Empty commit

.gitignore

@@ -0,0 +1,9 @@
+classes/config.php
+_packages/**/.git/**
+
+static/styles/*.css
+static/styles/assets/fonts/**
+static/common/badges/**
+
+.DS_Store
+*.sw*

ajax.php

@@ -0,0 +1,4 @@
+<?php
+declare(strict_types=1);
+
+require_once 'classes/script_start.php';

announce.php

@@ -0,0 +1 @@
+d14:failure reason40:Invalid .torrent, try downloading again.e

artist.php

@@ -0,0 +1,5 @@
+<?php
+declare(strict_types=1);
+
+define('ERROR_EXCEPTION', true);
+require_once 'classes/script_start.php';

better.php

@@ -0,0 +1,5 @@
+<?php
+declare(strict_types=1);
+
+define('ERROR_EXCEPTION', true);
+require_once 'classes/script_start.php';

blog.php

@@ -0,0 +1,4 @@
+<?php
+declare(strict_types=1);
+
+require_once 'classes/script_start.php';

bookmarks.php

@@ -0,0 +1,5 @@
+<?php
+declare(strict_types=1);
+
+define('ERROR_EXCEPTION', true);
+require_once 'classes/script_start.php';

browse.php

@@ -0,0 +1,4 @@
+<?php
+declare(strict_types=1);
+
+header('Location: torrents.php');

classes/artists.class.php

@@ -0,0 +1,286 @@
+<?php
+
+class Artists
+{
+
+  /**
+   * Given an array of GroupIDs, return their associated artists.
+   *
+   * @param array $GroupIDs
+   * @return an array of the following form:
+   *  GroupID => {
+   *    [ArtistType] => {
+   *      id, name, aliasid
+   *    }
+   *  }
+   *
+   * ArtistType is an int. It can be:
+   * 1 => Main artist
+   * 2 => Guest artist
+   * 4 => Composer
+   * 5 => Conductor
+   * 6 => DJ
+   */
+    public static function get_artists($GroupIDs)
+    {
+        $Results = [];
+        $DBs = [];
+
+        foreach ($GroupIDs as $GroupID) {
+            if (!is_number($GroupID)) {
+                continue;
+            }
+
+            $Artists = G::$Cache->get_value('groups_artists_'.$GroupID);
+            if (is_array($Artists)) {
+                $Results[$GroupID] = $Artists;
+            } else {
+                $DBs[] = $GroupID;
+            }
+        }
+
+        if (count($DBs) > 0) {
+            $IDs = implode(',', $DBs);
+            if (empty($IDs)) {
+                $IDs = 'null';
+            }
+
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT
+              ta.`GroupID`,
+              ta.`ArtistID`,
+              ag.`Name`
+            FROM
+              `torrents_artists` AS ta
+            JOIN `artists_group` AS ag
+            ON
+              ta.`ArtistID` = ag.`ArtistID`
+            WHERE
+              ta.`GroupID` IN($IDs)
+            ORDER BY
+              ta.`GroupID` ASC,
+              ag.`Name` ASC;
+            ");
+
+            while (list($GroupID, $ArtistID, $ArtistName) = G::$DB->next_record(MYSQLI_BOTH, false)) {
+                $Results[$GroupID][] = array('id' => $ArtistID, 'name' => $ArtistName);
+                $New[$GroupID][] = array('id' => $ArtistID, 'name' => $ArtistName);
+            }
+
+            G::$DB->set_query_id($QueryID);
+            foreach ($DBs as $GroupID) {
+                if (isset($New[$GroupID])) {
+                    G::$Cache->cache_value("groups_artists_$GroupID", $New[$GroupID]);
+                } else {
+                    G::$Cache->cache_value("groups_artists_$GroupID", []);
+                }
+            }
+
+            $Missing = array_diff($GroupIDs, array_keys($Results));
+            if (!empty($Missing)) {
+                $Results += array_fill_keys($Missing, []);
+            }
+        }
+        return $Results;
+    }
+
+    /**
+     * Convenience function for get_artists, when you just need one group.
+     *
+     * @param int $GroupID
+     * @return array - see get_artists
+     */
+    public static function get_artist($GroupID)
+    {
+        $Results = Artists::get_artists(array($GroupID));
+        return $Results[$GroupID];
+    }
+
+    /**
+     * Format an array of artists for display.
+     * todo: Revisit the logic of this, see if we can helper-function the copypasta.
+     *
+     * @param array Artists an array of the form output by get_artists
+     * @param boolean $MakeLink if true, the artists will be links, if false, they will be text.
+     * @param boolean $IncludeHyphen if true, appends " - " to the end.
+     * @param $Escape if true, output will be escaped. Think carefully before setting it false.
+     */
+    public static function display_artists($Artists, $MakeLink = true, $IncludeHyphen = true, $Escape = true)
+    {
+        if (!empty($Artists)) {
+            $ampersand = ($Escape) ? ' &amp; ' : ' & ';
+            $link = ($IncludeHyphen? '🧑&nbsp;' : '');
+    
+            switch (count($Artists)) {
+            case 0:
+                break;
+
+            case 3:
+                $link .= Artists::display_artist($Artists[2], $MakeLink, $Escape). ", ";
+                // no break
+
+            case 2:
+                $link .= Artists::display_artist($Artists[1], $MakeLink, $Escape). ", ";
+                // no break
+
+            case 1:
+                $link .= Artists::display_artist($Artists[0], $MakeLink, $Escape);
+                break;
+
+            default:
+                $link = ($IncludeHyphen?'🧑&nbsp;':'').Artists::display_artist($Artists[0], $MakeLink, $Escape).' et al.';
+                #$link = 'Various'.($IncludeHyphen?' &ndash; ':'');
+        }
+            return $link;
+        } else {
+            return '';
+        }
+    }
+    
+    /**
+     * Formats a single artist name.
+     *
+     * @param array $Artist an array of the form ('id' => ID, 'name' => Name)
+     * @param boolean $MakeLink If true, links to the artist page.
+     * @param boolean $Escape If false and $MakeLink is false, returns the unescaped, unadorned artist name.
+     * @return string Formatted artist name.
+     */
+    public static function display_artist($Artist, $MakeLink = true, $Escape = true)
+    {
+        if ($MakeLink && !$Escape) {
+            error('Invalid parameters to Artists::display_artist()');
+        } elseif ($MakeLink) {
+            return '<a href="artist.php?id='.$Artist['id'].'">'.display_str($Artist['name']).'</a>';
+        } elseif ($Escape) {
+            return display_str($Artist['name']);
+        } else {
+            return $Artist['name'];
+        }
+    }
+
+    /**
+     * Deletes an artist and their requests, wiki, and tags.
+     * Does NOT delete their torrents.
+     *
+     * @param int $ArtistID
+     */
+    public static function delete_artist($ArtistID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT
+          `NAME`
+        FROM
+          `artists_group`
+        WHERE
+          `ArtistID` = $ArtistID
+        ");
+        list($Name) = G::$DB->next_record(MYSQLI_NUM, false);
+
+        // Delete requests
+        G::$DB->query("
+        SELECT
+          `RequestID`
+        FROM
+          `requests_artists`
+        WHERE
+          `ArtistID` = $ArtistID AND `ArtistID` != 0
+        ");
+
+        $Requests = G::$DB->to_array();
+        foreach ($Requests as $Request) {
+            list($RequestID) = $Request;
+            G::$DB->query("
+            DELETE
+            FROM
+              `requests`
+            WHERE
+              `ID` = $RequestID
+            ");
+
+            G::$DB->query("
+            DELETE
+            FROM
+              `requests_votes`
+            WHERE
+              `RequestID` = $RequestID
+            ");
+
+            G::$DB->query("
+            DELETE
+            FROM
+              `requests_tags`
+            WHERE
+              `RequestID` = $RequestID
+            ");
+
+            G::$DB->query("
+            DELETE
+            FROM
+              `requests_artists`
+            WHERE
+              `RequestID` = $RequestID
+            ");
+        }
+
+        // Delete artist
+        G::$DB->query("
+        DELETE
+        FROM
+          `artists_group`
+        WHERE
+          `ArtistID` = $ArtistID
+        ");
+        G::$Cache->decrement('stats_artist_count');
+
+        // Delete wiki revisions
+        G::$DB->query("
+        DELETE
+        FROM
+          `wiki_artists`
+        WHERE
+          `PageID` = $ArtistID
+        ");
+
+        // Delete tags
+        G::$DB->query("
+        DELETE
+        FROM
+          `artists_tags`
+        WHERE
+          `ArtistID` = $ ArtistID
+        ");
+
+        // Delete artist comments, subscriptions and quote notifications
+        Comments::delete_page('artist', $ArtistID);
+        G::$Cache->delete_value("artist_$ArtistID");
+        G::$Cache->delete_value("artist_groups_$ArtistID");
+
+        // Record in log
+        if (!empty(G::$LoggedUser['Username'])) {
+            $Username = G::$LoggedUser['Username'];
+        } else {
+            $Username = 'System';
+        }
+        
+        Misc::write_log("Artist $ArtistID ($Name) was deleted by $Username");
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+     * Remove LRM (left-right-marker) and trims, because people copypaste carelessly.
+     * If we don't do this, we get seemingly duplicate artist names.
+     * todo: make stricter, e.g., on all whitespace characters or Unicode normalisation
+     *
+     * @param string $ArtistName
+     */
+    public static function normalise_artist_name($ArtistName)
+    {
+        // \u200e is &lrm;
+        $ArtistName = trim($ArtistName);
+        $ArtistName = preg_replace('/^(\xE2\x80\x8E)+/', '', $ArtistName);
+        $ArtistName = preg_replace('/(\xE2\x80\x8E)+$/', '', $ArtistName);
+        return trim(preg_replace('/ +/', ' ', $ArtistName));
+    }
+}

classes/autoenable.class.php

@@ -0,0 +1,499 @@
+<?php
+
+# todo: Check strict equality gently
+class AutoEnable
+{
+    // Constants for database values
+    const APPROVED = 1;
+    const DENIED = 2;
+    const DISCARDED = 3;
+
+    // Cache key to store the number of enable requests
+    const CACHE_KEY_NAME = 'num_enable_requests';
+
+    // The default request rejected message
+    const REJECTED_MESSAGE = <<<EOT
+    <p>
+      Your request to re-enable your account has been rejected.
+    </p>
+
+    <p>
+      This may be because a request is already pending for your username,
+      or because a recent request was denied.
+    </p>
+EOT;
+
+    // The default request received message
+    const RECEIVED_MESSAGE = <<<EOT
+    <p>
+      Your request to re-enable your account has been received.
+    </p>
+    
+    <p>
+      Most requests are responded to within minutes.
+      Remember to check your spam folder.
+    </p>
+EOT;
+
+    /**
+     * Handle a new enable request
+     *
+     * @param string $Username The user's username
+     * @param string $Email The user's email address
+     * @return string The output
+     */
+    public static function new_request($Username, $Email)
+    {
+        if (empty($Username)) {
+            header('Location: login.php');
+            error();
+        }
+
+        // Get the user's ID
+        G::$DB->query("
+        SELECT
+          um.`ID`,
+          ui.`BanReason`
+        FROM
+          `users_main` AS um
+        JOIN `users_info` ui ON
+          ui.`UserID` = um.`ID`
+        WHERE
+          um.`Username` = '$Username'
+          AND um.`Enabled` = '2'
+        ");
+
+        if (G::$DB->has_results()) {
+            // Make sure the user can make another request
+            list($UserID, $BanReason) = G::$DB->next_record();
+            G::$DB->query("
+            SELECT
+              1
+            FROM
+              `users_enable_requests`
+            WHERE
+              `UserID` = '$UserID' AND(
+                (
+                  `Timestamp` > NOW() - INTERVAL 1 WEEK
+                  AND `HandledTimestamp` IS NULL)
+                  OR(
+                    `Timestamp` > NOW() - INTERVAL 2 MONTH
+                    AND Outcome = '".self::DENIED."')
+                )
+            ");
+        }
+
+        $IP = $_SERVER['REMOTE_ADDR'];
+        if (G::$DB->has_results() || !isset($UserID)) {
+            // User already has/had a pending activation request or username is invalid
+            $Output = sprintf(self::REJECTED_MESSAGE, DISABLED_CHAN, BOT_SERVER);
+            if (isset($UserID)) {
+                Tools::update_user_notes(
+                    $UserID,
+                    sqltime() . " - Enable request rejected from $IP\n\n"
+                );
+            }
+        } else {
+            // New disable activation request
+            $UserAgent = db_string($_SERVER['HTTP_USER_AGENT']);
+            G::$DB->query(
+                "
+                INSERT INTO `users_enable_requests`(
+                  `UserID`,
+                  `Email`,
+                  `IP`,
+                  `UserAgent`,
+                  `Timestamp`
+                )
+                VALUES(?, ?, ?, ?, NOW())",
+                $UserID,
+                Crypto::encrypt($Email),
+                Crypto::encrypt($IP),
+                $UserAgent
+            );
+            $RequestID = G::$DB->inserted_id();
+
+            // Cache the number of requests for the modbar
+            G::$Cache->increment_value(self::CACHE_KEY_NAME);
+            setcookie('username', '', time() - 60 * 60, '/', '', false);
+            $Output = self::RECEIVED_MESSAGE;
+
+            Tools::update_user_notes(
+                $UserID,
+                sqltime() . " - Enable request " . G::$DB->inserted_id() . " received from $IP\n\n"
+            );
+
+            if ($BanReason === 3) {
+                self::handle_requests(
+                    [$RequestID],
+                    self::APPROVED,
+                    'Automatically approved (inactivity)'
+                );
+            }
+        }
+        return $Output;
+    }
+
+    /*
+     * Handle requests
+     *
+     * @param int|int[] $IDs An array of IDs, or a single ID
+     * @param int $Status The status to mark the requests as
+     * @param string $Comment The staff member comment
+     */
+    public static function handle_requests($IDs, $Status, $Comment)
+    {
+        # Error checking
+        if ($Status !== self::APPROVED && $Status !== self::DENIED && $Status !== self::DISCARDED) {
+            error(404);
+        }
+
+        $ENV = ENV::go();
+        $UserInfo = [];
+        $IDs = (!is_array($IDs)) ? [$IDs] : $IDs;
+
+        if (count($IDs) === 0) {
+            error(404);
+        }
+
+        foreach ($IDs as $ID) {
+            if (!is_number($ID)) {
+                error(404);
+            }
+        }
+
+        G::$DB->query("
+        SELECT
+          `Email`,
+          `ID`,
+          `UserID`
+        FROM
+          `users_enable_requests`
+        WHERE
+          `ID` IN(".implode(',', $IDs).")
+          AND `Outcome` IS NULL
+        ");
+        $Results = G::$DB->to_array(false, MYSQLI_NUM);
+
+        if ($Status !== self::DISCARDED) {
+            // Prepare email
+            require_once SERVER_ROOT.'/classes/templates.class.php';
+            $TPL = new TEMPLATE;
+
+            if ($Status === self::APPROVED) {
+                $TPL->open(SERVER_ROOT.'/templates/enable_request_accepted.tpl');
+                $TPL->set('SITE_DOMAIN', SITE_DOMAIN);
+            } else {
+                $TPL->open(SERVER_ROOT.'/templates/enable_request_denied.tpl');
+            }
+            $TPL->set('SITE_NAME', $ENV->SITE_NAME);
+
+            foreach ($Results as $Result) {
+                list($Email, $ID, $UserID) = $Result;
+                $Email = Crypto::decrypt($Email);
+                $UserInfo[] = array($ID, $UserID);
+
+                if ($Status === self::APPROVED) {
+                    // Generate token
+                    $Token = db_string(Users::make_secret());
+                    G::$DB->query("
+                    UPDATE
+                      `users_enable_requests`
+                    SET
+                      `Token` = ?
+                    WHERE
+                      `ID` = ?,
+                      $Token,
+                      $ID
+                    ");
+                    $TPL->set('TOKEN', $Token);
+                }
+
+                // Send email
+                $Subject = "Your enable request for $ENV->SITE_NAME has been ";
+                $Subject .= ($Status === self::APPROVED) ? 'approved' : 'denied';
+                Misc::send_email($Email, $Subject, $TPL->get(), 'noreply');
+            }
+        } else {
+            foreach ($Results as $Result) {
+                list(, $ID, $UserID) = $Result;
+                $UserInfo[] = array($ID, $UserID);
+            }
+        }
+
+        // User notes stuff
+        $StaffID = G::$LoggedUser['ID'] ?? 0;
+        G::$DB->query("
+        SELECT
+          `Username`
+        FROM
+          `users_main`
+        WHERE
+          `ID` = ?,
+          $StaffID
+        ");
+
+        if (G::$DB->has_results()) {
+            list($StaffUser) = G::$DB->next_record();
+        } else {
+            $StaffUser = "System";
+            $StaffID = 0;
+        }
+
+        foreach ($UserInfo as $User) {
+            list($ID, $UserID) = $User;
+            $BaseComment = sqltime()." - Enable request $ID ".strtolower(self::get_outcome_string($Status)).' by [user]'.$StaffUser.'[/user]';
+            $BaseComment .= (!empty($Comment)) ? "\nReason: $Comment\n\n" : "\n\n";
+            Tools::update_user_notes($UserID, $BaseComment);
+        }
+
+        // Update database values and decrement cache
+        G::$DB->query("
+        UPDATE
+          `users_enable_requests`
+        SET
+          `HandledTimestamp` = NOW(), `CheckedBy` = ?, `Outcome` = ?
+        WHERE
+          `ID` IN(".implode(',', $IDs)."),
+          $StaffID,
+          $Status
+        ");
+        G::$Cache->decrement_value(self::CACHE_KEY_NAME, count($IDs));
+    }
+
+    /**
+     * Unresolve a discarded request
+     *
+     * @param int $ID The request ID
+     */
+    public static function unresolve_request($ID)
+    {
+        $ID = (int) $ID;
+        if (empty($ID)) {
+            error(404);
+        }
+
+        G::$DB->query("
+        SELECT
+          `UserID`
+        FROM
+          `users_enable_requests`
+        WHERE
+          `Outcome` = '" . self::DISCARDED . "' AND `ID` = '$ID'
+        ");
+
+        if (!G::$DB->has_results()) {
+            error(404);
+        } else {
+            list($UserID) = G::$DB->next_record();
+        }
+
+        G::$DB->query("
+        SELECT
+          `Username`
+        FROM
+          `users_main`
+        WHERE
+          `ID` = '".G::$LoggedUser['ID']."'
+        ");
+        list($StaffUser) = G::$DB->next_record();
+
+        Tools::update_user_notes($UserID, sqltime()." - Enable request $ID unresolved by [user]".$StaffUser.'[/user]'."\n\n");
+        G::$DB->query("
+        UPDATE
+          `users_enable_requests`
+        SET
+          `Outcome` = NULL,
+          `HandledTimestamp` = NULL,
+          `CheckedBy` = NULL
+        WHERE
+          `ID` = '$ID'
+        ");
+        G::$Cache->increment_value(self::CACHE_KEY_NAME);
+    }
+
+    /**
+     * Get the corresponding outcome string for a numerical value
+     *
+     * @param int $Outcome The outcome integer
+     * @return string The formatted output string
+     */
+    public static function get_outcome_string($Outcome)
+    {
+        if ($Outcome === self::APPROVED) {
+            $String = 'Approved';
+        } elseif ($Outcome === self::DENIED) {
+            $String = 'Rejected';
+        } elseif ($Outcome === self::DISCARDED) {
+            $String = 'Discarded';
+        } else {
+            $String = '---';
+        }
+        return $String;
+    }
+
+    /**
+     * Handle a user's request to enable an account
+     *
+     * @param string $Token The token
+     * @return string The error output, or an empty string
+     */
+    public static function handle_token($Token)
+    {
+        $Token = db_string($Token);
+        G::$DB->query("
+        SELECT
+          uer.`UserID`,
+          uer.`HandledTimestamp`,
+          um.`torrent_pass`,
+          um.`Visible`,
+          um.`IP`
+        FROM
+          `users_enable_requests` AS uer
+        LEFT JOIN `users_main` AS um
+        ON
+          uer.`UserID` = um.`ID`
+        WHERE
+          `Token` = '$Token'
+        ");
+
+        if (G::$DB->has_results()) {
+            list($UserID, $Timestamp, $TorrentPass, $Visible, $IP) = G::$DB->next_record();
+            G::$DB->query("
+            UPDATE
+              `users_enable_requests`
+            SET
+              `Token` = NULL
+            WHERE
+              `Token` = '$Token'
+            ");
+
+            if ($Timestamp < time_minus(3600 * 48)) {
+                // Old request
+                Tools::update_user_notes($UserID, sqltime()." - Tried to use an expired enable token from ".$_SERVER['REMOTE_ADDR']."\n\n");
+                $Err = "Token has expired. Please visit ".DISABLED_CHAN." on ".BOT_SERVER." to discuss this with staff.";
+            } else {
+                // Good request, decrement cache value and enable account
+                G::$Cache->decrement_value(AutoEnable::CACHE_KEY_NAME);
+                $VisibleTrIP = ($Visible && Crypto::decrypt($IP) !== '127.0.0.1') ? '1' : '0';
+                Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $TorrentPass, 'visible' => $VisibleTrIP));
+
+                G::$DB->query("
+                UPDATE
+                  `users_main`
+                SET
+                  `Enabled` = '1',
+                  `can_leech` = '1'
+                WHERE
+                  `ID` = '$UserID'
+                ");
+                
+                G::$DB->query("
+                UPDATE
+                  `users_info`
+                SET
+                  `BanReason` = '0'
+                WHERE
+                  `UserID` = '$UserID'
+                ");
+
+                G::$Cache->delete_value("user_info_$UserID");
+                $Err = "Your account has been enabled. You may now log in.";
+            }
+        } else {
+            $Err = "Invalid token.";
+        }
+        return $Err;
+    }
+
+    /**
+     * Build the search query, from the searchbox inputs
+     *
+     * @param int $UserID The user ID
+     * @param string $IP The IP
+     * @param string $SubmittedTimestamp The timestamp representing when the request was submitted
+     * @param int $HandledUserID The ID of the user that handled the request
+     * @param string $HandledTimestamp The timestamp representing when the request was handled
+     * @param int $OutcomeSearch The outcome of the request
+     * @param boolean $Checked Should checked requests be included?
+     * @return array The WHERE conditions for the query
+     */
+    public static function build_search_query($Username, $IP, $SubmittedBetween, $SubmittedTimestamp1, $SubmittedTimestamp2, $HandledUsername, $HandledBetween, $HandledTimestamp1, $HandledTimestamp2, $OutcomeSearch, $Checked)
+    {
+        $Where = [];
+
+        if (!empty($Username)) {
+            $Where[] = "um1.`Username` = '$Username'";
+        }
+
+        if (!empty($IP)) {
+            // todo: Make this work with encrypted IPs
+            $Where[] = "uer.`IP` = '$IP'";
+        }
+
+        if (!empty($SubmittedTimestamp1)) {
+            switch ($SubmittedBetween) {
+                case 'on':
+                    $Where[] = "DATE(uer.`Timestamp`) = DATE('$SubmittedTimestamp1')";
+                    break;
+
+                case 'before':
+                    $Where[] = "DATE(uer.`Timestamp`) < DATE('$SubmittedTimestamp1')";
+                    break;
+
+                case 'after':
+                    $Where[] = "DATE(uer.`Timestamp`) > DATE('$SubmittedTimestamp1')";
+                    break;
+
+                case 'between':
+                    if (!empty($SubmittedTimestamp2)) {
+                        $Where[] = "DATE(uer.`Timestamp`) BETWEEN DATE('$SubmittedTimestamp1') AND DATE('$SubmittedTimestamp2')";
+                    }
+                    break;
+
+                default:
+                    break;
+            }
+        }
+
+        if (!empty($HandledTimestamp1)) {
+            switch ($HandledBetween) {
+                case 'on':
+                    $Where[] = "DATE(uer.`HandledTimestamp`) = DATE('$HandledTimestamp1')";
+                    break;
+
+                case 'before':
+                    $Where[] = "DATE(uer.`HandledTimestamp`) < DATE('$HandledTimestamp1')";
+                    break;
+
+                case 'after':
+                    $Where[] = "DATE(uer.`HandledTimestamp`) > DATE('$HandledTimestamp1')";
+                    break;
+
+                case 'between':
+                    if (!empty($HandledTimestamp2)) {
+                        $Where[] = "DATE(uer.`HandledTimestamp`) BETWEEN DATE('$HandledTimestamp1') AND DATE('$HandledTimestamp2')";
+                    }
+                    break;
+
+                default:
+                    break;
+            }
+        }
+
+        if (!empty($HandledUsername)) {
+            $Where[] = "um2.`Username` = '$HandledUsername'";
+        }
+
+        if (!empty($OutcomeSearch)) {
+            $Where[] = "uer.`Outcome` = '$OutcomeSearch'";
+        }
+
+        if ($Checked) {
+            // This is to skip the if statement in enable_requests.php
+            $Where[] = "(uer.`Outcome` IS NULL OR uer.`Outcome` IS NOT NULL)";
+        }
+
+        return $Where;
+    }
+}

classes/autoload.php

@@ -0,0 +1,67 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * Autoload
+ *
+ * Load classes automatically when they're needed.
+ * The Gazelle convention is classes/lowercase_name.class.php.
+ *
+ * @param string $ClassName class name
+ * @see https://www.php.net/manual/en/language.oop5.autoload.php
+ */
+spl_autoload_register(function ($ClassName) {
+    $FilePath = SERVER_ROOT . '/classes/' . strtolower($ClassName) . '.class.php';
+    #$FilePath = $_SERVER['DOCUMENT_ROOT'] . '/classes/' . strtolower($ClassName) . '.class.php';
+
+    if (!file_exists($FilePath)) {
+        // todo: Rename the following classes to conform with the code guidelines
+        switch ($ClassName) {
+        case 'MASS_USER_BOOKMARKS_EDITOR':
+          $FileName = 'mass_user_bookmarks_editor.class';
+          break;
+
+        case 'MASS_USER_TORRENTS_EDITOR':
+          $FileName = 'mass_user_torrents_editor.class';
+          break;
+
+        case 'MASS_USER_TORRENTS_TABLE_VIEW':
+          $FileName = 'mass_user_torrents_table_view.class';
+          break;
+
+        case 'TEXTAREA_PREVIEW':
+          $FileName = 'textarea_preview.class';
+          break;
+
+        case 'TORRENT':
+        case 'BENCODE_DICT':
+        case 'BENCODE_LIST':
+          $FileName = 'torrent.class';
+          break;
+
+        case 'RecursiveArrayObject':
+          $FileName = 'env.class';
+          break;
+
+        case 'Parsedown':
+          $FileName = 'vendor/Parsedown';
+          break;
+
+        case 'ParsedownExtra':
+          $FileName = 'vendor/ParsedownExtra';
+          break;
+
+        case 'TwitterAPIExchange':
+          $FileName = 'vendor/TwitterAPIExchange';
+          break;
+
+        default:
+          error("Couldn't import class $ClassName");
+    }
+
+        $FilePath = SERVER_ROOT . "/classes/$FileName.php";
+        #$FilePath = $_SERVER['DOCUMENT_ROOT'] . "/classes/$FileName.php";
+    }
+
+    require_once $FilePath;
+});

classes/badges.class.php

@@ -0,0 +1,163 @@
+<?php
+declare(strict_types = 1);
+
+class Badges
+{
+    /**
+     * Given a UserID, returns that user's badges
+     *
+     * @param int $UserID
+     * @return array of BadgeIDs
+     */
+    public static function get_badges($UserID)
+    {
+        return Users::user_info($UserID)['Badges'];
+    }
+
+
+    /**
+     * Awards UserID the given BadgeID
+     *
+     * @param int $UserID
+     * @param int $BadgeID
+     * @return bool success?
+     */
+    public static function award_badge($UserID, $BadgeID)
+    {
+        if (self::has_badge($UserID, $BadgeID)) {
+            return false;
+        } else {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            INSERT INTO `users_badges`(`UserID`, `BadgeID`)
+            VALUES($UserID, $BadgeID)
+            ");
+
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->delete_value("user_info_$UserID");
+            return true;
+        }
+    }
+
+
+    /**
+     * Given a UserID, return that user's displayed badges
+     *
+     * @param int $UserID
+     * @return array of BadgeIDs
+     */
+    public static function get_displayed_badges($UserID)
+    {
+        $Result = [];
+        $Badges = self::get_badges($UserID);
+
+        foreach ($Badges as $Badge => $Displayed) {
+            if ($Displayed) {
+                $Result[] = $Badge;
+            }
+        }
+        return $Result;
+    }
+
+
+    /**
+     * Returns true if the given user owns the given badge
+     *
+     * @param int $UserID
+     * @param int $BadgeID
+     * @return bool
+     */
+    public static function has_badge($UserID, $BadgeID)
+    {
+        $Badges = self::get_badges($UserID);
+        return (array_key_exists($BadgeID, $Badges)) ?: false;
+    }
+
+
+    /**
+     * Creates HTML for displaying a badge.
+     *
+     * @param int $BadgeID
+     * @param bool $Tooltip Should HTML contain a tooltip?
+     * @return string HTML
+     */
+    public static function display_badge($BadgeID, $Tooltip = false)
+    {
+        $html = '';
+        if (($Badges = G::$Cache->get_value('badges')) && array_key_exists($BadgeID, $Badges)) {
+            extract($Badges[$BadgeID]);
+        } else {
+            self::update_badge_cache();
+            if (($Badges = G::$Cache->get_value('badges')) && array_key_exists($BadgeID, $Badges)) {
+                extract($Badges[$BadgeID]);
+            } else {
+                global $Debug;
+                $Debug->analysis("Invalid BadgeID $BadgeID requested.");
+            }
+        }
+
+        if ($Tooltip) {
+            $html .= "<a class='badge_icon'><img class='badge tooltip' alt='$Name' title='$Name: $Description' src='$Icon' /></a>";
+        } else {
+            $html .= "<a class='badge_icon'><img class='badge' alt='$Name' title='$Name' src='$Icon' /></a>";
+        }
+
+        return $html;
+    }
+
+
+    /**
+     * display_badges()
+     */
+    public static function display_badges($BadgeIDs, $Tooltip = false)
+    {
+        $html = '';
+        foreach ($BadgeIDs as $BadgeID) {
+            $html .= self::display_badge($BadgeID, $Tooltip);
+        }
+        return $html;
+    }
+
+
+    /**
+     * update_badge_cache()
+     */
+    private static function update_badge_cache()
+    {
+        $QueryID = G::$DB->get_query_id();
+
+        G::$DB->query("
+        SELECT
+          `ID`,
+          `Icon`,
+          `Name`,
+          `Description`
+        FROM
+          `badges`
+        ");
+
+        $badges = [];
+        if (G::$DB->has_results()) {
+            while (list($id, $icon, $name, $description) = G::$DB->next_record()) {
+                $badges[$id] = array('Icon' => $icon, 'Name' => $name, 'Description' => $description);
+            }
+            G::$Cache->cache_value('badges', $badges);
+        }
+
+        G::$DB->set_query_id($QueryID);
+    }
+
+
+    /**
+     * get_all_badges()
+     */
+    public static function get_all_badges()
+    {
+        if (($Badges = G::$Cache->get_value('badges'))) {
+            return $Badges;
+        } else {
+            self::update_badge_cache();
+            return G::$Cache->get_value('badges');
+        }
+    }
+}

classes/bencode.class.php

@@ -0,0 +1,111 @@
+<?php
+
+/**
+ * If we're running a 32bit PHP version, we use small objects to store ints.
+ * Overhead from the function calls is small enough to not worry about
+ */
+class Int64
+{
+    private $Num;
+
+    public function __construct($Val)
+    {
+        $this->Num = $Val;
+    }
+
+    public static function make($Val)
+    {
+        return PHP_INT_SIZE === 4 ? new Int64($Val) : (int)$Val;
+    }
+
+    public static function get($Val)
+    {
+        return PHP_INT_SIZE === 4 ? $Val->Num : $Val;
+    }
+
+    public static function is_int($Val)
+    {
+        return is_int($Val) || (is_object($Val) && get_class($Val) === 'Int64');
+    }
+}
+
+/**
+ * The encode class is simple and straightforward. The only thing to
+ * note is that empty dictionaries are represented by boolean trues
+ */
+class Bencode
+{
+    private $DefaultKeys = array( // Get rid of everything except these keys to save some space
+      'created by', 'creation date', 'encoding', 'info', 'comment');
+    private $Data;
+    public $Enc;
+
+    /**
+     * Encode an arbitrary array (usually one that's just been decoded)
+     *
+     * @param array $Arg the thing to encode
+     * @param mixed $Keys string or array with keys in the input array to encode or true to encode everything
+     * @return bencoded string representing the content of the input array
+     */
+    public function encode($Arg = false, $Keys = false)
+    {
+        if ($Arg === false) {
+            $Data =& $this->Dec;
+        } else {
+            $Data =& $Arg;
+        }
+
+        if ($Keys === true) {
+            $this->Data = $Data;
+        } elseif ($Keys === false) {
+            $this->Data = array_intersect_key($Data, array_flip($this->DefaultKeys));
+        } elseif (is_array($Keys)) {
+            $this->Data = array_intersect_key($Data, array_flip($Keys));
+        } else {
+            $this->Data = isset($Data[$Keys]) ? $Data[$Keys] : false;
+        }
+
+        if (!$this->Data) {
+            return false;
+        }
+
+        $this->Enc = $this->_benc();
+        return $this->Enc;
+    }
+
+    /**
+     * Internal encoding function that does the actual job
+     *
+     * @return bencoded string
+     */
+    private function _benc()
+    {
+        if (!is_array($this->Data)) {
+            if (Int64::is_int($this->Data)) { // Integer
+                return 'i'.Int64::get($this->Data).'e';
+            }
+
+            if ($this->Data === true) { // Empty dictionary
+                return 'de';
+            }
+            return strlen($this->Data).':'.$this->Data; // String
+        }
+
+        if (empty($this->Data) || Int64::is_int(key($this->Data))) {
+            $IsDict = false;
+        } else {
+            $IsDict = true;
+            ksort($this->Data); // Dictionaries must be sorted
+        }
+        
+        $Ret = $IsDict ? 'd' : 'l';
+        foreach ($this->Data as $Key => $Value) {
+            if ($IsDict) {
+                $Ret .= strlen($Key).':'.$Key;
+            }
+            $this->Data = $Value;
+            $Ret .= $this->_benc();
+        }
+        return $Ret.'e';
+    }
+}

classes/bencodedecode.class.php

@@ -0,0 +1,208 @@
+<?php
+
+/**
+ * The decode class is simple and straightforward. The only thing to
+ * note is that empty dictionaries are represented by boolean trues
+ */
+class BencodeDecode extends Bencode
+{
+    private $Data;
+    private $Length;
+    private $Pos = 0;
+    public $Dec = [];
+    public $ExitOnError = true;
+    const SnipLength = 40;
+
+    /**
+     * Decode prepararations
+     *
+     * @param string $Arg bencoded string or path to bencoded file to decode
+     * @param bool $IsPath needs to be true if $Arg is a path
+     * @return decoded data with a suitable structure
+     */
+    public function __construct($Arg = false, $IsPath = false, $Strict = true)
+    {
+        if (!$Strict) {
+            $this->ExitOnError = false;
+        }
+
+        if ($Arg === false) {
+            if (empty($this->Enc)) {
+                return false;
+            }
+        } else {
+            if ($IsPath === true) {
+                return $this->bdec_file($Arg);
+            }
+            $this->Data = $Arg;
+        }
+        return $this->decode();
+    }
+
+    /**
+     * Decodes a bencoded file
+     *
+     * @param $Path path to bencoded file to decode
+     * @return decoded data with a suitable structure
+     */
+    public function bdec_file($Path = false)
+    {
+        if (empty($Path)) {
+            return false;
+        }
+
+        if (!$this->Data = @file_get_contents($Path, FILE_BINARY)) {
+            return $this->error("Error: file '$Path' could not be opened.\n");
+        }
+        return $this->decode();
+    }
+
+    /**
+     * Decodes a string with bencoded data
+     *
+     * @param mixed $Arg bencoded data or false to decode the content of $this->Data
+     * @return decoded data with a suitable structure
+     */
+    public function decode($Arg = false)
+    {
+        if ($Arg !== false) {
+            $this->Data = $Arg;
+        } elseif (!$this->Data) {
+            $this->Data = $this->Enc;
+        }
+
+        if (!$this->Data) {
+            return false;
+        }
+
+        $this->Length = strlen($this->Data);
+        $this->Pos = 0;
+        $this->Dec = $this->_bdec();
+
+        if ($this->Pos < $this->Length) {
+            // Not really necessary, but if the torrent is invalid, it's better to warn than to silently truncate it
+            return $this->error();
+        }
+        return $this->Dec;
+    }
+
+    /**
+     * Internal decoding function that does the actual job
+     *
+     * @return decoded data with a suitable structure
+     */
+    private function _bdec()
+    {
+        switch ($this->Data[$this->Pos]) {
+
+      case 'i':
+        $this->Pos++;
+        $Value = substr($this->Data, $this->Pos, strpos($this->Data, 'e', $this->Pos) - $this->Pos);
+        if (!ctype_digit($Value) && !($Value[0] == '-' && ctype_digit(substr($Value, 1)))) {
+            return $this->error();
+        }
+        $this->Pos += strlen($Value) + 1;
+        return Int64::make($Value);
+
+      case 'l':
+        $Value = [];
+        $this->Pos++;
+        while ($this->Data[$this->Pos] != 'e') {
+            if ($this->Pos >= $this->Length) {
+                return $this->error();
+            }
+            $Value[] = $this->_bdec();
+        }
+        $this->Pos++;
+        return $Value;
+
+      case 'd':
+        $Value = [];
+        $this->Pos++;
+        while ($this->Data[$this->Pos] != 'e') {
+            $Length = substr($this->Data, $this->Pos, strpos($this->Data, ':', $this->Pos) - $this->Pos);
+            if (!ctype_digit($Length)) {
+                return $this->error();
+            }
+            $this->Pos += strlen($Length) + $Length + 1;
+            $Key = substr($this->Data, $this->Pos - $Length, $Length);
+            if ($this->Pos >= $this->Length) {
+                return $this->error();
+            }
+            $Value[$Key] = $this->_bdec();
+        }
+        $this->Pos++;
+        // Use boolean true to keep track of empty dictionaries
+        return empty($Value) ? true : $Value;
+
+      default:
+        $Length = substr($this->Data, $this->Pos, strpos($this->Data, ':', $this->Pos) - $this->Pos);
+        if (!ctype_digit($Length)) {
+            return $this->error(); // Even if the string is likely to be decoded correctly without this check, it's malformed
+        }
+        $this->Pos += strlen($Length) + $Length + 1;
+        return substr($this->Data, $this->Pos - $Length, $Length);
+    }
+    }
+
+    /**
+     * Convert everything to the correct data types and optionally escape strings
+     *
+     * @param bool $Escape whether to escape the textual data
+     * @param mixed $Data decoded data or false to use the $Dec property
+     * @return decoded data with more useful data types
+     */
+    public function dump($Escape = true, $Data = false)
+    {
+        if ($Data === false) {
+            $Data = $this->Dec;
+        }
+
+        if (Int64::is_int($Data)) {
+            return Int64::get($Data);
+        }
+
+        if (is_bool($Data)) {
+            return [];
+        }
+
+        if (is_array($Data)) {
+            $Output = [];
+            foreach ($Data as $Key => $Val) {
+                $Output[$Key] = $this->dump($Escape, $Val);
+            }
+            return $Output;
+        }
+        return $Escape ? htmlentities($Data) : $Data;
+    }
+
+    /**
+     * Display an error and halt the operation unless the $ExitOnError property is false
+     *
+     * @param string $ErrMsg the error message to display
+     */
+    private function error($ErrMsg = false)
+    {
+        static $ErrorPos;
+        if ($this->Pos === $ErrorPos) {
+            // The recursive nature of the class requires this to avoid duplicate error messages
+            return false;
+        }
+
+        if ($this->ExitOnError) {
+            if ($ErrMsg === false) {
+                printf(
+                    "Malformed string. Invalid character at pos 0x%X: %s\n",
+                    $this->Pos,
+                    str_replace(array("\r","\n"), array('',' '), htmlentities(substr($this->Data, $this->Pos, self::SnipLength)))
+                );
+            } else {
+                echo $ErrMsg;
+            }
+            exit();
+        }
+        
+        $ErrorPos = $this->Pos;
+        return false;
+    }
+}

classes/bencodetorrent.class.php

@@ -0,0 +1,175 @@
+<?php
+
+# todo: Replace this with https://github.com/OPSnet/bencode-torrent
+
+/**
+ * Torrent class that contains some convenient functions related to torrent meta data
+ */
+class BencodeTorrent extends BencodeDecode
+{
+    private $PathKey = 'path';
+    public $Files = [];
+    public $Size = 0;
+
+    /**
+     * Create a list of the files in the torrent and their sizes as well as the total torrent size
+     *
+     * @return array with a list of files and file sizes
+     */
+    public function file_list()
+    {
+        if (empty($this->Dec)) {
+            return false;
+        }
+
+        $InfoDict =& $this->Dec['info'];
+        if (!isset($InfoDict['files'])) {
+            // Single-file torrent
+            $this->Size = (Int64::is_int($InfoDict['length'])
+        ? Int64::get($InfoDict['length'])
+        : $InfoDict['length']);
+            $Name = (isset($InfoDict['name.utf-8'])
+        ? $InfoDict['name.utf-8']
+        : $InfoDict['name']);
+            $this->Files[] = array($this->Size, $Name);
+        } else {
+            if (isset($InfoDict['path.utf-8']['files'][0])) {
+                $this->PathKey = 'path.utf-8';
+            }
+
+            foreach ($InfoDict['files'] as $File) {
+                $TmpPath = [];
+                foreach ($File[$this->PathKey] as $SubPath) {
+                    $TmpPath[] = $SubPath;
+                }
+                $CurSize = (Int64::is_int($File['length'])
+          ? Int64::get($File['length'])
+          : $File['length']);
+                $this->Files[] = array($CurSize, implode('/', $TmpPath));
+                $this->Size += $CurSize;
+            }
+            uasort($this->Files, function ($a, $b) {
+                return strnatcasecmp($a[1], $b[1]);
+            });
+        }
+        return array($this->Size, $this->Files);
+    }
+
+    /**
+     * Find out the name of the torrent
+     *
+     * @return string torrent name
+     */
+    public function get_name()
+    {
+        if (empty($this->Dec)) {
+            return false;
+        }
+        if (isset($this->Dec['info']['name.utf-8'])) {
+            return $this->Dec['info']['name.utf-8'];
+        }
+        return $this->Dec['info']['name'];
+    }
+
+    /**
+     * Find out the total size of the torrent
+     *
+     * @return string torrent size
+     */
+    public function get_size()
+    {
+        if (empty($this->Files)) {
+            if (empty($this->Dec)) {
+                return false;
+            }
+            $FileList = $this->file_list();
+        }
+        return $FileList[0];
+    }
+
+    /**
+     * Checks if the "private" flag is present in the torrent
+     *
+     * @return true if the "private" flag is set
+     */
+    public function is_private()
+    {
+        if (empty($this->Dec)) {
+            return false;
+        }
+        return isset($this->Dec['info']['private']) && Int64::get($this->Dec['info']['private']) == 1;
+    }
+    /**
+     * Add the "private" flag to the torrent
+     *
+     * @return true if a change was required
+     */
+    public function make_private()
+    {
+        if (empty($this->Dec)) {
+            return false;
+        }
+        if ($this->is_private()) {
+            return false;
+        }
+        $this->Dec['info']['private'] = Int64::make(1);
+        ksort($this->Dec['info']);
+        return true;
+    }
+
+    /**
+     * Add the "source" field to the torrent
+     *
+     * @return true if a change was required
+     */
+    public function make_sourced()
+    {
+        $Sources = Users::get_upload_sources();
+        if (empty($this->Dec)) {
+            return false;
+        }
+        if (isset($this->Dec['info']['source']) && ($this->Dec['info']['source'] == $Sources[0] || $this->Dec['info']['source'] == $Sources[1])) {
+            return false;
+        }
+        $this->Dec['info']['source'] = $Sources[0];
+        ksort($this->Dec['info']);
+        return true;
+    }
+
+    /**
+     * Calculate the torrent's info hash
+     *
+     * @return info hash in hexadecimal form
+     */
+    public function info_hash()
+    {
+        if (empty($this->Dec) || !isset($this->Dec['info'])) {
+            return false;
+        }
+        return sha1($this->encode(false, 'info'));
+    }
+
+    /**
+     * Add the announce URL to a torrent
+     */
+    public static function add_announce_url($Data, $Url)
+    {
+        return 'd8:announce'.strlen($Url).':'.$Url.substr($Data, 1);
+    }
+
+    /**
+     * Add list of announce URLs to a torrent
+     */
+    public static function add_announce_list($Data, $Urls)
+    {
+        $r = 'd13:announce-listl';
+        for ($i = 0; $i < count($Urls); $i++) {
+            $r .= 'l';
+            for ($j = 0; $j < count($Urls[$i]); $j++) {
+                $r .= strlen($Urls[$i][$j]).':'.$Urls[$i][$j];
+            }
+            $r .= 'e';
+        }
+        return $r.'e'.substr($Data, 1);
+    }
+}

classes/bitcoinrpc.class.php

@@ -0,0 +1,39 @@
+<?php
+
+class BitcoinRpc
+{
+    public static function __callStatic($Method, $Args)
+    {
+        if (!defined('BITCOIN_RPC_URL')) {
+            return false;
+        }
+
+        $MessageID = mt_rand();
+        $Params = json_encode(
+            array(
+                'method' => $Method,
+                'params' => $Args,
+                'id' => $MessageID
+            )
+        );
+
+        $Request = array(
+            'http' => array(
+                'method' => 'POST',
+                'header' => 'Content-type: application/json',
+                'content' => $Params
+            )
+        );
+
+        if (!$Response = file_get_contents(BITCOIN_RPC_URL, false, stream_context_create($Request))) {
+            return false;
+        }
+
+        $Response = json_decode($Response);
+        if ($Response->id != $MessageID || !empty($Response->error) || empty($Response->result)) {
+            return false;
+        }
+        
+        return $Response->result;
+    }
+}

classes/bookmarks.class.php

@@ -0,0 +1,110 @@
+<?php
+
+class Bookmarks
+{
+    /**
+     * Check if can bookmark
+     *
+     * @param string $Type
+     * @return boolean
+     */
+    public static function can_bookmark($Type)
+    {
+        return in_array($Type, array(
+            'torrent',
+            'artist',
+            'collage',
+            'request'
+        ));
+    }
+
+    /**
+     * Get the bookmark schema.
+     * Recommended usage:
+     * list($Table, $Col) = bookmark_schema('torrent');
+     *
+     * @param string $Type the type to get the schema for
+     */
+    public static function bookmark_schema($Type)
+    {
+        switch ($Type) {
+          case 'torrent':
+              return array(
+                  'bookmarks_torrents',
+                  'GroupID'
+              );
+              break;
+
+          case 'artist':
+              return array(
+                  'bookmarks_artists',
+                  'ArtistID'
+              );
+              break;
+
+          case 'collage':
+              return array(
+                  'bookmarks_collages',
+                  'CollageID'
+               );
+              break;
+
+          case 'request':
+              return array(
+                  'bookmarks_requests',
+                  'RequestID'
+              );
+              break;
+
+          default:
+              error('h4x');
+        }
+    }
+
+    /**
+     * Check if something is bookmarked
+     *
+     * @param string $Type
+     *          type of bookmarks to check
+     * @param int $ID
+     *          bookmark's id
+     * @return boolean
+     */
+    public static function has_bookmarked($Type, $ID)
+    {
+        return in_array($ID, self::all_bookmarks($Type));
+    }
+
+    /**
+     * Fetch all bookmarks of a certain type for a user.
+     * If UserID is false than defaults to G::$LoggedUser['ID']
+     *
+     * @param string $Type
+     *          type of bookmarks to fetch
+     * @param int $UserID
+     *          userid whose bookmarks to get
+     * @return array the bookmarks
+     */
+    public static function all_bookmarks($Type, $UserID = false)
+    {
+        if ($UserID === false) {
+            $UserID = G::$LoggedUser['ID'];
+        }
+
+        $CacheKey = "bookmarks_$Type".'_'.$UserID;
+        if (($Bookmarks = G::$Cache->get_value($CacheKey)) === false) {
+            list($Table, $Col) = self::bookmark_schema($Type);
+            $QueryID = G::$DB->get_query_id();
+
+            G::$DB->query("
+            SELECT `$Col`
+            FROM `$Table`
+              WHERE UserID = '$UserID'");
+
+            $Bookmarks = G::$DB->collect($Col);
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value($CacheKey, $Bookmarks, 0);
+        }
+        return $Bookmarks;
+    }
+}

classes/browse.class.php

@@ -0,0 +1,5 @@
+<?php
+
+class Browse
+{
+}

classes/cache.class.php

@@ -0,0 +1,476 @@
+<?php
+#declare(strict_types = 1);
+
+/*************************************************************************|
+|--------------- Caching class -------------------------------------------|
+|*************************************************************************|
+
+This class is a wrapper for the Memcache class, and it's been written in
+order to better handle the caching of full pages with bits of dynamic
+content that are different for every user.
+
+As this inherits memcache, all of the default memcache methods work -
+however, this class has page caching functions superior to those of
+memcache.
+
+Also, Memcache::get and Memcache::set have been wrapped by
+Cache::get_value and Cache::cache_value. get_value uses the same argument
+as get, but cache_value only takes the key, the value, and the duration
+(no zlib).
+
+// Unix sockets
+memcached -d -m 5120 -s /var/run/memcached.sock -a 0777 -t16 -C -u root
+
+// TCP bind
+memcached -d -m 8192 -l 10.10.0.1 -t8 -C
+
+|*************************************************************************/
+
+if (!extension_loaded('memcache') && !extension_loaded('memcached')) {
+    error('Memcache extension not loaded');
+}
+
+if (class_exists('Memcached')) {
+    class MemcacheCompat extends Memcached
+    {
+    }
+} else {
+    class MemcacheCompat extends Memcache
+    {
+    }
+}
+
+class Cache extends MemcacheCompat
+{
+    // Torrent Group cache version
+    const GROUP_VERSION = 5;
+
+    public $CacheHits = [];
+    public $MemcacheDBArray = [];
+    public $MemcacheDBKey = '';
+    protected $InTransaction = false;
+    public $Time = 0;
+    private $Servers = [];
+    private $PersistentKeys = [
+        'ajax_requests_*',
+        'query_lock_*',
+        'stats_*',
+        'top10tor_*',
+        'users_snatched_*',
+
+            // Cache-based features
+            'global_notification',
+            'notifications_one_reads_*',
+    ];
+    private $ClearedKeys = [];
+    public $CanClear = false;
+    public $InternalCache = true;
+
+    public function __construct($Servers)
+    {
+        if (is_subclass_of($this, 'Memcached')) {
+            parent::__construct();
+        }
+
+        $this->Servers = $Servers;
+        foreach ($Servers as $Server) {
+            if (is_subclass_of($this, 'Memcache')) {
+                $this->addServer($Server['host'], $Server['port'], true, $Server['buckets']);
+            } else {
+                $this->addServer(str_replace('unix://', '', $Server['host']), $Server['port'], $Server['buckets']);
+            }
+        }
+    }
+
+    //---------- Caching functions ----------//
+
+    // Allows us to set an expiration on otherwise perminantly cache'd values
+    // Useful for disabled users, locked threads, basically reducing ram usage
+    public function expire_value($Key, $Duration = 2592000)
+    {
+        $StartTime = microtime(true);
+        $this->set($Key, $this->get($Key), $Duration);
+        $this->Time += (microtime(true) - $StartTime) * 1000;
+    }
+
+    // Wrapper for Memcache::set, with the zlib option removed and default duration of 30 days
+    public function cache_value($Key, $Value, $Duration = 2592000)
+    {
+        $StartTime = microtime(true);
+        if (empty($Key)) {
+            trigger_error('Cache insert failed for empty key');
+        }
+
+        $SetParams = [$Key, $Value, 0, $Duration];
+        if (is_subclass_of($this, 'Memcached')) {
+            unset($SetParams[2]);
+        }
+
+        if (!$this->set(...$SetParams)) {
+            trigger_error("Cache insert failed for key $Key");
+        }
+
+        if ($this->InternalCache && array_key_exists($Key, $this->CacheHits)) {
+            $this->CacheHits[$Key] = $Value;
+        }
+        $this->Time += (microtime(true) - $StartTime) * 1000;
+    }
+
+    // Wrapper for Memcache::add, with the zlib option removed and default duration of 30 days
+    public function add_value($Key, $Value, $Duration = 2592000)
+    {
+        $StartTime = microtime(true);
+        $Added = $this->add($Key, $Value, 0, $Duration);
+        $this->Time += (microtime(true) - $StartTime) * 1000;
+        return $Added;
+    }
+
+    public function replace_value($Key, $Value, $Duration = 2592000)
+    {
+        $StartTime = microtime(true);
+        $ReplaceParams = [$Key, $Value, false, $Duration];
+
+        if (is_subclass_of($this, 'Memcached')) {
+            unset($ReplaceParams[2]);
+        }
+        $this->replace(...$ReplaceParams);
+
+        if ($this->InternalCache && array_key_exists($Key, $this->CacheHits)) {
+            $this->CacheHits[$Key] = $Value;
+        }
+        $this->Time += (microtime(true) - $StartTime) * 1000;
+    }
+
+    public function get_value($Key, $NoCache = false)
+    {
+        if (!$this->InternalCache) {
+            $NoCache = true;
+        }
+
+        $StartTime = microtime(true);
+        if (empty($Key)) {
+            trigger_error('Cache retrieval failed for empty key');
+        }
+
+        if (!empty($_GET['clearcache']) && $this->CanClear && !isset($this->ClearedKeys[$Key]) && !Misc::in_array_partial($Key, $this->PersistentKeys)) {
+            if ($_GET['clearcache'] === '1') {
+                // Because check_perms() isn't true until LoggedUser is pulled from the cache, we have to remove the entries loaded before the LoggedUser data
+                // Because of this, not user cache data will require a secondary pageload following the clearcache to update
+                if (count($this->CacheHits) > 0) {
+                    foreach (array_keys($this->CacheHits) as $HitKey) {
+                        if (!isset($this->ClearedKeys[$HitKey]) && !Misc::in_array_partial($HitKey, $this->PersistentKeys)) {
+                            $this->delete($HitKey);
+                            unset($this->CacheHits[$HitKey]);
+                            $this->ClearedKeys[$HitKey] = true;
+                        }
+                    }
+                }
+
+                $this->delete($Key);
+                $this->Time += (microtime(true) - $StartTime) * 1000;
+                return false;
+            } elseif ($_GET['clearcache'] === $Key) {
+                $this->delete($Key);
+                $this->Time += (microtime(true) - $StartTime) * 1000;
+                return false;
+            } elseif (substr($_GET['clearcache'], -1) === '*') {
+                $Prefix = substr($_GET['clearcache'], 0, -1);
+                if ($Prefix === '' || $Prefix === substr($Key, 0, strlen($Prefix))) {
+                    $this->delete($Key);
+                    $this->Time += (microtime(true) - $StartTime) * 1000;
+                    return false;
+                }
+            }
+            $this->ClearedKeys[$Key] = true;
+        }
+
+        // For cases like the forums, if a key is already loaded, grab the existing pointer
+        if (isset($this->CacheHits[$Key]) && !$NoCache) {
+            $this->Time += (microtime(true) - $StartTime) * 1000;
+            return $this->CacheHits[$Key];
+        }
+
+        $Return = $this->get($Key);
+        if ($Return !== false) {
+            $this->CacheHits[$Key] = $NoCache ? null : $Return;
+        }
+
+        $this->Time += (microtime(true) - $StartTime) * 1000;
+        return $Return;
+    }
+
+    // Wrapper for Memcache::delete. For a reason, see above.
+    public function delete_value($Key)
+    {
+        $StartTime = microtime(true);
+        if (empty($Key)) {
+            trigger_error('Cache deletion failed for empty key');
+        }
+
+        if (!$this->delete($Key)) {
+            //trigger_error("Cache delete failed for key $Key");
+        }
+
+        unset($this->CacheHits[$Key]);
+        $this->Time += (microtime(true) - $StartTime) * 1000;
+    }
+
+    public function increment_value($Key, $Value = 1)
+    {
+        $StartTime = microtime(true);
+        $NewVal = $this->increment($Key, $Value);
+
+        if (isset($this->CacheHits[$Key])) {
+            $this->CacheHits[$Key] = $NewVal;
+        }
+        $this->Time += (microtime(true) - $StartTime) * 1000;
+    }
+
+    public function decrement_value($Key, $Value = 1)
+    {
+        $StartTime = microtime(true);
+        $NewVal = $this->decrement($Key, $Value);
+
+        if (isset($this->CacheHits[$Key])) {
+            $this->CacheHits[$Key] = $NewVal;
+        }
+        $this->Time += (microtime(true) - $StartTime) * 1000;
+    }
+
+    //---------- memcachedb functions ----------//
+
+    public function begin_transaction($Key)
+    {
+        $Value = $this->get($Key);
+        if (!is_array($Value)) {
+            $this->InTransaction = false;
+            $this->MemcacheDBKey = [];
+            $this->MemcacheDBKey = '';
+            return false;
+        }
+
+        $this->MemcacheDBArray = $Value;
+        $this->MemcacheDBKey = $Key;
+        $this->InTransaction = true;
+        return true;
+    }
+
+    public function cancel_transaction()
+    {
+        $this->InTransaction = false;
+        $this->MemcacheDBKey = [];
+        $this->MemcacheDBKey = '';
+    }
+
+    public function commit_transaction($Time = 2592000)
+    {
+        if (!$this->InTransaction) {
+            return false;
+        }
+
+        $this->cache_value($this->MemcacheDBKey, $this->MemcacheDBArray, $Time);
+        $this->InTransaction = false;
+    }
+
+    // Updates multiple rows in an array
+    public function update_transaction($Rows, $Values)
+    {
+        if (!$this->InTransaction) {
+            return false;
+        }
+
+        $Array = $this->MemcacheDBArray;
+        if (is_array($Rows)) {
+            $i = 0;
+            $Keys = $Rows[0];
+            $Property = $Rows[1];
+            foreach ($Keys as $Row) {
+                $Array[$Row][$Property] = $Values[$i];
+                $i++;
+            }
+        } else {
+            $Array[$Rows] = $Values;
+        }
+        $this->MemcacheDBArray = $Array;
+    }
+
+    // Updates multiple values in a single row in an array
+    // $Values must be an associative array with key:value pairs like in the array we're updating
+    public function update_row($Row, $Values)
+    {
+        if (!$this->InTransaction) {
+            return false;
+        }
+
+        if ($Row === false) {
+            $UpdateArray = $this->MemcacheDBArray;
+        } else {
+            $UpdateArray = $this->MemcacheDBArray[$Row];
+        }
+
+        foreach ($Values as $Key => $Value) {
+            if (!array_key_exists($Key, $UpdateArray)) {
+                trigger_error('Bad transaction key ('.$Key.') for cache '.$this->MemcacheDBKey);
+            }
+
+            if ($Value === '+1') {
+                if (!is_number($UpdateArray[$Key])) {
+                    trigger_error('Tried to increment non-number ('.$Key.') for cache '.$this->MemcacheDBKey);
+                }
+                ++$UpdateArray[$Key]; // Increment value
+            } elseif ($Value === '-1') {
+                if (!is_number($UpdateArray[$Key])) {
+                    trigger_error('Tried to decrement non-number ('.$Key.') for cache '.$this->MemcacheDBKey);
+                }
+                --$UpdateArray[$Key]; // Decrement value
+            } else {
+                $UpdateArray[$Key] = $Value; // Otherwise, just alter value
+            }
+        }
+
+        if ($Row === false) {
+            $this->MemcacheDBArray = $UpdateArray;
+        } else {
+            $this->MemcacheDBArray[$Row] = $UpdateArray;
+        }
+    }
+
+    // Increments multiple values in a single row in an array
+    // $Values must be an associative array with key:value pairs like in the array we're updating
+    public function increment_row($Row, $Values)
+    {
+        if (!$this->InTransaction) {
+            return false;
+        }
+
+        if ($Row === false) {
+            $UpdateArray = $this->MemcacheDBArray;
+        } else {
+            $UpdateArray = $this->MemcacheDBArray[$Row];
+        }
+
+        foreach ($Values as $Key => $Value) {
+            if (!array_key_exists($Key, $UpdateArray)) {
+                trigger_error("Bad transaction key ($Key) for cache ".$this->MemcacheDBKey);
+            }
+
+            if (!is_number($Value)) {
+                trigger_error("Tried to increment with non-number ($Key) for cache ".$this->MemcacheDBKey);
+            }
+            $UpdateArray[$Key] += $Value; // Increment value
+        }
+
+        if ($Row === false) {
+            $this->MemcacheDBArray = $UpdateArray;
+        } else {
+            $this->MemcacheDBArray[$Row] = $UpdateArray;
+        }
+    }
+
+    // Insert a value at the beginning of the array
+    public function insert_front($Key, $Value)
+    {
+        if (!$this->InTransaction) {
+            return false;
+        }
+
+        if ($Key === '') {
+            array_unshift($this->MemcacheDBArray, $Value);
+        } else {
+            $this->MemcacheDBArray = array($Key=>$Value) + $this->MemcacheDBArray;
+        }
+    }
+
+    // Insert a value at the end of the array
+    public function insert_back($Key, $Value)
+    {
+        if (!$this->InTransaction) {
+            return false;
+        }
+
+        if ($Key === '') {
+            array_push($this->MemcacheDBArray, $Value);
+        } else {
+            $this->MemcacheDBArray = $this->MemcacheDBArray + array($Key=>$Value);
+        }
+    }
+
+    public function insert($Key, $Value)
+    {
+        if (!$this->InTransaction) {
+            return false;
+        }
+
+        if ($Key === '') {
+            $this->MemcacheDBArray[] = $Value;
+        } else {
+            $this->MemcacheDBArray[$Key] = $Value;
+        }
+    }
+
+    public function delete_row($Row)
+    {
+        if (!$this->InTransaction) {
+            return false;
+        }
+
+        if (!isset($this->MemcacheDBArray[$Row])) {
+            trigger_error("Tried to delete non-existent row ($Row) for cache ".$this->MemcacheDBKey);
+        }
+        unset($this->MemcacheDBArray[$Row]);
+    }
+
+    public function update($Key, $Rows, $Values, $Time = 2592000)
+    {
+        if (!$this->InTransaction) {
+            $this->begin_transaction($Key);
+            $this->update_transaction($Rows, $Values);
+            $this->commit_transaction($Time);
+        } else {
+            $this->update_transaction($Rows, $Values);
+        }
+    }
+
+    /**
+     * Tries to set a lock. Expiry time is one hour to avoid indefinite locks
+     *
+     * @param string $LockName name on the lock
+     * @return true if lock was acquired
+     */
+    public function get_query_lock($LockName)
+    {
+        return $this->add_value('query_lock_'.$LockName, 1, 3600);
+    }
+
+    /**
+     * Remove lock
+     *
+     * @param string $LockName name on the lock
+     */
+    public function clear_query_lock($LockName)
+    {
+        $this->delete_value('query_lock_'.$LockName);
+    }
+
+    /**
+     * Get cache server status
+     *
+     * @return array (host => int status, ...)
+     */
+    public function server_status()
+    {
+        $Status = [];
+        if (is_subclass_of($this, 'Memcached')) {
+            $MemcachedStats = $this->getStats();
+        }
+        
+        foreach ($this->Servers as $Server) {
+            if (is_subclass_of($this, 'Memcached')) {
+                $Status["$Server[host]:$Server[port]"] = gettype($MemcachedStats["$Server[host]:$Server[port]"]) === 'array' ? 1 : 0;
+            } else {
+                $Status["$Server[host]:$Server[port]"] = $this->getServerStatus($Server['host'], $Server['port']);
+            }
+        }
+        return $Status;
+    }
+}

classes/charts.class.php

@@ -0,0 +1,232 @@
+<?php
+
+class GOOGLE_CHARTS
+{
+    protected $URL = 'https://chart.googleapis.com/chart';
+    protected $Labels = [];
+    protected $Data = [];
+    protected $Options = [];
+
+    public function __construct($Type, $Width, $Height, $Options)
+    {
+        if ($Width * $Height > 300000 || $Height > 1000 || $Width > 1000) {
+            trigger_error('Tried to make chart too large.');
+        }
+
+        $this->URL .= "?cht=$Type&amp;chs={$Width}x$Height";
+        $this->Options = $Options;
+    }
+
+    protected function encode($Number)
+    {
+        if ($Number === -1) {
+            return '__';
+        }
+
+        $CharKey = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-.';
+        return $CharKey[floor($Number / 64)].$CharKey[floor($Number % 64)];
+    }
+
+    public function color($Colors)
+    {
+        $this->URL .= '&amp;chco='.$Colors;
+    }
+
+    public function lines($Thickness, $Solid = 1, $Blank = 0)
+    {
+        $this->URL .= "&amp;chls=$Thickness,$Solid,$Blank";
+    }
+
+    public function title($Title, $Color = '', $Size = '')
+    {
+        $this->URL .= '&amp;chtt='.str_replace(array(' ', "\n"), array('+', '|'), $Title);
+        if (!empty($Color)) {
+            $this->URL .= '&amp;chts='.$Color;
+        }
+
+        if (!empty($Size)) {
+            $this->URL .= ','.$Size;
+        }
+    }
+
+    public function legend($Items, $Placement = '')
+    {
+        $this->URL .= '&amp;chdl='.str_replace(' ', '+', implode('|', $Items));
+        if (!empty($Placement)) {
+            if (!in_array($Placement, array('b', 't', 'r', 'l', 'bv', 'tv'))) {
+                trigger_error('Invalid legend placement.');
+            }
+            $this->URL .= '&amp;chdlp='.$Placement;
+        }
+    }
+
+    public function add($Label, $Data)
+    {
+        if ($Label !== false) {
+            $this->Labels[] = $Label;
+        }
+        $this->Data[] = $Data;
+    }
+
+    public function grid_lines($SpacingX = 0, $SpacingY = -1, $Solid = 1, $Blank = 1)
+    {
+        // Can take 2 more parameters for offset, but we're not bothering with that right now
+        $this->URL .= "&amp;chg=$SpacingX,$SpacingY,$Solid,$Blank";
+    }
+
+    public function transparent()
+    {
+        $this->URL .= '&amp;chf=bg,s,FFFFFF00';
+    }
+
+
+    public function url()
+    {
+        return $this->URL;
+    }
+}
+
+class AREA_GRAPH extends GOOGLE_CHARTS
+{
+    public function __construct($Width, $Height, $Options = [])
+    {
+        parent::__construct('lc', $Width, $Height, $Options);
+    }
+
+    public function color($Color)
+    {
+        $this->URL .= '&amp;chco='.$Color.'&amp;chm=B,'.$Color.'50,0,0,0';
+    }
+
+    public function generate()
+    {
+        $Max = max($this->Data);
+        $Min = ((isset($this->Options['Break'])) ? $Min = min($this->Data) : 0);
+        $Data = [];
+
+        foreach ($this->Data as $Value) {
+            $Data[] = $this->encode((($Value - $Min) / ($Max - $Min)) * 4095);
+        }
+        $this->URL .= "&amp;chxt=y,x&amp;chxs=0,h&amp;chxl=1:|".implode('|', $this->Labels).'&amp;chxr=0,'.$Min.','.($Max - $Min).'&amp;chd=e:'.implode('', $Data);
+    }
+}
+
+class PIE_CHART extends GOOGLE_CHARTS
+{
+    public function __construct($Width, $Height, $Options = [])
+    {
+        $Type = ((isset($this->Options['3D'])) ? 'p3' : 'p');
+        parent::__construct($Type, $Width, $Height, $Options);
+    }
+
+    public function generate()
+    {
+        $Sum = array_sum($this->Data);
+        $Other = isset($this->Options['Other']);
+        $Sort = isset($this->Options['Sort']);
+        $LabelPercent = isset($this->Options['Percentage']);
+
+        if ($Sort && !empty($this->Labels)) {
+            array_multisort($this->Data, SORT_DESC, $this->Labels);
+        } elseif ($Sort) {
+            sort($this->Data);
+            $this->Data = array_reverse($this->Data);
+        }
+
+        $Data = [];
+        $Labels = $this->Labels;
+        $OtherPercentage = 0.00;
+        $OtherData = 0;
+
+        foreach ($this->Data as $Key => $Value) {
+            $ThisPercentage = number_format(($Value / $Sum) * 100, 2);
+            $ThisData = ($Value / $Sum) * 4095;
+
+            if ($Other && $ThisPercentage < 1) {
+                $OtherPercentage += $ThisPercentage;
+                $OtherData += $ThisData;
+                unset($Data[$Key]);
+                unset($Labels[$Key]);
+                continue;
+            }
+
+            if ($LabelPercent) {
+                $Labels[$Key] .= ' ('.$ThisPercentage.'%)';
+            }
+            $Data[] = $this->encode($ThisData);
+        }
+
+        if ($OtherPercentage > 0) {
+            $OtherLabel = 'Other';
+            if ($LabelPercent) {
+                $OtherLabel .= ' ('.$OtherPercentage.'%)';
+            }
+            $Labels[] = $OtherLabel;
+            $Data[] = $this->encode($OtherData);
+        }
+        $this->URL .= "&amp;chl=".implode('|', $Labels).'&amp;chd=e:'.implode('', $Data);
+    }
+}
+
+/*
+class LOG_BAR_GRAPH extends GOOGLE_CHARTS
+{
+    // todo: Finish
+    public function __construct($Base, $Width, $Height, $Options = [])
+    {
+        parent::__construct('lc', $Width, $Height, $Options);
+    }
+
+    public function color($Color)
+    {
+        $this->URL .= '&amp;chco='.$Color.'&amp;chm=B,'.$Color.'50,0,0,0';
+    }
+
+    public function generate()
+    {
+        $Max = max($this->Data);
+        $Min = ((isset($this->Options['Break'])) ? $Min = min($this->Data) : 0);
+        $Data = [];
+
+        foreach ($this->Data as $Value) {
+            $Data[] = $this->encode((($Value - $Min) / ($Max - $Min)) * 4095);
+        }
+        $this->URL .= "&amp;chxt=y,x&amp;chxs=0,h&amp;chxl=1:|".implode('|', $this->Labels).'&amp;chxr=0,'.$Min.','.($Max-$Min).'&amp;chd=e:'.implode('', $Data);
+    }
+}
+*/
+
+/*
+class POLL_GRAPH extends GOOGLE_CHARTS
+{
+    public function __construct()
+    {
+        $this->URL .= '?cht=bhg';
+    }
+
+    public function add($Label, $Data)
+    {
+        if ($Label !== false) {
+            $this->Labels[] = Format::cut_string($Label, 35);
+        }
+        $this->Data[] = $Data;
+    }
+
+    public function generate()
+    {
+        $Count = count($this->Data);
+        $Height = (30 * $Count) + 20;
+        $Max = max($this->Data);
+        $Sum = array_sum($this->Data);
+        $Increment = ($Max / $Sum) * 25; // * 100% / 4divisions
+        $Data = [];
+        $Labels = [];
+
+        foreach ($this->Data as $Key => $Value) {
+            $Data[] = $this->encode(($Value / $Max) * 4095);
+            $Labels[] = '@t'.str_replace(array(' ', ','), array('+', '\,'), $this->Labels[$Key]).',000000,1,'.round((($Key + 1) / $Count) - (12 / $Height), 2).':0,12';
+        }
+        $this->URL .= "&amp;chbh=25,0,5&amp;chs=214x$Height&amp;chl=0%|".round($Increment, 1)."%|".round($Increment * 2, 1)."%|".round($Increment * 3, 1)."%|".round($Increment * 4, 1)."%&amp;chm=".implode('|', $Labels).'&amp;chd=e:'.implode('', $Data);
+    }
+}
+*/

classes/collages.class.php

@@ -0,0 +1,78 @@
+<?php
+
+class Collages
+{
+    public static function increase_subscriptions($CollageID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        UPDATE
+          `collages`
+        SET
+          `Subscribers` = `Subscribers` + 1
+        WHERE
+          `ID` = '$CollageID'
+        ");
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function decrease_subscriptions($CollageID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        UPDATE
+          `collages`
+        SET
+          `Subscribers` = IF(
+            `Subscribers` < 1,
+            0,
+            `Subscribers` - 1
+          )
+        WHERE
+          `ID` = '$CollageID'
+        ");
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function create_personal_collage()
+    {
+        G::$DB->query("
+        SELECT
+          COUNT(`ID`)
+        FROM
+          `collages`
+        WHERE
+          `UserID` = '".G::$LoggedUser['ID']."' AND `CategoryID` = '0' AND `Deleted` = '0'
+        ");
+        list($CollageCount) = G::$DB->next_record();
+
+        if ($CollageCount >= G::$LoggedUser['Permissions']['MaxCollages']) {
+            // todo: Fix this, the query was for COUNT(ID), so I highly doubt that this works... - Y
+            list($CollageID) = G::$DB->next_record();
+            header("Location: collage.php?id=$CollageID");
+            error();
+        }
+
+        $NameStr = db_string(G::$LoggedUser['Username']."'s personal collage".($CollageCount > 0 ? ' no. '.($CollageCount + 1) : ''));
+        $Description = db_string('Personal collage for '.G::$LoggedUser['Username'].'. The first 5 albums will appear on his or her [url='.site_url().'user.php?id= '.G::$LoggedUser['ID'].']profile[/url].');
+
+        G::$DB->query("
+        INSERT INTO `collages`(
+          `Name`,
+          `Description`,
+          `CategoryID`,
+          `UserID`
+        )
+        VALUES(
+          '$NameStr',
+          '$Description',
+          '0',
+          ".G::$LoggedUser['ID']."
+        )
+        ");
+          
+        $CollageID = G::$DB->inserted_id();
+        header("Location: collage.php?id=$CollageID");
+        error();
+    }
+}

classes/comments.class.php

@@ -0,0 +1,573 @@
+<?php
+
+class Comments
+{
+    /*
+     * For all functions:
+     * $Page = 'artist', 'collages', 'requests' or 'torrents'
+     * $PageID = ArtistID, CollageID, RequestID or GroupID, respectively
+     */
+
+    /**
+     * Post a comment on an artist, request or torrent page.
+     * @param string $Page
+     * @param int $PageID
+     * @param string $Body
+     * @return int ID of the new comment
+     */
+    public static function post($Page, $PageID, $Body)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT
+        CEIL(
+          (
+          SELECT
+            COUNT(`ID`) + 1
+          FROM
+            `comments`
+          WHERE
+            `Page` = '$Page' AND `PageID` = $PageID
+          ) / ".TORRENT_COMMENTS_PER_PAGE."
+        ) AS Pages
+        ");
+        list($Pages) = G::$DB->next_record();
+
+        G::$DB->query("
+        INSERT INTO `comments`(
+          `Page`,
+          `PageID`,
+          `AuthorID`,
+          `AddedTime`,
+          `Body`
+        )
+        VALUES(
+          '$Page',
+          $PageID,
+          ".G::$LoggedUser['ID'].",
+          NOW(), '".db_string($Body)."')
+        ");
+        $PostID = G::$DB->inserted_id();
+
+        $CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $Pages - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
+        G::$Cache->delete_value($Page.'_comments_'.$PageID.'_catalogue_'.$CatalogueID);
+        G::$Cache->delete_value($Page.'_comments_'.$PageID);
+
+        Subscriptions::flush_subscriptions($Page, $PageID);
+        Subscriptions::quote_notify($Body, $PostID, $Page, $PageID);
+
+        G::$DB->set_query_id($QueryID);
+        return $PostID;
+    }
+
+    /**
+     * Edit a comment
+     * @param int $PostID
+     * @param string $NewBody
+     * @param bool $SendPM If true, send a PM to the author of the comment informing him about the edit
+     *
+     * todo: Move permission check out of here/remove hardcoded error(404)
+     */
+    public static function edit($PostID, $NewBody, $SendPM = false)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT
+          `Body`,
+          `AuthorID`,
+          `Page`,
+          `PageID`,
+          `AddedTime`
+        FROM
+          `comments`
+        WHERE
+          `ID` = $PostID
+        ");
+
+        if (!G::$DB->has_results()) {
+            return false;
+        }
+        list($OldBody, $AuthorID, $Page, $PageID, $AddedTime) = G::$DB->next_record();
+
+        if (G::$LoggedUser['ID'] != $AuthorID && !check_perms('site_moderate_forums')) {
+            return false;
+        }
+
+        G::$DB->query("
+        SELECT
+        CEIL(
+          COUNT(`ID`) / ".TORRENT_COMMENTS_PER_PAGE."
+        ) AS Page
+        FROM
+          `comments`
+        WHERE
+          `Page` = '$Page' AND `PageID` = $PageID AND `ID` <= $PostID
+        ");
+        list($CommPage) = G::$DB->next_record();
+
+        // Perform the update
+        G::$DB->query("
+        UPDATE
+          `comments`
+        SET
+          `Body` = '".db_string($NewBody)."',
+          `EditedUserID` = ".G::$LoggedUser['ID'].",
+          `EditedTime` = NOW()
+        WHERE
+          `ID` = $PostID
+        ");
+
+        // Update the cache
+        $CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $CommPage - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
+        G::$Cache->delete_value($Page . '_comments_' . $PageID . '_catalogue_' . $CatalogueID);
+
+        if ($Page === 'collages') {
+            // On collages, we also need to clear the collage key (collage_$CollageID), because it has the comments in it... (why??)
+            G::$Cache->delete_value("collage_$PageID");
+        }
+
+        G::$DB->query("
+        INSERT INTO `comments_edits`(
+          `Page`,
+          `PostID`,
+          `EditUser`,
+          `EditTime`,
+          `Body`
+        )
+        VALUES(
+          '$Page',
+          $PostID,
+          ".G::$LoggedUser['ID'].",
+          NOW(), '".db_string($OldBody)."')
+        ");
+        G::$DB->set_query_id($QueryID);
+
+        if ($SendPM && G::$LoggedUser['ID'] !== $AuthorID) {
+            // Send a PM to the user to notify them of the edit
+            $PMSubject = "Your comment #$PostID has been edited";
+            $PMurl = site_url()."comments.php?action=jump&postid=$PostID";
+            $ProfLink = '[url='.site_url().'user.php?id='.G::$LoggedUser['ID'].']'.G::$LoggedUser['Username'].'[/url]';
+            $PMBody = "One of your comments has been edited by $ProfLink: [url]{$PMurl}[/url]";
+            Misc::send_pm($AuthorID, 0, $PMSubject, $PMBody);
+        }
+
+        return true; // todo: This should reflect whether or not the update was actually successful, e.g., by checking G::$DB->affected_rows after the UPDATE query
+    }
+
+    /**
+     * Delete a comment
+     * @param int $PostID
+     */
+    public static function delete($PostID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        // Get page, pageid
+        G::$DB->query("
+        SELECT
+          `Page`,
+          `PageID`
+        FROM
+          `comments`
+        WHERE
+          `ID` = $PostID
+        ");
+
+        if (!G::$DB->has_results()) {
+            // no such comment?
+            G::$DB->set_query_id($QueryID);
+            return false;
+        }
+        list($Page, $PageID) = G::$DB->next_record();
+
+        // Get number of pages
+        G::$DB->query("
+        SELECT
+        CEIL(
+          COUNT(`ID`) / ".TORRENT_COMMENTS_PER_PAGE."
+        ) AS Pages,
+        CEIL(
+          SUM(IF(`ID` <= $PostID, 1, 0)) / ".TORRENT_COMMENTS_PER_PAGE."
+        ) AS Page
+        FROM
+          `comments`
+        WHERE
+          `Page` = '$Page' AND `PageID` = $PageID
+        GROUP BY
+          `PageID`
+        ");
+
+        if (!G::$DB->has_results()) {
+            // The comment $PostID was probably not posted on $Page
+            G::$DB->set_query_id($QueryID);
+            return false;
+        }
+        list($CommPages, $CommPage) = G::$DB->next_record();
+
+        // $CommPages = number of pages in the thread
+        // $CommPage = which page the post is on
+        // These are set for cache clearing.
+        G::$DB->query("
+        DELETE
+        FROM
+          `comments`
+        WHERE
+          `ID` = $PostID
+        ");
+
+        G::$DB->query("
+        DELETE
+        FROM
+          `comments_edits`
+        WHERE
+          `Page` = '$Page' AND `PostID` = $PostID
+        ");
+
+        G::$DB->query("
+        DELETE
+        FROM
+          `users_notify_quoted`
+        WHERE
+          `Page` = '$Page' AND `PostID` = $PostID
+        ");
+
+        Subscriptions::flush_subscriptions($Page, $PageID);
+        Subscriptions::flush_quote_notifications($Page, $PageID);
+
+        // We need to clear all subsequential catalogues as they've all been bumped with the absence of this post
+        $ThisCatalogue = floor((TORRENT_COMMENTS_PER_PAGE * $CommPage - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
+        $LastCatalogue = floor((TORRENT_COMMENTS_PER_PAGE * $CommPages - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
+
+        for ($i = $ThisCatalogue; $i <= $LastCatalogue; ++$i) {
+            G::$Cache->delete_value($Page . '_comments_' . $PageID . '_catalogue_' . $i);
+        }
+
+        G::$Cache->delete_value($Page . '_comments_' . $PageID);
+        if ($Page === 'collages') {
+            // On collages, we also need to clear the collage key (collage_$CollageID), because it has the comments in it... (why??)
+            G::$Cache->delete_value("collage_$PageID");
+        }
+
+        G::$DB->set_query_id($QueryID);
+        return true;
+    }
+
+    /**
+     * Get the URL to a comment, already knowing the Page and PostID
+     * @param string $Page
+     * @param int $PageID
+     * @param int $PostID
+     * @return string|bool The URL to the comment or false on error
+     */
+    public static function get_url($Page, $PageID, $PostID = null)
+    {
+        $Post = (!empty($PostID) ? "&postid=$PostID#post$PostID" : '');
+        switch ($Page) {
+        case 'artist':
+            return "artist.php?id=$PageID$Post";
+
+        case 'collages':
+            return "collages.php?action=comments&collageid=$PageID$Post";
+
+        case 'requests':
+            return "requests.php?action=view&id=$PageID$Post";
+
+        case 'torrents':
+            return "torrents.php?id=$PageID$Post";
+
+        default:
+            return false;
+        }
+    }
+
+    /**
+     * Get the URL to a comment
+     * @param int $PostID
+     * @return string|bool The URL to the comment or false on error
+     */
+    public static function get_url_query($PostID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT
+          `Page`,
+          `PageID`
+        FROM
+          `comments`
+        WHERE
+          `ID` = $PostID
+        ");
+
+        if (!G::$DB->has_results()) {
+            error(404);
+        }
+
+        list($Page, $PageID) = G::$DB->next_record();
+        G::$DB->set_query_id($QueryID);
+
+        return self::get_url($Page, $PageID, $PostID);
+    }
+
+    /**
+     * Load a page's comments. This takes care of `postid` and (indirectly) `page` parameters passed in $_GET.
+     * Quote notifications and last read are also handled here, unless $HandleSubscriptions = false is passed.
+     * @param string $Page
+     * @param int $PageID
+     * @param bool $HandleSubscriptions Whether or not to handle subscriptions (last read & quote notifications)
+     * @return array ($NumComments, $Page, $Thread, $LastRead)
+     *     $NumComments: the total number of comments on this artist/request/torrent group
+     *     $Page: the page we're currently on
+     *     $Thread: an array of all posts on this page
+     *     $LastRead: ID of the last comment read by the current user in this thread;
+     *                will be false if $HandleSubscriptions == false or if there are no comments on this page
+     */
+    public static function load($Page, $PageID, $HandleSubscriptions = true)
+    {
+        $QueryID = G::$DB->get_query_id();
+
+        // Get the total number of comments
+        $NumComments = G::$Cache->get_value($Page . "_comments_$PageID");
+        if ($NumComments === false) {
+            G::$DB->query("
+            SELECT
+              COUNT(`ID`)
+            FROM
+              `comments`
+            WHERE
+              `Page` = '$Page' AND `PageID` = $PageID
+            ");
+            list($NumComments) = G::$DB->next_record();
+            G::$Cache->cache_value($Page."_comments_$PageID", $NumComments, 0);
+        }
+
+        // If a postid was passed, we need to determine which page that comment is on.
+        // Format::page_limit handles a potential $_GET['page']
+        if (isset($_GET['postid']) && is_number($_GET['postid']) && $NumComments > TORRENT_COMMENTS_PER_PAGE) {
+            G::$DB->query("
+            SELECT
+              COUNT(`ID`)
+            FROM
+              `comments`
+            WHERE
+              `Page` = '$Page' AND `PageID` = $PageID AND `ID` <= $_GET[postid]
+            ");
+
+            list($PostNum) = G::$DB->next_record();
+            list($CommPage, $Limit) = Format::page_limit(TORRENT_COMMENTS_PER_PAGE, $PostNum);
+        } else {
+            list($CommPage, $Limit) = Format::page_limit(TORRENT_COMMENTS_PER_PAGE, $NumComments);
+        }
+
+        // Get the cache catalogue
+        $CatalogueID = floor((TORRENT_COMMENTS_PER_PAGE * $CommPage - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
+
+        // Cache catalogue from which the page is selected, allows block caches and future ability to specify posts per page
+        $Catalogue = G::$Cache->get_value($Page.'_comments_'.$PageID.'_catalogue_'.$CatalogueID);
+        if ($Catalogue === false) {
+            $CatalogueLimit = $CatalogueID * THREAD_CATALOGUE . ', ' . THREAD_CATALOGUE;
+            G::$DB->query("
+            SELECT
+              c.`ID`, c.`AuthorID`,
+              c.`AddedTime`,
+              c.`Body`,
+              c.`EditedUserID`,
+              c.`EditedTime`,
+              u.`Username`
+            FROM
+              `comments` AS c
+            LEFT JOIN `users_main` AS u
+            ON
+              u.`ID` = c.`EditedUserID`
+            WHERE
+              c.`Page` = '$Page' AND c.`PageID` = $PageID
+            ORDER BY
+              c.`ID`
+            LIMIT $CatalogueLimit
+            ");
+
+            $Catalogue = G::$DB->to_array(false, MYSQLI_ASSOC);
+            G::$Cache->cache_value($Page.'_comments_'.$PageID.'_catalogue_'.$CatalogueID, $Catalogue, 0);
+        }
+
+        // This is a hybrid to reduce the catalogue down to the page elements: We use the page limit % catalogue
+        $Thread = array_slice($Catalogue, ((TORRENT_COMMENTS_PER_PAGE * $CommPage - TORRENT_COMMENTS_PER_PAGE) % THREAD_CATALOGUE), TORRENT_COMMENTS_PER_PAGE, true);
+
+        if ($HandleSubscriptions && count($Thread) > 0) {
+            // Quote notifications
+            $LastPost = end($Thread);
+            $LastPost = $LastPost['ID'];
+            $FirstPost = reset($Thread);
+            $FirstPost = $FirstPost['ID'];
+
+            G::$DB->query("
+            UPDATE
+              `users_notify_quoted`
+            SET
+              `UnRead` = FALSE
+            WHERE
+              `UserID` = ".G::$LoggedUser['ID']."
+              AND `Page` = '$Page'
+              AND `PageID` = $PageID
+              AND `PostID` >= $FirstPost
+              AND `PostID` <= $LastPost
+            ");
+
+            if (G::$DB->affected_rows()) {
+                G::$Cache->delete_value('notify_quoted_' . G::$LoggedUser['ID']);
+            }
+
+            // Last read
+            G::$DB->query("
+            SELECT
+              `PostID`
+            FROM
+              `users_comments_last_read`
+            WHERE
+              `UserID` = ".G::$LoggedUser['ID']."
+              AND `Page` = '$Page'
+              AND `PageID` = $PageID
+            ");
+
+            list($LastRead) = G::$DB->next_record();
+            if ($LastRead < $LastPost) {
+                G::$DB->query("
+                INSERT INTO `users_comments_last_read`(`UserID`, `Page`, `PageID`, `PostID`)
+                VALUES(
+                  ".G::$LoggedUser['ID'].",
+                  '$Page',
+                  $PageID,
+                  $LastPost
+                )
+                ON DUPLICATE KEY
+                UPDATE
+                  `PostID` = $LastPost
+                ");
+                G::$Cache->delete_value('subscriptions_user_new_' . G::$LoggedUser['ID']);
+            }
+        } else {
+            $LastRead = false;
+        }
+
+        G::$DB->set_query_id($QueryID);
+        return array($NumComments, $CommPage, $Thread, $LastRead);
+    }
+
+    /**
+     * Merges all comments from $Page/$PageID into $Page/$TargetPageID. This also takes care of quote notifications, subscriptions and cache.
+     * @param type $Page
+     * @param type $PageID
+     * @param type $TargetPageID
+     */
+    public static function merge($Page, $PageID, $TargetPageID)
+    {
+        $QueryID = G::$DB->get_query_id();
+
+        G::$DB->query("
+        UPDATE
+          `comments`
+        SET
+          `PageID` = $TargetPageID
+        WHERE
+          `Page` = '$Page' AND `PageID` = $PageID
+        ");
+
+        // Quote notifications
+        G::$DB->query("
+        UPDATE
+          `users_notify_quoted`
+        SET
+          `PageID` = $TargetPageID
+        WHERE
+          `Page` = '$Page' AND `PageID` = $PageID
+        ");
+
+        // Comment subscriptions
+        Subscriptions::move_subscriptions($Page, $PageID, $TargetPageID);
+
+        // Cache (we need to clear all comment catalogues)
+        G::$DB->query("
+        SELECT
+          CEIL(
+            COUNT(`ID`) / ".TORRENT_COMMENTS_PER_PAGE."
+          ) AS Pages
+        FROM
+          `comments`
+        WHERE
+          `Page` = '$Page' AND `PageID` = $TargetPageID
+        GROUP BY
+          `PageID`
+        ");
+
+        list($CommPages) = G::$DB->next_record();
+        $LastCatalogue = floor((TORRENT_COMMENTS_PER_PAGE * $CommPages - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
+        
+        for ($i = 0; $i <= $LastCatalogue; ++$i) {
+            G::$Cache->delete_value($Page . "_comments_$TargetPageID" . "_catalogue_$i");
+        }
+
+        G::$Cache->delete_value($Page . "_comments_$TargetPageID");
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+     * Delete all comments on $Page/$PageID (deals with quote notifications and subscriptions as well)
+     * @param string $Page
+     * @param int $PageID
+     * @return boolean
+     */
+    public static function delete_page($Page, $PageID)
+    {
+        $QueryID = G::$DB->get_query_id();
+
+        // get number of pages
+        G::$DB->query("
+        SELECT
+          CEIL(
+            COUNT(`ID`) / ".TORRENT_COMMENTS_PER_PAGE."
+          ) AS Pages
+        FROM
+          `comments`
+        WHERE
+          `Page` = '$Page' AND `PageID` = $PageID
+        GROUP BY
+          `PageID`
+        ");
+
+        if (!G::$DB->has_results()) {
+            return false;
+        }
+        list($CommPages) = G::$DB->next_record();
+
+        // Delete comments
+        G::$DB->query("
+        DELETE
+        FROM
+          `comments`
+        WHERE
+          `Page` = '$Page' AND `PageID` = $PageID
+        ");
+
+        // Delete quote notifications
+        Subscriptions::flush_quote_notifications($Page, $PageID);
+        G::$DB->query("
+        DELETE
+        FROM
+          `users_notify_quoted`
+        WHERE
+          `Page` = '$Page' AND `PageID` = $PageID
+        ");
+
+        // Deal with subscriptions
+        Subscriptions::move_subscriptions($Page, $PageID, null);
+
+        // Clear cache
+        $LastCatalogue = floor((TORRENT_COMMENTS_PER_PAGE * $CommPages - TORRENT_COMMENTS_PER_PAGE) / THREAD_CATALOGUE);
+        for ($i = 0; $i <= $LastCatalogue; ++$i) {
+            G::$Cache->delete_value($Page."_comments_$PageID"."_catalogue_$i");
+        }
+
+        G::$Cache->delete_value($Page."_comments_$PageID");
+        G::$DB->set_query_id($QueryID);
+
+        return true;
+    }
+}

classes/commentsview.class.php

@@ -0,0 +1,116 @@
+<?php
+
+class CommentsView
+{
+    /**
+     * Render a thread of comments
+     * @param array $Thread An array as returned by Comments::load
+     * @param int $LastRead PostID of the last read post
+     * @param string $Baselink Link to the site these comments are on
+     */
+    public static function render_comments($Thread, $LastRead, $Baselink)
+    {
+        foreach ($Thread as $Post) {
+            list($PostID, $AuthorID, $AddedTime, $CommentBody, $EditedUserID, $EditedTime, $EditedUsername) = array_values($Post);
+            self::render_comment($AuthorID, $PostID, $CommentBody, $AddedTime, $EditedUserID, $EditedTime, $Baselink . "&amp;postid=$PostID#post$PostID", ($PostID > $LastRead));
+        }
+    }
+
+    /**
+     * Render one comment
+     * @param int $AuthorID
+     * @param int $PostID
+     * @param string $Body
+     * @param string $AddedTime
+     * @param int $EditedUserID
+     * @param string $EditedTime
+     * @param string $Link The link to the post elsewhere on the site
+     * @param string $Header The header used in the post
+     * @param bool $Tools Whether or not to show [Edit], [Report] etc.
+     *
+     * todo: Find a better way to pass the page (artist, collages, requests, torrents) to this function than extracting it from $Link
+     */
+    public static function render_comment($AuthorID, $PostID, $Body, $AddedTime, $EditedUserID, $EditedTime, $Link, $Unread = false, $Header = '', $Tools = true)
+    {
+        $UserInfo = Users::user_info($AuthorID);
+        $Header = Users::format_username($AuthorID, true, true, true, true, true) . time_diff($AddedTime) . $Header; ?>
+<table
+  class="forum_post box vertical_margin<?=(!Users::has_avatars_enabled() ? ' noavatar' : '') . ($Unread ? ' forum_unread' : '')?>"
+  id="post<?=$PostID?>">
+  <colgroup>
+    <?php if (Users::has_avatars_enabled()) { ?>
+    <col class="col_avatar" />
+    <?php } ?>
+    <col class="col_post_body" />
+  </colgroup>
+  <tr class="colhead_dark">
+    <td colspan="<?=(Users::has_avatars_enabled() ? 2 : 1)?>">
+      <div class="float_left"><a class="post_id"
+          href="<?=$Link?>">#<?=$PostID?></a>
+        <?=$Header?>
+        <?php if ($Tools) { ?>
+        - <a href="#quickpost"
+          onclick="Quote('<?=$PostID?>','<?=$UserInfo['Username']?>', true);"
+          class="brackets">Quote</a>
+        <?php if ($AuthorID == G::$LoggedUser['ID'] || check_perms('site_moderate_forums')) { ?>
+        - <a href="#post<?=$PostID?>"
+          onclick="Edit_Form('<?=$PostID?>','');"
+          class="brackets">Edit</a>
+        <?php }
+      if (check_perms('site_moderate_forums')) { ?>
+        - <a href="#post<?=$PostID?>"
+          onclick="Delete('<?=$PostID?>');"
+          class="brackets">Delete</a>
+        <?php } ?>
+      </div>
+      <div id="bar<?=$PostID?>" class="float_right">
+        <a href="reports.php?action=report&amp;type=comment&amp;id=<?=$PostID?>"
+          class="brackets">Report</a>
+        <?php
+      if (check_perms('users_warn') && $AuthorID != G::$LoggedUser['ID'] && G::$LoggedUser['Class'] >= $UserInfo['Class']) {
+          ?>
+        <form class="manage_form hidden" name="user"
+          id="warn<?=$PostID?>" action="comments.php" method="post">
+          <input type="hidden" name="action" value="warn" />
+          <input type="hidden" name="postid" value="<?=$PostID?>" />
+        </form>
+        - <a href="#"
+          onclick="$('#warn<?=$PostID?>').raw().submit(); return false;"
+          class="brackets">Warn</a>
+        <?php
+      } ?>
+        &nbsp;
+        <a href="#">&uarr;</a>
+        <?php } ?>
+      </div>
+    </td>
+  </tr>
+  <tr>
+    <?php if (Users::has_avatars_enabled()) { ?>
+    <td class="avatar" valign="top">
+      <?=Users::show_avatar($UserInfo['Avatar'], $AuthorID, $UserInfo['Username'], G::$LoggedUser['DisableAvatars'])?>
+    </td>
+    <?php } ?>
+    <td class="body" valign="top">
+      <div id="content<?=$PostID?>">
+        <?=Text::full_format($Body)?>
+        <?php if ($EditedUserID) { ?>
+        <br />
+        <br />
+        <div class="last_edited">
+          <?php if (check_perms('site_admin_forums')) { ?>
+          <a href="#content<?=$PostID?>"
+            onclick="LoadEdit('<?=substr($Link, 0, strcspn($Link, '.'))?>', <?=$PostID?>, 1); return false;">&laquo;</a>
+          <?php } ?>
+          Last edited by
+          <?=Users::format_username($EditedUserID, false, false, false) ?>
+          <?=time_diff($EditedTime, 2, true, true)?>
+          <?php } ?>
+        </div>
+      </div>
+    </td>
+  </tr>
+</table>
+<?php
+    }
+}

classes/cookie.class.php

@@ -0,0 +1,54 @@
+<?php
+
+/*************************************************************************|
+|--------------- Cookie class --------------------------------------------|
+|*************************************************************************|
+
+This class handles cookies.
+
+$Cookie->get(); is user provided and untrustworthy
+
+|*************************************************************************/
+
+/*
+interface COOKIE_INTERFACE {
+  public function get($Key);
+  public function set($Key, $Value, $Seconds, $LimitAccess);
+  public function del($Key);
+
+  public function flush();
+}
+*/
+
+class COOKIE /*implements COOKIE_INTERFACE*/
+{
+    const LIMIT_ACCESS = true; // If true, blocks JS cookie API access by default (can be overridden case by case)
+    const PREFIX = ''; // In some cases you may desire to prefix your cookies
+
+    public function get($Key)
+    {
+        if (!isset($_COOKIE[SELF::PREFIX.$Key])) {
+            return false;
+        }
+        return $_COOKIE[SELF::PREFIX.$Key];
+    }
+
+    // Pass the 4th optional param as false to allow JS access to the cookie
+    public function set($Key, $Value, $Seconds = 86400, $LimitAccess = SELF::LIMIT_ACCESS)
+    {
+        setcookie(SELF::PREFIX.$Key, $Value, time() + $Seconds, '/', SITE_DOMAIN, $_SERVER['SERVER_PORT'] === '443', $LimitAccess, false);
+    }
+
+    public function del($Key)
+    {
+        setcookie(SELF::PREFIX.$Key, '', time() - 24 * 3600); //3600 vs 1 second to account for potential clock desyncs
+    }
+
+    public function flush()
+    {
+        $Cookies = array_keys($_COOKIE);
+        foreach ($Cookies as $Cookie) {
+            $this->del($Cookie);
+        }
+    }
+}

classes/crypto.class.php

@@ -0,0 +1,41 @@
+<?php
+declare(strict_types=1);
+
+class Crypto
+{
+    /**
+     * Encrypts input text for use in database
+     *
+     * @param string $plaintext
+     * @return encrypted string or false if DB key not accessible
+     */
+    public static function encrypt($plaintext)
+    {
+        if (apcu_exists('DBKEY')) {
+            $iv_size = openssl_cipher_iv_length('aes-256-cbc');
+            $iv = openssl_random_pseudo_bytes($iv_size);
+            $ret = base64_encode($iv.openssl_encrypt($plaintext, 'aes-256-cbc', apcu_fetch('DBKEY'), OPENSSL_RAW_DATA, $iv));
+            return $ret;
+        } else {
+            return false;
+        }
+    }
+
+    /**
+     * Decrypts input text from database
+     *
+     * @param string $ciphertext
+     * @return decrypted string string or false if DB key not accessible
+     */
+    public static function decrypt($ciphertext)
+    {
+        if (apcu_exists('DBKEY')) {
+            $iv_size = openssl_cipher_iv_length('aes-256-cbc');
+            $iv = substr(base64_decode($ciphertext), 0, $iv_size);
+            $ciphertext = substr(base64_decode($ciphertext), $iv_size);
+            return openssl_decrypt($ciphertext, 'aes-256-cbc', apcu_fetch('DBKEY'), OPENSSL_RAW_DATA, $iv);
+        } else {
+            return false;
+        }
+    }
+}

classes/debug.class.php

@@ -0,0 +1,827 @@
+<?php
+
+// Debug info for developers
+ini_set('max_execution_time', 600);
+define('MAX_TIME', 20000); //Maximum execution time in ms
+define('MAX_ERRORS', 0); //Maxmimum errors, warnings, notices we will allow in a page
+define('MAX_MEMORY', 80 * 1024 * 1024); //Maximum memory used per pageload
+define('MAX_QUERIES', 30); //Maxmimum queries
+
+class DEBUG
+{
+    public $Errors = [];
+    public $Flags = [];
+    public $Perf = [];
+    private $LoggedVars = [];
+
+    public function profile($Automatic = '')
+    {
+        global $ScriptStartTime;
+        $Reason = [];
+
+        if (!empty($Automatic)) {
+            $Reason[] = $Automatic;
+        }
+
+        $Micro = (microtime(true) - $ScriptStartTime) * 1000;
+        if ($Micro > MAX_TIME && !defined('TIME_EXCEPTION')) {
+            $Reason[] = number_format($Micro, 3).' ms';
+        }
+
+        $Errors = count($this->get_errors());
+        if ($Errors > MAX_ERRORS && !defined('ERROR_EXCEPTION')) {
+            $Reason[] = $Errors.' PHP errors';
+        }
+
+        /*
+        $Queries = count($this->get_queries());
+        if ($Queries > MAX_QUERIES && !defined('QUERY_EXCEPTION')) {
+          $Reason[] = $Queries.' Queries';
+        }
+        */
+
+        $Ram = memory_get_usage(true);
+        if ($Ram > MAX_MEMORY && !defined('MEMORY_EXCEPTION')) {
+            $Reason[] = Format::get_size($Ram).' RAM used';
+        }
+
+        G::$DB->warnings(); // See comment in MYSQL::query
+        /*
+        $Queries = $this->get_queries();
+        $DBWarningCount = 0;
+        foreach ($Queries as $Query) {
+          if (!empty($Query[2])) {
+            $DBWarningCount += count($Query[2]);
+          }
+        }
+        if ($DBWarningCount) {
+          $Reason[] = $DBWarningCount . ' DB warning(s)';
+        }
+        */
+
+        $CacheStatus = G::$Cache->server_status();
+        if (in_array(0, $CacheStatus) && !G::$Cache->get_value('cache_fail_reported')) {
+            // Limit to max one report every 15 minutes to avoid massive debug spam
+            G::$Cache->cache_value('cache_fail_reported', true, 900);
+            $Reason[] = "Cache server error";
+        }
+
+        if (isset($_REQUEST['profile'])) {
+            $Reason[] = 'Requested by ' . G::$LoggedUser['Username'];
+        }
+
+        $this->Perf['Memory usage'] = (($Ram>>10) / 1024).' MB';
+        $this->Perf['Page process time'] = number_format($Micro / 1000, 3).' s';
+        $this->Perf['CPU time'] = number_format($this->get_cpu_time() / 1000000, 3).' s';
+
+        if (isset($Reason[0])) {
+            $this->log_var($CacheStatus, 'Cache server status');
+            $this->analysis(implode(', ', $Reason));
+            return true;
+        }
+        return false;
+    }
+
+    public function analysis($Message, $Report = '', $Time = 43200)
+    {
+        global $Document;
+        if (empty($Report)) {
+            $Report = $Message;
+        }
+        $Identifier = Users::make_secret(5);
+        G::$Cache->cache_value(
+            'analysis_'.$Identifier,
+            array(
+                'url' => $_SERVER['REQUEST_URI'],
+                'message' => $Report,
+                'errors' => $this->get_errors(true),
+                'queries' => $this->get_queries(),
+                'flags' => $this->get_flags(),
+                'includes' => $this->get_includes(),
+                'cache' => $this->get_cache_keys(),
+                'vars' => $this->get_logged_vars(),
+                'perf' => $this->get_perf(),
+                'ocelot' => $this->get_ocelot_requests()
+            ),
+            $Time
+        );
+
+        $RequestURI = !empty($_SERVER['REQUEST_URI']) ? substr($_SERVER['REQUEST_URI'], 1) : '';
+        send_irc(DEBUG_CHAN, "$Message $Document ".site_url()."tools.php?action=analysis&case=$Identifier ".site_url().$RequestURI);
+    }
+
+    public function get_cpu_time()
+    {
+        if (!defined('PHP_WINDOWS_VERSION_MAJOR')) {
+            global $CPUTimeStart;
+            $RUsage = getrusage();
+            $CPUTime = $RUsage['ru_utime.tv_sec'] * 1000000 + $RUsage['ru_utime.tv_usec'] - $CPUTimeStart;
+            return $CPUTime;
+        }
+        return false;
+    }
+
+    public function log_var($Var, $VarName = false)
+    {
+        $BackTrace = debug_backtrace();
+        $ID = Users::make_secret(5);
+
+        if (!$VarName) {
+            $VarName = $ID;
+        }
+
+        $File = array('path' => substr($BackTrace[0]['file'], strlen(SERVER_ROOT)), 'line' => $BackTrace[0]['line']);
+        $this->LoggedVars[$ID] = array($VarName => array('bt' => $File, 'data' => $Var));
+    }
+
+    public function set_flag($Event)
+    {
+        global $ScriptStartTime;
+        $this->Flags[] = array($Event, (microtime(true) - $ScriptStartTime) * 1000, memory_get_usage(true), $this->get_cpu_time());
+    }
+
+    // This isn't in the constructor because $this is not available, and the function cannot be made static
+    public function handle_errors()
+    {
+        //error_reporting(E_ALL ^ E_STRICT | E_WARNING | E_DEPRECATED | E_ERROR | E_PARSE); //E_STRICT disabled
+        error_reporting(E_WARNING | E_ERROR | E_PARSE);
+        set_error_handler(array($this, 'php_error_handler'));
+    }
+
+    protected function format_args($Array)
+    {
+        $LastKey = -1;
+        $Return = [];
+        foreach ($Array as $Key => $Val) {
+            $Return[$Key] = '';
+            if (!is_int($Key) || !is_int($LastKey) || $Key != $LastKey + 1) {
+                $Return[$Key] .= "'$Key' => ";
+            }
+
+            if ($Val === true) {
+                $Return[$Key] .= 'true';
+            } elseif ($Val === false) {
+                $Return[$Key] .= 'false';
+            } elseif (is_string($Val)) {
+                $Return[$Key] .= "'$Val'";
+            } elseif (is_int($Val)) {
+                $Return[$Key] .= $Val;
+            } elseif (is_object($Val)) {
+                $Return[$Key] .= get_class($Val);
+            } elseif (is_array($Val)) {
+                $Return[$Key] .= 'array('.$this->format_args($Val).')';
+            }
+
+            $LastKey = $Key;
+        }
+        return implode(', ', $Return);
+    }
+
+    public function php_error_handler($Level, $Error, $File, $Line)
+    {
+        // Who added this, it's still something to pay attention to...
+        if (stripos('Undefined index', $Error) !== false) {
+            //return true;
+        }
+
+        $Steps = 1; // Steps to go up in backtrace, default one
+        $Call = '';
+        $Args = '';
+        $Tracer = debug_backtrace();
+
+        // This is in case something in this function goes wrong and we get stuck with an infinite loop
+        if (isset($Tracer[$Steps]['function'], $Tracer[$Steps]['class']) && $Tracer[$Steps]['function'] == 'php_error_handler' && $Tracer[$Steps]['class'] == 'DEBUG') {
+            return true;
+        }
+
+        // If this error was thrown, we return the function which threw it
+        if (isset($Tracer[$Steps]['function']) && $Tracer[$Steps]['function'] == 'trigger_error') {
+            $Steps++;
+            $File = $Tracer[$Steps]['file'];
+            $Line = $Tracer[$Steps]['line'];
+        }
+
+        // At this time ONLY Array strict typing is fully supported.
+        // Allow us to abuse strict typing (IE: function test(Array))
+        if (preg_match('/^Argument (\d+) passed to \S+ must be an (array), (array|string|integer|double|object) given, called in (\S+) on line (\d+) and defined$/', $Error, $Matches)) {
+            $Error = 'Type hinting failed on arg '.$Matches[1]. ', expected '.$Matches[2].' but found '.$Matches[3];
+            $File = $Matches[4];
+            $Line = $Matches[5];
+        }
+
+        // Let's not be repetative
+        if (($Tracer[$Steps]['function'] == 'include' || $Tracer[$Steps]['function'] == 'require') && isset($Tracer[$Steps]['args'][0]) && $Tracer[$Steps]['args'][0] == $File) {
+            unset($Tracer[$Steps]['args']);
+        }
+
+        // Class
+        if (isset($Tracer[$Steps]['class'])) {
+            $Call .= $Tracer[$Steps]['class'].'::';
+        }
+
+        // Function & args
+        if (isset($Tracer[$Steps]['function'])) {
+            $Call .= $Tracer[$Steps]['function'];
+            if (isset($Tracer[$Steps]['args'][0])) {
+                $Args = $this->format_args($Tracer[$Steps]['args']);
+            }
+        }
+
+        // Shorten the path & we're done
+        $File = str_replace(SERVER_ROOT, '', $File);
+        $Error = str_replace(SERVER_ROOT, '', $Error);
+
+        if (DEBUG_MODE) {
+            $this->Errors[] = array($Error, $File.':'.$Line, $Call, $Args);
+        }
+        return true;
+    }
+
+    /* Data wrappers */
+
+    public function get_perf()
+    {
+        if (empty($this->Perf)) {
+            global $ScriptStartTime;
+            $PageTime = (microtime(true) - $ScriptStartTime);
+            $CPUTime = $this->get_cpu_time();
+            $Perf = array(
+                'Memory usage' => Format::get_size(memory_get_usage(true)),
+                'Page process time' => number_format($PageTime, 3).' s');
+
+            if ($CPUTime) {
+                $Perf['CPU time'] = number_format($CPUTime / 1000000, 3).' s';
+            }
+            return $Perf;
+        }
+        return $this->Perf;
+    }
+
+    public function get_flags()
+    {
+        return $this->Flags;
+    }
+
+    public function get_errors($Light = false)
+    {
+        // Because the cache can't take some of these variables
+        if ($Light) {
+            foreach ($this->Errors as $Key => $Value) {
+                $this->Errors[$Key][3] = '';
+            }
+        }
+        return $this->Errors;
+    }
+
+    public function get_constants()
+    {
+        return get_defined_constants(true);
+    }
+
+    public function get_classes()
+    {
+        foreach (get_declared_classes() as $Class) {
+            $Classes[$Class]['Vars'] = get_class_vars($Class);
+            $Classes[$Class]['Functions'] = get_class_methods($Class);
+        }
+        return $Classes;
+    }
+
+    public function get_extensions()
+    {
+        foreach (get_loaded_extensions() as $Extension) {
+            $Extensions[$Extension]['Functions'] = get_extension_funcs($Extension);
+        }
+        return $Extensions;
+    }
+
+    public function get_includes()
+    {
+        return get_included_files();
+    }
+
+    public function get_cache_time()
+    {
+        return G::$Cache->Time;
+    }
+
+    public function get_cache_keys()
+    {
+        return array_keys(G::$Cache->CacheHits);
+    }
+
+    public function get_sphinxql_queries()
+    {
+        if (class_exists('Sphinxql')) {
+            return Sphinxql::$Queries;
+        }
+    }
+
+    public function get_sphinxql_time()
+    {
+        if (class_exists('Sphinxql')) {
+            return Sphinxql::$Time;
+        }
+    }
+
+    public function get_queries()
+    {
+        return G::$DB->Queries;
+    }
+
+    public function get_query_time()
+    {
+        return G::$DB->Time;
+    }
+
+    public function get_logged_vars()
+    {
+        return $this->LoggedVars;
+    }
+
+    public function get_ocelot_requests()
+    {
+        if (class_exists('Tracker')) {
+            return Tracker::$Requests;
+        }
+    }
+
+    /* Output Formatting */
+
+    public function perf_table($Perf = false)
+    {
+        if (!is_array($Perf)) {
+            $Perf = $this->get_perf();
+        }
+        if (empty($Perf)) {
+            return;
+        } ?>
+
+<table class="layout">
+  <tr>
+    <td><strong><a href="#" onclick="$(this).parents('.layout').next('#debug_perf').gtoggle(); return false;"
+          class="brackets">View</a> Performance Statistics:</strong></td>
+  </tr>
+</table>
+<table id="debug_perf" class="debug_table hidden">
+  <?php
+    foreach ($Perf as $Stat => $Value) {
+        ?>
+  <tr class="valign_top">
+    <td class="debug_perf_stat"><?=$Stat?>
+    </td>
+    <td class="debug_perf_data"><?=$Value?>
+    </td>
+  </tr>
+  <?php
+    } ?>
+</table>
+<?php
+    }
+
+    public function include_table($Includes = false)
+    {
+        if (!is_array($Includes)) {
+            $Includes = $this->get_includes();
+        } ?>
+
+<table class="layout">
+  <tr>
+    <td>
+      <strong>
+        <a href="#" onclick="$(this).parents('.layout').next('#debug_include').gtoggle(); return false;"
+          class="brackets">View</a>
+        <?=number_format(count($Includes))?>
+        Includes:
+      </strong>
+    </td>
+  </tr>
+</table>
+
+<table id="debug_include" class="debug_table hidden">
+  <?php
+    foreach ($Includes as $File) {
+        ?>
+  <tr class="valign_top">
+    <td><?=$File?>
+    </td>
+  </tr>
+  <?php
+    } ?>
+</table>
+<?php
+    }
+
+    public function class_table($Classes = false)
+    {
+        if (!is_array($Classes)) {
+            $Classes = $this->get_classes();
+        } ?>
+<table class="layout">
+  <tr>
+    <td>
+      <strong>
+        <a href="#" onclick="$(this).parents('.layout').next('#debug_classes').gtoggle(); return false;"
+          class="brackets">View</a>
+        Classes:
+      </strong>
+    </td>
+  </tr>
+</table>
+
+<table id="debug_classes" class="debug_table hidden">
+  <tr>
+    <td>
+      <pre>
+<?php
+print_r($Classes);
+        echo "\n"; ?>
+        </pre>
+    </td>
+  </tr>
+</table>
+<?php
+    }
+
+    public function extension_table()
+    {
+        ?>
+<table class="layout">
+  <tr>
+    <td>
+      <strong>
+        <a href="#" onclick="$(this).parents('.layout').next('#debug_extensions').gtoggle(); return false;"
+          class="brackets">View</a>
+        Extensions:
+      </strong>
+    </td>
+  </tr>
+</table>
+<table id="debug_extensions" class="debug_table hidden">
+  <tr>
+    <td>
+      <pre>
+<?php
+print_r($this->get_extensions());
+        echo "\n"; ?>
+        </pre>
+    </td>
+  </tr>
+</table>
+<?php
+    }
+
+    public function flag_table($Flags = false)
+    {
+        if (!is_array($Flags)) {
+            $Flags = $this->get_flags();
+        }
+
+        if (empty($Flags)) {
+            return;
+        } ?>
+
+<table class="layout">
+  <tr>
+    <td>
+      <strong>
+        <a href="#" onclick="$(this).parents('.layout').next('#debug_flags').gtoggle(); return false;"
+          class="brackets">View</a>
+        Flags:
+      </strong>
+    </td>
+  </tr>
+</table>
+
+<table id="debug_flags" class="debug_table hidden">
+  <tr class="valign_top">
+    <td class="debug_flags_event"><strong>Event</strong></td>
+    <td class="debug_flags_time"><strong>Page time</strong></td>
+    <?php if ($Flags[0][3] !== false) { ?>
+    <td class="debug_flags_time"><strong>CPU time</strong></td>
+    <?php } ?>
+    <td class="debug_flags_memory"><strong>Memory</strong></td>
+  </tr>
+
+  <?php
+    foreach ($Flags as $Flag) {
+        list($Event, $MicroTime, $Memory, $CPUTime) = $Flag; ?>
+  <tr class="valign_top">
+    <td><?=$Event?>
+    </td>
+    <td><?=number_format($MicroTime, 3)?> ms</td>
+    <?php if ($CPUTime !== false) { ?>
+    <td><?=number_format($CPUTime / 1000, 3)?> ms</td>
+    <?php } ?>
+    <td><?=Format::get_size($Memory)?>
+    </td>
+  </tr>
+  <?php
+    } ?>
+</table>
+<?php
+    }
+
+    public function constant_table($Constants = false)
+    {
+        if (!is_array($Constants)) {
+            $Constants = $this->get_constants();
+        } ?>
+
+<table class="layout">
+  <tr>
+    <td>
+      <strong>
+        <a href="#" onclick="$(this).parents('.layout').next('#debug_constants').gtoggle(); return false;"
+          class="brackets">View</a>
+        Constants:
+      </strong>
+    </td>
+  </tr>
+</table>
+
+<table id="debug_constants" class="debug_table hidden">
+  <tr>
+    <td class="debug_data debug_constants_data">
+      <pre>
+<?=display_str(print_r($Constants, true))?>
+        </pre>
+    </td>
+  </tr>
+</table>
+<?php
+    }
+
+    public function ocelot_table($OcelotRequests = false)
+    {
+        if (!is_array($OcelotRequests)) {
+            $OcelotRequests = $this->get_ocelot_requests();
+        }
+
+        if (empty($OcelotRequests)) {
+            return;
+        } ?>
+
+<table class="layout">
+  <tr>
+    <td>
+      <strong>
+        <a data-toggle-target="#debug_ocelot" class="brackets">View</a>
+        <?=number_format(count($OcelotRequests))?>
+        Ocelot requests:
+      </strong>
+    </td>
+  </tr>
+</table>
+
+<table id="debug_ocelot" class="debug_table hidden">
+  <?php foreach ($OcelotRequests as $i => $Request) { ?>
+  <tr>
+    <td class="debug_data debug_ocelot_data">
+      <a data-toggle-target="#debug_ocelot_<?=$i?>"><?=display_str($Request['path'])?></a>
+      <pre id="debug_ocelot_<?=$i?>"
+        class="hidden"><?=display_str($Request['response'])?></pre>
+    </td>
+
+    <td class="debug_info" style="width: 100px;">
+      <?=display_str($Request['status'])?>
+    </td>
+    <td class="debug_info debug_timing" style="width: 100px;">
+      <?=number_format($Request['time'], 5)?> ms
+    </td>
+  </tr>
+  <?php } ?>
+</table>
+<?php
+    }
+
+    public function cache_table($CacheKeys = false)
+    {
+        $Header = 'Cache Keys';
+        if (!is_array($CacheKeys)) {
+            $CacheKeys = $this->get_cache_keys();
+            $Header .= ' ('.number_format($this->get_cache_time(), 5).' ms)';
+        }
+
+        if (empty($CacheKeys)) {
+            return;
+        }
+        $Header = ' '.number_format(count($CacheKeys))." $Header:"; ?>
+
+<table class="layout">
+  <tr>
+    <td>
+      <strong>
+        <a href="#" onclick="$(this).parents('.layout').next('#debug_cache').gtoggle(); return false;"
+          class="brackets">View</a>
+        <?=$Header?>
+      </strong>
+    </td>
+  </tr>
+</table>
+
+<table id="debug_cache" class="debug_table hidden">
+  <?php foreach ($CacheKeys as $Key) { ?>
+  <tr>
+    <td class="label nobr debug_info debug_cache_key">
+      <a href="#"
+        onclick="$('#debug_cache_<?=$Key?>').gtoggle(); return false;"><?=display_str($Key)?></a>
+      <a href="tools.php?action=clear_cache&amp;key=<?=$Key?>&amp;type=clear"
+        target="_blank" class="brackets tooltip" title="Clear this cache key">Clear</a>
+    </td>
+    <td class="debug_data debug_cache_data">
+      <pre id="debug_cache_<?=$Key?>" class="hidden">
+<?=display_str(print_r(G::$Cache->get_value($Key, true), true))?>
+        </pre>
+    </td>
+  </tr>
+  <?php } ?>
+</table>
+<?php
+    }
+
+    public function error_table($Errors = false)
+    {
+        if (!is_array($Errors)) {
+            $Errors = $this->get_errors();
+        }
+
+        if (empty($Errors)) {
+            return;
+        } ?>
+
+<table class="layout">
+  <tr>
+    <td>
+      <strong>
+        <a href="#" onclick="$(this).parents('.layout').next('#debug_error').gtoggle(); return false;"
+          class="brackets">View</a>
+        <?=number_format(count($Errors))?>
+        Errors:
+      </strong>
+    </td>
+  </tr>
+</table>
+<table id="debug_error" class="debug_table hidden">
+  <?php
+    foreach ($Errors as $Error) {
+        list($Error, $Location, $Call, $Args) = $Error; ?>
+  <tr class="valign_top">
+    <td class="debug_info debug_error_call">
+      <?=display_str($Call)?>(<?=display_str($Args)?>)
+    </td>
+    <td class="debug_data debug_error_data">
+      <?=display_str($Error)?>
+    </td>
+    <td>
+      <?=display_str($Location)?>
+    </td>
+  </tr>
+  <?php
+    } ?>
+</table>
+<?php
+    }
+
+    public function query_table($Queries=false)
+    {
+        $Header = 'Queries';
+        if (!is_array($Queries)) {
+            $Queries = $this->get_queries();
+            $Header .= ' ('.number_format($this->get_query_time(), 5).' ms)';
+        }
+
+        if (empty($Queries)) {
+            return;
+        }
+        $Header = ' '.number_format(count($Queries))." $Header:"; ?>
+
+<table class="layout">
+  <tr>
+    <td>
+      <strong>
+        <a href="#" onclick="$(this).parents('.layout').next('#debug_database').gtoggle(); return false;"
+          class="brackets">View</a>
+        <?=$Header?>
+      </strong>
+    </td>
+  </tr>
+</table>
+
+<table id="debug_database" class="debug_table hidden">
+  <?php
+    foreach ($Queries as $Query) {
+        $SQL = $Query[0] ?? null;
+        $Time = $Query[1] ?? null;
+        $Warnings = $Query[2] ?? null;
+
+        if ($Warnings !== null) {
+            $Warnings = implode('<br />', $Warnings);
+        } ?>
+
+  <tr class="valign_top">
+    <td class="debug_data debug_query_data">
+      <div><?=str_replace("\t", '&nbsp;&nbsp;', nl2br(display_str(trim($SQL))))?>
+      </div>
+    </td>
+
+    <td class="debug_info debug_query_time" style="width: 130px;"><?=number_format($Time, 5)?> ms</td>
+    <td class="debug_info debug_query_warnings"><?=$Warnings?>
+    </td>
+  </tr>
+  <?php
+    } ?>
+</table>
+<?php
+    }
+
+    public function sphinx_table($Queries = false)
+    {
+        $Header = 'Searches';
+        if (!is_array($Queries)) {
+            $Queries = $this->get_sphinxql_queries();
+            $Header .= ' ('.number_format($this->get_sphinxql_time(), 5).' ms)';
+        }
+
+        if (empty($Queries)) {
+            return;
+        }
+        $Header = ' '.number_format(count($Queries))." $Header:"; ?>
+
+<table class="layout">
+  <tr>
+    <td>
+      <strong>
+        <a href="#" onclick="$(this).parents('.layout').next('#debug_sphinx').gtoggle(); return false;"
+          class="brackets">View</a>
+        <?=$Header?>
+      </strong>
+    </td>
+  </tr>
+</table>
+<table id="debug_sphinx" class="debug_table hidden">
+  <?php
+    foreach ($Queries as $Query) {
+        list($Params, $Time) = $Query; ?>
+  <tr class="valign_top">
+    <td class="debug_data debug_sphinx_data">
+      <pre><?=str_replace("\t", '  ', $Params)?></pre>
+    </td>
+    <td class="debug_info debug_sphinx_time" style="width: 130px;"><?=number_format($Time, 5)?> ms</td>
+  </tr>
+  <?php
+    } ?>
+</table>
+<?php
+    }
+
+    public function vars_table($Vars = false)
+    {
+        $Header = 'Logged Variables';
+        if (empty($Vars)) {
+            if (empty($this->LoggedVars)) {
+                return;
+            }
+            $Vars = $this->LoggedVars;
+        }
+        $Header = ' '.number_format(count($Vars))." $Header:"; ?>
+
+<table class="layout">
+  <tr>
+    <td>
+      <strong>
+        <a href="#" onclick="$(this).parents('.layout').next('#debug_loggedvars').gtoggle(); return false;"
+          class="brackets">View</a>
+        <?=$Header?>
+      </strong>
+    </td>
+  </tr>
+</table>
+
+<table id="debug_loggedvars" class="debug_table hidden">
+  <?php
+    foreach ($Vars as $ID => $Var) {
+        $Key = key($Var);
+        $Data = current($Var);
+        $Size = count($Data['data']); ?>
+  <tr>
+    <td class="debug_info debug_loggedvars_name">
+      <a href="#"
+        onclick="$('#debug_loggedvars_<?=$ID?>').gtoggle(); return false;"><?=display_str($Key)?></a>
+      (<?=$Size . ($Size == 1 ? ' element' : ' elements')?>)
+      <div>
+        <?=$Data['bt']['path'].':'.$Data['bt']['line']; ?>
+      </div>
+    </td>
+    <td class="debug_data debug_loggedvars_data">
+      <pre id="debug_loggedvars_<?=$ID?>" class="hidden">
+<?=display_str(print_r($Data['data'], true))?>
+        </pre>
+    </td>
+  </tr>
+  <?php
+    } ?>
+</table>
+<?php
+    }
+}

classes/donations.class.php

@@ -0,0 +1,881 @@
+<?php
+declare(strict_types=1);
+
+define('BTC_API_URL', 'https://api.bitcoinaverage.com/ticker/global/EUR/');
+define('USD_API_URL', 'http://www.google.com/ig/calculator?hl=en&q=1USD=?EUR');
+
+class Donations
+{
+    private static $IsSchedule = false;
+
+    public static function regular_donate($UserID, $DonationAmount, $Source, $Reason, $Currency = 'EUR')
+    {
+        self::donate(
+            $UserID,
+            array(
+              'Source' => $Source,
+              'Price' => $DonationAmount,
+              'Currency' => $Currency,
+              'Source' => $Source,
+              'Reason' => $Reason,
+              'SendPM' => true
+            )
+        );
+    }
+
+    public static function donate($UserID, $Args)
+    {
+        $UserID = (int) $UserID;
+        $QueryID = G::$DB->get_query_id();
+
+        G::$DB->query("
+        SELECT
+          1
+        FROM
+          `users_main`
+        WHERE
+          `ID` = '$UserID'
+        LIMIT 1
+        ");
+
+        if (G::$DB->has_results()) {
+            G::$Cache->InternalCache = false;
+            foreach ($Args as &$Arg) {
+                $Arg = db_string($Arg);
+            }
+            extract($Args);
+
+            // We don't always get a date passed in
+            if (empty($Date)) {
+                $Date = sqltime();
+            }
+
+            // Get the ID of the staff member making the edit
+            $AddedBy = 0;
+            if (!self::$IsSchedule) {
+                $AddedBy = G::$LoggedUser['ID'];
+            }
+
+            // Give them the extra invite
+            $ExtraInvite = G::$DB->affected_rows();
+
+            // A staff member is directly manipulating donor points
+            if (isset($Manipulation) && $Manipulation === 'Direct') {
+                $DonorPoints = $Rank;
+                $AdjustedRank = $Rank >= MAX_EXTRA_RANK ? MAX_EXTRA_RANK : $Rank;
+
+                G::$DB->query("
+                INSERT INTO users_donor_ranks(
+                  `UserID`,
+                  `Rank`,
+                  `TotalRank`,
+                  `DonationTime`,
+                  `RankExpirationTime`
+                )
+                VALUES(
+                  '$UserID',
+                  '$AdjustedRank',
+                  '$TotalRank',
+                  '$Date',
+                  NOW()
+                )
+                ON DUPLICATE KEY
+                UPDATE
+                  `Rank` = '$AdjustedRank',
+                  `TotalRank` = '$TotalRank',
+                  `DonationTime` = '$Date',
+                  `RankExpirationTime` = NOW()
+                ");
+            } else {
+                // Donations from the store get donor points directly, no need to calculate them
+                if ($Source === 'Store Parser') {
+                    $ConvertedPrice = self::currency_exchange($Amount * $Price, $Currency);
+                } else {
+                    $ConvertedPrice = self::currency_exchange($Price, $Currency);
+                    $DonorPoints = self::calculate_rank($ConvertedPrice);
+                }
+
+                // Rank is the same thing as DonorPoints
+                $IncreaseRank = $DonorPoints;
+                $CurrentRank = self::get_rank($UserID);
+
+                // A user's donor rank can never exceed MAX_EXTRA_RANK
+                // If the amount they donated causes it to overflow, chnage it to MAX_EXTRA_RANK
+                // The total rank isn't affected by this, so their original donor point value is added to it
+                if (($CurrentRank + $DonorPoints) >= MAX_EXTRA_RANK) {
+                    $AdjustedRank = MAX_EXTRA_RANK;
+                } else {
+                    $AdjustedRank = $CurrentRank + $DonorPoints;
+                }
+
+                G::$DB->query("
+                INSERT INTO users_donor_ranks(
+                  `UserID`,
+                  `Rank`,
+                  `TotalRank`,
+                  `DonationTime`,
+                  `RankExpirationTime`
+                )
+                VALUES(
+                  '$UserID',
+                  '$AdjustedRank',
+                  '$DonorPoints',
+                  '$Date',
+                  NOW()
+                )
+                ON DUPLICATE KEY
+                UPDATE
+                  `Rank` = '$AdjustedRank',
+                  `TotalRank` = TotalRank + '$DonorPoints',
+                  `DonationTime` = '$Date',
+                  `RankExpirationTime` = NOW()
+                ");
+            }
+
+            // Donor cache key is outdated
+            G::$Cache->delete_value("donor_info_$UserID");
+
+            // Get their rank
+            $Rank = self::get_rank($UserID);
+            $TotalRank = self::get_total_rank($UserID);
+
+            // Now that their rank and total rank has been set, we can calculate their special rank
+            self::calculate_special_rank($UserID);
+
+            // Hand out invites
+            G::$DB->query("
+            SELECT
+              `InvitesRecievedRank`
+            FROM
+              `users_donor_ranks`
+            WHERE
+              `UserID` = '$UserID'
+            ");
+
+            list($InvitesRecievedRank) = G::$DB->next_record();
+            $AdjustedRank = $Rank >= MAX_RANK ? (MAX_RANK - 1) : $Rank;
+            $InviteRank = $AdjustedRank - $InvitesRecievedRank;
+
+            if ($InviteRank > 0) {
+                $Invites = $ExtraInvite ? ($InviteRank + 1) : $InviteRank;
+
+                G::$DB->query("
+                UPDATE
+                  `users_main`
+                SET
+                  `Invites` = Invites + '$Invites'
+                WHERE
+                  `ID` = '$UserID'
+                ");
+
+                G::$DB->query("
+                UPDATE
+                  `users_donor_ranks`
+                SET
+                  `InvitesRecievedRank` = '$AdjustedRank'
+                WHERE
+                  `UserID` = '$UserID'
+                ");
+            }
+
+            // Send them a thank you PM
+            if ($SendPM) {
+                $Subject = "Thank you for your donation";
+                Misc::send_pm($UserID, 0, $Subject, '');
+            }
+
+            // Lastly, add this donation to our history
+            G::$DB->query("
+            INSERT INTO `donations`(
+                `UserID`,
+                `Amount`,
+                `Source`,
+                `Reason`,
+                `Currency`,
+                `Email`,
+                `Time`,
+                `AddedBy`,
+                `Rank`,
+                `TotalRank`
+            )
+            VALUES(
+                '$UserID',
+                '$ConvertedPrice',
+                '$Source',
+                '$Reason',
+                '$Currency',
+                '',
+                '$Date',
+                '$AddedBy',
+                '$DonorPoints',
+                '$TotalRank'
+            )
+            ");
+
+            // Clear their user cache keys because the users_info values has been modified
+            G::$Cache->delete_value("user_info_$UserID");
+            G::$Cache->delete_value("user_info_heavy_$UserID");
+            G::$Cache->delete_value("donor_info_$UserID");
+        }
+        G::$DB->set_query_id($QueryID);
+    }
+
+    private static function calculate_special_rank($UserID)
+    {
+        $UserID = (int) $UserID;
+        $QueryID = G::$DB->get_query_id();
+
+        // Are they are special?
+        G::$DB->query("
+        SELECT
+          `TotalRank`,
+          `SpecialRank`
+        FROM
+          `users_donor_ranks`
+        WHERE
+          `UserID` = '$UserID'
+        ");
+
+        if (G::$DB->has_results()) {
+            // Adjust their special rank depending on the total rank.
+            list($TotalRank, $SpecialRank) = G::$DB->next_record();
+            if ($TotalRank < 10) {
+                $SpecialRank = 0;
+            }
+
+            if ($SpecialRank < 1 && $TotalRank >= 10) {
+                Misc::send_pm($UserID, 0, 'Special Donor Rank 1', 'Thank You');
+                $SpecialRank = 1;
+            }
+
+            if ($SpecialRank < 2 && $TotalRank >= 20) {
+                Misc::send_pm($UserID, 0, 'Special Donor Rank 2', 'Thank You');
+                $SpecialRank = 2;
+            }
+
+            if ($SpecialRank < 3 && $TotalRank >= 50) {
+                Misc::send_pm($UserID, 0, 'Special Donor Rank 3', 'Thank You');
+                $SpecialRank = 3;
+            }
+
+            // Make them special
+            G::$DB->query("
+            UPDATE
+              `users_donor_ranks`
+            SET
+              `SpecialRank` = '$SpecialRank'
+            WHERE
+              `UserID` = '$UserID'
+            ");
+            G::$Cache->delete_value("donor_info_$UserID");
+        }
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function schedule()
+    {
+        self::$IsSchedule = true;
+        DonationsBitcoin::find_new_donations();
+        self::expire_ranks();
+    }
+
+    public static function expire_ranks()
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT
+          `UserID`,
+          `Rank`
+        FROM
+          `users_donor_ranks`
+        WHERE
+          `Rank` > 1 AND `SpecialRank` != 3 AND `RankExpirationTime` < NOW() - INTERVAL 766 HOUR
+        ");
+
+        // 2 hours less than 32 days to account for schedule run times
+        if (G::$DB->record_count() > 0) {
+            $UserIDs = [];
+            while (list($UserID, $Rank) = G::$DB->next_record()) {
+                G::$Cache->delete_value("donor_info_$UserID");
+                G::$Cache->delete_value("donor_title_$UserID");
+                G::$Cache->delete_value("donor_profile_rewards_$UserID");
+                $UserIDs[] = $UserID;
+            }
+            $In = implode(',', $UserIDs);
+
+            G::$DB->query("
+            UPDATE
+              `users_donor_ranks`
+            SET
+              `Rank` = Rank - IF(Rank = " . MAX_RANK . ", 2, 1),
+              `RankExpirationTime` = NOW()
+            WHERE
+              `UserID` IN($In)
+            ");
+        }
+        G::$DB->set_query_id($QueryID);
+    }
+
+    private static function calculate_rank($Amount)
+    {
+        return floor($Amount / 5);
+    }
+
+    public static function update_rank($UserID, $Rank, $TotalRank, $Reason)
+    {
+        $Rank = (int) $Rank;
+        $TotalRank = (int) $TotalRank;
+
+        self::donate(
+            $UserID,
+            array(
+              'Manipulation' => 'Direct',
+              'Rank' => $Rank,
+              'TotalRank' => $TotalRank,
+              'Reason' => $Reason,
+              'Source' => 'Modify Values',
+              'Currency' => 'EUR'
+            )
+        );
+    }
+
+    public static function hide_stats($UserID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        INSERT INTO `users_donor_ranks`(`UserID`, `Hidden`)
+        VALUES('$UserID', '1')
+        ON DUPLICATE KEY
+        UPDATE
+          `Hidden` = '1'
+        ");
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function show_stats($UserID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        INSERT INTO `users_donor_ranks`(`UserID`, `Hidden`)
+        VALUES('$UserID', '0')
+        ON DUPLICATE KEY
+        UPDATE
+          `Hidden` = '0'
+        ");
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function is_visible($UserID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT
+          `Hidden`
+        FROM
+          `users_donor_ranks`
+        WHERE
+          `Hidden` = '0' AND `UserID` = '$UserID'
+        ");
+
+        $HasResults = G::$DB->has_results();
+        G::$DB->set_query_id($QueryID);
+        return $HasResults;
+    }
+
+    public static function has_donor_forum($UserID)
+    {
+        $ENV = ENV::go();
+        return self::get_rank($UserID) >= $ENV->DONOR_FORUM_RANK || self::get_special_rank($UserID) >= MAX_SPECIAL_RANK;
+    }
+
+    /**
+     * Put all the common donor info in the same cache key to save some cache calls
+     */
+    public static function get_donor_info($UserID)
+    {
+        // Our cache class should prevent identical memcached requests
+        $DonorInfo = G::$Cache->get_value("donor_info_$UserID");
+        if ($DonorInfo === false) {
+            # todo: Investigate Rank in donations table
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT
+              `Rank`,
+              `SpecialRank`,
+              `TotalRank`,
+              `DonationTime`,
+              `RankExpirationTime` + INTERVAL 766 HOUR
+            FROM
+              `users_donor_ranks`
+            WHERE
+              `UserID` = '$UserID'
+            ");
+
+            // 2 hours less than 32 days to account for schedule run times
+            if (G::$DB->has_results()) {
+                list($Rank, $SpecialRank, $TotalRank, $DonationTime, $ExpireTime) = G::$DB->next_record(MYSQLI_NUM, false);
+                if ($DonationTime === null) {
+                    $DonationTime = 0;
+                }
+
+                if ($ExpireTime === null) {
+                    $ExpireTime = 0;
+                }
+            } else {
+                $Rank = $SpecialRank = $TotalRank = $DonationTime = $ExpireTime = 0;
+            }
+
+            if (Permissions::is_mod($UserID)) {
+                $Rank = MAX_EXTRA_RANK;
+                $SpecialRank = MAX_SPECIAL_RANK;
+            }
+
+            G::$DB->query("
+            SELECT
+              `IconMouseOverText`,
+              `AvatarMouseOverText`,
+              `CustomIcon`,
+              `CustomIconLink`,
+              `SecondAvatar`
+            FROM
+              `donor_rewards`
+            WHERE
+              `UserID` = '$UserID'
+            ");
+
+            $Rewards = G::$DB->next_record(MYSQLI_ASSOC);
+            G::$DB->set_query_id($QueryID);
+
+            $DonorInfo = array(
+                'Rank' => (int) $Rank,
+                'SRank' => (int) $SpecialRank,
+                'TotRank' => (int) $TotalRank,
+                'Time' => $DonationTime,
+                'ExpireTime' => $ExpireTime,
+                'Rewards' => $Rewards
+            );
+            G::$Cache->cache_value("donor_info_$UserID", $DonorInfo, 0);
+        }
+        return $DonorInfo;
+    }
+
+    public static function get_rank($UserID)
+    {
+        return self::get_donor_info($UserID)['Rank'];
+    }
+
+    public static function get_special_rank($UserID)
+    {
+        return self::get_donor_info($UserID)['SRank'];
+    }
+
+    public static function get_total_rank($UserID)
+    {
+        return self::get_donor_info($UserID)['TotRank'];
+    }
+
+    public static function get_donation_time($UserID)
+    {
+        return self::get_donor_info($UserID)['Time'];
+    }
+
+    public static function get_personal_collages($UserID)
+    {
+        $DonorInfo = self::get_donor_info($UserID);
+        if ($DonorInfo['SRank'] === MAX_SPECIAL_RANK) {
+            $Collages = 5;
+        } else {
+            $Collages = min($DonorInfo['Rank'], 5); // One extra collage per donor rank up to 5
+        }
+        return $Collages;
+    }
+
+    public static function get_titles($UserID)
+    {
+        $Results = G::$Cache->get_value("donor_title_$UserID");
+        if ($Results === false) {
+            $QueryID = G::$DB->get_query_id();
+
+            G::$DB->query("
+            SELECT
+              `Prefix`,
+              `Suffix`,
+              `UseComma`
+            FROM
+              `donor_forum_usernames`
+            WHERE
+              `UserID` = '$UserID'
+            ");
+
+            $Results = G::$DB->next_record();
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value("donor_title_$UserID", $Results, 0);
+        }
+        return $Results;
+    }
+
+    public static function get_enabled_rewards($UserID)
+    {
+        $Rewards = [];
+        $Rank = self::get_rank($UserID);
+        $SpecialRank = self::get_special_rank($UserID);
+        $HasAll = $SpecialRank === 3;
+
+        $Rewards = array(
+            'HasAvatarMouseOverText' => false,
+            'HasCustomDonorIcon' => false,
+            'HasDonorForum' => false,
+            'HasDonorIconLink' => false,
+            'HasDonorIconMouseOverText' => false,
+            'HasProfileInfo1' => false,
+            'HasProfileInfo2' => false,
+            'HasProfileInfo3' => false,
+            'HasProfileInfo4' => false,
+            'HasSecondAvatar' => false);
+
+        if ($Rank >= 2 || $HasAll) {
+            $Rewards["HasDonorIconMouseOverText"] = true;
+            $Rewards["HasProfileInfo1"] = true;
+        }
+
+        if ($Rank >= 3 || $HasAll) {
+            $Rewards["HasAvatarMouseOverText"] = true;
+            $Rewards["HasProfileInfo2"] = true;
+        }
+
+        if ($Rank >= 4 || $HasAll) {
+            $Rewards["HasDonorIconLink"] = true;
+            $Rewards["HasProfileInfo3"] = true;
+        }
+
+        if ($Rank >= MAX_RANK || $HasAll) {
+            $Rewards["HasCustomDonorIcon"] = true;
+            $Rewards["HasDonorForum"] = true;
+            $Rewards["HasProfileInfo4"] = true;
+        }
+
+        if ($SpecialRank >= 2) {
+            $Rewards["HasSecondAvatar"] = true;
+        }
+        return $Rewards;
+    }
+
+    public static function get_rewards($UserID)
+    {
+        return self::get_donor_info($UserID)['Rewards'];
+    }
+
+    public static function get_profile_rewards($UserID)
+    {
+        $Results = G::$Cache->get_value("donor_profile_rewards_$UserID");
+        if ($Results === false) {
+            $QueryID = G::$DB->get_query_id();
+
+            G::$DB->query("
+            SELECT
+              `ProfileInfo1`,
+              `ProfileInfoTitle1`,
+              `ProfileInfo2`,
+              `ProfileInfoTitle2`,
+              `ProfileInfo3`,
+              `ProfileInfoTitle3`,
+              `ProfileInfo4`,
+              `ProfileInfoTitle4`
+            FROM
+              `donor_rewards`
+            WHERE
+              `UserID` = '$UserID'
+            ");
+
+            $Results = G::$DB->next_record();
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value("donor_profile_rewards_$UserID", $Results, 0);
+        }
+        return $Results;
+    }
+
+    private static function add_profile_info_reward($Counter, &$Insert, &$Values, &$Update)
+    {
+        if (isset($_POST["profile_title_" . $Counter]) && isset($_POST["profile_info_" . $Counter])) {
+            $ProfileTitle = db_string($_POST["profile_title_" . $Counter]);
+            $ProfileInfo = db_string($_POST["profile_info_" . $Counter]);
+            $ProfileInfoTitleSQL = "ProfileInfoTitle" . $Counter;
+            $ProfileInfoSQL = "ProfileInfo" . $Counter;
+            $Insert[] = "$ProfileInfoTitleSQL";
+            $Values[] = "'$ProfileInfoTitle'";
+            $Update[] = "$ProfileInfoTitleSQL = '$ProfileTitle'";
+            $Insert[] = "$ProfileInfoSQL";
+            $Values[] = "'$ProfileInfo'";
+            $Update[] = "$ProfileInfoSQL = '$ProfileInfo'";
+        }
+    }
+
+    public static function update_rewards($UserID)
+    {
+        $Rank = self::get_rank($UserID);
+        $SpecialRank = self::get_special_rank($UserID);
+        $HasAll = $SpecialRank === 3;
+        $Counter = 0;
+        $Insert = [];
+        $Values = [];
+        $Update = [];
+        $Insert[] = "UserID";
+        $Values[] = "'$UserID'";
+
+        if ($Rank >= 1 || $HasAll) {
+        }
+
+        if ($Rank >= 2 || $HasAll) {
+            if (isset($_POST['donor_icon_mouse_over_text'])) {
+                $IconMouseOverText = db_string($_POST['donor_icon_mouse_over_text']);
+                $Insert[] = "IconMouseOverText";
+                $Values[] = "'$IconMouseOverText'";
+                $Update[] = "IconMouseOverText = '$IconMouseOverText'";
+            }
+            $Counter++;
+        }
+
+        if ($Rank >= 3 || $HasAll) {
+            if (isset($_POST['avatar_mouse_over_text'])) {
+                $AvatarMouseOverText = db_string($_POST['avatar_mouse_over_text']);
+                $Insert[] = "AvatarMouseOverText";
+                $Values[] = "'$AvatarMouseOverText'";
+                $Update[] = "AvatarMouseOverText = '$AvatarMouseOverText'";
+            }
+            $Counter++;
+        }
+
+        if ($Rank >= 4 || $HasAll) {
+            if (isset($_POST['donor_icon_link'])) {
+                $CustomIconLink = db_string($_POST['donor_icon_link']);
+                if (!Misc::is_valid_url($CustomIconLink)) {
+                    $CustomIconLink = '';
+                }
+
+                $Insert[] = "CustomIconLink";
+                $Values[] = "'$CustomIconLink'";
+                $Update[] = "CustomIconLink = '$CustomIconLink'";
+            }
+            $Counter++;
+        }
+
+        if ($Rank >= MAX_RANK || $HasAll) {
+            if (isset($_POST['donor_icon_custom_url'])) {
+                $CustomIcon = db_string($_POST['donor_icon_custom_url']);
+                if (!Misc::is_valid_url($CustomIcon)) {
+                    $CustomIcon = '';
+                }
+
+                $Insert[] = "CustomIcon";
+                $Values[] = "'$CustomIcon'";
+                $Update[] = "CustomIcon = '$CustomIcon'";
+            }
+            self::update_titles($UserID, $_POST['donor_title_prefix'], $_POST['donor_title_suffix'], $_POST['donor_title_comma']);
+            $Counter++;
+        }
+
+        for ($i = 1; $i <= $Counter; $i++) {
+            self::add_profile_info_reward($i, $Insert, $Values, $Update);
+        }
+
+        if ($SpecialRank >= 2) {
+            if (isset($_POST['second_avatar'])) {
+                $SecondAvatar = db_string($_POST['second_avatar']);
+                if (!Misc::is_valid_url($SecondAvatar)) {
+                    $SecondAvatar = '';
+                }
+
+                $Insert[] = "SecondAvatar";
+                $Values[] = "'$SecondAvatar'";
+                $Update[] = "SecondAvatar = '$SecondAvatar'";
+            }
+        }
+
+        $Insert = implode(', ', $Insert);
+        $Values = implode(', ', $Values);
+        $Update = implode(', ', $Update);
+
+        if ($Counter > 0) {
+            $QueryID = G::$DB->get_query_id();
+
+            G::$DB->query("
+            INSERT INTO `donor_rewards`($Insert)
+            VALUES($Values)
+            ON DUPLICATE KEY
+            UPDATE
+              $Update
+            ");
+            G::$DB->set_query_id($QueryID);
+        }
+
+        G::$Cache->delete_value("donor_profile_rewards_$UserID");
+        G::$Cache->delete_value("donor_info_$UserID");
+    }
+
+    public static function update_titles($UserID, $Prefix, $Suffix, $UseComma)
+    {
+        $QueryID = G::$DB->get_query_id();
+        $Prefix = trim(db_string($Prefix));
+        $Suffix = trim(db_string($Suffix));
+        $UseComma = empty($UseComma);
+
+        G::$DB->query("
+        INSERT INTO `donor_forum_usernames`(
+          `UserID`,
+          `Prefix`,
+          `Suffix`,
+          `UseComma`
+        )
+        VALUES(
+          '$UserID',
+          '$Prefix',
+          '$Suffix',
+          '$UseComma'
+        )
+        ON DUPLICATE KEY
+        UPDATE
+          `Prefix` = '$Prefix',
+          `Suffix` = '$Suffix',
+          `UseComma` = '$UseComma'
+        ");
+
+        G::$Cache->delete_value("donor_title_$UserID");
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function get_donation_history($UserID)
+    {
+        $UserID = (int) $UserID;
+        if (empty($UserID)) {
+            error(404);
+        }
+
+        # todo: Investigate Rank in donations table
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT
+          `Amount`,
+          `Email`,
+          `Time`,
+          `Currency`,
+          `Reason`,
+          `Source`,
+          `AddedBy`,
+          `Rank`,
+          `TotalRank`
+        FROM
+          `donations`
+        WHERE
+          `UserID` = '$UserID'
+        ORDER BY
+          `Time`
+        DESC
+        ");
+
+        $DonationHistory = G::$DB->to_array(false, MYSQLI_ASSOC, false);
+        G::$DB->set_query_id($QueryID);
+        return $DonationHistory;
+    }
+
+    public static function get_rank_expiration($UserID)
+    {
+        $DonorInfo = self::get_donor_info($UserID);
+        if ($DonorInfo['SRank'] === MAX_SPECIAL_RANK || $DonorInfo['Rank'] === 1) {
+            $Return = 'Never';
+        } elseif ($DonorInfo['ExpireTime']) {
+            $ExpireTime = strtotime($DonorInfo['ExpireTime']);
+            if ($ExpireTime - time() < 60) {
+                $Return = 'Soon';
+            } else {
+                $Expiration = time_diff($ExpireTime); // 32 days
+                $Return = "in $Expiration";
+            }
+        } else {
+            $Return = '';
+        }
+        return $Return;
+    }
+
+    public static function get_leaderboard_position($UserID)
+    {
+        $UserID = (int) $UserID;
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("SET @RowNum := 0");
+
+        G::$DB->query("
+        SELECT
+          `Position`
+        FROM
+          (
+          SELECT
+            d.UserID,
+            @RowNum := @RowNum + 1 AS POSITION
+          FROM
+            `users_donor_ranks` AS d
+          ORDER BY
+            `TotalRank`
+          DESC
+          ) l
+        WHERE
+          `UserID` = '$UserID'
+        ");
+
+        if (G::$DB->has_results()) {
+            list($Position) = G::$DB->next_record();
+        } else {
+            $Position = 0;
+        }
+
+        G::$DB->set_query_id($QueryID);
+        return $Position;
+    }
+
+    public static function is_donor($UserID)
+    {
+        return self::get_rank($UserID) > 0;
+    }
+
+    public static function currency_exchange($Amount, $Currency)
+    {
+        if (!self::is_valid_currency($Currency)) {
+            error("$Currency is not valid currency");
+        }
+        
+        switch ($Currency) {
+        case 'USD':
+          $Amount = self::usd_to_euro($Amount);
+          break;
+
+        case 'BTC':
+          $Amount = self::btc_to_euro($Amount);
+          break;
+
+        default:
+          break;
+        }
+        return round($Amount, 2);
+    }
+
+    public static function is_valid_currency($Currency)
+    {
+        return $Currency === 'EUR' || $Currency === 'BTC' || $Currency === 'USD';
+    }
+
+    public static function btc_to_euro($Amount)
+    {
+        $Rate = G::$Cache->get_value('btc_rate');
+        if (empty($Rate)) {
+            G::$Cache->cache_value('btc_rate', $Rate, 86400);
+        }
+        return $Rate * $Amount;
+    }
+
+    public static function usd_to_euro($Amount)
+    {
+        $Rate = G::$Cache->get_value('usd_rate');
+        if (empty($Rate)) {
+            G::$Cache->cache_value('usd_rate', $Rate, 86400);
+        }
+        return $Rate * $Amount;
+    }
+}

classes/donationsbitcoin.class.php

@@ -0,0 +1,214 @@
+<?php
+
+class DonationsBitcoin
+{
+    /**
+     * Ask bitcoind for a list of all addresses that have received bitcoins
+     *
+     * @return array (BitcoinAddress => Amount, ...)
+     */
+    public static function get_received()
+    {
+        if (defined('BITCOIN_RPC_URL')) {
+            $Donations = BitcoinRpc::listreceivedbyaddress();
+        }
+
+        if (empty($Donations)) {
+            return [];
+        }
+
+        $BTCUsers = [];
+        foreach ($Donations as $Account) {
+            $BTCUsers[$Account->address] = $Account->amount;
+        }
+        return $BTCUsers;
+    }
+
+    /**
+     * Ask bitcoind for the current account balance
+     *
+     * @return float balance
+     */
+    public static function get_balance()
+    {
+        if (defined('BITCOIN_RPC_URL')) {
+            return BitcoinRpc::getbalance();
+        }
+    }
+
+    /**
+     * Get a user's existing bitcoin address or generate a new one
+     *
+     * @param int $UserID
+     * @param bool $GenAddress whether to create a new address if it doesn't exist
+     * @return false if no address exists and $GenAddress is false
+     *         string bitcoin address otherwise
+     */
+    public static function get_address($UserID, $GenAddress = false)
+    {
+        $UserID = (int)$UserID;
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT BitcoinAddress
+        FROM users_info
+          WHERE UserID = '$UserID'");
+
+        list($Addr) = G::$DB->next_record();
+        G::$DB->set_query_id($QueryID);
+
+        if (!empty($Addr)) {
+            return $Addr;
+        } elseif ($GenAddress) {
+            if (defined('BITCOIN_RPC_URL')) {
+                $NewAddr = BitcoinRpc::getnewaddress();
+            }
+
+            if (empty($NewAddr)) {
+                error(0);
+            }
+
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            UPDATE users_info
+            SET BitcoinAddress = '".db_string($NewAddr)."'
+              WHERE UserID = '$UserID'
+              AND BitcoinAddress IS NULL");
+
+            G::$DB->set_query_id($QueryID);
+            return $NewAddr;
+        } else {
+            return false;
+        }
+    }
+
+    /**
+     * Ask bitcoind for the total amount of bitcoins received
+     *
+     * @return float amount
+     */
+    public static function get_total_received()
+    {
+        if (defined('BITCOIN_RPC_URL')) {
+            $Accounts = BitcoinRpc::listreceivedbyaccount();
+        }
+
+        if (empty($Accounts)) {
+            return 0.0;
+        }
+
+        foreach ($Accounts as $Account) {
+            if ($Account->account === '') {
+                return $Account->amount;
+            }
+        }
+        return 0.0;
+    }
+
+    /**
+     * Translate bitcoin addresses to user IDs
+     *
+     * @param array $Addresses list of bitcoin addresses
+     * @return array (BitcoinAddress => UserID, ...)
+     */
+    public static function get_userids($Addresses)
+    {
+        if (!is_array($Addresses) || empty($Addresses)) {
+            return false;
+        }
+
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT BitcoinAddress, UserID
+        FROM users_info
+          WHERE BitcoinAddress IN ('" . implode("', '", $Addresses) . "')");
+
+        if (G::$DB->has_results()) {
+            $UserIDs = G::$DB->to_pair(0, 1);
+        } else {
+            $UserIDs = [];
+        }
+
+        G::$DB->set_query_id($QueryID);
+        return $UserIDs;
+    }
+
+    /**
+     * Find and process new donations since the last time this function was called.
+     */
+    public static function find_new_donations()
+    {
+        global $Debug;
+        if (($OldAmount = G::$Cache->get_value('btc_total_received')) === false) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT IFNULL(SUM(Amount), 0)
+            FROM donations_bitcoin");
+
+            list($OldAmount) = G::$DB->next_record(MYSQLI_NUM, false);
+            G::$DB->set_query_id($QueryID);
+        }
+
+        $NewAmount = self::get_total_received();
+        if ($NewAmount < $OldAmount) {
+            // This shouldn't happen. Perhaps bitcoind was restarted recently
+            // or the block index was removed. Either way, try again later
+            send_irc(DEBUG_CHAN, "Bad bitcoin donation data (is $NewAmount, was $OldAmount). If this persists, something is probably wrong.");
+            return false;
+        }
+
+        if ($NewAmount > $OldAmount) {
+            // I really wish we didn't have to do it like this
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT BitcoinAddress, SUM(Amount)
+            FROM donations_bitcoin
+              GROUP BY BitcoinAddress");
+
+            $OldDonations = G::$DB->to_pair(0, 1, false);
+            G::$DB->set_query_id($QueryID);
+            $NewDonations = self::get_received();
+
+            foreach ($NewDonations as $Address => &$Amount) {
+                if (isset($OldDonations[$Address])) {
+                    if ($Amount == $OldDonations[$Address]) { // Direct comparison should be fine as everything comes from bitcoind
+                        unset($NewDonations[$Address]);
+                        continue;
+                    }
+
+                    $Debug->log_var(array('old' => $OldDonations[$Address], 'new' => $Amount), "New donations from $Address");
+                    // PHP doesn't do fixed-point math, and json_decode has already botched the precision
+                    // so let's just round this off to satoshis and pray that we're on a 64 bit system
+                    $Amount = round($Amount - $OldDonations[$Address], 8);
+                }
+                $NewDonations[$Address] = $Amount;
+            }
+
+            $Debug->log_var($NewDonations, '$NewDonations');
+            foreach (self::get_userids(array_keys($NewDonations)) as $Address => $UserID) {
+                Donations::regular_donate($UserID, $NewDonations[$Address], 'Bitcoin Parser', '', 'BTC');
+                self::store_donation($Address, $NewDonations[$Address]);
+            }
+            G::$Cache->cache_value('btc_total_received', $NewAmount, 0);
+        }
+    }
+
+    /**
+     * Record a donation in the database
+     *
+     * @param string $Address bitcoin address
+     * @param double $Amount amount of bitcoins transferred
+     */
+    public static function store_donation($Address, $Amount)
+    {
+        if (!is_numeric($Amount) || $Amount <= 0) {
+            // Panic!
+            return false;
+        }
+
+        G::$DB->query("
+        INSERT INTO donations_bitcoin
+          (BitcoinAddress, Amount)
+        VALUES
+          ('$Address', $Amount)");
+    }
+}

classes/donationsview.class.php

@@ -0,0 +1,227 @@
+<?php
+
+class DonationsView
+{
+    public static function render_mod_donations($UserID)
+    {
+        ?>
+<table class="layout box" id="donation_box">
+  <tr class="colhead">
+    <td colspan="2">
+      Donor System (add points)
+    </td>
+  </tr>
+  <tr>
+    <td class="label">Value:</td>
+    <td>
+      <input type="text" name="donation_value" onkeypress="return isNumberKey(event);" />
+      <select name="donation_currency">
+        <option value="EUR">EUR</option>
+        <option value="USD">USD</option>
+        <option value="BTC">BTC</option>
+      </select>
+    </td>
+  </tr>
+  <tr>
+    <td class="label">Reason:</td>
+    <td><input type="text" class="wide_input_text" name="donation_reason" /></td>
+  </tr>
+  <tr>
+    <td align="right" colspan="2">
+      <input type="submit" name="donor_points_submit" value="Add donor points" />
+    </td>
+  </tr>
+</table>
+
+<table class="layout box" id="donor_points_box">
+  <tr class="colhead">
+    <td colspan="3" class="tooltip"
+      title='Use this tool only when manually correcting values. If crediting donations normally, use the "Donor System (add points)" tool'>
+      Donor System (modify values)
+    </td>
+  </tr>
+  <tr>
+    <td class="label tooltip" title="Active points determine a user's Donor Rank and do expire.">Active points:</td>
+    <td><input type="text" name="donor_rank" onkeypress="return isNumberKey(event);"
+        value="<?=Donations::get_rank($UserID)?>" /></td>
+  </tr>
+  <tr>
+    <td class="label tooltip"
+      title="Total points represent a user's overall total and never expire. Total points determines a user's Special Rank and Donor Leaderboard placement.">
+      Total points:</td>
+    <td><input type="text" name="total_donor_rank" onkeypress="return isNumberKey(event);"
+        value="<?=Donations::get_total_rank($UserID)?>" /></td>
+  </tr>
+  <tr>
+    <td class="label">Reason:</td>
+    <td><input type="text" class="wide_input_text" name="reason" /></td>
+  </tr>
+  <tr>
+    <td align="right" colspan="2">
+      <input type="submit" name="donor_values_submit" value="Change point values" />
+    </td>
+  </tr>
+</table>
+<?php
+    }
+
+    public static function render_donor_stats($UserID)
+    {
+        $OwnProfile = G::$LoggedUser['ID'] === $UserID;
+        if (check_perms("users_mod") || $OwnProfile || Donations::is_visible($UserID)) {
+            ?>
+<div class="box box_info box_userinfo_donor_stats">
+  <div class="head colhead_dark">Donor Statistics</div>
+  <ul class="stats nobullet">
+    <?php
+      if (Donations::is_donor($UserID)) {
+          if (check_perms('users_mod') || $OwnProfile) {
+              ?>
+    <li>
+      Total donor points: <?=Donations::get_total_rank($UserID)?>
+    </li>
+    <?php
+          } ?>
+    <li>
+      Current donor rank: <?=self::render_rank(Donations::get_rank($UserID), Donations::get_special_rank($UserID), true)?>
+    </li>
+    <li>
+      Leaderboard position: <?=Donations::get_leaderboard_position($UserID)?>
+    </li>
+    <li>
+      Last donated: <?=time_diff(Donations::get_donation_time($UserID))?>
+    </li>
+    <li>
+      Rank expires: <?=(Donations::get_rank_expiration($UserID))?>
+    </li>
+    <?php
+      } else { ?>
+    <li>
+      This user hasn't donated.
+    </li>
+    <?php } ?>
+  </ul>
+</div>
+<?php
+        }
+    }
+
+    public static function render_profile_rewards($EnabledRewards, $ProfileRewards)
+    {
+        for ($i = 1; $i <= 4; $i++) {
+            if ($EnabledRewards['HasProfileInfo' . $i] && $ProfileRewards['ProfileInfo' . $i]) {
+                ?>
+<div class="box">
+  <div class="head">
+    <span><?=!empty($ProfileRewards['ProfileInfoTitle' . $i]) ? display_str($ProfileRewards['ProfileInfoTitle' . $i]) : "Extra Profile " . ($i + 1)?></span>
+    <span class="float_right"><a
+        data-toggle-target="#profilediv_<?=$i?>"
+        data-toggle-replace="Show" class="brackets">Hide</a></span>
+  </div>
+  <div class="pad profileinfo" id="profilediv_<?=$i?>">
+    <?= Text::full_format($ProfileRewards['ProfileInfo' . $i]); ?>
+  </div>
+</div>
+<?php
+            }
+        }
+    }
+
+    public static function render_donation_history($DonationHistory)
+    {
+        if (empty($DonationHistory)) {
+            return;
+        } ?>
+<div class="box" id="donation_history_box">
+  <div class="head">
+    Donation History <a data-toggle-target="#donation_history" class="brackets" style="float_right">Toggle</a>
+  </div>
+  <div class="hidden" id="donation_history">
+    <table cellpadding="6" cellspacing="1" border="0" class="border" width="100%">
+      <tbody>
+        <tr class="colhead_dark">
+          <td>
+            <strong>Source</strong>
+          </td>
+          <td>
+            <strong>Date</strong>
+          </td>
+          <td>
+            <strong>Amount (EUR)</strong>
+          </td>
+          <td>
+            <strong>Added Points</strong>
+          </td>
+          <td>
+            <strong>Total Points</strong>
+          </td>
+          <td>
+            <strong>Email</strong>
+          </td>
+          <td style="width: 30%;">
+            <strong>Reason</strong>
+          </td>
+        </tr>
+        <?php foreach ($DonationHistory as $Donation) { ?>
+        <tr class="row">
+          <td>
+            <?=display_str($Donation['Source'])?>
+            (<?=Users::format_username($Donation['AddedBy'])?>)
+          </td>
+          <td>
+            <?=$Donation['Time']?>
+          </td>
+          <td>
+            <?=$Donation['Amount']?>
+          </td>
+          <td>
+            <?=$Donation['Rank']?>
+          </td>
+          <td>
+            <?=$Donation['TotalRank']?>
+          </td>
+          <td>
+            <?=display_str($Donation['Email'])?>
+          </td>
+          <td>
+            <?=display_str($Donation['Reason'])?>
+          </td>
+        </tr>
+        <?php
+    } ?>
+      </tbody>
+    </table>
+  </div>
+</div>
+<?php
+    }
+
+    public static function render_rank($Rank, $SpecialRank, $ShowOverflow = false)
+    {
+        if ($SpecialRank === 3) {
+            $Display = '∞ [Diamond]';
+        } else {
+            $CurrentRank = $Rank >= MAX_RANK ? MAX_RANK : $Rank;
+            $Overflow = $Rank - $CurrentRank;
+            $Display = $CurrentRank;
+            if ($Display === 5 || $Display === 6) {
+                $Display--;
+            }
+            if ($ShowOverflow && $Overflow) {
+                $Display .= " (+$Overflow)";
+            }
+            if ($Rank >= 6) {
+                $Display .= ' [Gold]';
+            } elseif ($Rank >= 4) {
+                $Display .= ' [Silver]';
+            } elseif ($Rank >= 3) {
+                $Display .= ' [Bronze]';
+            } elseif ($Rank >= 2) {
+                $Display .= ' [Copper]';
+            } elseif ($Rank >= 1) {
+                $Display .= ' [Red]';
+            }
+        }
+        echo $Display;
+    }
+}

classes/env.class.php

@@ -0,0 +1,302 @@
+<?php
+
+/**
+ * ENV
+ *
+ * The PHP singleton is considered bad design for nebulous reasons,
+ * but for securely loading a site config it does exactly what we need:
+ *
+ *  - Ensure that only one instance of itself can ever exist
+ *  - Load the instance everywhere we need to do $ENV->VALUE
+ *  - No memory penalty because of multiple $ENV instances
+ *  - Static values in classes/config.php are immutable
+ *  - Site configs don't exist in the constants table
+ *  - Separate public and private config values
+ *
+ * @see https://stackoverflow.com/a/3724689
+ * @see https://phpenthusiast.com/blog/the-singleton-design-pattern-in-php
+ */
+
+class ENV
+{
+    # Disinstantiates itself
+    private static $ENV = null;
+
+    # Config options receptacles
+    private static $Priv = []; # Passwords, app keys, database, etc.
+    private static $Pub = []; # Site meta, options, resources, etc.
+
+
+    /**
+     * __functions()
+     */
+
+    # Prevents outside construction
+    private function __construct()
+    {
+        # Would be expensive, e.g.,
+        #   $ENV = new ENV();
+        return;
+    }
+
+    # Prevents multiple instances
+    public function __clone()
+    {
+        return trigger_error(
+            'clone() not allowed',
+            E_USER_ERROR
+        );
+    }
+
+    # $this->key returns public->key
+    public function __get($key)
+    {
+        return isset(self::$Pub[$key])
+            ? self::$Pub[$key]
+            : false;
+    }
+    
+    # isset()
+    public function __isset($key)
+    {
+        return isset(self::$Pub[$key]);
+    }
+
+
+    /**
+     * Gets n' Sets
+     */
+
+    # Calls its self's creation or returns itself
+    public static function go()
+    {
+        return (self::$ENV === null)
+            ? self::$ENV = new ENV()
+            : self::$ENV;
+    }
+
+    # get
+    public static function getPriv($key)
+    {
+        return isset(self::$Priv[$key])
+            ? self::$Priv[$key]
+            : false;
+    }
+
+    public static function getPub($key)
+    {
+        return isset(self::$Pub[$key])
+            ? self::$Pub[$key]
+            : false;
+    }
+
+    # set
+    public static function setPriv($key, $value)
+    {
+        return self::$Priv[$key] = $value;
+    }
+
+    public static function setPub($key, $value)
+    {
+        return self::$Pub[$key] = $value;
+    }
+
+
+    /**
+     * toArray
+     * @see https://ben.lobaugh.net/blog/567/php-recursively-convert-an-object-to-an-array
+     */
+    public function toArray($obj)
+    {
+        if (is_object($obj)) {
+            $obj = (array) $obj;
+        }
+
+        if (is_array($obj)) {
+            $new = array();
+
+            foreach ($obj as $key => $value) {
+                $new[$key] = $this->toArray($value);
+            }
+        } else {
+            $new = $obj;
+        }
+        return $new;
+    }
+
+
+    /**
+     * fromJson
+     *
+     * @param string $JSON Valid JavaScript object string
+     * @return RecursiveArrayObject Not stdClass as in json_decode()
+     */
+
+    public function fromJson($str)
+    {
+        if (!is_string($str) || is_empty($str)) {
+            error('$ENV->fromJson() expects a string.');
+        }
+
+        # Decode to array and construct RAO
+        return $RAO = new RecursiveArrayObject(
+            json_decode($str, true)
+        );
+    }
+
+
+    /**
+     * dedupe
+     *
+     * Takes a collection (usually an array) of various jumbled $ENV slices.
+     * Returns a once-deduplicated RecursiveArrayObject with original nesting intact.
+     * Simple and handy if you need to populate a form with arbitrary collections of metadata.
+     */
+    public function dedupe($obj)
+    {
+        if (is_object($obj)) {
+            $obj = (array) $obj;
+        }
+
+        return $RAO = new RecursiveArrayObject(
+            array_unique($this->toArray($obj))
+        );
+    }
+
+
+    /**
+     * map
+     *
+     * Simple array_map() object wrapper.
+     * Maps a callback (or default) to an object.
+     *
+     * Example output:
+     * $Hashes = $ENV->map('md5', $ENV->CATS->SEQ);
+     *
+     * var_dump($Hashes);
+     * object(RecursiveArrayObject)#324 (1) {
+     *   ["storage":"ArrayObject":private]=>
+     *   array(6) {
+     *     ["ID"]=>
+     *     string(32) "28c8edde3d61a0411511d3b1866f0636"
+     *     ["Name"]=>
+     *     string(32) "fe83ccb5dc96dbc0658b3c4672c7d5fe"
+     *     ["Icon"]=>
+     *     string(32) "52963afccc006d2bce3c890ad9e8f73a"
+     *     ["Platforms"]=>
+     *     string(32) "d41d8cd98f00b204e9800998ecf8427e"
+     *     ["Formats"]=>
+     *     string(32) "d41d8cd98f00b204e9800998ecf8427e"
+     *     ["Description"]=>
+     *     string(32) "ca6628e8c13411c800d1d9d0eaccd849"
+     *   }
+     * }
+     *
+     * var_dump($Hashes->Icon);
+     * string(32) "52963afccc006d2bce3c890ad9e8f73a"
+     *
+     * @param string $fn Callback function
+     * @param object $obj Object to operate on
+     * @return object $RAO Mapped RecursiveArrayObject
+     */
+    public function map($fn = '', $obj = null)
+    {
+        # Set a default function if desired
+        if (empty($fn) && !is_object($fn)) {
+            $fn = 'array_filter';
+        }
+
+        # Quick sanity check
+        if ($fn === 'array_map') {
+            error("map() can't invoke the function it wraps.");
+        }
+        
+        /**
+         * $fn not a closure
+         *
+         * var_dump(
+         *   gettype(
+         *     (function() { return; })
+         * ));
+         * string(6) "object"
+         */
+        if (is_string($fn) && !is_object($fn)) {
+            $fn = trim(strtok($fn, ' '));
+        }
+
+        # Map the sanitized function name
+        # to a mapped array conversion
+        return $RAO = new RecursiveArrayObject(
+            array_map(
+                $fn,
+                array_map(
+                    $fn,
+                    $this->toArray($obj)
+                )
+            )
+        );
+    }
+}
+
+
+/**
+ * @author: etconsilium@github
+ * @license: BSDLv2
+ * @see https://github.com/etconsilium/php-recursive-array-object
+ */
+
+class RecursiveArrayObject extends \ArrayObject
+{
+    /**
+     * __construct
+     */
+    public function __construct($input = null, $flags = self::ARRAY_AS_PROPS, $iterator_class = "ArrayIterator")
+    {
+        foreach ($input as $key => $value) {
+            $this->__set($key, $value);
+        }
+        return $this;
+    }
+
+    /**
+     * __set
+     */
+    public function __set($name, $value)
+    {
+        if (is_array($value) || is_object($value)) {
+            $this->offsetSet($name, (new self($value)));
+        } else {
+            $this->offsetSet($name, $value);
+        }
+    }
+
+    /**
+     * __get
+     */
+    public function __get($name)
+    {
+        if ($this->offsetExists($name)) {
+            return $this->offsetGet($name);
+        } elseif (array_key_exists($name, $this)) {
+            return $this[$name];
+        } else {
+            throw new \InvalidArgumentException(sprintf('$this have not prop `%s`', $name));
+        }
+    }
+
+    /**
+     * __isset
+     */
+    public function __isset($name)
+    {
+        return array_key_exists($name, $this);
+    }
+
+    /**
+     * __unset
+     */
+    public function __unset($name)
+    {
+        unset($this[$name]);
+    }
+}

classes/feed.class.php

@@ -0,0 +1,114 @@
+<?php
+declare(strict_types = 1);
+
+class Feed
+{
+    /**
+     * open_feed
+     */
+    public function open_feed()
+    {
+        header('Content-Type: application/xml; charset=utf-8');
+        echo "<?xml version='1.0' encoding='utf-8'?>",
+             "<rss xmlns:dc='http://purl.org/dc/elements/1.1/' version='2.0'><channel>";
+    }
+
+    /**
+     * close_feed
+     */
+    public function close_feed()
+    {
+        echo "</channel></rss>";
+    }
+
+    /**
+     * channel
+     */
+    public function channel($Title, $Description, $Section = '')
+    {
+        $ENV = ENV::go();
+        $Site = site_url();
+
+        # echo commas because <<<XML would copy whitespace
+        echo "<title>$Title $ENV->SEP $ENV->SITE_NAME</title>",
+             "<link>$Site$Section</link>",
+             "<description>$Description</description>",
+             "<language>en-us</language>",
+             "<lastBuildDate>".date('r')."</lastBuildDate>",
+             "<docs>http://blogs.law.harvard.edu/tech/rss</docs>",
+             "<generator>Gazelle Feed Class</generator>";
+    }
+
+    /**
+     * item
+     */
+    public function item($Title, $Description, $Page, $Creator, $Comments = '', $Category = '', $Date = '')
+    {
+        $Site = site_url();
+        if ($Date === '') {
+            $Date = date('r');
+        } else {
+            $Date = date('r', strtotime($Date));
+        }
+
+        // Escape with CDATA, otherwise the feed breaks.
+        $Item  = "<item>";
+        $Item .= "<title><![CDATA[$Title]]></title>";
+        $Item .= "<description><![CDATA[$Description]]></description>";
+        $Item .= "<pubDate>$Date</pubDate>";
+        $Item .= "<link>$Site$Page</link>";
+        $Item .= "<guid>$Site$Page</guid>";
+
+        if ($Comments !== '') {
+            $Item .= "<comments>$Site$Comments</comments>";
+        }
+
+        if ($Category !== '') {
+            $Item .= "<category><![CDATA[$Category]]></category>";
+        }
+
+        $Item .= "<dc:creator>$Creator</dc:creator></item>";
+        return $Item;
+    }
+
+    /**
+     * retrieve
+     */
+    public function retrieve($CacheKey, $AuthKey, $PassKey)
+    {
+        global $Cache;
+        $Entries = $Cache->get_value($CacheKey);
+
+        if (!$Entries) {
+            $Entries = [];
+        } else {
+            foreach ($Entries as $Item) {
+                echo str_replace(
+                    array('[[PASSKEY]]', '[[AUTHKEY]]'),
+                    array(display_str($PassKey), display_str($AuthKey)),
+                    $Item
+                );
+            }
+        }
+    }
+
+    /**
+     * populate
+     */
+    public function populate($CacheKey, $Item)
+    {
+        global $Cache;
+        $Entries = $Cache->get_value($CacheKey, true);
+
+        if (!$Entries) {
+            $Entries = [];
+        } else {
+            if (count($Entries) >= 50) {
+                array_pop($Entries);
+            }
+        }
+        
+        array_unshift($Entries, $Item);
+        $Cache->cache_value($CacheKey, $Entries, 0); // inf cache
+    }
+}

classes/format.class.php

@@ -0,0 +1,699 @@
+<?php
+
+class Format
+{
+    /**
+     * Torrent Labels
+     * Map a common display string to a CSS class
+     * Indexes are lower case
+     * Note the "tl_" prefix for "torrent label"
+     *
+     * There are five basic types:
+     *  - tl_free (leech status)
+     *  - tl_snatched
+     *  - tl_reported
+     *  - tl_approved
+     *  - tl_notice (default)
+     *
+     * @var array Strings
+     */
+    private static $TorrentLabels = array(
+        'default'  => 'tl_notice',
+        'snatched' => 'tl_snatched',
+        'seeding'  => 'tl_seeding',
+        'leeching' => 'tl_leeching',
+
+        'freeleech'     => 'tl_free',
+        'neutral leech' => 'tl_free tl_neutral',
+        'personal freeleech' => 'tl_free tl_personal',
+
+        'reported'    => 'tl_reported',
+        'bad tags'    => 'tl_reported tl_bad_tags',
+        'bad folders' => 'tl_reported tl_bad_folders',
+        'bad file names' => 'tl_reported tl_bad_file_names',
+
+        'uncensored' => 'tl_notice'
+    );
+
+
+    /**
+     * Shorten a string
+     *
+     * @param $Str string to cut
+     * @param $Length cut at length
+     * @param $Hard force cut at length instead of at closest word
+     * @param $ShowDots Show dots at the end
+     * @return string formatted string
+     */
+    public static function cut_string($Str, $Length, $Hard = false, $ShowDots = true)
+    {
+        if (mb_strlen($Str, 'UTF-8') > $Length) {
+            if ($Hard === 0) {
+                // Not hard, cut at closest word
+                $CutDesc = mb_substr($Str, 0, $Length, 'UTF-8');
+                $DescArr = explode(' ', $CutDesc);
+
+                if (count($DescArr) > 1) {
+                    array_pop($DescArr);
+                    $CutDesc = implode(' ', $DescArr);
+                }
+                
+                if ($ShowDots) {
+                    $CutDesc .= '…';
+                }
+            } else {
+                $CutDesc = mb_substr($Str, 0, $Length, 'UTF-8');
+                if ($ShowDots) {
+                    $CutDesc .= '…';
+                }
+            }
+
+            return $CutDesc;
+        } else {
+            return $Str;
+        }
+    }
+
+
+    /**
+     * Gets the CSS class corresponding to a ratio
+     *
+     * @param $Ratio ratio to get the css class for
+     * @return string the CSS class corresponding to the ratio range
+     */
+    public static function get_ratio_color($Ratio)
+    {
+        if ($Ratio < 0.1) {
+            return 'r00';
+        }
+
+        if ($Ratio < 0.2) {
+            return 'r01';
+        }
+
+        if ($Ratio < 0.3) {
+            return 'r02';
+        }
+
+        if ($Ratio < 0.4) {
+            return 'r03';
+        }
+
+        if ($Ratio < 0.5) {
+            return 'r04';
+        }
+
+        if ($Ratio < 0.6) {
+            return 'r05';
+        }
+
+        if ($Ratio < 0.7) {
+            return 'r06';
+        }
+
+        if ($Ratio < 0.8) {
+            return 'r07';
+        }
+
+        if ($Ratio < 0.9) {
+            return 'r08';
+        }
+
+        if ($Ratio < 1) {
+            return 'r09';
+        }
+
+        if ($Ratio < 2) {
+            return 'r10';
+        }
+
+        if ($Ratio < 5) {
+            return 'r20';
+        }
+
+        return 'r50';
+    }
+
+
+    /**
+     * Calculates and formats a ratio.
+     *
+     * @param int $Dividend AKA numerator
+     * @param int $Divisor
+     * @param boolean $Color if true, ratio will be coloured.
+     * @return string formatted ratio HTML
+     */
+    public static function get_ratio_html($Dividend, $Divisor, $Color = true)
+    {
+        $Ratio = self::get_ratio($Dividend, $Divisor);
+
+        if ($Ratio === false) {
+            return '&ndash;';
+        }
+
+        if ($Ratio === '∞') {
+            return '<span class="tooltip r99" title="Infinite">∞</span>';
+        }
+
+        if ($Color) {
+            $Ratio = sprintf(
+                '<span class="tooltip %s" title="%s">%s</span>',
+                self::get_ratio_color($Ratio),
+                self::get_ratio($Dividend, $Divisor, 5),
+                $Ratio
+            );
+        }
+
+        return $Ratio;
+    }
+
+
+    /**
+     * Returns ratio
+     * @param int $Dividend
+     * @param int $Divisor
+     * @param int $Decimal floor to n decimals (e.g. subtract .005 to floor to 2 decimals)
+     * @return boolean|string
+     */
+    public static function get_ratio($Dividend, $Divisor, $Decimal = 2)
+    {
+        if ((int) $Divisor === 0 && (int) $Dividend === 0) {
+            return false;
+        }
+
+        if ((int) $Divisor === 0) {
+            return '∞';
+        }
+
+        return number_format(max($Dividend / $Divisor - (0.5 / pow(10, $Decimal)), 0), $Decimal);
+    }
+
+
+    /**
+     * Gets the query string of the current page, minus the parameters in $Exclude
+     *
+     * @param array $Exclude Query string parameters to leave out, or blank to include all parameters.
+     * @param bool $Escape Whether to return a string prepared for HTML output
+     * @param bool $Sort Whether to sort the parameters by key
+     * @return An optionally HTML sanatized query string
+     */
+    public static function get_url($Exclude = false, $Escape = true, $Sort = false)
+    {
+        if ($Exclude !== false) {
+            $Separator = $Escape ? '&amp;' : '&';
+            $QueryItems = null;
+            parse_str($_SERVER['QUERY_STRING'], $QueryItems);
+
+            foreach ($Exclude as $Key) {
+                unset($QueryItems[$Key]);
+            }
+
+            if ($Sort) {
+                ksort($QueryItems);
+            }
+
+            return http_build_query($QueryItems, '', $Separator);
+        } else {
+            return $Escape ? display_str($_SERVER['QUERY_STRING']) : $_SERVER['QUERY_STRING'];
+        }
+    }
+
+
+    /**
+     * Finds what page we're on and gives it to us, as well as the LIMIT clause for SQL
+     * Takes in $_GET['page'] as an additional input
+     *
+     * @param $PerPage Results to show per page
+     * @param $DefaultResult Optional, which result's page we want if no page is specified
+     * If this parameter is not specified, we will default to page 1
+     *
+     * @return array(int, string) What page we are on, and what to use in the LIMIT section of a query
+     * e.g. "SELECT […] LIMIT $Limit;"
+     */
+    public static function page_limit($PerPage, $DefaultResult = 1)
+    {
+        if (!isset($_GET['page'])) {
+            $Page = ceil($DefaultResult / $PerPage);
+            # todo: Strict equality breaks comment fetching
+            if ($Page == 0) {
+                $Page = 1;
+            }
+            $Limit = $PerPage;
+        } else {
+            if (!is_number($_GET['page'])) {
+                error(0);
+            }
+            $Page = $_GET['page'];
+
+            if ($Page <= 0) {
+                $Page = 1;
+            }
+            $Limit = $PerPage * $Page - $PerPage . ", $PerPage";
+        }
+        return array($Page, $Limit);
+    }
+
+
+    /**
+     * catalogue_limit()
+     *
+     * A9 magic. Some other poor soul can write the phpdoc.
+     * For data stored in memcached catalogues (giant arrays), e.g., forum threads
+     */
+    public static function catalogue_limit($Page, $PerPage, $CatalogueSize = 500)
+    {
+        $CatalogueID = floor(($PerPage * $Page - $PerPage) / $CatalogueSize);
+        $CatalogueLimit = ($CatalogueID * $CatalogueSize).", $CatalogueSize";
+        return array($CatalogueID, $CatalogueLimit);
+    }
+
+
+    /**
+     * catalogue_select()
+     */
+    public static function catalogue_select($Catalogue, $Page, $PerPage, $CatalogueSize = 500)
+    {
+        return array_slice($Catalogue, (($PerPage * $Page - $PerPage) % $CatalogueSize), $PerPage, true);
+    }
+
+
+    /*
+     * Get pages
+     * Returns a page list, given certain information about the pages.
+     *
+     * @param int $StartPage: The current record the page you're on starts with.
+     *    e.g. if you're on page 2 of a forum thread with 25 posts per page, $StartPage is 25.
+     *    If you're on page 1, $StartPage is 0.
+     * @param int $TotalRecords: The total number of records in the result set.
+     *    e.g. if you're on a forum thread with 152 posts, $TotalRecords is 152.
+     * @param int $ItemsPerPage: Self-explanatory. The number of records shown on each page
+     *    e.g. if there are 25 posts per forum page, $ItemsPerPage is 25.
+     * @param int $ShowPages: The number of page links that are shown.
+     *    e.g. If there are 20 pages that exist, but $ShowPages is only 11, only 11 links will be shown.
+     * @param string $Anchor A URL fragment to attach to the links.
+     *    e.g. '#comment12'
+     * @return A sanitized HTML page listing.
+     */
+    public static function get_pages($StartPage, $TotalRecords, $ItemsPerPage, $ShowPages = 11, $Anchor = '')
+    {
+        global $Document, $Method, $Mobile;
+        $Location = "$Document.php";
+        $StartPage = ceil($StartPage);
+        $TotalPages = 0;
+
+        if ($TotalRecords > 0) {
+            $StartPage = min($StartPage, ceil($TotalRecords / $ItemsPerPage));
+
+            $ShowPages--;
+            $TotalPages = ceil($TotalRecords / $ItemsPerPage);
+
+            if ($TotalPages > $ShowPages) {
+                $StartPosition = $StartPage - round($ShowPages / 2);
+
+                if ($StartPosition <= 0) {
+                    $StartPosition = 1;
+                } else {
+                    if ($StartPosition >= ($TotalPages - $ShowPages)) {
+                        $StartPosition = $TotalPages - $ShowPages;
+                    }
+                }
+
+                $StopPage = $ShowPages + $StartPosition;
+            } else {
+                $StopPage = $TotalPages;
+                $StartPosition = 1;
+            }
+
+            $StartPosition = max($StartPosition, 1);
+
+            $QueryString = self::get_url(array('page', 'post'));
+            if ($QueryString !== '') {
+                $QueryString = "&amp;$QueryString";
+            }
+
+            $Pages = '';
+
+            if ($StartPage > 1) {
+                $Pages .= "<a href='$Location?page=1$QueryString$Anchor'><strong>&laquo; First</strong></a> ";
+                $Pages .= "<a href='$Location?page=".($StartPage - 1).$QueryString.$Anchor."' class='pager_prev'><strong>&lsaquo; Prev</strong></a> | ";
+            }
+            // End change
+
+            if (!$Mobile) {
+                for ($i = $StartPosition; $i <= $StopPage; $i++) {
+                    if ($i !== $StartPage) {
+                        $Pages .= "<a href='$Location?page=$i$QueryString$Anchor'>";
+                    }
+
+                    $Pages .= '<strong>';
+                    if ($i * $ItemsPerPage > $TotalRecords) {
+                        $Pages .= ((($i - 1) * $ItemsPerPage) + 1)."-$TotalRecords";
+                    } else {
+                        $Pages .= ((($i - 1) * $ItemsPerPage) + 1).'-'.($i * $ItemsPerPage);
+                    }
+
+                    $Pages .= '</strong>';
+                    if ($i !== $StartPage) {
+                        $Pages .= '</a>';
+                    }
+
+                    if ($i < $StopPage) {
+                        $Pages .= ' | ';
+                    }
+                }
+            } else {
+                $Pages .= $StartPage;
+            }
+
+            if ($StartPage && $StartPage < $TotalPages) {
+                $Pages .= " | <a href='$Location?page=".($StartPage + 1).$QueryString.$Anchor."' class='pager_next'><strong>Next &rsaquo;</strong></a> ";
+                $Pages .= "<a href='$Location?page=$TotalPages$QueryString$Anchor'><strong> Last&nbsp;&raquo;</strong></a>";
+            }
+        }
+
+        if ($TotalPages > 1) {
+            return $Pages;
+        }
+    }
+
+
+    /**
+     * Format a size in bytes as a human readable string in KiB/MiB/…
+     * Note: KiB, MiB, etc. are the IEC units, which are in base 2.
+     * KB, MB are the SI units, which are in base 10.
+     *
+     * @param int $Size
+     * @param int $Levels Number of decimal places. Defaults to 2, unless the size >= 1TB, in which case it defaults to 4.
+     * @return string formatted number.
+     */
+    public static function get_size($Size, $Levels = 2)
+    {
+        $Units = array('B', 'KiB', 'MiB', 'GiB', 'TiB', 'PiB', 'EiB', 'ZiB', 'YiB');
+        $Size = (double) $Size;
+
+        for ($Steps = 0; abs($Size) >= 1024 && $Steps < count($Units); $Size /= 1024, $Steps++) {
+        }
+
+        if (func_num_args() === 1 && $Steps >= 4) {
+            $Levels++;
+        }
+        return number_format($Size, $Levels) . ' ' . $Units[$Steps];
+    }
+
+
+    /**
+     * Format a number as a multiple of its highest power of 1000 (e.g. 10035 -> '10.04k')
+     *
+     * @param int $Number
+     * @return string formatted number.
+     */
+    public static function human_format($Number)
+    {
+        $Steps = 0;
+        while ($Number >= 1000) {
+            $Steps++;
+            $Number = $Number / 1000;
+        }
+
+        switch ($Steps) {
+          case 0: return round($Number); break;
+          case 1: return round($Number, 2).'k'; break;
+          case 2: return round($Number, 2).'M'; break;
+          case 3: return round($Number, 2).'G'; break;
+          case 4: return round($Number, 2).'T'; break;
+          case 5: return round($Number, 2).'P'; break;
+          default: return round($Number, 2).'E + '.$Steps * 3;
+        }
+    }
+
+
+    /**
+     * Given a formatted string of a size, get the number of bytes it represents.
+     *
+     * @param string $Size formatted size string, e.g. 123.45k
+     * @return Number of bytes it represents, e.g. (123.45 * 1024)
+     */
+    public static function get_bytes($Size)
+    {
+        list($Value, $Unit) = sscanf($Size, "%f%s");
+        $Unit = ltrim($Unit);
+
+        if (empty($Unit)) {
+            return $Value ? round($Value) : 0;
+        }
+
+        switch (strtolower($Unit[0])) {
+          case 'k': return round($Value * 1024);
+          case 'm': return round($Value * 1048576);
+          case 'g': return round($Value * 1073741824);
+          case 't': return round($Value * 1099511627776);
+          default: return 0;
+        }
+    }
+
+
+    /**
+     * Reverse the effects of display_str - un-sanitize HTML.
+     * Use sparingly.
+     *
+     * @param string $Str the string to unsanitize
+     * @return unsanitized string
+     */
+    public static function undisplay_str($Str)
+    {
+        return mb_convert_encoding($Str, 'UTF-8', 'HTML-ENTITIES');
+    }
+
+
+    /**
+     * Echo data sent in a GET form field, useful for text areas.
+     *
+     * @param string $Index the name of the form field
+     * @param boolean $Return if set to true, value is returned instead of echoed.
+     * @return Sanitized value of field index if $Return == true
+     */
+    public static function form($Index, $Return = false)
+    {
+        if (!empty($_GET[$Index])) {
+            if ($Return) {
+                return display_str($_GET[$Index]);
+            } else {
+                echo display_str($_GET[$Index]);
+            }
+        }
+    }
+
+
+    /**
+     * Convenience function to echo out selected="selected" and checked="checked" so you don't have to.
+     *
+     * @param string $Name the name of the option in the select (or field in $Array)
+     * @param mixed $Value the value that the option must be for the option to be marked as selected or checked
+     * @param string $Attribute The value returned/echoed is $Attribute="$Attribute" with a leading space
+     * @param array $Array The array the option is in, defaults to GET.
+     * @return void
+     */
+    public static function selected($Name, $Value, $Attribute = 'selected', $Array = [])
+    {
+        if (empty($Array)) {
+            $Array = $_GET;
+        }
+
+        if (isset($Array[$Name]) && $Array[$Name] !== '') {
+            if ($Array[$Name] === $Value) {
+                echo " $Attribute='$Attribute'";
+            }
+        }
+    }
+
+
+    /**
+     * Return a CSS class name if certain conditions are met. Mainly useful to mark links as 'active'
+     *
+     * @param mixed $Target The variable to compare all values against
+     *
+     * @param mixed $Tests The condition values. Type and dimension determines test type
+     *  - Scalar: $Tests must be equal to $Target for a match
+     *  - Vector: All elements in $Tests must correspond to equal values in $Target
+     *  - 2-dimensional array: At least one array must be identical to $Target
+     *
+     * @param string $ClassName CSS class name to return
+     * @param bool $AddAttribute Whether to include the "class" attribute in the output
+     * @param string $UserIDKey Key in _REQUEST for a user ID parameter, which if given will be compared to G::$LoggedUser[ID]
+     *
+     * @return class name on match, otherwise an empty string
+     */
+    public static function add_class($Target, $Tests, $ClassName, $AddAttribute, $UserIDKey = false)
+    {
+        if ($UserIDKey && isset($_REQUEST[$UserIDKey]) && G::$LoggedUser['ID'] !== $_REQUEST[$UserIDKey]) {
+            return '';
+        }
+
+        $Pass = true;
+        if (!is_array($Tests)) {
+            // Scalars are nice and easy
+            $Pass = $Tests === $Target;
+        } elseif (!is_array($Tests[0])) {
+            // Test all values in vectors
+            foreach ($Tests as $Type => $Part) {
+                if (!isset($Target[$Type]) || $Target[$Type] !== $Part) {
+                    $Pass = false;
+                    break;
+                }
+            }
+        } else {
+            // Loop to the end of the array or until we find a matching test
+            foreach ($Tests as $Test) {
+                $Pass = true;
+
+                // If $Pass remains true after this test, it's a match
+                foreach ($Test as $Type => $Part) {
+                    if (!isset($Target[$Type]) || $Target[$Type] !== $Part) {
+                        $Pass = false;
+                        break;
+                    }
+                }
+
+                if ($Pass) {
+                    break;
+                }
+            }
+        }
+
+        if (!$Pass) {
+            return '';
+        }
+
+        if ($AddAttribute) {
+            return " class='$ClassName'";
+        }
+        return " $ClassName";
+    }
+
+
+    /**
+     * Detect the encoding of a string and transform it to UTF-8.
+     *
+     * @param string $Str
+     * @return UTF-8 encoded version of $Str
+     */
+    public static function make_utf8($Str)
+    {
+        if ($Str !== '') {
+            if (self::is_utf8($Str)) {
+                $Encoding = 'UTF-8';
+            }
+
+            if (empty($Encoding)) {
+                $Encoding = mb_detect_encoding($Str, 'UTF-8, ISO-8859-1');
+            }
+
+            if (empty($Encoding)) {
+                $Encoding = 'ISO-8859-1';
+            }
+
+            if ($Encoding === 'UTF-8') {
+                return $Str;
+            } else {
+                return @mb_convert_encoding($Str, 'UTF-8', $Encoding);
+            }
+        }
+    }
+
+
+    /**
+     * Magical function.
+     *
+     * @param string $Str function to detect encoding on.
+     * @return true if the string is in UTF-8.
+     */
+    public static function is_utf8($Str)
+    {
+        return preg_match(
+            '%^(?:
+            [\x09\x0A\x0D\x20-\x7E]            // ASCII
+          | [\xC2-\xDF][\x80-\xBF]             // Non-overlong 2-byte
+          | \xE0[\xA0-\xBF][\x80-\xBF]         // Excluding overlongs
+          | [\xE1-\xEC\xEE\xEF][\x80-\xBF]{2}  // Straight 3-byte
+          | \xED[\x80-\x9F][\x80-\xBF]         // Excluding surrogates
+          | \xF0[\x90-\xBF][\x80-\xBF]{2}      // Planes 1-3
+          | [\xF1-\xF3][\x80-\xBF]{3}          // Planes 4-15
+          | \xF4[\x80-\x8F][\x80-\xBF]{2}      // Plane 16
+            )*$%xs',
+            $Str
+        );
+    }
+
+
+    /**
+     * Modified accessor for the $TorrentLabels array
+     *
+     * Converts $Text to lowercase and strips non-word characters
+     *
+     * @param string $Text Search string
+     * @return string CSS class(es)
+     */
+    public static function find_torrent_label_class($Text)
+    {
+        $Index = mb_eregi_replace('(?:[^\w\d\s]+)', '', strtolower($Text));
+        if (isset(self::$TorrentLabels[$Index])) {
+            return self::$TorrentLabels[$Index];
+        } else {
+            return self::$TorrentLabels['default'];
+        }
+    }
+
+
+    /**
+     * Creates a strong element that notes the torrent's state.
+     * E.g.: snatched/freeleech/neutral leech/reported
+     *
+     * The CSS class is inferred using find_torrent_label_class($Text)
+     *
+     * @param string $Text Display text
+     * @param string $Class Custom CSS class
+     * @return string <strong> element
+     */
+    public static function torrent_label($Text, $Class = '')
+    {
+        if (empty($Class)) {
+            $Class = self::find_torrent_label_class($Text);
+        }
+        
+        return sprintf(
+            '<strong class="torrent_label tooltip %1$s" title="%2$s" style="white-space: nowrap;">%2$s</strong>',
+            display_str($Class),
+            display_str($Text)
+        );
+    }
+
+
+    /**
+     * Formats a CSS class name from a Category ID
+     * @global array $Categories
+     * @param int|string $CategoryID This number will be subtracted by one
+     * @return string
+     */
+    public static function css_category($CategoryID = 1)
+    {
+        global $Categories;
+        return 'cats_' . strtolower(str_replace(
+            array('-', ' '),
+            '',
+            $Categories[$CategoryID - 1]
+        ));
+    }
+
+
+    /**
+     * Formats a CSS class name from a Category ID
+     * @global array $Categories
+     * @param int|string $CategoryID This number will be subtracted by one
+     * @return string
+     */
+    public static function pretty_category($CategoryID = 1)
+    {
+        global $Categories;
+        return ucwords(str_replace('-', ' ', $Categories[$CategoryID - 1]));
+    }
+}

classes/forums.class.php

@@ -0,0 +1,417 @@
+<?php
+
+class Forums
+{
+    /**
+     * Get information on a thread.
+     *
+     * @param int $ThreadID the thread ID.
+     * @param boolean $Return indicates whether thread info should be returned.
+     * @param Boolean $SelectiveCache cache thread info.
+     * @return array holding thread information.
+     */
+    public static function get_thread_info($ThreadID, $Return = true, $SelectiveCache = false)
+    {
+        if ((!$ThreadInfo = G::$Cache->get_value('thread_' . $ThreadID . '_info')) || !isset($ThreadInfo['Ranking'])) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query(
+                "
+            SELECT
+              t.`Title`,
+              t.`ForumID`,
+              t.`IsLocked`,
+              t.`IsSticky`,
+              COUNT(fp.`id`) AS Posts,
+              t.`LastPostAuthorID`,
+              ISNULL(p.`TopicID`) AS NoPoll,
+              t.`StickyPostID`,
+              t.`AuthorID` AS OP,
+              t.`Ranking`
+            FROM
+              `forums_topics` AS t
+            JOIN `forums_posts` AS fp
+            ON
+              fp.`TopicID` = t.`ID`
+            LEFT JOIN `forums_polls` AS p
+            ON
+              p.`TopicID` = t.`ID`
+            WHERE
+              t.`ID` = ?
+            GROUP BY
+              fp.TopicID
+              ",
+                $ThreadID
+            );
+
+            if (!G::$DB->has_results()) {
+                G::$DB->set_query_id($QueryID);
+                return null;
+            }
+
+            $ThreadInfo = G::$DB->next_record(MYSQLI_ASSOC, false);
+            if ($ThreadInfo['StickyPostID']) {
+                $ThreadInfo['Posts']--;
+                G::$DB->query(
+                    "
+                SELECT
+                  p.`ID`,
+                  p.`AuthorID`,
+                  p.`AddedTime`,
+                  p.`Body`,
+                  p.`EditedUserID`,
+                  p.`EditedTime`,
+                  ed.`Username`
+                FROM
+                  `forums_posts` AS p
+                LEFT JOIN `users_main` AS ed
+                ON
+                  ed.`ID` = p.`EditedUserID`
+                WHERE
+                  p.`TopicID` = ? AND p.`ID` = ? ",
+                    $ThreadID,
+                    $ThreadInfo['StickyPostID']
+                );
+                list($ThreadInfo['StickyPost']) = G::$DB->to_array(false, MYSQLI_ASSOC);
+            }
+
+            G::$DB->set_query_id($QueryID);
+            if (!$SelectiveCache || !$ThreadInfo['IsLocked'] || $ThreadInfo['IsSticky']) {
+                G::$Cache->cache_value('thread_'.$ThreadID.'_info', $ThreadInfo, 0);
+            }
+        }
+        
+        if ($Return) {
+            return $ThreadInfo;
+        }
+    }
+
+    /**
+     * Checks whether user has permissions on a forum.
+     *
+     * @param int $ForumID the forum ID.
+     * @param string $Perm the permissision to check, defaults to 'Read'
+     * @return boolean true if user has permission
+     */
+    public static function check_forumperm($ForumID, $Perm = 'Read')
+    {
+        $Forums = self::get_forums();
+        if (isset(G::$LoggedUser['CustomForums'][$ForumID]) && G::$LoggedUser['CustomForums'][$ForumID] === 1) {
+            return true;
+        }
+
+        if ($ForumID === DONOR_FORUM && Donations::has_donor_forum(G::$LoggedUser['ID'])) {
+            return true;
+        }
+
+        if ($Forums[$ForumID]['MinClass' . $Perm] > G::$LoggedUser['Class'] && (!isset(G::$LoggedUser['CustomForums'][$ForumID]) || G::$LoggedUser['CustomForums'][$ForumID] == 0)) {
+            return false;
+        }
+        
+        if (isset(G::$LoggedUser['CustomForums'][$ForumID]) && G::$LoggedUser['CustomForums'][$ForumID] === 0) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Gets basic info on a forum.
+     *
+     * @param int $ForumID the forum ID.
+     */
+    public static function get_forum_info($ForumID)
+    {
+        $Forum = G::$Cache->get_value("ForumInfo_$ForumID");
+        if (!$Forum) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query(
+                "
+            SELECT
+              `Name`,
+              `MinClassRead`,
+              `MinClassWrite`,
+              `MinClassCreate`,
+            COUNT(`forums_topics`.`ID`) AS Topics
+            FROM
+              `forums`
+            LEFT JOIN `forums_topics` ON `forums_topics`.`ForumID` = `forums`.`ID`
+            WHERE
+              `forums`.`ID` = ?
+            GROUP BY
+              `ForumID`
+            ",
+                $ForumID
+            );
+
+            if (!G::$DB->has_results()) {
+                return false;
+            }
+
+            // Makes an array, with $Forum['Name'], etc.
+            $Forum = G::$DB->next_record(MYSQLI_ASSOC);
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value("ForumInfo_$ForumID", $Forum, 86400);
+        }
+        return $Forum;
+    }
+
+    /**
+     * Get the forum categories
+     * @return array ForumCategoryID => Name
+     */
+    public static function get_forum_categories()
+    {
+        $ForumCats = G::$Cache->get_value('forums_categories');
+        if ($ForumCats === false) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT
+              `ID`,
+              `Name`
+            FROM
+              `forums_categories`
+            ");
+
+            $ForumCats = [];
+            while (list($ID, $Name) = G::$DB->next_record()) {
+                $ForumCats[$ID] = $Name;
+            }
+
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value('forums_categories', $ForumCats, 0);
+        }
+        return $ForumCats;
+    }
+
+    /**
+     * Get the forums
+     * @return array ForumID => (various information about the forum)
+     */
+    public static function get_forums()
+    {
+        if (!$Forums = G::$Cache->get_value('forums_list')) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT
+              f.`ID`,
+              f.`CategoryID`,
+              f.`Name`,
+              f.`Description`,
+              f.`MinClassRead` AS MinClassRead,
+              f.`MinClassWrite` AS MinClassWrite,
+              f.`MinClassCreate` AS MinClassCreate,
+              f.`NumTopics`,
+              f.`NumPosts`,
+              f.`LastPostID`,
+              f.`LastPostAuthorID`,
+              f.`LastPostTopicID`,
+              f.`LastPostTime`,
+              0 AS SpecificRules,
+              t.`Title`,
+              t.`IsLocked` AS Locked,
+              t.`IsSticky` AS Sticky
+            FROM
+              `forums` AS f
+            JOIN `forums_categories` AS fc
+            ON
+              fc.`ID` = f.`CategoryID`
+            LEFT JOIN `forums_topics` AS t
+            ON
+              t.`ID` = f.`LastPostTopicID`
+            GROUP BY
+              f.`ID`
+            ORDER BY
+              fc.`Sort`,
+              fc.`Name`,
+              f.`CategoryID`,
+              f.`Sort`
+            ");
+            $Forums = G::$DB->to_array('ID', MYSQLI_ASSOC, false);
+
+            G::$DB->query("
+            SELECT
+              `ForumID`,
+              `ThreadID`
+            FROM
+              `forums_specific_rules`
+            ");
+
+            $SpecificRules = [];
+            while (list($ForumID, $ThreadID) = G::$DB->next_record(MYSQLI_NUM, false)) {
+                $SpecificRules[$ForumID][] = $ThreadID;
+            }
+
+            G::$DB->set_query_id($QueryID);
+            foreach ($Forums as $ForumID => &$Forum) {
+                if (isset($SpecificRules[$ForumID])) {
+                    $Forum['SpecificRules'] = $SpecificRules[$ForumID];
+                } else {
+                    $Forum['SpecificRules'] = [];
+                }
+            }
+            G::$Cache->cache_value('forums_list', $Forums, 0);
+        }
+        return $Forums;
+    }
+
+    /**
+     * Get all forums that the current user has special access to ("Extra forums" in the profile)
+     * @return array Array of ForumIDs
+     */
+    public static function get_permitted_forums()
+    {
+        if (isset(G::$LoggedUser['CustomForums'])) {
+            return (array)array_keys(G::$LoggedUser['CustomForums'], 1);
+        } else {
+            return [];
+        }
+    }
+
+    /**
+     * Get all forums that the current user does not have access to ("Restricted forums" in the profile)
+     * @return array Array of ForumIDs
+     */
+    public static function get_restricted_forums()
+    {
+        if (isset(G::$LoggedUser['CustomForums'])) {
+            return (array)array_keys(G::$LoggedUser['CustomForums'], 0);
+        } else {
+            return [];
+        }
+    }
+
+    /**
+     * Get the last read posts for the current user
+     * @param array $Forums Array of forums as returned by self::get_forums()
+     * @return array TopicID => array(TopicID, PostID, Page) where PostID is the ID of the last read post and Page is the page on which that post is
+     */
+    public static function get_last_read($Forums)
+    {
+        if (isset(G::$LoggedUser['PostsPerPage'])) {
+            $PerPage = G::$LoggedUser['PostsPerPage'];
+        } else {
+            $PerPage = POSTS_PER_PAGE;
+        }
+
+        $TopicIDs = [];
+        foreach ($Forums as $Forum) {
+            if (!empty($Forum['LastPostTopicID'])) {
+                $TopicIDs[] = $Forum['LastPostTopicID'];
+            }
+        }
+
+        if (!empty($TopicIDs)) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query(
+                "
+            SELECT
+              l.`TopicID`,
+              l.`PostID`,
+              CEIL(
+                (
+                SELECT
+                  COUNT(p.`ID`)
+                FROM
+                  `forums_posts` AS p
+                WHERE
+                  p.`TopicID` = l.`TopicID` AND p.`ID` <= l.`PostID`
+                ) / ?
+              ) AS Page
+            FROM
+              `forums_last_read_topics` AS l
+            WHERE
+              l.`TopicID` IN(".implode(',', $TopicIDs).") AND l.`UserID` = ? ",
+                $PerPage,
+                G::$LoggedUser['ID']
+            );
+
+            $LastRead = G::$DB->to_array('TopicID', MYSQLI_ASSOC);
+            G::$DB->set_query_id($QueryID);
+        } else {
+            $LastRead = [];
+        }
+        return $LastRead;
+    }
+
+    /**
+     * Add a note to a topic.
+     * @param int $TopicID
+     * @param string $Note
+     * @param int|null $UserID
+     * @return boolean
+     */
+    public static function add_topic_note($TopicID, $Note, $UserID = null)
+    {
+        if ($UserID === null) {
+            $UserID = G::$LoggedUser['ID'];
+        }
+
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        INSERT INTO `forums_topic_notes`(
+          `TopicID`,
+          `AuthorID`,
+          `AddedTime`,
+          `Body`
+        )
+        VALUES(
+          '$TopicID',
+          '$UserID',
+          NOW(),
+          '$Note'
+        )
+        ");
+
+        G::$DB->set_query_id($QueryID);
+        return (bool) G::$DB->affected_rows();
+    }
+
+    /**
+     * Determine if a thread is unread
+     * @param bool $Locked
+     * @param bool $Sticky
+     * @param int $LastPostID
+     * @param array $LastRead An array as returned by self::get_last_read
+     * @param int $LastTopicID TopicID of the thread where the most recent post was made
+     * @param string $LastTime Datetime of the last post
+     * @return bool
+     */
+    public static function is_unread($Locked, $Sticky, $LastPostID, $LastRead, $LastTopicID, $LastTime)
+    {
+        return (!$Locked || $Sticky)
+            && $LastPostID !== 0
+            && (
+                (empty($LastRead[$LastTopicID]) || $LastRead[$LastTopicID]['PostID'] < $LastPostID)
+                && strtotime($LastTime) > G::$LoggedUser['CatchupTime']
+            );
+    }
+
+    /**
+     * Create the part of WHERE in the sql queries used to filter forums for a
+     * specific user (MinClassRead, restricted and permitted forums).
+     * @return string
+     */
+    public static function user_forums_sql()
+    {
+        // I couldn't come up with a good name, please rename this if you can. -- Y
+        $RestrictedForums = self::get_restricted_forums();
+        $PermittedForums = self::get_permitted_forums();
+
+        if (Donations::has_donor_forum(G::$LoggedUser['ID']) && !in_array(DONOR_FORUM, $PermittedForums)) {
+            $PermittedForums[] = DONOR_FORUM;
+        }
+
+        $SQL = "((f.`MinClassRead` <= '" . G::$LoggedUser['Class'] . "'";
+        if (count($RestrictedForums)) {
+            $SQL .= " AND f.`ID` NOT IN ('" . implode("', '", $RestrictedForums) . "')";
+        }
+
+        $SQL .= ')';
+        if (count($PermittedForums)) {
+            $SQL .= " OR f.`ID` IN ('" . implode("', '", $PermittedForums) . "')";
+        }
+        
+        $SQL .= ')';
+        return $SQL;
+    }
+}

classes/g.class.php

@@ -0,0 +1,17 @@
+<?php
+declare(strict_types = 1);
+
+class G
+{
+    public static $DB;
+    public static $Cache;
+    public static $LoggedUser;
+
+    public static function initialize()
+    {
+        global $DB, $Cache, $LoggedUser;
+        self::$DB = $DB;
+        self::$Cache = $Cache;
+        self::$LoggedUser =& $LoggedUser;
+    }
+}

classes/image.class.php

@@ -0,0 +1,67 @@
+<?php
+
+if (!extension_loaded('gd')) {
+    error('GD Extension not loaded.');
+}
+
+class IMAGE
+{
+    public $Image = false;
+    public $FontSize = 10;
+    public $Font = '';
+    public $TextAngle = 0;
+
+    public function create($Width, $Height)
+    {
+        $this->Image = imagecreate($Width, $Height);
+        $this->Font = SERVER_ROOT.'/classes/fonts/VERDANA.TTF';
+
+        if (function_exists('imageantialias')) {
+            imageantialias($this->Image, true);
+        }
+    }
+
+    public function color($Red, $Green, $Blue, $Alpha = 0)
+    {
+        return imagecolorallocatealpha($this->Image, $Red, $Green, $Blue, $Alpha);
+    }
+
+    public function line($x1, $y1, $x2, $y2, $Color, $Thickness = 1)
+    {
+        if ($Thickness === 1) {
+            return imageline($this->Image, $x1, $y1, $x2, $y2, $Color);
+        }
+        $t = $Thickness / 2 - 0.5;
+
+        if ($x1 === $x2 || $y1 === $y2) {
+            return imagefilledrectangle($this->Image, round(min($x1, $x2) - $t), round(min($y1, $y2) - $t), round(max($x1, $x2) + $t), round(max($y1, $y2) + $t), $color);
+        }
+        $k = ($y2 - $y1) / ($x2 - $x1); //y = kx + q
+        $a = $t / sqrt(1 + pow($k, 2));
+
+        $Points = array(
+            round($x1 - (1 + $k) * $a), round($y1 + (1 - $k) * $a),
+            round($x1 - (1 - $k) * $a), round($y1 - (1 + $k) * $a),
+            round($x2 + (1 + $k) * $a), round($y2 - (1 - $k) * $a),
+            round($x2 + (1 - $k) * $a), round($y2 + (1 + $k) * $a),
+        );
+
+        imagefilledpolygon($this->Image, $Points, 4, $Color);
+        return imagepolygon($this->Image, $Points, 4, $Color);
+    }
+
+    public function ellipse($x, $y, $Width, $Height, $Color)
+    {
+        return imageEllipse($this->Image, $x, $y, $Width, $Height, $Color);
+    }
+
+    public function text($x, $y, $Color, $Text)
+    {
+        return imagettftext($this->Image, $this->FontSize, $this->TextAngle, $x, $y, $Color, $this->Font, $Text);
+    }
+
+    public function make_png($FileName = null)
+    {
+        return imagepng($this->Image, $FileName);
+    }
+}

classes/imagetools.class.php

@@ -0,0 +1,58 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * ImageTools Class
+ * Thumbnail aide, mostly
+ */
+class ImageTools
+{
+    /**
+     * Determine the image URL. This takes care of the image proxy and thumbnailing.
+     * @param string $Url
+     * @param string $Thumb image proxy scale profile to use
+     * @return string
+     */
+    public static function process($Url = '', $Thumb = false)
+    {
+        $ENV = ENV::go();
+
+        if (!$Url) {
+            return '';
+        }
+        
+        if (preg_match('/^https:\/\/('.SITE_DOMAIN.'|'.$ENV->IMAGE_DOMAIN.')\//', $Url) || $Url[0] === '/') {
+            if (strpos($Url, '?') === false) {
+                $Url .= '?';
+            }
+            return $Url;
+        } else {
+            return 'https://'
+            . $ENV->IMAGE_DOMAIN
+            . ($Thumb?"/$Thumb/":'/')
+            . '?h='
+            . rawurlencode(base64_encode(hash_hmac('sha256', $Url, IMAGE_PSK, true)))
+            . '&i='
+            . urlencode($Url);
+        }
+    }
+
+    /**
+     * Checks if a link's host is (not) good, otherwise displays an error.
+     * @param string $Url Link to an image
+     * @return boolean
+     */
+    public static function blacklisted($Url, $ShowError = true)
+    {
+        $Blacklist = ['tinypic.com'];
+        foreach ($Blacklist as $Value) {
+            if (stripos($Url, $Value) !== false) {
+                if ($ShowError) {
+                    error($Value . ' is not an allowed image host. Please use a different host.');
+                }
+                return true;
+            }
+        }
+        return false;
+    }
+}

classes/inbox.class.php

@@ -0,0 +1,31 @@
+<?php
+
+class Inbox
+{
+    /*
+     * Get the link to a user's inbox.
+     * This is what handles the ListUnreadPMsFirst setting
+     *
+     * @param string - whether the inbox or sentbox should be loaded
+     * @return string - the URL to a user's inbox
+     */
+    public static function get_inbox_link($WhichBox = 'inbox')
+    {
+        $ListFirst = isset(G::$LoggedUser['ListUnreadPMsFirst']) ? G::$LoggedUser['ListUnreadPMsFirst'] : false;
+
+        if ($WhichBox === 'inbox') {
+            if ($ListFirst) {
+                $InboxURL = 'inbox.php?sort=unread';
+            } else {
+                $InboxURL = 'inbox.php';
+            }
+        } else {
+            if ($ListFirst) {
+                $InboxURL = 'inbox.php?action=sentbox&amp;sort=unread';
+            } else {
+                $InboxURL = 'inbox.php?action=sentbox';
+            }
+        }
+        return $InboxURL;
+    }
+}

classes/invite_tree.class.php

@@ -0,0 +1,270 @@
+<?php
+
+class INVITE_TREE
+{
+    public $UserID = 0;
+    public $Visible = true;
+
+    // Set things up
+    public function INVITE_TREE($UserID, $Options = [])
+    {
+        $this->UserID = $UserID;
+        if ($Options['visible'] === false) {
+            $this->Visible = false;
+        }
+    }
+
+    public function make_tree()
+    {
+        $QueryID = G::$DB->get_query_id();
+        $UserID = $this->UserID; ?>
+
+<div class="invitetree pad">
+    <?php
+    G::$DB->query("
+    SELECT
+      `TreePosition`,
+      `TreeID`,
+      `TreeLevel`
+    FROM
+      `invite_tree`
+    WHERE
+      `UserID` = $UserID
+    ");
+
+        list($TreePosition, $TreeID, $TreeLevel) = G::$DB->next_record(MYSQLI_NUM, false);
+        if (!$TreeID) {
+            return;
+        }
+
+        G::$DB->query("
+        SELECT
+          `TreePosition`
+        FROM
+          `invite_tree`
+        WHERE
+          `TreeID` = $TreeID AND `TreeLevel` = $TreeLevel AND `TreePosition` > $TreePosition
+        ORDER BY
+          `TreePosition` ASC
+        LIMIT 1
+        ");
+
+        if (G::$DB->has_results()) {
+            list($MaxPosition) = G::$DB->next_record(MYSQLI_NUM, false);
+        } else {
+            $MaxPosition = false;
+        }
+
+        $TreeQuery = G::$DB->query("
+        SELECT
+          it.`UserID`,
+          `Enabled`,
+          `PermissionID`,
+          `Donor`,
+          `Uploaded`,
+          `Downloaded`,
+          `Paranoia`,
+          `TreePosition`,
+          `TreeLevel`
+        FROM
+          `invite_tree` AS it
+        JOIN `users_main` AS um
+        ON
+          um.`ID` = it.`UserID`
+        JOIN `users_info` AS ui
+        ON
+          ui.`UserID` = it.`UserID`
+        WHERE
+          `TreeID` = $TreeID AND `TreePosition` > $TreePosition ".
+          ($MaxPosition ? " AND `TreePosition` < $MaxPosition " : '')."
+          AND `TreeLevel` > $TreeLevel
+        ORDER BY
+          `TreePosition`
+        ");
+        $PreviousTreeLevel = $TreeLevel;
+
+        // Stats for the summary
+        $MaxTreeLevel = $TreeLevel; // The deepest level (this changes)
+        $OriginalTreeLevel = $TreeLevel; // The level of the user we're viewing
+        $BaseTreeLevel = $TreeLevel + 1; // The level of users invited by our user
+        $Count = 0;
+        $Branches = 0;
+        $DisabledCount = 0;
+        $DonorCount = 0;
+        $ParanoidCount = 0;
+        $TotalUpload = 0;
+        $TotalDownload = 0;
+        $TopLevelUpload = 0;
+        $TopLevelDownload = 0;
+
+        $ClassSummary = [];
+        global $Classes;
+        foreach ($Classes as $ClassID => $Val) {
+            $ClassSummary[$ClassID] = 0;
+        }
+
+        // We store this in an output buffer, so we can show the summary at the top without having to loop through twice
+        ob_start();
+        while (list($ID, $Enabled, $Class, $Donor, $Uploaded, $Downloaded, $Paranoia, $TreePosition, $TreeLevel) = G::$DB->next_record(MYSQLI_NUM, false)) {
+
+            // Do stats
+            $Count++;
+
+            if ($TreeLevel > $MaxTreeLevel) {
+                $MaxTreeLevel = $TreeLevel;
+            }
+
+            if ($TreeLevel === $BaseTreeLevel) {
+                $Branches++;
+                $TopLevelUpload += $Uploaded;
+                $TopLevelDownload += $Downloaded;
+            }
+
+            $ClassSummary[$Class]++;
+            if ($Enabled === 2) {
+                $DisabledCount++;
+            }
+
+            if ($Donor) {
+                $DonorCount++;
+            }
+
+            // Manage tree depth
+            if ($TreeLevel > $PreviousTreeLevel) {
+                for ($i = 0; $i < $TreeLevel - $PreviousTreeLevel; $i++) {
+                    echo "\n\n<ul class=\"invitetree\">\n\t<li>\n";
+                }
+            } elseif ($TreeLevel < $PreviousTreeLevel) {
+                for ($i = 0; $i < $PreviousTreeLevel - $TreeLevel; $i++) {
+                    echo "\t</li>\n</ul>\n";
+                }
+                echo "\t</li>\n\t<li>\n";
+            } else {
+                echo "\t</li>\n\t<li>\n";
+            }
+            $UserClass = $Classes[$Class]['Level']; ?>
+
+    <strong>
+        <?=Users::format_username($ID, true, true, ($Enabled !== 2 ? false : true), true)?>
+    </strong>
+
+    <?php
+      if (check_paranoia(array('uploaded', 'downloaded'), $Paranoia, $UserClass)) {
+          $TotalUpload += $Uploaded;
+          $TotalDownload += $Downloaded; ?>
+
+    &nbsp;Uploaded: <strong><?=Format::get_size($Uploaded)?></strong>
+    &nbsp;Downloaded: <strong><?=Format::get_size($Downloaded)?></strong>
+    &nbsp;Ratio: <strong><?=Format::get_ratio_html($Uploaded, $Downloaded)?></strong>
+    <?php
+      } else {
+          $ParanoidCount++; ?>
+    &nbsp;Hidden
+    <?php
+      } ?>
+
+    <?php
+      $PreviousTreeLevel = $TreeLevel;
+            G::$DB->set_query_id($TreeQuery);
+        }
+
+        $Tree = ob_get_clean();
+        for ($i = 0; $i < $PreviousTreeLevel - $OriginalTreeLevel; $i++) {
+            $Tree .= "\t</li>\n</ul>\n";
+        }
+
+        if ($Count) {
+            ?>
+    <p style="font-weight: bold;">
+        This tree has <?=number_format($Count)?> entries,
+        <?=number_format($Branches)?> branches,
+        and a depth of <?=number_format($MaxTreeLevel - $OriginalTreeLevel)?>.
+        It has
+        <?php
+      $ClassStrings = [];
+            foreach ($ClassSummary as $ClassID => $ClassCount) {
+                if ($ClassCount == 0) {
+                    continue;
+                }
+
+                $LastClass = Users::make_class_string($ClassID);
+                if ($ClassCount > 1) {
+                    if ($LastClass === 'Torrent Celebrity') {
+                        $LastClass = 'Torrent Celebrities';
+                    } else {
+                        // Prevent duplicate letterss
+                        if (substr($LastClass, -1) !== 's') {
+                            $LastClass.='s';
+                        }
+                    }
+                }
+
+                $LastClass = "$ClassCount $LastClass (" . number_format(($ClassCount / $Count) * 100) . '%)';
+                $ClassStrings[] = $LastClass;
+            }
+
+            if (count($ClassStrings) > 1) {
+                array_pop($ClassStrings);
+                echo implode(', ', $ClassStrings);
+                echo ' and '.$LastClass;
+            } else {
+                echo $LastClass;
+            }
+
+            echo '. ';
+            echo $DisabledCount;
+            echo ($DisabledCount === 1) ? ' user is' : ' users are';
+            echo ' disabled (';
+
+            if ($DisabledCount === 0) {
+                echo '0%)';
+            } else {
+                echo number_format(($DisabledCount / $Count) * 100) . '%)';
+            }
+
+            echo ', and ';
+            echo $DonorCount;
+            echo ($DonorCount === 1) ? ' user has' : ' users have';
+            echo ' donated (';
+
+            if ($DonorCount === 0) {
+                echo '0%)';
+            } else {
+                echo number_format(($DonorCount / $Count) * 100) . '%)';
+            }
+            echo '. </p>';
+
+            echo '<p style="font-weight: bold;">';
+            echo 'The total amount uploaded by the entire tree was '.Format::get_size($TotalUpload);
+            echo '; the total amount downloaded was '.Format::get_size($TotalDownload);
+            echo '; and the total ratio is '.Format::get_ratio_html($TotalUpload, $TotalDownload).'. ';
+            echo '</p>';
+
+            echo '<p style="font-weight: bold;">';
+            echo 'The total amount uploaded by direct invitees (the top level) was '.Format::get_size($TopLevelUpload);
+            echo '; the total amount downloaded was '.Format::get_size($TopLevelDownload);
+            echo '; and the total ratio is '.Format::get_ratio_html($TopLevelUpload, $TopLevelDownload).'. ';
+
+            echo "These numbers include the stats of paranoid users and will be factored into the invitation giving script.\n\t\t</p>\n";
+
+            if ($ParanoidCount) {
+                echo '<p style="font-weight: bold;">';
+                echo $ParanoidCount;
+                echo ($ParanoidCount === 1) ? ' user (' : ' users (';
+                echo number_format(($ParanoidCount / $Count) * 100);
+                echo '%) ';
+                echo ($ParanoidCount === 1) ? ' is' : ' are';
+                echo ' too paranoid to have their stats shown here, and ';
+                echo ($ParanoidCount === 1) ? ' was' : ' were';
+                echo ' not factored into the stats for the total tree.';
+                echo '</p>';
+            }
+        } ?>
+        <br />
+        <?=$Tree?>
+</div>
+
+<?php
+    G::$DB->set_query_id($QueryID);
+    }
+}

classes/ipv4.class.php

@@ -0,0 +1,153 @@
+<?php
+declare(strict_types = 1);
+
+/**
+ * Adapted from
+ * https://github.com/OPSnet/Gazelle/blob/master/app/Manager/IPv4.php
+ *
+ * Not working as of 2020-12-12
+ */
+
+class IPv4
+{
+    const CACHE_KEY = 'ipv4_bans_';
+
+    /**
+     * Returns the unsigned 32bit form of an IPv4 address
+     *
+     * @param string $ipv4 The IP address x.x.x.x
+     * @return string the long it represents.
+     */
+    public function ip2ulong(string $ipv4)
+    {
+        return sprintf('%u', ip2long($ipv4));
+    }
+
+    /**
+     * Returns true if given IP is banned.
+     * TODO: This looks really braindead. Why not compare the 32bit address
+     *       directly BETWEEN FromIP AND ToIP? Apart from dubious merits of
+     *       caching?
+     *
+     * @param string $IP
+     * @return bool True if banned
+     */
+    public function isBanned(string $IP)
+    {
+        $A = substr($IP, 0, strcspn($IP, '.'));
+        $key = self::CACHE_KEY . $A;
+        $IPBans = G::$Cache->get_value($key);
+
+        if (!is_array($IPBans)) {
+            G::$DB->prepare_query("
+            SELECT 
+              `FromIP`,
+              `ToIP`,
+              `ID`
+            FROM
+              `ip_bans`
+            WHERE
+              `FromIP` BETWEEN $A << 24 AND (($A+1) << 24) - 1
+            ");
+
+            G::$DB->exec_prepared_query();
+            $IPBans = G::$DB->to_array(0, MYSQLI_NUM);
+            G::$Cache->cache_value($key, $IPBans, 0);
+        }
+
+        $IPNum = IPv4::ip2ulong($IP);
+        foreach ($IPBans as $IPBan) {
+            list($FromIP, $ToIP) = $IPBan;
+
+            if ($IPNum >= $FromIP && $IPNum <= $ToIP) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Create an ip address ban over a range of addresses. Will append
+     * the given reason to an existing ban.
+     *
+     * @param int $userId The person doing the band (0 for system)
+     * @param string $from The first address (dotted quad a.b.c.d)
+     * @param string $to The last adddress in the range (may equal $from)
+     * @param string $reason Why ban?
+     */
+    public function createBan(int $userId, $ipv4From, string $ipv4To, string $reason)
+    {
+        $from = $this->ip2ulong($ipv4From);
+        $to   = $this->ip2ulong($ipv4To);
+
+        $current = G::$DB->scalar("
+        SELECT
+          `Reason`
+        FROM
+          `ip_bans`
+        WHERE
+          '$from' BETWEEN `FromIP` AND `ToIP`
+        ");
+
+        if ($current) {
+            if ($current !== $reason) {
+                G::$DB->prepare_query("
+                UPDATE
+                  `ip_bans`
+                SET
+                  `Reason` = CONCAT('$reason', ' AND ', `Reason`),
+                  `UserID` = '$userId',
+                  `Created` = NOW()
+                WHERE
+                  `FromIP` = '$from' AND `ToIP` = '$to'
+                ");
+                G::$DB->exec_prepared_query();
+            }
+        } else { // Not yet banned
+            G::$DB->prepare_query("
+            INSERT INTO `ip_bans`(`Reason`, `FromIP`, `ToIP`, `UserID`)
+            VALUES('$reason', '$from', '$to', '$userId')
+            ");
+
+            G::$DB->exec_prepared_query();
+            G::$Cache->delete_value(
+                self::CACHE_KEY . substr($ipv4From, 0, strcspn($ipv4From, '.'))
+            );
+        }
+    }
+
+    /**
+     * Remove an ip ban
+     *
+     * param int $id Row to remove
+     */
+    public function removeBan(int $id)
+    {
+        $fromClassA = G::$DB->scalar("
+        SELECT
+          `FromIP` >> 24
+        FROM
+          `ip_bans`
+        WHERE
+          `ID` = '$id'
+        ");
+
+        if (is_null($fromClassA)) {
+            return;
+        }
+
+        G::$DB->prepare_query("
+        DELETE
+        FROM
+          `ip_bans`
+        WHERE
+          `ID` = '$id'
+        ");
+
+        if (G::$DB->affected_rows()) {
+            G::$DB->exec_prepared_query();
+            G::$Cache->delete_value(self::CACHE_KEY . $fromClassA);
+        }
+    }
+}

classes/json.class.php

@@ -0,0 +1,131 @@
+<?php
+declare(strict_types = 1);
+
+/**
+ * Adapted from
+ * https://github.com/OPSnet/Gazelle/blob/master/app/Json.php
+ *
+ * Unused as of 2020-12-12
+ */
+
+abstract class Json
+{
+    protected $version;
+    protected $source;
+    protected $mode;
+
+    /**
+     * __construct
+     */
+    public function __construct()
+    {
+        parent::__construct();
+        $this->source = SITE_NAME;
+        $this->mode = 0;
+        $this->version = 1;
+    }
+
+    /**
+     * The payload of a valid JSON response, implemented in the child class.
+     * @return array Payload to be passed to json_encode()
+     *         null if the payload cannot be produced (permissions, id not found, ...).
+     */
+    abstract public function payload(): ?array;
+
+    /**
+     * Configure JSON printing (any of the json_encode  JSON_* constants)
+     *
+     * @param int $mode the bit-or'ed values to confgure encoding results
+     */
+    public function setMode(string $mode)
+    {
+        $this->mode = $mode;
+        return $this;
+    }
+
+    /**
+     * set the version of the Json payload. Increment the
+     * value when there is significant change in the payload.
+     * If not called, the version defaults to 1.
+     *
+     * @param int version
+     */
+    public function setVersion(int $version)
+    {
+        $this->version = $version;
+        return $this;
+    }
+
+    /**
+     * General failure routine for when bad things happen.
+     *
+     * @param string $message The error set in the JSON response
+     */
+    public function failure(string $message)
+    {
+        print json_encode(
+            array_merge(
+                [
+                    'status' => 'failure',
+                    'response' => [],
+                    'error' => $message,
+                ],
+                $this->info(),
+                $this->debug(),
+            ),
+            $this->mode
+        );
+    }
+
+    /**
+     * emit
+     */
+    public function emit()
+    {
+        $payload = $this->payload();
+        if (!$payload) {
+            return;
+        }
+        print json_encode(
+            array_merge(
+                [
+                    'status' => 'success',
+                    'response' => $payload,
+                ],
+                $this->info(),
+                $this->debug()
+            ),
+            $this->mode
+        );
+    }
+
+    /**
+     * debug
+     */
+    protected function debug()
+    {
+        if (!check_perms('site_debug')) {
+            return [];
+        }
+        global $Debug;
+        return [
+            'debug' => [
+                'queries'  => $Debug->get_queries(),
+                'searches' => $Debug->get_sphinxql_queries(),
+            ],
+        ];
+    }
+
+    /**
+     * info
+     */
+    protected function info()
+    {
+        return [
+            'info' => [
+                'source' => $this->source,
+                'version' => $this->version,
+            ]
+        ];
+    }
+}

classes/lockedaccounts.class.php

@@ -0,0 +1,60 @@
+<?php
+
+/**
+ * Class to manage locked accounts
+ */
+class LockedAccounts
+{
+
+    /**
+     * Lock an account
+     *
+     * @param int $UserID The ID of the user to lock
+     * @param int $Type The lock type, should be a constant value
+     * @param string $Message The message to write to user notes
+     * @param string $Reason The reason for the lock
+     * @param int $LockedByUserID The ID of the staff member that locked $UserID's account. 0 for system
+     */
+    public static function lock_account($UserID, $Type, $Message, $Reason, $LockedByUserID)
+    {
+        if ($LockedByUserID === 0) {
+            $Username = "System";
+        } else {
+            G::$DB->query("SELECT Username FROM users_main WHERE ID = '" . $LockedByUserID . "'");
+            list($Username) = G::$DB->next_record();
+        }
+
+        G::$DB->query("
+        INSERT INTO locked_accounts (UserID, Type)
+          VALUES ('" . $UserID . "', " . $Type . ")");
+          
+        Tools::update_user_notes($UserID, sqltime() . " - " . db_string($Message) . " by $Username\nReason: " . db_string($Reason) . "\n\n");
+        G::$Cache->delete_value("user_info_$UserID");
+    }
+
+    /**
+     * Unlock an account
+     *
+     * @param int $UserID The ID of the user to unlock
+     * @param int $Type The lock type, should be a constant value. Used for database verification
+     *                  to avoid deleting the wrong lock type
+     * @param string $Reason The reason for unlock
+     * @param int $UnlockedByUserID The ID of the staff member unlocking $UserID's account. 0 for system
+     */
+    public static function unlock_account($UserID, $Type, $Message, $Reason, $UnlockedByUserID)
+    {
+        if ($UnlockedByUserID === 0) {
+            $Username = "System";
+        } else {
+            G::$DB->query("SELECT Username FROM users_main WHERE ID = '" . $UnlockedByUserID . "'");
+            list($Username) = G::$DB->next_record();
+        }
+
+        G::$DB->query("DELETE FROM locked_accounts WHERE UserID = '$UserID' AND Type = '". $Type ."'");
+
+        if (G::$DB->affected_rows() === 1) {
+            G::$Cache->delete_value("user_info_$UserID");
+            Tools::update_user_notes($UserID, sqltime() . " - " . db_string($Message) . " by $Username\nReason: " . db_string($Reason) . "\n\n");
+        }
+    }
+}

classes/loginwatch.class.php

@@ -0,0 +1,305 @@
+<?php
+declare(strict_types = 1);
+
+/**
+ * Adapted from
+ * https://github.com/OPSnet/Gazelle/blob/master/app/LoginWatch.php
+ *
+ * Unknown status as of 2020-12-12
+ */
+
+class LoginWatch
+{
+    protected $watchId;
+
+    /**
+     * Set the context of a watched IP address (to save passing it in to each method call).
+     * On a virgin login with no previous errors there may not even be a watch yet
+     * @param int ID of the watch
+     */
+    public function setWatch($watchId)
+    {
+        if (!is_null($watchId)) {
+            $this->watchId = $watchId;
+        }
+        return $this;
+    }
+
+    /**
+     * Find a login watch by IP address
+     * @param string IPv4 address
+     * @return array [watchId, nrAttemtps, nrBans, bannedUntil]
+     */
+    public function findByIp(string $ipaddr): ?array
+    {
+        # Default: remote host
+        if (empty($ipaddr)) {
+            $ipaddr = $_SERVER['REMOTE_ADDR'];
+        }
+
+        return G::$DB->row("
+        SELECT
+          `ID`,
+          `Attempts`,
+          `Bans`,
+          `BannedUntil`
+        FROM
+          `login_attempts`
+        WHERE
+          `IP` = '$ipaddr'
+        ");
+    }
+
+    /**
+     * Create a new login watch on an userid/username/ipaddress
+     * @param string IPv4 address
+     * @param string|null $capture The username captured on the form
+     * @param int $userId
+     * @return int ID of watch
+     */
+    public function create(string $ipaddr, ?string $capture, int $userId = 0)
+    {
+        G::$DB->prepare_query("
+        INSERT INTO `login_attempts`(`IP`, `Capture`, `UserID`)
+        VALUES('$ipaddr', '$capture', '$userId')
+        ");
+
+        G::$DB->exec_prepared_query();
+        return ($this->watchId = G::$DB->inserted_id());
+    }
+
+    /**
+     * Record another failure attempt on this watch. If the user has not
+     * logged in recently from this IP address then subsequent logins
+     * will be blocked for increasingly longer times, otherwise 1 minute.
+     *
+     * @param int $userId The ID of the user
+     * @param string $ipaddr The IP the user is coming from
+     * @param string $capture The username captured on the form
+     * @return int 1 if the watch was updated
+     */
+    public function increment(int $userId, string $ipaddr, ?string $capture): int
+    {
+        $seen = G::$DB->query("
+        SELECT
+          1
+        FROM
+          `users_history_ips`
+        WHERE
+          (
+            `EndTime` IS NULL
+            OR `EndTime` > NOW() - INTERVAL 1 WEEK
+          )
+          AND `UserID` = '$userId'
+          AND `IP` = '$ipaddr'
+        ");
+
+        $delay = $seen ? 60 : LOGIN_ATTEMPT_BACKOFF[min($this->nrAttempts(), count(LOGIN_ATTEMPT_BACKOFF)-1)];
+        G::$DB->prepare_query("
+            UPDATE `login_attempts` SET
+                `Attempts` = `Attempts` + 1,
+                `LastAttempt` = now(),
+                `BannedUntil` = now() + INTERVAL '$delay' SECOND,
+                `UserID` = '$userId',
+                `Capture` ='$capture' 
+            WHERE `ID` = '$this->watchId' 
+            ");
+        return G::$DB->affected_rows();
+    }
+
+    /**
+     * Ban subsequent attempts to login from this watched IP address for 6 hours
+     * @param int $attempts How many attempts so far?
+     * @param string the username captured on the form (which may not even be a valid user)
+     * @param int $userId user ID of a valid user (or 0 if invalid username)
+     * @return int 1 if the watch was banned
+     */
+    public function ban(int $attempts, ?string $capture, int $userId = 0): int
+    {
+        G::$DB->prepare_query("
+        UPDATE
+          `login_attempts`
+        SET
+          `Bans` = `Bans` + 1,
+          `LastAttempt` = NOW(),
+          `BannedUntil` = NOW() + INTERVAL 6 HOUR,
+          `Attempts` = '$attempts',
+          `Capture` = '$capture',
+          `UserID` = '$userId'
+        WHERE
+          `ID` = '$this->watchId'
+        ");
+
+        G::$DB->exec_prepared_query();
+        return G::$DB->affected_rows();
+    }
+
+    /**
+     * When does the login ban expire?
+     * @return string datestamp of expiry
+     */
+    public function bannedUntil(): ?string
+    {
+        return G::$DB->scalar("
+        SELECT
+          `BannedUntil`
+        FROM
+          `login_attempts`
+        WHERE
+          `ID` = '$this->watchId'
+        ");
+    }
+
+    /**
+     * If the login ban was in the past then they get 6 more shots
+     * @return int 1 if a prior ban was cleared
+     */
+    public function clearPriorBan(): int
+    {
+        G::$DB->prepare_query("
+        UPDATE
+          `login_attempts`
+        SET
+          `BannedUntil` = NULL,
+          `Attempts` = 0
+        WHERE
+          `BannedUntil` < NOW()
+          AND `ID` = '$this->watchId'
+        ");
+
+        G::$DB->exec_prepared_query();
+        return G::$DB->affected_rows();
+    }
+
+    /**
+     * If the login was successful, clear prior attempts
+     * @return int 1 if an update was made
+     */
+    public function clearAttempts(): int
+    {
+        G::$DB->prepare_query("
+        UPDATE
+          `login_attempts`
+        SET
+          `Attempts` = 0
+        WHERE
+          `ID` = '$this->watchId'
+        ");
+
+        G::$DB->exec_prepared_query();
+        return $this->db->affected_rows();
+    }
+
+    /**
+     * How many attempts have been made on this watch?
+     * @return int Number of attempts
+     */
+    public function nrAttempts(): int
+    {
+        return (int) G::$DB->scalar("
+        SELECT
+          `Attempts`
+        FROM
+          `login_attempts`
+        WHERE
+          `ID` = '$this->watchId'
+        ") ?? 0;
+    }
+
+    /**
+     * Get the list of login failures
+     * @return array list [ID, ipaddr, userid, LastAttempt (datetime), Attempts, BannedUntil (datetime), Bans]
+     */
+    public function activeList(string $orderBy, string $orderWay): array
+    {
+        G::$DB->prepare_query("
+        SELECT
+          w.`ID` AS id,
+          w.`IP` AS ipaddr,
+          w.`UserID` AS user_id,
+          w.`LastAttempt` AS last_attempt,
+          w.`Attempts` AS attempts,
+          w.`BannedUntil` AS banned_until,
+          w.`Bans` AS bans,
+          w.`Capture`,
+          um.`Username` AS username,
+          (ip.`FromIP` IS NOT NULL) AS banned
+        FROM
+          `login_attempts` w
+        LEFT JOIN `users_main` um ON
+          (um.`ID` = w.`UserID`)
+        LEFT JOIN `ip_bans` ip ON
+          (ip.`FromIP` = INET_ATON(w.`IP`))
+        WHERE
+          (
+            w.`BannedUntil` > NOW()
+            OR w.`LastAttempt` > NOW() - INTERVAL 6 HOUR
+          )
+        ORDER BY
+          '$orderBy' '$orderWay'
+        ");
+
+        G::$DB->exec_prepared_query();
+        return G::$DB->to_array('id', MYSQLI_ASSOC, false);
+    }
+
+    /**
+     * Ban the IP addresses pointed to by the IDs that are on login watch.
+     * @param array list of IDs to ban.
+     * @return number of addresses banned
+     */
+    public function setBan(int $userId, string $reason, array $list): int
+    {
+        if (!$list) {
+            return 0;
+        }
+
+        $reason = trim($reason);
+        $n = 0;
+
+        foreach ($list as $id) {
+            $ipv4 = G::$DB->scalar("
+            SELECT
+              INET_ATON(`IP`)
+            FROM
+              `login_attempts`
+            WHERE
+              `ID` = '$id'
+            ");
+
+            G::$DB->prepared_query("
+            INSERT IGNORE
+            INTO `ip_bans`(`UserID`, `Reason`, `FromIP`, `ToIP`)
+            VALUES('$userId', '$reason', '$ipv4', '$ipv4')
+            ");
+
+            G::$DB->exec_prepared_query();
+            $n += $this->db->affected_rows();
+        }
+
+        return $n;
+    }
+
+    /**
+     * Clear the list of IDs that are on login watch.
+     * @param array list of IDs to clear.
+     * @return number of rows removed
+     */
+    public function setClear(array $list): int
+    {
+        if (!$list) {
+            return 0;
+        }
+
+        G::$DB->prepare_query("
+        DELETE
+        FROM
+          `login_attempts`
+        WHERE
+          `ID` IN(".placeholders($list).")
+        ", ...$list);
+
+        G::$DB->exec_prepared_query();
+        return G::$DB->affected_rows();
+    }
+}

classes/mass_user_bookmarks_editor.class.php

@@ -0,0 +1,89 @@
+<?php
+
+//require_once 'mass_user_torrents_editor.class.php';
+
+/**
+ * This class helps with mass-editing bookmarked torrents.
+ *
+ * It can later be used for other bookmark tables.
+ *
+ */
+class MASS_USER_BOOKMARKS_EDITOR extends MASS_USER_TORRENTS_EDITOR
+{
+    public function __construct($Table = 'bookmarks_torrents')
+    {
+        $this->set_table($Table);
+    }
+
+    /**
+     * Runs a SQL query and clears the Cache key
+     *
+     * G::$Cache->delete_value didn't always work, but setting the key to null, did. (?)
+     *
+     * @param string $sql
+     */
+    protected function query_and_clear_cache($sql)
+    {
+        $QueryID = G::$DB->get_query_id();
+        if (is_string($sql) && G::$DB->query($sql)) {
+            G::$Cache->delete_value('bookmarks_group_ids_' . G::$LoggedUser['ID']);
+        }
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+     * Uses (checkboxes) $_POST['remove'] to delete entries.
+     *
+     * Uses an IN() to match multiple items in one query.
+     */
+    public function mass_remove()
+    {
+        $SQL = [];
+        foreach ($_POST['remove'] as $GroupID => $K) {
+            if (is_number($GroupID)) {
+                $SQL[] = sprintf('%d', $GroupID);
+            }
+        }
+
+        if (!empty($SQL)) {
+            $SQL = sprintf(
+                '
+            DELETE FROM %s
+              WHERE UserID = %d
+              AND GroupID IN (%s)',
+                $this->Table,
+                G::$LoggedUser['ID'],
+                implode(', ', $SQL)
+            );
+            $this->query_and_clear_cache($SQL);
+        }
+    }
+
+    /**
+     * Uses $_POST['sort'] values to update the DB.
+     */
+    public function mass_update()
+    {
+        $SQL = [];
+        foreach ($_POST['sort'] as $GroupID => $Sort) {
+            if (is_number($Sort) && is_number($GroupID)) {
+                $SQL[] = sprintf('(%d, %d, %d)', $GroupID, $Sort, G::$LoggedUser['ID']);
+            }
+        }
+
+        if (!empty($SQL)) {
+            $SQL = sprintf(
+                '
+            INSERT INTO %s
+              (GroupID, Sort, UserID)
+            VALUES
+              %s
+            ON DUPLICATE KEY UPDATE
+              Sort = VALUES (Sort)',
+                $this->Table,
+                implode(', ', $SQL)
+            );
+            $this->query_and_clear_cache($SQL);
+        }
+    }
+}

classes/mass_user_torrents_editor.class.php

@@ -0,0 +1,66 @@
+<?php
+
+/**
+ * Abstract class
+ * Mass User-Torrents Editor
+ *
+ * A class that deals with mass editing a user's torrents.
+ *
+ * This abstract class is used by sub-classes as a way to access the Cache/DB.
+ *
+ * It is intended to streamline the process of processing data sent by the
+ * MASS_USER_TORRENT_TABLE_VIEW class.
+ *
+ * It could also be used for other types like collages.
+ */
+abstract class MASS_USER_TORRENTS_EDITOR
+{
+    /**
+     * The affected DB table
+     * @var string $Table
+     */
+    protected $Table;
+
+    /**
+     * Set the Table
+     * @param string $Table
+     */
+    final public function set_table($Table)
+    {
+        $this->Table = db_string($Table);
+    }
+
+    /**
+     * Get the Table
+     * @return string $Table
+     */
+    final public function get_table()
+    {
+        return $this->Table;
+    }
+
+    /**
+     * The extending class must provide a method to send a query and clear the cache
+     */
+    abstract protected function query_and_clear_cache($sql);
+
+    /**
+     * A method to insert many rows into a single table
+     * Not required in subsequent classes
+     */
+    public function mass_add()
+    {
+    }
+
+    /**
+     * A method to remove many rows from a table
+     * The extending class must have a mass_remove method
+     */
+    abstract public function mass_remove();
+
+    /**
+     * A method to update many rows in a table
+     * The extending class must have a mass_update method
+     */
+    abstract public function mass_update();
+}

classes/mass_user_torrents_table_view.class.php

@@ -0,0 +1,300 @@
+<?php
+declare(strict_types = 1);
+
+/**
+ * This class outputs a table that can be used to sort torrents through a drag/drop
+ * interface, an automatic column sorter, or manual imput.
+ *
+ * It places checkboxes to delete items.
+ *
+ * (It creates a div#thin.)
+ *
+ * It can be used for Bookmarks, Collages, or anywhere where torrents are managed.
+ */
+class MASS_USER_TORRENTS_TABLE_VIEW
+{
+    /**
+     * Used to set text the page heading (h2 tag)
+     * @var string $Heading
+     */
+    private $Heading = 'Manage Torrents';
+
+    /**
+     * Sets the value of the input name="type"
+     * Later to be used as $_POST['type'] in a form processor
+     * @var string $EditType
+     */
+    private $EditType;
+
+    /**
+     * Flag for empty $TorrentList
+     * @var bool $HasTorrentList
+     */
+    private $HasTorrents;
+
+    /**
+     * Internal reference to the TorrentList
+     * @var array $TorrentList
+     */
+    private $TorrentList;
+
+    /**
+     * Ref. to $CollageDataList
+     * @var array $CollageDataList
+     */
+    private $CollageDataList;
+
+    /**
+     * Counter for number of groups
+     * @var in $NumGroups
+     */
+    private $NumGroups = 0;
+
+    /**
+     * When creating a new instance of this class, TorrentList and
+     * CollageDataList must be passed. Additionally, a heading can be added.
+     *
+     * @param array $TorrentList
+     * @param array $CollageDataList
+     * @param string $EditType
+     * @param string $Heading
+     */
+    public function __construct(array &$TorrentList, array &$CollageDataList, $EditType, $Heading = null)
+    {
+        $this->set_heading($Heading);
+        $this->set_edit_type($EditType);
+
+        $this->TorrentList = $TorrentList;
+        $this->CollageDataList = $CollageDataList;
+
+        $this->HasTorrents = !empty($TorrentList);
+        if (!$this->HasTorrents) {
+            $this->no_torrents();
+        }
+    }
+
+    private function no_torrents()
+    { ?>
+<div>
+  <div class="header">
+    <h2>No torrents found</h2>
+  </div>
+  <div class="box pad" align="center">
+    <p>Add some torrents and come back later</p>
+  </div>
+</div>
+<?php
+    }
+
+    /**
+     * Renders a complete page and table
+     */
+    public function render_all()
+    {
+        $this->header();
+        $this->body();
+        $this->footer();
+    }
+
+    /**
+     * Renders a comptele page/table header: div#thin, h2, scripts, notes,
+     * form, table, etc.
+     */
+    public function header()
+    {
+        if ($this->HasTorrents) { ?>
+<div>
+  <div class="header">
+    <h2><?=display_str($this->Heading)?>
+    </h2>
+  </div>
+
+  <table width="100%" class="layout box">
+    <tr class="colhead">
+      <td id="sorting_head">Sorting</td>
+    </tr>
+
+    <tr>
+      <td id="drag_drop_textnote">
+        <ul>
+          <li>Click on the headings to organize columns automatically.</li>
+          <li>Sort multiple columns simultaneously by holding down the shift key and clicking other column headers.</li>
+          <li>Click and drag any row to change its order.</li>
+          <li>Double-click on a row to check it.</li>
+        </ul>
+      </td>
+    </tr>
+  </table>
+
+  <form action="bookmarks.php" method="post" id="drag_drop_collage_form">
+
+    <?php $this->buttons(); ?>
+
+    <table id="manage_collage_table" class="box">
+      <thead>
+        <tr class="colhead">
+          <th style="width: 7%;" data-sorter="false">Order</th>
+          <th style="width: 1%;"><span><abbr class="tooltip" title="Current order">#</abbr></span></th>
+          <th style="width: 1%;"><span>Year</span></th>
+          <th style="width: 15%;" data-sorter="ignoreArticles"><span>Artist</span></th>
+          <th data-sorter="ignoreArticles"><span>Torrent</span></th>
+          <th style="width: 5%;" data-sorter="relativeTime"><span>Bookmarked</span></th>
+          <th style="width: 1%;" id="check_all" data-sorter="false"><span>Remove</span></th>
+        </tr>
+      </thead>
+      <tbody>
+        <?php
+        }
+    }
+
+    /**
+     * Closes header code
+     */
+    public function footer()
+    {
+        if ($this->HasTorrents) { ?>
+      </tbody>
+    </table>
+
+    <?php $this->buttons(); ?>
+
+    <div>
+      <input type="hidden" name="action" value="mass_edit" />
+      <input type="hidden" name="type"
+        value="<?=display_str($this->EditType)?>" />
+      <input type="hidden" name="auth"
+        value="<?=G::$LoggedUser['AuthKey']?>" />
+    </div>
+  </form>
+</div>
+<?php
+        }
+    }
+
+    /**
+     * Formats data for use in row
+     *
+     */
+    public function body()
+    {
+        if ($this->HasTorrents) {
+            foreach ($this->TorrentList as $GroupID => $Group) {
+                $Artists = [];
+
+                extract($Group);
+                extract($this->CollageDataList[$GroupID]);
+
+                $this->NumGroups++;
+
+                $DisplayName = self::display_name($ExtendedArtists, $Artists, $VanityHouse);
+                $TorrentLink = '<a href="torrents.php?id='.$GroupID.'" class="tooltip" title="View torrent">'.$Name.'</a>';
+                $Year = $Year > 0 ? $Year : '';
+                $DateAdded = date($Time);
+
+                $this->row($Sort, $GroupID, $Year, $DisplayName, $TorrentLink, $DateAdded);
+            }
+        }
+    }
+
+    /**
+     * Outputs a single row
+     *
+     * @param string|int $Sort
+     * @param string|int $GroupID
+     * @param string|int $GroupYear
+     * @param string $DisplayName
+     * @param string $TorrentLink
+     */
+    public function row($Sort, $GroupID, $GroupYear, $DisplayName, $TorrentLink, $DateAdded)
+    { ?>
+<tr class="drag row" id="li_<?=$GroupID?>">
+  <td>
+    <input class="sort_numbers" type="text"
+      name="sort[<?=$GroupID?>]"
+      value="<?=$Sort?>"
+      id="sort_<?=$GroupID?>" size="4" />
+  </td>
+
+  <td>
+    <?=$this->NumGroups?>
+  </td>
+
+  <td>
+    <?=$GroupYear ? trim($GroupYear) : ' '?>
+  </td>
+
+  <td>
+    <?=$DisplayName ? trim($DisplayName) : ' '?>
+  </td>
+
+  <td>
+    <?=$TorrentLink ? trim($TorrentLink) : ' '?>
+  </td>
+
+  <td class="nobr tooltip" title="<?=$DateAdded?>">
+    <?=$DateAdded ? time_diff($DateAdded) : ' '?>
+  </td>
+
+  <td class="center">
+    <input type="checkbox" name="remove[<?=$GroupID?>]" value="" />
+  </td>
+</tr>
+<?php
+    }
+
+    /**
+     * Parses a simple display name
+     *
+     * @param array $ExtendedArtists
+     * @param array $Artists
+     * @param string $VanityHouse
+     * @return string $DisplayName
+     */
+    public static function display_name(array &$ExtendedArtists, array &$Artists, $VanityHouse)
+    {
+        $DisplayName = '';
+        if (!empty($ExtendedArtists[1]) || !empty($ExtendedArtists[4])
+         || !empty($ExtendedArtists[5]) || !empty($ExtendedArtists[6])) {
+            unset($ExtendedArtists[2], $ExtendedArtists[3]);
+            $DisplayName = Artists::display_artists($ExtendedArtists, true, false);
+        } elseif (count($Artists) > 0) {
+            $DisplayName = Artists::display_artists(array('1'=>$Artists), true, false);
+        }
+
+        if ($VanityHouse) {
+            $DisplayName .= ' [<abbr class="tooltip" title="This is a Vanity House release">VH</abbr>]';
+        }
+        return $DisplayName;
+    }
+
+    /**
+     * Renders buttons used at the top and bottom of the table
+     */
+    public function buttons()
+    { ?>
+<div class="drag_drop_save">
+  <input type="submit" name="update" value="Update ranking" title="Save your rank"
+    class="tooltip save_sortable_collage" />
+  <input type="submit" name="delete" value="Delete checked" title="Remove items"
+    class="tooltip save_sortable_collage" />
+</div>
+<?php
+    }
+
+    /**
+     * @param string $EditType
+     */
+    public function set_edit_type($EditType)
+    {
+        $this->EditType = $EditType;
+    }
+
+    /**
+     * Set's the current page's heading
+     * @param string $Heading
+     */
+    public function set_heading($Heading)
+    {
+        $this->Heading = $Heading;
+    }
+}

classes/misc.class.php

@@ -0,0 +1,580 @@
+<?php
+
+class Misc
+{
+    /**
+     * Send an email.
+     *
+     * @param string $To the email address to send it to.
+     * @param string $Subject
+     * @param string $Body
+     * @param string $From The user part of the user@$ENV->SITE_DOMAIN email address.
+     * @param string $ContentType text/plain or text/html
+     */
+    public static function send_email($To, $Subject, $Body, $From = 'noreply', $ContentType = 'text/plain')
+    {
+        $ENV = ENV::go();
+
+        # todo: <<<EOT
+        $Headers  = "MIME-Version: 1.0\r\n";
+        $Headers .= "Content-type: $ContentType; charset=utf-8\r\n";
+        $Headers .= "From: $ENV->SITE_NAME <$From@$ENV->SITE_DOMAIN>\r\n";
+        $Headers .= "Reply-To: $From@$ENV->SITE_DOMAIN\r\n";
+        $Headers .= "X-Mailer: Project Gazelle\r\n";
+        $Headers .= "Message-Id: <".Users::make_secret()."@$ENV->SITE_DOMAIN>\r\n";
+        $Headers .= "X-Priority: 3\r\n";
+
+        // Check if email is enabled
+        if ($ENV->FEATURE_SEND_EMAIL) {
+            mail($To, $Subject, $Body, $Headers, "-f $From@$ENV->SITE_DOMAIN");
+        }
+    }
+
+    /**
+     * Sanitize a string to be allowed as a filename.
+     *
+     * @param string $EscapeStr the string to escape
+     * @return the string with all banned characters removed.
+     */
+    public static function file_string($EscapeStr)
+    {
+        $ENV = ENV::go();
+        return str_replace($ENV->BAD_CHARS, '', $EscapeStr);
+    }
+
+    /**
+     * Sends a PM from $FromId to $ToId.
+     *
+     * @param string $ToID ID of user to send PM to. If $ToID is an array and $ConvID is empty, a message will be sent to multiple users.
+     * @param string $FromID ID of user to send PM from, 0 to send from system
+     * @param string $Subject
+     * @param string $Body
+     * @param int $ConvID The conversation the message goes in. Leave blank to start a new conversation.
+     * @return
+     */
+    public static function send_pm($ToID, $FromID, $Subject, $Body, $ConvID = '')
+    {
+        global $Time;
+        $UnescapedSubject = $Subject;
+        $UnescapedBody = $Body;
+        $Subject = db_string($Subject);
+        $Body = Crypto::encrypt(substr($Body, 0, 49135)); // 49135 -> encryption -> 65536 (max length in mysql)
+
+        if ($ToID === 0) {
+            // Don't allow users to send messages to the system
+            return;
+        }
+
+        $QueryID = G::$DB->get_query_id();
+
+        if ($ConvID === '') {
+            // Create a new conversation.
+            G::$DB->query("
+            INSERT INTO pm_conversations (Subject)
+            VALUES ('$Subject')");
+            $ConvID = G::$DB->inserted_id();
+
+            G::$DB->query("
+            INSERT INTO pm_conversations_users
+              (UserID, ConvID, InInbox, InSentbox, SentDate, ReceivedDate, UnRead)
+            VALUES
+              ('$ToID', '$ConvID', '1','0', NOW(), NOW(), '1')");
+
+            if ($FromID === $ToID) {
+                G::$DB->query(
+                    "
+                UPDATE pm_conversations_users
+                SET InSentbox = '1'
+                  WHERE ConvID = '$ConvID'"
+                );
+            } elseif ($FromID !== 0) {
+                G::$DB->query("
+                INSERT INTO pm_conversations_users
+                  (UserID, ConvID, InInbox, InSentbox, SentDate, ReceivedDate, UnRead)
+                VALUES
+                  ('$FromID', '$ConvID', '0','1', NOW(), NOW(), '0')");
+            }
+            $ToID = array($ToID);
+        } else {
+            // Update the pre-existing conversations
+            G::$DB->query("
+            UPDATE pm_conversations_users
+            SET
+              InInbox = '1',
+              UnRead = '1',
+              ReceivedDate = NOW()
+            WHERE UserID IN (".implode(',', $ToID).")
+              AND ConvID = '$ConvID'");
+
+            G::$DB->query("
+            UPDATE pm_conversations_users
+            SET
+              InSentbox = '1',
+              SentDate = NOW()
+            WHERE UserID = '$FromID'
+              AND ConvID = '$ConvID'");
+        }
+
+        // Now that we have a $ConvID for sure, send the message
+        G::$DB->query("
+      INSERT INTO pm_messages
+        (SenderID, ConvID, SentDate, Body)
+      VALUES
+        ('$FromID', '$ConvID', NOW(), '$Body')");
+
+        // Update the cached new message count
+        foreach ($ToID as $ID) {
+            G::$DB->query("
+            SELECT COUNT(ConvID)
+            FROM pm_conversations_users
+              WHERE UnRead = '1'
+              AND UserID = '$ID'
+              AND InInbox = '1'");
+
+            list($UnRead) = G::$DB->next_record();
+            G::$Cache->cache_value("inbox_new_$ID", $UnRead);
+        }
+
+        G::$DB->query("
+        SELECT Username
+        FROM users_main
+          WHERE ID = '$FromID'");
+
+        list($SenderName) = G::$DB->next_record();
+        foreach ($ToID as $ID) {
+            G::$DB->query("
+            SELECT COUNT(ConvID)
+            FROM pm_conversations_users
+              WHERE UnRead = '1'
+              AND UserID = '$ID'
+              AND InInbox = '1'");
+                  
+            list($UnRead) = G::$DB->next_record();
+            G::$Cache->cache_value("inbox_new_$ID", $UnRead);
+        }
+
+        G::$DB->set_query_id($QueryID);
+        return $ConvID;
+    }
+
+    /**
+     * Create thread function, things should already be escaped when sent here.
+     *
+     * @param int $ForumID
+     * @param int $AuthorID ID of the user creating the post.
+     * @param string $Title
+     * @param string $PostBody
+     * @return -1 on error, -2 on user not existing, thread id on success.
+     */
+    public static function create_thread($ForumID, $AuthorID, $Title, $PostBody)
+    {
+        global $Time;
+        if (!$ForumID || !$AuthorID || !is_number($AuthorID) || !$Title || !$PostBody) {
+            return -1;
+        }
+
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT Username
+        FROM users_main
+          WHERE ID = $AuthorID");
+
+        if (!G::$DB->has_results()) {
+            G::$DB->set_query_id($QueryID);
+            return -2;
+        }
+        list($AuthorName) = G::$DB->next_record();
+
+        $ThreadInfo = [];
+        $ThreadInfo['IsLocked'] = 0;
+        $ThreadInfo['IsSticky'] = 0;
+
+        G::$DB->query("
+        INSERT INTO forums_topics
+          (Title, AuthorID, ForumID, LastPostTime, LastPostAuthorID, CreatedTime)
+        VALUES
+          ('$Title', '$AuthorID', '$ForumID', NOW(), '$AuthorID', NOW())");
+
+        $TopicID = G::$DB->inserted_id();
+        $Posts = 1;
+
+        G::$DB->query("
+        INSERT INTO forums_posts
+          (TopicID, AuthorID, AddedTime, Body)
+        VALUES
+          ('$TopicID', '$AuthorID', NOW(), '$PostBody')");
+        $PostID = G::$DB->inserted_id();
+
+        G::$DB->query("
+        UPDATE forums
+        SET
+          NumPosts  = NumPosts + 1,
+          NumTopics = NumTopics + 1,
+          LastPostID = '$PostID',
+          LastPostAuthorID = '$AuthorID',
+          LastPostTopicID = '$TopicID',
+          LastPostTime = NOW()
+        WHERE ID = '$ForumID'");
+
+        G::$DB->query("
+        UPDATE forums_topics
+        SET
+          NumPosts = NumPosts + 1,
+          LastPostID = '$PostID',
+          LastPostAuthorID = '$AuthorID',
+          LastPostTime = NOW()
+        WHERE ID = '$TopicID'");
+
+        // Bump this topic to head of the cache
+        list($Forum, , , $Stickies) = G::$Cache->get_value("forums_$ForumID");
+        if (!empty($Forum)) {
+            if (count($Forum) === TOPICS_PER_PAGE && $Stickies < TOPICS_PER_PAGE) {
+                array_pop($Forum);
+            }
+
+            G::$DB->query("
+            SELECT IsLocked, IsSticky, NumPosts
+            FROM forums_topics
+              WHERE ID ='$TopicID'");
+
+            list($IsLocked, $IsSticky, $NumPosts) = G::$DB->next_record();
+            $Part1 = array_slice($Forum, 0, $Stickies, true); // Stickies
+
+            $Part2 = array(
+                $TopicID => array(
+                    'ID' => $TopicID,
+                    'Title' => $Title,
+                    'AuthorID' => $AuthorID,
+                    'IsLocked' => $IsLocked,
+                    'IsSticky' => $IsSticky,
+                    'NumPosts' => $NumPosts,
+                    'LastPostID' => $PostID,
+                    'LastPostTime' => sqltime(),
+                    'LastPostAuthorID' => $AuthorID,
+                )
+            ); // Bumped thread
+
+            $Part3 = array_slice($Forum, $Stickies, TOPICS_PER_PAGE, true); //Rest of page
+            if ($Stickies > 0) {
+                $Part1 = array_slice($Forum, 0, $Stickies, true); //Stickies
+                $Part3 = array_slice($Forum, $Stickies, TOPICS_PER_PAGE - $Stickies - 1, true); //Rest of page
+            } else {
+                $Part1 = [];
+                $Part3 = $Forum;
+            }
+
+            if (is_null($Part1)) {
+                $Part1 = [];
+            }
+
+            if (is_null($Part3)) {
+                $Part3 = [];
+            }
+
+            $Forum = $Part1 + $Part2 + $Part3;
+            G::$Cache->cache_value("forums_$ForumID", array($Forum, '', 0, $Stickies), 0);
+        }
+
+        // Update the forum root
+        G::$Cache->begin_transaction('forums_list');
+        $UpdateArray = array(
+            'NumPosts' => '+1',
+            'NumTopics' => '+1',
+            'LastPostID' => $PostID,
+            'LastPostAuthorID' => $AuthorID,
+            'LastPostTopicID' => $TopicID,
+            'LastPostTime' => sqltime(),
+            'Title' => $Title,
+            'IsLocked' => $ThreadInfo['IsLocked'],
+            'IsSticky' => $ThreadInfo['IsSticky']
+        );
+
+        $UpdateArray['NumTopics'] = '+1';
+
+        G::$Cache->update_row($ForumID, $UpdateArray);
+        G::$Cache->commit_transaction(0);
+
+        $CatalogueID = floor((POSTS_PER_PAGE * ceil($Posts / POSTS_PER_PAGE) - POSTS_PER_PAGE) / THREAD_CATALOGUE);
+        G::$Cache->begin_transaction('thread_'.$TopicID.'_catalogue_'.$CatalogueID);
+
+        $Post = array(
+            'ID' => $PostID,
+            'AuthorID' => G::$LoggedUser['ID'],
+            'AddedTime' => sqltime(),
+            'Body' => $PostBody,
+            'EditedUserID' => 0,
+            'EditedTime' => null,
+            'Username' => ''
+        );
+        
+        G::$Cache->insert('', $Post);
+        G::$Cache->commit_transaction(0);
+
+        G::$Cache->begin_transaction('thread_'.$TopicID.'_info');
+        G::$Cache->update_row(false, array('Posts' => '+1', 'LastPostAuthorID' => $AuthorID));
+        G::$Cache->commit_transaction(0);
+
+        G::$DB->set_query_id($QueryID);
+        return $TopicID;
+    }
+
+    /**
+     * If the suffix of $Haystack is $Needle
+     *
+     * @param string $Haystack String to search in
+     * @param string $Needle String to search for
+     * @return boolean True if $Needle is a suffix of $Haystack
+     */
+    public static function ends_with($Haystack, $Needle)
+    {
+        return substr($Haystack, strlen($Needle) * -1) === $Needle;
+    }
+
+    /**
+     * If the prefix of $Haystack is $Needle
+     *
+     * @param string $Haystack String to search in
+     * @param string $Needle String to search for
+     * @return boolean True if $Needle is a prefix of $Haystack
+     */
+    public static function starts_with($Haystack, $Needle)
+    {
+        return strpos($Haystack, $Needle) === 0;
+    }
+
+    /**
+     * Variant of in_array() with trailing wildcard support
+     *
+     * @param string $Needle, array $Haystack
+     * @return boolean true if (substring of) $Needle exists in $Haystack
+     */
+    public static function in_array_partial($Needle, $Haystack)
+    {
+        static $Searches = [];
+        if (array_key_exists($Needle, $Searches)) {
+            return $Searches[$Needle];
+        }
+
+        foreach ($Haystack as $String) {
+            if (substr($String, -1) === '*') {
+                if (!strncmp($Needle, $String, strlen($String) - 1)) {
+                    $Searches[$Needle] = true;
+                    return true;
+                }
+            } elseif (!strcmp($Needle, $String)) {
+                $Searches[$Needle] = true;
+                return true;
+            }
+        }
+
+        $Searches[$Needle] = false;
+        return false;
+    }
+
+    /**
+     * Used to check if keys in $_POST and $_GET are all set, and throws an error if not.
+     * This reduces 'if' statement redundancy for a lot of variables
+     *
+     * @param array $Request Either $_POST or $_GET, or whatever other array you want to check.
+     * @param array $Keys The keys to ensure are set.
+     * @param boolean $AllowEmpty If set to true, a key that is in the request but blank will not throw an error.
+     * @param int $Error The error code to throw if one of the keys isn't in the array.
+     */
+    public static function assert_isset_request($Request, $Keys = null, $AllowEmpty = false, $Error = 0)
+    {
+        if (isset($Keys)) {
+            foreach ($Keys as $K) {
+                if (!isset($Request[$K]) || ($AllowEmpty === false && $Request[$K] === '')) {
+                    error($Error);
+                    break;
+                }
+            }
+        } else {
+            foreach ($Request as $R) {
+                if (!isset($R) || ($AllowEmpty === false && $R === '')) {
+                    error($Error);
+                    break;
+                }
+            }
+        }
+    }
+
+    /**
+     * Given an array of tags, return an array of their IDs.
+     *
+     * @param array $TagNames
+     * @return array IDs
+     */
+    public static function get_tags($TagNames)
+    {
+        $TagIDs = [];
+        foreach ($TagNames as $Index => $TagName) {
+            $Tag = G::$Cache->get_value("tag_id_$TagName");
+            if (is_array($Tag)) {
+                unset($TagNames[$Index]);
+                $TagIDs[$Tag['ID']] = $Tag['Name'];
+            }
+        }
+
+        if (count($TagNames) > 0) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT ID, Name
+            FROM tags
+              WHERE Name IN ('".implode("', '", $TagNames)."')");
+
+            $SQLTagIDs = G::$DB->to_array();
+            G::$DB->set_query_id($QueryID);
+
+            foreach ($SQLTagIDs as $Tag) {
+                $TagIDs[$Tag['ID']] = $Tag['Name'];
+                G::$Cache->cache_value('tag_id_'.$Tag['Name'], $Tag, 0);
+            }
+        }
+        return($TagIDs);
+    }
+
+    /**
+     * Gets the alias of the tag; if there is no alias, silently returns the original tag.
+     *
+     * @param string $BadTag the tag we want to alias
+     * @return string The aliased tag.
+     */
+    public static function get_alias_tag($BadTag)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT AliasTag
+        FROM tag_aliases
+          WHERE BadTag = '$BadTag'
+          LIMIT 1");
+
+        if (G::$DB->has_results()) {
+            list($AliasTag) = G::$DB->next_record();
+        } else {
+            $AliasTag = $BadTag;
+        }
+        G::$DB->set_query_id($QueryID);
+        return $AliasTag;
+    }
+
+    /*
+     * Write a message to the system log.
+     *
+     * @param string $Message the message to write.
+     */
+    public static function write_log($Message)
+    {
+        global $Time;
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        INSERT INTO log (Message, Time)
+          VALUES (?, NOW())", $Message);
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+     * Get a tag ready for database input and display.
+     *
+     * @param string $Str
+     * @return sanitized version of $Str
+     */
+    public static function sanitize_tag($Str)
+    {
+        $Str = strtolower($Str);
+        $Str = preg_replace('/[^a-z0-9:.]/', '', $Str);
+        $Str = preg_replace('/(^[.,]*)|([.,]*$)/', '', $Str);
+        $Str = htmlspecialchars($Str);
+        $Str = db_string(trim($Str));
+        return $Str;
+    }
+
+    /**
+     * HTML escape an entire array for output.
+     * @param array $Array, what we want to escape
+     * @param boolean/array $Escape
+     *  if true, all keys escaped
+     *  if false, no escaping.
+     *  If array, it's a list of array keys not to escape.
+     * @return mutated version of $Array with values escaped.
+     */
+    public static function display_array($Array, $Escape = [])
+    {
+        foreach ($Array as $Key => $Val) {
+            if ((!is_array($Escape) && $Escape === true) || !in_array($Key, $Escape)) {
+                $Array[$Key] = display_str($Val);
+            }
+        }
+        return $Array;
+    }
+
+    /**
+     * Searches for a key/value pair in an array.
+     *
+     * @return array of results
+     */
+    public static function search_array($Array, $Key, $Value)
+    {
+        $Results = [];
+        if (is_array($Array)) {
+            if (isset($Array[$Key]) && $Array[$Key] === $Value) {
+                $Results[] = $Array;
+            }
+
+            foreach ($Array as $subarray) {
+                $Results = array_merge($Results, self::search_array($subarray, $Key, $Value));
+            }
+        }
+        return $Results;
+    }
+
+    /**
+     * Search for $Needle in the string $Haystack which is a list of values separated by $Separator.
+     * @param string $Haystack
+     * @param string $Needle
+     * @param string $Separator
+     * @param boolean $Strict
+     * @return boolean
+     */
+    public static function search_joined_string($Haystack, $Needle, $Separator = '|', $Strict = true)
+    {
+        return (array_search($Needle, explode($Separator, $Haystack), $Strict) !== false);
+    }
+
+    /**
+     * Check for a ":" in the beginning of a torrent meta data string
+     * to see if it's stored in the old base64-encoded format
+     *
+     * @param string $Torrent the torrent data
+     * @return true if the torrent is stored in binary format
+     */
+    public static function is_new_torrent(&$Data)
+    {
+        return strpos(substr($Data, 0, 10), ':') !== false;
+    }
+
+    public static function display_recommend($ID, $Type, $Hide = true)
+    {
+        if ($Hide) {
+            $Hide = ' style="display: none;"';
+        } ?>
+<div id="recommendation_div" data-id="<?=$ID?>"
+    data-type="<?=$Type?>" <?=$Hide?> class="center">
+    <div style="display: inline-block;">
+        <strong>Recommend to:</strong>
+        <select id="friend" name="friend">
+            <option value="0" selected="selected">Choose friend</option>
+        </select>
+        <input type="text" id="recommendation_note" placeholder="Add note..." />
+        <button id="send_recommendation" disabled="disabled">Send</button>
+    </div>
+    <div class="new" id="recommendation_status"><br /></div>
+</div>
+<?php
+    }
+
+    public static function is_valid_url($URL)
+    {
+        return preg_match('|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $URL);
+    }
+}

classes/mysql.class.php

@@ -0,0 +1,656 @@
+<?php
+#declare(strict_types = 1);
+
+//-----------------------------------------------------------------------------------
+/////////////////////////////////////////////////////////////////////////////////////
+/*//-- MySQL wrapper class ----------------------------------------------------------
+
+This class provides an interface to mysqli. You should always use this class instead
+of the mysql/mysqli functions, because this class provides debugging features and a
+bunch of other cool stuff.
+
+Everything returned by this class is automatically escaped for output. This can be
+turned off by setting $Escape to false in next_record or to_array.
+
+//--------- Basic usage -------------------------------------------------------------
+
+* Creating the object.
+
+require(SERVER_ROOT.'/classes/mysql.class.php');
+$DB = NEW DB_MYSQL;
+-----
+
+* Making a query
+
+$DB->query("
+  SELECT *
+  FROM table...");
+
+  Is functionally equivalent to using mysqli_query("SELECT * FROM table...")
+  Stores the result set in $this->QueryID
+  Returns the result set, so you can save it for later (see set_query_id())
+-----
+
+* Getting data from a query
+
+$array = $DB->next_record();
+  Is functionally equivalent to using mysqli_fetch_array($ResultSet)
+  You do not need to specify a result set - it uses $this-QueryID
+-----
+
+* Escaping a string
+
+db_string($str);
+  Is a wrapper for mysqli_real_escape_string().
+  USE THIS FUNCTION EVERY TIME YOU QUERY USER-SUPPLIED INPUT!
+
+//--------- Advanced usage ---------------------------------------------------------
+
+* The conventional way of retrieving a row from a result set is as follows:
+
+list($All, $Columns, $That, $You, $Select) = $DB->next_record();
+-----
+
+* This is how you loop over the result set:
+
+while (list($All, $Columns, $That, $You, $Select) = $DB->next_record()) {
+  echo "Do stuff with $All of the ".$Columns.$That.$You.$Select;
+}
+-----
+
+* There are also a couple more mysqli functions that have been wrapped. They are:
+
+record_count()
+  Wrapper to mysqli_num_rows()
+
+affected_rows()
+  Wrapper to mysqli_affected_rows()
+
+inserted_id()
+  Wrapper to mysqli_insert_id()
+
+close
+  Wrapper to mysqli_close()
+-----
+
+* And, of course, a few handy custom functions.
+
+to_array($Key = false)
+  Transforms an entire result set into an array (useful in situations where you
+  can't order the rows properly in the query).
+
+  If $Key is set, the function uses $Key as the index (good for looking up a
+  field). Otherwise, it uses an iterator.
+
+  For an example of this function in action, check out forum.php.
+
+collect($Key)
+  Loops over the result set, creating an array from one of the fields ($Key).
+  For an example, see forum.php.
+
+set_query_id($ResultSet)
+  This class can only hold one result set at a time. Using set_query_id allows
+  you to set the result set that the class is using to the result set in
+  $ResultSet. This result set should have been obtained earlier by using
+  $DB->query().
+
+  Example:
+
+  $FoodRS = $DB->query("
+      SELECT *
+      FROM food");
+  $DB->query("
+    SELECT *
+    FROM drink");
+  $Drinks = $DB->next_record();
+  $DB->set_query_id($FoodRS);
+  $Food = $DB->next_record();
+
+  Of course, this example is contrived, but you get the point.
+
+-------------------------------------------------------------------------------------
+*///---------------------------------------------------------------------------------
+
+if (!extension_loaded('mysqli')) {
+    error('Mysqli Extension not loaded.');
+}
+
+/**
+ * db_string
+ * Handles escaping
+ */
+function db_string($String, $DisableWildcards = false)
+{
+    global $DB;
+    $DB->connect(0);
+
+    # Connect and mysqli_real_escape_string()
+    # Previously called $DB->escape_str, now below
+    # todo: Fix the bad escapes everywhere; see below
+    #if (!is_string($String)) { # This is the correct way,
+    if (is_array($String)) { # but this prevents errors
+        error('Attempted to escape non-string.', $NoHTML = true);
+        $String = '';
+    } else {
+        $String = mysqli_real_escape_string($DB->LinkID, $String);
+    }
+
+    // Remove user input wildcards
+    if ($DisableWildcards) {
+        $String = str_replace(array('%','_'), array('\%','\_'), $String);
+    }
+
+    return $String;
+}
+
+/**
+ * db_array
+ */
+function db_array($Array, $DontEscape = [], $Quote = false)
+{
+    foreach ($Array as $Key => $Val) {
+        if (!in_array($Key, $DontEscape)) {
+            if ($Quote) {
+                $Array[$Key] = '\''.db_string(trim($Val)).'\'';
+            } else {
+                $Array[$Key] = db_string(trim($Val));
+            }
+        }
+    }
+    return $Array;
+}
+
+// todo: Revisit access levels once Drone is replaced by ZeRobot
+class DB_MYSQL
+{
+    public $LinkID = false;
+    protected $QueryID = false;
+    protected $StatementID = false;
+    protected $PreparedQuery = false;
+    protected $Record = [];
+    protected $Row;
+    protected $Errno = 0;
+    protected $Error = '';
+
+    public $Queries = [];
+    public $Time = 0.0;
+
+    protected $Database = '';
+    protected $Server = '';
+    protected $User = '';
+    protected $Pass = '';
+    protected $Port = 0;
+    protected $Socket = '';
+
+    /**
+     * __construct
+     */
+    public function __construct($Database = null, $User = null, $Pass = null, $Server = null, $Port = null, $Socket = null)
+    {
+        $ENV = ENV::go();
+        $this->Database = $ENV->getPriv('SQLDB');
+        $this->User = $ENV->getPriv('SQLLOGIN');
+        $this->Pass = $ENV->getPriv('SQLPASS');
+        $this->Server = $ENV->getPriv('SQLHOST');
+        $this->Port = $ENV->getPriv('SQLPORT');
+        $this->Socket = $ENV->getPriv('SQLSOCK');
+    }
+
+    /**
+     * halt
+     */
+    public function halt($Msg)
+    {
+        global $Debug, $argv;
+        $DBError = 'MySQL: '.strval($Msg).' SQL error: '.strval($this->Errno).' ('.strval($this->Error).')';
+
+        if ($this->Errno === 1194) {
+            send_irc(ADMIN_CHAN, $this->Error);
+        }
+
+        $Debug->analysis('!dev DB Error', $DBError, 3600 * 24);
+        if (DEBUG_MODE || check_perms('site_debug') || isset($argv[1])) {
+            echo '<pre>'.display_str($DBError).'</pre>';
+            if (DEBUG_MODE || check_perms('site_debug')) {
+                print_r($this->Queries);
+            }
+            error(400, $NoHTML = true);
+        } else {
+            error(-1, $NoHTML = true);
+        }
+    }
+
+    /**
+     * connect
+     */
+    public function connect()
+    {
+        if (!$this->LinkID) {
+            $this->LinkID = mysqli_connect($this->Server, $this->User, $this->Pass, $this->Database, $this->Port, $this->Socket); // defined in config.php
+            if (!$this->LinkID) {
+                $this->Errno = mysqli_connect_errno();
+                $this->Error = mysqli_connect_error();
+                $this->halt('Connection failed (host:'.$this->Server.':'.$this->Port.')');
+            }
+        }
+        mysqli_set_charset($this->LinkID, "utf8mb4");
+    }
+     
+    /**
+     * prepare_query
+     */
+    public function prepare_query($Query, &...$BindVars)
+    {
+        $this->connect();
+
+        $this->StatementID = mysqli_prepare($this->LinkID, $Query);
+        if (!empty($BindVars)) {
+            $Types = '';
+            $TypeMap = ['string'=>'s', 'double'=>'d', 'integer'=>'i', 'boolean'=>'i'];
+
+            foreach ($BindVars as $BindVar) {
+                $Types .= $TypeMap[gettype($BindVar)] ?? 'b';
+            }
+            mysqli_stmt_bind_param($this->StatementID, $Types, ...$BindVars);
+        }
+
+        $this->PreparedQuery = $Query;
+        return $this->StatementID;
+    }
+
+    /**
+     * exec_prepared_query
+     */
+    public function exec_prepared_query()
+    {
+        $QueryStartTime = microtime(true);
+        mysqli_stmt_execute($this->StatementID);
+        $this->QueryID = mysqli_stmt_get_result($this->StatementID);
+        $QueryRunTime = (microtime(true) - $QueryStartTime) * 1000;
+        $this->Queries[] = [$this->PreppedQuery, $QueryRunTime, null];
+        $this->Time += $QueryRunTime;
+    }
+
+    /**
+     * Runs a raw query assuming pre-sanitized input. However, attempting to self sanitize (such
+     * as via db_string) is still not as safe for using prepared statements so for queries
+     * involving user input, you really should not use this function (instead opting for
+     * prepared_query) {@See DB_MYSQL::prepared_query}
+     *
+     * When running a batch of queries using the same statement
+     * with a variety of inputs, it's more performant to reuse the statement
+     * with {@see DB_MYSQL::prepare} and {@see DB_MYSQL::execute}
+     *
+     * @return mysqli_result|bool Returns a mysqli_result object
+     *                            for successful SELECT queries,
+     *                            or TRUE for other successful DML queries
+     *                            or FALSE on failure.
+     *
+     * @param $Query
+     * @param int $AutoHandle
+     * @return mysqli_result|bool
+     */
+    public function query($Query, &...$BindVars)
+    {
+        /**
+         * If there was a previous query, we store the warnings. We cannot do
+         * this immediately after mysqli_query because mysqli_insert_id will
+         * break otherwise due to mysqli_get_warnings sending a SHOW WARNINGS;
+         * query. When sending a query, however, we're sure that we won't call
+         * mysqli_insert_id (or any similar function, for that matter) later on,
+         * so we can safely get the warnings without breaking things.
+         * Note that this means that we have to call $this->warnings manually
+         * for the last query!
+         */
+        global $Debug;
+        if ($this->QueryID) {
+            $this->warnings();
+        }
+
+        $QueryStartTime = microtime(true);
+        $this->connect();
+
+        // In the event of a MySQL deadlock, we sleep allowing MySQL time to unlock, then attempt again for a maximum of 5 tries
+        for ($i = 1; $i < 6; $i++) {
+            $this->StatementID = mysqli_prepare($this->LinkID, $Query);
+            if (!empty($BindVars)) {
+                $Types = '';
+                $TypeMap = ['string'=>'s', 'double'=>'d', 'integer'=>'i', 'boolean'=>'i'];
+
+                foreach ($BindVars as $BindVar) {
+                    $Types .= $TypeMap[gettype($BindVar)] ?? 'b';
+                }
+                mysqli_stmt_bind_param($this->StatementID, $Types, ...$BindVars);
+            }
+
+            mysqli_stmt_execute($this->StatementID);
+            $this->QueryID = mysqli_stmt_get_result($this->StatementID);
+
+            if (DEBUG_MODE) {
+                // In DEBUG_MODE, return the full trace on a SQL error (super useful
+                // For debugging). do not attempt to retry to query
+                if (!$this->QueryID) {
+                    echo '<pre>' . mysqli_error($this->LinkID) . '<br><br>';
+                    debug_print_backtrace();
+                    echo '</pre>';
+                    error();
+                }
+            }
+
+            if (!in_array(mysqli_errno($this->LinkID), array(1213, 1205))) {
+                break;
+            }
+
+            $Debug->analysis('Non-Fatal Deadlock:', $Query, 3600 * 24);
+            trigger_error("Database deadlock, attempt $i");
+            sleep($i * rand(2, 5)); // Wait longer as attempts increase
+        }
+
+        $QueryEndTime = microtime(true);
+        $this->Queries[] = array($Query, ($QueryEndTime - $QueryStartTime) * 1000, null);
+        $this->Time += ($QueryEndTime - $QueryStartTime) * 1000;
+
+        if (!$this->QueryID && !$this->StatementID) {
+            $this->Errno = mysqli_errno($this->LinkID);
+            $this->Error = mysqli_error($this->LinkID);
+            $this->halt("Invalid Query: $Query");
+        }
+
+        $this->Row = 0;
+        return $this->QueryID;
+    }
+
+    /**
+     * inserted_id
+     */
+    public function inserted_id()
+    {
+        if ($this->LinkID) {
+            return mysqli_insert_id($this->LinkID);
+        }
+    }
+
+    /**
+     * next_record
+     */
+    public function next_record($Type = MYSQLI_BOTH, $Escape = true)
+    { // $Escape can be true, false, or an array of keys to not escape
+        if ($this->LinkID) {
+            $this->Record = mysqli_fetch_array($this->QueryID, $Type);
+            $this->Row++;
+
+            if (!is_array($this->Record)) {
+                $this->QueryID = false;
+            } elseif ($Escape !== false) {
+                $this->Record = Misc::display_array($this->Record, $Escape);
+            }
+            return $this->Record;
+        }
+    }
+
+    /**
+     * close
+     */
+    public function close()
+    {
+        if ($this->LinkID) {
+            if (!mysqli_close($this->LinkID)) {
+                $this->halt('Cannot close connection or connection did not open.');
+            }
+            $this->LinkID = false;
+        }
+    }
+
+    /*
+     * Returns an integer with the number of rows found
+     * Returns a string if the number of rows found exceeds MAXINT
+     */
+    public function record_count()
+    {
+        if ($this->QueryID) {
+            return mysqli_num_rows($this->QueryID);
+        }
+    }
+
+    /*
+     * Returns true if the query exists and there were records found
+     * Returns false if the query does not exist or if there were 0 records returned
+     */
+    public function has_results()
+    {
+        return ($this->QueryID && $this->record_count() !== 0);
+    }
+
+    /**
+     * affected_rows
+     */
+    public function affected_rows()
+    {
+        if ($this->LinkID) {
+            return mysqli_affected_rows($this->LinkID);
+        }
+    }
+
+    /**
+     * info
+     */
+    public function info()
+    {
+        return mysqli_get_host_info($this->LinkID);
+    }
+
+    // Creates an array from a result set
+    // If $Key is set, use the $Key column in the result set as the array key
+    // Otherwise, use an integer
+    public function to_array($Key = false, $Type = MYSQLI_BOTH, $Escape = true)
+    {
+        $Return = [];
+        while ($Row = mysqli_fetch_array($this->QueryID, $Type)) {
+            if ($Escape !== false) {
+                $Row = Misc::display_array($Row, $Escape);
+            }
+
+            if ($Key !== false) {
+                $Return[$Row[$Key]] = $Row;
+            } else {
+                $Return[] = $Row;
+            }
+        }
+
+        mysqli_data_seek($this->QueryID, 0);
+        return $Return;
+    }
+
+    //  Loops through the result set, collecting the $ValField column into an array with $KeyField as keys
+    public function to_pair($KeyField, $ValField, $Escape = true)
+    {
+        $Return = [];
+        while ($Row = mysqli_fetch_array($this->QueryID)) {
+            if ($Escape) {
+                $Key = display_str($Row[$KeyField]);
+                $Val = display_str($Row[$ValField]);
+            } else {
+                $Key = $Row[$KeyField];
+                $Val = $Row[$ValField];
+            }
+            $Return[$Key] = $Val;
+        }
+
+        mysqli_data_seek($this->QueryID, 0);
+        return $Return;
+    }
+
+    //  Loops through the result set, collecting the $Key column into an array
+    public function collect($Key, $Escape = true)
+    {
+        $Return = [];
+        while ($Row = mysqli_fetch_array($this->QueryID)) {
+            $Return[] = $Escape ? display_str($Row[$Key]) : $Row[$Key];
+        }
+        
+        mysqli_data_seek($this->QueryID, 0);
+        return $Return;
+    }
+
+
+    /**
+     * Useful extras from OPS
+     */
+
+    /**
+     * Runs a prepared_query using placeholders and returns the matched row.
+     * Stashes the current query id so that this can be used within a block
+     * that is looping over an active resultset.
+     *
+     * @param string  $sql The parameterized query to run
+     * @param mixed   $args  The values of the placeholders
+     * @return array  resultset or null
+     */
+    public function row($Query, &...$BindVars)
+    {
+        $qid = $this->get_query_id();
+        $this->query($Query, ...$BindVars);
+        $result = $this->next_record(MYSQLI_NUM, false);
+        $this->set_query_id($qid);
+        return $result;
+    }
+
+    /**
+     * Runs a prepared_query using placeholders and returns the first element
+     * of the first row.
+     * Stashes the current query id so that this can be used within a block
+     * that is looping over an active resultset.
+     *
+     * @param string  $sql The parameterized query to run
+     * @param mixed   $args  The values of the placeholders
+     * @return mixed  value or null
+     */
+    public function scalar($Query, &...$BindVars)
+    {
+        $qid = $this->get_query_id();
+        $this->query($Query, ...$BindVars);
+        $result = $this->has_results() ? $this->next_record(MYSQLI_NUM, false) : [null];
+        $this->set_query_id($qid);
+        return $result[0];
+    }
+    # End OPS additions
+
+
+    /**
+     * set_query_id
+     */
+    public function set_query_id(&$ResultSet)
+    {
+        $this->QueryID = $ResultSet;
+        $this->Row = 0;
+    }
+
+    /**
+     * get_query_id
+     */
+    public function get_query_id()
+    {
+        return $this->QueryID;
+    }
+
+    /**
+     * beginning
+     */
+    public function beginning()
+    {
+        mysqli_data_seek($this->QueryID, 0);
+        $this->Row = 0;
+    }
+
+    /**
+     * This function determines whether the last query caused warning messages
+     * and stores them in $this->Queries
+     */
+    public function warnings()
+    {
+        $Warnings = [];
+        if (!is_bool($this->LinkID) && mysqli_warning_count($this->LinkID)) {
+            $e = mysqli_get_warnings($this->LinkID);
+            do {
+                if ($e->errno === 1592) {
+                    // 1592: Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT
+                    continue;
+                }
+                $Warnings[] = 'Code ' . $e->errno . ': ' . display_str($e->message);
+            } while ($e->next());
+        }
+        $this->Queries[count($this->Queries) - 1][2] = $Warnings;
+    }
+
+
+    /**
+     * todo: Work this into Bio Gazelle
+     * @see https://github.com/OPSnet/Gazelle/blob/master/app/DB.php
+     */
+
+    /**
+     * Soft delete a row from a table <t> by inserting it into deleted_<t> and then delete from <t>
+     * @param string $schema the schema name
+     * @param string $table the table name
+     * @param array $condition Must be an array of arrays, e.g. [[column_name, column_value]] or [[col1, val1], [col2, val2]]
+     *                         Will be used to identify the row (or rows) to delete
+     * @param boolean $delete whether to delete the matched rows
+     * @return array 2 elements, true/false and message if false
+     * /
+    public function softDelete($schema, $table, array $condition, $delete = true)
+    {
+        $sql = 'SELECT column_name, column_type FROM information_schema.columns WHERE table_schema = ? AND table_name = ? ORDER BY 1';
+        $this->db->prepared_query($sql, $schema, $table);
+        $t1 = $this->db->to_array();
+        $n1 = count($t1);
+
+        $softDeleteTable = 'deleted_' . $table;
+        $this->db->prepared_query($sql, $schema, $softDeleteTable);
+        $t2 = $this->db->to_array();
+        $n2 = count($t2);
+
+        if (!$n1) {
+            return [false, "No such table $table"];
+        } elseif (!$n2) {
+            return [false, "No such table $softDeleteTable"];
+        } elseif ($n1 != $n2) {
+            // tables do not have the same number of columns
+            return [false, "$table and $softDeleteTable column count mismatch ($n1 != $n2)"];
+        }
+
+        $column = [];
+        for ($i = 0; $i < $n1; ++$i) {
+            // a column does not have the same name or datatype
+            if (strtolower($t1[$i][0]) != strtolower($t2[$i][0]) || $t1[$i][1] != $t2[$i][1]) {
+                return [false, "{$table}: column {$t1[$i][0]} name or datatype mismatch {$t1[$i][0]}:{$t2[$i][0]} {$t1[$i][1]}:{$t2[$i][1]}"];
+            }
+            $column[] = $t1[$i][0];
+        }
+        $columnList = implode(', ', $column);
+        $conditionList = implode(' AND ', array_map(function ($c) {
+            return "{$c[0]} = ?";
+        }, $condition));
+        $argList = array_map(function ($c) {
+            return $c[1];
+        }, $condition);
+
+        $sql = "INSERT INTO $softDeleteTable
+                  ($columnList)
+            SELECT $columnList
+            FROM $table
+            WHERE $conditionList";
+        $this->db->prepared_query($sql, ...$argList);
+        if ($this->db->affected_rows() == 0) {
+            return [false, "condition selected 0 rows"];
+        }
+
+        if (!$delete) {
+            return [true, "rows affected: " . $this->db->affected_rows()];
+        }
+
+        $sql = "DELETE FROM $table WHERE $conditionList";
+        $this->db->prepared_query($sql, ...$argList);
+        return [true, "rows deleted: " . $this->db->affected_rows()];
+    }
+    */
+}

classes/notificationsmanager.class.php

@@ -0,0 +1,729 @@
+<?php
+declare(strict_types = 1);
+
+class NotificationsManager
+{
+    // Option types
+    const OPT_DISABLED = 0;
+    const OPT_POPUP = 1;
+    const OPT_TRADITIONAL = 2;
+
+    // Importances
+    const IMPORTANT = 'information';
+    const CRITICAL = 'error';
+    const WARNING = 'warning';
+    const INFO = 'confirmation';
+
+    public static $Importances = array(
+        'important' => self::IMPORTANT,
+        'critical' => self::CRITICAL,
+        'warning' => self::WARNING,
+        'info' => self::INFO
+    );
+
+    // Types. These names must correspond to column names in users_notifications_settings
+    const NEWS = 'News';
+    const BLOG = 'Blog';
+    const STAFFBLOG = 'StaffBlog';
+    const STAFFPM = 'StaffPM';
+    const INBOX = 'Inbox';
+    const QUOTES = 'Quotes';
+    const SUBSCRIPTIONS = 'Subscriptions';
+    const TORRENTS = 'Torrents';
+    const COLLAGES = 'Collages';
+    const SITEALERTS = 'SiteAlerts';
+    const FORUMALERTS = 'ForumAlerts';
+    const REQUESTALERTS = 'RequestAlerts';
+    const COLLAGEALERTS = 'CollageAlerts';
+    const TORRENTALERTS = 'TorrentAlerts';
+    const GLOBALNOTICE = 'Global';
+
+    public static $Types = array(
+        'News',
+        'Blog',
+        'StaffPM',
+        'Inbox',
+        'Quotes',
+        'Subscriptions',
+        'Torrents',
+        'Collages',
+        'SiteAlerts',
+        'ForumAlerts',
+        'RequestAlerts',
+        'CollageAlerts',
+        'TorrentAlerts'
+    );
+
+    private $UserID;
+    private $Notifications;
+    private $Settings;
+    private $Skipped;
+
+    public function __construct($UserID, $Skip = [], $Load = true, $AutoSkip = true)
+    {
+        $this->UserID = $UserID;
+        $this->Notifications = [];
+        $this->Settings = self::get_settings($UserID);
+        $this->Skipped = $Skip;
+
+        if ($AutoSkip) {
+            foreach ($this->Settings as $Key => $Value) {
+                // Skip disabled and traditional settings
+                if ($Value === self::OPT_DISABLED || $this->is_traditional($Key)) {
+                    $this->Skipped[$Key] = true;
+                }
+            }
+        }
+
+        if ($Load) {
+            $this->load_global_notification();
+            if (!isset($this->Skipped[self::NEWS])) {
+                $this->load_news();
+            }
+
+            if (!isset($this->Skipped[self::BLOG])) {
+                $this->load_blog();
+            }
+
+            // if (!isset($this->Skipped[self::STAFFBLOG])) {
+            //   $this->load_staff_blog();
+            // }
+
+            if (!isset($this->Skipped[self::STAFFPM])) {
+                $this->load_staff_pms();
+            }
+
+            if (!isset($this->Skipped[self::INBOX])) {
+                $this->load_inbox();
+            }
+
+            if (!isset($this->Skipped[self::TORRENTS])) {
+                $this->load_torrent_notifications();
+            }
+
+            if (!isset($this->Skipped[self::COLLAGES])) {
+                $this->load_collage_subscriptions();
+            }
+
+            if (!isset($this->Skipped[self::QUOTES])) {
+                $this->load_quote_notifications();
+            }
+            
+            if (!isset($this->Skipped[self::SUBSCRIPTIONS])) {
+                $this->load_subscriptions();
+            }
+            
+            // $this->load_one_reads(); // The code that sets these notices is commented out.
+        }
+    }
+
+    public function get_notifications()
+    {
+        return $this->Notifications;
+    }
+
+    public function clear_notifications_array()
+    {
+        unset($this->Notifications);
+        $this->Notifications = [];
+    }
+
+    private function create_notification($Type, $ID, $Message, $URL, $Importance)
+    {
+        $this->Notifications[$Type] = array(
+            'id' => (int) $ID,
+            'message' => $Message,
+            'url' => $URL,
+            'importance' => $Importance
+        );
+    }
+
+    public static function notify_user($UserID, $Type, $Message, $URL, $Importance)
+    {
+        self::notify_users(array($UserID), $Type, $Message, $URL, $Importance);
+    }
+
+    public static function notify_users($UserIDs, $Type, $Message, $URL, $Importance)
+    {
+        /*
+        if (!isset($Importance)) {
+          $Importance = self::INFO;
+        }
+        $Type = db_string($Type);
+        if (!empty($UserIDs)) {
+          $UserIDs = implode(',', $UserIDs);
+          $QueryID = G::$DB->get_query_id();
+          G::$DB->query("
+            SELECT UserID
+            FROM users_notifications_settings
+            WHERE $Type != 0
+              AND UserID IN ($UserIDs)");
+          $UserIDs = [];
+          while (list($ID) = G::$DB->next_record()) {
+            $UserIDs[] = $ID;
+          }
+          G::$DB->set_query_id($QueryID);
+          foreach ($UserIDs as $UserID) {
+            $OneReads = G::$Cache->get_value("notifications_one_reads_$UserID");
+            if (!$OneReads) {
+              $OneReads = [];
+            }
+            array_unshift($OneReads, $this->create_notification($OneReads, "oneread_" . uniqid(), null, $Message, $URL, $Importance));
+            $OneReads = array_filter($OneReads);
+            G::$Cache->cache_value("notifications_one_reads_$UserID", $OneReads, 0);
+          }
+        }
+        */
+    }
+
+    public static function get_notification_enabled_users($Type, $UserID)
+    {
+        $Type = db_string($Type);
+        $UserWhere = '';
+        if (isset($UserID)) {
+            $UserID = (int)$UserID;
+            $UserWhere = " AND UserID = '$UserID'";
+        }
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT UserID
+        FROM users_notifications_settings
+          WHERE $Type != 0
+        $UserWhere");
+        $IDs = [];
+        while (list($ID) = G::$DB->next_record()) {
+            $IDs[] = $ID;
+        }
+        G::$DB->set_query_id($QueryID);
+        return $IDs;
+    }
+
+    public function load_one_reads()
+    {
+        $OneReads = G::$Cache->get_value('notifications_one_reads_' . G::$LoggedUser['ID']);
+        if (is_array($OneReads)) {
+            $this->Notifications = $this->Notifications + $OneReads;
+        }
+    }
+
+    public static function clear_one_read($ID)
+    {
+        $OneReads = G::$Cache->get_value('notifications_one_reads_' . G::$LoggedUser['ID']);
+        if ($OneReads) {
+            unset($OneReads[$ID]);
+            if (count($OneReads) > 0) {
+                G::$Cache->cache_value('notifications_one_reads_' . G::$LoggedUser['ID'], $OneReads, 0);
+            } else {
+                G::$Cache->delete_value('notifications_one_reads_' . G::$LoggedUser['ID']);
+            }
+        }
+    }
+
+    public function load_global_notification()
+    {
+        $GlobalNotification = G::$Cache->get_value('global_notification');
+        if ($GlobalNotification) {
+            $Read = G::$Cache->get_value('user_read_global_' . G::$LoggedUser['ID']);
+            if (!$Read) {
+                $this->create_notification(self::GLOBALNOTICE, 0, $GlobalNotification['Message'], $GlobalNotification['URL'], $GlobalNotification['Importance']);
+            }
+        }
+    }
+
+    public static function get_global_notification()
+    {
+        return G::$Cache->get_value('global_notification');
+    }
+
+    public static function set_global_notification($Message, $URL, $Importance, $Expiration)
+    {
+        if (empty($Message) || empty($Expiration)) {
+            error('Error setting notification');
+        }
+        G::$Cache->cache_value('global_notification', array("Message" => $Message, "URL" => $URL, "Importance" => $Importance, "Expiration" => $Expiration), $Expiration);
+    }
+
+    public static function delete_global_notification()
+    {
+        G::$Cache->delete_value('global_notification');
+    }
+
+    public static function clear_global_notification()
+    {
+        $GlobalNotification = G::$Cache->get_value('global_notification');
+        if ($GlobalNotification) {
+            // This is some trickery
+            // since we can't know which users have the read cache key set
+            // we set the expiration time of their cache key to that of the length of the notification
+            // this gaurantees that their cache key will expire after the notification expires
+            G::$Cache->cache_value('user_read_global_' . G::$LoggedUser['ID'], true, $GlobalNotification['Expiration']);
+        }
+    }
+
+    public function load_news()
+    {
+        $MyNews = G::$LoggedUser['LastReadNews'];
+        $CurrentNews = G::$Cache->get_value('news_latest_id');
+        $Title = G::$Cache->get_value('news_latest_title');
+        if ($CurrentNews === false || $Title === false) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query('
+            SELECT ID, Title
+            FROM news
+              ORDER BY Time DESC
+              LIMIT 1');
+            if (G::$DB->has_results()) {
+                list($CurrentNews, $Title) = G::$DB->next_record();
+            } else {
+                $CurrentNews = -1;
+            }
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value('news_latest_id', $CurrentNews, 0);
+            G::$Cache->cache_value('news_latest_title', $Title, 0);
+        }
+        if ($MyNews < $CurrentNews) {
+            $this->create_notification(self::NEWS, $CurrentNews, "Announcement: $Title", "index.php#news$CurrentNews", self::IMPORTANT);
+        }
+    }
+
+    public function load_blog()
+    {
+        $MyBlog = G::$LoggedUser['LastReadBlog'];
+        $CurrentBlog = G::$Cache->get_value('blog_latest_id');
+        $Title = G::$Cache->get_value('blog_latest_title');
+        if ($CurrentBlog === false) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query('
+            SELECT ID, Title
+            FROM blog
+              WHERE Important = 1
+              ORDER BY Time DESC
+              LIMIT 1');
+            if (G::$DB->has_results()) {
+                list($CurrentBlog, $Title) = G::$DB->next_record();
+            } else {
+                $CurrentBlog = -1;
+            }
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value('blog_latest_id', $CurrentBlog, 0);
+            G::$Cache->cache_value('blog_latest_title', $Title, 0);
+        }
+        if ($MyBlog < $CurrentBlog) {
+            $this->create_notification(self::BLOG, $CurrentBlog, "Blog: $Title", "blog.php#blog$CurrentBlog", self::IMPORTANT);
+        }
+    }
+
+    public function load_staff_blog()
+    {
+        if (check_perms('users_mod')) {
+            global $SBlogReadTime, $LatestSBlogTime;
+            if (!$SBlogReadTime && ($SBlogReadTime = G::$Cache->get_value('staff_blog_read_' . G::$LoggedUser['ID'])) === false) {
+                $QueryID = G::$DB->get_query_id();
+                G::$DB->query("
+                SELECT Time
+                FROM staff_blog_visits
+                  WHERE UserID = " . G::$LoggedUser['ID']);
+                if (list($SBlogReadTime) = G::$DB->next_record()) {
+                    $SBlogReadTime = strtotime($SBlogReadTime);
+                } else {
+                    $SBlogReadTime = 0;
+                }
+                G::$DB->set_query_id($QueryID);
+                G::$Cache->cache_value('staff_blog_read_' . G::$LoggedUser['ID'], $SBlogReadTime, 1209600);
+            }
+            if (!$LatestSBlogTime && ($LatestSBlogTime = G::$Cache->get_value('staff_blog_latest_time')) === false) {
+                $QueryID = G::$DB->get_query_id();
+                G::$DB->query('
+                SELECT MAX(Time)
+                FROM staff_blog');
+                if (list($LatestSBlogTime) = G::$DB->next_record()) {
+                    $LatestSBlogTime = strtotime($LatestSBlogTime);
+                } else {
+                    $LatestSBlogTime = 0;
+                }
+                G::$DB->set_query_id($QueryID);
+                G::$Cache->cache_value('staff_blog_latest_time', $LatestSBlogTime, 1209600);
+            }
+            if ($SBlogReadTime < $LatestSBlogTime) {
+                $this->create_notification(self::STAFFBLOG, 0, 'New Staff Blog Post!', 'staffblog.php', self::IMPORTANT);
+            }
+        }
+    }
+
+    public function load_staff_pms()
+    {
+        $NewStaffPMs = G::$Cache->get_value('staff_pm_new_' . G::$LoggedUser['ID']);
+        if ($NewStaffPMs === false) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT COUNT(ID)
+            FROM staff_pm_conversations
+              WHERE UserID = '" . G::$LoggedUser['ID'] . "'
+              AND Unread = '1'");
+            list($NewStaffPMs) = G::$DB->next_record();
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value('staff_pm_new_' . G::$LoggedUser['ID'], $NewStaffPMs, 0);
+        }
+
+        if ($NewStaffPMs > 0) {
+            $Title = 'You have ' . ($NewStaffPMs === 1 ? 'a' : $NewStaffPMs) . ' new Staff PM' . ($NewStaffPMs > 1 ? 's' : '');
+            $this->create_notification(self::STAFFPM, 0, $Title, 'staffpm.php', self::INFO);
+        }
+    }
+
+    public function load_inbox()
+    {
+        $NewMessages = G::$Cache->get_value('inbox_new_' . G::$LoggedUser['ID']);
+        if ($NewMessages === false) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT COUNT(UnRead)
+            FROM pm_conversations_users
+              WHERE UserID = '" . G::$LoggedUser['ID'] . "'
+              AND UnRead = '1'
+              AND InInbox = '1'");
+            list($NewMessages) = G::$DB->next_record();
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value('inbox_new_' . G::$LoggedUser['ID'], $NewMessages, 0);
+        }
+
+        if ($NewMessages > 0) {
+            $Title = 'You have ' . ($NewMessages === 1 ? 'a' : $NewMessages) . ' new message' . ($NewMessages > 1 ? 's' : '');
+            $this->create_notification(self::INBOX, 0, $Title, Inbox::get_inbox_link(), self::INFO);
+        }
+    }
+
+    public function load_torrent_notifications()
+    {
+        if (check_perms('site_torrents_notify')) {
+            $NewNotifications = G::$Cache->get_value('notifications_new_' . G::$LoggedUser['ID']);
+            if ($NewNotifications === false) {
+                $QueryID = G::$DB->get_query_id();
+                G::$DB->query("
+                SELECT COUNT(UserID)
+                FROM users_notify_torrents
+                  WHERE UserID = ' " . G::$LoggedUser['ID'] . "'
+                  AND UnRead = '1'");
+                list($NewNotifications) = G::$DB->next_record();
+                G::$DB->set_query_id($QueryID);
+                G::$Cache->cache_value('notifications_new_' . G::$LoggedUser['ID'], $NewNotifications, 0);
+            }
+        }
+        if (isset($NewNotifications) && $NewNotifications > 0) {
+            $Title = 'You have ' . ($NewNotifications === 1 ? 'a' : $NewNotifications) . ' new torrent notification' . ($NewNotifications > 1 ? 's' : '');
+            $this->create_notification(self::TORRENTS, 0, $Title, 'torrents.php?action=notify', self::INFO);
+        }
+    }
+
+    public function load_collage_subscriptions()
+    {
+        if (check_perms('site_collages_subscribe')) {
+            $NewCollages = G::$Cache->get_value('collage_subs_user_new_' . G::$LoggedUser['ID']);
+            if ($NewCollages === false) {
+                $QueryID = G::$DB->get_query_id();
+                G::$DB->query("
+                SELECT COUNT(DISTINCT s.CollageID)
+                FROM users_collage_subs AS s
+                  JOIN collages AS c ON s.CollageID = c.ID
+                  JOIN collages_torrents AS ct ON ct.CollageID = c.ID
+                WHERE s.UserID = " . G::$LoggedUser['ID'] . "
+                  AND ct.AddedOn > s.LastVisit
+                  AND c.Deleted = '0'");
+                list($NewCollages) = G::$DB->next_record();
+                G::$DB->set_query_id($QueryID);
+                G::$Cache->cache_value('collage_subs_user_new_' . G::$LoggedUser['ID'], $NewCollages, 0);
+            }
+            if ($NewCollages > 0) {
+                $Title = 'You have ' . ($NewCollages === 1 ? 'a' : $NewCollages) . ' new collage update' . ($NewCollages > 1 ? 's' : '');
+                $this->create_notification(self::COLLAGES, 0, $Title, 'userhistory.php?action=subscribed_collages', self::INFO);
+            }
+        }
+    }
+
+    public function load_quote_notifications()
+    {
+        if (isset(G::$LoggedUser['NotifyOnQuote']) && G::$LoggedUser['NotifyOnQuote']) {
+            $QuoteNotificationsCount = Subscriptions::has_new_quote_notifications();
+            if ($QuoteNotificationsCount > 0) {
+                $Title = 'New quote' . ($QuoteNotificationsCount > 1 ? 's' : '');
+                $this->create_notification(self::QUOTES, 0, $Title, 'userhistory.php?action=quote_notifications', self::INFO);
+            }
+        }
+    }
+
+    public function load_subscriptions()
+    {
+        $SubscriptionsCount = Subscriptions::has_new_subscriptions();
+        if ($SubscriptionsCount > 0) {
+            $Title = 'New subscription' . ($SubscriptionsCount > 1 ? 's' : '');
+            $this->create_notification(self::SUBSCRIPTIONS, 0, $Title, 'userhistory.php?action=subscriptions', self::INFO);
+        }
+    }
+
+    public static function clear_news($News)
+    {
+        $QueryID = G::$DB->get_query_id();
+        if (!$News) {
+            if (!$News = G::$Cache->get_value('news')) {
+                G::$DB->query('
+                SELECT
+                  ID,
+                  Title,
+                  Body,
+                  Time
+                FROM news
+                  ORDER BY Time DESC
+                  LIMIT 1');
+                $News = G::$DB->to_array(false, MYSQLI_NUM, false);
+                G::$Cache->cache_value('news_latest_id', $News[0][0], 0);
+            }
+        }
+
+        if (G::$LoggedUser['LastReadNews'] !== $News[0][0]) {
+            G::$Cache->begin_transaction('user_info_heavy_' . G::$LoggedUser['ID']);
+            G::$Cache->update_row(false, array('LastReadNews' => $News[0][0]));
+            G::$Cache->commit_transaction(0);
+            G::$DB->query("
+            UPDATE users_info
+            SET LastReadNews = '".$News[0][0]."'
+              WHERE UserID = " . G::$LoggedUser['ID']);
+            G::$LoggedUser['LastReadNews'] = $News[0][0];
+        }
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function clear_blog($Blog)
+    {
+        $QueryID = G::$DB->get_query_id();
+        if (!isset($Blog) || !$Blog) {
+            if (!$Blog = G::$Cache->get_value('blog')) {
+                G::$DB->query("
+                SELECT
+                  b.ID,
+                  um.Username,
+                  b.UserID,
+                  b.Title,
+                  b.Body,
+                  b.Time,
+                  b.ThreadID
+                FROM blog AS b
+                  LEFT JOIN users_main AS um ON b.UserID = um.ID
+                  ORDER BY Time DESC
+                  LIMIT 1");
+                $Blog = G::$DB->to_array();
+            }
+        }
+        if (G::$LoggedUser['LastReadBlog'] < $Blog[0][0]) {
+            G::$Cache->begin_transaction('user_info_heavy_' . G::$LoggedUser['ID']);
+            G::$Cache->update_row(false, array('LastReadBlog' => $Blog[0][0]));
+            G::$Cache->commit_transaction(0);
+            G::$DB->query("
+            UPDATE users_info
+            SET LastReadBlog = '". $Blog[0][0]."'
+              WHERE UserID = " . G::$LoggedUser['ID']);
+            G::$LoggedUser['LastReadBlog'] = $Blog[0][0];
+        }
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function clear_staff_pms()
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT ID
+        FROM staff_pm_conversations
+          WHERE Unread = true
+          AND UserID = " . G::$LoggedUser['ID']);
+        $IDs = [];
+        while (list($ID) = G::$DB->next_record()) {
+            $IDs[] = $ID;
+        }
+        $IDs = implode(',', $IDs);
+        if (!empty($IDs)) {
+            G::$DB->query("
+            UPDATE staff_pm_conversations
+            SET Unread = false
+              WHERE ID IN ($IDs)");
+        }
+        G::$Cache->delete_value('staff_pm_new_' . G::$LoggedUser['ID']);
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function clear_inbox()
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT ConvID
+        FROM pm_conversations_users
+          WHERE Unread = '1'
+          AND UserID = " . G::$LoggedUser['ID']);
+        $IDs = [];
+        while (list($ID) = G::$DB->next_record()) {
+            $IDs[] = $ID;
+        }
+        $IDs = implode(',', $IDs);
+        if (!empty($IDs)) {
+            G::$DB->query("
+            UPDATE pm_conversations_users
+            SET Unread = '0'
+              WHERE ConvID IN ($IDs)
+              AND UserID = " . G::$LoggedUser['ID']);
+        }
+        G::$Cache->delete_value('inbox_new_' . G::$LoggedUser['ID']);
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function clear_torrents()
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT TorrentID
+        FROM users_notify_torrents
+          WHERE UserID = ' " . G::$LoggedUser['ID'] . "'
+          AND UnRead = '1'");
+        $IDs = [];
+        while (list($ID) = G::$DB->next_record()) {
+            $IDs[] = $ID;
+        }
+        $IDs = implode(',', $IDs);
+        if (!empty($IDs)) {
+            G::$DB->query("
+            UPDATE users_notify_torrents
+            SET Unread = '0'
+              WHERE TorrentID IN ($IDs)
+              AND UserID = " . G::$LoggedUser['ID']);
+        }
+        G::$Cache->delete_value('notifications_new_' . G::$LoggedUser['ID']);
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function clear_collages()
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        UPDATE users_collage_subs
+        SET LastVisit = NOW()
+          WHERE UserID = " . G::$LoggedUser['ID']);
+        G::$Cache->delete_value('collage_subs_user_new_' . G::$LoggedUser['ID']);
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function clear_quotes()
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        UPDATE users_notify_quoted
+        SET UnRead = '0'
+          WHERE UserID = " . G::$LoggedUser['ID']);
+        G::$Cache->delete_value('notify_quoted_' . G::$LoggedUser['ID']);
+        G::$DB->set_query_id($QueryID);
+    }
+
+    public static function clear_subscriptions()
+    {
+        $QueryID = G::$DB->get_query_id();
+        if (($UserSubscriptions = G::$Cache->get_value('subscriptions_user_' . G::$LoggedUser['ID'])) === false) {
+            G::$DB->query("
+            SELECT TopicID
+            FROM users_subscriptions
+              WHERE UserID = " . G::$LoggedUser['ID']);
+            if ($UserSubscriptions = G::$DB->collect(0)) {
+                G::$Cache->cache_value('subscriptions_user_' . G::$LoggedUser['ID'], $UserSubscriptions, 0);
+            }
+        }
+        if (!empty($UserSubscriptions)) {
+            G::$DB->query("
+            INSERT INTO forums_last_read_topics (UserID, TopicID, PostID)
+            SELECT '" . G::$LoggedUser['ID'] . "', ID, LastPostID
+            FROM forums_topics
+              WHERE ID IN (".implode(',', $UserSubscriptions).')
+            ON DUPLICATE KEY UPDATE
+              PostID = LastPostID');
+        }
+        G::$Cache->delete_value('subscriptions_user_new_' . G::$LoggedUser['ID']);
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /*
+      // todo: Figure out what these functions are supposed to do and fix them
+
+      public static function send_notification($UserID, $ID, $Type, $Message, $URL, $Importance = 'alert', $AutoExpire = false) {
+        $Notifications = G::$Cache->get_value("user_cache_notifications_$UserID");
+        if (empty($Notifications)) {
+          $Notifications = [];
+        }
+        array_unshift($Notifications, $this->create_notification($Type, $ID, $Message, $URL, $Importance, $AutoExpire));
+        G::$Cache->cache_value("user_cache_notifications_$UserID", $Notifications, 0);
+      }
+
+      public static function clear_notification($UserID, $Index) {
+        $Notifications = G::$Cache->get_value("user_cache_notifications_$UserID");
+        if (count($Notifications)) {
+          unset($Notifications[$Index]);
+          $Notifications = array_values($Notifications);
+          G::$Cache->cache_value("user_cache_notifications_$UserID", $Notifications, 0);
+        }
+      }
+    */
+
+    public static function get_settings($UserID)
+    {
+        $Results = G::$Cache->get_value("users_notifications_settings_$UserID");
+        if (!$Results) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT *
+            FROM users_notifications_settings
+              WHERE UserID = ?", $UserID);
+            $Results = G::$DB->next_record(MYSQLI_ASSOC, false);
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value("users_notifications_settings_$UserID", $Results, 0);
+        }
+        return $Results;
+    }
+
+    public static function save_settings($UserID, $Settings = false)
+    {
+        if (!is_array($Settings)) {
+            // A little cheat technique, gets all keys in the $_POST array starting with 'notifications_'
+            $Settings = array_intersect_key($_POST, array_flip(preg_grep('/^notifications_/', array_keys($_POST))));
+        }
+        $Update = [];
+        foreach (self::$Types as $Type) {
+            $Popup = array_key_exists("notifications_{$Type}_popup", $Settings);
+            $Traditional = array_key_exists("notifications_{$Type}_traditional", $Settings);
+            $Result = self::OPT_DISABLED;
+            if ($Popup) {
+                $Result = self::OPT_POPUP;
+            } elseif ($Traditional) {
+                $Result = self::OPT_TRADITIONAL;
+            }
+            $Update[] = "$Type = $Result";
+        }
+        $Update = implode(',', $Update);
+
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        UPDATE users_notifications_settings
+        SET $Update
+          WHERE UserID = ?", $UserID);
+
+        G::$DB->set_query_id($QueryID);
+        G::$Cache->delete_value("users_notifications_settings_$UserID");
+    }
+
+    public function is_traditional($Type)
+    {
+        return $this->Settings[$Type] === self::OPT_TRADITIONAL;
+    }
+
+    public function is_skipped($Type)
+    {
+        return isset($this->Skipped[$Type]);
+    }
+
+    public function use_noty()
+    {
+        return in_array(self::OPT_POPUP, $this->Settings);
+    }
+}

classes/notificationsmanagerview.class.php

@@ -0,0 +1,140 @@
+<?php
+declare(strict_types=1);
+
+class NotificationsManagerView
+{
+    private static $Settings;
+
+    public static function load_js()
+    {
+        $ENV = ENV::go();
+
+        # Adapted from design/privateheader.php
+        $Scripts = [
+          'vendor/noty/packaged/jquery.noty.packaged.min',
+          'vendor/noty/layouts/bottomRight',
+          'vendor/noty/themes/relax',
+          'user_notifications'
+        ];
+
+        foreach ($Scripts as $Script) {
+            echo View::pushAsset(
+                "$ENV->STATIC_SERVER/functions/$Script.js",
+                'script'
+            );
+        }
+    }
+
+    public static function render_settings($Settings)
+    {
+        $ENV = ENV::go();
+        self::$Settings = $Settings; ?>
+<tr>
+  <td class="label">
+    <strong>News Announcements</strong>
+  </td>
+
+  <td>
+    <?php self::render_checkbox(NotificationsManager::NEWS); ?>
+  </td>
+</tr>
+
+<tr>
+  <td class="label">
+    <strong>Blog Announcements</strong>
+  </td>
+
+  <td>
+    <?php self::render_checkbox(NotificationsManager::BLOG); ?>
+  </td>
+</tr>
+
+<tr>
+  <td class="label">
+    <strong>Inbox Messages</strong>
+  </td>
+
+  <td>
+    <?php self::render_checkbox(NotificationsManager::INBOX, true); ?>
+  </td>
+</tr>
+
+<tr>
+  <td class="label tooltip"
+    title="Notify when you receive a new private message from <?= $ENV->SITE_NAME ?> staff">
+    <strong>Staff Messages</strong>
+  </td>
+
+  <td>
+    <?php self::render_checkbox(NotificationsManager::STAFFPM, false, false); ?>
+  </td>
+</tr>
+
+<tr>
+  <td class="label">
+    <strong>Thread Subscriptions</strong>
+  </td>
+
+  <td>
+    <?php self::render_checkbox(NotificationsManager::SUBSCRIPTIONS, false, false); ?>
+  </td>
+</tr>
+
+<tr>
+  <td class="label tooltip" title="Notify whenever someone quotes you in the forums">
+    <strong>Quote Notifications</strong>
+  </td>
+  <td>
+    <?php self::render_checkbox(NotificationsManager::QUOTES); ?>
+  </td>
+</tr>
+
+<?php if (check_perms('site_torrents_notify')) { ?>
+<tr>
+  <td class="label tooltip" title="Notify when your torrent notification filters are triggered">
+    <strong>Torrent Notifications</strong>
+  </td>
+
+  <td>
+    <?php self::render_checkbox(NotificationsManager::TORRENTS, true, false); ?>
+  </td>
+</tr>
+<?php } ?>
+
+<tr>
+  <td class="label tooltip" title="Notify when a torrent is added to a subscribed collage">
+    <strong>Collage Subscriptions</strong>
+  </td>
+
+  <td>
+    <?php self::render_checkbox(NotificationsManager::COLLAGES. false, false); ?>
+  </td>
+</tr>
+<?php
+    }
+
+    private static function render_checkbox($Name, $Traditional = false)
+    {
+        $Checked = self::$Settings[$Name];
+        $PopupChecked = $Checked === NotificationsManager::OPT_POPUP || !isset($Checked) ? ' checked="checked"' : '';
+        $TraditionalChecked = $Checked === NotificationsManager::OPT_TRADITIONAL ? ' checked="checked"' : ''; ?>
+<label>
+  <input type="checkbox" name="notifications_<?=$Name?>_popup"
+    id="notifications_<?=$Name?>_popup" <?=$PopupChecked?> />
+  Pop-up
+</label>
+<?php if ($Traditional) { ?>
+<label>
+  <input type="checkbox" name="notifications_<?=$Name?>_traditional"
+    id="notifications_<?=$Name?>_traditional" <?=$TraditionalChecked?> />
+  Traditional
+</label>
+<?php
+      }
+    }
+
+    public static function format_traditional($Contents)
+    {
+        return "<a href=\"$Contents[url]\">$Contents[message]</a>";
+    }
+}

classes/paranoia.class.php

@@ -0,0 +1,115 @@
+<?php
+
+// Note: at the time this file is loaded, check_perms is not defined.
+// Don't call check_paranoia in /classes/script_start.php without ensuring check_perms has been defined
+
+// The following are used throughout the site:
+// uploaded, ratio, downloaded: stats
+// lastseen: approximate time the user last used the site
+// uploads: the full list of the user's uploads
+// uploads+: just how many torrents the user has uploaded
+// snatched, seeding, leeching: the list of the user's snatched torrents, seeding torrents, and leeching torrents respectively
+// snatched+, seeding+, leeching+: the length of those lists respectively
+// uniquegroups, perfectflacs: the list of the user's uploads satisfying a particular criterion
+// uniquegroups+, perfectflacs+: the length of those lists
+// If "uploads+" is disallowed, so is "uploads". So if "uploads" is in the array, the user is a little paranoid, "uploads+", very paranoid.
+
+// The following are almost only used in /sections/user/user.php:
+// requiredratio
+// requestsfilled_count: the number of requests the user has filled
+//   requestsfilled_bounty: the bounty thus earned
+//   requestsfilled_list: the actual list of requests the user has filled
+// requestsvoted_...: similar
+// artistsadded: the number of artists the user has added
+// torrentcomments: the list of comments the user has added to torrents
+//   +
+// collages: the list of collages the user has created
+//   +
+// collagecontribs: the list of collages the user has contributed to
+//   +
+// invitedcount: the number of users this user has directly invited
+
+/**
+ * Return whether currently logged in user can see $Property on a user with $Paranoia, $UserClass and (optionally) $UserID
+ * If $Property is an array of properties, returns whether currently logged in user can see *all* $Property ...
+ *
+ * @param $Property The property to check, or an array of properties.
+ * @param $Paranoia The paranoia level to check against.
+ * @param $UserClass The user class to check against (Staff can see through paranoia of lower classed staff)
+ * @param $UserID Optional. The user ID of the person being viewed
+ * @return mixed 1 representing the user has normal access
+ *               2 representing that the paranoia was overridden,
+ *               false representing access denied.
+ */
+define("PARANOIA_ALLOWED", 1);
+define("PARANOIA_OVERRIDDEN", 2);
+
+function check_paranoia($Property, $Paranoia = false, $UserClass = false, $UserID = false)
+{
+    global $Classes;
+    if ($Property == false) {
+        return false;
+    }
+
+    if (!is_array($Paranoia)) {
+        $Paranoia = json_decode($Paranoia, true);
+    }
+
+    if (!is_array($Paranoia)) {
+        $Paranoia = [];
+    }
+
+    if (is_array($Property)) {
+        $all = true;
+        foreach ($Property as $P) {
+            $all = $all && check_paranoia($P, $Paranoia, $UserClass, $UserID);
+        }
+        return $all;
+    } else {
+        if (($UserID !== false) && (G::$LoggedUser['ID'] == $UserID)) {
+            return PARANOIA_ALLOWED;
+        }
+
+        $May = !in_array($Property, $Paranoia) && !in_array($Property . '+', $Paranoia);
+        if ($May) {
+            return PARANOIA_ALLOWED;
+        }
+
+        if (check_perms('users_override_paranoia', $UserClass)) {
+            return PARANOIA_OVERRIDDEN;
+        }
+
+        $Override=false;
+        switch ($Property) {
+          case 'downloaded':
+          case 'ratio':
+          case 'uploaded':
+          case 'lastseen':
+            if (check_perms('users_mod', $UserClass)) {
+                return PARANOIA_OVERRIDDEN;
+            }
+            break;
+
+          case 'snatched': case 'snatched+':
+            if (check_perms('users_view_torrents_snatchlist', $UserClass)) {
+                return PARANOIA_OVERRIDDEN;
+            }
+            break;
+
+          case 'uploads': case 'uploads+':
+          case 'seeding': case 'seeding+':
+          case 'leeching': case 'leeching+':
+            if (check_perms('users_view_seedleech', $UserClass)) {
+                return PARANOIA_OVERRIDDEN;
+            }
+            break;
+            
+          case 'invitedcount':
+            if (check_perms('users_view_invites', $UserClass)) {
+                return PARANOIA_OVERRIDDEN;
+            }
+            break;
+        }
+        return false;
+    }
+}

classes/permissions.class.php

@@ -0,0 +1,112 @@
+<?php
+
+class Permissions
+{
+    /* Check to see if a user has the permission to perform an action
+     * This is called by check_perms in util.php, for convenience.
+     *
+     * @param string PermissionName
+     * @param string $MinClass Return false if the user's class level is below this.
+     */
+    public static function check_perms($PermissionName, $MinClass = 0)
+    {
+        if (G::$LoggedUser['EffectiveClass'] >= 1000) {
+            return true;
+        } // Sysops can do anything
+
+        if (G::$LoggedUser['EffectiveClass'] < $MinClass) {
+            return false;
+        } // MinClass failure
+    return G::$LoggedUser['Permissions'][$PermissionName] ?? false; // Return actual permission
+    }
+
+    /**
+     * Gets the permissions associated with a certain permissionid
+     *
+     * @param int $PermissionID the kind of permissions to fetch
+     * @return array permissions
+     */
+    public static function get_permissions($PermissionID)
+    {
+        $Permission = G::$Cache->get_value("perm_$PermissionID");
+        if (empty($Permission)) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT Level AS Class, `Values` AS Permissions, Secondary, PermittedForums
+            FROM permissions
+              WHERE ID = '$PermissionID'");
+
+            $Permission = G::$DB->next_record(MYSQLI_ASSOC, ['Permissions']);
+            G::$DB->set_query_id($QueryID);
+            $Permission['Permissions'] = unserialize($Permission['Permissions']);
+            G::$Cache->cache_value("perm_$PermissionID", $Permission, 2592000);
+        }
+        return $Permission;
+    }
+
+    /**
+     * Get a user's permissions.
+     *
+     * @param $UserID
+     * @param array|false $CustomPermissions
+     *  Pass in the user's custom permissions if you already have them.
+     *  Leave false if you don't have their permissions. The function will fetch them.
+     * @return array Mapping of PermissionName=>bool/int
+     */
+    public static function get_permissions_for_user($UserID, $CustomPermissions = false)
+    {
+        $UserInfo = Users::user_info($UserID);
+
+        // Fetch custom permissions if they weren't passed in.
+        if ($CustomPermissions === false) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query('
+            SELECT CustomPermissions
+            FROM users_main
+              WHERE ID = ' . (int)$UserID);
+
+            list($CustomPermissions) = G::$DB->next_record(MYSQLI_NUM, false);
+            G::$DB->set_query_id($QueryID);
+        }
+
+        if (!empty($CustomPermissions) && !is_array($CustomPermissions)) {
+            $CustomPermissions = unserialize($CustomPermissions);
+        }
+
+        $Permissions = self::get_permissions($UserInfo['PermissionID']);
+
+        // Manage 'special' inherited permissions
+        $BonusPerms = [];
+        $BonusCollages = 0;
+
+        foreach ($UserInfo['ExtraClasses'] as $PermID => $Value) {
+            $ClassPerms = self::get_permissions($PermID);
+            $BonusCollages += $ClassPerms['Permissions']['MaxCollages'];
+            unset($ClassPerms['Permissions']['MaxCollages']);
+            $BonusPerms = array_merge($BonusPerms, $ClassPerms['Permissions']);
+        }
+
+        if (empty($CustomPermissions)) {
+            $CustomPermissions = [];
+        }
+
+        $MaxCollages = ($Permissions['Permissions']['MaxCollages'] ?? 0) + $BonusCollages;
+        if (isset($CustomPermissions['MaxCollages'])) {
+            $MaxCollages += $CustomPermissions['MaxCollages'];
+            unset($CustomPermissions['MaxCollages']);
+        }
+        $Permissions['Permissions']['MaxCollages'] = $MaxCollages;
+
+        // Combine the permissions
+        return array_merge(
+            $Permissions['Permissions'],
+            $BonusPerms,
+            $CustomPermissions
+        );
+    }
+
+    public static function is_mod($UserID)
+    {
+        return self::get_permissions_for_user($UserID)['users_mod'] ?? false;
+    }
+}

classes/permissions_form.php

@@ -0,0 +1,278 @@
+<?php
+
+/********************************************************************************
+ ************ Permissions form ********************** user.php and tools.php ****
+ ********************************************************************************
+ ** This function is used to create both the class permissions form, and the   **
+ ** user custom permissions form.                                              **
+ ********************************************************************************/
+
+$PermissionsArray = array(
+  'site_leech' => 'Can leech (Does this work?).',
+  'site_upload' => 'Upload torrent access.',
+  'site_vote' => 'Request vote access.',
+  'site_submit_requests' => 'Request create access.',
+  'site_advanced_search' => 'Advanced search access.',
+  'site_top10' => 'Top 10 access.',
+  'site_advanced_top10' => 'Advanced Top 10 access.',
+  'site_torrents_notify' => 'Notifications access.',
+  'site_collages_create' => 'Collage create access.',
+  'site_collages_manage' => 'Collage manage access.',
+  'site_collages_delete' => 'Collage delete access.',
+  'site_collages_subscribe' => 'Collage subscription access.',
+  'site_collages_personal' => 'Can have a personal collage.',
+  'site_collages_renamepersonal' => 'Can rename own personal collages.',
+  'site_make_bookmarks' => 'Bookmarks access.',
+  'site_edit_wiki' => 'Wiki edit access.',
+  'site_can_invite_always' => 'Can invite past user limit.',
+  'site_send_unlimited_invites' => 'Unlimited invites.',
+  'site_moderate_requests' => 'Request moderation access.',
+  'site_delete_artist' => 'Can delete artists (must be able to delete torrents+requests).',
+  'site_moderate_forums' => 'Forum moderation access.',
+  'site_admin_forums' => 'Forum administrator access.',
+  'site_forums_double_post' => 'Can double post in the forums.',
+  'site_view_flow' => 'Can view stats and data pools.',
+  'site_view_full_log' => 'Can view old log entries.',
+  'site_view_torrent_snatchlist' => 'Can view torrent snatch lists.',
+  'site_recommend_own' => 'Can recommend own torrents.',
+  'site_manage_recommendations' => 'Recommendations management access.',
+  'site_delete_tag' => 'Can delete tags.',
+  'site_disable_ip_history' => 'Disable IP history.',
+  'zip_downloader' => 'Download multiple torrents at once.',
+  'site_debug' => 'Developer access.',
+  'site_proxy_images' => 'Image proxy & anti-canary.',
+  'site_search_many' => 'Can go past low limit of search results.',
+  'site_ratio_watch_immunity' => 'Immune from being put on ratio watch.',
+  'users_edit_usernames' => 'Can edit usernames.',
+  'users_edit_ratio' => 'Can edit anyone\'s upload/download amounts.',
+  'users_edit_own_ratio' => 'Can edit own upload/download amounts.',
+  'users_edit_titles' => 'Can edit titles.',
+  'users_edit_avatars' => 'Can edit avatars.',
+  'users_edit_invites' => 'Can edit invite numbers and cancel sent invites.',
+  'users_edit_watch_hours' => 'Can edit contrib watch hours.',
+  'users_edit_reset_keys' => 'Can reset passkey/authkey.',
+  'users_edit_profiles' => 'Can edit anyone\'s profile.',
+  'users_view_friends' => 'Can view anyone\'s friends.',
+  'users_reset_own_keys' => 'Can reset own passkey/authkey.',
+  'users_edit_password' => 'Can change passwords.',
+  'users_promote_below' => 'Can promote users to below current level.',
+  'users_promote_to' => 'Can promote users up to current level.',
+  'users_give_donor' => 'Can give donor access.',
+  'users_warn' => 'Can warn users.',
+  'users_disable_users' => 'Can disable users.',
+  'users_disable_posts' => 'Can disable users\' posting privileges.',
+  'users_disable_any' => 'Can disable any users\' rights.',
+  'users_delete_users' => 'Can delete users.',
+  'users_view_invites' => 'Can view who user has invited.',
+  'users_view_seedleech' => 'Can view what a user is seeding or leeching.',
+  'users_view_uploaded' => 'Can view a user\'s uploads, regardless of privacy level.',
+  'users_view_keys' => 'Can view passkeys.',
+  'users_view_ips' => 'Can view IP addresses.',
+  'users_view_email' => 'Can view email addresses.',
+  'users_invite_notes' => 'Can add a staff note when inviting someone.',
+  'users_override_paranoia' => 'Can override paranoia.',
+  'users_logout' => 'Can log users out (old?).',
+  'users_make_invisible' => 'Can make users invisible.',
+  'users_mod' => 'Basic moderator tools.',
+  'torrents_edit' => 'Can edit any torrent.',
+  'torrents_delete' => 'Can delete torrents.',
+  'torrents_delete_fast' => 'Can delete more than 3 torrents at a time.',
+  'torrents_freeleech' => 'Can make torrents freeleech.',
+  'torrents_search_fast' => 'Rapid search (for scripts).',
+  'torrents_hide_dnu' => 'Hide the Do Not Upload list by default.',
+  'torrents_fix_ghosts' => 'Can fix "ghost" groups on artist pages.',
+  'screenshots_add' => 'Can add screenshots to any torrent and delete their own screenshots.',
+  'screenshots_delete' => 'Can delete any screenshot from any torrent.',
+  'admin_manage_news' => 'Can manage site news.',
+  'admin_manage_blog' => 'Can manage the site blog.',
+  'admin_manage_polls' => 'Can manage polls.',
+  'admin_manage_forums' => 'Can manage forums (add/edit/delete).',
+  'admin_manage_fls' => 'Can manage FLS.',
+  'admin_reports' => 'Can access reports system.',
+  'admin_advanced_user_search' => 'Can access advanced user search.',
+  'admin_create_users' => 'Can create users through an administrative form.',
+  'admin_donor_log' => 'Can view the donor log.',
+  'admin_manage_ipbans' => 'Can manage IP bans.',
+  'admin_dnu' => 'Can manage do not upload list.',
+  'admin_clear_cache' => 'Can clear cached.',
+  'admin_whitelist' => 'Can manage the list of allowed clients.',
+  'admin_manage_permissions' => 'Can edit permission classes/user permissions.',
+  'admin_schedule' => 'Can run the site schedule.',
+  'admin_login_watch' => 'Can manage login watch.',
+  'admin_manage_wiki' => 'Can manage wiki access.',
+  'admin_update_geoip' => 'Can update geoIP data.',
+  'site_collages_recover' => 'Can recover \'deleted\' collages.',
+  'torrents_add_artist' => 'Can add artists to any group.',
+  'edit_unknowns' => 'Can edit unknown release information.',
+  'forums_polls_create' => 'Can create polls in the forums.',
+  'forums_polls_moderate' => 'Can feature and close polls.',
+  'project_team' => 'Is part of the project team.',
+  'torrents_edit_vanityhouse' => 'Can mark groups as part of Vanity House.',
+  'artist_edit_vanityhouse' => 'Can mark artists as part of Vanity House.',
+  'site_tag_aliases_read' => 'Can view the list of tag aliases.'
+);
+
+function permissions_form()
+{
+    ?>
+<div class="permissions">
+  <div class="permission_container">
+    <table>
+      <tr class="colhead">
+        <td>Site</td>
+      </tr>
+      <tr>
+        <td>
+          <?php
+    display_perm('site_leech', 'Can leech.');
+    display_perm('site_upload', 'Can upload.');
+    display_perm('site_vote', 'Can vote on requests.');
+    display_perm('site_submit_requests', 'Can submit requests.');
+    display_perm('site_advanced_search', 'Can use advanced search.');
+    display_perm('site_top10', 'Can access top 10.');
+    display_perm('site_torrents_notify', 'Can access torrents notifications system.');
+    display_perm('site_collages_create', 'Can create collages.');
+    display_perm('site_collages_manage', 'Can manage collages (add torrents, sorting).');
+    display_perm('site_collages_delete', 'Can delete collages.');
+    display_perm('site_collages_subscribe', 'Can access collage subscriptions.');
+    display_perm('site_collages_personal', 'Can have a personal collage.');
+    display_perm('site_collages_renamepersonal', 'Can rename own personal collages.');
+    display_perm('site_advanced_top10', 'Can access advanced top 10.');
+    display_perm('site_make_bookmarks', 'Can make bookmarks.');
+    display_perm('site_edit_wiki', 'Can edit wiki pages.');
+    display_perm('site_can_invite_always', 'Can invite users even when invites are closed.');
+    display_perm('site_send_unlimited_invites', 'Can send unlimited invites.');
+    display_perm('site_moderate_requests', 'Can moderate any request.');
+    display_perm('site_delete_artist', 'Can delete artists (must be able to delete torrents+requests).');
+    display_perm('forums_polls_create', 'Can create polls in the forums.');
+    display_perm('forums_polls_moderate', 'Can feature and close polls.');
+    display_perm('site_moderate_forums', 'Can moderate the forums.');
+    display_perm('site_admin_forums', 'Can administrate the forums.');
+    display_perm('site_view_flow', 'Can view site stats and data pools.');
+    display_perm('site_view_full_log', 'Can view the full site log.');
+    display_perm('site_view_torrent_snatchlist', 'Can view torrent snatch lists.');
+    display_perm('site_recommend_own', 'Can add own torrents to recommendations list.');
+    display_perm('site_manage_recommendations', 'Can edit recommendations list.');
+    display_perm('site_delete_tag', 'Can delete tags.');
+    display_perm('site_disable_ip_history', 'Disable IP history.');
+    display_perm('zip_downloader', 'Download multiple torrents at once.');
+    display_perm('site_debug', 'View site debug tables.');
+    display_perm('site_proxy_images', 'Proxy images through the server.');
+    display_perm('site_search_many', 'Can go past low limit of search results.');
+    display_perm('site_collages_recover', 'Can recover \'deleted\' collages.');
+    display_perm('site_forums_double_post', 'Can double post in the forums.');
+    display_perm('project_team', 'Part of the project team.');
+    display_perm('site_tag_aliases_read', 'Can view the list of tag aliases.');
+    display_perm('site_ratio_watch_immunity', 'Immune from being put on ratio watch.'); ?>
+        </td>
+      </tr>
+    </table>
+  </div>
+
+  <div class="permission_container">
+    <table>
+      <tr class="colhead">
+        <td>Users</td>
+      </tr>
+      <tr>
+        <td>
+          <?php
+    display_perm('users_edit_usernames', 'Can edit usernames.');
+    display_perm('users_edit_ratio', 'Can edit anyone\'s upload/download amounts.');
+    display_perm('users_edit_own_ratio', 'Can edit own upload/download amounts.');
+    display_perm('users_edit_titles', 'Can edit titles.');
+    display_perm('users_edit_avatars', 'Can edit avatars.');
+    display_perm('users_edit_invites', 'Can edit invite numbers and cancel sent invites.');
+    display_perm('users_edit_watch_hours', 'Can edit contrib watch hours.');
+    display_perm('users_edit_reset_keys', 'Can reset any passkey/authkey.');
+    display_perm('users_edit_profiles', 'Can edit anyone\'s profile.');
+    display_perm('users_edit_badges', 'Can edit anyone\'s badges.');
+    display_perm('users_view_friends', 'Can view anyone\'s friends.');
+    display_perm('users_reset_own_keys', 'Can reset own passkey/authkey.');
+    display_perm('users_edit_password', 'Can change password.');
+    display_perm('users_promote_below', 'Can promote users to below current level.');
+    display_perm('users_promote_to', 'Can promote users up to current level.');
+    display_perm('users_give_donor', 'Can give donor access.');
+    display_perm('users_warn', 'Can warn users.');
+    display_perm('users_disable_users', 'Can disable users.');
+    display_perm('users_disable_posts', 'Can disable users\' posting privileges.');
+    display_perm('users_disable_any', 'Can disable any users\' rights.');
+    display_perm('users_delete_users', 'Can delete anyone\'s account');
+    display_perm('users_view_invites', 'Can view who user has invited');
+    display_perm('users_view_seedleech', 'Can view what a user is seeding or leeching');
+    display_perm('users_view_uploaded', 'Can view a user\'s uploads, regardless of privacy level');
+    display_perm('users_view_keys', 'Can view passkeys');
+    display_perm('users_view_ips', 'Can view IP addresses');
+    display_perm('users_view_email', 'Can view email addresses');
+    display_perm('users_invite_notes', 'Can add a staff note when inviting someone.');
+    display_perm('users_override_paranoia', 'Can override paranoia');
+    display_perm('users_make_invisible', 'Can make users invisible');
+    display_perm('users_logout', 'Can log users out');
+    display_perm('users_mod', 'Can access basic moderator tools (Admin comment)'); ?>
+          * Everything is only applicable to users with the same or lower class level
+        </td>
+      </tr>
+    </table>
+  </div>
+
+  <div class="permission_container">
+    <table>
+      <tr class="colhead">
+        <td>Torrents</td>
+      </tr>
+      <tr>
+        <td>
+          <?php
+    display_perm('torrents_edit', 'Can edit any torrent');
+    display_perm('torrents_delete', 'Can delete torrents');
+    display_perm('torrents_delete_fast', 'Can delete more than 3 torrents at a time.');
+    display_perm('torrents_freeleech', 'Can make torrents freeleech');
+    display_perm('torrents_search_fast', 'Unlimit search frequency (for scripts).');
+    display_perm('torrents_add_artist', 'Can add artists to any group.');
+    display_perm('edit_unknowns', 'Can edit unknown release information.');
+    display_perm('torrents_edit_vanityhouse', 'Can mark groups as part of Vanity House.');
+    display_perm('artist_edit_vanityhouse', 'Can mark artists as part of Vanity House.');
+    display_perm('torrents_hide_dnu', 'Hide the Do Not Upload list by default.');
+    display_perm('torrents_fix_ghosts', 'Can fix ghost groups on artist pages.');
+    display_perm('screenshots_add', 'Can add screenshots to any torrent and delete their own screenshots.');
+    display_perm('screenshots_delete', 'Can delete any screenshot from any torrent.'); ?>
+        </td>
+      </tr>
+    </table>
+  </div>
+
+  <div class="permission_container">
+    <table>
+      <tr class="colhead">
+        <td>Administrative</td>
+      </tr>
+      <tr>
+        <td>
+          <?php
+    display_perm('admin_manage_news', 'Can manage site news');
+    display_perm('admin_manage_blog', 'Can manage the site blog');
+    display_perm('admin_manage_polls', 'Can manage polls');
+    display_perm('admin_manage_forums', 'Can manage forums (add/edit/delete)');
+    display_perm('admin_manage_fls', 'Can manage FLS');
+    display_perm('admin_reports', 'Can access reports system');
+    display_perm('admin_advanced_user_search', 'Can access advanced user search');
+    display_perm('admin_create_users', 'Can create users through an administrative form');
+    display_perm('admin_donor_log', 'Can view the donor log');
+    display_perm('admin_manage_ipbans', 'Can manage IP bans');
+    display_perm('admin_dnu', 'Can manage do not upload list');
+    display_perm('admin_clear_cache', 'Can clear cached pages');
+    display_perm('admin_whitelist', 'Can manage the list of allowed clients.');
+    display_perm('admin_manage_permissions', 'Can edit permission classes/user permissions.');
+    display_perm('admin_schedule', 'Can run the site schedule.');
+    display_perm('admin_login_watch', 'Can manage login watch.');
+    display_perm('admin_manage_wiki', 'Can manage wiki access.');
+    display_perm('admin_update_geoip', 'Can update geoIP data.'); ?>
+        </td>
+      </tr>
+    </table>
+  </div>
+
+  <div class="submit_container"><input type="submit" name="submit" value="Save Permission Class" /></div>
+</div>
+<?php
+}

classes/proxies.class.php

@@ -0,0 +1,45 @@
+<?php
+
+// Useful: http://www.robtex.com/cnet/
+$AllowedProxies = array(
+  // Opera Turbo (may include Opera-owned IP addresses that aren't used for Turbo, but shouldn't run much risk of exploitation)
+  '64.255.180.*', // Norway
+  '64.255.164.*', // Norway
+  '80.239.242.*', // Poland
+  '80.239.243.*', // Poland
+  '91.203.96.*', // Norway
+  '94.246.126.*', // Norway
+  '94.246.127.*', // Norway
+  '195.189.142.*', // Norway
+  '195.189.143.*', // Norway
+);
+
+function proxyCheck($IP)
+{
+    global $AllowedProxies;
+    for ($i = 0, $il = count($AllowedProxies); $i < $il; ++$i) {
+        // Based on the wildcard principle it should never be shorter
+        if (strlen($IP) < strlen($AllowedProxies[$i])) {
+            continue;
+        }
+
+        // Since we're matching bit for bit iterating from the start
+        for ($j = 0, $jl = strlen($IP); $j < $jl; ++$j) {
+            // Completed iteration and no inequality
+            if ($j == $jl - 1 && $IP[$j] === $AllowedProxies[$i][$j]) {
+                return true;
+            }
+
+            // Wildcard
+            if ($AllowedProxies[$i][$j] === '*') {
+                return true;
+            }
+
+            // Inequality found
+            if ($IP[$j] !== $AllowedProxies[$i][$j]) {
+                break;
+            }
+        }
+    }
+    return false;
+}

classes/reports.class.php

@@ -0,0 +1,30 @@
+<?php
+
+class Reports
+{
+    /**
+     * This function formats a string containing a torrent's remaster information
+     * to be used in Reports v2.
+     *
+     * @param boolean  $Remastered - whether the torrent contains remaster information
+     * @param string   $RemasterTitle - the title of the remaster information
+     * @param string   $RemasterYear - the year of the remaster information
+     */
+    public static function format_reports_remaster_info($Remastered, $RemasterTitle, $RemasterYear)
+    {
+        if ($Remastered) {
+            $RemasterDisplayString = ' &lt;';
+            if ($RemasterTitle !== '' && $RemasterYear !== '') {
+                $RemasterDisplayString .= "$RemasterTitle - $RemasterYear";
+            } elseif ($RemasterTitle !== '' && $RemasterYear === '') {
+                $RemasterDisplayString .= $RemasterTitle;
+            } elseif ($RemasterTitle === '' && $RemasterYear !== '') {
+                $RemasterDisplayString .= $RemasterYear;
+            }
+            $RemasterDisplayString .= '&gt;';
+        } else {
+            $RemasterDisplayString = '';
+        }
+        return $RemasterDisplayString;
+    }
+}

classes/requests.class.php

@@ -0,0 +1,264 @@
+<?php
+#declare(strict_types=1);
+
+class Requests
+{
+    /**
+     * Update the sphinx requests delta table for a request.
+     *
+     * @param $RequestID
+     */
+    public static function update_sphinx_requests($RequestID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT REPLACE(t.Name, '.', '_')
+        FROM tags AS t
+          JOIN requests_tags AS rt ON t.ID = rt.TagID
+          WHERE rt.RequestID = $RequestID");
+
+        $TagList = G::$DB->collect(0, false);
+        $TagList = db_string(implode(' ', $TagList));
+
+        G::$DB->query("
+        REPLACE INTO sphinx_requests_delta (
+          ID, UserID, TimeAdded, LastVote, CategoryID, Title, TagList,
+          CatalogueNumber, FillerID, TorrentID,
+          TimeFilled, Visible, Votes, Bounty)
+        SELECT
+          ID, r.UserID, UNIX_TIMESTAMP(TimeAdded) AS TimeAdded,
+          UNIX_TIMESTAMP(LastVote) AS LastVote, CategoryID, Title, '$TagList',
+          CatalogueNumber, FillerID, TorrentID,
+          UNIX_TIMESTAMP(TimeFilled) AS TimeFilled, Visible,
+          COUNT(rv.UserID) AS Votes, SUM(rv.Bounty) >> 10 AS Bounty
+        FROM requests AS r
+          LEFT JOIN requests_votes AS rv ON rv.RequestID = r.ID
+        WHERE ID = $RequestID
+          GROUP BY r.ID");
+
+        G::$DB->query("
+        UPDATE sphinx_requests_delta
+        SET ArtistList = (
+          SELECT GROUP_CONCAT(ag.Name SEPARATOR ' ')
+          FROM requests_artists AS ra
+            JOIN artists_group AS ag ON ag.ArtistID = ra.ArtistID
+          WHERE ra.RequestID = $RequestID
+            GROUP BY NULL
+        )
+          WHERE ID = $RequestID");
+
+        G::$DB->set_query_id($QueryID);
+        G::$Cache->delete_value("request_$RequestID");
+    }
+
+    /**
+     * Function to get data from an array of $RequestIDs. Order of keys doesn't matter (let's keep it that way).
+     *
+     * @param array $RequestIDs
+     * @param boolean $Return if set to false, data won't be returned (ie. if we just want to prime the cache.)
+     * @return The array of requests.
+     * Format: array(RequestID => Associative array)
+     * To see what's exactly inside each associate array, peek inside the function. It won't bite.
+     */
+    // In places where the output from this is merged with sphinx filters, it will be in a different order.
+    public static function get_requests($RequestIDs, $Return = true)
+    {
+        $Found = $NotFound = array_fill_keys($RequestIDs, false);
+        // Try to fetch the requests from the cache first.
+        foreach ($RequestIDs as $i => $RequestID) {
+            if (!is_number($RequestID)) {
+                unset($RequestIDs[$i], $Found[$GroupID], $NotFound[$GroupID]);
+                continue;
+            }
+
+            $Data = G::$Cache->get_value("request_$RequestID");
+            if (!empty($Data)) {
+                unset($NotFound[$RequestID]);
+                $Found[$RequestID] = $Data;
+            }
+        }
+
+        // Make sure there's something in $RequestIDs, otherwise the SQL will break
+        if (count($RequestIDs) === 0) {
+            return [];
+        }
+        $IDs = implode(',', array_keys($NotFound));
+
+        /*
+         * Don't change without ensuring you change everything else that uses get_requests()
+         */
+
+        if (count($NotFound) > 0) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT
+              ID,
+              UserID,
+              TimeAdded,
+              LastVote,
+              CategoryID,
+              Title,
+              Title2,
+              TitleJP,
+              Image,
+              Description,
+              CatalogueNumber,
+              FillerID,
+              TorrentID,
+              TimeFilled,
+              GroupID
+            FROM requests
+              WHERE ID IN ($IDs)
+              ORDER BY ID");
+
+            $Requests = G::$DB->to_array(false, MYSQLI_ASSOC, true);
+            $Tags = self::get_tags(G::$DB->collect('ID', false));
+
+            foreach ($Requests as $Request) {
+                $Request['AnonymousFill'] = false;
+                if ($Request['FillerID']) {
+                    G::$DB->query("
+                    SELECT Anonymous
+                    FROM torrents
+                      WHERE ID = ".$Request['TorrentID']);
+
+                    list($Anonymous) = G::$DB->next_record();
+                    if ($Anonymous) {
+                        $Request['AnonymousFill'] = true;
+                    }
+                }
+
+                unset($NotFound[$Request['ID']]);
+                $Request['Tags'] = isset($Tags[$Request['ID']]) ? $Tags[$Request['ID']] : [];
+                $Found[$Request['ID']] = $Request;
+                G::$Cache->cache_value('request_'.$Request['ID'], $Request, 0);
+            }
+            G::$DB->set_query_id($QueryID);
+
+            // Orphan requests. There shouldn't ever be any
+            if (count($NotFound) > 0) {
+                foreach (array_keys($NotFound) as $GroupID) {
+                    unset($Found[$GroupID]);
+                }
+            }
+        }
+
+        if ($Return) { // If we're interested in the data, and not just caching it
+            return $Found;
+        }
+    }
+
+    /**
+     * Return a single request. Wrapper for get_requests
+     *
+     * @param int $RequestID
+     * @return request array or false if request doesn't exist. See get_requests for a description of the format
+     */
+    public static function get_request($RequestID)
+    {
+        $Request = self::get_requests(array($RequestID));
+        if (isset($Request[$RequestID])) {
+            return $Request[$RequestID];
+        }
+        return false;
+    }
+
+    public static function get_artists($RequestID)
+    {
+        $Artists = G::$Cache->get_value("request_artists_$RequestID");
+        if (is_array($Artists)) {
+            $Results = $Artists;
+        } else {
+            $Results = [];
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT
+              ra.ArtistID,
+              ag.Name
+            FROM requests_artists AS ra
+              JOIN artists_group AS ag ON ra.ArtistID = ag.ArtistID
+            WHERE ra.RequestID = $RequestID
+              ORDER BY ag.Name ASC;");
+
+            $ArtistRaw = G::$DB->to_array();
+            G::$DB->set_query_id($QueryID);
+
+            foreach ($ArtistRaw as $ArtistRow) {
+                list($ArtistID, $ArtistName) = $ArtistRow;
+                $Results[] = array('id' => $ArtistID, 'name' => $ArtistName);
+            }
+            G::$Cache->cache_value("request_artists_$RequestID", $Results);
+        }
+        return $Results;
+    }
+
+    public static function get_tags($RequestIDs)
+    {
+        if (empty($RequestIDs)) {
+            return [];
+        }
+
+        if (is_array($RequestIDs)) {
+            $RequestIDs = implode(',', $RequestIDs);
+        }
+
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT
+          rt.RequestID,
+          rt.TagID,
+          t.Name
+        FROM requests_tags AS rt
+          JOIN tags AS t ON rt.TagID = t.ID
+        WHERE rt.RequestID IN ($RequestIDs)
+          ORDER BY rt.TagID ASC");
+
+        $Tags = G::$DB->to_array(false, MYSQLI_NUM, false);
+        G::$DB->set_query_id($QueryID);
+
+        $Results = [];
+        foreach ($Tags as $TagsRow) {
+            list($RequestID, $TagID, $TagName) = $TagsRow;
+            $Results[$RequestID][$TagID] = $TagName;
+        }
+        return $Results;
+    }
+
+    public static function get_votes_array($RequestID)
+    {
+        $RequestVotes = G::$Cache->get_value("request_votes_$RequestID");
+        if (!is_array($RequestVotes)) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT
+              rv.UserID,
+              rv.Bounty,
+              u.Username
+            FROM requests_votes AS rv
+              LEFT JOIN users_main AS u ON u.ID = rv.UserID
+            WHERE rv.RequestID = $RequestID
+              ORDER BY rv.Bounty DESC");
+
+            if (!G::$DB->has_results()) {
+                return array(
+                    'TotalBounty' => 0,
+                    'Voters' => []);
+            }
+            $Votes = G::$DB->to_array();
+
+            $RequestVotes = [];
+            $RequestVotes['TotalBounty'] = array_sum(G::$DB->collect('Bounty'));
+
+            foreach ($Votes as $Vote) {
+                list($UserID, $Bounty, $Username) = $Vote;
+                $VoteArray = [];
+                $VotesArray[] = array('UserID' => $UserID, 'Username' => $Username, 'Bounty' => $Bounty);
+            }
+
+            $RequestVotes['Voters'] = $VotesArray;
+            G::$Cache->cache_value("request_votes_$RequestID", $RequestVotes);
+            G::$DB->set_query_id($QueryID);
+        }
+        return $RequestVotes;
+    }
+}

classes/revisionhistory.class.php

@@ -0,0 +1,30 @@
+<?php
+
+class RevisionHistory
+{
+    /**
+     * Read the revision history of an artist or torrent page
+     * @param string $Page artists or torrents
+     * @param in $PageID
+     * @return array
+     */
+    public static function get_revision_history($Page, $PageID)
+    {
+        $Table = ($Page == 'artists') ? 'wiki_artists' : 'wiki_torrents';
+        $QueryID = G::$DB->get_query_id();
+
+        G::$DB->query("
+        SELECT
+          RevisionID,
+          Summary,
+          Time,
+          UserID
+        FROM $Table
+          WHERE PageID = $PageID
+          ORDER BY RevisionID DESC");
+
+        $Ret = G::$DB->to_array();
+        G::$DB->set_query_id($QueryID);
+        return $Ret;
+    }
+}

classes/revisionhistoryview.class.php

@@ -0,0 +1,46 @@
+<?php
+
+class RevisionHistoryView
+{
+    /**
+     * Render the revision history
+     * @param array $RevisionHistory see RevisionHistory::get_revision_history
+     * @param string $BaseURL
+     */
+    public static function render_revision_history($RevisionHistory, $BaseURL)
+    {
+        ?>
+<table cellpadding="6" cellspacing="1" border="0" width="100%" class="box">
+  <tr class="colhead">
+    <td>Revision</td>
+    <td>Date</td>
+    <?php if (check_perms('users_mod')) { ?>
+    <td>User</td>
+    <?php } ?>
+    <td>Summary</td>
+  </tr>
+  <?php
+    foreach ($RevisionHistory as $Entry) {
+        list($RevisionID, $Summary, $Time, $UserID) = $Entry; ?>
+  <tr class="row">
+    <td>
+      <?= "<a href=\"$BaseURL&amp;revisionid=$RevisionID\">#$RevisionID</a>" ?>
+    </td>
+    <td>
+      <?=$Time?>
+    </td>
+    <?php if (check_perms('users_mod')) { ?>
+    <td>
+      <?=Users::format_username($UserID, false, false, false)?>
+    </td>
+    <?php } ?>
+    <td>
+      <?=($Summary ? $Summary : '(empty)')?>
+    </td>
+  </tr>
+  <?php
+    } ?>
+</table>
+<?php
+    }
+}

classes/script_start.php

@@ -0,0 +1,572 @@
+<?php
+#declare(strict_types=1);
+
+# https://www.php.net/manual/en/language.oop5.autoload.php
+require_once 'config.php';
+require_once 'security.class.php';
+
+# Initialize
+$ENV = ENV::go();
+$Security = new Security();
+$Security->setupPitfalls();
+
+
+/*-- Script Start Class --------------------------------*/
+/*------------------------------------------------------*/
+/* This isnt really a class but a way to tie other      */
+/* classes and functions used all over the site to the  */
+/* page currently being displayed.                      */
+/*------------------------------------------------------*/
+/* The code that includes the main php files and    */
+/* generates the page are at the bottom.        */
+/*------------------------------------------------------*/
+/********************************************************/
+
+require SERVER_ROOT.'/classes/proxies.class.php';
+
+// Get the user's actual IP address if they're proxied.
+// Or if cloudflare is used
+if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
+    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
+}
+
+if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])
+    && proxyCheck($_SERVER['REMOTE_ADDR'])
+    && filter_var(
+        $_SERVER['HTTP_X_FORWARDED_FOR'],
+        FILTER_VALIDATE_IP,
+        FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE
+    )) {
+    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
+}
+
+if (!isset($argv) && !empty($_SERVER['HTTP_HOST'])) {
+    // Skip this block if running from cli or if the browser is old and shitty
+    // This should really be done in nginx config
+    // todo: Remove
+    if ($_SERVER['HTTP_HOST'] == 'www.'.SITE_DOMAIN) {
+        header('Location: https://'.SITE_DOMAIN.$_SERVER['REQUEST_URI']);
+        error();
+    }
+}
+
+$ScriptStartTime = microtime(true); // To track how long a page takes to create
+if (!defined('PHP_WINDOWS_VERSION_MAJOR')) {
+    $RUsage = getrusage();
+    $CPUTimeStart = $RUsage['ru_utime.tv_sec'] * 1000000 + $RUsage['ru_utime.tv_usec'];
+}
+ob_start(); // Start a buffer, mainly in case there is a mysql error
+
+require SERVER_ROOT.'/classes/debug.class.php'; // Require the debug class
+require SERVER_ROOT.'/classes/mysql.class.php'; // Require the database wrapper
+require SERVER_ROOT.'/classes/cache.class.php'; // Require the caching class
+require SERVER_ROOT.'/classes/time.class.php'; // Require the time class
+require SERVER_ROOT.'/classes/paranoia.class.php'; // Require the paranoia check_paranoia function
+require SERVER_ROOT.'/classes/util.php';
+
+$Debug = new DEBUG;
+$Debug->handle_errors();
+$Debug->set_flag('Debug constructed');
+
+$DB = new DB_MYSQL;
+$Cache = new Cache($ENV->getPriv('MEMCACHED_SERVERS'));
+
+// Autoload classes.
+require SERVER_ROOT.'/classes/autoload.php';
+
+// Note: G::initialize is called twice.
+// This is necessary as the code inbetween (initialization of $LoggedUser) makes use of G::$DB and G::$Cache.
+// todo: Remove one of the calls once we're moving everything into that class
+G::initialize();
+
+// Begin browser identification
+$Browser = UserAgent::browser($_SERVER['HTTP_USER_AGENT']);
+$OperatingSystem = UserAgent::operating_system($_SERVER['HTTP_USER_AGENT']);
+
+$Debug->set_flag('start user handling');
+
+// Get classes
+// todo: Remove these globals, replace by calls into Users
+list($Classes, $ClassLevels) = Users::get_classes();
+
+
+//-- Load user information
+// User info is broken up into many sections
+// Heavy - Things that the site never has to look at if the user isn't logged in (as opposed to things like the class, donor status, etc)
+// Light - Things that appear in format_user
+// Stats - Uploaded and downloaded - can be updated by a script if you want super speed
+// Session data - Information about the specific session
+// Enabled - if the user's enabled or not
+// Permissions
+
+
+/**
+ * JSON API token support
+ * @see https://github.com/OPSnet/Gazelle/commit/7c208fc4c396a16c77289ef886d0015db65f2af1#diff-2ea09cbf36b1d20fec7a6d7fc50780723b9f804c4e857003aa9a9c359dc9fd49
+ */
+
+// Set the document we are loading
+$Document = basename(parse_url($_SERVER['SCRIPT_NAME'], PHP_URL_PATH), '.php');
+
+$LoggedUser = [];
+$SessionID = false;
+$FullToken = null;
+
+// Only allow using the Authorization header for ajax endpoint
+if (!empty($_SERVER['HTTP_AUTHORIZATION']) && $Document === 'ajax') {
+    # Banned IP address
+    if (IPv4::isBanned($_SERVER['REMOTE_ADDR'])) {
+        header('Content-Type: application/json');
+        json_die('failure', 'your ip address has been banned');
+    }
+
+    # Invalid auth header type
+    # Bearer is correct according to RFC 6750
+    # https://tools.ietf.org/html/rfc6750
+    $AuthorizationHeader = explode(" ", (string) $_SERVER['HTTP_AUTHORIZATION']);
+    if (count($AuthorizationHeader) === 2) {
+        if ($AuthorizationHeader[0] !== 'Bearer') {
+            header('Content-Type: application/json');
+            json_die('failure', 'authorization type must be Bearer');
+        }
+        $FullToken = $AuthorizationHeader[1];
+    } else {
+        header('Content-Type: application/json');
+        json_die('failure', 'authorization type must be Bearer');
+    }
+
+    $Revoked = 1;
+    $UserID = (int) substr(Crypto::decrypt(base64UrlDecode($FullToken), $ENV->getPriv('ENCKEY')), 32);
+
+    if (!empty($UserID)) {
+        [$LoggedUser['ID'], $Revoked] =
+        G::$DB->row("
+        SELECT
+          `UserID`,
+          `Revoked`
+        FROM
+          `api_user_tokens`
+        WHERE
+          `UserID` = '$UserID'
+        ");
+    # AND `Token` = '$FullToken'
+    } else {
+        header('Content-Type: application/json');
+        json_die('failure', 'invalid token format');
+    }
+
+    # No user or revoked API token
+    if (empty($LoggedUser['ID']) || $Revoked === 1) {
+        log_token_attempt(G::$DB);
+        header('Content-Type: application/json');
+        json_die('failure', 'token user mismatch');
+    }
+
+    # Checks if a user exists
+    if (isset($LoggedUser['ID'])) {
+        #$UserID = (int) $LoggedUser['ID'];
+        #$Session = new Gazelle\Session($LoggedUser['ID']);
+    
+        # User doesn't own that token
+        if (!is_null($FullToken) && !Users::hasApiToken($UserID, $FullToken)) {
+            log_token_attempt(G::$DB, $LoggedUser['ID']);
+            header('Content-type: application/json');
+            json_die('failure', 'token revoked');
+        }
+    
+        # User is disabled
+        if (Users::isDisabled($UserID)) {
+            if (is_null($FullToken)) {
+                logout($LoggedUser['ID'], $SessionID);
+            } else {
+                log_token_attempt(G::$DB, $LoggedUser['ID']);
+                header('Content-type: application/json');
+                json_die('failure', 'user disabled');
+            }
+        }
+    }
+}
+
+/*
+# OPS pleasantly rewrote session handling
+$UserSessions = [];
+if (isset($_COOKIE['session'])) {
+    $LoginCookie = Crypto::decrypt($_COOKIE['session'], $ENV->getPriv('ENCKEY'));
+    if ($LoginCookie !== false) {
+        [$SessionID, $LoggedUser['ID']] = explode('|~|', Crypto::decrypt($LoginCookie, $ENV->getPriv('ENCKEY')));
+        $LoggedUser['ID'] = (int)$LoggedUser['ID'];
+
+        if (!$LoggedUser['ID'] || !$SessionID) {
+            logout($LoggedUser['ID'], $SessionID);
+        }
+
+        $Session = new Gazelle\Session($LoggedUser['ID']);
+        $UserSessions = $Session->sessions();
+        if (!array_key_exists($SessionID, $UserSessions)) {
+            logout($LoggedUser['ID'], $SessionID);
+        }
+    }
+}
+*/
+# End OPS API token additions
+
+
+/**
+ * Session handling and cookies
+ */
+if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {
+    $SessionID = $_COOKIE['session'];
+    $LoggedUser['ID'] = (int) $_COOKIE['userid'];
+
+    $UserID = $LoggedUser['ID']; // todo: UserID should not be LoggedUser
+    if (!$LoggedUser['ID'] || !$SessionID) {
+        logout();
+    }
+
+    $UserSessions = $Cache->get_value("users_sessions_$UserID");
+    if (!is_array($UserSessions)) {
+        $DB->query(
+            "
+        SELECT
+          SessionID,
+          Browser,
+          OperatingSystem,
+          IP,
+          LastUpdate
+        FROM users_sessions
+          WHERE UserID = '$UserID'
+          AND Active = 1
+        ORDER BY LastUpdate DESC"
+        );
+
+        $UserSessions = $DB->to_array('SessionID', MYSQLI_ASSOC);
+        $Cache->cache_value("users_sessions_$UserID", $UserSessions, 0);
+    }
+
+    if (!array_key_exists($SessionID, $UserSessions)) {
+        logout();
+    }
+
+    // Check if user is enabled
+    $Enabled = $Cache->get_value('enabled_'.$LoggedUser['ID']);
+    if ($Enabled === false) {
+        $DB->query("
+        SELECT Enabled
+          FROM users_main
+          WHERE ID = '$LoggedUser[ID]'");
+
+        list($Enabled) = $DB->next_record();
+        $Cache->cache_value('enabled_'.$LoggedUser['ID'], $Enabled, 0);
+    }
+
+    # todo: Check strict equality
+    if ($Enabled == 2) {
+        logout();
+    }
+
+    // Up/Down stats
+    $UserStats = $Cache->get_value('user_stats_'.$LoggedUser['ID']);
+    if (!is_array($UserStats)) {
+        $DB->query("
+        SELECT Uploaded AS BytesUploaded, Downloaded AS BytesDownloaded, RequiredRatio
+        FROM users_main
+          WHERE ID = '$LoggedUser[ID]'");
+
+        $UserStats = $DB->next_record(MYSQLI_ASSOC);
+        $Cache->cache_value('user_stats_'.$LoggedUser['ID'], $UserStats, 3600);
+    }
+
+    // Get info such as username
+    $LightInfo = Users::user_info($LoggedUser['ID']);
+    $HeavyInfo = Users::user_heavy_info($LoggedUser['ID']);
+
+
+    /**
+     * OPS API tokens
+     * @see https://github.com/OPSnet/Gazelle/commit/7c208fc4c396a16c77289ef886d0015db65f2af1#diff-2ea09cbf36b1d20fec7a6d7fc50780723b9f804c4e857003aa9a9c359dc9fd49
+     */
+    // TODO: These globals need to die, and just use $LoggedUser
+    // TODO: And then instantiate $LoggedUser from Gazelle\Session when needed
+    if (empty($LightInfo['Username'])) { // Ghost
+        logout($LoggedUser['ID'], $SessionID);
+        if (!is_null($FullToken)) {
+            #$UserID->flushCache();
+            log_token_attempt(G::$DB, $LoggedUser['ID']);
+            header('Content-type: application/json');
+            json_die('error', 'invalid token');
+        } else {
+            logout($LoggedUser['ID'], $SessionID);
+        }
+    }
+    # End OPS API token additions
+
+
+    // Create LoggedUser array
+    $LoggedUser = array_merge($HeavyInfo, $LightInfo, $UserStats);
+    $LoggedUser['RSS_Auth'] = md5($LoggedUser['ID'] . RSS_HASH . $LoggedUser['torrent_pass']);
+
+    // $LoggedUser['RatioWatch'] as a bool to disable things for users on Ratio Watch
+    $LoggedUser['RatioWatch'] = (
+        $LoggedUser['RatioWatchEnds']
+     && time() < strtotime($LoggedUser['RatioWatchEnds'])
+     && ($LoggedUser['BytesDownloaded'] * $LoggedUser['RequiredRatio']) > $LoggedUser['BytesUploaded']
+    );
+
+    // Load in the permissions
+    $LoggedUser['Permissions'] = Permissions::get_permissions_for_user($LoggedUser['ID'], $LoggedUser['CustomPermissions']);
+    $LoggedUser['Permissions']['MaxCollages'] += Donations::get_personal_collages($LoggedUser['ID']);
+
+    // Change necessary triggers in external components
+    $Cache->CanClear = check_perms('admin_clear_cache');
+
+    // Because we <3 our staff
+    if (check_perms('site_disable_ip_history')) {
+        $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
+    }
+
+    // Update LastUpdate every 10 minutes
+    if (strtotime($UserSessions[$SessionID]['LastUpdate']) + 600 < time()) {
+        $DB->query("
+        UPDATE users_main
+        SET LastAccess = NOW()
+        WHERE ID = '$LoggedUser[ID]'
+        ");
+
+        $SessionQuery =
+       "UPDATE users_sessions
+          SET ";
+
+        // Only update IP if we have an encryption key in memory
+        if (apcu_exists('DBKEY')) {
+            $SessionQuery .= "IP = '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."', ";
+        }
+
+        $SessionQuery .=
+       "Browser = '$Browser',
+        OperatingSystem = '$OperatingSystem',
+        LastUpdate = NOW()
+        WHERE UserID = '$LoggedUser[ID]'
+        AND SessionID = '".db_string($SessionID)."'";
+
+        $DB->query($SessionQuery);
+        $Cache->begin_transaction("users_sessions_$UserID");
+        $Cache->delete_row($SessionID);
+
+        $UsersSessionCache = array(
+        'SessionID' => $SessionID,
+        'Browser' => $Browser,
+        'OperatingSystem' => $OperatingSystem,
+        'IP' => (apcu_exists('DBKEY') ? Crypto::encrypt($_SERVER['REMOTE_ADDR']) : $UserSessions[$SessionID]['IP']),
+        'LastUpdate' => sqltime() );
+
+        $Cache->insert_front($SessionID, $UsersSessionCache);
+        $Cache->commit_transaction(0);
+    }
+
+    // Notifications
+    if (isset($LoggedUser['Permissions']['site_torrents_notify'])) {
+        $LoggedUser['Notify'] = $Cache->get_value('notify_filters_'.$LoggedUser['ID']);
+        if (!is_array($LoggedUser['Notify'])) {
+            $DB->query("
+            SELECT ID, Label
+            FROM users_notify_filters
+              WHERE UserID = '$LoggedUser[ID]'");
+
+            $LoggedUser['Notify'] = $DB->to_array('ID');
+            $Cache->cache_value('notify_filters_'.$LoggedUser['ID'], $LoggedUser['Notify'], 2592000);
+        }
+    }
+
+    // We've never had to disable the wiki privs of anyone.
+    if ($LoggedUser['DisableWiki']) {
+        unset($LoggedUser['Permissions']['site_edit_wiki']);
+    }
+
+    // IP changed
+    if (apcu_exists('DBKEY') && Crypto::decrypt($LoggedUser['IP']) != $_SERVER['REMOTE_ADDR'] && !check_perms('site_disable_ip_history')) {
+        if (Tools::site_ban_ip($_SERVER['REMOTE_ADDR'])) {
+            error('Your IP address has been banned.');
+        }
+
+        $CurIP = db_string($LoggedUser['IP']);
+        $NewIP = db_string($_SERVER['REMOTE_ADDR']);
+        $DB->query("
+        SELECT IP
+        FROM users_history_ips
+          WHERE EndTime IS NULL
+          AND UserID = '$LoggedUser[ID]'");
+
+        while (list($EncIP) = $DB->next_record()) {
+            if (Crypto::decrypt($EncIP) == $CurIP) {
+                $CurIP = $EncIP;
+                // CurIP is now the encrypted IP that was already in the database (for matching)
+                break;
+            }
+        }
+
+        $DB->query("
+        UPDATE users_history_ips
+        SET EndTime = NOW()
+          WHERE EndTime IS NULL
+          AND UserID = '$LoggedUser[ID]'
+          AND IP = '$CurIP'");
+
+        $DB->query("
+        INSERT IGNORE INTO users_history_ips
+          (UserID, IP, StartTime)
+        VALUES
+          ('$LoggedUser[ID]', '".Crypto::encrypt($NewIP)."', NOW())");
+
+        $ipcc = Tools::geoip($NewIP);
+        $DB->query("
+        UPDATE users_main
+        SET IP = '".Crypto::encrypt($NewIP)."', ipcc = '$ipcc'
+          WHERE ID = '$LoggedUser[ID]'");
+
+        $Cache->begin_transaction('user_info_heavy_'.$LoggedUser['ID']);
+        $Cache->update_row(false, array('IP' => Crypto::encrypt($_SERVER['REMOTE_ADDR'])));
+        $Cache->commit_transaction(0);
+    }
+
+    // Get stylesheets
+    $Stylesheets = $Cache->get_value('stylesheets');
+    if (!is_array($Stylesheets)) {
+        $DB->query('
+        SELECT
+          ID,
+          LOWER(REPLACE(Name, " ", "_")) AS Name,
+          Name AS ProperName,
+          LOWER(REPLACE(Additions, " ", "_")) AS Additions,
+          Additions AS ProperAdditions
+        FROM stylesheets');
+
+        $Stylesheets = $DB->to_array('ID', MYSQLI_BOTH);
+        $Cache->cache_value('stylesheets', $Stylesheets, 0);
+    }
+
+    // todo: Clean up this messy solution
+    $LoggedUser['StyleName'] = $Stylesheets[$LoggedUser['StyleID']]['Name'];
+    if (empty($LoggedUser['Username'])) {
+        logout(); // Ghost
+    }
+}
+
+G::initialize();
+$Debug->set_flag('end user handling');
+$Debug->set_flag('start function definitions');
+
+/**
+ * Log out the current session
+ */
+function logout()
+{
+    global $SessionID;
+    setcookie('session', '', time() - 60 * 60 * 24 * 365, '/', '', false);
+    setcookie('userid', '', time() - 60 * 60 * 24 * 365, '/', '', false);
+    setcookie('keeplogged', '', time() - 60 * 60 * 24 * 365, '/', '', false);
+
+    if ($SessionID) {
+        G::$DB->query("
+        DELETE FROM users_sessions
+          WHERE UserID = '" . G::$LoggedUser['ID'] . "'
+          AND SessionID = '".db_string($SessionID)."'");
+
+        G::$Cache->begin_transaction('users_sessions_' . G::$LoggedUser['ID']);
+        G::$Cache->delete_row($SessionID);
+        G::$Cache->commit_transaction(0);
+    }
+
+    G::$Cache->delete_value('user_info_' . G::$LoggedUser['ID']);
+    G::$Cache->delete_value('user_stats_' . G::$LoggedUser['ID']);
+    G::$Cache->delete_value('user_info_heavy_' . G::$LoggedUser['ID']);
+
+    header('Location: login.php');
+    error();
+}
+
+function logout_all_sessions()
+{
+    $UserID = G::$LoggedUser['ID'];
+
+    G::$DB->query("
+    DELETE FROM users_sessions
+      WHERE UserID = '$UserID'");
+
+    G::$Cache->delete_value('users_sessions_' . $UserID);
+    logout();
+}
+
+function enforce_login()
+{
+    global $SessionID;
+    if (!$SessionID || !G::$LoggedUser) {
+        setcookie('redirect', $_SERVER['REQUEST_URI'], time() + 60 * 30, '/', '', false);
+        logout();
+    }
+}
+
+/**
+ * Make sure $_GET['auth'] is the same as the user's authorization key
+ * Should be used for any user action that relies solely on GET.
+ *
+ * @param Are we using ajax?
+ * @return authorisation status. Prints an error message to DEBUG_CHAN on IRC on failure.
+ */
+function authorize($Ajax = false)
+{
+    # Ugly workaround for API tokens
+    if (!empty($_SERVER['HTTP_AUTHORIZATION']) && $Document === 'ajax') {
+        return true;
+    } else {
+        if (empty($_REQUEST['auth']) || $_REQUEST['auth'] !== G::$LoggedUser['AuthKey']) {
+            send_irc(DEBUG_CHAN, G::$LoggedUser['Username']." just failed authorize on ".$_SERVER['REQUEST_URI'].(!empty($_SERVER['HTTP_REFERER']) ? " coming from ".$_SERVER['HTTP_REFERER'] : ""));
+            error('Invalid authorization key. Go back, refresh, and try again.', $NoHTML = true);
+            return false;
+        }
+    }
+}
+
+$Debug->set_flag('ending function definitions');
+$Document = basename(parse_url($_SERVER['SCRIPT_FILENAME'], PHP_URL_PATH), '.php');
+
+if (!preg_match('/^[a-z0-9]+$/i', $Document)) {
+    error(404);
+}
+
+$StripPostKeys = array_fill_keys(array('password', 'cur_pass', 'new_pass_1', 'new_pass_2', 'verifypassword', 'confirm_password', 'ChangePassword', 'Password'), true);
+$Cache->cache_value('php_' . getmypid(), array(
+  'start' => sqltime(),
+  'document' => $Document,
+  'query' => $_SERVER['QUERY_STRING'],
+  'get' => $_GET,
+  'post' => array_diff_key($_POST, $StripPostKeys)), 600);
+
+// Locked account constant
+define('STAFF_LOCKED', 1);
+
+$AllowedPages = ['staffpm', 'ajax', 'locked', 'logout', 'login'];
+if (isset(G::$LoggedUser['LockedAccount']) && !in_array($Document, $AllowedPages)) {
+    require(SERVER_ROOT . '/sections/locked/index.php');
+} else {
+    require(SERVER_ROOT . '/sections/' . $Document . '/index.php');
+}
+
+$Debug->set_flag('completed module execution');
+
+/* Required in the absence of session_start() for providing that pages will change
+upon hit rather than being browser cached for changing content.
+
+Old versions of Internet Explorer choke when downloading binary files over HTTPS with disabled cache.
+Define the following constant in files that handle file downloads */
+if (!defined('SKIP_NO_CACHE_HEADERS')) {
+    header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
+    header('Pragma: no-cache');
+}
+
+// Flush to user
+ob_end_flush();
+
+$Debug->set_flag('set headers and send to user');
+
+// Attribute profiling
+$Debug->profile();

classes/security.class.php

@@ -0,0 +1,86 @@
+<?php
+declare(strict_types = 1);
+
+/**
+ * Security
+ *
+ * Designed to hold common authentication functions from various sources:
+ *  - classes/script_start.php
+ */
+
+class Security
+{
+    /**
+     * Setup pitfalls
+     *
+     * A series of quick sanity checks during app init.
+     * Previously in classes/script_start.php.
+     */
+    public function setupPitfalls()
+    {
+        # short_open_tag
+        if (!ini_get('short_open_tag')) {
+            error('short_open_tag != On in php.ini');
+        }
+
+        # apcu
+        if (!extension_loaded('apcu')) {
+            error('APCu extension not loaded');
+        }
+
+        # Deal with dumbasses
+        if (isset($_REQUEST['info_hash']) && isset($_REQUEST['peer_id'])) {
+            error(
+                'd14:failure reason40:Invalid .torrent, try downloading again.e',
+                $NoHTML = true,
+                $Debug = false
+            );
+        }
+
+        return;
+    }
+
+    /**
+     * UserID checks
+     *
+     * @param array $Permissions Permission string
+     * @param int $UserID Defaults to $_GET['userid'] if none supplied.
+     * @return int $UserID The working $UserID.
+     */
+    public function checkUser($Permissions = [], $UserID = null)
+    {
+        /*
+        if (!$UserID) {
+            error('$UserID is required.');
+        }
+        */
+
+        # No Gazelle args passed
+        if ($_GET['userid'] && empty($UserID)) {
+            $UserID = $_GET['userid'];
+        } else {
+            $UserID = G::$LoggedUser['ID'];
+        }
+
+        # NaN
+        if (!is_int($UserID) && not_null($UserID)) {
+            error('$UserID must be an integer.');
+        }
+
+        # $Permissions: string fallback as in View::show_header()
+        if (is_string($Permissions) && !empty($Permissions)) {
+            $Permissions = explode(',', $Permissions);
+        }
+
+        # Check each permission and error out if necessary
+        foreach ($Permissions as $Permission) {
+            if (!check_perms($Permissions)) {
+                error(403);
+                break;
+            }
+        }
+
+        # If all tests pass
+        return (int) $UserID;
+    }
+}

classes/sitehistory.class.php

@@ -0,0 +1,304 @@
+<?php
+
+class SiteHistory
+{
+    private static $Categories = array(1 => "Code", "Event", "Milestone", "Policy", "Release", "Staff Change");
+    private static $SubCategories = array(1 => "Announcement", "Blog Post", "Forum Post", "Wiki", "Other", "External Source");
+    private static $Tags = array(
+        "api",
+        "celebration",
+        "class.primary",
+        "class.secondary",
+        "collage",
+        "community",
+        "conclusion",
+        "contest",
+        "design",
+        "donate",
+        "editing",
+        "editorial",
+        "feature",
+        "featured.article",
+        "featured.album",
+        "featured.product",
+        "finances",
+        "format",
+        "forum",
+        "freeleech",
+        "freeleech.tokens",
+        "gazelle",
+        "hierarchy",
+        "inbox",
+        "infrastructure",
+        "interview",
+        "irc",
+        "log",
+        "neutral.leech",
+        "notifications",
+        "ocelot",
+        "paranoia",
+        "picks.guest",
+        "picks.staff",
+        "promotion",
+        "ratio",
+        "record",
+        "report",
+        "request",
+        "requirement",
+        "retirement",
+        "rippy",
+        "search",
+        "settings",
+        "start",
+        "stats",
+        "store",
+        "stylesheet",
+        "tagging",
+        "transcode",
+        "toolbox",
+        "top.10",
+        "torrent",
+        "torrent.group",
+        "upload",
+        "vanity.house",
+        "voting",
+        "whitelist",
+        "wiki"
+    );
+
+    public static function get_months()
+    {
+        $Results = G::$Cache->get_value("site_history_months");
+        if (!$Results) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT DISTINCT
+              YEAR(DATE) AS Year, MONTH(Date) AS Month, MONTHNAME(Date) AS MonthName
+            FROM site_history
+              ORDER BY Date DESC");
+
+            $Results = G::$DB->to_array();
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value("site_history_months", $Results, 0);
+        }
+        return $Results;
+    }
+
+    public static function get_event($ID)
+    {
+        if (!empty($ID)) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT
+              ID, Title, Url, Category, SubCategory, Tags, Body, AddedBy, Date
+            FROM site_history
+              WHERE ID = '$ID'
+              ORDER BY Date DESC");
+
+            $Event = G::$DB->next_record();
+            G::$DB->set_query_id($QueryID);
+            return $Event;
+        }
+    }
+
+    public static function get_latest_events($Limit)
+    {
+        self::get_events(null, null, null, null, null, null, $Limit);
+    }
+
+    public static function get_events($Month, $Year, $Title, $Category, $SubCategory, $Tags, $Limit)
+    {
+        $Month = (int)$Month;
+        $Year = (int)$Year;
+        $Title = db_string($Title);
+        $Category = (int)$Category;
+        $SubCategory = (int)$SubCategory;
+        $Tags = db_string($Tags);
+        $Limit = (int)$Limit;
+        $Where = [];
+
+        if (!empty($Month)) {
+            $Where[] = " MONTH(Date) = '$Month' ";
+        }
+
+        if (!empty($Year)) {
+            $Where[] = " YEAR(Date) = '$Year' ";
+        }
+
+        if (!empty($Title)) {
+            $Where[] = " Title LIKE '%$Title%' ";
+        }
+
+        if (!empty($Category)) {
+            $Where[] = " Category = '$Category '";
+        }
+
+        if (!empty($SubCategory)) {
+            $Where[] = " SubCategory = '$SubCategory '";
+        }
+
+        if (!empty($Tags)) {
+            $Tags = explode(',', $Tags);
+            $Or = '(';
+
+            foreach ($Tags as $Tag) {
+                $Tag = trim($Tag);
+                $Or .= " Tags LIKE '%$Tag%' OR ";
+            }
+
+            if (strlen($Or) > 1) {
+                $Or = rtrim($Or, 'OR ');
+                $Or .= ')';
+                $Where[] = $Or;
+            }
+        }
+
+        if (!empty($Limit)) {
+            $Limit = " LIMIT $Limit";
+        } else {
+            $Limit = '';
+        }
+
+        if (count($Where) > 0) {
+            $Query = ' WHERE ' . implode('AND', $Where);
+        } else {
+            $Query = '';
+        }
+
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT
+          ID, Title, Url, Category, SubCategory, Tags, Body, AddedBy, Date
+        FROM site_history
+          $Query
+          ORDER BY Date DESC
+          $Limit");
+
+        $Events = G::$DB->to_array();
+        G::$DB->set_query_id($QueryID);
+        return $Events;
+    }
+
+    public static function add_event($Date, $Title, $Link, $Category, $SubCategory, $Tags, $Body, $UserID)
+    {
+        if (empty($Date)) {
+            $Date = sqltime();
+        } else {
+            list($Y, $M, $D) = explode('-', $Date);
+            if (!checkdate($M, $D, $Y)) {
+                error("Error");
+            }
+        }
+
+        $Title = db_string($Title);
+        $Link = db_string($Link);
+        $Category = (int)$Category;
+        $SubCategory = (int)$SubCategory;
+        $Tags = db_string(strtolower((preg_replace('/\s+/', '', $Tags))));
+        $ExplodedTags = explode(',', $Tags);
+
+        foreach ($ExplodedTags as $Tag) {
+            if (!in_array($Tag, self::get_tags())) {
+                error("Invalid tag");
+            }
+        }
+
+        $Body = db_string($Body);
+        $UserID = (int)$UserID;
+
+        if (empty($Title) || empty($Category) || empty($SubCategory)) {
+            error("Error");
+        }
+
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        INSERT INTO site_history
+          (Title, Url, Category, SubCategory, Tags, Body, AddedBy, Date)
+        VALUES
+          ('$Title', '$Link', '$Category', '$SubCategory', '$Tags', '$Body', '$UserID', '$Date')");
+
+        G::$DB->set_query_id($QueryID);
+        G::$Cache->delete_value("site_history_months");
+    }
+
+    public static function update_event($ID, $Date, $Title, $Link, $Category, $SubCategory, $Tags, $Body, $UserID)
+    {
+        if (empty($Date)) {
+            $Date = sqltime();
+        } else {
+            $Date = db_string($Date);
+            list($Y, $M, $D) = explode('-', $Date);
+            if (!checkdate($M, $D, $Y)) {
+                error("Error");
+            }
+        }
+
+        $ID = (int)$ID;
+        $Title = db_string($Title);
+        $Link = db_string($Link);
+        $Category = (int)$Category;
+        $SubCategory = (int)$SubCategory;
+        $Tags = db_string(strtolower((preg_replace('/\s+/', '', $Tags))));
+        $ExplodedTags = explode(",", $Tags);
+
+        foreach ($ExplodedTags as $Tag) {
+            if (!in_array($Tag, self::get_tags())) {
+                error("Invalid tag");
+            }
+        }
+
+        $Body = db_string($Body);
+        $UserID = (int)$UserID;
+
+        if (empty($ID) || empty($Title) || empty($Category) || empty($SubCategory)) {
+            error("Error");
+        }
+
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        UPDATE site_history
+        SET
+          Title = '$Title',
+          Url = '$Link',
+          Category = '$Category',
+          SubCategory = '$SubCategory',
+          Tags = '$Tags',
+          Body = '$Body',
+          AddedBy = '$UserID',
+          Date = '$Date'
+        WHERE ID = '$ID'");
+
+        G::$DB->set_query_id($QueryID);
+        G::$Cache->delete_value("site_history_months");
+    }
+
+    public static function delete_event($ID)
+    {
+        if (!is_numeric($ID)) {
+            error(404);
+        }
+
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        DELETE FROM site_history
+          WHERE ID = '$ID'");
+          
+        G::$DB->set_query_id($QueryID);
+        G::$Cache->delete_value("site_history_months");
+    }
+
+    public static function get_categories()
+    {
+        return self::$Categories;
+    }
+
+    public static function get_sub_categories()
+    {
+        return self::$SubCategories;
+    }
+
+    public static function get_tags()
+    {
+        return self::$Tags;
+    }
+}

classes/sitehistoryview.class.php

@@ -0,0 +1,236 @@
+<?php
+
+class SiteHistoryView
+{
+    public static function render_linkbox()
+    {
+        if (check_perms('users_mod')
+      ) {
+            ?>
+<div class="linkbox">
+  <a href="sitehistory.php?action=edit" class="brackets">Create new event</a>
+</div>
+<?php
+        }
+    }
+
+    public static function render_events($Events)
+    {
+        $Categories = SiteHistory::get_categories();
+        $SubCategories = SiteHistory::get_sub_categories();
+        $CanEdit = check_perms('users_mod') ;
+        foreach ($Events as $Event) {
+            ?>
+<div class="box">
+  <div class="head colhead_dark">
+    <div class="title">
+      <?php if ($CanEdit) { ?>
+      <a class="brackets"
+        href="sitehistory.php?action=edit&amp;id=<?=$Event['ID']?>">Edit</a>
+      <?php } ?>
+
+      <?=date('F d, Y', strtotime($Event['Date'])); ?>
+      -
+      <a href="sitehistory.php?action=search&amp;category=<?=$Event['Category']?>"
+        class="brackets"><?=$Categories[$Event['Category']]?></a>
+      <a href="sitehistory.php?action=search&amp;subcategory=<?=$Event['SubCategory']?>"
+        class="brackets"><?=$SubCategories[$Event['SubCategory']]?></a>
+
+      <?php if (!empty($Event['Url'])) { ?>
+      <a href="<?=$Event['Url']?>"><?=$Event['Title']?></a>
+      <?php } else { ?>
+      <?=$Event['Title']?>
+      <?php } ?>
+    </div>
+    <div class="tags">
+      <?php self::render_tags($Event['Tags'])?>
+    </div>
+  </div>
+  <?php if (!empty($Event['Body'])) { ?>
+  <div class="body">
+    <?=Text::full_format($Event['Body'])?>
+  </div>
+  <?php } ?>
+</div>
+<?php
+        }
+    }
+
+    private static function render_tags($Tags)
+    {
+        $Tags = explode(',', $Tags);
+        natcasesort($Tags);
+        $FormattedTags = '';
+        foreach ($Tags as $Tag) {
+            $FormattedTags .= "<a href=\"sitehistory.php?action=search&amp;tags=$Tag\">$Tag" . "</a>, ";
+        }
+        echo rtrim($FormattedTags, ', ');
+    }
+
+    public static function render_search() { ?>
+<div class="box">
+  <div class="head">Search</div>
+  <div class="pad">
+    <form class="search_form" action="sitehistory.php" method="get">
+      <input type="hidden" name="action" value="search" />
+      <input type="text" id="title" name="title" size="20" placeholder="Title" />
+      <br /><br />
+      <input type="text" id="tags" name="tags" size="20" placeholder="Comma-separated tags" />
+      <br /><br />
+      <select name="category" id="category">
+        <option value="0">Choose a category</option>
+        <?php
+      $Categories = SiteHistory::get_categories();
+      foreach ($Categories as $Key => $Value) {
+          ?>
+        <option<?=$Key == $Event['Category'] ? ' selected="selected"' : ''?>
+          value="<?=$Key?>"><?=$Value?>
+          </option>
+          <?php
+      } ?>
+      </select>
+      <br /><br />
+      <select name="subcategory">
+        <option value="0">Choose a subcategory</option>
+        <?php
+      $SubCategories = SiteHistory::get_sub_categories();
+      foreach ($SubCategories as $Key => $Value) {
+          ?>
+        <option<?=$Key == $Event['SubCategory'] ? ' selected="selected"' : ''?>
+          value="<?=$Key?>"><?=$Value?>
+          </option>
+          <?php
+      } ?>
+      </select>
+      <br /><br />
+      <input value="Search" type="submit" />
+    </form>
+  </div>
+</div>
+<?php }
+
+    public static function render_edit_form($Event) { ?>
+<form id="event_form" method="post" action="">
+  <?php if ($Event) { ?>
+  <input type="hidden" name="action" value="take_edit" />
+  <input type="hidden" name="id"
+    value="<?=$Event['ID']?>" />
+  <?php } else { ?>
+  <input type="hidden" name="action" value="take_create" />
+  <?php } ?>
+  <input type="hidden" name="auth"
+    value="<?=G::$LoggedUser['AuthKey']?>" />
+  <table cellpadding="6" cellspacing="1" border="0" class="layout border" width="100%">
+    <tr>
+      <td class="label">Title:</td>
+      <td>
+        <input type="text" id="title" name="title" size="50" class="required"
+          value="<?=$Event['Title']?>" />
+      </td>
+    </tr>
+    <tr>
+      <td class="label">Link:</td>
+      <td>
+        <input type="text" id="url" name="url" size="50"
+          value="<?=$Event['Url']?>" />
+      </td>
+    </tr>
+    <tr>
+      <td class="label">Date:</td>
+      <td>
+        <input type="date" id="date" name="date" class="required" <?=$Event ? ' value="' . date('Y-m-d', strtotime($Event['Date'])) . '"' : ''?>
+        />
+      </td>
+    </tr>
+    <tr>
+      <td class="label">Category:</td>
+      <td>
+        <select id="category" name="category" class="required">
+          <option value="0">Choose a category</option>
+          <?php
+    $Categories = SiteHistory::get_categories();
+    foreach ($Categories as $Key => $Value) {
+        ?>
+          <option<?=$Key == $Event['Category'] ? ' selected="selected"' : ''?>
+            value="<?=$Key?>"><?=$Value?>
+            </option>
+            <?php
+    } ?>
+        </select>
+      </td>
+    </tr>
+    <tr>
+      <td class="label">Subcategory:</td>
+      <td>
+        <select id="category" name="sub_category" class="required">
+          <option value="0">Choose a subcategory</option>
+          <?php $SubCategories = SiteHistory::get_sub_categories();
+    foreach ($SubCategories as $Key => $Value) { ?>
+          <option<?=$Key == $Event['SubCategory'] ? ' selected="selected"' : ''?>
+            value="<?=$Key?>"><?=$Value?>
+            </option>
+            <?php } ?>
+        </select>
+      </td>
+    </tr>
+    <tr>
+      <td class="label">Tags:</td>
+      <td>
+        <input type="text" id="tags" name="tags" placeholder="Comma-separated tags; use periods/dots for spaces"
+          size="50"
+          value="<?=$Event['Tags']?>" />
+        <select id="tag_list">
+          <option>Choose tags</option>
+          <?php
+    $Tags = SiteHistory::get_tags();
+    foreach ($Tags as $Tag) {
+        ?>
+          <option><?=$Tag?>
+          </option>
+          <?php
+    } ?>
+        </select>
+      </td>
+    </tr>
+    <tr>
+      <td class="label">Body:</td>
+      <td>
+        <textarea id="body" name="body" cols="90" rows="8" tabindex="1"
+          onkeyup="resize('body');"><?=$Event['Body']?></textarea>
+      </td>
+    </tr>
+  </table>
+  <input type="submit" name="submit" value="Submit" />
+  <?php if ($Event) { ?>
+  <input type="submit" name="delete" value="Delete" />
+  <?php } ?>
+</form>
+<?php
+  }
+
+    public static function render_recent_sidebar($Events) { ?>
+<div class="box">
+  <div class="head colhead_dark">
+    <strong><a href="sitehistory.php">Latest site history</a></strong>
+  </div>
+  <ul class="stats nobullet">
+    <?php
+    $Categories = SiteHistory::get_categories();
+    foreach ($Events as $Event) {
+        ?>
+    <li>
+      <a href="sitehistory.php?action=search&amp;category=<?=$Event['Category']?>"
+        class="brackets"><?=$Categories[$Event['Category']]?></a>
+      <?php if (!empty($Event['Url'])) { ?>
+      <a href="<?=$Event['Url']?>"><?=Format::cut_string($Event['Title'], 20)?></a>
+      <?php } else { ?>
+      <?=Format::cut_string($Event['Title'], 20)?>
+      <?php } ?>
+    </li>
+    <?php
+    } ?>
+  </ul>
+</div>
+<?php
+  }
+}

classes/slaves.class.php

@@ -0,0 +1,16 @@
+<?php
+
+class Slaves
+{
+    public static function get_level($SlaveID)
+    {
+        G::$DB->query("
+        SELECT u.Uploaded, u.Downloaded, u.BonusPoints, COUNT(t.UserID)
+        FROM users_main AS u
+          LEFT JOIN torrents AS t ON u.ID=t.UserID
+          WHERE u.ID = $SlaveID");
+          
+        list($Upload, $Download, $Points, $Uploads) = G::$DB->next_record();
+        return intval(((($Uploads**0.35)*1.5)+1) * max(($Upload+($Points*1000000)-$Download)/(1024**3), 1));
+    }
+};

classes/sphinxql.class.php

@@ -0,0 +1,162 @@
+<?php
+
+if (!extension_loaded('mysqli')) {
+    error('Mysqli Extension not loaded.');
+}
+
+class Sphinxql extends mysqli
+{
+    private static $Connections = [];
+    private $Server;
+    private $Port;
+    private $Socket;
+    private $Ident;
+    private $Connected = false;
+
+    public static $Queries = [];
+    public static $Time = 0.0;
+
+    /**
+     * Initialize Sphinxql object
+     *
+     * @param string $Server server address or hostname
+     * @param int $Port listening port
+     * @param string $Socket Unix socket address, overrides $Server:$Port
+     */
+    public function __construct($Server, $Port, $Socket)
+    {
+        $this->Server = $Server;
+        $this->Port = $Port;
+        $this->Socket = $Socket;
+        $this->Ident = self::get_ident($Server, $Port, $Socket);
+    }
+
+    /**
+     * Create server ident based on connection information
+     *
+     * @param string $Server server address or hostname
+     * @param int $Port listening port
+     * @param string $Socket Unix socket address, overrides $Server:$Port
+     * @return identification string
+     */
+    private static function get_ident($Server, $Port, $Socket)
+    {
+        if ($Socket) {
+            return $Socket;
+        } else {
+            return "$Server:$Port";
+        }
+    }
+
+    /**
+     * Create Sphinxql object or return existing one
+     *
+     * @param string $Server server address or hostname
+     * @param int $Port listening port
+     * @param string $Socket Unix socket address, overrides $Server:$Port
+     * @return Sphinxql object
+     */
+    public static function init_connection($Server, $Port, $Socket)
+    {
+        $Ident = self::get_ident($Server, $Port, $Socket);
+        if (!isset(self::$Connections[$Ident])) {
+            self::$Connections[$Ident] = new Sphinxql($Server, $Port, $Socket);
+        }
+        return self::$Connections[$Ident];
+    }
+
+    /**
+     * Connect the Sphinxql object to the Sphinx server
+     */
+    public function sph_connect()
+    {
+        if ($this->Connected || $this->connect_errno) {
+            return;
+        }
+
+        global $Debug;
+        $Debug->set_flag("Connecting to Sphinx server $this->Ident");
+
+        for ($Attempt = 0; $Attempt < 3; $Attempt++) {
+            parent::__construct($this->Server, '', '', '', $this->Port, $this->Socket);
+            if (!$this->connect_errno) {
+                $this->Connected = true;
+                break;
+            }
+            sleep(1);
+        }
+
+        if ($this->connect_errno) {
+            $Errno = $this->connect_errno;
+            $Error = $this->connect_error;
+            $this->error("Connection failed. (".strval($Errno).": ".strval($Error).")");
+            $Debug->set_flag("Could not connect to Sphinx server $this->Ident. (".strval($Errno).": ".strval($Error).")");
+        } else {
+            $Debug->set_flag("Connected to Sphinx server $this->Ident");
+        }
+    }
+
+    /**
+     * Print a message to privileged users and optionally halt page processing
+     *
+     * @param string $Msg message to display
+     * @param bool $Halt halt page processing. Default is to continue processing the page
+     * @return Sphinxql object
+     */
+    public function error($Msg, $Halt = false)
+    {
+        global $Debug;
+        $ErrorMsg = 'SphinxQL ('.$this->Ident.'): '.strval($Msg);
+        $Debug->analysis('SphinxQL Error', $ErrorMsg, 3600*24);
+
+        if ($Halt === true && (DEBUG_MODE || check_perms('site_debug'))) {
+            echo '<pre>'.display_str($ErrorMsg).'</pre>';
+            error();
+        } elseif ($Halt === true) {
+            error(-1);
+        }
+    }
+
+    /**
+     * Escape special characters before sending them to the Sphinx server.
+     * Two escapes needed because the first one is eaten up by the mysql driver.
+     *
+     * @param string $String string to escape
+     * @return escaped string
+     */
+    public static function sph_escape_string($String)
+    {
+        return strtr(
+            strtolower($String),
+            array(
+            '('=>'\\\\(',
+            ')'=>'\\\\)',
+            '|'=>'\\\\|',
+            '-'=>'\\\\-',
+            '@'=>'\\\\@',
+            '~'=>'\\\\~',
+            '&'=>'\\\\&',
+            '\''=>'\\\'',
+            '<'=>'\\\\<',
+            '!'=>'\\\\!',
+            '"'=>'\\\\"',
+            '/'=>'\\\\/',
+            '*'=>'\\\\*',
+            '$'=>'\\\\$',
+            '^'=>'\\\\^',
+            '\\'=>'\\\\\\\\')
+        );
+    }
+
+    /**
+     * Register sent queries globally for later retrieval by debug functions
+     *
+     * @param string $QueryString query text
+     * @param param $QueryProcessTime time building and processing the query
+     */
+    public static function register_query($QueryString, $QueryProcessTime)
+    {
+        self::$Queries[] = array($QueryString, $QueryProcessTime);
+        self::$Time += $QueryProcessTime;
+    }
+}

classes/sphinxqlquery.class.php

@@ -0,0 +1,410 @@
+<?php
+
+class SphinxqlQuery
+{
+    private $Sphinxql;
+    private $Errors;
+    private $Expressions;
+    private $Filters;
+    private $GroupBy;
+    private $Indexes;
+    private $Limits;
+    private $Options;
+    private $QueryString;
+    private $Select;
+    private $SortBy;
+    private $SortGroupBy;
+
+    /**
+     * Initialize Sphinxql object
+     *
+     * @param string $Server server address or hostname
+     * @param int $Port listening port
+     * @param string $Socket Unix socket address, overrides $Server:$Port
+     */
+    public function __construct($Server = SPHINXQL_HOST, $Port = SPHINXQL_PORT, $Socket = SPHINXQL_SOCK)
+    {
+        $this->Sphinxql = Sphinxql::init_connection($Server, $Port, $Socket);
+        $this->reset();
+    }
+
+    /**
+     * Specify what data the Sphinx query is supposed to return
+     *
+     * @param string $Fields Attributes and expressions
+     * @return current Sphinxql query object
+     */
+    public function select($Fields)
+    {
+        $this->Select = $Fields;
+        return $this;
+    }
+
+    /**
+     * Specify the indexes to use in the search
+     *
+     * @param string $Indexes comma-separated list of indexes
+     * @return current Sphinxql query object
+     */
+    public function from($Indexes)
+    {
+        $this->Indexes = $Indexes;
+        return $this;
+    }
+
+    /**
+     * Add attribute filter. Calling multiple filter functions results in boolean AND between each condition.
+     *
+     * @param string $Attribute attribute which the filter will apply to
+     * @param mixed $Values scalar or array of numerical values. Array uses boolean OR in query condition
+     * @param bool $Exclude whether to exclude or include matching documents. Default mode is to include matches
+     * @return current Sphinxql query object
+     */
+    public function where($Attribute, $Values, $Exclude = false)
+    {
+        if (empty($Attribute) || !isset($Values)) {
+            $this->error("Attribute name and filter value are required.");
+            return $this;
+        }
+        $Filters = [];
+        if (is_array($Values)) {
+            foreach ($Values as $Value) {
+                if (!is_number($Value)) {
+                    $this->error("Filters only support numeric values.");
+                    return $this;
+                }
+            }
+            if ($Exclude) {
+                $Filters[] = "$Attribute NOT IN (".implode(",", $Values).")";
+            } else {
+                $Filters[] = "$Attribute IN (".implode(",", $Values).")";
+            }
+        } else {
+            if (!is_number($Values)) {
+                $this->error("Filters only support numeric values.");
+                return $this;
+            }
+            if ($Exclude) {
+                $Filters[] = "$Attribute != $Values";
+            } else {
+                $Filters[] = "$Attribute = $Values";
+            }
+        }
+        $this->Filters[] = implode(" AND ", $Filters);
+        return $this;
+    }
+
+    /**
+     * Add attribute less-than filter. Calling multiple filter functions results in boolean AND between each condition.
+     *
+     * @param string $Attribute attribute which the filter will apply to
+     * @param array $Value upper limit for matches
+     * @param bool $Inclusive whether to use <= or <
+     * @return current Sphinxql query object
+     */
+    public function where_lt($Attribute, $Value, $Inclusive = false)
+    {
+        if (empty($Attribute) || !isset($Value) || !is_number($Value)) {
+            $this->error("Attribute name is required and only numeric filters are supported.");
+            return $this;
+        }
+        $this->Filters[] = $Inclusive ? "$Attribute <= $Value" : "$Attribute < $Value";
+        return $this;
+    }
+
+    /**
+     * Add attribute greater-than filter. Calling multiple filter functions results in boolean AND between each condition.
+     *
+     * @param string $Attribute attribute which the filter will apply to
+     * @param array $Value lower limit for matches
+     * @param bool $Inclusive whether to use >= or >
+     * @return current Sphinxql query object
+     */
+    public function where_gt($Attribute, $Value, $Inclusive = false)
+    {
+        if (empty($Attribute) || !isset($Value) || !is_number($Value)) {
+            $this->error("Attribute name is required and only numeric filters are supported.");
+            return $this;
+        }
+        $this->Filters[] = $Inclusive ? "$Attribute >= $Value" : "$Attribute > $Value";
+        return $this;
+    }
+
+    /**
+     * Add attribute range filter. Calling multiple filter functions results in boolean AND between each condition.
+     *
+     * @param string $Attribute attribute which the filter will apply to
+     * @param array $Values pair of numerical values that defines the filter range
+     * @return current Sphinxql query object
+     */
+    public function where_between($Attribute, $Values)
+    {
+        if (empty($Attribute) || empty($Values) || count($Values) != 2 || !is_number($Values[0]) || !is_number($Values[1])) {
+            $this->error("Filter range requires array of two numerical boundaries as values.");
+            return $this;
+        }
+        $this->Filters[] = "$Attribute BETWEEN $Values[0] AND $Values[1]";
+        return $this;
+    }
+
+    /**
+     * Add fulltext query expression. Calling multiple filter functions results in boolean AND between each condition.
+     * Query expression is escaped automatically
+     *
+     * @param string $Expr query expression
+     * @param string $Field field to match $Expr against. Default is *, which means all available fields
+     * @return current Sphinxql query object
+     */
+    public function where_match($Expr, $Field = '*', $Escape = true)
+    {
+        if (empty($Expr)) {
+            return $this;
+        }
+        if ($Field !== false) {
+            $Field = "@$Field ";
+        }
+        if ($Escape === true) {
+            $this->Expressions[] = "$Field".Sphinxql::sph_escape_string($Expr);
+        } else {
+            $this->Expressions[] = $Field.$Expr;
+        }
+        return $this;
+    }
+
+    /**
+     * Specify the order of the matches. Calling this function multiple times sets secondary priorities
+     *
+     * @param string $Attribute attribute to use for sorting.
+     *     Passing an empty attribute value will clear the current sort settings
+     * @param string $Mode sort method to apply to the selected attribute
+     * @return current Sphinxql query object
+     */
+    public function order_by($Attribute = false, $Mode = false)
+    {
+        if (empty($Attribute)) {
+            $this->SortBy = [];
+        } else {
+            $this->SortBy[] = "$Attribute $Mode";
+        }
+        return $this;
+    }
+
+    /**
+     * Specify how the results are grouped
+     *
+     * @param string $Attribute group matches with the same $Attribute value.
+     *     Passing an empty attribute value will clear the current group settings
+     * @return current Sphinxql query object
+     */
+    public function group_by($Attribute = false)
+    {
+        if (empty($Attribute)) {
+            $this->GroupBy = '';
+        } else {
+            $this->GroupBy = $Attribute;
+        }
+        return $this;
+    }
+
+    /**
+     * Specify the order of the results within groups
+     *
+     * @param string $Attribute attribute to use for sorting.
+     *     Passing an empty attribute will clear the current group sort settings
+     * @param string $Mode sort method to apply to the selected attribute
+     * @return current Sphinxql query object
+     */
+    public function order_group_by($Attribute = false, $Mode = false)
+    {
+        if (empty($Attribute)) {
+            $this->SortGroupBy = '';
+        } else {
+            $this->SortGroupBy = "$Attribute $Mode";
+        }
+        return $this;
+    }
+
+    /**
+     * Specify the offset and amount of matches to return
+     *
+     * @param int $Offset number of matches to discard
+     * @param int $Limit number of matches to return
+     * @param int $MaxMatches number of results to store in the Sphinx server's memory. Must be >= ($Offset+$Limit)
+     * @return current Sphinxql query object
+     */
+    public function limit($Offset, $Limit, $MaxMatches = SPHINX_MAX_MATCHES)
+    {
+        $this->Limits = "$Offset, $Limit";
+        $this->set('max_matches', $MaxMatches);
+        return $this;
+    }
+
+    /**
+     * Tweak the settings to use for the query. Sanity checking shouldn't be needed as Sphinx already does it
+     *
+     * @param string $Name setting name
+     * @param mixed $Value value
+     * @return current Sphinxql query object
+     */
+    public function set($Name, $Value)
+    {
+        $this->Options[$Name] = $Value;
+        return $this;
+    }
+
+    /**
+     * Combine the query options into a valid Sphinx query segment
+     *
+     * @return string of options
+     */
+    private function build_options()
+    {
+        $Options = [];
+        foreach ($this->Options as $Option => $Value) {
+            $Options[] = "$Option = $Value";
+        }
+        return implode(', ', $Options);
+    }
+
+    /**
+     * Combine the query conditions into a valid Sphinx query segment
+     */
+    private function build_query()
+    {
+        if (!$this->Indexes) {
+            $this->error('Index name is required.');
+            return false;
+        }
+        $this->QueryString = "SELECT $this->Select\nFROM $this->Indexes";
+        if (!empty($this->Expressions)) {
+            $this->Filters['expr'] = "MATCH('".implode(' ', $this->Expressions)."')";
+        }
+        if (!empty($this->Filters)) {
+            $this->QueryString .= "\nWHERE ".implode("\n\tAND ", $this->Filters);
+        }
+        if (!empty($this->GroupBy)) {
+            $this->QueryString .= "\nGROUP BY $this->GroupBy";
+        }
+        if (!empty($this->SortGroupBy)) {
+            $this->QueryString .= "\nWITHIN GROUP ORDER BY $this->SortGroupBy";
+        }
+        if (!empty($this->SortBy)) {
+            $this->QueryString .= "\nORDER BY ".implode(", ", $this->SortBy);
+        }
+        if (!empty($this->Limits)) {
+            $this->QueryString .= "\nLIMIT $this->Limits";
+        }
+        if (!empty($this->Options)) {
+            $Options = $this->build_options();
+            $this->QueryString .= "\nOPTION $Options";
+        }
+    }
+
+    /**
+     * Construct and send the query. Register the query in the global Sphinxql object
+     *
+     * @param bool GetMeta whether to fetch meta data for the executed query. Default is yes
+     * @return Sphinxql result object
+     */
+    public function query($GetMeta = true)
+    {
+        $QueryStartTime = microtime(true);
+        $this->build_query();
+        if (count($this->Errors) > 0) {
+            $ErrorMsg = implode("\n", $this->Errors);
+            $this->Sphinxql->error("Query builder found errors:\n$ErrorMsg");
+            return new SphinxqlResult(null, null, 1, $ErrorMsg);
+        }
+        $QueryString = $this->QueryString;
+        $Result = $this->send_query($GetMeta);
+        $QueryProcessTime = (microtime(true) - $QueryStartTime)*1000;
+        Sphinxql::register_query($QueryString, $QueryProcessTime);
+        return $Result;
+    }
+
+    /**
+     * Run a manually constructed query
+     *
+     * @param string Query query expression
+     * @param bool GetMeta whether to fetch meta data for the executed query. Default is yes
+     * @return Sphinxql result object
+     */
+    public function raw_query($Query, $GetMeta = true)
+    {
+        $this->QueryString = $Query;
+        return $this->send_query($GetMeta);
+    }
+
+    /**
+     * Run a pre-processed query. Only used internally
+     *
+     * @param bool GetMeta whether to fetch meta data for the executed query
+     * @return Sphinxql result object
+     */
+    private function send_query($GetMeta)
+    {
+        if (!$this->QueryString) {
+            return false;
+        }
+        $this->Sphinxql->sph_connect();
+        $Result = $this->Sphinxql->query($this->QueryString);
+        if ($Result === false) {
+            $Errno = $this->Sphinxql->errno;
+            $Error = $this->Sphinxql->error;
+            $this->Sphinxql->error("Query returned error $Errno ($Error).\n$this->QueryString");
+            $Meta = null;
+        } else {
+            $Errno = 0;
+            $Error = '';
+            $Meta = $GetMeta ? $this->get_meta() : null;
+        }
+        return new SphinxqlResult($Result, $Meta, $Errno, $Error);
+    }
+
+    /**
+     * Reset all query options and conditions
+     */
+    public function reset()
+    {
+        $this->Errors = [];
+        $this->Expressions = [];
+        $this->Filters = [];
+        $this->GroupBy = '';
+        $this->Indexes = '';
+        $this->Limits = [];
+        $this->Options = array('ranker' => 'none');
+        $this->QueryString = '';
+        $this->Select = '*';
+        $this->SortBy = [];
+        $this->SortGroupBy = '';
+    }
+
+    /**
+     * Fetch and store meta data for the last executed query
+     *
+     * @return meta data
+     */
+    private function get_meta()
+    {
+        return $this->raw_query("SHOW META", false)->to_pair(0, 1);
+    }
+
+    /**
+     * Copy attribute filters from another SphinxqlQuery object
+     *
+     * @param SphinxqlQuery $SphQLSource object to copy the filters from
+     * @return current SphinxqlQuery object
+     */
+    public function copy_attributes_from($SphQLSource)
+    {
+        $this->Filters = $SphQLSource->Filters;
+    }
+
+    /**
+     * Store error messages
+     */
+    private function error($Msg)
+    {
+        $this->Errors[] = $Msg;
+    }
+}

classes/sphinxqlresult.class.php

@@ -0,0 +1,156 @@
+<?php
+
+class SphinxqlResult
+{
+    private $Result;
+    private $Meta;
+    public $Errno;
+    public $Error;
+
+    /**
+     * Create Sphinxql result object
+     *
+     * @param mysqli_result $Result query results
+     * @param array $Meta meta data for the query
+     * @param int $Errno error code returned by the query upon failure
+     * @param string $Error error message returned by the query upon failure
+     */
+    public function __construct($Result, $Meta, $Errno, $Error)
+    {
+        $this->Result = $Result;
+        $this->Meta = $Meta;
+        $this->Errno = $Errno;
+        $this->Error = $Error;
+    }
+
+    /**
+     * Redirect to the Mysqli result object if a nonexistent method is called
+     *
+     * @param string $Name method name
+     * @param array $Arguments arguments used in the function call
+     * @return whatever the parent function returns
+     */
+    public function __call($Name, $Arguments)
+    {
+        return call_user_func_array(array($this->Result, $Name), $Arguments);
+    }
+
+    /**
+     * Did the query find anything?
+     *
+     * @return bool results were found
+     */
+    public function has_results()
+    {
+        return $this->get_meta('total') > 0;
+    }
+
+    /**
+     * Collect and return the specified key of all results as a list
+     *
+     * @param string $Key key containing the desired data
+     * @return array with the $Key value of all results
+     */
+    public function collect($Key)
+    {
+        $Return = [];
+        while ($Row = $this->fetch_array()) {
+            $Return[] = $Row[$Key];
+        }
+
+        $this->data_seek(0);
+        return $Return;
+    }
+
+    /**
+     * Collect and return all available data for the matches optionally indexed by a specified key
+     *
+     * @param string $Key key to use as indexing value
+     * @param string $ResultType method to use when fetching data from the mysqli_result object. Default is MYSQLI_ASSOC
+     * @return array with all available data for the matches
+     */
+    public function to_array($Key, $ResultType = MYSQLI_ASSOC)
+    {
+        $Return = [];
+        while ($Row = $this->fetch_array($ResultType)) {
+            if ($Key !== false) {
+                $Return[$Row[$Key]] = $Row;
+            } else {
+                $Return[] = $Row;
+            }
+        }
+
+        $this->data_seek(0);
+        return $Return;
+    }
+
+    /**
+     * Collect pairs of keys for all matches
+     *
+     * @param string $Key1 key to use as indexing value
+     * @param string $Key2 key to use as value
+     * @return array with $Key1 => $Key2 pairs for matches
+     */
+    public function to_pair($Key1, $Key2)
+    {
+        $Return = [];
+        while ($Row = $this->fetch_array()) {
+            $Return[$Row[$Key1]] = $Row[$Key2];
+        }
+        
+        $this->data_seek(0);
+        return $Return;
+    }
+
+    /**
+     * Return specified portions of the current Sphinxql result object's meta data
+     *
+     * @param mixed $Keys scalar or array with keys to return. Default is false, which returns all meta data
+     * @return array with meta data
+     */
+    public function get_meta($Keys = false)
+    {
+        if ($Keys !== false) {
+            if (is_array($Keys)) {
+                $Return = [];
+                foreach ($Keys as $Key) {
+                    if (!isset($this->Meta[$Key])) {
+                        continue;
+                    }
+                    $Return[$Key] = $this->Meta[$Key];
+                }
+                return $Return;
+            } else {
+                return isset($this->Meta[$Keys]) ? $this->Meta[$Keys] : false;
+            }
+        } else {
+            return $this->Meta;
+        }
+    }
+
+    /**
+     * Return specified portions of the current Mysqli result object's information
+     *
+     * @param mixed $Keys scalar or array with keys to return. Default is false, which returns all available information
+     * @return array with result information
+     */
+    public function get_result_info($Keys = false)
+    {
+        if ($Keys !== false) {
+            if (is_array($Keys)) {
+                $Return = [];
+                foreach ($Keys as $Key) {
+                    if (!isset($this->Result->$Key)) {
+                        continue;
+                    }
+                    $Return[$Key] = $this->Result->$Key;
+                }
+                return $Return;
+            } else {
+                return isset($this->Result->$Keys) ? $this->Result->$Keys : false;
+            }
+        } else {
+            return $this->Result;
+        }
+    }
+}

classes/subscriptions.class.php

@@ -0,0 +1,422 @@
+<?php
+
+class Subscriptions
+{
+    /**
+     * Parse a post/comment body for quotes and notify all quoted users that have quote notifications enabled.
+     * @param string $Body
+     * @param int $PostID
+     * @param string $Page
+     * @param int $PageID
+     */
+    public static function quote_notify($Body, $PostID, $Page, $PageID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        /*
+         * Explanation of the parameters PageID and Page: Page contains where
+         * this quote comes from and can be forums, artist, collages, requests
+         * or torrents. The PageID contains the additional value that is
+         * necessary for the users_notify_quoted table. The PageIDs for the
+         * different Page are: forums: TopicID artist: ArtistID collages:
+         * CollageID requests: RequestID torrents: GroupID
+         */
+        $Matches = [];
+        preg_match_all('/\[quote(?:=(.*)(?:\|.*)?)?]|\[\/quote]/iU', $Body, $Matches, PREG_SET_ORDER);
+
+        if (count($Matches)) {
+            $Usernames = [];
+            $Level = 0;
+            foreach ($Matches as $M) {
+                if ($M[0] != '[/quote]') {
+                    if ($Level == 0 && isset($M[1]) && strlen($M[1]) > 0 && preg_match(USERNAME_REGEX, $M[1])) {
+                        $Usernames[] = preg_replace('/(^[.,]*)|([.,]*$)/', '', $M[1]); // wut?
+                    }
+                    ++$Level;
+                } else {
+                    --$Level;
+                }
+            }
+        }
+        // remove any dupes in the array (the fast way)
+        $Usernames = array_flip(array_flip($Usernames));
+
+        G::$DB->query("
+      SELECT m.ID
+      FROM users_main AS m
+        LEFT JOIN users_info AS i ON i.UserID = m.ID
+      WHERE m.Username IN ('" . implode("', '", $Usernames) . "')
+        AND i.NotifyOnQuote = '1'
+        AND i.UserID != " . G::$LoggedUser['ID']);
+
+        $Results = G::$DB->to_array();
+        foreach ($Results as $Result) {
+            $UserID = db_string($Result['ID']);
+            $QuoterID = db_string(G::$LoggedUser['ID']);
+            $Page = db_string($Page);
+            $PageID = db_string($PageID);
+            $PostID = db_string($PostID);
+
+            G::$DB->query(
+                "
+        INSERT IGNORE INTO users_notify_quoted
+          (UserID, QuoterID, Page, PageID, PostID, Date)
+        VALUES
+          (    ?,               ?,               ?,      ?,       ?,   NOW())",
+                $Result['ID'],
+                G::$LoggedUser['ID'],
+                $Page,
+                $PageID,
+                $PostID
+            );
+            G::$Cache->delete_value("notify_quoted_$UserID");
+            if ($Page == 'forums') {
+                $URL = site_url() . "forums.php?action=viewthread&postid=$PostID";
+            } else {
+                $URL = site_url() . "comments.php?action=jump&postid=$PostID";
+            }
+        }
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+     * (Un)subscribe from a forum thread.
+     * If UserID == 0, G::$LoggedUser[ID] is used
+     * @param int $TopicID
+     * @param int $UserID
+     */
+    public static function subscribe($TopicID, $UserID = 0)
+    {
+        if ($UserID == 0) {
+            $UserID = G::$LoggedUser['ID'];
+        }
+        $QueryID = G::$DB->get_query_id();
+        $UserSubscriptions = self::get_subscriptions();
+        $Key = self::has_subscribed($TopicID);
+        if ($Key !== false) {
+            G::$DB->query('
+        DELETE FROM users_subscriptions
+        WHERE UserID = ' . db_string($UserID) . '
+          AND TopicID = ' . db_string($TopicID));
+            unset($UserSubscriptions[$Key]);
+        } else {
+            G::$DB->query("
+        INSERT IGNORE INTO users_subscriptions (UserID, TopicID)
+        VALUES ($UserID, " . db_string($TopicID) . ")");
+            array_push($UserSubscriptions, $TopicID);
+        }
+        G::$Cache->replace_value("subscriptions_user_$UserID", $UserSubscriptions, 0);
+        G::$Cache->delete_value("subscriptions_user_new_$UserID");
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+     * (Un)subscribe from comments.
+     * If UserID == 0, G::$LoggedUser[ID] is used
+     * @param string $Page 'artist', 'collages', 'requests' or 'torrents'
+     * @param int $PageID ArtistID, CollageID, RequestID or GroupID
+     * @param int $UserID
+     */
+    public static function subscribe_comments($Page, $PageID, $UserID = 0)
+    {
+        if ($UserID == 0) {
+            $UserID = G::$LoggedUser['ID'];
+        }
+        $QueryID = G::$DB->get_query_id();
+        $UserCommentSubscriptions = self::get_comment_subscriptions();
+        $Key = self::has_subscribed_comments($Page, $PageID);
+        if ($Key !== false) {
+            G::$DB->query("
+        DELETE FROM users_subscriptions_comments
+        WHERE UserID = " . db_string($UserID) . "
+          AND Page = '" . db_string($Page) . "'
+          AND PageID = " . db_string($PageID));
+            unset($UserCommentSubscriptions[$Key]);
+        } else {
+            G::$DB->query("
+        INSERT IGNORE INTO users_subscriptions_comments
+          (UserID, Page, PageID)
+        VALUES
+          ($UserID, '" . db_string($Page) . "', " . db_string($PageID) . ")");
+            array_push($UserCommentSubscriptions, array($Page, $PageID));
+        }
+        G::$Cache->replace_value("subscriptions_comments_user_$UserID", $UserCommentSubscriptions, 0);
+        G::$Cache->delete_value("subscriptions_comments_user_new_$UserID");
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+     * Read $UserID's subscriptions. If the cache key isn't set, it gets filled.
+     * If UserID == 0, G::$LoggedUser[ID] is used
+     * @param int $UserID
+     * @return array Array of TopicIDs
+     */
+    public static function get_subscriptions($UserID = 0)
+    {
+        if ($UserID == 0) {
+            $UserID = G::$LoggedUser['ID'];
+        }
+        $QueryID = G::$DB->get_query_id();
+        $UserSubscriptions = G::$Cache->get_value("subscriptions_user_$UserID");
+        if ($UserSubscriptions === false) {
+            G::$DB->query('
+        SELECT TopicID
+        FROM users_subscriptions
+        WHERE UserID = ' . db_string($UserID));
+            $UserSubscriptions = G::$DB->collect(0);
+            G::$Cache->cache_value("subscriptions_user_$UserID", $UserSubscriptions, 0);
+        }
+        G::$DB->set_query_id($QueryID);
+        return $UserSubscriptions;
+    }
+
+    /**
+     * Same as self::get_subscriptions, but for comment subscriptions
+     * @param int $UserID
+     * @return array Array of ($Page, $PageID)
+     */
+    public static function get_comment_subscriptions($UserID = 0)
+    {
+        if ($UserID == 0) {
+            $UserID = G::$LoggedUser['ID'];
+        }
+        $QueryID = G::$DB->get_query_id();
+        $UserCommentSubscriptions = G::$Cache->get_value("subscriptions_comments_user_$UserID");
+        if ($UserCommentSubscriptions === false) {
+            G::$DB->query('
+        SELECT Page, PageID
+        FROM users_subscriptions_comments
+        WHERE UserID = ' . db_string($UserID));
+            $UserCommentSubscriptions = G::$DB->to_array(false, MYSQLI_NUM);
+            G::$Cache->cache_value("subscriptions_comments_user_$UserID", $UserCommentSubscriptions, 0);
+        }
+        G::$DB->set_query_id($QueryID);
+        return $UserCommentSubscriptions;
+    }
+
+    /**
+     * Returns whether or not the current user has new subscriptions. This handles both forum and comment subscriptions.
+     * @return int Number of unread subscribed threads/comments
+     */
+    public static function has_new_subscriptions()
+    {
+        $QueryID = G::$DB->get_query_id();
+
+        $NewSubscriptions = G::$Cache->get_value('subscriptions_user_new_' . G::$LoggedUser['ID']);
+        if ($NewSubscriptions === false) {
+            // forum subscriptions
+            G::$DB->query("
+          SELECT COUNT(1)
+          FROM users_subscriptions AS s
+            LEFT JOIN forums_last_read_topics AS l ON l.UserID = s.UserID AND l.TopicID = s.TopicID
+            JOIN forums_topics AS t ON t.ID = s.TopicID
+            JOIN forums AS f ON f.ID = t.ForumID
+          WHERE " . Forums::user_forums_sql() . "
+            AND IF(t.IsLocked = '1' AND t.IsSticky = '0'" . ", t.LastPostID, IF(l.PostID IS NULL, 0, l.PostID)) < t.LastPostID
+            AND s.UserID = " . G::$LoggedUser['ID']);
+            list($NewForumSubscriptions) = G::$DB->next_record();
+
+            // comment subscriptions
+            G::$DB->query("
+          SELECT COUNT(1)
+          FROM users_subscriptions_comments AS s
+            LEFT JOIN users_comments_last_read AS lr ON lr.UserID = s.UserID AND lr.Page = s.Page AND lr.PageID = s.PageID
+            LEFT JOIN comments AS c ON c.ID = (SELECT MAX(ID) FROM comments WHERE Page = s.Page AND PageID = s.PageID)
+            LEFT JOIN collages AS co ON s.Page = 'collages' AND co.ID = s.PageID
+          WHERE s.UserID = " . G::$LoggedUser['ID'] . "
+            AND (s.Page != 'collages' OR co.Deleted = '0')
+            AND IF(lr.PostID IS NULL, 0, lr.PostID) < c.ID");
+            list($NewCommentSubscriptions) = G::$DB->next_record();
+
+            $NewSubscriptions = $NewForumSubscriptions + $NewCommentSubscriptions;
+            G::$Cache->cache_value('subscriptions_user_new_' . G::$LoggedUser['ID'], $NewSubscriptions, 0);
+        }
+        G::$DB->set_query_id($QueryID);
+        return (int)$NewSubscriptions;
+    }
+
+    /**
+     * Returns whether or not the current user has new quote notifications.
+     * @return int Number of unread quote notifications
+     */
+    public static function has_new_quote_notifications()
+    {
+        $QuoteNotificationsCount = G::$Cache->get_value('notify_quoted_' . G::$LoggedUser['ID']);
+        if ($QuoteNotificationsCount === false) {
+            $sql = "
+        SELECT COUNT(1)
+        FROM users_notify_quoted AS q
+          LEFT JOIN forums_topics AS t ON t.ID = q.PageID
+          LEFT JOIN forums AS f ON f.ID = t.ForumID
+          LEFT JOIN collages AS c ON q.Page = 'collages' AND c.ID = q.PageID
+        WHERE q.UserID = " . G::$LoggedUser['ID'] . "
+          AND q.UnRead
+          AND (q.Page != 'forums' OR " . Forums::user_forums_sql() . ")
+          AND (q.Page != 'collages' OR c.Deleted = '0')";
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query($sql);
+            list($QuoteNotificationsCount) = G::$DB->next_record();
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value('notify_quoted_' . G::$LoggedUser['ID'], $QuoteNotificationsCount, 0);
+        }
+        return (int)$QuoteNotificationsCount;
+    }
+
+    /**
+     * Returns the key which holds this $TopicID in the subscription array.
+     * Use type-aware comparison operators with this! (ie. if (self::has_subscribed($TopicID) !== false) { ... })
+     * @param int $TopicID
+     * @return bool|int
+     */
+    public static function has_subscribed($TopicID)
+    {
+        $UserSubscriptions = self::get_subscriptions();
+        return array_search($TopicID, $UserSubscriptions);
+    }
+
+    /**
+     * Same as has_subscribed, but for comment subscriptions.
+     * @param string $Page 'artist', 'collages', 'requests' or 'torrents'
+     * @param int $PageID
+     * @return bool|int
+     */
+    public static function has_subscribed_comments($Page, $PageID)
+    {
+        $UserCommentSubscriptions = self::get_comment_subscriptions();
+        return array_search(array($Page, $PageID), $UserCommentSubscriptions);
+    }
+
+    /**
+     * Clear the subscription cache for all subscribers of a forum thread or artist/collage/request/torrent comments.
+     * @param type $Page 'forums', 'artist', 'collages', 'requests' or 'torrents'
+     * @param type $PageID TopicID, ArtistID, CollageID, RequestID or GroupID, respectively
+     */
+    public static function flush_subscriptions($Page, $PageID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        if ($Page == 'forums') {
+            G::$DB->query("
+        SELECT UserID
+        FROM users_subscriptions
+        WHERE TopicID = '$PageID'");
+        } else {
+            G::$DB->query("
+        SELECT UserID
+        FROM users_subscriptions_comments
+        WHERE Page = '$Page'
+          AND PageID = '$PageID'");
+        }
+        $Subscribers = G::$DB->collect('UserID');
+        foreach ($Subscribers as $Subscriber) {
+            G::$Cache->delete_value("subscriptions_user_new_$Subscriber");
+        }
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+     * Move all $Page subscriptions from $OldPageID to $NewPageID (for example when merging torrent groups).
+     * Passing $NewPageID = null will delete the subscriptions.
+     * @param string $Page 'forums', 'artist', 'collages', 'requests' or 'torrents'
+     * @param int $OldPageID TopicID, ArtistID, CollageID, RequestID or GroupID, respectively
+     * @param int|null $NewPageID As $OldPageID, or null to delete the subscriptions
+     */
+    public static function move_subscriptions($Page, $OldPageID, $NewPageID)
+    {
+        self::flush_subscriptions($Page, $OldPageID);
+        $QueryID = G::$DB->get_query_id();
+        if ($Page == 'forums') {
+            if ($NewPageID !== null) {
+                G::$DB->query("
+          UPDATE IGNORE users_subscriptions
+          SET TopicID = '$NewPageID'
+          WHERE TopicID = '$OldPageID'");
+                // explanation see below
+                G::$DB->query("
+          UPDATE IGNORE forums_last_read_topics
+          SET TopicID = $NewPageID
+          WHERE TopicID = $OldPageID");
+                G::$DB->query("
+          SELECT UserID, MIN(PostID)
+          FROM forums_last_read_topics
+          WHERE TopicID IN ($OldPageID, $NewPageID)
+          GROUP BY UserID
+          HAVING COUNT(1) = 2");
+                $Results = G::$DB->to_array(false, MYSQLI_NUM);
+                foreach ($Results as $Result) {
+                    G::$DB->query("
+            UPDATE forums_last_read_topics
+            SET PostID = $Result[1]
+            WHERE TopicID = $NewPageID
+              AND UserID = $Result[0]");
+                }
+            }
+            G::$DB->query("
+        DELETE FROM users_subscriptions
+        WHERE TopicID = '$OldPageID'");
+            G::$DB->query("
+        DELETE FROM forums_last_read_topics
+        WHERE TopicID = $OldPageID");
+        } else {
+            if ($NewPageID !== null) {
+                G::$DB->query("
+          UPDATE IGNORE users_subscriptions_comments
+          SET PageID = '$NewPageID'
+          WHERE Page = '$Page'
+            AND PageID = '$OldPageID'");
+                // last read handling
+                // 1) update all rows that have no key collisions (i.e. users that haven't previously read both pages or if there are only comments on one page)
+                G::$DB->query("
+          UPDATE IGNORE users_comments_last_read
+          SET PageID = '$NewPageID'
+          WHERE Page = '$Page'
+            AND PageID = $OldPageID");
+                // 2) get all last read records with key collisions (i.e. there are records for one user for both PageIDs)
+                G::$DB->query("
+          SELECT UserID, MIN(PostID)
+          FROM users_comments_last_read
+          WHERE Page = '$Page'
+            AND PageID IN ($OldPageID, $NewPageID)
+          GROUP BY UserID
+          HAVING COUNT(1) = 2");
+                $Results = G::$DB->to_array(false, MYSQLI_NUM);
+                // 3) update rows for those people found in 2) to the earlier post
+                foreach ($Results as $Result) {
+                    G::$DB->query("
+            UPDATE users_comments_last_read
+            SET PostID = $Result[1]
+            WHERE Page = '$Page'
+              AND PageID = $NewPageID
+              AND UserID = $Result[0]");
+                }
+            }
+            G::$DB->query("
+        DELETE FROM users_subscriptions_comments
+        WHERE Page = '$Page'
+          AND PageID = '$OldPageID'");
+            G::$DB->query("
+        DELETE FROM users_comments_last_read
+        WHERE Page = '$Page'
+          AND PageID = '$OldPageID'");
+        }
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+     * Clear the quote notification cache for all subscribers of a forum thread or artist/collage/request/torrent comments.
+     * @param string $Page 'forums', 'artist', 'collages', 'requests' or 'torrents'
+     * @param int $PageID TopicID, ArtistID, CollageID, RequestID or GroupID, respectively
+     */
+    public static function flush_quote_notifications($Page, $PageID)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+      SELECT UserID
+      FROM users_notify_quoted
+      WHERE Page = '$Page'
+        AND PageID = $PageID");
+        $Subscribers = G::$DB->collect('UserID');
+        foreach ($Subscribers as $Subscriber) {
+            G::$Cache->delete_value("notify_quoted_$Subscriber");
+        }
+        G::$DB->set_query_id($QueryID);
+    }
+}

classes/tags.class.php

@@ -0,0 +1,323 @@
+<?php
+
+/**
+ * Tags Class
+ *
+ * Formatting and sorting methods for tags and tag lists
+ *
+ * Example:
+ * <pre>&lt;?php
+ * $Tags = new Tags('pop rock hip.hop');
+ * $Tags->Format(); // returns a tag link list
+ *
+ * $Tags2 = new Tags('pop rock indie');
+ *
+ * // returns a tag link list of tags ordered by amount
+ * Tags::format_top();
+ * ?></pre>
+ * e.g.:
+ *  pop (2)
+ *  rock (2)
+ *  hip.hop (1)
+ *  indie (1)
+ *
+ * Each time a new Tags object is instantiated, the tag list is merged with the
+ * overall total amount of tags to provide a Top Tags list. Merging is optional.
+ */
+class Tags
+{
+    /**
+     * Collects all tags processed by the Tags Class
+     * @static
+     * @var array $All Class Tags
+     */
+    private static $All = [];
+
+    /**
+     * All tags in the current instance
+     * @var array $Tags Instance Tags
+     */
+    private $Tags = null;
+
+    /**
+     * @var array $TagLink Tag link list
+     */
+    private $TagLink = [];
+
+    /**
+     * @var string $Primary The primary tag
+     */
+    private $Primary = '';
+
+    /**
+     * Filter tags array to remove empty spaces.
+     *
+     * @param string $TagList A string of tags separated by a space
+     * @param boolean $Merge Merge the tag list with the Class' tags
+     *        E.g., compilations and soundtracks are skipped, so false
+     */
+    public function __construct($TagList, $Merge = true)
+    {
+        if ($TagList) {
+            $this->Tags = array_filter(explode(' ', str_replace('_', '.', $TagList)));
+
+            if ($Merge) {
+                self::$All = array_merge(self::$All, $this->Tags);
+            }
+
+            $this->Primary = $this->Tags[0];
+            sort($this->Tags);
+        } else {
+            $this->Tags = [];
+        }
+    }
+
+    /**
+     * @return string Primary Tag
+     */
+    public function get_primary()
+    {
+        return $this->Primary;
+    }
+
+    /**
+     * Set the primary tag
+     * @param string $Primary
+     */
+    public function set_primary($Primary)
+    {
+        $this->Primary = (string)$Primary;
+    }
+
+    /**
+     * Formats primary tag as a title
+     * @return string Title
+     */
+    public function title()
+    {
+        return ucwords(str_replace('.', ' ', $this->Primary));
+    }
+
+    /**
+     * Formats primary tag as a CSS class
+     * @return string CSS Class Name
+     */
+    public function css_name()
+    {
+        return 'tags_' . str_replace('.', '_', $this->Primary);
+    }
+
+    /**
+     * @return array Tags
+     */
+    public function get_tags()
+    {
+        return $this->Tags;
+    }
+
+    /**
+     * @return array All tags
+     */
+    public static function all()
+    {
+        return self::$All;
+    }
+
+    /**
+     * Counts and sorts All tags
+     * @return array All tags sorted
+     */
+    public static function sorted()
+    {
+        $Sorted = array_count_values(self::$All);
+        arsort($Sorted);
+        return $Sorted;
+    }
+
+    /**
+     * Formats tags
+     * @param string $Link Link to a taglist page
+     * @param string $ArtistName Restrict tag search by this artist
+     * @return string List of tag links
+     */
+    public function format($Link = 'torrents.php?taglist=', $ArtistName = '')
+    {
+        if (!empty($ArtistName)) {
+            $ArtistName = "&amp;artistname=" . urlencode($ArtistName) . "&amp;action=advanced&amp;searchsubmit=1";
+        }
+
+        foreach ($this->Tags as $Tag) {
+            $Split = self::get_name_and_class($Tag);
+            $Name = $Split['name'];
+            $Class = $Split['class'];
+
+            if (empty($this->TagLink[$Tag])) {
+                $this->TagLink[$Tag] = '<a class="' . $Class . '" href="' . $Link . $Tag . $ArtistName . '">' . $Name . '</a>';
+            }
+        }
+        return implode(', ', $this->TagLink);
+    }
+
+    /**
+     * Format a list of top tags
+     * @param int $Max Max number of items to get
+     * @param string $Link  Page query where more items of this tag type can be found
+     * @param string $ArtistName Optional artist
+     */
+    public static function format_top($Max = 5, $Link = 'torrents.php?taglist=', $ArtistName = '')
+    {
+        if (empty(self::$All)) { ?>
+<li>No torrent tags</li>
+<?php
+      return;
+    }
+
+        if (!empty($ArtistName)) {
+            $ArtistName = '&amp;artistname=' . urlencode($ArtistName) . '&amp;action=advanced&amp;searchsubmit=1';
+        }
+
+        foreach (array_slice(self::sorted(), 0, $Max) as $Tag => $Total) {
+            $Split = self::get_name_and_class($Tag);
+            $Name = $Split['name'];
+            $Class = $Split['class']; ?>
+
+<li><a class="<?=$Class?>"
+    href="<?=$Link . display_str($Name) . $ArtistName?>"><?=display_str($Name)?></a> (<?=$Total?>)</li>
+<?php
+        }
+    }
+
+    /**
+     * General purpose method to get all tag aliases from the DB
+     * @return array
+     */
+    public static function get_aliases()
+    {
+        $TagAliases = G::$Cache->get_value('tag_aliases_search');
+        if ($TagAliases === false) {
+            G::$DB->query('
+            SELECT ID, BadTag, AliasTag
+            FROM tag_aliases
+              ORDER BY BadTag');
+      
+            $TagAliases = G::$DB->to_array(false, MYSQLI_ASSOC, false);
+            // Unify tag aliases to be in_this_format as tags not in.this.format
+            array_walk_recursive($TagAliases, function (&$val) {
+                $val = preg_replace("/\./", "_", $val);
+            });
+            // Clean up the array for smaller cache size
+            foreach ($TagAliases as &$TagAlias) {
+                foreach (array_keys($TagAlias) as $Key) {
+                    if (is_numeric($Key)) {
+                        unset($TagAlias[$Key]);
+                    }
+                }
+            }
+            G::$Cache->cache_value('tag_aliases_search', $TagAliases, 3600 * 24 * 7); // cache for 7 days
+        }
+        return $TagAliases;
+    }
+
+    /**
+     * Replace bad tags with tag aliases
+     * @param array $Tags Array with sub-arrays 'include' and 'exclude'
+     * @return array
+     */
+    public static function remove_aliases($Tags)
+    {
+        $TagAliases = self::get_aliases();
+
+        if (isset($Tags['include'])) {
+            $End = count($Tags['include']);
+            for ($i = 0; $i < $End; $i++) {
+                foreach ($TagAliases as $TagAlias) {
+                    if ($Tags['include'][$i] === $TagAlias['BadTag']) {
+                        $Tags['include'][$i] = $TagAlias['AliasTag'];
+                        break;
+                    }
+                }
+            }
+            // Only keep unique entries after unifying tag standard
+            $Tags['include'] = array_unique($Tags['include']);
+        }
+
+        if (isset($Tags['exclude'])) {
+            $End = count($Tags['exclude']);
+            for ($i = 0; $i < $End; $i++) {
+                foreach ($TagAliases as $TagAlias) {
+                    if (substr($Tags['exclude'][$i], 1) === $TagAlias['BadTag']) {
+                        $Tags['exclude'][$i] = '!'.$TagAlias['AliasTag'];
+                        break;
+                    }
+                }
+            }
+            // Only keep unique entries after unifying tag standard
+            $Tags['exclude'] = array_unique($Tags['exclude']);
+        }
+        return $Tags;
+    }
+
+    /**
+     * Filters a list of include and exclude tags to be used in a Sphinx search
+     * @param array $Tags An array of tags with sub-arrays 'include' and 'exclude'
+     * @param integer $TagType Search for Any or All of these tags.
+     * @return array Array keys predicate and input
+     *               Predicate for a Sphinx 'taglist' query
+     *               Input contains clean, aliased tags. Use it in a form instead of the user submitted string
+     */
+    public static function tag_filter_sph($Tags, $TagType)
+    {
+        $QueryParts = [];
+        $Tags = Tags::remove_aliases($Tags);
+        $TagList = str_replace('_', '.', implode(', ', array_merge($Tags['include'], $Tags['exclude'])));
+
+        foreach ($Tags['include'] as &$Tag) {
+            $Tag = Sphinxql::sph_escape_string($Tag);
+        }
+
+        if (!empty($Tags['exclude'])) {
+            foreach ($Tags['exclude'] as &$Tag) {
+                $Tag = '!' . Sphinxql::sph_escape_string(substr($Tag, 1));
+            }
+        }
+
+        // 'All' tags
+        if (!isset($TagType) || $TagType == 1) {
+            $SearchWords = array_merge($Tags['include'], $Tags['exclude']);
+            if (!empty($Tags)) {
+                $QueryParts[] = implode(' ', $SearchWords);
+            }
+        }
+        // 'Any' tags
+        else {
+            if (!empty($Tags['include'])) {
+                $QueryParts[] = '( ' . implode(' | ', $Tags['include']) . ' )';
+            }
+            if (!empty($Tags['exclude'])) {
+                $QueryParts[] = implode(' ', $Tags['exclude']);
+            }
+        }
+
+        return ['input' => $TagList, 'predicate' => implode(' ', $QueryParts)];
+    }
+
+    /**
+     * Breaks a tag down into name and namespace class
+     * @param string $Tag Tag of the form 'tag' or 'tag:namespace'
+     * @return array Array keys name and class
+     *               name is the name of the tag without a namespace
+     *               class is the HTML class that should be applied to the tag, empty string if the tag has no namespace
+     */
+    public static function get_name_and_class($Tag)
+    {
+        $Name = $Tag;
+        $Class = "";
+        $Split = explode(':', $Tag);
+        
+        if (count($Split) > 1 && in_array($Split[1], TAG_NAMESPACES)) {
+            $Name = $Split[0];
+            $Class = "tag_" . $Split[1];
+        }
+        return array("name" => display_str($Name), "class" => display_str($Class));
+    }
+}

classes/templates.class.php

@@ -0,0 +1,83 @@
+<?php
+
+// Example :
+// $TPL = new TEMPLATE;
+// $TPL->open('inv.tpl');
+// $TPL->set('ADDRESS1', $TPL->str_align(57, $UADDRESS1, 'l', ' '));
+// $TPL->get();
+
+class TEMPLATE
+{
+    public $file = '';
+    public $vars = [];
+
+    public function open($file)
+    {
+        $this->file = file($file);
+    }
+
+    public function set($name, $var, $ifnone = '<span style="font-style: italic;">-None-</span>')
+    {
+        if ($name !== '') {
+            $this->vars[$name][0] = $var;
+            $this->vars[$name][1] = $ifnone;
+        }
+    }
+
+    public function show()
+    {
+        $TMPVAR = '';
+        for ($i = 0; $i < sizeof($this->file); $i++) {
+            $TMPVAR = $this->file[$i];
+            foreach ($this->vars as $k=>$v) {
+                if ($v[1] !== '' && $v[0] === '') {
+                    $v[0] = $v[1];
+                }
+                $TMPVAR = str_replace('{{'.$k.'}}', $v[0], $TMPVAR);
+            }
+            echo $TMPVAR;
+        }
+    }
+
+    public function get()
+    {
+        $RESULT = '';
+        $TMPVAR = '';
+        for ($i = 0; $i < sizeof($this->file); $i++) {
+            $TMPVAR = $this->file[$i];
+            foreach ($this->vars as $k=>$v) {
+                if ($v[1] !== '' && $v[0] === '') {
+                    $v[0] = $v[1];
+                }
+                $TMPVAR = str_replace('{{'.$k.'}}', $v[0], $TMPVAR);
+            }
+            $RESULT.= $TMPVAR;
+        }
+        return $RESULT;
+    }
+
+    public function str_align($len, $str, $align, $fill)
+    {
+        $strlen = strlen($str);
+        if ($strlen > $len) {
+            return substr($str, 0, $len);
+        } elseif (($strlen === 0) || ($len === 0)) {
+            return '';
+        } else {
+            if (($align === 'l') || ($align === 'left')) {
+                $result = $str.str_repeat($fill, ($len - $strlen));
+            } elseif (($align === 'r') || ($align === 'right')) {
+                $result = str_repeat($fill, ($len - $strlen)).$str;
+            } elseif (($align === 'c') || ($align === 'center')) {
+                $snm = intval(($len - $strlen) / 2);
+                if (($strlen + ($snm * 2)) === $len) {
+                    $result = str_repeat($fill, $snm).$str;
+                } else {
+                    $result = str_repeat($fill, $snm + 1).$str;
+                }
+                $result.= str_repeat($fill, $snm);
+            }
+            return $result;
+        }
+    }
+}

classes/testing.class.php

@@ -0,0 +1,169 @@
+<?php
+
+class Testing
+{
+    private static $ClassDirectories = array("classes");
+    private static $Classes = [];
+
+    /**
+     * Initialize the testasble classes into a map keyed by class name
+     */
+    public static function init()
+    {
+        self::load_classes();
+    }
+
+    /**
+     * Gets the class
+     */
+    public static function get_classes()
+    {
+        return self::$Classes;
+    }
+
+    /**
+     * Loads all the classes within given directories
+     */
+    private static function load_classes()
+    {
+        foreach (self::$ClassDirectories as $Directory) {
+            $Directory = SERVER_ROOT . "/" . $Directory . "/";
+            foreach (glob($Directory . "*.php") as $FileName) {
+                self::get_class_name($FileName);
+            }
+        }
+    }
+
+    /**
+     * Gets the class and adds into the map
+     */
+    private static function get_class_name($FileName)
+    {
+        $Tokens = token_get_all(file_get_contents($FileName));
+        $IsTestable = false;
+        $IsClass = false;
+
+        foreach ($Tokens as $Token) {
+            if (is_array($Token)) {
+                if (!$IsTestable && $Token[0] == T_DOC_COMMENT && strpos($Token[1], "@TestClass")) {
+                    $IsTestable = true;
+                }
+
+                if ($IsTestable && $Token[0] == T_CLASS) {
+                    $IsClass = true;
+                } elseif ($IsClass && $Token[0] == T_STRING) {
+                    $ReflectionClass = new ReflectionClass($Token[1]);
+
+                    if (count(self::get_testable_methods($ReflectionClass))) {
+                        self::$Classes[$Token[1]] = new ReflectionClass($Token[1]);
+                    }
+
+                    $IsTestable = false;
+                    $IsClass = false;
+                }
+            }
+        }
+    }
+
+    /**
+     * Checks if class exists in the map
+     */
+    public static function has_class($Class)
+    {
+        return array_key_exists($Class, self::$Classes);
+    }
+
+    /**
+     * Checks if class has a given testable methood
+     */
+    public static function has_testable_method($Class, $Method)
+    {
+        $TestableMethods = self::get_testable_methods($Class);
+        foreach ($TestableMethods as $TestMethod) {
+            if ($TestMethod->getName() === $Method) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Get testable methods in a class, a testable method has a @Test
+     */
+    public static function get_testable_methods($Class)
+    {
+        if (is_string($Class)) {
+            $ReflectionClass = self::$Classes[$Class];
+        } else {
+            $ReflectionClass = $Class;
+        }
+
+        $ReflectionMethods = $ReflectionClass->getMethods();
+        $TestableMethods = [];
+
+        foreach ($ReflectionMethods as $Method) {
+            if ($Method->isPublic() && $Method->isStatic() && strpos($Method->getDocComment(), "@Test")) {
+                $TestableMethods[] = $Method;
+            }
+        }
+        return $TestableMethods;
+    }
+
+
+    /**
+     * Get the class comment
+     */
+    public static function get_class_comment($Class)
+    {
+        $ReflectionClass = self::$Classes[$Class];
+        return trim(str_replace(array("@TestClass", "*", "/"), "", $ReflectionClass->getDocComment()));
+    }
+
+    /**
+     * Get the undocumented methods in a class
+     */
+    public static function get_undocumented_methods($Class)
+    {
+        $ReflectionClass = self::$Classes[$Class];
+        $Methods = [];
+
+        foreach ($ReflectionClass->getMethods() as $Method) {
+            if (!$Method->getDocComment()) {
+                $Methods[] = $Method;
+            }
+        }
+        return $Methods;
+    }
+
+    /**
+     * Get the documented methods
+     */
+    public static function get_documented_methods($Class)
+    {
+        $ReflectionClass = self::$Classes[$Class];
+        $Methods = [];
+
+        foreach ($ReflectionClass->getMethods() as $Method) {
+            if ($Method->getDocComment()) {
+                $Methods[] = $Method;
+            }
+        }
+        return $Methods;
+    }
+
+    /**
+     * Get all methods in a class
+     */
+    public static function get_methods($Class)
+    {
+        return self::$Classes[$Class]->getMethods();
+    }
+
+    /**
+     * Get a method  comment
+     */
+    public static function get_method_comment($Method)
+    {
+        return trim(str_replace(array("*", "/"), "", $Method->getDocComment()));
+    }
+}

classes/testingview.class.php

@@ -0,0 +1,182 @@
+<?php
+
+class TestingView
+{
+    /**
+     * Render the linkbox
+     */
+    public static function render_linkbox($Page) { ?>
+<div class="linkbox">
+  <?php if ($Page != "classes") { ?>
+  <a href="testing.php" class="brackets">Classes</a>
+  <?php }
+      if ($Page != "comments") { ?>
+  <a href="testing.php?action=comments" class="brackets">Comments</a>
+  <?php } ?>
+</div>
+<?php }
+
+    /**
+     * Render a list of classes
+     */
+    public static function render_classes($Classes) { ?>
+<table>
+  <tr class="colhead">
+    <td>
+      Class
+    </td>
+    <td>
+      Testable functions
+    </td>
+  </tr>
+  <?php foreach ($Classes as $Key => $Value) {
+        $Doc = Testing::get_class_comment($Key);
+        $Methods = count(Testing::get_testable_methods($Key)); ?>
+  <tr>
+    <td>
+      <a href="testing.php?action=class&amp;name=<?=$Key?>"
+        class="tooltip" title="<?=$Doc?>"><?=$Key?></a>
+    </td>
+    <td>
+      <?=$Methods?>
+    </td>
+  </tr>
+  <?php
+    } ?>
+</table>
+<?php }
+
+    /**
+     * Render functions in a class
+     */
+    public static function render_functions($Methods)
+    {
+        foreach ($Methods as $Index => $Method) {
+            $ClassName = $Method->getDeclaringClass()->getName();
+            $MethodName = $Method->getName(); ?>
+<div class="box">
+  <div class="head">
+    <span><?=self::render_method_definition($Method)?></span>
+    <span class="float_right">
+      <a data-toggle-target="#method_params_<?=$Index?>"
+        class="brackets">Params</a>
+      <a href="#" class="brackets run" data-gazelle-id="<?=$Index?>"
+        data-gazelle-class="<?=$ClassName?>"
+        data-gazelle-method="<?=$MethodName?>">Run</a>
+    </span>
+  </div>
+  <div class="pad hidden" id="method_params_<?=$Index?>">
+    <?self::render_method_params($Method); ?>
+  </div>
+  <div class="pad hidden" id="method_results_<?=$Index?>">
+  </div>
+</div>
+<?php
+        }
+    }
+
+    /**
+     * Render method parameters
+     */
+    private static function render_method_params($Method) { ?>
+<table>
+  <?php foreach ($Method->getParameters() as $Parameter) {
+        $DefaultValue = $Parameter->isDefaultValueAvailable() ? $Parameter->getDefaultValue() : ""; ?>
+  <tr>
+    <td class="label">
+      <?=$Parameter->getName()?>
+    </td>
+    <td>
+      <input type="text" name="<?=$Parameter->getName()?>"
+        value="<?=$DefaultValue?>" />
+    </td>
+  </tr>
+  <?php
+    } ?>
+</table>
+<?php }
+
+    /**
+     * Render the method definition
+     */
+    private static function render_method_definition($Method)
+    {
+        $Title = "<span class='tooltip' title='" . Testing::get_method_comment($Method) . "'>" . $Method->getName() . "</span> (";
+        foreach ($Method->getParameters() as $Parameter) {
+            $Color = "red";
+            if ($Parameter->isDefaultValueAvailable()) {
+                $Color = "green";
+            }
+            $Title .= "<span style='color: $Color'>";
+            $Title .= "$" . $Parameter->getName();
+            if ($Parameter->isDefaultValueAvailable()) {
+                $Title .= " = " . $Parameter->getDefaultValue();
+            }
+            $Title .= "</span>";
+            $Title .= ", ";
+        }
+        $Title = rtrim($Title, ", ");
+        $Title .= ")";
+        return $Title;
+    }
+
+    /**
+     * Renders class documentation stats
+     */
+    public static function render_missing_documentation($Classes) { ?>
+<table>
+  <tr class="colhead">
+    <td>
+      Class
+    </td>
+    <td>
+      Class documented
+    </td>
+    <td>
+      Undocumented functions
+    </td>
+    <td>
+      Documented functions
+    </td>
+  </tr>
+  <?php foreach ($Classes as $Key => $Value) {
+        $ClassComment = Testing::get_class_comment($Key); ?>
+  <tr>
+    <td>
+      <?=$Key?>
+    </td>
+    <td>
+      <?=!empty($ClassComment) ? "Yes" : "No"?>
+    <td>
+      <?=count(Testing::get_undocumented_methods($Key))?>
+    </td>
+    <td>
+      <?=count(Testing::get_documented_methods($Key))?>
+    </td>
+  </tr>
+  <?php
+    } ?>
+</table>
+<?php }
+
+    /**
+     * Pretty print any data
+     */
+    public static function render_results($Data)
+    {
+        $Results = '<pre><ul style="list-style-type: none">';
+        if (is_array($Data)) {
+            foreach ($Data as $Key => $Value) {
+                if (is_array($Value)) {
+                    $Results .= '<li>' . $Key . ' => ' . self::render_results($Value) . '</li>';
+                } else {
+                    $Results .= '<li>' . $Key . ' => ' . $Value . '</li>';
+                }
+            }
+        } else {
+            $Results .= '<li>' . $Data . '</li>';
+        }
+        $Results .= '</ul></pre>';
+        echo $Results;
+    }
+}

classes/textarea_preview.class.php

@@ -0,0 +1,244 @@
+<?php
+declare(strict_types = 1);
+
+/**
+ * This super class is used to manage the ammount of textareas there are
+ * and to generate the required JavaScript that enables the previews to work.
+ */
+class TEXTAREA_PREVIEW_SUPER
+{
+    /**
+     * @static
+     * @var int $Textareas Total number of textareas created
+     */
+    protected static $Textareas = 0;
+
+    /**
+     * @static
+     * @var array $_ID Array of textarea IDs
+     */
+    protected static $_ID = [];
+
+    /**
+     * @static
+     * @var bool For use in JavaScript method
+     */
+    private static $Exectuted = false;
+
+    /**
+     * This method should only run once with $all as true and should be placed
+     * in the header or footer.
+     *
+     * If $all is true, it includes TextareaPreview and jQuery
+     *
+     * jQuery is required for this to work, include it in the headers.
+     *
+     * @static
+     * @param bool $all Output all required scripts, otherwise just do iterator()
+     * @example <pre><?php TEXT_PREVIEW::JavaScript(); ?></pre>
+     * @return void
+     */
+    public static function JavaScript($all = true)
+    {
+        if (self::$Textareas === 0) {
+            return;
+        }
+
+        if (self::$Exectuted === false && $all) {
+            View::parse('generic/textarea/script.phtml');
+        }
+
+        self::$Exectuted = true;
+        self::iterator();
+    }
+
+    /**
+     * This iterator generates JavaScript to initialize each JavaScript
+     * TextareaPreview object.
+     *
+     * It will generate a numeric or custom ID related to the textarea.
+     * @static
+     * @return void
+     */
+    private static function iterator()
+    {
+        $script = [];
+        for ($i = 0; $i < self::$Textareas; $i++) {
+            if (isset(self::$_ID[$i]) && is_string(self::$_ID[$i])) {
+                $a = sprintf('%d, "%s"', $i, self::$_ID[$i]);
+            } else {
+                $a = $i;
+            }
+            $script[] = sprintf('[%s]', $a);
+        }
+
+        if (!empty($script)) {
+            View::parse('generic/textarea/script_factory.phtml', array('script' => join(', ', $script)));
+        }
+    }
+}
+
+/**
+ * Textarea Preview Class
+ *
+ * This class generates a textarea that works with the JS preview script.
+ * Templates found in design/views/generic/textarea.
+ *
+ * @example <pre><?php
+ *  // Create a textarea with a name of content.
+ *  // Buttons and preview divs are generated automatically near the textarea.
+ *  new TEXTAREA_PREVIEW('content');
+ *
+ *  // Create a textarea with name and id body_text with default text and
+ *  // no buttons or wrap preview divs.
+ *  // Buttons and preview divs are generated manually
+ *  $text = new TEXTAREA_PREVIEW('body_text', 'body_text', 'default text',
+ *          50, 20, false, false, array('disabled="disabled"', 'class="text"'));
+ *
+ *  $text->buttons(); // output buttons
+ *  $text->preview(); // output preview div
+ *
+ * // Create a textarea with custom preview wrapper around a table
+ * // the table will be (in)visible depending on the toggle
+ * $text = new TEXTAREA_PREVIEW('body', '', '', 30, 10, false, false);
+ * $id = $text->getID();
+ *
+ * // some template
+ * <div id="preview_wrap_<?=$id?>">
+ *    <table>
+ *      <tr>
+ *        <td>
+ *          <div id="preview_<?=$id?>"></div>
+ *        </td>
+ *      </tr>
+ *    </table>
+ * </div>
+ * </pre>
+ */
+class TEXTAREA_PREVIEW extends TEXTAREA_PREVIEW_SUPER
+{
+
+  /**
+   * @var int Unique ID
+   */
+    private $id;
+
+    /**
+     * Flag for preview output
+     * @var bool $preview
+     */
+    private $preview = false;
+
+    /**
+     * String table
+     * @var string Buffer
+     */
+    private $buffer = null;
+
+    /**
+     * This method creates a textarea
+     *
+     * @param string $Name    name attribute
+     * @param string $ID      id attribute
+     * @param string $Value   default text attribute
+     * @param string $Cols    cols attribute
+     * @param string $Rows    rows attribute
+     * @param bool   $Preview add the preview divs near the textarea
+     * @param bool   $Buttons add the edit/preview buttons near the textarea
+     * @param bool   $Buffer  doesn't output the textarea, use getBuffer()
+     * @param array  $ExtraAttributesarray of attribute="value"
+     *
+     * If false for $Preview, $Buttons, or $Buffer, use the appropriate
+     * methods to add the those elements manually. Alternatively, use getID
+     * to create your own.
+     *
+     * It's important to have the right IDs as they make the JS function properly.
+     */
+    public function __construct(
+        $Name,
+        $ID = '',
+        $Value = '',
+        $Placeholder = '',
+        $Cols = 40,
+        $Rows = 20,
+        $Preview = true,
+        $Buttons = true,
+        $Buffer = false,
+        $ExtraAttributes = []
+    ) {
+        $this->id = parent::$Textareas;
+        parent::$Textareas += 1;
+        array_push(parent::$_ID, $ID);
+
+        if (empty($ID)) {
+            $ID = 'quickpost_' . $this->id;
+        }
+
+        if (!empty($ExtraAttributes)) {
+            $Attributes = ' ' . implode(' ', $ExtraAttributes);
+        } else {
+            $Attributes = '';
+        }
+
+        if ($Preview === true) {
+            $this->preview();
+        }
+
+        $this->buffer = View::parse(
+            'generic/textarea/textarea.phtml',
+            array(
+                'ID' => $ID,
+                'NID' => $this->id,
+                'Name' => &$Name,
+                'Value' => &$Value,
+                'Placeholder' => &$Placeholder,
+                'Cols' => &$Cols,
+                'Rows' => &$Rows,
+                'Attributes' => &$Attributes
+            ),
+            $Buffer
+        );
+
+        if ($Buttons === true) {
+            $this->buttons();
+        }
+    }
+
+    /**
+     * Outputs the divs required for previewing the AJAX content
+     * Will only output once
+     */
+    public function preview()
+    {
+        if (!$this->preview) {
+            View::parse('generic/textarea/preview.phtml', array('ID' => $this->id));
+        }
+        $this->preview = true;
+    }
+
+    /**
+     * Outputs the preview and edit buttons
+     * Can be called many times to place buttons in different areas
+     */
+    public function buttons()
+    {
+        View::parse('generic/textarea/buttons.phtml', array('ID' => $this->id));
+    }
+
+    /**
+     * Returns the textarea's numeric ID.
+     */
+    public function getID()
+    {
+        return $this->id;
+    }
+
+    /**
+     * Returns textarea string when buffer is enabled in the constructor
+     * @return string
+     */
+    public function getBuffer()
+    {
+        return $this->buffer;
+    }
+}

classes/time.class.php

@@ -0,0 +1,183 @@
+<?php
+
+if (!extension_loaded('date')) {
+    error('Date extension not loaded.');
+}
+
+function time_ago($TimeStamp)
+{
+    if (!$TimeStamp) {
+        return false;
+    }
+    if (!is_number($TimeStamp)) { // Assume that $TimeStamp is SQL timestamp
+        $TimeStamp = strtotime($TimeStamp);
+    }
+    return time() - $TimeStamp;
+}
+
+/*
+ * Returns a <span> by default but can optionally return the raw time
+ * difference in text (e.g. "16 hours and 28 minutes", "1 day, 18 hours").
+ */
+function time_diff($TimeStamp, $Levels = 2, $Span = true, $Lowercase = false)
+{
+    if (!$TimeStamp) {
+        return 'Never';
+    }
+    if (!is_number($TimeStamp)) { // Assume that $TimeStamp is SQL timestamp
+        $TimeStamp = strtotime($TimeStamp);
+    }
+    $Time = time() - $TimeStamp;
+
+    // If the time is negative, then it expires in the future.
+    if ($Time < 0) {
+        $Time = -$Time;
+        $HideAgo = true;
+    }
+
+    $Years = floor($Time / 31556926); // seconds in one year
+    $Remain = $Time - $Years * 31556926;
+
+    $Months = floor($Remain / 2629744); // seconds in one month
+    $Remain = $Remain - $Months * 2629744;
+
+    $Weeks = floor($Remain / 604800); // seconds in one week
+    $Remain = $Remain - $Weeks * 604800;
+
+    $Days = floor($Remain / 86400); // seconds in one day
+    $Remain = $Remain - $Days * 86400;
+
+    $Hours=floor($Remain / 3600); // seconds in one hour
+    $Remain = $Remain - $Hours * 3600;
+
+    $Minutes = floor($Remain / 60); // seconds in one minute
+    $Remain = $Remain - $Minutes * 60;
+
+    $Seconds = $Remain;
+
+    $Return = '';
+
+    if ($Years > 0 && $Levels > 0) {
+        $Return .= "$Years year".(($Years > 1) ? 's' : '');
+        $Levels--;
+    }
+
+    if ($Months > 0 && $Levels > 0) {
+        $Return .= ($Return != '') ? ', ' : '';
+        $Return .= "$Months month".(($Months > 1) ? 's' : '');
+        $Levels--;
+    }
+
+    if ($Weeks > 0 && $Levels > 0) {
+        $Return .= ($Return != '') ? ', ' : '';
+        $Return .= "$Weeks week".(($Weeks > 1) ? 's' : '');
+        $Levels--;
+    }
+
+    if ($Days > 0 && $Levels > 0) {
+        $Return .= ($Return != '') ? ', ' : '';
+        $Return .= "$Days day".(($Days > 1) ? 's' : '');
+        $Levels--;
+    }
+
+    if ($Hours > 0 && $Levels > 0) {
+        $Return .= ($Return != '') ? ', ' : '';
+        $Return .= "$Hours hour".(($Hours > 1) ? 's' : '');
+        $Levels--;
+    }
+
+    if ($Minutes > 0 && $Levels > 0) {
+        $Return .= ($Return != '') ? ' and ' : '';
+        $Return .= "$Minutes min".(($Minutes > 1) ? 's' : '');
+    }
+
+    if ($Return == '') {
+        $Return = 'Just now';
+    } elseif (!isset($HideAgo)) {
+        $Return .= ' ago';
+    }
+
+    if ($Lowercase) {
+        $Return = strtolower($Return);
+    }
+
+    if ($Span) {
+        return '<span class="time tooltip" title="'.date('M d Y, H:i', $TimeStamp).'">'.$Return.'</span>';
+    } else {
+        return $Return;
+    }
+}
+
+/* SQL utility functions */
+
+function time_plus($Offset)
+{
+    return date('Y-m-d H:i:s', time() + $Offset);
+}
+
+function time_minus($Offset, $Fuzzy = false)
+{
+    if ($Fuzzy) {
+        return date('Y-m-d 00:00:00', time() - $Offset);
+    } else {
+        return date('Y-m-d H:i:s', time() - $Offset);
+    }
+}
+
+// This is never used anywhere with $timestamp set
+// todo: Why don't we just use NOW() in the sql queries?
+function sqltime($timestamp = null)
+{
+    return date('Y-m-d H:i:s', ($timestamp ?? time()));
+}
+
+function validDate($DateString)
+{
+    $DateTime = explode(' ', $DateString);
+    if (count($DateTime) != 2) {
+        return false;
+    }
+
+    list($Date, $Time) = $DateTime;
+    $SplitTime = explode(':', $Time);
+    if (count($SplitTime) != 3) {
+        return false;
+    }
+
+    list($H, $M, $S) = $SplitTime;
+    if ($H != 0 && !(is_number($H) && $H < 24 && $H >= 0)) {
+        return false;
+    }
+
+    if ($M != 0 && !(is_number($M) && $M < 60 && $M >= 0)) {
+        return false;
+    }
+
+    if ($S != 0 && !(is_number($S) && $S < 60 && $S >= 0)) {
+        return false;
+    }
+
+    $SplitDate = explode('-', $Date);
+    if (count($SplitDate) != 3) {
+        return false;
+    }
+
+    list($Y, $M, $D) = $SplitDate;
+    return checkDate($M, $D, $Y);
+}
+
+function is_valid_date($Date)
+{
+    return is_valid_datetime($Date, 'Y-m-d');
+}
+
+function is_valid_time($Time)
+{
+    return is_valid_datetime($Time, 'H:i');
+}
+
+function is_valid_datetime($DateTime, $Format = 'Y-m-d H:i')
+{
+    $FormattedDateTime = DateTime::createFromFormat($Format, $DateTime);
+    return $FormattedDateTime && $FormattedDateTime->format($Format) == $DateTime;
+}

classes/tools.class.php

@@ -0,0 +1,341 @@
+<?php
+
+# todo: Check strick equality gently
+class Tools
+{
+    /**
+     * Returns true if given IP is banned.
+     *
+     * @param string $IP
+     */
+    public static function site_ban_ip($IP)
+    {
+        global $Debug;
+        $A = substr($IP, 0, strcspn($IP, '.:'));
+        $IPNum = Tools::ip_to_unsigned($IP);
+        $IPBans = G::$Cache->get_value('ip_bans_'.$A);
+
+        if (!is_array($IPBans)) {
+            $SQL = sprintf("
+            SELECT ID, FromIP, ToIP
+            FROM ip_bans
+              WHERE FromIP BETWEEN %d << 24 AND (%d << 24) - 1", $A, $A + 1);
+
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query($SQL);
+            $IPBans = G::$DB->to_array(0, MYSQLI_NUM);
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value('ip_bans_'.$A, $IPBans, 0);
+        }
+
+        $Debug->log_var($IPBans, 'IP bans for class '.$A);
+        foreach ($IPBans as $Index => $IPBan) {
+            list($ID, $FromIP, $ToIP) = $IPBan;
+            if ($IPNum >= $FromIP && $IPNum <= $ToIP) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Returns the unsigned form of an IP address.
+     *
+     * @param string $IP The IP address x.x.x.x
+     * @return string the long it represents.
+     */
+    public static function ip_to_unsigned($IP)
+    {
+        $IPnum = sprintf('%u', ip2long($IP));
+        if (!$IPnum) {
+            // Try to encode as IPv6 (stolen from stackoverflow)
+            // Note that this is *wrong* and because of PHP's wankery stops being accurate after the most significant 16 digits or so
+            // But since this is only used for geolocation and IPv6 blocks are allocated in huge numbers, it's still fine
+            $IPnum = '';
+            foreach (unpack('C*', inet_pton($IP)) as $byte) {
+                $IPnum .= str_pad(decbin($byte), 8, "0", STR_PAD_LEFT);
+            }
+            $IPnum = base_convert(ltrim($IPnum, '0'), 2, 10);
+        }
+        return $IPnum;
+    }
+
+    /**
+     * Geolocate an IP address using the database
+     *
+     * @param $IP the ip to fetch the country for
+     * @return the country of origin
+     */
+    public static function geoip($IP)
+    {
+        static $IPs = [];
+        if (isset($IPs[$IP])) {
+            return $IPs[$IP];
+        }
+
+        if (is_number($IP)) {
+            $Long = $IP;
+        } else {
+            $Long = Tools::ip_to_unsigned($IP);
+        }
+
+        if (!$Long || $Long == 2130706433) { // No need to check cc for 127.0.0.1
+            return false;
+        }
+
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT EndIP, Code
+        FROM geoip_country
+          WHERE $Long >= StartIP
+          ORDER BY StartIP DESC
+          LIMIT 1");
+
+        if ((!list($EndIP, $Country) = G::$DB->next_record()) || $EndIP < $Long) {
+            $Country = '?';
+        }
+
+        G::$DB->set_query_id($QueryID);
+        $IPs[$IP] = $Country;
+        return $Country;
+    }
+
+    /**
+     * Gets the hostname for an IP address
+     *
+     * @param $IP the IP to get the hostname for
+     * @return hostname fetched
+     */
+    public static function get_host_by_ip($IP)
+    {
+        $testar = explode('.', $IP);
+        if (count($testar) != 4) {
+            return $IP;
+        }
+
+        for ($i = 0; $i < 4; ++$i) {
+            if (!is_numeric($testar[$i])) {
+                return $IP;
+            }
+        }
+
+        $host = `host -W 1 $IP`;
+        return ($host ? end(explode(' ', $host)) : $IP);
+    }
+
+    /**
+     * Gets an hostname using AJAX
+     *
+     * @param $IP the IP to fetch
+     * @return a span with JavaScript code
+     */
+    public static function get_host_by_ajax($IP)
+    {
+        static $ID = 0;
+        ++$ID;
+        return '<span id="host_'.$ID.'">Resolving host...<script type="text/javascript">ajax.get(\'tools.php?action=get_host&ip='.$IP.'\',function(host) {$(\'#host_'.$ID.'\').raw().innerHTML=host;});</script></span>';
+    }
+
+    /**
+     * Looks up the full host of an IP address, by system call.
+     * Used as the server-side counterpart to get_host_by_ajax.
+     *
+     * @param string $IP The IP address to look up.
+     * @return string the host.
+     */
+    public static function lookup_ip($IP)
+    {
+        // todo: Use the G::$Cache
+        $Output = explode(' ', shell_exec('host -W 1 '.escapeshellarg($IP)));
+        if (count($Output) == 1 && empty($Output[0])) {
+            return '';
+        }
+
+        if (count($Output) != 5) {
+            return false;
+        }
+
+        if ($Output[2].' '.$Output[3] == 'not found:') {
+            return false;
+        }
+        return trim($Output[4]);
+    }
+
+    /**
+     * Format an IP address with links to IP history.
+     *
+     * @param string IP
+     * @return string The HTML
+     */
+    public static function display_ip($IP)
+    {
+        $Line = display_str($IP).' ('.Tools::get_country_code_by_ajax($IP).') ';
+        $Line .= '<a href="user.php?action=search&amp;ip_history=on&amp;ip='.display_str($IP).'&amp;matchtype=strict" title="Search" class="brackets tooltip">S</a>';
+        return $Line;
+    }
+
+    public static function get_country_code_by_ajax($IP)
+    {
+        static $ID = 0;
+        ++$ID;
+        return '<span id="cc_'.$ID.'">Resolving CC...<script type="text/javascript">ajax.get(\'tools.php?action=get_cc&ip='.$IP.'\', function(cc) {$(\'#cc_'.$ID.'\').raw().innerHTML = cc;});</script></span>';
+    }
+
+
+    /**
+     * Disable an array of users.
+     *
+     * @param array $UserIDs (You can also send it one ID as an int, because fuck types)
+     * @param BanReason 0 - Unknown, 1 - Manual, 2 - Ratio, 3 - Inactive, 4 - Unused.
+     */
+    public static function disable_users($UserIDs, $AdminComment, $BanReason = 1)
+    {
+        $QueryID = G::$DB->get_query_id();
+        if (!is_array($UserIDs)) {
+            $UserIDs = array($UserIDs);
+        }
+
+        G::$DB->query("
+        UPDATE users_info AS i
+          JOIN users_main AS m ON m.ID = i.UserID
+        SET m.Enabled = '2',
+          m.can_leech = '0',
+          i.AdminComment = CONCAT('".sqltime()." - ".($AdminComment ? $AdminComment : 'Disabled by system')."\n\n', i.AdminComment),
+          i.BanDate = NOW(),
+          i.BanReason = '$BanReason',
+          i.RatioWatchDownload = ".($BanReason == 2 ? 'm.Downloaded' : "'0'")."
+        WHERE m.ID IN(".implode(',', $UserIDs).') ');
+
+        G::$Cache->decrement('stats_user_count', G::$DB->affected_rows());
+        foreach ($UserIDs as $UserID) {
+            G::$Cache->delete_value("enabled_$UserID");
+            G::$Cache->delete_value("user_info_$UserID");
+            G::$Cache->delete_value("user_info_heavy_$UserID");
+            G::$Cache->delete_value("user_stats_$UserID");
+
+            G::$DB->query("
+            SELECT SessionID
+            FROM users_sessions
+              WHERE UserID = '$UserID'
+              AND Active = 1");
+
+            while (list($SessionID) = G::$DB->next_record()) {
+                G::$Cache->delete_value("session_$UserID"."_$SessionID");
+            }
+            G::$Cache->delete_value("users_sessions_$UserID");
+
+            G::$DB->query("
+            DELETE FROM users_sessions
+              WHERE UserID = '$UserID'");
+        }
+
+        // Remove the users from the tracker.
+        G::$DB->query('
+        SELECT torrent_pass
+        FROM users_main
+          WHERE ID in ('.implode(', ', $UserIDs).')');
+
+        $PassKeys = G::$DB->collect('torrent_pass');
+        $Concat = '';
+        foreach ($PassKeys as $PassKey) {
+            if (strlen($Concat) > 3950) { // Ocelot's read buffer is 4 KiB and anything exceeding it is truncated
+                Tracker::update_tracker('remove_users', array('passkeys' => $Concat));
+                $Concat = $PassKey;
+            } else {
+                $Concat .= $PassKey;
+            }
+        }
+
+        Tracker::update_tracker('remove_users', array('passkeys' => $Concat));
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+     * Warn a user.
+     *
+     * @param int $UserID
+     * @param int $Duration length of warning in seconds
+     * @param string $reason
+     */
+    public static function warn_user($UserID, $Duration, $Reason)
+    {
+        global $Time;
+
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query("
+        SELECT Warned
+        FROM users_info
+          WHERE UserID = $UserID
+          AND Warned IS NOT NULL");
+          
+        if (G::$DB->has_results()) {
+            //User was already warned, appending new warning to old.
+            list($OldDate) = G::$DB->next_record();
+            $NewExpDate = date('Y-m-d H:i:s', strtotime($OldDate) + $Duration);
+
+            Misc::send_pm(
+                $UserID,
+                0,
+                'You have received multiple warnings.',
+                "When you received your latest warning (set to expire on ".date('Y-m-d', (time() + $Duration)).'), you already had a different warning (set to expire on '.date('Y-m-d', strtotime($OldDate)).").\n\n Due to this collision, your warning status will now expire at $NewExpDate."
+            );
+
+            $AdminComment = date('Y-m-d')." - Warning (Clash) extended to expire at $NewExpDate by " . G::$LoggedUser['Username'] . "\nReason: $Reason\n\n";
+
+            G::$DB->query('
+            UPDATE users_info
+            SET
+              Warned = \''.db_string($NewExpDate).'\',
+              WarnedTimes = WarnedTimes + 1,
+              AdminComment = CONCAT(\''.db_string($AdminComment).'\', AdminComment)
+              WHERE UserID = \''.db_string($UserID).'\'');
+        } else {
+            //Not changing, user was not already warned
+            $WarnTime = time_plus($Duration);
+
+            G::$Cache->begin_transaction("user_info_$UserID");
+            G::$Cache->update_row(false, array('Warned' => $WarnTime));
+            G::$Cache->commit_transaction(0);
+
+            $AdminComment = date('Y-m-d')." - Warned until $WarnTime by " . G::$LoggedUser['Username'] . "\nReason: $Reason\n\n";
+
+            G::$DB->query('
+            UPDATE users_info
+            SET
+              Warned = \''.db_string($WarnTime).'\',
+              WarnedTimes = WarnedTimes + 1,
+              AdminComment = CONCAT(\''.db_string($AdminComment).'\', AdminComment)
+              WHERE UserID = \''.db_string($UserID).'\'');
+        }
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+     * Update the notes of a user
+     * @param unknown $UserID ID of user
+     * @param unknown $AdminComment Comment to update with
+     */
+    public static function update_user_notes($UserID, $AdminComment)
+    {
+        $QueryID = G::$DB->get_query_id();
+        G::$DB->query('
+        UPDATE users_info
+        SET AdminComment = CONCAT(\''.db_string($AdminComment).'\', AdminComment)
+          WHERE UserID = \''.db_string($UserID).'\'');
+        G::$DB->set_query_id($QueryID);
+    }
+
+    /**
+    * Check if an IP address is part of a given CIDR range.
+    * @param string $CheckIP the IP address to be looked up
+    * @param string $Subnet the CIDR subnet to be checked against
+    */
+    public static function check_cidr_range($CheckIP, $Subnet)
+    {
+        $IP = ip2long($CheckIP);
+        $CIDR = split('/', $Subnet);
+        $SubnetIP = ip2long($CIDR[0]);
+        $SubnetMaskBits = 32 - $CIDR[1];
+        return (($IP>>$SubnetMaskBits) == ($SubnetIP>>$SubnetMaskBits));
+    }
+}

classes/top10view.class.php

@@ -0,0 +1,91 @@
+<?php
+
+class Top10View
+{
+    public static function render_linkbox($Selected)
+    {
+      $ENV = ENV::go();
+        ?>
+<div class="linkbox">
+  <a href="top10.php?type=torrents" class="brackets"><?=self::get_selected_link("Torrents", $Selected === "torrents")?></a>
+  <a href="top10.php?type=users" class="brackets"><?=self::get_selected_link("Users", $Selected === "users")?></a>
+  <a href="top10.php?type=tags" class="brackets"><?=self::get_selected_link("Tags", $Selected === "tags")?></a>
+  <?php if ($ENV->FEATURE_DONATE) { ?>
+  <a href="top10.php?type=donors" class="brackets"><?=self::get_selected_link("Donors", $Selected === "donors")?></a>
+  <?php } ?>
+</div>
+<?php
+    }
+
+    private static function get_selected_link($String, $Selected)
+    {
+        if ($Selected) {
+            return "<strong>$String</strong>";
+        } else {
+            return $String;
+        }
+    }
+
+    public static function render_artist_tile($Artist, $Category)
+    {
+        if (self::is_valid_artist($Artist)) {
+            switch ($Category) {
+              case 'weekly':
+              case 'hyped':
+                self::render_tile("artist.php?artistname=", $Artist['name'], $Artist['image'][3]['#text']);
+                break;
+              default:
+                break;
+            }
+        }
+    }
+
+    private static function render_tile($Url, $Name, $Image)
+    {
+        if (!empty($Image)) {
+            $Name = display_str($Name); ?>
+<li>
+  <a
+    href="<?=$Url?><?=$Name?>">
+    <img class="tooltip large_tile" alt="<?=$Name?>"
+      title="<?=$Name?>"
+      src="<?=ImageTools::process($Image)?>" />
+  </a>
+</li>
+<?php
+        }
+    }
+
+    public static function render_artist_list($Artist, $Category)
+    {
+        if (self::is_valid_artist($Artist)) {
+            switch ($Category) {
+              case 'weekly':
+              case 'hyped':
+                self::render_list("artist.php?artistname=", $Artist['name'], $Artist['image'][3]['#text']);
+                break;
+              default:
+                break;
+            }
+        }
+    }
+
+    private static function render_list($Url, $Name, $Image)
+    {
+        if (!empty($Image)) {
+            $Image = ImageTools::process($Image);
+            $Title = "title=\"&lt;img class=&quot;large_tile&quot; src=&quot;$Image&quot; alt=&quot;&quot; /&gt;\"";
+            $Name = display_str($Name); ?>
+
+<li>
+  <a class="tooltip_image" data-title-plain="<?=$Name?>" <?=$Title?> href="<?=$Url?><?=$Name?>"><?=$Name?></a>
+</li>
+<?php
+        }
+    }
+
+    private static function is_valid_artist($Artist)
+    {
+        return $Artist['name'] !== '[unknown]';
+    }
+}

classes/torrent.class.php

@@ -0,0 +1,348 @@
+<?php
+declare(strict_types=1);
+
+# todo: Rplace with https://github.com/OPSnet/bencode-torrent
+
+/*******************************************************************************
+|~~~~ Gazelle bencode parser                         ~~~~|
+--------------------------------------------------------------------------------
+
+Welcome to the Gazelle bencode parser. bencoding is the way of encoding data
+that bittorrent uses in torrent files. When we read the torrent files, we get
+one long string that must be parsed into a format we can easily edit - that's
+where this file comes into play.
+
+There are 4 data types in bencode:
+* String
+* Int
+* List - array without keys
+  - like array('value', 'value 2', 'value 3', 'etc')
+* Dictionary - array with string keys
+  - like array['key 1'] = 'value 1'; array['key 2'] = 'value 2';
+
+Before you go any further, we recommend reading the sections on bencoding and
+metainfo file structure here: http://wiki.theory.org/BitTorrentSpecification
+
+//----- How we store the data -----//
+
+* Strings
+  - Stored as php strings. Not difficult to remember.
+
+* Integers
+  - Stored as php ints
+  - must be casted with (int)
+
+* Lists
+  - Stored as a BENCODE_LIST object.
+  - The actual list is in BENCODE_LIST::$Val, as an array with incrementing integer indices
+  - The list in BENCODE_LIST::$Val is populated by the BENCODE_LIST::dec() function
+
+* Dictionaries
+  - Stored as a BENCODE_DICT object.
+  - The actual list is in BENCODE_DICT::$Val, as an array with string indices
+  - The list in BENCODE_DICT::$Val is populated by the BENCODE_DICT::dec() function
+
+//----- BENCODE_* Objects -----//
+
+Lists and dictionaries are stored as objects. They each have the following
+functions:
+
+* decode(Type, $Key)
+  - Decodes ANY bencoded element, given the type and the key
+  - Gets the position and string from $this
+
+* encode($Val)
+  - Encodes ANY non-bencoded element, given the value
+
+* dec()
+  - Decodes either a dictionary or a list, depending on where it's called from
+  - Uses the decode() function quite a bit
+
+* enc()
+  - Encodes either a dictionary or a list, depending on where it's called from
+  - Relies mostly on the encode() function
+
+Finally, as all torrents are just large dictionaries, the TORRENT class extends
+the BENCODE_DICT class.
+
+
+*******************************************************************************/
+class BENCODE2
+{
+    public $Val; // Decoded array
+    public $Pos = 1; // Pointer that indicates our position in the string
+    public $Str = ''; // Torrent string
+
+    public function __construct($Val, $IsParsed = false)
+    {
+        if (!$IsParsed) {
+            $this->Str = $Val;
+            $this->dec();
+        } else {
+            $this->Val = $Val;
+        }
+    }
+
+    // Decode an element based on the type. The type is really just an indicator.
+    public function decode($Type, $Key)
+    {
+        if (is_number($Type)) { // Element is a string
+            // Get length of string
+            $StrLen = $Type;
+            while ($this->Str[$this->Pos + 1] !== ':') {
+                $this->Pos++;
+                $StrLen.=$this->Str[$this->Pos];
+            }
+            $this->Val[$Key] = substr($this->Str, $this->Pos + 2, $StrLen);
+
+            $this->Pos += $StrLen;
+            $this->Pos += 2;
+        } elseif ($Type === 'i') { // Element is an int
+            $this->Pos++;
+
+            // Find end of integer (first occurance of 'e' after position)
+            $End = strpos($this->Str, 'e', $this->Pos);
+
+            // Get the integer, and - IMPORTANT - cast it as an int, so we know later that it's an int and not a string
+            $this->Val[$Key] = (int)substr($this->Str, $this->Pos, $End-$this->Pos);
+            $this->Pos = $End + 1;
+        } elseif ($Type === 'l') { // Element is a list
+            $this->Val[$Key] = new BENCODE_LIST(substr($this->Str, $this->Pos));
+            $this->Pos += $this->Val[$Key]->Pos;
+        } elseif ($Type === 'd') { // Element is a dictionary
+            $this->Val[$Key] = new BENCODE_DICT(substr($this->Str, $this->Pos));
+            $this->Pos += $this->Val[$Key]->Pos;
+            // Sort by key to respect spec
+            if (!empty($this->Val[$Key]->Val)) {
+                ksort($this->Val[$Key]->Val);
+            }
+        } else {
+            error('Invalid torrent file');
+        }
+    }
+
+    public function encode($Val)
+    {
+        if (is_int($Val)) { // Integer
+            return 'i'.$Val.'e';
+        } elseif (is_string($Val)) {
+            return strlen($Val).':'.$Val;
+        } elseif (is_object($Val)) {
+            return $Val->enc();
+        } else {
+            return 'fail';
+        }
+    }
+}
+
+class BENCODE_LIST extends BENCODE2
+{
+    public function enc()
+    {
+        if (empty($this->Val)) {
+            return 'le';
+        }
+
+        $Str = 'l';
+        reset($this->Val);
+
+        foreach ($this->Val as $Value) {
+            $Str.=$this->encode($Value);
+        }
+        return $Str.'e';
+    }
+
+    // Decode a list
+    public function dec()
+    {
+        $Key = 0; // Array index
+        $Length = strlen($this->Str);
+
+        while ($this->Pos < $Length) {
+            $Type = $this->Str[$this->Pos];
+            // $Type now indicates what type of element we're dealing with
+            // It's either an integer (string), 'i' (an integer), 'l' (a list), 'd' (a dictionary), or 'e' (end of dictionary/list)
+
+            if ($Type === 'e') { // End of list
+                $this->Pos += 1;
+                unset($this->Str); // Since we're finished parsing the string, we don't need to store it anymore. Benchmarked - this makes the parser run way faster
+                return;
+            }
+
+            // Decode the bencoded element
+            // This function changes $this->Pos and $this->Val, so you don't have to
+            $this->decode($Type, $Key);
+            ++$Key;
+        }
+        return true;
+    }
+}
+
+class BENCODE_DICT extends BENCODE2
+{
+    public function enc()
+    {
+        if (empty($this->Val)) {
+            return 'de';
+        }
+
+        $Str = 'd';
+        reset($this->Val);
+
+        foreach ($this->Val as $Key => $Value) {
+            $Str.=strlen($Key).':'.$Key.$this->encode($Value);
+        }
+        return $Str.'e';
+    }
+
+    // Decode a dictionary
+    public function dec()
+    {
+        $Length = strlen($this->Str);
+        while ($this->Pos<$Length) {
+            if ($this->Str[$this->Pos] === 'e') { // End of dictionary
+                $this->Pos += 1;
+                unset($this->Str); // Since we're finished parsing the string, we don't need to store it anymore. Benchmarked - this makes the parser run way faster
+                return;
+            }
+
+            // Get the dictionary key
+            // Length of the key, in bytes
+            $KeyLen = $this->Str[$this->Pos];
+
+            // Allow for multi-digit lengths
+            while ($this->Str[$this->Pos + 1] !== ':' && $this->Pos + 1 < $Length) {
+                $this->Pos++;
+                $KeyLen.=$this->Str[$this->Pos];
+            }
+            // $this->Pos is now on the last letter of the key length
+            // Adding 2 brings it past that character and the ':' to the beginning of the string
+            $this->Pos += 2;
+
+            // Get the name of the key
+            $Key = substr($this->Str, $this->Pos, $KeyLen);
+
+            // Move the position past the key to the beginning of the element
+            $this->Pos += $KeyLen;
+            $Type = $this->Str[$this->Pos];
+            // $Type now indicates what type of element we're dealing with
+            // It's either an integer (string), 'i' (an integer), 'l' (a list), 'd' (a dictionary), or 'e' (end of dictionary/list)
+
+            // Decode the bencoded element
+            // This function changes $this->Pos and $this->Val, so you don't have to
+            $this->decode($Type, $Key);
+        }
+        return true;
+    }
+}
+
+class TORRENT extends BENCODE_DICT
+{
+    public function dump()
+    {
+        // Convenience function used for testing and figuring out how we store the data
+        print_r($this->Val);
+    }
+
+    public function dump_data()
+    {
+        // Function which serializes $this->Val for storage
+        return base64_encode(serialize($this->Val));
+    }
+
+    public function set_announce_list($UrlsList)
+    {
+        $AnnounceList = new BENCODE_LIST([], true);
+        foreach ($UrlsList as $Urls) {
+            $SubList = new BENCODE_LIST($Urls, true);
+            unset($SubList->Str);
+            $AnnounceList->Val[] = $SubList;
+        }
+        $this->Val['announce-list'] = $AnnounceList;
+    }
+
+    public function set_announce_url($Announce)
+    {
+        $this->Val['announce'] = $Announce;
+        ksort($this->Val);
+    }
+
+    // Returns an array of:
+    //  * the files in the torrent
+    //  * the total size of files described therein
+    public function file_list()
+    {
+        $FileList = [];
+        if (!isset($this->Val['info']->Val['files'])) { // Single file mode
+            $TotalSize = $this->Val['info']->Val['length'];
+            $FileList[] = array($TotalSize, $this->get_name());
+        } else { // Multiple file mode
+            $FileNames = [];
+            $FileSizes = [];
+            $TotalSize = 0;
+            $Files = $this->Val['info']->Val['files']->Val;
+
+            if (isset($Files[0]->Val['path.utf-8'])) {
+                $PathKey = 'path.utf-8';
+            } else {
+                $PathKey = 'path';
+            }
+
+            foreach ($Files as $File) {
+                $FileSize = $File->Val['length'];
+                $TotalSize += $FileSize;
+
+                $FileName = ltrim(implode('/', $File->Val[$PathKey]->Val), '/');
+                $FileSizes[] = $FileSize;
+                $FileNames[] = $FileName;
+            }
+
+            natcasesort($FileNames);
+            foreach ($FileNames as $Index => $FileName) {
+                $FileList[] = array($FileSizes[$Index], $FileName);
+            }
+        }
+        return array($TotalSize, $FileList);
+    }
+
+    public function get_name()
+    {
+        if (isset($this->Val['info']->Val['name.utf-8'])) {
+            return $this->Val['info']->Val['name.utf-8'];
+        } else {
+            return $this->Val['info']->Val['name'];
+        }
+    }
+
+    public function make_private()
+    {
+        //----- The following properties do not affect the infohash:
+
+        // anounce-list is an unofficial extension to the protocol
+        // that allows for multiple trackers per torrent
+        unset($this->Val['announce-list']);
+
+        // Bitcomet & Azureus cache peers in here
+        unset($this->Val['nodes']);
+
+        // Azureus stores the dht_backup_enable flag here
+        unset($this->Val['azureus_properties']);
+
+        // Remove web-seeds
+        unset($this->Val['url-list']);
+
+        // Remove libtorrent resume info
+        unset($this->Val['libtorrent_resume']);
+
+        //----- End properties that do not affect the infohash
+        if ($this->Val['info']->Val['private']) {
+            return true; // Torrent is private
+        } else {
+            // Torrent is not private!
+            // Add private tracker flag and sort info dictionary
+            $this->Val['info']->Val['private'] = 1;
+            ksort($this->Val['info']->Val);
+            return false;
+        }
+    }
+}

classes/torrentsdl.class.php

@@ -0,0 +1,261 @@
+<?php
+
+/**
+ * Class for functions related to the features involving torrent downloads
+ */
+class TorrentsDL
+{
+    const ChunkSize = 100;
+    const MaxPathLength = 200;
+    private $QueryResult;
+    private $QueryRowNum = 0;
+    private $Zip;
+    private $IDBoundaries;
+    private $FailedFiles = [];
+    private $NumAdded = 0;
+    private $NumFound = 0;
+    private $Size = 0;
+    private $Title;
+    private $User;
+    private $AnnounceURL;
+    private $AnnounceList;
+
+    /**
+     * Create a Zip object and store the query results
+     *
+     * @param mysqli_result $QueryResult results from a query on the collector pages
+     * @param string $Title name of the collection that will be created
+     * @param string $AnnounceURL URL to add to the created torrents
+     */
+    public function __construct(&$QueryResult, $Title)
+    {
+        G::$Cache->InternalCache = false; // The internal cache is almost completely useless for this
+        Zip::unlimit(); // Need more memory and longer timeout
+        $this->QueryResult = $QueryResult;
+        $this->Title = $Title;
+        $this->User = G::$LoggedUser;
+        $this->AnnounceURL = ANNOUNCE_URLS[0][0]."/".G::$LoggedUser['torrent_pass']."/announce";
+
+        function add_passkey($Ann)
+        {
+            return (is_array($Ann)) ? array_map('add_passkey', $Ann) : $Ann."/".G::$LoggedUser['torrent_pass']."/announce";
+        }
+
+        # todo: Probably not working, but no need yet
+        $this->AnnounceList = (sizeof(ANNOUNCE_URLS[0]) === 1 && sizeof(ANNOUNCE_URLS[0][0]) === 1) ? [] : array_map('add_passkey', ANNOUNCE_URLS[0]);
+
+        # Tracker tiers (pending)
+        #$this->AnnounceList = (sizeof(ANNOUNCE_URLS) === 1 && sizeof(ANNOUNCE_URLS[0]) === 1) ? [] : array(array_map('add_passkey', ANNOUNCE_URLS[0]), ANNOUNCE_URLS[1]);
+        
+        # Original Oppaitime
+        #$this->AnnounceList = (sizeof(ANNOUNCE_URLS) == 1 && sizeof(ANNOUNCE_URLS[0]) == 1) ? [] : array_map('add_passkey', ANNOUNCE_URLS);
+
+        $this->Zip = new Zip(Misc::file_string($Title));
+    }
+
+    /**
+     * Store the results from a DB query in smaller chunks to save memory
+     *
+     * @param string $Key the key to use in the result hash map
+     * @return array with results and torrent group IDs or false if there are no results left
+     */
+    public function get_downloads($Key)
+    {
+        $GroupIDs = $Downloads = [];
+        $OldQuery = G::$DB->get_query_id();
+        G::$DB->set_query_id($this->QueryResult);
+
+        if (!isset($this->IDBoundaries)) {
+            if ($Key === 'TorrentID') {
+                $this->IDBoundaries = false;
+            } else {
+                $this->IDBoundaries = G::$DB->to_pair($Key, 'TorrentID', false);
+            }
+        }
+
+        $Found = 0;
+        while ($Download = G::$DB->next_record(MYSQLI_ASSOC, false)) {
+            if (!$this->IDBoundaries || $Download['TorrentID'] === $this->IDBoundaries[$Download[$Key]]) {
+                $Found++;
+                $Downloads[$Download[$Key]] = $Download;
+                $GroupIDs[$Download['TorrentID']] = $Download['GroupID'];
+
+                if ($Found >= self::ChunkSize) {
+                    break;
+                }
+            }
+        }
+
+        $this->NumFound += $Found;
+        G::$DB->set_query_id($OldQuery);
+
+        if (empty($Downloads)) {
+            return false;
+        }
+
+        return array($Downloads, $GroupIDs);
+    }
+
+    /**
+     * Add a file to the zip archive
+     *
+     * @param string $TorrentData bencoded torrent without announce url (new format) or TORRENT object (old format)
+     * @param array $Info file info stored as an array with at least the keys
+     *  Artist, Name, Year, Media, Format, Encoding and TorrentID
+     * @param string $FolderName folder name
+     */
+    public function add_file(&$TorrentData, $Info, $FolderName = '')
+    {
+        $FolderName = Misc::file_string($FolderName);
+        $MaxPathLength = $FolderName ? (self::MaxPathLength - strlen($FolderName) - 1) : self::MaxPathLength;
+        $FileName = self::construct_file_name($Info['TorrentID'], $MaxPathLength);
+
+        $this->Size += $Info['Size'];
+        $this->NumAdded++;
+        $this->Zip->add_file(self::get_file($TorrentData, $this->AnnounceURL, $this->AnnounceList), ($FolderName ? "$FolderName/" : "") . $FileName);
+
+        usleep(25000); // We don't want to send much faster than the client can receive
+        return null;
+    }
+
+    /**
+     * Add a file to the list of files that could not be downloaded
+     *
+     * @param array $Info file info stored as an array with at least the keys Artist, Name and Year
+     */
+    public function fail_file($Info)
+    {
+        $this->FailedFiles[] = $Info['Artist'] . ' - ' . $Info['Name'] . ' - ' . $Info['Year'];
+    }
+
+    /**
+     * Add a file to the list of files that did not match the user's format or quality requirements
+     *
+     * @param array $Info file info stored as an array with at least the keys Artist, Name and Year
+     */
+    public function skip_file($Info)
+    {
+        $this->SkippedFiles[] = $Info['Artist'] . ' - ' . $Info['Name'] . ' - ' . $Info['Year'];
+    }
+
+    /**
+     * Add a summary to the archive and include a list of files that could not be added. Close the zip archive
+     *
+     * @param bool $FilterStats whether to include filter stats in the report
+     */
+    public function finalize($FilterStats = true)
+    {
+        $this->Zip->add_file($this->summary($FilterStats), "Summary.txt");
+        if (!empty($this->FailedFiles)) {
+            $this->Zip->add_file($this->errors(), "Errors.txt");
+        }
+        $this->Zip->close_stream();
+    }
+
+    /**
+     * Produce a summary text over the collector results
+     *
+     * @param bool $FilterStats whether to include filter stats in the report
+     * @return summary text
+     */
+    public function summary($FilterStats)
+    {
+        $ENV = ENV::go;
+        global $ScriptStartTime;
+        
+        $Time = number_format(1000 * (microtime(true) - $ScriptStartTime), 2)." ms";
+        $Used = Format::get_size(memory_get_usage(true));
+        $Date = date("M d Y, H:i");
+        $NumSkipped = count($this->SkippedFiles);
+
+        # wtf
+        return "Collector Download Summary for $this->Title - $ENV->SITE_NAME\r\n"
+      . "\r\n"
+      . "User:    {$this->User[Username]}\r\n"
+      . "Passkey: {$this->User[torrent_pass]}\r\n"
+      . "\r\n"
+      . "Time:    $Time\r\n"
+      . "Used:    $Used\r\n"
+      . "Date:    $Date\r\n"
+      . "\r\n"
+
+      . ($FilterStats !== false
+        ? "Torrent groups analyzed: $this->NumFound\r\n"
+          . "Torrent groups filtered: $NumSkipped\r\n"
+        : "")
+
+      . "Torrents downloaded:   $this->NumAdded\r\n"
+      . "\r\n"
+      . "Total size of torrents (ratio hit): ".Format::get_size($this->Size)."\r\n"
+
+      . ($NumSkipped
+        ? "\r\n"
+          . "Albums unavailable within your criteria (consider making a request for your desired format):\r\n"
+          . implode("\r\n", $this->SkippedFiles) . "\r\n"
+        : "");
+    }
+
+    /**
+     * Compile a list of files that could not be added to the archive
+     *
+     * @return list of files
+     */
+    public function errors()
+    {
+        return "A server error occurred. Please try again at a later time.\r\n"
+      . "\r\n"
+      . "The following torrents could not be downloaded:\r\n"
+      . implode("\r\n", $this->FailedFiles) . "\r\n";
+    }
+
+    /**
+     * Combine a bunch of torrent info into a standardized file name
+     *
+     * @params most input variables are self-explanatory
+     * @param int $TorrentID if given, append "-TorrentID" to torrent name
+     * @param int $MaxLength maximum file name length
+     * @return file name with at most $MaxLength characters
+     */
+    public static function construct_file_name($TorrentID = false, $MaxLength = self::MaxPathLength)
+    {
+        $MaxLength -= 8; // ".torrent"
+        if ($TorrentID !== false) {
+            $MaxLength -= (strlen($TorrentID) + 1);
+        }
+        return "$TorrentID.torrent";
+
+        /*
+        $TorrentArtist = Misc::file_string($Artist);
+        $TorrentName = Misc::file_string($Album);
+        */
+    }
+
+    /**
+     * Convert a stored torrent into a binary file that can be loaded in a torrent client
+     *
+     * @param mixed $TorrentData bencoded torrent without announce URL (new format) or TORRENT object (old format)
+     * @return bencoded string
+     */
+    public static function get_file(&$TorrentData, $AnnounceURL, $AnnounceList = [])
+    {
+        if (Misc::is_new_torrent($TorrentData)) {
+            $Bencode = BencodeTorrent::add_announce_url($TorrentData, $AnnounceURL);
+            if (!empty($AnnounceList)) {
+                $Bencode = BencodeTorrent::add_announce_list($Bencode, $AnnounceList);
+            }
+            return $Bencode;
+        }
+
+        $Tor = new TORRENT(unserialize(base64_decode($TorrentData)), true);
+        $Tor->set_announce_url($AnnounceURL);
+
+        unset($Tor->Val['announce-list']);
+        if (!empty($AnnounceList)) {
+            $Tor->set_announce_list($AnnounceList);
+        }
+        
+        unset($Tor->Val['url-list']);
+        unset($Tor->Val['libtorrent_resume']);
+        return $Tor->enc();
+    }
+}

classes/torrentsearch.class.php

@@ -0,0 +1,737 @@
+<?php
+#declare(strict_types=1);
+
+class TorrentSearch
+{
+    const TAGS_ANY = 0;
+    const TAGS_ALL = 1;
+    const SPH_BOOL_AND = ' ';
+    const SPH_BOOL_OR = ' | ';
+
+    // Map of sort mode => attribute name for ungrouped torrent page
+    public static $SortOrders = [
+        'year' => 'year',
+        'time' => 'id',
+        'size' => 'size',
+        'seeders' => 'seeders',
+        'leechers' => 'leechers',
+        'snatched' => 'snatched',
+        'cataloguenumber' => 'cataloguenumber',
+        'random' => 1
+    ];
+
+    // Map of sort mode => attribute name for grouped torrent page
+    private static $SortOrdersGrouped = [
+        'year' => 'year',
+        'time' => 'id',
+        'size' => 'maxsize',
+        'seeders' => 'sumseeders',
+        'leechers' => 'sumleechers',
+        'snatched' => 'sumsnatched',
+        'cataloguenumber' => 'cataloguenumber',
+        'random' => 1
+    ];
+
+    // Map of sort mode => aggregate expression required for some grouped sort orders
+    private static $AggregateExp = [
+        'size' => 'MAX(size) AS maxsize',
+        'seeders' => 'SUM(seeders) AS sumseeders',
+        'leechers' => 'SUM(leechers) AS sumleechers',
+        'snatched' => 'SUM(snatched) AS sumsnatched'
+    ];
+
+    // Map of attribute name => global variable name with list of values that can be used for filtering
+    private static $Attributes = [
+        'filter_cat' => false,
+        'releasetype' => 'ReleaseTypes',
+        'freetorrent' => false,
+        'censored' => false,
+        'size_unit' => false,
+        'year' => false
+    ];
+
+    // List of fields that can be used for fulltext searches
+    private static $Fields = [
+        'artistname' => 1, # Author
+        'audioformat' => 1, # Version
+        'cataloguenumber' => 1, # Accession Number
+        'numbers' => 1, # Combined &uarr;
+        'codec' => 1, # License
+        'container' => 1, # Format
+        'archive' => 0, # todo
+        'description' => 1, # Not group desc
+        'filelist' => 1,
+        'groupname' => 1, # Title
+        'GroupTitle2' => 1, # Organism
+        'Groupnamejp' => 1, # Strain
+        'advgroupname' => 1,
+        'media' => 1, # Platform
+        'resolution' => 1, # Scope
+        'searchstr' => 1,
+        'series' => 1, # Location
+        'studio' => 1, # Department/Lab
+        'location' => 1, # Combined &uarr;
+        'taglist' => 1
+  ];
+
+    // List of torrent-specific fields that can be used for filtering
+    private static $TorrentFields = [
+        'description' => 1,
+        'encoding' => 1,
+        'censored' => 1,
+        'filelist' => 1,
+        'format' => 1,
+        'media' => 1
+  ];
+
+    // Some form field names don't match the ones in the index
+    private static $FormsToFields = [
+        # todo: Keep testing the granularity of filter combos
+        'searchstr' => '*',
+        'advgroupname' => '*', # todo: Fix this ;)
+        'numbers' => '(cataloguenumber,audioformat)',
+        'location' => '(studio,series)',
+        #'searchstr' => '(groupname,GroupTitle2,groupnamejp,artistname,studio,series,cataloguenumber,yearfulltext)',
+        #'advgroupname' => '(groupname,GroupTitle2,groupnamejp)',
+  ];
+
+    // Specify the operator type to use for fields. Empty key sets the default
+    private static $FieldOperators = [
+        '' => self::SPH_BOOL_AND,
+        'encoding' => self::SPH_BOOL_OR,
+        'format' => self::SPH_BOOL_OR,
+        'media' => self::SPH_BOOL_OR
+    ];
+
+    // Specify the separator character to use for fields. Empty key sets the default
+    private static $FieldSeparators = [
+        '' => ' ',
+        'encoding' => '|',
+        'format' => '|',
+        'media' => '|',
+        'taglist' => ','
+    ];
+
+    // Primary SphinxqlQuery object used to get group IDs or torrent IDs for ungrouped searches
+    private $SphQL;
+    // Second SphinxqlQuery object used to get torrent IDs if torrent-specific fulltext filters are used
+    private $SphQLTor;
+    // Ordered result array or false if query resulted in an error
+    private $SphResults;
+    // Requested page
+    private $Page;
+    // Number of results per page
+    private $PageSize;
+    // Number of results
+    private $NumResults = 0;
+    // Array with info from all matching torrent groups
+    private $Groups = [];
+    // Whether any filters were used
+    private $Filtered = false;
+    // Whether the random sort order is selected
+    private $Random = false;
+
+    /*
+     * Storage for fulltext search terms
+     * ['Field name' => [
+     *     'include' => [],
+     *     'exclude' => [],
+     *     'operator' => self::SPH_BOOL_AND | self::SPH_BOOL_OR
+     * ]], ...
+     */
+    private $Terms = [];
+    // Unprocessed search terms for retrieval
+    private $RawTerms = [];
+    // Storage for used torrent-specific attribute filters
+    // ['Field name' => 'Search expression', ...]
+    private $UsedTorrentAttrs = [];
+    // Storage for used torrent-specific fulltext fields
+    // ['Field name' => 'Search expression', ...]
+    private $UsedTorrentFields = [];
+
+    /**
+     * Initialize and configure a TorrentSearch object
+     *
+     * @param bool $GroupResults whether results should be grouped by group id
+     * @param string $OrderBy attribute to use for sorting the results
+     * @param string $OrderWay Whether to use ascending or descending order
+     * @param int $Page Page number to display
+     * @param int $PageSize Number of results per page
+     */
+    public function __construct($GroupResults, $OrderBy, $OrderWay, $Page, $PageSize)
+    {
+        if ($GroupResults && !isset(self::$SortOrdersGrouped[$OrderBy])
+        || !$GroupResults && !isset(self::$SortOrders[$OrderBy])
+        || !in_array($OrderWay, ['asc', 'desc'])
+    ) {
+            global $Debug;
+            $ErrMsg = "TorrentSearch constructor arguments:\n" . print_r(func_get_args(), true);
+            $Debug->analysis('Bad arguments in TorrentSearch constructor', $ErrMsg, 3600*24);
+            error(-1);
+        }
+
+        if (!is_number($Page) || $Page < 1) {
+            $Page = 1;
+        }
+
+        if (check_perms('site_search_many')) {
+            $this->Page = $Page;
+        } else {
+            $this->Page = min($Page, SPHINX_MAX_MATCHES / $PageSize);
+        }
+
+        $ResultLimit = $PageSize;
+        $this->PageSize = $PageSize;
+        $this->GroupResults = $GroupResults;
+        $this->SphQL = new SphinxqlQuery();
+        $this->SphQL->where_match('_all', 'fake', false);
+
+        if ($OrderBy === 'random') {
+            $this->SphQL->select('id, groupid')
+        ->order_by('RAND()', '');
+            $this->Random = true;
+            $this->Page = 1;
+            if ($GroupResults) {
+                // Get more results because ORDER BY RAND() can't be used in GROUP BY queries
+                $ResultLimit *= 5;
+            }
+        } elseif ($GroupResults) {
+            $Select = 'groupid';
+            if (isset(self::$AggregateExp[$OrderBy])) {
+                $Select .= ', ' . self::$AggregateExp[$OrderBy];
+            }
+            $this->SphQL->select($Select)
+        ->group_by('groupid')
+        ->order_group_by(self::$SortOrdersGrouped[$OrderBy], $OrderWay)
+        ->order_by(self::$SortOrdersGrouped[$OrderBy], $OrderWay);
+        } else {
+            $this->SphQL->select('id, groupid')
+        ->order_by(self::$SortOrders[$OrderBy], $OrderWay);
+        }
+
+        $Offset = ($this->Page - 1) * $ResultLimit;
+        $MinMax = G::$Cache->get_value('sphinx_min_max_matches');
+        $MaxMatches = max($Offset + $ResultLimit, $MinMax ? $MinMax : 1000); # todo: Keep an eye on this
+        $this->SphQL->from('torrents, delta')
+      ->limit($Offset, $ResultLimit, $MaxMatches);
+    }
+
+    /**
+     * Process search terms and run the main query
+     *
+     * @param array $Terms Array containing all search terms (e.g. $_GET)
+     * @return array List of matching group IDs with torrent ID as key for ungrouped results
+     */
+    public function query($Terms = [])
+    {
+        $this->process_search_terms($Terms);
+        $this->build_query();
+        $this->run_query();
+        $this->process_results();
+        return $this->SphResults;
+    }
+
+    public function insert_hidden_tags($tags)
+    {
+        $this->SphQL->where_match($tags, 'taglist', false);
+    }
+
+    /**
+     * Internal function that runs the queries needed to get the desired results
+     */
+    private function run_query()
+    {
+        $SphQLResult = $this->SphQL->query();
+        if ($SphQLResult->Errno > 0) {
+            $this->SphResults = false;
+            return;
+        }
+
+        if ($this->Random && $this->GroupResults) {
+            $TotalCount = $SphQLResult->get_meta('total_found');
+            $this->SphResults = $SphQLResult->collect('groupid');
+            $GroupIDs = array_keys($this->SphResults);
+            $GroupCount = count($GroupIDs);
+            while ($SphQLResult->get_meta('total') < $TotalCount && $GroupCount < $this->PageSize) {
+                // Make sure we get $PageSize results, or all of them if there are less than $PageSize hits
+                $this->SphQL->where('groupid', $GroupIDs, true);
+                $SphQLResult = $this->SphQL->query();
+
+                if (!$SphQLResult->has_results()) {
+                    break;
+                }
+
+                $this->SphResults += $SphQLResult->collect('groupid');
+                $GroupIDs = array_keys($this->SphResults);
+                $GroupCount = count($GroupIDs);
+            }
+
+            if ($GroupCount > $this->PageSize) {
+                $this->SphResults = array_slice($this->SphResults, 0, $this->PageSize, true);
+            }
+            $this->NumResults = count($this->SphResults);
+        } else {
+            $this->NumResults = (int)$SphQLResult->get_meta('total_found');
+            if ($this->GroupResults) {
+                $this->SphResults = $SphQLResult->collect('groupid');
+            } else {
+                $this->SphResults = $SphQLResult->to_pair('id', 'groupid');
+            }
+        }
+    }
+
+    /**
+     * Process search terms and store the parts in appropriate arrays until we know if
+     * the NOT operator can be used
+     */
+    private function build_query()
+    {
+        foreach ($this->Terms as $Field => $Words) {
+            $SearchString = '';
+
+            if (isset(self::$FormsToFields[$Field])) {
+                $Field = self::$FormsToFields[$Field];
+            }
+
+            $QueryParts = ['include' => [], 'exclude' => []];
+            if (!empty($Words['include'])) {
+                foreach ($Words['include'] as $Word) {
+                    $QueryParts['include'][] = Sphinxql::sph_escape_string($Word);
+                }
+            }
+
+            if (!empty($Words['exclude'])) {
+                foreach ($Words['exclude'] as $Word) {
+                    $QueryParts['exclude'][] = '!' . Sphinxql::sph_escape_string(substr($Word, 1));
+                }
+            }
+
+            if (!empty($QueryParts)) {
+                if (isset($Words['operator'])) {
+                    // Is the operator already specified?
+                    $Operator = $Words['operator'];
+                } elseif (isset(self::$FieldOperators[$Field])) {
+                    // Does this field have a non-standard operator?
+                    $Operator = self::$FieldOperators[$Field];
+                } else {
+                    // Go for the default operator
+                    $Operator = self::$FieldOperators[''];
+                }
+
+                if (!empty($QueryParts['include'])) {
+                    if ($Field === 'taglist') {
+                        foreach ($QueryParts['include'] as $key => $Tag) {
+                            $QueryParts['include'][$key] = '( '.$Tag.' | '.$Tag.':* )';
+                        }
+                    }
+                    $SearchString .= '( ' . implode($Operator, $QueryParts['include']) . ' ) ';
+                }
+
+                if (!empty($QueryParts['exclude'])) {
+                    $SearchString .= implode(' ', $QueryParts['exclude']);
+                }
+
+                $this->SphQL->where_match($SearchString, $Field, false);
+                if (isset(self::$TorrentFields[$Field])) {
+                    $this->UsedTorrentFields[$Field] = $SearchString;
+                }
+                $this->Filtered = true;
+            }
+        }
+    }
+
+    /**
+     * Look at each search term and figure out what to do with it
+     *
+     * @param array $Terms Array with search terms from query()
+     */
+    private function process_search_terms($Terms)
+    {
+        foreach ($Terms as $Key => $Term) {
+            if (isset(self::$Fields[$Key])) {
+                $this->process_field($Key, $Term);
+            } elseif (isset(self::$Attributes[$Key])) {
+                $this->process_attribute($Key, $Term);
+            }
+            $this->RawTerms[$Key] = $Term;
+        }
+        $this->post_process();
+    }
+
+    /**
+     * Process attribute filters and store them in case we need to post-process grouped results
+     *
+     * @param string $Attribute Name of the attribute to filter against
+     * @param mixed $Value The filter's condition for a match
+     */
+    private function process_attribute($Attribute, $Value)
+    {
+        if ($Value === '') {
+            return;
+        }
+
+        if ($Attribute === 'year') {
+            $this->search_year($Value);
+        } elseif ($Attribute === 'size_unit') {
+            // For the record, size_unit must appear in the GET parameters after size_min and size_max for this to work. Sorry.
+            if (is_numeric($this->RawTerms['size_min']) || is_numeric($this->RawTerms['size_max'])) {
+                $this->SphQL->where_between('size', [intval(($this->RawTerms['size_min'] ?? 0)*(1024**$Value)), intval(min(PHP_INT_MAX, ($this->RawTerms['size_max'] ?? INF)*(1024**$Value)))]);
+            }
+        } elseif ($Attribute === 'freetorrent') {
+            if ($Value === 3) {
+                $this->SphQL->where('freetorrent', 0, true);
+                $this->UsedTorrentAttrs['freetorrent'] = 3;
+            } elseif ($Value >= 0 && $Value < 3) {
+                $this->SphQL->where('freetorrent', $Value);
+                $this->UsedTorrentAttrs[$Attribute] = $Value;
+            }
+        } elseif ($Attribute === 'filter_cat') {
+            if (!is_array($Value)) {
+                $Value = array_fill_keys(explode('|', $Value), 1);
+            }
+            $CategoryFilter = [];
+            foreach (array_keys($Value) as $Category) {
+                if (is_number($Category)) {
+                    $CategoryFilter[] = $Category;
+                } else {
+                    global $Categories;
+                    $ValidValues = array_map('strtolower', $Categories);
+                    if (($CategoryID = array_search(strtolower($Category), $ValidValues)) !== false) {
+                        $CategoryFilter[] = $CategoryID + 1;
+                    }
+                }
+            }
+            $this->SphQL->where('categoryid', ($CategoryFilter ?? 0));
+        } else {
+            if (!is_number($Value) && self::$Attributes[$Attribute] !== false) {
+                // Check if the submitted value can be converted to a valid one
+                $ValidValuesVarname = self::$Attributes[$Attribute];
+                global $$ValidValuesVarname;
+                $ValidValues = array_map('strtolower', $$ValidValuesVarname);
+                if (($Value = array_search(strtolower($Value), $ValidValues)) === false) {
+                    // Force the query to return 0 results if value is still invalid
+                    $Value = max(array_keys($ValidValues)) + 1;
+                }
+            }
+            $this->SphQL->where($Attribute, $Value);
+            $this->UsedTorrentAttrs[$Attribute] = $Value;
+        }
+
+        $this->Filtered = true;
+    }
+
+    /**
+     * Look at a fulltext search term and figure out if it needs special treatment
+     *
+     * @param string $Field Name of the search field
+     * @param string $Term Search expression for the field
+     */
+    private function process_field($Field, $Term)
+    {
+        $Term = trim($Term);
+        if ($Term === '') {
+            return;
+        }
+
+        if ($Field === 'searchstr') {
+            $this->search_basic($Term);
+        } elseif ($Field === 'filelist') {
+            $this->search_filelist($Term);
+        } elseif ($Field === 'taglist') {
+            $this->search_taglist($Term);
+        } else {
+            $this->add_field($Field, $Term);
+        }
+    }
+
+    /**
+     * Some fields may require post-processing
+     */
+    private function post_process()
+    {
+        if (isset($this->Terms['taglist'])) {
+            // Replace bad tags with tag aliases
+            $this->Terms['taglist'] = Tags::remove_aliases($this->Terms['taglist']);
+            if (isset($this->RawTerms['tags_type']) && (int)$this->RawTerms['tags_type'] === self::TAGS_ANY) {
+                $this->Terms['taglist']['operator'] = self::SPH_BOOL_OR;
+            }
+
+            // Update the RawTerms array so get_terms() can return the corrected search terms
+            if (isset($this->Terms['taglist']['include'])) {
+                $AllTags = $this->Terms['taglist']['include'];
+            } else {
+                $AllTags = [];
+            }
+
+            if (isset($this->Terms['taglist']['exclude'])) {
+                $AllTags = array_merge($AllTags, $this->Terms['taglist']['exclude']);
+            }
+            $this->RawTerms['taglist'] = str_replace('_', '.', implode(', ', $AllTags));
+        }
+    }
+
+    /**
+     * Handle magic keywords in the basic torrent search
+     *
+     * @param string $Term Given search expression
+     */
+    private function search_basic($Term)
+    {
+        global $Bitrates, $Formats, $Media;
+        #$SearchBitrates = array_map('strtolower', $Bitrates);
+        #array_push($SearchBitrates, 'v0', 'v1', 'v2', '24bit');
+        #$SearchFormats = array_map('strtolower', $Formats);
+        $SearchMedia = array_map('strtolower', $Media);
+
+        foreach (explode(' ', $Term) as $Word) {
+            /*
+            if (in_array($Word, $SearchBitrates)) {
+              $this->add_word('encoding', $Word);
+            } elseif (in_array($Word, $SearchFormats)) {
+              $this->add_word('format', $Word);
+            }
+            */
+
+            if (in_array($Word, $SearchMedia)) {
+                $this->add_word('media', $Word);
+            } else {
+                $this->add_word('searchstr', $Word);
+            }
+        }
+    }
+
+    /**
+     * Use phrase boundary for file searches to make sure we don't count
+     * partial hits from multiple files
+     *
+     * @param string $Term Given search expression
+     */
+    private function search_filelist($Term)
+    {
+        $SearchString = '"' . Sphinxql::sph_escape_string($Term) . '"~20';
+        $this->SphQL->where_match($SearchString, 'filelist', false);
+        $this->UsedTorrentFields['filelist'] = $SearchString;
+        $this->Filtered = true;
+    }
+
+    /**
+     * Prepare tag searches before sending them to the normal treatment
+     *
+     * @param string $Term Given search expression
+     */
+    private function search_taglist($Term)
+    {
+        $Term = strtr($Term, '.', '_');
+        $this->add_field('taglist', $Term);
+    }
+
+    /**
+     * The year filter accepts a range. Figure out how to handle the filter value
+     *
+     * @param string $Term Filter condition. Can be an integer or a range with the format X-Y
+     * @return bool True if parameters are valid
+     */
+    private function search_year($Term)
+    {
+        $Years = explode('-', $Term);
+        if (count($Years) === 1 && is_number($Years[0])) {
+            // Exact year
+            $this->SphQL->where('year', $Years[0]);
+        } elseif (count($Years) === 2) {
+            if (empty($Years[0]) && is_number($Years[1])) {
+                // Range: 0 - 2005
+                $this->SphQL->where_lt('year', $Years[1], true);
+            } elseif (empty($Years[1]) && is_number($Years[0])) {
+                // Range: 2005 - 2^32-1
+                $this->SphQL->where_gt('year', $Years[0], true);
+            } elseif (is_number($Years[0]) && is_number($Years[1])) {
+                // Range: 2005 - 2009
+                $this->SphQL->where_between('year', [min($Years), max($Years)]);
+            } else {
+                // Invalid input
+                return false;
+            }
+        } else {
+            // Invalid input
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Add a field filter that doesn't need special treatment
+     *
+     * @param string $Field Name of the search field
+     * @param string $Term Search expression for the field
+     */
+    private function add_field($Field, $Term)
+    {
+        if (isset(self::$FieldSeparators[$Field])) {
+            $Separator = self::$FieldSeparators[$Field];
+        } else {
+            $Separator = self::$FieldSeparators[''];
+        }
+
+        $Words = explode($Separator, $Term);
+        foreach ($Words as $Word) {
+            $this->add_word($Field, $Word);
+        }
+    }
+
+    /**
+     * Add a keyword to the array of search terms
+     *
+     * @param string $Field Name of the search field
+     * @param string $Word Keyword
+     */
+    private function add_word($Field, $Word)
+    {
+        $Word = trim($Word);
+        // Skip isolated hyphens to enable "Artist - Title" searches
+        if ($Word === '' || $Word === '-') {
+            return;
+        }
+
+        if ($Word[0] === '!' && strlen($Word) >= 2 && strpos($Word, '!', 1) === false) {
+            $this->Terms[$Field]['exclude'][] = $Word;
+        } else {
+            $this->Terms[$Field]['include'][] = $Word;
+        }
+    }
+
+    /**
+     * @return array Torrent group information for the matches from Torrents::get_groups
+     */
+    public function get_groups()
+    {
+        return $this->Groups;
+    }
+
+    /**
+     * @param string $Type Field or attribute name
+     * @return string Unprocessed search terms
+     */
+    public function get_terms($Type)
+    {
+        return $this->RawTerms[$Type] ?? '';
+    }
+
+    /**
+     * @return int Result count
+     */
+    public function record_count()
+    {
+        return $this->NumResults;
+    }
+
+    /**
+     * @return bool Whether any filters were used
+     */
+    public function has_filters()
+    {
+        return $this->Filtered;
+    }
+
+    /**
+     * @return bool Whether any torrent-specific fulltext filters were used
+     */
+    public function need_torrent_ft()
+    {
+        return $this->GroupResults && $this->NumResults > 0 && !empty($this->UsedTorrentFields);
+    }
+
+    /**
+     * Get torrent group info and remove any torrents that don't match
+     */
+    private function process_results()
+    {
+        if (count($this->SphResults) === 0) {
+            return;
+        }
+
+        $this->Groups = Torrents::get_groups($this->SphResults);
+        if ($this->need_torrent_ft()) {
+            // Query Sphinx for torrent IDs if torrent-specific fulltext filters were used
+            $this->filter_torrents_sph();
+        } elseif ($this->GroupResults) {
+            // Otherwise, let PHP discard unmatching torrents
+            $this->filter_torrents_internal();
+        }
+        // Ungrouped searches don't need any additional filtering
+    }
+
+    /**
+     * Build and run a query that gets torrent IDs from Sphinx when fulltext filters
+     * were used to get primary results and they are grouped
+     */
+    private function filter_torrents_sph()
+    {
+        $AllTorrents = [];
+        foreach ($this->Groups as $GroupID => $Group) {
+            if (!empty($Group['Torrents'])) {
+                $AllTorrents += array_fill_keys(array_keys($Group['Torrents']), $GroupID);
+            }
+        }
+
+        $TorrentCount = count($AllTorrents);
+        $this->SphQLTor = new SphinxqlQuery();
+        $this->SphQLTor->where_match('_all', 'fake', false);
+        $this->SphQLTor->select('id')->from('torrents, delta');
+
+        foreach ($this->UsedTorrentFields as $Field => $Term) {
+            $this->SphQLTor->where_match($Term, $Field, false);
+        }
+
+        $this->SphQLTor->copy_attributes_from($this->SphQL);
+        $this->SphQLTor->where('id', array_keys($AllTorrents))->limit(0, $TorrentCount, $TorrentCount);
+        $SphQLResultTor = $this->SphQLTor->query();
+        $MatchingTorrentIDs = $SphQLResultTor->to_pair('id', 'id');
+
+        foreach ($AllTorrents as $TorrentID => $GroupID) {
+            if (!isset($MatchingTorrentIDs[$TorrentID])) {
+                unset($this->Groups[$GroupID]['Torrents'][$TorrentID]);
+            }
+        }
+    }
+
+    /**
+     * Non-Sphinx method of collecting IDs of torrents that match any
+     * torrent-specific attribute filters that were used in the search query
+     */
+    private function filter_torrents_internal()
+    {
+        foreach ($this->Groups as $GroupID => $Group) {
+            if (empty($Group['Torrents'])) {
+                continue;
+            }
+            
+            foreach ($Group['Torrents'] as $TorrentID => $Torrent) {
+                if (!$this->filter_torrent_internal($Torrent)) {
+                    unset($this->Groups[$GroupID]['Torrents'][$TorrentID]);
+                }
+            }
+        }
+    }
+
+    /**
+     * Post-processing to determine if a torrent is a real hit or if it was
+     * returned because another torrent in the group matched. Only used if
+     * there are no torrent-specific fulltext conditions
+     *
+     * @param array $Torrent Torrent array, probably from Torrents::get_groups()
+     * @return bool True if it's a real hit
+     */
+    private function filter_torrent_internal($Torrent)
+    {
+        if (isset($this->UsedTorrentAttrs['freetorrent'])) {
+            $FilterValue = $this->UsedTorrentAttrs['freetorrent'];
+            if ($FilterValue === '3' && $Torrent['FreeTorrent'] === '0') {
+                // Either FL or NL is ok
+                return false;
+            } elseif ($FilterValue !== '3' && $FilterValue !== (int)$Torrent['FreeTorrent']) {
+                return false;
+            }
+        }
+        return true;
+    }
+}

classes/tracker.class.php

@@ -0,0 +1,195 @@
+<?php
+
+// TODO: Turn this into a class with nice functions like update_user, delete_torrent, etc.
+class Tracker
+{
+    const STATS_MAIN = 0;
+    const STATS_USER = 1;
+
+    public static $Requests = [];
+
+    /**
+     * Send a GET request over a socket directly to the tracker
+     * For example, Tracker::update_tracker('change_passkey', array('oldpasskey' => OLD_PASSKEY, 'newpasskey' => NEW_PASSKEY)) will send the request:
+     * GET /tracker_32_char_secret_code/update?action=change_passkey&oldpasskey=OLD_PASSKEY&newpasskey=NEW_PASSKEY HTTP/1.1
+     *
+     * @param string $Action The action to send
+     * @param array $Updates An associative array of key->value pairs to send to the tracker
+     * @param boolean $ToIRC Sends a message to the channel #tracker with the GET URL.
+     */
+    public static function update_tracker($Action, $Updates, $ToIRC = false)
+    {
+        // Build request
+        $Get = TRACKER_SECRET . "/update?action=$Action";
+        foreach ($Updates as $Key => $Value) {
+            $Get .= "&$Key=$Value";
+        }
+
+        $MaxAttempts = 3;
+        // don't wait around if we're debugging
+        if (DEBUG_MODE) {
+            $MaxAttempts = 1;
+        }
+
+        $Err = false;
+        if (self::send_request($Get, $MaxAttempts, $Err) === false) {
+            send_irc(DEBUG_CHAN, "$MaxAttempts $Err $Get");
+            if (G::$Cache->get_value('ocelot_error_reported') === false) {
+                send_irc(ADMIN_CHAN, "Failed to update Ocelot: $Err $Get");
+                G::$Cache->cache_value('ocelot_error_reported', true, 3600);
+            }
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Get global peer stats from the tracker
+     *
+     * @return array(0 => $Leeching, 1 => $Seeding) or false if request failed
+     */
+    public static function global_peer_count()
+    {
+        $Stats = self::get_stats(self::STATS_MAIN);
+        if (isset($Stats['leechers tracked']) && isset($Stats['seeders tracked'])) {
+            $Leechers = $Stats['leechers tracked'];
+            $Seeders = $Stats['seeders tracked'];
+        } else {
+            return false;
+        }
+        return array($Leechers, $Seeders);
+    }
+
+    /**
+     * Get peer stats for a user from the tracker
+     *
+     * @param string $TorrentPass The user's pass key
+     * @return array(0 => $Leeching, 1 => $Seeding) or false if the request failed
+     */
+    public static function user_peer_count($TorrentPass)
+    {
+        $Stats = self::get_stats(self::STATS_USER, array('key' => $TorrentPass));
+        if ($Stats === false) {
+            return false;
+        }
+        if (isset($Stats['leeching']) && isset($Stats['seeding'])) {
+            $Leeching = $Stats['leeching'];
+            $Seeding = $Stats['seeding'];
+        } else {
+            // User doesn't exist, but don't tell anyone
+            $Leeching = $Seeding = 0;
+        }
+        return array($Leeching, $Seeding);
+    }
+
+    /**
+     * Get whatever info the tracker has to report
+     *
+     * @return results from get_stats()
+     */
+    public static function info()
+    {
+        return self::get_stats(self::STATS_MAIN);
+    }
+
+    /**
+     * Send a stats request to the tracker and process the results
+     *
+     * @param int $Type Stats type to get
+     * @param array $Params Parameters required by stats type
+     * @return array with stats in named keys or false if the request failed
+     */
+    private static function get_stats($Type, $Params = false)
+    {
+        if (!defined('TRACKER_REPORTKEY')) {
+            return false;
+        }
+        $Get = TRACKER_REPORTKEY . '/report?';
+        if ($Type === self::STATS_MAIN) {
+            $Get .= 'get=stats';
+        } elseif ($Type === self::STATS_USER && !empty($Params['key'])) {
+            $Get .= "get=user&key=$Params[key]";
+        } else {
+            return false;
+        }
+        $Response = self::send_request($Get);
+        if ($Response === false) {
+            return false;
+        }
+        $Stats = [];
+        foreach (explode("\n", $Response) as $Stat) {
+            list($Val, $Key) = explode(" ", $Stat, 2);
+            $Stats[$Key] = $Val;
+        }
+        return $Stats;
+    }
+
+    /**
+     * Send a request to the tracker
+     *
+     * @param string $Path GET string to send to the tracker
+     * @param int $MaxAttempts Maximum number of failed attempts before giving up
+     * @param $Err Variable to use as storage for the error string if the request fails
+     * @return tracker response message or false if the request failed
+     */
+    private static function send_request($Get, $MaxAttempts = 1, &$Err = false)
+    {
+        $Header = "GET /$Get HTTP/1.1\r\nConnection: Close\r\n\r\n";
+        $Attempts = 0;
+        $Sleep = 0;
+        $Success = false;
+        $StartTime = microtime(true);
+        
+        while (!$Success && $Attempts++ < $MaxAttempts) {
+            if ($Sleep) {
+                sleep($Sleep);
+            }
+
+            // spend some time retrying if we're not in DEBUG_MODE
+            if (!DEBUG_MODE) {
+                $Sleep = 6;
+            }
+
+            // Send request
+            $File = fsockopen(TRACKER_HOST, TRACKER_PORT, $ErrorNum, $ErrorString);
+            if ($File) {
+                if (fwrite($File, $Header) === false) {
+                    $Err = "Failed to fwrite()";
+                    $Sleep = 3;
+                    continue;
+                }
+            } else {
+                $Err = "Failed to fsockopen() - $ErrorNum - $ErrorString";
+                continue;
+            }
+
+            // Check for response.
+            $Response = '';
+            while (!feof($File)) {
+                $Response .= fread($File, 1024);
+            }
+            $DataStart = strpos($Response, "\r\n\r\n") + 4;
+            $DataEnd = strrpos($Response, "\n");
+            if ($DataEnd > $DataStart) {
+                $Data = substr($Response, $DataStart, $DataEnd - $DataStart);
+            } else {
+                $Data = "";
+            }
+            $Status = substr($Response, $DataEnd + 1);
+            if ($Status == "success") {
+                $Success = true;
+            }
+        }
+        $Request = array(
+      'path' => substr($Get, strpos($Get, '/')),
+      'response' => ($Success ? $Data : $Response),
+      'status' => ($Success ? 'ok' : 'failed'),
+      'time' => 1000 * (microtime(true) - $StartTime)
+    );
+        self::$Requests[] = $Request;
+        if ($Success) {
+            return $Data;
+        }
+        return false;
+    }
+}

classes/twofa.class.php

@@ -0,0 +1,138 @@
+<?php
+
+class TwoFactorAuth
+{
+    private $algorithm;
+    private $period;
+    private $digits;
+    private $issuer;
+    private static $_base32dict = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567=';
+    private static $_base32;
+    private static $_base32lookup = [];
+    private static $_supportedalgos = array('sha1', 'sha256', 'sha512', 'md5');
+
+    public function __construct($issuer = null, $digits = 6, $period = 30, $algorithm = 'sha1')
+    {
+        $this->issuer = $issuer;
+        $this->digits = $digits;
+        $this->period = $period;
+
+        $algorithm = strtolower(trim($algorithm));
+        if (!in_array($algorithm, self::$_supportedalgos)) {
+            $algorithm = 'sha1';
+        }
+        $this->algorithm = $algorithm;
+
+        self::$_base32 = str_split(self::$_base32dict);
+        self::$_base32lookup = array_flip(self::$_base32);
+    }
+
+    public function createSecret($bits = 210)
+    {
+        $secret = '';
+        $bytes = ceil($bits / 5); //We use 5 bits of each byte (since we have a 32-character 'alphabet' / BASE32)
+        $rnd = random_bytes($bytes);
+
+        for ($i = 0; $i < $bytes; $i++) {
+            $secret .= self::$_base32[ord($rnd[$i]) & 31]; //Mask out left 3 bits for 0-31 values
+        }
+        return $secret;
+    }
+
+    // Calculate the code with given secret and point in time
+    public function getCode($secret, $time = null)
+    {
+        $secretkey = $this->base32Decode($secret);
+
+        $timestamp = "\0\0\0\0" . pack('N*', $this->getTimeSlice($this->getTime($time)));  // Pack time into binary string
+        $hashhmac = hash_hmac($this->algorithm, $timestamp, $secretkey, true);             // Hash it with users secret key
+        $hashpart = substr($hashhmac, ord(substr($hashhmac, -1)) & 0x0F, 4);               // Use last nibble of result as index/offset and grab 4 bytes of the result
+        $value = unpack('N', $hashpart);                                                   // Unpack binary value
+        $value = $value[1] & 0x7FFFFFFF;                                                   // Drop MSB, keep only 31 bits
+
+        return str_pad($value % pow(10, $this->digits), $this->digits, '0', STR_PAD_LEFT);
+    }
+
+    // Check if the code is correct. This will accept codes starting from now +/- ($discrepancy * period) seconds
+    public function verifyCode($secret, $code, $discrepancy = 1, $time = null)
+    {
+        $result = false;
+        $timetamp = $this->getTime($time);
+
+        // Always iterate all possible codes to prevent timing-attacks
+        for ($i = -$discrepancy; $i <= $discrepancy; $i++) {
+            $result |= hash_equals($this->getCode($secret, $timetamp + ($i * $this->period)), $code);
+        }
+
+        return (bool)$result;
+    }
+
+    // Get data-uri of QRCode
+    public function getQRCodeImageAsDataUri($label, $secret, $size = 300)
+    {
+        if (exec('which qrencode')) {
+            $QRCodeImage = shell_exec("qrencode -s ".(int)($size/40)." -m 3 -o - '".$this->getQRText($label, $secret)."'");
+        } else {
+            $curlhandle = curl_init();
+
+            curl_setopt_array($curlhandle, array(
+            CURLOPT_URL => 'https://chart.googleapis.com/chart?cht=qr&chs='.$size.'x'.$size.'&chld=L|1&chl='.rawurlencode($this->getQRText($label, $secret)),
+            CURLOPT_RETURNTRANSFER => true,
+            CURLOPT_CONNECTTIMEOUT => 10,
+            CURLOPT_DNS_CACHE_TIMEOUT => 10,
+            CURLOPT_TIMEOUT => 10,
+            CURLOPT_SSL_VERIFYPEER => false,
+            CURLOPT_USERAGENT => 'TwoFactorAuth'
+            ));
+
+            $QRCodeImage = curl_exec($curlhandle);
+            curl_close($curlhandle);
+        }
+        return 'data:image/png;base64,'.base64_encode($QRCodeImage);
+    }
+
+    private function getTime($time)
+    {
+        return ($time === null) ? time() : $time;
+    }
+
+    private function getTimeSlice($time = null, $offset = 0)
+    {
+        return (int)floor($time / $this->period) + ($offset * $this->period);
+    }
+
+    // Builds a string to be encoded in a QR code
+    public function getQRText($label, $secret)
+    {
+        $QRText = 'otpauth://totp/'.rawurlencode($label).'?secret='.rawurlencode($secret);
+        $QRText .= ($this->issuer) ? '&issuer='.rawurlencode($this->issuer) : '';
+        $QRText .= ($this->period != 30) ? '&period='.intval($this->period) : '';
+        $QRText .= ($this->algorithm != 'sha1') ? '&algorithm='.rawurlencode(strtoupper($this->algorithm)) : '';
+        $QRText .= ($this->digits != 6) ? '&digits='.intval($this->digits) : '';
+        return $QRText;
+    }
+
+    private function base32Decode($value)
+    {
+        if (strlen($value)==0) {
+            return '';
+        }
+
+        $buffer = '';
+        foreach (str_split($value) as $char) {
+            if ($char !== '=') {
+                $buffer .= str_pad(decbin(self::$_base32lookup[$char]), 5, 0, STR_PAD_LEFT);
+            }
+        }
+        
+        $length = strlen($buffer);
+        $blocks = trim(chunk_split(substr($buffer, 0, $length - ($length % 8)), 8, ' '));
+
+        $output = '';
+        foreach (explode(' ', $blocks) as $block) {
+            $output .= chr(bindec(str_pad($block, 8, 0, STR_PAD_RIGHT)));
+        }
+
+        return $output;
+    }
+}

classes/u2f.class.php

@@ -0,0 +1,576 @@
+<?php
+
+# https://github.com/Yubico/php-u2flib-server/blob/master/src/u2flib_server/U2F.php
+
+/* Copyright (c) 2014 Yubico AB
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *   * Redistributions in binary form must reproduce the above
+ *     copyright notice, this list of conditions and the following
+ *     disclaimer in the documentation and/or other materials provided
+ *     with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace u2f;
+#namespace u2flib_server;
+
+/** Constant for the version of the u2f protocol */
+const U2F_VERSION = "U2F_V2";
+
+/** Constant for the type value in registration clientData */
+const REQUEST_TYPE_REGISTER = "navigator.id.finishEnrollment";
+
+/** Constant for the type value in authentication clientData */
+const REQUEST_TYPE_AUTHENTICATE = "navigator.id.getAssertion";
+
+/** Error for the authentication message not matching any outstanding
+ * authentication request */
+const ERR_NO_MATCHING_REQUEST = 1;
+
+/** Error for the authentication message not matching any registration */
+const ERR_NO_MATCHING_REGISTRATION = 2;
+
+/** Error for the signature on the authentication message not verifying with
+ * the correct key */
+const ERR_AUTHENTICATION_FAILURE = 3;
+
+/** Error for the challenge in the registration message not matching the
+ * registration challenge */
+const ERR_UNMATCHED_CHALLENGE = 4;
+
+/** Error for the attestation signature on the registration message not
+ * verifying */
+const ERR_ATTESTATION_SIGNATURE = 5;
+
+/** Error for the attestation verification not verifying */
+const ERR_ATTESTATION_VERIFICATION = 6;
+
+/** Error for not getting good random from the system */
+const ERR_BAD_RANDOM = 7;
+
+/** Error when the counter is lower than expected */
+const ERR_COUNTER_TOO_LOW = 8;
+
+/** Error decoding public key */
+const ERR_PUBKEY_DECODE = 9;
+
+/** Error user-agent returned error */
+const ERR_BAD_UA_RETURNING = 10;
+
+/** Error old OpenSSL version */
+const ERR_OLD_OPENSSL = 11;
+
+/** Error for the origin not matching the appId */
+const ERR_NO_MATCHING_ORIGIN = 12;
+
+/** Error for the type in clientData being invalid */
+const ERR_BAD_TYPE = 13;
+
+/** Error for bad user presence byte value */
+const ERR_BAD_USER_PRESENCE = 14;
+
+/** @internal */
+const PUBKEY_LEN = 65;
+
+class U2F
+{
+    /** @var string  */
+    private $appId;
+
+    /** @var null|string */
+    private $attestDir;
+
+    /** @var array */
+    private $facetIds;
+
+    /** @internal */
+    private $FIXCERTS = array(
+        '349bca1031f8c82c4ceca38b9cebf1a69df9fb3b94eed99eb3fb9aa3822d26e8',
+        'dd574527df608e47ae45fbba75a2afdd5c20fd94a02419381813cd55a2a3398f',
+        '1d8764f0f7cd1352df6150045c8f638e517270e8b5dda1c63ade9c2280240cae',
+        'd0edc9a91a1677435a953390865d208c55b3183c6759c9b5a7ff494c322558eb',
+        '6073c436dcd064a48127ddbf6032ac1a66fd59a0c24434f070d4e564c124c897',
+        'ca993121846c464d666096d35f13bf44c1b05af205f9b4a1e00cf6cc10c5e511'
+    );
+
+    /**
+     * @param string $appId Application id for the running application
+     * @param string|null $attestDir Directory where trusted attestation roots may be found
+     * @param array|null $facetIds List of trusted Facet IDs
+     * @throws Error If OpenSSL older than 1.0.0 is used
+     */
+    public function __construct($appId, $attestDir = null, $facetIds = null)
+    {
+        if(OPENSSL_VERSION_NUMBER < 0x10000000) {
+            throw new Error('OpenSSL has to be at least version 1.0.0, this is ' . OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL);
+        }
+        $this->appId = $appId;
+        $this->attestDir = $attestDir;
+
+        if(!is_array($facetIds)) {
+            $facetIds = [$appId];
+        }
+        $this->facetIds = $facetIds;
+    }
+
+    /**
+     * Called to get a registration request to send to a user.
+     * Returns an array of one registration request and a array of sign requests.
+     *
+     * @param array $registrations List of current registrations for this
+     * user, to prevent the user from registering the same authenticator several
+     * times.
+     * @return array An array of two elements, the first containing a
+     * RegisterRequest the second being an array of SignRequest
+     * @throws Error
+     */
+    public function getRegisterData(array $registrations = array())
+    {
+        $challenge = $this->createChallenge();
+        $request = new RegisterRequest($challenge, $this->appId);
+        $signs = $this->getAuthenticateData($registrations);
+        return array($request, $signs);
+    }
+
+    /**
+     * Called to verify and unpack a registration message.
+     *
+     * @param RegisterRequest $request this is a reply to
+     * @param object $response response from a user
+     * @param bool $includeCert set to true if the attestation certificate should be
+     * included in the returned Registration object
+     * @return Registration
+     * @throws Error
+     */
+    public function doRegister($request, $response, $includeCert = true)
+    {
+        if( !is_object( $request ) ) {
+            throw new \InvalidArgumentException('$request of doRegister() method only accepts object.');
+        }
+
+        if( !is_object( $response ) ) {
+            throw new \InvalidArgumentException('$response of doRegister() method only accepts object.');
+        }
+
+        if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) {
+            throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING );
+        }
+
+        if( !is_bool( $includeCert ) ) {
+            throw new \InvalidArgumentException('$include_cert of doRegister() method only accepts boolean.');
+        }
+
+        $rawReg = $this->base64u_decode($response->registrationData);
+        $regData = array_values(unpack('C*', $rawReg));
+        $clientData = $this->base64u_decode($response->clientData);
+        $cli = json_decode($clientData);
+
+        if($cli->challenge !== $request->challenge) {
+            throw new Error('Registration challenge does not match', ERR_UNMATCHED_CHALLENGE );
+        }
+
+        if(isset($cli->typ) && $cli->typ !== REQUEST_TYPE_REGISTER) {
+            throw new Error('ClientData type is invalid', ERR_BAD_TYPE);
+        }
+
+        if(isset($cli->origin) && !in_array($cli->origin, $this->facetIds, true)) {
+            throw new Error('App ID does not match the origin', ERR_NO_MATCHING_ORIGIN);
+        }
+
+        $registration = new Registration();
+        $offs = 1;
+        $pubKey = substr($rawReg, $offs, PUBKEY_LEN);
+        $offs += PUBKEY_LEN;
+        // decode the pubKey to make sure it's good
+        $tmpKey = $this->pubkey_to_pem($pubKey);
+        if($tmpKey === null) {
+            throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
+        }
+        $registration->publicKey = base64_encode($pubKey);
+        $khLen = $regData[$offs++];
+        $kh = substr($rawReg, $offs, $khLen);
+        $offs += $khLen;
+        $registration->keyHandle = $this->base64u_encode($kh);
+
+        // length of certificate is stored in byte 3 and 4 (excluding the first 4 bytes)
+        $certLen = 4;
+        $certLen += ($regData[$offs + 2] << 8);
+        $certLen += $regData[$offs + 3];
+
+        $rawCert = $this->fixSignatureUnusedBits(substr($rawReg, $offs, $certLen));
+        $offs += $certLen;
+        $pemCert  = "-----BEGIN CERTIFICATE-----\r\n";
+        $pemCert .= chunk_split(base64_encode($rawCert), 64);
+        $pemCert .= "-----END CERTIFICATE-----";
+        if($includeCert) {
+            $registration->certificate = base64_encode($rawCert);
+        }
+        if($this->attestDir) {
+            if(openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) {
+                throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION );
+            }
+        }
+
+        if(!openssl_pkey_get_public($pemCert)) {
+            throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
+        }
+        $signature = substr($rawReg, $offs);
+
+        $dataToVerify  = pack('C', 0);
+        $dataToVerify .= hash('sha256', $request->appId, true);
+        $dataToVerify .= hash('sha256', $clientData, true);
+        $dataToVerify .= $kh;
+        $dataToVerify .= $pubKey;
+
+        if(openssl_verify($dataToVerify, $signature, $pemCert, 'sha256') === 1) {
+            return $registration;
+        } else {
+            throw new Error('Attestation signature does not match', ERR_ATTESTATION_SIGNATURE );
+        }
+    }
+
+    /**
+     * Called to get an authentication request.
+     *
+     * @param array $registrations An array of the registrations to create authentication requests for.
+     * @return array An array of SignRequest
+     * @throws Error
+     */
+    public function getAuthenticateData(array $registrations)
+    {
+        $sigs = array();
+        $challenge = $this->createChallenge();
+        foreach ($registrations as $reg) {
+            if( !is_object( $reg ) ) {
+                throw new \InvalidArgumentException('$registrations of getAuthenticateData() method only accepts array of object.');
+            }
+            /** @var Registration $reg */
+
+            $sig = new SignRequest();
+            $sig->appId = $this->appId;
+            $sig->keyHandle = $reg->keyHandle;
+            $sig->challenge = $challenge;
+            $sigs[] = $sig;
+        }
+        return $sigs;
+    }
+
+    /**
+     * Called to verify an authentication response
+     *
+     * @param array $requests An array of outstanding authentication requests
+     * @param array $registrations An array of current registrations
+     * @param object $response A response from the authenticator
+     * @return Registration
+     * @throws Error
+     *
+     * The Registration object returned on success contains an updated counter
+     * that should be saved for future authentications.
+     * If the Error returned is ERR_COUNTER_TOO_LOW this is an indication of
+     * token cloning or similar and appropriate action should be taken.
+     */
+    public function doAuthenticate(array $requests, array $registrations, $response)
+    {
+        if( !is_object( $response ) ) {
+            throw new \InvalidArgumentException('$response of doAuthenticate() method only accepts object.');
+        }
+
+        if( property_exists( $response, 'errorCode') && $response->errorCode !== 0 ) {
+            throw new Error('User-agent returned error. Error code: ' . $response->errorCode, ERR_BAD_UA_RETURNING );
+        }
+
+        /** @var object|null $req */
+        $req = null;
+
+        /** @var object|null $reg */
+        $reg = null;
+
+        $clientData = $this->base64u_decode($response->clientData);
+        $decodedClient = json_decode($clientData);
+
+        if(isset($decodedClient->typ) && $decodedClient->typ !== REQUEST_TYPE_AUTHENTICATE) {
+            throw new Error('ClientData type is invalid', ERR_BAD_TYPE);
+        }
+
+        foreach ($requests as $req) {
+            if( !is_object( $req ) ) {
+                throw new \InvalidArgumentException('$requests of doAuthenticate() method only accepts array of object.');
+            }
+
+            if($req->keyHandle === $response->keyHandle && $req->challenge === $decodedClient->challenge) {
+                break;
+            }
+
+            $req = null;
+        }
+        if($req === null) {
+            throw new Error('No matching request found', ERR_NO_MATCHING_REQUEST );
+        }
+        if(isset($decodedClient->origin) && !in_array($decodedClient->origin, $this->facetIds, true)) {
+            throw new Error('App ID does not match the origin', ERR_NO_MATCHING_ORIGIN);
+        }
+        foreach ($registrations as $reg) {
+            if( !is_object( $reg ) ) {
+                throw new \InvalidArgumentException('$registrations of doAuthenticate() method only accepts array of object.');
+            }
+
+            if($reg->keyHandle === $response->keyHandle) {
+                break;
+            }
+            $reg = null;
+        }
+        if($reg === null) {
+            throw new Error('No matching registration found', ERR_NO_MATCHING_REGISTRATION );
+        }
+        $pemKey = $this->pubkey_to_pem($this->base64u_decode($reg->publicKey));
+        if($pemKey === null) {
+            throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
+        }
+
+        $signData = $this->base64u_decode($response->signatureData);
+        $dataToVerify  = hash('sha256', $req->appId, true);
+        $dataToVerify .= substr($signData, 0, 5);
+        $dataToVerify .= hash('sha256', $clientData, true);
+        $signature = substr($signData, 5);
+
+        if(openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) {
+            $upb = unpack("Cupb", substr($signData, 0, 1)); 
+            if($upb['upb'] !== 1) { 
+                throw new Error('User presence byte value is invalid', ERR_BAD_USER_PRESENCE );
+            }
+            $ctr = unpack("Nctr", substr($signData, 1, 4));
+            $counter = $ctr['ctr'];
+            /* TODO: wrap-around should be handled somehow.. */
+            if($counter > $reg->counter) {
+                $reg->counter = $counter;
+                return self::castObjectToRegistration($reg);
+            } else {
+                throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW );
+            }
+        } else {
+            throw new Error('Authentication failed', ERR_AUTHENTICATION_FAILURE );
+        }
+    }
+
+    /**
+     * @param object $object
+     * @return Registration
+     */
+    protected static function castObjectToRegistration($object)
+    {
+        $reg = new Registration();
+        if (isset($object->publicKey)) {
+            $reg->publicKey = $object->publicKey;
+        }
+        if (isset($object->certificate)) {
+            $reg->certificate = $object->certificate;
+        }
+        if (isset($object->counter)) {
+            $reg->counter = $object->counter;
+        }
+        if (isset($object->keyHandle)) {
+            $reg->keyHandle = $object->keyHandle;
+        }
+        return $reg;
+    }
+
+    /**
+     * @return array
+     */
+    private function get_certs()
+    {
+        $files = array();
+        $dir = $this->attestDir;
+        if($dir !== null && is_dir($dir) && $handle = opendir($dir)) {
+            while(false !== ($entry = readdir($handle))) {
+                if(is_file("$dir/$entry")) {
+                    $files[] = "$dir/$entry";
+                }
+            }
+            closedir($handle);
+        } elseif (is_file("$dir")) {
+            $files[] = "$dir";
+        }
+        return $files;
+    }
+
+    /**
+     * @param string $data
+     * @return string
+     */
+    private function base64u_encode($data)
+    {
+        return trim(strtr(base64_encode($data), '+/', '-_'), '=');
+    }
+
+    /**
+     * @param string $data
+     * @return string
+     */
+    private function base64u_decode($data)
+    {
+        return base64_decode(strtr($data, '-_', '+/'));
+    }
+
+    /**
+     * @param string $key
+     * @return null|string
+     */
+    private function pubkey_to_pem($key)
+    {
+        if(strlen($key) !== PUBKEY_LEN || $key[0] !== "\x04") {
+            return null;
+        }
+
+        /*
+         * Convert the public key to binary DER format first
+         * Using the ECC SubjectPublicKeyInfo OIDs from RFC 5480
+         *
+         *  SEQUENCE(2 elem)                        30 59
+         *   SEQUENCE(2 elem)                       30 13
+         *    OID1.2.840.10045.2.1 (id-ecPublicKey) 06 07 2a 86 48 ce 3d 02 01
+         *    OID1.2.840.10045.3.1.7 (secp256r1)    06 08 2a 86 48 ce 3d 03 01 07
+         *   BIT STRING(520 bit)                    03 42 ..key..
+         */
+        $der  = "\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01";
+        $der .= "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42";
+        $der .= "\0".$key;
+
+        $pem  = "-----BEGIN PUBLIC KEY-----\r\n";
+        $pem .= chunk_split(base64_encode($der), 64);
+        $pem .= "-----END PUBLIC KEY-----";
+
+        return $pem;
+    }
+
+    /**
+     * @return string
+     * @throws Error
+     */
+    private function createChallenge()
+    {
+        $challenge = random_bytes(32);
+        $challenge = $this->base64u_encode( $challenge );
+
+        return $challenge;
+    }
+
+    /**
+     * Fixes a certificate where the signature contains unused bits.
+     *
+     * @param string $cert
+     * @return mixed
+     */
+    private function fixSignatureUnusedBits($cert)
+    {
+        if(in_array(hash('sha256', $cert), $this->FIXCERTS, true)) {
+            $cert[strlen($cert) - 257] = "\0";
+        }
+        return $cert;
+    }
+}
+
+/**
+ * Class for building a registration request
+ *
+ * @package u2flib_server
+ */
+class RegisterRequest
+{
+    /** @var string Protocol version */
+    public $version = U2F_VERSION;
+
+    /** @var string Registration challenge */
+    public $challenge;
+
+    /** @var string Application id */
+    public $appId;
+
+    /**
+     * @param string $challenge
+     * @param string $appId
+     * @internal
+     */
+    public function __construct($challenge, $appId)
+    {
+        $this->challenge = $challenge;
+        $this->appId = $appId;
+    }
+}
+
+/**
+ * Class for building up an authentication request
+ *
+ * @package u2flib_server
+ */
+class SignRequest
+{
+    /** @var string Protocol version */
+    public $version = U2F_VERSION;
+
+    /** @var string Authentication challenge */
+    public $challenge = '';
+
+    /** @var string Key handle of a registered authenticator */
+    public $keyHandle = '';
+
+    /** @var string Application id */
+    public $appId = '';
+}
+
+/**
+ * Class returned for successful registrations
+ *
+ * @package u2flib_server
+ */
+class Registration
+{
+    /** @var string The key handle of the registered authenticator */
+    public $keyHandle = '';
+
+    /** @var string The public key of the registered authenticator */
+    public $publicKey = '';
+
+    /** @var string The attestation certificate of the registered authenticator */
+    public $certificate = '';
+
+    /** @var int The counter associated with this registration */
+    public $counter = -1;
+}
+
+/**
+ * Error class, returned on errors
+ *
+ * @package u2flib_server
+ */
+class Error extends \Exception
+{
+    /**
+     * Override constructor and make message and code mandatory
+     * @param string $message
+     * @param int $code
+     * @param \Exception|null $previous
+     */
+    public function __construct($message, $code, \Exception $previous = null) {
+        parent::__construct($message, $code, $previous);
+    }
+}

classes/useragent.class.php

@@ -0,0 +1,168 @@
+<?php
+
+class UserAgent
+{
+    private static $Browsers = array(
+    // Less popular
+    'Shiira'     => 'Shiira',
+    'Songbird'   => 'Songbird',
+    'SeaMonkey'  => 'SeaMonkey',
+    'OmniWeb'    => 'OmniWeb',
+    'Camino'     => 'Camino',
+    'Chimera'    => 'Chimera',
+    'Epiphany'   => 'Epiphany',
+    'Konqueror'  => 'Konqueror',
+    'Iceweasel'  => 'Iceweasel',
+    'Lynx'       => 'Lynx',
+    'Links'      => 'Links',
+    'libcurl'    => 'cURL',
+    'midori'     => 'Midori',
+    'Blackberry' => 'BlackBerry Browser',
+    // Big names
+    'Firefox' => 'Firefox',
+    'OPR'     => 'Opera Blink', # Opera 15+ (the version running Blink)
+    'Opera'   => 'Opera',
+    'Chrome'  => 'Chrome',
+    'Safari'  => 'Safari',
+    // Put Chrome Frame above IE
+    'chromeframe' => 'Chrome Frame',
+    'x-clock'     => 'Chrome Frame',
+    'MSIE'        => 'Internet Explorer',
+    'Trident'     => 'Internet Explorer',
+    // Firefox versions
+    'Shiretoko'    => 'Firefox (Experimental)',
+    'Minefield'    => 'Firefox (Experimental)',
+    'GranParadiso' => 'Firefox (Experimental)',
+    'Namoroka'     => 'Firefox (Experimental)',
+    'AppleWebKit'  => 'WebKit',
+    'Mozilla'      => 'Mozilla'
+    // Weird shit
+    /*
+    'WWW-Mechanize' => 'Perl',
+    'Wget'          => 'Wget',
+    'BTWebClient'   => 'µTorrent',
+    'Transmission'  => 'Transmission',
+    'Java'          => 'Java',
+    'RSS'           => 'RSS Downloader'
+    */
+  );
+
+    private static $OperatingSystems = array(
+    // Mobile
+    'SymbianOS'    => 'Symbian',
+    'blackberry'   => 'BlackBerry',
+    'iphone'       => 'iPhone',
+    'ipod'         => 'iPhone',
+    'android'      => 'Android',
+    'palm'         => 'Palm',
+    'mot-razr'     => 'Motorola Razr',
+  //'tablet PC'    => 'Windows RT',
+  //'ARM; Trident' => 'Windows RT',
+    // Windows
+    'Windows NT 10.0' => 'Windows 10',
+    'Windows NT 6.4'  => 'Windows 10',
+    'Windows NT 6.3'  => 'Windows 8.1',
+    'Windows 8.1'     => 'Windows 8.1',
+    'Windows NT 6.2'  => 'Windows 8',
+    'Windows 8'       => 'Windows 8',
+    'Windows NT 6.1'  => 'Windows 7',
+    'Windows 7'       => 'Windows 7',
+    'Windows NT 6.0'  => 'Windows Vista',
+    'Windows Vista'   => 'Windows Vista',
+    'windows nt 5.2'  => 'Windows 2003',
+    'windows 2003'    => 'Windows 2003',
+    'windows nt 5.0'  => 'Windows 2000',
+    'windows 2000'    => 'Windows 2000',
+    'windows nt 5.1'  => 'Windows XP',
+    'windows xp'      => 'Windows XP',
+    'Win 9x 4.90'     => 'Windows ME',
+    'Windows Me'      => 'Windows ME',
+    'windows nt'      => 'Windows NT',
+    'winnt'           => 'Windows NT',
+    'windows 98'      => 'Windows 98',
+    'windows ce'      => 'Windows CE',
+    'win98'           => 'Windows 98',
+    'windows 95'      => 'Windows 95',
+    'windows 95'      => 'Windows 95',
+    'win95'           => 'Windows 95',
+    'win16'           => 'Windows 3.1',
+  //'windows'         => 'Windows',
+    'cros'            => 'Chrome OS',
+    // OS X
+    'os x'      => 'Mac OS X',
+    'macintosh' => 'Mac OS X',
+    'darwin'    => 'Mac OS X',
+    // Less popular
+    'ubuntu'  => 'Ubuntu',
+    'debian'  => 'Debian',
+    'fedora'  => 'Fedora',
+    'freebsd' => 'FreeBSD',
+    'openbsd' => 'OpenBSD',
+    'bsd'     => 'BSD',
+    'x11'     => 'Linux',
+    'gnu'     => 'Linux',
+    'linux'   => 'Linux',
+    'unix'    => 'Unix',
+    'Sun OS'  => 'Sun',
+    'Sun'     => 'Sun',
+    // Weird shit
+    /*
+    'WWW-Mechanize' => 'Perl',
+    'Wget'          => 'Wget',
+    'BTWebClient'   => 'µTorrent',
+    'Transmission'  => 'Transmission',
+    'Java'          => 'Java',
+    'RSS'           => 'RSS Downloader',
+    */
+    // Catch-all
+    'win' => 'Windows',
+    'mac' => 'Mac OS X'
+  );
+
+    public static function operating_system(&$UserAgentString)
+    {
+        if (empty($UserAgentString)) {
+            return 'Hidden';
+        }
+
+        foreach (self::$OperatingSystems as $String => $OperatingSystem) {
+            if (stripos($UserAgentString, $String) !== false) {
+                return $OperatingSystem;
+            }
+        }
+        return 'Unknown';
+    }
+
+    public static function mobile(&$UserAgentString)
+    {
+        if (strpos($UserAgentString, 'iPad') !== false) {
+            return false;
+        }
+
+        // "Mobi" catches "Mobile" too
+        if (strpos($UserAgentString, 'Device') || strpos($UserAgentString, 'Mobi') || strpos($UserAgentString, 'Mini') || strpos($UserAgentString, 'webOS')) {
+            return true;
+        }
+        return false;
+    }
+
+    public static function browser(&$UserAgentString)
+    {
+        if (empty($UserAgentString)) {
+            return 'Hidden';
+        }
+
+        $Return = 'Unknown';
+        foreach (self::$Browsers as $String => $Browser) {
+            if (strpos($UserAgentString, $String) !== false) {
+                $Return = $Browser;
+                break;
+            }
+        }
+        
+        if (self::mobile($UserAgentString)) {
+            $Return .= ' Mobile';
+        }
+        return $Return;
+    }
+}

classes/userrank.class.php

@@ -0,0 +1,173 @@
+<?php
+
+class UserRank
+{
+    const PREFIX = 'percentiles_'; // Prefix for memcache keys, to make life easier
+
+    // Returns a 101 row array (101 percentiles - 0 - 100), with the minimum value for that percentile as the value for each row
+    // BTW - ingenious
+    private static function build_table($MemKey, $Query)
+    {
+        $QueryID = G::$DB->get_query_id();
+
+        G::$DB->query("
+        DROP TEMPORARY TABLE IF EXISTS temp_stats");
+
+        G::$DB->query("
+        CREATE TEMPORARY TABLE temp_stats (
+          ID int(10) NOT NULL PRIMARY KEY AUTO_INCREMENT,
+          Val bigint(20) NOT NULL
+        );");
+
+        G::$DB->query("
+        INSERT INTO temp_stats (Val) ".
+        $Query);
+
+        G::$DB->query("
+        SELECT COUNT(ID)
+        FROM temp_stats");
+        list($UserCount) = G::$DB->next_record();
+
+        G::$DB->query("
+        SELECT MIN(Val)
+        FROM temp_stats
+          GROUP BY CEIL(ID / (".(int)$UserCount." / 100));");
+
+        $Table = G::$DB->to_array();
+        G::$DB->set_query_id($QueryID);
+
+        // Give a little variation to the cache length, so all the tables don't expire at the same time
+        G::$Cache->cache_value($MemKey, $Table, 3600 * 24 * rand(800, 1000) * 0.001);
+
+        return $Table;
+    }
+
+    private static function table_query($TableName)
+    {
+        switch ($TableName) {
+        case 'uploaded':
+          $Query =  "
+          SELECT Uploaded
+          FROM users_main
+          WHERE Enabled = '1'
+            AND Uploaded > 0
+          ORDER BY Uploaded;";
+          break;
+
+        case 'downloaded':
+          $Query =  "
+          SELECT Downloaded
+          FROM users_main
+          WHERE Enabled = '1'
+            AND Downloaded > 0
+          ORDER BY Downloaded;";
+          break;
+
+        case 'uploads':
+          $Query = "
+          SELECT COUNT(t.ID) AS Uploads
+          FROM users_main AS um
+            JOIN torrents AS t ON t.UserID = um.ID
+          WHERE um.Enabled = '1'
+          GROUP BY um.ID
+          ORDER BY Uploads;";
+          break;
+
+        case 'requests':
+          $Query = "
+          SELECT COUNT(r.ID) AS Requests
+          FROM users_main AS um
+            JOIN requests AS r ON r.FillerID = um.ID
+          WHERE um.Enabled = '1'
+          GROUP BY um.ID
+          ORDER BY Requests;";
+          break;
+
+        case 'posts':
+          $Query = "
+          SELECT COUNT(p.ID) AS Posts
+          FROM users_main AS um
+            JOIN forums_posts AS p ON p.AuthorID = um.ID
+          WHERE um.Enabled = '1'
+          GROUP BY um.ID
+          ORDER BY Posts;";
+          break;
+
+        case 'bounty':
+          $Query = "
+          SELECT SUM(rv.Bounty) AS Bounty
+          FROM users_main AS um
+            JOIN requests_votes AS rv ON rv.UserID = um.ID
+          WHERE um.Enabled = '1' " .
+          "GROUP BY um.ID
+          ORDER BY Bounty;";
+          break;
+
+        case 'artists':
+          $Query = "
+          SELECT COUNT(ta.ArtistID) AS Artists
+          FROM torrents_artists AS ta
+            JOIN torrents_group AS tg ON tg.ID = ta.GroupID
+            JOIN torrents AS t ON t.GroupID = tg.ID
+          WHERE t.UserID != ta.UserID
+          GROUP BY tg.ID
+          ORDER BY Artists ASC";
+          break;
+        }
+        return $Query;
+    }
+
+    public static function get_rank($TableName, $Value)
+    {
+        if ($Value == 0) {
+            return 0;
+        }
+
+        $Table = G::$Cache->get_value(self::PREFIX.$TableName);
+        if (!$Table) {
+            //Cache lock!
+            $Lock = G::$Cache->get_value(self::PREFIX.$TableName.'_lock');
+            if ($Lock) {
+                return false;
+            } else {
+                G::$Cache->cache_value(self::PREFIX.$TableName.'_lock', '1', 300);
+                $Table = self::build_table(self::PREFIX.$TableName, self::table_query($TableName));
+                G::$Cache->delete_value(self::PREFIX.$TableName.'_lock');
+            }
+        }
+
+        $LastPercentile = 0;
+        foreach ($Table as $Row) {
+            list($CurValue) = $Row;
+            if ($CurValue >= $Value) {
+                return $LastPercentile;
+            }
+            $LastPercentile++;
+        }
+        return 100; // 100th percentile
+    }
+
+    public static function overall_score($Uploaded, $Downloaded, $Uploads, $Requests, $Posts, $Bounty, $Artists, $Ratio)
+    {
+        // We can do this all in 1 line, but it's easier to read this way
+        if ($Ratio > 1) {
+            $Ratio = 1;
+        }
+
+        $TotalScore = 0;
+        if (in_array(false, func_get_args(), true)) {
+            return false;
+        }
+        
+        $TotalScore += $Uploaded * 15;
+        $TotalScore += $Downloaded * 8;
+        $TotalScore += $Uploads * 25;
+        $TotalScore += $Requests * 2;
+        $TotalScore += $Posts;
+        $TotalScore += $Bounty;
+        $TotalScore += $Artists;
+        $TotalScore /= (15 + 8 + 25 + 2 + 1 + 1 + 1);
+        $TotalScore *= $Ratio;
+        return $TotalScore;
+    }
+}

classes/util.php

@@ -0,0 +1,653 @@
+<?php
+#declare(strict_types = 1);
+
+// This is a file of miscellaneous functions that are called so damn often
+// that it'd just be annoying to stick them in namespaces.
+
+/**
+ * Return true if the given string is numeric.
+ *
+ * @param mixed $Str
+ * @return bool
+ */
+function is_number($Str)
+{
+    # todo: Strict equality breaks everything
+    return $Str == strval(intval($Str));
+}
+
+
+/**
+ * is_date()
+ */
+function is_date($Date)
+{
+    list($Y, $M, $D) = explode('-', $Date);
+
+    if (checkdate($M, $D, $Y)) {
+        return true;
+    }
+
+    return false;
+}
+
+
+/**
+ * Check that some given variables (usually in _GET or _POST) are numbers
+ *
+ * @param array $Base array that's supposed to contain all keys to check
+ * @param array $Keys list of keys to check
+ * @param mixed $Error error code or string to pass to the error() function if a key isn't numeric
+ */
+function assert_numbers(&$Base, $Keys, $Error = 0)
+{
+    // Make sure both arguments are arrays
+    if (!is_array($Base) || !is_array($Keys)) {
+        return;
+    }
+
+    foreach ($Keys as $Key) {
+        if (!isset($Base[$Key]) || !is_number($Base[$Key])) {
+            error($Error);
+        }
+    }
+}
+
+
+/**
+ * Return true, false or null, depending on the input value's "truthiness" or "non-truthiness"
+ *
+ * @param $Value the input value to check for truthiness
+ * @return true if $Value is "truthy", false if it is "non-truthy" or null if $Value was not
+ *         a bool-like value
+ */
+function is_bool_value($Value)
+{
+    if (is_bool($Value)) {
+        return $Value;
+    }
+
+    if (is_string($Value)) {
+        switch (strtolower($Value)) {
+            case 'true':
+            case 'yes':
+            case 'on':
+            case '1':
+                return true;
+
+            case 'false':
+            case 'no':
+            case 'off':
+            case '0':
+                return false;
+        }
+    }
+
+    if (is_numeric($Value)) {
+        if ($Value === 1) {
+            return true;
+        } elseif ($Value === 0) {
+            return false;
+        }
+    }
+
+    return;
+}
+
+
+/**
+ * HTML-escape a string for output.
+ * This is preferable to htmlspecialchars because it doesn't screw up upon a double escape.
+ *
+ * @param string $Str
+ * @return string escaped string.
+ */
+function display_str($Str)
+{
+    if ($Str === null || $Str === false || is_array($Str)) {
+        return '';
+    }
+
+    if ($Str !== '' && !is_number($Str)) {
+        $Str = Format::make_utf8($Str);
+        $Str = mb_convert_encoding($Str, 'HTML-ENTITIES', 'UTF-8');
+        $Str = preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,6};)/m", '&amp;', $Str);
+
+        $Replace = array(
+            "'",'"',"<",">",
+            '&#128;','&#130;','&#131;','&#132;','&#133;','&#134;','&#135;','&#136;',
+            '&#137;','&#138;','&#139;','&#140;','&#142;','&#145;','&#146;','&#147;',
+            '&#148;','&#149;','&#150;','&#151;','&#152;','&#153;','&#154;','&#155;',
+            '&#156;','&#158;','&#159;'
+        );
+
+        $With = array(
+            '&#39;','&quot;','&lt;','&gt;',
+            '&#8364;','&#8218;','&#402;','&#8222;','&#8230;','&#8224;','&#8225;','&#710;',
+            '&#8240;','&#352;','&#8249;','&#338;','&#381;','&#8216;','&#8217;','&#8220;',
+            '&#8221;','&#8226;','&#8211;','&#8212;','&#732;','&#8482;','&#353;','&#8250;',
+            '&#339;','&#382;','&#376;'
+        );
+
+        $Str = str_replace($Replace, $With, $Str);
+    }
+
+    return $Str;
+}
+
+
+/**
+ * Send a message to an IRC bot listening on SOCKET_LISTEN_PORT
+ *
+ * @param string $Raw An IRC protocol snippet to send.
+ */
+function send_irc($Channels = null, $Message = '')
+{
+    $ENV = ENV::go();
+
+    // Check if IRC is enabled
+    if (!$ENV->FEATURE_IRC || !$Channels) {
+        return false;
+    }
+
+    # The fn takes an array or string
+    $Dest = [];
+
+    # Quick missed connection fix
+    if (is_string($Channels)) {
+        $Channels = explode(' ', $Channels);
+    }
+    
+    # Strip leading #channel hash
+    foreach ($Channels as $c) {
+        array_push($Dest, preg_replace('/^#/', '', $c));
+    }
+
+    # Specific to AB's kana bot
+    # https://github.com/anniemaybytes/kana
+    $Command =
+    implode('-', $Dest)
+    . '|%|'
+    . html_entity_decode(
+        display_str($Message),
+        ENT_QUOTES
+    );
+
+    # Original input sanitization
+    $Command = str_replace(array("\n", "\r"), '', $Command);
+
+    # Send the raw echo
+    $IRCSocket = fsockopen(SOCKET_LISTEN_ADDRESS, SOCKET_LISTEN_PORT);
+    fwrite($IRCSocket, $Command);
+    fclose($IRCSocket);
+}
+
+
+/**
+ * notify()
+ * Formerly in sections/error/index.php
+ */
+function notify($Channel, $Message)
+{
+    $ENV = ENV::go();
+    global $LoggedUser;
+
+    # Redirect dev messages to debug channel
+    if ($ENV->DEV) {
+        $Channel = $ENV->DEBUG_CHAN;
+    }
+
+    #
+    send_irc(
+        $Channel,
+        $Message
+        . " error by "
+        . (!empty($LoggedUser['ID']) ? site_url()
+            . "user.php?id=".$LoggedUser['ID']
+            . " ("
+            . $LoggedUser['Username']
+            . ")" : $_SERVER['REMOTE_ADDR']
+            . " ("
+            . Tools::geoip($_SERVER['REMOTE_ADDR'])
+        . ")")
+        
+        . " accessing https://"
+        . SITE_DOMAIN
+        . ""
+        . $_SERVER['REQUEST_URI']
+        . (!empty($_SERVER['HTTP_REFERER']) ? " from "
+            . $_SERVER['HTTP_REFERER'] : '')
+    );
+}
+
+
+/**
+ * Advanced error handling
+ *
+ * Displays an HTTP status code with description and triggers an error.
+ * If you use your own string for $Error, it becomes the error description.
+ *
+ * @param int|string $Error Error type
+ * The available HTTP status codes are
+ *  - Client:  [ 400, 403, 404, 405, 408, 413, 429 ]
+ *  - Server:  [ 500, 502, 504 ]
+ *  - Gazelle: [ -1, 0, !! ]
+ *
+ * @param boolean $NoHTML If true, the header/footer won't be shown, just the error.
+ * @param string $Log If true, the user is given a link to search $Log in the site log.
+ * @param boolean $Debug If true, print bug reporting instructions and a stack trace.
+ * @param boolean $JSON If true, print the error as a JSON response.
+ */
+function error($Error = 1, $NoHTML = false, $Log = false, $Debug = true) # , $JSON = false)
+{
+    $ENV = ENV::go();
+
+    # Error out on erroneous $Error
+    (!$Error || $Error === null)
+        ?? trigger_error('No $Error.', E_USER_ERROR);
+
+    (!is_int($Error) || !is_string($Error))
+        ?? trigger_error('$Error must be int or string.', E_USER_ERROR);
+
+    # Formerly in sections/error/index.php
+    if (!empty($_GET['e']) && is_int($_GET['e'])) {
+        # Request error, i.e., /nonexistent_page.php
+        $Error = $_GET['e'];
+    }
+
+    # https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
+    switch ($Error) {
+        /**
+         * Client errors
+         */
+        case 400:
+        case 1: # Probably the user's fault
+            $Title = '400 Bad Request';
+            $Message = 'The server cannot or will not process the request due to an apparent client error
+                (e.g., malformed request syntax, size too large, invalid request message framing, or deceptive request routing).';
+            break;
+
+        case 403:
+            $Title = '403 Forbidden';
+            $Message = 'The request contained valid data and was understood by the server, but the server is refusing action.
+                This may be due to the user not having the necessary permissions for a resource or needing an account of some sort, or attempting a prohibited action
+                (e.g., creating a duplicate record where only one is allowed).
+                The request should not be repeated.';
+            if (substr($_SERVER['REQUEST_URI'], 0, 9) !== '/static/') {
+                notify($ENV->DEBUG_CHAN, $Title);
+            }
+            break;
+
+        case 404:
+            $Title = '404 Not Found';
+            $Message = 'The requested resource could not be found but may be available in the future.
+                Subsequent requests by the client are permissible.';
+            // Hide alerts for missing images and static requests
+            if (!preg_match(
+                "/\.(ico|jpg|jpeg|gif|png)$/",
+                $_SERVER['REQUEST_URI']
+            ) && substr($_SERVER['REQUEST_URI'], 0, 9) !== '/static/') {
+                notify($ENV->DEBUG_CHAN, $Title);
+            }
+            break;
+
+        case 405:
+            $Title = '405 Method Not Allowed';
+            $Message = 'A request method is not supported for the requested resource;
+                for example, a GET request on a form that requires data to be presented via POST,
+                or a PUT request on a read-only resource.';
+            notify($ENV->DEBUG_CHAN, $Title);
+            break;
+  
+        case 408:
+            $Title = '408 Request Timeout';
+            $Message = 'The server timed out waiting for the request.
+                According to HTTP specifications:
+                "The client did not produce a request within the time that the server was prepared to wait.
+                The client MAY repeat the request without modifications at any later time."';
+            break;
+
+        case 413:
+            $Title = '413 Payload Too Large';
+            $Message = 'The request is larger than the server is willing or able to process.';
+            notify($ENV->DEBUG_CHAN, $Title);
+            break;
+
+        case 429:
+            $Title = '429 Too Many Requests';
+            $Message = 'The user has sent too many requests in a given amount of time.';
+            notify($ENV->DEBUG_CHAN, $Title);
+            break;
+
+        /**
+         * Server errors
+         */
+        case 500:
+            $Title = '500 Internal Server Error';
+            $Message = 'A generic error message,
+                given when an unexpected condition was encountered and no more specific message is suitable.';
+        break;
+
+        case 502:
+            $Title = '502 Bad Gateway';
+            $Message = 'The server was acting as a gateway or proxy and received an invalid response from the upstream server.';
+            notify($ENV->DEBUG_CHAN, $Title);
+        break;
+
+        case 504:
+            $Title = '504 Gateway Timeout';
+            $Message = 'The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.';
+            notify($ENV->DEBUG_CHAN, $Title);
+        break;
+
+        /**
+         * Gazelle errors
+         */
+        case -1:
+        #case 0: # Matches custom error strings
+            $Title = 'Invalid Input';
+            $Message = 'Something was wrong with the input provided with your request, and the server is refusing to fulfill it.';
+            notify($ENV->DEBUG_CHAN, 'PHP-0');
+        break;
+
+        case '!!':
+            $Title = 'Unexpected Error';
+            $Message = 'You have encountered an unexpected error.';
+            notify($ENV->DEBUG_CHAN, 'unexpected');
+        break;
+
+        default:
+            $Title = 'Other Error';
+            $Message = "A function supplied its own error message: $Error";
+            notify($ENV->DEBUG_CHAN, $Message);
+    }
+
+    # Normalize whitespace before adding features
+    $Message = preg_replace('/\s{2,}/', ' ', $Message);
+
+    /**
+     * JSON error output
+     */
+    /*
+    if ($JSON) {
+        print
+        json_encode(
+            array(
+              'status' => 'error',
+              'response' => $Message
+            )
+        );
+    }
+    */
+
+    /**
+     * Append $Log
+     * Formerly in sections/error/index.php
+     */
+    if ($Log ?? false) {
+        $Message .= " <a href='log.php?search=$Title'>Search Log</a>";
+    }
+
+    /**
+     * Append $Debug
+     */
+    if ($Debug ?? false) {
+        $DateTime = strftime('%c', $_SERVER['REQUEST_TIME']);
+        $BackTrace = debug_string_backtrace();
+
+        $Message .= ($NoHTML)
+            ? $BackTrace
+            : <<<HTML
+        <br /><br />
+        Please include the server response below,
+        as in a <a href="/staff.php">Staff PM</a>,
+        to help with debugging.
+
+<pre>
+```
+$DateTime
+{$_SERVER['SERVER_PROTOCOL']} {$_SERVER['REQUEST_METHOD']} $Title
+
+{$_SERVER['SCRIPT_FILENAME']}
+{$_SERVER['REQUEST_URI']}
+
+$BackTrace
+```
+</pre>
+HTML;
+    }
+
+    /**
+     * Display HTML
+     * Formerly in sections/error/index.php
+     */
+    if (empty($NoHTML)) {
+        View::show_header($Title);
+        echo $HTML = <<<HTML
+        <div>
+          <h2 class="header">$Title</h2>
+
+          <div class="box pad">
+            <p>$Message</p>
+          </div>
+        </div>
+HTML;
+        View::show_footer();
+    }
+
+    # Trigger the error
+    global $Debug;
+    $Debug->profile();
+    trigger_error("$Title - $Message", E_USER_ERROR);
+    throw new Exception("$Title - $Message");
+}
+
+
+/**
+ * debug_string_backtrace()
+ * https://stackoverflow.com/a/7039409
+ */
+function debug_string_backtrace()
+{
+    $e = new Exception;
+    return $e->getTraceAsString();
+}
+
+
+/**
+ * Convenience function. See doc in permissions.class.php
+ */
+function check_perms($PermissionName, $MinClass = 0)
+{
+    return Permissions::check_perms($PermissionName, $MinClass);
+}
+
+
+/**
+ * get_permissions_for_user()
+ */
+function get_permissions_for_user($UserID, $CustomPermissions = false)
+{
+    return Permissions::get_permissions_for_user($UserID, $CustomPermissions = false);
+}
+
+
+/**
+ * Print the site's URL including the appropriate URI scheme, including the trailing slash
+ */
+function site_url()
+{
+    return 'https://' . SITE_DOMAIN . '/';
+}
+# End OT/Bio Gazelle util.php
+
+
+    /**
+     * OPS JSON functions
+     * @see https://github.com/OPSnet/Gazelle/blob/master/classes/util.php
+     */
+
+/**
+ * Print JSON status result with an optional message and die.
+ */
+function json_die($Status, $Message = 'bad parameters')
+{
+    json_print($Status, $Message);
+    die();
+}
+
+/**
+ * Print JSON status result with an optional message.
+ */
+function json_print($Status, $Message)
+{
+    if ($Status === 'success' && $Message) {
+        $response = ['status' => $Status, 'response' => $Message];
+    } elseif ($Message) {
+        $response = ['status' => $Status, 'error' => $Message];
+    } else {
+        $response = ['status' => $Status, 'response' => []];
+    }
+
+    print(json_encode(add_json_info($response)));
+}
+
+/**
+ * json_error
+ */
+function json_error($Code)
+{
+    echo json_encode(add_json_info(['status' => 'failure', 'error' => $Code, 'response' => []]));
+    die();
+}
+
+/**
+ * json_or_error
+ */
+function json_or_error($JsonError, $Error = null, $NoHTML = false)
+{
+    if (defined('AJAX')) {
+        json_error($JsonError);
+    } else {
+        error($Error ?? $JsonError, $NoHTML);
+    }
+}
+
+/**
+ * add_json_info
+ */
+function add_json_info($Json)
+{
+    $ENV = ENV::go();
+
+    if (!isset($Json['info'])) {
+        $Json = array_merge($Json, [
+            'info' => [
+                'source' => $ENV->SITE_NAME,
+                'version' => 1,
+            ],
+        ]);
+    }
+    if (!isset($Json['debug']) && check_perms('site_debug')) {
+        /** @var DEBUG $Debug */
+        global $Debug;
+        $Json = array_merge($Json, [
+            'debug' => [
+                'queries' => $Debug->get_queries(),
+                'searches' => $Debug->get_sphinxql_queries()
+            ],
+        ]);
+    }
+    return $Json;
+}
+
+# End OPS JSON functions
+# Start OPS misc functions
+
+/**
+ * Hydrate an array from a query string (everything that follow '?')
+ * This reimplements parse_str() and side-steps the issue of max_input_vars limits.
+ *
+ * Example:
+ * in: li[]=14&li[]=31&li[]=58&li[]=68&li[]=69&li[]=54&li[]=5, param=li[]
+ * parsed: ['li[]' => ['14', '31, '58', '68', '69', '5']]
+ * out: ['14', '31, '58', '68', '69', '5']
+ *
+ * @param string query string from url
+ * @param string url param to extract
+ * @return array hydrated equivalent
+ */
+function parseUrlArgs(string $urlArgs, string $param): array
+{
+    $list = [];
+    $pairs = explode('&', $urlArgs);
+    foreach ($pairs as $p) {
+        [$name, $value] = explode('=', $p, 2);
+        if (!isset($list[$name])) {
+            $list[$name] = $value;
+        } else {
+            if (!is_array($list[$name])) {
+                $list[$name] = [$list[$name]];
+            }
+            $list[$name][] = $value;
+        }
+    }
+    return array_key_exists($param, $list) ? $list[$param] : [];
+}
+
+
+/**
+ * base64UrlEncode
+ * base64UrlDecode
+ * @see https://github.com/OPSnet/Gazelle/blob/master/app/Util/Text.php
+ */
+function base64UrlEncode($data)
+{
+    return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
+}
+
+function base64UrlDecode($data)
+{
+    return base64_decode(str_pad(
+        strtr($data, '-_', '+/'),
+        strlen($data) % 4,
+        '=',
+        STR_PAD_RIGHT
+    ));
+}
+
+/**
+ * log_token_attempt
+ * @see https://github.com/OPSnet/Gazelle/blob/master/classes/util.php
+ */
+// TODO: reconcile this with log_attempt in login/index.php
+function log_token_attempt(DB_MYSQL $db, int $userId = 0): void
+{
+    $watch = new LoginWatch;
+    $ipStr = $_SERVER['REMOTE_ADDR'];
+
+    [$attemptId, $attempts, $bans] = $db->row(
+        '
+        SELECT ID, Attempts, Bans
+        FROM login_attempts
+        WHERE IP = ?
+        ',
+        $_SERVER['REMOTE_ADDR']
+    );
+
+    if (!$attemptId) {
+        $watch->create($ipStr, null, $userId);
+        return;
+    }
+
+    $attempts++;
+    $watch->setWatch($attemptId);
+    if ($attempts < 6) {
+        $watch->increment($userId, $ipStr, null);
+        return;
+    }
+    $watch->ban($attempts, null, $userId);
+    if ($bans > 9) {
+        (new IPv4())->createBan(0, $ipStr, $ipStr, 'Automated ban per failed token usage');
+    }
+}

classes/validate.class.php

@@ -0,0 +1,566 @@
+<?php
+
+/**
+ * Validate
+ * CURRENTLY UNTESTED
+ *
+ * WCD/OT Gazelle contains two functions by default:
+ *  - SetFields()
+ *  - ValidateForm()
+ *
+ * The first is responsible for initializing a number of internal variables.
+ * The second does the actual validation with rather hideous and clumsy logic.
+ *
+ * Bio Gazelle seeks to improve this class and centralize site validation.
+ * The class should serve these common and use-dependent functions:
+ *
+ *  - Ensure that no malicious data enters the DB
+ *   - Prevent XSS and SQL injection via $_GET and $_POST
+ *   - Escape all text inputs and HTML outputs
+ *   - Generate secure input elements and DB outputs
+ *   - Enforce $_POST except when $_GET is necessary (e.g., search → RSS)
+ *
+ *  - Ensure that no junk data enters the DB
+ *   - Enforce HTML form element limits (generated by this class)
+ *   - Prove that a date is valid and output DB-safe datetimes
+ *   - Limit acceptable input to classes/config.php constants
+ *   - Provide structured ways to support user data (e.g., $x Samples)
+ *   - Autocomplete everywhere
+ *   - Enforce DBKEY on all encryped input
+ *
+ *  - Some more stuff, a running list
+ *   - Check if a successful function returns null, e.g.,
+ *     php > function test() { return; }
+ *     php > var_dump(test());
+ *     NULL
+ *
+ *   - Check if a failed function returns false, e.g.,
+ *     php > function orwell() { return (2 + 2 === 5); }
+ *     php > var_dump(orwell());
+ *     bool(false)
+ *
+ * todo: Support form ID checks
+ * todo: Number and date validation
+ */
+
+class Validate
+{
+    /**
+     * title
+     *
+     * Check if a torrent title is valid.
+     * If so, return the sanitized title.
+     * If not, return an error.
+     */
+    public function textInput($String)
+    {
+        # Previously a constant
+        $MinLength = 10;
+        $MaxLength = 255;
+
+        # Does it exist and is it valid?
+        if (!$String || !is_string($String)) {
+            error('No or invalid $String parameter.');
+        }
+
+        # Is it too long or short?
+        if (count($String)) {
+        }
+    }
+
+
+    /**
+     * Torrent errors
+     *
+     * Responsible for the red error messages on bad upload attemps.
+     * todo: Test $this->TorrentError() on new file checker functions
+     */
+    public function TorrentError($Suspect)
+    {
+        global $Err;
+
+        if (!$Suspect) {
+            error('No error source :^)');
+        }
+
+        switch (false) {
+            case $this->HasExtensions($Suspect, 1):
+                return $Err = "The torrent has one or more files without extensions:\n" . display_str($Suspect);
+
+            case $this->CruftFree($Suspect):
+                return $Err = "The torrent has one or more junk files:\n" . display_str($Suspect);
+
+            case $this->SafeCharacters($Suspect):
+                $BadChars = $this->SafeCharacters('', true);
+                return $Err = "One or more files has the forbidden characters $BadChars:\n" . display_str($Suspect);
+            
+            default:
+                return null;
+        }
+
+        return null;
+    }
+
+    /**
+     * Check if a file has no extension and return false.
+     * Otherwise, return an array of the last $x extensions.
+     */
+    private function HasExtensions($FileName, $x)
+    {
+        if (!is_int($x) || $x <= 0) {
+            error('Requested number of extensions must be <= 0');
+        }
+
+        if (!strstr('.', $FileName)) {
+            return false;
+        }
+
+        $Extensions = array_slice(explode('.', strtolower($FileName)), -$x, $x);
+        return (!empty($Extensions)) ? $Extensions : false;
+    }
+
+    /**
+     * Check if a file is junk according to a filename blacklist.
+     * todo: Change $Keywords into an array of regexes
+     */
+    public function CruftFree($FileName)
+    {
+        $Keywords = [
+            'ahashare.com',
+            'demonoid.com',
+            'demonoid.me',
+            'djtunes.com',
+            'h33t',
+            'housexclusive.net',
+            'limetorrents.com',
+            'mixesdb.com',
+            'mixfiend.blogstop',
+            'mixtapetorrent.blogspot',
+            'plixid.com',
+            'reggaeme.com',
+            'scc.nfo',
+            'thepiratebay.org',
+            'torrentday',
+        ];
+        
+        # $Keywords match
+        foreach ($Keywords as &$Value) {
+            if (strpos(strtolower($FileName), $Value) !== false) {
+                return false;
+            }
+        }
+    
+        # Incomplete data
+        if (preg_match('/INCOMPLETE~\*/i', $FileName)) {
+            return false;
+        }
+
+        return true;
+    }
+      
+    /*
+     * These characters are invalid on Windows NTFS:
+     *   : ? / < > \ * | "
+     *
+     * If no $FileName, return the list of bad characters.
+     * If $FileName contains, a bad character, return false.
+     * Otherwise, return true.
+     *
+     * todo: Add "/" to the blacklist. This causes problems with nested dirs, apparently
+     * todo: Make possible preg_match($AllBlockedChars, $Name, $Matches)
+     */
+    public function SafeCharacters($FileName, $Pretty = false)
+    {
+        $InvalidChars = ':?<>\*|"';
+
+        if (empty($FileName)) {
+            return (!$Pretty) ? $InvalidChars : implode(' ', str_split($InvalidChars));
+        }
+
+        # todo: Regain functionality to return the invalid character
+        if (preg_match(implode('\\', str_split($InvalidChars)), $Name, $Matches)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Extension Parser
+     *
+     * Takes an associative array of file types and extension, e.g.,
+     * $Archives = [
+     *   '7z'     => ['7z'],
+     *   'bzip2'  => ['bz2', 'bzip2'],
+     *   'gzip'   => ['gz', 'gzip', 'tgz', 'tpz'],
+     *   ...
+     * ];
+     *
+     * Then it finds all the extensions in a torrent file list,
+     * organizes them by file size, and returns the heaviest match.
+     *
+     * That way, you can have, e.g., 5 GiB FASTQ sequence data in one file,
+     * and 100 other small files, and get the format of the actual data.
+     */
+    public function ParseExtensions($FileList, $Category, $FileTypes)
+    {
+        # Sort $Tor->file_list() output by size
+        $UnNested = array_values($FileList[1]);
+        $Sorted = (usort($UnNested, function ($a, $b) {
+            return $b <=> $a;
+        })) ? $UnNested : null;  # Ternary wrap because &uarr; returns true
+        
+        # Harvest the wheat
+        # todo: Entries seem duplicated here
+        $Heaviest = array_slice($Sorted, 0, 20);
+        $Matches = [];
+
+        # Distill the file format
+        $FileTypes = $FileTypes[$Category];
+        $FileTypeNames = array_keys($FileTypes);
+
+        foreach ($Heaviest as $Heaviest) {
+            # Collect the last 2 period-separated tokens
+            $Extensions = array_slice(explode('.', strtolower($Heaviest[1])), -2, 2);
+            $Matches = array_merge($Extensions);
+
+            # todo: Reduce nesting by one level
+            foreach ($Matches as $Match) {
+                $Match = strtolower($Match);
+        
+                foreach ($FileTypeNames as $FileTypeName) {
+                    $SearchMe = [ $FileTypeName, $FileTypes[$FileTypeName] ];
+        
+                    if (in_array($Match, $SearchMe[1])) {
+                        return $SearchMe[0];
+                        break;
+                    }
+                }
+
+                # Return the last element (Other or None)
+                return array_key_last($FileTypes);
+            }
+        }
+    }
+
+
+    /**
+     * Make input
+     * https://www.w3schools.com/html/html_form_input_types.asp
+     *
+     * Generate a secure HTML input element.
+     * Takes $Type, $Name (also used for id), and $Classes.
+     * Outputs a hardened input with the requested attributes.
+     *
+     * todo: See if this could work, one ugly switch for all forms in sections/
+     */
+
+    public function MakeInput($Type = 'text', $Name = '', $Classes = [])
+    {
+        if (!is_str($Type) || !is_str($Name)) {
+            error('$Type and $Name must be strings');
+        }
+
+        # Intentionally double quoted PHP constructing $HTML
+        # <input type='text' id='title_jp' name='title_jp' class='one two'
+        $HTML  = "";
+        $HTML .= "<input type='$Type' id='$Name' name='$Name'";
+        $HTML .= (!empty($Classes)) ? " class='" . implode(' ', $Classes) . "'" : "";
+
+        /*
+        'button'
+        'checkbox'
+        'color'
+        'date'
+        'datetime-local'
+        'email'
+        'file'
+        'hidden'
+        'image'
+        'month'
+        'number'
+        'password'
+        'radio'
+        'range'
+        'reset'
+        'search'
+        'submit'
+        'tel'
+        'text'
+        'time'
+        'url'
+        'week'
+        */
+                
+        return null;
+    }
+    
+
+    /**
+     * Legacy class
+     */
+    public $Fields = [];
+    public function SetFields($FieldName, $Required, $FieldType, $ErrorMessage, $Options = [])
+    {
+        $this->Fields[$FieldName]['Type'] = strtolower($FieldType);
+        $this->Fields[$FieldName]['Required'] = $Required;
+        $this->Fields[$FieldName]['ErrorMessage'] = $ErrorMessage;
+
+        if (!empty($Options['maxlength'])) {
+            $this->Fields[$FieldName]['MaxLength'] = $Options['maxlength'];
+        }
+
+        if (!empty($Options['minlength'])) {
+            $this->Fields[$FieldName]['MinLength'] = $Options['minlength'];
+        }
+
+        if (!empty($Options['comparefield'])) {
+            $this->Fields[$FieldName]['CompareField'] = $Options['comparefield'];
+        }
+
+        if (!empty($Options['allowperiod'])) {
+            $this->Fields[$FieldName]['AllowPeriod'] = $Options['allowperiod'];
+        }
+
+        if (!empty($Options['allowcomma'])) {
+            $this->Fields[$FieldName]['AllowComma'] = $Options['allowcomma'];
+        }
+
+        if (!empty($Options['inarray'])) {
+            $this->Fields[$FieldName]['InArray'] = $Options['inarray'];
+        }
+
+        if (!empty($Options['regex'])) {
+            $this->Fields[$FieldName]['Regex'] = $Options['regex'];
+        }
+    }
+
+    public function ValidateForm($ValidateArray)
+    {
+        reset($this->Fields);
+        foreach ($this->Fields as $FieldKey => $Field) {
+            $ValidateVar = $ValidateArray[$FieldKey];
+
+            # todo: Change this to a switch statement
+            if ($ValidateVar !== '' || !empty($Field['Required']) || $Field['Type'] === 'date') {
+                if ($Field['Type'] === 'string') {
+                    if (isset($Field['MaxLength'])) {
+                        $MaxLength = $Field['MaxLength'];
+                    } else {
+                        $MaxLength = 255;
+                    }
+
+                    if (isset($Field['MinLength'])) {
+                        $MinLength = $Field['MinLength'];
+                    } else {
+                        $MinLength = 1;
+                    }
+
+                    if (strlen($ValidateVar) > $MaxLength) {
+                        return $Field['ErrorMessage'];
+                    } elseif (strlen($ValidateVar) < $MinLength) {
+                        return $Field['ErrorMessage'];
+                    }
+                } elseif ($Field['Type'] === 'number') {
+                    if (isset($Field['MaxLength'])) {
+                        $MaxLength = $Field['MaxLength'];
+                    } else {
+                        $MaxLength = '';
+                    }
+
+                    if (isset($Field['MinLength'])) {
+                        $MinLength = $Field['MinLength'];
+                    } else {
+                        $MinLength = 0;
+                    }
+
+                    $Match = '0-9';
+                    if (isset($Field['AllowPeriod'])) {
+                        $Match .= '.';
+                    }
+
+                    if (isset($Field['AllowComma'])) {
+                        $Match .= ',';
+                    }
+
+                    if (preg_match('/[^'.$Match.']/', $ValidateVar) || strlen($ValidateVar) < 1) {
+                        return $Field['ErrorMessage'];
+                    } elseif ($MaxLength !== '' && $ValidateVar > $MaxLength) {
+                        return $Field['ErrorMessage'].'!!';
+                    } elseif ($ValidateVar < $MinLength) {
+                        return $Field['ErrorMessage']."$MinLength";
+                    }
+                } elseif ($Field['Type'] === 'email') {
+                    if (isset($Field['MaxLength'])) {
+                        $MaxLength = $Field['MaxLength'];
+                    } else {
+                        $MaxLength = 255;
+                    }
+
+                    if (isset($Field['MinLength'])) {
+                        $MinLength = $Field['MinLength'];
+                    } else {
+                        $MinLength = 6;
+                    }
+
+                    if (!preg_match("/^".EMAIL_REGEX."$/i", $ValidateVar)) {
+                        return $Field['ErrorMessage'];
+                    } elseif (strlen($ValidateVar) > $MaxLength) {
+                        return $Field['ErrorMessage'];
+                    } elseif (strlen($ValidateVar) < $MinLength) {
+                        return $Field['ErrorMessage'];
+                    }
+                } elseif ($Field['Type'] === 'link') {
+                    if (isset($Field['MaxLength'])) {
+                        $MaxLength = $Field['MaxLength'];
+                    } else {
+                        $MaxLength = 255;
+                    }
+
+                    if (isset($Field['MinLength'])) {
+                        $MinLength = $Field['MinLength'];
+                    } else {
+                        $MinLength = 10;
+                    }
+
+                    if (!preg_match('/^'.URL_REGEX.'$/i', $ValidateVar)) {
+                        return $Field['ErrorMessage'];
+                    } elseif (strlen($ValidateVar) > $MaxLength) {
+                        return $Field['ErrorMessage'];
+                    } elseif (strlen($ValidateVar) < $MinLength) {
+                        return $Field['ErrorMessage'];
+                    }
+                } elseif ($Field['Type'] === 'username') {
+                    if (isset($Field['MaxLength'])) {
+                        $MaxLength = $Field['MaxLength'];
+                    } else {
+                        $MaxLength = 20;
+                    }
+                    
+                    if (isset($Field['MinLength'])) {
+                        $MinLength = $Field['MinLength'];
+                    } else {
+                        $MinLength = 1;
+                    }
+
+                    if (!preg_match(USERNAME_REGEX, $ValidateVar)) {
+                        return $Field['ErrorMessage'];
+                    } elseif (strlen($ValidateVar) > $MaxLength) {
+                        return $Field['ErrorMessage'];
+                    } elseif (strlen($ValidateVar) < $MinLength) {
+                        return $Field['ErrorMessage'];
+                    }
+                } elseif ($Field['Type'] === 'checkbox') {
+                    if (!isset($ValidateArray[$FieldKey])) {
+                        return $Field['ErrorMessage'];
+                    }
+                } elseif ($Field['Type'] === 'compare') {
+                    if ($ValidateArray[$Field['CompareField']] !== $ValidateVar) {
+                        return $Field['ErrorMessage'];
+                    }
+                } elseif ($Field['Type'] === 'inarray') {
+                    if (array_search($ValidateVar, $Field['InArray']) === false) {
+                        return $Field['ErrorMessage'];
+                    }
+                } elseif ($Field['Type'] === 'regex') {
+                    if (!preg_match($Field['Regex'], $ValidateVar)) {
+                        return $Field['ErrorMessage'];
+                    }
+                }
+            }
+        } // while
+    } // function
+} // class
+
+
+/**
+ * File checker stub class
+ *
+ * Not technically part of the Validate class (yet).
+ * Useful torrent file functions such as finding disallowed characters.
+ * This will eventually move inside Validate for upload_handle.php.
+ */
+
+$Keywords = array(
+  'ahashare.com', 'demonoid.com', 'demonoid.me', 'djtunes.com', 'h33t', 'housexclusive.net',
+  'limetorrents.com', 'mixesdb.com', 'mixfiend.blogstop', 'mixtapetorrent.blogspot',
+  'plixid.com', 'reggaeme.com' , 'scc.nfo', 'thepiratebay.org', 'torrentday');
+
+function check_file($Type, $Name)
+{
+    check_name($Name);
+    check_extensions($Type, $Name);
+}
+
+function check_name($Name)
+{
+    global $Keywords;
+    $NameLC = strtolower($Name);
+
+    foreach ($Keywords as &$Value) {
+        if (strpos($NameLC, $Value) !== false) {
+            forbidden_error($Name);
+        }
+    }
+
+    if (preg_match('/INCOMPLETE~\*/i', $Name)) {
+        forbidden_error($Name);
+    }
+
+    /*
+     * These characters are invalid in NTFS on Windows systems:
+     *    : ? / < > \ * | "
+     *
+     * todo: Add "/" to the blacklist. This causes problems with nested dirs, apparently
+     * todo: Make possible preg_match($AllBlockedChars, $Name, $Matches)
+     *
+     * Only the following characters need to be escaped (see the link below):
+     *    \ - ^ ]
+     *
+     * http://www.php.net/manual/en/regexp.reference.character-classes.php
+     */
+    $AllBlockedChars = ' : ? < > \ * | " ';
+    if (preg_match('/[\\:?<>*|"]/', $Name, $Matches)) {
+        character_error($Matches[0], $AllBlockedChars);
+    }
+}
+
+function check_extensions($Type, $Name)
+{
+    # todo: Make generic or subsume into Validate->ParseExtensions()
+    /*
+    if (!isset($MusicExtensions[get_file_extension($Name)])) {
+        invalid_error($Name);
+    }
+    */
+}
+
+function get_file_extension($FileName)
+{
+    return strtolower(substr(strrchr($FileName, '.'), 1));
+}
+
+/**
+ * Error functions
+ *
+ * Responsible for the red error messages on bad upload attemps.
+ * todo: Make one function, e.g., Validate->error($type)
+ */
+
+function invalid_error($Name)
+{
+    global $Err;
+    $Err = 'The torrent contained one or more invalid files (' . display_str($Name) . ')';
+}
+
+function forbidden_error($Name)
+{
+    global $Err;
+    $Err = 'The torrent contained one or more forbidden files (' . display_str($Name) . ')';
+}
+
+function character_error($Character, $AllBlockedChars)
+{
+    global $Err;
+    $Err = "One or more of the files or folders in the torrent has a name that contains the forbidden character '$Character'. Please rename the files as necessary and recreate the torrent.<br /><br />\nNote: The complete list of characters that are disallowed are shown below:<br />\n\t\t$AllBlockedChars";
+}

classes/vendor/ParsedownExtra.php

@@ -0,0 +1,686 @@
+<?php
+
+#
+#
+# Parsedown Extra
+# https://github.com/erusev/parsedown-extra
+#
+# (c) Emanuil Rusev
+# http://erusev.com
+#
+# For the full license information, view the LICENSE file that was distributed
+# with this source code.
+#
+#
+
+class ParsedownExtra extends Parsedown
+{
+    # ~
+
+    const version = '0.8.0';
+
+    # ~
+
+    function __construct()
+    {
+        if (version_compare(parent::version, '1.7.1') < 0)
+        {
+            throw new Exception('ParsedownExtra requires a later version of Parsedown');
+        }
+
+        $this->BlockTypes[':'] []= 'DefinitionList';
+        $this->BlockTypes['*'] []= 'Abbreviation';
+
+        # identify footnote definitions before reference definitions
+        array_unshift($this->BlockTypes['['], 'Footnote');
+
+        # identify footnote markers before before links
+        array_unshift($this->InlineTypes['['], 'FootnoteMarker');
+    }
+
+    #
+    # ~
+
+    function text($text)
+    {
+        $Elements = $this->textElements($text);
+
+        # convert to markup
+        $markup = $this->elements($Elements);
+
+        # trim line breaks
+        $markup = trim($markup, "\n");
+
+        # merge consecutive dl elements
+
+        $markup = preg_replace('/<\/dl>\s+<dl>\s+/', '', $markup);
+
+        # add footnotes
+
+        if (isset($this->DefinitionData['Footnote']))
+        {
+            $Element = $this->buildFootnoteElement();
+
+            $markup .= "\n" . $this->element($Element);
+        }
+
+        return $markup;
+    }
+
+    #
+    # Blocks
+    #
+
+    #
+    # Abbreviation
+
+    protected function blockAbbreviation($Line)
+    {
+        if (preg_match('/^\*\[(.+?)\]:[ ]*(.+?)[ ]*$/', $Line['text'], $matches))
+        {
+            $this->DefinitionData['Abbreviation'][$matches[1]] = $matches[2];
+
+            $Block = array(
+                'hidden' => true,
+            );
+
+            return $Block;
+        }
+    }
+
+    #
+    # Footnote
+
+    protected function blockFootnote($Line)
+    {
+        if (preg_match('/^\[\^(.+?)\]:[ ]?(.*)$/', $Line['text'], $matches))
+        {
+            $Block = array(
+                'label' => $matches[1],
+                'text' => $matches[2],
+                'hidden' => true,
+            );
+
+            return $Block;
+        }
+    }
+
+    protected function blockFootnoteContinue($Line, $Block)
+    {
+        if ($Line['text'][0] === '[' and preg_match('/^\[\^(.+?)\]:/', $Line['text']))
+        {
+            return;
+        }
+
+        if (isset($Block['interrupted']))
+        {
+            if ($Line['indent'] >= 4)
+            {
+                $Block['text'] .= "\n\n" . $Line['text'];
+
+                return $Block;
+            }
+        }
+        else
+        {
+            $Block['text'] .= "\n" . $Line['text'];
+
+            return $Block;
+        }
+    }
+
+    protected function blockFootnoteComplete($Block)
+    {
+        $this->DefinitionData['Footnote'][$Block['label']] = array(
+            'text' => $Block['text'],
+            'count' => null,
+            'number' => null,
+        );
+
+        return $Block;
+    }
+
+    #
+    # Definition List
+
+    protected function blockDefinitionList($Line, $Block)
+    {
+        if ( ! isset($Block) or $Block['type'] !== 'Paragraph')
+        {
+            return;
+        }
+
+        $Element = array(
+            'name' => 'dl',
+            'elements' => array(),
+        );
+
+        $terms = explode("\n", $Block['element']['handler']['argument']);
+
+        foreach ($terms as $term)
+        {
+            $Element['elements'] []= array(
+                'name' => 'dt',
+                'handler' => array(
+                    'function' => 'lineElements',
+                    'argument' => $term,
+                    'destination' => 'elements'
+                ),
+            );
+        }
+
+        $Block['element'] = $Element;
+
+        $Block = $this->addDdElement($Line, $Block);
+
+        return $Block;
+    }
+
+    protected function blockDefinitionListContinue($Line, array $Block)
+    {
+        if ($Line['text'][0] === ':')
+        {
+            $Block = $this->addDdElement($Line, $Block);
+
+            return $Block;
+        }
+        else
+        {
+            if (isset($Block['interrupted']) and $Line['indent'] === 0)
+            {
+                return;
+            }
+
+            if (isset($Block['interrupted']))
+            {
+                $Block['dd']['handler']['function'] = 'textElements';
+                $Block['dd']['handler']['argument'] .= "\n\n";
+
+                $Block['dd']['handler']['destination'] = 'elements';
+
+                unset($Block['interrupted']);
+            }
+
+            $text = substr($Line['body'], min($Line['indent'], 4));
+
+            $Block['dd']['handler']['argument'] .= "\n" . $text;
+
+            return $Block;
+        }
+    }
+
+    #
+    # Header
+
+    protected function blockHeader($Line)
+    {
+        $Block = parent::blockHeader($Line);
+
+        if ($Block !== null && preg_match('/[ #]*{('.$this->regexAttribute.'+)}[ ]*$/', $Block['element']['handler']['argument'], $matches, PREG_OFFSET_CAPTURE))
+        {
+            $attributeString = $matches[1][0];
+
+            $Block['element']['attributes'] = $this->parseAttributeData($attributeString);
+
+            $Block['element']['handler']['argument'] = substr($Block['element']['handler']['argument'], 0, $matches[0][1]);
+        }
+
+        return $Block;
+    }
+
+    #
+    # Markup
+
+    protected function blockMarkup($Line)
+    {
+        if ($this->markupEscaped or $this->safeMode)
+        {
+            return;
+        }
+
+        if (preg_match('/^<(\w[\w-]*)(?:[ ]*'.$this->regexHtmlAttribute.')*[ ]*(\/)?>/', $Line['text'], $matches))
+        {
+            $element = strtolower($matches[1]);
+
+            if (in_array($element, $this->textLevelElements))
+            {
+                return;
+            }
+
+            $Block = array(
+                'name' => $matches[1],
+                'depth' => 0,
+                'element' => array(
+                    'rawHtml' => $Line['text'],
+                    'autobreak' => true,
+                ),
+            );
+
+            $length = strlen($matches[0]);
+            $remainder = substr($Line['text'], $length);
+
+            if (trim($remainder) === '')
+            {
+                if (isset($matches[2]) or in_array($matches[1], $this->voidElements))
+                {
+                    $Block['closed'] = true;
+                    $Block['void'] = true;
+                }
+            }
+            else
+            {
+                if (isset($matches[2]) or in_array($matches[1], $this->voidElements))
+                {
+                    return;
+                }
+                if (preg_match('/<\/'.$matches[1].'>[ ]*$/i', $remainder))
+                {
+                    $Block['closed'] = true;
+                }
+            }
+
+            return $Block;
+        }
+    }
+
+    protected function blockMarkupContinue($Line, array $Block)
+    {
+        if (isset($Block['closed']))
+        {
+            return;
+        }
+
+        if (preg_match('/^<'.$Block['name'].'(?:[ ]*'.$this->regexHtmlAttribute.')*[ ]*>/i', $Line['text'])) # open
+        {
+            $Block['depth'] ++;
+        }
+
+        if (preg_match('/(.*?)<\/'.$Block['name'].'>[ ]*$/i', $Line['text'], $matches)) # close
+        {
+            if ($Block['depth'] > 0)
+            {
+                $Block['depth'] --;
+            }
+            else
+            {
+                $Block['closed'] = true;
+            }
+        }
+
+        if (isset($Block['interrupted']))
+        {
+            $Block['element']['rawHtml'] .= "\n";
+            unset($Block['interrupted']);
+        }
+
+        $Block['element']['rawHtml'] .= "\n".$Line['body'];
+
+        return $Block;
+    }
+
+    protected function blockMarkupComplete($Block)
+    {
+        if ( ! isset($Block['void']))
+        {
+            $Block['element']['rawHtml'] = $this->processTag($Block['element']['rawHtml']);
+        }
+
+        return $Block;
+    }
+
+    #
+    # Setext
+
+    protected function blockSetextHeader($Line, array $Block = null)
+    {
+        $Block = parent::blockSetextHeader($Line, $Block);
+
+        if ($Block !== null && preg_match('/[ ]*{('.$this->regexAttribute.'+)}[ ]*$/', $Block['element']['handler']['argument'], $matches, PREG_OFFSET_CAPTURE))
+        {
+            $attributeString = $matches[1][0];
+
+            $Block['element']['attributes'] = $this->parseAttributeData($attributeString);
+
+            $Block['element']['handler']['argument'] = substr($Block['element']['handler']['argument'], 0, $matches[0][1]);
+        }
+
+        return $Block;
+    }
+
+    #
+    # Inline Elements
+    #
+
+    #
+    # Footnote Marker
+
+    protected function inlineFootnoteMarker($Excerpt)
+    {
+        if (preg_match('/^\[\^(.+?)\]/', $Excerpt['text'], $matches))
+        {
+            $name = $matches[1];
+
+            if ( ! isset($this->DefinitionData['Footnote'][$name]))
+            {
+                return;
+            }
+
+            $this->DefinitionData['Footnote'][$name]['count'] ++;
+
+            if ( ! isset($this->DefinitionData['Footnote'][$name]['number']))
+            {
+                $this->DefinitionData['Footnote'][$name]['number'] = ++ $this->footnoteCount; # &raquo; &
+            }
+
+            $Element = array(
+                'name' => 'sup',
+                'attributes' => array('id' => 'fnref'.$this->DefinitionData['Footnote'][$name]['count'].':'.$name),
+                'element' => array(
+                    'name' => 'a',
+                    'attributes' => array('href' => '#fn:'.$name, 'class' => 'footnote-ref'),
+                    'text' => $this->DefinitionData['Footnote'][$name]['number'],
+                ),
+            );
+
+            return array(
+                'extent' => strlen($matches[0]),
+                'element' => $Element,
+            );
+        }
+    }
+
+    private $footnoteCount = 0;
+
+    #
+    # Link
+
+    protected function inlineLink($Excerpt)
+    {
+        $Link = parent::inlineLink($Excerpt);
+
+        $remainder = $Link !== null ? substr($Excerpt['text'], $Link['extent']) : '';
+
+        if (preg_match('/^[ ]*{('.$this->regexAttribute.'+)}/', $remainder, $matches))
+        {
+            $Link['element']['attributes'] += $this->parseAttributeData($matches[1]);
+
+            $Link['extent'] += strlen($matches[0]);
+        }
+
+        return $Link;
+    }
+
+    #
+    # ~
+    #
+
+    private $currentAbreviation;
+    private $currentMeaning;
+
+    protected function insertAbreviation(array $Element)
+    {
+        if (isset($Element['text']))
+        {
+            $Element['elements'] = self::pregReplaceElements(
+                '/\b'.preg_quote($this->currentAbreviation, '/').'\b/',
+                array(
+                    array(
+                        'name' => 'abbr',
+                        'attributes' => array(
+                            'title' => $this->currentMeaning,
+                        ),
+                        'text' => $this->currentAbreviation,
+                    )
+                ),
+                $Element['text']
+            );
+
+            unset($Element['text']);
+        }
+
+        return $Element;
+    }
+
+    protected function inlineText($text)
+    {
+        $Inline = parent::inlineText($text);
+
+        if (isset($this->DefinitionData['Abbreviation']))
+        {
+            foreach ($this->DefinitionData['Abbreviation'] as $abbreviation => $meaning)
+            {
+                $this->currentAbreviation = $abbreviation;
+                $this->currentMeaning = $meaning;
+
+                $Inline['element'] = $this->elementApplyRecursiveDepthFirst(
+                    array($this, 'insertAbreviation'),
+                    $Inline['element']
+                );
+            }
+        }
+
+        return $Inline;
+    }
+
+    #
+    # Util Methods
+    #
+
+    protected function addDdElement(array $Line, array $Block)
+    {
+        $text = substr($Line['text'], 1);
+        $text = trim($text);
+
+        unset($Block['dd']);
+
+        $Block['dd'] = array(
+            'name' => 'dd',
+            'handler' => array(
+                'function' => 'lineElements',
+                'argument' => $text,
+                'destination' => 'elements'
+            ),
+        );
+
+        if (isset($Block['interrupted']))
+        {
+            $Block['dd']['handler']['function'] = 'textElements';
+
+            unset($Block['interrupted']);
+        }
+
+        $Block['element']['elements'] []= & $Block['dd'];
+
+        return $Block;
+    }
+
+    protected function buildFootnoteElement()
+    {
+        $Element = array(
+            'name' => 'div',
+            'attributes' => array('class' => 'footnotes'),
+            'elements' => array(
+                array('name' => 'hr'),
+                array(
+                    'name' => 'ol',
+                    'elements' => array(),
+                ),
+            ),
+        );
+
+        uasort($this->DefinitionData['Footnote'], 'self::sortFootnotes');
+
+        foreach ($this->DefinitionData['Footnote'] as $definitionId => $DefinitionData)
+        {
+            if ( ! isset($DefinitionData['number']))
+            {
+                continue;
+            }
+
+            $text = $DefinitionData['text'];
+
+            $textElements = parent::textElements($text);
+
+            $numbers = range(1, $DefinitionData['count']);
+
+            $backLinkElements = array();
+
+            foreach ($numbers as $number)
+            {
+                $backLinkElements[] = array('text' => ' ');
+                $backLinkElements[] = array(
+                    'name' => 'a',
+                    'attributes' => array(
+                        'href' => "#fnref$number:$definitionId",
+                        'rev' => 'footnote',
+                        'class' => 'footnote-backref',
+                    ),
+                    'rawHtml' => '&#8617;',
+                    'allowRawHtmlInSafeMode' => true,
+                    'autobreak' => false,
+                );
+            }
+
+            unset($backLinkElements[0]);
+
+            $n = count($textElements) -1;
+
+            if ($textElements[$n]['name'] === 'p')
+            {
+                $backLinkElements = array_merge(
+                    array(
+                        array(
+                            'rawHtml' => '&#160;',
+                            'allowRawHtmlInSafeMode' => true,
+                        ),
+                    ),
+                    $backLinkElements
+                );
+
+                unset($textElements[$n]['name']);
+
+                $textElements[$n] = array(
+                    'name' => 'p',
+                    'elements' => array_merge(
+                        array($textElements[$n]),
+                        $backLinkElements
+                    ),
+                );
+            }
+            else
+            {
+                $textElements[] = array(
+                    'name' => 'p',
+                    'elements' => $backLinkElements
+                );
+            }
+
+            $Element['elements'][1]['elements'] []= array(
+                'name' => 'li',
+                'attributes' => array('id' => 'fn:'.$definitionId),
+                'elements' => array_merge(
+                    $textElements
+                ),
+            );
+        }
+
+        return $Element;
+    }
+
+    # ~
+
+    protected function parseAttributeData($attributeString)
+    {
+        $Data = array();
+
+        $attributes = preg_split('/[ ]+/', $attributeString, - 1, PREG_SPLIT_NO_EMPTY);
+
+        foreach ($attributes as $attribute)
+        {
+            if ($attribute[0] === '#')
+            {
+                $Data['id'] = substr($attribute, 1);
+            }
+            else # "."
+            {
+                $classes []= substr($attribute, 1);
+            }
+        }
+
+        if (isset($classes))
+        {
+            $Data['class'] = implode(' ', $classes);
+        }
+
+        return $Data;
+    }
+
+    # ~
+
+    protected function processTag($elementMarkup) # recursive
+    {
+        # http://stackoverflow.com/q/1148928/200145
+        libxml_use_internal_errors(true);
+
+        $DOMDocument = new DOMDocument;
+
+        # http://stackoverflow.com/q/11309194/200145
+        $elementMarkup = mb_convert_encoding($elementMarkup, 'HTML-ENTITIES', 'UTF-8');
+
+        # http://stackoverflow.com/q/4879946/200145
+        $DOMDocument->loadHTML($elementMarkup);
+        $DOMDocument->removeChild($DOMDocument->doctype);
+        $DOMDocument->replaceChild($DOMDocument->firstChild->firstChild->firstChild, $DOMDocument->firstChild);
+
+        $elementText = '';
+
+        if ($DOMDocument->documentElement->getAttribute('markdown') === '1')
+        {
+            foreach ($DOMDocument->documentElement->childNodes as $Node)
+            {
+                $elementText .= $DOMDocument->saveHTML($Node);
+            }
+
+            $DOMDocument->documentElement->removeAttribute('markdown');
+
+            $elementText = "\n".$this->text($elementText)."\n";
+        }
+        else
+        {
+            foreach ($DOMDocument->documentElement->childNodes as $Node)
+            {
+                $nodeMarkup = $DOMDocument->saveHTML($Node);
+
+                if ($Node instanceof DOMElement and ! in_array($Node->nodeName, $this->textLevelElements))
+                {
+                    $elementText .= $this->processTag($nodeMarkup);
+                }
+                else
+                {
+                    $elementText .= $nodeMarkup;
+                }
+            }
+        }
+
+        # because we don't want for markup to get encoded
+        $DOMDocument->documentElement->nodeValue = 'placeholder\x1A';
+
+        $markup = $DOMDocument->saveHTML($DOMDocument->documentElement);
+        $markup = str_replace('placeholder\x1A', $elementText, $markup);
+
+        return $markup;
+    }
+
+    # ~
+
+    protected function sortFootnotes($A, $B) # callback
+    {
+        return $A['number'] - $B['number'];
+    }
+
+    #
+    # Fields
+    #
+
+    protected $regexAttribute = '(?:[#.][-\w]+[ ]*)';
+}

classes/vendor/TwitterAPIExchange.php

@@ -0,0 +1,410 @@
+<?php
+
+/**
+ * Twitter-API-PHP : Simple PHP wrapper for the v1.1 API
+ *
+ * PHP version 5.3.10
+ *
+ * @category Awesomeness
+ * @package  Twitter-API-PHP
+ * @author   James Mallison <me@j7mbo.co.uk>
+ * @license  MIT License
+ * @version  1.0.4
+ * @link     http://github.com/j7mbo/twitter-api-php
+ */
+class TwitterAPIExchange
+{
+    /**
+     * @var string
+     */
+    private $oauth_access_token;
+
+    /**
+     * @var string
+     */
+    private $oauth_access_token_secret;
+
+    /**
+     * @var string
+     */
+    private $consumer_key;
+
+    /**
+     * @var string
+     */
+    private $consumer_secret;
+
+    /**
+     * @var array
+     */
+    private $postfields;
+
+    /**
+     * @var string
+     */
+    private $getfield;
+
+    /**
+     * @var mixed
+     */
+    protected $oauth;
+
+    /**
+     * @var string
+     */
+    public $url;
+
+    /**
+     * @var string
+     */
+    public $requestMethod;
+
+    /**
+     * The HTTP status code from the previous request
+     *
+     * @var int
+     */
+    protected $httpStatusCode;
+
+    /**
+     * Create the API access object. Requires an array of settings::
+     * oauth access token, oauth access token secret, consumer key, consumer secret
+     * These are all available by creating your own application on dev.twitter.com
+     * Requires the cURL library
+     *
+     * @throws \RuntimeException When cURL isn't loaded
+     * @throws \InvalidArgumentException When incomplete settings parameters are provided
+     *
+     * @param array $settings
+     */
+    public function __construct(array $settings)
+    {
+        if (!function_exists('curl_init'))
+        {
+            throw new RuntimeException('TwitterAPIExchange requires cURL extension to be loaded, see: http://curl.haxx.se/docs/install.html');
+        }
+
+        if (!isset($settings['oauth_access_token'])
+            || !isset($settings['oauth_access_token_secret'])
+            || !isset($settings['consumer_key'])
+            || !isset($settings['consumer_secret']))
+        {
+            throw new InvalidArgumentException('Incomplete settings passed to TwitterAPIExchange');
+        }
+
+        $this->oauth_access_token = $settings['oauth_access_token'];
+        $this->oauth_access_token_secret = $settings['oauth_access_token_secret'];
+        $this->consumer_key = $settings['consumer_key'];
+        $this->consumer_secret = $settings['consumer_secret'];
+    }
+
+    /**
+     * Set postfields array, example: array('screen_name' => 'J7mbo')
+     *
+     * @param array $array Array of parameters to send to API
+     *
+     * @throws \Exception When you are trying to set both get and post fields
+     *
+     * @return TwitterAPIExchange Instance of self for method chaining
+     */
+    public function setPostfields(array $array)
+    {
+        if (!is_null($this->getGetfield()))
+        {
+            throw new Exception('You can only choose get OR post fields (post fields include put).');
+        }
+
+        if (isset($array['status']) && substr($array['status'], 0, 1) === '@')
+        {
+            $array['status'] = sprintf("\0%s", $array['status']);
+        }
+
+        foreach ($array as $key => &$value)
+        {
+            if (is_bool($value))
+            {
+                $value = ($value === true) ? 'true' : 'false';
+            }
+        }
+
+        $this->postfields = $array;
+
+        // rebuild oAuth
+        if (isset($this->oauth['oauth_signature']))
+        {
+            $this->buildOauth($this->url, $this->requestMethod);
+        }
+
+        return $this;
+    }
+
+    /**
+     * Set getfield string, example: '?screen_name=J7mbo'
+     *
+     * @param string $string Get key and value pairs as string
+     *
+     * @throws \Exception
+     *
+     * @return \TwitterAPIExchange Instance of self for method chaining
+     */
+    public function setGetfield($string)
+    {
+        if (!is_null($this->getPostfields()))
+        {
+            throw new Exception('You can only choose get OR post / post fields.');
+        }
+
+        $getfields = preg_replace('/^\?/', '', explode('&', $string));
+        $params = array();
+
+        foreach ($getfields as $field)
+        {
+            if ($field !== '')
+            {
+                list($key, $value) = explode('=', $field);
+                $params[$key] = $value;
+            }
+        }
+
+        $this->getfield = '?' . http_build_query($params, '', '&');
+
+        return $this;
+    }
+
+    /**
+     * Get getfield string (simple getter)
+     *
+     * @return string $this->getfields
+     */
+    public function getGetfield()
+    {
+        return $this->getfield;
+    }
+
+    /**
+     * Get postfields array (simple getter)
+     *
+     * @return array $this->postfields
+     */
+    public function getPostfields()
+    {
+        return $this->postfields;
+    }
+
+    /**
+     * Build the Oauth object using params set in construct and additionals
+     * passed to this method. For v1.1, see: https://dev.twitter.com/docs/api/1.1
+     *
+     * @param string $url           The API url to use. Example: https://api.twitter.com/1.1/search/tweets.json
+     * @param string $requestMethod Either POST or GET
+     *
+     * @throws \Exception
+     *
+     * @return \TwitterAPIExchange Instance of self for method chaining
+     */
+    public function buildOauth($url, $requestMethod)
+    {
+        if (!in_array(strtolower($requestMethod), array('post', 'get', 'put', 'delete')))
+        {
+            throw new Exception('Request method must be either POST, GET or PUT or DELETE');
+        }
+
+        $consumer_key              = $this->consumer_key;
+        $consumer_secret           = $this->consumer_secret;
+        $oauth_access_token        = $this->oauth_access_token;
+        $oauth_access_token_secret = $this->oauth_access_token_secret;
+
+        $oauth = array(
+            'oauth_consumer_key' => $consumer_key,
+            'oauth_nonce' => time(),
+            'oauth_signature_method' => 'HMAC-SHA1',
+            'oauth_token' => $oauth_access_token,
+            'oauth_timestamp' => time(),
+            'oauth_version' => '1.0'
+        );
+
+        $getfield = $this->getGetfield();
+
+        if (!is_null($getfield))
+        {
+            $getfields = str_replace('?', '', explode('&', $getfield));
+
+            foreach ($getfields as $g)
+            {
+                $split = explode('=', $g);
+
+                /** In case a null is passed through **/
+                if (isset($split[1]))
+                {
+                    $oauth[$split[0]] = urldecode($split[1]);
+                }
+            }
+        }
+
+        $postfields = $this->getPostfields();
+
+        if (!is_null($postfields)) {
+            foreach ($postfields as $key => $value) {
+                $oauth[$key] = $value;
+            }
+        }
+
+        $base_info = $this->buildBaseString($url, $requestMethod, $oauth);
+        $composite_key = rawurlencode($consumer_secret) . '&' . rawurlencode($oauth_access_token_secret);
+        $oauth_signature = base64_encode(hash_hmac('sha1', $base_info, $composite_key, true));
+        $oauth['oauth_signature'] = $oauth_signature;
+
+        $this->url           = $url;
+        $this->requestMethod = $requestMethod;
+        $this->oauth         = $oauth;
+
+        return $this;
+    }
+
+    /**
+     * Perform the actual data retrieval from the API
+     *
+     * @param boolean $return      If true, returns data. This is left in for backward compatibility reasons
+     * @param array   $curlOptions Additional Curl options for this request
+     *
+     * @throws \Exception
+     *
+     * @return string json If $return param is true, returns json data.
+     */
+    public function performRequest($return = true, $curlOptions = array())
+    {
+        if (!is_bool($return))
+        {
+            throw new Exception('performRequest parameter must be true or false');
+        }
+
+        $header =  array($this->buildAuthorizationHeader($this->oauth), 'Expect:');
+
+        $getfield = $this->getGetfield();
+        $postfields = $this->getPostfields();
+
+        if (in_array(strtolower($this->requestMethod), array('put', 'delete')))
+        {
+            $curlOptions[CURLOPT_CUSTOMREQUEST] = $this->requestMethod;
+        }
+
+        $options = $curlOptions + array(
+            CURLOPT_HTTPHEADER => $header,
+            CURLOPT_HEADER => false,
+            CURLOPT_URL => $this->url,
+            CURLOPT_RETURNTRANSFER => true,
+            CURLOPT_TIMEOUT => 10,
+        );
+
+        if (!is_null($postfields))
+        {
+            $options[CURLOPT_POSTFIELDS] = http_build_query($postfields, '', '&');
+        }
+        else
+        {
+            if ($getfield !== '')
+            {
+                $options[CURLOPT_URL] .= $getfield;
+            }
+        }
+
+        $feed = curl_init();
+        curl_setopt_array($feed, $options);
+        $json = curl_exec($feed);
+
+        $this->httpStatusCode = curl_getinfo($feed, CURLINFO_HTTP_CODE);
+
+        if (($error = curl_error($feed)) !== '')
+        {
+            curl_close($feed);
+
+            throw new \Exception($error);
+        }
+
+        curl_close($feed);
+
+        return $json;
+    }
+
+    /**
+     * Private method to generate the base string used by cURL
+     *
+     * @param string $baseURI
+     * @param string $method
+     * @param array  $params
+     *
+     * @return string Built base string
+     */
+    private function buildBaseString($baseURI, $method, $params)
+    {
+        $return = array();
+        ksort($params);
+
+        foreach($params as $key => $value)
+        {
+            $return[] = rawurlencode($key) . '=' . rawurlencode($value);
+        }
+
+        return $method . "&" . rawurlencode($baseURI) . '&' . rawurlencode(implode('&', $return));
+    }
+
+    /**
+     * Private method to generate authorization header used by cURL
+     *
+     * @param array $oauth Array of oauth data generated by buildOauth()
+     *
+     * @return string $return Header used by cURL for request
+     */
+    private function buildAuthorizationHeader(array $oauth)
+    {
+        $return = 'Authorization: OAuth ';
+        $values = array();
+
+        foreach($oauth as $key => $value)
+        {
+            if (in_array($key, array('oauth_consumer_key', 'oauth_nonce', 'oauth_signature',
+                'oauth_signature_method', 'oauth_timestamp', 'oauth_token', 'oauth_version'))) {
+                $values[] = "$key=\"" . rawurlencode($value) . "\"";
+            }
+        }
+
+        $return .= implode(', ', $values);
+        return $return;
+    }
+
+    /**
+     * Helper method to perform our request
+     *
+     * @param string $url
+     * @param string $method
+     * @param string $data
+     * @param array  $curlOptions
+     *
+     * @throws \Exception
+     *
+     * @return string The json response from the server
+     */
+    public function request($url, $method = 'get', $data = null, $curlOptions = array())
+    {
+        if (strtolower($method) === 'get')
+        {
+            $this->setGetfield($data);
+        }
+        else
+        {
+            $this->setPostfields($data);
+        }
+
+        return $this->buildOauth($url, $method)->performRequest(true, $curlOptions);
+    }
+
+    /**
+     * Get the HTTP status code for the previous request
+     *
+     * @return integer
+     */
+    public function getHttpStatusCode()
+    {
+        return $this->httpStatusCode;
+    }
+}

classes/view.class.php

@@ -0,0 +1,216 @@
+<?php
+declare(strict_types = 1);
+
+class View
+{
+    /**
+     * @var string Path relative to where (P)HTML templates reside
+     */
+    const IncludePath = './design/views/';
+
+
+    /**
+     * commonMeta
+     */
+    public function commonMeta()
+    {
+        $ENV = ENV::go();
+
+        return $HTML = <<<HTML
+        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+        <meta name=viewport content="width=device-width, initial-scale=1">
+        <!-- Default "index, follow" -->
+        <meta name="robots" content="none" />
+        <meta name="language" content="en-US" />
+        <meta name="description" content="$ENV->DESCRIPTION" />
+        <link rel="manifest" href="/manifest.php" />
+        <link rel="shortcut icon" href="/static/common/icon.png" />
+        <link rel="search" type="application/opensearchdescription+xml"
+          title="$ENV->SITE_NAME"
+          href="$ENV->STATIC_SERVER/opensearch.xml" />
+HTML;
+    }
+
+
+    /**
+     * HTTP/2 Server Push headers for Cloudflare
+     * @see https://blog.cloudflare.com/using-http-2-server-push-with-php/
+     */
+    public function pushAsset($uri, $type)
+    {
+        $ENV = ENV::go();
+
+        # Bad URI or type
+        if ((!$uri || !is_string($uri))
+          || (!$type || !is_string($type))) {
+            return error(404);
+        }
+
+        $filemtime = filemtime(SERVER_ROOT."/$uri");
+        $integrity = base64_encode(hash_file($ENV->SRI, SERVER_ROOT."/$uri", true));
+
+        # Send raw HTTP headers - preloading this way is bloat
+        # 26 requests, 1.58 MB, 584ms
+        #    vs.
+        # 10 requests, 730.8 KB, 460ms
+        #header("Link: <$uri?v=$filemtime>; rel=preload; as=$type", false);
+
+        switch ($type) {
+            case 'script':
+                $HTML = "<script src='$uri?v=$filemtime' integrity='$ENV->SRI-$integrity' crossorigin='anonymous'></script>";
+                break;
+
+            case 'style':
+                $HTML = "<link rel='stylesheet' href='$uri?v$filemtime' integrity='$integrity' crossorigin='anonymous' />";
+                break;
+
+            case 'font':
+                $HTML = "<link rel='preload' as='font' href='$uri?v$filemtime' integrity='$integrity' crossorigin='anonymous' />";
+                break;
+
+            default:
+                break;
+        }
+
+        # Needs to echo into the page
+        return $HTML;
+    }
+
+
+    /**
+     * This function is to include the header file on a page.
+     *
+     * @param $PageTitle the title of the page
+     * @param $JSIncludes is a comma-separated list of JS files to be included on
+     *                    the page. ONLY PUT THE RELATIVE LOCATION WITHOUT '.js'
+     *                    example: 'somefile,somedir/somefile'
+     */
+    public static function show_header($PageTitle = '', $JSIncludes = '', $CSSIncludes = '')
+    {
+        $ENV = ENV::go();
+        global $Document, $Mobile, $Classes;
+
+        if ($PageTitle !== '') {
+            $PageTitle .= " $ENV->SEP ";
+        }
+
+        $PageTitle .= $ENV->SITE_NAME;
+        $PageID = array(
+            $Document, // Document
+            empty($_REQUEST['action']) ? false : $_REQUEST['action'], // Action
+            empty($_REQUEST['type']) ? false : $_REQUEST['type'] // Type
+        );
+
+        if (!is_array(G::$LoggedUser)
+          || empty(G::$LoggedUser['ID'])
+          || (isset($Options['recover']) && $Options['recover'] === true)) {
+            require_once SERVER_ROOT.'/design/publicheader.php';
+        } else {
+            require_once SERVER_ROOT.'/design/privateheader.php';
+        }
+    }
+    
+
+    /**
+     * This function is to include the footer file on a page.
+     *
+     * @param $Options an optional array that you can pass information to the
+     *                 header through as well as setup certain limitations
+     *                 Here is a list of parameters that work in the $Options array:
+     *                 ['disclaimer'] = [boolean] (False) Displays the disclaimer in the footer
+     */
+    public static function show_footer($Options = [])
+    {
+        global $ScriptStartTime, $SessionID, $UserSessions, $Debug, $Time, $Mobile;
+        if (!is_array(G::$LoggedUser)
+          || empty(G::$LoggedUser['ID'])
+          || (isset($Options['recover']) && $Options['recover'] === true)) {
+            require_once SERVER_ROOT.'/design/publicfooter.php';
+        } else {
+            require_once SERVER_ROOT.'/design/privatefooter.php';
+        }
+    }
+
+
+    /**
+     * This is a generic function to load a template fromm /design and render it.
+     * The template should be in /design/my_template_name.php, and have a class
+     * in it called MyTemplateNameTemplate (my_template_name transformed to
+     * MixedCase, with the word 'Template' appended).
+     * This class should have a public static function render($Args), where
+     * $Args is an associative array of the template variables.
+     * You should note that by "Template", we mean "php file that outputs stuff".
+     *
+     * This function loads /design/$TemplateName.php, and then calls
+     * render($Args) on the class.
+     *
+     * @param string $TemplateName The name of the template, in underscore_format
+     * @param array $Args the arguments passed to the template.
+     */
+    public static function render_template($TemplateName, $Args)
+    {
+        static $LoadedTemplates; // Keep track of templates we've already loaded.
+        $ClassName = '';
+        if (isset($LoadedTemplates[$TemplateName])) {
+            $ClassName = $LoadedTemplates[$TemplateName];
+        } else {
+            include SERVER_ROOT.'/design/'.$TemplateName.'.php';
+
+            // Turn template_name into TemplateName
+            $ClassNameParts = explode('_', $TemplateName);
+            foreach ($ClassNameParts as $Index => $Part) {
+                $ClassNameParts[$Index] = ucfirst($Part);
+            }
+            
+            $ClassName = implode($ClassNameParts). 'Template';
+            $LoadedTemplates[$TemplateName] = $ClassName;
+        }
+        $ClassName::render($Args);
+    }
+
+
+    /**
+     * This method is similar to render_template, but does not require a
+     * template class.
+     *
+     * Instead, this method simply renders a PHP file (PHTML) with the supplied
+     * variables.
+     *
+     * All files must be placed within {self::IncludePath}. Create and organize
+     * new paths and files. (e.g.: /design/views/artist/, design/view/forums/, etc.)
+     *
+     * @static
+     * @param string  $TemplateFile A relative path to a PHTML file
+     * @param array   $Variables Assoc. array of variables to extract for the template
+     * @param boolean $Buffer enables Output Buffer
+     * @return boolean|string
+     *
+     * @example <pre><?php
+     *  // box.phtml
+     *  <p id="<?=$id?>">Data</p>
+     *
+     *  // The variable $id within box.phtml will be filled by $some_id
+     *  View::parse('section/box.phtml', array('id' => $some_id));
+     *
+     *  // Parse a template without outputing it
+     *  $SavedTemplate = View::parse('sec/tion/eg.php', $DataArray, true);
+     *  // later . . .
+     *  echo $SavedTemplate; // Output the buffer
+     * </pre>
+     */
+    public static function parse($TemplateFile, array $Variables = [], $Buffer = false)
+    {
+        $Template = self::IncludePath . $TemplateFile;
+        if (file_exists($Template)) {
+            extract($Variables);
+            if ($Buffer) {
+                ob_start();
+                include $Template;
+                $Content = ob_get_contents();
+                ob_end_clean();
+                return $Content;
+            }
+            return include $Template;
+        }
+    }
+}

classes/wiki.class.php

@@ -0,0 +1,111 @@
+<?php
+declare(strict_types = 1);
+
+class Wiki
+{
+    /**
+     * Normalize an alias
+     * @param string $str
+     * @return string
+     */
+    public static function normalize_alias($str)
+    {
+        return trim(substr(preg_replace('/[^a-z0-9]/', '', strtolower(htmlentities($str))), 0, 50));
+    }
+
+    /**
+     * Get all aliases in an associative array of Alias => ArticleID
+     * @return array
+     */
+    public static function get_aliases()
+    {
+        $Aliases = G::$Cache->get_value('wiki_aliases');
+        if (!$Aliases) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT Alias, ArticleID
+            FROM wiki_aliases");
+            $Aliases = G::$DB->to_pair('Alias', 'ArticleID');
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value('wiki_aliases', $Aliases, 3600 * 24 * 14); // 2 weeks
+        }
+        return $Aliases;
+    }
+
+    /**
+     * Flush the alias cache. Call this whenever you touch the wiki_aliases table.
+     */
+    public static function flush_aliases()
+    {
+        G::$Cache->delete_value('wiki_aliases');
+    }
+
+    /**
+     * Get the ArticleID corresponding to an alias
+     * @param string $Alias
+     * @return int
+     */
+    public static function alias_to_id($Alias)
+    {
+        $Aliases = self::get_aliases();
+        $Alias = self::normalize_alias($Alias);
+        if (!isset($Aliases[$Alias])) {
+            return false;
+        } else {
+            return (int)$Aliases[$Alias];
+        }
+    }
+
+    /**
+     * Get an article; returns false on error if $Error = false
+     * @param int $ArticleID
+     * @param bool $Error
+     * @return array|bool
+     */
+    public static function get_article($ArticleID, $Error = true)
+    {
+        $Contents = G::$Cache->get_value('wiki_article_'.$ArticleID);
+        if (!$Contents) {
+            $QueryID = G::$DB->get_query_id();
+            G::$DB->query("
+            SELECT
+              w.Revision,
+              w.Title,
+              w.Body,
+              w.MinClassRead,
+              w.MinClassEdit,
+              w.Date,
+              w.Author,
+              u.Username,
+            GROUP_CONCAT(a.Alias),
+            GROUP_CONCAT(a.UserID)
+            FROM wiki_articles AS w
+              LEFT JOIN wiki_aliases AS a ON w.ID=a.ArticleID
+              LEFT JOIN users_main AS u ON u.ID=w.Author
+              WHERE w.ID='$ArticleID'
+              GROUP BY w.ID");
+
+            if (!G::$DB->has_results()) {
+                if ($Error) {
+                    error(404);
+                } else {
+                    return false;
+                }
+            }
+            
+            $Contents = G::$DB->to_array();
+            G::$DB->set_query_id($QueryID);
+            G::$Cache->cache_value('wiki_article_'.$ArticleID, $Contents, 3600 * 24 * 14); // 2 weeks
+        }
+        return $Contents;
+    }
+
+    /**
+     * Flush an article's cache. Call this whenever you edited a wiki article or its aliases.
+     * @param int $ArticleID
+     */
+    public static function flush_article($ArticleID)
+    {
+        G::$Cache->delete_value('wiki_article_'.$ArticleID);
+    }
+}

classes/zip.class.php

@@ -0,0 +1,178 @@
+<?php
+
+/*************************************************************************|
+|--------------- Zip class -----------------------------------------------|
+|*************************************************************************|
+
+This class provides a convenient way for us to generate and serve zip
+archives to our end users, both from physical files, cached
+or already parsed data (torrent files). It's all done on the fly, due to
+the high probability that a filesystem stored archive will never be
+downloaded twice.
+
+Utilizes gzcompress, based upon RFC 1950
+
+//------------- How it works --------------//
+
+Basic concept is construct archive, add files, and serve on the fly.
+
+//------------- How to use it --------------//
+
+* First, construct the archive:
+
+$Zip = new Zip('FileName');
+
+  Adds the headers so that add_file can stream and we don't need to create a massive buffer.
+  open_stream(); was integrated into the constructor to conform with Object-Oriented Standards.
+
+$Zip->unlimit();
+
+  A simple shortcut function for raising the basic PHP limits, time and memory for larger archives.
+
+-----
+
+* Then, add files and begin streaming to the user to avoid memory buffering:
+
+$Zip->add_file(file_get_contents("data/file.txt"), "File.txt");
+
+  Adds the contents of data/file.txt into File.txt in the archive root.
+
+$Zip->add_file($TorrentData, "Bookmarks/Artist - Album [2008].torrent");
+
+  Adds the parsed torrent to the archive in the Bookmarks folder (created simply by placing it in the path).
+
+-----
+
+* Then, close the archive to the user:
+
+$Zip->close_stream();
+
+  This collects everything put together thus far in the archive, and streams it to the user in the form of Test7.zip
+
+//------ Explanation of basic functions ------//
+
+add_file(Contents, Internal Path)
+  Adds the contents to the archive, where it will be extracted to Internal Path.
+
+close_stream();
+  Collect and stream to the user.
+
+//------------- Detailed example -------------//
+
+require('classes/zip.class.php');
+$Zip = new Zip('FileName');
+$Name = 'Ubuntu-8.10';
+$Zip->add_file($TorrentData, 'Torrents/'.Misc::file_string($Name).'.torrent');
+$Zip->add_file(file_get_contents('zip.php'), 'zip.php');
+$Zip->close_stream();
+
+
+//---------- Development reference -----------//
+http://www.pkware.com/documents/casestudies/APPNOTE.TXT - ZIP spec (this class)
+http://www.ietf.org/rfc/rfc1950.txt - ZLIB compression spec (gzcompress function)
+http://www.fileformat.info/tool/hexdump.htm - Useful for analyzing ZIP files
+
+|*************************************************************************/
+
+if (!extension_loaded('zlib')) {
+    error('Zlib Extension not loaded.');
+}
+
+class Zip
+{
+    public $ArchiveSize = 0; // Total size
+    public $ArchiveFiles = 0; // Total files
+    private $Structure = ''; // Structure saved to memory
+    private $FileOffset = 0; // Offset to write data
+    private $Data = ''; //An idea
+
+    public function __construct($ArchiveName = 'Archive')
+    {
+        header("Content-type: application/octet-stream"); // Stream download
+        header("Content-disposition: attachment; filename=\"$ArchiveName.zip\""); // Name the archive - Should not be urlencoded
+    }
+
+    public static function unlimit()
+    {
+        ob_end_clean();
+        set_time_limit(3600); // Limit 1 hour
+        ini_set('memory_limit', '1024M'); // Because the buffers can get extremely large
+    }
+
+    public function add_file($FileData, $ArchivePath, $TimeStamp = 0)
+    {
+        /* File header */
+        $this->Data = "\x50\x4b\x03\x04"; // PK signature
+        $this->Data .= "\x14\x00"; // Version requirements
+        $this->Data .= "\x00\x08"; // Bit flag - 0x8 = UTF-8 file names
+        $this->Data .= "\x08\x00"; // Compression
+        $this->Data .= "\x00\x00\x00\x00";
+
+        $DataLength = strlen($FileData); // Saved as variable to avoid wasting CPU calculating it multiple times
+        $CRC32 = crc32($FileData); // Ditto
+        $ZipData = gzcompress($FileData); // Ditto
+        $ZipData = substr($ZipData, 2, (strlen($ZipData) - 6)); // Checksum resolution
+        $ZipLength = strlen($ZipData); // Ditto
+
+        $this->Data .= pack('V', $CRC32); // CRC-32
+        $this->Data .= pack('V', $ZipLength); // Compressed file size
+        $this->Data .= pack('V', $DataLength); // Uncompressed file size
+        $this->Data .= pack('v', strlen($ArchivePath)); // Path name length
+        $this->Data .="\x00\x00"; // Extra field length (0'd so we can ignore this)
+        $this->Data .= $ArchivePath; // File name & Extra Field (length set to 0 so ignored)
+        /* END file header */
+
+        /* File data */
+        $this->Data .= $ZipData; // File data
+        /* END file data */
+
+        /* Data descriptor
+        Not needed (only needed when 3rd bitflag is set), causes problems with OS X archive utility
+        $this->Data .= pack('V', $CRC32); // CRC-32
+        $this->Data .= pack('V', $ZipLength); // Compressed file size
+        $this->Data .= pack('V', $DataLength); // Uncompressed file size
+        END data descriptor */
+
+        $FileDataLength = strlen($this->Data);
+        $this->ArchiveSize = $this->ArchiveSize + $FileDataLength; // All we really need is the size
+        $CurrentOffset = $this->ArchiveSize; // Update offsets
+        echo $this->Data; // Get this out to reduce our memory consumption
+
+        /* Central Directory Structure */
+        $CDS = "\x50\x4b\x01\x02"; // CDS signature
+        $CDS .="\x14\x00"; // Constructor version
+        $CDS .="\x14\x00"; // Version requirements
+        $CDS .="\x00\x08"; // Bit flag - 0x8 = UTF-8 file names
+        $CDS .="\x08\x00"; // Compression
+        $CDS .="\x00\x00\x00\x00"; // Last modified
+        $CDS .= pack('V', $CRC32); // CRC-32
+        $CDS .= pack('V', $ZipLength); // Compressed file size
+        $CDS .= pack('V', $DataLength); // Uncompressed file size
+        $CDS .= pack('v', strlen($ArchivePath)); // Path name length
+        $CDS .="\x00\x00"; // Extra field length (0'd so we can ignore this)
+        $CDS .="\x00\x00"; // File comment length  (no comment, 0'd)
+        $CDS .="\x00\x00"; // Disk number start (0 seems valid)
+        $CDS .="\x00\x00"; // Internal file attributes (again with the 0's)
+        $CDS .="\x20\x00\x00\x00"; // External file attributes
+        $CDS .= pack('V', $this->FileOffset); // Offsets
+        $CDS .= $ArchivePath; // File name & Extra Field (length set to 0 so ignored)
+        /* END central Directory Structure */
+
+        $this->FileOffset = $CurrentOffset; // Update offsets
+        $this->Structure .= $CDS; // Append to structure
+        $this->ArchiveFiles++; // Increment file count
+    }
+
+    public function close_stream()
+    {
+        echo $this->Structure; // Structure Root
+        echo "\x50\x4b\x05\x06"; // End of central directory signature
+        echo "\x00\x00"; // This disk
+        echo "\x00\x00"; // CDS start
+        echo pack('v', $this->ArchiveFiles); // Handle the number of entries
+        echo pack('v', $this->ArchiveFiles); // Ditto
+        echo pack('V', strlen($this->Structure)); //Size
+        echo pack('V', $this->ArchiveSize); // Offset
+        echo "\x00\x00"; // No comment, close it off
+    }
+}

collage.php

@@ -0,0 +1,6 @@
+<?php
+declare(strict_types=1);
+
+$_SERVER['SCRIPT_FILENAME'] = 'collages.php'; // CLI fix
+define('ERROR_EXCEPTION', true);
+require_once 'classes/script_start.php';

collages.php

@@ -0,0 +1,5 @@
+<?php
+declare(strict_types=1);
+
+define('ERROR_EXCEPTION', true);
+require_once 'classes/script_start.php';

comments.php

@@ -0,0 +1,5 @@
+<?php
+declare(strict_types=1);
+
+define('ERROR_EXCEPTION', true);
+require_once 'classes/script_start.php';