Home Explore Help
Register Sign In
biotorrents
/
Gazelle
forked from Oppaitime/Gazelle
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 2 Wiki Activity
BioTorrents.de’s version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
699 Commits
2 Branches
Tree: b9f44e087b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b9f44e087b'
${ noResults }
Gazelle/classes/autoenable.class.php

autoenable.class.php 14KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382 
  1. <?php

  2. 

  3. # todo: Check strict equality gently

  4. class AutoEnable

  5. {

  6.     // Constants for database values

  7.     const APPROVED = 1;

  8.     const DENIED = 2;

  9.     const DISCARDED = 3;

  10. 

  11.     // Cache key to store the number of enable requests

  12.     const CACHE_KEY_NAME = 'num_enable_requests';

  13. 

  14.     // The default request rejected message

  15.     const REJECTED_MESSAGE = "Your request to re-enable your account has been rejected.<br /><br />This may be because a request is already pending for your username, or because a recent request was denied.<br /><br />You are encouraged to discuss this with staff by visiting %s on %s";

  16. 

  17.     // The default request received message

  18.     const RECEIVED_MESSAGE = "Your request to re-enable your account has been received. Most requests are responded to within minutes. Remember to check your spam.<br /><br />If you do not receive an email after 48 hours have passed, please visit us on IRC for assistance.";

  19. 

  20.     /**

  21.      * Handle a new enable request

  22.      *

  23.      * @param string $Username The user's username

  24.      * @param string $Email The user's email address

  25.      * @return string The output

  26.      */

  27.     public static function new_request($Username, $Email)

  28.     {

  29.         if (empty($Username)) {

  30.             header("Location: login.php");

  31.             die();

  32.         }

  33. 

  34.         // Get the user's ID

  35.         G::$DB->query("

  36.         SELECT um.ID, ui.BanReason

  37.         FROM users_main AS um

  38.           JOIN users_info ui ON ui.UserID = um.ID

  39.           WHERE um.Username = '$Username'

  40.           AND um.Enabled = '2'");

  41. 

  42.         if (G::$DB->has_results()) {

  43.             // Make sure the user can make another request

  44.             list($UserID, $BanReason) = G::$DB->next_record();

  45.             G::$DB->query("

  46.             SELECT 1 FROM users_enable_requests

  47.             WHERE UserID = '$UserID'

  48.               AND (

  49.                 (

  50.                   Timestamp > NOW() - INTERVAL 1 WEEK

  51.                   AND HandledTimestamp IS NULL

  52.                 )

  53.                 OR

  54.                 (

  55.                   Timestamp > NOW() - INTERVAL 2 MONTH

  56.                   AND

  57.                   Outcome = '".self::DENIED."'

  58.                 )

  59.             )");

  60.         }

  61. 

  62.         $IP = $_SERVER['REMOTE_ADDR'];

  63. 

  64.         if (G::$DB->has_results() || !isset($UserID)) {

  65.             // User already has/had a pending activation request or username is invalid

  66.             $Output = sprintf(self::REJECTED_MESSAGE, BOT_DISABLED_CHAN, BOT_SERVER);

  67.             if (isset($UserID)) {

  68.                 Tools::update_user_notes($UserID, sqltime() . " - Enable request rejected from $IP\n\n");

  69.             }

  70.         } else {

  71.             // New disable activation request

  72.             $UserAgent = db_string($_SERVER['HTTP_USER_AGENT']);

  73. 

  74.             G::$DB->query(

  75.                 "

  76.                 INSERT INTO users_enable_requests

  77.                 (UserID, Email, IP, UserAgent, Timestamp)

  78.                 VALUES (?, ?, ?, ?, NOW())",

  79.                 $UserID,

  80.                 Crypto::encrypt($Email),

  81.                 Crypto::encrypt($IP),

  82.                 $UserAgent

  83.             );

  84.             $RequestID = G::$DB->inserted_id();

  85. 

  86.             // Cache the number of requests for the modbar

  87.             G::$Cache->increment_value(self::CACHE_KEY_NAME);

  88.             setcookie('username', '', time() - 60 * 60, '/', '', false);

  89.             $Output = self::RECEIVED_MESSAGE;

  90.             Tools::update_user_notes($UserID, sqltime() . " - Enable request " . G::$DB->inserted_id() . " received from $IP\n\n");

  91.             if ($BanReason == 3) {

  92.                 //self::handle_requests([$RequestID], self::APPROVED, "Automatically approved (inactivity)");

  93.             }

  94.         }

  95.         return $Output;

  96.     }

  97. 

  98.     /*

  99.      * Handle requests

  100.      *

  101.      * @param int|int[] $IDs An array of IDs, or a single ID

  102.      * @param int $Status The status to mark the requests as

  103.      * @param string $Comment The staff member comment

  104.      */

  105.     public static function handle_requests($IDs, $Status, $Comment)

  106.     {

  107.         if ($Status != self::APPROVED && $Status != self::DENIED && $Status != self::DISCARDED) {

  108.             error(404);

  109.         }

  110. 

  111.         $UserInfo = [];

  112.         $IDs = (!is_array($IDs)) ? [$IDs] : $IDs;

  113. 

  114.         if (count($IDs) == 0) {

  115.             error(404);

  116.         }

  117. 

  118.         foreach ($IDs as $ID) {

  119.             if (!is_number($ID)) {

  120.                 error(404);

  121.             }

  122.         }

  123. 

  124.         G::$DB->query("SELECT Email, ID, UserID

  125.                 FROM users_enable_requests

  126.                 WHERE ID IN (".implode(',', $IDs).")

  127.                     AND Outcome IS NULL");

  128.         $Results = G::$DB->to_array(false, MYSQLI_NUM);

  129. 

  130.         if ($Status != self::DISCARDED) {

  131.             // Prepare email

  132.             require_once(SERVER_ROOT . '/classes/templates.class.php');

  133.             $TPL = new TEMPLATE;

  134. 

  135.             if ($Status == self::APPROVED) {

  136.                 $TPL->open(SERVER_ROOT . '/templates/enable_request_accepted.tpl');

  137.                 $TPL->set('SITE_DOMAIN', SITE_DOMAIN);

  138.             } else {

  139.                 $TPL->open(SERVER_ROOT . '/templates/enable_request_denied.tpl');

  140.             }

  141. 

  142.             $TPL->set('SITE_NAME', SITE_NAME);

  143. 

  144.             foreach ($Results as $Result) {

  145.                 list($Email, $ID, $UserID) = $Result;

  146.                 $Email = Crypto::decrypt($Email);

  147.                 $UserInfo[] = array($ID, $UserID);

  148. 

  149.                 if ($Status == self::APPROVED) {

  150.                     // Generate token

  151.                     $Token = db_string(Users::make_secret());

  152.                     G::$DB->query("

  153.                         UPDATE users_enable_requests

  154.                         SET Token = ?

  155.                         WHERE ID = ?", $Token, $ID);

  156.                     $TPL->set('TOKEN', $Token);

  157.                 }

  158. 

  159.                 // Send email

  160.                 $Subject = "Your enable request for " . SITE_NAME . " has been ";

  161.                 $Subject .= ($Status == self::APPROVED) ? 'approved' : 'denied';

  162. 

  163.                 Misc::send_email($Email, $Subject, $TPL->get(), 'noreply');

  164.             }

  165.         } else {

  166.             foreach ($Results as $Result) {

  167.                 list(, $ID, $UserID) = $Result;

  168.                 $UserInfo[] = array($ID, $UserID);

  169.             }

  170.         }

  171. 

  172.         // User notes stuff

  173.         $StaffID = G::$LoggedUser['ID'] ?? 0;

  174.         G::$DB->query("

  175.         SELECT Username

  176.         FROM users_main

  177.           WHERE ID = ?", $StaffID);

  178.         if (G::$DB->has_results()) {

  179.             list($StaffUser) = G::$DB->next_record();

  180.         } else {

  181.             $StaffUser = "System";

  182.             $StaffID = 0;

  183.         }

  184. 

  185.         foreach ($UserInfo as $User) {

  186.             list($ID, $UserID) = $User;

  187.             $BaseComment = sqltime() . " - Enable request $ID " . strtolower(self::get_outcome_string($Status)) . ' by [user]'.$StaffUser.'[/user]';

  188.             $BaseComment .= (!empty($Comment)) ? "\nReason: $Comment\n\n" : "\n\n";

  189.             Tools::update_user_notes($UserID, $BaseComment);

  190.         }

  191. 

  192.         // Update database values and decrement cache

  193.         G::$DB->query("

  194.         UPDATE users_enable_requests

  195.         SET HandledTimestamp = NOW(),

  196.           CheckedBy = ?,

  197.           Outcome = ?

  198.           WHERE ID IN (".implode(',', $IDs).")", $StaffID, $Status);

  199.         G::$Cache->decrement_value(self::CACHE_KEY_NAME, count($IDs));

  200.     }

  201. 

  202.     /**

  203.      * Unresolve a discarded request

  204.      *

  205.      * @param int $ID The request ID

  206.      */

  207.     public static function unresolve_request($ID)

  208.     {

  209.         $ID = (int) $ID;

  210. 

  211.         if (empty($ID)) {

  212.             error(404);

  213.         }

  214. 

  215.         G::$DB->query("

  216.         SELECT UserID

  217.         FROM users_enable_requests

  218.           WHERE Outcome = '" . self::DISCARDED . "'

  219.           AND ID = '$ID'");

  220. 

  221.         if (!G::$DB->has_results()) {

  222.             error(404);

  223.         } else {

  224.             list($UserID) = G::$DB->next_record();

  225.         }

  226. 

  227.         G::$DB->query("

  228.         SELECT Username

  229.         FROM users_main

  230.           WHERE ID = '" . G::$LoggedUser['ID'] . "'");

  231.         list($StaffUser) = G::$DB->next_record();

  232. 

  233.         Tools::update_user_notes($UserID, sqltime() . " - Enable request $ID unresolved by [user]" . $StaffUser . '[/user]' . "\n\n");

  234.         G::$DB->query("

  235.         UPDATE users_enable_requests

  236.         SET Outcome = NULL, HandledTimestamp = NULL, CheckedBy = NULL

  237.           WHERE ID = '$ID'");

  238.         G::$Cache->increment_value(self::CACHE_KEY_NAME);

  239.     }

  240. 

  241.     /**

  242.      * Get the corresponding outcome string for a numerical value

  243.      *

  244.      * @param int $Outcome The outcome integer

  245.      * @return string The formatted output string

  246.      */

  247.     public static function get_outcome_string($Outcome)

  248.     {

  249.         if ($Outcome == self::APPROVED) {

  250.             $String = "Approved";

  251.         } elseif ($Outcome == self::DENIED) {

  252.             $String = "Rejected";

  253.         } elseif ($Outcome == self::DISCARDED) {

  254.             $String = "Discarded";

  255.         } else {

  256.             $String = "---";

  257.         }

  258. 

  259.         return $String;

  260.     }

  261. 

  262.     /**

  263.      * Handle a user's request to enable an account

  264.      *

  265.      * @param string $Token The token

  266.      * @return string The error output, or an empty string

  267.      */

  268.     public static function handle_token($Token)

  269.     {

  270.         $Token = db_string($Token);

  271.         G::$DB->query("

  272.         SELECT uer.UserID, uer.HandledTimestamp, um.torrent_pass, um.Visible, um.IP

  273.         FROM users_enable_requests AS uer

  274.           LEFT JOIN users_main AS um ON uer.UserID = um.ID

  275.           WHERE Token = '$Token'");

  276. 

  277.         if (G::$DB->has_results()) {

  278.             list($UserID, $Timestamp, $TorrentPass, $Visible, $IP) = G::$DB->next_record();

  279.             G::$DB->query("UPDATE users_enable_requests SET Token = NULL WHERE Token = '$Token'");

  280.             if ($Timestamp < time_minus(3600 * 48)) {

  281.                 // Old request

  282.                 Tools::update_user_notes($UserID, sqltime() . " - Tried to use an expired enable token from ".$_SERVER['REMOTE_ADDR']."\n\n");

  283.                 $Err = "Token has expired. Please visit ".BOT_DISABLED_CHAN." on ".BOT_SERVER." to discuss this with staff.";

  284.             } else {

  285.                 // Good request, decrement cache value and enable account

  286.                 G::$Cache->decrement_value(AutoEnable::CACHE_KEY_NAME);

  287.                 $VisibleTrIP = ($Visible && Crypto::decrypt($IP) != '127.0.0.1') ? '1' : '0';

  288.                 Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $TorrentPass, 'visible' => $VisibleTrIP));

  289.                 G::$DB->query("UPDATE users_main SET Enabled = '1', can_leech = '1' WHERE ID = '$UserID'");

  290.                 G::$DB->query("UPDATE users_info SET BanReason = '0' WHERE UserID = '$UserID'");

  291.                 G::$Cache->delete_value('user_info_'.$UserID);

  292.                 $Err = "Your account has been enabled. You may now log in.";

  293.             }

  294.         } else {

  295.             $Err = "Invalid token.";

  296.         }

  297.         return $Err;

  298.     }

  299. 

  300.     /**

  301.      * Build the search query, from the searchbox inputs

  302.      *

  303.      * @param int $UserID The user ID

  304.      * @param string $IP The IP

  305.      * @param string $SubmittedTimestamp The timestamp representing when the request was submitted

  306.      * @param int $HandledUserID The ID of the user that handled the request

  307.      * @param string $HandledTimestamp The timestamp representing when the request was handled

  308.      * @param int $OutcomeSearch The outcome of the request

  309.      * @param boolean $Checked Should checked requests be included?

  310.      * @return array The WHERE conditions for the query

  311.      */

  312.     public static function build_search_query($Username, $IP, $SubmittedBetween, $SubmittedTimestamp1, $SubmittedTimestamp2, $HandledUsername, $HandledBetween, $HandledTimestamp1, $HandledTimestamp2, $OutcomeSearch, $Checked)

  313.     {

  314.         $Where = [];

  315. 

  316.         if (!empty($Username)) {

  317.             $Where[] = "um1.Username = '$Username'";

  318.         }

  319. 

  320.         if (!empty($IP)) {

  321.             // todo: Make this work with encrypted IPs

  322.             $Where[] = "uer.IP = '$IP'";

  323.         }

  324. 

  325.         if (!empty($SubmittedTimestamp1)) {

  326.             switch ($SubmittedBetween) {

  327.                 case 'on':

  328.                     $Where[] = "DATE(uer.Timestamp) = DATE('$SubmittedTimestamp1')";

  329.                     break;

  330.                 case 'before':

  331.                     $Where[] = "DATE(uer.Timestamp) < DATE('$SubmittedTimestamp1')";

  332.                     break;

  333.                 case 'after':

  334.                     $Where[] = "DATE(uer.Timestamp) > DATE('$SubmittedTimestamp1')";

  335.                     break;

  336.                 case 'between':

  337.                     if (!empty($SubmittedTimestamp2)) {

  338.                         $Where[] = "DATE(uer.Timestamp) BETWEEN DATE('$SubmittedTimestamp1') AND DATE('$SubmittedTimestamp2')";

  339.                     }

  340.                     break;

  341.                 default:

  342.                     break;

  343.             }

  344.         }

  345. 

  346.         if (!empty($HandledTimestamp1)) {

  347.             switch ($HandledBetween) {

  348.                 case 'on':

  349.                     $Where[] = "DATE(uer.HandledTimestamp) = DATE('$HandledTimestamp1')";

  350.                     break;

  351.                 case 'before':

  352.                     $Where[] = "DATE(uer.HandledTimestamp) < DATE('$HandledTimestamp1')";

  353.                     break;

  354.                 case 'after':

  355.                     $Where[] = "DATE(uer.HandledTimestamp) > DATE('$HandledTimestamp1')";

  356.                     break;

  357.                 case 'between':

  358.                     if (!empty($HandledTimestamp2)) {

  359.                         $Where[] = "DATE(uer.HandledTimestamp) BETWEEN DATE('$HandledTimestamp1') AND DATE('$HandledTimestamp2')";

  360.                     }

  361.                     break;

  362.                 default:

  363.                     break;

  364.             }

  365.         }

  366. 

  367.         if (!empty($HandledUsername)) {

  368.             $Where[] = "um2.Username = '$HandledUsername'";

  369.         }

  370. 

  371.         if (!empty($OutcomeSearch)) {

  372.             $Where[] = "uer.Outcome = '$OutcomeSearch'";

  373.         }

  374. 

  375.         if ($Checked) {

  376.             // This is to skip the if statement in enable_requests.php

  377.             $Where[] = "(uer.Outcome IS NULL OR uer.Outcome IS NOT NULL)";

  378.         }

  379. 

  380.         return $Where;

  381.     }

  382. }