function txGalleryApprove() { global $DB, $json, $C; VerifyPrivileges(P_GALLERY_MODIFY, TRUE); $t = new Template(); $t->assign_by_ref('config', $C); $result = GetWhichGalleries(); $amount = 0; while ($gallery = $DB->NextRow($result)) { if ($gallery['status'] == 'pending' || $gallery['status'] == 'unconfirmed') { $gallery['status'] = 'approved'; $gallery['date_approved'] = MYSQL_NOW; $gallery['administrator'] = $_SERVER['REMOTE_USER']; // Mark the gallery as approved if ($_REQUEST['framed']) { $gallery = array_merge($gallery, $_REQUEST); $gallery['categories'] = CategoryTagsFromIds($gallery['categories']); if (!preg_match(RE_DATETIME, $gallery['date_scheduled'])) { $gallery['date_scheduled'] = ''; } if (!preg_match(RE_DATETIME, $gallery['date_deletion'])) { $gallery['date_deletion'] = ''; } NullIfEmpty($gallery['date_scheduled']); NullIfEmpty($gallery['date_deletion']); $DB->Update('UPDATE `tx_galleries` SET ' . '`gallery_url`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`thumbnails`=?, ' . '`nickname`=?, ' . '`weight`=?, ' . '`sponsor_id`=?, ' . '`type`=?, ' . '`format`=?, ' . '`status`=?, ' . '`date_approved`=?, ' . '`date_scheduled`=?, ' . '`date_deletion`=?, ' . '`administrator`=?, ' . '`allow_scan`=?, ' . '`allow_preview`=?, ' . '`tags`=?, ' . '`categories`=? ' . 'WHERE `gallery_id`=?', array($gallery['gallery_url'], $gallery['description'], $gallery['keywords'], $gallery['thumbnails'], $gallery['nickname'], $gallery['weight'], $gallery['sponsor_id'], $gallery['type'], $gallery['format'], $gallery['status'], $gallery['date_approved'], $gallery['date_scheduled'], $gallery['date_deletion'], $gallery['administrator'], intval($gallery['allow_scan']), intval($gallery['allow_preview']), $gallery['tags'], $gallery['categories'], $gallery['gallery_id'])); // Update user defined fields UserDefinedUpdate('tx_gallery_fields', 'tx_gallery_field_defs', 'gallery_id', $gallery['gallery_id'], $gallery); // Update icons $DB->Update('DELETE FROM `tx_gallery_icons` WHERE `gallery_id`=?', array($gallery['gallery_id'])); if (is_array($_REQUEST['icons'])) { foreach ($_REQUEST['icons'] as $icon) { $DB->Update('INSERT INTO `tx_gallery_icons` VALUES (?,?)', array($gallery['gallery_id'], $icon)); } } } else { $DB->Update('UPDATE `tx_galleries` SET `status`=?,`date_approved`=?,`administrator`=? WHERE `gallery_id`=?', array($gallery['status'], $gallery['date_approved'], $gallery['administrator'], $gallery['gallery_id'])); } // Send approval e-mail if option is enabled if ($C['email_on_approval'] && $gallery['email'] != $C['from_email']) { $t->assign_by_ref('gallery', $gallery); SendMail($gallery['email'], 'email-gallery-approved.tpl', $t); } $amount++; } } $DB->Free($result); // Update administrator count of galleries approved $DB->Update('UPDATE `tx_administrators` SET `approved`=`approved`+? WHERE `username`=?', array($amount, $_SERVER['REMOTE_USER'])); echo $json->encode(array('status' => JSON_SUCCESS, 'message' => "{$amount} galler" . ($amount == 1 ? 'y has' : 'ies have') . " been approved")); }
function txGalleryEdit() { global $DB, $C; VerifyPrivileges(P_GALLERY_MODIFY); $v = new Validator(); $v->Register($_REQUEST['email'], V_EMAIL, 'The E-mail Address is not properly formatted'); $v->Register($_REQUEST['gallery_url'], V_URL, 'The Gallery URL is not properly formatted'); $v->Register($_REQUEST['date_scheduled'], V_DATETIME, 'The Scheduled Date is not properly formatted'); $v->Register($_REQUEST['date_deletion'], V_DATETIME, 'The Delete Date is not properly formatted'); if ($_REQUEST['status'] == 'used' || $_REQUEST['status'] == 'holding') { $v->Register($_REQUEST['date_displayed'], V_EMPTY, 'The Displayed Date must be filled in'); $v->Register($_REQUEST['date_displayed'], V_DATETIME, 'The Displayed Date is not properly formatted'); } if (!IsEmptyString($_REQUEST['partner'])) { $partner = $DB->Row('SELECT * FROM `tx_partners` WHERE `username`=?', array($_REQUEST['partner'])); if (!$partner) { $v->SetError('The Partner username you entered does not match an existing partner account'); } } // Check tags for proper format if (!IsEmptyString($_REQUEST['tags'])) { $_REQUEST['tags'] = FormatSpaceSeparated($_REQUEST['tags']); foreach (explode(' ', $_REQUEST['tags']) as $tag) { if (strlen($tag) < 4 || !preg_match('~^[a-z0-9_]+$~i', $tag)) { $v->SetError('All tags must be at least 4 characters in length and contain only letters, numbers, and underscores'); break; } } } if (!$v->Validate()) { return $v->ValidationError('txShGalleryEdit'); } NullIfEmpty($_REQUEST['date_scheduled']); NullIfEmpty($_REQUEST['date_displayed']); NullIfEmpty($_REQUEST['date_deletion']); // Update gallery data $DB->Update('UPDATE `tx_galleries` SET ' . '`gallery_url`=?, ' . '`description`=?, ' . '`keywords`=?, ' . '`thumbnails`=?, ' . '`email`=?, ' . '`nickname`=?, ' . '`weight`=?, ' . '`clicks`=?, ' . '`submit_ip`=?, ' . '`sponsor_id`=?, ' . '`type`=?, ' . '`format`=?, ' . '`status`=?, ' . '`date_scheduled`=?, ' . '`date_displayed`=?, ' . '`date_deletion`=?, ' . '`partner`=?, ' . '`allow_scan`=?, ' . '`allow_preview`=?, ' . '`tags`=?, ' . '`categories`=? ' . 'WHERE `gallery_id`=?', array($_REQUEST['gallery_url'], $_REQUEST['description'], FormatSpaceSeparated($_REQUEST['keywords']), $_REQUEST['thumbnails'], $_REQUEST['email'], $_REQUEST['nickname'], $_REQUEST['weight'], $_REQUEST['clicks'], $_REQUEST['submit_ip'], $_REQUEST['sponsor_id'], $_REQUEST['type'], $_REQUEST['format'], $_REQUEST['status'], $_REQUEST['date_scheduled'], $_REQUEST['date_displayed'], $_REQUEST['date_deletion'], $_REQUEST['partner'], intval($_REQUEST['allow_scan']), intval($_REQUEST['allow_preview']), FormatSpaceSeparated($_REQUEST['tags']), CategoryTagsFromIds($_REQUEST['categories']), $_REQUEST['gallery_id'])); // Update user defined fields UserDefinedUpdate('tx_gallery_fields', 'tx_gallery_field_defs', 'gallery_id', $_REQUEST['gallery_id'], $_REQUEST); // Update icons $DB->Update('DELETE FROM `tx_gallery_icons` WHERE `gallery_id`=?', array($_REQUEST['gallery_id'])); if (is_array($_REQUEST['icons'])) { foreach ($_REQUEST['icons'] as $icon_id) { $DB->Update('INSERT INTO `tx_gallery_icons` VALUES (?,?)', array($_REQUEST['gallery_id'], $icon_id)); } } $GLOBALS['message'] = 'Gallery successfully updated'; $GLOBALS['added'] = true; txShGalleryEdit(); }
function lxEditUser() { global $DB, $C; VerifyPrivileges(P_USER_ADD); $mail_count = $DB->Count('SELECT COUNT(*) FROM lx_users WHERE email=? AND username!=?', array($_REQUEST['email'], $_REQUEST['username'])); $validator = new Validator(); if (!empty($_REQUEST['password'])) { $validator->Register($_REQUEST['password'], V_LENGTH, 'The password must contain at least 4 characters', array('min' => 4, 'max' => 999)); $password = sha1($_REQUEST['password']); } $validator->Register($_REQUEST['email'], V_EMAIL, 'The e-mail address is not properly formatted'); $validator->Register($mail_count, V_ZERO, 'A user account already exists with that e-mail address'); $validator->Register($_REQUEST['weight'], V_NUMERIC, 'The weight value must be numeric'); $validator->Register($_REQUEST['date_added'], V_DATETIME, 'The Date Added field is not properly formatted'); if (!empty($_REQUEST['date_modified'])) { $validator->Register($_REQUEST['date_modified'], V_DATETIME, 'The Date Modified field is not properly formatted'); } if (!$validator->Validate()) { $GLOBALS['errstr'] = join('<br />', $validator->GetErrors()); lxShEditUser(); return; } $account = $DB->Row('SELECT * FROM lx_users WHERE username=?', array($_REQUEST['username'])); if (empty($_REQUEST['password'])) { $password = $account['password']; } NullIfEmpty($_REQUEST['date_modified']); // Update account data in the database $DB->Update('UPDATE lx_users SET ' . 'password=?, ' . 'name=?, ' . 'email=?, ' . 'date_added=?, ' . 'date_modified=?, ' . 'status=?, ' . 'recip_required=?, ' . 'allow_redirect=?, ' . 'weight=? ' . 'WHERE username=?', array($password, $_REQUEST['name'], $_REQUEST['email'], $_REQUEST['date_added'], $_REQUEST['date_modified'], $_REQUEST['status'], intval($_REQUEST['recip_required']), intval($_REQUEST['allow_redirect']), $_REQUEST['weight'], $_REQUEST['username'])); // Update user defined fields UserDefinedUpdate('lx_user_fields', 'lx_user_field_defs', 'username', $_REQUEST['username'], $_REQUEST); // Update links with the new recip and redirect settings $DB->Update('UPDATE lx_links SET recip_required=?,allow_redirect=? WHERE username=?', array(intval($_REQUEST['recip_required']), intval($_REQUEST['allow_redirect']), $_REQUEST['username'])); $GLOBALS['message'] = 'User account successfully updated'; $GLOBALS['added'] = true; lxShEditUser(); }
function tlxPageEdit() { global $DB, $C; VerifyAdministrator(); CheckAccessList(); $v = new Validator(); $v->Register($_REQUEST['filename'], V_EMPTY, 'The Page URL field must be filled in'); $v->Register($_REQUEST['filename'], V_CONTAINS, 'For security purposes the Page URL may not contain the .. character sequence', '..'); $filename = ResolvePath($C['document_root'] . '/' . $_REQUEST['page_url']); // See if the same page already exists if ($DB->Count('SELECT COUNT(*) FROM `tlx_pages` WHERE `filename`=? AND `page_id`!=?', array($filename, $_REQUEST['page_id']))) { $v->SetError('You are changing this ranking page to be the same as an already existing page'); } // Check tags for proper format if (!IsEmptyString($_REQUEST['tags'])) { $_REQUEST['tags'] = FormatSpaceSeparated($_REQUEST['tags']); foreach (explode(' ', $_REQUEST['tags']) as $tag) { if (strlen($tag) < 4 || !preg_match('~^[a-z0-9_]+$~i', $tag)) { $v->SetError('All page tags must be at least 4 characters in length and contain only letters, numbers, and underscores'); break; } } } if (!$v->Validate()) { return $v->ValidationError('tlxShPageEdit'); } $page = $DB->Row('SELECT * FROM `tlx_pages` WHERE `page_id`=?', array($_REQUEST['page_id'])); // Use current build order if not supplied if (!is_numeric($_REQUEST['build_order'])) { $_REQUEST['build_order'] = $page['build_order']; } NullIfEmpty($_REQUEST['category_id']); // Update page settings $DB->Update('UPDATE `tlx_pages` SET ' . '`filename`=?, ' . '`category_id`=?, ' . '`build_order`=?, ' . '`tags`=? ' . 'WHERE `page_id`=?', array($_REQUEST['filename'], $_REQUEST['category_id'], $_REQUEST['build_order'], $_REQUEST['tags'], $_REQUEST['page_id'])); // Update build orders greater than or equal to the updated page's value if ($_REQUEST['build_order'] < $page['build_order']) { $DB->Update('UPDATE `tlx_pages` SET `build_order`=`build_order`+1 WHERE `page_id`!=?', array($_REQUEST['page_id'])); } else { if ($_REQUEST['build_order'] > $page['build_order']) { $DB->Update('UPDATE `tlx_pages` SET `build_order`=`build_order`-1 WHERE `page_id`!=?', array($_REQUEST['page_id'])); } } $GLOBALS['message'] = 'Ranking page successfully updated'; $GLOBALS['added'] = true; RenumberBuildOrder(); tlxShPageEdit(); }