function txDownloadThumb() { global $json, $C; $out = array('status' => JSON_FAILURE); $id = md5($_REQUEST['thumb']); $cachefile = SafeFilename("_{$_REQUEST['gallery_id']}_" . $id . ".jpg", FALSE); if (!is_file("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}")) { $http = new Http(); if ($http->Get($_REQUEST['thumb'], TRUE, $_REQUEST['gallery_url'])) { FileWrite("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}", $http->body); } } $out['size'] = @getimagesize("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}"); if ($out['size'] !== FALSE) { $out['src'] = "{$C['install_url']}/cache/{$cachefile}"; $out['status'] = JSON_SUCCESS; } else { unlink("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}"); } echo $json->encode($out); }
function tlxAccountAdd() { global $C, $DB, $L, $IMAGE_EXTENSIONS, $t; unset($_REQUEST['banner_url_local']); // Get domain $parsed_url = parse_url($_REQUEST['site_url']); $_REQUEST['domain'] = preg_replace('~^www\\.~', '', $parsed_url['host']); $v = new Validator(); // Get selected category (if any) and set variables if (isset($_REQUEST['category_id'])) { $category = $DB->Row('SELECT * FROM `tlx_categories` WHERE `category_id`=? AND `hidden`=0', array($_REQUEST['category_id'])); if ($category) { $C['min_desc_length'] = $category['desc_min_length']; $C['max_desc_length'] = $category['desc_max_length']; $C['min_title_length'] = $category['title_min_length']; $C['max_title_length'] = $category['title_max_length']; $C['banner_max_width'] = $category['banner_max_width']; $C['banner_max_height'] = $category['banner_max_height']; $C['banner_max_bytes'] = $category['banner_max_bytes']; $C['allow_redirect'] = $category['allow_redirect']; } else { $v->SetError($L['INVALID_CATEGORY']); } } // See if username is taken if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE `username`=?', array($_REQUEST['username'])) > 0) { $v->SetError($L['USERNAME_TAKEN']); } // Check for duplicate account information if ($DB->Count('SELECT COUNT(*) FROM `tlx_accounts` WHERE `site_url`=? OR `email`=? OR `domain`=?', array($_REQUEST['site_url'], $_REQUEST['email'], $_REQUEST['domain'])) > 0) { $v->SetError($L['EXISTING_ACCOUNT']); } $v->Register($_REQUEST['username'], V_LENGTH, $L['USERNAME_LENGTH'], '4,32'); $v->Register($_REQUEST['username'], V_ALPHANUM, $L['INVALID_USERNAME']); $v->Register($_REQUEST['password'], V_LENGTH, $L['PASSWORD_LENGTH'], '4,9999'); $v->Register($_REQUEST['email'], V_EMAIL, $L['INVALID_EMAIL']); $v->Register($_REQUEST['site_url'], V_URL, sprintf($L['INVALID_URL'], $L['SITE_URL'])); $v->Register($_REQUEST['password'], V_NOT_EQUALS, $L['USERNAME_IS_PASSWORD'], $_REQUEST['username']); $v->Register($_REQUEST['password'], V_EQUALS, $L['PASSWORDS_DONT_MATCH'], $_REQUEST['confirm_password']); if (!IsEmptyString($_REQUEST['banner_url'])) { $v->Register($_REQUEST['banner_url'], V_URL, sprintf($L['INVALID_URL'], $L['BANNER_URL'])); } // Format keywords and check number if ($C['allow_keywords']) { $_REQUEST['keywords'] = FormatSpaceSeparated($_REQUEST['keywords']); $keywords = explode(' ', $_REQUEST['keywords']); $v->Register(count($keywords), V_LESS_EQ, sprintf($L['MAXIMUM_KEYWORDS'], $C['max_keywords']), $C['max_keywords']); } else { $_REQUEST['keywords'] = null; } // Verify captcha code if ($C['account_add_captcha']) { VerifyCaptcha($v); } // Initial validation if (!$v->Validate()) { return $v->ValidationError('tlxShAccountAdd', TRUE); } // Check if the site URL is working $http = new Http(); if ($http->Get($_REQUEST['site_url'], $C['allow_redirect'])) { $_REQUEST['html'] = $http->body; $_REQUEST['headers'] = $http->raw_response_headers; } else { $v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['site_url'], $http->errstr)); } // Check the blacklist $blacklisted = CheckBlacklistAccount($_REQUEST); if ($blacklisted !== FALSE) { $v->SetError(sprintf($blacklisted[0]['reason'] ? $L['BLACKLISTED_REASON'] : $L['BLACKLISTED'], $blacklisted[0]['match'], $blacklisted[0]['reason'])); } // Check site title and description length $v->Register($_REQUEST['title'], V_LENGTH, sprintf($L['TITLE_LENGTH'], $C['min_title_length'], $C['max_title_length']), "{$C['min_title_length']},{$C['max_title_length']}"); $v->Register($_REQUEST['description'], V_LENGTH, sprintf($L['DESCRIPTION_LENGTH'], $C['min_desc_length'], $C['max_desc_length']), "{$C['min_desc_length']},{$C['max_desc_length']}"); // Validation of user defined fields $fields =& GetUserAccountFields(); foreach ($fields as $field) { if ($field['on_create']) { if ($field['required_create']) { $v->Register($_REQUEST[$field['name']], V_EMPTY, sprintf($L['REQUIRED_FIELD'], $field['label'])); } if (!IsEmptyString($_REQUEST[$field['name']]) && $field['validation']) { $v->Register($_REQUEST[$field['name']], $field['validation'], $field['validation_message'], $field['validation_extras']); } } } // Download banner to check size $banner_file = null; if (!IsEmptyString($_REQUEST['banner_url']) && ($C['download_banners'] || $C['host_banners'])) { $http = new Http(); if ($http->Get($_REQUEST['banner_url'], TRUE, $_REQUEST['site_url'])) { $banner_file = SafeFilename("{$C['banner_dir']}/{$_REQUEST['username']}.jpg", FALSE); FileWrite($banner_file, $http->body); $banner_info = @getimagesize($banner_file); if ($banner_info !== FALSE) { $_REQUEST['banner_width'] = $banner_info[0]; $_REQUEST['banner_height'] = $banner_info[1]; if (filesize($banner_file) > $C['banner_max_bytes']) { $v->SetError(sprintf($L['BAD_BANNER_BYTES'], $C['banner_max_bytes'])); } if ($C['host_banners']) { if (isset($IMAGE_EXTENSIONS[$banner_info[2]])) { $banner_ext = strtolower($IMAGE_EXTENSIONS[$banner_info[2]]); if ($banner_ext != 'jpg') { $new_file = preg_replace('~\\.jpg$~', ".{$banner_ext}", $banner_file); rename($banner_file, $new_file); $banner_file = $new_file; } $_REQUEST['banner_url_local'] = "{$C['banner_url']}/{$_REQUEST['username']}.{$banner_ext}"; } else { $v->SetError($L['BAD_BANNER_IMAGE']); } } else { @unlink($banner_file); $banner_file = null; } } else { $v->SetError($L['BAD_BANNER_IMAGE']); } } else { $v->SetError(sprintf($L['BROKEN_URL'], $_REQUEST['banner_url'], $http->errstr)); } } // Check banner dimensions if ($_REQUEST['banner_width'] > $C['banner_max_width'] || $_REQUEST['banner_height'] > $C['banner_max_height']) { $v->SetError(sprintf($L['BAD_BANNER_SIZE'], $C['banner_max_width'], $C['banner_max_height'])); } // Force banner dimensions if ($C['banner_force_size']) { $_REQUEST['banner_width'] = $C['banner_max_width']; $_REQUEST['banner_height'] = $C['banner_max_height']; } if (!$v->Validate()) { if (!empty($banner_file)) { @unlink($banner_file); } return $v->ValidationError('tlxShAccountAdd', TRUE); } $_REQUEST['status'] = STATUS_ACTIVE; $email_template = 'email-account-added.tpl'; if ($C['confirm_accounts']) { $_REQUEST['status'] = STATUS_UNCONFIRMED; $email_template = 'email-account-confirm.tpl'; $confirm_id = md5(uniqid(rand(), true)); $t->assign('confirm_url', "{$C['install_url']}/accounts.php?r=confirm&id={$confirm_id}"); $DB->Update('INSERT INTO `tlx_account_confirms` VALUES (?,?,?)', array($_REQUEST['username'], $confirm_id, MYSQL_NOW)); } else { if ($C['review_new_accounts']) { $_REQUEST['status'] = STATUS_PENDING; $email_template = 'email-account-pending.tpl'; } } // Add account information $DB->Update('INSERT INTO `tlx_accounts` VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)', array($_REQUEST['username'], $_REQUEST['email'], $_REQUEST['site_url'], $_REQUEST['domain'], $_REQUEST['banner_url'], $_REQUEST['banner_url_local'], $_REQUEST['banner_height'], $_REQUEST['banner_width'], $_REQUEST['title'], $_REQUEST['description'], $_REQUEST['keywords'], MYSQL_NOW, $_REQUEST['status'] == STATUS_ACTIVE ? MYSQL_NOW : null, MYSQL_NOW, sha1($_REQUEST['password']), $C['return_percent'], $_REQUEST['status'], 0, 0, 0, $_REQUEST['category_id'], null, null, 0, 0, 0, null, null)); // Create stats tracking data $stats_data = array_merge(array($_REQUEST['username']), array_fill(0, 127, 0)); $DB->Update('INSERT INTO `tlx_account_hourly_stats` VALUES (' . CreateBindList($stats_data) . ')', $stats_data); // Insert user defined database fields $query_data = CreateUserInsert('tlx_account_fields', $_REQUEST); $DB->Update('INSERT INTO `tlx_account_fields` VALUES (' . $query_data['bind_list'] . ')', $query_data['binds']); // Assign template values $_REQUEST['category'] = $category['name']; $t->assign_by_ref('account', $_REQUEST); $t->assign_by_ref('user_fields', $fields); $t->assign('tracking_url', $C['tracking_mode'] == 'unique_link' ? "{$C['in_url']}?id={$_REQUEST['username']}" : $C['in_url']); // Send e-mail to account submitter if ($C['confirm_accounts'] || $C['email_new_accounts']) { SendMail($_REQUEST['email'], $email_template, $t); } // Send e-mail to administrators $administrators =& $DB->FetchAll('SELECT * FROM `tlx_administrators`'); foreach ($administrators as $administrator) { if ($administrator['notifications'] & E_ACCOUNT_ADDED) { SendMail($administrator['email'], 'email-admin-account-added.tpl', $t); } } // Display confirmation page $t->display('accounts-added.tpl'); }
function DisplayTest() { global $allowed_chars, $C; $font_file = SafeFilename("{$C['font_dir']}/{$_SERVER['QUERY_STRING']}"); $font_size = 24; $gdinfo = gd_info(); $code = join(' ', $allowed_chars); $bounds = imagettfbbox($font_size, 0, $font_file, $code); $image_height = $bounds[1] - $bounds[7] + 10; $image_width = $bounds[2] + 10; // Create a new image $image = imagecreatetruecolor($image_width, $image_height); // Allocate the colors for the image $bg_color = imagecolorallocate($image, 240, 240, 220); $font_color = imagecolorallocate($image, 0, 0, 0); // Fill the image with the background color imagefill($image, 0, 0, $bg_color); // Write the submit code onto the image imagettftext($image, $font_size, 0, 5 + $bounds[6], $image_height - $bounds[1] - 5, $font_color, $font_file, $code); // Display the image if ($gdinfo['PNG Support']) { header("Content-type: image/png"); imagepng($image); } else { header("Content-type: image/jpeg"); imagejpeg($image); } }
function txCrop() { global $DB, $C, $L, $t, $domain; $gallery = $DB->Row('SELECT * FROM `tx_galleries` WHERE `gallery_id`=?', array($_REQUEST['gallery_id'])); if ($gallery) { if ($gallery['has_preview']) { $t->assign('error', $L['PREVIEW_EXISTS']); $t->display($domain['template_prefix'] . 'error-nice.tpl'); return; } // Defaults $gallery['status'] = 'pending'; $gallery['date_approved'] = null; $gallery['administrator'] = null; $partner = null; // Get category and format information $categories =& CategoriesFromTags($gallery['categories']); $format = GetCategoryFormat($gallery['format'], $categories[0]); $annotation =& LoadAnnotation($format['annotation'], $categories[0]['name']); $imagefile = SafeFilename("{$GLOBALS['BASE_DIR']}/cache/{$_REQUEST['imagefile']}"); $i = GetImager(); $i->ResizeCropper($imagefile, $format['preview_size'], $_REQUEST, $annotation); $preview = AddPreview($gallery['gallery_id'], $format['preview_size'], $imagefile); $gallery['preview_url'] = $preview['url']; // Load gallery information to determine how to process the gallery $whitelisted = CheckWhitelist($gallery); if ($gallery['partner']) { $partner = $DB->Row('SELECT * FROM `tx_partners` WHERE `username`=?', array($gallery['partner'])); } $whitelisted = MergeWhitelistOptions($whitelisted, $partner); // Determine gallery status $autoapprove_general = empty($partner) && !$C['require_confirm'] && ($C['allow_autoapprove'] || $whitelisted['allow_autoapprove']); $autoapprove_partner = !empty($partner) && $partner['allow_noconfirm'] && $whitelisted['allow_autoapprove']; if ($autoapprove_general || $autoapprove_partner) { $gallery['status'] = 'approved'; $gallery['date_approved'] = MYSQL_NOW; $gallery['administrator'] = 'AUTO'; } else { if (empty($partner) && $C['require_confirm'] || !empty($partner) && !$partner['allow_noconfirm'] && $C['require_confirm']) { $gallery['status'] = 'unconfirmed'; $gallery['confirm_id'] = md5(uniqid(rand(), true)); } } // Update gallery data $DB->Update('UPDATE `tx_galleries` SET `status`=?,`date_approved`=?,`administrator`=?,`has_preview`=? WHERE `gallery_id`=?', array($gallery['status'], $gallery['date_approved'], $gallery['administrator'], 1, $gallery['gallery_id'])); // Get category $categories =& CategoriesFromTags($gallery['categories']); $gallery['category'] = $categories[0]['name']; // Assign gallery data to the template $fields =& GetUserGalleryFields($gallery); $t->assign_by_ref('gallery', $gallery); $t->assign_by_ref('user_fields', $fields); // Handle confirmation if ($gallery['status'] == 'unconfirmed') { SendMail($gallery['email'], $domain['template_prefix'] . 'email-gallery-confirm.tpl', $t); $DB->Update('INSERT INTO `tx_gallery_confirms` VALUES (?,?,?)', array($gallery['gallery_id'], $gallery['confirm_id'], MYSQL_NOW)); } // Update number of submitted galleries if partner account if ($partner) { $DB->Update('UPDATE `tx_partners` SET `submitted`=`submitted`+1,`date_last_submit`=? WHERE `username`=?', array(MYSQL_NOW, $partner['username'])); } // Update the date of last submission for this category $DB->Update('UPDATE `tx_categories` SET `date_last_submit`=? WHERE `category_id`=?', array(MYSQL_NOW, $categories[0]['category_id'])); $t->display($domain['template_prefix'] . 'submit-complete.tpl'); } else { $t->assign('error', $L['BAD_GALLERY_ID']); $t->display($domain['template_prefix'] . 'error-nice.tpl'); } }
function txDownloadThumb() { global $DB, $json, $C; $out = array('status' => JSON_FAILURE); $id = md5($_REQUEST['thumb']); $cachefile = SafeFilename("_{$_REQUEST['gallery_id']}_" . $id . ".jpg", FALSE); if (!is_file("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}")) { $http = new Http(); if ($http->Get($_REQUEST['thumb'], TRUE, $_REQUEST['gallery_url'])) { FileWrite("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}", $http->body); } } $out['size'] = @getimagesize("{$GLOBALS['BASE_DIR']}/cache/{$cachefile}"); if ($out['size'] !== FALSE) { if ($out['size'][0] >= $C['min_thumb_width'] && $out['size'][1] >= $C['min_thumb_height'] && $out['size'][0] <= $C['max_thumb_width'] && $out['size'][1] <= $C['max_thumb_height']) { $out['src'] = "{$C['install_url']}/cache/{$cachefile}"; $out['status'] = JSON_SUCCESS; $out['id'] = $id; } else { $out['message'] = "Downloading " . htmlspecialchars($_REQUEST['thumb']) . " failed: image size of {$out['size'][0]}x{$out['size'][1]} is " . "not within the range of {$C['min_thumb_width']}x{$C['min_thumb_height']} to {$C['max_thumb_width']}x{$C['max_thumb_height']}"; } } else { $out['message'] = "Downloading " . htmlspecialchars($_REQUEST['thumb']) . " failed: not a valid image file"; } echo $json->encode($out); }
function tlxAccountEditProcess() { global $DB, $json, $C, $L; VerifyPrivileges(P_ACCOUNT_MODIFY, TRUE); if ($_REQUEST['w'] == 'reject') { $DB->Update('UPDATE `tlx_accounts` SET `edited`=0,`edit_data`=NULL WHERE `username`=?', array($_REQUEST['username'])); } else { if ($_REQUEST['w'] == 'approve') { $account = $DB->Row('SELECT * FROM `tlx_accounts` WHERE `username`=?', array($_REQUEST['username'])); $edits = unserialize(base64_decode($account['edit_data'])); if ($edits) { if ($edits['banner_data']) { $parsed = parse_url($edits['banner_url_local']); if ($parsed !== FALSE) { $banner_file = SafeFilename("{$C['banner_dir']}/" . basename($parsed['path']), FALSE); FileWrite($banner_file, $edits['banner_data']); } unset($edits['banner_data']); } $user_fields = $DB->GetColumns('tlx_account_fields'); $default_updates = array("`edited`=?", "`edit_data`=?"); $default_updates_binds = array(0, null); $user_updates = array(); $user_updates_binds = array(); foreach ($edits as $name => $value) { $name = str_replace('`', '\\`', $name); $value = mysql_real_escape_string($value, $DB->handle); if (in_array($name, $user_fields)) { $user_updates[] = "`{$name}`=?"; $user_updates_binds[] = $value; } else { $default_updates[] = "`{$name}`=?"; $default_updates_binds[] = $value; } } $user_updates_binds[] = $_REQUEST['username']; $default_updates_binds[] = $_REQUEST['username']; if (count($user_updates)) { $DB->Update('UPDATE `tlx_account_fields` SET ' . join(',', $user_updates) . ' WHERE `username`=?', $user_updates_binds); } $DB->Update('UPDATE `tlx_accounts` SET ' . join(',', $default_updates) . ' WHERE `username`=?', $default_updates_binds); } } } echo $json->encode(array('status' => JSON_SUCCESS)); }
function lxSaveEmailTemplate() { global $DB, $C; VerifyAdministrator(); CheckAccessList(); $_REQUEST['plain'] = trim($_REQUEST['plain']); $_REQUEST['html'] = trim($_REQUEST['html']); $ini_data = IniWrite(null, $_REQUEST, array('subject', 'plain', 'html')); $compiled_code = ''; $compiler = new Compiler(); if ($compiler->compile($ini_data, $compiled_code)) { $template_file = SafeFilename("{$GLOBALS['BASE_DIR']}/templates/{$_REQUEST['loaded_template']}"); FileWrite($template_file, $ini_data); $GLOBALS['message'] = 'Template has been successully saved'; } else { $GLOBALS['errstr'] = "Template could not be saved:<br />" . nl2br($compiler->get_error_string()); } lxShEmailTemplates(); }
function DoDatabaseRestore($args, $cli = FALSE) { global $DB, $C; $message = 'The database restore function has been started, please allow a few minutes for it to complete...'; $sql_file = SafeFilename("{$GLOBALS['BASE_DIR']}/data/{$args['sql-file']}", FALSE); $thumbs_file = empty($args['thumbs-file']) ? null : SafeFilename("{$GLOBALS['BASE_DIR']}/data/{$args['thumbs-file']}", FALSE); // Running from the command line if ($cli) { $to_archive = array($sql_file); if (!empty($C['mysql'])) { $command = "{$C['mysql']} " . "-u" . escapeshellarg($C['db_username']) . " " . "-p" . escapeshellarg($C['db_password']) . " " . "-h" . escapeshellarg($C['db_hostname']) . " " . escapeshellarg($C['db_name']) . " " . "<" . escapeshellarg($sql_file); shell_exec($command); } else { RestoreSQLTables($sql_file); } if (!empty($args['thumbs-file'])) { RestoreThumbnails($thumbs_file); } } else { if ($C['shell_exec'] && !empty($C['php_cli'])) { $command = "{$C['php_cli']} cron.php --restore " . "--sql-file=" . escapeshellarg($args['sql-file']) . " " . "--thumbs-file=" . escapeshellarg($args['thumbs-file']) . " " . ">/dev/null 2>&1 &"; shell_exec($command); } else { RestoreSQLTables($sql_file); if (!empty($args['thumbs-file'])) { RestoreThumbnails($thumbs_file); } $message = 'The database restore has been completed'; } } return $message; }
function txScriptTemplateSave() { global $DB, $C; VerifyAdministrator(); CheckAccessList(); $_REQUEST['code'] = trim($_REQUEST['code']); // Compile global templates first, if this is not one if (!preg_match('~global-~', $_REQUEST['loaded_template'])) { $t = new Template(); foreach (glob("{$GLOBALS['BASE_DIR']}/templates/*global-*.tpl") as $global_template) { $t->compile_template(basename($global_template)); } } $compiled_code = ''; $compiler = new Compiler(); if ($compiler->compile($_REQUEST['code'], $compiled_code)) { $template_file = SafeFilename("{$GLOBALS['BASE_DIR']}/templates/{$_REQUEST['loaded_template']}"); FileWrite($template_file, $_REQUEST['code']); $compiled_file = SafeFilename("{$GLOBALS['BASE_DIR']}/templates/compiled/{$_REQUEST['loaded_template']}", FALSE); FileWrite($compiled_file, $compiled_code); $GLOBALS['message'] = 'Template has been successully saved'; } else { $GLOBALS['errstr'] = "Template could not be saved:<br />" . nl2br($compiler->get_error_string()); } $GLOBALS['warnstr'] = CheckTemplateCode($_REQUEST['code']); // Recompile all templates if a global template was updated if (preg_match('~global-~', $_REQUEST['loaded_template'])) { RecompileTemplates(); } txShScriptTemplates(); }