Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1105 Commits
2 Branches
Tree: 443a75e6db
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '443a75e6db'
${ noResults }
Gazelle/sections/user/take_edit.php

take_edit.php 13KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383 
  1. <?php

  2. #declare(strict_types=1);

  3. 

  4. /**

  5.  * START CHECKS

  6.  */

  7. 

  8. authorize();

  9. $UserID = (int) $_REQUEST['userid'];

  10. Security::checkInt($UserID);

  11. 

  12. // For this entire page, we should generally be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[]

  13. $U = Users::user_info($UserID);

  14. 

  15. if (!$U) {

  16.     error(404);

  17. }

  18. 

  19. $Permissions = Permissions::get_permissions($U['PermissionID']);

  20. if ((int) $UserID !== $LoggedUser['ID'] && !check_perms('users_edit_profiles', $Permissions['Class'])) {

  21.     send_irc(ADMIN_CHAN, 'User '.$LoggedUser['Username'].' ('.site_url().'user.php?id='.$LoggedUser['ID'].') just tried to edit the profile of '.site_url().'user.php?id='.$_REQUEST['userid']);

  22.     error(403);

  23. }

  24. 

  25. $Val->SetFields('stylesheet', 1, "number", "You forgot to select a stylesheet.");

  26. $Val->SetFields('styleurl', 0, "regex", "You did not enter a valid stylesheet URL.", ['regex' => '/^'.CSS_REGEX.'$/i']);

  27. // The next two are commented out because the drop-down menus were replaced with a check box and radio buttons

  28. //$Val->SetFields('disablegrouping', 0, "number", "You forgot to select your torrent grouping option.");

  29. //$Val->SetFields('torrentgrouping', 0, "number", "You forgot to select your torrent grouping option.");

  30. $Val->SetFields('postsperpage', 1, "number", "You forgot to select your posts per page option.", ['inarray' => [25, 50, 100]]);

  31. //$Val->SetFields('hidecollage', 1, "number", "You forgot to select your collage option.", ['minlength' => 0, 'maxlength' => 1]);

  32. $Val->SetFields('collagecovers', 1, "number", "You forgot to select your collage option.");

  33. $Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar URL.", ['regex' => "/^".IMAGE_REGEX."$/i"]);

  34. $Val->SetFields('email', 1, "email", "You did not enter a valid email address.");

  35. $Val->SetFields('irckey', 0, "string", "You did not enter a valid IRC key. An IRC key must be between 6 and 32 characters long.", ['minlength' => 6, 'maxlength' => 32]);

  36. $Val->SetFields('new_pass_1', 0, "regex", "You did not enter a valid password. A valid password is 15 characters or longer.", ['regex' => '/(?=^.{15,}$).*$/']);

  37. #$Val->SetFields('new_pass_1', 0, "regex", "You did not enter a valid password. A valid password is 6 characters or longer.", ['regex' => '/(?=^.{6,}$).*$/']);

  38. $Val->SetFields('new_pass_2', 1, "compare", "Your passwords do not match.", ['comparefield' => 'new_pass_1']);

  39. 

  40. /*

  41. if (check_perms('site_advanced_search')) {

  42.     $Val->SetFields('searchtype', 1, "number", "You forgot to select your default search preference.", ['minlength' => 0, 'maxlength' => 1]);

  43. }

  44. */

  45. 

  46. $ValErr = $Val->ValidateForm($_POST);

  47. if ($ValErr) {

  48.     error($ValErr);

  49. }

  50. 

  51. if (!apcu_exists('DBKEY')) {

  52.     error("Cannot edit profile until database fully decrypted");

  53. }

  54. 

  55. /**

  56.  * END CHECKS

  57.  */

  58. 

  59. // Begin building $Paranoia

  60. // Reduce the user's input paranoia until it becomes consistent

  61. if (isset($_POST['p_uniquegroups_l'])) {

  62.     $_POST['p_uploads_l'] = 'on';

  63.     $_POST['p_uploads_c'] = 'on';

  64. }

  65. 

  66. if (isset($_POST['p_uploads_l'])) {

  67.     $_POST['p_uniquegroups_l'] = 'on';

  68.     $_POST['p_uniquegroups_c'] = 'on';

  69.     $_POST['p_perfectflacs_l'] = 'on';

  70.     $_POST['p_perfectflacs_c'] = 'on';

  71.     $_POST['p_artistsadded'] = 'on';

  72. }

  73. 

  74. if (isset($_POST['p_collagecontribs_l'])) {

  75.     $_POST['p_collages_l'] = 'on';

  76.     $_POST['p_collages_c'] = 'on';

  77. }

  78. 

  79. if (isset($_POST['p_snatched_c']) && isset($_POST['p_seeding_c']) && isset($_POST['p_downloaded'])) {

  80.     $_POST['p_requiredratio'] = 'on';

  81. }

  82. 

  83. // if showing exactly 2 of stats, show all 3 of stats

  84. $StatsShown = 0;

  85. $Stats = ['downloaded', 'uploaded', 'ratio'];

  86. foreach ($Stats as $S) {

  87.     if (isset($_POST["p_$S"])) {

  88.         $StatsShown++;

  89.     }

  90. }

  91. 

  92. if ($StatsShown === 2) {

  93.     foreach ($Stats as $S) {

  94.         $_POST["p_$S"] = 'on';

  95.     }

  96. }

  97. 

  98. $Paranoia = [];

  99. $Checkboxes = ['downloaded', 'uploaded', 'ratio', 'lastseen', 'requiredratio', 'invitedcount', 'artistsadded', 'notifications'];

  100. foreach ($Checkboxes as $C) {

  101.     if (!isset($_POST["p_$C"])) {

  102.         $Paranoia[] = $C;

  103.     }

  104. }

  105. 

  106. $SimpleSelects = ['torrentcomments', 'collages', 'collagecontribs', 'uploads', 'uniquegroups', 'perfectflacs', 'seeding', 'leeching', 'snatched'];

  107. foreach ($SimpleSelects as $S) {

  108.     if (!isset($_POST["p_$S".'_c']) && !isset($_POST["p_$S".'_l'])) {

  109.         // Very paranoid - don't show count or list

  110.         $Paranoia[] = "$S+";

  111.     } elseif (!isset($_POST["p_$S".'_l'])) {

  112.         // A little paranoid - show count, don't show list

  113.         $Paranoia[] = $S;

  114.     }

  115. }

  116. 

  117. $Bounties = ['requestsfilled', 'requestsvoted'];

  118. foreach ($Bounties as $B) {

  119.     if (isset($_POST["p_$B".'_list'])) {

  120.         $_POST["p_$B".'_count'] = 'on';

  121.         $_POST["p_$B".'_bounty'] = 'on';

  122.     }

  123. 

  124.     if (!isset($_POST["p_$B".'_list'])) {

  125.         $Paranoia[] = $B.'_list';

  126.     }

  127. 

  128.     if (!isset($_POST["p_$B".'_count'])) {

  129.         $Paranoia[] = $B.'_count';

  130.     }

  131. 

  132.     if (!isset($_POST["p_$B".'_bounty'])) {

  133.         $Paranoia[] = $B.'_bounty';

  134.     }

  135. }

  136. 

  137. if (!isset($_POST['p_donor_heart'])) {

  138.     $Paranoia[] = 'hide_donor_heart';

  139. }

  140. 

  141. if (isset($_POST['p_donor_stats'])) {

  142.     Donations::show_stats($UserID);

  143. } else {

  144.     Donations::hide_stats($UserID);

  145. }

  146. 

  147. // End building $Paranoia

  148. 

  149. $DB->query("

  150.   SELECT Email, PassHash, IRCKey

  151.   FROM users_main

  152.   WHERE ID = ?", $UserID);

  153. list($CurEmail, $CurPassHash, $CurIRCKey) = $DB->next_record();

  154. 

  155. function require_password($Setting = false)

  156. {

  157.     global $CurPassHash;

  158.     if (empty($_POST['cur_pass'])) {

  159.         error('A setting you changed requires you to enter your current password'.($Setting ? ' (Setting: '.$Setting.')' : ''));

  160.     }

  161. 

  162.     if (!Users::check_password($_POST['cur_pass'], $CurPassHash)) {

  163.         error('The password you entered was incorrect'.($Setting ? ' (Required by setting: '.$Setting.')' : ''));

  164.     }

  165. }

  166. 

  167. // Email change

  168. $CurEmail = Crypto::decrypt($CurEmail);

  169. if ($CurEmail !== $_POST['email']) {

  170. 

  171.   // Non-admins have to authenticate to change email

  172.     if (!check_perms('users_edit_profiles')) {

  173.         require_password("Change Email");

  174.     }

  175. 

  176.     // Update the time of their last email change to the current time *not* the current change.

  177.     $DB->query("

  178.       UPDATE users_history_emails

  179.       SET Time = NOW()

  180.       WHERE UserID = ?

  181.         AND Time IS NULL", $UserID);

  182. 

  183.     $DB->query("

  184.       INSERT INTO users_history_emails

  185.         (UserID, Email, Time, IP)

  186.       VALUES

  187.         (?, ?, NULL, ?)", $UserID, Crypto::encrypt($_POST['email']), Crypto::encrypt($_SERVER['REMOTE_ADDR']));

  188. }

  189. 

  190. if (!empty($_POST['new_pass_1']) && !empty($_POST['new_pass_2'])) {

  191.     require_password("Change Password");

  192.     $ResetPassword = true;

  193. }

  194. 

  195. if ($CurIRCKey != $_POST['irckey']) {

  196.     require_password("Change IRC Key");

  197. }

  198. 

  199. if (isset($_POST['resetpasskey'])) {

  200.     require_password("Reset Passkey");

  201. }

  202. 

  203. if ($LoggedUser['DisableAvatar'] && $_POST['avatar'] != $U['Avatar']) {

  204.     error('Your avatar privileges have been revoked.');

  205. }

  206. 

  207. if (!empty($LoggedUser['DefaultSearch'])) {

  208.     $Options['DefaultSearch'] = $LoggedUser['DefaultSearch'];

  209. }

  210. 

  211. $Options['DisableGrouping2']   = (!empty($_POST['disablegrouping']) ? 0 : 1);

  212. $Options['TorrentGrouping']    = (!empty($_POST['torrentgrouping']) ? 1 : 0);

  213. $Options['PostsPerPage']       = (int)$_POST['postsperpage'];

  214. $Options['CollageCovers']      = (empty($_POST['collagecovers']) ? 0 : $_POST['collagecovers']);

  215. $Options['ShowTorFilter']      = (empty($_POST['showtfilter']) ? 0 : 1);

  216. $Options['ShowTags']           = (!empty($_POST['showtags']) ? 1 : 0);

  217. $Options['AutoSubscribe']      = (!empty($_POST['autosubscribe']) ? 1 : 0);

  218. $Options['DisableSmileys']     = (!empty($_POST['disablesmileys']) ? 1 : 0);

  219. $Options['AutoloadCommStats']  = (check_perms('users_mod') && !empty($_POST['autoload_comm_stats']) ? 1 : 0);

  220. $Options['DisableAvatars']     = db_string($_POST['disableavatars']);

  221. $Options['Identicons']         = (!empty($_POST['identicons']) ? (int)$_POST['identicons'] : 0);

  222. $Options['DisablePMAvatars']   = (!empty($_POST['disablepmavatars']) ? 1 : 0);

  223. $Options['NotifyOnQuote']      = (!empty($_POST['notifications_Quotes_popup']) ? 1 : 0);

  224. $Options['ListUnreadPMsFirst'] = (!empty($_POST['list_unread_pms_first']) ? 1 : 0);

  225. $Options['ShowSnatched']       = (!empty($_POST['showsnatched']) ? 1 : 0);

  226. $Options['DisableAutoSave']    = (!empty($_POST['disableautosave']) ? 1 : 0);

  227. $Options['CoverArt']           = (int)!empty($_POST['coverart']);

  228. $Options['ShowExtraCovers']    = (int)!empty($_POST['show_extra_covers']);

  229. $Options['HideLolicon']        = (int)!empty($_POST['hide_lolicon']);

  230. $Options['HideScat']           = (int)!empty($_POST['hide_scat']);

  231. $Options['HideSnuff']          = (int)!empty($_POST['hide_snuff']);

  232. $Options['AutoComplete']       = (int)$_POST['autocomplete'];

  233. $Options['StyleAdditions']     = $_POST['style_additions'] ?? [];

  234. 

  235. if (isset($LoggedUser['DisableFreeTorrentTop10'])) {

  236.     $Options['DisableFreeTorrentTop10'] = $LoggedUser['DisableFreeTorrentTop10'];

  237. }

  238. 

  239. if (!empty($_POST['sorthide'])) {

  240.     $JSON = json_decode($_POST['sorthide']);

  241.     foreach ($JSON as $J) {

  242.         $E = explode('_', $J);

  243.         $Options['SortHide'][$E[0]] = $E[1];

  244.     }

  245. } else {

  246.     $Options['SortHide'] = [];

  247. }

  248. 

  249. if (check_perms('site_advanced_search')) {

  250.     $Options['SearchType'] = $_POST['searchtype'];

  251. } else {

  252.     unset($Options['SearchType']);

  253. }

  254. 

  255. // todo: Remove the following after a significant amount of time

  256. unset($Options['ArtistNoRedirect']);

  257. unset($Options['ShowQueryList']);

  258. unset($Options['ShowCacheList']);

  259. 

  260. $UnseededAlerts = isset($_POST['unseededalerts']) ? 1 : 0;

  261. Donations::update_rewards($UserID);

  262. NotificationsManager::save_settings($UserID);

  263. 

  264. // Begin Badge settings

  265. if (!empty($_POST['badges'])) {

  266.     $BadgeIDs = array_slice($_POST['badges'], 0, 5);

  267. } else {

  268.     $BadgeIDs = [];

  269. }

  270. 

  271. $NewBadges = [];

  272. $BadgesChanged = false;

  273. $Badges = Users::user_info($UserID)['Badges'];

  274. 

  275. foreach ($Badges as $BadgeID => $OldDisplayed) {

  276.     if (in_array($BadgeID, $BadgeIDs)) { // Is the current badge in the list of badges the user wants to display?

  277.         $Displayed = true;

  278.         $DisplayedBadgeIDs[] = $BadgeID;

  279. 

  280.         if ($OldDisplayed == 0) { // The user wants to display a badge that wasn't displayed before

  281.             $BadgesChanged = true;

  282.         }

  283.     } else { // The user no longer wants to display a badge that was displayed before

  284.         $Displayed = false;

  285.         $BadgesChanged = true;

  286.     }

  287.     $NewBadges[$BadgeID] = $Displayed?'1':'0';

  288. }

  289. // End Badge settings

  290. 

  291. $Cache->begin_transaction("user_info_$UserID");

  292. $Cache->update_row(false, [

  293.   'Avatar' => display_str($_POST['avatar']),

  294.     'Paranoia' => $Paranoia,

  295.     'Badges' => $NewBadges

  296. ]);

  297. $Cache->commit_transaction(0);

  298. 

  299. $Cache->begin_transaction("user_info_heavy_$UserID");

  300. $Cache->update_row(false, [

  301.   'StyleID' => $_POST['stylesheet'],

  302.   'StyleURL' => display_str($_POST['styleurl'])

  303. ]);

  304. $Cache->update_row(false, $Options);

  305. $Cache->commit_transaction(0);

  306. 

  307. $SQL = "

  308.   UPDATE users_main AS m

  309.     JOIN users_info AS i ON m.ID = i.UserID

  310.   SET

  311.     i.StyleID = '".db_string($_POST['stylesheet'])."',

  312.     i.StyleURL = '".db_string($_POST['styleurl'])."',

  313.     i.Avatar = '".db_string($_POST['avatar'])."',

  314.     i.SiteOptions = '".db_string(json_encode($Options))."',

  315.     i.NotifyOnQuote = '".db_string($Options['NotifyOnQuote'])."',

  316.     i.Info = '".db_string($_POST['info'])."',

  317.     i.InfoTitle = '".db_string($_POST['profile_title'])."',

  318.     i.UnseededAlerts = '$UnseededAlerts',

  319.     m.Email = '".Crypto::encrypt($_POST['email'])."',

  320.     m.IRCKey = '".db_string($_POST['irckey'])."',

  321.     m.Paranoia = '".db_string(json_encode($Paranoia))."'";

  322. 

  323. if ($ResetPassword) {

  324.     $ChangerIP = Crypto::encrypt($LoggedUser['IP']);

  325.     $PassHash = Users::make_sec_hash($_POST['new_pass_1']);

  326.     $SQL.= ",m.PassHash = '".db_string($PassHash)."'";

  327. 

  328.     $DB->query("

  329.       INSERT INTO users_history_passwords

  330.         (UserID, ChangerIP, ChangeTime)

  331.       VALUES

  332.         (?, ?, NOW())", $UserID, $ChangerIP);

  333. }

  334. 

  335. if (isset($_POST['resetpasskey'])) {

  336.     $UserInfo = Users::user_heavy_info($UserID);

  337.     $OldPassKey = $UserInfo['torrent_pass'];

  338.     $NewPassKey = Users::make_secret();

  339.     $ChangerIP = Crypto::encrypt($LoggedUser['IP']);

  340.     $SQL .= ",m.torrent_pass = '$NewPassKey'";

  341. 

  342.     $DB->query(

  343.         "

  344.       INSERT INTO users_history_passkeys

  345.         (UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime)

  346.       VALUES

  347.         (?, ?, ?, ?, NOW())",

  348.         $USerID,

  349.         $OldPassKey,

  350.         $NewPassKey,

  351.         $ChangerIP

  352.     );

  353. 

  354.     $Cache->begin_transaction("user_info_heavy_$UserID");

  355.     $Cache->update_row(false, ['torrent_pass' => $NewPassKey]);

  356.     $Cache->commit_transaction(0);

  357.     $Cache->delete_value("user_$OldPassKey");

  358.     Tracker::update_tracker('change_passkey', ['oldpasskey' => $OldPassKey, 'newpasskey' => $NewPassKey]);

  359. }

  360. 

  361. $SQL .= "WHERE m.ID = '".db_string($UserID)."'";

  362. $DB->query($SQL);

  363. 

  364. if ($BadgesChanged) {

  365.     $DB->query("

  366.       UPDATE users_badges

  367.       SET Displayed = 0

  368.       WHERE UserID = ?", $UserID);

  369. 

  370.     if (!empty($BadgeIDs)) {

  371.         $DB->query("

  372.           UPDATE users_badges

  373.           SET Displayed = 1

  374.           WHERE UserID = $UserID

  375.             AND BadgeID IN (".db_string(implode(',', $BadgeIDs)).")");

  376.     }

  377. }

  378. 

  379. if ($ResetPassword) {

  380.     logout_all_sessions();

  381. }

  382. 

  383. header("Location: user.php?action=edit&userid=$UserID");