function tlxAccountAdd() { global $C, $DB, $L, $IMAGE_EXTENSIONS, $t; unset($_REQUEST['banner_url_local']); // Get domain $parsed_url = parse_url($_REQUEST['site_url']); $_REQUEST['domain'] = preg_replace('~^www\\.~', '', $parsed_url['host']); $v = new Validator(); // Get selected category (if any) and set variables if (isset($_REQUEST['category_id'])) { $category = $DB->Row('SELECT * FROM `tlx_categories` WHERE `category_id`=? AND `hidden`=0', array($_REQUEST['category_id'])); if ($category) { $C['min_desc_length'] = $category['desc_min_length']; $C['max_desc_length'] = $category['desc_max_length']; $C['min_title_length'] = $category['title_min_length']; $C['max_title_length'] = $category['title_max_length']; $C['banner_max_width'] = $category['banner_max_width']; $C['banner_max_height'] = $category['banner_max_height']; $C['banner_max_bytes'] = $category['banner_max_bytes']; $C['allow_redirect'] = $category['allow_redirect']; } else { $v->SetError($L['INVALID_CATEGORY']); } } // See if username is taken if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE `username`=?', array($_REQUEST['username'])) > 0) { $v->SetError($L['USERNAME_TAKEN']); } // Check for duplicate account information if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE `site_url`=? OR `email`=? OR `domain`=?', array($_REQUEST['site_url'], $_REQUEST['email'], $_REQUEST['domain'])) > 0) { $v->SetError($L['EXISTING_ACCOUNT']); } $v->Register($_REQUEST['username'], V_LENGTH, $L['USERNAME_LENGTH'], '4,32'); $v->Register($_REQUEST['username'], V_ALPHANUM, $L['INVALID_USERNAME']); $v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999'); $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']); $v->Register($_REQUEST['site_url'], V_URL, sprintf($L['INVALID_URL'], $L['SITE_URL'])); $v->Register($_REQUEST['password'], V_NOT_EQUALS, $L['USERNAME_IS_PASSWORD'], $_REQUEST['username']); $v->Register($_REQUEST['password'], V_EQUALS, $L['PASSWORDS_DONT_MATCH'], $_REQUEST['confirm_password']); if (!IsEmptyString($_REQUEST['banner_url'])) { $v->Register($_REQUEST['banner_url'], V_URL, sprintf($L['INVALID_URL'], $L['BANNER_URL'])); } // Format keywords and check number if ($C['allow_keywords']) { $_REQUEST['keywords'] = FormatSpaceSeparated($_REQUEST['keywords']); $keywords = explode(' ', $_REQUEST['keywords']); $v->Register(count($keywords), V_LESS_EQ, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']); } else { $_REQUEST['keywords'] = null; } // Verify captcha code if ($C['account_add_captcha']) { VerifyCaptcha($v); } // Initial validation if (!$v->Validate()) { return $v->ValidationError('tlxShAccountAdd', TRUE); } // Check if the site URL is working $http = new Http(); if ($http->Get($_REQUEST['site_url'], $C['allow_redirect'])) { $_REQUEST['html'] = $http->body; $_REQUEST['headers'] = $http->raw_response_headers; } else { $v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['site_url'], $http->errstr)); } // Check the blacklist $blacklisted = CheckBlacklistAccount($_REQUEST); if ($blacklisted !== FALSE) { $v->SetError(sprintf($blacklisted[0]['reason'] ? $L['BLACKLISTED_REASON'] : $L['BLACKLISTED'], $blacklisted[0]['match'], $blacklisted[0]['reason'])); } // Check site title and description length $v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}"); $v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}"); // Validation of user defined fields $fields =& GetUserAccountFields(); foreach ($fields as $field) { if ($field['on_create']) { if ($field['required_create']) { $v->Register($_REQUEST[$field['name']], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $field['label'])); } if (!IsEmptyString($_REQUEST[$field['name']]) && $field['validation']) { $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']); } } } // Download banner to check size $banner_file = null; if (!IsEmptyString($_REQUEST['banner_url']) && ($C['download_banners'] || $C['host_banners'])) { $http = new Http(); if ($http->Get($_REQUEST['banner_url'], TRUE, $_REQUEST['site_url'])) { $banner_file = SafeFilename("{$C['banner_dir']}/{$_REQUEST['username']}.jpg", FALSE); FileWrite($banner_file, $http->body); $banner_info = @getimagesize($banner_file); if ($banner_info !== FALSE) { $_REQUEST['banner_width'] = $banner_info[0]; $_REQUEST['banner_height'] = $banner_info[1]; if (filesize($banner_file) > $C['banner_max_bytes']) { $v->SetError(sprintf($L['BAD_BANNER_BYTES'], $C['banner_max_bytes'])); } if ($C['host_banners']) { if (isset($IMAGE_EXTENSIONS[$banner_info[2]])) { $banner_ext = strtolower($IMAGE_EXTENSIONS[$banner_info[2]]); if ($banner_ext != 'jpg') { $new_file = preg_replace('~\\.jpg$~', ".{$banner_ext}", $banner_file); rename($banner_file, $new_file); $banner_file = $new_file; } $_REQUEST['banner_url_local'] = "{$C['banner_url']}/{$_REQUEST['username']}.{$banner_ext}"; } else { $v->SetError($L['BAD_BANNER_IMAGE']); } } else { @unlink($banner_file); $banner_file = null; } } else { $v->SetError($L['BAD_BANNER_IMAGE']); } } else { $v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['banner_url'], $http->errstr)); } } // Check banner dimensions if ($_REQUEST['banner_width'] > $C['banner_max_width'] || $_REQUEST['banner_height'] > $C['banner_max_height']) { $v->SetError(sprintf($L['BAD_BANNER_SIZE'], $C['banner_max_width'], $C['banner_max_height'])); } // Force banner dimensions if ($C['banner_force_size']) { $_REQUEST['banner_width'] = $C['banner_max_width']; $_REQUEST['banner_height'] = $C['banner_max_height']; } if (!$v->Validate()) { if (!empty($banner_file)) { @unlink($banner_file); } return $v->ValidationError('tlxShAccountAdd', TRUE); } $_REQUEST['status'] = STATUS_ACTIVE; $email_template = 'email-account-added.tpl'; if ($C['confirm_accounts']) { $_REQUEST['status'] = STATUS_UNCONFIRMED; $email_template = 'email-account-confirm.tpl'; $confirm_id = md5(uniqid(rand(), true)); $t->assign('confirm_url', "{$C['install_url']}/accounts.php?r=confirm&id={$confirm_id}"); $DB->Update('INSERT INTO `tlx_account_confirms` VALUES (?,?,?)', array($_REQUEST['username'], $confirm_id, MYSQL_NOW)); } else { if ($C['review_new_accounts']) { $_REQUEST['status'] = STATUS_PENDING; $email_template = 'email-account-pending.tpl'; } } // Add account information $DB->Update('INSERT INTO `tlx_accounts` VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)', array($_REQUEST['username'], $_REQUEST['email'], $_REQUEST['site_url'], $_REQUEST['domain'], $_REQUEST['banner_url'], $_REQUEST['banner_url_local'], $_REQUEST['banner_height'], $_REQUEST['banner_width'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['keywords'], MYSQL_NOW, $_REQUEST['status'] == STATUS_ACTIVE ? MYSQL_NOW : null, MYSQL_NOW, sha1($_REQUEST['password']), $C['return_percent'], $_REQUEST['status'], 0, 0, 0, $_REQUEST['category_id'], null, null, 0, 0, 0, null, null)); // Create stats tracking data $stats_data = array_merge(array($_REQUEST['username']), array_fill(0, 127, 0)); $DB->Update('INSERT INTO `tlx_account_hourly_stats` VALUES (' . CreateBindList($stats_data) . ')', $stats_data); // Insert user defined database fields $query_data = CreateUserInsert('tlx_account_fields', $_REQUEST); $DB->Update('INSERT INTO `tlx_account_fields` VALUES (' . $query_data['bind_list'] . ')', $query_data['binds']); // Assign template values $_REQUEST['category'] = $category['name']; $t->assign_by_ref('account', $_REQUEST); $t->assign_by_ref('user_fields', $fields); $t->assign('tracking_url', $C['tracking_mode'] == 'unique_link' ? "{$C['in_url']}?id={$_REQUEST['username']}" : $C['in_url']); // Send e-mail to account submitter if ($C['confirm_accounts'] || $C['email_new_accounts']) { SendMail($_REQUEST['email'], $email_template, $t); } // Send e-mail to administrators $administrators =& $DB->FetchAll('SELECT * FROM `tlx_administrators`'); foreach ($administrators as $administrator) { if ($administrator['notifications'] & E_ACCOUNT_ADDED) { SendMail($administrator['email'], 'email-admin-account-added.tpl', $t); } } // Display confirmation page $t->display('accounts-added.tpl'); }
function lxEditAccount() { global $DB, $C, $t, $L; $account = ValidUserLogin(); if ($account === FALSE) { lxShLogin($L['INVALID_LOGIN']); return; } else { if ($account['status'] != 'active') { lxShLogin($account['status'] == 'suspended' ? $L['SUSPENDED_ACCOUNT'] : $L['PENDING_ACCOUNT']); return; } else { $password = $account['password']; $v = new Validator(); $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']); $v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}"); if (!empty($_REQUEST['password'])) { $v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']); $v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999'); $password = sha1($_REQUEST['password']); } // Validation of user defined fields $fields =& GetUserAccountFields(); foreach ($fields as $field) { if ($field['on_edit']) { if ($field['required']) { $v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}"); } if ($field['validation']) { $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']); } } } // E-mail exists? if ($DB->Count('SELECT COUNT(*) FROM lx_users WHERE username!=? AND email=?', array($account['username'], $_REQUEST['email']))) { $v->SetError($L['DUPLICATE_EMAIL']); } // Check blacklist $blacklisted = CheckBlacklistAccount($_REQUEST); if ($blacklisted !== FALSE) { $v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason'])); } if (!$v->Validate()) { $errors = join('<br />', $v->GetErrors()); lxShEdit($errors); return; } // Update pre-defined data $DB->Update('UPDATE lx_users SET ' . 'password=?, ' . 'name=?, ' . 'email=? ' . 'WHERE username=?', array($password, $_REQUEST['name'], $_REQUEST['email'], $account['username'])); // Update user defined fields UserDefinedUpdate('lx_user_fields', 'lx_user_field_defs', 'username', $account['username'], $_REQUEST, FALSE); // Back to the account overview lxLogin(null, 'accountupdate'); } } }
$account['headers'] = $http->raw_response_headers; } else { // Bad status code if (!empty($http->response_headers['status'])) { if (preg_match('~^3\\d\\d~', $http->response_headers['status'])) { $exception = $exceptions['forward']; } else { $exception = $exceptions['broken']; } } else { $exception = $exceptions['connect']; } } $account['http'] =& $http; // Check the blacklist if ($configuration['action_blacklist'] != 0 && ($blacklisted = CheckBlacklistAccount($account)) !== FALSE) { $exception |= $exceptions['blacklist']; $account['blacklist_item'] = $blacklisted[0]['match']; } // Handle any exceptions $processed = FALSE; if ($exception) { $processed = ProcessAccount($account, $exception); } // Re-enable an account if there are no exceptions if ($configuration['enable_disabled'] && !$processed && !$exception && $account['disabled']) { $DB->Update('UPDATE `tlx_accounts` SET `disabled`=0 WHERE `username`=?', array($account['username'])); } // Update date of last scan if (!$processed) { $gallery['date_scanned'] = gmdate(DF_DATETIME, TimeWithTz());
<div style="padding: 0px 10px 10px 10px;"> <form> <fieldset> <legend>Scan Results</legend> <?php // Get account information $account = $DB->Row('SELECT * FROM `tlx_accounts` WHERE `username`=?', array($_REQUEST['username'])); $http = new Http(); $success = FALSE; if ($http->Get($account['site_url'], $C['allow_redirect'])) { $success = TRUE; $account['html'] = $http->body; $account['headers'] = $http->raw_response_headers; $blacklisted = CheckBlacklistAccount($account); ?> <table id="results" width="100%"> <tr> <td width="235" align="right"> <b>HTTP Status</b> </td> <td> <?php echo htmlspecialchars($http->response_headers['status']); ?> </td> </tr> <tr> <td width="235" align="right"> <b>IP Address</b>