From 40b341cb621f7e337c3a864083e45b9378662a8b Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Mon, 17 Jun 2024 20:50:08 +0700
Subject: [PATCH] Fixed seed bonus accrual (#1518)

* Fixed seed bonus accrual

* Update CHANGELOG.md

* Updated
---
 CHANGELOG.md                                 | 1 +
 common.php                                   | 5 +++++
 install/sql/mysql.sql                        | 2 +-
 library/includes/cron/jobs/tr_seed_bonus.php | 9 ++++++++-
 library/includes/init_bb.php                 | 2 +-
 modcp.php                                    | 4 ++--
 search.php                                   | 2 +-
 src/Legacy/Common/User.php                   | 9 +++++----
 styles/templates/admin/admin_board.tpl       | 5 +++--
 tracker.php                                  | 2 +-
 10 files changed, 28 insertions(+), 13 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b6cf340ad..8267462a1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
 **Merged pull requests:**
 
 - Release 2.4.4 🦩 ([belomaxorka](https://github.com/belomaxorka))
+- Fixed seed bonus accrual [\#1518](https://github.com/torrentpier/torrentpier/pull/1518) ([belomaxorka](https://github.com/belomaxorka))
 - [BETA] Added emoji support 😄😁 [\#1514](https://github.com/torrentpier/torrentpier/pull/1514) ([belomaxorka](https://github.com/belomaxorka))
 - Resize avatar image if too large 🌆 [\#1512](https://github.com/torrentpier/torrentpier/pull/1512) ([belomaxorka](https://github.com/belomaxorka))
 - Increased PASSWORD_MAX_LENGTH [\#1510](https://github.com/torrentpier/torrentpier/pull/1510) ([belomaxorka](https://github.com/belomaxorka))
diff --git a/common.php b/common.php
index 0e7bd04af..5c2c135f2 100644
--- a/common.php
+++ b/common.php
@@ -245,6 +245,11 @@ function mkdir_rec($path, $mode): bool
     return mkdir_rec(dirname($path), $mode) && mkdir($path, $mode);
 }
 
+function verify_id($id, $length): bool
+{
+    return (is_string($id) && preg_match('#^[a-zA-Z0-9]{' . $length . '}$#', $id));
+}
+
 function clean_filename($fname)
 {
     static $s = ['\\', '/', ':', '*', '?', '"', '<', '>', '|', ' '];
diff --git a/install/sql/mysql.sql b/install/sql/mysql.sql
index 7f7bf2361..df99ec3d7 100644
--- a/install/sql/mysql.sql
+++ b/install/sql/mysql.sql
@@ -637,7 +637,7 @@ VALUES ('1', 'Attach maintenance', 'attach_maintenance.php', 'daily', '', '05:00
         '0', '0', '0'),
        ('1', 'Tracker cleanup and dlstat', 'tr_cleanup_and_dlstat.php', 'interval', '', '', '20', '', '', '00:15:00',
         '0', '', '0', '0', '0'),
-       ('1', 'Accrual seedbonus', 'tr_seed_bonus.php', 'interval', '', '', '25', '', '', '00:15:00', '0', '', '0', '0',
+       ('1', 'Accrual seedbonus', 'tr_seed_bonus.php', 'interval', '', '', '25', '', '', '00:10:00', '0', '', '0', '0',
         '0'),
        ('1', 'Make tracker snapshot', 'tr_make_snapshot.php', 'interval', '', '', '10', '', '', '00:10:00', '0', '',
         '0',
diff --git a/library/includes/cron/jobs/tr_seed_bonus.php b/library/includes/cron/jobs/tr_seed_bonus.php
index 27224a27e..d3d7b0311 100644
--- a/library/includes/cron/jobs/tr_seed_bonus.php
+++ b/library/includes/cron/jobs/tr_seed_bonus.php
@@ -35,12 +35,19 @@ if ($bb_cfg['seed_bonus_enabled'] && $bb_cfg['seed_bonus_points'] && $bb_cfg['se
     $seed_bonus = unserialize($bb_cfg['seed_bonus_points']);
     $seed_release = unserialize($bb_cfg['seed_bonus_release']);
 
+    $sql = "SELECT last_run
+		FROM " . BB_CRON . "
+		WHERE cron_script = '" . basename(__FILE__) . "'
+		LIMIT 1";
+    $cron_runs = DB()->fetch_row($sql);
+    $cron_job_last_run = (TIMENOW - strtotime($cron_runs['last_run']));
+
     foreach ($seed_bonus as $i => $points) {
         if (!$points || !$seed_release[$i]) {
             continue;
         }
 
-        $user_points = ((float)$points / 4);
+        $user_points = ($cron_job_last_run < 3600) ? round((float)$points * ($cron_job_last_run / 3600), 2) : 0;
         $release = (int)$seed_release[$i];
         $user_regdate = (TIMENOW - $bb_cfg['seed_bonus_user_regdate'] * 86400);
 
diff --git a/library/includes/init_bb.php b/library/includes/init_bb.php
index 47e4a01ff..d55fabdf6 100644
--- a/library/includes/init_bb.php
+++ b/library/includes/init_bb.php
@@ -282,7 +282,7 @@ define('SID_LENGTH', 20);
 define('LOGIN_KEY_LENGTH', 32);
 define('USERNAME_MIN_LENGTH', 3);
 define('USERNAME_MAX_LENGTH', 30);
-define('USEREMAIL_MAX_LENGTH', 50);
+define('USEREMAIL_MAX_LENGTH', 80);
 define('PASSWORD_MIN_LENGTH', 8);
 define('PASSWORD_MAX_LENGTH', 128);
 
diff --git a/modcp.php b/modcp.php
index cea7e9f73..35f9a9e37 100644
--- a/modcp.php
+++ b/modcp.php
@@ -555,6 +555,7 @@ switch ($mode) {
                     $post_id = $postrow[$i]['post_id'];
                     $poster_id = $postrow[$i]['poster_id'];
                     $poster = $postrow[$i]['username'];
+                    $poster_rank = $postrow[$i]['user_rank'];
 
                     $post_date = bb_date($postrow[$i]['post_time'], $bb_cfg['post_date_format']);
 
@@ -567,10 +568,9 @@ switch ($mode) {
                     $message = bbcode2html($message);
 
                     $row_class = !($i % 2) ? 'row1' : 'row2';
-
                     $template->assign_block_vars('postrow', [
                         'ROW_CLASS' => $row_class,
-                        'POSTER_NAME' => profile_url(['username' => $poster, 'user_id' => $poster_id, 'user_rank' => $postrow[$i]['user_rank']]),
+                        'POSTER_NAME' => profile_url(['username' => $poster, 'user_id' => $poster_id, 'user_rank' => $poster_rank]),
                         'POST_DATE' => $post_date,
                         'MESSAGE' => $message,
                         'CHECKBOX' => defined('BEGIN_CHECKBOX'),
diff --git a/search.php b/search.php
index ec939657c..9dbea3532 100644
--- a/search.php
+++ b/search.php
@@ -85,7 +85,7 @@ $url = basename(__FILE__);
 $anon_id = GUEST_UID;
 $user_id = $userdata['user_id'];
 $lastvisit = IS_GUEST ? TIMENOW : $userdata['user_lastvisit'];
-$search_id = (isset($_GET['id']) && is_string($_GET['id'])) ? $_GET['id'] : '';
+$search_id = (isset($_GET['id']) && verify_id($_GET['id'], SEARCH_ID_LENGTH)) ? $_GET['id'] : '';
 $session_id = $userdata['session_id'];
 
 $items_found = $items_display = $previous_settings = null;
diff --git a/src/Legacy/Common/User.php b/src/Legacy/Common/User.php
index dd72c016b..ac5ed2ac1 100644
--- a/src/Legacy/Common/User.php
+++ b/src/Legacy/Common/User.php
@@ -188,7 +188,7 @@ class User
 
             if ($userdata = get_userdata((int)$user_id, false, true)) {
                 if ($userdata['user_id'] != GUEST_UID && $userdata['user_active']) {
-                    if (is_string($this->sessiondata['uk']) && $this->verify_autologin_id($userdata, true, false)) {
+                    if (verify_id($this->sessiondata['uk'], LOGIN_KEY_LENGTH) && $this->verify_autologin_id($userdata, true, false)) {
                         $login = ($userdata['autologin_id'] && $this->sessiondata['uk'] === $userdata['autologin_id']);
                     }
                 }
@@ -452,7 +452,7 @@ class User
         $sd_resv = !empty($_COOKIE[COOKIE_DATA]) ? unserialize($_COOKIE[COOKIE_DATA], ['allowed_classes' => false]) : [];
 
         // autologin_id
-        if (!empty($sd_resv['uk']) && is_string($sd_resv['uk'])) {
+        if (!empty($sd_resv['uk']) && verify_id($sd_resv['uk'], LOGIN_KEY_LENGTH)) {
             $this->sessiondata['uk'] = $sd_resv['uk'];
         }
         // user_id
@@ -460,7 +460,7 @@ class User
             $this->sessiondata['uid'] = (int)$sd_resv['uid'];
         }
         // sid
-        if (!empty($sd_resv['sid']) && is_string($sd_resv['sid'])) {
+        if (!empty($sd_resv['sid']) && verify_id($sd_resv['sid'], SID_LENGTH)) {
             $this->sessiondata['sid'] = $sd_resv['sid'];
         }
     }
@@ -517,7 +517,7 @@ class User
             }
         }
 
-        return is_string($autologin_id);
+        return verify_id($autologin_id, LOGIN_KEY_LENGTH);
     }
 
     /**
@@ -527,6 +527,7 @@ class User
      * @param bool $create_new
      *
      * @return string
+     * @throws \Exception
      */
     public function create_autologin_id(array $userdata, bool $create_new = true): string
     {
diff --git a/styles/templates/admin/admin_board.tpl b/styles/templates/admin/admin_board.tpl
index 92188f4dd..97e297b46 100644
--- a/styles/templates/admin/admin_board.tpl
+++ b/styles/templates/admin/admin_board.tpl
@@ -307,6 +307,7 @@
 <tr class="row3 med">
 	<td class="bold tCenter warnColor1" colspan="2">{L_SEED_BONUS_WARNING}</td>
 </tr>
+<tbody class="seed_bonus"></tbody>
 <!-- BEGIN seed_bonus -->
 <tr id="seed_bonus_{seed_bonus.RELEASE}">
 	<td>{L_SEED_BONUS_ADD}</td>
@@ -327,7 +328,7 @@
 		<input onclick="$('#seed_bonus').remove();" class="post" type="button" size="2" value="-" />
 	</td>
 </tr>
-<tbody class="seed_bonus"></tbody>
+<tr class="row3 med"><td colspan="2"></td></tr>
 <tr class="row3 med"><td colspan="2"></td></tr>
 <tr>
 	<td>{L_SEED_BONUS_TOR_SIZE}</td>
@@ -340,6 +341,7 @@
 <tr class="row3 med">
 	<td class="bold tCenter" colspan="2">{L_SEED_BONUS_EXCHANGE}</td>
 </tr>
+<tbody class="bonus_upload"></tbody>
 <!-- BEGIN bonus_upload -->
 <tr id="bonus_upload_{bonus_upload.UP}">
 	<td><h4>{L_SEED_BONUS_ROPORTION}</h4><h6></h6></td>
@@ -360,7 +362,6 @@
 		<input onclick="$('#bonus_upload').remove();" class="post" type="button" size="2" value="-" />
 	</td>
 </tr>
-<tbody class="bonus_upload"></tbody>
 <tr class="row3 med"><td colspan="2"></td></tr>
 <!-- ENDIF / CONFIG_MODS -->
 <tr>
diff --git a/tracker.php b/tracker.php
index 3a90ed43e..9943764d5 100644
--- a/tracker.php
+++ b/tracker.php
@@ -43,7 +43,7 @@ $start = isset($_REQUEST['start']) ? abs((int)$_REQUEST['start']) : 0;
 $set_default = isset($_GET['def']);
 $user_id = $userdata['user_id'];
 $lastvisit = (!IS_GUEST) ? $userdata['user_lastvisit'] : '';
-$search_id = (isset($_GET['search_id']) && is_string($_GET['search_id'])) ? $_GET['search_id'] : '';
+$search_id = (isset($_GET['search_id']) && verify_id($_GET['search_id'], SEARCH_ID_LENGTH)) ? $_GET['search_id'] : '';
 $session_id = $userdata['session_id'];
 
 $status = (isset($_POST['status']) && is_array($_POST['status'])) ? $_POST['status'] : [];