Example #1
0
function txGalleryApprove()
{
    global $DB, $json, $C;
    VerifyPrivileges(P_GALLERY_MODIFY, TRUE);
    $t = new Template();
    $t->assign_by_ref('config', $C);
    $result = GetWhichGalleries();
    $amount = 0;
    while ($gallery = $DB->NextRow($result)) {
        if ($gallery['status'] == 'pending' || $gallery['status'] == 'unconfirmed') {
            $gallery['status'] = 'approved';
            $gallery['date_approved'] = MYSQL_NOW;
            $gallery['administrator'] = $_SERVER['REMOTE_USER'];
            // Mark the gallery as approved
            if ($_REQUEST['framed']) {
                $gallery = array_merge($gallery, $_REQUEST);
                $gallery['categories'] = CategoryTagsFromIds($gallery['categories']);
                if (!preg_match(RE_DATETIME, $gallery['date_scheduled'])) {
                    $gallery['date_scheduled'] = '';
                }
                if (!preg_match(RE_DATETIME, $gallery['date_deletion'])) {
                    $gallery['date_deletion'] = '';
                }
                NullIfEmpty($gallery['date_scheduled']);
                NullIfEmpty($gallery['date_deletion']);
                $DB->Update('UPDATE `tx_galleries` SET ' . '`gallery_url`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`thumbnails`=?, ' . '`nickname`=?, ' . '`weight`=?, ' . '`sponsor_id`=?, ' . '`type`=?, ' . '`format`=?, ' . '`status`=?, ' . '`date_approved`=?, ' . '`date_scheduled`=?, ' . '`date_deletion`=?, ' . '`administrator`=?, ' . '`allow_scan`=?, ' . '`allow_preview`=?, ' . '`tags`=?, ' . '`categories`=? ' . 'WHERE `gallery_id`=?', array($gallery['gallery_url'], $gallery['description'], $gallery['keywords'], $gallery['thumbnails'], $gallery['nickname'], $gallery['weight'], $gallery['sponsor_id'], $gallery['type'], $gallery['format'], $gallery['status'], $gallery['date_approved'], $gallery['date_scheduled'], $gallery['date_deletion'], $gallery['administrator'], intval($gallery['allow_scan']), intval($gallery['allow_preview']), $gallery['tags'], $gallery['categories'], $gallery['gallery_id']));
                // Update user defined fields
                UserDefinedUpdate('tx_gallery_fields', 'tx_gallery_field_defs', 'gallery_id', $gallery['gallery_id'], $gallery);
                // Update icons
                $DB->Update('DELETE FROM `tx_gallery_icons` WHERE `gallery_id`=?', array($gallery['gallery_id']));
                if (is_array($_REQUEST['icons'])) {
                    foreach ($_REQUEST['icons'] as $icon) {
                        $DB->Update('INSERT INTO `tx_gallery_icons` VALUES (?,?)', array($gallery['gallery_id'], $icon));
                    }
                }
            } else {
                $DB->Update('UPDATE `tx_galleries` SET `status`=?,`date_approved`=?,`administrator`=? WHERE `gallery_id`=?', array($gallery['status'], $gallery['date_approved'], $gallery['administrator'], $gallery['gallery_id']));
            }
            // Send approval e-mail if option is enabled
            if ($C['email_on_approval'] && $gallery['email'] != $C['from_email']) {
                $t->assign_by_ref('gallery', $gallery);
                SendMail($gallery['email'], 'email-gallery-approved.tpl', $t);
            }
            $amount++;
        }
    }
    $DB->Free($result);
    // Update administrator count of galleries approved
    $DB->Update('UPDATE `tx_administrators` SET `approved`=`approved`+? WHERE `username`=?', array($amount, $_SERVER['REMOTE_USER']));
    echo $json->encode(array('status' => JSON_SUCCESS, 'message' => "{$amount} galler" . ($amount == 1 ? 'y has' : 'ies have') . " been approved"));
}
Example #2
0
function tlxAccountEdit()
{
    global $C, $DB, $L, $t, $IMAGE_EXTENSIONS;
    if (($account = ValidAccountLogin()) === FALSE) {
        return;
    }
    if ($account['locked']) {
        $t->display('accounts-locked.tpl');
        return;
    }
    unset($_REQUEST['banner_url_local']);
    // Get domain
    $parsed_url = parse_url($_REQUEST['site_url']);
    $_REQUEST['domain'] = preg_replace('~^www\\.~', '', $parsed_url['host']);
    $v = new Validator();
    // Get selected category (if any) and set variables
    if (isset($_REQUEST['category_id'])) {
        $category = $DB->Row('SELECT * FROM `tlx_categories` WHERE `category_id`=? AND `hidden`=0', array($_REQUEST['category_id']));
        if ($category) {
            $C['min_desc_length'] = $category['desc_min_length'];
            $C['max_desc_length'] = $category['desc_max_length'];
            $C['min_title_length'] = $category['title_min_length'];
            $C['max_title_length'] = $category['title_max_length'];
            $C['banner_max_width'] = $category['banner_max_width'];
            $C['banner_max_height'] = $category['banner_max_height'];
            $C['banner_max_bytes'] = $category['banner_max_bytes'];
            $C['allow_redirect'] = $category['allow_redirect'];
        } else {
            $v->SetError($L['INVALID_CATEGORY']);
        }
    }
    // Check for duplicate account information
    if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE (`site_url`=? OR `email`=? OR `domain`=?) AND `username`!=?', array($_REQUEST['site_url'], $_REQUEST['email'], $_REQUEST['domain'], $account['username'])) > 0) {
        $v->SetError($L['EXISTING_ACCOUNT']);
    }
    $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
    $v->Register($_REQUEST['site_url'], V_URL, sprintf($L['INVALID_URL'], $L['SITE_URL']));
    if (!empty($_REQUEST['new_password'])) {
        $v->Register($_REQUEST['new_password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999');
        $v->Register($_REQUEST['new_password'], V_NOT_EQUALS, $L['USERNAME_IS_PASSWORD'], $account['username']);
        $v->Register($_REQUEST['new_password'], V_EQUALS, $L['PASSWORDS_DONT_MATCH'], $_REQUEST['confirm_password']);
        $_REQUEST['password'] = sha1($_REQUEST['new_password']);
    } else {
        $_REQUEST['password'] = $account['password'];
    }
    // Format keywords and check number
    if ($C['allow_keywords']) {
        $_REQUEST['keywords'] = FormatSpaceSeparated($_REQUEST['keywords']);
        $keywords = explode(' ', $_REQUEST['keywords']);
        $v->Register(count($keywords), V_LESS_EQ, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']);
    } else {
        $_REQUEST['keywords'] = $account['keywords'];
    }
    if (!IsEmptyString($_REQUEST['banner_url'])) {
        $v->Register($_REQUEST['banner_url'], V_URL, sprintf($L['INVALID_URL'], $L['BANNER_URL']));
    }
    // Initial validation
    if (!$v->Validate()) {
        return $v->ValidationError('tlxShAccountEdit', TRUE);
    }
    // Check if the site URL is working
    $http = new Http();
    if ($http->Get($_REQUEST['site_url'], $C['allow_redirect'])) {
        $_REQUEST['html'] = $http->body;
        $_REQUEST['headers'] = $http->raw_response_headers;
    } else {
        $v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['site_url'], $http->errstr));
    }
    // Check the blacklist
    $blacklisted = CheckBlacklistAccount($_REQUEST);
    if ($blacklisted !== FALSE) {
        $v->SetError(sprintf($blacklisted[0]['reason'] ? $L['BLACKLISTED_REASON'] : $L['BLACKLISTED'], $blacklisted[0]['match'], $blacklisted[0]['reason']));
    }
    // Check site title and description length
    $v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}");
    $v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}");
    // Validation of user defined fields
    $fields =& GetUserAccountFields();
    foreach ($fields as $field) {
        if ($field['on_edit']) {
            if ($field['required_edit']) {
                $v->Register($_REQUEST[$field['name']], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $field['label']));
            }
            if (!IsEmptyString($_REQUEST[$field['name']]) && $field['validation']) {
                $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
            }
        }
    }
    // Download banner to check size
    $banner_file = null;
    if ($_REQUEST['banner_url'] != $account['banner_url'] && !IsEmptyString($_REQUEST['banner_url']) && ($C['download_banners'] || $C['host_banners'])) {
        $http = new Http();
        if ($http->Get($_REQUEST['banner_url'], TRUE, $_REQUEST['site_url'])) {
            $unique_id = md5(uniqid(rand(), true));
            $banner_file = SafeFilename("{$C['banner_dir']}/{$unique_id}.jpg", FALSE);
            FileWrite($banner_file, $http->body);
            $banner_info = @getimagesize($banner_file);
            if ($banner_info !== FALSE) {
                $_REQUEST['banner_width'] = $banner_info[0];
                $_REQUEST['banner_height'] = $banner_info[1];
                if (filesize($banner_file) > $C['banner_max_bytes']) {
                    $v->SetError(sprintf($L['BAD_BANNER_BYTES'], $C['banner_max_bytes']));
                }
                if ($C['host_banners']) {
                    if (isset($IMAGE_EXTENSIONS[$banner_info[2]])) {
                        $banner_ext = strtolower($IMAGE_EXTENSIONS[$banner_info[2]]);
                        $_REQUEST['banner_url_local'] = "{$C['banner_url']}/{$account['username']}.{$banner_ext}";
                        if ($C['review_edited_accounts']) {
                            $_REQUEST['banner_data'] = $http->body;
                        } else {
                            $new_file = SafeFilename("{$C['banner_dir']}/{$account['username']}.{$banner_ext}", FALSE);
                            rename($banner_file, $new_file);
                            $banner_file = $new_file;
                        }
                    } else {
                        $v->SetError($L['BAD_BANNER_IMAGE']);
                    }
                } else {
                    @unlink($banner_file);
                    $banner_file = null;
                }
            } else {
                $v->SetError($L['BAD_BANNER_IMAGE']);
            }
        } else {
            $v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['banner_url'], $http->errstr));
        }
    }
    // Check banner dimensions
    if ($_REQUEST['banner_width'] > $C['banner_max_width'] || $_REQUEST['banner_height'] > $C['banner_max_height']) {
        $v->SetError(sprintf($L['BAD_BANNER_SIZE'], $C['banner_max_width'], $C['banner_max_height']));
    }
    // Force banner dimensions
    if ($C['banner_force_size']) {
        $_REQUEST['banner_width'] = $C['banner_max_width'];
        $_REQUEST['banner_height'] = $C['banner_max_height'];
    }
    if (!$v->Validate()) {
        if (!empty($banner_file)) {
            @unlink($banner_file);
        }
        return $v->ValidationError('tlxShAccountEdit', TRUE);
    }
    // Reviewing account edits
    if ($C['review_edited_accounts']) {
        unset($_REQUEST['html']);
        unset($_REQUEST['headers']);
        unset($_REQUEST['password']);
        unset($_REQUEST['r']);
        unset($_REQUEST['new_password']);
        unset($_REQUEST['confirm_password']);
        $DB->Update('UPDATE `tlx_accounts` SET ' . '`edited`=1, ' . '`edit_data`=? ' . 'WHERE `username`=?', array(base64_encode(serialize($_REQUEST)), $account['username']));
    } else {
        $DB->Update('UPDATE `tlx_accounts` SET ' . '`email`=?, ' . '`site_url`=?, ' . '`domain`=?, ' . '`banner_url`=?, ' . '`banner_url_local`=?, ' . '`banner_height`=?, ' . '`banner_width`=?, ' . '`title`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`password`=?, ' . '`category_id`=? ' . 'WHERE `username`=?', array($_REQUEST['email'], $_REQUEST['site_url'], $_REQUEST['domain'], $_REQUEST['banner_url'], $_REQUEST['banner_url_local'], $_REQUEST['banner_height'], $_REQUEST['banner_width'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['keywords'], $_REQUEST['password'], $_REQUEST['category_id'], $account['username']));
        // Update user defined fields
        UserDefinedUpdate('tlx_account_fields', 'tlx_account_field_defs', 'username', $account['username'], $_REQUEST);
    }
    $t->assign_by_ref('account', $account);
    $t->assign_by_ref('stats', $DB->Row('SELECT * FROM `tlx_account_hourly_stats` WHERE `username`=?', array($account['username'])));
    $t->assign('updated', TRUE);
    $t->display('accounts-overview.tpl');
}
Example #3
0
/**
* Process link edits
*/
function lxEditedLink()
{
    global $json, $DB;
    VerifyPrivileges(P_LINK_MODIFY, TRUE);
    if (!is_array($_REQUEST['link_id'])) {
        $_REQUEST['link_id'] = array($_REQUEST['link_id']);
    }
    foreach ($_REQUEST['link_id'] as $link_id) {
        $link = $DB->Row('SELECT * FROM `lx_links` WHERE `link_id`=?', array($link_id));
        if ($link['is_edited']) {
            if ($_REQUEST['w'] == 'approve') {
                $edit = unserialize(base64_decode($link['edit_data']));
                if (!IsEmptyString($edit['password'])) {
                    $edit['password'] = sha1($edit['password']);
                } else {
                    $edit['password'] = $link['password'];
                }
                // Update link data
                $DB->Update('UPDATE `lx_links` SET ' . '`site_url`=?, ' . '`recip_url`=?, ' . '`title`=?, ' . '`description`=?, ' . '`name`=?, ' . '`email`=?, ' . '`submit_ip`=?, ' . '`keywords`=?, ' . '`date_modified`=?, ' . '`password`=?, ' . '`is_edited`=?, ' . '`edit_data`=? ' . 'WHERE `link_id`=?', array($edit['site_url'], $edit['recip_url'], $edit['title'], $edit['description'], $edit['name'], $edit['email'], $edit['submit_ip'], $edit['keywords'], MYSQL_NOW, $edit['password'], 0, null, $link_id));
                // Update user defined fields
                UserDefinedUpdate('lx_link_fields', 'lx_link_field_defs', 'link_id', $link_id, $edit, FALSE);
            } else {
                $DB->Update('UPDATE lx_links SET is_edited=?,edit_data=? WHERE link_id=?', array(0, null, $link_id));
            }
        }
    }
    echo $json->encode(array('status' => JSON_SUCCESS));
}
Example #4
0
function lxEditAccount()
{
    global $DB, $C, $t, $L;
    $account = ValidUserLogin();
    if ($account === FALSE) {
        lxShLogin($L['INVALID_LOGIN']);
        return;
    } else {
        if ($account['status'] != 'active') {
            lxShLogin($account['status'] == 'suspended' ? $L['SUSPENDED_ACCOUNT'] : $L['PENDING_ACCOUNT']);
            return;
        } else {
            $password = $account['password'];
            $v = new Validator();
            $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
            $v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}");
            if (!empty($_REQUEST['password'])) {
                $v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']);
                $v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999');
                $password = sha1($_REQUEST['password']);
            }
            // Validation of user defined fields
            $fields =& GetUserAccountFields();
            foreach ($fields as $field) {
                if ($field['on_edit']) {
                    if ($field['required']) {
                        $v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}");
                    }
                    if ($field['validation']) {
                        $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
                    }
                }
            }
            // E-mail exists?
            if ($DB->Count('SELECT COUNT(*) FROM lx_users WHERE username!=? AND email=?', array($account['username'], $_REQUEST['email']))) {
                $v->SetError($L['DUPLICATE_EMAIL']);
            }
            // Check blacklist
            $blacklisted = CheckBlacklistAccount($_REQUEST);
            if ($blacklisted !== FALSE) {
                $v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason']));
            }
            if (!$v->Validate()) {
                $errors = join('<br />', $v->GetErrors());
                lxShEdit($errors);
                return;
            }
            // Update pre-defined data
            $DB->Update('UPDATE lx_users SET ' . 'password=?, ' . 'name=?, ' . 'email=? ' . 'WHERE username=?', array($password, $_REQUEST['name'], $_REQUEST['email'], $account['username']));
            // Update user defined fields
            UserDefinedUpdate('lx_user_fields', 'lx_user_field_defs', 'username', $account['username'], $_REQUEST, FALSE);
            // Back to the account overview
            lxLogin(null, 'accountupdate');
        }
    }
}
Example #5
0
function lxEditUser()
{
    global $DB, $C;
    VerifyPrivileges(P_USER_ADD);
    $mail_count = $DB->Count('SELECT COUNT(*) FROM lx_users WHERE email=? AND username!=?', array($_REQUEST['email'], $_REQUEST['username']));
    $validator = new Validator();
    if (!empty($_REQUEST['password'])) {
        $validator->Register($_REQUEST['password'], V_LENGTH, 'The password must contain at least 4 characters', array('min' => 4, 'max' => 999));
        $password = sha1($_REQUEST['password']);
    }
    $validator->Register($_REQUEST['email'], V_EMAIL, 'The e-mail address is not properly formatted');
    $validator->Register($mail_count, V_ZERO, 'A user account already exists with that e-mail address');
    $validator->Register($_REQUEST['weight'], V_NUMERIC, 'The weight value must be numeric');
    $validator->Register($_REQUEST['date_added'], V_DATETIME, 'The Date Added field is not properly formatted');
    if (!empty($_REQUEST['date_modified'])) {
        $validator->Register($_REQUEST['date_modified'], V_DATETIME, 'The Date Modified field is not properly formatted');
    }
    if (!$validator->Validate()) {
        $GLOBALS['errstr'] = join('<br />', $validator->GetErrors());
        lxShEditUser();
        return;
    }
    $account = $DB->Row('SELECT * FROM lx_users WHERE username=?', array($_REQUEST['username']));
    if (empty($_REQUEST['password'])) {
        $password = $account['password'];
    }
    NullIfEmpty($_REQUEST['date_modified']);
    // Update account data in the database
    $DB->Update('UPDATE lx_users SET ' . 'password=?, ' . 'name=?, ' . 'email=?, ' . 'date_added=?, ' . 'date_modified=?, ' . 'status=?, ' . 'recip_required=?, ' . 'allow_redirect=?, ' . 'weight=? ' . 'WHERE username=?', array($password, $_REQUEST['name'], $_REQUEST['email'], $_REQUEST['date_added'], $_REQUEST['date_modified'], $_REQUEST['status'], intval($_REQUEST['recip_required']), intval($_REQUEST['allow_redirect']), $_REQUEST['weight'], $_REQUEST['username']));
    // Update user defined fields
    UserDefinedUpdate('lx_user_fields', 'lx_user_field_defs', 'username', $_REQUEST['username'], $_REQUEST);
    // Update links with the new recip and redirect settings
    $DB->Update('UPDATE lx_links SET recip_required=?,allow_redirect=? WHERE username=?', array(intval($_REQUEST['recip_required']), intval($_REQUEST['allow_redirect']), $_REQUEST['username']));
    $GLOBALS['message'] = 'User account successfully updated';
    $GLOBALS['added'] = true;
    lxShEditUser();
}
Example #6
0
function lxEditLink()
{
    global $DB, $C, $L, $t;
    $v = new Validator();
    // Make sure user is allowed to edit this link
    $link = $DB->Row('SELECT * FROM lx_links JOIN lx_link_fields USING (link_id) WHERE lx_links.link_id=?', array($_REQUEST['link_id']));
    if ($_REQUEST['noaccount']) {
        if (!empty($link['username']) || $link['site_url'] != $_REQUEST['login_site_url'] || $link['password'] != sha1($_REQUEST['login_password']) || $link['email'] != $_REQUEST['login_email']) {
            $t->assign('error', $L['LINK_EDIT_REFUSED']);
            $t->display('error-nice.tpl');
            return;
        }
    } else {
        $account = ValidUserLogin();
        if (!$account || $account['username'] != $link['username']) {
            $t->assign('error', $L['LINK_EDIT_REFUSED']);
            $t->display('error-nice.tpl');
            return;
        }
    }
    $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
    $v->Register($_REQUEST['site_url'], V_URL, "{$L['INVALID_URL']}: {$L['SITE_URL']}");
    $v->Register($_REQUEST['title'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['TITLE']}");
    $v->Register($_REQUEST['description'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['DESCRIPTION']}");
    $v->Register($_REQUEST['keywords'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['KEYWORDS']}");
    $v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}");
    $v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}");
    $v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}");
    // Format keywords and check number
    $_REQUEST['keywords'] = FormatKeywords($_REQUEST['keywords']);
    $keywords = explode(' ', $_REQUEST['keywords']);
    $v->Register(count($keywords), V_LESS, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']);
    if (!empty($_REQUEST['password'])) {
        $v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']);
    }
    // See if URL already exists
    if ($DB->Count('SELECT COUNT(*) FROM lx_links WHERE site_url=? AND link_id!=?', array($_REQUEST['site_url'], $link['link_id']))) {
        $v->SetError($L['DUPLICATE_URL']);
    }
    // Validation of user defined fields
    $fields =& GetUserLinkFields();
    foreach ($fields as $field) {
        if ($field['on_edit']) {
            if ($field['required']) {
                $v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}");
            }
            if ($field['validation']) {
                $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
            }
        }
    }
    $_REQUEST['allow_redirect'] = $link['allow_redirect'];
    $_REQUEST['recip_required'] = $link['recip_required'];
    // Scan link
    $scan_result =& ScanLink($_REQUEST);
    // Make sure site URL is working
    if (!$scan_result['site_url']['working']) {
        $v->SetError(sprintf($L['BROKEN_URL'], $L['SITE_URL'], $scan_result['site_url']['error']));
    }
    // Setup HTML code for blacklist check
    $_REQUEST['html'] = $scan_result['site_url']['html'];
    if (!empty($_REQUEST['recip_url'])) {
        $_REQUEST['html'] .= ' ' . $scan_result['recip_url']['html'];
        // Make sure recip URL is working
        if (!$scan_result['recip_url']['working']) {
            $v->SetError(sprintf($L['BROKEN_URL'], $L['RECIP_URL'], $scan_result['recip_url']['error']));
        }
    }
    // Verify recip link was found
    if ($_REQUEST['recip_required'] && !$scan_result['has_recip']) {
        $v->SetError($L['NO_RECIP_FOUND']);
    }
    // Check blacklist
    $blacklisted = CheckBlacklistLink($_REQUEST);
    if ($blacklisted !== FALSE) {
        $v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason']));
    }
    if (!$v->Validate()) {
        $errors = join('<br />', $v->GetErrors());
        lxShEdit($errors);
        return;
    }
    if ($C['approve_link_edits']) {
        $_REQUEST['submit_ip'] = $_SERVER['REMOTE_ADDR'];
        $DB->Update('UPDATE lx_links SET is_edited=1,edit_data=? WHERE link_id=?', array(base64_encode(serialize($_REQUEST)), $link['link_id']));
    } else {
        // Update password, if necessary
        $password = $link['password'];
        if ($_REQUEST['noaccount'] && !empty($_REQUEST['password'])) {
            $password = sha1($_REQUEST['password']);
        }
        // Update link data
        $DB->Update('UPDATE lx_links SET ' . 'site_url=?, ' . 'recip_url=?, ' . 'title=?, ' . 'description=?, ' . 'name=?, ' . 'email=?, ' . 'submit_ip=?, ' . 'keywords=?, ' . 'date_modified=?, ' . 'password=?, ' . 'has_recip=? ' . 'WHERE link_id=?', array($_REQUEST['site_url'], $_REQUEST['recip_url'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['name'], $_REQUEST['email'], $_SERVER['REMOTE_ADDR'], $_REQUEST['keywords'], MYSQL_NOW, $password, $scan_result['has_recip'], $link['link_id']));
        // Update user defined fields
        UserDefinedUpdate('lx_link_fields', 'lx_link_field_defs', 'link_id', $_REQUEST['link_id'], $_REQUEST, FALSE);
    }
    // Get category information
    $categories = array();
    $result = $DB->Query('SELECT * FROM lx_categories JOIN lx_link_cats USING (category_id) WHERE link_id=?', array($link['link_id']));
    while ($category = $DB->NextRow($result)) {
        $category['path_parts'] = unserialize($category['path_parts']);
        $categories[] = $category;
    }
    $DB->Free($result);
    // Show confirmation page
    $t->assign_by_ref('categories', $categories);
    $t->assign_by_ref('user_fields', $fields);
    $t->assign_by_ref('link', $_REQUEST);
    $t->display('submit-edited.tpl');
    flush();
    // Send e-mail to appropriate administrators
    $result = $DB->Query('SELECT * FROM lx_administrators');
    while ($admin = $DB->NextRow($result)) {
        if ($admin['notifications'] & E_LINK_EDIT) {
            SendMail($admin['email'], 'email-admin-link-edit.tpl', $t);
        }
    }
    $DB->Free($result);
}
Example #7
0
function txPartnerEdit()
{
    global $C, $DB, $L, $t, $domain;
    $partner = ValidPartnerLogin();
    if ($partner !== FALSE) {
        $v = new Validator();
        $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
        // Check that new e-mail address does not conflict with another account
        if ($partner['email'] != $_REQUEST['email'] && $DB->Count('SELECT COUNT(*) FROM `tx_partners` WHERE `email`=?', array($_REQUEST['email']))) {
            $v->SetError($L['EXISTING_EMAIL']);
        }
        // Check if new passwords match
        if (!IsEmptyString($_REQUEST['password'])) {
            $v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']);
            $v->Register($_REQUEST['password'], V_LENGTH, sprintf($L['PASSWORD_LENGTH'], 3, 32), '3,32');
            $partner['password'] = sha1($_REQUEST['password']);
        }
        // Validation of user defined fields
        $fields =& GetUserPartnerFields();
        foreach ($fields as $field) {
            if ($field['on_edit']) {
                // Set values for unchecked checkboxes
                if ($field['type'] == FT_CHECKBOX && !isset($_REQUEST[$field['name']])) {
                    $_REQUEST[$field['name']] = null;
                }
                if ($field['required_edit']) {
                    $v->Register($_REQUEST[$field['name']], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $field['label']));
                }
                if (!IsEmptyString($_REQUEST[$field['name']]) && $field['validation']) {
                    $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
                }
            }
        }
        if (!$v->Validate()) {
            return $v->ValidationError('txShPartnerEdit', TRUE);
        }
        // Update the predefined fields
        $DB->Update('UPDATE `tx_partners` SET ' . '`email`=?, ' . '`name`=?, ' . '`password`=? ' . 'WHERE `username`=?', array($_REQUEST['email'], $_REQUEST['name'], $partner['password'], $partner['username']));
        // Update user defined fields
        $_REQUEST['username'] = $partner['username'];
        UserDefinedUpdate('tx_partner_fields', 'tx_partner_field_defs', 'username', $_REQUEST['username'], $_REQUEST);
        $t->assign('updated', TRUE);
        txShPartnerEdit();
    }
}
Example #8
0
function txGalleryEdit()
{
    global $DB, $C;
    VerifyPrivileges(P_GALLERY_MODIFY);
    $v = new Validator();
    $v->Register($_REQUEST['email'], V_EMAIL, 'The E-mail Address is not properly formatted');
    $v->Register($_REQUEST['gallery_url'], V_URL, 'The Gallery URL is not properly formatted');
    $v->Register($_REQUEST['date_scheduled'], V_DATETIME, 'The Scheduled Date is not properly formatted');
    $v->Register($_REQUEST['date_deletion'], V_DATETIME, 'The Delete Date is not properly formatted');
    if ($_REQUEST['status'] == 'used' || $_REQUEST['status'] == 'holding') {
        $v->Register($_REQUEST['date_displayed'], V_EMPTY, 'The Displayed Date must be filled in');
        $v->Register($_REQUEST['date_displayed'], V_DATETIME, 'The Displayed Date is not properly formatted');
    }
    if (!IsEmptyString($_REQUEST['partner'])) {
        $partner = $DB->Row('SELECT * FROM `tx_partners` WHERE `username`=?', array($_REQUEST['partner']));
        if (!$partner) {
            $v->SetError('The Partner username you entered does not match an existing partner account');
        }
    }
    // Check tags for proper format
    if (!IsEmptyString($_REQUEST['tags'])) {
        $_REQUEST['tags'] = FormatSpaceSeparated($_REQUEST['tags']);
        foreach (explode(' ', $_REQUEST['tags']) as $tag) {
            if (strlen($tag) < 4 || !preg_match('~^[a-z0-9_]+$~i', $tag)) {
                $v->SetError('All tags must be at least 4 characters in length and contain only letters, numbers, and underscores');
                break;
            }
        }
    }
    if (!$v->Validate()) {
        return $v->ValidationError('txShGalleryEdit');
    }
    NullIfEmpty($_REQUEST['date_scheduled']);
    NullIfEmpty($_REQUEST['date_displayed']);
    NullIfEmpty($_REQUEST['date_deletion']);
    // Update gallery data
    $DB->Update('UPDATE `tx_galleries` SET ' . '`gallery_url`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`thumbnails`=?, ' . '`email`=?, ' . '`nickname`=?, ' . '`weight`=?, ' . '`clicks`=?, ' . '`submit_ip`=?, ' . '`sponsor_id`=?, ' . '`type`=?, ' . '`format`=?, ' . '`status`=?, ' . '`date_scheduled`=?, ' . '`date_displayed`=?, ' . '`date_deletion`=?, ' . '`partner`=?, ' . '`allow_scan`=?, ' . '`allow_preview`=?, ' . '`tags`=?, ' . '`categories`=? ' . 'WHERE `gallery_id`=?', array($_REQUEST['gallery_url'], $_REQUEST['description'], FormatSpaceSeparated($_REQUEST['keywords']), $_REQUEST['thumbnails'], $_REQUEST['email'], $_REQUEST['nickname'], $_REQUEST['weight'], $_REQUEST['clicks'], $_REQUEST['submit_ip'], $_REQUEST['sponsor_id'], $_REQUEST['type'], $_REQUEST['format'], $_REQUEST['status'], $_REQUEST['date_scheduled'], $_REQUEST['date_displayed'], $_REQUEST['date_deletion'], $_REQUEST['partner'], intval($_REQUEST['allow_scan']), intval($_REQUEST['allow_preview']), FormatSpaceSeparated($_REQUEST['tags']), CategoryTagsFromIds($_REQUEST['categories']), $_REQUEST['gallery_id']));
    // Update user defined fields
    UserDefinedUpdate('tx_gallery_fields', 'tx_gallery_field_defs', 'gallery_id', $_REQUEST['gallery_id'], $_REQUEST);
    // Update icons
    $DB->Update('DELETE FROM `tx_gallery_icons` WHERE `gallery_id`=?', array($_REQUEST['gallery_id']));
    if (is_array($_REQUEST['icons'])) {
        foreach ($_REQUEST['icons'] as $icon_id) {
            $DB->Update('INSERT INTO `tx_gallery_icons` VALUES (?,?)', array($_REQUEST['gallery_id'], $icon_id));
        }
    }
    $GLOBALS['message'] = 'Gallery successfully updated';
    $GLOBALS['added'] = true;
    txShGalleryEdit();
}
Example #9
0
function tlxAccountEdit()
{
    global $DB, $C, $IMAGE_EXTENSIONS;
    VerifyPrivileges(P_ACCOUNT_MODIFY);
    $_REQUEST['return_percent'] /= 100;
    // Get domain
    $parsed_url = parse_url($_REQUEST['site_url']);
    $_REQUEST['domain'] = preg_replace('~^www\\.~', '', $parsed_url['host']);
    $v = new Validator();
    $v->Register($_REQUEST['email'], V_EMAIL, 'The E-mail Address is not properly formatted');
    $v->Register($_REQUEST['site_url'], V_URL, 'The Site URL is not properly formatted');
    $v->Register($_REQUEST['date_added'], V_DATETIME, 'The Date Added value is not properly formatted');
    if (!IsEmptyString($_REQUEST['password'])) {
        $v->Register($_REQUEST['password'], V_LENGTH, 'The account password must be at least 4 characters', '4,9999');
    }
    if (!IsEmptyString($_REQUEST['banner_url'])) {
        $v->Register($_REQUEST['banner_url'], V_URL, sprintf($L['INVALID_URL'], $L['BANNER_URL']));
    }
    if (!$v->Validate()) {
        return $v->ValidationError('tlxShAccountEdit');
    }
    // Setup account password, if changed
    $account = $DB->Row('SELECT * FROM `tlx_accounts` WHERE `username`=?', array($_REQUEST['username']));
    $_REQUEST['password'] = IsEmptyString($_REQUEST['password']) ? $account['password'] : sha1($_REQUEST['password']);
    // Handling of banner_url_local
    if ($_REQUEST['download_banner']) {
        $http = new Http();
        if ($http->Get($_REQUEST['banner_url'], TRUE, $_REQUEST['site_url'])) {
            $banner_file = SafeFilename("{$C['banner_dir']}/{$_REQUEST['username']}.jpg", FALSE);
            FileWrite($banner_file, $http->body);
            $banner_info = @getimagesize($banner_file);
            if ($banner_info !== FALSE) {
                $_REQUEST['banner_width'] = $banner_info[0];
                $_REQUEST['banner_height'] = $banner_info[1];
                $banner_ext = strtolower($IMAGE_EXTENSIONS[$banner_info[2]]);
                if ($banner_ext != 'jpg') {
                    $new_file = preg_replace('~\\.jpg$~', ".{$banner_ext}", $banner_file);
                    rename($banner_file, $new_file);
                    $banner_file = $new_file;
                }
                $_REQUEST['banner_url_local'] = "{$C['banner_url']}/{$_REQUEST['username']}.{$banner_ext}";
            } else {
                @unlink($banner_file);
                $banner_file = null;
            }
        }
    } else {
        $_REQUEST['banner_url_local'] = $account['banner_url_local'];
    }
    if ($account['status'] != STATUS_ACTIVE && $_REQUEST['status'] == STATUS_ACTIVE) {
        $account['date_activated'] = MYSQL_NOW;
    }
    // Update account data
    $DB->Update('UPDATE `tlx_accounts` SET ' . '`email`=?, ' . '`site_url`=?, ' . '`domain`=?, ' . '`banner_url`=?, ' . '`banner_url_local`=?, ' . '`banner_height`=?, ' . '`banner_width`=?, ' . '`title`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`date_added`=?, ' . '`date_activated`=?, ' . '`password`=?, ' . '`return_percent`=?, ' . '`status`=?, ' . '`locked`=?, ' . '`disabled`=?, ' . '`category_id`=?, ' . '`ratings`=?, ' . '`ratings_total`=?, ' . '`admin_comments`=? ' . 'WHERE `username`=?', array($_REQUEST['email'], $_REQUEST['site_url'], $_REQUEST['domain'], $_REQUEST['banner_url'], $_REQUEST['banner_url_local'], $_REQUEST['banner_height'], $_REQUEST['banner_width'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['keywords'], $_REQUEST['date_added'], $account['date_activated'], $_REQUEST['password'], $_REQUEST['return_percent'], $_REQUEST['status'], intval($_REQUEST['locked']), intval($_REQUEST['disabled']), $_REQUEST['category_id'], intval($_REQUEST['ratings']), intval($_REQUEST['ratings_total']), $_REQUEST['admin_comments'], $_REQUEST['username']));
    // Update stats
    $stats = array();
    $totals = array('raw_in_total' => 0, 'unique_in_total' => 0, 'raw_out_total' => 0, 'unique_out_total' => 0, 'clicks_total' => 0);
    foreach (range(0, 23) as $hour) {
        $stats[] = "`raw_in_{$hour}`=" . intval($_REQUEST["raw_in_{$hour}"]);
        $stats[] = "`unique_in_{$hour}`=" . intval($_REQUEST["unique_in_{$hour}"]);
        $stats[] = "`raw_out_{$hour}`=" . intval($_REQUEST["raw_out_{$hour}"]);
        $stats[] = "`unique_out_{$hour}`=" . intval($_REQUEST["unique_out_{$hour}"]);
        $stats[] = "`clicks_{$hour}`=" . intval($_REQUEST["clicks_{$hour}"]);
        $totals['raw_in_total'] += $_REQUEST["raw_in_{$hour}"];
        $totals['unique_in_total'] += $_REQUEST["unique_in_{$hour}"];
        $totals['raw_out_total'] += $_REQUEST["raw_out_{$hour}"];
        $totals['unique_out_total'] += $_REQUEST["unique_out_{$hour}"];
        $totals['clicks_total'] += $_REQUEST["clicks_{$hour}"];
    }
    $DB->Update('UPDATE `tlx_account_hourly_stats` SET ' . join(', ', $stats) . ', ' . '`raw_in_total`=?, ' . '`unique_in_total`=?, ' . '`raw_out_total`=?, ' . '`unique_out_total`=?, ' . '`clicks_total`=? ' . ' WHERE `username`=?', array($totals['raw_in_total'], $totals['unique_in_total'], $totals['raw_out_total'], $totals['unique_out_total'], $totals['clicks_total'], $_REQUEST['username']));
    // Update user defined fields
    UserDefinedUpdate('tlx_account_fields', 'tlx_account_field_defs', 'username', $_REQUEST['username'], $_REQUEST);
    // Update icons
    $DB->Update('DELETE FROM `tlx_account_icons` WHERE `username`=?', array($_REQUEST['username']));
    if (is_array($_REQUEST['icons'])) {
        foreach ($_REQUEST['icons'] as $icon_id) {
            $DB->Update('INSERT INTO `tlx_account_icons` VALUES (?,?)', array($_REQUEST['username'], $icon_id));
        }
    }
    $GLOBALS['message'] = 'Account successfully updated';
    $GLOBALS['added'] = true;
    tlxShAccountEdit();
}