Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
700 Commits
2 Branches
Tree: 3fb7eb7c9b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3fb7eb7c9b'
${ noResults }
Gazelle/classes/script_start.php

script_start.php 15KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437 
  1. <?php

  2. 

  3. /*-- Script Start Class --------------------------------*/

  4. /*------------------------------------------------------*/

  5. /* This isnt really a class but a way to tie other      */

  6. /* classes and functions used all over the site to the  */

  7. /* page currently being displayed.                      */

  8. /*------------------------------------------------------*/

  9. /* The code that includes the main php files and    */

  10. /* generates the page are at the bottom.        */

  11. /*------------------------------------------------------*/

  12. /********************************************************/

  13. 

  14. require 'config.php'; // The config contains all site wide configuration information

  15. 

  16. // Check for common setup pitfalls

  17. if (!ini_get('short_open_tag')) {

  18.     die('short_open_tag must be On in php.ini');

  19. }

  20. 

  21. if (!extension_loaded('apcu')) {

  22.     die('APCu extension not loaded');

  23. }

  24. 

  25. // Deal with dumbasses

  26. if (isset($_REQUEST['info_hash']) && isset($_REQUEST['peer_id'])) {

  27.     die('d14:failure reason40:Invalid .torrent, try downloading again.e');

  28. }

  29. 

  30. require(SERVER_ROOT.'/classes/proxies.class.php');

  31. 

  32. // Get the user's actual IP address if they're proxied.

  33. // Or if cloudflare is used

  34. if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {

  35.     $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];

  36. }

  37. 

  38. if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])

  39.     && proxyCheck($_SERVER['REMOTE_ADDR'])

  40.     && filter_var(

  41.         $_SERVER['HTTP_X_FORWARDED_FOR'],

  42.         FILTER_VALIDATE_IP,

  43.         FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE

  44.     )) {

  45.     $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];

  46. }

  47. 

  48. if (!isset($argv) && !empty($_SERVER['HTTP_HOST'])) {

  49.     // Skip this block if running from cli or if the browser is old and shitty

  50.     // This should really be done in nginx config

  51.     // todo: Remove

  52.     if ($_SERVER['HTTP_HOST'] == 'www.'.SITE_DOMAIN) {

  53.         header('Location: https://'.SITE_DOMAIN.$_SERVER['REQUEST_URI']);

  54.         die();

  55.     }

  56. }

  57. 

  58. $ScriptStartTime = microtime(true); // To track how long a page takes to create

  59. if (!defined('PHP_WINDOWS_VERSION_MAJOR')) {

  60.     $RUsage = getrusage();

  61.     $CPUTimeStart = $RUsage['ru_utime.tv_sec'] * 1000000 + $RUsage['ru_utime.tv_usec'];

  62. }

  63. ob_start(); // Start a buffer, mainly in case there is a mysql error

  64. 

  65. require SERVER_ROOT.'/classes/debug.class.php'; // Require the debug class

  66. require SERVER_ROOT.'/classes/mysql.class.php'; // Require the database wrapper

  67. require SERVER_ROOT.'/classes/cache.class.php'; // Require the caching class

  68. require SERVER_ROOT.'/classes/time.class.php'; // Require the time class

  69. require SERVER_ROOT.'/classes/paranoia.class.php'; // Require the paranoia check_paranoia function

  70. require SERVER_ROOT.'/classes/regex.php';

  71. require SERVER_ROOT.'/classes/util.php';

  72. 

  73. $Debug = new DEBUG;

  74. $Debug->handle_errors();

  75. $Debug->set_flag('Debug constructed');

  76. 

  77. $DB = new DB_MYSQL;

  78. $Cache = new Cache(MEMCACHED_SERVERS);

  79. 

  80. // Autoload classes.

  81. require(SERVER_ROOT.'/classes/classloader.php');

  82. 

  83. // Note: G::initialize is called twice.

  84. // This is necessary as the code inbetween (initialization of $LoggedUser) makes use of G::$DB and G::$Cache.

  85. // todo: Remove one of the calls once we're moving everything into that class

  86. G::initialize();

  87. 

  88. //Begin browser identification

  89. $Browser = UserAgent::browser($_SERVER['HTTP_USER_AGENT']);

  90. $OperatingSystem = UserAgent::operating_system($_SERVER['HTTP_USER_AGENT']);

  91. 

  92. $Debug->set_flag('start user handling');

  93. 

  94. // Get classes

  95. // todo: Remove these globals, replace by calls into Users

  96. list($Classes, $ClassLevels) = Users::get_classes();

  97. 

  98. //-- Load user information

  99. // User info is broken up into many sections

  100. // Heavy - Things that the site never has to look at if the user isn't logged in (as opposed to things like the class, donor status, etc)

  101. // Light - Things that appear in format_user

  102. // Stats - Uploaded and downloaded - can be updated by a script if you want super speed

  103. // Session data - Information about the specific session

  104. // Enabled - if the user's enabled or not

  105. // Permissions

  106. 

  107. if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {

  108.     $SessionID = $_COOKIE['session'];

  109.     $LoggedUser['ID'] = (int)$_COOKIE['userid'];

  110. 

  111.     $UserID = $LoggedUser['ID']; //todo: UserID should not be LoggedUser

  112. 

  113.     if (!$LoggedUser['ID'] || !$SessionID) {

  114.         logout();

  115.     }

  116. 

  117.     $UserSessions = $Cache->get_value("users_sessions_$UserID");

  118.     if (!is_array($UserSessions)) {

  119.         $DB->query(

  120.             "

  121.         SELECT

  122.           SessionID,

  123.           Browser,

  124.           OperatingSystem,

  125.           IP,

  126.           LastUpdate

  127.         FROM users_sessions

  128.           WHERE UserID = '$UserID'

  129.           AND Active = 1

  130.         ORDER BY LastUpdate DESC"

  131.         );

  132. 

  133.         $UserSessions = $DB->to_array('SessionID', MYSQLI_ASSOC);

  134.         $Cache->cache_value("users_sessions_$UserID", $UserSessions, 0);

  135.     }

  136. 

  137.     if (!array_key_exists($SessionID, $UserSessions)) {

  138.         logout();

  139.     }

  140. 

  141.     // Check if user is enabled

  142.     $Enabled = $Cache->get_value('enabled_'.$LoggedUser['ID']);

  143.     if ($Enabled === false) {

  144.         $DB->query("

  145.         SELECT Enabled

  146.           FROM users_main

  147.           WHERE ID = '$LoggedUser[ID]'");

  148. 

  149.         list($Enabled) = $DB->next_record();

  150.         $Cache->cache_value('enabled_'.$LoggedUser['ID'], $Enabled, 0);

  151.     }

  152. 

  153.     # todo: Check strict equality

  154.     if ($Enabled == 2) {

  155.         logout();

  156.     }

  157. 

  158.     // Up/Down stats

  159.     $UserStats = $Cache->get_value('user_stats_'.$LoggedUser['ID']);

  160.     if (!is_array($UserStats)) {

  161.         $DB->query("

  162.         SELECT Uploaded AS BytesUploaded, Downloaded AS BytesDownloaded, RequiredRatio

  163.         FROM users_main

  164.           WHERE ID = '$LoggedUser[ID]'");

  165. 

  166.         $UserStats = $DB->next_record(MYSQLI_ASSOC);

  167.         $Cache->cache_value('user_stats_'.$LoggedUser['ID'], $UserStats, 3600);

  168.     }

  169. 

  170.     // Get info such as username

  171.     $LightInfo = Users::user_info($LoggedUser['ID']);

  172.     $HeavyInfo = Users::user_heavy_info($LoggedUser['ID']);

  173. 

  174.     // Create LoggedUser array

  175.     $LoggedUser = array_merge($HeavyInfo, $LightInfo, $UserStats);

  176.     $LoggedUser['RSS_Auth'] = md5($LoggedUser['ID'] . RSS_HASH . $LoggedUser['torrent_pass']);

  177. 

  178.     // $LoggedUser['RatioWatch'] as a bool to disable things for users on Ratio Watch

  179.     $LoggedUser['RatioWatch'] = (

  180.         $LoggedUser['RatioWatchEnds']

  181.      && time() < strtotime($LoggedUser['RatioWatchEnds'])

  182.      && ($LoggedUser['BytesDownloaded'] * $LoggedUser['RequiredRatio']) > $LoggedUser['BytesUploaded']

  183.     );

  184. 

  185.     // Load in the permissions

  186.     $LoggedUser['Permissions'] = Permissions::get_permissions_for_user($LoggedUser['ID'], $LoggedUser['CustomPermissions']);

  187.     $LoggedUser['Permissions']['MaxCollages'] += Donations::get_personal_collages($LoggedUser['ID']);

  188. 

  189.     // Change necessary triggers in external components

  190.     $Cache->CanClear = check_perms('admin_clear_cache');

  191. 

  192.     // Because we <3 our staff

  193.     if (check_perms('site_disable_ip_history')) {

  194.         $_SERVER['REMOTE_ADDR'] = '127.0.0.1';

  195.     }

  196. 

  197.     // Update LastUpdate every 10 minutes

  198.     if (strtotime($UserSessions[$SessionID]['LastUpdate']) + 600 < time()) {

  199.         $DB->query("

  200.         UPDATE users_main

  201.         SET LastAccess = NOW()

  202.           WHERE ID = '$LoggedUser[ID]'");

  203. 

  204.         $SessionQuery =

  205.        "UPDATE users_sessions

  206.           SET ";

  207. 

  208.         // Only update IP if we have an encryption key in memory

  209.         if (apcu_exists('DBKEY')) {

  210.             $SessionQuery .= "IP = '".Crypto::encrypt($_SERVER['REMOTE_ADDR'])."', ";

  211.         }

  212. 

  213.         $SessionQuery .=

  214.        "Browser = '$Browser',

  215.         OperatingSystem = '$OperatingSystem',

  216.         LastUpdate = NOW()

  217.         WHERE UserID = '$LoggedUser[ID]'

  218.         AND SessionID = '".db_string($SessionID)."'";

  219. 

  220.         $DB->query($SessionQuery);

  221.         $Cache->begin_transaction("users_sessions_$UserID");

  222.         $Cache->delete_row($SessionID);

  223. 

  224.         $UsersSessionCache = array(

  225.         'SessionID' => $SessionID,

  226.         'Browser' => $Browser,

  227.         'OperatingSystem' => $OperatingSystem,

  228.         'IP' => (apcu_exists('DBKEY') ? Crypto::encrypt($_SERVER['REMOTE_ADDR']) : $UserSessions[$SessionID]['IP']),

  229.         'LastUpdate' => sqltime() );

  230. 

  231.         $Cache->insert_front($SessionID, $UsersSessionCache);

  232.         $Cache->commit_transaction(0);

  233.     }

  234. 

  235.     // Notifications

  236.     if (isset($LoggedUser['Permissions']['site_torrents_notify'])) {

  237.         $LoggedUser['Notify'] = $Cache->get_value('notify_filters_'.$LoggedUser['ID']);

  238.         if (!is_array($LoggedUser['Notify'])) {

  239.             $DB->query("

  240.             SELECT ID, Label

  241.             FROM users_notify_filters

  242.               WHERE UserID = '$LoggedUser[ID]'");

  243. 

  244.             $LoggedUser['Notify'] = $DB->to_array('ID');

  245.             $Cache->cache_value('notify_filters_'.$LoggedUser['ID'], $LoggedUser['Notify'], 2592000);

  246.         }

  247.     }

  248. 

  249.     // We've never had to disable the wiki privs of anyone.

  250.     if ($LoggedUser['DisableWiki']) {

  251.         unset($LoggedUser['Permissions']['site_edit_wiki']);

  252.     }

  253. 

  254.     // IP changed

  255.     if (apcu_exists('DBKEY') && Crypto::decrypt($LoggedUser['IP']) != $_SERVER['REMOTE_ADDR'] && !check_perms('site_disable_ip_history')) {

  256.         if (Tools::site_ban_ip($_SERVER['REMOTE_ADDR'])) {

  257.             error('Your IP address has been banned.');

  258.         }

  259. 

  260.         $CurIP = db_string($LoggedUser['IP']);

  261.         $NewIP = db_string($_SERVER['REMOTE_ADDR']);

  262.         $DB->query("

  263.         SELECT IP

  264.         FROM users_history_ips

  265.           WHERE EndTime IS NULL

  266.           AND UserID = '$LoggedUser[ID]'");

  267. 

  268.         while (list($EncIP) = $DB->next_record()) {

  269.             if (Crypto::decrypt($EncIP) == $CurIP) {

  270.                 $CurIP = $EncIP;

  271.                 // CurIP is now the encrypted IP that was already in the database (for matching)

  272.                 break;

  273.             }

  274.         }

  275. 

  276.         $DB->query("

  277.         UPDATE users_history_ips

  278.         SET EndTime = NOW()

  279.           WHERE EndTime IS NULL

  280.           AND UserID = '$LoggedUser[ID]'

  281.           AND IP = '$CurIP'");

  282. 

  283.         $DB->query("

  284.         INSERT IGNORE INTO users_history_ips

  285.           (UserID, IP, StartTime)

  286.         VALUES

  287.           ('$LoggedUser[ID]', '".Crypto::encrypt($NewIP)."', NOW())");

  288. 

  289.         $ipcc = Tools::geoip($NewIP);

  290.         $DB->query("

  291.         UPDATE users_main

  292.         SET IP = '".Crypto::encrypt($NewIP)."', ipcc = '$ipcc'

  293.           WHERE ID = '$LoggedUser[ID]'");

  294. 

  295.         $Cache->begin_transaction('user_info_heavy_'.$LoggedUser['ID']);

  296.         $Cache->update_row(false, array('IP' => Crypto::encrypt($_SERVER['REMOTE_ADDR'])));

  297.         $Cache->commit_transaction(0);

  298.     }

  299. 

  300.     // Get stylesheets

  301.     $Stylesheets = $Cache->get_value('stylesheets');

  302.     if (!is_array($Stylesheets)) {

  303.         $DB->query('

  304.         SELECT

  305.           ID,

  306.           LOWER(REPLACE(Name, " ", "_")) AS Name,

  307.           Name AS ProperName,

  308.           LOWER(REPLACE(Additions, " ", "_")) AS Additions,

  309.           Additions AS ProperAdditions

  310.         FROM stylesheets');

  311. 

  312.         $Stylesheets = $DB->to_array('ID', MYSQLI_BOTH);

  313.         $Cache->cache_value('stylesheets', $Stylesheets, 0);

  314.     }

  315. 

  316.     // todo: Clean up this messy solution

  317.     $LoggedUser['StyleName'] = $Stylesheets[$LoggedUser['StyleID']]['Name'];

  318.     if (empty($LoggedUser['Username'])) {

  319.         logout(); // Ghost

  320.     }

  321. }

  322. 

  323. G::initialize();

  324. $Debug->set_flag('end user handling');

  325. $Debug->set_flag('start function definitions');

  326. 

  327. /**

  328.  * Log out the current session

  329.  */

  330. function logout()

  331. {

  332.     global $SessionID;

  333.     setcookie('session', '', time() - 60 * 60 * 24 * 365, '/', '', false);

  334.     setcookie('userid', '', time() - 60 * 60 * 24 * 365, '/', '', false);

  335.     setcookie('keeplogged', '', time() - 60 * 60 * 24 * 365, '/', '', false);

  336. 

  337.     if ($SessionID) {

  338.         G::$DB->query("

  339.         DELETE FROM users_sessions

  340.           WHERE UserID = '" . G::$LoggedUser['ID'] . "'

  341.           AND SessionID = '".db_string($SessionID)."'");

  342. 

  343.         G::$Cache->begin_transaction('users_sessions_' . G::$LoggedUser['ID']);

  344.         G::$Cache->delete_row($SessionID);

  345.         G::$Cache->commit_transaction(0);

  346.     }

  347. 

  348.     G::$Cache->delete_value('user_info_' . G::$LoggedUser['ID']);

  349.     G::$Cache->delete_value('user_stats_' . G::$LoggedUser['ID']);

  350.     G::$Cache->delete_value('user_info_heavy_' . G::$LoggedUser['ID']);

  351. 

  352.     header('Location: login.php');

  353.     die();

  354. }

  355. 

  356. function logout_all_sessions()

  357. {

  358.     $UserID = G::$LoggedUser['ID'];

  359. 

  360.     G::$DB->query("

  361.     DELETE FROM users_sessions

  362.       WHERE UserID = '$UserID'");

  363. 

  364.     G::$Cache->delete_value('users_sessions_' . $UserID);

  365.     logout();

  366. }

  367. 

  368. function enforce_login()

  369. {

  370.     global $SessionID;

  371.     if (!$SessionID || !G::$LoggedUser) {

  372.         setcookie('redirect', $_SERVER['REQUEST_URI'], time() + 60 * 30, '/', '', false);

  373.         logout();

  374.     }

  375. }

  376. 

  377. /**

  378.  * Make sure $_GET['auth'] is the same as the user's authorization key

  379.  * Should be used for any user action that relies solely on GET.

  380.  *

  381.  * @param Are we using ajax?

  382.  * @return authorisation status. Prints an error message to LAB_CHAN on IRC on failure.

  383.  */

  384. function authorize($Ajax = false)

  385. {

  386.     if (empty($_REQUEST['auth']) || $_REQUEST['auth'] != G::$LoggedUser['AuthKey']) {

  387.         send_irc("PRIVMSG ".LAB_CHAN." :".G::$LoggedUser['Username']." just failed authorize on ".$_SERVER['REQUEST_URI'].(!empty($_SERVER['HTTP_REFERER']) ? " coming from ".$_SERVER['HTTP_REFERER'] : ""));

  388.         error('Invalid authorization key. Go back, refresh, and try again.', $Ajax);

  389.         return false;

  390.     }

  391.     return true;

  392. }

  393. 

  394. $Debug->set_flag('ending function definitions');

  395. //Include /sections/*/index.php

  396. $Document = basename(parse_url($_SERVER['SCRIPT_FILENAME'], PHP_URL_PATH), '.php');

  397. if (!preg_match('/^[a-z0-9]+$/i', $Document)) {

  398.     error(404);

  399. }

  400. 

  401. $StripPostKeys = array_fill_keys(array('password', 'cur_pass', 'new_pass_1', 'new_pass_2', 'verifypassword', 'confirm_password', 'ChangePassword', 'Password'), true);

  402. $Cache->cache_value('php_' . getmypid(), array(

  403.   'start' => sqltime(),

  404.   'document' => $Document,

  405.   'query' => $_SERVER['QUERY_STRING'],

  406.   'get' => $_GET,

  407.   'post' => array_diff_key($_POST, $StripPostKeys)), 600);

  408. 

  409. // Locked account constant

  410. define('STAFF_LOCKED', 1);

  411. 

  412. $AllowedPages = ['staffpm', 'ajax', 'locked', 'logout', 'login'];

  413. if (isset(G::$LoggedUser['LockedAccount']) && !in_array($Document, $AllowedPages)) {

  414.     require(SERVER_ROOT . '/sections/locked/index.php');

  415. } else {

  416.     require(SERVER_ROOT . '/sections/' . $Document . '/index.php');

  417. }

  418. 

  419. $Debug->set_flag('completed module execution');

  420. 

  421. /* Required in the absence of session_start() for providing that pages will change

  422. upon hit rather than being browser cached for changing content.

  423. 

  424. Old versions of Internet Explorer choke when downloading binary files over HTTPS with disabled cache.

  425. Define the following constant in files that handle file downloads */

  426. if (!defined('SKIP_NO_CACHE_HEADERS')) {

  427.     header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');

  428.     header('Pragma: no-cache');

  429. }

  430. 

  431. // Flush to user

  432. ob_end_flush();

  433. 

  434. $Debug->set_flag('set headers and send to user');

  435. 

  436. // Attribute profiling

  437. $Debug->profile();