ -50,7 +50,7 @@ if (isset($_POST['submit'])) {
 
     if ($_POST['submit'] === 'Delete') {
         $Name = db_string($_POST['name']);
-        $DB->query("DELETE FROM misc WHERE Name = '" . $Name . "'");
+        $DB->prepared_query("DELETE FROM misc WHERE Name = '" . $Name . "'");
     } else {
         $Val->SetFields('name', '1', 'regex', 'The name must be separated by underscores. No spaces are allowed.', array('regex' => '/^[a-z][:_a-z0-9]{0,63}$/i'));
         $Val->SetFields('first', '1', 'string', 'You must specify the first value.');
@@ -66,10 +66,10 @@ if (isset($_POST['submit'])) {
         $Second = db_string($_POST['second']);
 
         if ($_POST['submit'] === 'Edit') {
-            $DB->query("SELECT Name FROM misc WHERE ID = '" . db_string($_POST['id']) . "'");
+            $DB->prepared_query("SELECT Name FROM misc WHERE ID = '" . db_string($_POST['id']) . "'");
             list($OldName) = $DB->next_record();
 
-            $DB->query("
+            $DB->prepared_query("
               UPDATE misc
               SET
                 Name = '$Name',
@@ -78,7 +78,7 @@ if (isset($_POST['submit'])) {
               WHERE ID = '" . db_string($_POST['id']) . "'
             ");
         } else {
-            $DB->query("
+            $DB->prepared_query("
               INSERT INTO misc (Name, First, Second)
               VALUES ('$Name', '$First', '$Second')
             ");
@@ -86,7 +86,7 @@ if (isset($_POST['submit'])) {
     }
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT
     ID,
     Name,
@@ -125,15 +125,15 @@ View::show_header('Miscellaneous Values');
         </td>
 
         <td>
-          <input type="text" size="60" name="first" />
+          <input type="text" size="50" name="first" />
         </td>
 
         <td>
-          <input type="text" size="60" name="second" />
+          <input type="text" size="50" name="second" />
         </td>
 
         <td>
-          <input type="submit" name="submit" value="Create" />
+          <input type="submit" name="submit" class="button-primary" value="Create" />
         </td>
       </form>
     </tr>
@@ -154,17 +154,17 @@ while (list($ID, $Name, $First, $Second) = $DB->next_record()) {
         </td>
 
         <td>
-          <input type="text" size="60" name="first"
+          <input type="text" size="50" name="first"
             value="<?=$First?>" />
         </td>
 
         <td>
-          <input type="text" size="60" name="second"
+          <input type="text" size="50" name="second"
             value="<?=$Second?>" />
         </td>
 
         <td>
-          <input type="submit" name="submit" value="Edit" />
+          <input type="submit" name="submit" class="button-primary" value="Edit" />
           <input type="submit" name="submit" value="Delete" />
         </td>
       </form>

sections/tools/development/render_build_preview.js

@@ -14,6 +14,7 @@ if (!fs.isDirectory(rootPath) || !fs.isDirectory(rootPath + '/' + staticPath) ||
   console.log(JSON.stringify(returnStatus));
   phantom.exit();
 }
+
 fs.changeWorkingDirectory(toolsMiscPath);
 if (!fs.exists('render_base.html')) {
   // Rendering base doesn't exist, who broke things?
@@ -28,6 +29,7 @@ page.open('render_base.html', function () {
     width: 1200,
     height: 1000
   };
+
   // Switch to specific stylesheet subdirectory
   fs.changeWorkingDirectory(rootPath + '/' + staticPath + 'styles/' + system.args[3] + '/');
   if (!fs.isWritable(fs.workingDirectory)) {
@@ -36,6 +38,7 @@ page.open('render_base.html', function () {
     console.log(JSON.stringify(returnStatus));
     phantom.exit();
   }
+
   fs.write('preview.html', page.content, 'w');
   if (!fs.isFile('preview.html')) {
     // Failed to store specific preview file.
@@ -43,6 +46,7 @@ page.open('render_base.html', function () {
     console.log(JSON.stringify(returnStatus));
     phantom.exit();
   }
+
   page.close();
   returnStatus.status = 0;
   console.log(JSON.stringify(returnStatus));

sections/tools/development/rerender_gallery.php

@@ -1,12 +1,15 @@
-<?
-/*
+<?php
+#declare(strict_types=1);
+
+/**
  * This page creates previews of all supported stylesheets
  * SERVER_ROOT . '/' . STATIC_SERVER . 'styles/preview' must exist and be writable
  * Dependencies are PhantomJS (http://phantomjs.org/) and
  * ImageMagick (http://www.imagemagick.org/script/index.php)
  */
+
 View::show_header('Rerender stylesheet gallery images');
-$DB->query('
+$DB->prepared_query('
   SELECT
     ID,
     LOWER(REPLACE(Name," ","_")) AS Name,
@@ -21,11 +24,16 @@ $ImagePath = SERVER_ROOT . '/' . STATIC_SERVER . 'styles/preview';
     <div class="box box_info">
       <div class="head colhead_dark">Rendering parameters</div>
       <ul class="stats nobullet">
-        <li>Server root: <?= var_dump(SERVER_ROOT); ?></li>
-        <li>Static server: <?= var_dump(STATIC_SERVER); ?></li>
-        <li>Whoami: <? echo(shell_exec('whoami')); ?></li>
-        <li>Path: <? echo dirname(__FILE__); ?></li>
-        <li>Phantomjs ver: <? echo (shell_exec('/usr/bin/phantomjs -v;')); ?></li>
+        <li>Server root: <?= var_dump(SERVER_ROOT); ?>
+        </li>
+        <li>Static server: <?= var_dump(STATIC_SERVER); ?>
+        </li>
+        <li>Whoami: <?php echo(shell_exec('whoami')); ?>
+        </li>
+        <li>Path: <?php echo dirname(__FILE__); ?>
+        </li>
+        <li>Phantomjs ver: <?php echo(shell_exec('/usr/bin/phantomjs -v')); ?>
+        </li>
       </ul>
     </div>
   </div>
@@ -40,17 +48,18 @@ $ImagePath = SERVER_ROOT . '/' . STATIC_SERVER . 'styles/preview';
     <div class="box">
       <div class="head">Rendering status</div>
       <div class="pad">
-<?
+        <?php
 //set_time_limit(0);
 foreach ($Styles as $Style) {
-?>
+    ?>
         <div class="box">
-          <h6><?= $Style['Name'] ?></h6>
+          <h6><?= $Style['Name'] ?>
+          </h6>
           <p>Build preview:
-<?
+            <?php
   $CmdLine = '/usr/bin/phantomjs "' . dirname(__FILE__) . '/render_build_preview.js" "' . SERVER_ROOT . '" "' . STATIC_SERVER . '" "' . $Style['Name'] . '" "' . dirname(__FILE__) . '"';
-  $BuildResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
-  switch ($BuildResult['status']) {
+    $BuildResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
+    switch ($BuildResult['status']) {
     case 0:
       echo 'Success.';
       break;
@@ -68,24 +77,23 @@ foreach ($Styles as $Style) {
       break;
     default:
       echo 'Err: Unknown error returned';
-  }
-?>
+  } ?>
           </p>
-<?
+          <?php
   //If build was successful, snap a preview.
   if ($BuildResult['status'] === 0) {
-?>
+      ?>
           <p>Snap preview:
-<?
+            <?php
     $CmdLine = '/usr/bin/phantomjs "' . dirname(__FILE__) . '/render_snap_preview.js" "' . SERVER_ROOT . '" "' . STATIC_SERVER . '" "' . $Style['Name'] . '" "' . dirname(__FILE__) . '"';
-    $SnapResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
-    switch ($SnapResult['status']) {
+      $SnapResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
+      switch ($SnapResult['status']) {
       case 0:
         echo 'Success.';
         $CmdLine = '/usr/bin/convert "' . $ImagePath . '/full_' . $Style['Name'] . '.png" -filter Box -resize 40% -quality 94 "' . $ImagePath . '/thumb_' . $Style['Name'] . '.png"';
         $ResizeResult = shell_exec(escapeshellcmd($CmdLine));
         if ($ResizeResult !== null) {
-          echo ' But failed to resize image';
+            echo ' But failed to resize image';
         }
         break;
       case -1:
@@ -108,15 +116,16 @@ foreach ($Styles as $Style) {
         break;
       default:
         echo 'Err: Unknown error returned.';
-    }
-?>
+    } ?>
           </p>
-<?php } ?>
+          <?php
+  } ?>
         </div>
-<? } ?>
+        <?php
+} ?>
       </div>
     </div>
   </div>
 </div>
-<?
+<?php
 View::show_footer();

sections/tools/development/service_stats.php

@@ -10,7 +10,7 @@ if (isset($_POST['global_flush'])) {
     $Cache->flush();
 }
 
-$DB->query('SHOW GLOBAL STATUS');
+$DB->prepared_query('SHOW GLOBAL STATUS');
 $DBStats = $DB->to_array('Variable_name');
 $MemStats = $Cache->getStats();
 

sections/tools/index.php

@@ -125,7 +125,7 @@ switch ($_REQUEST['action']) {
     }
 
     if (is_number($_POST['newsid'])) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE news
           SET Title = '".db_string($_POST['title'])."',
             Body = '".db_string($_POST['body'])."'
@@ -144,7 +144,7 @@ switch ($_REQUEST['action']) {
 
     if (is_number($_GET['id'])) {
         authorize();
-        $DB->query("
+        $DB->prepared_query("
           DELETE FROM news
           WHERE ID = '".db_string($_GET['id'])."'");
 
@@ -166,7 +166,7 @@ switch ($_REQUEST['action']) {
         error(403);
     }
 
-    $DB->query("
+    $DB->prepared_query("
       INSERT INTO news (UserID, Title, Body, Time)
       VALUES ('$LoggedUser[ID]', '".db_string($_POST['title'])."', '".db_string($_POST['body'])."', NOW())");
 
@@ -225,7 +225,7 @@ switch ($_REQUEST['action']) {
         //$Val->SetFields('test', true, 'number', 'You did not enter a valid level for this permission set.');
 
         if (is_numeric($_REQUEST['id'])) {
-            $DB->query("
+            $DB->prepared_query("
               SELECT p.ID, p.Name, p.Abbreviation, p.Level, p.Secondary, p.PermittedForums, p.Values, p.DisplayStaff, COUNT(u.ID)
               FROM permissions AS p
                 LEFT JOIN users_main AS u ON u.PermissionID = p.ID
@@ -244,7 +244,7 @@ switch ($_REQUEST['action']) {
             $Err = $Val->ValidateForm($_POST);
 
             if (!is_numeric($_REQUEST['id'])) {
-                $DB->query("
+                $DB->prepared_query("
                   SELECT ID
                   FROM permissions
                   WHERE Level = '".db_string($_REQUEST['level'])."'");
@@ -272,7 +272,7 @@ switch ($_REQUEST['action']) {
 
             if (!$Err) {
                 if (!is_numeric($_REQUEST['id'])) {
-                    $DB->query("
+                    $DB->prepared_query("
                       INSERT INTO permissions (Level, Name, Abbreviation, Secondary, PermittedForums, `Values`, DisplayStaff)
                       VALUES ('".db_string($Level)."',
                         '".db_string($Name)."',
@@ -282,7 +282,7 @@ switch ($_REQUEST['action']) {
                         '".db_string(serialize($Values))."',
                         '".db_string($DisplayStaff)."')");
                 } else {
-                    $DB->query("
+                    $DB->prepared_query("
                       UPDATE permissions
                       SET Level = '".db_string($Level)."',
                         Name = '".db_string($Name)."',
@@ -295,7 +295,7 @@ switch ($_REQUEST['action']) {
 
                     $Cache->delete_value('perm_'.$_REQUEST['id']);
                     if ($Secondary) {
-                        $DB->query("
+                        $DB->prepared_query("
                           SELECT DISTINCT UserID
                           FROM users_levels
                           WHERE PermissionID = ".db_string($_REQUEST['id']));
@@ -314,11 +314,11 @@ switch ($_REQUEST['action']) {
         include SERVER_ROOT.'/sections/tools/managers/permissions_alter.php';
     } else {
         if (!empty($_REQUEST['removeid'])) {
-            $DB->query("
+            $DB->prepared_query("
               DELETE FROM permissions
               WHERE ID = '".db_string($_REQUEST['removeid'])."'");
 
-            $DB->query("
+            $DB->prepared_query("
               SELECT UserID
               FROM users_levels
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
@@ -327,11 +327,11 @@ switch ($_REQUEST['action']) {
                 $Cache->delete_value("user_info_$UserID");
                 $Cache->delete_value("user_info_heavy_$UserID");
             }
-            $DB->query("
+            $DB->prepared_query("
               DELETE FROM users_levels
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
 
-            $DB->query("
+            $DB->prepared_query("
               SELECT ID
               FROM users_main
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
@@ -341,7 +341,7 @@ switch ($_REQUEST['action']) {
                 $Cache->delete_value("user_info_heavy_$UserID");
             }
 
-            $DB->query("
+            $DB->prepared_query("
               UPDATE users_main
               SET PermissionID = '".USER."'
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");

sections/tools/managers/news.php

@@ -21,7 +21,7 @@ switch ($_GET['action']) {
     if (is_number($_POST['newsid'])) {
         authorize();
 
-        $DB->query("
+        $DB->prepared_query("
         UPDATE news
         SET Title = '".db_string($_POST['title'])."', Body = '".db_string($_POST['body'])."'
         WHERE ID = '".db_string($_POST['newsid'])."'");
@@ -36,7 +36,7 @@ switch ($_GET['action']) {
   case 'editnews':
     if (is_number($_GET['id'])) {
         $NewsID = $_GET['id'];
-        $DB->query("
+        $DB->prepared_query("
         SELECT Title, Body
         FROM news
         WHERE ID = $NewsID");
@@ -86,7 +86,7 @@ $Textarea = new TEXTAREA_PREVIEW(
 
   <h2>News archive</h2>
   <?php
-$DB->query('
+$DB->prepared_query('
   SELECT
     ID,
     Title,

sections/tools/managers/permissions_list.php

@@ -18,7 +18,7 @@ function confirmDelete(id) {
     </div>
   </div>
 <?
-$DB->query("
+$DB->prepared_query("
   SELECT
     p.ID,
     p.Name,

sections/tools/managers/sitewide_freeleech.php

@@ -1,114 +1,137 @@
-<?
+<?php
+declare(strict_types=1);
+
 if (isset($_POST['type'])) {
-  if ($_POST['type'] == 'tag') {
-    authorize();
-    if (!isset($_POST['tag'])) {
-      error("You didn't enter a tag, dipshit.");
-    }
-    $Tag = db_string($_POST['tag']);
-    $DB->query("
-      SELECT ID
-      FROM tags
-      WHERE
-        Name = '" . $Tag . "'");
-    if ($DB->has_results()) {
-      $Tag = str_replace('.', '_', $Tag);
-      $DB->query("
-        SELECT t.ID
-        FROM torrents AS t
-          JOIN torrents_group AS tg ON t.GroupID = tg.ID
-        WHERE t.FreeTorrent != '2'
-          AND (t.FreeLeechType = '0' OR t.FreeLeechType = '3')
-          AND tg.TagList LIKE '%" . $Tag . "%'");
-      if ($DB->has_results()) {
-        $IDs = $DB->collect('ID');
-        $Duration = db_string($_POST['duration']);
-        $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
-        foreach ($IDs as $ID) {
-          $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
+    if ($_POST['type'] === 'tag') {
+        authorize();
+
+        if (!isset($_POST['tag'])) {
+            error("You didn't enter a tag, dipshit.");
         }
-        $Query = substr($Query, 0, strlen($Query) - 2);
-        $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
-        $DB->query($Query);
 
+        $Tag = db_string($_POST['tag']);
         $DB->query("
-          INSERT INTO misc
-            (Name, First, Second)
-          VALUES
-            ('" . $Tag . "', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
-          ON DUPLICATE KEY UPDATE
-            First = CONVERT(First, UNSIGNED INTEGER) + " . (60 * 60 * $Duration));
-        Torrents::freeleech_torrents($IDs, 1, 3, false);
-        echo("Success! Now run the indexer.");
-      } else {
-        error('No torrents with that tag exist.');
-      }
-    } else {
-      error("That tag doesn't exist.");
-    }
-  } elseif ($_POST['type'] == 'global') {
-    authorize();
-    $DB->query("
-      SELECT t.ID
-      FROM torrents AS t
-        JOIN torrents_group AS tg ON t.GroupID = tg.ID
-      WHERE t.FreeTorrent != '2'
-        AND (t.FreeLeechType = '0' OR t.FreeLeechType = '3')");
-    if ($DB->has_results()) {
-      $IDs = $DB->collect('ID');
-      $Duration = db_string($_POST['duration']);
-      $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
-      foreach ($IDs as $ID) {
-        $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
-      }
-      $Query = substr($Query, 0, strlen($Query) - 2);
-      $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
-      $DB->query($Query);
-      $DB->query("
-        INSERT INTO misc
-          (Name, First, Second)
+        SELECT `ID`
+        FROM `tags`
+        WHERE `Name` = '$Tag'
+        ");
+
+        if ($DB->has_results()) {
+            $Tag = str_replace('.', '_', $Tag);
+            $DB->query("
+            SELECT t.`ID`
+            FROM `torrents` AS t
+            JOIN `torrents_group` AS tg ON t.`GroupID` = tg.`id`
+            WHERE t.`FreeTorrent` != '2'
+            AND (t.`FreeLeechType` = '0' OR t.`FreeLeechType` = '3')
+            AND tg.`tag_list` LIKE '%$Tag%'
+            ");
+
+            if ($DB->has_results()) {
+                $IDs = $DB->collect('ID');
+                $Duration = db_string($_POST['duration']);
+                $Query = "INSERT IGNORE INTO `shop_freeleeches` (TorrentID, ExpiryTime) VALUES ";
+
+                foreach ($IDs as $ID) {
+                    $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
+                }
+
+                $Query = substr($Query, 0, strlen($Query) - 2);
+                $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
+                $DB->query($Query);
+
+                $DB->query(
+                    "
+                INSERT INTO `misc`
+                  (Name, First, Second)
+                VALUES
+                  ('$Tag', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
+                ON DUPLICATE KEY UPDATE
+                  `First` = CONVERT(`First`, UNSIGNED INTEGER) + " . (60 * 60 * $Duration)
+                );
+
+                Torrents::freeleech_torrents($IDs, 1, 3, false);
+                echo("Success! Now run the indexer.");
+            } else {
+                error('No torrents with that tag exist.');
+            }
+        } else {
+            error("That tag doesn't exist.");
+        }
+    } elseif ($_POST['type'] === 'global') {
+        authorize();
+
+        $DB->query("
+        SELECT t.`ID`
+        FROM `torrents` AS t
+        JOIN `torrents_group` AS tg ON t.`GroupID` = tg.`id`
+        WHERE t.`FreeTorrent` != '2'
+        AND (t.`FreeLeechType` = '0' OR t.`FreeLeechType` = '3')
+        ");
+
+        if ($DB->has_results()) {
+            $IDs = $DB->collect('ID');
+            $Duration = db_string($_POST['duration']);
+            $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
+
+            foreach ($IDs as $ID) {
+                $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
+            }
+
+            $Query = substr($Query, 0, strlen($Query) - 2);
+            $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
+            $DB->query($Query);
+
+            $DB->query(
+                "
+        INSERT INTO `misc`
+          (`Name`, `First`, `Second`)
         VALUES
           ('global', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
         ON DUPLICATE KEY UPDATE
-          First = CONVERT(First, UNSIGNED INTEGER) + " . (60 * 60 * $Duration));
-      Torrents::freeleech_torrents($IDs, 1, 3, false);
-      echo("Success! Now run the indexer.");
-    } else {
-      error("RIP Oppaitime");
+          `First` = CONVERT(`First`, UNSIGNED INTEGER) + " . (60 * 60 * $Duration)
+            );
+        
+            Torrents::freeleech_torrents($IDs, 1, 3, false);
+            echo("Success! Now run the indexer.");
+        } else {
+            error("RIP Oppaitime");
+        }
     }
-  }
 } else {
-  View::show_header('Site-Wide Freeleech'); ?>
-  <div>
-    <div class="box text-align: center;">
-      <strong>Make sure you run the indexer after using either of these tools, or torrents may disappear from search until the indexer runs.</strong>
-    </div>
-    <div class="box text-align: center;">
-      <form action="tools.php" method="POST">
-        <input type="hidden" name="action" value="freeleech" />
-        <input type="hidden" name="type" value="tag">
-        <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
-        <strong>Single Tag Freeleech</strong>
-        <br />
-        <input id="tag_name" type="text" name="tag" placeholder="Tag" value="" />
-        <br />
-        <input id="tag_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
-        <br />
-        <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
-      </form>
-    </div>
-    <div class="box text-align: center;">
-      <form action="tools.php" method="POST">
-        <input type="hidden" name="action" value="freeleech" />
-        <input type="hidden" name="type" value="global" />
-        <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
-        <strong>Global Freeleech</strong>
-        <br />
-        <input id="global_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
-        <br />
-        <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
-    </div>
+    View::show_header('Site-Wide Freeleech'); ?>
+<div>
+  <div class="box text-align: center;">
+    <strong>Make sure you run the indexer after using either of these tools, or torrents may disappear from search until
+      the indexer runs.</strong>
+  </div>
+  <div class="box text-align: center;">
+    <form action="tools.php" method="POST">
+      <input type="hidden" name="action" value="freeleech" />
+      <input type="hidden" name="type" value="tag">
+      <input type="hidden" name="auth"
+        value="<?=$LoggedUser['AuthKey']?>" />
+      <strong>Single Tag Freeleech</strong>
+      <br />
+      <input id="tag_name" type="text" name="tag" placeholder="Tag" value="" />
+      <br />
+      <input id="tag_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
+      <br />
+      <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
+    </form>
+  </div>
+  <div class="box text-align: center;">
+    <form action="tools.php" method="POST">
+      <input type="hidden" name="action" value="freeleech" />
+      <input type="hidden" name="type" value="global" />
+      <input type="hidden" name="auth"
+        value="<?=$LoggedUser['AuthKey']?>" />
+      <strong>Global Freeleech</strong>
+      <br />
+      <input id="global_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
+      <br />
+      <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
   </div>
-  <? View::show_footer();
+</div>
+<?php View::show_footer();
 }
-?>

sections/torrents/download.php

@@ -40,10 +40,8 @@ if (!isset($_REQUEST['authkey']) || !isset($_REQUEST['torrent_pass'])) {
     }
 }
 
-$TorrentID = $_REQUEST['id'];
-if (!is_number($TorrentID)) {
-    error(0);
-}
+$TorrentID = (int) $_REQUEST['id'];
+Security::checkInt($TorrentID);
 
 /*
   uTorrent Remote and various scripts redownload .torrent files periodically.
@@ -108,7 +106,7 @@ $Artists = $Info['Artists'];
 if ($_REQUEST['usetoken'] && $FreeTorrent === '0') {
     if (isset($LoggedUser)) {
         $FLTokens = $LoggedUser['FLTokens'];
-        if ($LoggedUser['CanLeech'] !== '1') {
+        if ($LoggedUser['CanLeech'] !== 1) {
             error('You cannot use tokens while leech disabled.');
         }
     } else {

sections/userhistory/collage_subscribe.php

@@ -9,7 +9,7 @@ if (!is_number($_GET['collageid'])) {
 $CollageID = (int)$_GET['collageid'];
 
 if (!$UserSubscriptions = $Cache->get_value('collage_subs_user_'.$LoggedUser['ID'])) {
-  $DB->query('
+  $DB->prepared_query('
     SELECT CollageID
     FROM users_collage_subs
     WHERE UserID = '.db_string($LoggedUser['ID']));
@@ -18,14 +18,14 @@ if (!$UserSubscriptions = $Cache->get_value('collage_subs_user_'.$LoggedUser['ID
 }
 
 if (($Key = array_search($CollageID, $UserSubscriptions)) !== false) {
-  $DB->query('
+  $DB->prepared_query('
     DELETE FROM users_collage_subs
     WHERE UserID = '.db_string($LoggedUser['ID'])."
       AND CollageID = $CollageID");
   unset($UserSubscriptions[$Key]);
   Collages::decrease_subscriptions($CollageID);
 } else {
-  $DB->query("
+  $DB->prepared_query("
     INSERT IGNORE INTO users_collage_subs
       (UserID, CollageID, LastVisit)
     VALUES

sections/userhistory/subscribed_collages.php

@@ -39,7 +39,7 @@ if (!$ShowAll) {
     GROUP BY c.ID";
 }
 
-$DB->query($sql);
+$DB->prepared_query($sql);
 $NumResults = $DB->record_count();
 $CollageSubs = $DB->to_array();
 ?>
@@ -85,7 +85,7 @@ if (!$NumResults) {
             $TorrentTable = '';
 
             list($CollageID, $CollageName, $CollageSize, $LastVisit) = $Collage;
-            $RS = $DB->query("
+            $RS = $DB->prepared_query("
       SELECT GroupID
       FROM collages_torrents
       WHERE CollageID = $CollageID

sections/userhistory/subscriptions.php

@@ -35,7 +35,7 @@ $ShowCollapsed = (!isset($_GET['collapse']) && !isset($HeavyInfo['SubscriptionsC
  * LastReadAvatar
  * LastReadEditedUserID
  */
-$DB->query("
+$DB->prepared_query("
   (SELECT
     SQL_CALC_FOUND_ROWS
     s.`Page`,
@@ -89,7 +89,7 @@ $DB->query("
   LIMIT $Limit");
 
 $Results = $DB->to_array(false, MYSQLI_ASSOC, false);
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($NumResults) = $DB->next_record();
 
 $Debug->log_var($Results, 'Results');

sections/userhistory/thread_subscribe.php

@@ -12,7 +12,7 @@ if (!is_number($_GET['topicid'])) {
 
 $TopicID = (int)$_GET['topicid'];
 
-$DB->query("
+$DB->prepared_query("
   SELECT f.ID
   FROM forums_topics AS t
     JOIN forums AS f ON f.ID = t.ForumID

sections/userhistory/token_history.php

@@ -12,9 +12,9 @@ declare(strict_types=1);
 
 # Validate user ID
 if (isset($_GET['userid'])) {
-    $UserID = $_GET['userid'];
+    $UserID = (int) $_GET['userid'];
 } else {
-    $UserID = $LoggedUser['ID'];
+    $UserID = (int) $LoggedUser['ID'];
 }
 
 Security::checkInt($UserID);
@@ -36,8 +36,8 @@ if (isset($_GET['expire'])) {
         error(403);
     }
 
-    $UserID = $_GET['userid'];
-    $TorrentID = $_GET['torrentid'];
+    $UserID = (int) $_GET['userid'];
+    $TorrentID = (int) $_GET['torrentid'];
     Security::checkInt($UserID, $TorrentID);
 
     $DB->prepare_query("
@@ -101,7 +101,7 @@ LIMIT $Limit
 $DB->exec_prepared_query();
 
 $Tokens = $DB->to_array();
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($NumResults) = $DB->next_record();
 $Pages = Format::get_pages($Page, $NumResults, 25);
 ?>
@@ -144,10 +144,12 @@ foreach ($Tokens as $Token) {
         $Name = "(<i>Deleted torrent <a href='log.php?search=Torrent+$TorrentID'>$TorrentID</a></i>)";
     }
 
+    /*
     $ArtistName = Artists::display_artists($Artists[$GroupID]);
     if ($ArtistName) {
         $Name = $ArtistName.$Name;
-    } ?>
+    }
+    */ ?>
 
   <tr class="row">
     <td>

static/styles/global/scss/skeleton-fixes.scss

@@ -90,6 +90,7 @@ legend {
 /* edit collage */ table.collage_edit,
 /* forum lists */ table.forum_index,
 /* notif filters */ form[name="notification"],
+/* service stats */ div.permission_container,
 /* GENERIC */ table.skeleton-fix {
     td {
         border-bottom: 0 !important;