# @package PHPLinkDirectory # @version 3.3.0 # ################################################################################ */ require_once 'init.php'; define ('FORCE_SUBMIT_SESSION', "0");// Remove submit session for now if (defined ('FORCE_SUBMIT_SESSION') && FORCE_SUBMIT_SESSION == 1) { require_once 'include/submit_session.php'; } //Disable any caching by the browser disable_browser_cache(); //Generate unique imagehash for visual confirmation if (VISUAL_CONFIRM == 1) { require_once 'include/functions_imgverif.php'; $imagehash = fetch_captcha_hash(); $tpl->assign('imagehash', $imagehash); unset ($imagehash); } $path = array (); $path[] = array ('ID' => '0', 'TITLE' => _L(DIRECTORY_TITLE) , 'TITLE_URL' => DOC_ROOT, 'DESCRIPTION' => SITE_DESC); $path[] = array ('ID' => '0', 'TITLE' => _L('Submit Article'), 'TITLE_URL' => '' , 'DESCRIPTION' => _L('Submit a new article to the directory ')); $tpl->assign('path', $path); //Check if using RTE (Rich Text Editor) $useRTE = (defined ('ARTICLE_SUBMIT_USE_RTE') && ARTICLE_SUBMIT_USE_RTE == 1 ? 1 : 0); $tpl->assign('useRTE', $useRTE); //If current user is banned, show a custom error message //and stop the rest of the script check_if_banned(); //Make an additional check if client is allowed to post/submit //[Spam] protection require_once 'include/check_post_rules.php'; $post_rules_unauthorized = check_post_rules($_POST); $article_id = (!empty ($_REQUEST['articleid']) ? clean_string_paranoia($_REQUEST['articleid']) : 0); $remove_article = 0; $review_article = 0; $EditRedirect = 0; //Determine category $CategoryID = (!empty($_REQUEST['c']) && preg_match ('`^[\d]+$`', $_REQUEST['c']) ? intval ($_REQUEST['c']) : (!empty ($_SERVER['HTTP_REFERER']) ? get_category($_SERVER['HTTP_REFERER']) : 0)); $CategoryID = ($CategoryID > 0 ? $CategoryID : 0); //Make sure the category ID is valid $CategoryTitle = ''; if (!empty ($article_id)) { $article_id = intval ($article_id); if (REQUIRE_REGISTERED_USER_ARTICLE == 1 && !empty ($_SESSION['phpld']['user']['id'])) { $check_user = $db->GetOne("SELECT COUNT(*) FROM `{$tables['article']['name']}` WHERE `ID` = ".$db->qstr($article_id)." AND `OWNER_ID` = ".$db->qstr($_SESSION['phpld']['user']['id'])); $check_double_review = $db->GetOne("SELECT COUNT(*) FROM `{$tables['article_review']['name']}` WHERE `ARTICLE_ID` = ".$db->qstr($article_id)); if ($check_double_review > 0) $tpl->assign('double_review', _L('This entry is already marked for review and was not approved yet. New modifications will overwrite older reviews.')); } if ($check_user < 1) { http_redirect(DOC_ROOT.'/unauthorized.php'); } $remove_article = 1; $review_article = 1; } $EditUnique = ''; $MoveToPayment = true; $action = 'submit'; //Default action if (REQUIRE_REGISTERED_USER_ARTICLE == 1 && !empty ($_SESSION['phpld']['user']['id']) && $review_article == 1) $action = 'edit'; if (!empty ($_SESSION['phpld']['user']['id'])) $owner_details = $db->GetRow("SELECT `NAME` AS `OWNER_NAME`, `EMAIL` AS `OWNER_EMAIL` FROM `{$tables['user']['name']}` WHERE `ID` = ".$db->qstr($_SESSION['phpld']['user']['id'])); if (empty ($_POST['submit']) && empty ($_POST['edit'])) { if (defined ('FORCE_SUBMIT_SESSION') && FORCE_SUBMIT_SESSION == 1) { generateSubmitSession(); } if (!empty ($_SERVER['HTTP_REFERER'])) $_SESSION['return'] = $_SERVER['HTTP_REFERER']; if (REQUIRE_REGISTERED_USER_ARTICLE == 1 && !empty ($_SESSION['phpld']['user']['id']) && !empty ($article_id)) { $sql = "SELECT * FROM `{$tables['article']['name']}` WHERE `ID` = ".$db->qstr($article_id)." AND `OWNER_ID` = ".$db->qstr($_SESSION['phpld']['user']['id']); $data = $db->GetRow($sql); $EditUnique = ':TITLE:'.$data['TITLE']; } else { $data = array (); $data['CATEGORY_ID'] = $CategoryID; } $CategoryTitle = getCategoryTitleByID($data['CATEGORY_ID']); // Clear some varialbles if (isset($_SESSION['SmartyPaginate'])) unset ($_SESSION['SmartyPaginate']); if (isset($_SESSION['SmartyValidate'])) unset ($_SESSION['SmartyValidate']); if (isset($_SESSION['values'])) unset ($_SESSION['values']); SmartyValidate :: disconnect(); SmartyValidate :: connect($tpl, true); SmartyValidate :: register_form('submit_article', true); SmartyValidate :: register_criteria('isValueUnique' , 'validate_unique' , 'submit_article'); SmartyValidate :: register_criteria('isUrlUnique' , 'validateUrlUnique' , 'submit_article'); SmartyValidate :: register_criteria('isNotEqual' , 'validate_not_equal' , 'submit_article'); SmartyValidate :: register_criteria('isDomainBanned' , 'validate_isBannedDomain' , 'submit_article'); SmartyValidate :: register_criteria('isCaptchaValid' , 'validate_captcha' , 'submit_article'); SmartyValidate :: register_criteria('isBannedEmail' , 'validate_is_banned_email', 'submit_article'); SmartyValidate :: register_validator('v_TITLE' , 'TITLE', 'notEmpty' , false, false, 'trim', 'submit_article'); SmartyValidate :: register_validator('v_TITLE_U' , 'TITLE:article::CATEGORY_ID'.$EditUnique, 'isValueUnique', false, false, null, 'submit_article'); SmartyValidate :: register_validator('v_TITLE_LENGTH' , 'TITLE:'.ARTICLE_TITLE_MIN_LENGTH.':'.ARTICLE_TITLE_MAX_LENGTH, 'isLength', false, false, 'trim', 'submit_article'); SmartyValidate :: register_validator('v_DESCRIPTION_LENGTH', 'DESCRIPTION:'.ARTICLE_DESCRIPTION_MIN_LENGTH.':'.ARTICLE_DESCRIPTION_MAX_LENGTH, 'isLength' , true, false, 'trim', 'submit_article'); SmartyValidate :: register_validator('v_ARTICLE_LENGTH', 'ARTICLE:'.ARTICLE_MIN_LENGTH.':'.ARTICLE_MAX_LENGTH, 'isLength' , true, false, 'trim', 'submit_article'); SmartyValidate :: register_validator('v_CATEGORY_ID' , 'CATEGORY_ID:0' , 'isNotEqual', false, false, null, 'submit_article'); //Rules acceptance // SmartyValidate :: register_validator('v_AGREERULES' , 'AGREERULES:0' , 'isEqual' , false, false, null, 'submit_article'); if (REQUIRE_REGISTERED_USER_ARTICLE == 0 || empty ($_SESSION['phpld']['user']['id'])) { SmartyValidate :: register_validator('v_OWNER_NAME' , 'OWNER_NAME' , 'notEmpty' , false, false, 'trim', 'submit_article'); SmartyValidate :: register_validator('v_OWNER_NAME_LENGTH' , 'OWNER_NAME:'.USER_NAME_MIN_LENGTH.':'.USER_NAME_MAX_LENGTH, 'isLength', false, false, 'trim', 'submit_article'); SmartyValidate :: register_validator('v_OWNER_EMAIL', 'OWNER_EMAIL' , 'isEmail' , false, false, 'trim', 'submit_article'); } SmartyValidate :: register_validator('v_OWNER_EMAIL_BANNED', 'OWNER_EMAIL', 'isBannedEmail', false, false, 'trim', 'submit_article'); if (count ($price) > 0) SmartyValidate :: register_validator('v_ARTICLE_TYPE' , 'ARTICLE_TYPE' , 'notEmpty' , false, false, 'trim', 'submit_article'); if (VISUAL_CONFIRM == 1) SmartyValidate :: register_validator('v_CAPTCHA' , 'CAPTCHA:IMAGEHASH' , 'isCaptchaValid', false, false, null, 'submit_article'); SmartyValidate :: register_validator('v_META_DESCRIPTION_LENGTH', 'META_DESCRIPTION:'.META_DESCRIPTION_MIN_LENGTH.':'.META_DESCRIPTION_MAX_LENGTH, 'isLength' , true, false, 'trim', 'submit_article'); //Not usually neccessary, keywords are trimmed to max allowed length automatically SmartyValidate :: register_validator('v_META_KEYWORDS_LENGTH' , 'META_KEYWORDS:'.META_KEYWORDS_MIN_LENGTH.':'.META_KEYWORDS_MAX_LENGTH, 'isLength', true , false, 'trim', 'submit_article'); } else { SmartyValidate :: connect($tpl); $CategoryTitle = getCategoryTitleByID($data['CATEGORY_ID']); if (REQUIRE_REGISTERED_USER_ARTICLE == 1 && !empty ($_SESSION['phpld']['user']['id']) && !empty ($_POST['edit'])) $action = 'edit'; if ($action == 'edit') $data = get_table_data('article_review'); else $data = get_table_data('article'); //Take care of white-space chars $data = filter_white_space($data); $data['STATUS'] = '1'; $data['IPADDRESS'] = $client_info['IP']; if (!empty ($client_info['HOSTNAME'])) $data['DOMAIN'] = $client_info['HOSTNAME']; $data['VALID'] = '1'; if (!isset ($_POST['ARTICLE_TYPE'])) { $article_type = 'normal'; } $data['ARTICLE_TYPE'] = $article_type; $data['DATE_ADDED'] = gmdate ('Y-m-d H:i:s'); $data['DATE_MODIFIED'] = gmdate ('Y-m-d H:i:s'); if (VISUAL_CONFIRM == 1 && !empty ($_POST['CAPTCHA'])) { $data = array_merge ($data, array ('CAPTCHA' => $_POST['CAPTCHA'], 'IMAGEHASH' => $_POST['IMAGEHASH'])); } if (!isset ($_SESSION['SmartyValidate']['submit_article']) || empty ($_SESSION['SmartyValidate']['submit_article'])) { //Invalid or expired submission, //Block access unset ($data); $reason = _L('Invalid or expired submit session').'! '._L('Please reload submit page and try again').'.'; gotoUnauthorized($reason); } //Rules check $data['AGREERULES'] = (isset ($_POST['AGREERULES']) && $_POST['AGREERULES'] == 'on' ? 0 : 1); if (SmartyValidate :: is_valid($data, 'submit_article')) { if (defined ('FORCE_SUBMIT_SESSION') && FORCE_SUBMIT_SESSION == 1) { //Validate unique submit session $submitSessionValidation = validate_submit_session(); if ($submitSessionValidation == 0) { //Invalid or expired submission, //Block access unset ($data); $reason = _L('Invalid or expired submit session').'! '._L('Please reload submit page and try again').'.'; gotoUnauthorized($reason); } } //Validate for banned words //Pass all submition data as parameter $hasBannedWords = if_word_is_banned($data); if ($hasBannedWords == 1) { //Invalid or expired submission, //Block access unset ($data); $reason = _L('The administrator of this article directory, has banned words from your submission.'); gotoUnauthorized($reason); } //Remove variable as we don't need to write it to DB if (isset ($data['CAPTCHA'])) unset ($data['CAPTCHA']); if (isset ($data['IMAGEHASH'])) unset ($data['IMAGEHASH']); if (isset ($data['AGREERULES'])) unset ($data['AGREERULES']); if ($action == 'edit') { $id = $db->GetOne("SELECT `ID` FROM `{$tables['article_review']['name']}` WHERE `ARTICLE_ID` = ".$db->qstr($article_id)); $id = (!empty ($id) ? intval ($id) : ''); } else $id = $db->GenID($tables['article']['name'].'_SEQ'); $data['ID'] = (!empty ($id) ? intval ($id) : ''); if (!empty ($_SESSION['phpld']['user']['id'])) $data['OWNER_ID'] = $_SESSION['phpld']['user']['id']; if (!empty ($owner_details)) $data = array_merge ($data, $owner_details); $data['OWNER_NOTIF'] = ($price[$article_type] > 0 ? 0 : 1 ); $data['MARK_REMOVE'] = (!empty ($_POST['MARK_REMOVE']) ? 1 : 0 ); //Check again fields and truncate to maximum length, //auto-submitters can no more force longer text than allowed $data['TITLE'] = (!empty ($data['TITLE']) ? (strlen ($data['TITLE']) > ARTICLE_TITLE_MAX_LENGTH ? substr ($data['TITLE'], 0, ARTICLE_TITLE_MAX_LENGTH - 4).' ...' : trim ($data['TITLE'])) : ''); if ($action != 'edit') { $data['OWNER_NAME'] = (!empty ($data['OWNER_NAME']) ? (strlen ($data['OWNER_NAME']) > USER_NAME_MAX_LENGTH ? substr ($data['OWNER_NAME'], 0, USER_NAME_MAX_LENGTH - 4).' ...' : trim ($data['OWNER_NAME'])) : ''); } $data['DESCRIPTION'] = (!empty ($data['DESCRIPTION']) ? (strlen ($data['DESCRIPTION']) > ARTICLE_DESCRIPTION_MAX_LENGTH ? substr ($data['DESCRIPTION'], 0, ARTICLE_DESCRIPTION_MAX_LENGTH - 4).' ...' : trim ($data['DESCRIPTION'])) : ''); $data['ARTICLE'] = (!empty ($data['ARTICLE']) ? (strlen ($data['ARTICLE']) > ARTICLE_MAX_LENGTH ? substr ($data['ARTICLE'], 0, ARTICLE_MAX_LENGTH - 4).' ...' : trim ($data['ARTICLE'])) : ''); $data['META_DESCRIPTION'] = (!empty ($data['META_DESCRIPTION']) ? (strlen ($data['META_DESCRIPTION']) > META_DESCRIPTION_MAX_LENGTH ? substr ($data['META_DESCRIPTION'], 0, META_DESCRIPTION_MAX_LENGTH - 4).' ...' : trim ($data['META_DESCRIPTION'])) : ''); $data['META_KEYWORDS'] = (!empty ($data['META_KEYWORDS']) ? clean_meta_keywords($data['META_KEYWORDS']) : ''); $RegularArticle_notif = true; if ($action == 'edit') { $data['ARTICLE_ID'] = $article_id; $submit_notification = $db->Replace($tables['article_review']['name'], $data, 'ID', true); $RegularArticle_notif = false; } else { $payment_id = $data['ID']; unset ($data['MARK_REMOVE']); $submit_notification = $db->Replace($tables['article']['name'], $data, 'ID', true); } if (!empty ($submit_notification)) { $tpl->assign('posted', true); send_submit_notificationsa($data, $RegularArticle_notif, "article"); //Remind some fields $reminder = array ('CATEGORY_ID', 'OWNER_NAME', 'OWNER_EMAIL'); //Loop throught each article field foreach ($data as $field => $value) { //Check if it's not in the reminder fields if (!in_array ($field, $reminder)) { //Remove data unset ($data[$field]); } } $payment_id = (!empty ($payment_id) && preg_match('`^[\d]+$`', $payment_id) ? intval ($payment_id) : ''); if (defined ('FORCE_SUBMIT_SESSION') && FORCE_SUBMIT_SESSION == 1) { //Submission successfull, generate new submit session generateSubmitSession(); } unset ($_POST, $_GET, $_REQUEST); $EditRedirect = 1; } else $tpl->assign('error', true); // echo $db->ErrorMsg(); } else $tpl->assign($_POST); } if (defined ('ALLOW_HTML') && ALLOW_HTML == 1) { //Set allowed tags for template to display //Clean up tag list $allowedTags = clean_string_paranoia(ALLOWED_HTML_TAGS); //Remove multiple commas, commast at begin and end of sting, multiple spaces $allowedTags = preg_replace (array ('#^[,]*#i', '#[,]*$#i', '#[,]+#i', '#[\s]#'), array ('', '', ',', ''), $allowedTags); $allowedTags = preg_replace ("/,/",', ', $allowedTags); $tpl->assign('allowedTags', $allowedTags); } if (defined ('ALLOW_ATTR') && ALLOW_ATTR == 1) { //Set allowed tags for template to display //Clean up tag list $allowedAttr = clean_string_paranoia(ALLOWED_ATTR_TAGS); //Remove multiple commas, commast at begin and end of sting, multiple spaces $allowedAttr = preg_replace (array ('#^[,]*#i', '#[,]*$#i', '#[,]+#i', '#[\s]#'), array ('', '', ',', ''), $allowedAttr); $allowedAttr = preg_replace ("/,/",', ', $allowedAttr); $tpl->assign('allowedAttr', $allowedAttr); } //Determine length of description field $DescriptionLimit = (isset ($data['DESCRIPTION']) && strlen (trim ($data['DESCRIPTION'])) > 0 ? ARTICLE_DESCRIPTION_MAX_LENGTH - strlen (trim ($data['DESCRIPTION'])) : ARTICLE_DESCRIPTION_MAX_LENGTH); $tpl->assign('DescriptionLimit', $DescriptionLimit); //Determine length of ARTICLE field $ArticleLimit = (isset ($data['ARTICLE']) && strlen (trim ($data['ARTICLE'])) > 0 ? ARTICLE_MAX_LENGTH - strlen (trim ($data['ARTICLE'])) : ARTICLE_MAX_LENGTH); $tpl->assign('ArticleLimit', $ArticleLimit); //Determine length of meta description field $MetaDescriptionLimit = (isset ($data['META_DESCRIPTION']) && strlen (trim ($data['META_DESCRIPTION'])) > 0 ? META_DESCRIPTION_MAX_LENGTH - strlen (trim ($data['META_DESCRIPTION'])) : META_DESCRIPTION_MAX_LENGTH); $tpl->assign('MetaDescriptionLimit', $MetaDescriptionLimit); $disable_article_reason = DISABLE_ARTICLE_REASON; $tpl->assign('disablearticlereason', $disable_article_reason); if (VISUAL_CONFIRM == 1) $tpl->assign('captcha_length', CAPTCHA_PHRASE_LENGTH); $tpl->assign('remove_article', $remove_article); $tpl->assign('review_article', $review_article); if (CAT_SELECTION_METHOD == 0) { $categs = get_regular_categs_tree(0); $tpl->assign('categs', $categs); } //Load Javascript libraries $load_Javascript = 1; $tpl->assign('load_Javascript', $load_Javascript); // custom // $prurl = $_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']; $tpl->assign('prurl', $prurl); $CategoryTitle = getCategoryTitleByID($data['CATEGORY_ID']); $tpl->assign('CategoryID', $CategoryID); // end custom // $tpl->assign('CategoryTitle', $CategoryTitle); $tpl->assign($data); $tpl->assign('SITE_NAME' , SITE_NAME); //Clean whitespace $tpl->load_filter('output', 'trimwhitespace'); //Make output echo $tpl->fetch('submit_article.tpl', $id); if ($action == 'edit' && $EditRedirect == 1) http_redirect('submit_article.php', 'html', 5, ''); ?>