function lxEditAccount() { global $DB, $C, $t, $L; $account = ValidUserLogin(); if ($account === FALSE) { lxShLogin($L['INVALID_LOGIN']); return; } else { if ($account['status'] != 'active') { lxShLogin($account['status'] == 'suspended' ? $L['SUSPENDED_ACCOUNT'] : $L['PENDING_ACCOUNT']); return; } else { $password = $account['password']; $v = new Validator(); $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']); $v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}"); if (!empty($_REQUEST['password'])) { $v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']); $v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999'); $password = sha1($_REQUEST['password']); } // Validation of user defined fields $fields =& GetUserAccountFields(); foreach ($fields as $field) { if ($field['on_edit']) { if ($field['required']) { $v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}"); } if ($field['validation']) { $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']); } } } // E-mail exists? if ($DB->Count('SELECT COUNT(*) FROM lx_users WHERE username!=? AND email=?', array($account['username'], $_REQUEST['email']))) { $v->SetError($L['DUPLICATE_EMAIL']); } // Check blacklist $blacklisted = CheckBlacklistAccount($_REQUEST); if ($blacklisted !== FALSE) { $v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason'])); } if (!$v->Validate()) { $errors = join('<br />', $v->GetErrors()); lxShEdit($errors); return; } // Update pre-defined data $DB->Update('UPDATE lx_users SET ' . 'password=?, ' . 'name=?, ' . 'email=? ' . 'WHERE username=?', array($password, $_REQUEST['name'], $_REQUEST['email'], $account['username'])); // Update user defined fields UserDefinedUpdate('lx_user_fields', 'lx_user_field_defs', 'username', $account['username'], $_REQUEST, FALSE); // Back to the account overview lxLogin(null, 'accountupdate'); } } }
require_once "{$GLOBALS['BASE_DIR']}/includes/validator.class.php"; SetupRequest(); $DB = new DB($C['db_hostname'], $C['db_username'], $C['db_password'], $C['db_name']); $DB->Connect(); $t = new Template(); $t->assign_by_ref('config', $C); $v = new Validator(); $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']); $v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}"); $v->Register($_REQUEST['comment'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['COMMENT']}"); $v->Register($_REQUEST['comment'], V_LENGTH, sprintf($L['COMMENT_LENGTH'], $C['min_comment_length'], $C['max_comment_length']), "{$C['min_comment_length']},{$C['max_comment_length']}"); // Verify captcha code if ($C['comments_captcha']) { VerifyCaptcha($v, 'linkxcaptcha_comment'); } $account = ValidUserLogin(); if ($C['user_for_comments']) { if ($account === FALSE || $account['status'] != 'active') { if ($account === FALSE) { $v->SetError($L['INVALID_LOGIN']); } else { if ($account['status'] == 'suspended') { $v->SetError($L['SUSPENDED_ACCOUNT']); } else { $v->SetError($L['PENDING_ACCOUNT']); } } } } // Check blacklist $blacklisted = CheckBlacklistComment($_REQUEST);
function lxEditLink() { global $DB, $C, $L, $t; $v = new Validator(); // Make sure user is allowed to edit this link $link = $DB->Row('SELECT * FROM lx_links JOIN lx_link_fields USING (link_id) WHERE lx_links.link_id=?', array($_REQUEST['link_id'])); if ($_REQUEST['noaccount']) { if (!empty($link['username']) || $link['site_url'] != $_REQUEST['login_site_url'] || $link['password'] != sha1($_REQUEST['login_password']) || $link['email'] != $_REQUEST['login_email']) { $t->assign('error', $L['LINK_EDIT_REFUSED']); $t->display('error-nice.tpl'); return; } } else { $account = ValidUserLogin(); if (!$account || $account['username'] != $link['username']) { $t->assign('error', $L['LINK_EDIT_REFUSED']); $t->display('error-nice.tpl'); return; } } $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']); $v->Register($_REQUEST['site_url'], V_URL, "{$L['INVALID_URL']}: {$L['SITE_URL']}"); $v->Register($_REQUEST['title'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['TITLE']}"); $v->Register($_REQUEST['description'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['DESCRIPTION']}"); $v->Register($_REQUEST['keywords'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['KEYWORDS']}"); $v->Register($_REQUEST['name'], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$L['NAME']}"); $v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}"); $v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}"); // Format keywords and check number $_REQUEST['keywords'] = FormatKeywords($_REQUEST['keywords']); $keywords = explode(' ', $_REQUEST['keywords']); $v->Register(count($keywords), V_LESS, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']); if (!empty($_REQUEST['password'])) { $v->Register($_REQUEST['password'], V_EQUALS, $L['NO_PASSWORD_MATCH'], $_REQUEST['confirm_password']); } // See if URL already exists if ($DB->Count('SELECT COUNT(*) FROM lx_links WHERE site_url=? AND link_id!=?', array($_REQUEST['site_url'], $link['link_id']))) { $v->SetError($L['DUPLICATE_URL']); } // Validation of user defined fields $fields =& GetUserLinkFields(); foreach ($fields as $field) { if ($field['on_edit']) { if ($field['required']) { $v->Register($_REQUEST[$field['name']], V_EMPTY, "{$L['REQUIRED_FIELD']}: {$field['label']}"); } if ($field['validation']) { $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']); } } } $_REQUEST['allow_redirect'] = $link['allow_redirect']; $_REQUEST['recip_required'] = $link['recip_required']; // Scan link $scan_result =& ScanLink($_REQUEST); // Make sure site URL is working if (!$scan_result['site_url']['working']) { $v->SetError(sprintf($L['BROKEN_URL'], $L['SITE_URL'], $scan_result['site_url']['error'])); } // Setup HTML code for blacklist check $_REQUEST['html'] = $scan_result['site_url']['html']; if (!empty($_REQUEST['recip_url'])) { $_REQUEST['html'] .= ' ' . $scan_result['recip_url']['html']; // Make sure recip URL is working if (!$scan_result['recip_url']['working']) { $v->SetError(sprintf($L['BROKEN_URL'], $L['RECIP_URL'], $scan_result['recip_url']['error'])); } } // Verify recip link was found if ($_REQUEST['recip_required'] && !$scan_result['has_recip']) { $v->SetError($L['NO_RECIP_FOUND']); } // Check blacklist $blacklisted = CheckBlacklistLink($_REQUEST); if ($blacklisted !== FALSE) { $v->SetError(sprintf($L['BLACKLIST_MATCHED'], $blacklisted[0]['match'], $blacklisted[0]['reason'])); } if (!$v->Validate()) { $errors = join('<br />', $v->GetErrors()); lxShEdit($errors); return; } if ($C['approve_link_edits']) { $_REQUEST['submit_ip'] = $_SERVER['REMOTE_ADDR']; $DB->Update('UPDATE lx_links SET is_edited=1,edit_data=? WHERE link_id=?', array(base64_encode(serialize($_REQUEST)), $link['link_id'])); } else { // Update password, if necessary $password = $link['password']; if ($_REQUEST['noaccount'] && !empty($_REQUEST['password'])) { $password = sha1($_REQUEST['password']); } // Update link data $DB->Update('UPDATE lx_links SET ' . 'site_url=?, ' . 'recip_url=?, ' . 'title=?, ' . 'description=?, ' . 'name=?, ' . 'email=?, ' . 'submit_ip=?, ' . 'keywords=?, ' . 'date_modified=?, ' . 'password=?, ' . 'has_recip=? ' . 'WHERE link_id=?', array($_REQUEST['site_url'], $_REQUEST['recip_url'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['name'], $_REQUEST['email'], $_SERVER['REMOTE_ADDR'], $_REQUEST['keywords'], MYSQL_NOW, $password, $scan_result['has_recip'], $link['link_id'])); // Update user defined fields UserDefinedUpdate('lx_link_fields', 'lx_link_field_defs', 'link_id', $_REQUEST['link_id'], $_REQUEST, FALSE); } // Get category information $categories = array(); $result = $DB->Query('SELECT * FROM lx_categories JOIN lx_link_cats USING (category_id) WHERE link_id=?', array($link['link_id'])); while ($category = $DB->NextRow($result)) { $category['path_parts'] = unserialize($category['path_parts']); $categories[] = $category; } $DB->Free($result); // Show confirmation page $t->assign_by_ref('categories', $categories); $t->assign_by_ref('user_fields', $fields); $t->assign_by_ref('link', $_REQUEST); $t->display('submit-edited.tpl'); flush(); // Send e-mail to appropriate administrators $result = $DB->Query('SELECT * FROM lx_administrators'); while ($admin = $DB->NextRow($result)) { if ($admin['notifications'] & E_LINK_EDIT) { SendMail($admin['email'], 'email-admin-link-edit.tpl', $t); } } $DB->Free($result); }