function txGalleryApprove()
{
global $DB, $json, $C;
VerifyPrivileges(P_GALLERY_MODIFY, TRUE);
$t = new Template();
$t->assign_by_ref('config', $C);
$result = GetWhichGalleries();
$amount = 0;
while ($gallery = $DB->NextRow($result)) {
if ($gallery['status'] == 'pending' || $gallery['status'] == 'unconfirmed') {
$gallery['status'] = 'approved';
$gallery['date_approved'] = MYSQL_NOW;
$gallery['administrator'] = $_SERVER['REMOTE_USER'];
// Mark the gallery as approved
if ($_REQUEST['framed']) {
$gallery = array_merge($gallery, $_REQUEST);
$gallery['categories'] = CategoryTagsFromIds($gallery['categories']);
if (!preg_match(RE_DATETIME, $gallery['date_scheduled'])) {
$gallery['date_scheduled'] = '';
}
if (!preg_match(RE_DATETIME, $gallery['date_deletion'])) {
$gallery['date_deletion'] = '';
}
NullIfEmpty($gallery['date_scheduled']);
NullIfEmpty($gallery['date_deletion']);
$DB->Update('UPDATE `tx_galleries` SET ' . '`gallery_url`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`thumbnails`=?, ' . '`nickname`=?, ' . '`weight`=?, ' . '`sponsor_id`=?, ' . '`type`=?, ' . '`format`=?, ' . '`status`=?, ' . '`date_approved`=?, ' . '`date_scheduled`=?, ' . '`date_deletion`=?, ' . '`administrator`=?, ' . '`allow_scan`=?, ' . '`allow_preview`=?, ' . '`tags`=?, ' . '`categories`=? ' . 'WHERE `gallery_id`=?', array($gallery['gallery_url'], $gallery['description'], $gallery['keywords'], $gallery['thumbnails'], $gallery['nickname'], $gallery['weight'], $gallery['sponsor_id'], $gallery['type'], $gallery['format'], $gallery['status'], $gallery['date_approved'], $gallery['date_scheduled'], $gallery['date_deletion'], $gallery['administrator'], intval($gallery['allow_scan']), intval($gallery['allow_preview']), $gallery['tags'], $gallery['categories'], $gallery['gallery_id']));
// Update user defined fields
UserDefinedUpdate('tx_gallery_fields', 'tx_gallery_field_defs', 'gallery_id', $gallery['gallery_id'], $gallery);
// Update icons
$DB->Update('DELETE FROM `tx_gallery_icons` WHERE `gallery_id`=?', array($gallery['gallery_id']));
if (is_array($_REQUEST['icons'])) {
foreach ($_REQUEST['icons'] as $icon) {
$DB->Update('INSERT INTO `tx_gallery_icons` VALUES (?,?)', array($gallery['gallery_id'], $icon));
}
}
} else {
$DB->Update('UPDATE `tx_galleries` SET `status`=?,`date_approved`=?,`administrator`=? WHERE `gallery_id`=?', array($gallery['status'], $gallery['date_approved'], $gallery['administrator'], $gallery['gallery_id']));
}
// Send approval e-mail if option is enabled
if ($C['email_on_approval'] && $gallery['email'] != $C['from_email']) {
$t->assign_by_ref('gallery', $gallery);
SendMail($gallery['email'], 'email-gallery-approved.tpl', $t);
}
$amount++;
}
}
$DB->Free($result);
// Update administrator count of galleries approved
$DB->Update('UPDATE `tx_administrators` SET `approved`=`approved`+? WHERE `username`=?', array($amount, $_SERVER['REMOTE_USER']));
echo $json->encode(array('status' => JSON_SUCCESS, 'message' => "{$amount} galler" . ($amount == 1 ? 'y has' : 'ies have') . " been approved"));
}
function txGalleryEdit()
{
global $DB, $C;
VerifyPrivileges(P_GALLERY_MODIFY);
$v = new Validator();
$v->Register($_REQUEST['email'], V_EMAIL, 'The E-mail Address is not properly formatted');
$v->Register($_REQUEST['gallery_url'], V_URL, 'The Gallery URL is not properly formatted');
$v->Register($_REQUEST['date_scheduled'], V_DATETIME, 'The Scheduled Date is not properly formatted');
$v->Register($_REQUEST['date_deletion'], V_DATETIME, 'The Delete Date is not properly formatted');
if ($_REQUEST['status'] == 'used' || $_REQUEST['status'] == 'holding') {
$v->Register($_REQUEST['date_displayed'], V_EMPTY, 'The Displayed Date must be filled in');
$v->Register($_REQUEST['date_displayed'], V_DATETIME, 'The Displayed Date is not properly formatted');
}
if (!IsEmptyString($_REQUEST['partner'])) {
$partner = $DB->Row('SELECT * FROM `tx_partners` WHERE `username`=?', array($_REQUEST['partner']));
if (!$partner) {
$v->SetError('The Partner username you entered does not match an existing partner account');
}
}
// Check tags for proper format
if (!IsEmptyString($_REQUEST['tags'])) {
$_REQUEST['tags'] = FormatSpaceSeparated($_REQUEST['tags']);
foreach (explode(' ', $_REQUEST['tags']) as $tag) {
if (strlen($tag) < 4 || !preg_match('~^[a-z0-9_]+$~i', $tag)) {
$v->SetError('All tags must be at least 4 characters in length and contain only letters, numbers, and underscores');
break;
}
}
}
if (!$v->Validate()) {
return $v->ValidationError('txShGalleryEdit');
}
NullIfEmpty($_REQUEST['date_scheduled']);
NullIfEmpty($_REQUEST['date_displayed']);
NullIfEmpty($_REQUEST['date_deletion']);
// Update gallery data
$DB->Update('UPDATE `tx_galleries` SET ' . '`gallery_url`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`thumbnails`=?, ' . '`email`=?, ' . '`nickname`=?, ' . '`weight`=?, ' . '`clicks`=?, ' . '`submit_ip`=?, ' . '`sponsor_id`=?, ' . '`type`=?, ' . '`format`=?, ' . '`status`=?, ' . '`date_scheduled`=?, ' . '`date_displayed`=?, ' . '`date_deletion`=?, ' . '`partner`=?, ' . '`allow_scan`=?, ' . '`allow_preview`=?, ' . '`tags`=?, ' . '`categories`=? ' . 'WHERE `gallery_id`=?', array($_REQUEST['gallery_url'], $_REQUEST['description'], FormatSpaceSeparated($_REQUEST['keywords']), $_REQUEST['thumbnails'], $_REQUEST['email'], $_REQUEST['nickname'], $_REQUEST['weight'], $_REQUEST['clicks'], $_REQUEST['submit_ip'], $_REQUEST['sponsor_id'], $_REQUEST['type'], $_REQUEST['format'], $_REQUEST['status'], $_REQUEST['date_scheduled'], $_REQUEST['date_displayed'], $_REQUEST['date_deletion'], $_REQUEST['partner'], intval($_REQUEST['allow_scan']), intval($_REQUEST['allow_preview']), FormatSpaceSeparated($_REQUEST['tags']), CategoryTagsFromIds($_REQUEST['categories']), $_REQUEST['gallery_id']));
// Update user defined fields
UserDefinedUpdate('tx_gallery_fields', 'tx_gallery_field_defs', 'gallery_id', $_REQUEST['gallery_id'], $_REQUEST);
// Update icons
$DB->Update('DELETE FROM `tx_gallery_icons` WHERE `gallery_id`=?', array($_REQUEST['gallery_id']));
if (is_array($_REQUEST['icons'])) {
foreach ($_REQUEST['icons'] as $icon_id) {
$DB->Update('INSERT INTO `tx_gallery_icons` VALUES (?,?)', array($_REQUEST['gallery_id'], $icon_id));
}
}
$GLOBALS['message'] = 'Gallery successfully updated';
$GLOBALS['added'] = true;
txShGalleryEdit();
}
function lxEditUser()
{
global $DB, $C;
VerifyPrivileges(P_USER_ADD);
$mail_count = $DB->Count('SELECT COUNT(*) FROM lx_users WHERE email=? AND username!=?', array($_REQUEST['email'], $_REQUEST['username']));
$validator = new Validator();
if (!empty($_REQUEST['password'])) {
$validator->Register($_REQUEST['password'], V_LENGTH, 'The password must contain at least 4 characters', array('min' => 4, 'max' => 999));
$password = sha1($_REQUEST['password']);
}
$validator->Register($_REQUEST['email'], V_EMAIL, 'The e-mail address is not properly formatted');
$validator->Register($mail_count, V_ZERO, 'A user account already exists with that e-mail address');
$validator->Register($_REQUEST['weight'], V_NUMERIC, 'The weight value must be numeric');
$validator->Register($_REQUEST['date_added'], V_DATETIME, 'The Date Added field is not properly formatted');
if (!empty($_REQUEST['date_modified'])) {
$validator->Register($_REQUEST['date_modified'], V_DATETIME, 'The Date Modified field is not properly formatted');
}
if (!$validator->Validate()) {
$GLOBALS['errstr'] = join('<br />', $validator->GetErrors());
lxShEditUser();
return;
}
$account = $DB->Row('SELECT * FROM lx_users WHERE username=?', array($_REQUEST['username']));
if (empty($_REQUEST['password'])) {
$password = $account['password'];
}
NullIfEmpty($_REQUEST['date_modified']);
// Update account data in the database
$DB->Update('UPDATE lx_users SET ' . 'password=?, ' . 'name=?, ' . 'email=?, ' . 'date_added=?, ' . 'date_modified=?, ' . 'status=?, ' . 'recip_required=?, ' . 'allow_redirect=?, ' . 'weight=? ' . 'WHERE username=?', array($password, $_REQUEST['name'], $_REQUEST['email'], $_REQUEST['date_added'], $_REQUEST['date_modified'], $_REQUEST['status'], intval($_REQUEST['recip_required']), intval($_REQUEST['allow_redirect']), $_REQUEST['weight'], $_REQUEST['username']));
// Update user defined fields
UserDefinedUpdate('lx_user_fields', 'lx_user_field_defs', 'username', $_REQUEST['username'], $_REQUEST);
// Update links with the new recip and redirect settings
$DB->Update('UPDATE lx_links SET recip_required=?,allow_redirect=? WHERE username=?', array(intval($_REQUEST['recip_required']), intval($_REQUEST['allow_redirect']), $_REQUEST['username']));
$GLOBALS['message'] = 'User account successfully updated';
$GLOBALS['added'] = true;
lxShEditUser();
}
function tlxPageEdit()
{
global $DB, $C;
VerifyAdministrator();
CheckAccessList();
$v = new Validator();
$v->Register($_REQUEST['filename'], V_EMPTY, 'The Page URL field must be filled in');
$v->Register($_REQUEST['filename'], V_CONTAINS, 'For security purposes the Page URL may not contain the .. character sequence', '..');
$filename = ResolvePath($C['document_root'] . '/' . $_REQUEST['page_url']);
// See if the same page already exists
if ($DB->Count('SELECT COUNT(*) FROM `tlx_pages` WHERE `filename`=? AND `page_id`!=?', array($filename, $_REQUEST['page_id']))) {
$v->SetError('You are changing this ranking page to be the same as an already existing page');
}
// Check tags for proper format
if (!IsEmptyString($_REQUEST['tags'])) {
$_REQUEST['tags'] = FormatSpaceSeparated($_REQUEST['tags']);
foreach (explode(' ', $_REQUEST['tags']) as $tag) {
if (strlen($tag) < 4 || !preg_match('~^[a-z0-9_]+$~i', $tag)) {
$v->SetError('All page tags must be at least 4 characters in length and contain only letters, numbers, and underscores');
break;
}
}
}
if (!$v->Validate()) {
return $v->ValidationError('tlxShPageEdit');
}
$page = $DB->Row('SELECT * FROM `tlx_pages` WHERE `page_id`=?', array($_REQUEST['page_id']));
// Use current build order if not supplied
if (!is_numeric($_REQUEST['build_order'])) {
$_REQUEST['build_order'] = $page['build_order'];
}
NullIfEmpty($_REQUEST['category_id']);
// Update page settings
$DB->Update('UPDATE `tlx_pages` SET ' . '`filename`=?, ' . '`category_id`=?, ' . '`build_order`=?, ' . '`tags`=? ' . 'WHERE `page_id`=?', array($_REQUEST['filename'], $_REQUEST['category_id'], $_REQUEST['build_order'], $_REQUEST['tags'], $_REQUEST['page_id']));
// Update build orders greater than or equal to the updated page's value
if ($_REQUEST['build_order'] < $page['build_order']) {
$DB->Update('UPDATE `tlx_pages` SET `build_order`=`build_order`+1 WHERE `page_id`!=?', array($_REQUEST['page_id']));
} else {
if ($_REQUEST['build_order'] > $page['build_order']) {
$DB->Update('UPDATE `tlx_pages` SET `build_order`=`build_order`-1 WHERE `page_id`!=?', array($_REQUEST['page_id']));
}
}
$GLOBALS['message'] = 'Ranking page successfully updated';
$GLOBALS['added'] = true;
RenumberBuildOrder();
tlxShPageEdit();
}
