function managePlaylist($id, $type, $data = null) { global $LNG; // Type 0: Return the current playlist info // Type 1: Update the current playlist // Type 2: Add a new playlist if ($type == 2) { $data = trim($data); // Prepare the statement if (strlen($data) == 0) { return; } // Prepare the insertion $stmt = $this->db->prepare(sprintf("INSERT INTO `playlists` (`by`, `name`, `public`, `time`) VALUES ('%s', '%s', 1, CURRENT_TIMESTAMP)", $this->db->real_escape_string($this->id), htmlspecialchars(trim(nl2clean($this->db->real_escape_string($data)))))); // Execute the statement $stmt->execute(); // Save the affected rows $affected = $stmt->affected_rows; // Close the statement $stmt->close(); if ($affected) { // Return the latest added playlist entry return $this->playlistEntry($id, 0, 2); } } elseif ($type == 1) { // Strip the white spaces at the beginning/end of the name $data['name'] = trim($data['name']); // Prepare the statement if (strlen($data['name']) == 0) { return notificationBox('error', sprintf($LNG['playlist_name_empty'])); } if (strlen($data['description']) > 160) { return notificationBox('error', sprintf($LNG['playlist_description'], 160)); } $stmt = $this->db->prepare("UPDATE `playlists` SET `description` = '{$this->db->real_escape_string(htmlspecialchars(trim(nl2clean($data['description']))))}', `name` = '{$this->db->real_escape_string(htmlspecialchars($data['name']))}' WHERE `id` = '{$this->db->real_escape_string($id)}' AND `by` = '{$this->id}'"); // Execute the statement $stmt->execute(); // Save the affected rows $affected = $stmt->affected_rows; // Close the statement $stmt->close(); // If there was anything affected return 1 if ($affected) { return notificationBox('success', $LNG['changes_saved']); } else { return notificationBox('info', $LNG['nothing_changed']); } } else { $query = $this->db->query(sprintf("SELECT `name`,`description` FROM `playlists` WHERE `id` = '%s' AND `by` = '%s'", $this->db->real_escape_string($_GET['id']), $this->id)); $result = $query->fetch_array(); return $result; } }
function validateMessage($message, $image, $type, $value, $privacy) { // If message is longer than admitted if (strlen($message) > $this->message_length) { $error = array('message_too_long', $this->message_length); } // Define the switch variable $x = 0; if ($image['name'][0]) { // Set the variable value to 1 if at least one image name exists $x = 1; } if ($x == 1) { // If the user selects more images than allowed if (count($image['name']) > $this->max_images) { $error = array('too_many_images', count($image['name']), $this->max_images); } else { // Define the array which holds the value names $value = array(); $tmp_value = array(); foreach ($image['error'] as $key => $error) { $allowedExt = explode(',', $this->image_format); $ext = pathinfo($image['name'][$key], PATHINFO_EXTENSION); if (!empty($image['size'][$key]) && $image['size'][$key] > $this->max_size) { $error = array('file_too_big', fsize($this->max_size), $image['name'][$key]); // Error Code #004 break; } elseif (!empty($ext) && !in_array(strtolower($ext), $allowedExt)) { $error = array('format_not_exist', $this->image_format, $image['name'][$key]); // Error Code #005 break; } else { if (isset($image['name'][$key]) && $image['name'][$key] !== '' && $image['size'][$key] > 0) { $rand = mt_rand(); $tmp_name = $image['tmp_name'][$key]; $name = pathinfo($image['name'][$key], PATHINFO_FILENAME); $fullname = $image['name'][$key]; $size = $image['size'][$key]; $ext = pathinfo($image['name'][$key], PATHINFO_EXTENSION); // $finalName = str_replace(',', '', $rand.'.'.$this->db->real_escape_string($name).'.'.$this->db->real_escape_string($ext)); $finalName = mt_rand() . '_' . mt_rand() . '_' . mt_rand() . '.' . $this->db->real_escape_string($ext); // Define the type for picture $type = 'picture'; // Store the values into arrays $tmp_value[] = $tmp_name; $value[] = $finalName; } } } if (empty($error)) { foreach ($value as $key => $finalName) { move_uploaded_file($tmp_value[$key], '../uploads/media/' . $finalName); } } // Implode the values $value = implode(',', $value); } } else { // Allowed types of evenets $allowedType = array('map', 'game', 'video', 'food', 'visited', 'movie', 'music'); // If the user doesn't select any event, at all. if (empty($type)) { // Empty the type & value $type = ''; $value = ''; } else { // Verify if the event exist if (in_array($type, $allowedType)) { if ($type == 'video') { if (substr($value, 0, 20) == "https://youtube.com/" || substr($value, 0, 24) == "https://www.youtube.com/" || substr($value, 0, 16) == "www.youtube.com/" || substr($value, 0, 12) == "youtube.com/" || substr($value, 0, 19) == "http://youtube.com/" || substr($value, 0, 23) == "http://www.youtube.com/" || substr($value, 0, 16) == "http://youtu.be/") { parse_str(parse_url($value, PHP_URL_QUERY), $my_array_of_vars); if (substr($value, 0, 16) == 'http://youtu.be/') { $value = str_replace('http://youtu.be/', 'yt:', $value); } else { $value = 'yt:' . $my_array_of_vars['v']; } } elseif (substr($value, 0, 17) == "http://vimeo.com/" || substr($value, 0, 21) == "http://www.vimeo.com/" || substr($value, 0, 18) == "https://vimeo.com/" || substr($value, 0, 22) == "https://www.vimeo.com/" || substr($value, 0, 14) == "www.vimeo.com/" || substr($value, 0, 10) == "vimeo.com/") { $value = 'vm:' . (int) substr(parse_url($value, PHP_URL_PATH), 1); } } elseif ($type == 'music') { if (substr($value, 0, 23) == "https://soundcloud.com/" || substr($value, 0, 27) == "https://www.soundcloud.com/" || substr($value, 0, 22) == "http://soundcloud.com/" || substr($value, 0, 22) == "http://www.soundcloud.com/" || substr($value, 0, 15) == "soundcloud.com/" || substr($value, 0, 19) == "www.soundcloud.com/") { $value = 'sc:' . parse_url($value, PHP_URL_PATH); } } } else { $error = array('event_not_exist'); // Error Code #002 } } } // Allowed types of privacy $allowedPrivacy = array(0, 1); if (!in_array($privacy, $allowedPrivacy)) { $error = array('privacy_no_exist'); // Error Code #003 } # #001 - The message is empty # #002 - The event does not exist # #003 - The privacy value is not valid # #004 - The selected file is too big # #005 - The selected file's format is invalid if ($error) { // Return an error return array('1', $error); } else { // Escape thge message and trim it to remove any extra white spaces or consecutive new lines $message = $this->db->real_escape_string(htmlspecialchars(trim(nl2clean($message)))); // Match the hashtags preg_match_all('/(#\\w+)/u', str_replace(array('\\r', '\\n'), ' ', $message), $matchedHashtags); // For each hashtag, strip the '#' tag and add a comma after it if (!empty($matchedHashtags[0])) { foreach ($matchedHashtags[0] as $match) { $hashtag .= str_replace('#', '', $match) . ','; } } // Create the query // Add the insert message $query = sprintf("INSERT INTO `messages` (`uid`, `message`, `tag`, `type`, `value`, `time`, `public`) VALUES ('%s', '%s', '%s', '%s', '%s', CURRENT_TIMESTAMP, '%s')", $this->db->real_escape_string($this->id), $message, $hashtag, $this->db->real_escape_string($type), $this->db->real_escape_string(strip_tags($value)), $this->db->real_escape_string($privacy)); return array('0', $query); } }