function save_post($post_id) { global $link, $db, $post, $current_user, $globals, $site_key; $post = new Post(); $_POST['post'] = clean_text_with_tags($_POST['post'], 0, false, $globals['posts_len']); if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { echo 'ERROR: ' . $limit_exceded; die; } } if (mb_strlen($_POST['post']) < 5) { echo 'ERROR: ' . _('texto muy corto'); die; } if ($post_id > 0) { $post->id = $post_id; if (!$post->read()) { die; } if ((intval($_POST['user_id']) == $current_user->user_id && $current_user->user_id == $post->author && time() - $post->date < 3600 || $current_user->user_level == 'god' && time() - $post->date < $globals['posts_edit_time_admin'] * 1.5) && $_POST['key'] == $post->randkey) { $post->content = $_POST['post']; if (strlen($post->content) > 0) { $post->store(); store_image($post); } } else { echo 'ERROR: ' . _('no tiene permisos para grabar'); die; } } else { if ($current_user->user_id != intval($_POST['user_id'])) { die; } if ($current_user->user_karma < $globals['min_karma_for_posts']) { echo 'ERROR: ' . _('el karma es muy bajo'); die; } // Check the post wasn't already stored $post->randkey = intval($_POST['key']); $post->author = $current_user->user_id; $post->content = $_POST['post']; // Verify that there are a period of 1 minute between posts. if (intval($db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval " . $globals['posts_period'] . " second)")) > 0) { echo 'ERROR: ' . _('debe esperar entre notas'); die; } $same_text = $post->same_text_count(); $same_links = $post->same_links_count(10); $db->transaction(); $r = $db->get_var("select count(*) from posts where post_user_id = {$current_user->user_id} and post_date > date_sub(now(), interval 5 minute) and post_randkey = {$post->randkey} FOR UPDATE"); $dupe = intval($r); if (!is_null($r) && !$dupe && !$same_text) { if ($same_links > 2) { $reduction = $same_links * 0.2; $user = new User($current_user->user_id); $user->add_karma(-$reduction, _('demasiados enlaces al mismo dominio en las notas')); syslog(LOG_NOTICE, "Meneame: post_edit decreasing {$reduction} of karma to {$user->username} (now {$user->karma})"); } $post->store(); $db->commit(); store_image($post); } else { $db->commit(); echo 'ERROR: ' . _('comentario grabado previamente'); die; } } $post->print_summary(); }
function save_sub($id, &$errors) { global $current_user, $db; // Double check $owner = intval($_POST['owner']); if (!SitesMgr::can_edit($id)) { array_push($errors, _('usuario no autorizado a editar')); return false; } $site = SitesMgr::get_info(); $extended = SitesMgr::get_extended_properties($id); if ($_POST['created_from'] != $site->id) { array_push($errors, _('sitio erróneo')); } if ($owner != $current_user->user_id && !$current_user->admin) { array_push($errors, _('propietario erróneo')); } $name = mb_substr(clean_input_string($_POST['name']), 0, 12); if (mb_strlen($name) < 3 || !preg_match('/^\\p{L}[\\p{L}\\d_]+$/u', $name)) { array_push($errors, _('nombre erróneo') . ' ' . $_POST['name']); } $name_long = mb_substr(clean_text($_POST['name_long']), 0, 40); if (mb_strlen($name_long) < 6) { array_push($errors, _('título erróneo')); } $name = $db->escape($name); $name_long = $db->escape($name_long); if ($db->get_var("select count(*) from subs where name = '{$name}' and id != {$id}") > 0) { array_push($errors, _('nombre duplicado')); } $page_mode = $db->escape($_POST['page_mode']); if ($current_user->admin) { $enabled = intval($_POST['enabled']); $allow_main_link = intval($_POST['allow_main_link']); } else { // Keep the values $enabled = $site->enabled; $allow_main_link = $site->allow_main_link; $_POST['post_html'] = $extended['post_html']; } $nsfw = intval($_POST['nsfw']); $private = intval($_POST['private']); // Check the extended info foreach (array('no_link', 'no_anti_spam', 'allow_local_links', 'intro_max_len', 'intro_min_len') as $k) { if (isset($_POST[$k]) && $_POST[$k] !== '') { $_POST[$k] = intval($_POST[$k]); } } if ($_POST['intro_max_len'] > 5000) { $_POST['intro_max_len'] = 5000; } if (empty($errors)) { $db->transaction(); if ($id > 0) { $r = $db->query("update subs set owner = {$owner}, enabled = {$enabled}, allow_main_link = {$allow_main_link}, nsfw = {$nsfw}, name = '{$name}', name_long = '{$name_long}', private = {$private}, page_mode = '{$page_mode}' where id = {$id}"); } else { $r = $db->query("insert into subs (created_from, owner, nsfw, name, name_long, sub, private) values ({$site->id}, {$owner}, {$nsfw}, '{$name}', '{$name_long}', 1, {$private})"); $id = $db->insert_id; } if ($r && $id > 0) { // Copy values from first site $r = $db->query("update subs as a join subs as b on a.id = {$id} and b.id={$site->id} set a.server_name = b.server_name, a.base_url = b.base_url"); // Update copy_from if ($current_user->admin) { sub_copy_from($id, $_POST['copy_from']); } // Update colors $color_regex = '/^#[a-f0-9]{6}/i'; if (preg_match($color_regex, $_POST['color1'])) { $color1 = $db->escape($_POST['color1']); } else { $color1 = ''; } if (preg_match($color_regex, $_POST['color2'])) { $color2 = $db->escape($_POST['color2']); } else { $color2 = ''; } $db->query("update subs set color1 = '{$color1}', color2 = '{$color2}' where id = {$id}"); } if ($r && $id > 0) { SitesMgr::store_extended_properties($id, $_POST); $db->commit(); store_image($id); return $id; } else { array_push($errors, _('error actualizando la base de datos')); $db->rollback(); } } return false; }
function updateData() { $error_flag = 0; $error_flag1 = 0; if (!empty($_FILES)) { $image = array(); $image1 = array(); $file_path = ABSPATH . "wp-content/uploads/"; $file_path1 = ABSPATH . "wp-content/uploads/resize/"; foreach ($_FILES as $key => $file) { if (empty($file['name'])) { $image[$key]["name"] = $_POST[$key]; } else { $path_parts = pathinfo($file["name"]); $file["name"] = $image[$key]['name'] = $path_parts['filename'] . '_' . $key . '_' . time() . '.' . $path_parts['extension']; array_push($image1, $_POST[$key]); switch ($key) { case "image1": $error_flag = store_image($file["tmp_name"], $file_path1, $file["name"], 309, 205); break; case "image2": $error_flag = store_image($file["tmp_name"], $file_path1, $file["name"], 309, 293); break; case "image3": $error_flag = store_image($file["tmp_name"], $file_path1, $file["name"], 309, 120); break; case "image4": $error_flag = store_image($file["tmp_name"], $file_path1, $file["name"], 280, 419); break; case "image5": $error_flag = store_image($file["tmp_name"], $file_path1, $file["name"], 280, 208); break; case "image6": $error_flag = store_image($file["tmp_name"], $file_path1, $file["name"], 309, 208); break; case "image7": $error_flag = store_image($file["tmp_name"], $file_path1, $file["name"], 309, 202); break; case "image8": $error_flag = store_image($file["tmp_name"], $file_path1, $file["name"], 309, 208); break; } $error_flag1 = store_image($file["tmp_name"], $file_path, $file["name"]); if ($error_flag || $error_flag1) { $error_flag = 1; break; } } } if (!$error_flag) { global $wpdb; $table_name = $wpdb->prefix . "media_sliders"; $wpdb->update($table_name, array('name' => $_POST['name'], 'image1' => $image['image1']['name'], 'image2' => $image['image2']['name'], 'image3' => $image['image3']['name'], 'image4' => $image['image4']['name'], 'image5' => $image['image5']['name'], 'image6' => $image['image6']['name'], 'image7' => $image['image7']['name'], 'image8' => $image['image8']['name'], 'caption1' => $_POST['caption1'], 'caption2' => $_POST['caption2'], 'caption3' => $_POST['caption3'], 'caption4' => $_POST['caption4'], 'caption5' => $_POST['caption5'], 'caption6' => $_POST['caption6'], 'caption7' => $_POST['caption7'], 'caption8' => $_POST['caption8'], 'type' => $_POST['type']), array('ID' => $_POST['id'])); for ($i = 0; $i < count($image1); $i++) { $file_name = $file_path . $image1[$i]; $file_name1 = $file_path1 . $image1[$i]; unlink($file_name); unlink($file_name1); } } } return $error_flag; }