Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
Browse Source

Use prepared queries for subscriptions, collages, and some tools; fix minor bugs

biotorrents 4 years ago
parent
f7c0a57e33
commit
881b17cd1e
19 changed files with 245 additions and 204 deletions
Unified View Show Diff Stats
  1. 2
    2
      sections/collages/torrent_collage.php
  2. 9
    5
      sections/tools/data/database_specifics.php
  3. 8
    8
      sections/tools/data/economic_stats.php
  4. 5
    5
      sections/tools/data/torrent_stats.php
  5. 17
    17
      sections/tools/development/misc_values.php
  6. 4
    0
      sections/tools/development/render_build_preview.js
  7. 36
    27
      sections/tools/development/rerender_gallery.php
  8. 1
    1
      sections/tools/development/service_stats.php
  9. 13
    13
      sections/tools/index.php
  10. 3
    3
      sections/tools/managers/news.php
  11. 1
    1
      sections/tools/managers/permissions_list.php
  12. 126
    103
      sections/tools/managers/sitewide_freeleech.php
  13. 3
    5
      sections/torrents/download.php
  14. 3
    3
      sections/userhistory/collage_subscribe.php
  15. 2
    2
      sections/userhistory/subscribed_collages.php
  16. 2
    2
      sections/userhistory/subscriptions.php
  17. 1
    1
      sections/userhistory/thread_subscribe.php
  18. 8
    6
      sections/userhistory/token_history.php
  19. 1
    0
      static/styles/global/scss/skeleton-fixes.scss

+ 2
- 2
sections/collages/torrent_collage.php View File

8
8
9 
 // Build the data for the collage and the torrent list
 9 
 // Build the data for the collage and the torrent list
10 
 // todo: Cache this
 10 
 // todo: Cache this
11 
-$DB->query("
11 
+$DB->prepared_query("
12 
 SELECT
 12 
 SELECT
13 
   ct.`GroupID`,
 13 
   ct.`GroupID`,
14 
   ct.`UserID`
 14 
   ct.`UserID`
15 
 FROM `collages_torrents` AS ct
 15 
 FROM `collages_torrents` AS ct
16 
-  JOIN `torrents_group` AS tg ON tg.`ID` = ct.`GroupID`
16 
+  JOIN `torrents_group` AS tg ON tg.`id` = ct.`GroupID`
17 
 WHERE ct.`CollageID` = '$CollageID'
 17 
 WHERE ct.`CollageID` = '$CollageID'
18 
 ORDER BY ct.`Sort`
 18 
 ORDER BY ct.`Sort`
19 
 ");
 19 
 ");

+ 9
- 5
sections/tools/data/database_specifics.php View File

5
5
6 
 // View schemas
 6 
 // View schemas
7 
 if (!empty($_GET['table'])) {
 7 
 if (!empty($_GET['table'])) {
8 
-    $DB->query('SHOW TABLES');
8 
+    $DB->prepared_query('SHOW TABLES');
9 
     $Tables =$DB->collect('Tables_in_'.$ENV->getPriv('SQLDB'));
 9 
     $Tables =$DB->collect('Tables_in_'.$ENV->getPriv('SQLDB'));
10
10
11 
     if (!in_array($_GET['table'], $Tables)) {
 11 
     if (!in_array($_GET['table'], $Tables)) {
12 
         error(0);
 12 
         error(0);
13 
     }
 13 
     }
14
14
15 
-    $DB->query('SHOW CREATE TABLE '.db_string($_GET['table']));
15 
+    $DB->prepared_query('SHOW CREATE TABLE '.db_string($_GET['table']));
16 
     list(, $Schema) = $DB->next_record(MYSQLI_NUM, false);
 16 
     list(, $Schema) = $DB->next_record(MYSQLI_NUM, false);
17 
     header('Content-type: text/plain');
 17 
     header('Content-type: text/plain');
18 
     error($Schema);
 18 
     error($Schema);
20
20
21 
 // Cache the tables for 4 hours, makes sorting faster
 21 
 // Cache the tables for 4 hours, makes sorting faster
22 
 if (!$Tables = $Cache->get_value('database_table_stats')) {
 22 
 if (!$Tables = $Cache->get_value('database_table_stats')) {
23 
-    $DB->query('SHOW TABLE STATUS');
23 
+    $DB->prepared_query('SHOW TABLE STATUS');
24 
     $Tables =$DB->to_array();
 24 
     $Tables =$DB->to_array();
25 
     $Cache->cache_value('database_table_stats', $Tables, 3600 * 4);
 25 
     $Cache->cache_value('database_table_stats', $Tables, 3600 * 4);
26 
 }
 26 
 }
146 
           Size
 146 
           Size
147 
       </td>
 147 
       </td>
148
148
149 
+      <!--
149 
       <td>
 150 
       <td>
150 
         Tools
 151 
         Tools
151 
       </td>
 152 
       </td>
153 
+      -->
152 
     </tr>
 154 
     </tr>
153
155
154 
     <?php
 156 
     <?php
191 
         <?=Format::get_size($DataSize + $IndexSize)?>
 193 
         <?=Format::get_size($DataSize + $IndexSize)?>
192 
       </td>
 194 
       </td>
193
195
196 
+      <!--
194 
       <td>
 197 
       <td>
195 
-        <a href="tools.php?action=database_specifics&table=<?=display_str($Name)?>"
196 
-          class="brackets">Schema</a>
198 
+        <a href="tools.php?action=database_specifics&table=<?=null#display_str($Name)?>"
199 
+      class="brackets">Schema</a>
197 
       </td>
 200 
       </td>
201 
+      -->
198 
     </tr>
 202 
     </tr>
199 
     <?php
 203 
     <?php
200 
 }
 204 
 }

+ 8
- 8
sections/tools/data/economic_stats.php View File

43 
 View::show_header('Economy');
 43 
 View::show_header('Economy');
44
44
45 
 if (!$EconomicStats = $Cache->get_value('new_economic_stats')) {
 45 
 if (!$EconomicStats = $Cache->get_value('new_economic_stats')) {
46 
-    $DB->query("
46 
+    $DB->prepared_query("
47 
       SELECT SUM(Uploaded), SUM(Downloaded), COUNT(ID)
 47 
       SELECT SUM(Uploaded), SUM(Downloaded), COUNT(ID)
48 
       FROM users_main
 48 
       FROM users_main
49 
       WHERE Enabled = '1'");
 49 
       WHERE Enabled = '1'");
50 
     list($TotalUpload, $TotalDownload, $NumUsers) = $DB->next_record();
 50 
     list($TotalUpload, $TotalDownload, $NumUsers) = $DB->next_record();
51
51
52 
-    $DB->query("
52 
+    $DB->prepared_query("
53 
       SELECT SUM(Bounty)
 53 
       SELECT SUM(Bounty)
54 
       FROM requests_votes");
 54 
       FROM requests_votes");
55 
     list($TotalBounty) = $DB->next_record();
 55 
     list($TotalBounty) = $DB->next_record();
56
56
57 
-    $DB->query("
57 
+    $DB->prepared_query("
58 
       SELECT SUM(rv.Bounty)
 58 
       SELECT SUM(rv.Bounty)
59 
       FROM requests_votes AS rv
 59 
       FROM requests_votes AS rv
60 
         JOIN requests AS r ON r.ID = rv.RequestID
 60 
         JOIN requests AS r ON r.ID = rv.RequestID
61 
       WHERE TorrentID > 0");
 61 
       WHERE TorrentID > 0");
62 
     list($AvailableBounty) = $DB->next_record();
 62 
     list($AvailableBounty) = $DB->next_record();
63
63
64 
-    $DB->query("
64 
+    $DB->prepared_query("
65 
       SELECT SUM(Snatched), COUNT(ID)
 65 
       SELECT SUM(Snatched), COUNT(ID)
66 
       FROM torrents");
 66 
       FROM torrents");
67 
     list($TotalSnatches, $TotalTorrents) = $DB->next_record(); // This is the total number of snatches for torrents that still exist
 67 
     list($TotalSnatches, $TotalTorrents) = $DB->next_record(); // This is the total number of snatches for torrents that still exist
68
68
69 
-    $DB->query("
69 
+    $DB->prepared_query("
70 
       SELECT COUNT(uid)
 70 
       SELECT COUNT(uid)
71 
       FROM xbt_snatched");
 71 
       FROM xbt_snatched");
72 
     list($TotalOverallSnatches) = $DB->next_record();
 72 
     list($TotalOverallSnatches) = $DB->next_record();
73
73
74 
     if (($PeerStats = $Cache->get_value('stats_peers')) === false) {
 74 
     if (($PeerStats = $Cache->get_value('stats_peers')) === false) {
75 
-        $DB->query("
75 
+        $DB->prepared_query("
76 
           SELECT COUNT(fid)
 76 
           SELECT COUNT(fid)
77 
           FROM xbt_files_users
 77 
           FROM xbt_files_users
78 
           WHERE remaining = 0");
 78 
           WHERE remaining = 0");
79 
         list($TotalSeeders) = $DB->next_record();
 79 
         list($TotalSeeders) = $DB->next_record();
80
80
81 
-        $DB->query("
81 
+        $DB->prepared_query("
82 
           SELECT COUNT(fid)
 82 
           SELECT COUNT(fid)
83 
           FROM xbt_files_users
 83 
           FROM xbt_files_users
84 
           WHERE remaining > 0");
 84 
           WHERE remaining > 0");
88 
     }
 88 
     }
89
89
90 
     $TotalPeers = $TotalLeechers + $TotalSeeders;
 90 
     $TotalPeers = $TotalLeechers + $TotalSeeders;
91 
-    $DB->query("
91 
+    $DB->prepared_query("
92 
       SELECT COUNT(ID)
 92 
       SELECT COUNT(ID)
93 
       FROM users_main
 93 
       FROM users_main
94 
       WHERE (
 94 
       WHERE (

+ 5
- 5
sections/tools/data/torrent_stats.php View File

8 
 View::show_header('Torrents');
 8 
 View::show_header('Torrents');
9
9
10 
 if (!$TorrentStats = $Cache->get_value('new_torrent_stats')) {
 10 
 if (!$TorrentStats = $Cache->get_value('new_torrent_stats')) {
11 
-    $DB->query("
11 
+    $DB->prepared_query("
12 
     SELECT COUNT(ID), SUM(Size), SUM(FileCount)
 12 
     SELECT COUNT(ID), SUM(Size), SUM(FileCount)
13 
     FROM torrents");
 13 
     FROM torrents");
14 
     list($TorrentCount, $TotalSize, $TotalFiles) = $DB->next_record();
 14 
     list($TorrentCount, $TotalSize, $TotalFiles) = $DB->next_record();
15
15
16 
-    $DB->query("
16 
+    $DB->prepared_query("
17 
     SELECT COUNT(ID)
 17 
     SELECT COUNT(ID)
18 
     FROM users_main
 18 
     FROM users_main
19 
     WHERE Enabled = '1'");
 19 
     WHERE Enabled = '1'");
20 
     list($NumUsers) = $DB->next_record();
 20 
     list($NumUsers) = $DB->next_record();
21
21
22 
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 1 DAY)");
22 
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 1 DAY)");
23 
     list($DayNum, $DaySize, $DayFiles) = $DB->next_record();
 23 
     list($DayNum, $DaySize, $DayFiles) = $DB->next_record();
24
24
25 
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 7 DAY)");
25 
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 7 DAY)");
26 
     list($WeekNum, $WeekSize, $WeekFiles) = $DB->next_record();
 26 
     list($WeekNum, $WeekSize, $WeekFiles) = $DB->next_record();
27
27
28 
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 30 DAY)");
28 
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 30 DAY)");
29 
     list($MonthNum, $MonthSize, $MonthFiles) = $DB->next_record();
 29 
     list($MonthNum, $MonthSize, $MonthFiles) = $DB->next_record();
30
30
31 
     $Cache->cache_value('new_torrent_stats', array($TorrentCount, $TotalSize, $TotalFiles,
 31 
     $Cache->cache_value('new_torrent_stats', array($TorrentCount, $TotalSize, $TotalFiles,

+ 17
- 17
sections/tools/development/misc_values.php View File

7
7
8 
 if (!check_perms('admin_manage_permissions')) {
 8 
 if (!check_perms('admin_manage_permissions')) {
9 
     View::show_header('Site Options');
 9 
     View::show_header('Site Options');
10 
-    $DB->query("SELECT Name, First, Second FROM misc"); ?>
10 
+    $DB->prepared_query("SELECT Name, First, Second FROM misc"); ?>
11
11
12 
 <div class="header">
 12 
 <div class="header">
13 
   <h1>Miscellaneous Values</h1>
 13 
   <h1>Miscellaneous Values</h1>
14 
 </div>
 14 
 </div>
15
15
16 
-<table width="100%">
17 
-  <tr class="colhead">
18 
-    <td>Name</td>
19 
-    <td>First</td>
20 
-    <td>Second</td>
16 
+<table class="skeleton-fix">
17 
+  <tr>
18 
+    <th>Name</th>
19 
+    <th>First</th>
20 
+    <th>Second</th>
21 
   </tr>
 21 
   </tr>
22
22
23 
   <?php
 23 
   <?php
50
50
51 
     if ($_POST['submit'] === 'Delete') {
 51 
     if ($_POST['submit'] === 'Delete') {
52 
         $Name = db_string($_POST['name']);
 52 
         $Name = db_string($_POST['name']);
53 
-        $DB->query("DELETE FROM misc WHERE Name = '" . $Name . "'");
53 
+        $DB->prepared_query("DELETE FROM misc WHERE Name = '" . $Name . "'");
54 
     } else {
 54 
     } else {
55 
         $Val->SetFields('name', '1', 'regex', 'The name must be separated by underscores. No spaces are allowed.', array('regex' => '/^[a-z][:_a-z0-9]{0,63}$/i'));
 55 
         $Val->SetFields('name', '1', 'regex', 'The name must be separated by underscores. No spaces are allowed.', array('regex' => '/^[a-z][:_a-z0-9]{0,63}$/i'));
56 
         $Val->SetFields('first', '1', 'string', 'You must specify the first value.');
 56 
         $Val->SetFields('first', '1', 'string', 'You must specify the first value.');
66 
         $Second = db_string($_POST['second']);
 66 
         $Second = db_string($_POST['second']);
67
67
68 
         if ($_POST['submit'] === 'Edit') {
 68 
         if ($_POST['submit'] === 'Edit') {
69 
-            $DB->query("SELECT Name FROM misc WHERE ID = '" . db_string($_POST['id']) . "'");
69 
+            $DB->prepared_query("SELECT Name FROM misc WHERE ID = '" . db_string($_POST['id']) . "'");
70 
             list($OldName) = $DB->next_record();
 70 
             list($OldName) = $DB->next_record();
71
71
72 
-            $DB->query("
72 
+            $DB->prepared_query("
73 
               UPDATE misc
 73 
               UPDATE misc
74 
               SET
 74 
               SET
75 
                 Name = '$Name',
 75 
                 Name = '$Name',
78 
               WHERE ID = '" . db_string($_POST['id']) . "'
 78 
               WHERE ID = '" . db_string($_POST['id']) . "'
79 
             ");
 79 
             ");
80 
         } else {
 80 
         } else {
81 
-            $DB->query("
81 
+            $DB->prepared_query("
82 
               INSERT INTO misc (Name, First, Second)
 82 
               INSERT INTO misc (Name, First, Second)
83 
               VALUES ('$Name', '$First', '$Second')
 83 
               VALUES ('$Name', '$First', '$Second')
84 
             ");
 84 
             ");
86 
     }
 86 
     }
87 
 }
 87 
 }
88
88
89 
-$DB->query("
89 
+$DB->prepared_query("
90 
   SELECT
 90 
   SELECT
91 
     ID,
 91 
     ID,
92 
     Name,
 92 
     Name,
125 
         </td>
 125 
         </td>
126
126
127 
         <td>
 127 
         <td>
128 
-          <input type="text" size="60" name="first" />
128 
+          <input type="text" size="50" name="first" />
129 
         </td>
 129 
         </td>
130
130
131 
         <td>
 131 
         <td>
132 
-          <input type="text" size="60" name="second" />
132 
+          <input type="text" size="50" name="second" />
133 
         </td>
 133 
         </td>
134
134
135 
         <td>
 135 
         <td>
136 
-          <input type="submit" name="submit" value="Create" />
136 
+          <input type="submit" name="submit" class="button-primary" value="Create" />
137 
         </td>
 137 
         </td>
138 
       </form>
 138 
       </form>
139 
     </tr>
 139 
     </tr>
154 
         </td>
 154 
         </td>
155
155
156 
         <td>
 156 
         <td>
157 
-          <input type="text" size="60" name="first"
157 
+          <input type="text" size="50" name="first"
158 
             value="<?=$First?>" />
 158 
             value="<?=$First?>" />
159 
         </td>
 159 
         </td>
160
160
161 
         <td>
 161 
         <td>
162 
-          <input type="text" size="60" name="second"
162 
+          <input type="text" size="50" name="second"
163 
             value="<?=$Second?>" />
 163 
             value="<?=$Second?>" />
164 
         </td>
 164 
         </td>
165
165
166 
         <td>
 166 
         <td>
167 
-          <input type="submit" name="submit" value="Edit" />
167 
+          <input type="submit" name="submit" class="button-primary" value="Edit" />
168 
           <input type="submit" name="submit" value="Delete" />
 168 
           <input type="submit" name="submit" value="Delete" />
169 
         </td>
 169 
         </td>
170 
       </form>
 170 
       </form>

+ 4
- 0
sections/tools/development/render_build_preview.js View File

14 
   console.log(JSON.stringify(returnStatus));
 14 
   console.log(JSON.stringify(returnStatus));
15 
   phantom.exit();
 15 
   phantom.exit();
16 
 }
 16 
 }
17 
+
17 
 fs.changeWorkingDirectory(toolsMiscPath);
 18 
 fs.changeWorkingDirectory(toolsMiscPath);
18 
 if (!fs.exists('render_base.html')) {
 19 
 if (!fs.exists('render_base.html')) {
19 
   // Rendering base doesn't exist, who broke things?
 20 
   // Rendering base doesn't exist, who broke things?
28 
     width: 1200,
 29 
     width: 1200,
29 
     height: 1000
 30 
     height: 1000
30 
   };
 31 
   };
32 
+
31 
   // Switch to specific stylesheet subdirectory
 33 
   // Switch to specific stylesheet subdirectory
32 
   fs.changeWorkingDirectory(rootPath + '/' + staticPath + 'styles/' + system.args[3] + '/');
 34 
   fs.changeWorkingDirectory(rootPath + '/' + staticPath + 'styles/' + system.args[3] + '/');
33 
   if (!fs.isWritable(fs.workingDirectory)) {
 35 
   if (!fs.isWritable(fs.workingDirectory)) {
36 
     console.log(JSON.stringify(returnStatus));
 38 
     console.log(JSON.stringify(returnStatus));
37 
     phantom.exit();
 39 
     phantom.exit();
38 
   }
 40 
   }
41 
+
39 
   fs.write('preview.html', page.content, 'w');
 42 
   fs.write('preview.html', page.content, 'w');
40 
   if (!fs.isFile('preview.html')) {
 43 
   if (!fs.isFile('preview.html')) {
41 
     // Failed to store specific preview file.
 44 
     // Failed to store specific preview file.
43 
     console.log(JSON.stringify(returnStatus));
 46 
     console.log(JSON.stringify(returnStatus));
44 
     phantom.exit();
 47 
     phantom.exit();
45 
   }
 48 
   }
49 
+
46 
   page.close();
 50 
   page.close();
47 
   returnStatus.status = 0;
 51 
   returnStatus.status = 0;
48 
   console.log(JSON.stringify(returnStatus));
 52 
   console.log(JSON.stringify(returnStatus));

+ 36
- 27
sections/tools/development/rerender_gallery.php View File

1 
-<?
2 
-/*
1 
+<?php
2 
+#declare(strict_types=1);
3 
+
4 
+/**
3 
  * This page creates previews of all supported stylesheets
 5 
  * This page creates previews of all supported stylesheets
4 
  * SERVER_ROOT . '/' . STATIC_SERVER . 'styles/preview' must exist and be writable
 6 
  * SERVER_ROOT . '/' . STATIC_SERVER . 'styles/preview' must exist and be writable
5 
  * Dependencies are PhantomJS (http://phantomjs.org/) and
 7 
  * Dependencies are PhantomJS (http://phantomjs.org/) and
6 
  * ImageMagick (http://www.imagemagick.org/script/index.php)
 8 
  * ImageMagick (http://www.imagemagick.org/script/index.php)
7 
  */
 9 
  */
10 
+
8 
 View::show_header('Rerender stylesheet gallery images');
 11 
 View::show_header('Rerender stylesheet gallery images');
9 
-$DB->query('
12 
+$DB->prepared_query('
10 
   SELECT
 13 
   SELECT
11 
     ID,
 14 
     ID,
12 
     LOWER(REPLACE(Name," ","_")) AS Name,
 15 
     LOWER(REPLACE(Name," ","_")) AS Name,
21 
     <div class="box box_info">
 24 
     <div class="box box_info">
22 
       <div class="head colhead_dark">Rendering parameters</div>
 25 
       <div class="head colhead_dark">Rendering parameters</div>
23 
       <ul class="stats nobullet">
 26 
       <ul class="stats nobullet">
24 
-        <li>Server root: <?= var_dump(SERVER_ROOT); ?></li>
25 
-        <li>Static server: <?= var_dump(STATIC_SERVER); ?></li>
26 
-        <li>Whoami: <? echo(shell_exec('whoami')); ?></li>
27 
-        <li>Path: <? echo dirname(__FILE__); ?></li>
28 
-        <li>Phantomjs ver: <? echo (shell_exec('/usr/bin/phantomjs -v;')); ?></li>
27 
+        <li>Server root: <?= var_dump(SERVER_ROOT); ?>
28 
+        </li>
29 
+        <li>Static server: <?= var_dump(STATIC_SERVER); ?>
30 
+        </li>
31 
+        <li>Whoami: <?php echo(shell_exec('whoami')); ?>
32 
+        </li>
33 
+        <li>Path: <?php echo dirname(__FILE__); ?>
34 
+        </li>
35 
+        <li>Phantomjs ver: <?php echo(shell_exec('/usr/bin/phantomjs -v')); ?>
36 
+        </li>
29 
       </ul>
 37 
       </ul>
30 
     </div>
 38 
     </div>
31 
   </div>
 39 
   </div>
40 
     <div class="box">
 48 
     <div class="box">
41 
       <div class="head">Rendering status</div>
 49 
       <div class="head">Rendering status</div>
42 
       <div class="pad">
 50 
       <div class="pad">
43 
-<?
51 
+        <?php
44 
 //set_time_limit(0);
 52 
 //set_time_limit(0);
45 
 foreach ($Styles as $Style) {
 53 
 foreach ($Styles as $Style) {
46 
-?>
54 
+    ?>
47 
         <div class="box">
 55 
         <div class="box">
48 
-          <h6><?= $Style['Name'] ?></h6>
56 
+          <h6><?= $Style['Name'] ?>
57 
+          </h6>
49 
           <p>Build preview:
 58 
           <p>Build preview:
50 
-<?
59 
+            <?php
51 
   $CmdLine = '/usr/bin/phantomjs "' . dirname(__FILE__) . '/render_build_preview.js" "' . SERVER_ROOT . '" "' . STATIC_SERVER . '" "' . $Style['Name'] . '" "' . dirname(__FILE__) . '"';
 60 
   $CmdLine = '/usr/bin/phantomjs "' . dirname(__FILE__) . '/render_build_preview.js" "' . SERVER_ROOT . '" "' . STATIC_SERVER . '" "' . $Style['Name'] . '" "' . dirname(__FILE__) . '"';
52 
-  $BuildResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
53 
-  switch ($BuildResult['status']) {
61 
+    $BuildResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
62 
+    switch ($BuildResult['status']) {
54 
     case 0:
 63 
     case 0:
55 
       echo 'Success.';
 64 
       echo 'Success.';
56 
       break;
 65 
       break;
68 
       break;
 77 
       break;
69 
     default:
 78 
     default:
70 
       echo 'Err: Unknown error returned';
 79 
       echo 'Err: Unknown error returned';
71 
-  }
72 
-?>
80 
+  } ?>
73 
           </p>
 81 
           </p>
74 
-<?
82 
+          <?php
75 
   //If build was successful, snap a preview.
 83 
   //If build was successful, snap a preview.
76 
   if ($BuildResult['status'] === 0) {
 84 
   if ($BuildResult['status'] === 0) {
77 
-?>
85 
+      ?>
78 
           <p>Snap preview:
 86 
           <p>Snap preview:
79 
-<?
87 
+            <?php
80 
     $CmdLine = '/usr/bin/phantomjs "' . dirname(__FILE__) . '/render_snap_preview.js" "' . SERVER_ROOT . '" "' . STATIC_SERVER . '" "' . $Style['Name'] . '" "' . dirname(__FILE__) . '"';
 88 
     $CmdLine = '/usr/bin/phantomjs "' . dirname(__FILE__) . '/render_snap_preview.js" "' . SERVER_ROOT . '" "' . STATIC_SERVER . '" "' . $Style['Name'] . '" "' . dirname(__FILE__) . '"';
81 
-    $SnapResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
82 
-    switch ($SnapResult['status']) {
89 
+      $SnapResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
90 
+      switch ($SnapResult['status']) {
83 
       case 0:
 91 
       case 0:
84 
         echo 'Success.';
 92 
         echo 'Success.';
85 
         $CmdLine = '/usr/bin/convert "' . $ImagePath . '/full_' . $Style['Name'] . '.png" -filter Box -resize 40% -quality 94 "' . $ImagePath . '/thumb_' . $Style['Name'] . '.png"';
 93 
         $CmdLine = '/usr/bin/convert "' . $ImagePath . '/full_' . $Style['Name'] . '.png" -filter Box -resize 40% -quality 94 "' . $ImagePath . '/thumb_' . $Style['Name'] . '.png"';
86 
         $ResizeResult = shell_exec(escapeshellcmd($CmdLine));
 94 
         $ResizeResult = shell_exec(escapeshellcmd($CmdLine));
87 
         if ($ResizeResult !== null) {
 95 
         if ($ResizeResult !== null) {
88 
-          echo ' But failed to resize image';
96 
+            echo ' But failed to resize image';
89 
         }
 97 
         }
90 
         break;
 98 
         break;
91 
       case -1:
 99 
       case -1:
108 
         break;
 116 
         break;
109 
       default:
 117 
       default:
110 
         echo 'Err: Unknown error returned.';
 118 
         echo 'Err: Unknown error returned.';
111 
-    }
112 
-?>
119 
+    } ?>
113 
           </p>
 120 
           </p>
114 
-<?php } ?>
121 
+          <?php
122 
+  } ?>
115 
         </div>
 123 
         </div>
116 
-<? } ?>
124 
+        <?php
125 
+} ?>
117 
       </div>
 126 
       </div>
118 
     </div>
 127 
     </div>
119 
   </div>
 128 
   </div>
120 
 </div>
 129 
 </div>
121 
-<?
130 
+<?php
122 
 View::show_footer();
 131 
 View::show_footer();

+ 1
- 1
sections/tools/development/service_stats.php View File

10 
     $Cache->flush();
 10 
     $Cache->flush();
11 
 }
 11 
 }
12
12
13 
-$DB->query('SHOW GLOBAL STATUS');
13 
+$DB->prepared_query('SHOW GLOBAL STATUS');
14 
 $DBStats = $DB->to_array('Variable_name');
 14 
 $DBStats = $DB->to_array('Variable_name');
15 
 $MemStats = $Cache->getStats();
 15 
 $MemStats = $Cache->getStats();
16
16

+ 13
- 13
sections/tools/index.php View File

125 
     }
 125 
     }
126
126
127 
     if (is_number($_POST['newsid'])) {
 127 
     if (is_number($_POST['newsid'])) {
128 
-        $DB->query("
128 
+        $DB->prepared_query("
129 
           UPDATE news
 129 
           UPDATE news
130 
           SET Title = '".db_string($_POST['title'])."',
 130 
           SET Title = '".db_string($_POST['title'])."',
131 
             Body = '".db_string($_POST['body'])."'
 131 
             Body = '".db_string($_POST['body'])."'
144
144
145 
     if (is_number($_GET['id'])) {
 145 
     if (is_number($_GET['id'])) {
146 
         authorize();
 146 
         authorize();
147 
-        $DB->query("
147 
+        $DB->prepared_query("
148 
           DELETE FROM news
 148 
           DELETE FROM news
149 
           WHERE ID = '".db_string($_GET['id'])."'");
 149 
           WHERE ID = '".db_string($_GET['id'])."'");
150
150
166 
         error(403);
 166 
         error(403);
167 
     }
 167 
     }
168
168
169 
-    $DB->query("
169 
+    $DB->prepared_query("
170 
       INSERT INTO news (UserID, Title, Body, Time)
 170 
       INSERT INTO news (UserID, Title, Body, Time)
171 
       VALUES ('$LoggedUser[ID]', '".db_string($_POST['title'])."', '".db_string($_POST['body'])."', NOW())");
 171 
       VALUES ('$LoggedUser[ID]', '".db_string($_POST['title'])."', '".db_string($_POST['body'])."', NOW())");
172
172
225 
         //$Val->SetFields('test', true, 'number', 'You did not enter a valid level for this permission set.');
 225 
         //$Val->SetFields('test', true, 'number', 'You did not enter a valid level for this permission set.');
226
226
227 
         if (is_numeric($_REQUEST['id'])) {
 227 
         if (is_numeric($_REQUEST['id'])) {
228 
-            $DB->query("
228 
+            $DB->prepared_query("
229 
               SELECT p.ID, p.Name, p.Abbreviation, p.Level, p.Secondary, p.PermittedForums, p.Values, p.DisplayStaff, COUNT(u.ID)
 229 
               SELECT p.ID, p.Name, p.Abbreviation, p.Level, p.Secondary, p.PermittedForums, p.Values, p.DisplayStaff, COUNT(u.ID)
230 
               FROM permissions AS p
 230 
               FROM permissions AS p
231 
                 LEFT JOIN users_main AS u ON u.PermissionID = p.ID
 231 
                 LEFT JOIN users_main AS u ON u.PermissionID = p.ID
244 
             $Err = $Val->ValidateForm($_POST);
 244 
             $Err = $Val->ValidateForm($_POST);
245
245
246 
             if (!is_numeric($_REQUEST['id'])) {
 246 
             if (!is_numeric($_REQUEST['id'])) {
247 
-                $DB->query("
247 
+                $DB->prepared_query("
248 
                   SELECT ID
 248 
                   SELECT ID
249 
                   FROM permissions
 249 
                   FROM permissions
250 
                   WHERE Level = '".db_string($_REQUEST['level'])."'");
 250 
                   WHERE Level = '".db_string($_REQUEST['level'])."'");
272
272
273 
             if (!$Err) {
 273 
             if (!$Err) {
274 
                 if (!is_numeric($_REQUEST['id'])) {
 274 
                 if (!is_numeric($_REQUEST['id'])) {
275 
-                    $DB->query("
275 
+                    $DB->prepared_query("
276 
                       INSERT INTO permissions (Level, Name, Abbreviation, Secondary, PermittedForums, `Values`, DisplayStaff)
 276 
                       INSERT INTO permissions (Level, Name, Abbreviation, Secondary, PermittedForums, `Values`, DisplayStaff)
277 
                       VALUES ('".db_string($Level)."',
 277 
                       VALUES ('".db_string($Level)."',
278 
                         '".db_string($Name)."',
 278 
                         '".db_string($Name)."',
282 
                         '".db_string(serialize($Values))."',
 282 
                         '".db_string(serialize($Values))."',
283 
                         '".db_string($DisplayStaff)."')");
 283 
                         '".db_string($DisplayStaff)."')");
284 
                 } else {
 284 
                 } else {
285 
-                    $DB->query("
285 
+                    $DB->prepared_query("
286 
                       UPDATE permissions
 286 
                       UPDATE permissions
287 
                       SET Level = '".db_string($Level)."',
 287 
                       SET Level = '".db_string($Level)."',
288 
                         Name = '".db_string($Name)."',
 288 
                         Name = '".db_string($Name)."',
295
295
296 
                     $Cache->delete_value('perm_'.$_REQUEST['id']);
 296 
                     $Cache->delete_value('perm_'.$_REQUEST['id']);
297 
                     if ($Secondary) {
 297 
                     if ($Secondary) {
298 
-                        $DB->query("
298 
+                        $DB->prepared_query("
299 
                           SELECT DISTINCT UserID
 299 
                           SELECT DISTINCT UserID
300 
                           FROM users_levels
 300 
                           FROM users_levels
301 
                           WHERE PermissionID = ".db_string($_REQUEST['id']));
 301 
                           WHERE PermissionID = ".db_string($_REQUEST['id']));
314 
         include SERVER_ROOT.'/sections/tools/managers/permissions_alter.php';
 314 
         include SERVER_ROOT.'/sections/tools/managers/permissions_alter.php';
315 
     } else {
 315 
     } else {
316 
         if (!empty($_REQUEST['removeid'])) {
 316 
         if (!empty($_REQUEST['removeid'])) {
317 
-            $DB->query("
317 
+            $DB->prepared_query("
318 
               DELETE FROM permissions
 318 
               DELETE FROM permissions
319 
               WHERE ID = '".db_string($_REQUEST['removeid'])."'");
 319 
               WHERE ID = '".db_string($_REQUEST['removeid'])."'");
320
320
321 
-            $DB->query("
321 
+            $DB->prepared_query("
322 
               SELECT UserID
 322 
               SELECT UserID
323 
               FROM users_levels
 323 
               FROM users_levels
324 
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
 324 
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
327 
                 $Cache->delete_value("user_info_$UserID");
 327 
                 $Cache->delete_value("user_info_$UserID");
328 
                 $Cache->delete_value("user_info_heavy_$UserID");
 328 
                 $Cache->delete_value("user_info_heavy_$UserID");
329 
             }
 329 
             }
330 
-            $DB->query("
330 
+            $DB->prepared_query("
331 
               DELETE FROM users_levels
 331 
               DELETE FROM users_levels
332 
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
 332 
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
333
333
334 
-            $DB->query("
334 
+            $DB->prepared_query("
335 
               SELECT ID
 335 
               SELECT ID
336 
               FROM users_main
 336 
               FROM users_main
337 
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
 337 
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
341 
                 $Cache->delete_value("user_info_heavy_$UserID");
 341 
                 $Cache->delete_value("user_info_heavy_$UserID");
342 
             }
 342 
             }
343
343
344 
-            $DB->query("
344 
+            $DB->prepared_query("
345 
               UPDATE users_main
 345 
               UPDATE users_main
346 
               SET PermissionID = '".USER."'
 346 
               SET PermissionID = '".USER."'
347 
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
 347 
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");

+ 3
- 3
sections/tools/managers/news.php View File

21 
     if (is_number($_POST['newsid'])) {
 21 
     if (is_number($_POST['newsid'])) {
22 
         authorize();
 22 
         authorize();
23
23
24 
-        $DB->query("
24 
+        $DB->prepared_query("
25 
         UPDATE news
 25 
         UPDATE news
26 
         SET Title = '".db_string($_POST['title'])."', Body = '".db_string($_POST['body'])."'
 26 
         SET Title = '".db_string($_POST['title'])."', Body = '".db_string($_POST['body'])."'
27 
         WHERE ID = '".db_string($_POST['newsid'])."'");
 27 
         WHERE ID = '".db_string($_POST['newsid'])."'");
36 
   case 'editnews':
 36 
   case 'editnews':
37 
     if (is_number($_GET['id'])) {
 37 
     if (is_number($_GET['id'])) {
38 
         $NewsID = $_GET['id'];
 38 
         $NewsID = $_GET['id'];
39 
-        $DB->query("
39 
+        $DB->prepared_query("
40 
         SELECT Title, Body
 40 
         SELECT Title, Body
41 
         FROM news
 41 
         FROM news
42 
         WHERE ID = $NewsID");
 42 
         WHERE ID = $NewsID");
86
86
87 
   <h2>News archive</h2>
 87 
   <h2>News archive</h2>
88 
   <?php
 88 
   <?php
89 
-$DB->query('
89 
+$DB->prepared_query('
90 
   SELECT
 90 
   SELECT
91 
     ID,
 91 
     ID,
92 
     Title,
 92 
     Title,

+ 1
- 1
sections/tools/managers/permissions_list.php View File

18 
     </div>
 18 
     </div>
19 
   </div>
 19 
   </div>
20 
 <?
 20 
 <?
21 
-$DB->query("
21 
+$DB->prepared_query("
22 
   SELECT
 22 
   SELECT
23 
     p.ID,
 23 
     p.ID,
24 
     p.Name,
 24 
     p.Name,

+ 126
- 103
sections/tools/managers/sitewide_freeleech.php View File

1 
-<?
1 
+<?php
2 
+declare(strict_types=1);
3 
+
2 
 if (isset($_POST['type'])) {
 4 
 if (isset($_POST['type'])) {
3 
-  if ($_POST['type'] == 'tag') {
4 
-    authorize();
5 
-    if (!isset($_POST['tag'])) {
6 
-      error("You didn't enter a tag, dipshit.");
7 
-    }
8 
-    $Tag = db_string($_POST['tag']);
9 
-    $DB->query("
10 
-      SELECT ID
11 
-      FROM tags
12 
-      WHERE
13 
-        Name = '" . $Tag . "'");
14 
-    if ($DB->has_results()) {
15 
-      $Tag = str_replace('.', '_', $Tag);
16 
-      $DB->query("
17 
-        SELECT t.ID
18 
-        FROM torrents AS t
19 
-          JOIN torrents_group AS tg ON t.GroupID = tg.ID
20 
-        WHERE t.FreeTorrent != '2'
21 
-          AND (t.FreeLeechType = '0' OR t.FreeLeechType = '3')
22 
-          AND tg.TagList LIKE '%" . $Tag . "%'");
23 
-      if ($DB->has_results()) {
24 
-        $IDs = $DB->collect('ID');
25 
-        $Duration = db_string($_POST['duration']);
26 
-        $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
27 
-        foreach ($IDs as $ID) {
28 
-          $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
5 
+    if ($_POST['type'] === 'tag') {
6 
+        authorize();
7 
+
8 
+        if (!isset($_POST['tag'])) {
9 
+            error("You didn't enter a tag, dipshit.");
29 
         }
 10 
         }
30 
-        $Query = substr($Query, 0, strlen($Query) - 2);
31 
-        $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
32 
-        $DB->query($Query);
33
11
12 
+        $Tag = db_string($_POST['tag']);
34 
         $DB->query("
 13 
         $DB->query("
35 
-          INSERT INTO misc
36 
-            (Name, First, Second)
37 
-          VALUES
38 
-            ('" . $Tag . "', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
39 
-          ON DUPLICATE KEY UPDATE
40 
-            First = CONVERT(First, UNSIGNED INTEGER) + " . (60 * 60 * $Duration));
41 
-        Torrents::freeleech_torrents($IDs, 1, 3, false);
42 
-        echo("Success! Now run the indexer.");
43 
-      } else {
44 
-        error('No torrents with that tag exist.');
45 
-      }
46 
-    } else {
47 
-      error("That tag doesn't exist.");
48 
-    }
49 
-  } elseif ($_POST['type'] == 'global') {
50 
-    authorize();
51 
-    $DB->query("
52 
-      SELECT t.ID
53 
-      FROM torrents AS t
54 
-        JOIN torrents_group AS tg ON t.GroupID = tg.ID
55 
-      WHERE t.FreeTorrent != '2'
56 
-        AND (t.FreeLeechType = '0' OR t.FreeLeechType = '3')");
57 
-    if ($DB->has_results()) {
58 
-      $IDs = $DB->collect('ID');
59 
-      $Duration = db_string($_POST['duration']);
60 
-      $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
61 
-      foreach ($IDs as $ID) {
62 
-        $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
63 
-      }
64 
-      $Query = substr($Query, 0, strlen($Query) - 2);
65 
-      $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
66 
-      $DB->query($Query);
67 
-      $DB->query("
68 
-        INSERT INTO misc
69 
-          (Name, First, Second)
14 
+        SELECT `ID`
15 
+        FROM `tags`
16 
+        WHERE `Name` = '$Tag'
17 
+        ");
18 
+
19 
+        if ($DB->has_results()) {
20 
+            $Tag = str_replace('.', '_', $Tag);
21 
+            $DB->query("
22 
+            SELECT t.`ID`
23 
+            FROM `torrents` AS t
24 
+            JOIN `torrents_group` AS tg ON t.`GroupID` = tg.`id`
25 
+            WHERE t.`FreeTorrent` != '2'
26 
+            AND (t.`FreeLeechType` = '0' OR t.`FreeLeechType` = '3')
27 
+            AND tg.`tag_list` LIKE '%$Tag%'
28 
+            ");
29 
+
30 
+            if ($DB->has_results()) {
31 
+                $IDs = $DB->collect('ID');
32 
+                $Duration = db_string($_POST['duration']);
33 
+                $Query = "INSERT IGNORE INTO `shop_freeleeches` (TorrentID, ExpiryTime) VALUES ";
34 
+
35 
+                foreach ($IDs as $ID) {
36 
+                    $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
37 
+                }
38 
+
39 
+                $Query = substr($Query, 0, strlen($Query) - 2);
40 
+                $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
41 
+                $DB->query($Query);
42 
+
43 
+                $DB->query(
44 
+                    "
45 
+                INSERT INTO `misc`
46 
+                  (Name, First, Second)
47 
+                VALUES
48 
+                  ('$Tag', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
49 
+                ON DUPLICATE KEY UPDATE
50 
+                  `First` = CONVERT(`First`, UNSIGNED INTEGER) + " . (60 * 60 * $Duration)
51 
+                );
52 
+
53 
+                Torrents::freeleech_torrents($IDs, 1, 3, false);
54 
+                echo("Success! Now run the indexer.");
55 
+            } else {
56 
+                error('No torrents with that tag exist.');
57 
+            }
58 
+        } else {
59 
+            error("That tag doesn't exist.");
60 
+        }
61 
+    } elseif ($_POST['type'] === 'global') {
62 
+        authorize();
63 
+
64 
+        $DB->query("
65 
+        SELECT t.`ID`
66 
+        FROM `torrents` AS t
67 
+        JOIN `torrents_group` AS tg ON t.`GroupID` = tg.`id`
68 
+        WHERE t.`FreeTorrent` != '2'
69 
+        AND (t.`FreeLeechType` = '0' OR t.`FreeLeechType` = '3')
70 
+        ");
71 
+
72 
+        if ($DB->has_results()) {
73 
+            $IDs = $DB->collect('ID');
74 
+            $Duration = db_string($_POST['duration']);
75 
+            $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
76 
+
77 
+            foreach ($IDs as $ID) {
78 
+                $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
79 
+            }
80 
+
81 
+            $Query = substr($Query, 0, strlen($Query) - 2);
82 
+            $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
83 
+            $DB->query($Query);
84 
+
85 
+            $DB->query(
86 
+                "
87 
+        INSERT INTO `misc`
88 
+          (`Name`, `First`, `Second`)
70 
         VALUES
 89 
         VALUES
71 
           ('global', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
 90 
           ('global', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
72 
         ON DUPLICATE KEY UPDATE
 91 
         ON DUPLICATE KEY UPDATE
73 
-          First = CONVERT(First, UNSIGNED INTEGER) + " . (60 * 60 * $Duration));
74 
-      Torrents::freeleech_torrents($IDs, 1, 3, false);
75 
-      echo("Success! Now run the indexer.");
76 
-    } else {
77 
-      error("RIP Oppaitime");
92 
+          `First` = CONVERT(`First`, UNSIGNED INTEGER) + " . (60 * 60 * $Duration)
93 
+            );
94 
+
95 
+            Torrents::freeleech_torrents($IDs, 1, 3, false);
96 
+            echo("Success! Now run the indexer.");
97 
+        } else {
98 
+            error("RIP Oppaitime");
99 
+        }
78 
     }
 100 
     }
79 
-  }
80 
 } else {
 101 
 } else {
81 
-  View::show_header('Site-Wide Freeleech'); ?>
82 
-  <div>
83 
-    <div class="box text-align: center;">
84 
-      <strong>Make sure you run the indexer after using either of these tools, or torrents may disappear from search until the indexer runs.</strong>
85 
-    </div>
86 
-    <div class="box text-align: center;">
87 
-      <form action="tools.php" method="POST">
88 
-        <input type="hidden" name="action" value="freeleech" />
89 
-        <input type="hidden" name="type" value="tag">
90 
-        <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
91 
-        <strong>Single Tag Freeleech</strong>
92 
-        <br />
93 
-        <input id="tag_name" type="text" name="tag" placeholder="Tag" value="" />
94 
-        <br />
95 
-        <input id="tag_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
96 
-        <br />
97 
-        <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
98 
-      </form>
99 
-    </div>
100 
-    <div class="box text-align: center;">
101 
-      <form action="tools.php" method="POST">
102 
-        <input type="hidden" name="action" value="freeleech" />
103 
-        <input type="hidden" name="type" value="global" />
104 
-        <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
105 
-        <strong>Global Freeleech</strong>
106 
-        <br />
107 
-        <input id="global_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
108 
-        <br />
109 
-        <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
110 
-    </div>
102 
+    View::show_header('Site-Wide Freeleech'); ?>
103 
+<div>
104 
+  <div class="box text-align: center;">
105 
+    <strong>Make sure you run the indexer after using either of these tools, or torrents may disappear from search until
106 
+      the indexer runs.</strong>
107 
+  </div>
108 
+  <div class="box text-align: center;">
109 
+    <form action="tools.php" method="POST">
110 
+      <input type="hidden" name="action" value="freeleech" />
111 
+      <input type="hidden" name="type" value="tag">
112 
+      <input type="hidden" name="auth"
113 
+        value="<?=$LoggedUser['AuthKey']?>" />
114 
+      <strong>Single Tag Freeleech</strong>
115 
+      <br />
116 
+      <input id="tag_name" type="text" name="tag" placeholder="Tag" value="" />
117 
+      <br />
118 
+      <input id="tag_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
119 
+      <br />
120 
+      <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
121 
+    </form>
122 
+  </div>
123 
+  <div class="box text-align: center;">
124 
+    <form action="tools.php" method="POST">
125 
+      <input type="hidden" name="action" value="freeleech" />
126 
+      <input type="hidden" name="type" value="global" />
127 
+      <input type="hidden" name="auth"
128 
+        value="<?=$LoggedUser['AuthKey']?>" />
129 
+      <strong>Global Freeleech</strong>
130 
+      <br />
131 
+      <input id="global_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
132 
+      <br />
133 
+      <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
111 
   </div>
 134 
   </div>
112 
-  <? View::show_footer();
135 
+</div>
136 
+<?php View::show_footer();
113 
 }
 137 
 }
114 
-?>

+ 3
- 5
sections/torrents/download.php View File

40 
     }
 40 
     }
41 
 }
 41 
 }
42
42
43 
-$TorrentID = $_REQUEST['id'];
44 
-if (!is_number($TorrentID)) {
45 
-    error(0);
46 
-}
43 
+$TorrentID = (int) $_REQUEST['id'];
44 
+Security::checkInt($TorrentID);
47
45
48 
 /*
 46 
 /*
49 
   uTorrent Remote and various scripts redownload .torrent files periodically.
 47 
   uTorrent Remote and various scripts redownload .torrent files periodically.
108 
 if ($_REQUEST['usetoken'] && $FreeTorrent === '0') {
 106 
 if ($_REQUEST['usetoken'] && $FreeTorrent === '0') {
109 
     if (isset($LoggedUser)) {
 107 
     if (isset($LoggedUser)) {
110 
         $FLTokens = $LoggedUser['FLTokens'];
 108 
         $FLTokens = $LoggedUser['FLTokens'];
111 
-        if ($LoggedUser['CanLeech'] !== '1') {
109 
+        if ($LoggedUser['CanLeech'] !== 1) {
112 
             error('You cannot use tokens while leech disabled.');
 110 
             error('You cannot use tokens while leech disabled.');
113 
         }
 111 
         }
114 
     } else {
 112 
     } else {

+ 3
- 3
sections/userhistory/collage_subscribe.php View File

9 
 $CollageID = (int)$_GET['collageid'];
 9 
 $CollageID = (int)$_GET['collageid'];
10
10
11 
 if (!$UserSubscriptions = $Cache->get_value('collage_subs_user_'.$LoggedUser['ID'])) {
 11 
 if (!$UserSubscriptions = $Cache->get_value('collage_subs_user_'.$LoggedUser['ID'])) {
12 
-  $DB->query('
12 
+  $DB->prepared_query('
13 
     SELECT CollageID
 13 
     SELECT CollageID
14 
     FROM users_collage_subs
 14 
     FROM users_collage_subs
15 
     WHERE UserID = '.db_string($LoggedUser['ID']));
 15 
     WHERE UserID = '.db_string($LoggedUser['ID']));
18 
 }
 18 
 }
19
19
20 
 if (($Key = array_search($CollageID, $UserSubscriptions)) !== false) {
 20 
 if (($Key = array_search($CollageID, $UserSubscriptions)) !== false) {
21 
-  $DB->query('
21 
+  $DB->prepared_query('
22 
     DELETE FROM users_collage_subs
 22 
     DELETE FROM users_collage_subs
23 
     WHERE UserID = '.db_string($LoggedUser['ID'])."
 23 
     WHERE UserID = '.db_string($LoggedUser['ID'])."
24 
       AND CollageID = $CollageID");
 24 
       AND CollageID = $CollageID");
25 
   unset($UserSubscriptions[$Key]);
 25 
   unset($UserSubscriptions[$Key]);
26 
   Collages::decrease_subscriptions($CollageID);
 26 
   Collages::decrease_subscriptions($CollageID);
27 
 } else {
 27 
 } else {
28 
-  $DB->query("
28 
+  $DB->prepared_query("
29 
     INSERT IGNORE INTO users_collage_subs
 29 
     INSERT IGNORE INTO users_collage_subs
30 
       (UserID, CollageID, LastVisit)
 30 
       (UserID, CollageID, LastVisit)
31 
     VALUES
 31 
     VALUES

+ 2
- 2
sections/userhistory/subscribed_collages.php View File

39 
     GROUP BY c.ID";
 39 
     GROUP BY c.ID";
40 
 }
 40 
 }
41
41
42 
-$DB->query($sql);
42 
+$DB->prepared_query($sql);
43 
 $NumResults = $DB->record_count();
 43 
 $NumResults = $DB->record_count();
44 
 $CollageSubs = $DB->to_array();
 44 
 $CollageSubs = $DB->to_array();
45 
 ?>
 45 
 ?>
85 
             $TorrentTable = '';
 85 
             $TorrentTable = '';
86
86
87 
             list($CollageID, $CollageName, $CollageSize, $LastVisit) = $Collage;
 87 
             list($CollageID, $CollageName, $CollageSize, $LastVisit) = $Collage;
88 
-            $RS = $DB->query("
88 
+            $RS = $DB->prepared_query("
89 
       SELECT GroupID
 89 
       SELECT GroupID
90 
       FROM collages_torrents
 90 
       FROM collages_torrents
91 
       WHERE CollageID = $CollageID
 91 
       WHERE CollageID = $CollageID

+ 2
- 2
sections/userhistory/subscriptions.php View File

35 
  * LastReadAvatar
 35 
  * LastReadAvatar
36 
  * LastReadEditedUserID
 36 
  * LastReadEditedUserID
37 
  */
 37 
  */
38 
-$DB->query("
38 
+$DB->prepared_query("
39 
   (SELECT
 39 
   (SELECT
40 
     SQL_CALC_FOUND_ROWS
 40 
     SQL_CALC_FOUND_ROWS
41 
     s.`Page`,
 41 
     s.`Page`,
89 
   LIMIT $Limit");
 89 
   LIMIT $Limit");
90
90
91 
 $Results = $DB->to_array(false, MYSQLI_ASSOC, false);
 91 
 $Results = $DB->to_array(false, MYSQLI_ASSOC, false);
92 
-$DB->query('SELECT FOUND_ROWS()');
92 
+$DB->prepared_query('SELECT FOUND_ROWS()');
93 
 list($NumResults) = $DB->next_record();
 93 
 list($NumResults) = $DB->next_record();
94
94
95 
 $Debug->log_var($Results, 'Results');
 95 
 $Debug->log_var($Results, 'Results');

+ 1
- 1
sections/userhistory/thread_subscribe.php View File

12
12
13 
 $TopicID = (int)$_GET['topicid'];
 13 
 $TopicID = (int)$_GET['topicid'];
14
14
15 
-$DB->query("
15 
+$DB->prepared_query("
16 
   SELECT f.ID
 16 
   SELECT f.ID
17 
   FROM forums_topics AS t
 17 
   FROM forums_topics AS t
18 
     JOIN forums AS f ON f.ID = t.ForumID
 18 
     JOIN forums AS f ON f.ID = t.ForumID

+ 8
- 6
sections/userhistory/token_history.php View File

12
12
13 
 # Validate user ID
 13 
 # Validate user ID
14 
 if (isset($_GET['userid'])) {
 14 
 if (isset($_GET['userid'])) {
15 
-    $UserID = $_GET['userid'];
15 
+    $UserID = (int) $_GET['userid'];
16 
 } else {
 16 
 } else {
17 
-    $UserID = $LoggedUser['ID'];
17 
+    $UserID = (int) $LoggedUser['ID'];
18 
 }
 18 
 }
19
19
20 
 Security::checkInt($UserID);
 20 
 Security::checkInt($UserID);
36 
         error(403);
 36 
         error(403);
37 
     }
 37 
     }
38
38
39 
-    $UserID = $_GET['userid'];
40 
-    $TorrentID = $_GET['torrentid'];
39 
+    $UserID = (int) $_GET['userid'];
40 
+    $TorrentID = (int) $_GET['torrentid'];
41 
     Security::checkInt($UserID, $TorrentID);
 41 
     Security::checkInt($UserID, $TorrentID);
42
42
43 
     $DB->prepare_query("
 43 
     $DB->prepare_query("
101 
 $DB->exec_prepared_query();
 101 
 $DB->exec_prepared_query();
102
102
103 
 $Tokens = $DB->to_array();
 103 
 $Tokens = $DB->to_array();
104 
-$DB->query('SELECT FOUND_ROWS()');
104 
+$DB->prepared_query('SELECT FOUND_ROWS()');
105 
 list($NumResults) = $DB->next_record();
 105 
 list($NumResults) = $DB->next_record();
106 
 $Pages = Format::get_pages($Page, $NumResults, 25);
 106 
 $Pages = Format::get_pages($Page, $NumResults, 25);
107 
 ?>
 107 
 ?>
144 
         $Name = "(<i>Deleted torrent <a href='log.php?search=Torrent+$TorrentID'>$TorrentID</a></i>)";
 144 
         $Name = "(<i>Deleted torrent <a href='log.php?search=Torrent+$TorrentID'>$TorrentID</a></i>)";
145 
     }
 145 
     }
146
146
147 
+    /*
147 
     $ArtistName = Artists::display_artists($Artists[$GroupID]);
 148 
     $ArtistName = Artists::display_artists($Artists[$GroupID]);
148 
     if ($ArtistName) {
 149 
     if ($ArtistName) {
149 
         $Name = $ArtistName.$Name;
 150 
         $Name = $ArtistName.$Name;
150 
-    } ?>
151 
+    }
152 
+    */ ?>
151
153
152 
   <tr class="row">
 154 
   <tr class="row">
153 
     <td>
 155 
     <td>

+ 1
- 0
static/styles/global/scss/skeleton-fixes.scss View File

90 
 /* edit collage */ table.collage_edit,
 90 
 /* edit collage */ table.collage_edit,
91 
 /* forum lists */ table.forum_index,
 91 
 /* forum lists */ table.forum_index,
92 
 /* notif filters */ form[name="notification"],
 92 
 /* notif filters */ form[name="notification"],
93 
+/* service stats */ div.permission_container,
93 
 /* GENERIC */ table.skeleton-fix {
 94 
 /* GENERIC */ table.skeleton-fix {
94 
     td {
 95 
     td {
95 
         border-bottom: 0 !important;
 96 
         border-bottom: 0 !important;

Write Preview
Loading…
Cancel
Save