define('CACHE_TIME', 60);
$site_name = $HandlerMatches[1];
$current_page = isset($HandlerMatches[2]) ? $HandlerMatches[2] : 1;
$unique_page_name = PAGE_NAME . "{$site_name}-{$current_page}";
$smarty = new MySmarty();
if ($smarty->is_cached('index.tpl.html', $unique_page_name)) {
$smarty->display('index.tpl.html', $unique_page_name);
exit;
}
$db = new SQLite($SQLITE_DB_PATH);
# Check if the requested site exists.
#
# $HandlerMatches is a global array defined index.php where the
# request url was matched.
#
$escaped_site = $db->escape($HandlerMatches[1]);
# find the sites to display
# TODO: cache this (because it changes very rarely)
#
$site = $db->fetchRowQueryAssoc("SELECT id, name, sane_name, url FROM sites WHERE sane_name = '{$escaped_site}' AND visible = 1");
if ($db->isError()) {
$smarty->assign('tpl_content', 'content-error.tpl.html');
$smarty->assign('error', 'Database error has occured: ' . $db->getError());
$smarty->display('index.tpl.html');
exit;
}
if (!$site) {
# The requested site was not found
#
$smarty->assign('tpl_content', 'content-error.tpl.html');
$smarty->assign('error', "Pictures from '" . htmlentities($HandlerMatches[1]) . "' are not being collected!");
if (preg_match("#^\\s+\$#", $_POST['comment'])) {
$comment_error = "Your comment contained just empty spaces. Please type a better comment!";
$smarty->assign('comment_error', $comment_error);
} else {
$add_comment = 1;
}
}
}
}
}
# Check if the requested item exists.
#
# $HandlerMatches is a global array defined index.php where the
# request url was matched.
#
$escaped_item_title = $db->escape($sane_item_title);
# Fetch the item
#
$item_query = "SELECT " . join(',', $ITEM_FIELDS) . " FROM items " . "WHERE sane_title = '{$escaped_item_title}' AND visible = 1";
$item = $db->fetchRowQueryAssoc($item_query, 'id');
if ($db->isError()) {
$smarty->assign('tpl_content', 'content-error.tpl.html');
$smarty->assign('error', 'Database error has occured: ' . $db->getError());
$smarty->display('index.tpl.html');
exit;
}
if (!$item) {
# The requested item was not found
#
$smarty->assign('tpl_content', 'content-error.tpl.html');
$smarty->assign('error', "Item '" . htmlentities($HandlerMatches[1]) . "' does not exist!");
if ($data_ser) {
$data = unserialize($data_ser);
}
$smarty->assign('email', isset($data['email']) ? $data['email'] : '');
$smarty->assign('website', isset($data['website']) ? $data['website'] : '');
# UGLINESS
if (isset($_POST['action'])) {
if ($_POST['action'] == "profile") {
$data['email'] = isset($_POST['email']) ? $_POST['email'] : '';
$data['website'] = isset($_POST['website']) ? $_POST['website'] : '';
if ($data['email'] && !preg_match("#^.+@.+\$#", $data['email'])) {
$smarty->assign('error_profile', "Invalid email address '{$data['email']}'!");
$smarty->display('index.tpl.html');
exit;
}
$data_esc_ser = $db->escape(serialize($data));
$update_query = "UPDATE users SET data = '{$data_esc_ser}' WHERE id = {$_SESSION['user_id']}";
if (!$db->query($update_query)) {
$smarty->assign('error_profile', "There was a database error while updating your profile: " . $db->getError());
} else {
$smarty->assign('email', $data['email']);
$smarty->assign('website', $data['website']);
}
} else {
if ($_POST['action'] == "password") {
$current_pass = isset($_POST['current_password']) ? $_POST['current_password'] : '';
$new_pass = isset($_POST['new_password']) ? $_POST['new_password'] : '';
$new_pass2 = isset($_POST['new_password2']) ? $_POST['new_password2'] : '';
if (empty($current_pass)) {
$smarty->assign('error_password', "To set a new password, enter your current password!");
$smarty->display('index.tpl.html');
