function tbxVideoImportAnalyze() { $v = Validator::Create(); try { $file = Video_Import::ProcessSource($_REQUEST); $fields = Video_Import::Analyze(TEMP_DIR . '/' . $file, Request::Get('delimiter')); } catch (Exception $e) { $v->SetError($e->getMessage()); } if (!$v->Validate()) { return tbxVideoImportShow($v->GetErrors()); } include_once 'cp-video-import-analyze.php'; }
public function PreProcess() { $v = Validator::Create(); $v->Register($this->source[Video_Source::FIELD_EMBED], Validator_Type::NOT_EMPTY, 'The Embed Code field is required'); $v->Register($this->source[Video_Source::FIELD_DURATION], Validator_Type::VALID_TIME, 'The Video Duration field must be in HH:MM:SS format'); $this->duration = Format::DurationToSeconds($this->source[Video_Source::FIELD_DURATION]); $this->video_dir = new Video_Dir(null, 0700); Request::FixFiles(); // No thumbnails uploaded if (!isset($_FILES[Video_Source::FIELD_THUMBNAILS])) { return; } // Process each uploaded file foreach ($_FILES[Video_Source::FIELD_THUMBNAILS] as $upload) { // No file uploaded in this field if ($upload['error'] == UPLOAD_ERR_NO_FILE) { continue; } // Check for other errors if ($upload['error'] != UPLOAD_ERR_OK) { throw new BaseException(Uploads::CodeToMessage($upload['error'])); } switch (File::Type($upload['name'])) { case File::TYPE_ZIP: foreach (Zip::ExtractEntries($upload['tmp_name'], File::TYPE_JPEG) as $name => $data) { $thumbs[] = $this->video_dir->AddTempFromVar($data, JPG_EXTENSION); } break; case File::TYPE_JPEG: $thumbs[] = $this->video_dir->AddTempFromFile($upload['tmp_name'], JPG_EXTENSION); break; } } // Resize (if possible) and move images to the correct directory if (Video_Thumbnail::CanResize()) { $this->thumbs = Video_Thumbnail::ResizeDirectory($this->video_dir->GetTempDir(), $this->video_dir->GetThumbsDir(), Config::Get('thumb_size'), Config::Get('thumb_quality')); } else { $this->thumbs = $this->video_dir->MoveFiles(Video_Dir::TEMP, Video_Dir::THUMBS, JPG_EXTENSION); } // Cleanup temp and processing dirs $this->video_dir->ClearTemp(); $this->video_dir->ClearProcessing(); }
function tbxDisplayResetConfirm() { global $t; $DB = GetDB(); $v = Validator::Create(); // Remove expired codes $DB->Update('DELETE FROM `tbx_user_reset_code` WHERE `timestamp` < ?', array(time() - 3600)); $confirmation = $DB->Row('SELECT * FROM `tbx_user` JOIN `tbx_user_reset_code` USING (`username`) WHERE `reset_code`=?', array($_REQUEST['code'])); $v->Register(empty($confirmation), Validator_Type::IS_FALSE, _T('Validation:Invalid confirmation code')); if (!$v->Validate()) { $t->Assign('g_errors', $v->GetErrors()); } else { $DB->Update('DELETE FROM `tbx_user_reset_code` WHERE `username`=?', array($confirmation['username'])); $user = $DB->Row('SELECT * FROM `tbx_user` JOIN `tbx_user_custom` USING (`username`) JOIN `tbx_user_stat` USING (`username`) WHERE `tbx_user`.`username`=?', array($confirmation['username'])); $password = RandomPassword(); DatabaseUpdate('tbx_user', array('username' => $user['username'], 'password' => sha1($password))); $t->AssignByRef('g_user', $user); $t->Assign('g_password', $password); $m = new Mailer(); $m->Mail('email-user-reset.tpl', $t, $user['email'], $user['name']); } $t->Display('user-reset-confirmed.tpl'); }
function tbxUploadStepTwo() { global $t; $upload = $_FILES['video_file']; $v = Validator::Create(); $DB = GetDB(); $v->Register(sha1($_REQUEST['step_one_data'] . Config::Get('random_value')) == $_REQUEST['step_one_sig'], Validator_Type::IS_TRUE, _T('Validation:Video Data Altered')); $v->Register($upload['error'] == UPLOAD_ERR_OK, Validator_Type::IS_TRUE, Uploads::CodeToMessage($upload['error'])); if (is_uploaded_file($upload['tmp_name'])) { $max_filesize = Format::StringToBytes(Config::Get('max_upload_size')); $max_duration = Format::DurationToSeconds(Config::Get('max_upload_duration')); $extensions = str_replace(',', '|', Config::Get('upload_extensions')); $v->Register($upload['size'], Validator_Type::IS_BETWEEN, _T('Validation:Video size too large'), '1,' . $max_filesize); $v->Register(File::Extension($upload['name']), Validator_Type::REGEX_MATCH, _T('Validation:Video file extension not allowed'), '~^(' . $extensions . ')$~'); try { $vi = new Video_Info($upload['tmp_name']); $vi->Extract(); $v->Register($vi->length, Validator_Type::LESS_EQ, _T('Validation:Video duration too long'), $max_duration); } catch (Exception $e) { $v->Register(false, Validator_Type::IS_TRUE, $e->getMessage()); } $md5 = md5_file($upload['tmp_name']); if (Config::Get('flag_upload_reject_duplicates')) { $v->Register($DB->QueryCount('SELECT COUNT(*) FROM `tbx_video_md5sum` WHERE `md5`=?', array($md5)), Validator_Type::IS_ZERO, _T('Validation:Duplicate video')); } } // Validate input if (!$v->Validate()) { $t->Assign('g_errors', $v->GetErrors()); $t->AssignByRef('g_form', $_REQUEST); if (isset($_REQUEST['flash'])) { $t->Display('upload-flash-errors.tpl'); } else { $t->Assign('g_file_types', '*.' . str_replace(',', ';*.', Config::Get('upload_extensions'))); $t->Assign('g_cookie', $_COOKIE[LOGIN_COOKIE]); $t->Display('upload-step-two.tpl'); } return; } $_REQUEST = array_merge($_REQUEST, unserialize(base64_decode($_REQUEST['step_one_data']))); Form_Prepare::Standard('tbx_video'); Form_Prepare::Standard('tbx_video_stat'); Form_Prepare::Custom('tbx_video_custom_schema', 'on_submit'); $_REQUEST['duration'] = $vi->length; $_REQUEST['date_added'] = Database_MySQL::Now(); $_REQUEST['username'] = AuthenticateUser::GetUsername(); $_REQUEST['is_private'] = Config::Get('flag_upload_allow_private') ? intval($_REQUEST['is_private']) : 0; $_REQUEST['allow_ratings'] = intval($_REQUEST['allow_ratings']); $_REQUEST['allow_embedding'] = intval($_REQUEST['allow_embedding']); $_REQUEST['allow_comments'] = intval($_REQUEST['allow_comments']) ? 'Yes - Add Immediately' : 'No'; $_REQUEST['is_user_submitted'] = 1; if ($_REQUEST['recorded_day'] && $_REQUEST['recorded_month'] && $_REQUEST['recorded_year']) { $_REQUEST['date_recorded'] = $_REQUEST['recorded_year'] . '-' . $_REQUEST['recorded_month'] . '-' . $_REQUEST['recorded_day']; } // Strip HTML tags if (Config::Get('flag_video_strip_tags')) { $_REQUEST = String::StripTags($_REQUEST); } // Configure status $_REQUEST['status'] = STATUS_ACTIVE; if (Config::Get('flag_upload_convert')) { $_REQUEST['status'] = STATUS_QUEUED; $_REQUEST['next_status'] = Config::Get('flag_upload_review') ? STATUS_PENDING : STATUS_ACTIVE; } else { if (Config::Get('flag_upload_review')) { $_REQUEST['status'] = STATUS_PENDING; } } // Add to database $_REQUEST['video_id'] = DatabaseAdd('tbx_video', $_REQUEST); DatabaseAdd('tbx_video_custom', $_REQUEST); DatabaseAdd('tbx_video_stat', $_REQUEST); if ($_REQUEST['status'] == STATUS_ACTIVE && !$_REQUEST['is_private']) { Tags::AddToFrequency($_REQUEST['tags']); } else { if ($_REQUEST['status'] == STATUS_QUEUED) { DatabaseAdd('tbx_conversion_queue', array('video_id' => $_REQUEST['video_id'], 'queued' => time())); } } // Mark as private if ($_REQUEST['is_private']) { $_REQUEST['private_id'] = sha1(uniqid(rand(), true)); DatabaseAdd('tbx_video_private', $_REQUEST); } // Setup video files and generate thumbnails $directory = Video_Dir::DirNameFromId($_REQUEST['video_id']); $vd = new Video_Dir($directory); $clip = $vd->AddClipFromFile($upload['tmp_name'], File::Extension($upload['name'])); if (Video_FrameGrabber::CanGrab()) { Video_FrameGrabber::Grab($clip, $vd->GetThumbsDir(), Config::Get('thumb_amount'), Config::Get('thumb_quality'), Config::Get('thumb_size'), $vi); } foreach ($vd->GetClipURIs() as $clip) { $_REQUEST['clip'] = $clip; $_REQUEST['filesize'] = filesize(Config::Get('document_root') . $clip); DatabaseAdd('tbx_video_clip', $_REQUEST); } $thumb_ids = array(); foreach ($vd->GetThumbURIs() as $thumb) { $_REQUEST['thumbnail'] = $thumb; $thumb_ids[] = DatabaseAdd('tbx_video_thumbnail', $_REQUEST); } // Select the display thumbnail $num_thumbnails = count($thumb_ids); $display_thumbnail = null; if ($num_thumbnails > 0) { $display_thumbnail = $thumb_ids[rand(0, floor(0.4 * $num_thumbnails))]; } DatabaseUpdate('tbx_video', array('video_id' => $_REQUEST['video_id'], 'num_thumbnails' => $num_thumbnails, 'display_thumbnail' => $display_thumbnail)); // Add MD5 sum for prevention of duplicates $DB->Update('REPLACE INTO `tbx_video_md5sum` VALUES (?)', array($md5)); // Update user stats StatsRollover(); $DB->Update('UPDATE `tbx_user_stat` SET ' . '`today_videos_uploaded`=`today_videos_uploaded`+1,' . '`week_videos_uploaded`=`week_videos_uploaded`+1,' . '`month_videos_uploaded`=`month_videos_uploaded`+1,' . '`total_videos_uploaded`=`total_videos_uploaded`+1 ' . 'WHERE `username`=?', array($_REQUEST['username'])); $t->AssignByRef('g_form', $_REQUEST); $t->AssignByRef('g_video', $_REQUEST); $t->Display(isset($_REQUEST['flash']) ? 'upload-flash-complete.tpl' : 'upload-complete.tpl'); UpdateCategoryStats($_REQUEST['category_id']); if (!Config::Get('flag_using_cron') && $_REQUEST['status'] == STATUS_QUEUED) { ConversionQueue::Start(); } }
function tbxSavedSearchAdd() { $DB = GetDB(); $output = array('message' => 'New saved search has been successfully created'); $v = Validator::Create(); $existing = $DB->QuerySingleColumn('SELECT COUNT(*) FROM `tbx_saved_search` WHERE `item_type`=? AND `identifier`=?', array(Request::Get('type'), Request::Get('identifier'))); $v->Register(Request::Get('identifier'), Validator_Type::NOT_EMPTY, 'The identifier field must be filled in'); $v->Register($existing, Validator_Type::LESS, 'The identifier you are trying to add already exists', 1); if (!$v->Validate()) { $output['message'] = 'Saved Search could not be added; please fix the following items'; $output['errors'] = $v->GetErrors(); JSON::Failure($output); } else { parse_str(Request::Get('form'), $form); $form = json_encode($form); $DB->Update('INSERT INTO `tbx_saved_search` VALUES (?,?,?,?)', array(null, Request::Get('identifier'), Request::Get('type'), $form)); $output['value'] = $DB->LastInsertId(); $output['text'] = Request::Get('identifier'); JSON::Success($output); } }
// distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. require_once 'includes/global.php'; Request::Setup(); if (AuthenticateUser::Login()) { $DB = GetDB(); $video = $DB->Row('SELECT * FROM `tbx_video` WHERE `video_id`=?', array($_REQUEST['video_id'])); $username = AuthenticateUser::GetUsername(); $video_id = $_REQUEST['video_id']; $comment = $_REQUEST['comment']; $max_length = Config::Get('comment_max_length'); $throttle = Config::Get('comment_throttle_period'); if (!empty($video)) { $v = Validator::Create(); $v->Register($video['allow_comments'], Validator_Type::NOT_EQUALS, _T('Validation:Comments disabled'), COMMENTS_NO); $v->Register($_REQUEST['comment'], Validator_Type::NOT_EMPTY, _T('Validation:Required', _T('Label:Comment'))); $v->Register($_REQUEST['comment'], Validator_Type::LENGTH_LESS_EQ, _T('Validation:Length too long', _T('Label:Comment'), $max_length), $max_length); $v->Register($DB->QueryCount('SELECT COUNT(*) FROM `tbx_video_comment` WHERE `video_id`=? AND `username`=? AND `date_commented`>=DATE_SUB(?, INTERVAL ? SECOND)', array($video_id, $username, Database_MySQL::Now(), $throttle)), Validator_Type::IS_ZERO, _T('Validation:Comment throttle', $throttle)); // Check blacklist $_REQUEST['ip_address'] = $_SERVER['REMOTE_ADDR']; if (($match = Blacklist::Match($_REQUEST, Blacklist::ITEM_COMMENT)) !== false) { $v->SetError(_T('Validation:Blacklisted', $match['match'])); } // Validate CAPTCHA if (Config::Get('flag_captcha_on_comment')) { Captcha::Verify(); } if (!$v->Validate()) { echo join('<br />', $v->GetErrors());
public static function Verify() { // Retrieve $DB = GetDB(); $captcha = $DB->Row('SELECT * FROM # WHERE `session`=?', array(self::TABLE, $_COOKIE[self::COOKIE])); // Validate $v = Validator::Create(); $v->Register(!empty($captcha) && strtoupper($captcha['code']) == strtoupper(Request::Get('captcha')), Validator_Type::IS_TRUE, _T('Validation:Invalid Captcha')); // Remove $DB->Update('DELETE FROM # WHERE `session`=?', array(self::TABLE, $_COOKIE[self::COOKIE])); setcookie(self::COOKIE, null, time() - self::EXPIRES, Config::Get('cookie_path'), Config::Get('cookie_domain')); }