define('CACHE_TIME', 60); $site_name = $HandlerMatches[1]; $current_page = isset($HandlerMatches[2]) ? $HandlerMatches[2] : 1; $unique_page_name = PAGE_NAME . "{$site_name}-{$current_page}"; $smarty = new MySmarty(); if ($smarty->is_cached('index.tpl.html', $unique_page_name)) { $smarty->display('index.tpl.html', $unique_page_name); exit; } $db = new SQLite($SQLITE_DB_PATH); # Check if the requested site exists. # # $HandlerMatches is a global array defined index.php where the # request url was matched. # $escaped_site = $db->escape($HandlerMatches[1]); # find the sites to display # TODO: cache this (because it changes very rarely) # $site = $db->fetchRowQueryAssoc("SELECT id, name, sane_name, url FROM sites WHERE sane_name = '{$escaped_site}' AND visible = 1"); if ($db->isError()) { $smarty->assign('tpl_content', 'content-error.tpl.html'); $smarty->assign('error', 'Database error has occured: ' . $db->getError()); $smarty->display('index.tpl.html'); exit; } if (!$site) { # The requested site was not found # $smarty->assign('tpl_content', 'content-error.tpl.html'); $smarty->assign('error', "Pictures from '" . htmlentities($HandlerMatches[1]) . "' are not being collected!");
if (preg_match("#^\\s+\$#", $_POST['comment'])) { $comment_error = "Your comment contained just empty spaces. Please type a better comment!"; $smarty->assign('comment_error', $comment_error); } else { $add_comment = 1; } } } } } # Check if the requested item exists. # # $HandlerMatches is a global array defined index.php where the # request url was matched. # $escaped_item_title = $db->escape($sane_item_title); # Fetch the item # $item_query = "SELECT " . join(',', $ITEM_FIELDS) . " FROM items " . "WHERE sane_title = '{$escaped_item_title}' AND visible = 1"; $item = $db->fetchRowQueryAssoc($item_query, 'id'); if ($db->isError()) { $smarty->assign('tpl_content', 'content-error.tpl.html'); $smarty->assign('error', 'Database error has occured: ' . $db->getError()); $smarty->display('index.tpl.html'); exit; } if (!$item) { # The requested item was not found # $smarty->assign('tpl_content', 'content-error.tpl.html'); $smarty->assign('error', "Item '" . htmlentities($HandlerMatches[1]) . "' does not exist!");
if ($data_ser) { $data = unserialize($data_ser); } $smarty->assign('email', isset($data['email']) ? $data['email'] : ''); $smarty->assign('website', isset($data['website']) ? $data['website'] : ''); # UGLINESS if (isset($_POST['action'])) { if ($_POST['action'] == "profile") { $data['email'] = isset($_POST['email']) ? $_POST['email'] : ''; $data['website'] = isset($_POST['website']) ? $_POST['website'] : ''; if ($data['email'] && !preg_match("#^.+@.+\$#", $data['email'])) { $smarty->assign('error_profile', "Invalid email address '{$data['email']}'!"); $smarty->display('index.tpl.html'); exit; } $data_esc_ser = $db->escape(serialize($data)); $update_query = "UPDATE users SET data = '{$data_esc_ser}' WHERE id = {$_SESSION['user_id']}"; if (!$db->query($update_query)) { $smarty->assign('error_profile', "There was a database error while updating your profile: " . $db->getError()); } else { $smarty->assign('email', $data['email']); $smarty->assign('website', $data['website']); } } else { if ($_POST['action'] == "password") { $current_pass = isset($_POST['current_password']) ? $_POST['current_password'] : ''; $new_pass = isset($_POST['new_password']) ? $_POST['new_password'] : ''; $new_pass2 = isset($_POST['new_password2']) ? $_POST['new_password2'] : ''; if (empty($current_pass)) { $smarty->assign('error_password', "To set a new password, enter your current password!"); $smarty->display('index.tpl.html');