function tlxAccountAdd()
{
global $C, $DB, $L, $IMAGE_EXTENSIONS, $t;
unset($_REQUEST['banner_url_local']);
// Get domain
$parsed_url = parse_url($_REQUEST['site_url']);
$_REQUEST['domain'] = preg_replace('~^www\\.~', '', $parsed_url['host']);
$v = new Validator();
// Get selected category (if any) and set variables
if (isset($_REQUEST['category_id'])) {
$category = $DB->Row('SELECT * FROM `tlx_categories` WHERE `category_id`=? AND `hidden`=0', array($_REQUEST['category_id']));
if ($category) {
$C['min_desc_length'] = $category['desc_min_length'];
$C['max_desc_length'] = $category['desc_max_length'];
$C['min_title_length'] = $category['title_min_length'];
$C['max_title_length'] = $category['title_max_length'];
$C['banner_max_width'] = $category['banner_max_width'];
$C['banner_max_height'] = $category['banner_max_height'];
$C['banner_max_bytes'] = $category['banner_max_bytes'];
$C['allow_redirect'] = $category['allow_redirect'];
} else {
$v->SetError($L['INVALID_CATEGORY']);
}
}
// See if username is taken
if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE `username`=?', array($_REQUEST['username'])) > 0) {
$v->SetError($L['USERNAME_TAKEN']);
}
// Check for duplicate account information
if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE `site_url`=? OR `email`=? OR `domain`=?', array($_REQUEST['site_url'], $_REQUEST['email'], $_REQUEST['domain'])) > 0) {
$v->SetError($L['EXISTING_ACCOUNT']);
}
$v->Register($_REQUEST['username'], V_LENGTH, $L['USERNAME_LENGTH'], '4,32');
$v->Register($_REQUEST['username'], V_ALPHANUM, $L['INVALID_USERNAME']);
$v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999');
$v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
$v->Register($_REQUEST['site_url'], V_URL, sprintf($L['INVALID_URL'], $L['SITE_URL']));
$v->Register($_REQUEST['password'], V_NOT_EQUALS, $L['USERNAME_IS_PASSWORD'], $_REQUEST['username']);
$v->Register($_REQUEST['password'], V_EQUALS, $L['PASSWORDS_DONT_MATCH'], $_REQUEST['confirm_password']);
if (!IsEmptyString($_REQUEST['banner_url'])) {
$v->Register($_REQUEST['banner_url'], V_URL, sprintf($L['INVALID_URL'], $L['BANNER_URL']));
}
// Format keywords and check number
if ($C['allow_keywords']) {
$_REQUEST['keywords'] = FormatSpaceSeparated($_REQUEST['keywords']);
$keywords = explode(' ', $_REQUEST['keywords']);
$v->Register(count($keywords), V_LESS_EQ, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']);
} else {
$_REQUEST['keywords'] = null;
}
// Verify captcha code
if ($C['account_add_captcha']) {
VerifyCaptcha($v);
}
// Initial validation
if (!$v->Validate()) {
return $v->ValidationError('tlxShAccountAdd', TRUE);
}
// Check if the site URL is working
$http = new Http();
if ($http->Get($_REQUEST['site_url'], $C['allow_redirect'])) {
$_REQUEST['html'] = $http->body;
$_REQUEST['headers'] = $http->raw_response_headers;
} else {
$v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['site_url'], $http->errstr));
}
// Check the blacklist
$blacklisted = CheckBlacklistAccount($_REQUEST);
if ($blacklisted !== FALSE) {
$v->SetError(sprintf($blacklisted[0]['reason'] ? $L['BLACKLISTED_REASON'] : $L['BLACKLISTED'], $blacklisted[0]['match'], $blacklisted[0]['reason']));
}
// Check site title and description length
$v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}");
$v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}");
// Validation of user defined fields
$fields =& GetUserAccountFields();
foreach ($fields as $field) {
if ($field['on_create']) {
if ($field['required_create']) {
$v->Register($_REQUEST[$field['name']], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $field['label']));
}
if (!IsEmptyString($_REQUEST[$field['name']]) && $field['validation']) {
$v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
}
}
}
// Download banner to check size
$banner_file = null;
if (!IsEmptyString($_REQUEST['banner_url']) && ($C['download_banners'] || $C['host_banners'])) {
$http = new Http();
if ($http->Get($_REQUEST['banner_url'], TRUE, $_REQUEST['site_url'])) {
$banner_file = SafeFilename("{$C['banner_dir']}/{$_REQUEST['username']}.jpg", FALSE);
FileWrite($banner_file, $http->body);
$banner_info = @getimagesize($banner_file);
if ($banner_info !== FALSE) {
$_REQUEST['banner_width'] = $banner_info[0];
$_REQUEST['banner_height'] = $banner_info[1];
if (filesize($banner_file) > $C['banner_max_bytes']) {
$v->SetError(sprintf($L['BAD_BANNER_BYTES'], $C['banner_max_bytes']));
}
if ($C['host_banners']) {
if (isset($IMAGE_EXTENSIONS[$banner_info[2]])) {
$banner_ext = strtolower($IMAGE_EXTENSIONS[$banner_info[2]]);
if ($banner_ext != 'jpg') {
$new_file = preg_replace('~\\.jpg$~', ".{$banner_ext}", $banner_file);
rename($banner_file, $new_file);
$banner_file = $new_file;
}
$_REQUEST['banner_url_local'] = "{$C['banner_url']}/{$_REQUEST['username']}.{$banner_ext}";
} else {
$v->SetError($L['BAD_BANNER_IMAGE']);
}
} else {
@unlink($banner_file);
$banner_file = null;
}
} else {
$v->SetError($L['BAD_BANNER_IMAGE']);
}
} else {
$v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['banner_url'], $http->errstr));
}
}
// Check banner dimensions
if ($_REQUEST['banner_width'] > $C['banner_max_width'] || $_REQUEST['banner_height'] > $C['banner_max_height']) {
$v->SetError(sprintf($L['BAD_BANNER_SIZE'], $C['banner_max_width'], $C['banner_max_height']));
}
// Force banner dimensions
if ($C['banner_force_size']) {
$_REQUEST['banner_width'] = $C['banner_max_width'];
$_REQUEST['banner_height'] = $C['banner_max_height'];
}
if (!$v->Validate()) {
if (!empty($banner_file)) {
@unlink($banner_file);
}
return $v->ValidationError('tlxShAccountAdd', TRUE);
}
$_REQUEST['status'] = STATUS_ACTIVE;
$email_template = 'email-account-added.tpl';
if ($C['confirm_accounts']) {
$_REQUEST['status'] = STATUS_UNCONFIRMED;
$email_template = 'email-account-confirm.tpl';
$confirm_id = md5(uniqid(rand(), true));
$t->assign('confirm_url', "{$C['install_url']}/accounts.php?r=confirm&id={$confirm_id}");
$DB->Update('INSERT INTO `tlx_account_confirms` VALUES (?,?,?)', array($_REQUEST['username'], $confirm_id, MYSQL_NOW));
} else {
if ($C['review_new_accounts']) {
$_REQUEST['status'] = STATUS_PENDING;
$email_template = 'email-account-pending.tpl';
}
}
// Add account information
$DB->Update('INSERT INTO `tlx_accounts` VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)', array($_REQUEST['username'], $_REQUEST['email'], $_REQUEST['site_url'], $_REQUEST['domain'], $_REQUEST['banner_url'], $_REQUEST['banner_url_local'], $_REQUEST['banner_height'], $_REQUEST['banner_width'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['keywords'], MYSQL_NOW, $_REQUEST['status'] == STATUS_ACTIVE ? MYSQL_NOW : null, MYSQL_NOW, sha1($_REQUEST['password']), $C['return_percent'], $_REQUEST['status'], 0, 0, 0, $_REQUEST['category_id'], null, null, 0, 0, 0, null, null));
// Create stats tracking data
$stats_data = array_merge(array($_REQUEST['username']), array_fill(0, 127, 0));
$DB->Update('INSERT INTO `tlx_account_hourly_stats` VALUES (' . CreateBindList($stats_data) . ')', $stats_data);
// Insert user defined database fields
$query_data = CreateUserInsert('tlx_account_fields', $_REQUEST);
$DB->Update('INSERT INTO `tlx_account_fields` VALUES (' . $query_data['bind_list'] . ')', $query_data['binds']);
// Assign template values
$_REQUEST['category'] = $category['name'];
$t->assign_by_ref('account', $_REQUEST);
$t->assign_by_ref('user_fields', $fields);
$t->assign('tracking_url', $C['tracking_mode'] == 'unique_link' ? "{$C['in_url']}?id={$_REQUEST['username']}" : $C['in_url']);
// Send e-mail to account submitter
if ($C['confirm_accounts'] || $C['email_new_accounts']) {
SendMail($_REQUEST['email'], $email_template, $t);
}
// Send e-mail to administrators
$administrators =& $DB->FetchAll('SELECT * FROM `tlx_administrators`');
foreach ($administrators as $administrator) {
if ($administrator['notifications'] & E_ACCOUNT_ADDED) {
SendMail($administrator['email'], 'email-admin-account-added.tpl', $t);
}
}
// Display confirmation page
$t->display('accounts-added.tpl');
}
function lxEditAccount()
{
global $DB, $C, $t, $L;
$account = ValidUserLogin();
if ($account === FALSE) {
lxShLogin($L['INVALID_LOGIN']);
return;
} else {
if ($account['status'] != 'active') {
lxShLogin($account['status'] == 'suspended' ? $L['SUSPENDED_ACCOUNT'] : $L['PENDING_ACCOUNT']);
return;
} else {
$password = $account['password'];
$v = new Validator();
$v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']);
$v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}");
if (!empty($_REQUEST['password'])) {
$v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']);
$v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999');
$password = sha1($_REQUEST['password']);
}
// Validation of user defined fields
$fields =& GetUserAccountFields();
foreach ($fields as $field) {
if ($field['on_edit']) {
if ($field['required']) {
$v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}");
}
if ($field['validation']) {
$v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']);
}
}
}
// E-mail exists?
if ($DB->Count('SELECT COUNT(*) FROM lx_users WHERE username!=? AND email=?', array($account['username'], $_REQUEST['email']))) {
$v->SetError($L['DUPLICATE_EMAIL']);
}
// Check blacklist
$blacklisted = CheckBlacklistAccount($_REQUEST);
if ($blacklisted !== FALSE) {
$v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason']));
}
if (!$v->Validate()) {
$errors = join('<br />', $v->GetErrors());
lxShEdit($errors);
return;
}
// Update pre-defined data
$DB->Update('UPDATE lx_users SET ' . 'password=?, ' . 'name=?, ' . 'email=? ' . 'WHERE username=?', array($password, $_REQUEST['name'], $_REQUEST['email'], $account['username']));
// Update user defined fields
UserDefinedUpdate('lx_user_fields', 'lx_user_field_defs', 'username', $account['username'], $_REQUEST, FALSE);
// Back to the account overview
lxLogin(null, 'accountupdate');
}
}
}
$account['headers'] = $http->raw_response_headers;
} else {
// Bad status code
if (!empty($http->response_headers['status'])) {
if (preg_match('~^3\\d\\d~', $http->response_headers['status'])) {
$exception = $exceptions['forward'];
} else {
$exception = $exceptions['broken'];
}
} else {
$exception = $exceptions['connect'];
}
}
$account['http'] =& $http;
// Check the blacklist
if ($configuration['action_blacklist'] != 0 && ($blacklisted = CheckBlacklistAccount($account)) !== FALSE) {
$exception |= $exceptions['blacklist'];
$account['blacklist_item'] = $blacklisted[0]['match'];
}
// Handle any exceptions
$processed = FALSE;
if ($exception) {
$processed = ProcessAccount($account, $exception);
}
// Re-enable an account if there are no exceptions
if ($configuration['enable_disabled'] && !$processed && !$exception && $account['disabled']) {
$DB->Update('UPDATE `tlx_accounts` SET `disabled`=0 WHERE `username`=?', array($account['username']));
}
// Update date of last scan
if (!$processed) {
$gallery['date_scanned'] = gmdate(DF_DATETIME, TimeWithTz());
<div style="padding: 0px 10px 10px 10px;">
<form>
<fieldset>
<legend>Scan Results</legend>
<?php
// Get account information
$account = $DB->Row('SELECT * FROM `tlx_accounts` WHERE `username`=?', array($_REQUEST['username']));
$http = new Http();
$success = FALSE;
if ($http->Get($account['site_url'], $C['allow_redirect'])) {
$success = TRUE;
$account['html'] = $http->body;
$account['headers'] = $http->raw_response_headers;
$blacklisted = CheckBlacklistAccount($account);
?>
<table id="results" width="100%">
<tr>
<td width="235" align="right">
<b>HTTP Status</b>
</td>
<td>
<?php
echo htmlspecialchars($http->response_headers['status']);
?>
</td>
</tr>
<tr>
<td width="235" align="right">
<b>IP Address</b>
