Remove the rest of the user history stuff (nothing to expunge)

design/privateheader.php

@@ -609,19 +609,6 @@ if (check_perms('admin_reports')) {
     }
 }
 
-if (check_perms('users_mod')) {
-    $NumDeleteRequests = G::$Cache->get_value('num_deletion_requests');
-    if ($NumDeleteRequests === false) {
-        G::$DB->query("SELECT COUNT(*) FROM deletion_requests");
-        list($NumDeleteRequests) = G::$DB->next_record();
-        G::$Cache->cache_value('num_deletion_requests', $NumDeleteRequests);
-    }
-
-    if ($NumDeleteRequests > 0) {
-        $ModBar[] = '<a href="tools.php?action=expunge_requests">' . $NumDeleteRequests . " Expunge request".($NumDeleteRequests > 1 ? 's' : '')."</a>";
-    }
-}
-
 if (check_perms('users_mod') && FEATURE_EMAIL_REENABLE) {
     $NumEnableRequests = G::$Cache->get_value(AutoEnable::CACHE_KEY_NAME);
     if ($NumEnableRequests === false) {

gazelle.sql

@@ -290,17 +290,6 @@ CREATE TABLE `cover_art` (
 ) ENGINE=InnoDB CHARSET=utf8mb4;
 
 
-CREATE TABLE `deletion_requests` (
-  `UserID` int unsigned NOT NULL,
-  `Value` varchar(255) NOT NULL,
-  `Type` varchar(255) NOT NULL,
-  `Reason` text,
-  `Time` datetime,
-  PRIMARY KEY (`UserID`,`Value`)
-) ENGINE=InnoDB CHARSET=utf8mb4;
-
-
 -- 2020-03-09
 CREATE TABLE `donations` (
   `UserID` int NOT NULL,

sections/reportsv2/takereport.php

@@ -1,4 +1,4 @@
-<?
+<?php
 
 /**
  * This page handles the backend from when a user submits a report.
@@ -14,139 +14,131 @@
 
 authorize();
 
-if (!is_number($_POST['torrentid'])) {
-  error(404);
-} else {
-  $TorrentID = $_POST['torrentid'];
-}
-
-if (!is_number($_POST['categoryid'])) {
-  error(404);
-} else {
-  $CategoryID = $_POST['categoryid'];
-}
+$TorrentID = (int) $_POST['torrentid'];
+$CategoryID = (int) $_POST['categoryid'];
+Security::checkInt($TorrentID, $CategoryID);
 
 if (!isset($_POST['type'])) {
-  error(404);
+    error(404);
 } elseif (array_key_exists($_POST['type'], $Types[$CategoryID])) {
-  $Type = $_POST['type'];
-  $ReportType = $Types[$CategoryID][$Type];
+    $Type = $_POST['type'];
+    $ReportType = $Types[$CategoryID][$Type];
 } elseif (array_key_exists($_POST['type'], $Types['master'])) {
-  $Type = $_POST['type'];
-  $ReportType = $Types['master'][$Type];
+    $Type = $_POST['type'];
+    $ReportType = $Types['master'][$Type];
 } else {
-  //There was a type but it wasn't an option!
-  error(403);
+    // There was a type but it wasn't an option!
+    error(403);
 }
 
-
 foreach ($ReportType['report_fields'] as $Field => $Value) {
-  if ($Value == '1') {
-    if (empty($_POST[$Field])) {
-      $Err = "You are missing a required field ($Field) for a ".$ReportType['title'].' report.';
+    if ($Value === '1') {
+        if (empty($_POST[$Field])) {
+            $Err = "You are missing a required field ($Field) for a ".$ReportType['title'].' report.';
+        }
     }
-  }
 }
 
 if (!empty($_POST['sitelink'])) {
-  if (preg_match_all('/'.TORRENT_REGEX.'/i', $_POST['sitelink'], $Matches)) {
-    $ExtraIDs = implode(' ', $Matches[4]);
-    if (in_array($TorrentID, $Matches[4])) {
-      $Err = "The extra permalinks you gave included the link to the torrent you're reporting!";
+    if (preg_match_all('/'.TORRENT_REGEX.'/i', $_POST['sitelink'], $Matches)) {
+        $ExtraIDs = implode(' ', $Matches[4]);
+
+        if (in_array($TorrentID, $Matches[4])) {
+            $Err = "The extra permalinks you gave included the link to the torrent you're reporting!";
+        }
+    } else {
+        $Err = 'The permalink was incorrect. It should look like '.site_url().'torrents.php?torrentid=12345';
     }
-  } else {
-    $Err = 'The permalink was incorrect. It should look like '.site_url().'torrents.php?torrentid=12345';
-  }
 }
 
 if (!empty($_POST['link'])) {
-  //resource_type://domain:port/filepathname?query_string#anchor
-  //          http://   www     .foo.com                /bar
-  if (preg_match_all('/'.URL_REGEX.'/is', $_POST['link'], $Matches)) {
-    $Links = implode(' ', $Matches[0]);
-  } else {
-    $Err = "The extra links you provided weren't links...";
-  }
+    // resource_type://domain:port/filepathname?query_string#anchor
+    if (preg_match_all('/'.URL_REGEX.'/is', $_POST['link'], $Matches)) {
+        $Links = implode(' ', $Matches[0]);
+    } else {
+        $Err = "The extra links you provided weren't links...";
+    }
 } else {
-  $Links = '';
+    $Links = '';
 }
 
 if (!empty($_POST['image'])) {
-  if (preg_match("/^(".IMAGE_REGEX.")( ".IMAGE_REGEX.")*$/is", trim($_POST['image']), $Matches)) {
-    $Images = $Matches[0];
-  } else {
-    $Err = "The extra image links you provided weren't links to images...";
-  }
+    if (preg_match("/^(".IMAGE_REGEX.")( ".IMAGE_REGEX.")*$/is", trim($_POST['image']), $Matches)) {
+        $Images = $Matches[0];
+    } else {
+        $Err = "The extra image links you provided weren't links to images...";
+    }
 } else {
-  $Images = '';
+    $Images = '';
 }
 
 if (!empty($_POST['track'])) {
-  if (preg_match('/([0-9]+( [0-9]+)*)|All/is', $_POST['track'], $Matches)) {
-    $Tracks = $Matches[0];
-  } else {
-    $Err = 'Tracks should be given in a space-separated list of numbers with no other characters.';
-  }
+    if (preg_match('/([0-9]+( [0-9]+)*)|All/is', $_POST['track'], $Matches)) {
+        $Tracks = $Matches[0];
+    } else {
+        $Err = 'Tracks should be given in a space-separated list of numbers with no other characters.';
+    }
 } else {
-  $Tracks = '';
+    $Tracks = '';
 }
 
 if (!empty($_POST['extra'])) {
-  $Extra = db_string($_POST['extra']);
+    $Extra = db_string($_POST['extra']);
 } else {
-  $Err = 'As useful as blank reports are, could you be a tiny bit more helpful? (Leave a comment)';
+    $Err = 'As useful as blank reports are, could you be a tiny bit more helpful? (Leave a comment)';
 }
 
 $DB->query("
-  SELECT GroupID
-  FROM torrents
-  WHERE ID = $TorrentID");
+  SELECT `GroupID`
+  FROM `torrents`
+  WHERE `ID` = '$TorrentID'
+  ");
 if (!$DB->has_results()) {
-  $Err = "A torrent with that ID doesn't exist!";
+    $Err = "A torrent with that ID doesn't exist!";
 }
 list($GroupID) = $DB->next_record();
 
 if (!empty($Err)) {
-  error($Error = $Err, $Debug = false);
-  include(SERVER_ROOT.'/sections/reportsv2/report.php');
-  error();
+    error($Error = $Err, $Debug = false);
+    include(SERVER_ROOT.'/sections/reportsv2/report.php');
+    error();
 }
 
 $DB->query("
-  SELECT ID
-  FROM reportsv2
-  WHERE TorrentID = $TorrentID
-    AND ReporterID = ".db_string($LoggedUser['ID'])."
-    AND ReportedTime > '".time_minus(3)."'");
+  SELECT `ID`
+  FROM `reportsv2`
+  WHERE `TorrentID` = '$TorrentID'
+    AND `ReporterID` = ".db_string($LoggedUser['ID'])."
+    AND `ReportedTime` > '".time_minus(3)."'");
 if ($DB->has_results()) {
-  header("Location: torrents.php?torrentid=$TorrentID");
-  error();
+    header("Location: torrents.php?torrentid=$TorrentID");
+    error();
 }
 
 $DB->query("
-  INSERT INTO reportsv2
-    (ReporterID, TorrentID, Type, UserComment, Status, ReportedTime, Track, Image, ExtraID, Link)
+  INSERT INTO `reportsv2`
+    (`ReporterID`, `TorrentID`, `Type`, `UserComment`, `Status`, `ReportedTime`, `Track`, `Image`, `ExtraID`, `Link`)
   VALUES
     (".db_string($LoggedUser['ID']).", $TorrentID, '".db_string($Type)."', '$Extra', 'New', NOW(), '".db_string($Tracks)."', '".db_string($Images)."', '".db_string($ExtraIDs)."', '".db_string($Links)."')");
 
 $ReportID = $DB->inserted_id();
 
 $DB->query("
-  SELECT UserID
-  FROM torrents
-  WHERE ID = $TorrentID");
+  SELECT `UserID`
+  FROM `torrents`
+  WHERE `ID` = $TorrentID");
 list($UploaderID) = $DB->next_record();
 $DB->query("
-  SELECT Name, Title2, NameJP
-  FROM torrents_group
-  WHERE ID = $GroupID");
+  SELECT `title`, `subject`, `object`
+  FROM `torrents_group`
+  WHERE `id` = '$GroupID'
+  ");
 list($GroupNameEng, $GroupTitle2, $GroupNameJP) = $DB->next_record();
 $GroupName = $GroupNameEng ? $GroupNameEng : ($GroupTitle2 ? $GroupTitle2 : $GroupNameJP);
 
 Misc::send_pm($UploaderID, 0, "Torrent Reported: $GroupName", "Your torrent, \"[url=".site_url()."torrents.php?torrentid=$TorrentID]".$GroupName."[/url]\", was reported for the reason \"".$ReportType['title']."\".\n\nThe reporter also said: \"$Extra\"\n\nIf you think this report was in error, please contact staff. Failure to challenge some types of reports in a timely manner will be regarded as a lack of defense and may result in the torrent being deleted.");
 
 $Cache->delete_value("reports_torrent_$TorrentID");
-
 $Cache->increment('num_torrent_reportsv2');
+
 header("Location: torrents.php?torrentid=$TorrentID");
-?>

sections/tools/finances/donation_log.php

@@ -58,20 +58,20 @@ if ($DateSearch) {
 $SQL .= "
   ORDER BY d.Time DESC
   LIMIT $Limit";
-$DB->query($SQL);
+$DB->prepared_query($SQL);
 $Donations = $DB->to_array();
 
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($Results) = $DB->next_record();
 
-$DB->query("SELECT SUM(Amount) FROM donations");
+$DB->prepared_query("SELECT SUM(Amount) FROM donations");
 list($Total) = $DB->next_record();
 
 /*
 if (empty($_GET['email']) && empty($_GET['username']) && empty($_GET['source']) && !isset($_GET['page']) && !$DonationTimeline = $Cache->get_value('donation_timeline')) {
     include(SERVER_ROOT.'/classes/charts.class.php');
 
-    $DB->query("
+    $DB->prepared_query("
     SELECT DATE_FORMAT(Time,'%b \'%y') AS Month, SUM(Amount)
     FROM donations
     GROUP BY Month

sections/tools/finances/donor_rewards.php

@@ -14,7 +14,7 @@ if ($_GET['username']) {
 
 $Title = "Donor Rewards";
 
-$DB->query("
+$DB->prepared_query("
   SELECT
     SQL_CALC_FOUND_ROWS
     u.Username,
@@ -35,7 +35,7 @@ $DB->query("
   LIMIT $Limit");
 
 $Users = $DB->to_array();
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($Results) = $DB->next_record();
 $Pages = Format::get_pages($Page, $Results, USERS_PER_PAGE, 9);
 

sections/tools/index.php

@@ -80,10 +80,6 @@ switch ($_REQUEST['action']) {
     include SERVER_ROOT.'/sections/tools/managers/enable_requests.php';
     break;
 
-  case 'expunge_requests':
-    include SERVER_ROOT.'/sections/tools/managers/expunge_requests.php';
-    break;
-
   case 'ajax_take_enable_request':
     if (FEATURE_EMAIL_REENABLE) {
         include SERVER_ROOT.'/sections/tools/managers/ajax_take_enable_request.php';

sections/tools/managers/bans.php

@@ -11,8 +11,8 @@ if (isset($_POST['submit'])) {
     authorize();
 
     $IPA = substr($_POST['start'], 0, strcspn($_POST['start'], '.'));
-    if ($_POST['submit'] == 'Delete') { //Delete
-        if (!is_number($_POST['id']) || $_POST['id'] == '') {
+    if ($_POST['submit'] === 'Delete') { //Delete
+        if (!is_number($_POST['id']) || $_POST['id'] === '') {
             error(0);
         }
         $DB->query('DELETE FROM ip_bans WHERE ID='.$_POST['id']);
@@ -30,7 +30,7 @@ if (isset($_POST['submit'])) {
         $Start = Tools::ip_to_unsigned($_POST['start']); //Sanitized by Validation regex
     $End = Tools::ip_to_unsigned($_POST['end']); //See above
 
-    if ($_POST['submit'] == 'Edit') { //Edit
+    if ($_POST['submit'] === 'Edit') { //Edit
         if (empty($_POST['id']) || !is_number($_POST['id'])) {
             error(404);
         }

sections/tools/managers/email_blacklist.php

@@ -20,7 +20,7 @@ if (!empty($_POST['comment'])) {
   }
   $Where .= " Comment LIKE '%$Comment%'";
 }
-$DB->query("
+$DB->prepared_query("
   SELECT
     SQL_CALC_FOUND_ROWS
     ID,
@@ -33,7 +33,7 @@ $DB->query("
   ORDER BY Time DESC
   LIMIT $Limit");
 $Results = $DB->to_array(false, MYSQLI_ASSOC, false);
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list ($NumResults) = $DB->next_record();
 ?>
 <div class="header">

sections/tools/managers/email_blacklist_alter.php

@@ -9,7 +9,7 @@ if ($_POST['submit'] === 'Delete') { // Delete
   if (!is_number($_POST['id']) || $_POST['id'] === '') {
     error(0);
   }
-  $DB->query("
+  $DB->prepared_query("
     DELETE FROM email_blacklist
     WHERE ID = $_POST[id]");
 } else { // Edit & Create, Shared Validation
@@ -27,7 +27,7 @@ if ($_POST['submit'] === 'Delete') { // Delete
     if (!is_number($_POST['id']) || $_POST['id'] === '') {
       error(0);
     }
-    $DB->query("
+    $DB->prepared_query("
       UPDATE email_blacklist
       SET
         Email = '$P[email]',
@@ -36,7 +36,7 @@ if ($_POST['submit'] === 'Delete') { // Delete
         Time = NOW()
       WHERE ID = '$P[id]'");
   } else { // Create
-    $DB->query("
+    $DB->prepared_query("
       INSERT INTO email_blacklist (Email, Comment, UserID, Time)
       VALUES ('$P[email]', '$P[comment]', '$LoggedUser[ID]', NOW())");
   }

sections/tools/managers/email_blacklist_search.php

@@ -10,7 +10,7 @@ else {
   $JSON['status'] = 'success';
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT
     ID,
     UserID,

sections/tools/managers/expunge_requests.php

@@ -1,108 +0,0 @@
-<?php
-#declare(strict_types=1);
-
-if (!check_perms('users_mod')) {
-  error(403);
-}
-
-$QueryID = $DB->query("
-  SELECT SQL_CALC_FOUND_ROWS *
-  FROM deletion_requests");
-
-$DB->query("SELECT FOUND_ROWS()");
-list($NumResults) = $DB->next_record();
-$DB->set_query_id($QueryID);
-
-$Requests = $DB->to_array();
-
-if (isset($_GET['deny']) && isset($_GET['type']) && isset($_GET['value'])) {
-  authorize();
-
-  $Deny = ($_GET['deny'] == 'true');
-  $Type = $_GET['type'] == 'email' ? 'Email' : ($_GET['type'] == 'ip' ? 'IP' : '');
-  $Value = db_string($_GET['value']);
-
-  $DB->query("
-    DELETE FROM deletion_requests
-    WHERE Value = '$Value'");
-
-  $DB->query("
-    SELECT UserID
-    FROM users_history_".strtolower($Type)."s
-    WHERE $Type = '$Value'");
-  if ($DB->has_results()) {
-    list($UserID) = $DB->next_record();
-    if ($UserID != $_GET['userid']) {
-      $Err = "The specified UserID is incorrect.";
-    }
-  } else {
-    $Err = "That $Type doesn't exist.";
-  }
-
-  if (empty($Err)) {
-    if (!$Deny) {
-      $DB->query("
-        SELECT $Type
-        FROM users_history_".strtolower($Type)."s
-        WHERE UserID = '$UserID'");
-      $ToDelete = [];
-      while (list($EncValue) = $DB->next_record()) {
-        if (Crypto::decrypt($Value) == Crypto::decrypt($EncValue)) {
-          $ToDelete[] = $EncValue;
-        }
-      }
-      forEach ($ToDelete as $DelValue) {
-        $DB->query("
-          DELETE FROM users_history_".strtolower($Type)."s
-          WHERE UserID = $UserID
-            AND $Type = '$DelValue'");
-      }
-      $Succ = "$Type deleted.";
-      Misc::send_pm($UserID, 0, "$Type Deletion Request Accepted.", "Your deletion request has been accepted. What $Type? I don't know! We don't have it anymore!");
-    } else {
-      $Succ = "Request denied.";
-      Misc::send_pm($UserID, 0, "$Type Deletion Request Denied.", "Your deletion request has been denied.\n\nIf you wish to discuss this matter further, please create a staff PM, or join ".HELP_CHAN." on IRC to speak with a staff member.");
-    }
-  }
-
-  $Cache->delete_value('num_deletion_requests');
-}
-
-View::show_header("Expunge Requests");
-
-?>
-
-<div class="header">
-  <h2>Expunge Requests</h2>
-</div>
-
-<? if (isset($Err)) { ?>
-<span>Error: <?=$Err?></span>
-<? } elseif (isset($Succ)) { ?>
-<span>Success: <?=$Succ?></span>
-<? } ?>
-
-<div>
-  <table width="100%">
-    <tr class="colhead">
-      <td>User</td>
-      <td>Type</td>
-      <td>Value</td>
-      <td>Reason</td>
-      <td>Accept</td>
-      <td>Deny</td>
-    </tr>
-<? foreach ($Requests as $Request) { ?>
-    <tr>
-      <td><?=Users::format_username($Request['UserID'])?></td>
-      <td><?=$Request['Type']?></td>
-      <td><?=Crypto::decrypt($Request['Value'])?></td>
-      <td><?=display_str($Request['Reason'])?></td>
-      <td><a href="tools.php?action=expunge_requests&auth=<?=$LoggedUser['AuthKey']?>&type=<?=strtolower($Request['Type'])?>&value=<?=urlencode($Request['Value'])?>&userid=<?=$Request['UserID']?>&deny=false" class="brackets">Accept</a></td>
-      <td><a href="tools.php?action=expunge_requests&auth=<?=$LoggedUser['AuthKey']?>&type=<?=strtolower($Request['Type'])?>&value=<?=urlencode($Request['Value'])?>&userid=<?=$Request['UserID']?>&deny=true" class="brackets">Deny</a></td>
-    </tr>
-<? } ?>
-  </table>
-</div>
-
-<? View::show_footer(); ?>