|
@@ -1,4 +1,4 @@
|
1
|
|
-<?
|
|
1
|
+<?php
|
2
|
2
|
|
3
|
3
|
/**
|
4
|
4
|
* This page handles the backend from when a user submits a report.
|
|
@@ -14,139 +14,131 @@
|
14
|
14
|
|
15
|
15
|
authorize();
|
16
|
16
|
|
17
|
|
-if (!is_number($_POST['torrentid'])) {
|
18
|
|
- error(404);
|
19
|
|
-} else {
|
20
|
|
- $TorrentID = $_POST['torrentid'];
|
21
|
|
-}
|
22
|
|
-
|
23
|
|
-if (!is_number($_POST['categoryid'])) {
|
24
|
|
- error(404);
|
25
|
|
-} else {
|
26
|
|
- $CategoryID = $_POST['categoryid'];
|
27
|
|
-}
|
|
17
|
+$TorrentID = (int) $_POST['torrentid'];
|
|
18
|
+$CategoryID = (int) $_POST['categoryid'];
|
|
19
|
+Security::checkInt($TorrentID, $CategoryID);
|
28
|
20
|
|
29
|
21
|
if (!isset($_POST['type'])) {
|
30
|
|
- error(404);
|
|
22
|
+ error(404);
|
31
|
23
|
} elseif (array_key_exists($_POST['type'], $Types[$CategoryID])) {
|
32
|
|
- $Type = $_POST['type'];
|
33
|
|
- $ReportType = $Types[$CategoryID][$Type];
|
|
24
|
+ $Type = $_POST['type'];
|
|
25
|
+ $ReportType = $Types[$CategoryID][$Type];
|
34
|
26
|
} elseif (array_key_exists($_POST['type'], $Types['master'])) {
|
35
|
|
- $Type = $_POST['type'];
|
36
|
|
- $ReportType = $Types['master'][$Type];
|
|
27
|
+ $Type = $_POST['type'];
|
|
28
|
+ $ReportType = $Types['master'][$Type];
|
37
|
29
|
} else {
|
38
|
|
- //There was a type but it wasn't an option!
|
39
|
|
- error(403);
|
|
30
|
+ // There was a type but it wasn't an option!
|
|
31
|
+ error(403);
|
40
|
32
|
}
|
41
|
33
|
|
42
|
|
-
|
43
|
34
|
foreach ($ReportType['report_fields'] as $Field => $Value) {
|
44
|
|
- if ($Value == '1') {
|
45
|
|
- if (empty($_POST[$Field])) {
|
46
|
|
- $Err = "You are missing a required field ($Field) for a ".$ReportType['title'].' report.';
|
|
35
|
+ if ($Value === '1') {
|
|
36
|
+ if (empty($_POST[$Field])) {
|
|
37
|
+ $Err = "You are missing a required field ($Field) for a ".$ReportType['title'].' report.';
|
|
38
|
+ }
|
47
|
39
|
}
|
48
|
|
- }
|
49
|
40
|
}
|
50
|
41
|
|
51
|
42
|
if (!empty($_POST['sitelink'])) {
|
52
|
|
- if (preg_match_all('/'.TORRENT_REGEX.'/i', $_POST['sitelink'], $Matches)) {
|
53
|
|
- $ExtraIDs = implode(' ', $Matches[4]);
|
54
|
|
- if (in_array($TorrentID, $Matches[4])) {
|
55
|
|
- $Err = "The extra permalinks you gave included the link to the torrent you're reporting!";
|
|
43
|
+ if (preg_match_all('/'.TORRENT_REGEX.'/i', $_POST['sitelink'], $Matches)) {
|
|
44
|
+ $ExtraIDs = implode(' ', $Matches[4]);
|
|
45
|
+
|
|
46
|
+ if (in_array($TorrentID, $Matches[4])) {
|
|
47
|
+ $Err = "The extra permalinks you gave included the link to the torrent you're reporting!";
|
|
48
|
+ }
|
|
49
|
+ } else {
|
|
50
|
+ $Err = 'The permalink was incorrect. It should look like '.site_url().'torrents.php?torrentid=12345';
|
56
|
51
|
}
|
57
|
|
- } else {
|
58
|
|
- $Err = 'The permalink was incorrect. It should look like '.site_url().'torrents.php?torrentid=12345';
|
59
|
|
- }
|
60
|
52
|
}
|
61
|
53
|
|
62
|
54
|
if (!empty($_POST['link'])) {
|
63
|
|
- //resource_type://domain:port/filepathname?query_string#anchor
|
64
|
|
- // http:// www .foo.com /bar
|
65
|
|
- if (preg_match_all('/'.URL_REGEX.'/is', $_POST['link'], $Matches)) {
|
66
|
|
- $Links = implode(' ', $Matches[0]);
|
67
|
|
- } else {
|
68
|
|
- $Err = "The extra links you provided weren't links...";
|
69
|
|
- }
|
|
55
|
+ // resource_type://domain:port/filepathname?query_string#anchor
|
|
56
|
+ if (preg_match_all('/'.URL_REGEX.'/is', $_POST['link'], $Matches)) {
|
|
57
|
+ $Links = implode(' ', $Matches[0]);
|
|
58
|
+ } else {
|
|
59
|
+ $Err = "The extra links you provided weren't links...";
|
|
60
|
+ }
|
70
|
61
|
} else {
|
71
|
|
- $Links = '';
|
|
62
|
+ $Links = '';
|
72
|
63
|
}
|
73
|
64
|
|
74
|
65
|
if (!empty($_POST['image'])) {
|
75
|
|
- if (preg_match("/^(".IMAGE_REGEX.")( ".IMAGE_REGEX.")*$/is", trim($_POST['image']), $Matches)) {
|
76
|
|
- $Images = $Matches[0];
|
77
|
|
- } else {
|
78
|
|
- $Err = "The extra image links you provided weren't links to images...";
|
79
|
|
- }
|
|
66
|
+ if (preg_match("/^(".IMAGE_REGEX.")( ".IMAGE_REGEX.")*$/is", trim($_POST['image']), $Matches)) {
|
|
67
|
+ $Images = $Matches[0];
|
|
68
|
+ } else {
|
|
69
|
+ $Err = "The extra image links you provided weren't links to images...";
|
|
70
|
+ }
|
80
|
71
|
} else {
|
81
|
|
- $Images = '';
|
|
72
|
+ $Images = '';
|
82
|
73
|
}
|
83
|
74
|
|
84
|
75
|
if (!empty($_POST['track'])) {
|
85
|
|
- if (preg_match('/([0-9]+( [0-9]+)*)|All/is', $_POST['track'], $Matches)) {
|
86
|
|
- $Tracks = $Matches[0];
|
87
|
|
- } else {
|
88
|
|
- $Err = 'Tracks should be given in a space-separated list of numbers with no other characters.';
|
89
|
|
- }
|
|
76
|
+ if (preg_match('/([0-9]+( [0-9]+)*)|All/is', $_POST['track'], $Matches)) {
|
|
77
|
+ $Tracks = $Matches[0];
|
|
78
|
+ } else {
|
|
79
|
+ $Err = 'Tracks should be given in a space-separated list of numbers with no other characters.';
|
|
80
|
+ }
|
90
|
81
|
} else {
|
91
|
|
- $Tracks = '';
|
|
82
|
+ $Tracks = '';
|
92
|
83
|
}
|
93
|
84
|
|
94
|
85
|
if (!empty($_POST['extra'])) {
|
95
|
|
- $Extra = db_string($_POST['extra']);
|
|
86
|
+ $Extra = db_string($_POST['extra']);
|
96
|
87
|
} else {
|
97
|
|
- $Err = 'As useful as blank reports are, could you be a tiny bit more helpful? (Leave a comment)';
|
|
88
|
+ $Err = 'As useful as blank reports are, could you be a tiny bit more helpful? (Leave a comment)';
|
98
|
89
|
}
|
99
|
90
|
|
100
|
91
|
$DB->query("
|
101
|
|
- SELECT GroupID
|
102
|
|
- FROM torrents
|
103
|
|
- WHERE ID = $TorrentID");
|
|
92
|
+ SELECT `GroupID`
|
|
93
|
+ FROM `torrents`
|
|
94
|
+ WHERE `ID` = '$TorrentID'
|
|
95
|
+ ");
|
104
|
96
|
if (!$DB->has_results()) {
|
105
|
|
- $Err = "A torrent with that ID doesn't exist!";
|
|
97
|
+ $Err = "A torrent with that ID doesn't exist!";
|
106
|
98
|
}
|
107
|
99
|
list($GroupID) = $DB->next_record();
|
108
|
100
|
|
109
|
101
|
if (!empty($Err)) {
|
110
|
|
- error($Error = $Err, $Debug = false);
|
111
|
|
- include(SERVER_ROOT.'/sections/reportsv2/report.php');
|
112
|
|
- error();
|
|
102
|
+ error($Error = $Err, $Debug = false);
|
|
103
|
+ include(SERVER_ROOT.'/sections/reportsv2/report.php');
|
|
104
|
+ error();
|
113
|
105
|
}
|
114
|
106
|
|
115
|
107
|
$DB->query("
|
116
|
|
- SELECT ID
|
117
|
|
- FROM reportsv2
|
118
|
|
- WHERE TorrentID = $TorrentID
|
119
|
|
- AND ReporterID = ".db_string($LoggedUser['ID'])."
|
120
|
|
- AND ReportedTime > '".time_minus(3)."'");
|
|
108
|
+ SELECT `ID`
|
|
109
|
+ FROM `reportsv2`
|
|
110
|
+ WHERE `TorrentID` = '$TorrentID'
|
|
111
|
+ AND `ReporterID` = ".db_string($LoggedUser['ID'])."
|
|
112
|
+ AND `ReportedTime` > '".time_minus(3)."'");
|
121
|
113
|
if ($DB->has_results()) {
|
122
|
|
- header("Location: torrents.php?torrentid=$TorrentID");
|
123
|
|
- error();
|
|
114
|
+ header("Location: torrents.php?torrentid=$TorrentID");
|
|
115
|
+ error();
|
124
|
116
|
}
|
125
|
117
|
|
126
|
118
|
$DB->query("
|
127
|
|
- INSERT INTO reportsv2
|
128
|
|
- (ReporterID, TorrentID, Type, UserComment, Status, ReportedTime, Track, Image, ExtraID, Link)
|
|
119
|
+ INSERT INTO `reportsv2`
|
|
120
|
+ (`ReporterID`, `TorrentID`, `Type`, `UserComment`, `Status`, `ReportedTime`, `Track`, `Image`, `ExtraID`, `Link`)
|
129
|
121
|
VALUES
|
130
|
122
|
(".db_string($LoggedUser['ID']).", $TorrentID, '".db_string($Type)."', '$Extra', 'New', NOW(), '".db_string($Tracks)."', '".db_string($Images)."', '".db_string($ExtraIDs)."', '".db_string($Links)."')");
|
131
|
123
|
|
132
|
124
|
$ReportID = $DB->inserted_id();
|
133
|
125
|
|
134
|
126
|
$DB->query("
|
135
|
|
- SELECT UserID
|
136
|
|
- FROM torrents
|
137
|
|
- WHERE ID = $TorrentID");
|
|
127
|
+ SELECT `UserID`
|
|
128
|
+ FROM `torrents`
|
|
129
|
+ WHERE `ID` = $TorrentID");
|
138
|
130
|
list($UploaderID) = $DB->next_record();
|
139
|
131
|
$DB->query("
|
140
|
|
- SELECT Name, Title2, NameJP
|
141
|
|
- FROM torrents_group
|
142
|
|
- WHERE ID = $GroupID");
|
|
132
|
+ SELECT `title`, `subject`, `object`
|
|
133
|
+ FROM `torrents_group`
|
|
134
|
+ WHERE `id` = '$GroupID'
|
|
135
|
+ ");
|
143
|
136
|
list($GroupNameEng, $GroupTitle2, $GroupNameJP) = $DB->next_record();
|
144
|
137
|
$GroupName = $GroupNameEng ? $GroupNameEng : ($GroupTitle2 ? $GroupTitle2 : $GroupNameJP);
|
145
|
138
|
|
146
|
139
|
Misc::send_pm($UploaderID, 0, "Torrent Reported: $GroupName", "Your torrent, \"[url=".site_url()."torrents.php?torrentid=$TorrentID]".$GroupName."[/url]\", was reported for the reason \"".$ReportType['title']."\".\n\nThe reporter also said: \"$Extra\"\n\nIf you think this report was in error, please contact staff. Failure to challenge some types of reports in a timely manner will be regarded as a lack of defense and may result in the torrent being deleted.");
|
147
|
140
|
|
148
|
141
|
$Cache->delete_value("reports_torrent_$TorrentID");
|
149
|
|
-
|
150
|
142
|
$Cache->increment('num_torrent_reportsv2');
|
|
143
|
+
|
151
|
144
|
header("Location: torrents.php?torrentid=$TorrentID");
|
152
|
|
-?>
|