Browse Source

Remove the rest of the user history stuff (nothing to expunge)

biotorrents 4 years ago
parent
commit
b2ff1c1d5e

+ 0
- 13
design/privateheader.php View File

@@ -609,19 +609,6 @@ if (check_perms('admin_reports')) {
609 609
     }
610 610
 }
611 611
 
612
-if (check_perms('users_mod')) {
613
-    $NumDeleteRequests = G::$Cache->get_value('num_deletion_requests');
614
-    if ($NumDeleteRequests === false) {
615
-        G::$DB->query("SELECT COUNT(*) FROM deletion_requests");
616
-        list($NumDeleteRequests) = G::$DB->next_record();
617
-        G::$Cache->cache_value('num_deletion_requests', $NumDeleteRequests);
618
-    }
619
-
620
-    if ($NumDeleteRequests > 0) {
621
-        $ModBar[] = '<a href="tools.php?action=expunge_requests">' . $NumDeleteRequests . " Expunge request".($NumDeleteRequests > 1 ? 's' : '')."</a>";
622
-    }
623
-}
624
-
625 612
 if (check_perms('users_mod') && FEATURE_EMAIL_REENABLE) {
626 613
     $NumEnableRequests = G::$Cache->get_value(AutoEnable::CACHE_KEY_NAME);
627 614
     if ($NumEnableRequests === false) {

+ 0
- 10
gazelle.sql View File

@@ -290,17 +290,6 @@ CREATE TABLE `cover_art` (
290 290
 ) ENGINE=InnoDB CHARSET=utf8mb4;
291 291
 
292 292
 
293
-CREATE TABLE `deletion_requests` (
294
-  `UserID` int unsigned NOT NULL,
295
-  `Value` varchar(255) NOT NULL,
296
-  `Type` varchar(255) NOT NULL,
297
-  `Reason` text,
298
-  `Time` datetime,
299
-  PRIMARY KEY (`UserID`,`Value`)
300
-) ENGINE=InnoDB CHARSET=utf8mb4;
301
-
302
-
303 293
 -- 2020-03-09
304 294
 CREATE TABLE `donations` (
305 295
   `UserID` int NOT NULL,

+ 69
- 77
sections/reportsv2/takereport.php View File

@@ -1,4 +1,4 @@
1
-<?
1
+<?php
2 2
 
3 3
 /**
4 4
  * This page handles the backend from when a user submits a report.
@@ -14,139 +14,131 @@
14 14
 
15 15
 authorize();
16 16
 
17
-if (!is_number($_POST['torrentid'])) {
18
-  error(404);
19
-} else {
20
-  $TorrentID = $_POST['torrentid'];
21
-}
22
-
23
-if (!is_number($_POST['categoryid'])) {
24
-  error(404);
25
-} else {
26
-  $CategoryID = $_POST['categoryid'];
27
-}
17
+$TorrentID = (int) $_POST['torrentid'];
18
+$CategoryID = (int) $_POST['categoryid'];
19
+Security::checkInt($TorrentID, $CategoryID);
28 20
 
29 21
 if (!isset($_POST['type'])) {
30
-  error(404);
22
+    error(404);
31 23
 } elseif (array_key_exists($_POST['type'], $Types[$CategoryID])) {
32
-  $Type = $_POST['type'];
33
-  $ReportType = $Types[$CategoryID][$Type];
24
+    $Type = $_POST['type'];
25
+    $ReportType = $Types[$CategoryID][$Type];
34 26
 } elseif (array_key_exists($_POST['type'], $Types['master'])) {
35
-  $Type = $_POST['type'];
36
-  $ReportType = $Types['master'][$Type];
27
+    $Type = $_POST['type'];
28
+    $ReportType = $Types['master'][$Type];
37 29
 } else {
38
-  //There was a type but it wasn't an option!
39
-  error(403);
30
+    // There was a type but it wasn't an option!
31
+    error(403);
40 32
 }
41 33
 
42
-
43 34
 foreach ($ReportType['report_fields'] as $Field => $Value) {
44
-  if ($Value == '1') {
45
-    if (empty($_POST[$Field])) {
46
-      $Err = "You are missing a required field ($Field) for a ".$ReportType['title'].' report.';
35
+    if ($Value === '1') {
36
+        if (empty($_POST[$Field])) {
37
+            $Err = "You are missing a required field ($Field) for a ".$ReportType['title'].' report.';
38
+        }
47 39
     }
48
-  }
49 40
 }
50 41
 
51 42
 if (!empty($_POST['sitelink'])) {
52
-  if (preg_match_all('/'.TORRENT_REGEX.'/i', $_POST['sitelink'], $Matches)) {
53
-    $ExtraIDs = implode(' ', $Matches[4]);
54
-    if (in_array($TorrentID, $Matches[4])) {
55
-      $Err = "The extra permalinks you gave included the link to the torrent you're reporting!";
43
+    if (preg_match_all('/'.TORRENT_REGEX.'/i', $_POST['sitelink'], $Matches)) {
44
+        $ExtraIDs = implode(' ', $Matches[4]);
45
+
46
+        if (in_array($TorrentID, $Matches[4])) {
47
+            $Err = "The extra permalinks you gave included the link to the torrent you're reporting!";
48
+        }
49
+    } else {
50
+        $Err = 'The permalink was incorrect. It should look like '.site_url().'torrents.php?torrentid=12345';
56 51
     }
57
-  } else {
58
-    $Err = 'The permalink was incorrect. It should look like '.site_url().'torrents.php?torrentid=12345';
59
-  }
60 52
 }
61 53
 
62 54
 if (!empty($_POST['link'])) {
63
-  //resource_type://domain:port/filepathname?query_string#anchor
64
-  //          http://   www     .foo.com                /bar
65
-  if (preg_match_all('/'.URL_REGEX.'/is', $_POST['link'], $Matches)) {
66
-    $Links = implode(' ', $Matches[0]);
67
-  } else {
68
-    $Err = "The extra links you provided weren't links...";
69
-  }
55
+    // resource_type://domain:port/filepathname?query_string#anchor
56
+    if (preg_match_all('/'.URL_REGEX.'/is', $_POST['link'], $Matches)) {
57
+        $Links = implode(' ', $Matches[0]);
58
+    } else {
59
+        $Err = "The extra links you provided weren't links...";
60
+    }
70 61
 } else {
71
-  $Links = '';
62
+    $Links = '';
72 63
 }
73 64
 
74 65
 if (!empty($_POST['image'])) {
75
-  if (preg_match("/^(".IMAGE_REGEX.")( ".IMAGE_REGEX.")*$/is", trim($_POST['image']), $Matches)) {
76
-    $Images = $Matches[0];
77
-  } else {
78
-    $Err = "The extra image links you provided weren't links to images...";
79
-  }
66
+    if (preg_match("/^(".IMAGE_REGEX.")( ".IMAGE_REGEX.")*$/is", trim($_POST['image']), $Matches)) {
67
+        $Images = $Matches[0];
68
+    } else {
69
+        $Err = "The extra image links you provided weren't links to images...";
70
+    }
80 71
 } else {
81
-  $Images = '';
72
+    $Images = '';
82 73
 }
83 74
 
84 75
 if (!empty($_POST['track'])) {
85
-  if (preg_match('/([0-9]+( [0-9]+)*)|All/is', $_POST['track'], $Matches)) {
86
-    $Tracks = $Matches[0];
87
-  } else {
88
-    $Err = 'Tracks should be given in a space-separated list of numbers with no other characters.';
89
-  }
76
+    if (preg_match('/([0-9]+( [0-9]+)*)|All/is', $_POST['track'], $Matches)) {
77
+        $Tracks = $Matches[0];
78
+    } else {
79
+        $Err = 'Tracks should be given in a space-separated list of numbers with no other characters.';
80
+    }
90 81
 } else {
91
-  $Tracks = '';
82
+    $Tracks = '';
92 83
 }
93 84
 
94 85
 if (!empty($_POST['extra'])) {
95
-  $Extra = db_string($_POST['extra']);
86
+    $Extra = db_string($_POST['extra']);
96 87
 } else {
97
-  $Err = 'As useful as blank reports are, could you be a tiny bit more helpful? (Leave a comment)';
88
+    $Err = 'As useful as blank reports are, could you be a tiny bit more helpful? (Leave a comment)';
98 89
 }
99 90
 
100 91
 $DB->query("
101
-  SELECT GroupID
102
-  FROM torrents
103
-  WHERE ID = $TorrentID");
92
+  SELECT `GroupID`
93
+  FROM `torrents`
94
+  WHERE `ID` = '$TorrentID'
95
+  ");
104 96
 if (!$DB->has_results()) {
105
-  $Err = "A torrent with that ID doesn't exist!";
97
+    $Err = "A torrent with that ID doesn't exist!";
106 98
 }
107 99
 list($GroupID) = $DB->next_record();
108 100
 
109 101
 if (!empty($Err)) {
110
-  error($Error = $Err, $Debug = false);
111
-  include(SERVER_ROOT.'/sections/reportsv2/report.php');
112
-  error();
102
+    error($Error = $Err, $Debug = false);
103
+    include(SERVER_ROOT.'/sections/reportsv2/report.php');
104
+    error();
113 105
 }
114 106
 
115 107
 $DB->query("
116
-  SELECT ID
117
-  FROM reportsv2
118
-  WHERE TorrentID = $TorrentID
119
-    AND ReporterID = ".db_string($LoggedUser['ID'])."
120
-    AND ReportedTime > '".time_minus(3)."'");
108
+  SELECT `ID`
109
+  FROM `reportsv2`
110
+  WHERE `TorrentID` = '$TorrentID'
111
+    AND `ReporterID` = ".db_string($LoggedUser['ID'])."
112
+    AND `ReportedTime` > '".time_minus(3)."'");
121 113
 if ($DB->has_results()) {
122
-  header("Location: torrents.php?torrentid=$TorrentID");
123
-  error();
114
+    header("Location: torrents.php?torrentid=$TorrentID");
115
+    error();
124 116
 }
125 117
 
126 118
 $DB->query("
127
-  INSERT INTO reportsv2
128
-    (ReporterID, TorrentID, Type, UserComment, Status, ReportedTime, Track, Image, ExtraID, Link)
119
+  INSERT INTO `reportsv2`
120
+    (`ReporterID`, `TorrentID`, `Type`, `UserComment`, `Status`, `ReportedTime`, `Track`, `Image`, `ExtraID`, `Link`)
129 121
   VALUES
130 122
     (".db_string($LoggedUser['ID']).", $TorrentID, '".db_string($Type)."', '$Extra', 'New', NOW(), '".db_string($Tracks)."', '".db_string($Images)."', '".db_string($ExtraIDs)."', '".db_string($Links)."')");
131 123
 
132 124
 $ReportID = $DB->inserted_id();
133 125
 
134 126
 $DB->query("
135
-  SELECT UserID
136
-  FROM torrents
137
-  WHERE ID = $TorrentID");
127
+  SELECT `UserID`
128
+  FROM `torrents`
129
+  WHERE `ID` = $TorrentID");
138 130
 list($UploaderID) = $DB->next_record();
139 131
 $DB->query("
140
-  SELECT Name, Title2, NameJP
141
-  FROM torrents_group
142
-  WHERE ID = $GroupID");
132
+  SELECT `title`, `subject`, `object`
133
+  FROM `torrents_group`
134
+  WHERE `id` = '$GroupID'
135
+  ");
143 136
 list($GroupNameEng, $GroupTitle2, $GroupNameJP) = $DB->next_record();
144 137
 $GroupName = $GroupNameEng ? $GroupNameEng : ($GroupTitle2 ? $GroupTitle2 : $GroupNameJP);
145 138
 
146 139
 Misc::send_pm($UploaderID, 0, "Torrent Reported: $GroupName", "Your torrent, \"[url=".site_url()."torrents.php?torrentid=$TorrentID]".$GroupName."[/url]\", was reported for the reason \"".$ReportType['title']."\".\n\nThe reporter also said: \"$Extra\"\n\nIf you think this report was in error, please contact staff. Failure to challenge some types of reports in a timely manner will be regarded as a lack of defense and may result in the torrent being deleted.");
147 140
 
148 141
 $Cache->delete_value("reports_torrent_$TorrentID");
149
-
150 142
 $Cache->increment('num_torrent_reportsv2');
143
+
151 144
 header("Location: torrents.php?torrentid=$TorrentID");
152
-?>

+ 4
- 4
sections/tools/finances/donation_log.php View File

@@ -58,20 +58,20 @@ if ($DateSearch) {
58 58
 $SQL .= "
59 59
   ORDER BY d.Time DESC
60 60
   LIMIT $Limit";
61
-$DB->query($SQL);
61
+$DB->prepared_query($SQL);
62 62
 $Donations = $DB->to_array();
63 63
 
64
-$DB->query('SELECT FOUND_ROWS()');
64
+$DB->prepared_query('SELECT FOUND_ROWS()');
65 65
 list($Results) = $DB->next_record();
66 66
 
67
-$DB->query("SELECT SUM(Amount) FROM donations");
67
+$DB->prepared_query("SELECT SUM(Amount) FROM donations");
68 68
 list($Total) = $DB->next_record();
69 69
 
70 70
 /*
71 71
 if (empty($_GET['email']) && empty($_GET['username']) && empty($_GET['source']) && !isset($_GET['page']) && !$DonationTimeline = $Cache->get_value('donation_timeline')) {
72 72
     include(SERVER_ROOT.'/classes/charts.class.php');
73 73
 
74
-    $DB->query("
74
+    $DB->prepared_query("
75 75
     SELECT DATE_FORMAT(Time,'%b \'%y') AS Month, SUM(Amount)
76 76
     FROM donations
77 77
     GROUP BY Month

+ 2
- 2
sections/tools/finances/donor_rewards.php View File

@@ -14,7 +14,7 @@ if ($_GET['username']) {
14 14
 
15 15
 $Title = "Donor Rewards";
16 16
 
17
-$DB->query("
17
+$DB->prepared_query("
18 18
   SELECT
19 19
     SQL_CALC_FOUND_ROWS
20 20
     u.Username,
@@ -35,7 +35,7 @@ $DB->query("
35 35
   LIMIT $Limit");
36 36
 
37 37
 $Users = $DB->to_array();
38
-$DB->query('SELECT FOUND_ROWS()');
38
+$DB->prepared_query('SELECT FOUND_ROWS()');
39 39
 list($Results) = $DB->next_record();
40 40
 $Pages = Format::get_pages($Page, $Results, USERS_PER_PAGE, 9);
41 41
 

+ 0
- 4
sections/tools/index.php View File

@@ -80,10 +80,6 @@ switch ($_REQUEST['action']) {
80 80
     include SERVER_ROOT.'/sections/tools/managers/enable_requests.php';
81 81
     break;
82 82
 
83
-  case 'expunge_requests':
84
-    include SERVER_ROOT.'/sections/tools/managers/expunge_requests.php';
85
-    break;
86
-
87 83
   case 'ajax_take_enable_request':
88 84
     if (FEATURE_EMAIL_REENABLE) {
89 85
         include SERVER_ROOT.'/sections/tools/managers/ajax_take_enable_request.php';

+ 3
- 3
sections/tools/managers/bans.php View File

@@ -11,8 +11,8 @@ if (isset($_POST['submit'])) {
11 11
     authorize();
12 12
 
13 13
     $IPA = substr($_POST['start'], 0, strcspn($_POST['start'], '.'));
14
-    if ($_POST['submit'] == 'Delete') { //Delete
15
-        if (!is_number($_POST['id']) || $_POST['id'] == '') {
14
+    if ($_POST['submit'] === 'Delete') { //Delete
15
+        if (!is_number($_POST['id']) || $_POST['id'] === '') {
16 16
             error(0);
17 17
         }
18 18
         $DB->query('DELETE FROM ip_bans WHERE ID='.$_POST['id']);
@@ -30,7 +30,7 @@ if (isset($_POST['submit'])) {
30 30
         $Start = Tools::ip_to_unsigned($_POST['start']); //Sanitized by Validation regex
31 31
     $End = Tools::ip_to_unsigned($_POST['end']); //See above
32 32
 
33
-    if ($_POST['submit'] == 'Edit') { //Edit
33
+    if ($_POST['submit'] === 'Edit') { //Edit
34 34
         if (empty($_POST['id']) || !is_number($_POST['id'])) {
35 35
             error(404);
36 36
         }

+ 2
- 2
sections/tools/managers/email_blacklist.php View File

@@ -20,7 +20,7 @@ if (!empty($_POST['comment'])) {
20 20
   }
21 21
   $Where .= " Comment LIKE '%$Comment%'";
22 22
 }
23
-$DB->query("
23
+$DB->prepared_query("
24 24
   SELECT
25 25
     SQL_CALC_FOUND_ROWS
26 26
     ID,
@@ -33,7 +33,7 @@ $DB->query("
33 33
   ORDER BY Time DESC
34 34
   LIMIT $Limit");
35 35
 $Results = $DB->to_array(false, MYSQLI_ASSOC, false);
36
-$DB->query('SELECT FOUND_ROWS()');
36
+$DB->prepared_query('SELECT FOUND_ROWS()');
37 37
 list ($NumResults) = $DB->next_record();
38 38
 ?>
39 39
 <div class="header">

+ 3
- 3
sections/tools/managers/email_blacklist_alter.php View File

@@ -9,7 +9,7 @@ if ($_POST['submit'] === 'Delete') { // Delete
9 9
   if (!is_number($_POST['id']) || $_POST['id'] === '') {
10 10
     error(0);
11 11
   }
12
-  $DB->query("
12
+  $DB->prepared_query("
13 13
     DELETE FROM email_blacklist
14 14
     WHERE ID = $_POST[id]");
15 15
 } else { // Edit & Create, Shared Validation
@@ -27,7 +27,7 @@ if ($_POST['submit'] === 'Delete') { // Delete
27 27
     if (!is_number($_POST['id']) || $_POST['id'] === '') {
28 28
       error(0);
29 29
     }
30
-    $DB->query("
30
+    $DB->prepared_query("
31 31
       UPDATE email_blacklist
32 32
       SET
33 33
         Email = '$P[email]',
@@ -36,7 +36,7 @@ if ($_POST['submit'] === 'Delete') { // Delete
36 36
         Time = NOW()
37 37
       WHERE ID = '$P[id]'");
38 38
   } else { // Create
39
-    $DB->query("
39
+    $DB->prepared_query("
40 40
       INSERT INTO email_blacklist (Email, Comment, UserID, Time)
41 41
       VALUES ('$P[email]', '$P[comment]', '$LoggedUser[ID]', NOW())");
42 42
   }

+ 1
- 1
sections/tools/managers/email_blacklist_search.php View File

@@ -10,7 +10,7 @@ else {
10 10
   $JSON['status'] = 'success';
11 11
 }
12 12
 
13
-$DB->query("
13
+$DB->prepared_query("
14 14
   SELECT
15 15
     ID,
16 16
     UserID,

+ 0
- 108
sections/tools/managers/expunge_requests.php View File

@@ -1,108 +0,0 @@
1
-<?php
2
-#declare(strict_types=1);
3
-
4
-if (!check_perms('users_mod')) {
5
-  error(403);
6
-}
7
-
8
-$QueryID = $DB->query("
9
-  SELECT SQL_CALC_FOUND_ROWS *
10
-  FROM deletion_requests");
11
-
12
-$DB->query("SELECT FOUND_ROWS()");
13
-list($NumResults) = $DB->next_record();
14
-$DB->set_query_id($QueryID);
15
-
16
-$Requests = $DB->to_array();
17
-
18
-if (isset($_GET['deny']) && isset($_GET['type']) && isset($_GET['value'])) {
19
-  authorize();
20
-
21
-  $Deny = ($_GET['deny'] == 'true');
22
-  $Type = $_GET['type'] == 'email' ? 'Email' : ($_GET['type'] == 'ip' ? 'IP' : '');
23
-  $Value = db_string($_GET['value']);
24
-
25
-  $DB->query("
26
-    DELETE FROM deletion_requests
27
-    WHERE Value = '$Value'");
28
-
29
-  $DB->query("
30
-    SELECT UserID
31
-    FROM users_history_".strtolower($Type)."s
32
-    WHERE $Type = '$Value'");
33
-  if ($DB->has_results()) {
34
-    list($UserID) = $DB->next_record();
35
-    if ($UserID != $_GET['userid']) {
36
-      $Err = "The specified UserID is incorrect.";
37
-    }
38
-  } else {
39
-    $Err = "That $Type doesn't exist.";
40
-  }
41
-
42
-  if (empty($Err)) {
43
-    if (!$Deny) {
44
-      $DB->query("
45
-        SELECT $Type
46
-        FROM users_history_".strtolower($Type)."s
47
-        WHERE UserID = '$UserID'");
48
-      $ToDelete = [];
49
-      while (list($EncValue) = $DB->next_record()) {
50
-        if (Crypto::decrypt($Value) == Crypto::decrypt($EncValue)) {
51
-          $ToDelete[] = $EncValue;
52
-        }
53
-      }
54
-      forEach ($ToDelete as $DelValue) {
55
-        $DB->query("
56
-          DELETE FROM users_history_".strtolower($Type)."s
57
-          WHERE UserID = $UserID
58
-            AND $Type = '$DelValue'");
59
-      }
60
-      $Succ = "$Type deleted.";
61
-      Misc::send_pm($UserID, 0, "$Type Deletion Request Accepted.", "Your deletion request has been accepted. What $Type? I don't know! We don't have it anymore!");
62
-    } else {
63
-      $Succ = "Request denied.";
64
-      Misc::send_pm($UserID, 0, "$Type Deletion Request Denied.", "Your deletion request has been denied.\n\nIf you wish to discuss this matter further, please create a staff PM, or join ".HELP_CHAN." on IRC to speak with a staff member.");
65
-    }
66
-  }
67
-
68
-  $Cache->delete_value('num_deletion_requests');
69
-}
70
-
71
-View::show_header("Expunge Requests");
72
-
73
-?>
74
-
75
-<div class="header">
76
-  <h2>Expunge Requests</h2>
77
-</div>
78
-
79
-<? if (isset($Err)) { ?>
80
-<span>Error: <?=$Err?></span>
81
-<? } elseif (isset($Succ)) { ?>
82
-<span>Success: <?=$Succ?></span>
83
-<? } ?>
84
-
85
-<div>
86
-  <table width="100%">
87
-    <tr class="colhead">
88
-      <td>User</td>
89
-      <td>Type</td>
90
-      <td>Value</td>
91
-      <td>Reason</td>
92
-      <td>Accept</td>
93
-      <td>Deny</td>
94
-    </tr>
95
-<? foreach ($Requests as $Request) { ?>
96
-    <tr>
97
-      <td><?=Users::format_username($Request['UserID'])?></td>
98
-      <td><?=$Request['Type']?></td>
99
-      <td><?=Crypto::decrypt($Request['Value'])?></td>
100
-      <td><?=display_str($Request['Reason'])?></td>
101
-      <td><a href="tools.php?action=expunge_requests&auth=<?=$LoggedUser['AuthKey']?>&type=<?=strtolower($Request['Type'])?>&value=<?=urlencode($Request['Value'])?>&userid=<?=$Request['UserID']?>&deny=false" class="brackets">Accept</a></td>
102
-      <td><a href="tools.php?action=expunge_requests&auth=<?=$LoggedUser['AuthKey']?>&type=<?=strtolower($Request['Type'])?>&value=<?=urlencode($Request['Value'])?>&userid=<?=$Request['UserID']?>&deny=true" class="brackets">Deny</a></td>
103
-    </tr>
104
-<? } ?>
105
-  </table>
106
-</div>
107
-
108
-<? View::show_footer(); ?>

Loading…
Cancel
Save