function tlxAccountAdd() { global $C, $DB, $L, $IMAGE_EXTENSIONS, $t; unset($_REQUEST['banner_url_local']); // Get domain $parsed_url = parse_url($_REQUEST['site_url']); $_REQUEST['domain'] = preg_replace('~^www\\.~', '', $parsed_url['host']); $v = new Validator(); // Get selected category (if any) and set variables if (isset($_REQUEST['category_id'])) { $category = $DB->Row('SELECT * FROM `tlx_categories` WHERE `category_id`=? AND `hidden`=0', array($_REQUEST['category_id'])); if ($category) { $C['min_desc_length'] = $category['desc_min_length']; $C['max_desc_length'] = $category['desc_max_length']; $C['min_title_length'] = $category['title_min_length']; $C['max_title_length'] = $category['title_max_length']; $C['banner_max_width'] = $category['banner_max_width']; $C['banner_max_height'] = $category['banner_max_height']; $C['banner_max_bytes'] = $category['banner_max_bytes']; $C['allow_redirect'] = $category['allow_redirect']; } else { $v->SetError($L['INVALID_CATEGORY']); } } // See if username is taken if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE `username`=?', array($_REQUEST['username'])) > 0) { $v->SetError($L['USERNAME_TAKEN']); } // Check for duplicate account information if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE `site_url`=? OR `email`=? OR `domain`=?', array($_REQUEST['site_url'], $_REQUEST['email'], $_REQUEST['domain'])) > 0) { $v->SetError($L['EXISTING_ACCOUNT']); } $v->Register($_REQUEST['username'], V_LENGTH, $L['USERNAME_LENGTH'], '4,32'); $v->Register($_REQUEST['username'], V_ALPHANUM, $L['INVALID_USERNAME']); $v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999'); $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']); $v->Register($_REQUEST['site_url'], V_URL, sprintf($L['INVALID_URL'], $L['SITE_URL'])); $v->Register($_REQUEST['password'], V_NOT_EQUALS, $L['USERNAME_IS_PASSWORD'], $_REQUEST['username']); $v->Register($_REQUEST['password'], V_EQUALS, $L['PASSWORDS_DONT_MATCH'], $_REQUEST['confirm_password']); if (!IsEmptyString($_REQUEST['banner_url'])) { $v->Register($_REQUEST['banner_url'], V_URL, sprintf($L['INVALID_URL'], $L['BANNER_URL'])); } // Format keywords and check number if ($C['allow_keywords']) { $_REQUEST['keywords'] = FormatSpaceSeparated($_REQUEST['keywords']); $keywords = explode(' ', $_REQUEST['keywords']); $v->Register(count($keywords), V_LESS_EQ, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']); } else { $_REQUEST['keywords'] = null; } // Verify captcha code if ($C['account_add_captcha']) { VerifyCaptcha($v); } // Initial validation if (!$v->Validate()) { return $v->ValidationError('tlxShAccountAdd', TRUE); } // Check if the site URL is working $http = new Http(); if ($http->Get($_REQUEST['site_url'], $C['allow_redirect'])) { $_REQUEST['html'] = $http->body; $_REQUEST['headers'] = $http->raw_response_headers; } else { $v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['site_url'], $http->errstr)); } // Check the blacklist $blacklisted = CheckBlacklistAccount($_REQUEST); if ($blacklisted !== FALSE) { $v->SetError(sprintf($blacklisted[0]['reason'] ? $L['BLACKLISTED_REASON'] : $L['BLACKLISTED'], $blacklisted[0]['match'], $blacklisted[0]['reason'])); } // Check site title and description length $v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}"); $v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}"); // Validation of user defined fields $fields =& GetUserAccountFields(); foreach ($fields as $field) { if ($field['on_create']) { if ($field['required_create']) { $v->Register($_REQUEST[$field['name']], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $field['label'])); } if (!IsEmptyString($_REQUEST[$field['name']]) && $field['validation']) { $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']); } } } // Download banner to check size $banner_file = null; if (!IsEmptyString($_REQUEST['banner_url']) && ($C['download_banners'] || $C['host_banners'])) { $http = new Http(); if ($http->Get($_REQUEST['banner_url'], TRUE, $_REQUEST['site_url'])) { $banner_file = SafeFilename("{$C['banner_dir']}/{$_REQUEST['username']}.jpg", FALSE); FileWrite($banner_file, $http->body); $banner_info = @getimagesize($banner_file); if ($banner_info !== FALSE) { $_REQUEST['banner_width'] = $banner_info[0]; $_REQUEST['banner_height'] = $banner_info[1]; if (filesize($banner_file) > $C['banner_max_bytes']) { $v->SetError(sprintf($L['BAD_BANNER_BYTES'], $C['banner_max_bytes'])); } if ($C['host_banners']) { if (isset($IMAGE_EXTENSIONS[$banner_info[2]])) { $banner_ext = strtolower($IMAGE_EXTENSIONS[$banner_info[2]]); if ($banner_ext != 'jpg') { $new_file = preg_replace('~\\.jpg$~', ".{$banner_ext}", $banner_file); rename($banner_file, $new_file); $banner_file = $new_file; } $_REQUEST['banner_url_local'] = "{$C['banner_url']}/{$_REQUEST['username']}.{$banner_ext}"; } else { $v->SetError($L['BAD_BANNER_IMAGE']); } } else { @unlink($banner_file); $banner_file = null; } } else { $v->SetError($L['BAD_BANNER_IMAGE']); } } else { $v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['banner_url'], $http->errstr)); } } // Check banner dimensions if ($_REQUEST['banner_width'] > $C['banner_max_width'] || $_REQUEST['banner_height'] > $C['banner_max_height']) { $v->SetError(sprintf($L['BAD_BANNER_SIZE'], $C['banner_max_width'], $C['banner_max_height'])); } // Force banner dimensions if ($C['banner_force_size']) { $_REQUEST['banner_width'] = $C['banner_max_width']; $_REQUEST['banner_height'] = $C['banner_max_height']; } if (!$v->Validate()) { if (!empty($banner_file)) { @unlink($banner_file); } return $v->ValidationError('tlxShAccountAdd', TRUE); } $_REQUEST['status'] = STATUS_ACTIVE; $email_template = 'email-account-added.tpl'; if ($C['confirm_accounts']) { $_REQUEST['status'] = STATUS_UNCONFIRMED; $email_template = 'email-account-confirm.tpl'; $confirm_id = md5(uniqid(rand(), true)); $t->assign('confirm_url', "{$C['install_url']}/accounts.php?r=confirm&id={$confirm_id}"); $DB->Update('INSERT INTO `tlx_account_confirms` VALUES (?,?,?)', array($_REQUEST['username'], $confirm_id, MYSQL_NOW)); } else { if ($C['review_new_accounts']) { $_REQUEST['status'] = STATUS_PENDING; $email_template = 'email-account-pending.tpl'; } } // Add account information $DB->Update('INSERT INTO `tlx_accounts` VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)', array($_REQUEST['username'], $_REQUEST['email'], $_REQUEST['site_url'], $_REQUEST['domain'], $_REQUEST['banner_url'], $_REQUEST['banner_url_local'], $_REQUEST['banner_height'], $_REQUEST['banner_width'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['keywords'], MYSQL_NOW, $_REQUEST['status'] == STATUS_ACTIVE ? MYSQL_NOW : null, MYSQL_NOW, sha1($_REQUEST['password']), $C['return_percent'], $_REQUEST['status'], 0, 0, 0, $_REQUEST['category_id'], null, null, 0, 0, 0, null, null)); // Create stats tracking data $stats_data = array_merge(array($_REQUEST['username']), array_fill(0, 127, 0)); $DB->Update('INSERT INTO `tlx_account_hourly_stats` VALUES (' . CreateBindList($stats_data) . ')', $stats_data); // Insert user defined database fields $query_data = CreateUserInsert('tlx_account_fields', $_REQUEST); $DB->Update('INSERT INTO `tlx_account_fields` VALUES (' . $query_data['bind_list'] . ')', $query_data['binds']); // Assign template values $_REQUEST['category'] = $category['name']; $t->assign_by_ref('account', $_REQUEST); $t->assign_by_ref('user_fields', $fields); $t->assign('tracking_url', $C['tracking_mode'] == 'unique_link' ? "{$C['in_url']}?id={$_REQUEST['username']}" : $C['in_url']); // Send e-mail to account submitter if ($C['confirm_accounts'] || $C['email_new_accounts']) { SendMail($_REQUEST['email'], $email_template, $t); } // Send e-mail to administrators $administrators =& $DB->FetchAll('SELECT * FROM `tlx_administrators`'); foreach ($administrators as $administrator) { if ($administrator['notifications'] & E_ACCOUNT_ADDED) { SendMail($administrator['email'], 'email-admin-account-added.tpl', $t); } } // Display confirmation page $t->display('accounts-added.tpl'); }
function txGalleryEdit() { global $DB, $C; VerifyPrivileges(P_GALLERY_MODIFY); $v = new Validator(); $v->Register($_REQUEST['email'], V_EMAIL, 'The E-mail Address is not properly formatted'); $v->Register($_REQUEST['gallery_url'], V_URL, 'The Gallery URL is not properly formatted'); $v->Register($_REQUEST['date_scheduled'], V_DATETIME, 'The Scheduled Date is not properly formatted'); $v->Register($_REQUEST['date_deletion'], V_DATETIME, 'The Delete Date is not properly formatted'); if ($_REQUEST['status'] == 'used' || $_REQUEST['status'] == 'holding') { $v->Register($_REQUEST['date_displayed'], V_EMPTY, 'The Displayed Date must be filled in'); $v->Register($_REQUEST['date_displayed'], V_DATETIME, 'The Displayed Date is not properly formatted'); } if (!IsEmptyString($_REQUEST['partner'])) { $partner = $DB->Row('SELECT * FROM `tx_partners` WHERE `username`=?', array($_REQUEST['partner'])); if (!$partner) { $v->SetError('The Partner username you entered does not match an existing partner account'); } } // Check tags for proper format if (!IsEmptyString($_REQUEST['tags'])) { $_REQUEST['tags'] = FormatSpaceSeparated($_REQUEST['tags']); foreach (explode(' ', $_REQUEST['tags']) as $tag) { if (strlen($tag) < 4 || !preg_match('~^[a-z0-9_]+$~i', $tag)) { $v->SetError('All tags must be at least 4 characters in length and contain only letters, numbers, and underscores'); break; } } } if (!$v->Validate()) { return $v->ValidationError('txShGalleryEdit'); } NullIfEmpty($_REQUEST['date_scheduled']); NullIfEmpty($_REQUEST['date_displayed']); NullIfEmpty($_REQUEST['date_deletion']); // Update gallery data $DB->Update('UPDATE `tx_galleries` SET ' . '`gallery_url`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`thumbnails`=?, ' . '`email`=?, ' . '`nickname`=?, ' . '`weight`=?, ' . '`clicks`=?, ' . '`submit_ip`=?, ' . '`sponsor_id`=?, ' . '`type`=?, ' . '`format`=?, ' . '`status`=?, ' . '`date_scheduled`=?, ' . '`date_displayed`=?, ' . '`date_deletion`=?, ' . '`partner`=?, ' . '`allow_scan`=?, ' . '`allow_preview`=?, ' . '`tags`=?, ' . '`categories`=? ' . 'WHERE `gallery_id`=?', array($_REQUEST['gallery_url'], $_REQUEST['description'], FormatSpaceSeparated($_REQUEST['keywords']), $_REQUEST['thumbnails'], $_REQUEST['email'], $_REQUEST['nickname'], $_REQUEST['weight'], $_REQUEST['clicks'], $_REQUEST['submit_ip'], $_REQUEST['sponsor_id'], $_REQUEST['type'], $_REQUEST['format'], $_REQUEST['status'], $_REQUEST['date_scheduled'], $_REQUEST['date_displayed'], $_REQUEST['date_deletion'], $_REQUEST['partner'], intval($_REQUEST['allow_scan']), intval($_REQUEST['allow_preview']), FormatSpaceSeparated($_REQUEST['tags']), CategoryTagsFromIds($_REQUEST['categories']), $_REQUEST['gallery_id'])); // Update user defined fields UserDefinedUpdate('tx_gallery_fields', 'tx_gallery_field_defs', 'gallery_id', $_REQUEST['gallery_id'], $_REQUEST); // Update icons $DB->Update('DELETE FROM `tx_gallery_icons` WHERE `gallery_id`=?', array($_REQUEST['gallery_id'])); if (is_array($_REQUEST['icons'])) { foreach ($_REQUEST['icons'] as $icon_id) { $DB->Update('INSERT INTO `tx_gallery_icons` VALUES (?,?)', array($_REQUEST['gallery_id'], $icon_id)); } } $GLOBALS['message'] = 'Gallery successfully updated'; $GLOBALS['added'] = true; txShGalleryEdit(); }
function txAddGallery() { global $DB, $C, $L, $t, $domain; // Set some default values $defaults = array('weight' => $C['gallery_weight'], 'clicks' => 0, 'submit_ip' => $_SERVER['REMOTE_ADDR'], 'sponsor_id' => null, 'type' => 'submitted', 'format' => $C['allow_format'] ? $_REQUEST['format'] : FMT_PICTURES, 'status' => 'pending', 'previous_status' => null, 'date_scanned' => MYSQL_NOW, 'date_added' => MYSQL_NOW, 'date_approved' => null, 'date_scheduled' => null, 'date_displayed' => null, 'date_deletion' => null, 'allow_scan' => 1, 'allow_preview' => 1, 'has_preview' => 0, 'times_selected' => 0, 'used_counter' => 0, 'build_counter' => 0, 'tags' => $domain['tags']); $_REQUEST = array_merge($_REQUEST, $defaults); $v = new Validator(); // Verify and grab partner account $partner = null; if (!IsEmptyString($_REQUEST['username']) || !IsEmptyString($_REQUEST['password'])) { $partner = $DB->Row('SELECT * FROM `tx_partners` WHERE `username`=? AND `password`=?', array($_REQUEST['username'], sha1($_REQUEST['password']))); if (!$partner) { $v->SetError($L['INVALID_LOGIN']); } else { // Setup the correct weight value for this account $_REQUEST['weight'] = $partner['weight']; $_REQUEST['partner'] = $partner['username']; $_REQUEST['email'] = $partner['email']; $_REQUEST['nickname'] = $partner['name']; if (!empty($partner['categories'])) { $partner['categories'] = unserialize($partner['categories']); } // Nickname not required for partner accounts if ($C['require_nickname']) { $v->Register($_REQUEST['nickname'], V_EMPTY, $L['NO_PARTNER_NICKNAME']); } // Check if the partner account is active and valid to submit if ($partner['status'] == 'suspended') { $v->SetError($L['ACCOUNT_SUSPENDED']); } else { if ($partner['status'] != 'active') { $v->SetError($L['ACCOUNT_PENDING']); } } // Check active dates if (!IsEmptyString($partner['date_end']) && !IsEmptyString($partner['date_start'])) { $now = strtotime(MYSQL_NOW); $end = strtotime($partner['date_end']); $start = strtotime($partner['date_start']); if ($now < $start || $now > $end) { $start_time = date("{$C['date_format']} {$C['time_format']}", $start); $end_time = date("{$C['date_format']} {$C['time_format']}", $end); $v->SetError(sprintf($L['ACCOUNT_EXPIRED'], $start_time, $end_time)); } } if ($partner['domains']) { $partner['domains'] = unserialize($partner['domains']); if ($domain) { if (!$partner['domains_as_exclude'] && !in_array($domain['domain_id'], $partner['domains']) || $partner['domains_as_exclude'] && in_array($domain['domain_id'], $partner['domains'])) { $v->SetError($L['BAD_PARTNER_DOMAIN']); } } } } } // See if only accepting submissions from partners if (!$partner && $C['submit_status'] == 'partner') { $v->SetError($L['PARTNERS_ONLY']); } // Do partner account validation if (!$v->Validate()) { return $v->ValidationError('txShGallerySubmit', TRUE); } $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']); $v->Register($_REQUEST['gallery_url'], V_URL, sprintf($L['INVALID_URL'], $L['GALLERY_URL'])); if ($C['require_keywords']) { $v->Register($_REQUEST['keywords'], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $L['KEYWORDS'])); } if ($C['require_nickname']) { $v->Register($_REQUEST['nickname'], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $L['NAME'])); } if ($C['require_description']) { $v->Register($_REQUEST['description'], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $L['DESCRIPTION'])); } // Check description length if required or provided if ($C['require_description'] || !IsEmptyString($_REQUEST['description'])) { $v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}"); } // Format keywords and check number $_REQUEST['keywords'] = FormatSpaceSeparated($_REQUEST['keywords']); $keywords = explode(' ', $_REQUEST['keywords']); $v->Register(count($keywords), V_LESS_EQ, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']); // Validation of user defined fields $fields =& GetUserGalleryFields(); foreach ($fields as $field) { if ($field['on_submit']) { if ($field['required']) { $v->Register($_REQUEST[$field['name']], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $field['label'])); } if (!IsEmptyString($_REQUEST[$field['name']]) && $field['validation']) { $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']); } } } // Check the global number of submissions if (!$partner && $C['max_submissions'] != -1) { $todays_submissions = $DB->Count('SELECT COUNT(*) FROM `tx_galleries` WHERE type=? AND (partner=? OR partner IS NULL) AND `date_added` BETWEEN ? AND ?', array('submitted', '', MYSQL_CURDATE . ' 00:00:00', MYSQL_CURDATE . ' 23:59:59')); if ($todays_submissions >= $C['max_submissions']) { $t->display($domain['template_prefix'] . 'submit-full-global.tpl'); return; } } // Check the number of submitted galleries if ($partner) { if ($partner['per_day'] != -1) { $amount = $DB->Count('SELECT COUNT(*) FROM `tx_galleries` WHERE `partner`=? AND `type`=? AND `date_added` BETWEEN ? AND ?', array($partner['username'], 'submitted', MYSQL_CURDATE . ' 00:00:00', MYSQL_CURDATE . ' 23:59:59')); if ($amount >= $partner['per_day']) { $v->SetError($L['SUBMIT_LIMIT_REACHED']); } } } else { if ($C['submissions_per_person'] != -1) { $amount = $DB->Count('SELECT COUNT(*) FROM `tx_galleries` WHERE (`submit_ip`=? OR `email`=? OR `gallery_url`=?) AND `type`=? AND `date_added` BETWEEN ? AND ?', array($_SERVER['REMOTE_ADDR'], $_REQUEST['email'], LevelUpUrl($_REQUEST['gallery_url']), 'submitted', MYSQL_CURDATE . ' 00:00:00', MYSQL_CURDATE . ' 23:59:59')); if ($amount >= $C['submissions_per_person']) { $v->SetError($L['SUBMIT_LIMIT_REACHED']); } } } // Check for valid category if allowing multiple categories to be selected $category = null; if ($C['allow_multiple_cats']) { if (is_array($_REQUEST['category_id'])) { $_REQUEST['category_id'] = array_unique($_REQUEST['category_id']); if (count($_REQUEST['category_id']) > $C['max_categories']) { $v->SetError(sprintf($L['EXCESSIVE_CATEGORIES'], $C['max_categories'])); } else { $category_names = array(); $category_tags = array(); $_REQUEST['submitted_categories'] = join(',', $_REQUEST['category_id']); // Check that all categories are valid foreach ($_REQUEST['category_id'] as $category_id) { $temp_category = $DB->Row('SELECT * FROM `tx_categories` WHERE `category_id`=? AND `hidden`=0', array($category_id)); if (!$temp_category) { $v->SetError($L['INVALID_CATEGORY']); } else { // Set primary category if ($category == null) { $category = $temp_category; } // Check category submission limit if ($temp_category['per_day'] != -1) { $category_submissions = $DB->Count('SELECT COUNT(*) FROM `tx_galleries` WHERE type=? AND MATCH(`categories`) AGAINST(? IN BOOLEAN MODE) AND `date_added` BETWEEN ? AND ?', array('submitted', $temp_category['tag'], MYSQL_CURDATE . ' 00:00:00', MYSQL_CURDATE . ' 23:59:59')); if ($category_submissions >= $temp_category['per_day']) { $v->SetError(sprintf($L['CATEGORY_FULL'], htmlspecialchars($temp_category['name']))); } } // Check if partner is allowed to submit to this category if ($partner['categories']) { if (!$partner['categories_as_exclude'] && !in_array($temp_category['category_id'], $partner['categories']) || $partner['categories_as_exclude'] && in_array($temp_category['category_id'], $partner['categories'])) { $v->SetError(sprintf($L['BAD_PARTNER_CATEGORY'], $category['name'])); } } $category_names[] = $temp_category['name']; $category_tags[] = $temp_category['tag']; } } $_REQUEST['category'] = join(', ', $category_names); $category['tag'] = join(' ', $category_tags); } } else { $v->SetError($L['INVALID_CATEGORY']); } } else { if (is_array($_REQUEST['category_id'])) { $_REQUEST['category_id'] = $_REQUEST['category_id'][0]; } $category = $DB->Row('SELECT * FROM `tx_categories` WHERE `category_id`=? AND `hidden`=0', array($_REQUEST['category_id'])); if (!$category) { $v->SetError($L['INVALID_CATEGORY']); } else { // Check category submission limit if ($category['per_day'] != -1) { $category_submissions = $DB->Count('SELECT COUNT(*) FROM `tx_galleries` WHERE type=? AND MATCH(`categories`) AGAINST(? IN BOOLEAN MODE) AND `date_added` BETWEEN ? AND ?', array('submitted', $category['tag'], MYSQL_CURDATE . ' 00:00:00', MYSQL_CURDATE . ' 23:59:59')); if ($category_submissions >= $category['per_day']) { $v->SetError(sprintf($L['CATEGORY_FULL'], htmlspecialchars($category['name']))); } } // Check if partner is allowed to submit to this category if ($partner['categories']) { if (!$partner['categories_as_exclude'] && !in_array($_REQUEST['category_id'], $partner['categories']) || $partner['categories_as_exclude'] && in_array($_REQUEST['category_id'], $partner['categories'])) { $v->SetError(sprintf($L['BAD_PARTNER_CATEGORY'], $category['name'])); } } $_REQUEST['category'] = $category['name']; } } // Verify captcha code if (!$partner && $C['gallery_captcha'] || $partner && $C['gallery_captcha_partner']) { VerifyCaptcha($v); } // Check for duplicate gallery URL if (!$C['allow_duplicates'] && $DB->Count('SELECT COUNT(*) FROM `tx_galleries` WHERE `gallery_url`=?', array($_REQUEST['gallery_url']))) { $v->SetError($L['DUPLICATE_URL']); } // Do preliminary validation before gallery scan if (!$v->Validate()) { return $v->ValidationError('txShGallerySubmit', TRUE); } // Check if whitelisted $whitelisted = MergeWhitelistOptions(CheckWhitelist($_REQUEST), $partner); // Scan gallery $scan =& ScanGallery($_REQUEST, $category, $whitelisted); $_REQUEST['scan'] = $scan; // Make sure the gallery URL is working if (!$scan['success']) { $v->SetError(sprintf($L['BROKEN_URL'], $L['GALLERY_URL'], $scan['errstr'])); return $v->ValidationError('txShGallerySubmit', TRUE); } // Check if gallery content is hosted on same server if ($C['require_content_on_server'] && !$scan['server_match']) { $v->SetError($L['CONTENT_NOT_ON_SERVER']); } // Check for a reciprocal link if ($C['require_recip'] && !$whitelisted['allow_norecip'] && !$scan['has_recip']) { $v->SetError($L['NO_RECIP_FOUND']); } // Give weight boost to galleries with a reciprocal link if ($scan['has_recip'] && $C['give_recip_boost']) { $_REQUEST['weight']++; } // Check for 2257 code if ($C['require_2257'] && !$scan['has_2257']) { $v->SetError($L['NO_2257_FOUND']); } // Check for existing gallery with the same hash if (!$C['allow_same_hash']) { $amount = $DB->Count('SELECT COUNT(*) FROM `tx_galleries` WHERE `page_hash`=?', array($scan['page_hash'])); } // Override the number of thumbnails if (!$C['allow_num_thumbs']) { $_REQUEST['thumbnails'] = $scan['thumbnails']; } // Check blacklist $blacklisted = FALSE; if (!$whitelisted['allow_blacklist']) { $_REQUEST['html'] = $scan['html']; $_REQUEST['headers'] = $scan['headers']; $blacklisted = CheckBlacklistGallery($_REQUEST); if ($blacklisted !== FALSE) { // Handle blacklist transparently if ($C['use_transparent_blacklist']) { $_REQUEST['gallery_id'] = $DB->Count('SELECT MAX(gallery_id) FROM `tx_galleries`') + 1; $t->assign_by_ref('gallery', $_REQUEST); $t->display($domain['template_prefix'] . 'submit-complete.tpl'); return; } else { $v->SetError(sprintf($blacklisted[0]['reason'] ? $L['BLACKLISTED_REASON'] : $L['BLACKLISTED'], $blacklisted[0]['match'], $blacklisted[0]['reason'])); } } } // Check number of links on the gallery if ($C['max_links'] != -1 && $scan['links'] > $C['max_links']) { $v->SetError(sprintf($L['EXCESSIVE_LINKS'], $C['max_links'])); } // Get information about what is allowed for this category and format if ($C['allow_format']) { $scan['format'] = $_REQUEST['format']; } $format = GetCategoryFormat($scan['format'], $category); $_REQUEST['category_format'] = $format; // See if category allows this format if (!$format['allowed']) { $v->SetError(sprintf($L['INVALID_FORMAT'], $format['format_lang'])); } // Check number of thumbnails if ($_REQUEST['thumbnails'] < $format['minimum'] || $_REQUEST['thumbnails'] > $format['maximum']) { $v->SetError(sprintf($L['BAD_THUMB_COUNT'], $format['minimum'], $format['maximum'])); } // Clear keywords if not allowed if (!$C['allow_keywords']) { $_REQUEST['keywords'] = null; } // Clear preview thumbnail if only allowing partners to submit // OR // if this category and format does not allow preview thumbs if ($C['allow_preview_partner'] && !$partner || !$format['preview_allowed']) { $_REQUEST['preview'] = null; } // Handle the preview thumbnail if it was uploaded or to be automatically selected $preview = HandlePreviewThumb($v, $format, LoadAnnotation($format['annotation'], $category['name'])); // Check size of gallery content if ($C['check_content_size']) { foreach ($scan['thumbs'] as $thumb) { $head = new Http(); if ($head->Head($thumb['content'], FALSE, $scan['end_url'])) { if (!empty($head->response_headers['content-length']) && $head->response_headers['content-length'] < $format['file_size']) { $v->SetError(sprintf($L['SMALL_CONTENT'], $format['file_size'] / 1024)); break; } } } } // Check download speed if ($C['check_download_speed'] && $scan['speed_download'] < $C['min_download_speed']) { $v->SetError(sprintf($L['SLOW_DOWNLOAD'], $scan['speed_download'], $C['min_download_speed'])); } // Do final validation after gallery scan if (!$v->Validate()) { return $v->ValidationError('txShGallerySubmit', TRUE); } // Determine gallery status $autoapprove_general = empty($partner) && !$C['require_confirm'] && ($C['allow_autoapprove'] || $whitelisted['allow_autoapprove']); $autoapprove_partner = !empty($partner) && ($partner['allow_noconfirm'] || !$C['require_confirm']) && $whitelisted['allow_autoapprove']; if ($_REQUEST['preview'] == 'crop') { $_REQUEST['status'] = 'submitting'; } else { if ($autoapprove_general || $autoapprove_partner) { $_REQUEST['status'] = 'approved'; $_REQUEST['date_approved'] = MYSQL_NOW; $_REQUEST['administrator'] = 'AUTO'; } else { if (empty($partner) && $C['require_confirm'] || !empty($partner) && !$partner['allow_noconfirm'] && $C['require_confirm']) { $_REQUEST['status'] = 'unconfirmed'; $_REQUEST['confirm_id'] = md5(uniqid(rand(), true)); } } } // Add gallery data to the database $DB->Update('INSERT INTO `tx_galleries` VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)', array(null, $_REQUEST['gallery_url'], $_REQUEST['description'], $_REQUEST['keywords'], $_REQUEST['thumbnails'], $_REQUEST['email'], $_REQUEST['nickname'], $_REQUEST['weight'], $_REQUEST['clicks'], $_REQUEST['submit_ip'], $_REQUEST['gallery_ip'], $_REQUEST['sponsor_id'], $_REQUEST['type'], $scan['format'], $_REQUEST['status'], $_REQUEST['previous_status'], $_REQUEST['date_scanned'], $_REQUEST['date_added'], $_REQUEST['date_approved'], $_REQUEST['date_scheduled'], $_REQUEST['date_displayed'], $_REQUEST['date_deletion'], $_REQUEST['partner'], $_REQUEST['administrator'], $_REQUEST['admin_comments'], $scan['page_hash'], $scan['has_recip'], $_REQUEST['has_preview'], $_REQUEST['allow_scan'], $_REQUEST['allow_preview'], $_REQUEST['times_selected'], $_REQUEST['used_counter'], $_REQUEST['build_counter'], $_REQUEST['tags'], MIXED_CATEGORY . " " . $category['tag'])); $_REQUEST['gallery_id'] = $DB->InsertID(); // Insert user defined database fields $query_data = CreateUserInsert('tx_gallery_fields', $_REQUEST); $DB->Update('INSERT INTO `tx_gallery_fields` VALUES (' . $query_data['bind_list'] . ')', $query_data['binds']); // If partner account has icons, assign those to this gallery if ($partner) { $icons =& $DB->FetchAll('SELECT * FROM `tx_partner_icons` WHERE `username`=?', array($partner['username'])); foreach ($icons as $icon) { $DB->Update('INSERT INTO `tx_gallery_icons` VALUES (?,?)', array($_REQUEST['gallery_id'], $icon['icon_id'])); } } // Log e-mail address if ($C['log_emails']) { $DB->Update('REPLACE INTO `tx_email_log` VALUES (?)', array($_REQUEST['email'])); } // Show thumbnail cropping interface if ($_REQUEST['preview'] == 'crop' && $_REQUEST['thumbnails'] > 0) { txShCrop(); } else { // Add preview thumbnail to database and rename $preview = AddPreview($_REQUEST['gallery_id'], $format['preview_size'], $preview); $_REQUEST['preview_url'] = $preview['url']; // Assign gallery data to the template $t->assign_by_ref('gallery', $_REQUEST); $t->assign_by_ref('user_fields', $fields); // Handle confirmation if ($_REQUEST['status'] == 'unconfirmed') { SendMail($_REQUEST['email'], $domain['template_prefix'] . 'email-gallery-confirm.tpl', $t); $DB->Update('INSERT INTO `tx_gallery_confirms` VALUES (?,?,?)', array($_REQUEST['gallery_id'], $_REQUEST['confirm_id'], MYSQL_NOW)); } // Update number of submitted galleries if partner account if ($partner) { $DB->Update('UPDATE `tx_partners` SET `submitted`=`submitted`+1,`date_last_submit`=? WHERE `username`=?', array(MYSQL_NOW, $partner['username'])); } // Update the date of last submission for this category $DB->Update('UPDATE `tx_categories` SET `date_last_submit`=? WHERE `category_id`=?', array(MYSQL_NOW, $category['category_id'])); $t->display($domain['template_prefix'] . 'submit-complete.tpl'); } }
function tlxPageEdit() { global $DB, $C; VerifyAdministrator(); CheckAccessList(); $v = new Validator(); $v->Register($_REQUEST['filename'], V_EMPTY, 'The Page URL field must be filled in'); $v->Register($_REQUEST['filename'], V_CONTAINS, 'For security purposes the Page URL may not contain the .. character sequence', '..'); $filename = ResolvePath($C['document_root'] . '/' . $_REQUEST['page_url']); // See if the same page already exists if ($DB->Count('SELECT COUNT(*) FROM `tlx_pages` WHERE `filename`=? AND `page_id`!=?', array($filename, $_REQUEST['page_id']))) { $v->SetError('You are changing this ranking page to be the same as an already existing page'); } // Check tags for proper format if (!IsEmptyString($_REQUEST['tags'])) { $_REQUEST['tags'] = FormatSpaceSeparated($_REQUEST['tags']); foreach (explode(' ', $_REQUEST['tags']) as $tag) { if (strlen($tag) < 4 || !preg_match('~^[a-z0-9_]+$~i', $tag)) { $v->SetError('All page tags must be at least 4 characters in length and contain only letters, numbers, and underscores'); break; } } } if (!$v->Validate()) { return $v->ValidationError('tlxShPageEdit'); } $page = $DB->Row('SELECT * FROM `tlx_pages` WHERE `page_id`=?', array($_REQUEST['page_id'])); // Use current build order if not supplied if (!is_numeric($_REQUEST['build_order'])) { $_REQUEST['build_order'] = $page['build_order']; } NullIfEmpty($_REQUEST['category_id']); // Update page settings $DB->Update('UPDATE `tlx_pages` SET ' . '`filename`=?, ' . '`category_id`=?, ' . '`build_order`=?, ' . '`tags`=? ' . 'WHERE `page_id`=?', array($_REQUEST['filename'], $_REQUEST['category_id'], $_REQUEST['build_order'], $_REQUEST['tags'], $_REQUEST['page_id'])); // Update build orders greater than or equal to the updated page's value if ($_REQUEST['build_order'] < $page['build_order']) { $DB->Update('UPDATE `tlx_pages` SET `build_order`=`build_order`+1 WHERE `page_id`!=?', array($_REQUEST['page_id'])); } else { if ($_REQUEST['build_order'] > $page['build_order']) { $DB->Update('UPDATE `tlx_pages` SET `build_order`=`build_order`-1 WHERE `page_id`!=?', array($_REQUEST['page_id'])); } } $GLOBALS['message'] = 'Ranking page successfully updated'; $GLOBALS['added'] = true; RenumberBuildOrder(); tlxShPageEdit(); }