// the watchers? if ($objid == 0) { $isUpdated = true; } else { $isUpdated = $_POST["fullURL"] != $objData["objImageURL"]; } $values1 = array("objTitle" => $_POST["title"], "objFolder" => $folder, "objThumbWidth" => $thumbInfo[0], "objThumbHeight" => $thumbInfo[1], "objThumbURL" => $_POST["thumbURL"], "objLastEdit!" => "NOW()", "objMature" => $filters); $values2 = array("objImageWidth" => $fullInfo[0], "objImageHeight" => $fullInfo[1], "objImageSize" => $fullSize, "objImageURL" => $_POST["fullURL"], "objPreviewWidth" => $previewInfo[0], "objPreviewHeight" => $previewInfo[1], "objPreviewURL" => $_POST["previewURL"], "objComment" => $_POST["comment"], "objEditIp" => getHexIp($_SERVER["REMOTE_ADDR"])); if ($objid == 0) { $values1["objCreator"] = $objCreator; $values1["objSubmitDate!"] = "NOW()"; sql_query("INSERT INTO `extras`" . dbValues($values1)); $objid = mysql_insert_id(); $values2["objEid"] = $objid; $values2["objSubmitIp"] = getHexIp($_SERVER["REMOTE_ADDR"]); sql_query("INSERT INTO `extExtData`" . dbValues($values2)); } else { $values2["objNumEdits"] = $objData["objNumEdits"] + 1; $values2["objNoAbuse"] = 0; sql_query("UPDATE `extras`" . dbSet($values1) . dbWhere(array("objid" => $objid))); sql_query("UPDATE `extExtData`" . dbSet($values2) . dbWhere(array("objEid" => $objid))); } if ($isUpdated && $objCreator == $_auth["useid"]) { // Notify the watchers. addUpdateToWatchers(updTypeArtExtra, $objCreator, $objid); } redirect(url("view/e" . $objid)); } } ?> <div class="caption"><?php
<?php $_documentTitle = "Administrative Chat"; if (!atLeastHelpdesk()) { include INCLUDES . "p_notfound.php"; return; } if (isset($_POST["submitLog"])) { sql_query("INSERT INTO `adminChat`" . dbValues(array("adcText" => str_replace("\r\n", "\n", $_POST['modMessage']), "adcCreator" => $_auth["useid"], "adcSubmitDate!" => "NOW()"))); redirect(url(".")); } $modOffset = isset($_GET["offset"]) ? $_GET["offset"] : "0"; ?> <div class="header"> <div class="header_title"> <?php echo _ADMINISTRATION; ?> <div class="subheader">Admin Chat</div> </div> <?php $active = 6; include INCLUDES . "mod_adminmenu.php"; ?> </div> <div class="container"> <h1>Site Statistics</h1> <div class="container2 mar_bottom"> <?php //facs 2011-09-15
// Twit List $ignoreList = preg_split('/[^a-zA-Z0-9]/', $_POST["ignoreList"], -1, PREG_SPLIT_NO_EMPTY); $twit = array(); foreach ($ignoreList as $username) { $useResult = sql_query("SELECT `useid` FROM `users`" . dbWhere(array("useUsername" => $username))); if ($useData = mysql_fetch_assoc($useResult)) { if ($useData["useid"] != $_auth["useid"]) { $twit[] = $useData["useid"]; } } mysql_free_result($useResult); } sql_query("DELETE FROM `twitList`" . dbWhere(array("twtCreator" => $_auth["useid"]))); $twit = array_unique($twit); foreach ($twit as $useid) { sql_query("INSERT INTO `twitList`" . dbValues(array("twtCreator" => $_auth["useid"], "twtBadUser" => $useid))); } recountAllUpdates($_auth["useid"]); // Update the database sql_query("UPDATE `useExtData`" . dbSet(array("useSignature" => $_auth["useSignature"], "useNoSig" => $_auth["useNoSig"], "useNoEmoticons" => $_auth["useNoEmoticons"], "useNoBBCode" => $_auth["useNoBBCode"], "useNotifyWatch" => $_auth["useNotifyWatch"], "useNotifyFavs" => $_auth["useNotifyFavs"])) . dbWhere(array("useEid" => $_auth["useid"]))); notice(_SET_SAVED); } // ====================================================================================================== // FOUND NEW CLUB // ====================================================================================================== ?> <?php iefixStart(); ?> <div class="sep largetext"><?php echo _CLUB_FOUND;
function addModeratorLog($useid, $message) { global $_auth; sql_query("INSERT INTO `modlogs`" . dbValues(array("modSubmitDate!" => "NOW()", "modModerator" => $_auth["useid"], "modUser" => $useid, "modMessage" => $message))); }
<div class="rightside"> <?php $hidePMSender = false; if (isset($_POST["sendReply"])) { $title = $_POST["title"]; if ($title == "") { // Make sure the title is not blank. $title = _PM_UNTITLED; } $comment = substr($_POST["comment"], 0, 40000); // Add the comment to the database. $composeFor = intval($_POST["composeFor"]); if ($composeFor != 0) { $userIp = getHexIp($_SERVER["REMOTE_ADDR"]); sql_query("INSERT INTO `pms`" . dbValues(array("pmsObj" => intval($_POST["parentComment"]), "pmsCreator" => $_auth["useid"], "pmsPmUser" => $composeFor, "pmsSubmitDate!" => "NOW()", "pmsTitle" => $title, "pmsComment" => $comment, "pmsSubmitIp" => $userIp, "pmsEditIp" => $userIp, "pmsNoEmoticons" => isset($_POST["commentNoEmoticons"]) ? 1 : 0, "pmsNoSig" => isset($_POST["commentNoSig"]) ? 1 : 0, "pmsNoBBCode" => isset($_POST["commentNoBBCode"]) ? 1 : 0))); $comid = mysql_insert_id(); // Add the unread message notification to the target user's // updates. addUpdate(updTypePM, $composeFor, $comid, $_auth["useid"]); // Redirect the browser to the newly created message. redirect(url("pm/read/" . $comid)); } } if (isset($_GET["composeFor"])) { $composeFor = preg_replace('/[^a-zA-Z0-9]/', "", $_GET["composeFor"]); $result = sql_query("SELECT `useid` FROM `users` " . "WHERE `useUsername` = '{$composeFor}' LIMIT 1"); if (mysql_num_rows($result) > 0) { $composeFor = mysql_result($result, 0); } else { $composeFor = 0;
function addUpdate($type, $creator, $object = 0, $user = 0) { switch ($type) { case updTypeMessageFav: $useResult = sql_query("SELECT `useNotifyFavs` FROM `useExtData`" . dbWhere(array("useEid" => $creator))); if (!($useData = mysql_fetch_assoc($useResult))) { return; } // User not found. if (!$useData["useNotifyFavs"]) { return; } // This user would like not to be notified about +favs. mysql_free_result($useResult); break; case updTypeMessageWatchClub: case updTypeMessageWatch: $useResult = sql_query("SELECT `useNotifyWatch` FROM `useExtData`" . dbWhere(array("useEid" => $creator))); if (!($useData = mysql_fetch_assoc($useResult))) { return; } // User not found. if (!$useData["useNotifyWatch"]) { return; } // This user would like not to be notified about +watches. mysql_free_result($useResult); break; } // Check if this is Extras that the user doesn't want to receive. if ($type == updTypeArtExtra) { $result = sql_query("SELECT `useHideExtras` FROM `useExtData`" . dbWhere(array("useEid" => $creator))); if (mysql_num_rows($result) > 0 && mysql_result($result, 0)) { return; } } // Check if such update already exists in order to avoid duplicate // updates (for ex. +fav the same submission 2+ times in a row). $values = array("updType" => $type, "updCreator" => $creator, "updObj" => $object, "updUser" => $user); $result = sql_query("SELECT COUNT(*) FROM `updates`" . dbWhere($values) . "LIMIT 1"); if (mysql_result($result, 0) == 0) { // Not found? Then we should add it. $values["updDate!"] = "NOW()"; sql_query("INSERT INTO `updates`" . dbValues($values)); } recountUpdates($type, $creator); }
echo _KEYWORDS_HINT; ?> </div> <?php if (isset($_POST["submitKeywords"])) { reset($_POST); foreach ($_POST as $postKey => $postVar) { if (preg_match('/^addKeywordsUnder[0-9]+$/', $postKey) && $postVar) { $addUnder = intval(preg_replace('/^addKeywordsUnder/', "", $postKey)); $keywords = preg_split('/\\;/', $postVar, -1, PREG_SPLIT_NO_EMPTY); foreach ($keywords as $keyWord) { $keyWord = trim($keyWord); if (!$keyWord) { continue; } sql_query("INSERT INTO `keywords`" . dbValues(array("keyWord" => $keyWord, "keySubcat" => $addUnder))); } } } } if (isset($_GET["updated"])) { ?> Keywords added/updated. <form action="<?php echo url("."); ?> " method="get"> <div class="sep"> <button class="submit" name="submitKeywords" type="submit"> <?php echo getIMG(url() . "images/emoticons/nav-prev.png");
function updateFilterKeywords($objid) { global $_config; $KW = array(); $kwList = preg_split('/[\\s\\,\\;]/', $_config["filterKeywordAssoc"], 64, PREG_SPLIT_NO_EMPTY); foreach ($kwList as $kw1) { list($fltid, $keyid) = preg_split('/\\=/', $kw1, 2); $KW[$fltid] = $keyid; } // Update object's objMature field by enabling all required filters // according to the chosen keywords. $filters = getFiltersByObject($objid); /* $sql = "SELECT `objMature` FROM `objects`".dbWhere( array( "objid" => $objid )); $objResult = sql_query( $sql ); if( $objData = mysql_fetch_assoc( $objResult )) { $filters2 = preg_split( '/\,/', $objData[ "objMature" ], 0, PREG_SPLIT_NO_EMPTY ); $filters = array_unique( array_merge( $filters, $filters2 )); } mysql_free_result( $objResult ); */ $sql = "UPDATE `objects`" . dbSet(array("objMature" => implode(",", $filters))) . dbWhere(array("objid" => $objid)); sql_query($sql); // Remove old keywords under "Filters". $sql = "DELETE FROM `objKeywords` WHERE `objKkeyword` IN ('" . implode("','", $KW) . "') " . "AND `objKobject` = '" . intval($objid) . "'"; sql_query($sql); // Add new keywords under "Filters" according to the filters enabled for // the object. if (count($filters) == 0) { $filters = array(0); } foreach ($filters as $filter) { if (isset($KW[$filter])) { $sql = "INSERT INTO `objKeywords`" . dbValues(array("objKobject" => $objid, "objKkeyword" => $KW[$filter])); sql_query($sql); } } }
function notifyAbuser($objData, $useid) { global $_config, $reason, $action; $title = ":cancel: Notice of Violation: " . $objData["objTitle"]; if ($action == "*") { $comment = "[b]This is an automated message to inform you that your submission, [url=/view/" . $objData["objid"] . "]" . $objData["objTitle"] . "[/url] was found to be a violation of the [url=/tos/]Terms of Service[/url].[/b]\n\n" . "You have a 48 hour grace period, starting at the time this message is sent, to fix any issues with this submission. It will remain hidden to everyone but yourself during this time. " . "After the 48 hour period, it will be restored if you have fixed the issues. If you do not fix the issues, it will be deleted. Comment from the staff, including information about the issues, follows:\n\n " . "[i]" . $reason . "[/i]\n\n" . "[url=/viewedit/" . $objData["objid"] . "]Click Here[/url] to edit the submission. Also see [faq=50]\n\n" . "[b]This is an automated message. Replies will be lost.[/b]\n\n" . "If you have any questions, please read the [url=/helpdesk/faq]FAQ[/url] or contact the staff on [c=1].\n\n Regards,\n y!Gallery Administration"; } else { $actionText = $action == "+" ? "fixing the issue and restoring the submission" : "deleting the submission"; $comment = "[b]This is an automated message to inform you that your submission, " . $objData["objTitle"] . ", was found to be a violation of the [url=/tos/]Terms of Service[/url].[/b]\n\n" . "Action was taken, [b]{$actionText}.[/b] Additional comment from the staff follows:\n\n" . "[i]" . $reason . "[/i]\n\n" . "[b]This is an automated message. Replies will be lost.[/b] \n\n " . "If you have any questions please read the [url=/helpdesk/faq]FAQ[/url] or contact the staff on [c=1].\n\n Regards,\n y!Gallery Administration"; } $userIp = getHexIp($_SERVER["REMOTE_ADDR"]); sql_query("INSERT INTO `pms`" . dbValues(array("pmsObj" => 0, "pmsCreator" => $_config["adminUser"], "pmsPmUser" => $useid, "pmsSubmitDate!" => "NOW()", "pmsTitle" => $title, "pmsComment" => $comment, "pmsSubmitIp" => $userIp, "pmsEditIp" => $userIp, "pmsNoEmoticons" => 1, "pmsNoSig" => 1, "pmsNoBBCode" => 0))); $pmsid = mysql_insert_id(); addUpdate(updTypePM, $useid, $pmsid, $_config["adminUser"]); }
function updateCustomTheme($useid, $isClub, $data, &$errors) { $themePath = getCustomThemePath($useid, $isClub); forceFolders($themePath); $lastThemeFile = getLastCustomThemeFile($useid, $isClub); $err = !uploadSingleImage("logo", 0, 0, 51200, $fnLogo, $errors, $themePath); $err |= !uploadSingleImage("outer", 0, 0, 25600, $fnOuter, $errors, $themePath); $err |= !uploadSingleImage("container", 0, 0, 51200, $fnContainer, $errors, $themePath); $err |= !uploadSingleImage("container2", 0, 0, 25600, $fnContainer2, $errors, $themePath); if ($err) { return false; } $fileLogo = urlf() . findNewestFile($themePath . "logo-*.jpg"); $fileOuter = urlf() . findNewestFile($themePath . "outer-*.jpg"); $fileContainer = urlf() . findNewestFile($themePath . "container-*.jpg"); $fileContainer2 = urlf() . findNewestFile($themePath . "container2-*.jpg"); $pixLogo = PIX($fnLogo); $pixOuter = PIX($fnOuter); $pixContainer = PIX($fnContainer); $pixContainer2 = PIX($fnContainer2); $pix00Container = PIX($fnContainer, 0, 0); $avgLogo = AVG($fnLogo); $avgOuter = AVG($fnOuter); $avgContainer = AVG($fnContainer); $avgContainer2 = AVG($fnContainer2); $colors = array('{bBody}' => $pixLogo, '{bOuter}' => $pixOuter, '{bContainer}' => $pixContainer, '{bContainer2}' => $pixContainer2, '{bInput}' => BRIGHT($pixContainer2, 1.2), '{bInputHover}' => BRIGHT($pixContainer2, 1.5), '{bInputFocus}' => $pix00Container, '{bButton}' => BRIGHT($pixContainer2, 1.2), '{bButtonHover}' => BRIGHT($pixContainer2, 1.5), '{bTabActive}' => $pix00Container, '{bTabInactive}' => $pixOuter, '{bUI2Layout}' => $pixContainer2, '{cBody}' => BRIGHT(CONTRAST($avgLogo), 1.3), '{cOuter}' => BRIGHT(CONTRAST($avgOuter), 1.2), '{cContainer}' => BRIGHT(CONTRAST($avgContainer), 1.3), '{cContainer2}' => BRIGHT(CONTRAST($avgContainer2), 1.3), '{cOutline}' => BRIGHT(CONTRAST($avgContainer2), 1.3), '{cTabActive}' => CONTRAST($avgContainer), '{cTabInactive}' => CONTRAST($avgOuter), '{cInput}' => CONTRAST($avgContainer2), '{cLink}' => RICH(BRIGHT($pixContainer2, -2.5), 1.1), '{cLinkHover}' => RICH(BRIGHT($pixContainer2, -3), 1.1), '{cHeaderLink}' => RICH(BRIGHT($pixOuter, -2.5), 1.1), '{cHeaderLinkHover}' => RICH(BRIGHT($pixOuter, -3), 1.1), '{cMarkedText}' => BRIGHT(HARMONY($pixContainer2), 1.5), '{cTabOutline}' => BRIGHT(CONTRAST($avgContainer2), 1.3), '{cThumbBorder}' => BRIGHT(CONTRAST($avgContainer2), 1.3), '{cThumbBorderMature}' => RICH(BRIGHT($pixContainer2, -3), 1.1)); if (tooClose($colors['{cLink}'], $colors['{cContainer2}'], 32)) { $colors['{cLink}'] = RICH(PIX($fnOuter), 2); $colors['{cLinkHover}'] = BRIGHT($colors['{cLink}'], 2.5); } if (tooClose($colors['{cContainer}'], $colors['{cMarkedText}'], 140)) { $colors['{cMarkedText}'] = BRIGHT(HARMONY(PIX($fnContainer2)), -1.3); } // Override auto-generated colors with POSTed colors. if (!isset($data["c"])) { $data["c"] = array(); } $acceptedColors = array("cBody", "cOuter", "cContainer", "cContainer2", "cOutline", "cTabActive", "cTabInactive", "cInput", "cLink", "cLinkHover", "cHeaderLink", "cHeaderLinkHover", "cMarkedText", "cTabOutline", "cThumbBorder", "cThumbBorderMature", "sOutline", "sTitleMargin", "bButton", "bButtonHover", "bInput", "bInputFocus", "bUI2Layout"); // Override some data from POST (if available) foreach ($acceptedColors as $c1) { if (isset($_POST[$c1]) && $_POST[$c1] != "") { $data["c"][$c1] = $_POST[$c1]; } } foreach ($data["c"] as $key => $value) { if (preg_match('/^[0-9A-Fa-f]{3}$/', $value)) { $r = hexdec(substr($value, 0, 1)) * 17; $g = hexdec(substr($value, 1, 1)) * 17; $b = hexdec(substr($value, 2, 1)) * 17; $colors["{" . $key . "}"] = getColor($r, $g, $b); } if (preg_match('/^[0-9A-Fa-f]{6}$/', $value)) { $r = hexdec(substr($value, 0, 2)); $g = hexdec(substr($value, 2, 2)); $b = hexdec(substr($value, 4, 2)); $colors["{" . $key . "}"] = getColor($r, $g, $b); } } $sOutline = 'border-width: 1px;'; if (isset($data["c"]["sOutline"])) { switch ($data["c"]["sOutline"]) { case 2: $sOutline = 'border-width: 2px;'; break; case 3: $sOutline = 'border-width: 2px; border-left: none; border-right: none;'; break; case 4: $sOutline = 'border: none;'; break; } } $sTitleMargin = 'padding-left: 0px;'; if (isset($data["c"]["sTitleMargin"])) { $m = intval($data["c"]["sTitleMargin"]); $m = $m > 400 ? 400 : $m; $m = $m < 0 ? 0 : $m; $data["c"]["sTitleMargin"] = $m; $sTitleMargin = 'padding-left: ' . $m . 'px;'; } $css = file_get_contents(INCLUDES . "p_themedesigner.css"); $css = str_replace('{sOutline}', $sOutline, $css); $css = str_replace('{sTitleMargin}', $sTitleMargin, $css); $css = str_replace('{fileLogo}', $fileLogo, $css); $css = str_replace('{fileOuter}', $fileOuter, $css); $css = str_replace('{fileContainer}', $fileContainer, $css); $css = str_replace('{fileContainer2}', $fileContainer2, $css); foreach ($colors as $colorVar => $colorValue) { $css = str_replace($colorVar, getWebColor($colorValue), $css); } if (!isset($data["Tile"]) || isset($_POST["submitTheme"])) { $data["Tile"] = 0; } // Override some data from POST (if available) if (isset($_POST["BGLayoutTiledH"])) { $data["Tile"] |= 1; } if (isset($_POST["BGOuterTiledH"])) { $data["Tile"] |= 2; } if (isset($_POST["BGContainerTiledH"])) { $data["Tile"] |= 4; } if (isset($_POST["BGContainer2TiledH"])) { $data["Tile"] |= 8; } if (isset($_POST["BGLayoutTiledV"])) { $data["Tile"] |= 16; } if (isset($_POST["BGOuterTiledV"])) { $data["Tile"] |= 32; } if (isset($_POST["BGContainerTiledV"])) { $data["Tile"] |= 64; } if (isset($_POST["BGContainer2TiledV"])) { $data["Tile"] |= 128; } $css = str_replace('{layoutTiling}', getTiling($data["Tile"] & 1, $data["Tile"] & 16), $css); $css = str_replace('{outerTiling}', getTiling($data["Tile"] & 2, $data["Tile"] & 32), $css); $css = str_replace('{containerTiling}', getTiling($data["Tile"] & 4, $data["Tile"] & 64), $css); $css = str_replace('{container2Tiling}', getTiling($data["Tile"] & 8, $data["Tile"] & 128), $css); // Remove comments from the final CSS file. $css = preg_replace('/\\/\\*(.+?)\\*\\//', "", $css); if ($lastThemeFile != "") { $css_orig = file_get_contents($lastThemeFile); } else { $css_orig = ""; } if ($css != $css_orig) { // Create new CSS file and delete the previous CSS file. $fp = fopen($themePath . "style-" . time() . ".css", "w"); fwrite($fp, $css); fclose($fp); if ($lastThemeFile != "") { unlink($lastThemeFile); } // Store updated data to the database. $cusWhere = dbWhere(array("cusUser" => $useid, "cusIsClub" => $isClub)); $result = sql_query("SELECT `cusid` FROM `customThemes`" . $cusWhere . "LIMIT 1"); if (mysql_num_rows($result) == 0) { sql_query("INSERT INTO `customThemes`" . dbValues(array("cusUser" => $useid, "cusIsClub" => $isClub, "cusData" => serialize($data)))); } else { sql_query("UPDATE `customThemes`" . dbSet(array("cusData" => serialize($data))) . $cusWhere . "LIMIT 1"); } return true; } else { return false; } }
function operationWatch($useid) { global $_auth; $useid = intval($useid); if ($useid == 0 || $useid == $_auth["useid"]) { return; } $values = array("watUser" => $_auth["useid"], "watCreator" => $useid, "watType" => "use"); $sql = "SELECT COUNT(*) FROM `watches`" . dbWhere($values); $result = sql_query($sql); if (mysql_result($result, 0) == 0) { $values["watSubmitDate!"] = "NOW()"; $sql = "INSERT IGNORE INTO `watches`" . dbValues($values); sql_query($sql); // Notify the artist about the +watch. addUpdate(updTypeMessageWatch, $useid, 0, $_auth["useid"]); } }
function putSidebarRandom() { global $_auth, $_config; iefixStart(); $needRefresh = false; $objid = 0; $rndResult = sql_query("SELECT * FROM `randomObjects`" . dbWhere(array("rndFilterPtn" => $_auth["useObjFilters"])) . "LIMIT 1"); if ($rndData = mysql_fetch_assoc($rndResult)) { if (time() > $rndData["rndTimeout"]) { $needRefresh = true; // Random object has timed-out } else { $objid = $rndData["rndObject"]; } } else { $needRefresh = true; } mysql_free_result($rndResult); if ($needRefresh) { $count = mysql_result(sql_query("SELECT MAX(`objid`) FROM `objects`"), 0); $where = "`objPending` = '0' AND `objDeleted` = '0'"; applyObjFilters($where); // We would give it 5 chances to pick a random submission :) // Actually there's a 99.999% possibility it would pick the good // one at first try. $objid = 0; for ($i = 1; $i <= 5; $i++) { $id = mt_rand(1, $count); $_tmpResult = sql_query("SELECT `objid` FROM `objects` " . "WHERE ({$where}) AND `objid` = '{$id}' LIMIT 1"); if (mysql_num_rows($_tmpResult) > 0) { $objid = $id; break; } } $timeout = time() + 60; // Will expire in 1 minute sql_query("LOCK TABLES `randomObjects` WRITE"); //sql_query( "BEGIN" ); sql_query("DELETE FROM `randomObjects`" . dbWhere(array("rndFilterPtn" => $_auth["useObjFilters"]))); sql_query("INSERT INTO `randomObjects`" . dbValues(array("rndFilterPtn" => $_auth["useObjFilters"], "rndObject" => $objid, "rndTimeout" => $timeout))); sql_query("UNLOCK TABLES"); //sql_query( "COMMIT" ); } // Show the thumbnail of that `objid`. $select = "SELECT * FROM `objects`"; $where = "`objid` = '{$objid}'"; $limit = 1; unset($order); include INCLUDES . "mod_minigallery.php"; iefixEnd(); }
/** * Functions reads the POST data and adds a new comment to the database. */ function processCommentReply($objid, $objType) { global $_auth, $_config; $noEmoticons = isset($_POST["commentNoEmoticons"]) ? 1 : 0; $noSig = isset($_POST["commentNoSig"]) ? 1 : 0; $noBBCode = isset($_POST["commentNoBBCode"]) ? 1 : 0; $root_objid = $objid; $root_objType = $objType; $parent_objid = $objid; $parent_objType = $objType; if ($objType == "com") { $comResult = sql_query("SELECT `comRootObj`,`comRootObjType`,`comObj`,`comObjType` " . "FROM `comments`" . dbWhere(array("comid" => $objid))); if ($comData = mysql_fetch_row($comResult)) { $root_objid = $comData[0]; $root_objType = $comData[1]; $parent_objid = $comData[2]; $parent_objType = $comData[3]; } mysql_free_result($comResult); if ($parent_objid != $objid && $parent_objid != $root_objid) { $comResult = sql_query("SELECT `comObj`,`comObjType` " . "FROM `comments`" . dbWhere(array("comid" => $parent_objid))); if ($comData = mysql_fetch_row($comResult)) { $parent_objid = $comData[0]; $parent_objType = $comData[1]; } mysql_free_result($comResult); } } // 16000 characters maximum. $commentText = substr($_POST["comment"], 0, 16000); $userIp = getHexIp($_SERVER["REMOTE_ADDR"]); // Add the comment to the database. sql_query("INSERT INTO `comments`" . dbValues(array("comObj" => $objid, "comObjType" => $objType, "comRootObj" => $root_objid, "comRootObjType" => $root_objType, "comCreator" => $_auth["useid"], "comSubmitDate!" => "NOW()", "comComment" => $commentText, "comSubmitIp" => $userIp, "comEditIp" => $userIp, "comNoEmoticons" => $noEmoticons, "comNoSig" => $noSig, "comNoBBCode" => $noBBCode))); $comid = mysql_insert_id(); // Now let's find out who created the parent object for this comment // (that would be a user id). $parentCreator = 0; switch ($objType) { case "obj": $collab = 0; $result = sql_query("SELECT `objCreator`, `objCollab`, `objCollabConfirmed` " . "FROM `objects`, `objExtData`" . dbWhere(array("objid*" => "objEid", "objid" => $objid))); if ($data = mysql_fetch_assoc($result)) { $parentCreator = $data["objCreator"]; $collab = $data["objCollabConfirmed"] ? $data["objCollab"] : 0; // Also gather Fan-to-Artist statistics... $where = array("fanUser" => $_auth["useid"], "fanArtist" => $parentCreator); sql_where($where); if (sql_count("fans") == 0) { $where["fanNumComments"] = 1; sql_values($where); sql_insert("fans"); } else { sql_where($where); sql_values(array("fanNumComments!" => "`fanNumComments` + 1")); sql_update("fans"); } if ($collab > 0) { $where = array("fanUser" => $_auth["useid"], "fanArtist" => $collab); sql_where($where); if (sql_count("fans") == 0) { $where["fanNumComments"] = 1; sql_values($where); sql_insert("fans"); } else { sql_where($where); sql_values(array("fanNumComments!" => "`fanNumComments` + 1")); sql_update("fans"); } } } // If this submission is in user's updates, mark it as viewed // automatically. markAsRead(updTypeArt, $objid); updateSearchCache($objid); if ($collab > 0 && $collab != $_auth["useid"]) { addUpdate(updTypeComment, $collab, $comid, $_auth["useid"]); } break; case "ext": // extra objects $result = sql_query("SELECT `objCreator` FROM `extras` " . "WHERE `objid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; // If this submission is in user's updates, mark it as viewed // automatically. markAsRead(updTypeArtExtra, $objid); break; case "com": // comments $result = sql_query("SELECT `comCreator` FROM `comments` " . "WHERE `comid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; // If this comment is in user's updates, mark it as read automatically. markAsRead(updTypeComment, $objid); break; case "clu": // clubs $result = sql_query("SELECT `cluCreator` FROM `cluExtData` " . "WHERE `cluEid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; break; case "jou": // journals $result = sql_query("SELECT `jouCreator` FROM `journals` " . "WHERE `jouCreatorType` = 'use' AND `jouid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; if ($parentCreator == 0) { // Not found? Maybe that journal is actually an announcement. $result = sql_query("SELECT `jouAnnCreator` FROM `journals` " . "WHERE `jouCreatorType` = 'clu' AND `jouid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; } // If this journal/announcement is in user's updates, mark it as read // automatically. markAsRead(updTypeJournal, $objid); break; case "pol": // polls $result = sql_query("SELECT `polCreator` FROM `polls` " . "WHERE `polid` = '{$objid}' LIMIT 1"); $parentCreator = mysql_num_rows($result) > 0 ? mysql_result($result, 0) : 0; // If this poll is in user's updates, mark it as read automatically. markAsRead(updTypeJournalPoll, $objid); break; case "new": // news // Those who posted news on the front page should not receive // comments on that news to their updates. $parentCreator = 0; break; case "use": // user pages $parentCreator = $objid; break; } // Notify the parent object's creator about the new comment on their creation. // If the creator is not the current user, of course. if ($parentCreator > 0 && $parentCreator != $_auth["useid"]) { addUpdate(updTypeComment, $parentCreator, $comid, $_auth["useid"]); } // Redirect to the same page to clean up POST variables. $focus = "#comment" . ($objType == "com" ? $objid : $comid); if (isset($_POST["refererURL"])) { if (preg_match('/\\/updates\\//', $_POST["refererURL"])) { $focus = ""; } redirect($_POST["refererURL"] . $focus); } else { redirect(url(".", array("replied" => "yes")) . $focus); } }
break; } // Folder identifier must not match any other folder identifiers // for the current user. $folResult = sql_query("SELECT COUNT(*) FROM `folders`" . dbWhere(array("folid<>" => $folid, "folCreator" => $_auth["useid"], "folIdent" => $folIdent))); $conflicting = mysql_result($folResult, 0) > 0; mysql_free_result($folResult); if ($conflicting) { $defaultTitle = $folName; // Put it back in the form for edition notice(_SET_FOLDER_EXISTS); break; } $values = array("folCreator" => $_auth["useid"], "folName" => $folName, "folIdent" => $folIdent); if ($folid == 0) { sql_query("INSERT INTO `folders`" . dbValues($values)); $folid = mysql_insert_id(); } else { sql_query("UPDATE `folders`" . dbSet($values) . dbWhere(array("folid" => $folid))); } // Upload icon. include_once INCLUDES . "files.php"; $iconError = checkUploadedFile("folIcon"); if (!$iconError) { if (filesize($_FILES["folIcon"]["tmp_name"]) > $_config["maxIconSize"]) { $iconError = sprintf(_SET_ICON_SIZE_EXCEEDED, $_config["maxIconSize"]); } else { // Check avatar image size/type. $iconInfo = getimagesize($_FILES["folIcon"]["tmp_name"]); list($iconWidth, $iconHeight) = preg_split('/x/', $_config["iconResolution"]); if ($iconInfo[0] != $iconWidth || $iconInfo[1] != $iconHeight || $iconInfo[2] != 1 && $iconInfo[2] != 2 && $iconInfo[2] != 3) {
// one at first try. $objid = 0; for ($i = 1; $i <= 5; $i++) { $id = mt_rand(1, $count); $result = mysql_query("SELECT `objid` FROM `objects` " . "WHERE ({$where}) AND `objid` = '{$id}' LIMIT 1") or trigger_error(_ERR_MYSQL); if (mysql_num_rows($result) > 0) { $objid = $id; break; } } $timeout = time() + 60; // Will expire in 1 minute mysql_query("LOCK TABLES `randomObjects` WRITE") or trigger_error(_ERR_MYSQL); //mysql_query( "BEGIN" ) or trigger_error( _ERR_MYSQL ); mysql_query("DELETE FROM `randomObjects`" . dbWhere(array("rndFilterPtn" => $_auth["useObjFilters"]))) or trigger_error(_ERR_MYSQL); mysql_query("INSERT INTO `randomObjects`" . dbValues(array("rndFilterPtn" => $_auth["useObjFilters"], "rndObject" => $objid, "rndTimeout" => $timeout))) or trigger_error(_ERR_MYSQL); mysql_query("UNLOCK TABLES") or trigger_error(_ERR_MYSQL); //mysql_query( "COMMIT" ) or trigger_error( _ERR_MYSQL ); } // Show the thumbnail of that `objid`. $select = "SELECT * FROM `objects`"; $where = "`objid` = '{$objid}'"; $limit = 1; include INCLUDES . "mod_minigallery.php"; iefixEnd(); ?> </div> <?php } // Include the poll. Global variable $_pollUser defines whose // poll that will be.