Part of the admin-panel expansion epic. Depends on Foundation (CSRF + layout/router). Highest operator value.
Torrents are auto-created on first announce and listed is the only visibility control — today with no UI to flip it and no way to delete a torrent.
New models
- List all torrents with swarm stats:
src/model/torrents.select.all.php → torrents_select_all(). Copy of torrents_select_listed() (src/model/torrents.select.listed.php) with the WHERE t.listed = 1 clause removed and the listed column added to the SELECT/return shape. Reuse its LEFT JOIN peers ... GROUP BY and intval() normalisation idiom.
- Toggle listed:
src/model/torrent.set.listed.php → torrent_set_listed(mysqli, settings, string $info_hash, int $listed): bool (UPDATE <prefix>torrents SET listed=? WHERE info_hash=?).
- Delete torrent + its peers:
src/model/torrent.delete.php → torrent_delete() and src/model/peers.delete.by.torrent.php → peers_delete_by_torrent(). Pattern mirrors torrents_clean() / peers_clean().
Security (critical)
info_hash arrives from the form, so it MUST pass through maybe_binary_to_hex() (src/functions/sanitize.maybe_binary_to_hex.php) before any query — the project's documented SQL-injection defense for the string-concatenated queries. Validate it is a 40-char hex string; bail via tracker_error() otherwise.
Controllers (one per file, matching admin.clean.php style)
src/controller/admin.torrents.php → admin_torrents_controller() — fetches torrents_select_all() and renders the list page.src/controller/admin.torrent.listed.php → admin_torrent_listed_action() — process=torrent_listed.src/controller/admin.torrent.delete.php → admin_torrent_delete_action() — process=torrent_delete.
View
src/views/html.admin.torrents.php → view_admin_torrents_html() — a table of torrents (name, info_hash, size, seeders/leechers, downloads, traffic) with a per-row List/Unlist toggle and Delete button (each a CSRF-protected POST form carrying info_hash). htmlspecialchars() the name.
Optional — peer drill-down
src/model/peers.select.by.torrent.php → peers_select_by_torrent(), src/controller/admin.torrent.peers.php, src/views/html.admin.torrent.peers.php to inspect a torrent's peers (IP/port/state/up/down/left/last-seen).
Tests
TorrentsSelectAllTest, TorrentSetListedTest, TorrentDeleteTest, PeersDeleteByTorrentTest (+ PeersSelectByTorrentTest if built). Seed __TEST_% rows, clean up in tearDown().
Part of the admin-panel expansion epic. Depends on Foundation (CSRF + layout/router). Highest operator value.
Torrents are auto-created on first announce and
listedis the only visibility control — today with no UI to flip it and no way to delete a torrent.New models
src/model/torrents.select.all.php→torrents_select_all(). Copy oftorrents_select_listed()(src/model/torrents.select.listed.php) with theWHERE t.listed = 1clause removed and thelistedcolumn added to the SELECT/return shape. Reuse itsLEFT JOIN peers ... GROUP BYandintval()normalisation idiom.src/model/torrent.set.listed.php→torrent_set_listed(mysqli, settings, string $info_hash, int $listed): bool(UPDATE <prefix>torrents SET listed=? WHERE info_hash=?).src/model/torrent.delete.php→torrent_delete()andsrc/model/peers.delete.by.torrent.php→peers_delete_by_torrent(). Pattern mirrorstorrents_clean()/peers_clean().Security (critical)
info_hasharrives from the form, so it MUST pass throughmaybe_binary_to_hex()(src/functions/sanitize.maybe_binary_to_hex.php) before any query — the project's documented SQL-injection defense for the string-concatenated queries. Validate it is a 40-char hex string; bail viatracker_error()otherwise.Controllers (one per file, matching
admin.clean.phpstyle)src/controller/admin.torrents.php→admin_torrents_controller()— fetchestorrents_select_all()and renders the list page.src/controller/admin.torrent.listed.php→admin_torrent_listed_action()—process=torrent_listed.src/controller/admin.torrent.delete.php→admin_torrent_delete_action()—process=torrent_delete.View
src/views/html.admin.torrents.php→view_admin_torrents_html()— a table of torrents (name, info_hash, size, seeders/leechers, downloads, traffic) with a per-row List/Unlist toggle and Delete button (each a CSRF-protected POST form carryinginfo_hash).htmlspecialchars()thename.Optional — peer drill-down
src/model/peers.select.by.torrent.php→peers_select_by_torrent(),src/controller/admin.torrent.peers.php,src/views/html.admin.torrent.peers.phpto inspect a torrent's peers (IP/port/state/up/down/left/last-seen).Tests
TorrentsSelectAllTest,TorrentSetListedTest,TorrentDeleteTest,PeersDeleteByTorrentTest(+PeersSelectByTorrentTestif built). Seed__TEST_%rows, clean up intearDown().