function save_profile()
{
global $user, $current_user, $db;
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id) {
return;
}
if (!check_email(cleanit($_POST['email']))) {
echo '<p class="form-error">' . _(PLIGG_Visual_Profile_BadEmail) . '</p>';
} else {
$user->email = cleanit($_POST['email']);
}
$user->url = cleanit($_POST['url']);
$user->public_email = cleanit($_POST['public_email']);
$user->location = cleanit($_POST['location']);
$user->occupation = cleanit($_POST['occupation']);
$user->aim = cleanit($_POST['aim']);
$user->msn = cleanit($_POST['msn']);
$user->yahoo = cleanit($_POST['yahoo']);
$user->gtalk = cleanit($_POST['gtalk']);
$user->skype = cleanit($_POST['skype']);
$user->irc = cleanit($_POST['irc']);
$user->names = cleanit($_POST['names']);
check_actions('profile_save');
$avatar_source = cleanit($_POST['avatarsource']);
if ($avatar_source != "" && $avatar_source != "useruploaded") {
loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . $_POST["email"]);
$avatar_source == "";
}
$user->avatar_source = $avatar_source;
if (!empty($_POST['password']) || !empty($_POST['password2'])) {
$oldpass = $_POST['oldpassword'];
$userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'");
$saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH));
if ($userX->user_pass == $saltedpass) {
if ($_POST['password'] !== $_POST['password2']) {
$msg = '<p align=center><span class=error>' . _(PLIGG_Visual_Profile_BadPass) . '</span></p>';
return $msg;
} else {
$user->pass = trim($_POST['password']);
$msg = '<p align=center><span class=error>' . _(PLIGG_Visual_Profile_PassUpdated) . '</span></p>';
}
} else {
$msg = '<p align=center><span class=error>' . PLIGG_Visual_Profile_BadOldPass . '</span></p>';
return $msg;
}
}
$user->store();
$user->read();
$current_user->Authenticate($user->username, $user->pass);
if (!$msg) {
$msg = '<p align=center><span class=error>' . _(PLIGG_Visual_Profile_DataUpdated) . '</span></p>';
}
return $msg;
}
function do_submit2()
{
global $db, $main_smarty, $dblang, $the_template, $linkres, $current_user, $Story_Content_Tags_To_Allow;
$main_smarty->assign('auto_vote', auto_vote);
$main_smarty->assign('Submit_Show_URL_Input', Submit_Show_URL_Input);
$main_smarty->assign('Submit_Require_A_URL', Submit_Require_A_URL);
$main_smarty->assign('link_id', sanitize($_POST['id'], 3));
define('pagename', 'submit');
$main_smarty->assign('pagename', pagename);
if ($current_user->authenticated != TRUE) {
$vars = array('username' => $current_user->user_login);
check_actions('register_check_errors', $vars);
}
check_actions('submit2_check_errors', $vars);
if ($vars['error'] == true) {
// No action
}
$linkres = new Link();
$linkres->id = sanitize($_POST['id'], 3);
if ($_SESSION['step'] != 1) {
die('Wrong step');
}
if (!is_numeric($linkres->id)) {
die;
}
if (!$linkres->verify_ownership($current_user->user_id)) {
die($main_smarty->get_config_vars('PLIGG_Visual_Submit2Errors_NoAccess'));
}
$linkres->read(FALSE);
if ($linkres->votes($current_user->user_id) == 0 && auto_vote == true) {
$linkres->insert_vote($current_user->user_id, '10');
$linkres->store_basic();
$linkres->read(FALSE);
}
if (is_array($_POST['category'])) {
$linkres->category = sanitize($_POST['category'][0], 3);
$linkres->additional_cats = array_slice($_POST['category'], 1);
} else {
$linkres->category = sanitize($_POST['category'], 3);
}
$thecat = get_cached_category_data('category_id', $linkres->category);
$main_smarty->assign('request_category_name', $thecat->category_name);
$linkres->title = stripslashes(sanitize($_POST['title'], 3));
$linkres->title_url = makeUrlFriendly($linkres->title, $linkres->id);
$linkres->tags = tags_normalize_string(stripslashes(sanitize($_POST['tags'], 3)));
$linkres->content = close_tags(stripslashes(sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow)));
//$linkres->content = str_replace("\n", "<br />", $linkres->content);
if (isset($_POST['link_field1'])) {
$linkres->link_field1 = sanitize($_POST['link_field1'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field2'])) {
$linkres->link_field2 = sanitize($_POST['link_field2'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field3'])) {
$linkres->link_field3 = sanitize($_POST['link_field3'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field4'])) {
$linkres->link_field4 = sanitize($_POST['link_field4'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field5'])) {
$linkres->link_field5 = sanitize($_POST['link_field5'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field6'])) {
$linkres->link_field6 = sanitize($_POST['link_field6'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field7'])) {
$linkres->link_field7 = sanitize($_POST['link_field7'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field8'])) {
$linkres->link_field8 = sanitize($_POST['link_field8'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field9'])) {
$linkres->link_field9 = sanitize($_POST['link_field9'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field10'])) {
$linkres->link_field10 = sanitize($_POST['link_field10'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field11'])) {
$linkres->link_field11 = sanitize($_POST['link_field11'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field12'])) {
$linkres->link_field12 = sanitize($_POST['link_field12'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field13'])) {
$linkres->link_field13 = sanitize($_POST['link_field13'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field14'])) {
$linkres->link_field14 = sanitize($_POST['link_field14'], 4, $Story_Content_Tags_To_Allow);
}
if (isset($_POST['link_field15'])) {
$linkres->link_field15 = sanitize($_POST['link_field15'], 4, $Story_Content_Tags_To_Allow);
}
if (!isset($_POST['summarytext'])) {
$linkres->link_summary = utf8_substr(sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow), 0, StorySummary_ContentTruncate - 1);
//$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));
} else {
$linkres->link_summary = sanitize($_POST['summarytext'], 4, $Story_Content_Tags_To_Allow);
//$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));
if (utf8_strlen($linkres->link_summary) > StorySummary_ContentTruncate) {
loghack('SubmitAStory-SummaryGreaterThanLimit', 'username: '******'|email: ' . sanitize($_POST["email"], 3), true);
$linkres->link_summary = utf8_substr($linkres->link_summary, 0, StorySummary_ContentTruncate - 1);
//$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));
}
}
//get link_group_id
if (isset($_REQUEST['link_group_id']) && $_REQUEST['link_group_id'] != '') {
$linkres->link_group_id = intval($_REQUEST['link_group_id']);
} else {
$linkres->link_group_id = 0;
}
$linkres->store();
if (link_errors($linkres)) {
return;
}
//comment subscription
if (isset($_POST['comment_subscription'])) {
$vars = array('link_id' => $linkres->id);
check_actions('comment_subscription_insert_function', $vars);
}
//comment subscription
if (isset($_POST['timestamp_date_day'])) {
//open date
$timestamp_date_day = $_POST['timestamp_date_day'];
$timestamp_date_month = $_POST['timestamp_date_month'];
$timestamp_date_year = $_POST['timestamp_date_year'];
if (!is_numeric($timestamp_date_day) || !is_numeric($timestamp_date_month) || !is_numeric($timestamp_date_year)) {
$timestamp_date = date("m-d-Y");
} else {
$timestamp_date = $timestamp_date_month . "-" . $timestamp_date_day . "-" . $timestamp_date_year;
}
$vars = array('link_id' => $linkres->id);
$vars = array('timestamp_date' => $timestamp_date, 'link_id' => $linkres->id);
check_actions('comment_subscription_insert_function', $vars);
}
$vars = '';
check_actions('submit_step_3_after_first_store', $vars);
if ($vars['error'] == true && link_catcha_errors('captcha_error')) {
return;
}
$linkres->read(FALSE);
$edit = true;
$link_title = $linkres->title;
$link_content = $linkres->content;
$link_title = stripslashes(sanitize($_POST['title'], 3));
$main_smarty->assign('the_story', $linkres->print_summary('full', true));
$main_smarty->assign('tags', $linkres->tags);
if (!empty($linkres->tags)) {
$tags_words = str_replace(",", ", ", $linkres->tags);
$tags_url = urlencode($linkres->tags);
$main_smarty->assign('tags_words', $tags_words);
$main_smarty->assign('tags_url', $tags_url);
}
if (isset($url)) {
$main_smarty->assign('submit_url', $url);
} else {
$main_smarty->assign('submit_url', '');
}
$data = parse_url($linkres->url);
$main_smarty->assign('url_short', $data['host']);
$main_smarty->assign('submit_url_title', $linkres->url_title);
$main_smarty->assign('submit_id', $linkres->id);
$main_smarty->assign('submit_type', $linkres->type());
$main_smarty->assign('submit_title', str_replace('"', """, $link_title));
$main_smarty->assign('submit_content', $link_content);
if (isset($trackback)) {
$main_smarty->assign('submit_trackback', $trackback);
} else {
$main_smarty->assign('submit_trackback', '');
}
$main_smarty->assign('tpl_extra_fields', $the_template . '/submit_extra_fields');
$main_smarty->assign('tpl_center', $the_template . '/submit_step_3_center');
$vars = '';
check_actions('do_submit2', $vars);
$_SESSION['step'] = 2;
if (Submit_Complete_Step2) {
do_submit3();
} else {
$main_smarty->display($the_template . '/pligg.tpl');
}
}
function do_submit1()
{
global $db, $main_smarty, $dblang, $the_template, $linkres, $current_user, $Story_Content_Tags_To_Allow;
$linkres = new Link();
$main_smarty->assign('auto_vote', auto_vote);
$main_smarty->assign('Submit_Show_URL_Input', Submit_Show_URL_Input);
$main_smarty->assign('Submit_Require_A_URL', Submit_Require_A_URL);
$main_smarty->assign('link_id', sanitize($_POST['id'], 3));
define('pagename', 'submit');
$main_smarty->assign('pagename', pagename);
$linkres->store();
$linkres->id = sanitize($_POST['id'], 3);
$thecat = get_cached_category_data('category_id', $linkres->category);
$main_smarty->assign('request_category_name', $thecat->category_name);
if (!isset($_POST['summarytext'])) {
$linkres->link_summary = utf8_substr(sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow), 0, StorySummary_ContentTruncate - 1);
$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));
} else {
$linkres->link_summary = sanitize($_POST['summarytext'], 4, $Story_Content_Tags_To_Allow);
$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));
if (utf8_strlen($linkres->link_summary) > StorySummary_ContentTruncate) {
loghack('SubmitAStory-SummaryGreaterThanLimit', 'username: '******'|email: ' . sanitize($_POST["email"], 3), true);
$linkres->link_summary = utf8_substr($linkres->link_summary, 0, StorySummary_ContentTruncate - 1);
$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));
}
}
$sid = $_POST["sid"];
tags_insert_string($sid, $dblang, $linkres->tags);
//$main_smarty->assign('the_story', $linkres->print_summary('full', true));
$main_smarty->assign('tags', $linkres->tags);
if (!empty($linkres->tags)) {
$tags_words = str_replace(",", ", ", $linkres->tags);
$tags_url = urlencode($linkres->tags);
$main_smarty->assign('tags_words', $tags_words);
$main_smarty->assign('tags_url', $tags_url);
}
$main_smarty->assign('submit_url_title', $linkres->url_title);
$main_smarty->assign('submit_id', $linkres->id);
$main_smarty->assign('submit_title', str_replace('"', """, $link_title));
$main_smarty->assign('submit_content', $link_content);
include mnminclude . 'redirector.php';
$x = new redirector($_SERVER['REQUEST_URI']);
//$Sid=$_SESSION['newSid'];
header("Location:" . my_base_url . my_pligg_base . "/story.php?title={$sid}");
$vars = '';
check_actions('do_submit2', $vars);
$_SESSION['step'] = 2;
$main_smarty->display($the_template . '/pligg.tpl');
}
$linkres->category = $_POST['category'];
if ($linkres->title != strip_tags(trim($_POST['title']))) {
$linkres->title = strip_tags(trim($_POST['title']));
$linkres->title_url = makeUrlFriendly($linkres->title);
}
$linkres->content = strip_tags(trim($_POST['bodytext']), Story_Content_Tags_To_Allow);
$linkres->tags = tags_normalize_string(strip_tags(trim($_POST['tags'])));
if ($_POST['summarytext'] == "") {
$linkres->link_summary = utf8_substr(strip_tags(trim($_POST['bodytext']), Story_Content_Tags_To_Allow), 0, StorySummary_ContentTruncate - 1);
$linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
} else {
$linkres->link_summary = $db->escape($_POST['summarytext']);
$linkres->link_summary = strip_tags(trim($linkres->link_summary), Story_Content_Tags_To_Allow);
$linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
if (strlen($linkres->link_summary) > StorySummary_ContentTruncate) {
loghack('SubmitAStory-SummaryGreaterThanLimit', 'username: '******'|email: ' . $_POST["email"], true);
$linkres->link_summary = utf8_substr($linkres->link_summary, 0, StorySummary_ContentTruncate - 1);
$linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
}
}
$linkres->link_field1 = trim($_POST['link_field1']);
$linkres->link_field2 = trim($_POST['link_field2']);
$linkres->link_field3 = trim($_POST['link_field3']);
$linkres->link_field4 = trim($_POST['link_field4']);
$linkres->link_field5 = trim($_POST['link_field5']);
$linkres->link_field6 = trim($_POST['link_field6']);
$linkres->link_field7 = trim($_POST['link_field7']);
$linkres->link_field8 = trim($_POST['link_field8']);
$linkres->link_field9 = trim($_POST['link_field9']);
$linkres->link_field10 = trim($_POST['link_field10']);
$linkres->link_field11 = trim($_POST['link_field11']);
function save_profile()
{
global $user, $current_user, $db, $main_smarty, $CSRF;
if ($CSRF->check_valid(sanitize($_POST['token'], 3), 'profile_change')) {
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || sanitize($_POST['user_id'], 3) != $current_user->user_id) {
return;
}
if (!check_email(sanitize($_POST['email'], 3))) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadEmail");
return $savemsg;
} else {
$user->email = sanitize($_POST['email'], 3);
}
$user->url = sanitize($_POST['url'], 3);
$user->public_email = sanitize($_POST['public_email'], 3);
$user->location = sanitize($_POST['location'], 3);
$user->occupation = sanitize($_POST['occupation'], 3);
$user->aim = sanitize($_POST['aim'], 3);
$user->msn = sanitize($_POST['msn'], 3);
$user->yahoo = sanitize($_POST['yahoo'], 3);
$user->gtalk = sanitize($_POST['gtalk'], 3);
$user->skype = sanitize($_POST['skype'], 3);
$user->irc = sanitize($_POST['irc'], 3);
$user->names = sanitize($_POST['names'], 3);
// module system hook
$vars = '';
check_actions('profile_save', $vars);
$avatar_source = sanitize($_POST['avatarsource'], 3);
if ($avatar_source != "" && $avatar_source != "useruploaded") {
loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . sanitize($_POST["email"], 3));
$avatar_source == "";
}
$user->avatar_source = $avatar_source;
if (!empty($_POST['newpassword']) || !empty($_POST['newpassword2'])) {
$oldpass = sanitize($_POST['oldpassword'], 3);
$userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'");
$saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH));
if ($userX->user_pass == $saltedpass) {
if (sanitize($_POST['newpassword'], 3) !== sanitize($_POST['newpassword2'], 3)) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadPass");
return $savemsg;
} else {
$saltedpass = generateHash(sanitize($_POST['newpassword'], 3));
$user->pass = $saltedpass;
$user->store();
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_PassUpdated");
return $savemsg;
}
} else {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadOldPass");
return $savemsg;
}
}
$user->store();
$user->read();
$current_user->Authenticate($user->username, $user->pass);
if (!isset($savemsg)) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_DataUpdated");
}
return $savemsg;
} else {
return 'There was a token error.';
}
}
function save_profile()
{
global $user, $current_user, $db, $main_smarty, $CSRF, $canIhaveAccess, $language;
if ($CSRF->check_valid(sanitize($_POST['token'], 3), 'profile_change')) {
if (!isset($_POST['save_profile']) || !$_POST['process'] || !$canIhaveAccess && sanitize($_POST['user_id'], 3) != $current_user->user_id) {
return;
}
if ($user->email != sanitize($_POST['email'], 3)) {
if (!check_email(sanitize($_POST['email'], 3))) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadEmail");
return $savemsg;
} elseif (email_exists(trim(sanitize($_POST['email'], 3)))) {
// if email already exists
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_EmailExists");
return $savemsg;
} else {
if (pligg_validate()) {
$encode = md5($_POST['email'] . $user->karma . $user->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . urlencode($user->username) . "&email=" . urlencode($_POST['email']);
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval("\$str = \"{$str}\";");
$message = "{$str}";
if (phpnum() >= 5) {
require "libs/class.phpmailer5.php";
} else {
require "libs/class.phpmailer4.php";
}
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
$mail->AddAddress($_POST['email']);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
$mail->IsHTML(false);
$mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
$mail->Body = $message;
$mail->CharSet = 'utf-8';
#print_r($mail);
if (!$mail->Send()) {
return false;
}
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Noemail") . ' ' . sprintf($main_smarty->get_config_vars("PLIGG_Visual_Register_ToDo"), $main_smarty->get_config_vars('PLIGG_PassEmail_From'));
} else {
$user->email = sanitize($_POST['email'], 3);
}
}
}
$user->url = sanitize($_POST['url'], 3);
$user->public_email = sanitize($_POST['public_email'], 3);
$user->location = sanitize($_POST['location'], 3);
$user->occupation = sanitize($_POST['occupation'], 3);
$user->aim = sanitize($_POST['aim'], 3);
$user->msn = sanitize($_POST['msn'], 3);
$user->yahoo = sanitize($_POST['yahoo'], 3);
$user->gtalk = sanitize($_POST['gtalk'], 3);
$user->skype = sanitize($_POST['skype'], 3);
$user->irc = sanitize($_POST['irc'], 3);
$user->names = sanitize($_POST['names'], 3);
if (user_language) {
$user->language = sanitize($_POST['language'], 3);
}
// module system hook
$vars = '';
check_actions('profile_save', $vars);
$avatar_source = sanitize($_POST['avatarsource'], 3);
if ($avatar_source != "" && $avatar_source != "useruploaded") {
loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . sanitize($_POST["email"], 3));
$avatar_source == "";
}
$user->avatar_source = $avatar_source;
if (!empty($_POST['newpassword']) || !empty($_POST['newpassword2'])) {
$oldpass = sanitize($_POST['oldpassword'], 3);
$userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'");
$saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH));
if ($userX->user_pass == $saltedpass) {
if (sanitize($_POST['newpassword'], 3) !== sanitize($_POST['newpassword2'], 3)) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadPass");
return $savemsg;
} else {
$saltedpass = generateHash(sanitize($_POST['newpassword'], 3));
$user->pass = $saltedpass;
$user->store();
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_PassUpdated");
return $savemsg;
}
} else {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadOldPass");
return $savemsg;
}
}
$user->store();
$user->read();
if ($language != $user->language) {
header("Location: " . getmyurl('profile'));
exit;
}
$current_user->Authenticate($user->username, $user->pass);
if (!isset($savemsg)) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_DataUpdated");
}
return $savemsg;
} else {
return 'There was a token error.';
}
}
check_actions('edit_link_hook', $vars);
$linkres->category = sanitize($_POST['category'], 3);
if ($linkres->title != sanitize($_POST['title'], 3)) {
$linkres->title = sanitize($_POST['title'], 3);
$linkres->title_url = makeUrlFriendly($linkres->title);
}
$linkres->content = sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow);
$linkres->tags = tags_normalize_string(sanitize($_POST['tags'], 3));
if (sanitize($_POST['summarytext'], 3) == "") {
$linkres->link_summary = utf8_substr(sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow), 0, StorySummary_ContentTruncate - 1);
$linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
} else {
$linkres->link_summary = sanitize($_POST['summarytext'], 4, $Story_Content_Tags_To_Allow);
$linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
if (strlen($linkres->link_summary) > StorySummary_ContentTruncate) {
loghack('SubmitAStory-SummaryGreaterThanLimit', 'username: '******'|email: ' . sanitize($_POST["email"], 3), true);
$linkres->link_summary = utf8_substr($linkres->link_summary, 0, StorySummary_ContentTruncate - 1);
$linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
}
}
// Steef 2k7-07 security fix start ----------------------------------------------------------
$linkres->link_field1 = sanitize($_POST['link_field1'], 4, $Story_Content_Tags_To_Allow);
$linkres->link_field2 = sanitize($_POST['link_field2'], 4, $Story_Content_Tags_To_Allow);
$linkres->link_field3 = sanitize($_POST['link_field3'], 4, $Story_Content_Tags_To_Allow);
$linkres->link_field4 = sanitize($_POST['link_field4'], 4, $Story_Content_Tags_To_Allow);
$linkres->link_field5 = sanitize($_POST['link_field5'], 4, $Story_Content_Tags_To_Allow);
$linkres->link_field6 = sanitize($_POST['link_field6'], 4, $Story_Content_Tags_To_Allow);
$linkres->link_field7 = sanitize($_POST['link_field7'], 4, $Story_Content_Tags_To_Allow);
$linkres->link_field8 = sanitize($_POST['link_field8'], 4, $Story_Content_Tags_To_Allow);
$linkres->link_field9 = sanitize($_POST['link_field9'], 4, $Story_Content_Tags_To_Allow);
$linkres->link_field10 = sanitize($_POST['link_field10'], 4, $Story_Content_Tags_To_Allow);
function do_register2()
{
global $db, $current_user, $main_smarty, $the_template;
if (enable_captcha == 'true') {
if (!ts_is_human()) {
$main_smarty->assign('register_error_text', "badcode");
$main_smarty->display($the_template . '/register_error.tpl');
return;
}
$reghash = $_POST["reghash"];
$mycombo = $_POST["username"] . $_POST["email"] . $_POST["password"];
if (generateHash($mycombo, substr($reghash, 0, SALT_LENGTH)) != $reghash) {
loghack('Register Step 2', 'username: '******'|email: ' . $_POST["email"]);
}
}
$error = false;
$error = verify_reg($_POST["username"], $_POST["email"], $_POST["password"], $_POST["password"]);
// (use password here not password2)
if ($error) {
return;
}
$username = $db->escape(trim($_POST['username']));
$password = $db->escape(trim($_POST['password']));
$userip = $_SERVER['REMOTE_ADDR'];
$saltedpass = generateHash($password);
$email = $db->escape(trim($_POST['email']));
if (!user_exists($username)) {
if ($db->query("INSERT INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip) VALUES ('{$username}', '{$email}', '{$saltedpass}', now(), '{$userip}')")) {
if ($current_user->Authenticate($username, $password, false) == false) {
$main_smarty->assign('register_error_text', "errorinserting");
$main_smarty->display($the_template . '/register_error.tpl');
} else {
define('registerdetails', $username . ';' . $password . ';' . $email . ';' . $return);
check_actions('register_success_pre_redirect');
header('Location: ' . getmyurl('user', $username));
}
} else {
$main_smarty->assign('register_error_text', "errorinserting");
$main_smarty->display($the_template . '/register_error.tpl');
}
} else {
$main_smarty->assign('register_error_text', "usernameexists");
$main_smarty->display($the_template . '/register_error.tpl');
}
}