function lxReport() { global $DB, $C, $L, $t; $v = new Validator(); $v->Register($_REQUEST['message'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['REPORT']}"); // Verify captcha code if ($C['report_captcha']) { VerifyCaptcha($v); } // Check dsbl.org for spam submissions if ($C['dsbl_report'] && CheckDsbl($_SERVER['REMOTE_ADDR'])) { $v->SetError($L['DSBL_MATCHED']); } if (!$v->Validate()) { $errors = join('<br />', $v->GetErrors()); lxShReport($errors); return; } $link = $DB->Row('SELECT * FROM lx_links JOIN lx_link_fields USING (link_id) WHERE lx_links.link_id=?', array($_REQUEST['id'])); if ($link) { $DB->Update('INSERT INTO lx_reports VALUES (?,?,?,?,?)', array(null, $_REQUEST['id'], $_REQUEST['message'], MYSQL_NOW, $_SERVER['REMOTE_ADDR'])); $t->assign_by_ref('link', $link); } $t->display('report-submitted.tpl'); }
$blacklisted = CheckBlacklistComment($_REQUEST); if ($blacklisted !== FALSE) { $v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason'])); } // See if this person has submitted a comment recently $has_recent = FALSE; if ($account !== FALSE) { $has_recent = $DB->Count('SELECT COUNT(*) FROM lx_link_comments WHERE link_id=? AND (username=? OR email=? OR submit_ip=?) AND date_added >= DATE_ADD(?, INTERVAL ? SECOND)', array($_REQUEST['link_id'], $account['username'], $_REQUEST['email'], $_SERVER['REMOTE_ADDR'], MYSQL_NOW, -$C['comment_delay'])); } else { $has_recent = $DB->Count('SELECT COUNT(*) FROM lx_link_comments WHERE link_id=? AND (email=? OR submit_ip=?) AND date_added >= DATE_ADD(?, INTERVAL ? SECOND)', array($_REQUEST['link_id'], $_REQUEST['email'], $_SERVER['REMOTE_ADDR'], MYSQL_NOW, -$C['comment_delay'])); } if ($has_recent) { $v->SetError(sprintf($L['COMMENT_LIMIT'], $C['comment_delay'])); } // Check dsbl.org for spam submissions if ($C['dsbl_comment'] && CheckDsbl($_SERVER['REMOTE_ADDR'])) { $v->SetError($L['DSBL_MATCHED']); } if (!$v->Validate()) { $errors = join('<br />', $v->GetErrors()); $t->assign('error', $errors); $t->display('error-nice.tpl'); exit; } $link = $DB->Row('SELECT * FROM lx_links WHERE link_id=?', array($_REQUEST['link_id'])); if ($link) { $status = $C['approve_comments'] ? 'pending' : 'approved'; $username = $account ? $account['username'] : ''; $DB->Update('INSERT INTO lx_link_comments VALUES (?,?,?,?,?,?,?,?,?)', array(null, $link['link_id'], $username, $_REQUEST['email'], $_REQUEST['name'], $_SERVER['REMOTE_ADDR'], MYSQL_NOW, $status, $_REQUEST['comment'])); if ($status == 'approved') { $DB->Update('UPDATE lx_links SET comments=comments+1 WHERE link_id=?', array($link['link_id']));
function lxAddLink() { global $DB, $C, $L, $t; $account = ValidUserLogin(); // Requiring user account to submit links if ($C['user_for_links'] && !$account) { $t->display('submit-info.tpl'); return; } if ($account) { $_REQUEST['email'] = $account['email']; $_REQUEST['name'] = $account['name']; } $_REQUEST['c'] = $_REQUEST['category_id']; $v = new Validator(); $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']); $v->Register($_REQUEST['site_url'], V_URL, "{$L['INVALID_URL']}: {$L['SITE_URL']}"); $v->Register($_REQUEST['title'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['TITLE']}"); $v->Register($_REQUEST['description'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['DESCRIPTION']}"); $v->Register($_REQUEST['keywords'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['KEYWORDS']}"); $v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}"); $v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}"); $v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}"); // Format keywords and check number $_REQUEST['keywords'] = FormatKeywords($_REQUEST['keywords']); $keywords = explode(' ', $_REQUEST['keywords']); $v->Register(count($keywords), V_LESS_EQ, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']); if (!empty($_REQUEST['password'])) { $v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']); } // See if URL already exists if ($DB->Count('SELECT COUNT(*) FROM lx_links WHERE site_url=?', array($_REQUEST['site_url']))) { $v->SetError($L['DUPLICATE_URL']); } // Validation of user defined fields $fields =& GetUserLinkFields(); foreach ($fields as $field) { if ($field['on_submit']) { if ($field['required']) { $v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}"); } if ($field['validation']) { $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']); } } } // Verify captcha code if ($C['link_captcha']) { VerifyCaptcha($v); } $_REQUEST['allow_redirect'] = $account ? $account['allow_redirect'] : $C['allow_redirect']; $_REQUEST['recip_required'] = $account ? $account['recip_required'] : $C['recip_required']; // Scan link $scan_result =& ScanLink($_REQUEST); // Make sure site URL is working if (!$scan_result['site_url']['working']) { $v->SetError(sprintf($L['BROKEN_URL'], $L['SITE_URL'], $scan_result['site_url']['error'])); } // Setup HTML code for blacklist check $_REQUEST['html'] = $scan_result['site_url']['html']; if (!empty($_REQUEST['recip_url'])) { $_REQUEST['html'] .= ' ' . $scan_result['recip_url']['html']; // Make sure recip URL is working if (!$scan_result['recip_url']['working']) { $v->SetError(sprintf($L['BROKEN_URL'], $L['RECIP_URL'], $scan_result['recip_url']['error'])); } } // Verify recip link was found if ($_REQUEST['recip_required'] && !$scan_result['has_recip']) { $v->SetError($L['NO_RECIP_FOUND']); } // Check blacklist $blacklisted = CheckBlacklistLink($_REQUEST); if ($blacklisted !== FALSE) { $v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason'])); } // Check dsbl.org for spam submissions if ($C['dsbl_link'] && CheckDsbl($_SERVER['REMOTE_ADDR'])) { $v->SetError($L['DSBL_MATCHED']); } // Get category information $category = $DB->Row('SELECT * FROM lx_categories WHERE category_id=?', array($_REQUEST['category_id'])); if (!$category || $category['hidden']) { $v->SetError($L['INVALID_CATEGORY']); } else { if ($category['status'] == 'locked') { $v->SetError($L['CATEGORY_LOCKED']); } } $category['path_parts'] = unserialize($category['path_parts']); if (!$v->Validate()) { $errors = join('<br />', $v->GetErrors()); lxShSubmit($errors); return; } // Setup link status $status = 'active'; if ($C['confirm_links'] && !$account) { $status = 'unconfirmed'; } else { if ($category['status'] == 'approval') { $status = 'pending'; } } // Setup username and password values $username = ''; $password = ''; if ($account) { $username = $account['username']; } else { if ($_REQUEST['password']) { $password = sha1($_REQUEST['password']); } } $weight = $account ? $account['weight'] : $C['link_weight']; // Insert link data $DB->Update('INSERT INTO lx_links VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)', array(null, $_REQUEST['site_url'], $_REQUEST['recip_url'], $_REQUEST['title'], $_REQUEST['description'], $status, 'regular', DEF_EXPIRES, $_REQUEST['name'], $_REQUEST['email'], $_SERVER['REMOTE_ADDR'], $_REQUEST['keywords'], 0, 0, null, 0, 0, 0, $weight, MYSQL_NOW, 0, MYSQL_NOW, $_REQUEST['recip_required'], $_REQUEST['allow_redirect'], '', '', $username, $password, $scan_result['has_recip'], 0, '')); $link_id = $DB->InsertID(); $sorter = $DB->Count('SELECT MAX(sorter) FROM lx_link_cats WHERE category_id=?', array($_REQUEST['category_id'])); $_REQUEST['link_id'] = $link_id; $_REQUEST['status'] = $status; // Insert category data $DB->Update('INSERT INTO lx_link_cats VALUES (?,?,?)', array($link_id, $_REQUEST['category_id'], $sorter)); // Insert user defined fields $query_data = CreateUserInsert('lx_link_fields', $_REQUEST); $DB->Update('INSERT INTO lx_link_fields VALUES (' . $query_data['bind_list'] . ')', $query_data['binds']); // Update category link count if ($status == 'active') { $DB->Update('UPDATE lx_categories SET links=links+1 WHERE category_id=?', array($_REQUEST['category_id'])); } // Update account link count if ($account) { $DB->Update('UPDATE lx_users SET num_links=num_links+1 WHERE username=?', array($account['username'])); } // Show confirmation page $t->assign_by_ref('category', $category); $t->assign_by_ref('user_fields', $fields); $t->assign_by_ref('link', $_REQUEST); $t->assign('status', $status); // Send e-mail message if ($status == 'unconfirmed') { $confirm_id = sha1(uniqid(rand(), TRUE)); $DB->Update('INSERT INTO lx_link_confirms VALUES (?,?,?)', array($link_id, $confirm_id, time())); $t->assign('confirm_id', $confirm_id); SendMail($_REQUEST['email'], 'email-link-confirm.tpl', $t); } else { if ($C['email_links']) { SendMail($_REQUEST['email'], 'email-link-added.tpl', $t); } } $t->display('submit-added.tpl'); flush(); // Send e-mail to appropriate administrators if ($status != 'unconfirmed') { $result = $DB->Query('SELECT * FROM lx_administrators'); while ($admin = $DB->NextRow($result)) { if ($admin['notifications'] & E_LINK_ADD) { SendMail($admin['email'], 'email-admin-link-add.tpl', $t); } } $DB->Free($result); } }
function lxCreateAccount() { global $DB, $C, $t, $L; $v = new Validator(); $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']); $v->Register($_REQUEST['username'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['USERNAME']}"); $v->Register($_REQUEST['password'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['PASSWORD']}"); $v->Register($_REQUEST['username'], V_ALPHANUM, $L['INVALID_USERNAME']); $v->Register($_REQUEST['username'], V_LENGTH, $L['USERNAME_LENGTH'], '3,32'); $v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']); $v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999'); $v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}"); // Validation of user defined fields $fields =& GetUserAccountFields(); foreach ($fields as $field) { if ($field['on_create']) { if ($field['required']) { $v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}"); } if ($field['validation']) { $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']); } } } // Username exists? if ($DB->Count('SELECT COUNT(*) FROM lx_users WHERE username=?', array($_REQUEST['username']))) { $v->SetError($L['DUPLICATE_USER']); } // E-mail exists? if ($DB->Count('SELECT COUNT(*) FROM lx_users WHERE email=?', array($_REQUEST['email']))) { $v->SetError($L['DUPLICATE_EMAIL']); } // Verify captcha code if ($C['account_captcha']) { VerifyCaptcha($v); } // Check dsbl.org for spam submissions if ($C['dsbl_account'] && CheckDsbl($_SERVER['REMOTE_ADDR'])) { $v->SetError($L['DSBL_MATCHED']); } // Check blacklist $blacklisted = CheckBlacklistAccount($_REQUEST); if ($blacklisted !== FALSE) { $v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason'])); } if (!$v->Validate()) { $errors = join('<br />', $v->GetErrors()); lxShRegister($errors); return; } $status = 'active'; $confirm_id = ''; // Confirm accounts by e-mail if ($C['confirm_accounts']) { $status = 'unconfirmed'; } else { if ($C['approve_accounts']) { $status = 'pending'; } } // Add pre-defined data $DB->Update('INSERT INTO lx_users VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)', array($_REQUEST['username'], sha1($_REQUEST['password']), $_REQUEST['name'], $_REQUEST['email'], MYSQL_NOW, null, $status, '', 0, 0, $C['recip_required'], $C['allow_redirect'], $C['link_weight'])); // Add user defined fields $query_data = CreateUserInsert('lx_user_fields', $_REQUEST); $DB->Update('INSERT INTO lx_user_fields VALUES (' . $query_data['bind_list'] . ')', $query_data['binds']); // Setup template values $t->assign_by_ref('user_fields', $fields); $t->assign_by_ref('account', $_REQUEST); $t->assign('status', $status); // Send e-mail message if ($status == 'unconfirmed') { $confirm_id = sha1(uniqid(rand(), TRUE)); $DB->Update('INSERT INTO lx_user_confirms VALUES (?,?,?)', array($_REQUEST['username'], $confirm_id, time())); $t->assign('confirm_id', $confirm_id); SendMail($_REQUEST['email'], 'email-account-confirm.tpl', $t); } else { if ($C['email_accounts']) { SendMail($_REQUEST['email'], 'email-account-added.tpl', $t); } } // Display confirmation page $t->display('account-created.tpl'); }
if ($C['user_for_rate']) { $account = ValidUserLogin(); if ($account === FALSE || $account['status'] != 'active') { if ($account === FALSE) { $v->SetError($L['INVALID_LOGIN']); } else { if ($account['status'] == 'suspended') { $v->SetError($L['SUSPENDED_ACCOUNT']); } else { $v->SetError($L['PENDING_ACCOUNT']); } } } } // Check dsbl.org for spam submissions if ($C['dsbl_rate'] && CheckDsbl($_SERVER['REMOTE_ADDR'])) { $v->SetError($L['DSBL_MATCHED']); } if (!$v->Validate()) { $errors = join('<br />', $v->GetErrors()); $t->assign('error', $errors); $t->display('error-nice.tpl'); exit; } // See if this person has rated this link already $has_rated = FALSE; if ($account) { $has_rated = $DB->Count('SELECT COUNT(*) FROM lx_link_ratings WHERE link_id=? AND (username=? OR submit_ip=?)', array($_REQUEST['link_id'], $account['username'], $_SERVER['REMOTE_ADDR'])); } else { $has_rated = $DB->Count('SELECT COUNT(*) FROM lx_link_ratings WHERE link_id=? AND submit_ip=?', array($_REQUEST['link_id'], $_SERVER['REMOTE_ADDR'])); }