function lxEditAccount()
{
global $DB, $C, $t, $L;
$account = ValidUserLogin();
if ($account === FALSE) {
lxShLogin($L['INVALID_LOGIN']);
return;
} else {
if ($account['status'] != 'active') {
lxShLogin($account['status'] == 'suspended' ? $L['SUSPENDED_ACCOUNT'] : $L['PENDING_ACCOUNT']);
return;
} else {
$password = $account['password'];
$v = new Validator();
$v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
$v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}");
if (!empty($_REQUEST['password'])) {
$v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']);
$v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999');
$password = sha1($_REQUEST['password']);
}
// Validation of user defined fields
$fields =& GetUserAccountFields();
foreach ($fields as $field) {
if ($field['on_edit']) {
if ($field['required']) {
$v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}");
}
if ($field['validation']) {
$v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
}
}
}
// E-mail exists?
if ($DB->Count('SELECT COUNT(*) FROM lx_users WHERE username!=? AND email=?', array($account['username'], $_REQUEST['email']))) {
$v->SetError($L['DUPLICATE_EMAIL']);
}
// Check blacklist
$blacklisted = CheckBlacklistAccount($_REQUEST);
if ($blacklisted !== FALSE) {
$v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason']));
}
if (!$v->Validate()) {
$errors = join('<br />', $v->GetErrors());
lxShEdit($errors);
return;
}
// Update pre-defined data
$DB->Update('UPDATE lx_users SET ' . 'password=?, ' . 'name=?, ' . 'email=? ' . 'WHERE username=?', array($password, $_REQUEST['name'], $_REQUEST['email'], $account['username']));
// Update user defined fields
UserDefinedUpdate('lx_user_fields', 'lx_user_field_defs', 'username', $account['username'], $_REQUEST, FALSE);
// Back to the account overview
lxLogin(null, 'accountupdate');
}
}
}
function lxEditLink()
{
global $DB, $C, $L, $t;
$v = new Validator();
// Make sure user is allowed to edit this link
$link = $DB->Row('SELECT * FROM lx_links JOIN lx_link_fields USING (link_id) WHERE lx_links.link_id=?', array($_REQUEST['link_id']));
if ($_REQUEST['noaccount']) {
if (!empty($link['username']) || $link['site_url'] != $_REQUEST['login_site_url'] || $link['password'] != sha1($_REQUEST['login_password']) || $link['email'] != $_REQUEST['login_email']) {
$t->assign('error', $L['LINK_EDIT_REFUSED']);
$t->display('error-nice.tpl');
return;
}
} else {
$account = ValidUserLogin();
if (!$account || $account['username'] != $link['username']) {
$t->assign('error', $L['LINK_EDIT_REFUSED']);
$t->display('error-nice.tpl');
return;
}
}
$v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
$v->Register($_REQUEST['site_url'], V_URL, "{$L['INVALID_URL']}: {$L['SITE_URL']}");
$v->Register($_REQUEST['title'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['TITLE']}");
$v->Register($_REQUEST['description'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['DESCRIPTION']}");
$v->Register($_REQUEST['keywords'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['KEYWORDS']}");
$v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}");
$v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}");
$v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}");
// Format keywords and check number
$_REQUEST['keywords'] = FormatKeywords($_REQUEST['keywords']);
$keywords = explode(' ', $_REQUEST['keywords']);
$v->Register(count($keywords), V_LESS, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']);
if (!empty($_REQUEST['password'])) {
$v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']);
}
// See if URL already exists
if ($DB->Count('SELECT COUNT(*) FROM lx_links WHERE site_url=? AND link_id!=?', array($_REQUEST['site_url'], $link['link_id']))) {
$v->SetError($L['DUPLICATE_URL']);
}
// Validation of user defined fields
$fields =& GetUserLinkFields();
foreach ($fields as $field) {
if ($field['on_edit']) {
if ($field['required']) {
$v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}");
}
if ($field['validation']) {
$v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
}
}
}
$_REQUEST['allow_redirect'] = $link['allow_redirect'];
$_REQUEST['recip_required'] = $link['recip_required'];
// Scan link
$scan_result =& ScanLink($_REQUEST);
// Make sure site URL is working
if (!$scan_result['site_url']['working']) {
$v->SetError(sprintf($L['BROKEN_URL'], $L['SITE_URL'], $scan_result['site_url']['error']));
}
// Setup HTML code for blacklist check
$_REQUEST['html'] = $scan_result['site_url']['html'];
if (!empty($_REQUEST['recip_url'])) {
$_REQUEST['html'] .= ' ' . $scan_result['recip_url']['html'];
// Make sure recip URL is working
if (!$scan_result['recip_url']['working']) {
$v->SetError(sprintf($L['BROKEN_URL'], $L['RECIP_URL'], $scan_result['recip_url']['error']));
}
}
// Verify recip link was found
if ($_REQUEST['recip_required'] && !$scan_result['has_recip']) {
$v->SetError($L['NO_RECIP_FOUND']);
}
// Check blacklist
$blacklisted = CheckBlacklistLink($_REQUEST);
if ($blacklisted !== FALSE) {
$v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason']));
}
if (!$v->Validate()) {
$errors = join('<br />', $v->GetErrors());
lxShEdit($errors);
return;
}
if ($C['approve_link_edits']) {
$_REQUEST['submit_ip'] = $_SERVER['REMOTE_ADDR'];
$DB->Update('UPDATE lx_links SET is_edited=1,edit_data=? WHERE link_id=?', array(base64_encode(serialize($_REQUEST)), $link['link_id']));
} else {
// Update password, if necessary
$password = $link['password'];
if ($_REQUEST['noaccount'] && !empty($_REQUEST['password'])) {
$password = sha1($_REQUEST['password']);
}
// Update link data
$DB->Update('UPDATE lx_links SET ' . 'site_url=?, ' . 'recip_url=?, ' . 'title=?, ' . 'description=?, ' . 'name=?, ' . 'email=?, ' . 'submit_ip=?, ' . 'keywords=?, ' . 'date_modified=?, ' . 'password=?, ' . 'has_recip=? ' . 'WHERE link_id=?', array($_REQUEST['site_url'], $_REQUEST['recip_url'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['name'], $_REQUEST['email'], $_SERVER['REMOTE_ADDR'], $_REQUEST['keywords'], MYSQL_NOW, $password, $scan_result['has_recip'], $link['link_id']));
// Update user defined fields
UserDefinedUpdate('lx_link_fields', 'lx_link_field_defs', 'link_id', $_REQUEST['link_id'], $_REQUEST, FALSE);
}
// Get category information
$categories = array();
$result = $DB->Query('SELECT * FROM lx_categories JOIN lx_link_cats USING (category_id) WHERE link_id=?', array($link['link_id']));
while ($category = $DB->NextRow($result)) {
$category['path_parts'] = unserialize($category['path_parts']);
$categories[] = $category;
}
$DB->Free($result);
// Show confirmation page
$t->assign_by_ref('categories', $categories);
$t->assign_by_ref('user_fields', $fields);
$t->assign_by_ref('link', $_REQUEST);
$t->display('submit-edited.tpl');
flush();
// Send e-mail to appropriate administrators
$result = $DB->Query('SELECT * FROM lx_administrators');
while ($admin = $DB->NextRow($result)) {
if ($admin['notifications'] & E_LINK_EDIT) {
SendMail($admin['email'], 'email-admin-link-edit.tpl', $t);
}
}
$DB->Free($result);
}
