BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.php 14KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * Tools switch center
  5. * This page acts as a switch for the tools pages.
  6. */
  7. $ENV = ENV::go();
  8. if (isset($argv[1])) {
  9. $_REQUEST['action'] = $argv[1];
  10. } else {
  11. if (empty($_REQUEST['action']) || $_REQUEST['action'] !== 'ocelot') {
  12. // If set, do not enforce login so we can set the encryption key w/o an account
  13. if (!$ENV->FEATURE_SET_ENC_KEY_PUBLIC) {
  14. enforce_login();
  15. }
  16. }
  17. }
  18. # Error checking
  19. if (!isset($_REQUEST['action'])) {
  20. include SERVER_ROOT.'/sections/tools/tools.php';
  21. #error('Need to set an "action" parameter in sections/tools/tools.php.');
  22. }
  23. if (substr($_REQUEST['action'], 0, 12) === 'update_geoip' && !isset($argv[1])) {
  24. if (!check_perms('site_debug')) {
  25. error(403);
  26. }
  27. }
  28. if (substr($_REQUEST['action'], 0, 16) === 'rerender_gallery' && !isset($argv[1])) {
  29. if (!check_perms('site_debug')) {
  30. error(403);
  31. }
  32. }
  33. include SERVER_ROOT.'/classes/validate.class.php';
  34. $Val = new VALIDATE;
  35. include SERVER_ROOT.'/classes/feed.class.php';
  36. $Feed = new FEED;
  37. # Finally
  38. switch ($_REQUEST['action']) {
  39. /*
  40. case 'phpinfo':
  41. if (!check_perms('site_debug')) {
  42. error(403);
  43. }
  44. phpinfo();
  45. break;
  46. */
  47. // Services
  48. case 'get_host':
  49. include SERVER_ROOT.'/sections/tools/services/get_host.php';
  50. break;
  51. case 'get_cc':
  52. include SERVER_ROOT.'/sections/tools/services/get_cc.php';
  53. break;
  54. // Managers
  55. case 'forum':
  56. include SERVER_ROOT.'/sections/tools/managers/forum_list.php';
  57. break;
  58. case 'forum_alter':
  59. include SERVER_ROOT.'/sections/tools/managers/forum_alter.php';
  60. break;
  61. case 'whitelist':
  62. include SERVER_ROOT.'/sections/tools/managers/whitelist_list.php';
  63. break;
  64. case 'whitelist_alter':
  65. include SERVER_ROOT.'/sections/tools/managers/whitelist_alter.php';
  66. break;
  67. case 'enable_requests':
  68. include SERVER_ROOT.'/sections/tools/managers/enable_requests.php';
  69. break;
  70. case 'expunge_requests':
  71. include SERVER_ROOT.'/sections/tools/managers/expunge_requests.php';
  72. break;
  73. case 'ajax_take_enable_request':
  74. if (FEATURE_EMAIL_REENABLE) {
  75. include SERVER_ROOT.'/sections/tools/managers/ajax_take_enable_request.php';
  76. } else {
  77. // Prevent post requests to the ajax page
  78. header("Location: tools.php");
  79. error();
  80. }
  81. break;
  82. case 'login_watch':
  83. include SERVER_ROOT.'/sections/tools/managers/login_watch.php';
  84. break;
  85. case 'email_blacklist':
  86. include SERVER_ROOT.'/sections/tools/managers/email_blacklist.php';
  87. break;
  88. case 'email_blacklist_alter':
  89. include SERVER_ROOT.'/sections/tools/managers/email_blacklist_alter.php';
  90. break;
  91. case 'email_blacklist_search':
  92. include SERVER_ROOT.'/sections/tools/managers/email_blacklist_search.php';
  93. break;
  94. case 'editnews':
  95. case 'news':
  96. include SERVER_ROOT.'/sections/tools/managers/news.php';
  97. break;
  98. case 'edit_tags':
  99. include SERVER_ROOT.'/sections/tools/misc/tags.php';
  100. break;
  101. case 'takeeditnews':
  102. if (!check_perms('admin_manage_news')) {
  103. error(403);
  104. }
  105. if (is_number($_POST['newsid'])) {
  106. $DB->query("
  107. UPDATE news
  108. SET Title = '".db_string($_POST['title'])."',
  109. Body = '".db_string($_POST['body'])."'
  110. WHERE ID = '".db_string($_POST['newsid'])."'");
  111. $Cache->delete_value('news');
  112. $Cache->delete_value('feed_news');
  113. }
  114. header('Location: index.php');
  115. break;
  116. case 'deletenews':
  117. if (!check_perms('admin_manage_news')) {
  118. error(403);
  119. }
  120. if (is_number($_GET['id'])) {
  121. authorize();
  122. $DB->query("
  123. DELETE FROM news
  124. WHERE ID = '".db_string($_GET['id'])."'");
  125. $Cache->delete_value('news');
  126. $Cache->delete_value('feed_news');
  127. // Deleting latest news
  128. $LatestNews = $Cache->get_value('news_latest_id');
  129. if ($LatestNews !== false && $LatestNews === $_GET['id']) {
  130. $Cache->delete_value('news_latest_id');
  131. $Cache->delete_value('news_latest_title');
  132. }
  133. }
  134. header('Location: index.php');
  135. break;
  136. case 'takenewnews':
  137. if (!check_perms('admin_manage_news')) {
  138. error(403);
  139. }
  140. $DB->query("
  141. INSERT INTO news (UserID, Title, Body, Time)
  142. VALUES ('$LoggedUser[ID]', '".db_string($_POST['title'])."', '".db_string($_POST['body'])."', NOW())");
  143. $Cache->delete_value('news_latest_id');
  144. $Cache->delete_value('news_latest_title');
  145. $Cache->delete_value('news');
  146. header('Location: index.php');
  147. break;
  148. case 'tokens':
  149. include SERVER_ROOT.'/sections/tools/managers/tokens.php';
  150. break;
  151. case 'multiple_freeleech':
  152. include SERVER_ROOT.'/sections/tools/managers/multiple_freeleech.php';
  153. break;
  154. case 'ocelot':
  155. include SERVER_ROOT.'/sections/tools/managers/ocelot.php';
  156. break;
  157. case 'ocelot_info':
  158. include SERVER_ROOT.'/sections/tools/data/ocelot_info.php';
  159. break;
  160. case 'official_tags':
  161. include SERVER_ROOT.'/sections/tools/managers/official_tags.php';
  162. break;
  163. case 'freeleech':
  164. include SERVER_ROOT.'/sections/tools/managers/sitewide_freeleech.php';
  165. break;
  166. case 'tag_aliases':
  167. include SERVER_ROOT.'/sections/tools/managers/tag_aliases.php';
  168. break;
  169. case 'label_aliases':
  170. include SERVER_ROOT.'/sections/tools/managers/label_aliases.php';
  171. break;
  172. case 'global_notification':
  173. include SERVER_ROOT.'/sections/tools/managers/global_notification.php';
  174. break;
  175. case 'take_global_notification':
  176. include SERVER_ROOT.'/sections/tools/managers/take_global_notification.php';
  177. break;
  178. case 'permissions':
  179. if (!check_perms('admin_manage_permissions')) {
  180. error(403);
  181. }
  182. if (!empty($_REQUEST['id'])) {
  183. $Val->SetFields('name', true, 'string', 'You did not enter a valid name for this permission set.');
  184. $Val->SetFields('level', true, 'number', 'You did not enter a valid level for this permission set.');
  185. $Val->SetFields('maxcollages', true, 'number', 'You did not enter a valid number of personal collages.');
  186. //$Val->SetFields('test', true, 'number', 'You did not enter a valid level for this permission set.');
  187. if (is_numeric($_REQUEST['id'])) {
  188. $DB->query("
  189. SELECT p.ID, p.Name, p.Abbreviation, p.Level, p.Secondary, p.PermittedForums, p.Values, p.DisplayStaff, COUNT(u.ID)
  190. FROM permissions AS p
  191. LEFT JOIN users_main AS u ON u.PermissionID = p.ID
  192. WHERE p.ID = '".db_string($_REQUEST['id'])."'
  193. GROUP BY p.ID");
  194. list($ID, $Name, $Abbreviation, $Level, $Secondary, $Forums, $Values, $DisplayStaff, $UserCount) = $DB->next_record(MYSQLI_NUM, array(6));
  195. if ($Level > $LoggedUser['EffectiveClass'] || (isset($_REQUEST['level']) && $_REQUEST['level'] > $LoggedUser['EffectiveClass'])) {
  196. error(403);
  197. }
  198. $Values = unserialize($Values);
  199. }
  200. if (!empty($_POST['submit'])) {
  201. $Err = $Val->ValidateForm($_POST);
  202. if (!is_numeric($_REQUEST['id'])) {
  203. $DB->query("
  204. SELECT ID
  205. FROM permissions
  206. WHERE Level = '".db_string($_REQUEST['level'])."'");
  207. list($DupeCheck)=$DB->next_record();
  208. if ($DupeCheck) {
  209. $Err = 'There is already a permission class with that level.';
  210. }
  211. }
  212. $Values = [];
  213. foreach ($_REQUEST as $Key => $Perms) {
  214. if (substr($Key, 0, 5) === 'perm_') {
  215. $Values[substr($Key, 5)] = (int)$Perms;
  216. }
  217. }
  218. $Name = $_REQUEST['name'];
  219. $Level = $_REQUEST['level'];
  220. $Abbreviation = $_REQUEST['abbreviation'];
  221. $Secondary = empty($_REQUEST['secondary']) ? 0 : 1;
  222. $Forums = $_REQUEST['forums'];
  223. $DisplayStaff = isset($_REQUEST['displaystaff']) ? $_REQUEST['displaystaff']: 0;
  224. $Values['MaxCollages'] = $_REQUEST['maxcollages'];
  225. if (!$Err) {
  226. if (!is_numeric($_REQUEST['id'])) {
  227. $DB->query("
  228. INSERT INTO permissions (Level, Name, Abbreviation, Secondary, PermittedForums, `Values`, DisplayStaff)
  229. VALUES ('".db_string($Level)."',
  230. '".db_string($Name)."',
  231. '".db_string($Abbreviation)."',
  232. $Secondary,
  233. '".db_string($Forums)."',
  234. '".db_string(serialize($Values))."',
  235. '".db_string($DisplayStaff)."')");
  236. } else {
  237. $DB->query("
  238. UPDATE permissions
  239. SET Level = '".db_string($Level)."',
  240. Name = '".db_string($Name)."',
  241. Abbreviation = '".db_string($Abbreviation)."',
  242. Secondary = $Secondary,
  243. PermittedForums = '".db_string($Forums)."',
  244. `Values` = '".db_string(serialize($Values))."',
  245. DisplayStaff = '".db_string($DisplayStaff)."'
  246. WHERE ID = '".db_string($_REQUEST['id'])."'");
  247. $Cache->delete_value('perm_'.$_REQUEST['id']);
  248. if ($Secondary) {
  249. $DB->query("
  250. SELECT DISTINCT UserID
  251. FROM users_levels
  252. WHERE PermissionID = ".db_string($_REQUEST['id']));
  253. while (list($UserID) = $DB->next_record()) {
  254. $Cache->delete_value("user_info_heavy_$UserID");
  255. }
  256. }
  257. }
  258. $Cache->delete_value('classes');
  259. } else {
  260. error($Err);
  261. }
  262. }
  263. include SERVER_ROOT.'/sections/tools/managers/permissions_alter.php';
  264. } else {
  265. if (!empty($_REQUEST['removeid'])) {
  266. $DB->query("
  267. DELETE FROM permissions
  268. WHERE ID = '".db_string($_REQUEST['removeid'])."'");
  269. $DB->query("
  270. SELECT UserID
  271. FROM users_levels
  272. WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
  273. while (list($UserID) = $DB->next_record()) {
  274. $Cache->delete_value("user_info_$UserID");
  275. $Cache->delete_value("user_info_heavy_$UserID");
  276. }
  277. $DB->query("
  278. DELETE FROM users_levels
  279. WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
  280. $DB->query("
  281. SELECT ID
  282. FROM users_main
  283. WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
  284. while (list($UserID) = $DB->next_record()) {
  285. $Cache->delete_value("user_info_$UserID");
  286. $Cache->delete_value("user_info_heavy_$UserID");
  287. }
  288. $DB->query("
  289. UPDATE users_main
  290. SET PermissionID = '".USER."'
  291. WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
  292. $Cache->delete_value('classes');
  293. }
  294. include SERVER_ROOT.'/sections/tools/managers/permissions_list.php';
  295. }
  296. break;
  297. case 'ip_ban':
  298. // todo: Clean up DB table ip_bans
  299. include SERVER_ROOT.'/sections/tools/managers/bans.php';
  300. break;
  301. case 'quick_ban':
  302. include SERVER_ROOT.'/sections/tools/misc/quick_ban.php';
  303. break;
  304. // Data
  305. case 'registration_log':
  306. include SERVER_ROOT.'/sections/tools/data/registration_log.php';
  307. break;
  308. case 'donation_log':
  309. include SERVER_ROOT.'/sections/tools/finances/donation_log.php';
  310. break;
  311. case 'bitcoin_unproc':
  312. include SERVER_ROOT.'/sections/tools/finances/bitcoin_unproc.php';
  313. break;
  314. case 'bitcoin_balance':
  315. include SERVER_ROOT.'/sections/tools/finances/bitcoin_balance.php';
  316. break;
  317. case 'donor_rewards':
  318. include SERVER_ROOT.'/sections/tools/finances/donor_rewards.php';
  319. break;
  320. case 'upscale_pool':
  321. include SERVER_ROOT.'/sections/tools/data/upscale_pool.php';
  322. break;
  323. case 'invite_pool':
  324. include SERVER_ROOT.'/sections/tools/data/invite_pool.php';
  325. break;
  326. case 'torrent_stats':
  327. include SERVER_ROOT.'/sections/tools/data/torrent_stats.php';
  328. break;
  329. case 'user_flow':
  330. include SERVER_ROOT.'/sections/tools/data/user_flow.php';
  331. break;
  332. case 'economic_stats':
  333. include SERVER_ROOT.'/sections/tools/data/economic_stats.php';
  334. break;
  335. case 'service_stats':
  336. include SERVER_ROOT.'/sections/tools/development/service_stats.php';
  337. break;
  338. case 'database_specifics':
  339. include SERVER_ROOT.'/sections/tools/data/database_specifics.php';
  340. break;
  341. case 'special_users':
  342. include SERVER_ROOT.'/sections/tools/data/special_users.php';
  343. break;
  344. // END Data
  345. // Misc
  346. case 'update_geoip':
  347. include SERVER_ROOT.'/sections/tools/development/update_geoip.php';
  348. break;
  349. case 'dupe_ips':
  350. include SERVER_ROOT.'/sections/tools/misc/dupe_ip.php';
  351. break;
  352. case 'clear_cache':
  353. include SERVER_ROOT.'/sections/tools/development/clear_cache.php';
  354. break;
  355. case 'create_user':
  356. include SERVER_ROOT.'/sections/tools/misc/create_user.php';
  357. break;
  358. case 'manipulate_tree':
  359. include SERVER_ROOT.'/sections/tools/misc/manipulate_tree.php';
  360. break;
  361. case 'misc_values':
  362. include SERVER_ROOT.'/sections/tools/development/misc_values.php';
  363. break;
  364. case 'recommendations':
  365. include SERVER_ROOT.'/sections/tools/misc/recommendations.php';
  366. break;
  367. case 'analysis':
  368. include SERVER_ROOT.'/sections/tools/misc/analysis.php';
  369. break;
  370. case 'database_key':
  371. include SERVER_ROOT.'/sections/tools/misc/database_key.php';
  372. break;
  373. case 'rerender_gallery':
  374. include SERVER_ROOT.'/sections/tools/development/rerender_gallery.php';
  375. break;
  376. case 'mass_pm':
  377. include SERVER_ROOT.'/sections/tools/managers/mass_pm.php';
  378. break;
  379. case 'take_mass_pm':
  380. include SERVER_ROOT.'/sections/tools/managers/take_mass_pm.php';
  381. break;
  382. default:
  383. include SERVER_ROOT.'/sections/tools/tools.php';
  384. }