function txDownloadThumb()
{
global $json, $C;
$out = array('status' => JSON_FAILURE);
$id = md5($_REQUEST['thumb']);
$cachefile = SafeFilename("_{$_REQUEST['gallery_id']}_" . $id . ".jpg", FALSE);
if (!is_file("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}")) {
$http = new Http();
if ($http->Get($_REQUEST['thumb'], TRUE, $_REQUEST['gallery_url'])) {
FileWrite("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}", $http->body);
}
}
$out['size'] = @getimagesize("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}");
if ($out['size'] !== FALSE) {
$out['src'] = "{$C['install_url']}/cache/{$cachefile}";
$out['status'] = JSON_SUCCESS;
} else {
unlink("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}");
}
echo $json->encode($out);
}
function tlxAccountAdd()
{
global $C, $DB, $L, $IMAGE_EXTENSIONS, $t;
unset($_REQUEST['banner_url_local']);
// Get domain
$parsed_url = parse_url($_REQUEST['site_url']);
$_REQUEST['domain'] = preg_replace('~^www\\.~', '', $parsed_url['host']);
$v = new Validator();
// Get selected category (if any) and set variables
if (isset($_REQUEST['category_id'])) {
$category = $DB->Row('SELECT * FROM `tlx_categories` WHERE `category_id`=? AND `hidden`=0', array($_REQUEST['category_id']));
if ($category) {
$C['min_desc_length'] = $category['desc_min_length'];
$C['max_desc_length'] = $category['desc_max_length'];
$C['min_title_length'] = $category['title_min_length'];
$C['max_title_length'] = $category['title_max_length'];
$C['banner_max_width'] = $category['banner_max_width'];
$C['banner_max_height'] = $category['banner_max_height'];
$C['banner_max_bytes'] = $category['banner_max_bytes'];
$C['allow_redirect'] = $category['allow_redirect'];
} else {
$v->SetError($L['INVALID_CATEGORY']);
}
}
// See if username is taken
if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE `username`=?', array($_REQUEST['username'])) > 0) {
$v->SetError($L['USERNAME_TAKEN']);
}
// Check for duplicate account information
if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE `site_url`=? OR `email`=? OR `domain`=?', array($_REQUEST['site_url'], $_REQUEST['email'], $_REQUEST['domain'])) > 0) {
$v->SetError($L['EXISTING_ACCOUNT']);
}
$v->Register($_REQUEST['username'], V_LENGTH, $L['USERNAME_LENGTH'], '4,32');
$v->Register($_REQUEST['username'], V_ALPHANUM, $L['INVALID_USERNAME']);
$v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999');
$v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
$v->Register($_REQUEST['site_url'], V_URL, sprintf($L['INVALID_URL'], $L['SITE_URL']));
$v->Register($_REQUEST['password'], V_NOT_EQUALS, $L['USERNAME_IS_PASSWORD'], $_REQUEST['username']);
$v->Register($_REQUEST['password'], V_EQUALS, $L['PASSWORDS_DONT_MATCH'], $_REQUEST['confirm_password']);
if (!IsEmptyString($_REQUEST['banner_url'])) {
$v->Register($_REQUEST['banner_url'], V_URL, sprintf($L['INVALID_URL'], $L['BANNER_URL']));
}
// Format keywords and check number
if ($C['allow_keywords']) {
$_REQUEST['keywords'] = FormatSpaceSeparated($_REQUEST['keywords']);
$keywords = explode(' ', $_REQUEST['keywords']);
$v->Register(count($keywords), V_LESS_EQ, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']);
} else {
$_REQUEST['keywords'] = null;
}
// Verify captcha code
if ($C['account_add_captcha']) {
VerifyCaptcha($v);
}
// Initial validation
if (!$v->Validate()) {
return $v->ValidationError('tlxShAccountAdd', TRUE);
}
// Check if the site URL is working
$http = new Http();
if ($http->Get($_REQUEST['site_url'], $C['allow_redirect'])) {
$_REQUEST['html'] = $http->body;
$_REQUEST['headers'] = $http->raw_response_headers;
} else {
$v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['site_url'], $http->errstr));
}
// Check the blacklist
$blacklisted = CheckBlacklistAccount($_REQUEST);
if ($blacklisted !== FALSE) {
$v->SetError(sprintf($blacklisted[0]['reason'] ? $L['BLACKLISTED_REASON'] : $L['BLACKLISTED'], $blacklisted[0]['match'], $blacklisted[0]['reason']));
}
// Check site title and description length
$v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}");
$v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}");
// Validation of user defined fields
$fields =& GetUserAccountFields();
foreach ($fields as $field) {
if ($field['on_create']) {
if ($field['required_create']) {
$v->Register($_REQUEST[$field['name']], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $field['label']));
}
if (!IsEmptyString($_REQUEST[$field['name']]) && $field['validation']) {
$v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
}
}
}
// Download banner to check size
$banner_file = null;
if (!IsEmptyString($_REQUEST['banner_url']) && ($C['download_banners'] || $C['host_banners'])) {
$http = new Http();
if ($http->Get($_REQUEST['banner_url'], TRUE, $_REQUEST['site_url'])) {
$banner_file = SafeFilename("{$C['banner_dir']}/{$_REQUEST['username']}.jpg", FALSE);
FileWrite($banner_file, $http->body);
$banner_info = @getimagesize($banner_file);
if ($banner_info !== FALSE) {
$_REQUEST['banner_width'] = $banner_info[0];
$_REQUEST['banner_height'] = $banner_info[1];
if (filesize($banner_file) > $C['banner_max_bytes']) {
$v->SetError(sprintf($L['BAD_BANNER_BYTES'], $C['banner_max_bytes']));
}
if ($C['host_banners']) {
if (isset($IMAGE_EXTENSIONS[$banner_info[2]])) {
$banner_ext = strtolower($IMAGE_EXTENSIONS[$banner_info[2]]);
if ($banner_ext != 'jpg') {
$new_file = preg_replace('~\\.jpg$~', ".{$banner_ext}", $banner_file);
rename($banner_file, $new_file);
$banner_file = $new_file;
}
$_REQUEST['banner_url_local'] = "{$C['banner_url']}/{$_REQUEST['username']}.{$banner_ext}";
} else {
$v->SetError($L['BAD_BANNER_IMAGE']);
}
} else {
@unlink($banner_file);
$banner_file = null;
}
} else {
$v->SetError($L['BAD_BANNER_IMAGE']);
}
} else {
$v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['banner_url'], $http->errstr));
}
}
// Check banner dimensions
if ($_REQUEST['banner_width'] > $C['banner_max_width'] || $_REQUEST['banner_height'] > $C['banner_max_height']) {
$v->SetError(sprintf($L['BAD_BANNER_SIZE'], $C['banner_max_width'], $C['banner_max_height']));
}
// Force banner dimensions
if ($C['banner_force_size']) {
$_REQUEST['banner_width'] = $C['banner_max_width'];
$_REQUEST['banner_height'] = $C['banner_max_height'];
}
if (!$v->Validate()) {
if (!empty($banner_file)) {
@unlink($banner_file);
}
return $v->ValidationError('tlxShAccountAdd', TRUE);
}
$_REQUEST['status'] = STATUS_ACTIVE;
$email_template = 'email-account-added.tpl';
if ($C['confirm_accounts']) {
$_REQUEST['status'] = STATUS_UNCONFIRMED;
$email_template = 'email-account-confirm.tpl';
$confirm_id = md5(uniqid(rand(), true));
$t->assign('confirm_url', "{$C['install_url']}/accounts.php?r=confirm&id={$confirm_id}");
$DB->Update('INSERT INTO `tlx_account_confirms` VALUES (?,?,?)', array($_REQUEST['username'], $confirm_id, MYSQL_NOW));
} else {
if ($C['review_new_accounts']) {
$_REQUEST['status'] = STATUS_PENDING;
$email_template = 'email-account-pending.tpl';
}
}
// Add account information
$DB->Update('INSERT INTO `tlx_accounts` VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)', array($_REQUEST['username'], $_REQUEST['email'], $_REQUEST['site_url'], $_REQUEST['domain'], $_REQUEST['banner_url'], $_REQUEST['banner_url_local'], $_REQUEST['banner_height'], $_REQUEST['banner_width'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['keywords'], MYSQL_NOW, $_REQUEST['status'] == STATUS_ACTIVE ? MYSQL_NOW : null, MYSQL_NOW, sha1($_REQUEST['password']), $C['return_percent'], $_REQUEST['status'], 0, 0, 0, $_REQUEST['category_id'], null, null, 0, 0, 0, null, null));
// Create stats tracking data
$stats_data = array_merge(array($_REQUEST['username']), array_fill(0, 127, 0));
$DB->Update('INSERT INTO `tlx_account_hourly_stats` VALUES (' . CreateBindList($stats_data) . ')', $stats_data);
// Insert user defined database fields
$query_data = CreateUserInsert('tlx_account_fields', $_REQUEST);
$DB->Update('INSERT INTO `tlx_account_fields` VALUES (' . $query_data['bind_list'] . ')', $query_data['binds']);
// Assign template values
$_REQUEST['category'] = $category['name'];
$t->assign_by_ref('account', $_REQUEST);
$t->assign_by_ref('user_fields', $fields);
$t->assign('tracking_url', $C['tracking_mode'] == 'unique_link' ? "{$C['in_url']}?id={$_REQUEST['username']}" : $C['in_url']);
// Send e-mail to account submitter
if ($C['confirm_accounts'] || $C['email_new_accounts']) {
SendMail($_REQUEST['email'], $email_template, $t);
}
// Send e-mail to administrators
$administrators =& $DB->FetchAll('SELECT * FROM `tlx_administrators`');
foreach ($administrators as $administrator) {
if ($administrator['notifications'] & E_ACCOUNT_ADDED) {
SendMail($administrator['email'], 'email-admin-account-added.tpl', $t);
}
}
// Display confirmation page
$t->display('accounts-added.tpl');
}
function DisplayTest()
{
global $allowed_chars, $C;
$font_file = SafeFilename("{$C['font_dir']}/{$_SERVER['QUERY_STRING']}");
$font_size = 24;
$gdinfo = gd_info();
$code = join(' ', $allowed_chars);
$bounds = imagettfbbox($font_size, 0, $font_file, $code);
$image_height = $bounds[1] - $bounds[7] + 10;
$image_width = $bounds[2] + 10;
// Create a new image
$image = imagecreatetruecolor($image_width, $image_height);
// Allocate the colors for the image
$bg_color = imagecolorallocate($image, 240, 240, 220);
$font_color = imagecolorallocate($image, 0, 0, 0);
// Fill the image with the background color
imagefill($image, 0, 0, $bg_color);
// Write the submit code onto the image
imagettftext($image, $font_size, 0, 5 + $bounds[6], $image_height - $bounds[1] - 5, $font_color, $font_file, $code);
// Display the image
if ($gdinfo['PNG Support']) {
header("Content-type: image/png");
imagepng($image);
} else {
header("Content-type: image/jpeg");
imagejpeg($image);
}
}
function txCrop()
{
global $DB, $C, $L, $t, $domain;
$gallery = $DB->Row('SELECT * FROM `tx_galleries` WHERE `gallery_id`=?', array($_REQUEST['gallery_id']));
if ($gallery) {
if ($gallery['has_preview']) {
$t->assign('error', $L['PREVIEW_EXISTS']);
$t->display($domain['template_prefix'] . 'error-nice.tpl');
return;
}
// Defaults
$gallery['status'] = 'pending';
$gallery['date_approved'] = null;
$gallery['administrator'] = null;
$partner = null;
// Get category and format information
$categories =& CategoriesFromTags($gallery['categories']);
$format = GetCategoryFormat($gallery['format'], $categories[0]);
$annotation =& LoadAnnotation($format['annotation'], $categories[0]['name']);
$imagefile = SafeFilename("{$GLOBALS['BASE_DIR']}/cache/{$_REQUEST['imagefile']}");
$i = GetImager();
$i->ResizeCropper($imagefile, $format['preview_size'], $_REQUEST, $annotation);
$preview = AddPreview($gallery['gallery_id'], $format['preview_size'], $imagefile);
$gallery['preview_url'] = $preview['url'];
// Load gallery information to determine how to process the gallery
$whitelisted = CheckWhitelist($gallery);
if ($gallery['partner']) {
$partner = $DB->Row('SELECT * FROM `tx_partners` WHERE `username`=?', array($gallery['partner']));
}
$whitelisted = MergeWhitelistOptions($whitelisted, $partner);
// Determine gallery status
$autoapprove_general = empty($partner) && !$C['require_confirm'] && ($C['allow_autoapprove'] || $whitelisted['allow_autoapprove']);
$autoapprove_partner = !empty($partner) && $partner['allow_noconfirm'] && $whitelisted['allow_autoapprove'];
if ($autoapprove_general || $autoapprove_partner) {
$gallery['status'] = 'approved';
$gallery['date_approved'] = MYSQL_NOW;
$gallery['administrator'] = 'AUTO';
} else {
if (empty($partner) && $C['require_confirm'] || !empty($partner) && !$partner['allow_noconfirm'] && $C['require_confirm']) {
$gallery['status'] = 'unconfirmed';
$gallery['confirm_id'] = md5(uniqid(rand(), true));
}
}
// Update gallery data
$DB->Update('UPDATE `tx_galleries` SET `status`=?,`date_approved`=?,`administrator`=?,`has_preview`=? WHERE `gallery_id`=?', array($gallery['status'], $gallery['date_approved'], $gallery['administrator'], 1, $gallery['gallery_id']));
// Get category
$categories =& CategoriesFromTags($gallery['categories']);
$gallery['category'] = $categories[0]['name'];
// Assign gallery data to the template
$fields =& GetUserGalleryFields($gallery);
$t->assign_by_ref('gallery', $gallery);
$t->assign_by_ref('user_fields', $fields);
// Handle confirmation
if ($gallery['status'] == 'unconfirmed') {
SendMail($gallery['email'], $domain['template_prefix'] . 'email-gallery-confirm.tpl', $t);
$DB->Update('INSERT INTO `tx_gallery_confirms` VALUES (?,?,?)', array($gallery['gallery_id'], $gallery['confirm_id'], MYSQL_NOW));
}
// Update number of submitted galleries if partner account
if ($partner) {
$DB->Update('UPDATE `tx_partners` SET `submitted`=`submitted`+1,`date_last_submit`=? WHERE `username`=?', array(MYSQL_NOW, $partner['username']));
}
// Update the date of last submission for this category
$DB->Update('UPDATE `tx_categories` SET `date_last_submit`=? WHERE `category_id`=?', array(MYSQL_NOW, $categories[0]['category_id']));
$t->display($domain['template_prefix'] . 'submit-complete.tpl');
} else {
$t->assign('error', $L['BAD_GALLERY_ID']);
$t->display($domain['template_prefix'] . 'error-nice.tpl');
}
}
function txDownloadThumb()
{
global $DB, $json, $C;
$out = array('status' => JSON_FAILURE);
$id = md5($_REQUEST['thumb']);
$cachefile = SafeFilename("_{$_REQUEST['gallery_id']}_" . $id . ".jpg", FALSE);
if (!is_file("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}")) {
$http = new Http();
if ($http->Get($_REQUEST['thumb'], TRUE, $_REQUEST['gallery_url'])) {
FileWrite("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}", $http->body);
}
}
$out['size'] = @getimagesize("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}");
if ($out['size'] !== FALSE) {
if ($out['size'][0] >= $C['min_thumb_width'] && $out['size'][1] >= $C['min_thumb_height'] && $out['size'][0] <= $C['max_thumb_width'] && $out['size'][1] <= $C['max_thumb_height']) {
$out['src'] = "{$C['install_url']}/cache/{$cachefile}";
$out['status'] = JSON_SUCCESS;
$out['id'] = $id;
} else {
$out['message'] = "Downloading " . htmlspecialchars($_REQUEST['thumb']) . " failed: image size of {$out['size'][0]}x{$out['size'][1]} is " . "not within the range of {$C['min_thumb_width']}x{$C['min_thumb_height']} to {$C['max_thumb_width']}x{$C['max_thumb_height']}";
}
} else {
$out['message'] = "Downloading " . htmlspecialchars($_REQUEST['thumb']) . " failed: not a valid image file";
}
echo $json->encode($out);
}
function tlxAccountEditProcess()
{
global $DB, $json, $C, $L;
VerifyPrivileges(P_ACCOUNT_MODIFY, TRUE);
if ($_REQUEST['w'] == 'reject') {
$DB->Update('UPDATE `tlx_accounts` SET `edited`=0,`edit_data`=NULL WHERE `username`=?', array($_REQUEST['username']));
} else {
if ($_REQUEST['w'] == 'approve') {
$account = $DB->Row('SELECT * FROM `tlx_accounts` WHERE `username`=?', array($_REQUEST['username']));
$edits = unserialize(base64_decode($account['edit_data']));
if ($edits) {
if ($edits['banner_data']) {
$parsed = parse_url($edits['banner_url_local']);
if ($parsed !== FALSE) {
$banner_file = SafeFilename("{$C['banner_dir']}/" . basename($parsed['path']), FALSE);
FileWrite($banner_file, $edits['banner_data']);
}
unset($edits['banner_data']);
}
$user_fields = $DB->GetColumns('tlx_account_fields');
$default_updates = array("`edited`=?", "`edit_data`=?");
$default_updates_binds = array(0, null);
$user_updates = array();
$user_updates_binds = array();
foreach ($edits as $name => $value) {
$name = str_replace('`', '\\`', $name);
$value = mysql_real_escape_string($value, $DB->handle);
if (in_array($name, $user_fields)) {
$user_updates[] = "`{$name}`=?";
$user_updates_binds[] = $value;
} else {
$default_updates[] = "`{$name}`=?";
$default_updates_binds[] = $value;
}
}
$user_updates_binds[] = $_REQUEST['username'];
$default_updates_binds[] = $_REQUEST['username'];
if (count($user_updates)) {
$DB->Update('UPDATE `tlx_account_fields` SET ' . join(',', $user_updates) . ' WHERE `username`=?', $user_updates_binds);
}
$DB->Update('UPDATE `tlx_accounts` SET ' . join(',', $default_updates) . ' WHERE `username`=?', $default_updates_binds);
}
}
}
echo $json->encode(array('status' => JSON_SUCCESS));
}
function lxSaveEmailTemplate()
{
global $DB, $C;
VerifyAdministrator();
CheckAccessList();
$_REQUEST['plain'] = trim($_REQUEST['plain']);
$_REQUEST['html'] = trim($_REQUEST['html']);
$ini_data = IniWrite(null, $_REQUEST, array('subject', 'plain', 'html'));
$compiled_code = '';
$compiler = new Compiler();
if ($compiler->compile($ini_data, $compiled_code)) {
$template_file = SafeFilename("{$GLOBALS['BASE_DIR']}/templates/{$_REQUEST['loaded_template']}");
FileWrite($template_file, $ini_data);
$GLOBALS['message'] = 'Template has been successully saved';
} else {
$GLOBALS['errstr'] = "Template could not be saved:<br />" . nl2br($compiler->get_error_string());
}
lxShEmailTemplates();
}
function DoDatabaseRestore($args, $cli = FALSE)
{
global $DB, $C;
$message = 'The database restore function has been started, please allow a few minutes for it to complete...';
$sql_file = SafeFilename("{$GLOBALS['BASE_DIR']}/data/{$args['sql-file']}", FALSE);
$thumbs_file = empty($args['thumbs-file']) ? null : SafeFilename("{$GLOBALS['BASE_DIR']}/data/{$args['thumbs-file']}", FALSE);
// Running from the command line
if ($cli) {
$to_archive = array($sql_file);
if (!empty($C['mysql'])) {
$command = "{$C['mysql']} " . "-u" . escapeshellarg($C['db_username']) . " " . "-p" . escapeshellarg($C['db_password']) . " " . "-h" . escapeshellarg($C['db_hostname']) . " " . escapeshellarg($C['db_name']) . " " . "<" . escapeshellarg($sql_file);
shell_exec($command);
} else {
RestoreSQLTables($sql_file);
}
if (!empty($args['thumbs-file'])) {
RestoreThumbnails($thumbs_file);
}
} else {
if ($C['shell_exec'] && !empty($C['php_cli'])) {
$command = "{$C['php_cli']} cron.php --restore " . "--sql-file=" . escapeshellarg($args['sql-file']) . " " . "--thumbs-file=" . escapeshellarg($args['thumbs-file']) . " " . ">/dev/null 2>&1 &";
shell_exec($command);
} else {
RestoreSQLTables($sql_file);
if (!empty($args['thumbs-file'])) {
RestoreThumbnails($thumbs_file);
}
$message = 'The database restore has been completed';
}
}
return $message;
}
function txScriptTemplateSave()
{
global $DB, $C;
VerifyAdministrator();
CheckAccessList();
$_REQUEST['code'] = trim($_REQUEST['code']);
// Compile global templates first, if this is not one
if (!preg_match('~global-~', $_REQUEST['loaded_template'])) {
$t = new Template();
foreach (glob("{$GLOBALS['BASE_DIR']}/templates/*global-*.tpl") as $global_template) {
$t->compile_template(basename($global_template));
}
}
$compiled_code = '';
$compiler = new Compiler();
if ($compiler->compile($_REQUEST['code'], $compiled_code)) {
$template_file = SafeFilename("{$GLOBALS['BASE_DIR']}/templates/{$_REQUEST['loaded_template']}");
FileWrite($template_file, $_REQUEST['code']);
$compiled_file = SafeFilename("{$GLOBALS['BASE_DIR']}/templates/compiled/{$_REQUEST['loaded_template']}", FALSE);
FileWrite($compiled_file, $compiled_code);
$GLOBALS['message'] = 'Template has been successully saved';
} else {
$GLOBALS['errstr'] = "Template could not be saved:<br />" . nl2br($compiler->get_error_string());
}
$GLOBALS['warnstr'] = CheckTemplateCode($_REQUEST['code']);
// Recompile all templates if a global template was updated
if (preg_match('~global-~', $_REQUEST['loaded_template'])) {
RecompileTemplates();
}
txShScriptTemplates();
}
