lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-14 20:40:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
dfaf0a9015b6e592648abac645a8577bec1b9fd9
nexusphp/public/report.php

238 lines
11 KiB
PHP
Raw Normal View History

init
2020-12-26 01:42:23 +08:00
<?php
add composer
2021-01-13 19:32:26 +08:00
require_once("../include/bittorrent.php");
init
2020-12-26 01:42:23 +08:00
dbconn();
require_once(get_langfile_path());
loggedinorreturn();
parked();
$reportofferid = $_GET["reportofferid"];
$reportrequestid = $_GET["reportrequestid"];
$user = $_GET["user"];
$commentid = $_GET["commentid"];
$torrent = $_GET["torrent"];
$forumpost = $_GET["forumpost"];
$subtitle = $_GET["subtitle"];
$takeuser = $_POST["takeuser"];
$takecommentid = $_POST["takecommentid"];
$taketorrent = $_POST["taketorrent"];
$takeforumpost = $_POST["takeforumpost"];
$takereason = $_POST["reason"];
$takereportofferid = $_POST["takereportofferid"];
$takerequestid = $_POST["takerequestid"];
$takesubtitleid = $_POST["takesubtitleid"];
function takereport($reportid, $type, $reason)
{
global $CURUSER, $lang_report, $Cache;
int_check($reportid);
// Check if takereason is set
if ($reason == ''){
stderr($lang_report['std_error'],$lang_report['std_missing_reason']);
die();
}
$res = sql_query("SELECT id FROM reports WHERE addedby = ".sqlesc($CURUSER[id])." AND reportid= ".sqlesc($reportid)." AND type = ".sqlesc($type)) or sqlerr(__FILE__,__LINE__);
if (mysql_num_rows($res) == 0)
{
$date = sqlesc(date("Y-m-d H:i:s"));
sql_query("INSERT into reports (addedby,reportid,type,reason,added) VALUES (".sqlesc($CURUSER[id]).",".sqlesc($reportid).",".sqlesc($type).", ".sqlesc(trim($reason)).",".$date.")") or sqlerr(__FILE__,__LINE__);
$Cache->delete_value('staff_report_count');
$Cache->delete_value('staff_new_report_count');
stderr($lang_report['std_message'],$lang_report['std_successfully_reported']);
die();
}
else
{
stderr($lang_report['std_error'],$lang_report['std_already_reported_this']);
die();
}
}
//////////OFFER #1 START//////////
if (isset($takereportofferid) && isset($takereason))
{
takereport($takereportofferid, 'offer', $takereason);
}
//////////OFFER #1 END//////////
//////////REQUEST #1 START//////////
elseif ((isset($takerequestid)) && (isset($takereason)))
{
takereport($takerequestid, 'request', $takereason);
}
//////////REQUEST #1 END//////////
//////////USER #1 START//////////
elseif ((isset($takeuser)) && (isset($takereason)))
{
takereport($takeuser, 'user', $takereason);
}
//////////USER #1 END//////////
//////////TORRENT #1 START//////////
elseif ((isset($taketorrent)) && (isset($takereason)))
{
takereport($taketorrent, 'torrent', $takereason);
}
//////////TORRENT #1 END//////////
//////////FORUM POST #1 START//////////
elseif ((isset($takeforumpost)) && (isset($takereason)))
{
takereport($takeforumpost, 'post', $takereason);
}
//////////FORUM #1 END//////////
//////////COMMENT #1 START//////////
elseif ((isset($takecommentid)) && (isset($takereason)))
{
takereport($takecommentid, 'comment', $takereason);
}
//////////COMMENT #1 END//////////
//////////SUBTITLE #1 START//////////
elseif ((isset($takesubtitleid)) && (isset($takereason)))
{
takereport($takesubtitleid, 'subtitle', $takereason);
}
//////////SUBTITLE #1 END//////////
//////////USER #2 START//////////
elseif (isset($user))
{
int_check($user);
if ($user == $CURUSER[id]) {
stderr($lang_report['std_sorry'],$lang_report['std_cannot_report_oneself']);
die;
}
$res = sql_query("SELECT username, class FROM users WHERE id=".sqlesc($user)) or sqlerr(__FILE__,__LINE__);
if (mysql_num_rows($res) == 0)
{
stderr($lang_report['std_error'],$lang_report['std_invalid_user_id']);
die();
}
$arr = mysql_fetch_assoc($res);
if ($arr["class"] >= $staffmem_class)
{
stderr($lang_report['std_sorry'],$lang_report['std_cannot_report'].get_user_class_name($arr["class"],false,true,true), false);
die();
}
else
{
stderr($lang_report['std_are_you_sure'], $lang_report['text_are_you_sure_user'].get_username(htmlspecialchars($user)).$lang_report['text_to_staff']."<br />".$lang_report['text_not_for_leechers']."<br />".$lang_report['text_reason_note']."<br /><form method=post action=report.php><input type=hidden name=takeuser value=\"".htmlspecialchars($user)."\">".$lang_report['text_reason_is']."<input type=text style=\"width: 200px\" name=reason><input type=submit value=\"".$lang_report['submit_confirm']."\"></form>", false);
}
}
//////////USER #2 END//////////
//////////TORRENT #2 START//////////
elseif (isset($torrent))
{
int_check($torrent);
$res = sql_query("SELECT name FROM torrents WHERE id=".sqlesc($torrent));
if (mysql_num_rows($res) == 0)
{
stderr($lang_report['std_error'],$lang_report['std_invalid_torrent_id']);
die();
}
$arr = mysql_fetch_array($res);
stderr($lang_report['std_are_you_sure'], $lang_report['text_are_you_sure_torrent']."<a href=details.php?id=".htmlspecialchars($torrent)."><b>".htmlspecialchars($arr[name])."</b></a>".$lang_report['text_to_staff']."<br />".$lang_report['text_reason_note']."<br /><form method=post action=report.php><input type=hidden name=taketorrent value=\"".htmlspecialchars($torrent)."\">".$lang_report['text_reason_is']."<input type=text style=\"width: 200px\" name=reason><input type=submit value=\"".$lang_report['submit_confirm']."\"></form>", false);
}
//////////TORRENT #2 END//////////
//////////FORUM POST #2 START//////////
elseif (isset($forumpost))
{
int_check($forumpost);
$res = sql_query("SELECT topics.id AS topicid, topics.subject AS subject, posts.userid AS postuserid FROM topics LEFT JOIN posts ON posts.topicid = topics.id WHERE posts.id=".sqlesc($forumpost));
if (mysql_num_rows($res) == 0)
{
stderr($lang_report['std_error'],$lang_report['std_invalid_post_id']);
}
$arr = mysql_fetch_array($res);
stderr($lang_report['std_are_you_sure'], $lang_report['text_are_you_sure_post'].$forumpost.$lang_report['text_of_topic']."<a href=\"forums.php?action=viewtopic&topicid=".$arr['topicid']."&page=p".htmlspecialchars($forumpost)."#".htmlspecialchars($forumpost)."\"><b>".htmlspecialchars($arr['subject'])."</b></a>".$lang_report['text_by'].get_username($arr['postuserid']).$lang_report['text_to_staff']."<br />".$lang_report['text_reason_note']."<br /><form method=post action=report.php><input type=hidden name=takeforumpost value=\"".htmlspecialchars($forumpost)."\">".$lang_report['text_reason_is']."<input type=text style=\"width: 200px\" name=reason><input type=submit value=\"".$lang_report['submit_confirm']."\"></form>", false);
}
//////////FORUM POST #2 END//////////
//////////COMMENT #2 START//////////
elseif (isset($commentid))
{
int_check($commentid);
$res = sql_query("SELECT id, user, torrent, request, offer FROM comments WHERE id=".sqlesc($commentid));
if (mysql_num_rows($res) == 0)
{
stderr($lang_report['std_error'],$lang_report['std_invalid_comment_id']);
}
$arr = mysql_fetch_array($res);
if ($arr['torrent']){ //Comment of torrent. BTW, this is shitty code!
$name = get_single_value("torrents","name","WHERE id=".sqlesc($arr['torrent']));
$url = "details.php?id=".$arr['torrent']."#".$commentid;
$of = $lang_report['text_of_torrent'];
}
elseif ($arr['offer']){ //Comment of offer
$name = get_single_value("offers","name","WHERE id=".sqlesc($arr['offer']));
$url = "offers.php?id=".$arr['offer']."&off_details=1#".$commentid;
$of = $lang_report['text_of_offer'];
}
/*elseif ($arr['request']){ //Comment of request
$name = get_single_value("requests","request","WHERE id=".sqlesc($arr['request']));
$url = "viewrequests.php?id=".$arr['request']."&req_details=1#".$commentid;
$of = $lang_report['text_of_request'];
}*/
else //Comment belongs to no one
stderr($lang_report['std_error'], $lang_report['std_orphaned_comment']);
stderr($lang_report['std_are_you_sure'], $lang_report['text_are_you_sure_comment'].$commentid.$of."<a href=\"".$url."\"><b>".htmlspecialchars($name)."</b></a>".$lang_report['text_by'].get_username($arr['user']).$lang_report['text_to_staff']."<br />".$lang_report['text_reason_note']."<br /><form method=post action=report.php><input type=hidden name=takecommentid value=\"".htmlspecialchars($commentid)."\">".$lang_report['text_reason_is']."<input type=text style=\"width: 200px\" name=reason><input type=submit value=\"".$lang_report['submit_confirm']."\"></form>", false);
}
//////////COMMENT #2 END//////////
//////////OFFER #2 START//////////
elseif (isset($reportofferid))
{
int_check($reportofferid);
$res = sql_query("SELECT id,name FROM offers WHERE id=".sqlesc($reportofferid));
if (mysql_num_rows($res) == 0)
{
stderr($lang_report['std_error'],$lang_report['std_invalid_offer_id']);
}
$arr = mysql_fetch_array($res);
stderr($lang_report['std_are_you_sure'], $lang_report['text_are_you_sure_offer']."<a href=\"offers.php?id=".$arr[id]."&off_details=1\"><b>".htmlspecialchars($arr['name'])."</b></a>".$lang_report['text_to_staff']."<br />".$lang_report['text_reason_note']."<br /><form method=post action=report.php><input type=hidden name=takereportofferid value=\"".htmlspecialchars($reportofferid)."\">".$lang_report['text_reason_is']."<input type=text style=\"width: 200px\" name=reason><input type=submit value=\"".$lang_report['submit_confirm']."\"></form>", false);
}
//////////OFFERT #2 END//////////
//////////REQUEST #2 START//////////
elseif (isset($reportrequestid))
{
int_check($reportrequestid);
$res = sql_query("SELECT id,request FROM requests WHERE id=".sqlesc($reportrequestid));
if (mysql_num_rows($res) == 0)
{
stderr($lang_report['std_error'],$lang_report['std_invalid_request_id']);
}
$arr = mysql_fetch_array($res);
stderr($lang_report['std_are_you_sure'], $lang_report['text_are_you_sure_request']."<a href=\"viewrequests.php?id=".$arr[id]."&req_details=1\"><b>".htmlspecialchars($arr['request'])."</b></a>".$lang_report['text_to_staff']."<br />".$lang_report['text_reason_note']."<br /><form method=post action=report.php><input type=hidden name=takerequestid value=\"".htmlspecialchars($reportrequestid)."\">".$lang_report['text_reason_is']."<input type=text style=\"width: 200px\" name=reason><input type=submit value=\"".$lang_report['submit_confirm']."\"></form>", false);
}
//////////REQUEST #2 END//////////
//////////SUBTITLE #2 START//////////
elseif (isset($subtitle))
{
int_check($subtitle);
$res = sql_query("SELECT id, torrent_id, title FROM subs WHERE id=".sqlesc($subtitle));
if (mysql_num_rows($res) == 0)
{
stderr($lang_report['std_error'],$lang_report['std_invalid_subtitle_id']);
}
$arr = mysql_fetch_array($res);
stderr($lang_report['std_are_you_sure'], $lang_report['text_are_you_sure_subtitle']."<a href=\"downloadsubs.php?torrentid=" . $arr['torrent_id'] ."&subid=" .$arr['id']."\"><b>".htmlspecialchars($arr['title'])."</b></a>".$lang_report['text_to_staff']."<br />".$lang_report['text_reason_note']."<br /><form method=post action=report.php><input type=hidden name=takesubtitleid value=\"".htmlspecialchars($subtitle)."\">".$lang_report['text_reason_is']."<input type=text style=\"width: 200px\" name=reason><input type=submit value=\"".$lang_report['submit_confirm']."\"></form>", false);
}
//////////SUBTITLE #2 END//////////
else // unknown action
stderr($lang_report['std_error'],$lang_report['std_invalid_action']);
?>
Reference in New Issue Copy Permalink