function txGalleryApprove()
{
global $DB, $json, $C;
VerifyPrivileges(P_GALLERY_MODIFY, TRUE);
$t = new Template();
$t->assign_by_ref('config', $C);
$result = GetWhichGalleries();
$amount = 0;
while ($gallery = $DB->NextRow($result)) {
if ($gallery['status'] == 'pending' || $gallery['status'] == 'unconfirmed') {
$gallery['status'] = 'approved';
$gallery['date_approved'] = MYSQL_NOW;
$gallery['administrator'] = $_SERVER['REMOTE_USER'];
// Mark the gallery as approved
if ($_REQUEST['framed']) {
$gallery = array_merge($gallery, $_REQUEST);
$gallery['categories'] = CategoryTagsFromIds($gallery['categories']);
if (!preg_match(RE_DATETIME, $gallery['date_scheduled'])) {
$gallery['date_scheduled'] = '';
}
if (!preg_match(RE_DATETIME, $gallery['date_deletion'])) {
$gallery['date_deletion'] = '';
}
NullIfEmpty($gallery['date_scheduled']);
NullIfEmpty($gallery['date_deletion']);
$DB->Update('UPDATE `tx_galleries` SET ' . '`gallery_url`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`thumbnails`=?, ' . '`nickname`=?, ' . '`weight`=?, ' . '`sponsor_id`=?, ' . '`type`=?, ' . '`format`=?, ' . '`status`=?, ' . '`date_approved`=?, ' . '`date_scheduled`=?, ' . '`date_deletion`=?, ' . '`administrator`=?, ' . '`allow_scan`=?, ' . '`allow_preview`=?, ' . '`tags`=?, ' . '`categories`=? ' . 'WHERE `gallery_id`=?', array($gallery['gallery_url'], $gallery['description'], $gallery['keywords'], $gallery['thumbnails'], $gallery['nickname'], $gallery['weight'], $gallery['sponsor_id'], $gallery['type'], $gallery['format'], $gallery['status'], $gallery['date_approved'], $gallery['date_scheduled'], $gallery['date_deletion'], $gallery['administrator'], intval($gallery['allow_scan']), intval($gallery['allow_preview']), $gallery['tags'], $gallery['categories'], $gallery['gallery_id']));
// Update user defined fields
UserDefinedUpdate('tx_gallery_fields', 'tx_gallery_field_defs', 'gallery_id', $gallery['gallery_id'], $gallery);
// Update icons
$DB->Update('DELETE FROM `tx_gallery_icons` WHERE `gallery_id`=?', array($gallery['gallery_id']));
if (is_array($_REQUEST['icons'])) {
foreach ($_REQUEST['icons'] as $icon) {
$DB->Update('INSERT INTO `tx_gallery_icons` VALUES (?,?)', array($gallery['gallery_id'], $icon));
}
}
} else {
$DB->Update('UPDATE `tx_galleries` SET `status`=?,`date_approved`=?,`administrator`=? WHERE `gallery_id`=?', array($gallery['status'], $gallery['date_approved'], $gallery['administrator'], $gallery['gallery_id']));
}
// Send approval e-mail if option is enabled
if ($C['email_on_approval'] && $gallery['email'] != $C['from_email']) {
$t->assign_by_ref('gallery', $gallery);
SendMail($gallery['email'], 'email-gallery-approved.tpl', $t);
}
$amount++;
}
}
$DB->Free($result);
// Update administrator count of galleries approved
$DB->Update('UPDATE `tx_administrators` SET `approved`=`approved`+? WHERE `username`=?', array($amount, $_SERVER['REMOTE_USER']));
echo $json->encode(array('status' => JSON_SUCCESS, 'message' => "{$amount} galler" . ($amount == 1 ? 'y has' : 'ies have') . " been approved"));
}
function tlxAccountEdit()
{
global $C, $DB, $L, $t, $IMAGE_EXTENSIONS;
if (($account = ValidAccountLogin()) === FALSE) {
return;
}
if ($account['locked']) {
$t->display('accounts-locked.tpl');
return;
}
unset($_REQUEST['banner_url_local']);
// Get domain
$parsed_url = parse_url($_REQUEST['site_url']);
$_REQUEST['domain'] = preg_replace('~^www\\.~', '', $parsed_url['host']);
$v = new Validator();
// Get selected category (if any) and set variables
if (isset($_REQUEST['category_id'])) {
$category = $DB->Row('SELECT * FROM `tlx_categories` WHERE `category_id`=? AND `hidden`=0', array($_REQUEST['category_id']));
if ($category) {
$C['min_desc_length'] = $category['desc_min_length'];
$C['max_desc_length'] = $category['desc_max_length'];
$C['min_title_length'] = $category['title_min_length'];
$C['max_title_length'] = $category['title_max_length'];
$C['banner_max_width'] = $category['banner_max_width'];
$C['banner_max_height'] = $category['banner_max_height'];
$C['banner_max_bytes'] = $category['banner_max_bytes'];
$C['allow_redirect'] = $category['allow_redirect'];
} else {
$v->SetError($L['INVALID_CATEGORY']);
}
}
// Check for duplicate account information
if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE (`site_url`=? OR `email`=? OR `domain`=?) AND `username`!=?', array($_REQUEST['site_url'], $_REQUEST['email'], $_REQUEST['domain'], $account['username'])) > 0) {
$v->SetError($L['EXISTING_ACCOUNT']);
}
$v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
$v->Register($_REQUEST['site_url'], V_URL, sprintf($L['INVALID_URL'], $L['SITE_URL']));
if (!empty($_REQUEST['new_password'])) {
$v->Register($_REQUEST['new_password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999');
$v->Register($_REQUEST['new_password'], V_NOT_EQUALS, $L['USERNAME_IS_PASSWORD'], $account['username']);
$v->Register($_REQUEST['new_password'], V_EQUALS, $L['PASSWORDS_DONT_MATCH'], $_REQUEST['confirm_password']);
$_REQUEST['password'] = sha1($_REQUEST['new_password']);
} else {
$_REQUEST['password'] = $account['password'];
}
// Format keywords and check number
if ($C['allow_keywords']) {
$_REQUEST['keywords'] = FormatSpaceSeparated($_REQUEST['keywords']);
$keywords = explode(' ', $_REQUEST['keywords']);
$v->Register(count($keywords), V_LESS_EQ, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']);
} else {
$_REQUEST['keywords'] = $account['keywords'];
}
if (!IsEmptyString($_REQUEST['banner_url'])) {
$v->Register($_REQUEST['banner_url'], V_URL, sprintf($L['INVALID_URL'], $L['BANNER_URL']));
}
// Initial validation
if (!$v->Validate()) {
return $v->ValidationError('tlxShAccountEdit', TRUE);
}
// Check if the site URL is working
$http = new Http();
if ($http->Get($_REQUEST['site_url'], $C['allow_redirect'])) {
$_REQUEST['html'] = $http->body;
$_REQUEST['headers'] = $http->raw_response_headers;
} else {
$v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['site_url'], $http->errstr));
}
// Check the blacklist
$blacklisted = CheckBlacklistAccount($_REQUEST);
if ($blacklisted !== FALSE) {
$v->SetError(sprintf($blacklisted[0]['reason'] ? $L['BLACKLISTED_REASON'] : $L['BLACKLISTED'], $blacklisted[0]['match'], $blacklisted[0]['reason']));
}
// Check site title and description length
$v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}");
$v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}");
// Validation of user defined fields
$fields =& GetUserAccountFields();
foreach ($fields as $field) {
if ($field['on_edit']) {
if ($field['required_edit']) {
$v->Register($_REQUEST[$field['name']], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $field['label']));
}
if (!IsEmptyString($_REQUEST[$field['name']]) && $field['validation']) {
$v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
}
}
}
// Download banner to check size
$banner_file = null;
if ($_REQUEST['banner_url'] != $account['banner_url'] && !IsEmptyString($_REQUEST['banner_url']) && ($C['download_banners'] || $C['host_banners'])) {
$http = new Http();
if ($http->Get($_REQUEST['banner_url'], TRUE, $_REQUEST['site_url'])) {
$unique_id = md5(uniqid(rand(), true));
$banner_file = SafeFilename("{$C['banner_dir']}/{$unique_id}.jpg", FALSE);
FileWrite($banner_file, $http->body);
$banner_info = @getimagesize($banner_file);
if ($banner_info !== FALSE) {
$_REQUEST['banner_width'] = $banner_info[0];
$_REQUEST['banner_height'] = $banner_info[1];
if (filesize($banner_file) > $C['banner_max_bytes']) {
$v->SetError(sprintf($L['BAD_BANNER_BYTES'], $C['banner_max_bytes']));
}
if ($C['host_banners']) {
if (isset($IMAGE_EXTENSIONS[$banner_info[2]])) {
$banner_ext = strtolower($IMAGE_EXTENSIONS[$banner_info[2]]);
$_REQUEST['banner_url_local'] = "{$C['banner_url']}/{$account['username']}.{$banner_ext}";
if ($C['review_edited_accounts']) {
$_REQUEST['banner_data'] = $http->body;
} else {
$new_file = SafeFilename("{$C['banner_dir']}/{$account['username']}.{$banner_ext}", FALSE);
rename($banner_file, $new_file);
$banner_file = $new_file;
}
} else {
$v->SetError($L['BAD_BANNER_IMAGE']);
}
} else {
@unlink($banner_file);
$banner_file = null;
}
} else {
$v->SetError($L['BAD_BANNER_IMAGE']);
}
} else {
$v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['banner_url'], $http->errstr));
}
}
// Check banner dimensions
if ($_REQUEST['banner_width'] > $C['banner_max_width'] || $_REQUEST['banner_height'] > $C['banner_max_height']) {
$v->SetError(sprintf($L['BAD_BANNER_SIZE'], $C['banner_max_width'], $C['banner_max_height']));
}
// Force banner dimensions
if ($C['banner_force_size']) {
$_REQUEST['banner_width'] = $C['banner_max_width'];
$_REQUEST['banner_height'] = $C['banner_max_height'];
}
if (!$v->Validate()) {
if (!empty($banner_file)) {
@unlink($banner_file);
}
return $v->ValidationError('tlxShAccountEdit', TRUE);
}
// Reviewing account edits
if ($C['review_edited_accounts']) {
unset($_REQUEST['html']);
unset($_REQUEST['headers']);
unset($_REQUEST['password']);
unset($_REQUEST['r']);
unset($_REQUEST['new_password']);
unset($_REQUEST['confirm_password']);
$DB->Update('UPDATE `tlx_accounts` SET ' . '`edited`=1, ' . '`edit_data`=? ' . 'WHERE `username`=?', array(base64_encode(serialize($_REQUEST)), $account['username']));
} else {
$DB->Update('UPDATE `tlx_accounts` SET ' . '`email`=?, ' . '`site_url`=?, ' . '`domain`=?, ' . '`banner_url`=?, ' . '`banner_url_local`=?, ' . '`banner_height`=?, ' . '`banner_width`=?, ' . '`title`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`password`=?, ' . '`category_id`=? ' . 'WHERE `username`=?', array($_REQUEST['email'], $_REQUEST['site_url'], $_REQUEST['domain'], $_REQUEST['banner_url'], $_REQUEST['banner_url_local'], $_REQUEST['banner_height'], $_REQUEST['banner_width'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['keywords'], $_REQUEST['password'], $_REQUEST['category_id'], $account['username']));
// Update user defined fields
UserDefinedUpdate('tlx_account_fields', 'tlx_account_field_defs', 'username', $account['username'], $_REQUEST);
}
$t->assign_by_ref('account', $account);
$t->assign_by_ref('stats', $DB->Row('SELECT * FROM `tlx_account_hourly_stats` WHERE `username`=?', array($account['username'])));
$t->assign('updated', TRUE);
$t->display('accounts-overview.tpl');
}
/**
* Process link edits
*/
function lxEditedLink()
{
global $json, $DB;
VerifyPrivileges(P_LINK_MODIFY, TRUE);
if (!is_array($_REQUEST['link_id'])) {
$_REQUEST['link_id'] = array($_REQUEST['link_id']);
}
foreach ($_REQUEST['link_id'] as $link_id) {
$link = $DB->Row('SELECT * FROM `lx_links` WHERE `link_id`=?', array($link_id));
if ($link['is_edited']) {
if ($_REQUEST['w'] == 'approve') {
$edit = unserialize(base64_decode($link['edit_data']));
if (!IsEmptyString($edit['password'])) {
$edit['password'] = sha1($edit['password']);
} else {
$edit['password'] = $link['password'];
}
// Update link data
$DB->Update('UPDATE `lx_links` SET ' . '`site_url`=?, ' . '`recip_url`=?, ' . '`title`=?, ' . '`description`=?, ' . '`name`=?, ' . '`email`=?, ' . '`submit_ip`=?, ' . '`keywords`=?, ' . '`date_modified`=?, ' . '`password`=?, ' . '`is_edited`=?, ' . '`edit_data`=? ' . 'WHERE `link_id`=?', array($edit['site_url'], $edit['recip_url'], $edit['title'], $edit['description'], $edit['name'], $edit['email'], $edit['submit_ip'], $edit['keywords'], MYSQL_NOW, $edit['password'], 0, null, $link_id));
// Update user defined fields
UserDefinedUpdate('lx_link_fields', 'lx_link_field_defs', 'link_id', $link_id, $edit, FALSE);
} else {
$DB->Update('UPDATE lx_links SET is_edited=?,edit_data=? WHERE link_id=?', array(0, null, $link_id));
}
}
}
echo $json->encode(array('status' => JSON_SUCCESS));
}
function lxEditAccount()
{
global $DB, $C, $t, $L;
$account = ValidUserLogin();
if ($account === FALSE) {
lxShLogin($L['INVALID_LOGIN']);
return;
} else {
if ($account['status'] != 'active') {
lxShLogin($account['status'] == 'suspended' ? $L['SUSPENDED_ACCOUNT'] : $L['PENDING_ACCOUNT']);
return;
} else {
$password = $account['password'];
$v = new Validator();
$v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
$v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}");
if (!empty($_REQUEST['password'])) {
$v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']);
$v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999');
$password = sha1($_REQUEST['password']);
}
// Validation of user defined fields
$fields =& GetUserAccountFields();
foreach ($fields as $field) {
if ($field['on_edit']) {
if ($field['required']) {
$v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}");
}
if ($field['validation']) {
$v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
}
}
}
// E-mail exists?
if ($DB->Count('SELECT COUNT(*) FROM lx_users WHERE username!=? AND email=?', array($account['username'], $_REQUEST['email']))) {
$v->SetError($L['DUPLICATE_EMAIL']);
}
// Check blacklist
$blacklisted = CheckBlacklistAccount($_REQUEST);
if ($blacklisted !== FALSE) {
$v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason']));
}
if (!$v->Validate()) {
$errors = join('<br />', $v->GetErrors());
lxShEdit($errors);
return;
}
// Update pre-defined data
$DB->Update('UPDATE lx_users SET ' . 'password=?, ' . 'name=?, ' . 'email=? ' . 'WHERE username=?', array($password, $_REQUEST['name'], $_REQUEST['email'], $account['username']));
// Update user defined fields
UserDefinedUpdate('lx_user_fields', 'lx_user_field_defs', 'username', $account['username'], $_REQUEST, FALSE);
// Back to the account overview
lxLogin(null, 'accountupdate');
}
}
}
function lxEditUser()
{
global $DB, $C;
VerifyPrivileges(P_USER_ADD);
$mail_count = $DB->Count('SELECT COUNT(*) FROM lx_users WHERE email=? AND username!=?', array($_REQUEST['email'], $_REQUEST['username']));
$validator = new Validator();
if (!empty($_REQUEST['password'])) {
$validator->Register($_REQUEST['password'], V_LENGTH, 'The password must contain at least 4 characters', array('min' => 4, 'max' => 999));
$password = sha1($_REQUEST['password']);
}
$validator->Register($_REQUEST['email'], V_EMAIL, 'The e-mail address is not properly formatted');
$validator->Register($mail_count, V_ZERO, 'A user account already exists with that e-mail address');
$validator->Register($_REQUEST['weight'], V_NUMERIC, 'The weight value must be numeric');
$validator->Register($_REQUEST['date_added'], V_DATETIME, 'The Date Added field is not properly formatted');
if (!empty($_REQUEST['date_modified'])) {
$validator->Register($_REQUEST['date_modified'], V_DATETIME, 'The Date Modified field is not properly formatted');
}
if (!$validator->Validate()) {
$GLOBALS['errstr'] = join('<br />', $validator->GetErrors());
lxShEditUser();
return;
}
$account = $DB->Row('SELECT * FROM lx_users WHERE username=?', array($_REQUEST['username']));
if (empty($_REQUEST['password'])) {
$password = $account['password'];
}
NullIfEmpty($_REQUEST['date_modified']);
// Update account data in the database
$DB->Update('UPDATE lx_users SET ' . 'password=?, ' . 'name=?, ' . 'email=?, ' . 'date_added=?, ' . 'date_modified=?, ' . 'status=?, ' . 'recip_required=?, ' . 'allow_redirect=?, ' . 'weight=? ' . 'WHERE username=?', array($password, $_REQUEST['name'], $_REQUEST['email'], $_REQUEST['date_added'], $_REQUEST['date_modified'], $_REQUEST['status'], intval($_REQUEST['recip_required']), intval($_REQUEST['allow_redirect']), $_REQUEST['weight'], $_REQUEST['username']));
// Update user defined fields
UserDefinedUpdate('lx_user_fields', 'lx_user_field_defs', 'username', $_REQUEST['username'], $_REQUEST);
// Update links with the new recip and redirect settings
$DB->Update('UPDATE lx_links SET recip_required=?,allow_redirect=? WHERE username=?', array(intval($_REQUEST['recip_required']), intval($_REQUEST['allow_redirect']), $_REQUEST['username']));
$GLOBALS['message'] = 'User account successfully updated';
$GLOBALS['added'] = true;
lxShEditUser();
}
function lxEditLink()
{
global $DB, $C, $L, $t;
$v = new Validator();
// Make sure user is allowed to edit this link
$link = $DB->Row('SELECT * FROM lx_links JOIN lx_link_fields USING (link_id) WHERE lx_links.link_id=?', array($_REQUEST['link_id']));
if ($_REQUEST['noaccount']) {
if (!empty($link['username']) || $link['site_url'] != $_REQUEST['login_site_url'] || $link['password'] != sha1($_REQUEST['login_password']) || $link['email'] != $_REQUEST['login_email']) {
$t->assign('error', $L['LINK_EDIT_REFUSED']);
$t->display('error-nice.tpl');
return;
}
} else {
$account = ValidUserLogin();
if (!$account || $account['username'] != $link['username']) {
$t->assign('error', $L['LINK_EDIT_REFUSED']);
$t->display('error-nice.tpl');
return;
}
}
$v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
$v->Register($_REQUEST['site_url'], V_URL, "{$L['INVALID_URL']}: {$L['SITE_URL']}");
$v->Register($_REQUEST['title'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['TITLE']}");
$v->Register($_REQUEST['description'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['DESCRIPTION']}");
$v->Register($_REQUEST['keywords'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['KEYWORDS']}");
$v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}");
$v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}");
$v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}");
// Format keywords and check number
$_REQUEST['keywords'] = FormatKeywords($_REQUEST['keywords']);
$keywords = explode(' ', $_REQUEST['keywords']);
$v->Register(count($keywords), V_LESS, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']);
if (!empty($_REQUEST['password'])) {
$v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']);
}
// See if URL already exists
if ($DB->Count('SELECT COUNT(*) FROM lx_links WHERE site_url=? AND link_id!=?', array($_REQUEST['site_url'], $link['link_id']))) {
$v->SetError($L['DUPLICATE_URL']);
}
// Validation of user defined fields
$fields =& GetUserLinkFields();
foreach ($fields as $field) {
if ($field['on_edit']) {
if ($field['required']) {
$v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}");
}
if ($field['validation']) {
$v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
}
}
}
$_REQUEST['allow_redirect'] = $link['allow_redirect'];
$_REQUEST['recip_required'] = $link['recip_required'];
// Scan link
$scan_result =& ScanLink($_REQUEST);
// Make sure site URL is working
if (!$scan_result['site_url']['working']) {
$v->SetError(sprintf($L['BROKEN_URL'], $L['SITE_URL'], $scan_result['site_url']['error']));
}
// Setup HTML code for blacklist check
$_REQUEST['html'] = $scan_result['site_url']['html'];
if (!empty($_REQUEST['recip_url'])) {
$_REQUEST['html'] .= ' ' . $scan_result['recip_url']['html'];
// Make sure recip URL is working
if (!$scan_result['recip_url']['working']) {
$v->SetError(sprintf($L['BROKEN_URL'], $L['RECIP_URL'], $scan_result['recip_url']['error']));
}
}
// Verify recip link was found
if ($_REQUEST['recip_required'] && !$scan_result['has_recip']) {
$v->SetError($L['NO_RECIP_FOUND']);
}
// Check blacklist
$blacklisted = CheckBlacklistLink($_REQUEST);
if ($blacklisted !== FALSE) {
$v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason']));
}
if (!$v->Validate()) {
$errors = join('<br />', $v->GetErrors());
lxShEdit($errors);
return;
}
if ($C['approve_link_edits']) {
$_REQUEST['submit_ip'] = $_SERVER['REMOTE_ADDR'];
$DB->Update('UPDATE lx_links SET is_edited=1,edit_data=? WHERE link_id=?', array(base64_encode(serialize($_REQUEST)), $link['link_id']));
} else {
// Update password, if necessary
$password = $link['password'];
if ($_REQUEST['noaccount'] && !empty($_REQUEST['password'])) {
$password = sha1($_REQUEST['password']);
}
// Update link data
$DB->Update('UPDATE lx_links SET ' . 'site_url=?, ' . 'recip_url=?, ' . 'title=?, ' . 'description=?, ' . 'name=?, ' . 'email=?, ' . 'submit_ip=?, ' . 'keywords=?, ' . 'date_modified=?, ' . 'password=?, ' . 'has_recip=? ' . 'WHERE link_id=?', array($_REQUEST['site_url'], $_REQUEST['recip_url'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['name'], $_REQUEST['email'], $_SERVER['REMOTE_ADDR'], $_REQUEST['keywords'], MYSQL_NOW, $password, $scan_result['has_recip'], $link['link_id']));
// Update user defined fields
UserDefinedUpdate('lx_link_fields', 'lx_link_field_defs', 'link_id', $_REQUEST['link_id'], $_REQUEST, FALSE);
}
// Get category information
$categories = array();
$result = $DB->Query('SELECT * FROM lx_categories JOIN lx_link_cats USING (category_id) WHERE link_id=?', array($link['link_id']));
while ($category = $DB->NextRow($result)) {
$category['path_parts'] = unserialize($category['path_parts']);
$categories[] = $category;
}
$DB->Free($result);
// Show confirmation page
$t->assign_by_ref('categories', $categories);
$t->assign_by_ref('user_fields', $fields);
$t->assign_by_ref('link', $_REQUEST);
$t->display('submit-edited.tpl');
flush();
// Send e-mail to appropriate administrators
$result = $DB->Query('SELECT * FROM lx_administrators');
while ($admin = $DB->NextRow($result)) {
if ($admin['notifications'] & E_LINK_EDIT) {
SendMail($admin['email'], 'email-admin-link-edit.tpl', $t);
}
}
$DB->Free($result);
}
function txPartnerEdit()
{
global $C, $DB, $L, $t, $domain;
$partner = ValidPartnerLogin();
if ($partner !== FALSE) {
$v = new Validator();
$v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
// Check that new e-mail address does not conflict with another account
if ($partner['email'] != $_REQUEST['email'] && $DB->Count('SELECT COUNT(*) FROM `tx_partners` WHERE `email`=?', array($_REQUEST['email']))) {
$v->SetError($L['EXISTING_EMAIL']);
}
// Check if new passwords match
if (!IsEmptyString($_REQUEST['password'])) {
$v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']);
$v->Register($_REQUEST['password'], V_LENGTH, sprintf($L['PASSWORD_LENGTH'], 3, 32), '3,32');
$partner['password'] = sha1($_REQUEST['password']);
}
// Validation of user defined fields
$fields =& GetUserPartnerFields();
foreach ($fields as $field) {
if ($field['on_edit']) {
// Set values for unchecked checkboxes
if ($field['type'] == FT_CHECKBOX && !isset($_REQUEST[$field['name']])) {
$_REQUEST[$field['name']] = null;
}
if ($field['required_edit']) {
$v->Register($_REQUEST[$field['name']], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $field['label']));
}
if (!IsEmptyString($_REQUEST[$field['name']]) && $field['validation']) {
$v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
}
}
}
if (!$v->Validate()) {
return $v->ValidationError('txShPartnerEdit', TRUE);
}
// Update the predefined fields
$DB->Update('UPDATE `tx_partners` SET ' . '`email`=?, ' . '`name`=?, ' . '`password`=? ' . 'WHERE `username`=?', array($_REQUEST['email'], $_REQUEST['name'], $partner['password'], $partner['username']));
// Update user defined fields
$_REQUEST['username'] = $partner['username'];
UserDefinedUpdate('tx_partner_fields', 'tx_partner_field_defs', 'username', $_REQUEST['username'], $_REQUEST);
$t->assign('updated', TRUE);
txShPartnerEdit();
}
}
function txGalleryEdit()
{
global $DB, $C;
VerifyPrivileges(P_GALLERY_MODIFY);
$v = new Validator();
$v->Register($_REQUEST['email'], V_EMAIL, 'The E-mail Address is not properly formatted');
$v->Register($_REQUEST['gallery_url'], V_URL, 'The Gallery URL is not properly formatted');
$v->Register($_REQUEST['date_scheduled'], V_DATETIME, 'The Scheduled Date is not properly formatted');
$v->Register($_REQUEST['date_deletion'], V_DATETIME, 'The Delete Date is not properly formatted');
if ($_REQUEST['status'] == 'used' || $_REQUEST['status'] == 'holding') {
$v->Register($_REQUEST['date_displayed'], V_EMPTY, 'The Displayed Date must be filled in');
$v->Register($_REQUEST['date_displayed'], V_DATETIME, 'The Displayed Date is not properly formatted');
}
if (!IsEmptyString($_REQUEST['partner'])) {
$partner = $DB->Row('SELECT * FROM `tx_partners` WHERE `username`=?', array($_REQUEST['partner']));
if (!$partner) {
$v->SetError('The Partner username you entered does not match an existing partner account');
}
}
// Check tags for proper format
if (!IsEmptyString($_REQUEST['tags'])) {
$_REQUEST['tags'] = FormatSpaceSeparated($_REQUEST['tags']);
foreach (explode(' ', $_REQUEST['tags']) as $tag) {
if (strlen($tag) < 4 || !preg_match('~^[a-z0-9_]+$~i', $tag)) {
$v->SetError('All tags must be at least 4 characters in length and contain only letters, numbers, and underscores');
break;
}
}
}
if (!$v->Validate()) {
return $v->ValidationError('txShGalleryEdit');
}
NullIfEmpty($_REQUEST['date_scheduled']);
NullIfEmpty($_REQUEST['date_displayed']);
NullIfEmpty($_REQUEST['date_deletion']);
// Update gallery data
$DB->Update('UPDATE `tx_galleries` SET ' . '`gallery_url`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`thumbnails`=?, ' . '`email`=?, ' . '`nickname`=?, ' . '`weight`=?, ' . '`clicks`=?, ' . '`submit_ip`=?, ' . '`sponsor_id`=?, ' . '`type`=?, ' . '`format`=?, ' . '`status`=?, ' . '`date_scheduled`=?, ' . '`date_displayed`=?, ' . '`date_deletion`=?, ' . '`partner`=?, ' . '`allow_scan`=?, ' . '`allow_preview`=?, ' . '`tags`=?, ' . '`categories`=? ' . 'WHERE `gallery_id`=?', array($_REQUEST['gallery_url'], $_REQUEST['description'], FormatSpaceSeparated($_REQUEST['keywords']), $_REQUEST['thumbnails'], $_REQUEST['email'], $_REQUEST['nickname'], $_REQUEST['weight'], $_REQUEST['clicks'], $_REQUEST['submit_ip'], $_REQUEST['sponsor_id'], $_REQUEST['type'], $_REQUEST['format'], $_REQUEST['status'], $_REQUEST['date_scheduled'], $_REQUEST['date_displayed'], $_REQUEST['date_deletion'], $_REQUEST['partner'], intval($_REQUEST['allow_scan']), intval($_REQUEST['allow_preview']), FormatSpaceSeparated($_REQUEST['tags']), CategoryTagsFromIds($_REQUEST['categories']), $_REQUEST['gallery_id']));
// Update user defined fields
UserDefinedUpdate('tx_gallery_fields', 'tx_gallery_field_defs', 'gallery_id', $_REQUEST['gallery_id'], $_REQUEST);
// Update icons
$DB->Update('DELETE FROM `tx_gallery_icons` WHERE `gallery_id`=?', array($_REQUEST['gallery_id']));
if (is_array($_REQUEST['icons'])) {
foreach ($_REQUEST['icons'] as $icon_id) {
$DB->Update('INSERT INTO `tx_gallery_icons` VALUES (?,?)', array($_REQUEST['gallery_id'], $icon_id));
}
}
$GLOBALS['message'] = 'Gallery successfully updated';
$GLOBALS['added'] = true;
txShGalleryEdit();
}
function tlxAccountEdit()
{
global $DB, $C, $IMAGE_EXTENSIONS;
VerifyPrivileges(P_ACCOUNT_MODIFY);
$_REQUEST['return_percent'] /= 100;
// Get domain
$parsed_url = parse_url($_REQUEST['site_url']);
$_REQUEST['domain'] = preg_replace('~^www\\.~', '', $parsed_url['host']);
$v = new Validator();
$v->Register($_REQUEST['email'], V_EMAIL, 'The E-mail Address is not properly formatted');
$v->Register($_REQUEST['site_url'], V_URL, 'The Site URL is not properly formatted');
$v->Register($_REQUEST['date_added'], V_DATETIME, 'The Date Added value is not properly formatted');
if (!IsEmptyString($_REQUEST['password'])) {
$v->Register($_REQUEST['password'], V_LENGTH, 'The account password must be at least 4 characters', '4,9999');
}
if (!IsEmptyString($_REQUEST['banner_url'])) {
$v->Register($_REQUEST['banner_url'], V_URL, sprintf($L['INVALID_URL'], $L['BANNER_URL']));
}
if (!$v->Validate()) {
return $v->ValidationError('tlxShAccountEdit');
}
// Setup account password, if changed
$account = $DB->Row('SELECT * FROM `tlx_accounts` WHERE `username`=?', array($_REQUEST['username']));
$_REQUEST['password'] = IsEmptyString($_REQUEST['password']) ? $account['password'] : sha1($_REQUEST['password']);
// Handling of banner_url_local
if ($_REQUEST['download_banner']) {
$http = new Http();
if ($http->Get($_REQUEST['banner_url'], TRUE, $_REQUEST['site_url'])) {
$banner_file = SafeFilename("{$C['banner_dir']}/{$_REQUEST['username']}.jpg", FALSE);
FileWrite($banner_file, $http->body);
$banner_info = @getimagesize($banner_file);
if ($banner_info !== FALSE) {
$_REQUEST['banner_width'] = $banner_info[0];
$_REQUEST['banner_height'] = $banner_info[1];
$banner_ext = strtolower($IMAGE_EXTENSIONS[$banner_info[2]]);
if ($banner_ext != 'jpg') {
$new_file = preg_replace('~\\.jpg$~', ".{$banner_ext}", $banner_file);
rename($banner_file, $new_file);
$banner_file = $new_file;
}
$_REQUEST['banner_url_local'] = "{$C['banner_url']}/{$_REQUEST['username']}.{$banner_ext}";
} else {
@unlink($banner_file);
$banner_file = null;
}
}
} else {
$_REQUEST['banner_url_local'] = $account['banner_url_local'];
}
if ($account['status'] != STATUS_ACTIVE && $_REQUEST['status'] == STATUS_ACTIVE) {
$account['date_activated'] = MYSQL_NOW;
}
// Update account data
$DB->Update('UPDATE `tlx_accounts` SET ' . '`email`=?, ' . '`site_url`=?, ' . '`domain`=?, ' . '`banner_url`=?, ' . '`banner_url_local`=?, ' . '`banner_height`=?, ' . '`banner_width`=?, ' . '`title`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`date_added`=?, ' . '`date_activated`=?, ' . '`password`=?, ' . '`return_percent`=?, ' . '`status`=?, ' . '`locked`=?, ' . '`disabled`=?, ' . '`category_id`=?, ' . '`ratings`=?, ' . '`ratings_total`=?, ' . '`admin_comments`=? ' . 'WHERE `username`=?', array($_REQUEST['email'], $_REQUEST['site_url'], $_REQUEST['domain'], $_REQUEST['banner_url'], $_REQUEST['banner_url_local'], $_REQUEST['banner_height'], $_REQUEST['banner_width'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['keywords'], $_REQUEST['date_added'], $account['date_activated'], $_REQUEST['password'], $_REQUEST['return_percent'], $_REQUEST['status'], intval($_REQUEST['locked']), intval($_REQUEST['disabled']), $_REQUEST['category_id'], intval($_REQUEST['ratings']), intval($_REQUEST['ratings_total']), $_REQUEST['admin_comments'], $_REQUEST['username']));
// Update stats
$stats = array();
$totals = array('raw_in_total' => 0, 'unique_in_total' => 0, 'raw_out_total' => 0, 'unique_out_total' => 0, 'clicks_total' => 0);
foreach (range(0, 23) as $hour) {
$stats[] = "`raw_in_{$hour}`=" . intval($_REQUEST["raw_in_{$hour}"]);
$stats[] = "`unique_in_{$hour}`=" . intval($_REQUEST["unique_in_{$hour}"]);
$stats[] = "`raw_out_{$hour}`=" . intval($_REQUEST["raw_out_{$hour}"]);
$stats[] = "`unique_out_{$hour}`=" . intval($_REQUEST["unique_out_{$hour}"]);
$stats[] = "`clicks_{$hour}`=" . intval($_REQUEST["clicks_{$hour}"]);
$totals['raw_in_total'] += $_REQUEST["raw_in_{$hour}"];
$totals['unique_in_total'] += $_REQUEST["unique_in_{$hour}"];
$totals['raw_out_total'] += $_REQUEST["raw_out_{$hour}"];
$totals['unique_out_total'] += $_REQUEST["unique_out_{$hour}"];
$totals['clicks_total'] += $_REQUEST["clicks_{$hour}"];
}
$DB->Update('UPDATE `tlx_account_hourly_stats` SET ' . join(', ', $stats) . ', ' . '`raw_in_total`=?, ' . '`unique_in_total`=?, ' . '`raw_out_total`=?, ' . '`unique_out_total`=?, ' . '`clicks_total`=? ' . ' WHERE `username`=?', array($totals['raw_in_total'], $totals['unique_in_total'], $totals['raw_out_total'], $totals['unique_out_total'], $totals['clicks_total'], $_REQUEST['username']));
// Update user defined fields
UserDefinedUpdate('tlx_account_fields', 'tlx_account_field_defs', 'username', $_REQUEST['username'], $_REQUEST);
// Update icons
$DB->Update('DELETE FROM `tlx_account_icons` WHERE `username`=?', array($_REQUEST['username']));
if (is_array($_REQUEST['icons'])) {
foreach ($_REQUEST['icons'] as $icon_id) {
$DB->Update('INSERT INTO `tlx_account_icons` VALUES (?,?)', array($_REQUEST['username'], $icon_id));
}
}
$GLOBALS['message'] = 'Account successfully updated';
$GLOBALS['added'] = true;
tlxShAccountEdit();
}