function checkSession() { global $_config; $sessionid = getSessionId(); if ($sessionid) { // session cookie exists on client machine $result = sql_query("SELECT * FROM `sessions` WHERE `sesid` = '" . $sessionid . "' AND `sesIpAddress` = '" . getHexIp($_SERVER["REMOTE_ADDR"]) . "' LIMIT 1"); // make sure session is valid and matches this IP address if (mysql_num_rows($result)) { // if session is valid $sessionData = mysql_fetch_assoc($result); sql_query("UPDATE `sessions` SET `sesLastUpdate` = NOW() WHERE `sesid` = '" . $sessionid . "' LIMIT 1;"); // update the session expiration $expiry = $sessionData["sesPersistentLogin"] ? strtotime("+9 years") : time() + $_config["sessionExpiry"]; setcookie("yGalSession", $sessionid, $expiry, "/", "." . $_config["galRoot"]); // give the user a fresh session cookie $GLOBALS["_yGalSession"] = $sessionid; return $sessionData["sesCreator"]; // session currently exists and is valid } else { return false; } // no session currently exists } else { return false; } // no session currently exists, in that there is no way of determining what the session ID would be }
// Check if the submission was updated or not, i.e. do we need to send it to // the watchers? if ($objid == 0) { $isUpdated = true; } else { $isUpdated = $_POST["fullURL"] != $objData["objImageURL"]; } $values1 = array("objTitle" => $_POST["title"], "objFolder" => $folder, "objThumbWidth" => $thumbInfo[0], "objThumbHeight" => $thumbInfo[1], "objThumbURL" => $_POST["thumbURL"], "objLastEdit!" => "NOW()", "objMature" => $filters); $values2 = array("objImageWidth" => $fullInfo[0], "objImageHeight" => $fullInfo[1], "objImageSize" => $fullSize, "objImageURL" => $_POST["fullURL"], "objPreviewWidth" => $previewInfo[0], "objPreviewHeight" => $previewInfo[1], "objPreviewURL" => $_POST["previewURL"], "objComment" => $_POST["comment"], "objEditIp" => getHexIp($_SERVER["REMOTE_ADDR"])); if ($objid == 0) { $values1["objCreator"] = $objCreator; $values1["objSubmitDate!"] = "NOW()"; sql_query("INSERT INTO `extras`" . dbValues($values1)); $objid = mysql_insert_id(); $values2["objEid"] = $objid; $values2["objSubmitIp"] = getHexIp($_SERVER["REMOTE_ADDR"]); sql_query("INSERT INTO `extExtData`" . dbValues($values2)); } else { $values2["objNumEdits"] = $objData["objNumEdits"] + 1; $values2["objNoAbuse"] = 0; sql_query("UPDATE `extras`" . dbSet($values1) . dbWhere(array("objid" => $objid))); sql_query("UPDATE `extExtData`" . dbSet($values2) . dbWhere(array("objEid" => $objid))); } if ($isUpdated && $objCreator == $_auth["useid"]) { // Notify the watchers. addUpdateToWatchers(updTypeArtExtra, $objCreator, $objid); } redirect(url("view/e" . $objid)); } } ?>
value="<?php echo isset($_SERVER["HTTP_REFERER"]) ? htmlspecialchars($_SERVER["HTTP_REFERER"]) : url("/"); ?> " /> <?php include_once INCLUDES . "comments.php"; if (isset($_POST["sendReply"])) { $noEmoticons = isset($_POST["commentNoEmoticons"]) ? 1 : 0; $noSig = isset($_POST["commentNoSig"]) ? 1 : 0; $noBBCode = isset($_POST["commentNoBBCode"]) ? 1 : 0; $comment = addslashes(substr($_POST["comment"], 0, 40000)); $title = addslashes($_POST["title"]); if ($title == "") { $title = _PM_UNTITLED; } $userIp = getHexIp($_SERVER["REMOTE_ADDR"]); sql_query("UPDATE `pms` " . "SET `pmsTotalEdits` = `pmsTotalEdits` + 1, " . "`pmsLastEdit` = NOW(), " . "`pmsEditIp` = '{$userIp}', " . "`pmsTitle` = '{$title}', " . "`pmsComment` = '{$comment}', " . "`pmsNoEmoticons` = '{$noEmoticons}', " . "`pmsNoSig` = '{$noSig}', " . "`pmsNoBBCode` = '{$noBBCode}' " . "WHERE `pmsid` = '{$pmsid}' LIMIT 1"); redirect($_POST["referer"]); } $commentDefault = $comData["pmsComment"]; $comTitle = $comData["pmsTitle"]; showComment($comData, 0, true); echo '<div class="sep header">' . _EDIT_PM . '</div>'; ?> <div class="mar_bottom"> <input class="<?php echo $_isIE ? "wide" : "notsowide"; ?> largetext" name="title" type="text" value="<?php echo htmlspecialchars($comTitle);
</div> </div> <div class="container"> <?php $_documentTitle = _JOIN; if ($_config["readOnly"]) { notice(_READONLY); echo '</div>'; return; } if ($_auth["useid"]) { notice(_ALREADY_LOGGED); echo '</div>'; return; } $result = sql_query("SELECT `useid` FROM `users`, `useExtData` WHERE `useid` = `useEid` " . "AND `useLastIp` = '" . getHexIp($_SERVER["REMOTE_ADDR"]) . "' " . "AND ( `useIsBanned` = '1' OR `useSuspendedUntil` > NOW() ) " . "LIMIT 1"); if (mysql_num_rows($result) > 0) { $banned = 1; } // does not prevent from viewing the ToS mysql_free_result($result); if (!isset($_POST["ReadTOS"])) { ?> <div class="header"><?php echo _TOS; ?> </div> <div> <?php $filename = INCLUDES . "strings/" . $_lang . "_tos.php"; if (!file_exists($filename)) {
function submitImage($objid, $fileVar, $thumbVar, &$thumbError, &$imageChanged) { global $_config, $_auth; $imageChanged = true; if ($fileVar == "" && $thumbVar == "") { $imageChanged = false; $thumbError = _SUBMIT_THUMB_REQUIRED; return false; } // Query old objLastEdit, so we can delete the old thumb and file. $sql = "SELECT `objExtension`, `objLastEdit`, `objFilename` " . "FROM `objects`, `objExtData`" . dbWhere(array("objid*" => "objEid", "objEid" => $objid)); $result = sql_query($sql); $oldData = mysql_fetch_assoc($result); // Delete the old thumbnail and file. $oldThumbFilename = applyIdToPath("files/thumbs/", $objid) . "-" . preg_replace('/[^0-9]/', "", $oldData["objLastEdit"]) . ".jpg"; $oldFilename = applyIdToPath("files/data/", $objid) . "-" . preg_replace('/[^0-9]/', "", $oldData["objLastEdit"]) . "." . $oldData["objExtension"]; /* //Do not delete old files if(file_exists($oldThumbFilename)) @unlink($oldThumbFilename); if(file_exists($oldFilename)) @unlink($oldFilename); */ // Update objLastEdit and get the new value, so we have the new objLastEdit // in $newRevisionDate and the old value in $oldData["objLastEdit"]. $sql = "UPDATE `objects`" . dbSet(array("objLastEdit!" => "NOW()")) . dbWhere(array("objid" => $objid)); sql_query($sql); $sql = "SELECT `objLastEdit` FROM `objects`" . dbWhere(array("objid" => $objid)); $result = sql_query($sql); if (mysql_num_rows($result) > 0) { $newRevisionDate = preg_replace('/[^0-9]/', "", mysql_result($result, 0)); } else { $newRevisionDate = date("YmdHis"); } // Make a thumbnail and store it to /files/thumbs/#/#####/. $thumbFilename = applyIdToPath("files/thumbs/", $objid) . "-" . $newRevisionDate . ".jpg"; list($thumbMaxWidth, $thumbMaxHeight) = preg_split('/x/', $_config["thumbResolution"]); if ($thumbVar == "") { // Automatic thumbnail generation. if ($fileVar == "" || !thumbifyImage($_FILES[$fileVar]["tmp_name"], $thumbFilename, $thumbMaxWidth, $thumbMaxHeight)) { $thumbError = _SUBMIT_THUMB_REQUIRED; return false; } } else { // Manually added thumbnail. if (!thumbifyImage($_FILES[$thumbVar]["tmp_name"], $thumbFilename, $thumbMaxWidth, $thumbMaxHeight)) { $thumbError = _SUBMIT_THUMB_ERROR; return false; } } // Gather thumbnail size information. if (file_exists($thumbFilename)) { $size = getimagesize($thumbFilename); $thumbWidth = $size[0]; $thumbHeight = $size[1]; } else { // If $thumbWidth == $thumbHeight == 0 it means there is no thumbnail. $thumbWidth = 0; $thumbHeight = 0; } // Upload the file. $imageFilename = applyIdToPath("files/data/", $objid) . "-" . $newRevisionDate; if ($fileVar != "") { uploadFile($fileVar, $imageFilename, $extension); } else { $imageChanged = false; $extension = $oldData["objExtension"]; rename($oldFilename, $imageFilename . "." . $extension); } // Gather image size information. $imageFilename .= "." . $extension; $imageFileSize = filesize($imageFilename); $imageNonResizeable = true; if ($oldData["objExtension"] == "txt") { $imageWidth = 0; $imageHeight = 0; } else { $size = getimagesize($imageFilename); $imageWidth = $size[0]; $imageHeight = $size[1]; if ($size[2] == 2 || $size[2] == 3) { $imageNonResizeable = false; } } // Make a preview image, if possible. $previewWidth = 0; $previewHeight = 0; if ($imageWidth > 0 && $imageHeight > 0 && !$imageNonResizeable) { $previewFilename = applyIdToPath("files/preview/", $objid) . "-" . $newRevisionDate . ".jpg"; $coeff = sqrt($_config["previewMaxArea"] / ($imageWidth * $imageHeight)); // Require significant size reduction, so that images wouldn't become // very blurry with just an unnoticeable size change. if ($coeff > 0.9) { $coeff = 1.0; } $previewMaxWidth = round($imageWidth * $coeff); $previewMaxHeight = round($imageHeight * $coeff); thumbifyImage($imageFilename, $previewFilename, $previewMaxWidth, $previewMaxHeight, 86); if (file_exists($previewFilename)) { $size = getimagesize($previewFilename); $previewWidth = $size[0]; $previewHeight = $size[1]; // In case we've accidentally generated a larger file of the same // resolution, throw it away (why would we need a preview file that // is larger than the original image file?) if ($imageWidth == $previewWidth && $imageHeight == $previewHeight && filesize($imageFilename) * 0.8 < filesize($previewFilename)) { $previewWidth = 0; $previewHeight = 0; unlink($previewFilename); } } } // Update the filename in the database. $objFilename = $fileVar != "" ? $_FILES[$fileVar]["name"] : $oldData["objFilename"]; $sql = "UPDATE `objects`" . dbSet(array("objLastEdit" => $newRevisionDate, "objThumbWidth" => $thumbWidth, "objThumbHeight" => $thumbHeight, "objThumbDefault" => "0")) . dbWhere(array("objid" => $objid)); sql_query($sql); $userIp = getHexIp($_SERVER["REMOTE_ADDR"]); $sql = "UPDATE `objExtData`" . dbSet(array("objImageWidth" => $imageWidth, "objImageHeight" => $imageHeight, "objImageSize" => $imageFileSize, "objPreviewWidth" => $previewWidth, "objPreviewHeight" => $previewHeight, "objExtension" => $extension, "objEditIp" => $userIp, "objFilename" => $objFilename)) . dbWhere(array("objEid" => $objid)); sql_query($sql); // Touch user's last submission time. $sql = "UPDATE `users`" . dbSet(array("useLastSubmission!" => "NOW()")) . dbWhere(array("useid" => $_auth["useid"])); sql_query($sql); return true; }
function notifyAbuser($objData, $useid) { global $_config, $reason, $action; $title = ":cancel: Notice of Violation: " . $objData["objTitle"]; if ($action == "*") { $comment = "[b]This is an automated message to inform you that your submission, [url=/view/" . $objData["objid"] . "]" . $objData["objTitle"] . "[/url] was found to be a violation of the [url=/tos/]Terms of Service[/url].[/b]\n\n" . "You have a 48 hour grace period, starting at the time this message is sent, to fix any issues with this submission. It will remain hidden to everyone but yourself during this time. " . "After the 48 hour period, it will be restored if you have fixed the issues. If you do not fix the issues, it will be deleted. Comment from the staff, including information about the issues, follows:\n\n " . "[i]" . $reason . "[/i]\n\n" . "[url=/viewedit/" . $objData["objid"] . "]Click Here[/url] to edit the submission. Also see [faq=50]\n\n" . "[b]This is an automated message. Replies will be lost.[/b]\n\n" . "If you have any questions, please read the [url=/helpdesk/faq]FAQ[/url] or contact the staff on [c=1].\n\n Regards,\n y!Gallery Administration"; } else { $actionText = $action == "+" ? "fixing the issue and restoring the submission" : "deleting the submission"; $comment = "[b]This is an automated message to inform you that your submission, " . $objData["objTitle"] . ", was found to be a violation of the [url=/tos/]Terms of Service[/url].[/b]\n\n" . "Action was taken, [b]{$actionText}.[/b] Additional comment from the staff follows:\n\n" . "[i]" . $reason . "[/i]\n\n" . "[b]This is an automated message. Replies will be lost.[/b] \n\n " . "If you have any questions please read the [url=/helpdesk/faq]FAQ[/url] or contact the staff on [c=1].\n\n Regards,\n y!Gallery Administration"; } $userIp = getHexIp($_SERVER["REMOTE_ADDR"]); sql_query("INSERT INTO `pms`" . dbValues(array("pmsObj" => 0, "pmsCreator" => $_config["adminUser"], "pmsPmUser" => $useid, "pmsSubmitDate!" => "NOW()", "pmsTitle" => $title, "pmsComment" => $comment, "pmsSubmitIp" => $userIp, "pmsEditIp" => $userIp, "pmsNoEmoticons" => 1, "pmsNoSig" => 1, "pmsNoBBCode" => 0))); $pmsid = mysql_insert_id(); addUpdate(updTypePM, $useid, $pmsid, $_config["adminUser"]); }
/** * Functions reads the POST data and adds a new comment to the database. */ function processCommentReply($objid, $objType) { global $_auth, $_config; $noEmoticons = isset($_POST["commentNoEmoticons"]) ? 1 : 0; $noSig = isset($_POST["commentNoSig"]) ? 1 : 0; $noBBCode = isset($_POST["commentNoBBCode"]) ? 1 : 0; $root_objid = $objid; $root_objType = $objType; $parent_objid = $objid; $parent_objType = $objType; if ($objType == "com") { $comResult = sql_query("SELECT `comRootObj`,`comRootObjType`,`comObj`,`comObjType` " . "FROM `comments`" . dbWhere(array("comid" => $objid))); if ($comData = mysql_fetch_row($comResult)) { $root_objid = $comData[0]; $root_objType = $comData[1]; $parent_objid = $comData[2]; $parent_objType = $comData[3]; } mysql_free_result($comResult); if ($parent_objid != $objid && $parent_objid != $root_objid) { $comResult = sql_query("SELECT `comObj`,`comObjType` " . "FROM `comments`" . dbWhere(array("comid" => $parent_objid))); if ($comData = mysql_fetch_row($comResult)) { $parent_objid = $comData[0]; $parent_objType = $comData[1]; } mysql_free_result($comResult); } } // 16000 characters maximum. $commentText = substr($_POST["comment"], 0, 16000); $userIp = getHexIp($_SERVER["REMOTE_ADDR"]); // Add the comment to the database. sql_query("INSERT INTO `comments`" . dbValues(array("comObj" => $objid, "comObjType" => $objType, "comRootObj" => $root_objid, "comRootObjType" => $root_objType, "comCreator" => $_auth["useid"], "comSubmitDate!" => "NOW()", "comComment" => $commentText, "comSubmitIp" => $userIp, "comEditIp" => $userIp, "comNoEmoticons" => $noEmoticons, "comNoSig" => $noSig, "comNoBBCode" => $noBBCode))); $comid = mysql_insert_id(); // Now let's find out who created the parent object for this comment // (that would be a user id). $parentCreator = 0; switch ($objType) { case "obj": $collab = 0; $result = sql_query("SELECT `objCreator`, `objCollab`, `objCollabConfirmed` " . "FROM `objects`, `objExtData`" . dbWhere(array("objid*" => "objEid", "objid" => $objid))); if ($data = mysql_fetch_assoc($result)) { $parentCreator = $data["objCreator"]; $collab = $data["objCollabConfirmed"] ? $data["objCollab"] : 0; // Also gather Fan-to-Artist statistics... $where = array("fanUser" => $_auth["useid"], "fanArtist" => $parentCreator); sql_where($where); if (sql_count("fans") == 0) { $where["fanNumComments"] = 1; sql_values($where); sql_insert("fans"); } else { sql_where($where); sql_values(array("fanNumComments!" => "`fanNumComments` + 1")); sql_update("fans"); } if ($collab > 0) { $where = array("fanUser" => $_auth["useid"], "fanArtist" => $collab); sql_where($where); if (sql_count("fans") == 0) { $where["fanNumComments"] = 1; sql_values($where); sql_insert("fans"); } else { sql_where($where); sql_values(array("fanNumComments!" => "`fanNumComments` + 1")); sql_update("fans"); } } } // If this submission is in user's updates, mark it as viewed // automatically. markAsRead(updTypeArt, $objid); updateSearchCache($objid); if ($collab > 0 && $collab != $_auth["useid"]) { addUpdate(updTypeComment, $collab, $comid, $_auth["useid"]); } break; case "ext": // extra objects $result = sql_query("SELECT `objCreator` FROM `extras` " . "WHERE `objid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; // If this submission is in user's updates, mark it as viewed // automatically. markAsRead(updTypeArtExtra, $objid); break; case "com": // comments $result = sql_query("SELECT `comCreator` FROM `comments` " . "WHERE `comid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; // If this comment is in user's updates, mark it as read automatically. markAsRead(updTypeComment, $objid); break; case "clu": // clubs $result = sql_query("SELECT `cluCreator` FROM `cluExtData` " . "WHERE `cluEid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; break; case "jou": // journals $result = sql_query("SELECT `jouCreator` FROM `journals` " . "WHERE `jouCreatorType` = 'use' AND `jouid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; if ($parentCreator == 0) { // Not found? Maybe that journal is actually an announcement. $result = sql_query("SELECT `jouAnnCreator` FROM `journals` " . "WHERE `jouCreatorType` = 'clu' AND `jouid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; } // If this journal/announcement is in user's updates, mark it as read // automatically. markAsRead(updTypeJournal, $objid); break; case "pol": // polls $result = sql_query("SELECT `polCreator` FROM `polls` " . "WHERE `polid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; // If this poll is in user's updates, mark it as read automatically. markAsRead(updTypeJournalPoll, $objid); break; case "new": // news // Those who posted news on the front page should not receive // comments on that news to their updates. $parentCreator = 0; break; case "use": // user pages $parentCreator = $objid; break; } // Notify the parent object's creator about the new comment on their creation. // If the creator is not the current user, of course. if ($parentCreator > 0 && $parentCreator != $_auth["useid"]) { addUpdate(updTypeComment, $parentCreator, $comid, $_auth["useid"]); } // Redirect to the same page to clean up POST variables. $focus = "#comment" . ($objType == "com" ? $objid : $comid); if (isset($_POST["refererURL"])) { if (preg_match('/\\/updates\\//', $_POST["refererURL"])) { $focus = ""; } redirect($_POST["refererURL"] . $focus); } else { redirect(url(".", array("replied" => "yes")) . $focus); } }