Browse Source

More incremental improvements

biotorrents 4 years ago
parent
commit
bec0fa6211

+ 38
- 16
classes/torrents.class.php View File

86
             $NotFound = [];
86
             $NotFound = [];
87
             $QueryID = G::$DB->get_query_id();
87
             $QueryID = G::$DB->get_query_id();
88
 
88
 
89
-            G::$DB->query("
89
+            G::$DB->prepare_query("
90
             SELECT
90
             SELECT
91
               `id`,
91
               `id`,
92
               `title`,
92
               `title`,
93
               `subject`,
93
               `subject`,
94
               `object`,
94
               `object`,
95
-              `published`,
95
+              `year`,
96
               `identifier`,
96
               `identifier`,
97
               `workgroup`,
97
               `workgroup`,
98
               `location`,
98
               `location`,
104
             WHERE
104
             WHERE
105
               `id` IN($IDs)
105
               `id` IN($IDs)
106
             ");
106
             ");
107
+            G::$DB->exec_prepared_query();
107
 
108
 
108
             while ($Group = G::$DB->next_record(MYSQLI_ASSOC, true)) {
109
             while ($Group = G::$DB->next_record(MYSQLI_ASSOC, true)) {
109
                 $NotFound[$Group['id']] = $Group;
110
                 $NotFound[$Group['id']] = $Group;
421
 
422
 
422
         Misc::write_log("Group $GroupID automatically deleted (No torrents have this group).");
423
         Misc::write_log("Group $GroupID automatically deleted (No torrents have this group).");
423
 
424
 
424
-        G::$DB->query("
425
+        G::$DB->prepare_query("
425
         SELECT
426
         SELECT
426
           `category_id`
427
           `category_id`
427
         FROM
428
         FROM
429
         WHERE
430
         WHERE
430
           `id` = '$GroupID'
431
           `id` = '$GroupID'
431
         ");
432
         ");
433
+        G::$DB->exec_prepared_query();
432
         list($Category) = G::$DB->next_record();
434
         list($Category) = G::$DB->next_record();
433
 
435
 
434
-        if ($Category == 1) {
436
+        # todo: Check strict equality here
437
+        if ($Category === 1) {
435
             G::$Cache->decrement('stats_album_count');
438
             G::$Cache->decrement('stats_album_count');
436
         }
439
         }
437
         G::$Cache->decrement('stats_group_count');
440
         G::$Cache->decrement('stats_group_count');
514
         // Comments
517
         // Comments
515
         Comments::delete_page('torrents', $GroupID);
518
         Comments::delete_page('torrents', $GroupID);
516
 
519
 
517
-        G::$DB->query("
520
+        G::$DB->prepare_query("
518
         DELETE
521
         DELETE
519
         FROM
522
         FROM
520
           `torrents_group`
523
           `torrents_group`
521
         WHERE
524
         WHERE
522
           `id` = '$GroupID'
525
           `id` = '$GroupID'
523
         ");
526
         ");
527
+        G::$DB->exec_prepared_query();
524
 
528
 
525
-        G::$DB->query("
526
-        DELETE FROM torrents_tags
527
-          WHERE GroupID = ?", $GroupID);
529
+        G::$DB->prepare_query("
530
+        DELETE
531
+        FROM
532
+          `torrents_tags`
533
+        WHERE
534
+          `GroupID` = '$GroupID'
535
+        ");
536
+        G::$DB->exec_prepared_query();
528
 
537
 
529
-        G::$DB->query("
530
-        DELETE FROM bookmarks_torrents
531
-          WHERE GroupID = ?", $GroupID);
538
+        G::$DB->prepare_query("
539
+        DELETE
540
+        FROM
541
+          `bookmarks_torrents`
542
+        WHERE
543
+          `GroupID` = '$GroupID'
544
+        ");
545
+        G::$DB->exec_prepared_query();
532
 
546
 
533
-        G::$DB->query("
534
-        DELETE FROM wiki_torrents
535
-          WHERE PageID = ?", $GroupID);
547
+        G::$DB->prepare_query("
548
+        DELETE
549
+        FROM
550
+          `wiki_torrents`
551
+        WHERE
552
+          `PageID` = '$GroupID'
553
+        ");
554
+        G::$DB->exec_prepared_query();
536
 
555
 
537
         G::$Cache->delete_value("torrents_details_$GroupID");
556
         G::$Cache->delete_value("torrents_details_$GroupID");
538
         G::$Cache->delete_value("torrent_group_$GroupID");
557
         G::$Cache->delete_value("torrent_group_$GroupID");
549
     {
568
     {
550
         $QueryID = G::$DB->get_query_id();
569
         $QueryID = G::$DB->get_query_id();
551
 
570
 
552
-        G::$DB->query("
571
+        G::$DB->prepare_query("
553
         UPDATE
572
         UPDATE
554
           `torrents_group`
573
           `torrents_group`
555
         SET
574
         SET
572
         WHERE
591
         WHERE
573
           `ID` = '$GroupID'
592
           `ID` = '$GroupID'
574
         ");
593
         ");
594
+        G::$DB->exec_prepared_query();
575
 
595
 
576
         // Fetch album artists
596
         // Fetch album artists
577
-        G::$DB->query("
597
+        G::$DB->prepare_query("
578
         SELECT GROUP_CONCAT(ag.`Name` separator ' ')
598
         SELECT GROUP_CONCAT(ag.`Name` separator ' ')
579
         FROM `torrents_artists` AS `ta`
599
         FROM `torrents_artists` AS `ta`
580
           JOIN `artists_group` AS ag ON ag.`ArtistID` = ta.`ArtistID`
600
           JOIN `artists_group` AS ag ON ag.`ArtistID` = ta.`ArtistID`
581
           WHERE ta.`GroupID` = '$GroupID'
601
           WHERE ta.`GroupID` = '$GroupID'
582
         GROUP BY ta.`GroupID`
602
         GROUP BY ta.`GroupID`
583
         ");
603
         ");
604
+        G::$DB->exec_prepared_query();
605
+
584
         if (G::$DB->has_results()) {
606
         if (G::$DB->has_results()) {
585
             list($ArtistName) = G::$DB->next_record(MYSQLI_NUM, false);
607
             list($ArtistName) = G::$DB->next_record(MYSQLI_NUM, false);
586
         } else {
608
         } else {

+ 9
- 4
classes/userrank.class.php View File

17
     {
17
     {
18
         $QueryID = G::$DB->get_query_id();
18
         $QueryID = G::$DB->get_query_id();
19
 
19
 
20
-        G::$DB->query("
20
+        G::$DB->prepare_query("
21
         DROP TEMPORARY TABLE IF EXISTS
21
         DROP TEMPORARY TABLE IF EXISTS
22
           `temp_stats`
22
           `temp_stats`
23
         ");
23
         ");
24
+        G::$DB->exec_prepared_query();
24
 
25
 
25
-        G::$DB->query("
26
+        G::$DB->prepare_query("
26
         CREATE TEMPORARY TABLE `temp_stats`(
27
         CREATE TEMPORARY TABLE `temp_stats`(
27
           `id` INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
28
           `id` INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
28
           `value` BIGINT NOT NULL
29
           `value` BIGINT NOT NULL
29
         );
30
         );
30
         ");
31
         ");
32
+        G::$DB->exec_prepared_query();
31
 
33
 
32
-        G::$DB->query("
34
+        G::$DB->prepare_query("
33
         INSERT INTO `temp_stats`(`value`) "
35
         INSERT INTO `temp_stats`(`value`) "
34
         . $Query
36
         . $Query
35
         );
37
         );
38
+        G::$DB->exec_prepared_query();
36
 
39
 
37
-        G::$DB->query("
40
+        G::$DB->prepare_query("
38
         SELECT
41
         SELECT
39
           COUNT(`id`)
42
           COUNT(`id`)
40
         FROM
43
         FROM
41
           `temp_stats`
44
           `temp_stats`
42
         ");
45
         ");
46
+        G::$DB->exec_prepared_query();
43
         list($UserCount) = G::$DB->next_record();
47
         list($UserCount) = G::$DB->next_record();
44
 
48
 
45
         $UserCount = (int) $UserCount;
49
         $UserCount = (int) $UserCount;
51
         GROUP BY
55
         GROUP BY
52
           CEIL(`id` /($UserCount / 100));
56
           CEIL(`id` /($UserCount / 100));
53
         ");
57
         ");
58
+        G::$DB->exec_prepared_query();
54
 
59
 
55
         $Table = G::$DB->to_array();
60
         $Table = G::$DB->to_array();
56
         G::$DB->set_query_id($QueryID);
61
         G::$DB->set_query_id($QueryID);

+ 3
- 2
gazelle.sql View File

1188
 ) ENGINE=InnoDB CHARSET=utf8mb4;
1188
 ) ENGINE=InnoDB CHARSET=utf8mb4;
1189
 
1189
 
1190
 
1190
 
1191
+-- 2021-07-08
1191
 CREATE TABLE `torrents_group` (
1192
 CREATE TABLE `torrents_group` (
1192
   `id` int NOT NULL AUTO_INCREMENT,
1193
   `id` int NOT NULL AUTO_INCREMENT,
1193
   `category_id` tinyint DEFAULT NULL,
1194
   `category_id` tinyint DEFAULT NULL,
1194
   `title` varchar(255) DEFAULT NULL,
1195
   `title` varchar(255) DEFAULT NULL,
1195
   `subject` varchar(255) DEFAULT NULL,
1196
   `subject` varchar(255) DEFAULT NULL,
1196
   `object` varchar(255) DEFAULT NULL,
1197
   `object` varchar(255) DEFAULT NULL,
1197
-  `published` smallint DEFAULT NULL, -- todo: Change to date
1198
+  `year` smallint DEFAULT NULL,
1198
   `workgroup` varchar(255) DEFAULT NULL,
1199
   `workgroup` varchar(255) DEFAULT NULL,
1199
   `location` varchar(255) DEFAULT NULL,
1200
   `location` varchar(255) DEFAULT NULL,
1200
   `identifier` varchar(50) DEFAULT NULL,
1201
   `identifier` varchar(50) DEFAULT NULL,
1208
   PRIMARY KEY (`id`),
1208
   PRIMARY KEY (`id`),
1209
   KEY `category_id` (`category_id`),
1209
   KEY `category_id` (`category_id`),
1210
   KEY `title` (`title`),
1210
   KEY `title` (`title`),
1211
-  KEY `published` (`published`),
1211
+  KEY `year` (`year`),
1212
   KEY `timestamp` (`timestamp`),
1212
   KEY `timestamp` (`timestamp`),
1213
   KEY `revision_id` (`revision_id`);
1213
   KEY `revision_id` (`revision_id`);
1214
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
1214
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

+ 2
- 2
sections/api/artist.php View File

138
     SELECT DISTINCTROW
138
     SELECT DISTINCTROW
139
       ta.`GroupID`,
139
       ta.`GroupID`,
140
       ta.`Importance`,
140
       ta.`Importance`,
141
-      tg.`published`
141
+      tg.`year`
142
     FROM
142
     FROM
143
       `torrents_artists` AS ta
143
       `torrents_artists` AS ta
144
     JOIN `torrents_group` AS tg
144
     JOIN `torrents_group` AS tg
147
     WHERE
147
     WHERE
148
       ta.`ArtistID` = '$ArtistID'
148
       ta.`ArtistID` = '$ArtistID'
149
     ORDER BY
149
     ORDER BY
150
-      tg.`published`,
150
+      tg.`year`,
151
       tg.`Name`
151
       tg.`Name`
152
     DESC
152
     DESC
153
     ");
153
     ");

+ 7
- 3
sections/api/send_recommendation.php View File

1
 <?php
1
 <?php
2
-#declare(strict_types=1);
2
+declare(strict_types=1);
3
 
3
 
4
 $FriendID = (int) $_POST['friend'];
4
 $FriendID = (int) $_POST['friend'];
5
 $Type = $_POST['type'];
5
 $Type = $_POST['type'];
12
 }
12
 }
13
 
13
 
14
 // Make sure the recipient is on your friends list and not some random dude.
14
 // Make sure the recipient is on your friends list and not some random dude.
15
-$DB->query("
15
+$DB->prepare_query("
16
 SELECT
16
 SELECT
17
   f.`FriendID`,
17
   f.`FriendID`,
18
   u.`Username`
18
   u.`Username`
27
 WHERE
27
 WHERE
28
   f.`UserID` = '$LoggedUser[ID]' AND f.`FriendID` = '$FriendID'
28
   f.`UserID` = '$LoggedUser[ID]' AND f.`FriendID` = '$FriendID'
29
 ");
29
 ");
30
+$DB->exec_prepared_query();
30
 
31
 
31
 if (!$DB->has_results()) {
32
 if (!$DB->has_results()) {
32
     echo json_encode(array('status' => 'error', 'response' => 'Not on friend list.'));
33
     echo json_encode(array('status' => 'error', 'response' => 'Not on friend list.'));
49
     WHERE
50
     WHERE
50
       `id` = '$ID'
51
       `id` = '$ID'
51
     ");
52
     ");
52
-      break;
53
+    break;
53
 
54
 
54
     case 'artist':
55
     case 'artist':
55
     $Article = 'an';
56
     $Article = 'an';
75
       `ID` = '$ID'
76
       `ID` = '$ID'
76
     ");
77
     ");
77
     break;
78
     break;
79
+
80
+    default:
81
+    break;
78
 }
82
 }
79
 
83
 
80
 list($Name) = $DB->next_record();
84
 list($Name) = $DB->next_record();

+ 1
- 1
sections/api/top10/torrents.php View File

27
   g.`picture`,
27
   g.`picture`,
28
   g.`tag_list`,
28
   g.`tag_list`,
29
   t.`Media`,
29
   t.`Media`,
30
-  g.`published`,
30
+  g.`year`,
31
   t.`Snatched`,
31
   t.`Snatched`,
32
   t.`Seeders`,
32
   t.`Seeders`,
33
   t.`Leechers`,
33
   t.`Leechers`,

+ 4
- 2
sections/better/covers.php View File

11
       t.`GroupID` = tg.`id`
11
       t.`GroupID` = tg.`id`
12
     JOIN `xbt_snatched` AS x
12
     JOIN `xbt_snatched` AS x
13
     ON
13
     ON
14
-      x.`fid` = t.`ID` AND x.`uid` = $LoggedUser[ID]
14
+      x.`fid` = t.`ID` AND x.`uid` = '$LoggedUser[ID]'
15
     ";
15
     ";
16
     $All = false;
16
     $All = false;
17
 }
17
 }
18
 
18
 
19
-$DB->query("
19
+$DB->prepare_query("
20
 SELECT SQL_CALC_FOUND_ROWS
20
 SELECT SQL_CALC_FOUND_ROWS
21
   tg.`id`
21
   tg.`id`
22
 FROM
22
 FROM
28
   RAND()
28
   RAND()
29
 LIMIT 20
29
 LIMIT 20
30
 ");
30
 ");
31
+$DB->exec_prepared_query();
31
 
32
 
32
 $Groups = $DB->to_array('id', MYSQLI_ASSOC);
33
 $Groups = $DB->to_array('id', MYSQLI_ASSOC);
33
 $DB->query('SELECT FOUND_ROWS()');
34
 $DB->query('SELECT FOUND_ROWS()');
95
 } ?>
96
 } ?>
96
   </table>
97
   </table>
97
 </div>
98
 </div>
99
+
98
 <?php View::show_footer();
100
 <?php View::show_footer();

+ 8
- 7
sections/bookmarks/add.php View File

71
         $Cache->delete_value("bookmarks_group_ids_$UserID");
71
         $Cache->delete_value("bookmarks_group_ids_$UserID");
72
         $DB->query("
72
         $DB->query("
73
         SELECT
73
         SELECT
74
-          `Name`,
75
-          `Year`,
76
-          `WikiBody`,
77
-          `TagList`
74
+          `title`,
75
+          `year`,
76
+          `description`,
77
+          `tag_list`
78
         FROM
78
         FROM
79
           `torrents_group`
79
           `torrents_group`
80
         WHERE
80
         WHERE
81
-          `ID` = $PageID
81
+          `id` = $PageID
82
         ");
82
         ");
83
 
83
 
84
         list($GroupTitle, $Year, $Body, $TagList) = $DB->next_record();
84
         list($GroupTitle, $Year, $Body, $TagList) = $DB->next_record();
85
         $TagList = str_replace('_', '.', $TagList);
85
         $TagList = str_replace('_', '.', $TagList);
86
 
86
 
87
-        $DB->query("
87
+        $DB->prepare_query("
88
         SELECT
88
         SELECT
89
           `ID`,
89
           `ID`,
90
           `Media`,
90
           `Media`,
94
         FROM
94
         FROM
95
           `torrents`
95
           `torrents`
96
         WHERE
96
         WHERE
97
-          `GroupID` = $PageID
97
+          `GroupID` = '$PageID'
98
         ");
98
         ");
99
+        $DB->exec_prepared_query();
99
 
100
 
100
         // RSS feed stuff
101
         // RSS feed stuff
101
         while ($Torrent = $DB->next_record()) {
102
         while ($Torrent = $DB->next_record()) {

+ 92
- 93
sections/collages/add_torrent.php View File

3
 
3
 
4
 authorize();
4
 authorize();
5
 
5
 
6
-include(SERVER_ROOT.'/classes/validate.class.php');
6
+require_once SERVER_ROOT.'/classes/validate.class.php';
7
 $Val = new Validate;
7
 $Val = new Validate;
8
 
8
 
9
-function add_torrent($CollageID, $GroupID) {
10
-  global $Cache, $LoggedUser, $DB;
9
+function add_torrent($CollageID, $GroupID)
10
+{
11
+    global $Cache, $LoggedUser, $DB;
11
 
12
 
12
-  $DB->query("
13
+    $DB->query("
13
     SELECT MAX(Sort)
14
     SELECT MAX(Sort)
14
     FROM collages_torrents
15
     FROM collages_torrents
15
     WHERE CollageID = '$CollageID'");
16
     WHERE CollageID = '$CollageID'");
16
-  list($Sort) = $DB->next_record();
17
-  $Sort += 10;
17
+    list($Sort) = $DB->next_record();
18
+    $Sort += 10;
18
 
19
 
19
-  $DB->query("
20
+    $DB->query("
20
     SELECT GroupID
21
     SELECT GroupID
21
     FROM collages_torrents
22
     FROM collages_torrents
22
     WHERE CollageID = '$CollageID'
23
     WHERE CollageID = '$CollageID'
23
       AND GroupID = '$GroupID'");
24
       AND GroupID = '$GroupID'");
24
-  if (!$DB->has_results()) {
25
-    $DB->query("
25
+    if (!$DB->has_results()) {
26
+        $DB->query("
26
       INSERT IGNORE INTO collages_torrents
27
       INSERT IGNORE INTO collages_torrents
27
         (CollageID, GroupID, UserID, Sort, AddedOn)
28
         (CollageID, GroupID, UserID, Sort, AddedOn)
28
       VALUES
29
       VALUES
29
         ('$CollageID', '$GroupID', '$LoggedUser[ID]', '$Sort', '" . sqltime() . "')");
30
         ('$CollageID', '$GroupID', '$LoggedUser[ID]', '$Sort', '" . sqltime() . "')");
30
 
31
 
31
-    $DB->query("
32
+        $DB->query("
32
       UPDATE collages
33
       UPDATE collages
33
       SET NumTorrents = NumTorrents + 1, Updated = '" . sqltime() . "'
34
       SET NumTorrents = NumTorrents + 1, Updated = '" . sqltime() . "'
34
       WHERE ID = '$CollageID'");
35
       WHERE ID = '$CollageID'");
35
 
36
 
36
-    $Cache->delete_value("collage_$CollageID");
37
-    $Cache->delete_value("torrents_details_$GroupID");
38
-    $Cache->delete_value("torrent_collages_$GroupID");
39
-    $Cache->delete_value("torrent_collages_personal_$GroupID");
37
+        $Cache->delete_value("collage_$CollageID");
38
+        $Cache->delete_value("torrents_details_$GroupID");
39
+        $Cache->delete_value("torrent_collages_$GroupID");
40
+        $Cache->delete_value("torrent_collages_personal_$GroupID");
40
 
41
 
41
-    $DB->query("
42
+        $DB->query("
42
       SELECT UserID
43
       SELECT UserID
43
       FROM users_collage_subs
44
       FROM users_collage_subs
44
       WHERE CollageID = $CollageID");
45
       WHERE CollageID = $CollageID");
45
-    while (list($CacheUserID) = $DB->next_record()) {
46
-      $Cache->delete_value("collage_subs_user_new_$CacheUserID");
46
+        while (list($CacheUserID) = $DB->next_record()) {
47
+            $Cache->delete_value("collage_subs_user_new_$CacheUserID");
48
+        }
47
     }
49
     }
48
-  }
49
 }
50
 }
50
 
51
 
51
 $CollageID = $_POST['collageid'];
52
 $CollageID = $_POST['collageid'];
52
 if (!is_number($CollageID)) {
53
 if (!is_number($CollageID)) {
53
-  error(404);
54
+    error(404);
54
 }
55
 }
55
 $DB->query("
56
 $DB->query("
56
   SELECT UserID, CategoryID, Locked, NumTorrents, MaxGroups, MaxGroupsPerUser
57
   SELECT UserID, CategoryID, Locked, NumTorrents, MaxGroups, MaxGroupsPerUser
59
 list($UserID, $CategoryID, $Locked, $NumTorrents, $MaxGroups, $MaxGroupsPerUser) = $DB->next_record();
60
 list($UserID, $CategoryID, $Locked, $NumTorrents, $MaxGroups, $MaxGroupsPerUser) = $DB->next_record();
60
 
61
 
61
 if (!check_perms('site_collages_delete')) {
62
 if (!check_perms('site_collages_delete')) {
62
-  if ($Locked) {
63
-    $Err = 'This collage is locked';
64
-  }
65
-  if ($CategoryID == 0 && $UserID != $LoggedUser['ID']) {
66
-    $Err = 'You cannot edit someone else\'s personal collage.';
67
-  }
68
-  if ($MaxGroups > 0 && $NumTorrents >= $MaxGroups) {
69
-    $Err = 'This collage already holds its maximum allowed number of torrents.';
70
-  }
71
-
72
-  if (isset($Err)) {
73
-    error($Err);
74
-  }
63
+    if ($Locked) {
64
+        $Err = 'This collage is locked';
65
+    }
66
+    if ($CategoryID == 0 && $UserID != $LoggedUser['ID']) {
67
+        $Err = 'You cannot edit someone else\'s personal collage.';
68
+    }
69
+    if ($MaxGroups > 0 && $NumTorrents >= $MaxGroups) {
70
+        $Err = 'This collage already holds its maximum allowed number of torrents.';
71
+    }
72
+
73
+    if (isset($Err)) {
74
+        error($Err);
75
+    }
75
 }
76
 }
76
 
77
 
77
 if ($MaxGroupsPerUser > 0) {
78
 if ($MaxGroupsPerUser > 0) {
78
-  $DB->query("
79
+    $DB->query("
79
     SELECT COUNT(*)
80
     SELECT COUNT(*)
80
     FROM collages_torrents
81
     FROM collages_torrents
81
     WHERE CollageID = '$CollageID'
82
     WHERE CollageID = '$CollageID'
82
       AND UserID = '$LoggedUser[ID]'");
83
       AND UserID = '$LoggedUser[ID]'");
83
-  list($GroupsForUser) = $DB->next_record();
84
-  if (!check_perms('site_collages_delete') && $GroupsForUser >= $MaxGroupsPerUser) {
85
-    error(403);
86
-  }
84
+    list($GroupsForUser) = $DB->next_record();
85
+    if (!check_perms('site_collages_delete') && $GroupsForUser >= $MaxGroupsPerUser) {
86
+        error(403);
87
+    }
87
 }
88
 }
88
 
89
 
89
 if ($_REQUEST['action'] == 'add_torrent') {
90
 if ($_REQUEST['action'] == 'add_torrent') {
90
-  $Val->SetFields('url', '1', 'regex', 'The URL must be a link to a torrent on the site.', array('regex' => '/^'.TORRENT_GROUP_REGEX.'/i'));
91
-  $Err = $Val->ValidateForm($_POST);
91
+    $Val->SetFields('url', '1', 'regex', 'The URL must be a link to a torrent on the site.', array('regex' => '/^'.TORRENT_GROUP_REGEX.'/i'));
92
+    $Err = $Val->ValidateForm($_POST);
92
 
93
 
93
-  if ($Err) {
94
-    error($Err);
95
-  }
94
+    if ($Err) {
95
+        error($Err);
96
+    }
96
 
97
 
97
-  $URL = $_POST['url'];
98
+    $URL = $_POST['url'];
98
 
99
 
99
-  // Get torrent ID
100
-  preg_match('/^'.TORRENT_GROUP_REGEX.'/i', $URL, $Matches);
101
-  $TorrentID = $Matches[4];
102
-  if (!$TorrentID || (int)$TorrentID == 0) {
103
-    error(404);
104
-  }
100
+    // Get torrent ID
101
+    preg_match('/^'.TORRENT_GROUP_REGEX.'/i', $URL, $Matches);
102
+    $TorrentID = (int) $Matches[4];
103
+    Security::checkInt($TorrentID);
105
 
104
 
106
-  $DB->query("
105
+    $DB->query("
107
     SELECT ID
106
     SELECT ID
108
     FROM torrents_group
107
     FROM torrents_group
109
     WHERE ID = '$TorrentID'");
108
     WHERE ID = '$TorrentID'");
110
-  list($GroupID) = $DB->next_record();
111
-  if (!$GroupID) {
112
-    error('The torrent was not found in the database.');
113
-  }
114
-
115
-  add_torrent($CollageID, $GroupID);
116
-} else {
117
-  $URLs = explode("\n", $_REQUEST['urls']);
118
-  $GroupIDs = [];
119
-  $Err = '';
120
-  foreach ($URLs as $Key => &$URL) {
121
-    $URL = trim($URL);
122
-    if ($URL == '') {
123
-      unset($URLs[$Key]);
109
+    list($GroupID) = $DB->next_record();
110
+    if (!$GroupID) {
111
+        error('The torrent was not found in the database.');
124
     }
112
     }
125
-  }
126
-  unset($URL);
127
 
113
 
128
-  if (!check_perms('site_collages_delete')) {
129
-    if ($MaxGroups > 0 && ($NumTorrents + count($URLs) > $MaxGroups)) {
130
-      $Err = "This collage can only hold $MaxGroups torrents.";
131
-    }
132
-    if ($MaxGroupsPerUser > 0 && ($GroupsForUser + count($URLs) > $MaxGroupsPerUser)) {
133
-      $Err = "You may only have $MaxGroupsPerUser torrents in this collage.";
114
+    add_torrent($CollageID, $GroupID);
115
+} else {
116
+    $URLs = explode("\n", $_REQUEST['urls']);
117
+    $GroupIDs = [];
118
+    $Err = '';
119
+    foreach ($URLs as $Key => &$URL) {
120
+        $URL = trim($URL);
121
+        if ($URL == '') {
122
+            unset($URLs[$Key]);
123
+        }
134
     }
124
     }
135
-  }
136
-
137
-  foreach ($URLs as $URL) {
138
-    $Matches = [];
139
-    if (preg_match('/^'.TORRENT_GROUP_REGEX.'/i', $URL, $Matches)) {
140
-      $GroupIDs[] = $Matches[4];
141
-      $GroupID = $Matches[4];
142
-    } else {
143
-      $Err = "One of the entered URLs ($URL) does not correspond to a torrent group on the site.";
144
-      break;
125
+    unset($URL);
126
+
127
+    if (!check_perms('site_collages_delete')) {
128
+        if ($MaxGroups > 0 && ($NumTorrents + count($URLs) > $MaxGroups)) {
129
+            $Err = "This collage can only hold $MaxGroups torrents.";
130
+        }
131
+        if ($MaxGroupsPerUser > 0 && ($GroupsForUser + count($URLs) > $MaxGroupsPerUser)) {
132
+            $Err = "You may only have $MaxGroupsPerUser torrents in this collage.";
133
+        }
145
     }
134
     }
146
 
135
 
147
-    $DB->query("
136
+    foreach ($URLs as $URL) {
137
+        $Matches = [];
138
+        if (preg_match('/^'.TORRENT_GROUP_REGEX.'/i', $URL, $Matches)) {
139
+            $GroupIDs[] = $Matches[4];
140
+            $GroupID = $Matches[4];
141
+        } else {
142
+            $Err = "One of the entered URLs ($URL) does not correspond to a torrent group on the site.";
143
+            break;
144
+        }
145
+
146
+        $DB->query("
148
       SELECT ID
147
       SELECT ID
149
       FROM torrents_group
148
       FROM torrents_group
150
       WHERE ID = '$GroupID'");
149
       WHERE ID = '$GroupID'");
151
-    if (!$DB->has_results()) {
152
-      $Err = "One of the entered URLs ($URL) does not correspond to a torrent group on the site.";
153
-      break;
150
+        if (!$DB->has_results()) {
151
+            $Err = "One of the entered URLs ($URL) does not correspond to a torrent group on the site.";
152
+            break;
153
+        }
154
     }
154
     }
155
-  }
156
 
155
 
157
-  if ($Err) {
158
-    error($Err);
159
-  }
156
+    if ($Err) {
157
+        error($Err);
158
+    }
160
 
159
 
161
-  foreach ($GroupIDs as $GroupID) {
162
-    add_torrent($CollageID, $GroupID);
163
-  }
160
+    foreach ($GroupIDs as $GroupID) {
161
+        add_torrent($CollageID, $GroupID);
162
+    }
164
 }
163
 }
165
 header('Location: collages.php?id='.$CollageID);
164
 header('Location: collages.php?id='.$CollageID);

+ 1
- 1
sections/collages/download.php View File

59
   t.`Encoding`,
59
   t.`Encoding`,
60
   IF(
60
   IF(
61
     t.`RemasterYear` = 0,
61
     t.`RemasterYear` = 0,
62
-    tg.`published`,
62
+    tg.`year`,
63
     t.`RemasterYear`
63
     t.`RemasterYear`
64
   ) AS `Year`,
64
   ) AS `Year`,
65
   tg.`title`,
65
   tg.`title`,

+ 1
- 1
sections/schedule/daily/delete_dead_torrents.php View File

28
 $LogEntries = $DeleteNotes = [];
28
 $LogEntries = $DeleteNotes = [];
29
 
29
 
30
 // Exceptions for inactivity deletion
30
 // Exceptions for inactivity deletion
31
-$InactivityExceptionsMade = []; // UserID => expiry time of exception
31
+$InactivityExceptionsMade = [2]; // UserID => expiry time of exception
32
 
32
 
33
 $i = 0;
33
 $i = 0;
34
 foreach ($Torrents as $Torrent) {
34
 foreach ($Torrents as $Torrent) {

+ 52
- 32
sections/torrents/masspm.php View File

1
-<?
1
+<?php
2
 #declare(strict_types = 1);
2
 #declare(strict_types = 1);
3
 
3
 
4
-if (!isset($_GET['id']) || !is_number($_GET['id']) || !isset($_GET['torrentid']) || !is_number($_GET['torrentid'])) {
5
-  error(0);
6
-}
7
-$GroupID = $_GET['id'];
8
-$TorrentID = $_GET['torrentid'];
9
-
10
-$DB->query("
11
-  SELECT
12
-    t.Media,
13
-    t.FreeTorrent,
14
-    t.GroupID,
15
-    t.UserID,
16
-    t.Description AS TorrentDescription,
17
-    tg.CategoryID,
18
-    tg.Name AS Title,
19
-    tg.Year,
20
-    tg.ArtistID,
21
-    ag.Name AS ArtistName
22
-  FROM torrents AS t
23
-    JOIN torrents_group AS tg ON tg.ID=t.GroupID
24
-    LEFT JOIN artists_group AS ag ON ag.ArtistID=tg.ArtistID
25
-  WHERE t.ID='$TorrentID'");
4
+$GroupID = (int) $_GET['id'];
5
+$TorrentID = (int) $_GET['torrentid'];
6
+Security::checkInt($GroupID, $TorrentID);
26
 
7
 
27
-list($Properties) = $DB->to_array(false,MYSQLI_BOTH);
8
+$DB->prepare_query("
9
+SELECT
10
+  t.`Media`,
11
+  t.`FreeTorrent`,
12
+  t.`GroupID`,
13
+  t.`UserID`,
14
+  t.`Description` AS TorrentDescription,
15
+  tg.`category_id`,
16
+  tg.`title` AS Title,
17
+  tg.`year`,
18
+  tg.`artist_id`,
19
+  ag.`Name` AS ArtistName
20
+FROM
21
+  `torrents` AS t
22
+JOIN `torrents_group` AS tg
23
+ON
24
+  tg.`id` = t.`GroupID`
25
+LEFT JOIN `artists_group` AS ag
26
+ON
27
+  ag.`ArtistID` = tg.`artist_id`
28
+WHERE
29
+  t.`ID` = '$TorrentID'
30
+");
31
+$DB->exec_prepared_query();
28
 
32
 
33
+list($Properties) = $DB->to_array(false, MYSQLI_BOTH);
29
 if (!$Properties) {
34
 if (!$Properties) {
30
-  error(404);
35
+    error(404);
31
 }
36
 }
32
 
37
 
33
 View::show_header('Edit torrent', 'upload');
38
 View::show_header('Edit torrent', 'upload');
34
 
39
 
35
 if (!check_perms('site_moderate_requests')) {
40
 if (!check_perms('site_moderate_requests')) {
36
-  error(403);
41
+    error(403);
37
 }
42
 }
38
-
39
 ?>
43
 ?>
44
+
40
 <div>
45
 <div>
41
   <div class="header">
46
   <div class="header">
42
-    <h2>Send PM To All Snatchers Of "<?=$Properties['ArtistName']?> - <?=$Properties['Title']?>"</h2>
47
+    <h2>
48
+      Send PM to All Snatchers of
49
+      "<?=$Properties['ArtistName']?> - <?=$Properties['Title']?>"
50
+    </h2>
43
   </div>
51
   </div>
52
+
44
   <form class="send_form" name="mass_message" action="torrents.php" method="post">
53
   <form class="send_form" name="mass_message" action="torrents.php" method="post">
45
     <input type="hidden" name="action" value="takemasspm" />
54
     <input type="hidden" name="action" value="takemasspm" />
46
-    <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
55
+    <input type="hidden" name="auth"
56
+      value="<?=$LoggedUser['AuthKey']?>" />
47
     <input type="hidden" name="torrentid" value="<?=$TorrentID?>" />
57
     <input type="hidden" name="torrentid" value="<?=$TorrentID?>" />
48
     <input type="hidden" name="groupid" value="<?=$GroupID?>" />
58
     <input type="hidden" name="groupid" value="<?=$GroupID?>" />
59
+
49
     <table class="layout">
60
     <table class="layout">
50
       <tr>
61
       <tr>
51
-        <td class="label">Subject</td>
62
+        <td class="label">
63
+          Subject
64
+        </td>
65
+
52
         <td>
66
         <td>
53
           <input type="text" name="subject" value="" size="60" />
67
           <input type="text" name="subject" value="" size="60" />
54
         </td>
68
         </td>
55
       </tr>
69
       </tr>
70
+
56
       <tr>
71
       <tr>
57
-        <td class="label">Message</td>
72
+        <td class="label">
73
+          Message
74
+        </td>
75
+
58
         <td>
76
         <td>
59
           <textarea name="message" id="message" cols="60" rows="8"></textarea>
77
           <textarea name="message" id="message" cols="60" rows="8"></textarea>
60
         </td>
78
         </td>
61
       </tr>
79
       </tr>
80
+
62
       <tr>
81
       <tr>
63
         <td colspan="2" class="center">
82
         <td colspan="2" class="center">
64
           <input type="submit" value="Send Mass PM" />
83
           <input type="submit" value="Send Mass PM" />
67
     </table>
86
     </table>
68
   </form>
87
   </form>
69
 </div>
88
 </div>
70
-<? View::show_footer(); ?>
89
+
90
+<?php View::show_footer();

+ 10
- 6
sections/torrents/takenewgroup.php View File

1
 <?php
1
 <?php
2
 #declare(strict_types = 1);
2
 #declare(strict_types = 1);
3
 
3
 
4
-/***************************************************************
5
-* This page handles the backend of the "new group" function
6
-* which splits a torrent off into a new group.
7
-****************************************************************/
4
+/**
5
+ * This page handles the backend of the "new group" function
6
+ * which splits a torrent off into a new group.
7
+ */
8
 
8
 
9
+# Validate permissions
9
 authorize();
10
 authorize();
10
 
11
 
11
 if (!check_perms('torrents_edit')) {
12
 if (!check_perms('torrents_edit')) {
12
     error(403);
13
     error(403);
13
 }
14
 }
14
 
15
 
16
+# Set variables
15
 $OldGroupID = $_POST['oldgroupid'];
17
 $OldGroupID = $_POST['oldgroupid'];
16
 $TorrentID = $_POST['torrentid'];
18
 $TorrentID = $_POST['torrentid'];
17
 $ArtistName = db_string(trim($_POST['artist']));
19
 $ArtistName = db_string(trim($_POST['artist']));
18
 $Title = db_string(trim($_POST['title']));
20
 $Title = db_string(trim($_POST['title']));
19
 $Year = db_string(trim($_POST['year']));
21
 $Year = db_string(trim($_POST['year']));
20
 
22
 
21
-if (!is_number($OldGroupID) || !is_number($TorrentID) || !is_number($Year) || !$OldGroupID || !$TorrentID || !$Year || empty($Title) || empty($ArtistName)) {
22
-    error(0);
23
+# Digits, check 'em
24
+Security::checkInt($OldGroupID, $TorrentID, $Year);
25
+if (empty($Title) || empty($ArtistName)) {
26
+    error(400);
23
 }
27
 }
24
 
28
 
25
 // Everything is legit, let's just confim they're not retarded
29
 // Everything is legit, let's just confim they're not retarded

+ 3
- 2
sections/upload/upload.php View File

22
 
22
 
23
 if (empty($Properties) && !empty($_GET['groupid']) && is_number($_GET['groupid'])) {
23
 if (empty($Properties) && !empty($_GET['groupid']) && is_number($_GET['groupid'])) {
24
     $GroupID = $_GET['groupid'];
24
     $GroupID = $_GET['groupid'];
25
-    $DB->query("
25
+    $DB->prepare_query("
26
       SELECT
26
       SELECT
27
         tg.`id` as GroupID,
27
         tg.`id` as GroupID,
28
         tg.`category_id`,
28
         tg.`category_id`,
29
         tg.`title` AS Title,
29
         tg.`title` AS Title,
30
         tg.`subject`,
30
         tg.`subject`,
31
         tg.`object` AS TitleJP,
31
         tg.`object` AS TitleJP,
32
-        tg.`published`,
32
+        tg.`year`,
33
         tg.`workgroup`,
33
         tg.`workgroup`,
34
         tg.`location`,
34
         tg.`location`,
35
         tg.`identifier`,
35
         tg.`identifier`,
40
       WHERE tg.`id` = '$GroupID'
40
       WHERE tg.`id` = '$GroupID'
41
       GROUP BY tg.`id`
41
       GROUP BY tg.`id`
42
       ");
42
       ");
43
+    $DB->exec_prepared_query();
43
 
44
 
44
     if ($DB->has_results()) {
45
     if ($DB->has_results()) {
45
         list($Properties) = $DB->to_array(false, MYSQLI_BOTH);
46
         list($Properties) = $DB->to_array(false, MYSQLI_BOTH);

+ 20
- 13
sections/upload/upload_handle.php View File

129
 );
129
 );
130
 
130
 
131
 if (!$_POST['groupid']) {
131
 if (!$_POST['groupid']) {
132
-    # torrents_group.CatalogueNumber
132
+    # torrents_group.identifier
133
     $Validate->SetFields(
133
     $Validate->SetFields(
134
         'catalogue',
134
         'catalogue',
135
         '0',
135
         '0',
193
     );
193
     );
194
 
194
 
195
     /* todo: Fix the year validation
195
     /* todo: Fix the year validation
196
-    # torrents_group.published
196
+    # torrents_group.year
197
     $Validate->SetFields(
197
     $Validate->SetFields(
198
         'year',
198
         'year',
199
         '1',
199
         '1',
432
 
432
 
433
 // Does it belong in a group?
433
 // Does it belong in a group?
434
 if ($T['GroupID']) {
434
 if ($T['GroupID']) {
435
-    $DB->query("
435
+    $DB->prepare_query("
436
     SELECT
436
     SELECT
437
       `id`,
437
       `id`,
438
       `picture`,
438
       `picture`,
439
       `description`,
439
       `description`,
440
       `revision_id`,
440
       `revision_id`,
441
       `title`,
441
       `title`,
442
-      `published`,
442
+      `year`,
443
       `tag_list`
443
       `tag_list`
444
     FROM
444
     FROM
445
       `torrents_group`
445
       `torrents_group`
446
     WHERE
446
     WHERE
447
       `id` = $T[GroupID]
447
       `id` = $T[GroupID]
448
     ");
448
     ");
449
+    $DB->exec_prepared_query();
449
 
450
 
450
     if ($DB->has_results()) {
451
     if ($DB->has_results()) {
451
-        // Don't escape tg.Name. It's written directly to the log table
452
+        // Don't escape tg.title. It's written directly to the log table
452
         list($GroupID, $WikiImage, $WikiBody, $RevisionID, $T['Title'], $T['Year'], $T['TagList']) = $DB->next_record(MYSQLI_NUM, array(4));
453
         list($GroupID, $WikiImage, $WikiBody, $RevisionID, $T['Title'], $T['Year'], $T['TagList']) = $DB->next_record(MYSQLI_NUM, array(4));
453
         $T['TagList'] = str_replace(array(' ', '.', '_'), array(', ', '.', '.'), $T['TagList']);
454
         $T['TagList'] = str_replace(array(' ', '.', '_'), array(', ', '.', '.'), $T['TagList']);
454
 
455
 
521
 
522
 
522
 if (!isset($GroupID) || !$GroupID) {
523
 if (!isset($GroupID) || !$GroupID) {
523
     // Create torrent group
524
     // Create torrent group
524
-    $DB->query(
525
+    $DB->prepare_query(
525
         "
526
         "
526
       INSERT INTO torrents_group
527
       INSERT INTO torrents_group
527
-        (CategoryID, Name, Title2, NameJP, Year,
528
-        Series, Studio, CatalogueNumber, Time,
529
-        WikiBody, WikiImage)
528
+        (`category_id`, `title`, `subject`, `object`, `year`,
529
+        `location`, `workgroup`, `identifier`, `timestamp`,
530
+        `description`, `picture`)
530
       VALUES
531
       VALUES
531
         ( ?, ?, ?, ?, ?,
532
         ( ?, ?, ?, ?, ?,
532
           ?, ?, ?, NOW(),
533
           ?, ?, ?, NOW(),
542
         $Body,
543
         $Body,
543
         $T['Image']
544
         $T['Image']
544
     );
545
     );
546
+    $DB->exec_prepared_query();
545
 
547
 
546
     $GroupID = $DB->inserted_id();
548
     $GroupID = $DB->inserted_id();
547
     foreach ($ArtistForm as $Num => $Artist) {
549
     foreach ($ArtistForm as $Num => $Artist) {
631
     $RevisionID = $DB->inserted_id();
633
     $RevisionID = $DB->inserted_id();
632
 
634
 
633
     // Revision ID
635
     // Revision ID
634
-    $DB->query("
635
-      UPDATE torrents_group
636
-      SET RevisionID = ?
637
-        WHERE ID = ?", $RevisionID, $GroupID);
636
+    $DB->prepare_query("
637
+    UPDATE
638
+      `torrents_group`
639
+    SET
640
+      `revision_id` = '$RevisionID'
641
+    WHERE
642
+      `id` = '$GroupID'
643
+    ");
644
+    $DB->exec_prepared_query();
638
 }
645
 }
639
 
646
 
640
 // Tags
647
 // Tags

+ 590
- 552
sections/user/user.php
File diff suppressed because it is too large
View File


+ 7
- 7
sections/userhistory/token_history.php View File

38
 
38
 
39
     $UserID = $_GET['userid'];
39
     $UserID = $_GET['userid'];
40
     $TorrentID = $_GET['torrentid'];
40
     $TorrentID = $_GET['torrentid'];
41
+    Security::checkInt($UserID, $TorrentID);
41
 
42
 
42
-    if (!is_number($UserID) || !is_number($TorrentID)) {
43
-        error(403);
44
-    }
45
-
46
-    $DB->query("
43
+    $DB->prepare_query("
47
     SELECT
44
     SELECT
48
       HEX(`info_hash`)
45
       HEX(`info_hash`)
49
     FROM
46
     FROM
51
     WHERE
48
     WHERE
52
       `ID` = '$TorrentID'
49
       `ID` = '$TorrentID'
53
     ");
50
     ");
51
+    $DB->exec_prepared_query();
54
 
52
 
55
     if (list($InfoHash) = $DB->next_record(MYSQLI_NUM, false)) {
53
     if (list($InfoHash) = $DB->next_record(MYSQLI_NUM, false)) {
56
-        $DB->query("
54
+        $DB->prepare_query("
57
         UPDATE
55
         UPDATE
58
           `users_freeleeches`
56
           `users_freeleeches`
59
         SET
57
         SET
61
         WHERE
59
         WHERE
62
           `UserID` = '$UserID' AND `TorrentID` = '$TorrentID'
60
           `UserID` = '$UserID' AND `TorrentID` = '$TorrentID'
63
         ");
61
         ");
62
+        $DB->exec_prepared_query();
64
 
63
 
65
         $Cache->delete_value("users_tokens_$UserID");
64
         $Cache->delete_value("users_tokens_$UserID");
66
         Tracker::update_tracker(
65
         Tracker::update_tracker(
75
 View::show_header('Freeleech token history');
74
 View::show_header('Freeleech token history');
76
 list($Page, $Limit) = Format::page_limit(25);
75
 list($Page, $Limit) = Format::page_limit(25);
77
 
76
 
78
-$DB->query("
77
+$DB->prepare_query("
79
 SELECT SQL_CALC_FOUND_ROWS
78
 SELECT SQL_CALC_FOUND_ROWS
80
   f.`TorrentID`,
79
   f.`TorrentID`,
81
   t.`GroupID`,
80
   t.`GroupID`,
99
 DESC
98
 DESC
100
 LIMIT $Limit
99
 LIMIT $Limit
101
 ");
100
 ");
101
+$DB->exec_prepared_query();
102
 
102
 
103
 $Tokens = $DB->to_array();
103
 $Tokens = $DB->to_array();
104
 $DB->query('SELECT FOUND_ROWS()');
104
 $DB->query('SELECT FOUND_ROWS()');

+ 1
- 1
sphinx.conf View File

35
     sql_query_pre = INSERT INTO sphinx_tg \
35
     sql_query_pre = INSERT INTO sphinx_tg \
36
         (id, name, namejp, tags, year, cnumber, catid, \
36
         (id, name, namejp, tags, year, cnumber, catid, \
37
             studio, series) \
37
             studio, series) \
38
-        SELECT id, title, subject, tag_list, published, identifier, \
38
+        SELECT id, title, subject, tag_list, year, identifier, \
39
             category_id, workgroup, location \
39
             category_id, workgroup, location \
40
         FROM torrents_group \
40
         FROM torrents_group \
41
         WHERE time < @starttime
41
         WHERE time < @starttime

Loading…
Cancel
Save