Пример #1
0
function tbxUploadStepOne()
{
    global $t;
    $v = Validator::Create();
    $_REQUEST['tags'] = Tags::Format($_REQUEST['tags']);
    $v->Register($_REQUEST['title'], Validator_Type::LENGTH_BETWEEN, _T('Validation:Invalid Length', _T('Label:Title'), Config::Get('title_min_length'), Config::Get('title_max_length')), Config::Get('title_min_length') . ',' . Config::Get('title_max_length'));
    $v->Register($_REQUEST['description'], Validator_Type::LENGTH_BETWEEN, _T('Validation:Invalid Length', _T('Label:Description'), Config::Get('description_min_length'), Config::Get('description_max_length')), Config::Get('description_min_length') . ',' . Config::Get('description_max_length'));
    $v->Register(Tags::Count($_REQUEST['tags']), Validator_Type::IS_BETWEEN, _T('Validation:Invalid Num Tags', Config::Get('tags_min'), Config::Get('tags_max')), Config::Get('tags_min') . ',' . Config::Get('tags_max'));
    // Register user-defined field validators
    $schema = GetDBSchema();
    $v->RegisterFromXml($schema->el('//table[name="tbx_video_custom"]'), 'user', 'create');
    // Check blacklist
    $_REQUEST['ip_address'] = $_SERVER['REMOTE_ADDR'];
    if (($match = Blacklist::Match($_REQUEST, Blacklist::ITEM_VIDEO)) !== false) {
        $v->SetError(_T('Validation:Blacklisted', $match['match']));
    }
    // Validate CAPTCHA
    if (Config::Get('flag_captcha_on_upload')) {
        Captcha::Verify();
    }
    if (!$v->Validate()) {
        $t->Assign('g_errors', $v->GetErrors());
        $t->AssignByRef('g_form', $_REQUEST);
        return tbxDisplayUpload();
    }
    $_REQUEST['step_one_data'] = base64_encode(serialize($_REQUEST));
    $_REQUEST['step_one_sig'] = sha1($_REQUEST['step_one_data'] . Config::Get('random_value'));
    $t->Assign('g_file_types', '*.' . str_replace(',', ';*.', Config::Get('upload_extensions')));
    $t->Assign('g_cookie', $_COOKIE[LOGIN_COOKIE]);
    $t->AssignByRef('g_form', $_REQUEST);
    $t->Display('upload-step-two.tpl');
}
Пример #2
0
function tbxRegister()
{
    global $t;
    $DB = GetDB();
    $v = Validator::Create();
    $v->Register($_REQUEST['username'], Validator_Type::NOT_EMPTY, _T('Validation:Required', _T('Label:Username')));
    $v->Register($_REQUEST['username'], Validator_Type::IS_ALPHANUM, _T('Validation:Alphanumeric', _T('Label:Username')));
    $v->Register($DB->QueryCount('SELECT COUNT(*) FROM `tbx_user` WHERE `username`=?', array($_REQUEST['username'])), Validator_Type::IS_ZERO, _T('Validation:Username Taken'));
    $v->Register($_REQUEST['password'], Validator_Type::NOT_EMPTY, _T('Validation:Required', _T('Label:Password')));
    $v->Register($_REQUEST['password'], Validator_Type::LENGTH_GREATER_EQ, _T('Validation:Length Greater Equal', _T('Label:Password'), 8), 8);
    $v->Register($_REQUEST['password'], Validator_Type::EQUALS, _T('Validation:Passwords do not match'), $_REQUEST['confirm_password']);
    $v->Register($_REQUEST['email'], Validator_Type::NOT_EMPTY, _T('Validation:Required', _T('Label:E-mail')));
    $v->Register($_REQUEST['email'], Validator_Type::VALID_EMAIL, _T('Validation:E-mail', _T('Label:E-mail')));
    $v->Register($DB->QueryCount('SELECT COUNT(*) FROM `tbx_user` WHERE `email`=?', array($_REQUEST['email'])), Validator_Type::IS_ZERO, _T('Validation:E-mail Taken'));
    $v->Register($_REQUEST['name'], Validator_Type::NOT_EMPTY, _T('Validation:Required', _T('Label:Name')));
    $v->Register(empty($_REQUEST['birth_month']) || empty($_REQUEST['birth_day']) || empty($_REQUEST['birth_year']), Validator_Type::IS_FALSE, _T('Validation:Birthday Required'));
    $v->Register($_REQUEST['gender'], Validator_Type::NOT_EMPTY, _T('Validation:Required', _T('Label:Gender')));
    $v->Register($_REQUEST['terms'], Validator_Type::NOT_EMPTY, _T('Validation:Accept Terms'));
    // Register user-defined field validators
    $schema = GetDBSchema();
    $v->RegisterFromXml($schema->el('//table[name="tbx_user_custom"]'), 'user', 'create');
    // Check blacklist
    $_REQUEST['ip_address'] = $_SERVER['REMOTE_ADDR'];
    if (($match = Blacklist::Match($_REQUEST, Blacklist::ITEM_USER)) !== false) {
        $v->SetError(_T('Validation:Blacklisted', $match['match']));
    }
    // Check CAPTCHA
    if (Config::Get('flag_captcha_on_signup')) {
        Captcha::Verify();
    }
    if (!$v->Validate()) {
        $t->Assign('g_errors', $v->GetErrors());
        $t->Assign('g_form', $_REQUEST);
        return tbxDisplayRegister();
    }
    // Format data
    $_REQUEST['date_birth'] = $_REQUEST['birth_year'] . '-' . $_REQUEST['birth_month'] . '-' . $_REQUEST['birth_day'];
    $_REQUEST['date_created'] = Database_MySQL::Now();
    $_REQUEST['user_level_id'] = $DB->QuerySingleColumn('SELECT `user_level_id` FROM `tbx_user_level` WHERE `is_default`=1');
    $_REQUEST['password'] = sha1($_REQUEST['password']);
    // Strip HTML tags
    if (Config::Get('flag_user_strip_tags')) {
        $_REQUEST = String::StripTags($_REQUEST);
    }
    // Prepare fields for database
    Form_Prepare::Standard('tbx_user');
    Form_Prepare::Standard('tbx_user_stat');
    Form_Prepare::Custom('tbx_user_custom_schema', 'on_submit');
    // Setup account status
    $_REQUEST['status'] = STATUS_ACTIVE;
    $email_template = 'email-user-added.tpl';
    if (Config::Get('flag_user_confirm_email')) {
        $_REQUEST['status'] = STATUS_SUBMITTED;
        $email_template = 'email-user-confirm.tpl';
    } else {
        if (Config::Get('flag_user_approve')) {
            $_REQUEST['status'] = STATUS_PENDING;
            $email_template = 'email-user-pending.tpl';
        }
    }
    // Add data to the database
    DatabaseAdd('tbx_user', $_REQUEST);
    DatabaseAdd('tbx_user_custom', $_REQUEST);
    DatabaseAdd('tbx_user_stat', $_REQUEST);
    if ($_REQUEST['status'] == STATUS_SUBMITTED) {
        $_REQUEST['register_code'] = sha1(uniqid(mt_rand(), true));
        $_REQUEST['timestamp'] = time();
        DatabaseAdd('tbx_user_register_code', $_REQUEST);
        $t->Assign('g_code', $_REQUEST['register_code']);
    }
    $t->AssignByRef('g_user', $_REQUEST);
    $t->AssignByRef('g_form', $_REQUEST);
    // Send e-mail message
    $m = new Mailer();
    $m->Mail($email_template, $t, $_REQUEST['email'], $_REQUEST['name']);
    // Display confirmation
    $t->Display('user-register-complete.tpl');
}
Пример #3
0
 $DB = GetDB();
 $video = $DB->Row('SELECT * FROM `tbx_video` WHERE `video_id`=?', array($_REQUEST['video_id']));
 $username = AuthenticateUser::GetUsername();
 $video_id = $_REQUEST['video_id'];
 $comment = $_REQUEST['comment'];
 $max_length = Config::Get('comment_max_length');
 $throttle = Config::Get('comment_throttle_period');
 if (!empty($video)) {
     $v = Validator::Create();
     $v->Register($video['allow_comments'], Validator_Type::NOT_EQUALS, _T('Validation:Comments disabled'), COMMENTS_NO);
     $v->Register($_REQUEST['comment'], Validator_Type::NOT_EMPTY, _T('Validation:Required', _T('Label:Comment')));
     $v->Register($_REQUEST['comment'], Validator_Type::LENGTH_LESS_EQ, _T('Validation:Length too long', _T('Label:Comment'), $max_length), $max_length);
     $v->Register($DB->QueryCount('SELECT COUNT(*) FROM `tbx_video_comment` WHERE `video_id`=? AND `username`=? AND `date_commented`>=DATE_SUB(?, INTERVAL ? SECOND)', array($video_id, $username, Database_MySQL::Now(), $throttle)), Validator_Type::IS_ZERO, _T('Validation:Comment throttle', $throttle));
     // Check blacklist
     $_REQUEST['ip_address'] = $_SERVER['REMOTE_ADDR'];
     if (($match = Blacklist::Match($_REQUEST, Blacklist::ITEM_COMMENT)) !== false) {
         $v->SetError(_T('Validation:Blacklisted', $match['match']));
     }
     // Validate CAPTCHA
     if (Config::Get('flag_captcha_on_comment')) {
         Captcha::Verify();
     }
     if (!$v->Validate()) {
         echo join('<br />', $v->GetErrors());
         return;
     }
     $_REQUEST['username'] = $username;
     $_REQUEST['status'] = $video['allow_comments'] == COMMENTS_APPROVE ? STATUS_PENDING : STATUS_ACTIVE;
     $_REQUEST['date_commented'] = Database_MySQL::Now();
     // Strip HTML tags
     if (Config::Get('flag_comment_strip_tags')) {